diff --git a/docs/source/simplesamlphp-sp.xml b/docs/source/simplesamlphp-sp.xml index 35a05fa867af86dfd98b9928eac481504f29ab54..13a504ca7cafc3a6a0f697f7c170ece12ca8abdd 100644 --- a/docs/source/simplesamlphp-sp.xml +++ b/docs/source/simplesamlphp-sp.xml @@ -7,7 +7,7 @@ <articleinfo> <date>2007-10-15</date> - <pubdate>Fri Feb 1 08:44:40 2008</pubdate> + <pubdate>Wed Feb 13 07:57:11 2008</pubdate> <author> <firstname>Andreas Ă…kre</firstname> diff --git a/lib/SimpleSAML/XML/AttributeFilter.php b/lib/SimpleSAML/XML/AttributeFilter.php index 23b1ea2d7a7da0843bfbd9a848acd077e94895ff..528ee5c96a2be87db06596242fd741d3b3eed840 100644 --- a/lib/SimpleSAML/XML/AttributeFilter.php +++ b/lib/SimpleSAML/XML/AttributeFilter.php @@ -38,6 +38,34 @@ class SimpleSAML_XML_AttributeFilter { } + /** + * This function will call custom alter plugins. + */ + public function alter($rule, $spentityid = null, $idpentityid = null) { + + $alterfile = $this->configuration->getBaseDir() . 'attributealter/alterfunctions.php'; + if (!file_exists($alterfile)) throw new Exception('Could not find attributemap file: ' . $alterfile); + + include_once($alterfile); + + $function = 'attributealter_' . $rule; + + if (function_exists($function)) { + $function($this->attributes, $spentityid, $idpentityid); + } else { + throw new Exception('Could not find attribute alter fucntion: ' . $function); + } + + } + + private function addValue($name, $value) { + if (array_key_exists($name, $this->attributes)) { + $this->attributes[$name][] = $value; + } else { + $this->attributes[$name] = array($value); + } + } + public function filter($allowedattributes) { $newattributes = array(); foreach($this->attributes AS $key => $value) { diff --git a/www/saml2/idp/SSOService.php b/www/saml2/idp/SSOService.php index 2bee682168d6969be737a4563b2f2be1c63a528c..a985e3a369788a531914fec0ad6155ec3a58bf59 100644 --- a/www/saml2/idp/SSOService.php +++ b/www/saml2/idp/SSOService.php @@ -186,16 +186,34 @@ if (!isset($session) || !$session->isValid($authority) ) { /* * Filtering attributes. */ + +# print_r($session->getAttributes()); + $ar = new SimpleSAML_XML_SAML20_AuthnResponse($config, $metadata); $afilter = new SimpleSAML_XML_AttributeFilter($config, $session->getAttributes()); if (isset($spmetadata['attributemap'])) { $afilter->namemap($spmetadata['attributemap']); } + if (isset($idpmetadata['attributealter'])) { + if (!is_array($idpmetadata['attributealter'])) + $afilter->alter($idpmetadata['attributealter']); + else + foreach($idpmetadata['attributealter'] AS $alterfunc) + $afilter->alter($alterfunc); + } + if (isset($spmetadata['attributealter'])) { + if (!is_array($spmetadata['attributealter'])) + $afilter->alter($spmetadata['attributealter']); + else + foreach($spmetadata['attributealter'] AS $alterfunc) + $afilter->alter($alterfunc); + } if (isset($spmetadata['attributes'])) { $afilter->filter($spmetadata['attributes']); } $filteredattributes = $afilter->getAttributes(); +# print_r($filteredattributes); //echo '<pre>before filter:' ; print_r($session->getAttributes()); echo "\n\n"; print_r($filteredattributes); echo '</pre>'; exit; diff --git a/www/shib13/idp/SSOService.php b/www/shib13/idp/SSOService.php index 731cdd13c8893a649429f26e129e6d1b03185cb7..f2442c44560d18c16d642bd5b196801d7bbd1b96 100644 --- a/www/shib13/idp/SSOService.php +++ b/www/shib13/idp/SSOService.php @@ -30,7 +30,7 @@ $session = SimpleSAML_Session::getInstance(true); $logger = new SimpleSAML_Logger(); $idpentityid = $metadata->getMetaDataCurrentEntityID('shib13-idp-hosted'); -$idpmeta = $metadata->getMetaDataCurrent('shib13-idp-hosted'); +$idpmetadata = $metadata->getMetaDataCurrent('shib13-idp-hosted'); $requestid = null; @@ -102,7 +102,7 @@ if (isset($_GET['shire'])) { SimpleSAML_Utilities::fatalError($session->getTrackID(), 'SSOSERVICEPARAMS'); } -$authority = isset($idpmeta['authority']) ? $idpmeta['authority'] : null; +$authority = isset($idpmetadata['authority']) ? $idpmetadata['authority'] : null; /* * As we have passed the code above, we have an accociated request that is already processed. @@ -116,7 +116,7 @@ $authority = isset($idpmeta['authority']) ? $idpmeta['authority'] : null; if (!$session->isAuthenticated($authority) ) { $relaystate = SimpleSAML_Utilities::selfURLNoQuery() . '?RequestID=' . urlencode($requestid); - $authurl = SimpleSAML_Utilities::addURLparameter('/' . $config->getValue('baseurlpath') . $idpmeta['auth'], + $authurl = SimpleSAML_Utilities::addURLparameter('/' . $config->getValue('baseurlpath') . $idpmetadata['auth'], 'RelayState=' . urlencode($relaystate)); SimpleSAML_Utilities::redirect($authurl); @@ -141,14 +141,30 @@ if (!$session->isAuthenticated($authority) ) { * Filtering attributes. */ $afilter = new SimpleSAML_XML_AttributeFilter($config, $session->getAttributes()); + if (isset($spmetadata['attributemap'])) { $afilter->namemap($spmetadata['attributemap']); } + if (isset($idpmetadata['attributealter'])) { + if (!is_array($idpmetadata['attributealter'])) + $afilter->alter($idpmetadata['attributealter']); + else + foreach($idpmetadata['attributealter'] AS $alterfunc) + $afilter->alter($alterfunc); + } + if (isset($spmetadata['attributealter'])) { + if (!is_array($spmetadata['attributealter'])) + $afilter->alter($spmetadata['attributealter']); + else + foreach($spmetadata['attributealter'] AS $alterfunc) + $afilter->alter($alterfunc); + } if (isset($spmetadata['attributes'])) { $afilter->filter($spmetadata['attributes']); } $filteredattributes = $afilter->getAttributes(); +