Mahara ePortfolio

auth/saml default remoteuser

Reported by PiersHarding on 2012-02-15
256
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Mahara
High
PiersHarding
1.4
High
PiersHarding

Bug Description

The auth/saml plugin should have the option "Match username attribute to Remote username" defaulted to true, as this presents a risk in multi-tenanted Mahara instances (different institutions may clash on usernames so the default behaviour should be to match on the external one).

Changed in mahara:
status: New → In Progress
assignee: nobody → PiersHarding (piersharding)
Changed in mahara:
status: In Progress → Fix Committed
François Marier (fmarier) wrote :

BTW Piers, we use "fix committed" only when the fix has been merged onto the final branch. While it's in review, we use "in progress".

Changed in mahara:
status: Fix Committed → In Progress
importance: Undecided → Critical
milestone: none → 1.3.8
security vulnerability: no → yes
Changed in mahara:
importance: Critical → High
tags: added: saml

Reviewed: https://reviews.mahara.org/1053
Committed: http://gitorious.org/mahara/mahara/commit/f07be6020e70fa8f53cd77fdcd63e7fd7ff8aaea
Submitter: Francois Marier (<email address hidden>)
Branch: master

commit f07be6020e70fa8f53cd77fdcd63e7fd7ff8aaea
Author: Piers Harding <email address hidden>
Date: Thu Feb 16 06:19:41 2012 +1300

    auth/saml default remoteuser (bug #932909)

    Ensure that default behaviour is to match user
    to remote user name

    Change-Id: Iadabb5c47004786af6fb6e2e6ac0590fb4a887d8
    Signed-off-by: Piers Harding <email address hidden>

François Marier (fmarier) wrote :

Piers: would you be able to quickly test the 1.3 and 1.4 cherry-picks I just pushed to gerrit?

  https://reviews.mahara.org/#change,1061
  https://reviews.mahara.org/#change,1062

(I've tested that the setting is turned on by default, but I don't feel confident enough to test the other changes in that patch.)

Richard: given I was the one to do the cherry-pick can you quickly double-check to make sure everything looks fine and give your +2?

Mahara Bot (dev-mahara) wrote :

Reviewed: https://reviews.mahara.org/1061
Committed: http://gitorious.org/mahara/mahara/commit/46dfa1bcc5bafda7f8aadf6fae33d77e4ce6190f
Submitter: Francois Marier (<email address hidden>)
Branch: 1.3_STABLE

commit 46dfa1bcc5bafda7f8aadf6fae33d77e4ce6190f
Author: Francois Marier <email address hidden>
Date: Mon Feb 20 14:40:05 2012 +1300

    auth/saml default remoteuser (bug #932909)

    Ensure that default behaviour is to match user
    to remote user name

    (cherry picked from commit f07be6020e70fa8f53cd77fdcd63e7fd7ff8aaea)

    Conflicts:

     htdocs/auth/saml/lang/en.utf8/auth.saml.php
     htdocs/auth/saml/lib.php

    Change-Id: Ieda14dc11692f3f703aa0d5b4e87761107196356
    Signed-off-by: Francois Marier <email address hidden>

Mahara Bot (dev-mahara) wrote :

Reviewed: https://reviews.mahara.org/1062
Committed: http://gitorious.org/mahara/mahara/commit/d642724b4e6016df988c2fe25aad0543927af072
Submitter: Francois Marier (<email address hidden>)
Branch: 1.4_STABLE

commit d642724b4e6016df988c2fe25aad0543927af072
Author: Francois Marier <email address hidden>
Date: Mon Feb 20 14:50:32 2012 +1300

    auth/saml default remoteuser (bug #932909)

    Ensure that default behaviour is to match user
    to remote user name

    (cherry picked from commit f07be6020e70fa8f53cd77fdcd63e7fd7ff8aaea)

    Conflicts:

     htdocs/auth/saml/lib.php

    Change-Id: I4db156b2e0023315a2bcf09f47c4fbf7b23ce348
    Signed-off-by: Francois Marier <email address hidden>

Changed in mahara:
status: In Progress → Fix Committed
Melissa Draper (melissa) on 2012-03-06
Changed in mahara:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers