From b7ccf6748d7a38f1d4d14480ceb9d9d0e343fb38 Mon Sep 17 00:00:00 2001
From: Olav Morken <olav.morken@uninett.no>
Date: Mon, 21 May 2012 10:03:49 +0000
Subject: [PATCH] consentAdmin: Fix consentAdmin with custom userid.attribute
 on bridged IdP

Thanks to Sixto Martin for finding and fixing this bug!

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@3100 44740490-163a-0410-bde0-09ae8108e29a
---
 docs/simplesamlphp-changelog.txt          |  4 ++++
 modules/consentAdmin/www/consentAdmin.php | 12 +++++++++---
 2 files changed, 13 insertions(+), 3 deletions(-)

diff --git a/docs/simplesamlphp-changelog.txt b/docs/simplesamlphp-changelog.txt
index 62554114e..7b0e813fd 100644
--- a/docs/simplesamlphp-changelog.txt
+++ b/docs/simplesamlphp-changelog.txt
@@ -102,6 +102,10 @@ Released 2012-05-XX.
   * Simpler configuration for disabling consent for one SP or one IdP.
   * Do not connect to the database when consent is disabled for the current SP/IdP.
 
+### `consentAdmin`
+
+  * Fix for bridged IdP setup with `userid.attribute` set in `saml20-idp-hosted` metadata.
+
 ### `cron`
 
   * Set the From-address to be the technical contact email address.
diff --git a/modules/consentAdmin/www/consentAdmin.php b/modules/consentAdmin/www/consentAdmin.php
index 01dd165d6..d659a9776 100644
--- a/modules/consentAdmin/www/consentAdmin.php
+++ b/modules/consentAdmin/www/consentAdmin.php
@@ -84,6 +84,11 @@ $metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
 /*
  * Get IdP id and metadata
  */
+
+
+$local_idp_entityid = $metadata->getMetaDataCurrentEntityID('saml20-idp-hosted');
+$local_idp_metadata = $metadata->getMetaData($local_idp_entityid, 'saml20-idp-hosted');
+
 if($as->getAuthData('saml:sp:IdP') !== NULL) {
 	/*
 	 * From a remote idp (as bridge)
@@ -94,12 +99,13 @@ if($as->getAuthData('saml:sp:IdP') !== NULL) {
 	/*
 	 * from the local idp
 	 */
-	$idp_entityid = $metadata->getMetaDataCurrentEntityID('saml20-idp-hosted');
-	$idp_metadata = $metadata->getMetaData($idp_entityid, 'saml20-idp-hosted');
+	$idp_entityid = $local_idp_entityid;
+	$idp_metadata = $local_idp_metadata;
 }
 
 // Get user ID
-$userid_attributename = (isset($idp_metadata['userid.attribute']) && is_string($idp_metadata['userid.attribute'])) ? $idp_metadata['userid.attribute'] : 'eduPersonPrincipalName';
+$userid_attributename = (isset($local_idp_metadata['userid.attribute']) && is_string($local_idp_metadata['userid.attribute'])) ? $local_idp_metadata['userid.attribute'] : 'eduPersonPrincipalName';
+
 $userids = $attributes[$userid_attributename];
 		
 if (empty($userids)) {
-- 
GitLab