From 6c1b48dbc8194d92c00a51ce1b5306b981920b9d Mon Sep 17 00:00:00 2001
From: Olav Morken <olav.morken@uninett.no>
Date: Fri, 12 Feb 2010 08:35:23 +0000
Subject: [PATCH] Add RequestedAttributes to generated metadata.
Fixes issue 228.
git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2175 44740490-163a-0410-bde0-09ae8108e29a
---
docs/simplesamlphp-reference-sp-hosted.txt | 27 +++++++++++++---------
www/saml2/sp/metadata.php | 6 +++++
www/shib13/sp/metadata.php | 6 +++++
3 files changed, 28 insertions(+), 11 deletions(-)
diff --git a/docs/simplesamlphp-reference-sp-hosted.txt b/docs/simplesamlphp-reference-sp-hosted.txt
index f6c0a913e..fd47918d0 100644
--- a/docs/simplesamlphp-reference-sp-hosted.txt
+++ b/docs/simplesamlphp-reference-sp-hosted.txt
@@ -28,6 +28,18 @@ Common options
: Note that this only changes the values in the generated metadata and in the messages sent to others. You must also configure your webserver to deliver this URL to the correct PHP page.
+`attributes`
+: List of attributes this SP requests from the IdP.
+ This list will be added to the generated metadata.
+
+: The attributes will be added without a `NameFormat` by default.
+ Use the `attributes.NameFormat` option to specify the `NameFormat` for the attributes.
+
+: *Note*: This list will only be added to the metadata if the `name`-option is also specified.
+
+`attributes.NameFormat`
+: The `NameFormat` for the requested attributes.
+
`authproc`
: Used to manipulate attributes, and limit access for each SP. See the [authentication processing filter manual](http://rnd.feide.no/content/authentication-processing-filters-simplesamlphp).
@@ -47,6 +59,8 @@ Common options
'no' => 'En tjeneste',
),
+: *Note*: For this to be added to the metadata, you must also specify the `attributes` and `name` options.
+
`host`
: The hostname for this SP. One SP can also have the `host`-option set to `__DEFAULT__`, and that SP will be used when no other entries in the metadata matches.
@@ -92,23 +106,14 @@ Common options
'no' => 'En tjeneste',
),
+: *Note*: You must also specify at least one attribute in the `attributes` option for this element to be added to the metadata.
+
`NameIDFormat`
: Override the default NameIDFormat in the generated metadata and in the authentication request.
: The default value for SAML 2.0 is `urn:oasis:names:tc:SAML:2.0:nameid-format:transient`, while the default for Shibboleth 1.3 is `urn:mace:shibboleth:1.0:nameIdentifier`. If you set the value to `NULL`, the `samlp:NameIDPolicy` element is removed from the authentication request.
-`url`
-: A URL to your service provider. Will be added as a OrganizationURL-element in the metadata.
-
-: This option can be translated into multiple languages by specifying the value as an array of language-code to language-specific URL:
-
- 'url' => array(
- 'en' => 'http://sp.example.net/en/info.html',
- 'no' => 'http://sp.example.net/no/info.html',
- ),
-
-
SAML 2.0 options
----------------
diff --git a/www/saml2/sp/metadata.php b/www/saml2/sp/metadata.php
index f2d29914f..08034ec38 100644
--- a/www/saml2/sp/metadata.php
+++ b/www/saml2/sp/metadata.php
@@ -51,6 +51,12 @@ try {
}
+ if (array_key_exists('attributes', $spmeta)) {
+ $metaArray['attributes'] = $spmeta['attributes'];
+ }
+ if (array_key_exists('attributes.NameFormat', $spmeta)) {
+ $metaArray['attributes.NameFormat'] = $spmeta['attributes.NameFormat'];
+ }
if (array_key_exists('name', $spmeta)) {
$metaArray['name'] = $spmeta['name'];
}
diff --git a/www/shib13/sp/metadata.php b/www/shib13/sp/metadata.php
index 111e95062..bc86f9540 100644
--- a/www/shib13/sp/metadata.php
+++ b/www/shib13/sp/metadata.php
@@ -55,6 +55,12 @@ try {
$metaArray['OrganizationURL'] = $spmeta['OrganizationURL'];
}
+ if (array_key_exists('attributes', $spmeta)) {
+ $metaArray['attributes'] = $spmeta['attributes'];
+ }
+ if (array_key_exists('attributes.NameFormat', $spmeta)) {
+ $metaArray['attributes.NameFormat'] = $spmeta['attributes.NameFormat'];
+ }
if (array_key_exists('name', $spmeta)) {
$metaArray['name'] = $spmeta['name'];
}
--
GitLab