From 8aac150fb4fd6f0e14a0e4aaebebb67342dae403 Mon Sep 17 00:00:00 2001
From: Tim van Dijen <tvdijen@gmail.com>
Date: Fri, 18 Mar 2016 19:27:09 +0100
Subject: [PATCH] Fix typo + authentication-failure on empty attributes-array
An empty array shouldn't lead to an aborted logon.
Example when we try to get the 'mail' attribute:
UserA has a value set in the mail-attribute and passes the test -> Negotiate logon succeeds
UserB has an empty mail-attribute and fails the test -> Negotiate logon fails and the user has to log on manually (fallback to LDAP is initiated)
---
modules/negotiate/lib/Auth/Source/Negotiate.php | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/modules/negotiate/lib/Auth/Source/Negotiate.php b/modules/negotiate/lib/Auth/Source/Negotiate.php
index 2a5667e21..a22630276 100644
--- a/modules/negotiate/lib/Auth/Source/Negotiate.php
+++ b/modules/negotiate/lib/Auth/Source/Negotiate.php
@@ -116,9 +116,9 @@ class sspmod_negotiate_Auth_Source_Negotiate extends SimpleSAML_Auth_Source
assert('FALSE');
}
- SimpleSAML\Logger::debug('Negotiate - authenticate(): looking for Negotate');
+ SimpleSAML\Logger::debug('Negotiate - authenticate(): looking for Negotiate');
if (!empty($_SERVER['HTTP_AUTHORIZATION'])) {
- SimpleSAML\Logger::debug('Negotiate - authenticate(): Negotate found');
+ SimpleSAML\Logger::debug('Negotiate - authenticate(): Negotiate found');
$this->ldap = new SimpleSAML_Auth_LDAP(
$this->hostname,
$this->enableTLS,
@@ -151,7 +151,7 @@ class sspmod_negotiate_Auth_Source_Negotiate extends SimpleSAML_Auth_Source
$user = $auth->getAuthenticatedUser();
SimpleSAML\Logger::info('Negotiate - authenticate(): '.$user.' authenticated.');
$lookup = $this->lookupUserData($user);
- if ($lookup) {
+ if ($lookup !== null) {
$state['Attributes'] = $lookup;
// Override the backend so logout will know what to look for
$state['LogoutState'] = array(
--
GitLab