From 850ee083b01a2a841d34a48abda6ada6338ddbc6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andreas=20=C3=85kre=20Solberg?= <andreas.solberg@uninett.no>
Date: Thu, 8 Jan 2009 15:05:39 +0000
Subject: [PATCH] Minor change to syntax on authproc parameter, and also add
support for adding authproc definitions in config.php globally. I am soon
posting a document describing this in detail
git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@1097 44740490-163a-0410-bde0-09ae8108e29a
---
lib/SimpleSAML/Auth/ProcessingChain.php | 37 +++++++++++++---------
www/saml2/idp/SSOService.php | 2 +-
www/saml2/sp/AssertionConsumerService.php | 2 +-
www/shib13/idp/SSOService.php | 2 +-
www/shib13/sp/AssertionConsumerService.php | 2 +-
5 files changed, 26 insertions(+), 19 deletions(-)
diff --git a/lib/SimpleSAML/Auth/ProcessingChain.php b/lib/SimpleSAML/Auth/ProcessingChain.php
index a3b361529..153190c20 100644
--- a/lib/SimpleSAML/Auth/ProcessingChain.php
+++ b/lib/SimpleSAML/Auth/ProcessingChain.php
@@ -46,11 +46,19 @@ class SimpleSAML_Auth_ProcessingChain {
* @param array $idpMetadata The metadata for the IdP.
* @param array $spMetadata The metadata for the SP.
*/
- public function __construct($idpMetadata, $spMetadata) {
+ public function __construct($idpMetadata, $spMetadata, $mode = 'idp') {
assert('is_array($idpMetadata)');
assert('is_array($spMetadata)');
$this->filters = array();
+
+ $config = SimpleSAML_Configuration::getInstance();
+ $configauthproc = $config->getValue('authproc.' . $mode);
+
+ if (!empty($configauthproc) && is_array($configauthproc)) {
+ $configfilters = self::parseFilterList($configauthproc);
+ self::addFilters($this->filters, $configfilters);
+ }
if (array_key_exists('authproc', $idpMetadata)) {
$idpFilters = self::parseFilterList($idpMetadata['authproc']);
@@ -109,10 +117,10 @@ class SimpleSAML_Auth_ProcessingChain {
$parsedFilters = array();
- foreach ($filterSrc as $filter) {
+ foreach ($filterSrc as $priority => $filter) {
if (is_string($filter)) {
- $filter = array($filter);
+ $filter = array('class' => $filter);
}
if (!is_array($filter)) {
@@ -120,7 +128,7 @@ class SimpleSAML_Auth_ProcessingChain {
'One of the filters wasn\'t a string or an array.');
}
- $parsedFilters[] = self::parseFilter($filter);
+ $parsedFilters[] = self::parseFilter($filter, $priority);
}
return $parsedFilters;
@@ -130,20 +138,20 @@ class SimpleSAML_Auth_ProcessingChain {
/**
* Parse an authentication processing filter.
*
- * @param array $config Array with the authentication processing filter configuration.
+ * @param array $config Array with the authentication processing filter configuration.
+ * @param int $priority The priority of the current filter, (not included in the filter
+ * definition.)
* @return SimpleSAML_Auth_ProcessingFilter The parsed filter.
*/
- private static function parseFilter($config) {
+ private static function parseFilter($config, $priority) {
assert('is_array($config)');
- if (!array_key_exists(0, $config)) {
+ if (!array_key_exists('class', $config))
throw new Exception('Authentication processing filter without name given.');
- }
-
- $className = SimpleSAML_Module::resolveClass($config[0], 'Auth_Process',
- 'SimpleSAML_Auth_ProcessingFilter');
- unset($config[0]);
+ $className = SimpleSAML_Module::resolveClass($config['class'], 'Auth_Process', 'SimpleSAML_Auth_ProcessingFilter');
+ $config['%priority'] = $priority;
+ unset($config['class']);
return new $className($config, NULL);
}
@@ -245,13 +253,12 @@ class SimpleSAML_Auth_ProcessingChain {
$uid = $state['Attributes'][$attributeName];
if (count($uid) === 0) {
- SimpleSAML_Logger::warning('Empty user id attribute \'' . $attributeName . '\'.');
+ SimpleSAML_Logger::warning('Empty user id attribute [' . $attributeName . '].');
return;
}
if (count($uid) > 1) {
- SimpleSAML_Logger::warning('Multiple attribute values for user id attribute \'' .
- $attributeName . '\'.');
+ SimpleSAML_Logger::warning('Multiple attribute values for user id attribute [' . $attributeName . '].');
}
$uid = $uid[0];
diff --git a/www/saml2/idp/SSOService.php b/www/saml2/idp/SSOService.php
index b145aa0d0..b067f9a62 100644
--- a/www/saml2/idp/SSOService.php
+++ b/www/saml2/idp/SSOService.php
@@ -285,7 +285,7 @@ if($needAuth && !$isPassive) {
} else {
/* Not processed. */
- $pc = new SimpleSAML_Auth_ProcessingChain($idpmetadata, $spmetadata);
+ $pc = new SimpleSAML_Auth_ProcessingChain($idpmetadata, $spmetadata, 'idp');
$authProcState = array(
'core:saml20-idp:requestcache' => $requestcache,
diff --git a/www/saml2/sp/AssertionConsumerService.php b/www/saml2/sp/AssertionConsumerService.php
index 5a6823069..0e75027ca 100644
--- a/www/saml2/sp/AssertionConsumerService.php
+++ b/www/saml2/sp/AssertionConsumerService.php
@@ -146,7 +146,7 @@ try {
/* Begin module attribute processing */
- $pc = new SimpleSAML_Auth_ProcessingChain($idpmetadata, $spmetadata);
+ $pc = new SimpleSAML_Auth_ProcessingChain($idpmetadata, $spmetadata, 'sp');
$authProcState = array(
'core:saml20-sp:NameID' => $authnResponse->getNameID(),
diff --git a/www/shib13/idp/SSOService.php b/www/shib13/idp/SSOService.php
index 4ec9636b4..7a5f84145 100644
--- a/www/shib13/idp/SSOService.php
+++ b/www/shib13/idp/SSOService.php
@@ -202,7 +202,7 @@ if (!$session->isAuthenticated($authority) ) {
} else {
/* Not processed. */
- $pc = new SimpleSAML_Auth_ProcessingChain($idpmetadata, $spmetadata);
+ $pc = new SimpleSAML_Auth_ProcessingChain($idpmetadata, $spmetadata, 'idp');
$authProcState = array(
'core:shib13-idp:requestcache' => $requestcache,
diff --git a/www/shib13/sp/AssertionConsumerService.php b/www/shib13/sp/AssertionConsumerService.php
index 69f56786e..0631bd06c 100644
--- a/www/shib13/sp/AssertionConsumerService.php
+++ b/www/shib13/sp/AssertionConsumerService.php
@@ -93,7 +93,7 @@ try {
$spmetadata = $metadata->getMetaData(NULL, 'shib13-sp-hosted');
/* Begin module attribute processing */
- $pc = new SimpleSAML_Auth_ProcessingChain($idpmetadata, $spmetadata);
+ $pc = new SimpleSAML_Auth_ProcessingChain($idpmetadata, $spmetadata, 'sp');
$authProcState = array(
'core:shib13-sp:NameID' => $authnResponse->getNameID(),
--
GitLab