Removed deprecated attribute handling code. Replaced by auth proc filters......

Removed deprecated attribute handling code. Replaced by auth proc filters... Full documentation will be published tomorrow.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@1106 44740490-163a-0410-bde0-09ae8108e29a

lib/SimpleSAML/XML/AttributeFilter.php

-<?php
-
-/**
- * AttributeFilter is a mapping between attribute names.
- *
- * @author Andreas Åkre Solberg, UNINETT AS. <andreas.solberg@uninett.no>
- * @package simpleSAMLphp
- * @version $Id$
- */
-class SimpleSAML_XML_AttributeFilter {
-
-	private $attributes = null;
-
-	function __construct(SimpleSAML_Configuration $configuration, $attributes) {
-		$this->configuration = $configuration;
-		$this->attributes = $attributes;
-	}
-	
-
-	/**
-	 * Will process attribute napping, and altering based on metadata.
-	 */
-	public function process($idpmetadata, $spmetadata) {
-	
-		if (isset($idpmetadata['attributemap'])) {
-			SimpleSAML_Logger::debug('Applying IdP specific attributemap: ' . $idpmetadata['attributemap']);
-			$this->namemap($idpmetadata['attributemap']);
-		}
-		if (isset($spmetadata['attributemap'])) {
-			SimpleSAML_Logger::debug('Applying SP specific attributemap: ' . $spmetadata['attributemap']);
-			$this->namemap($spmetadata['attributemap']);
-		}
-		if (isset($idpmetadata['attributealter'])) {
-			if (!is_array($idpmetadata['attributealter'])) {
-				SimpleSAML_Logger::debug('Applying IdP specific attribute alter: ' . $idpmetadata['attributealter']);
-				$this->alter($idpmetadata['attributealter'],$spmetadata['entityid'],$idpmetadata['entityid']);
-			} else {
-				foreach($idpmetadata['attributealter'] AS $alterfunc) {
-					SimpleSAML_Logger::debug('Applying IdP specific attribute alter: ' . $alterfunc);
-					$this->alter($alterfunc,$spmetadata['entityid'],$idpmetadata['entityid']);
-				}
-			}
-		}
-		if (isset($spmetadata['attributealter'])) {
-			if (!is_array($spmetadata['attributealter'])) {
-				SimpleSAML_Logger::debug('Applying SP specific attribute alter: ' . $spmetadata['attributealter']);
-				$this->alter($spmetadata['attributealter'],$spmetadata['entityid'],$idpmetadata['entityid']);
-			} else {
-				foreach($spmetadata['attributealter'] AS $alterfunc) {
-					SimpleSAML_Logger::debug('Applying SP specific attribute alter: ' . $alterfunc);
-					$this->alter($alterfunc,$spmetadata['entityid'],$idpmetadata['entityid']);
-				}
-			}
-		}
-		
-	}
-
-	public function processFilter($idpmetadata, $spmetadata) {
-
-		/**
-		 * Filter away attributes that are not allowed for this SP.
-		 */
-		if (isset($spmetadata['attributes'])) {
-			SimpleSAML_Logger::debug('Applying SP specific attribute filter: ' . join(',', $spmetadata['attributes']));
-			$this->filter($spmetadata['attributes']);
-		}
-		
-
-	}
-
-
-	public function namemap($map) {
-		
-		$mapfile = $this->configuration->getPathValue('attributenamemapdir') . $map . '.php';
-		if (!file_exists($mapfile)) throw new Exception('Could not find attributemap file: ' . $mapfile);
-		
-		include($mapfile);
-		
-		$newattributes = array();
-		foreach ($this->attributes AS $a => $value) {
-			if (isset($attributemap[$a])) {
-				$newattributes[$attributemap[$a]] = $value;
-			} else {
-				$newattributes[$a] = $value;
-			}
-		}
-		$this->attributes = $newattributes;
-		
-	}
-	
-	/**
-	 * This function will call custom alter plugins.
-	 */
-	public function alter($rule, $spentityid = null, $idpentityid = null) {
-		
-		$alterfile = $this->configuration->getBaseDir() . 'attributealter/' . $rule . '.php';
-		if (!file_exists($alterfile)) throw new Exception('Could not find attributealter file: ' . $alterfile);
-		
-		include_once($alterfile);
-		
-		$function = 'attributealter_' . $rule;
-		
-		if (function_exists($function)) {
-			$function($this->attributes, $spentityid, $idpentityid);
-		} else {
-			throw new Exception('Could not find attribute alter fucntion: ' . $function . ' in file ' .$alterfile);
-		}
-		
-	}
-	
-	private function addValue($name, $value) {
-		if (array_key_exists($name, $this->attributes)) {
-			$this->attributes[$name][] = $value;
-		} else {
-			$this->attributes[$name] = array($value);
-		}
-	}
-	
-	public function filter($allowedattributes) {
-		$newattributes = array();
-		foreach($this->attributes AS $key => $value) {
-			if (in_array($key, $allowedattributes)) {
-				$newattributes[$key] = $value;
-			}
-		}
-		$this->attributes = $newattributes;
-	}
-	
-	public function getAttributes() {
-		return $this->attributes;
-	}
-
-	
-	
-}
-
-?>
\ No newline at end of file

www/saml2/idp/SSOService.php

@@ -249,30 +249,22 @@ if($needAuth && !$isPassive) {
 		 * Attribute handling
 		 */
 		$attributes = $session->getAttributes();
-		$afilter = new SimpleSAML_XML_AttributeFilter($config, $attributes);
-		$afilter->process($idpmetadata, $spmetadata);
 		
-		/**
-		 * Make a log entry in the statistics for this SSO login.
-		 */
-		$tempattr = $afilter->getAttributes();
-		$realmattr = $config->getValue('statistics.realmattr', null);
-		$realmstr = 'NA';
-		if (!empty($realmattr)) {
-			if (array_key_exists($realmattr, $tempattr) && is_array($tempattr[$realmattr]) ) {
-				$realmstr = $tempattr[$realmattr][0];
-			} else {
-				SimpleSAML_Logger::warning('Could not get realm attribute to log [' . $realmattr. ']');
-			}
-		} 
-		SimpleSAML_Logger::stats('saml20-idp-SSO ' . $spentityid . ' ' . $idpentityid . ' ' . $realmstr);
-		
-		
-		$afilter->processFilter($idpmetadata, $spmetadata);
-				
-		$filteredattributes = $afilter->getAttributes();
+		/*
+			Need to be replaced by a auth proc filter that does the log entry....
+			
+			$realmattr = $config->getValue('statistics.realmattr', null);
+			$realmstr = 'NA';
+			if (!empty($realmattr)) {
+				if (array_key_exists($realmattr, $tempattr) && is_array($tempattr[$realmattr]) ) {
+					$realmstr = $tempattr[$realmattr][0];
+				} else {
+					SimpleSAML_Logger::warning('Could not get realm attribute to log [' . $realmattr. ']');
+				}
+			} 
+		*/
+		SimpleSAML_Logger::stats('saml20-idp-SSO ' . $spentityid . ' ' . $idpentityid . ' NA');
 		
-
 		/* Authentication processing operations. */
 		if (array_key_exists('AuthProcState', $requestcache)) {
 			/* Processed earlier, saved in requestcache. */
@@ -289,17 +281,17 @@ if($needAuth && !$isPassive) {
 			$authProcState = array(
 				'core:saml20-idp:requestcache' => $requestcache,
 				'ReturnURL' => SimpleSAML_Utilities::selfURLNoQuery(),
-				'Attributes' => $filteredattributes,
+				'Attributes' => $attributes,
 				'Destination' => $spmetadata,
 				'Source' => $idpmetadata,
-				);
+			);
 
 			$pc->processState($authProcState);
 
 			$requestcache['AuthProcState'] = $authProcState;
 		}
 
-		$filteredattributes = $authProcState['Attributes'];
+		$attributes = $authProcState['Attributes'];
 
 		
 		
@@ -310,7 +302,7 @@ if($needAuth && !$isPassive) {
 		
 		// Generate an SAML 2.0 AuthNResponse message
 		$ar = new SimpleSAML_XML_SAML20_AuthnResponse($config, $metadata);
-		$authnResponseXML = $ar->generate($idpentityid, $spentityid, $requestcache['RequestID'], null, $filteredattributes);
+		$authnResponseXML = $ar->generate($idpentityid, $spentityid, $requestcache['RequestID'], null, $attributes);
 	
 		// Sending the AuthNResponse using HTTP-Post SAML 2.0 binding
 		$httppost = new SimpleSAML_Bindings_SAML20_HTTPPost($config, $metadata);

www/saml2/sp/AssertionConsumerService.php

@@ -118,12 +118,12 @@ try {
 	 * Attribute handling
 	 */
 	$attributes = $authnResponse->getAttributes();
-	$afilter = new SimpleSAML_XML_AttributeFilter($config, $attributes);
-	$afilter->process($idpmetadata, $spmetadata);
-	
+
 	/**
 	 * Make a log entry in the statistics for this SSO login.
-	 */
+     *
+     * Needs to be replaced by auth proc
+     *
 	$tempattr = $authnResponse->getAttributes();
 	$realmattr = $config->getValue('statistics.realmattr', null);
 	$realmstr = 'NA';
@@ -134,14 +134,8 @@ try {
 			SimpleSAML_Logger::warning('Could not get realm attribute to log [' . $realmattr. ']');
 		}
 	} 
-	SimpleSAML_Logger::stats('saml20-sp-SSO ' . $metadata->getMetaDataCurrentEntityID() . ' ' . $idpentityid . ' ' . $realmstr);
-	
-	
-	$afilter->processFilter($idpmetadata, $spmetadata);
-			
-	$attributes = $afilter->getAttributes();
-
-	SimpleSAML_Logger::info('SAML2.0 - SP.AssertionConsumerService: Completed attribute handling');
+	*/
+	SimpleSAML_Logger::stats('saml20-sp-SSO ' . $metadata->getMetaDataCurrentEntityID() . ' ' . $idpentityid . ' NA');
 	
