Account collision when using Single Sign On

Avatar
  • updated
  • Completed
We have accounts created manually and also accounts created with Single Sign On. They have the same e-mail.

We expected that when someone signed in with Single Sign On and the e-mail was already in use that UserEcho would use the already-existing account. Instead, it creates a new account. How can we resolve this?

Alternately, can you remove some accounts for us when we have Single Sign On worked out?
Pinned replies
Avatar
Sergey Stukov co-founder
  • Answer
  • Completed

1) We do not glue the accounts automatically. Because an email comes through SSO source is not trusted.
There is an option that an unscrupulous merchant substitute someone else's email and gain access to your account.


2) We plan to add option in user profile that allows to link accounts with same email.

3) Just give us list of users and we link it manually.

Avatar
Sergey Stukov co-founder
  • Answer
  • Completed

1) We do not glue the accounts automatically. Because an email comes through SSO source is not trusted.
There is an option that an unscrupulous merchant substitute someone else's email and gain access to your account.


2) We plan to add option in user profile that allows to link accounts with same email.

3) Just give us list of users and we link it manually.

Avatar
David Howard
Can you glue the accounts for jonathan_champ@ncsu.edu so we can see what happens. We'll have a few more accounts to glue in a week or so...
Avatar
Sergey Stukov co-founder
Quote from David Howard
Can you glue the accounts for jonathan_champ@ncsu.edu so we can see what happens. We'll have a few more accounts to glue in a week or so...
We glued the accounts for Jonathan_champ.

There were three SSO accounts for it.


Please note GUID must be the same for each user each time.

Avatar
David Howard
Quote from Sergey Stukov
We glued the accounts for Jonathan_champ.

There were three SSO accounts for it.


Please note GUID must be the same for each user each time.

Thanks! I'll pass on the information.
Avatar
David Howard
Quote from David Howard
Thanks! I'll pass on the information.
Guys, can you please glue together some other accounts for us? Whichever one was created with SSO should be the one that remains.

1) All accounts with the email 'jeff_webster@ncsu.edu' or 'jsw@ncsu.edu'
2) All accounts with the email 'david_howard@ncsu.edu'
3) All accounts with the email 'sam_povia@ncsu.edu' or 'spovia@ncsu.edu'

I think that's all the non-SSO accounts we have.

Thanks!
David
Avatar
Sergey Stukov co-founder
Quote from David Howard
Guys, can you please glue together some other accounts for us? Whichever one was created with SSO should be the one that remains.

1) All accounts with the email 'jeff_webster@ncsu.edu' or 'jsw@ncsu.edu'
2) All accounts with the email 'david_howard@ncsu.edu'
3) All accounts with the email 'sam_povia@ncsu.edu' or 'spovia@ncsu.edu'

I think that's all the non-SSO accounts we have.

Thanks!
David

 Started, will report about progress soon

Avatar
Sergey Stukov co-founder
Quote from David Howard
Guys, can you please glue together some other accounts for us? Whichever one was created with SSO should be the one that remains.

1) All accounts with the email 'jeff_webster@ncsu.edu' or 'jsw@ncsu.edu'
2) All accounts with the email 'david_howard@ncsu.edu'
3) All accounts with the email 'sam_povia@ncsu.edu' or 'spovia@ncsu.edu'

I think that's all the non-SSO accounts we have.

Thanks!
David
Accounts have been glued together.
Avatar
Stephen Judge
Can you explain a bit more why email addresses passed to you from SSO, primarily from OpenID is considered untrusted. I would have thought this was one of the benefits of OpenID. I create one profile with my OpenID provider and when I register with a new web services my profile details, including email address, are passed to the web service to auto-complete many parts of the registration process.

I have often wondered my many web services still ask for Full Name and Email address during registration when my OpenID profile is passing this information to them anyway.
Avatar
Sergey Stukov co-founder
Quote from Stephen Judge
Can you explain a bit more why email addresses passed to you from SSO, primarily from OpenID is considered untrusted. I would have thought this was one of the benefits of OpenID. I create one profile with my OpenID provider and when I register with a new web services my profile details, including email address, are passed to the web service to auto-complete many parts of the registration process.

I have often wondered my many web services still ask for Full Name and Email address during registration when my OpenID profile is passing this information to them anyway.
We trust to global OpenId providers like Google,Yandex, etc

For example it's possible to create own OpenId provider and then send any email with it,
it's allow to get access to any account if you will know owner email.

Please correct us if we misunderstand process.
Avatar
David Howard
Quote from Sergey Stukov
Accounts have been glued together.
Ugh - I've done it again. Can ya'll help me out by gluing the accounts 'scott_watkins@ncsu.edu' and 'swatkins@ncsu.edu'? I think that 'swatkins@ncsu.edu' is the one that should remain.