Bug: ShibbAuth cannot log in with 'DefaultRole' => false

[JoePJisc]

Actual behavior

https://github.com/MISP/MISP/tree/2.4/app/Plugin/ShibbAuth#misp-plugin-configuration says to set DefaultRole to false to not set a default role and reject logins from users not in a valid role, however, this tries to set the user's role to an empty string, which blocks use creation and log on.

This can be worked around by omitting DefaultRole from config.php.

Expected behavior

Setting DefaultRole to false should behave the same as omitting the option.

I think https://github.com/MISP/MISP/blob/536bbb9d92073b2653b781c213f89da33bcb61bf/app/Plugin/ShibbAuth/Controller/Component/Auth/ApacheShibbAuthenticate.php#L122C9-L123C28 needs an additional condition to check the value isn't a boolean false.

Steps to reproduce

1. Configure MISP to use Shibboleth per the above documentation,
2. Attempt to log in with DefaultRole set to false (issue occurs),
3. Attempt to log in with DefaultRole set to 1 (login succeeds and regardless of role in SAML user is an admin),
4. Attempt to log in with DefaultRole omitted (login succeeds and user has their SAML/Shibboleth assigned role),

Version

2.4.189

Operating System

Docker Container

Operating System version

php:7.4-apache

PHP version

7.4

Browser

No response

Browser version

No response

Relevant log output

User role  assigned.

Extra attachments

No response

Code of Conduct

• I agree to follow this project's Code of Conduct