consentAdmin: Fix consentAdmin with custom userid.attribute on bridged IdP

Thanks to Sixto Martin for finding and fixing this bug!

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@3100 44740490-163a-0410-bde0-09ae8108e29a

docs/simplesamlphp-changelog.txt

@@ -102,6 +102,10 @@ Released 2012-05-XX.
   * Simpler configuration for disabling consent for one SP or one IdP.
   * Do not connect to the database when consent is disabled for the current SP/IdP.
 
+### `consentAdmin`
+
+  * Fix for bridged IdP setup with `userid.attribute` set in `saml20-idp-hosted` metadata.
+
 ### `cron`
 
   * Set the From-address to be the technical contact email address.

modules/consentAdmin/www/consentAdmin.php

@@ -84,6 +84,11 @@ $metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
 /*
  * Get IdP id and metadata
  */
+
+
+$local_idp_entityid = $metadata->getMetaDataCurrentEntityID('saml20-idp-hosted');
+$local_idp_metadata = $metadata->getMetaData($local_idp_entityid, 'saml20-idp-hosted');
+
 if($as->getAuthData('saml:sp:IdP') !== NULL) {
 	/*
 	 * From a remote idp (as bridge)
@@ -94,12 +99,13 @@ if($as->getAuthData('saml:sp:IdP') !== NULL) {
 	/*
 	 * from the local idp
 	 */
-	$idp_entityid = $metadata->getMetaDataCurrentEntityID('saml20-idp-hosted');
-	$idp_metadata = $metadata->getMetaData($idp_entityid, 'saml20-idp-hosted');
+	$idp_entityid = $local_idp_entityid;
+	$idp_metadata = $local_idp_metadata;
 }
 
 // Get user ID
-$userid_attributename = (isset($idp_metadata['userid.attribute']) && is_string($idp_metadata['userid.attribute'])) ? $idp_metadata['userid.attribute'] : 'eduPersonPrincipalName';
+$userid_attributename = (isset($local_idp_metadata['userid.attribute']) && is_string($local_idp_metadata['userid.attribute'])) ? $local_idp_metadata['userid.attribute'] : 'eduPersonPrincipalName';
+
 $userids = $attributes[$userid_attributename];
 		
 if (empty($userids)) {