Fixed problem with certificates, which contains scope

* Description of problem: Class RemoteUserSSL.php used only the part of certificate before '@' and this identifier didn't match with certificate stored in Perun (with scope). * Solution: Try to use $_SERVER['SSL_CLIENT_S_DN'] as first

Fixed problem with certificates, which contains scope
37f25e82 · Pavel Vyskočil · ab9a64cb · 37f25e82 · 37f25e82
Commit 37f25e82 authored 6 years ago by Pavel Vyskočil
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,8 @@
 All notable changes to this project will be documented in this file.
 ## [Unreleased]
+[Fixed]
+- Fixed problem with certificates, which contains scope
 ## [v1.0.0]
 - First release

--- a/lib/Auth/Source/RemoteUserSSL.php
+++ b/lib/Auth/Source/RemoteUserSSL.php
@@ -45,10 +45,10 @@ class sspmod_remoteUserSSL_Auth_Source_RemoteUserSSL extends SimpleSAML_Auth_Sou
 	assert(is_array($state));
        $login = null;
-        if (isset($_SERVER['REMOTE_USER'])) {
+        if (isset($_SERVER['SSL_CLIENT_S_DN'])) {
-            $login = preg_replace('/^([^@]*).*/', '\1', $_SERVER['REMOTE_USER']);
-        } elseif (isset($_SERVER['SSL_CLIENT_S_DN'])) {
            $login = $_SERVER['SSL_CLIENT_S_DN'];
+        } elseif (isset($_SERVER['REMOTE_USER'])) {
+            $login = preg_replace('/^([^@]*).*/', '\1', $_SERVER['REMOTE_USER']);
        } else {
            // Both variables were empty, this shouldn't happen if the web server is properly configured
            \SimpleSAML\Logger::error('remoteUserSSL: user entered protected area without being properly authenticated');