From d4da9a35647517c574e5c8439d99bd981dbc7aa1 Mon Sep 17 00:00:00 2001
From: Olav Morken <olav.morken@uninett.no>
Date: Mon, 8 Feb 2010 09:13:18 +0000
Subject: [PATCH] saml: Add AttributeConsumingService to generated metadata.
git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2164 44740490-163a-0410-bde0-09ae8108e29a
---
modules/saml/docs/sp.txt | 22 ++++++++++++++++++++--
modules/saml/www/sp/metadata.php | 14 ++++++++++++++
2 files changed, 34 insertions(+), 2 deletions(-)
diff --git a/modules/saml/docs/sp.txt b/modules/saml/docs/sp.txt
index 3d1f382b7..3d0c55aea 100644
--- a/modules/saml/docs/sp.txt
+++ b/modules/saml/docs/sp.txt
@@ -102,6 +102,18 @@ Options
: *Note*: SAML 2 specific.
+`attributes`
+: List of attributes this SP requests from the IdP.
+ This list will be added to the generated metadata.
+
+: The attributes will be added without a `NameFormat` by default.
+ Use the `attributes.NameFormat` option to specify the `NameFormat` for the attributes.
+
+: *Note*: This list will only be added to the metadata if the `name`-option is also specified.
+
+`attributes.NameFormat`
+: The `NameFormat` for the requested attributes.
+
`AuthnContextClassRef`
: The SP can request authentication with a specific authentication context class.
One example of usage could be if the IdP supports both username/password authentication as well as software-PKI.
@@ -115,7 +127,8 @@ Options
: File name of certificate for this SP. This certificate will be included in generated metadata.
`description`
-: A description of this SP. Will be added to the generated metadata.
+: A description of this SP.
+ Will be added to the generated metadata, in an AttributeConsumingService element.
: This option can be translated into multiple languages by specifying the value as an array of language-code to translated description:
@@ -124,6 +137,8 @@ Options
'no' => 'En tjeneste',
),
+: *Note*: For this to be added to the metadata, you must also specify the `attributes` and `name` options.
+
`discoURL`
: Set which IdP discovery service this SP should use.
If this is unset, the IdP discovery service specified in the global option `idpdisco.url.{saml20|shib13}` in `config/config.php` will be used.
@@ -152,7 +167,8 @@ Options
: *Note*: SAML 2 specific.
`name`
-: The name of this SP. Will be added to the generated metadata.
+: The name of this SP.
+ Will be added to the generated metadata, in an AttributeConsumingService element.
: This option can be translated into multiple languages by specifying the value as an array of language-code to translated name:
@@ -161,6 +177,8 @@ Options
'no' => 'En tjeneste',
),
+: *Note*: You must also specify at least one attribute in the `attributes` option for this element to be added to the metadata.
+
`NameIDPolicy`
: The format of the NameID we request from the IdP.
Defaults to the transient format if unspecified.
diff --git a/modules/saml/www/sp/metadata.php b/modules/saml/www/sp/metadata.php
index f228a9bb3..8e0761598 100644
--- a/modules/saml/www/sp/metadata.php
+++ b/modules/saml/www/sp/metadata.php
@@ -71,7 +71,21 @@ if ($certInfo !== NULL && array_key_exists('certData', $certInfo)) {
$metaArray20['certData'] = $certData;
}
+$name = $spconfig->getLocalizedString('name', NULL);
+$attributes = $spconfig->getArray('attributes', array());
+if ($name !== NULL && !empty($attributes)) {
+ /* We have everything necessary to add an AttributeConsumingService. */
+ $metaArray20['name'] = $name;
+
+ $description = $spconfig->getLocalizedString('description', NULL);
+ if ($description !== NULL) {
+ $metaArray20['description'] = $description;
+ }
+
+ $metaArray20['attributes'] = $attributes;
+ $metaArray20['attributes.NameFormat'] = $spconfig->getString('attributes.NameFormat', SAML2_Const::NAMEFORMAT_UNSPECIFIED);
+}
$metaBuilder = new SimpleSAML_Metadata_SAMLBuilder($entityId);
$metaBuilder->addMetadataSP11($metaArray11);
--
GitLab