From 99f238492617c8762ffbd6a1ca4b8ce8a451fb82 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andreas=20=C3=85kre=20Solberg?= <andreas.solberg@uninett.no>
Date: Wed, 13 Feb 2008 07:14:16 +0000
Subject: [PATCH] Added support for attribute injection and attribute
convertion by the attribute attributealter. Will be documented in the
advanced feature user guide
git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@284 44740490-163a-0410-bde0-09ae8108e29a
---
docs/source/simplesamlphp-sp.xml | 2 +-
lib/SimpleSAML/XML/AttributeFilter.php | 28 ++++++++++++++++++++++++++
www/saml2/idp/SSOService.php | 18 +++++++++++++++++
www/shib13/idp/SSOService.php | 22 +++++++++++++++++---
4 files changed, 66 insertions(+), 4 deletions(-)
diff --git a/docs/source/simplesamlphp-sp.xml b/docs/source/simplesamlphp-sp.xml
index 35a05fa86..13a504ca7 100644
--- a/docs/source/simplesamlphp-sp.xml
+++ b/docs/source/simplesamlphp-sp.xml
@@ -7,7 +7,7 @@
<articleinfo>
<date>2007-10-15</date>
- <pubdate>Fri Feb 1 08:44:40 2008</pubdate>
+ <pubdate>Wed Feb 13 07:57:11 2008</pubdate>
<author>
<firstname>Andreas Ă…kre</firstname>
diff --git a/lib/SimpleSAML/XML/AttributeFilter.php b/lib/SimpleSAML/XML/AttributeFilter.php
index 23b1ea2d7..528ee5c96 100644
--- a/lib/SimpleSAML/XML/AttributeFilter.php
+++ b/lib/SimpleSAML/XML/AttributeFilter.php
@@ -38,6 +38,34 @@ class SimpleSAML_XML_AttributeFilter {
}
+ /**
+ * This function will call custom alter plugins.
+ */
+ public function alter($rule, $spentityid = null, $idpentityid = null) {
+
+ $alterfile = $this->configuration->getBaseDir() . 'attributealter/alterfunctions.php';
+ if (!file_exists($alterfile)) throw new Exception('Could not find attributemap file: ' . $alterfile);
+
+ include_once($alterfile);
+
+ $function = 'attributealter_' . $rule;
+
+ if (function_exists($function)) {
+ $function($this->attributes, $spentityid, $idpentityid);
+ } else {
+ throw new Exception('Could not find attribute alter fucntion: ' . $function);
+ }
+
+ }
+
+ private function addValue($name, $value) {
+ if (array_key_exists($name, $this->attributes)) {
+ $this->attributes[$name][] = $value;
+ } else {
+ $this->attributes[$name] = array($value);
+ }
+ }
+
public function filter($allowedattributes) {
$newattributes = array();
foreach($this->attributes AS $key => $value) {
diff --git a/www/saml2/idp/SSOService.php b/www/saml2/idp/SSOService.php
index 2bee68216..a985e3a36 100644
--- a/www/saml2/idp/SSOService.php
+++ b/www/saml2/idp/SSOService.php
@@ -186,16 +186,34 @@ if (!isset($session) || !$session->isValid($authority) ) {
/*
* Filtering attributes.
*/
+
+# print_r($session->getAttributes());
+
$ar = new SimpleSAML_XML_SAML20_AuthnResponse($config, $metadata);
$afilter = new SimpleSAML_XML_AttributeFilter($config, $session->getAttributes());
if (isset($spmetadata['attributemap'])) {
$afilter->namemap($spmetadata['attributemap']);
}
+ if (isset($idpmetadata['attributealter'])) {
+ if (!is_array($idpmetadata['attributealter']))
+ $afilter->alter($idpmetadata['attributealter']);
+ else
+ foreach($idpmetadata['attributealter'] AS $alterfunc)
+ $afilter->alter($alterfunc);
+ }
+ if (isset($spmetadata['attributealter'])) {
+ if (!is_array($spmetadata['attributealter']))
+ $afilter->alter($spmetadata['attributealter']);
+ else
+ foreach($spmetadata['attributealter'] AS $alterfunc)
+ $afilter->alter($alterfunc);
+ }
if (isset($spmetadata['attributes'])) {
$afilter->filter($spmetadata['attributes']);
}
$filteredattributes = $afilter->getAttributes();
+# print_r($filteredattributes);
//echo '<pre>before filter:' ; print_r($session->getAttributes()); echo "\n\n"; print_r($filteredattributes); echo '</pre>'; exit;
diff --git a/www/shib13/idp/SSOService.php b/www/shib13/idp/SSOService.php
index 731cdd13c..f2442c445 100644
--- a/www/shib13/idp/SSOService.php
+++ b/www/shib13/idp/SSOService.php
@@ -30,7 +30,7 @@ $session = SimpleSAML_Session::getInstance(true);
$logger = new SimpleSAML_Logger();
$idpentityid = $metadata->getMetaDataCurrentEntityID('shib13-idp-hosted');
-$idpmeta = $metadata->getMetaDataCurrent('shib13-idp-hosted');
+$idpmetadata = $metadata->getMetaDataCurrent('shib13-idp-hosted');
$requestid = null;
@@ -102,7 +102,7 @@ if (isset($_GET['shire'])) {
SimpleSAML_Utilities::fatalError($session->getTrackID(), 'SSOSERVICEPARAMS');
}
-$authority = isset($idpmeta['authority']) ? $idpmeta['authority'] : null;
+$authority = isset($idpmetadata['authority']) ? $idpmetadata['authority'] : null;
/*
* As we have passed the code above, we have an accociated request that is already processed.
@@ -116,7 +116,7 @@ $authority = isset($idpmeta['authority']) ? $idpmeta['authority'] : null;
if (!$session->isAuthenticated($authority) ) {
$relaystate = SimpleSAML_Utilities::selfURLNoQuery() . '?RequestID=' . urlencode($requestid);
- $authurl = SimpleSAML_Utilities::addURLparameter('/' . $config->getValue('baseurlpath') . $idpmeta['auth'],
+ $authurl = SimpleSAML_Utilities::addURLparameter('/' . $config->getValue('baseurlpath') . $idpmetadata['auth'],
'RelayState=' . urlencode($relaystate));
SimpleSAML_Utilities::redirect($authurl);
@@ -141,14 +141,30 @@ if (!$session->isAuthenticated($authority) ) {
* Filtering attributes.
*/
$afilter = new SimpleSAML_XML_AttributeFilter($config, $session->getAttributes());
+
if (isset($spmetadata['attributemap'])) {
$afilter->namemap($spmetadata['attributemap']);
}
+ if (isset($idpmetadata['attributealter'])) {
+ if (!is_array($idpmetadata['attributealter']))
+ $afilter->alter($idpmetadata['attributealter']);
+ else
+ foreach($idpmetadata['attributealter'] AS $alterfunc)
+ $afilter->alter($alterfunc);
+ }
+ if (isset($spmetadata['attributealter'])) {
+ if (!is_array($spmetadata['attributealter']))
+ $afilter->alter($spmetadata['attributealter']);
+ else
+ foreach($spmetadata['attributealter'] AS $alterfunc)
+ $afilter->alter($alterfunc);
+ }
if (isset($spmetadata['attributes'])) {
$afilter->filter($spmetadata['attributes']);
}
$filteredattributes = $afilter->getAttributes();
+
--
GitLab