Skip to content
Snippets Groups Projects
Commit 8d1c3d6c authored by Olav Morken's avatar Olav Morken
Browse files

consent: Allow disabling of consent from SP metadata. 

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@3044 44740490-163a-0410-bde0-09ae8108e29a
parent a1b78cf8
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
modules/consent/docs/consent.txt
+ 36
13
View file @ 8d1c3d6c
...@@ -187,26 +187,49 @@ The following options can/ be set in other places in simpleSAMLphp ...@@ -187,26 +187,49 @@ The following options can/ be set in other places in simpleSAMLphp
Disabling consent Disabling consent
----------------- -----------------
It is possible to disable consent for a given service. You can add an option Consent can be disabled either in the IdP metadata or in the SP metadata.
in the metadata on the IdP, that will disable consent for the given service. To disable consent for one or more SPs for a given IdP, add the
Add 'consent.disable' array option and enter the entityids of the services, `consent.disable`-option to the IdP metadata. To disable consent for one or
that you do not want consent for. more IdPs for a given SP, add the `consent.disable`-option to the SP metadata.
Example: ### Examples ###
Disable consent for a given IdP:
$metadata['https://idp.example.org/'] = array(
[...],
'consent.disable' => TRUE,
);
Disable consent for some SPs connected to a given IdP:
'consent.disable' => array( $metadata['https://idp.example.org/'] = array(
'sp.example.com', [...],
'sp2.example.com', 'consent.disable' => array(
... 'https://sp1.example.org/',
'https://sp2.example.org/',
),
);
Disable consent for a given SP:
$metadata['https://sp.example.org'] = array(
[...]
'consent.disable' => TRUE,
), ),
It is also possible to disable consent for all SPs for a given IdP by setting Disable consent for some IdPs for a given SP:
the 'consent.disable' option to TRUE:
'consent.disable' => TRUE, $metadata['https://sp.example.org'] = array(
[...]
'consent.disable' => array(
'https://idp1.example.org/',
'https://idp2.example.org/',
),
),
Attribute presentation Attribute presentation
---------------------- ----------------------
......
modules/consent/lib/Auth/Process/Consent.php
+ 6
2
View file @ 8d1c3d6c
...@@ -181,9 +181,13 @@ class sspmod_consent_Auth_Process_Consent extends SimpleSAML_Auth_ProcessingFilt ...@@ -181,9 +181,13 @@ class sspmod_consent_Auth_Process_Consent extends SimpleSAML_Auth_ProcessingFilt
$state['Source'] = $idpmeta; $state['Source'] = $idpmeta;
} }
// Do not use consent if disabled on source entity // Do not use consent if disabled
if (isset($state['Source']['consent.disable']) && self::checkDisable($state['Source']['consent.disable'], $spEntityId)) { if (isset($state['Source']['consent.disable']) && self::checkDisable($state['Source']['consent.disable'], $spEntityId)) {
SimpleSAML_Logger::debug('Consent: Consent disabled for entity ' . $spEntityId); SimpleSAML_Logger::debug('Consent: Consent disabled for entity ' . $spEntityId . ' with IdP ' . $idpEntityId);
return;
}
if (isset($state['Destination']['consent.disable']) && self::checkDisable($state['Destination']['consent.disable'], $idpEntityId)) {
SimpleSAML_Logger::debug('Consent: Consent disabled for entity ' . $spEntityId . ' with IdP ' . $idpEntityId);
return; return;
} }
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment