策略引擎>> simplesamlphp-module-entattribs>> 返回
项目作者: tenet-ac-za

项目描述 :
SimpleSAMLphp module to convert entity attributes from metadata into SAML attributes
高级语言: PHP
项目地址: git://github.com/tenet-ac-za/simplesamlphp-module-entattribs.git
创建时间: 2016-06-27T18:20:23Z
项目社区:https://github.com/tenet-ac-za/simplesamlphp-module-entattribs
开源协议:MIT License
下载


entattribs:AttributeFromEntity

Build Status
Coverage Status

This SimpleSAMLphp auth proc filter allows you to provides additional
attributes from based on entity attributes in metadata. It is useful
when entity metadata contains definitive information that you wish
to convert into a SAML attribute (e.g. an entity attribute containing
the value that should be used for schacHomeOrganization in remote
IdP metadata).

Installation

Once you have installed SimpleSAMLphp, installing this module is
very simple. Just execute the following command in the root of your
SimpleSAMLphp installation:

  1. composer.phar require safire-ac-za/simplesamlphp-module-entattribs:dev-master

where dev-master instructs Composer to install the master (development) branch from the Git repository. See the
releases
available if you want to use a stable version of the module

Usage

This module provides the entattribs:AttributeFromEntity auth proc filter,
which can be used as follows:

  1. 50 => [
  2.     'class'     => 'entattribs:AttributeFromEntity',
  3.     '%replace',
  4.     'urn:x-example:schacHomeOrganization' => 'schacHomeOrganization',
  5.     'urn:x-example:schacHomeOrganizationType' => 'schacHomeOrganizationType',
  6. ],

Where the parameters are as follows:

  • class - the name of the class, must be entattribs:AttributeFromEntity

  • %replace - replace the values of any existing SAML attributes with those
    from the entity attributes. (Default is to create a multi-valued attribute
    unless %ignore is set.)

  • %ignore - ignore any SAML attributes that already exist. (Default is to
    create a multi-valued attribute unless %replace is set.)

  • %skipsource - do not look in the source metadata for entity attributes.
    (default is to check source metadata.)

  • %skipdest - do not look in the destination metadata for entity attributes.
    (default is to check destination metadata.)

Any remaining key/value pairs are used to form a map between the entity
attribute name (key) and the corresponding SAML attribute name to use (value).

The parameters %replace and %ignore are intended to be mutually exclusive
and using them together will generate a warning.

Example

If the above filter were applied following remote IdP metadata:

  1. $metadata['https://idp.example.org/idp/shibboleth'] = [
  2.     /* ... */
  3.     'EntityAttributes' => [
  4.         'urn:x-example:schacHomeOrganization' => 'example.org',
  5.         'urn:x-example:schacHomeOrganizationType' => 'urn:schac:homeOrganizationType:int:other',
  6.     ],
  7.     /* ... */
  8. ];

it would result in the following attributes:

  1. $attributes = [
  2.     'schacHomeOrganization' => 'example.org',
  3.     'schacHomeOrganizationType' => 'urn:schac:homeOrganizationType:int:other',
  4. ];

and any existing values of those two attributes would have been lost/replaced.