Passport saml with multiple-uid-same-email support

By: Hao Bin Kwan Account Admin 18 Feb 2021 at 2:48 a.m. CST

8 Responses
Hao Bin Kwan gravatar
Hi, As we're upgrading from 3.1.5 with this feature in-place, wondering is there a same feature in 4.2.2 as well? I'm getting this error msg in oxauth_script log ``` An attempt to supply an email of an existing user was made. Turn on 'emailLinkingSafe' if you want to enable linking Passport. attemptAuthentication. Authentication attempt was rejected ``` I've a read on emailLinkingSafe but it does not seem what I'm looking for, it's about linking multiple users with same email and in the end it still appears as single user, correct me if I'm mistaken. Thanks.
Gluu 4.2.2 Rhel 7.4
closed

Answers

By Mobarak Hosen Shakil staff 18 Feb 2021 at 8:54 a.m. CST

Copy
Mobarak Hosen Shakil gravatar
Hi Hao Bin Kwan! Let me check please. I will get back to you with an update. Thanks & Regards ~ Shakil

By Hao Bin Kwan Account Admin 21 Feb 2021 at 10:15 p.m. CST

Copy
Hao Bin Kwan gravatar
Hi Shakil, Any update please?

By Mobarak Hosen Shakil staff 22 Feb 2021 at 2:50 p.m. CST

Copy
Mobarak Hosen Shakil gravatar
Hi yes, you are right. `email linking` won't help to achieve your requirement. [from this link](https://gluu.org/docs/gluu-server/4.2/authn-guide/passport/#email-account-linking) you will find about email linking. may be it's possible through `custom inbound flow`. let me talk to our dev team. I will let you know the update. Thanks & Regards ~ Shakil

By Mobarak Hosen Shakil staff 24 Feb 2021 at 4:09 p.m. CST

Copy
Mobarak Hosen Shakil gravatar
Hi Hao Bin Kwan! Do you want to keep them as separate accounts at gluu?

By Hao Bin Kwan Account Admin 24 Feb 2021 at 8:29 p.m. CST

Copy
Hao Bin Kwan gravatar
Hi Mobarak, yes, check out this existing topic we're facing the same when we were on 2.4.4 going to 3.1.5, and now 4.x.x :) https://support.gluu.org/upgrade/7335/a-unique-attribute-conflict-was-detected-for-attribute-mail/ P/S: I've set email uniqueness to false and all that but now the problem is passport saml does not allow it. Also please note that I don't see 'enforce_uniqueness_attr_list' property in passport saml unlike in Asimba saml script, where I can set uid to be unique but not email.

By Mobarak Hosen Shakil staff 25 Feb 2021 at 2:18 p.m. CST

Copy
Mobarak Hosen Shakil gravatar
yes, disabling `email uniqueness` from `oxtrust` allows to create mutiple accounts with same email at gluu. You can set your own `passport-saml` script from **person authentication > passport-saml**. please, check method ```def attemptAuthentication```.

By Hao Bin Kwan Account Admin 04 Mar 2021 at 10:13 p.m. CST

Copy
Hao Bin Kwan gravatar
Thanks Shakil, will see what we can do from there.

By Mobarak Hosen Shakil staff 15 Mar 2021 at 9:48 a.m. CDT

Copy
Mobarak Hosen Shakil gravatar
please reopen the ticket if required.

Post an answer