Implementing attributemapping and attribute filtering
git-svn-id: http://simplesamlphp.googlecode.com/svn/trunk@40 44740490-163a-0410-bde0-09ae8108e29a
This commit is contained in:
andreassolberg
parent
fea3690b15
commit
5b5c2d032e
|
|
@ -0,0 +1,40 @@
|
|||
<?php
|
||||
|
||||
$attributemap = array(
|
||||
'mobile' => 'urn:mace:dir:attribute-def:mobile'
|
||||
);
|
||||
|
||||
/*
|
||||
|
||||
ShibMapAttribute urn:mace:dir:attribute-def:sn Shib-LDAP-Surname surname
|
||||
ShibMapAttribute urn:mace:dir:attribute-def:telephoneNumber Shib-LDAP-telephoneNumber telephoneNumber
|
||||
ShibMapAttribute urn:mace:dir:attribute-def:facsimileTelephoneNumber Shib-LDAP-facsimileTelephoneNumber facsimileTelephoneNumber
|
||||
ShibMapAttribute urn:mace:dir:attribute-def:postalAddress Shib-LDAP-postalAddress postalAddress
|
||||
ShibMapAttribute urn:mace:dir:attribute-def:givenName Shib-LDAP-givenName givenName
|
||||
ShibMapAttribute urn:mace:dir:attribute-def:homePhone Shib-LDAP-homePhone homePhone
|
||||
ShibMapAttribute urn:mace:dir:attribute-def:homePostalAddress Shib-LDAP-homePostalAddress homePostalAddress
|
||||
ShibMapAttribute urn:mace:dir:attribute-def:mail Shib-LDAP-mail mail
|
||||
ShibMapAttribute urn:mace:dir:attribute-def:mobile Shib-LDAP-mobile mobile
|
||||
ShibMapAttribute urn:mace:dir:attribute-def:preferredLanguage Shib-LDAP-preferredLanguage preferredLanguage
|
||||
#
|
||||
ShibMapAttribute urn:mace:dir:attribute-def:eduPersonPrincipalName Shib-EP-PrincipalName eppn
|
||||
ShibMapAttribute urn:mace:dir:attribute-def:eduPersonAffiliation Shib-EP-Affiliation affiliation
|
||||
ShibMapAttribute urn:mace:dir:attribute-def:eduPersonScopedAffiliation Shib-EP-ScopedAffiliation scopedAffiliation
|
||||
ShibMapAttribute urn:mace:dir:attribute-def:eduPersonEntitlement Shib-EP-Entitlement entitlement
|
||||
ShibMapAttribute urn:mace:dir:attribute-def:eduPersonOrgDN Shib-EP-OrgDN orgDN
|
||||
ShibMapAttribute urn:mace:dir:attribute-def:eduPersonOrgUnitDN Shib-EP-OrgUnitDN orgUnitDN
|
||||
#
|
||||
ShibMapAttribute urn:mace:switch.ch:attribute-def:swissEduPersonUniqueID Shib-SwissEP-UniqueID uniqueID
|
||||
ShibMapAttribute urn:mace:switch.ch:attribute-def:swissEduPersonDateOfBirth Shib-SwissEP-DateOfBirth dateOfBirth
|
||||
ShibMapAttribute urn:mace:switch.ch:attribute-def:swissEduPersonGender Shib-SwissEP-Gender gender
|
||||
ShibMapAttribute urn:mace:switch.ch:attribute-def:swissEduPersonHomeOrganization Shib-SwissEP-HomeOrganization homeOrganization
|
||||
ShibMapAttribute urn:mace:switch.ch:attribute-def:swissEduPersonHomeOrganizationType Shib-SwissEP-HomeOrganizationType homeOrganizationType
|
||||
ShibMapAttribute urn:mace:switch.ch:attribute-def:swissEduPersonStudyBranch1 Shib-SwissEP-StudyBranch1 studyBranch1
|
||||
ShibMapAttribute urn:mace:switch.ch:attribute-def:swissEduPersonStudyBranch2 Shib-SwissEP-StudyBranch2 studyBranch2
|
||||
ShibMapAttribute urn:mace:switch.ch:attribute-def:swissEduPersonStudyBranch3 Shib-SwissEP-StudyBranch3 studyBranch3
|
||||
ShibMapAttribute urn:mace:switch.ch:attribute-def:swissEduPersonStudyLevel Shib-SwissEP-StudyLevel studyLevel
|
||||
ShibMapAttribute urn:mace:switch.ch:attribute-def:swissEduPersonStaffCategory Shib-SwissEP-StaffCategory staffCategory
|
||||
|
||||
*/
|
||||
|
||||
?>
|
||||
|
|
@ -15,6 +15,7 @@ $config = array (
|
|||
'baseurlpath' => 'simplesaml/',
|
||||
'templatedir' => 'templates/',
|
||||
'metadatadir' => 'metadata/',
|
||||
'attributenamemapdir' => 'attributemap/',
|
||||
|
||||
/*
|
||||
* If you set the debug parameter to true, all SAML messages will be visible in the
|
||||
|
|
@ -29,6 +30,9 @@ $config = array (
|
|||
*/
|
||||
'session.duration' => 8 * (60*60), // 8 hours.
|
||||
|
||||
'language.available' => array('en', 'no'),
|
||||
'language.default' => 'en',
|
||||
|
||||
/*
|
||||
* Default IdPs. If you do not enter an idpentityid in the SSO initialization endpoints,
|
||||
* the default IdP configured here will be used.
|
||||
|
|
|
|||
|
|
@ -2,9 +2,7 @@
|
|||
|
||||
|
||||
/**
|
||||
* SimpleSAMLphp
|
||||
*
|
||||
* PHP versions 4 and 5
|
||||
* simpleSAMLphp
|
||||
*
|
||||
* LICENSE: See the COPYING file included in this distribution.
|
||||
*
|
||||
|
|
@ -20,6 +18,7 @@ class SimpleSAML_XHTML_Template {
|
|||
|
||||
private $configuration = null;
|
||||
private $template = 'default.php';
|
||||
private $language = null;
|
||||
|
||||
public $data = null;
|
||||
|
||||
|
|
@ -30,13 +29,80 @@ class SimpleSAML_XHTML_Template {
|
|||
$this->data['baseurlpath'] = $this->configuration->getValue('baseurlpath');
|
||||
}
|
||||
|
||||
public function setLanguage($language) {
|
||||
$this->language = $language;
|
||||
setcookie('language', $language);
|
||||
}
|
||||
|
||||
public function getLanguage() {
|
||||
|
||||
if (isset($this->language)) {
|
||||
|
||||
return $this->language;
|
||||
|
||||
} else if (isset($_GET['language'])) {
|
||||
|
||||
$this->setLanguage($_GET['language']);
|
||||
|
||||
} else if (isset($_COOKIE['language'])) {
|
||||
|
||||
$this->language = $_COOKIE['language'];
|
||||
|
||||
} else {
|
||||
|
||||
return $this->configuration->getValue('language.default');
|
||||
}
|
||||
|
||||
return $this->language;
|
||||
}
|
||||
|
||||
private function getLanguageList() {
|
||||
$availableLanguages = $this->configuration->getValue('language.available');
|
||||
$thisLang = $this->getLanguage();
|
||||
$lang = array();
|
||||
foreach ($availableLanguages AS $nl) {
|
||||
$lang[$nl] = ($nl == $thisLang);
|
||||
}
|
||||
return $lang;
|
||||
}
|
||||
|
||||
|
||||
private function includeAtTemplateBase($file) {
|
||||
$filebase = $this->configuration->getValue('basedir') . $this->configuration->getValue('templatedir');
|
||||
include($filebase . $file);
|
||||
}
|
||||
|
||||
private function includeAtLanguageBase($file) {
|
||||
$filebase = $this->configuration->getValue('basedir') . $this->configuration->getValue('templatedir') . $this->getLanguage() . '/' ;
|
||||
include($filebase . $file);
|
||||
}
|
||||
|
||||
|
||||
public function show() {
|
||||
$data = $this->data;
|
||||
$filename = $this->configuration->getValue('basedir') . '/' .
|
||||
$this->configuration->getValue('templatedir') . '/' . $this->template;
|
||||
$filename = $this->configuration->getValue('basedir') . $this->configuration->getValue('templatedir') . $this->getLanguage() . '/' .
|
||||
$this->template;
|
||||
|
||||
|
||||
|
||||
if (!file_exists($filename)) {
|
||||
throw new Exception('Could not find template file [' . $this->template . '] at [' . $filename . ']');
|
||||
|
||||
// echo 'Could not find template file [' . $this->template . '] at [' . $filename . ']';
|
||||
// exit(0);
|
||||
|
||||
$filename = $this->configuration->getValue('basedir') . $this->configuration->getValue('templatedir') .
|
||||
$this->configuration->getValue('language.default') . '/' . $this->template;
|
||||
|
||||
|
||||
|
||||
if (!file_exists($filename)) {
|
||||
echo 'Could not find template file [' . $this->template . '] at [' . $filename . ']';
|
||||
exit(0);
|
||||
throw new Exception('Could not find template file [' . $this->template . '] at [' . $filename . ']');
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
require_once($filename);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -0,0 +1,65 @@
|
|||
<?php
|
||||
|
||||
|
||||
/**
|
||||
* SimpleSAMLphp
|
||||
*
|
||||
* LICENSE: See the COPYING file included in this distribution.
