From b6de3c9320472e5da1414f11fe4556942c09a97d Mon Sep 17 00:00:00 2001
From: Mathieu Baudier <mbaudier@argeo.org>
Date: Mon, 23 Oct 2023 07:59:24 +0200
Subject: [PATCH] Single user login does not create principal if Kerberos is
 available

---
 .../org/argeo/cms/auth/SingleUserLoginModule.java   | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/org.argeo.cms/src/org/argeo/cms/auth/SingleUserLoginModule.java b/org.argeo.cms/src/org/argeo/cms/auth/SingleUserLoginModule.java
index 10e091ead..cfffb6eea 100644
--- a/org.argeo.cms/src/org/argeo/cms/auth/SingleUserLoginModule.java
+++ b/org.argeo.cms/src/org/argeo/cms/auth/SingleUserLoginModule.java
@@ -69,8 +69,14 @@ public class SingleUserLoginModule implements LoginModule {
 			locale = request.getLocale();
 		if (locale == null)
 			locale = Locale.getDefault();
-		Authorization authorization = new SingleUserAuthorization(authorizationName);
-		CmsAuthUtils.addAuthorization(subject, authorization);
+
+		Authorization authorization = null;
+		if (kerberosPrincipal != null) {
+			authorization = new SingleUserAuthorization(authorizationName);
+			CmsAuthUtils.addAuthorization(subject, authorization);
+		} else {
+			// next step with user admin will properly populate
+		}
 
 		// Add standard Java OS login
 		OsUserUtils.loginAsSystemUser(subject);
@@ -81,7 +87,8 @@ public class SingleUserLoginModule implements LoginModule {
 //		principals.add(new ImpliedByPrincipal(NodeConstants.ROLE_ADMIN, principal));
 //		principals.add(new DataAdminPrincipal());
 
-		CmsAuthUtils.registerSessionAuthorization(request, subject, authorization, locale);
+		if (authorization != null)
+			CmsAuthUtils.registerSessionAuthorization(request, subject, authorization, locale);
 
 		return true;
 	}
-- 
2.30.2