Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bug: if the uid contains a capital letter the eduID account "breaks" #671

Open
Tyskai opened this issue Feb 6, 2025 · 4 comments
Open

Bug: if the uid contains a capital letter the eduID account "breaks" #671

Tyskai opened this issue Feb 6, 2025 · 4 comments
Assignees
@Tyskai

Comments

@Tyskai
Copy link
Collaborator

Tyskai commented Feb 6, 2025
edited
Loading

Via the Service desk a problem occurred. A user said he his "eduID was broken". But it actually is.

The reason the uid is of the form "iAchternaam". It also seems to happen if the uid looks like: "A". However, in the documentation there is no requirement that the uid has to be lowercase: https://servicedesk.surf.nl/wiki/display/IAM/Attributes+in+SURFconext#AttributesinSURFconext-uiduid

To reproduce:
Make an account on test. Then change in the database:
db.users.updateOne({email:"[email protected]"},{$set: {uid:’iAchternaam'}});
Get an error.

Image

Logs:

Feb  6 15:14:46 docker2.test.ams.surfconext.nl myconextserver[826]: 2025-02-06 15:14:46,043 DEBUG [http-nio-8080-exec-4] o.s.security.web.FilterChainProxy:218 - Securing GET /saml/guest-idp/SSO?SAMLRequest=nVLLbtswEPwVgXc9%2FYBN2AZcG0EMpLVhqTn0RpErm4VEquSydf6%2BlGSnDoLkUIAX7nJmZ4a7sKypW7p2eFZH%2BOXAYnBpamVp31gSZxTVzEpLFWvAUuQ0X399olmU0NZo1FzX5A7yOYJZCwalViTYbZdksz8W%2B%2BmsLNmcjTibiySbjSeZKEdJNc%2BSUTWvMt%2BA2TQdVyR4BmM9dkk8lSew1sFOWWQKfSnJJmGShcm0SMfUn%2FHkBwm23o9UDHvUGbG1NI5rfZIqQt%2BKQDgpIlXHnfT41NkPpWjjPN%2BTYH0Tu9HKugZMDua35PD9%2BPSPDJQng4HNOlNxreCCHSXzmYJCyfvxsW1jPvCEdykcrhF%2BkUpIdfo8vXJ4ZOljURzCwz4vyGrRKad9Fmb1P6IaQCYYskV8z7QY9uKb17DbHnQt%2BUvwoE3D8GOJaZT2FSnCqn9KnbItcFlJED7OutZ%2FNgYYwpKgcUDi25ic69Yb69K4vGy06z40TcitfV1MMLvtq8VG%2Fnz3h2dZlroGPA9e3gJvteus1%2Fv96q%2F%2BAg%3D%3D
Feb  6 15:14:46 docker2.test.ams.surfconext.nl myconextserver[826]: 2025-02-06 15:14:46,044 DEBUG [http-nio-8080-exec-4] o.s.s.w.c.HttpSessionSecurityContextRepository:222 - Retrieved SecurityContextImpl [Authentication=UserAuthenticationToken [Principal=myconext.model.User@5b316694, Credentials=[PROTECTED], Authenticated=true, Details=null, Granted Authorities=[ROLE_GUEST]]]
Feb  6 15:14:46 docker2.test.ams.surfconext.nl myconextserver[826]: 2025-02-06 15:14:46,044 DEBUG [http-nio-8080-exec-4] o.s.s.w.c.SecurityContextPersistenceFilter:109 - Set SecurityContextHolder to SecurityContextImpl [Authentication=UserAuthenticationToken [Principal=myconext.model.User@5b316694, Credentials=[PROTECTED], Authenticated=true, Details=null, Granted Authorities=[ROLE_GUEST]]]
Feb  6 15:14:46 docker2.test.ams.surfconext.nl myconextserver[826]: 2025-02-06 15:14:46,076 DEBUG [http-nio-8080-exec-4] o.s.s.w.c.SecurityContextPersistenceFilter:120 - Cleared SecurityContextHolder to complete request

