fix shibboleth misconfigurations resulting in authentication bypassfix-shibboleth-auth-with-no-uid

author: Brian Neel <brian@gitlab.com> 2016-11-10 20:14:54 -0500
committer: Brian Neel <brian@gitlab.com> 2016-11-14 17:10:20 -0500
commit: 067da6224ef2cc53ae4ac38e3f3d1c99d1a97f96 (patch)
tree: 0399ffb2062fa48066fab183c0b426b31402fdb9 /config/initializers
parent: a3fd8521fb036b1f7153cad58234e8cb08246278 (diff)
download: gitlab-ce-fix-shibboleth-auth-with-no-uid.tar.gz
1 files changed, 4 insertions, 0 deletions
diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb
index a0a8f88584c..a5b415457db 100644
--- a/config/initializers/devise.rb
+++ b/config/initializers/devise.rb
@@ -254,6 +254,10 @@ Devise.setup do |config|
         end
       end
 
+      if provider['name'] == 'shibboleth'
+        provider['args'][:fail_with_empty_uid] = true
+      end
+
       # A Hash from the configuration will be passed as is.
       provider_arguments << provider['args'].symbolize_keys
     end
author	Brian Neel <brian@gitlab.com>	2016-11-10 20:14:54 -0500
committer	Brian Neel <brian@gitlab.com>	2016-11-14 17:10:20 -0500
commit	067da6224ef2cc53ae4ac38e3f3d1c99d1a97f96 (patch)
tree	0399ffb2062fa48066fab183c0b426b31402fdb9 /config/initializers
parent	a3fd8521fb036b1f7153cad58234e8cb08246278 (diff)
download	gitlab-ce-fix-shibboleth-auth-with-no-uid.tar.gz