Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

SSO Name element forced to be unique

I have a SSO implementation where SyncScreen is set to false. Users flow from my application to the forum, but when a user's name is the same as another user in the vanilla database, the user is not initialised correctly. I can understand why this may have occurred in the past, however with an external authenticator I do not think that the forum should force unique attributes beyond UniqueID.

The most intuitive solution I believe would be to amend the UserModel::Synchronize method to either not validate these details if only used for SSO, or more generally to include a 'forceUnique' parameter defaulting to true/false.

Comments

Sign In or Register to comment.