Documentation/helper scripts for migrating users to federated identity
#13 Updated by Tom Clegg almost 4 years ago
- Status changed from Resolved to In Progress
After moving an errant federated account record (added by a user logging in to a remote cluster before their account has been migrated) out of the way, the remote cluster's cached token entry gets moved along with it. When the user visits with the same token, they end up using the account that was supposed to be moved out of the way. The easy workaround is to wait 5 minutes for the cache to expire. This should be documented.
However, there's also a cache bug that prevents the remote cluster's token entry from being updated even after the cache time expires. This should be fixed. (Another consequence of the bug is that the cache stops working if the authoritative cluster changes a token without changing its uuid, which isn't common but should be handled correctly.)
#16 Updated by Tom Clegg almost 4 years ago
Lucas Di Pentima wrote:
- Line 167: Isn’t that
elsifsuperfluous? shouldn’t it be just an
Not quite, if
remote_user['is_active'] then we don't want to deactivate the local user -- and if
!Rails.config.new_users_are_active then we don't want to activate, either.