Commit bb024689 authored by Lukas Haemmerle's avatar Lukas Haemmerle

Added code contributed in #3901 to filter IdPs by entity categories

parent 589c6318
......@@ -6,7 +6,7 @@ See LICENSE file for details.
SWITCHwayf Changes
==================
SWITCHwayf version: v1.22
SWITCHwayf version: v1.3
Bundled with:
* JQuery v3.2.1
......@@ -41,6 +41,8 @@ SWITCHwayf Version History
- Changed structure of directory and files
Added update-metadata.php for handling metadata.
Code provided by Guillaume Rousse.
- Added code to filter IdPs by entity categories.
Code provided by Michael Simon
* Version 1.21 - Release date: 19. January 2018
- Allow loading configuration from a path in a
......@@ -297,6 +299,7 @@ alphabetically.
- Martins Purins from Latvijas Universitates (LV)
- Olivier Salaün from RENATER (FR)
- Tom Scavo from Internet2 (US)
- Michael Simon from KIT (DE)
- Andrew Sokolov, Saint Petersburg State University (RU)
- Mika Suvanto from CSC (FI)
- Huân Thebault from Centre de Calcul de l'IN2P3 (FR)
......
......@@ -34,6 +34,10 @@ Argument Description
--min-idp-count <count> Minimum expected number of IdPs in metadata
--min-sp-count <count> Minimum expected number of SPs in metadata
--language <locale> Language locale, e.g. 'en', 'jp', ...
--filter-idps-by-ec Only process IdPs that are in given
entity category. Multiple categories
can be provided space separated.
If the IdP is in none, the IdP is ignored.
--syslog Use syslog for reporting
--syslog-id <id> Process identity for syslog messages
--verbose | -v Verbose mode
......@@ -55,6 +59,7 @@ $longopts = array(
"metadata-sp-file:",
"min-idp-count:",
"min-sp-count:",
"filter-idps-by-ec:",
"language:",
"verbose",
"syslog",
......@@ -141,6 +146,12 @@ if (isset($options['min-idp-count'])) {
$minIDPCount = 0;
}
if(isset($options['filter-idps-by-ec'])){
$filterEntityCategory = $options['filter-idps-by-ec'];
} else {
$filterEntityCategory = false;
}
// Input validation
if (isset($metadataURL) && $metadataURL) {
$metadataFile = tempnam(sys_get_temp_dir(), 'metadata');
......
......@@ -161,6 +161,12 @@
// be manually added using the Embedded WAYF.
//$supportHideFromDiscoveryEntityCategory = true;
// Only process IDPs with a particular entity category. All
// others are ignored and not taken into account.
// Multiple entity category identifiers can be provided
// space separated. If the IdP is in none of them,
// the IdP is ignored.
//$filterEntityCategory = 'http://example.com/category/example-member';
// Whether or not to add the entityID of the preselected IdP to the
// exported JSON/Text/PHP Code
......
......@@ -216,7 +216,7 @@ function parseMetadata($metadataFile, $defaultLanguage){
// Processes an IDPRoleDescriptor XML node and returns an IDP entry or false if
// something went wrong
function processIDPRoleDescriptor($IDPRoleDescriptorNode){
global $defaultLanguage, $supportHideFromDiscoveryEntityCategory;
global $defaultLanguage, $supportHideFromDiscoveryEntityCategory, $filterEntityCategory;
$IDP = Array();
$Profiles = Array();
......@@ -229,6 +229,13 @@ function processIDPRoleDescriptor($IDPRoleDescriptorNode){
}
}
// Skip if IdPs should be filtered by entity category
if (isset($filterEntityCategory) && $filterEntityCategory){
if (!hasSpecificEntityCategory($IDPRoleDescriptorNode, $filterEntityCategory)){
return false;
}
}
// Get SSO URL
$SSOServices = $IDPRoleDescriptorNode->getElementsByTagNameNS( 'urn:oasis:names:tc:SAML:2.0:metadata', 'SingleSignOnService' );
foreach( $SSOServices as $SSOService ){
......@@ -621,3 +628,23 @@ function hasHideFromDiscoveryEntityCategory($IDPRoleDescriptorNode){
return false;
}
// Returns true if IdP has specific entity category attribute
function hasSpecificEntityCategory($IDPRoleDescriptorNode, $filterEntityCategory){
// Get SAML Attributes for this entity
$AttributeValues = $IDPRoleDescriptorNode->parentNode->getElementsByTagNameNS('urn:oasis:names:tc:SAML:2.0:assertion', 'AttributeValue');
if (!$AttributeValues || $AttributeValues->length < 1){
return false;
}
$entityCategories = explode(' ', $filterEntityCategory);
foreach( $AttributeValues as $AttributeValue ){
$thisCategory = trim($AttributeValue->nodeValue);
if (in_array($thisCategory, $entityCategories)){
return true;
}
}
return false;
}
\ No newline at end of file
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment