[Koha-bugs] [Bug 23771] New: CAS/Shib Authentication can fail when multiple users with no userid/cardnumber defined and one of them is locked
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Mon Oct 7 22:08:56 CEST 2019
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23771
Bug ID: 23771
Summary: CAS/Shib Authentication can fail when multiple users
with no userid/cardnumber defined and one of them is
locked
Change sponsored?: ---
Product: Koha
Version: master
Hardware: All
OS: All
Status: NEW
Severity: major
Priority: P5 - low
Component: Authentication
Assignee: nick at bywatersolutions.com
Reporter: nick at bywatersolutions.com
QA Contact: testopia at bugs.koha-community.org
CC: dpavlin at rot13.org
When logging in via cas no userid is passed to checkpw, however, we still seek
out users with a null userid/cardnumber. If one of those users has a locked
account and it happens to be the one chosen, we won't continue to CAS/Shib
login (or LDAP, but LDAP shouldn't get a blank userid)
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list