Skip to content
Snippets Groups Projects
Commit 987bde41 authored by Andreas Åkre Solberg's avatar Andreas Åkre Solberg
Browse files

Implementing attributemapping and attribute filtering

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@40 44740490-163a-0410-bde0-09ae8108e29a
parent eb76ac0c
Branches
Tags
No related merge requests found
<?php
$attributemap = array(
'mobile' => 'urn:mace:dir:attribute-def:mobile'
);
/*
ShibMapAttribute urn:mace:dir:attribute-def:sn Shib-LDAP-Surname surname
ShibMapAttribute urn:mace:dir:attribute-def:telephoneNumber Shib-LDAP-telephoneNumber telephoneNumber
ShibMapAttribute urn:mace:dir:attribute-def:facsimileTelephoneNumber Shib-LDAP-facsimileTelephoneNumber facsimileTelephoneNumber
ShibMapAttribute urn:mace:dir:attribute-def:postalAddress Shib-LDAP-postalAddress postalAddress
ShibMapAttribute urn:mace:dir:attribute-def:givenName Shib-LDAP-givenName givenName
ShibMapAttribute urn:mace:dir:attribute-def:homePhone Shib-LDAP-homePhone homePhone
ShibMapAttribute urn:mace:dir:attribute-def:homePostalAddress Shib-LDAP-homePostalAddress homePostalAddress
ShibMapAttribute urn:mace:dir:attribute-def:mail Shib-LDAP-mail mail
ShibMapAttribute urn:mace:dir:attribute-def:mobile Shib-LDAP-mobile mobile
ShibMapAttribute urn:mace:dir:attribute-def:preferredLanguage Shib-LDAP-preferredLanguage preferredLanguage
#
ShibMapAttribute urn:mace:dir:attribute-def:eduPersonPrincipalName Shib-EP-PrincipalName eppn
ShibMapAttribute urn:mace:dir:attribute-def:eduPersonAffiliation Shib-EP-Affiliation affiliation
ShibMapAttribute urn:mace:dir:attribute-def:eduPersonScopedAffiliation Shib-EP-ScopedAffiliation scopedAffiliation
ShibMapAttribute urn:mace:dir:attribute-def:eduPersonEntitlement Shib-EP-Entitlement entitlement
ShibMapAttribute urn:mace:dir:attribute-def:eduPersonOrgDN Shib-EP-OrgDN orgDN
ShibMapAttribute urn:mace:dir:attribute-def:eduPersonOrgUnitDN Shib-EP-OrgUnitDN orgUnitDN
#
ShibMapAttribute urn:mace:switch.ch:attribute-def:swissEduPersonUniqueID Shib-SwissEP-UniqueID uniqueID
ShibMapAttribute urn:mace:switch.ch:attribute-def:swissEduPersonDateOfBirth Shib-SwissEP-DateOfBirth dateOfBirth
ShibMapAttribute urn:mace:switch.ch:attribute-def:swissEduPersonGender Shib-SwissEP-Gender gender
ShibMapAttribute urn:mace:switch.ch:attribute-def:swissEduPersonHomeOrganization Shib-SwissEP-HomeOrganization homeOrganization
ShibMapAttribute urn:mace:switch.ch:attribute-def:swissEduPersonHomeOrganizationType Shib-SwissEP-HomeOrganizationType homeOrganizationType
ShibMapAttribute urn:mace:switch.ch:attribute-def:swissEduPersonStudyBranch1 Shib-SwissEP-StudyBranch1 studyBranch1
ShibMapAttribute urn:mace:switch.ch:attribute-def:swissEduPersonStudyBranch2 Shib-SwissEP-StudyBranch2 studyBranch2
ShibMapAttribute urn:mace:switch.ch:attribute-def:swissEduPersonStudyBranch3 Shib-SwissEP-StudyBranch3 studyBranch3
ShibMapAttribute urn:mace:switch.ch:attribute-def:swissEduPersonStudyLevel Shib-SwissEP-StudyLevel studyLevel
ShibMapAttribute urn:mace:switch.ch:attribute-def:swissEduPersonStaffCategory Shib-SwissEP-StaffCategory staffCategory
*/
?>
\ No newline at end of file
...@@ -15,6 +15,7 @@ $config = array ( ...@@ -15,6 +15,7 @@ $config = array (
'baseurlpath' => 'simplesaml/', 'baseurlpath' => 'simplesaml/',
'templatedir' => 'templates/', 'templatedir' => 'templates/',
'metadatadir' => 'metadata/', 'metadatadir' => 'metadata/',
'attributenamemapdir' => 'attributemap/',
/* /*
* If you set the debug parameter to true, all SAML messages will be visible in the * If you set the debug parameter to true, all SAML messages will be visible in the
...@@ -29,6 +30,9 @@ $config = array ( ...@@ -29,6 +30,9 @@ $config = array (
*/ */
'session.duration' => 8 * (60*60), // 8 hours. 'session.duration' => 8 * (60*60), // 8 hours.
