Skip to content
Snippets Groups Projects
Commit d145cb7b authored by Jaime Perez Crespo's avatar Jaime Perez Crespo
Browse files

Add a 'hide.from.discovery' configuration option for remote IdP metadata. This... 

Add a 'hide.from.discovery' configuration option for remote IdP metadata. This allows to hide an IdP from the discovery service. Defaults to false, so every IdP in the metadata that doesn't have this option set to true will be listed.
parent 9ccb23dd
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
docs/simplesamlphp-reference-idp-remote.txt
+ 3
0
View file @ d145cb7b
...@@ -111,6 +111,9 @@ The following SAML 2.0 options are available: ...@@ -111,6 +111,9 @@ The following SAML 2.0 options are available:
discouraged to do so. For your own safety, please include the string 'http://www.w3.org/2001/04/xmlenc#rsa-1_5' if discouraged to do so. For your own safety, please include the string 'http://www.w3.org/2001/04/xmlenc#rsa-1_5' if
you make use of this option. you make use of this option.
`hide.from.discovery`
: Whether to hide hide this IdP from the local discovery or not. Set to true to hide it. Defaults to false.
`nameid.encryption` `nameid.encryption`
: Whether NameIDs sent to this IdP should be encrypted. The default : Whether NameIDs sent to this IdP should be encrypted. The default
value is `FALSE`. value is `FALSE`.
......
lib/SimpleSAML/XHTML/IdPDisco.php
+ 25
1
View file @ d145cb7b
...@@ -448,7 +448,30 @@ class SimpleSAML_XHTML_IdPDisco { ...@@ -448,7 +448,30 @@ class SimpleSAML_XHTML_IdPDisco {
protected function getScopedIDPList() { protected function getScopedIDPList() {
return $this->scopedIDPList; return $this->scopedIDPList;
} }
/**
* Filter the list of IdPs.
*
* This method returns the IdPs that comply with the following conditions:
* - The IdP does not have the 'hide.from.discovery' configuration option.
*
* @param array $list An associative array containing metadata for the IdPs to apply the filtering to.
*
* @return array An associative array containing metadata for the IdPs that were not filtered out.
*/
protected function filter($list)
{
foreach ($list as $entity => $metadata) {
if (array_key_exists('hide.from.discovery', $metadata) && $metadata['hide.from.discovery'] === true) {
unset($list[$entity]);
}
}
return $list;
}
/** /**
* Handles a request to this discovery service. * Handles a request to this discovery service.
* *
...@@ -487,6 +510,7 @@ class SimpleSAML_XHTML_IdPDisco { ...@@ -487,6 +510,7 @@ class SimpleSAML_XHTML_IdPDisco {
/* No choice made. Show discovery service page. */ /* No choice made. Show discovery service page. */
$idpList = $this->getIdPList(); $idpList = $this->getIdPList();
$idpList = $this->filter($idpList);
$preferredIdP = $this->getRecommendedIdP(); $preferredIdP = $this->getRecommendedIdP();
$idpintersection = array_intersect(array_keys($idpList), $this->getScopedIDPList()); $idpintersection = array_intersect(array_keys($idpList), $this->getScopedIDPList());
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment