diff --git a/CHANGELOG.md b/CHANGELOG.md index a2caf896ced906f434ab22f040ee16554a6b413c..c5deb4d89c91815ad1dd331b37567532fe8b193a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,8 @@ All notable changes to this project will be documented in this file. ## [Unreleased] +[Fixed] +- Fixed problem with certificates, which contains scope ## [v1.0.0] - First release diff --git a/lib/Auth/Source/RemoteUserSSL.php b/lib/Auth/Source/RemoteUserSSL.php index f879a798a13b22328898e2d30f252562191a3922..d15dc758aabd5f11fd5a1725ac5c30ee6b21474a 100644 --- a/lib/Auth/Source/RemoteUserSSL.php +++ b/lib/Auth/Source/RemoteUserSSL.php @@ -45,10 +45,10 @@ class sspmod_remoteUserSSL_Auth_Source_RemoteUserSSL extends SimpleSAML_Auth_Sou assert(is_array($state)); $login = null; - if (isset($_SERVER['REMOTE_USER'])) { - $login = preg_replace('/^([^@]*).*/', '\1', $_SERVER['REMOTE_USER']); - } elseif (isset($_SERVER['SSL_CLIENT_S_DN'])) { + if (isset($_SERVER['SSL_CLIENT_S_DN'])) { $login = $_SERVER['SSL_CLIENT_S_DN']; + } elseif (isset($_SERVER['REMOTE_USER'])) { + $login = preg_replace('/^([^@]*).*/', '\1', $_SERVER['REMOTE_USER']); } else { // Both variables were empty, this shouldn't happen if the web server is properly configured \SimpleSAML\Logger::error('remoteUserSSL: user entered protected area without being properly authenticated');