At login, @knaw.nl resolves to a different KNAW institute

[FlorisFokkinga]

So the name, here shown as 'eduid.nl', is wrong.

Resolved from eduGAIN:

[oharsta]

@FlorisFokkinga When I look up this user in the SBS test database, I see the following schac_home:

mysql> select uid, name, email, schac_home_organisation from users where name like '%SRAM%';
+----------------------------------------------------------------+-----------+----------------------+-------------------------+
| uid                                                            | name      | email                | schac_home_organisation |
+----------------------------------------------------------------+-----------+----------------------+-------------------------+
| c46818640d83ec0355837ba66624b24a90ab619d@acc.sram.eduteams.org | SRAM Demo | sramdemo@hotmail.com | eduid.nl                |
+----------------------------------------------------------------+-----------+----------------------+-------------------------+

The schac_home organisation eduid.nl does not resolve to a description in the https://metadata.surfconext.nl/signed/2023/edugain-downstream-idp.xml feed, and therefore the schac_home is show. What were you expecting and why?

[FlorisFokkinga]

Sorry, the screenshot is only an example. The problem is with domain knaw.nl.

[oharsta]

This is caused by the use of a regular expression for the Scope. Currently in de edugain feed of ~25MB there is one use of a regexp in the Scope element:

curl 'httpscurl 'https://metadata.surfconext.nl/signed/2023/edugain-downstream-idp.xml' | grep 'regexp="1"'
<shibmd:Scope regexp="1">.*\.knaw\.nl$</shibmd:Scope>

Currently we don't support regular expressions in the shibmd:Scope element. In the future we might.

[oharsta]

Fix made in https://github.com/SURFscz/SBS/commit/329a704712df4bcf0cb19077001cd904755ced8d#diff-746877e1e4e470b1adee1436c6c7d330a23ae29b2f65a6234479bf6792363a13. Pending on merge branch.