diff options
-rw-r--r-- | changelogs/unreleased/fix-shibboleth-auth-with-no-uid.yml | 4 | ||||
-rw-r--r-- | config/initializers/devise.rb | 4 |
2 files changed, 8 insertions, 0 deletions
diff --git a/changelogs/unreleased/fix-shibboleth-auth-with-no-uid.yml b/changelogs/unreleased/fix-shibboleth-auth-with-no-uid.yml new file mode 100644 index 00000000000..56fa2170be3 --- /dev/null +++ b/changelogs/unreleased/fix-shibboleth-auth-with-no-uid.yml @@ -0,0 +1,4 @@ +--- +title: fix shibboleth misconfigurations resulting in authentication bypass +merge_request: 7428 +author: diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb index a0a8f88584c..a5b415457db 100644 --- a/config/initializers/devise.rb +++ b/config/initializers/devise.rb @@ -254,6 +254,10 @@ Devise.setup do |config| end end + if provider['name'] == 'shibboleth' + provider['args'][:fail_with_empty_uid] = true + end + # A Hash from the configuration will be passed as is. provider_arguments << provider['args'].symbolize_keys end |