Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
S
switch-wayf
Project
Project
Details
Activity
Releases
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Merge Requests
1
Merge Requests
1
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Commits
Open sidebar
aai
switch-wayf
Commits
bb024689
Commit
bb024689
authored
Sep 27, 2018
by
Lukas Haemmerle
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Added code contributed in #3901 to filter IdPs by entity categories
parent
589c6318
Changes
4
Show whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
49 additions
and
2 deletions
+49
-2
CHANGES.md
CHANGES.md
+4
-1
bin/update-metadata.php
bin/update-metadata.php
+11
-0
etc/config.dist.php
etc/config.dist.php
+6
-0
lib/readMetadata.php
lib/readMetadata.php
+28
-1
No files found.
CHANGES.md
View file @
bb024689
...
...
@@ -6,7 +6,7 @@ See LICENSE file for details.
SWITCHwayf Changes
==================
SWITCHwayf version: v1.
22
SWITCHwayf version: v1.
3
Bundled with:
*
JQuery v3.2.1
...
...
@@ -41,6 +41,8 @@ SWITCHwayf Version History
-
Changed structure of directory and files
Added update-metadata.php for handling metadata.
Code provided by Guillaume Rousse.
-
Added code to filter IdPs by entity categories.
Code provided by Michael Simon
*
Version 1.21 - Release date: 19. January 2018
-
Allow loading configuration from a path in a
...
...
@@ -297,6 +299,7 @@ alphabetically.
-
Martins Purins from Latvijas Universitates (LV)
-
Olivier Salaün from RENATER (FR)
-
Tom Scavo from Internet2 (US)
-
Michael Simon from KIT (DE)
-
Andrew Sokolov, Saint Petersburg State University (RU)
-
Mika Suvanto from CSC (FI)
-
Huân Thebault from Centre de Calcul de l'IN2P3 (FR)
...
...
bin/update-metadata.php
View file @
bb024689
...
...
@@ -34,6 +34,10 @@ Argument Description
--
min
-
idp
-
count
<
count
>
Minimum
expected
number
of
IdPs
in
metadata
--
min
-
sp
-
count
<
count
>
Minimum
expected
number
of
SPs
in
metadata
--
language
<
locale
>
Language
locale
,
e
.
g
.
'en'
,
'jp'
,
...
--
filter
-
idps
-
by
-
ec
Only
process
IdPs
that
are
in
given
entity
category
.
Multiple
categories
can
be
provided
space
separated
.
If
the
IdP
is
in
none
,
the
IdP
is
ignored
.
--
syslog
Use
syslog
for
reporting
--
syslog
-
id
<
id
>
Process
identity
for
syslog
messages
--
verbose
|
-
v
Verbose
mode
...
...
@@ -55,6 +59,7 @@ $longopts = array(
"metadata-sp-file:"
,
"min-idp-count:"
,
"min-sp-count:"
,
"filter-idps-by-ec:"
,
"language:"
,
"verbose"
,
"syslog"
,
...
...
@@ -141,6 +146,12 @@ if (isset($options['min-idp-count'])) {
$minIDPCount
=
0
;
}
if
(
isset
(
$options
[
'filter-idps-by-ec'
])){
$filterEntityCategory
=
$options
[
'filter-idps-by-ec'
];
}
else
{
$filterEntityCategory
=
false
;
}
// Input validation
if
(
isset
(
$metadataURL
)
&&
$metadataURL
)
{
$metadataFile
=
tempnam
(
sys_get_temp_dir
(),
'metadata'
);
...
...
etc/config.dist.php
View file @
bb024689
...
...
@@ -161,6 +161,12 @@
// be manually added using the Embedded WAYF.
//$supportHideFromDiscoveryEntityCategory = true;
// Only process IDPs with a particular entity category. All
// others are ignored and not taken into account.
// Multiple entity category identifiers can be provided
// space separated. If the IdP is in none of them,
// the IdP is ignored.
//$filterEntityCategory = 'http://example.com/category/example-member';
// Whether or not to add the entityID of the preselected IdP to the
// exported JSON/Text/PHP Code
...
...
lib/readMetadata.php
View file @
bb024689
...
...
@@ -216,7 +216,7 @@ function parseMetadata($metadataFile, $defaultLanguage){
// Processes an IDPRoleDescriptor XML node and returns an IDP entry or false if
// something went wrong
function
processIDPRoleDescriptor
(
$IDPRoleDescriptorNode
){
global
$defaultLanguage
,
$supportHideFromDiscoveryEntityCategory
;
global
$defaultLanguage
,
$supportHideFromDiscoveryEntityCategory
,
$filterEntityCategory
;
$IDP
=
Array
();
$Profiles
=
Array
();
...
...
@@ -229,6 +229,13 @@ function processIDPRoleDescriptor($IDPRoleDescriptorNode){
}
}
// Skip if IdPs should be filtered by entity category
if
(
isset
(
$filterEntityCategory
)
&&
$filterEntityCategory
){
if
(
!
hasSpecificEntityCategory
(
$IDPRoleDescriptorNode
,
$filterEntityCategory
)){
return
false
;
}
}
// Get SSO URL
$SSOServices
=
$IDPRoleDescriptorNode
->
getElementsByTagNameNS
(
'urn:oasis:names:tc:SAML:2.0:metadata'
,
'SingleSignOnService'
);
foreach
(
$SSOServices
as
$SSOService
){
...
...
@@ -621,3 +628,23 @@ function hasHideFromDiscoveryEntityCategory($IDPRoleDescriptorNode){
return
false
;
}
// Returns true if IdP has specific entity category attribute
function
hasSpecificEntityCategory
(
$IDPRoleDescriptorNode
,
$filterEntityCategory
){
// Get SAML Attributes for this entity
$AttributeValues
=
$IDPRoleDescriptorNode
->
parentNode
->
getElementsByTagNameNS
(
'urn:oasis:names:tc:SAML:2.0:assertion'
,
'AttributeValue'
);
if
(
!
$AttributeValues
||
$AttributeValues
->
length
<
1
){
return
false
;
}
$entityCategories
=
explode
(
' '
,
$filterEntityCategory
);
foreach
(
$AttributeValues
as
$AttributeValue
){
$thisCategory
=
trim
(
$AttributeValue
->
nodeValue
);
if
(
in_array
(
$thisCategory
,
$entityCategories
)){
return
true
;
}
}
return
false
;
}
\ No newline at end of file
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment