Univention Bugzilla – Bug 53723
[5.0] SAML IdP: Group member comparison should be case insensitive
Last modified: 2022-12-19 13:25:04 CET
+++ This bug was initially created as a clone of Bug #53432 +++ A group GRP_teacher was created in a sync mode AD. The group was correct synchronised to UCS LDAP and also correct placed in /etc/simplesamlphp/serviceprovider_enabled_groups.json but in the users memberof list it was lowercased. The comparison of the group names should be case insensitive in SAML to prevent authentication rejects caused by case differences.
10_add_case_insensitive_comparison_for_ldap_attributes.quilt svn 19418 simplesamlphp 1.16.3-1+deb10u2A~5.0.0.202108301929 d86f22c9 Add case insensitive comparisons for LDAP attributes to service provider config univention-saml 7.0.4-17A~5.0.0.202108301924 2faf47ff yaml
Verified: * SVN patch same as in 4.4-8 and applied to simplesamlphp 1.16.3-1+deb10u2A~5.0.0.202108301929 * PHP-Code, listener resync in postinst, debian/changelog * Neither advisories nor documentation change required
Sorry, advisories are there obviously.
<https://errata.software-univention.de/#/?erratum=5.0x80> <https://errata.software-univention.de/#/?erratum=5.0x81>