 
 	/* Begin module attribute processing */

www/shib13/idp/SSOService.php

@@ -157,38 +157,28 @@ if (!$session->isAuthenticated($authority) ) {
 	
 		$spentityid = $requestcache['Issuer'];
 		$spmetadata = $metadata->getMetaData($spentityid, 'shib13-sp-remote');
-
 		$sp_name = (isset($spmetadata['name']) ? $spmetadata['name'] : $spentityid);
 		
-		/*
-		 * Attribute handling
-		 */
 		$attributes = $session->getAttributes();
-		$afilter = new SimpleSAML_XML_AttributeFilter($config, $attributes);
-		$afilter->process($idpmetadata, $spmetadata);
-
-		/**
-		 * Make a log entry in the statistics for this SSO login.
-		 */
-		$tempattr = $afilter->getAttributes();
-		$realmattr = $config->getValue('statistics.realmattr', null);
-		$realmstr = 'NA';
-		if (!empty($realmattr)) {
-			if (array_key_exists($realmattr, $tempattr) && is_array($tempattr[$realmattr]) ) {
-				$realmstr = $tempattr[$realmattr][0];
-			} else {
-				SimpleSAML_Logger::warning('Could not get realm attribute to log [' . $realmattr. ']');
-			}
-		} 
-		SimpleSAML_Logger::stats('shib13-idp-SSO ' . $spentityid . ' ' . $idpentityid . ' ' . $realmstr);
 		
 		/**
-		 * Filter away attributes that are not allowed for this SP.
-		 */
-		$afilter->processFilter($idpmetadata, $spmetadata);
-		
-		$filteredattributes = $afilter->getAttributes();
-		
+		 * Make a log entry in the statistics for this SSO login.
+
+			Need to be replaced by a authproc
+			
+			$tempattr = $afilter->getAttributes();
+			$realmattr = $config->getValue('statistics.realmattr', null);
+			$realmstr = 'NA';
+			if (!empty($realmattr)) {
+				if (array_key_exists($realmattr, $tempattr) && is_array($tempattr[$realmattr]) ) {
+					$realmstr = $tempattr[$realmattr][0];
+				} else {
+					SimpleSAML_Logger::warning('Could not get realm attribute to log [' . $realmattr. ']');
+				}
+			} 
+		*/
+		SimpleSAML_Logger::stats('shib13-idp-SSO ' . $spentityid . ' ' . $idpentityid . ' NA');
+				
 
 		/* Authentication processing operations. */
 		if (array_key_exists('AuthProcState', $requestcache)) {
@@ -206,7 +196,7 @@ if (!$session->isAuthenticated($authority) ) {
 			$authProcState = array(
 				'core:shib13-idp:requestcache' => $requestcache,
 				'ReturnURL' => SimpleSAML_Utilities::selfURLNoQuery(),
-				'Attributes' => $filteredattributes,
+				'Attributes' => $attributes,
 				'Destination' => $spmetadata,
 				'Source' => $idpmetadata,
 				);
@@ -216,7 +206,7 @@ if (!$session->isAuthenticated($authority) ) {
 			$requestcache['AuthProcState'] = $authProcState;
 		}
 
-		$filteredattributes = $authProcState['Attributes'];
+		$attributes = $authProcState['Attributes'];
 
 
 		
@@ -224,7 +214,7 @@ if (!$session->isAuthenticated($authority) ) {
 		// Generating a Shibboleth 1.3 Response.
 		$ar = new SimpleSAML_XML_Shib13_AuthnResponse($config, $metadata);
 		$authnResponseXML = $ar->generate($idpentityid, $requestcache['Issuer'],
-			$requestcache['RequestID'], null, $filteredattributes);
+			$requestcache['RequestID'], null, $attributes);
 		
 		
 		#echo $authnResponseXML;

www/shib13/sp/AssertionConsumerService.php

@@ -71,7 +71,9 @@ try {
 
 	/**
 	 * Make a log entry in the statistics for this SSO login.
-	 */
+
+		Need to be replaced by a auth proc
+
 	$tempattr = $authnResponse->getAttributes();
 	$realmattr = $config->getValue('statistics.realmattr', null);
 	$realmstr = 'NA';
@@ -82,7 +84,8 @@ try {
 			SimpleSAML_Logger::warning('Could not get realm attribute to log [' . $realmattr. ']');
 		}
 	}
-	SimpleSAML_Logger::stats('shib13-sp-SSO ' . $metadata->getMetaDataCurrentEntityID('shib13-sp-hosted') . ' ' . $idpmetadata['entityid'] . ' ' . $realmstr);
+	 */
+	SimpleSAML_Logger::stats('shib13-sp-SSO ' . $metadata->getMetaDataCurrentEntityID('shib13-sp-hosted') . ' ' . $idpmetadata['entityid'] . ' NA');
 
 
 	$relayState = $authnResponse->getRelayState();