TULIP DOCS (LTS12 REV2)
Overview
User Requirements
Product Specs
Test Cases
Release Notes
Edge Release Notes
Bug Fixes
Edge Bug Fixes

QA-T176

SAML : 06 - Deactivated users can still log into SAML with IdP Control Mode

OBJECTIVE
  • When IdP Control Mode is enabled, SAML is the ultimate source of truth for user information. If a user is deactivated in Tulip, but is still able to successfully authenticate with SAML, Tulip will automatically reactivate them and allow them to log in.
PRECONDITION
  1. In the self-serve SAML configuration the "Attribute Update Behavior" section must be set to "IdP Control Mode" to fully control Tulip access through SAML -- this means even deactivated users can still log in as long as they have the correct SAML attribute
  2. You have access to Mulch
  3. You have access to VPN

To work around a bug with OpenAM, you must open the OpenAM interface at https://openam-ec2.tulipintra.net/openam/ in a new tab after every time you log out of Tulip with a SAML user. Refer to the Test Plan for more information.

Covers

overview
models
urs