request for attribute mapping

[tthorp]

At Brown, our shibboleth attributes are named with consistency on all of our SPs but our attributes do not match the attributes that SimpleShib expects. The result is an endless authentication loop. To give a little background, Brown's attribute names were decided when we implemented Shibboleth. For example, we use 'Shibboleth-brownShortId' to identify the username of the user. It looks like the SimpleShib plugin's code is looking for an attribute named 'uid'. We could rename our attributes on these servers but it would be ideal (from our perspective) to map the names using constants in the plugin. There are a few ways to do this but I wanted to start by asking if the request is understood and then proceed to how we can work together on a solution.

Thanks! -Tim Thorp Web Developer Brown University

[srguglielmo]

Hi Tim!

I definitely understand this. I wrote this with our environment in mind, but I can definitely add some configuration for other environments. I believe this is related to #2 (different fcgi modules process the headers differently, it seems).

Based on my current schedule, it might be a week or two before I'm able to make the modifications. However, it does sound like a good idea and I'm definitely on board.

[tthorp]

Thank you Stephen. I'm glad that made sense and appreciate your prompt attention and support!

[srguglielmo]

Hi @tthorp, could you please test out e0d52eb0218484a142a67e3ed80242ec2927c4bb from the custom_attributes branch?

[tthorp]

Thanks Steve. I tested by adding my attribute map and attempted authentication. The following errors were thrown:

(reported by plugin) ERROR: credentials are correct, but an error occurred creating the local account. Please open a support ticket with this error.

(reported by apache) Notice: Undefined variable: Attributes in /var/www/professional/wp-content/mu-plugins/simpleshib.php on line 134 Warning: Invalid argument supplied for foreach() in /var/www/professional/wp-content/mu-plugins/simpleshib.php on line 134 Notice: Undefined variable: Attributes in /var/www/professional/wp-content/mu-plugins/simpleshib.php on line 172 Notice: Undefined index: in /var/www/professional/wp-content/mu-plugins/simpleshib.php on line 172 Notice: Undefined variable: Attributes in /var/www/professional/wp-content/mu-plugins/simpleshib.php on line 173 Notice: Undefined index: in /var/www/professional/wp-content/mu-plugins/simpleshib.php on line 173 Notice: Undefined variable: Attributes in /var/www/professional/wp-content/mu-plugins/simpleshib.php on line 174 Notice: Undefined index: in /var/www/professional/wp-content/mu-plugins/simpleshib.php on line 174 Notice: Undefined variable: Attributes in /var/www/professional/wp-content/mu-plugins/simpleshib.php on line 175 Notice: Undefined index: in /var/www/professional/wp-content/mu-plugins/simpleshib.php on line 175

[tthorp]

I should also mention that for my test case, I had a non-shib wordpress account whose username is the same as my uid. I expected the plugin to map the existing account if it already existed but that may be a separate issue.

[srguglielmo]

Ah, sorry about that. I was missing $this-> when referencing $Attributes. That's what I get for coding tired! Could you test again?

The plugin should definitely map the existing account to the "shib" account as long as the UIDs match.

[tthorp]

My debug log was full of: Shibboleth Debug: auth_or_redirect(): Logged in nowhere!

It wasn't working because on line 135, the method validates the key and it should be validating the value. So changing line 135 to the following fixes it.

if (!isset($_SERVER[$Val]) || empty($Val)) {

[tthorp]

Do you plan on integrating this change into the master?

[srguglielmo]

Hi @tthorp,

I know this is significantly after the fact, and I apologize for dropping the ball on this.

Version 1.2.0 added a settings menu for configuration. This is released here and on wordpress.org.

Version 1.2.1 added options for custom IdP attributes for username, firstname, lastname, and email. Version 1.2.1 is not yet released on wordpress.org, but it is tagged here on GitHub.

If you're still interested in this, feel free to test. I'm also going to perform my own testing locally. If all looks good, I'll push it out to wordpress.org.

Thanks, and again I apologize. Steve

[srguglielmo]

Hi @tthorp,

SimpleShib release 1.2.2, which includes custom IdP attributes as of 1.2.1, has been pushed both on GitHub and WordPress.org. I'll close out this ticket, but feel free to create another one if you have issues.

Thanks! Steve