From 84ee16ae6456b5e40247d5021318bf985f535c6b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andreas=20=C3=85kre=20Solberg?= <andreas.solberg@uninett.no>
Date: Wed, 27 Feb 2008 22:11:44 +0000
Subject: [PATCH] Extracted the attribute filtering code into AttributeFilter
git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@328 44740490-163a-0410-bde0-09ae8108e29a
---
lib/SimpleSAML/XML/AttributeFilter.php | 53 ++++++++++++++++++++++++++
www/saml2/idp/SSOService.php | 46 +++-------------------
www/shib13/idp/SSOService.php | 45 ++--------------------
3 files changed, 61 insertions(+), 83 deletions(-)
diff --git a/lib/SimpleSAML/XML/AttributeFilter.php b/lib/SimpleSAML/XML/AttributeFilter.php
index b4cad0516..95803e00e 100644
--- a/lib/SimpleSAML/XML/AttributeFilter.php
+++ b/lib/SimpleSAML/XML/AttributeFilter.php
@@ -1,6 +1,7 @@
<?php
require_once('SimpleSAML/Configuration.php');
+require_once('SimpleSAML/Logger.php');
/**
* AttributeFilter is a mapping between attribute names.
@@ -19,6 +20,58 @@ class SimpleSAML_XML_AttributeFilter {
}
+ /**
+ * Will process attribute napping, and altering based on metadata.
+ */
+ public function process($idpmetadata, $spmetadata) {
+
+ if (isset($idpmetadata['attributemap'])) {
+ SimpleSAML_Logger::debug('Applying IdP specific attributemap: ' . $idpmetadata['attributemap']);
+ $this->namemap($idpmetadata['attributemap']);
+ }
+ if (isset($spmetadata['attributemap'])) {
+ SimpleSAML_Logger::debug('Applying SP specific attributemap: ' . $spmetadata['attributemap']);
+ $this->namemap($spmetadata['attributemap']);
+ }
+ if (isset($idpmetadata['attributealter'])) {
+ if (!is_array($idpmetadata['attributealter'])) {
+ SimpleSAML_Logger::debug('Applying IdP specific attribute alter: ' . $idpmetadata['attributealter']);
+ $this->alter($idpmetadata['attributealter']);
+ } else {
+ foreach($idpmetadata['attributealter'] AS $alterfunc) {
+ SimpleSAML_Logger::debug('Applying IdP specific attribute alter: ' . $alterfunc);
+ $this->alter($alterfunc);
+ }
+ }
+ }
+ if (isset($spmetadata['attributealter'])) {
+ if (!is_array($spmetadata['attributealter'])) {
+ SimpleSAML_Logger::debug('Applying SP specific attribute alter: ' . $spmetadata['attributealter']);
+ $this->alter($spmetadata['attributealter']);
+ } else {
+ foreach($spmetadata['attributealter'] AS $alterfunc) {
+ SimpleSAML_Logger::debug('Applying SP specific attribute alter: ' . $alterfunc);
+ $this->alter($alterfunc);
+ }
+ }
+ }
+
+ }
+
+ public function processFilter($idpmetadata, $spmetadata) {
+
+ /**
+ * Filter away attributes that are not allowed for this SP.
+ */
+ if (isset($spmetadata['attributes'])) {
+ SimpleSAML_Logger::debug('Applying SP specific attribute filter: ' . join(',', $spmetadata['attributes']));
+ $this->filter($spmetadata['attributes']);
+ }
+
+
+ }
+
+
public function namemap($map) {
$mapfile = $this->configuration->getPathValue('attributenamemapdir') . $map . '.php';
diff --git a/www/saml2/idp/SSOService.php b/www/saml2/idp/SSOService.php
index 8515634a6..513d215b5 100644
--- a/www/saml2/idp/SSOService.php
+++ b/www/saml2/idp/SSOService.php
@@ -187,37 +187,8 @@ if (!isset($session) || !$session->isValid($authority) ) {
* Attribute handling
*/
$afilter = new SimpleSAML_XML_AttributeFilter($config, $session->getAttributes());
- if (isset($idpmetadata['attributemap'])) {
- SimpleSAML_Logger::debug('Applying IdP specific attributemap: ' . $idpmetadata['attributemap']);
- $afilter->namemap($idpmetadata['attributemap']);
- }
- if (isset($spmetadata['attributemap'])) {
- SimpleSAML_Logger::debug('Applying SP specific attributemap: ' . $spmetadata['attributemap']);
- $afilter->namemap($spmetadata['attributemap']);
- }
- if (isset($idpmetadata['attributealter'])) {
- if (!is_array($idpmetadata['attributealter'])) {
- SimpleSAML_Logger::debug('Applying IdP specific attribute alter: ' . $idpmetadata['attributealter']);
- $afilter->alter($idpmetadata['attributealter']);
- } else {
- foreach($idpmetadata['attributealter'] AS $alterfunc) {
- SimpleSAML_Logger::debug('Applying IdP specific attribute alter: ' . $alterfunc);
- $afilter->alter($alterfunc);
- }
- }
- }
- if (isset($spmetadata['attributealter'])) {
- if (!is_array($spmetadata['attributealter'])) {
- SimpleSAML_Logger::debug('Applying SP specific attribute alter: ' . $spmetadata['attributealter']);
- $afilter->alter($spmetadata['attributealter']);
- } else {
- foreach($spmetadata['attributealter'] AS $alterfunc) {
- SimpleSAML_Logger::debug('Applying SP specific attribute alter: ' . $alterfunc);
- $afilter->alter($alterfunc);
- }
- }
- }
-
+
+ $afilter->process($idpmetadata, $spmetadata);
/**
* Make a log entry in the statistics for this SSO login.
