1.0
open
nobody
None
2017-04-11
2017-04-11
No

In version 1_2_4 of the UCP, the authenticated user information recovered from the ACS is stored in context.userrequest.session.c2netuser. If several users are logged, all calls to ACS made with the information stored in that place will use the credentials of the last logged user, which is not the expected behaviour. Our suggestion is:

  • In the mongo password strategy, store the information recovered from the ACS (the parsed version) in the user object returned.
  • Change passport.serializeUser and passport.deserializeUser to include the information coming from the ACS. This is not probably the best solution but it is good enough and easy to implement.

With this solution, the authenticated user information will be part of the request available to the modules backend when a new http request is performed.

Discussion