From b04881e7cd23e60a170445e83915fa7054567663 Mon Sep 17 00:00:00 2001
From: Michael M Slusarz <slusarz@curecanti.org>
Date: Tue, 25 Jan 2011 00:07:00 -0700
Subject: [PATCH] Fix shibboleth authentication checking

Need to check shibboleth auth username to the original auth username,
not the Horde username (since the Horde username may have been altered
post-login by a hook).
---
 framework/Core/lib/Horde/Core/Auth/Shibboleth.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/framework/Core/lib/Horde/Core/Auth/Shibboleth.php b/framework/Core/lib/Horde/Core/Auth/Shibboleth.php
index 35bf9eb71..4bfec069d 100644
--- a/framework/Core/lib/Horde/Core/Auth/Shibboleth.php
+++ b/framework/Core/lib/Horde/Core/Auth/Shibboleth.php
@@ -24,7 +24,7 @@ class Horde_Core_Auth_Shibboleth extends Horde_Auth_Shibboleth
     public function validateAuth()
     {
         return !empty($_SERVER[$this->getParam('username_header')]) &&
-               ($this->_removeScope($_SERVER[$this->getParam('username_header')]) == $GLOBALS['registry']->getAuth());
+               ($this->_removeScope($_SERVER[$this->getParam('username_header')]) == $GLOBALS['registry']->getAuth('original'));
     }
 
 }
-- 
2.11.0