*/
@@ -233,18 +204,11 @@ if (!isset($session) || !$session->isValid($authority) ) {
}
SimpleSAML_Logger::stats('saml20-idp-SSO ' . $spentityid . ' ' . $idpentityid . ' ' . $realmstr);
- /**
- * Filter away attributes that are not allowed for this SP.
- */
- if (isset($spmetadata['attributes'])) {
- SimpleSAML_Logger::debug('Applying SP specific attribute filter: ' . join(',', $spmetadata['attributes']));
- $afilter->filter($spmetadata['attributes']);
- }
- $filteredattributes = $afilter->getAttributes();
-
-
+ $afilter->processFilter($idpmetadata, $spmetadata);
+ $filteredattributes = $afilter->getAttributes();
+
// Generate an SAML 2.0 AuthNResponse message
$ar = new SimpleSAML_XML_SAML20_AuthnResponse($config, $metadata);
diff --git a/www/shib13/idp/SSOService.php b/www/shib13/idp/SSOService.php
index 15216908a..4142cf479 100644
--- a/www/shib13/idp/SSOService.php
+++ b/www/shib13/idp/SSOService.php
@@ -135,50 +135,15 @@ if (!$session->isAuthenticated($authority) ) {
try {
- //$session->add_sp_session($authnrequest->getIssuer());
-
-
- //$session->setAttribute('eduPersonAffiliation', array('student'));
-
$spentityid = $requestcache['Issuer'];
$spmetadata = $metadata->getMetaData($spentityid, 'shib13-sp-remote');
-
/*
* Attribute handling
*/
$afilter = new SimpleSAML_XML_AttributeFilter($config, $session->getAttributes());
- if (isset($idpmetadata['attributemap'])) {
- SimpleSAML_Logger::debug('Applying IdP specific attributemap: ' . $idpmetadata['attributemap']);
- $afilter->namemap($idpmetadata['attributemap']);
- }
- if (isset($spmetadata['attributemap'])) {
- SimpleSAML_Logger::debug('Applying SP specific attributemap: ' . $spmetadata['attributemap']);
- $afilter->namemap($spmetadata['attributemap']);
- }
- if (isset($idpmetadata['attributealter'])) {
- if (!is_array($idpmetadata['attributealter'])) {
- SimpleSAML_Logger::debug('Applying IdP specific attribute alter: ' . $idpmetadata['attributealter']);
- $afilter->alter($idpmetadata['attributealter']);
- } else {
- foreach($idpmetadata['attributealter'] AS $alterfunc) {
- SimpleSAML_Logger::debug('Applying IdP specific attribute alter: ' . $alterfunc);
- $afilter->alter($alterfunc);
- }
- }
- }
- if (isset($spmetadata['attributealter'])) {
- if (!is_array($spmetadata['attributealter'])) {
- SimpleSAML_Logger::debug('Applying SP specific attribute alter: ' . $spmetadata['attributealter']);
- $afilter->alter($spmetadata['attributealter']);
- } else {
- foreach($spmetadata['attributealter'] AS $alterfunc) {
- SimpleSAML_Logger::debug('Applying SP specific attribute alter: ' . $alterfunc);
- $afilter->alter($alterfunc);
- }
- }
- }
+ $afilter->process($idpmetadata, $spmetadata);
/**
* Make a log entry in the statistics for this SSO login.
@@ -198,15 +163,11 @@ if (!$session->isAuthenticated($authority) ) {
/**
* Filter away attributes that are not allowed for this SP.
*/
- if (isset($spmetadata['attributes'])) {
- SimpleSAML_Logger::debug('Applying SP specific attribute filter: ' . join(',', $spmetadata['attributes']));
- $afilter->filter($spmetadata['attributes']);
- }
+ $afilter->processFilter($idpmetadata, $spmetadata);
+
$filteredattributes = $afilter->getAttributes();
-
-
// Generating a Shibboleth 1.3 Response.
$ar = new SimpleSAML_XML_Shib13_AuthnResponse($config, $metadata);
$authnResponseXML = $ar->generate($idpentityid, $requestcache['Issuer'],
--
GitLab