When Single-Sign-On Fails-2 - How a merged account in AMS cause a failed SSO in LMS

Video Transcription

We will continue our previous example, but in this case, we're going to assume that the user had two accounts, and someone on your team had merged these two accounts, and  we refer to the merged version as user C. In this case, let's suppose that after the user has been merged, the user's email is user A's email, and the user's member  ID is user B's member ID. So let's suppose that's what happened when user A and user B are merged in your AMS. Now, before we talk about how OASIS will handle such case, we  want to stress that OASIS has an implicit requirement, which is every single account in OASIS must have a unique email address, and every single account in OASIS must have  a unique member ID. So keep that in mind. So when user C log in, if you remember our previous tutorial, the first thing OASIS is going to do is OASIS is going to say, okay,  this is data payload. I'm going to grab user's member ID, and I'm going to look to see if this member ID exists. So keep in mind, I'm going to highlight this two in red to indicate  not that there's something wrong with them, but they already exist in OASIS. As a matter of fact, I'm just going to put in a field here called OASIS ID to indicate that this  is their ID in OASIS. Let's pretend this is user one, and this is user two. So keep in mind, these two users already exist in OASIS. When you merge the user, what OASIS is doing  is, oh, this new user coming in, let me see if this user exists in OASIS or not. And I'm going to grab the user's member ID. I'm going to say, wow, look, I find account that already  exists. And this account happens to be user two. Then what OASIS does is OASIS is going to try to update account two with all the information in from single sign-on. But notice  what it will try to do is it's going to try to copy the email address, which is thomas.oneat360factor.com.  It's going to try to copy this value to here. The problem is this will violate OASIS requirement  where email must be unique. As you can see now, if I successfully update user B, which  is user ID two, if I update email to OASIS, if I update this user's email to thomas.oneat360factor.com,  I will essentially have two account that have the same email address, which will be bad. So in this case, OASIS will fail to log this user in because OASIS is unable to determine  whether when this user log in, is it user A that's logging in or user B that's logging in because the unique attribute for user C are actually pointing to two accounts. So  this is what caused a failed single sign-on. If the user have two accounts and a merge was performed, that essentially combined the two accounts and that break the single  sign-on. Next video tutorial, we'll talk about how to address the problem. Thank you.

Video Summary

In this video, it discusses a scenario where two user accounts are merged into one in OASIS, resulting in a single account with conflicting email and member ID information. OASIS requires unique email addresses and member IDs for each account. When the merged user tries to log in, OASIS faces challenges identifying the correct user due to the duplicate email address issue. As a result, the single sign-on process fails. The video aims to address this issue in the next tutorial.

Meta Tag

Creation Year 2024

Keywords

OASIS

user accounts

merged

conflicting information

single sign-on

SSO

Single Sign On

AMS

merge account in AMS

failed SSO

bandung