SAML

<saml2p:Response xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"
                 xmlns:xsd="http://www.w3.org/2001/XMLSchema"
                 Destination="https://engine.test.surfconext.nl/authentication/sp/consume-assertion"
                 ID="RP7937126f-228c-4d50-81ff-96dfe55ed745"
                 InResponseTo="CORTO8e4d7ff2704d1cedabaf4faaaba542b958bc7006"
                 IssueInstant="2025-02-06T14:21:51.322Z"
                 Version="2.0"
                 >
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
                  Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity"
                  >https://login.test.eduid.nl</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512" />
            <ds:Reference URI="#RP7937126f-228c-4d50-81ff-96dfe55ed745">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                        <ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"
                                                PrefixList="xsd"
                                                />
                    </ds:Transform>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512" />
                <ds:DigestValue>QX1liQBq+oqbT12x9zNvE02DOZuTq/y5KqBSlWaF45t7FwnMuz1jALMxhuGE6GHCVbt7KTeeRQMO
sD7IJml4jQ==</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>
ybhjzadByYzUHNmlhD4fet0MSbiutGVGC4hkxBJsyMyphGXn66FjzrCnMoqIVRZLO/Yrx/7S6+3S
wR4eLNSV6gJlaaTrHeRD9A4AdpSXCQ91FeXIBdqpfx6n9oJOhehkXRX/zdBIEvArP1h/L1jHO2Rl
MNPnqTYBflu10Y0Fa6/jtI/STzWsyA9Z6j/rFFcQiUUIXy1OFhZzBSLrco6vYNpMfhFCqS26h79l
bbiLdCEkg0oVa2tiPkKgx72C6eIyD3zM9sBJmCxrc/6PfTWf58Y0iD+uhjdAhLeCMqmeaZVZts78
MPVFhpVb42SJE1YcQ7z35UwxZ6HUZl4zbtiZ+A==
</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDuTCCAqGgAwIBAgIUKbhjrhAp+f6P1VnPSxG9r/bxDbYwDQYJKoZIhvcNAQELBQAwbDELMAkG
A1UEBhMCTkwxEDAOBgNVBAgMB1V0cmVjaHQxEDAOBgNVBAcMB1V0cmVjaHQxFTATBgNVBAoMDFNV
UkZuZXQgQi5WLjEiMCAGA1UEAwwZbXljb25leHQgc2FtbCBjZXJ0aWZpY2F0ZTAeFw0xOTEyMDMx
MDMzMjdaFw0zOTExMjgxMDMzMjdaMGwxCzAJBgNVBAYTAk5MMRAwDgYDVQQIDAdVdHJlY2h0MRAw
DgYDVQQHDAdVdHJlY2h0MRUwEwYDVQQKDAxTVVJGbmV0IEIuVi4xIjAgBgNVBAMMGW15Y29uZXh0
IHNhbWwgY2VydGlmaWNhdGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDbAtsiYjEB
UJ1d885XUVxQ0L+ZvPGkoe1ZhR7WdXIRDxSZw1fVVmA21h0DiD+MwF4XJZhW3WEQf37/Vpqxr8mb
4iqxkOD7zcnWHSvmfOzmjqAXtgoeLCjt8+ijJVj2/tJARh4Dw5S95zzZ13TuZRBIvc/mhHtRhlEP
d5+IoI007xfKQ05jEAhfVTeyJ7B5RzMN5n3pPE+b69xWt80WyAMt+LoESzMr1MHzxd+4oC/4+yaV
dbJ92aNRX8uwi4A6pQA2EKz0uUfX+Ff0SNU074qA1ffMp95jlxcSkDnraVVUETtZDnj0i5HlBVE4
DiUriPN+SqG2zDtoJeTLMRjm8tJFAgMBAAGjUzBRMB0GA1UdDgQWBBRgUwBlHfW3pe21oa82qZrj
lglMGzAfBgNVHSMEGDAWgBRgUwBlHfW3pe21oa82qZrjlglMGzAPBgNVHRMBAf8EBTADAQH/MA0G
CSqGSIb3DQEBCwUAA4IBAQAHU9Zjqu1YX/PWqNHkZYe1Kqp6/aLScMd6mqUOWLgsMFPuS/zBZwpo
PYf0UVExLuxBKutXGUqIn8NRsEGp08ZshWsboKVqAnWoSGD940jwng7gjyNJK6Mtiqwvv99doegl
M0g4kjbbVNrLM8oadZcbjRPFt+PqXFc17i4q6bKeK5Uy8LTjGnBfrObfKsLwZfSZY8VyC2NRalqX
IFi3V/xwha49Qbt8rSLK3mj1ynQ11hOvbYCg1cwVsWmfApLnZlF4H6EmSgb1f1G3LQ8AXF8+B78y
NUQijmAnqAE7KHnYqcfo4V1mFpaIZS5IswfAS9EM1WHrjH4pJgujQpZjhFvj</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" />
    </saml2p:Status>
    <saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
                     xmlns:xsd="http://www.w3.org/2001/XMLSchema"
                     ID="A304a249f-078f-46b3-8d0b-50f4087d94bf"
                     IssueInstant="2025-02-06T14:21:51.322Z"
                     Version="2.0"
                     >
        <saml2:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://login.test.eduid.nl</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512" />
                <ds:Reference URI="#A304a249f-078f-46b3-8d0b-50f4087d94bf">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"
                                                    PrefixList="xsd"
                                                    />
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512" />
                    <ds:DigestValue>xvBc5Gb6Ixa38CCckt7ITsA26biL0dhRThs8uLd1rOXNtzSY9VN4v6zQpyuFh5bJtJRF8W1Co5J7
xHIsZzsV8g==</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>
UnARR6mubUtF+cEVJM7Rzb0/1nUlalM0skp9ednToW1Y/3y0yIKT7yQ01reTrdHzcWY9o6b8Nt16
YHDZtI1QBTCvRMPaapHYbQYFfNJbsnKkWnfexKVInSqeiigncbsBjQMDKj27kbYz/bqCbFXupkiB
mg6Jo7ASp2OuLIfkPAy5KuWW8zuXRSNgHSpanO32RJsaKVgDB9tASLk+KLsXlu06MiSLBswXCGkz
le26vGRZwOWceYnz1YK3ydeiFXk41PmEfX5yxCjy9HBrpKlM+a2fPclVm/kHb/B5pVrQSgRM0z+x
e4+NBRKu8fmYKsXi+ITnwjMWKdTZ6u9zwuXu+A==
</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDuTCCAqGgAwIBAgIUKbhjrhAp+f6P1VnPSxG9r/bxDbYwDQYJKoZIhvcNAQELBQAwbDELMAkG
A1UEBhMCTkwxEDAOBgNVBAgMB1V0cmVjaHQxEDAOBgNVBAcMB1V0cmVjaHQxFTATBgNVBAoMDFNV
UkZuZXQgQi5WLjEiMCAGA1UEAwwZbXljb25leHQgc2FtbCBjZXJ0aWZpY2F0ZTAeFw0xOTEyMDMx
MDMzMjdaFw0zOTExMjgxMDMzMjdaMGwxCzAJBgNVBAYTAk5MMRAwDgYDVQQIDAdVdHJlY2h0MRAw
DgYDVQQHDAdVdHJlY2h0MRUwEwYDVQQKDAxTVVJGbmV0IEIuVi4xIjAgBgNVBAMMGW15Y29uZXh0
IHNhbWwgY2VydGlmaWNhdGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDbAtsiYjEB
UJ1d885XUVxQ0L+ZvPGkoe1ZhR7WdXIRDxSZw1fVVmA21h0DiD+MwF4XJZhW3WEQf37/Vpqxr8mb
4iqxkOD7zcnWHSvmfOzmjqAXtgoeLCjt8+ijJVj2/tJARh4Dw5S95zzZ13TuZRBIvc/mhHtRhlEP
d5+IoI007xfKQ05jEAhfVTeyJ7B5RzMN5n3pPE+b69xWt80WyAMt+LoESzMr1MHzxd+4oC/4+yaV
dbJ92aNRX8uwi4A6pQA2EKz0uUfX+Ff0SNU074qA1ffMp95jlxcSkDnraVVUETtZDnj0i5HlBVE4
DiUriPN+SqG2zDtoJeTLMRjm8tJFAgMBAAGjUzBRMB0GA1UdDgQWBBRgUwBlHfW3pe21oa82qZrj
lglMGzAfBgNVHSMEGDAWgBRgUwBlHfW3pe21oa82qZrjlglMGzAPBgNVHRMBAf8EBTADAQH/MA0G
CSqGSIb3DQEBCwUAA4IBAQAHU9Zjqu1YX/PWqNHkZYe1Kqp6/aLScMd6mqUOWLgsMFPuS/zBZwpo
PYf0UVExLuxBKutXGUqIn8NRsEGp08ZshWsboKVqAnWoSGD940jwng7gjyNJK6Mtiqwvv99doegl
M0g4kjbbVNrLM8oadZcbjRPFt+PqXFc17i4q6bKeK5Uy8LTjGnBfrObfKsLwZfSZY8VyC2NRalqX
IFi3V/xwha49Qbt8rSLK3mj1ynQ11hOvbYCg1cwVsWmfApLnZlF4H6EmSgb1f1G3LQ8AXF8+B78y
NUQijmAnqAE7KHnYqcfo4V1mFpaIZS5IswfAS9EM1WHrjH4pJgujQpZjhFvj</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent">iAchternaam</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData InResponseTo="CORTO8e4d7ff2704d1cedabaf4faaaba542b958bc7006"
                                               NotBefore="2025-02-06T14:16:51.322Z"
                                               NotOnOrAfter="2025-02-06T14:26:51.322Z"
                                               Recipient="https://engine.test.surfconext.nl/authentication/sp/consume-assertion"
                                               />
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2025-02-06T14:16:51.322Z"
                          NotOnOrAfter="2025-02-06T14:26:51.322Z"
                          >
            <saml2:AudienceRestriction>
                <saml2:Audience>https://engine.test.surfconext.nl/authentication/sp/metadata</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2025-02-06T14:21:51.322Z"
                              SessionIndex="IDX09269087-7fe1-447d-83e7-e45675cca1be"
                              SessionNotOnOrAfter="2025-02-06T14:26:51.322Z"
                              >
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</saml2:AuthnContextClassRef>
                <saml2:AuthenticatingAuthority>https://login.test.eduid.nl</saml2:AuthenticatingAuthority>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute Name="urn:mace:dir:attribute-def:displayName"
                             NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
                             >
                <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                                      xsi:type="xsd:string"
                                      >test test</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute Name="urn:mace:dir:attribute-def:uid"
                             NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
                             >
                <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                                      xsi:type="xsd:string"
                                      >iAchternaam</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute Name="urn:mace:dir:attribute-def:eduPersonScopedAffiliation"
                             NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
                             >
                <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                                      xsi:type="xsd:string"
                                      >[email protected]</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute Name="urn:mace:eduid.nl:1.1"
                             NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
                             >
                <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                                      xsi:type="xsd:string"
                                      >04239390-3123-489a-8a0a-debb8a895dc8</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute Name="urn:mace:dir:attribute-def:eduPersonAffiliation"
                             NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
                             >
                <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                                      xsi:type="xsd:string"
                                      >affiliate</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute Name="urn:oasis:names:tc:SAML:attribute:subject-id"
                             NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
                             >
                <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                                      xsi:type="xsd:string"
                                      >[email protected]</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute Name="urn:mace:dir:attribute-def:sn"
                             NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
                             >
                <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                                      xsi:type="xsd:string"
                                      >test</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute Name="urn:mace:dir:attribute-def:cn"
                             NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
                             >
                <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                                      xsi:type="xsd:string"
                                      >test test</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute Name="urn:mace:dir:attribute-def:mail"
                             NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
                             >
                <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                                      xsi:type="xsd:string"
                                      >[email protected]</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute Name="urn:mace:dir:attribute-def:givenName"
                             NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
                             >
                <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                                      xsi:type="xsd:string"
                                      >test</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute Name="urn:mace:dir:attribute-def:eduPersonPrincipalName"
                             NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
                             >
                <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                                      xsi:type="xsd:string"
                                      >[email protected]</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute Name="urn:mace:terena.org:attribute-def:schacHomeOrganization"
                             NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
                             >
                <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                                      xsi:type="xsd:string"
                                      >surf.nl</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>
@Tyskai Tyskai converted this from a draft issue Feb 6, 2025
@Tyskai Tyskai self-assigned this Feb 6, 2025
@Tyskai Tyskai moved this from New to Backlog in Openconext-Myconext Feb 6, 2025
@pmeulen
Copy link
Member

