Ticket #28 (defect)

Opened 2 years ago

Last modified 2 years ago

resolver hard-codes domain extension

Status: new

Reported by: jpr@openidp.org Assigned to: jpr@openidp.org
Priority: standard Keywords: idp resolver short-circuit sympa
Cc:

In order to work with the provided short-circuit identity provider, the resover code for the idp hard-codes the domain @myvocs-box to the end of the attributes extracted from the Sympa database. These values should come from proper construction of the netid via the short-circuit idp.

Attachments

resolver-myvocs.xml.patch (1.1 kB) - added by jpr@openidp.org on 07/30/07 13:50:13.
Patch file for removing hard-coded scope from resolver

Change History

07/30/07 01:03:19: Modified by jpr@openidp.org

Work around:

The resolver-myvocs.xml file in /etc/shibboleth needs to be updated to remove hard coded references to "myVocs-box".

Replace the concat(?,"@myvocs-box") string with ? in each SQL query statement (3 occurances).

Remove the smartScope element attribute in the urn:mace:dir:attribute-def:eduPersonPrincipalName AttributeDefinition? element.

It should change from: 

    <SimpleAttributeDefinition
        id="urn:mace:dir:attribute-def:eduPersonPrincipalName"
        smartScope="myvocs-box">
        <DataConnectorDependency requires="echo"/>
    </SimpleAttributeDefinition>

to 

    <SimpleAttributeDefinition
        id="urn:mace:dir:attribute-def:eduPersonPrincipalName">
        <DataConnectorDependency requires="echo"/>
    </SimpleAttributeDefinition>

07/30/07 09:36:47: Modified by jpr@openidp.org

A scriptable work around:

You can save the patch to the file resolver-myvocs.xml.patch in /etc/shibboleth: 

vi /etc/shibboleth/resolver-myvocs.patch

Patch file content: 

--- resolver-myvocs.xml 2007-07-30 08:37:17.677996497 -0500
+++ resolver-myvocs.xml-new     2007-07-30 08:29:11.755836558 -0500
@@ -19,8 +19,7 @@
     </SimpleAttributeDefinition>

     <SimpleAttributeDefinition
-       id="urn:mace:dir:attribute-def:eduPersonPrincipalName"
-       smartScope="myvocs-box">
+       id="urn:mace:dir:attribute-def:eduPersonPrincipalName">
        <DataConnectorDependency requires="echo"/>
     </SimpleAttributeDefinition>

@@ -41,7 +40,7 @@
                 from
                   admin_table at, netidmap nim
                 where
-                  at.user_admin = nim.email and nim.netid = concat(?,"@myvocs-box")
+                  at.user_admin = nim.email and nim.netid = ?

                 union

@@ -52,7 +51,7 @@
                 from
                   subscriber_table st, netidmap nim
                 where
-                  st.user_subscriber = nim.email and nim.netid = concat(?,"@myvocs-box")
+                  st.user_subscriber = nim.email and nim.netid = ?

                 union

@@ -63,7 +62,7 @@
                from
                   user_table ut, netidmap nim
                where
-                  ut.email_user = nim.email and nim.netid = concat(?,"@myvocs-box")
+                  ut.email_user = nim.email and nim.netid = ?

          </Query>

Apply the patch: 

patch /etc/shibboleth/resolver-myvocs.xml < /etc/shibboleth/resolver-myvocs.xml.patch

07/30/07 13:50:13: Modified by jpr@openidp.org

  • attachment resolver-myvocs.xml.patch added.

Patch file for removing hard-coded scope from resolver