Add test-idp-ssl role - Githubissues

SURFscz / SRAM-deploy

Deploy scripts for the SCZ

Apache License 2.0

5 stars 5 forks source link

Closed mrvanes closed 12 months ago

baszoetekouw commented 1 year ago

@mrvanes I've renamed this role to something that is less confusing (hopefully), and cleaned up the config a bit.

It now basically works, except that not all attributes are gathered from the x509 cert correctly. The new IdP gives:

Screenshot 2023-09-19 at 13 45 54

While the old one gives: Screenshot 2023-09-19 at 13 56 56

So please fix:

[x] uid
[x] subject-id (NB: is also broken in the old IdP, should be sha256(<uid>)@<sho>
[x] mail
[x] eppn

mrvanes commented 1 year ago

Can't reproduce uid/mail/eppn problem. My DN correctly contains emailAddress (case-sensitive): emailAddress=martin.vanes@surf.nl,CN=Martin van Es,C=NL,ST=Utrecht,street=Moreelsepark 48,O=SURF B.V.,postalCode=3511 EP https://github.com/SURFscz/remoteuserssl/blob/main/src/Auth/Source/RemoteUserSSL.php#L81

mrvanes commented 1 year ago