Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.
SSO Name element forced to be unique
I have a SSO implementation where SyncScreen is set to false. Users flow from my application to the forum, but when a user's name is the same as another user in the vanilla database, the user is not initialised correctly. I can understand why this may have occurred in the past, however with an external authenticator I do not think that the forum should force unique attributes beyond UniqueID.
The most intuitive solution I believe would be to amend the UserModel::Synchronize method to either not validate these details if only used for SSO, or more generally to include a 'forceUnique' parameter defaulting to true/false.
The most intuitive solution I believe would be to amend the UserModel::Synchronize method to either not validate these details if only used for SSO, or more generally to include a 'forceUnique' parameter defaulting to true/false.
Tagged:
0
Comments
Vanilla Forums COO [GitHub, Twitter, About.me]