'language.available' => array('en', 'no'),
'language.default' => 'en',
/* /*
* Default IdPs. If you do not enter an idpentityid in the SSO initialization endpoints, * Default IdPs. If you do not enter an idpentityid in the SSO initialization endpoints,
* the default IdP configured here will be used. * the default IdP configured here will be used.
......
...@@ -2,9 +2,7 @@ ...@@ -2,9 +2,7 @@
/** /**
* SimpleSAMLphp * simpleSAMLphp
*
* PHP versions 4 and 5
* *
* LICENSE: See the COPYING file included in this distribution. * LICENSE: See the COPYING file included in this distribution.
* *
...@@ -20,6 +18,7 @@ class SimpleSAML_XHTML_Template { ...@@ -20,6 +18,7 @@ class SimpleSAML_XHTML_Template {
private $configuration = null; private $configuration = null;
private $template = 'default.php'; private $template = 'default.php';
private $language = null;
public $data = null; public $data = null;
...@@ -30,13 +29,80 @@ class SimpleSAML_XHTML_Template { ...@@ -30,13 +29,80 @@ class SimpleSAML_XHTML_Template {
$this->data['baseurlpath'] = $this->configuration->getValue('baseurlpath'); $this->data['baseurlpath'] = $this->configuration->getValue('baseurlpath');
} }
public function setLanguage($language) {
$this->language = $language;
setcookie('language', $language);
}
public function getLanguage() {
if (isset($this->language)) {
return $this->language;
} else if (isset($_GET['language'])) {
$this->setLanguage($_GET['language']);
} else if (isset($_COOKIE['language'])) {
$this->language = $_COOKIE['language'];
} else {
return $this->configuration->getValue('language.default');
}
return $this->language;
}
private function getLanguageList() {
$availableLanguages = $this->configuration->getValue('language.available');
$thisLang = $this->getLanguage();
$lang = array();
foreach ($availableLanguages AS $nl) {
$lang[$nl] = ($nl == $thisLang);
}
return $lang;
}
private function includeAtTemplateBase($file) {
$filebase = $this->configuration->getValue('basedir') . $this->configuration->getValue('templatedir');
include($filebase . $file);
}
private function includeAtLanguageBase($file) {
$filebase = $this->configuration->getValue('basedir') . $this->configuration->getValue('templatedir') . $this->getLanguage() . '/' ;
include($filebase . $file);
}
public function show() { public function show() {
$data = $this->data; $data = $this->data;
$filename = $this->configuration->getValue('basedir') . '/' . $filename = $this->configuration->getValue('basedir') . $this->configuration->getValue('templatedir') . $this->getLanguage() . '/' .
$this->configuration->getValue('templatedir') . '/' . $this->template; $this->template;
if (!file_exists($filename)) { if (!file_exists($filename)) {
throw new Exception('Could not find template file [' . $this->template . '] at [' . $filename . ']');
// echo 'Could not find template file [' . $this->template . '] at [' . $filename . ']';
// exit(0);
$filename = $this->configuration->getValue('basedir') . $this->configuration->getValue('templatedir') .
$this->configuration->getValue('language.default') . '/' . $this->template;
if (!file_exists($filename)) {
echo 'Could not find template file [' . $this->template . '] at [' . $filename . ']';
exit(0);
throw new Exception('Could not find template file [' . $this->template . '] at [' . $filename . ']');
}
} }
require_once($filename); require_once($filename);
} }
......
<?php
/**
* SimpleSAMLphp
*
* LICENSE: See the COPYING file included in this distribution.
*
* @author Andreas Åkre Solberg, UNINETT AS. <andreas.solberg@uninett.no>
*/
require_once('SimpleSAML/Configuration.php');
//require_once('SimpleSAML/Utilities.php');
/**
* Configuration of SimpleSAMLphp
*/
class SimpleSAML_XML_AttributeFilter {
private $attributes = null;
function __construct(SimpleSAML_Configuration $configuration, $attributes) {
$this->configuration = $configuration;
$this->attributes = $attributes;
}
public function namemap($map) {
$mapfile = $this->configuration->getValue('basedir') . $this->configuration->getValue('attributenamemapdir') . $map . '.php';
if (!file_exists($mapfile)) throw new Exception('Could not find attributemap file: ' . $mapfile);
include($mapfile);
$newattributes = array();
foreach ($this->attributes AS $a => $value) {
if (isset($attributemap[$a])) {
$newattributes[$attributemap[$a]] = $value;
} else {
$newattributes[$a] = $value;
}
}
$this->attributes = $newattributes;
}
public function filter($allowedattributes) {
$newattributes = array();
foreach($this->attributes AS $key => $value) {
if (in_array($key, $allowedattributes)) {
$newattributes[$key] = $value;
}
}
$this->attributes = $newattributes;
}
public function getAttributes() {
return $this->attributes;
}
}
?>
\ No newline at end of file
...@@ -7,6 +7,7 @@ require_once('../../../www/_include.php'); ...@@ -7,6 +7,7 @@ require_once('../../../www/_include.php');
require_once('SimpleSAML/Utilities.php'); require_once('SimpleSAML/Utilities.php');
require_once('SimpleSAML/Session.php'); require_once('SimpleSAML/Session.php');
require_once('SimpleSAML/XML/MetaDataStore.php'); require_once('SimpleSAML/XML/MetaDataStore.php');
require_once('SimpleSAML/XML/AttributeFilter.php');
require_once('SimpleSAML/XML/SAML20/AuthnRequest.php'); require_once('SimpleSAML/XML/SAML20/AuthnRequest.php');
require_once('SimpleSAML/XML/SAML20/AuthnResponse.php'); require_once('SimpleSAML/XML/SAML20/AuthnResponse.php');
require_once('SimpleSAML/Bindings/SAML20/HTTPRedirect.php'); require_once('SimpleSAML/Bindings/SAML20/HTTPRedirect.php');
...@@ -107,9 +108,11 @@ if (!$session->isAuthenticated() ) { ...@@ -107,9 +108,11 @@ if (!$session->isAuthenticated() ) {
$spentityid = $authnrequest->getIssuer(); $spentityid = $authnrequest->getIssuer();
//$spmetadata = $metadata->getMetaData($spentityid, 'saml20-sp-remote'); $spmetadata = $metadata->getMetaData($spentityid, 'saml20-sp-remote');
/*
* Dealing with attribute release consent.
*/
if ($idpmeta['requireconsent']) { if ($idpmeta['requireconsent']) {
...@@ -127,24 +130,34 @@ if (!$session->isAuthenticated() ) { ...@@ -127,24 +130,34 @@ if (!$session->isAuthenticated() ) {
} }
// Adding this service provider to the list of sessions.
$session->add_sp_session($spentityid); $session->add_sp_session($spentityid);
/*
* Filtering attributes.
*/
$ar = new SimpleSAML_XML_SAML20_AuthnResponse($config, $metadata); $ar = new SimpleSAML_XML_SAML20_AuthnResponse($config, $metadata);
$authnResponseXML = $ar->generate($idpentityid, $spentityid, $afilter = new SimpleSAML_XML_AttributeFilter($config, $session->getAttributes());
$requestid, null, $session->getAttributes()); if (isset($spmetadata['attributemap'])) {
$afilter->namemap($spmetadata['attributemap']);
#echo $authnResponseXML; }
#print_r($session); if (isset($spmetadata['attributes'])) {
$afilter->filter($spmetadata['attributes']);
}
$filteredattributes = $afilter->getAttributes();
//sendResponse($response, $idpentityid, $spentityid, $relayState = null) { // Generate an SAML 2.0 AuthNResponse message
$authnResponseXML = $ar->generate($idpentityid, $spentityid,
$requestid, null, $filteredattributes);
// Sending the AuthNResponse using HTTP-Post SAML 2.0 binding
$httppost = new SimpleSAML_Bindings_SAML20_HTTPPost($config, $metadata); $httppost = new SimpleSAML_Bindings_SAML20_HTTPPost($config, $metadata);
//echo 'Relaystate[' . $authnrequest->getRelayState() . ']';
$httppost->sendResponse($authnResponseXML, $httppost->sendResponse($authnResponseXML,
$idpentityid, $authnrequest->getIssuer(), $authnrequest->getRelayState()); $idpentityid, $authnrequest->getIssuer(), $authnrequest->getRelayState());
} catch(Exception $exception) { } catch(Exception $exception) {
$et = new SimpleSAML_XHTML_Template($config, 'error.php'); $et = new SimpleSAML_XHTML_Template($config, 'error.php');
......
...@@ -77,7 +77,7 @@ if (!isset($session) || !$session->isValid() ) { ...@@ -77,7 +77,7 @@ if (!isset($session) || !$session->isValid() ) {
} else { } else {
$relaystate = $session->getRelayState(); $relaystate = $_GET['RelayState'];
if (isset($relaystate) && !empty($relaystate)) { if (isset($relaystate) && !empty($relaystate)) {
header('Location: ' . $relaystate ); header('Location: ' . $relaystate );
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment