Git Product home page Git Product logo

simplesamlphp-module-entattribs's Introduction

entattribs:AttributeFromEntity

Build Status Coverage Status

This SimpleSAMLphp auth proc filter allows you to provides additional attributes from based on entity attributes in metadata. It is useful when entity metadata contains definitive information that you wish to convert into a SAML attribute (e.g. an entity attribute containing the value that should be used for schacHomeOrganization in remote IdP metadata).

Installation

Once you have installed SimpleSAMLphp, installing this module is very simple. Just execute the following command in the root of your SimpleSAMLphp installation:

composer.phar require safire-ac-za/simplesamlphp-module-entattribs:dev-master

where dev-master instructs Composer to install the master (development) branch from the Git repository. See the releases available if you want to use a stable version of the module

Usage

This module provides the entattribs:AttributeFromEntity auth proc filter, which can be used as follows:

50 => [
    'class'     => 'entattribs:AttributeFromEntity',
    '%replace',
    'urn:x-example:schacHomeOrganization' => 'schacHomeOrganization',
    'urn:x-example:schacHomeOrganizationType' => 'schacHomeOrganizationType',
],

Where the parameters are as follows:

  • class - the name of the class, must be entattribs:AttributeFromEntity

  • %replace - replace the values of any existing SAML attributes with those from the entity attributes. (Default is to create a multi-valued attribute unless %ignore is set.)

  • %ignore - ignore any SAML attributes that already exist. (Default is to create a multi-valued attribute unless %replace is set.)

  • %skipsource - do not look in the source metadata for entity attributes. (default is to check source metadata.)

  • %skipdest - do not look in the destination metadata for entity attributes. (default is to check destination metadata.)

Any remaining key/value pairs are used to form a map between the entity attribute name (key) and the corresponding SAML attribute name to use (value).

The parameters %replace and %ignore are intended to be mutually exclusive and using them together will generate a warning.

Example

If the above filter were applied following remote IdP metadata:

$metadata['https://idp.example.org/idp/shibboleth'] = [
    /* ... */
    'EntityAttributes' => [
        'urn:x-example:schacHomeOrganization' => 'example.org',
        'urn:x-example:schacHomeOrganizationType' => 'urn:schac:homeOrganizationType:int:other',
    ],
    /* ... */
];

it would result in the following attributes:

$attributes = [
    'schacHomeOrganization' => 'example.org',
    'schacHomeOrganizationType' => 'urn:schac:homeOrganizationType:int:other',
];

and any existing values of those two attributes would have been lost/replaced.

simplesamlphp-module-entattribs's People

Contributors

ghalse avatar

Stargazers

avatar

Watchers

avatar avatar avatar

simplesamlphp-module-entattribs's Issues

Logic error in %ignore

The behaviour of the %ignore flag does not match the documentation. At the moment, if %ignore is set and an existing value is found, a multivalued attribute is created. We need to invert the sense of %ignore in the code to correct this (and make it match the documentation).

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.