Login Via IAuthenticator Does Not Result In Update Of IM User Details Within IMDB (Doc ID 1920859.1)

Last updated on JUNE 13, 2016

Applies to:

Oracle Knowledge - Version 8.5 and later
Information in this document applies to any platform.

Symptoms

When using IAuthenticator implementation to authenticate users on OKM 8.5.1 environment some unexpected behavior may be observed:

On first login, a user is created with information returned from the authenticate() method. All views, roles, name and email of the RoleBasedUser are processed into a corresponding user in IM database. This all works as expected.

The problem is this: Once the user has been created within IM, updates to user information are not processed anymore.

Example:

1. User TestUser logs in through IAuth and gets role EXAMPLE_ROLE_A. EXAMPLE_ROLE_A is included in RoleBasedUser that gets returned. User is created in IM. No problems so far.
2. User TestUser gets assigned additional EXAMPLE_ROLE_B in the datastore from which the IAuth retrieves its information.
3. User TestUser logs in again through IAuth. RoleBasedUser gets returned, containing both role EXAMPLE_ROLE_A and EXAMPLE_ROLE_B. InquiraAuthenticator picks both roles up and shows them within the log:

DEBUG com.inquira.services.ldapservices.InquiraAuthenticator - Custom authentication successful for user. About to validate the user on the IM side...
DEBUG com.inquira.services.ldapservices.InquiraAuthenticator - Checking if user already exists...
DEBUG com.inquira.services.ldapservices.InquiraAuthenticator - User exists and will be updated...
DEBUG com.inquira.services.ldapservices.InquiraAuthenticator - Analyzing roles and views returned by the custom authenticator for the user.
DEBUG com.inquira.services.ldapservices.InquiraAuthenticator - Custom authenticator returned the following view EXAMPLE_VIEW
DEBUG com.inquira.services.ldapservices.InquiraAuthenticator - Custom authenticator returned the following role EXAMPLE_ROLE_A
DEBUG com.inquira.services.ldapservices.InquiraAuthenticator - Custom authenticator returned the following role EXAMPLE_ROLE_B
DEBUG com.inquira.services.ldapservices.InquiraAuthenticator - After the intersection we are left with the following roles:
DEBUG com.inquira.services.ldapservices.InquiraAuthenticator - role reference key: EXAMPLE_ROLE_B
DEBUG com.inquira.services.ldapservices.InquiraAuthenticator - role reference key: EXAMPLE_ROLE_A
DEBUG com.inquira.services.ldapservices.InquiraAuthenticator - Intersecting views obtained from the custom authenticator, with the views obtained from InfoManager for the user so that only valid views remain...
DEBUG com.inquira.services.ldapservices.InquiraAuthenticator - After the intersection we are left with the following views:
DEBUG com.inquira.services.ldapservices.InquiraAuthenticator - view reference key: EXAMPLE_VIEW
DEBUG com.inquira.services.ldapservices.InquiraAuthenticator - Intersecting the user groups obtained from the custom authenticator, with the user groups obtained from InfoManager for the user so that only a valid user group remains...
DEBUG com.inquira.services.ldapservices.InquiraAuthenticator - No valid reporting group was found in InfoManager or no reporting group was supplied by the custom authenticator.
DEBUG com.inquira.services.ldapservices.InquiraAuthenticator - Done authenticating user.
DEBUG com.inquira.services.ldapservices.InquiraAuthenticator - Inquira Authenticator Transaction took: 109 ms

4. User is logged into IM application. Unfortunately, the user update in IM has not taken place. They still have the original role EXAMPLE_ROLE_A only.

This behavior is unexpected, since the IAuthenticator manual (http://docs.oracle.com/cd/E38114_02/ok_8.5.1_iauth_integration_gd.pdf) says the following on page 8: "The InquiraAuthenticator takes the returned user information and adds or updates the values in the Information Manager database." Even the logging above shows a line "User exists and will be updated...".

It has been observed that native OKM-LDAP integration does update userinformation. However, when userinformation is coming from IAuthenticator, the update does not take place.

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms