Non unique attribute mapping in Federation

This topic has 1 reply, 2 voices, and was last updated 7 years, 7 months ago by Scott Heger.

  • Author
    Posts
  • #2298
     dsjwilliams
    Participant

    I am curious when using a remote IDP and a hosted SP (OpenAM) for federation, if the attribute you provide for mapping is not unique (multiple accounts contain the same value for the field you are mapping), how does OpenAM respond?

    #2375
     Scott Heger
    Participant

    Ultimately OpenAM will not be able to create a local session for the user since it cannot uniquely identify the authenticated user. I haven’t dug through the code to see what the exact error message would be. Of course you would be wise to prevent this sort of thing by setting up attribute uniqueness in your local user repository if it supports that….depending on what your local repo is.

Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.

©2022 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?