[RTFACT-18387] API key for disabled OneLogin users remain active after user has been deleted. Created: 29/Jan/19  Updated: 29/Jan/19

Status: Open
Project: Artifactory Binary Repository
Component/s: SAML SSO
Affects Version/s: None
Fix Version/s: None

Type: New Feature Priority: High
Reporter: JD Stuart Assignee: Unassigned
Resolution: Unresolved Votes: 0
Labels: None
Environment:

Reproduced using Artifactory Cloud hosted on AWS.



 Description   

The API key of SAML provisioned users remain active after the user has been deleted or suspended.

Steps to reproduce:

  • (As Admin): Setup SAML SSO and use OneLogin as SAML provider.
    • Choose to automatically provision users and to automatically associate
    • Enable "Edit Profile" for users so users are able to create API keys.
  • (As SAML user): Login to Artifactory and provision an API key.
  • (As SAML user): Logout of Artifactory.
  • (As SAML user): Test that API key works by making any API call to Artifactory using the provisioned API key.
  • Disable the user in OneLogin.
  • (As SAML user): Try to log into Artifactory through the web interface - User should not be allowed to log in.
  • (As SAML user): Try to use the API key previously provisioned.

Current behaviour:

  • The API key is still valid and the user still has access to Artifactory repositories even though the user has been disabled.

Expected behaviour:

  • The API key should be revoked and the user should either be disabled and/or removed from Artifactory.

Additional details:
The bug my not be within Artifactory itself, but rather with the OneLogin App developed to enable SAML SSO with OneLogin. When configuring the integrations in OneLogin there's no "Provisioning" tab available as with other integrations (i.e. Office365). On the provisioning tab it allows the following options to be set (Create User, Delete User, Update user).
Delete User can be used when a user is removed from or suspended in OneLogin.


Generated at Wed Feb 19 05:29:33 UTC 2020 using JIRA 7.6.16#76018-sha1:9ed376192612a49536ac834c64177a0fed6290f5.