Patch: Add attributes key to negotiate configuration

GoogleCodeExporter commented 8 years ago

The Negotiate docs mention a reference to the LDAP module for detailed 
explanation of used configuration keys. One missing key is the 'attributes' 
array to specify what attributes should be retrieved. The attached patch adds 
the ability to specify an array of attributes to collect, just like in the LDAP 
module.

The patch is not just a nice to have. I have encountered failing SAML Responses 
containing ugly binary AD attributes that were not correctly encoded in the 
Response's POST body and caused the receiving SP to give up on parsing the 
message. Patching Negotiate with attached patch and selecting only the 
necessary attributes fixed the problem!

Original issue reported on code.google.com by mrva...@gmail.com on 24 Oct 2013 at 9:09

Attachments:

negotiate.patch

GoogleCodeExporter commented 8 years ago

Thanks! Committed as r3282.

Original comment by olavmrk@gmail.com on 24 Oct 2013 at 10:40

Changed state: Fixed
Added labels: Type-Enhancement

GoogleCodeExporter commented 8 years ago

Maybe a tiny hint in the docs as well?

All configuration is handled in authsources.php:

     'weblogin' => array(
             'negotiate:Negotiate',
             'keytab' => '/path/to/keytab-file',
             'fallback' => 'ldap',
             'hostname' => 'ldap.example.com',
             'base' => 'cn=people,dc=example,dc=com',
+             'attributes' => array('cn', 'mail'),
             'adminUser' => 'cn=idp-fallback,cn=services,dc=example,dc=com',
             'adminPassword' => 'VerySecretPassphraseHush'

...

'hostname', 'enable_tls', 'debugLDAP', 'timeout', 'attributes' and 'base' are
self-explanatory. Read the documentation of the LDAP auth module for
more information.

Original comment by mrva...@gmail.com on 24 Oct 2013 at 1:27

jerrcs / simplesamlphp

Patch: Add attributes key to negotiate configuration #577