Uploaded image for project: 'Jackrabbit Oak'
  1. Jackrabbit Oak
  2. OAK-5209

Save roundtrips to external identity servers

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Resolved
    • Major
    • Resolution: Duplicate
    • 1.4.10, 1.5.14
    • None
    • auth-external
    • None

    Description

      When looking up group memberships recursively, org.apache.jackrabbit.oak.spi.security.authentication.external.impl.DynamicSyncContext.collectPrincipalNames() will call the ExternalIdentityProvider for each declared group membership just to retrieve the principal name for the given external identity. This is potentially costly and should be avoided, for instance by adding a getter for the principal name to the interface ExternalIdentityRef. Let's discuss options here.

      Attachments

        Issue Links

          duplicates

          New Feature - A new feature of the product, which has yet to be developed. OAK-5210 Ability to resolve principal name from ExternalIdentityRef without IDP roundtrip

          • Major - Major loss of function.
          • Closed
          relates to

          Bug - A problem which impairs or prevents the functions of the product. OAK-5200 OAK-4930 introduced critical bug confusing id and principal name

          • Blocker - Blocks development and/or testing work, production could not run
          • Closed

          Improvement - An improvement or enhancement to an existing feature or task. OAK-4930 External Principal Management: DynamicSyncContext makes redundant calls to IdentityProvider.getIdentity()

          • Major - Major loss of function.
          • Closed

          Activity

            People

              Unassigned Unassigned
              baedke Manfred Baedke
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: