New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Remove "userid.attribute" #3

Open
olavmrk opened this Issue Feb 27, 2014 · 5 comments

Comments

Projects
None yet
5 participants
@olavmrk
Contributor

olavmrk commented Feb 27, 2014

This option can be set on destination and source metadata, but relying on this attribute makes filters rather confusing. It would be better to specifically list the attribute to be used as an user identifier in the applicable filters.

@gollmann

This comment has been minimized.

Contributor

gollmann commented Mar 22, 2016

Hi,
there seems to be an inconsistency in SSP 1.14 regarding userid.attribute:

Setting the attribute for the IdP in saml20-idp-hosted.php already results in warnings:

The 'userid.attribute' option has been deprecated.

OTOH the consent module (consent:Consent) still requires the UserID, see https://simplesamlphp.org/docs/stable/consent:consent

NB: since the consent module is run after attributes are filtered the uid-attribute usually is not and should not be available anymore.

Kind regards, Georg

@jaimeperez

This comment has been minimized.

Member

jaimeperez commented Mar 22, 2016

Hi @gollmann!

The userid.attribute option has been indeed deprecated, and will be removed in 2.0. That doesn't mean it's no longer in use. It is, in many places, and we'll slowly take it off. It will keep working during 1.14.x as you have seen, and also in 1.15.x, but in the latter there will be alternatives to it for every module or place where it's used.

MarvinDurot added a commit to Elipce-Informatique/simplesamlphp that referenced this issue Jun 29, 2016

MarvinDurot added a commit to Elipce-Informatique/simplesamlphp that referenced this issue Jun 29, 2016

falco76 pushed a commit to falco76/simplesamlphp that referenced this issue Apr 19, 2018

Merge pull request simplesamlphp#3 from salvorapi/master
Corretta la guida alla config con i path corretti.
@w3care

This comment was marked as off-topic.

w3care commented Jul 6, 2018

Hi Jaime,
I need help in resolving the error: -
core:TargetedID: Missing UserID for this user. Please check the 'userid.attribute' option in the metadata against the attributes provided by the authentication source
I have done the followings -

  1. Setup an IdP
  2. Setup an SP
  3. Set twitter as the authsource
  4. My SP receives response when I do not use authproc, it receives all the authentication data from twitter.
  5. But when I try to add filter, it gives me the above error. I made a change in the twitter mapping file - 'twitter.email' => 'uid',
  6. What else we need to add in the authsource when we use Twitter:
    'twitter' => array(
    'authtwitter:Twitter',
    'key' => ''.$twitterapikey.'',
    'secret' => ''.$twittersecret.'',
    'force_login' => FALSE,
    'userid.attribute' => 'email',
    'attributes' => array(
    'IDPEmail' => 'urn:oasis:names:tc:SAML:2.0:attrname-format:email',
    ),

Any help will be greatly appreciated.

@jaimeperez

This comment was marked as off-topic.

Member

jaimeperez commented Jul 9, 2018

Hi @w3care,

This is an issue tracker, not a support forum. Please use the mailing list if you need support.

@thijskh

This comment has been minimized.

Member

thijskh commented Aug 29, 2018

@jaimeperez I'm not sure it's useful to start issuing deprecation notices to users if they cannot stop using that configuration setting. Maybe we should just mark it as deprecated in the code?

When the time has come that you indeed do not need to use this option anymore, we'd need to put something in the upgrade notes to tell users what the alternatives are, because that's now also lacking.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment