diff --git a/docs/simplesamlphp-changelog.txt b/docs/simplesamlphp-changelog.txt index 62554114eb435fb56f5c2f4428ad848226e57a49..7b0e813fdc9f44b21df00fd0f443364b3893d8d6 100644 --- a/docs/simplesamlphp-changelog.txt +++ b/docs/simplesamlphp-changelog.txt @@ -102,6 +102,10 @@ Released 2012-05-XX. * Simpler configuration for disabling consent for one SP or one IdP. * Do not connect to the database when consent is disabled for the current SP/IdP. +### `consentAdmin` + + * Fix for bridged IdP setup with `userid.attribute` set in `saml20-idp-hosted` metadata. + ### `cron` * Set the From-address to be the technical contact email address. diff --git a/modules/consentAdmin/www/consentAdmin.php b/modules/consentAdmin/www/consentAdmin.php index 01dd165d642bef48547c29c3ae843783ee4502d4..d659a9776a572f76bb03c913893bd2d1199f7444 100644 --- a/modules/consentAdmin/www/consentAdmin.php +++ b/modules/consentAdmin/www/consentAdmin.php @@ -84,6 +84,11 @@ $metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler(); /* * Get IdP id and metadata */ + + +$local_idp_entityid = $metadata->getMetaDataCurrentEntityID('saml20-idp-hosted'); +$local_idp_metadata = $metadata->getMetaData($local_idp_entityid, 'saml20-idp-hosted'); + if($as->getAuthData('saml:sp:IdP') !== NULL) { /* * From a remote idp (as bridge) @@ -94,12 +99,13 @@ if($as->getAuthData('saml:sp:IdP') !== NULL) { /* * from the local idp */ - $idp_entityid = $metadata->getMetaDataCurrentEntityID('saml20-idp-hosted'); - $idp_metadata = $metadata->getMetaData($idp_entityid, 'saml20-idp-hosted'); + $idp_entityid = $local_idp_entityid; + $idp_metadata = $local_idp_metadata; } // Get user ID -$userid_attributename = (isset($idp_metadata['userid.attribute']) && is_string($idp_metadata['userid.attribute'])) ? $idp_metadata['userid.attribute'] : 'eduPersonPrincipalName'; +$userid_attributename = (isset($local_idp_metadata['userid.attribute']) && is_string($local_idp_metadata['userid.attribute'])) ? $local_idp_metadata['userid.attribute'] : 'eduPersonPrincipalName'; + $userids = $attributes[$userid_attributename]; if (empty($userids)) {