[VCL-1105] Shibboleth authentication broken due to bug in getCryptKeyID - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Critical
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 2.5.1
Component/s: web gui (frontend)
Labels:
None

Description

Shibboleth authentication results in a failed query due to the way the cryptkeyid file is located in getCryptKeyID in utils.php. The function ends up getting called from vcl/shibauth/index.php. This results in the function looking for vcl/shibauth/.ht-inc/cryptkey/cryptkeyid instead of vcl/.ht-inc/cryptkey/cryptkeyid. An additional preg_replace should be added to strip out /shibauth if it exists in $_SERVER['SCRIPT_FILENAME'].

function getCryptKeyID() {
$reg = "|" . SCRIPT . "$|";
$filebase = preg_replace($reg, '', $_SERVER['SCRIPT_FILENAME']);
$filebase = preg_replace('|/shibauth|', '', $filebase);
$filebase .= "/.ht-inc/cryptkey";
$idfile = "$filebase/cryptkeyid";

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Josh Thompson

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 17/Oct/18 17:42

Updated:: 11/Dec/18 22:54

Resolved:: 11/Dec/18 19:22