I'd quite like to get Piers Harding's opinion on this before we just go ahead with it. I think he found a workaround for this in the saml auth plugin using the remoteusername field instead of the username. If that could work, it'd have the advantage of keeping usernames human-readable, which most non-SSO sites would prefer. But it may be that it's not appropriate to use that field for ldap.
-- You received this bug notification because you are a member of Mahara Committers, which is subscribed to Mahara. https://bugs.launchpad.net/bugs/548165 Title: Increase length of username column to 255 to support shibboleth/SSO userIDs Status in Mahara ePortfolio: Confirmed Bug description: get_new_username in lib/user.php truncates username to 30 characters by default. In some cases this is too short. As an example I have modified the SimpleSAMLPhP authenticator to use the Internet2 Shibboleth SAML service provider (SP). In cases where the eduPersonPrincipleName attribute (which look like [email protected]) is not provider to the SP, the SP can either use the SAML1 eduPersonTargetedID attribute (which looks like [email protected]) or the serialized SAML2 NameID (which looks like "!IdP-entityID!SP-entityID!lq7q48crsqzyqehetxahzcgi/bc=" and the entityIDs have the form of a URL) as usernames. 30 characters is far to small to handle this and more over the varchar(100) username field in the various tables like 'usr' will impact on this issue aswell. My guess is that you should be looking atleast 256 or 512 characters for this. PS. This is an issue for both SSP and Shibboleth. This bug was imported from eduforge.org, see: https://eduforge.org/tracker/index.php?func=detail&aid=3424&group_id=176&atid=739 _______________________________________________ Mailing list: https://launchpad.net/~mahara-core Post to : [email protected] Unsubscribe : https://launchpad.net/~mahara-core More help : https://help.launchpad.net/ListHelp