|
||||
*
|
||||
* @author Andreas Åkre Solberg, UNINETT AS. <andreas.solberg@uninett.no>
|
||||
*/
|
||||
|
||||
require_once('SimpleSAML/Configuration.php');
|
||||
//require_once('SimpleSAML/Utilities.php');
|
||||
|
||||
/**
|
||||
* Configuration of SimpleSAMLphp
|
||||
*/
|
||||
class SimpleSAML_XML_AttributeFilter {
|
||||
|
||||
private $attributes = null;
|
||||
|
||||
function __construct(SimpleSAML_Configuration $configuration, $attributes) {
|
||||
$this->configuration = $configuration;
|
||||
$this->attributes = $attributes;
|
||||
}
|
||||
|
||||
|
||||
public function namemap($map) {
|
||||
|
||||
$mapfile = $this->configuration->getValue('basedir') . $this->configuration->getValue('attributenamemapdir') . $map . '.php';
|
||||
if (!file_exists($mapfile)) throw new Exception('Could not find attributemap file: ' . $mapfile);
|
||||
|
||||
include($mapfile);
|
||||
|
||||
$newattributes = array();
|
||||
foreach ($this->attributes AS $a => $value) {
|
||||
if (isset($attributemap[$a])) {
|
||||
$newattributes[$attributemap[$a]] = $value;
|
||||
} else {
|
||||
$newattributes[$a] = $value;
|
||||
}
|
||||
}
|
||||
$this->attributes = $newattributes;
|
||||
|
||||
}
|
||||
|
||||
public function filter($allowedattributes) {
|
||||
$newattributes = array();
|
||||
foreach($this->attributes AS $key => $value) {
|
||||
if (in_array($key, $allowedattributes)) {
|
||||
$newattributes[$key] = $value;
|
||||
}
|
||||
}
|
||||
$this->attributes = $newattributes;
|
||||
}
|
||||
|
||||
public function getAttributes() {
|
||||
return $this->attributes;
|
||||
}
|
||||
|
||||
|
||||
|
||||
}
|
||||
|
||||
?>
|
||||
|
|
@ -7,6 +7,7 @@ require_once('../../../www/_include.php');
|
|||
require_once('SimpleSAML/Utilities.php');
|
||||
require_once('SimpleSAML/Session.php');
|
||||
require_once('SimpleSAML/XML/MetaDataStore.php');
|
||||
require_once('SimpleSAML/XML/AttributeFilter.php');
|
||||
require_once('SimpleSAML/XML/SAML20/AuthnRequest.php');
|
||||
require_once('SimpleSAML/XML/SAML20/AuthnResponse.php');
|
||||
require_once('SimpleSAML/Bindings/SAML20/HTTPRedirect.php');
|
||||
|
|
@ -107,9 +108,11 @@ if (!$session->isAuthenticated() ) {
|
|||
|
||||
|
||||
$spentityid = $authnrequest->getIssuer();
|
||||
//$spmetadata = $metadata->getMetaData($spentityid, 'saml20-sp-remote');
|
||||
|
||||
$spmetadata = $metadata->getMetaData($spentityid, 'saml20-sp-remote');
|
||||
|
||||
/*
|
||||
* Dealing with attribute release consent.
|
||||
*/
|
||||
|
||||
if ($idpmeta['requireconsent']) {
|
||||
|
||||
|
|
@ -127,24 +130,34 @@ if (!$session->isAuthenticated() ) {
|
|||
|
||||
}
|
||||
|
||||
|
||||
// Adding this service provider to the list of sessions.
|
||||
$session->add_sp_session($spentityid);
|
||||
|
||||
|
||||
/*
|
||||
* Filtering attributes.
|
||||
*/
|
||||
$ar = new SimpleSAML_XML_SAML20_AuthnResponse($config, $metadata);
|
||||
$afilter = new SimpleSAML_XML_AttributeFilter($config, $session->getAttributes());
|
||||
if (isset($spmetadata['attributemap'])) {
|
||||
$afilter->namemap($spmetadata['attributemap']);
|
||||
}
|
||||
if (isset($spmetadata['attributes'])) {
|
||||
$afilter->filter($spmetadata['attributes']);
|
||||
}
|
||||
$filteredattributes = $afilter->getAttributes();
|
||||
|
||||
// Generate an SAML 2.0 AuthNResponse message
|
||||
$authnResponseXML = $ar->generate($idpentityid, $spentityid,
|
||||
$requestid, null, $session->getAttributes());
|
||||
|
||||
#echo $authnResponseXML;
|
||||
#print_r($session);
|
||||
|
||||
//sendResponse($response, $idpentityid, $spentityid, $relayState = null) {
|
||||
$requestid, null, $filteredattributes);
|
||||
|
||||
// Sending the AuthNResponse using HTTP-Post SAML 2.0 binding
|
||||
$httppost = new SimpleSAML_Bindings_SAML20_HTTPPost($config, $metadata);
|
||||
|
||||
//echo 'Relaystate[' . $authnrequest->getRelayState() . ']';
|
||||
|
||||
$httppost->sendResponse($authnResponseXML,
|
||||
$idpentityid, $authnrequest->getIssuer(), $authnrequest->getRelayState());
|
||||
|
||||
|
||||
|
||||
|
||||
} catch(Exception $exception) {
|
||||
|
||||
$et = new SimpleSAML_XHTML_Template($config, 'error.php');
|
||||
|
|
|
|||
|
|
@ -77,7 +77,7 @@ if (!isset($session) || !$session->isValid() ) {
|
|||
} else {
|
||||
|
||||
|
||||
$relaystate = $session->getRelayState();
|
||||
$relaystate = $_GET['RelayState'];
|
||||
|
||||
if (isset($relaystate) && !empty($relaystate)) {
|
||||
header('Location: ' . $relaystate );
|
||||
|
|
|
|||
Reference in New Issue