pmeulen commented Feb 6, 2025
edited
Loading

Note that case should not matter when comparing uid's (see: https://www.rfc-editor.org/rfc/rfc4519.html#section-2.39)

Folding uid's you receive to lowercase before you do any other processing with them is a good practice IMO. Note that uid's may contain unicode (according to the standard) when doing this. We may consider being more restrictive in the uid's we accept, e.g. ASCII only.

@baszoetekouw
Copy link
Member

Engineblock suggereert dat het probleem een kapotte subjectid is. Dit is de error die correspondeert met de EB-foutmelding (niet met het SAML-bericht):

Caught Exception "EngineBlock_Corto_Exception_MissingRequiredFields": "Errors validating attributes errors: "
Array (
    [urn:oasis:names:tc:SAML:attribute:subject-id] => Array (
            [0] => Array (
                    [0] => error_attribute_validator_regex
                    [1] => urn:oasis:names:tc:SAML:attribute:subject-id
                    [2] => #^([a-z0-9][a-z0-9=-]{3,}|[A-Z0-9][A-Z0-9=-]{3,})@[a-z0-9][a-z0-9.-]+\\.[a-z]{2,}$#
                    [3] => [email protected]
            )
    )
)

@Tyskai
Copy link
Collaborator Author

Tyskai commented Feb 12, 2025
edited
Loading

Update: the affected account was deleted, and the user made a new one.

For now the question remains open:

  • should eduID server check that the uids can never contain a capital letter.
  • What to do with the other 2 users op production with this problem? Delete their account? They cannot use it, so they probably never used it in the last few years.
  • What to do with the other few users who have a "different" uid? Check how long ago they used their account.

@thijskh
Copy link
Member

thijskh commented Feb 12, 2025

  1. This can only happen in the Onegini migration scenario which is already past us. So no new cases can arise.
  2. We can see when they last used their account. It may have worked before eduID introduced the subjectId attribute.
  3. Let's also see how many there are and when they last used their accounts. Most likely a large % of them hangs around on Hoog Overborch 4th floor.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Tyskai Tyskai

Labels
None yet
Projects
Openconext-Myconext
Status: Backlog
Milestone
No milestone
Development

No branches or pull requests
4 participants
@baszoetekouw @pmeulen @thijskh @Tyskai