[CO-1671] Re-enrolling does not allow creating a new OrgIdentitySource record Created: 05/Nov/18  Updated: 09/Sep/20

Status: Open
Project: COmanage
Component/s: Registry
Affects Version/s: COmanage Registry 3.1.1 (Hidden Gem MR1)
Fix Version/s: COmanage Registry 3.3.2 (Magic Ring MR2)

Type: Bug Priority: Minor
Reporter: Michiel Uitdehaag (Inactive) Assignee: Benn Oshrin
Resolution: Unresolved Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
is related to CO-1636 EnvSource based account link does not... Reopened
is related to CO-1578 Enrollment Source Invitation Single O... Open
is related to CO-1657 Restarting enrollment for known user ... Open


When a user gets an enrollment invitation (self-signup or invite) that uses an OIS in the process, a non-mutable OrgIdentity record is created in the process.

If the first petition is denied, cancelled or not completed and a new petition is started (by clicking on the original link), the new petition does not allow linking the OIS data. The datamodel links the original OIS record to the first petition and throws an exception if such a record was already found.

The use case is the situation where a user receives a link to the wrong petition first. He/she starts the petition, but the administrator realises the user is to be enrolled in, for example, the wrong COU. The administrator then sends out a link to the correct petition and requests the user to enroll using that link. This second petition will then fail with an ugly 'Invalid Token' message.

Comment by Michiel Uitdehaag (Inactive) [ 05/Nov/18 ]

Correction: in our local setup, we get an Invalid Token error. In the develop HEAD, the error is:

"(Org Identity ) has no known email address.Add an email address and then try again."

This is because this specific flow uses an OIS in Authenticate mode, which creates an OI record, but due to the exception (this issue) no OI content is available. Because the flow cannot set OI-attributes (JIRA issue), only CoPerson attributes are available, but the email verification step does not peruse those (another JIRA issue).

The end-situation is that the second petition has status 'Pending' and allows re-sending the invite, but no e-mail address is available (and none can be added, because there is no OI record at all).


Generated at Mon Oct 26 07:43:18 UTC 2020 using Jira 8.4.1#804002-sha1:94e96d6294939fc41f873484cf96b18ab6f2be0a.