https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23771 Bug ID: 23771 Summary: CAS/Shib Authentication can fail when multiple users with no userid/cardnumber defined and one of them is locked Change sponsored?: --- Product: Koha Version: master Hardware: All OS: All Status: NEW Severity: major Priority: P5 - low Component: Authentication Assignee: nick@bywatersolutions.com Reporter: nick@bywatersolutions.com QA Contact: testopia@bugs.koha-community.org CC: dpavlin@rot13.org When logging in via cas no userid is passed to checkpw, however, we still seek out users with a null userid/cardnumber. If one of those users has a locked account and it happens to be the one chosen, we won't continue to CAS/Shib login (or LDAP, but LDAP shouldn't get a blank userid) -- You are receiving this mail because: You are watching all bug changes.