Check for username instead of Shib-Session-ID (#97)

Not all systems specify Shib-Session-ID in the same way. Instead, by checking for the already-customizable username attribute, we can avoid another way that the service configuration differences can prevent the correct functioning of the system. --------- Co-authored-by: Spencer Fasulo (Work) <[email protected]> Co-authored-by: Jonathan Champ <[email protected]>
michaelryanmcneill · Oct 31, 2023 · d64dd2b · d64dd2b
1 parent 4c69be2
commit d64dd2b
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/shibboleth.php b/shibboleth.php
@@ -376,7 +376,8 @@ function shibboleth_admin_hooks() {
 function shibboleth_session_active( $auto_login = false ) {
 	$active = false;
 	$method = shibboleth_getoption( 'shibboleth_attribute_access_method' );
-	$session = shibboleth_getenv( 'Shib-Session-ID' );
+	$shib_headers = shibboleth_getoption( 'shibboleth_headers', array(), true );
+	$session = shibboleth_getenv( $shib_headers['username']['name'] );
 
 	if ( $session && 'http' !== $method ) {
 		$active = true;