Problem with the value of the $userId in the consent and consentAdmin modules in a bridge (idp+sp) node

[GoogleCodeExporter]

In the consent module the $userid is used to build a hash that will work as 
primary key.

This $userid at the consent module is defined in the lib/Auth/Process.php 
(process function) and get the value of the $state['UserID'].  

As say at the documentation of the consent is important to define in the 
saml20-idp-hosted.php the name of the user ID attribute
     'userid.attribute' => 'uid',   //default is eduPersonPrincipalName

The problem came at the consentAdmin if we define a 'userid.attribute' 
different than eduPersonPrincipalName.

At the www/consentAdmin.php we obtain the $idp_metadata.

We use a bridge node, so the $idp_metadata will be set with the metadata from 
the saml20-idp-remote.

The problem is that later it calculate the $userid_attributename based on this 
$idp_metadata instead of the local_idp metadata (remember that we used at 
consent the 'userid.attribute' parameter from local_idp metadata's that can be 
different from the remote_idp_metadata) 

Solution: At www/consentAdmin.php, calculate the $userid_attributename always 
using the 'userid.attribute' of the local idp

Original issue reported on code.google.com by smar...@yaco.es on 18 May 2012 at 12:03

[GoogleCodeExporter]

Original comment by smar...@yaco.es on 18 May 2012 at 12:24

Attachments:

• consentAdmin_userid_patch.diff

[GoogleCodeExporter]

Thanks! Applied in r3100 (and for 1.9 in r3101).

Original comment by olavmrk@gmail.com on 21 May 2012 at 10:05

• Changed state: Fixed
• Added labels: Type-Defect