IdP pre-selection hints issues
Hello Lukas.
I'm having a look at SwitchWAYF usage of MDUI hints, since we just added them to our metadata generation tooling. I'm having multiple issues.
First, the current code hardcodes usage of $_SERVER["REMOTE_ADDR"] to compute client IP adress, which is obviously wrong when the discovery service is proxyfied. A better solution would be a dedicated function, which would first check existence of X-Forwarded-For header, and fallback to $_SERVER["REMOTE_ADDR"] if it doesn't exists.
Second, the getIPAdressHint() function tries to retrieve IP hints from "IP" key in IdP data structure:
if (is_array($idp) && array_key_exists("IP", $idp)) {
However, metadata parsing in processIDPRoleDescriptor() function saves this information with "IPHint" key:
if ($MDUIIPHints){
$IDP['IPHint'] = $MDUIIPHints;
}
And I couldn't find anything creating this "IP" key. The obvious fix would be to change getIPAdressHint().
Third, the getDomainNameFromURIHint() function doesn't seem to use information from MDUI hints, and just tries to find the first IdP whose entityID contains the same domain name as the client. I'd rather first try explicit domain name from MDUI hints, f available, and use current behaviour as fallback only.