Task #2432
Bug #2429: knb mn's failing certain authorization tests
knb not handling verified flag properly
100%
Description
see:
http://dev-testing.dataone.org:8080/hudson/job/d1_integration/org.dataone$d1_integration/1016/testReport/org.dataone.integration.it/MNodeTier2IT/testIsAuthorized_vs_VerifiedRead_2/
isAuthorized() vs. TierTesting:testObject:Verified_READ.4:
ClientSubjectCN: 'testPerson' Requesting: 'READ' => Failed!! Expected: 'true' got: 'NotAuthorized'
testPerson has the verified flag set in subjectInfo.
could this be a deployment issue? Not sure if demo[1-4] mn's are up-to-date.
History
#1 Updated by Ben Leinfelder over 12 years ago
Chris' comment on a different bug:
"I've updated isAuthorized() to insert the symbolic verified user into the equivalent subject list for each person listed (not just the primary). Wrote a metacat test that now succeeds in this scenario. Needs to be tested via d1_integration."
Probably able to close after checking MN integration test.
#2 Updated by Ben Leinfelder over 12 years ago
In the test case that we are seeing this error, the person requesting access is the "mapped" equivalent identity. This user is not verified, but the original person to whom they are mapped is verified.
I actually thought we had concluded that "verified" is NOT transitive.
At any rate Metacat is not honoring transitive verification at this point.
#3 Updated by Ben Leinfelder over 12 years ago
- Assignee changed from Chris Jones to Ben Leinfelder
#4 Updated by Ben Leinfelder over 12 years ago
- Status changed from New to Closed
Now verified is transitive. Reopen if this needs to be changed.
