2017 © Pedro Peláez
 

simplesamlphp-module simplesamlphp-module-attributescope

Filter to remove attribute values which are not properly scoped.

image

niif/simplesamlphp-module-attributescope

Filter to remove attribute values which are not properly scoped.

  • Thursday, June 28, 2018
  • by gyufi
  • Repository
  • 7 Watchers
  • 1 Stars
  • 51 Installations
  • PHP
  • 0 Dependents
  • 0 Suggesters
  • 1 Forks
  • 0 Open issues
  • 5 Versions
  • 2 % Grown

The README.md

Attributescope filter module

Build Status, (*1)

This module ensures that scoped attributes (such as eduPersonPrincipalName) have the right scopes defined in the entity metadata., (*2)

It removes values * that should be scoped (see attributesWithScope below) but are not; * whose scope does not match shibmd:Scope element in the metadata., (*3)

Additionally, it is also capable to handle 'scope attributes' such as schacHomeOrganization that should be equivalent to shibmd:Scope element in the metadata., (*4)

Notes and limitations

  • Regular expressions in shibmd:Scope are not supported.
  • It is recommended to run this filter after oid2name. Please note that attribute names in the module configuration are case sensitive and must match the names in attributemaps.
  • 'scope Attributes' must be singled valued, otherwise they are removed.
  • Specifying an attribute in multiple configuration options is likely a user configuration issue. A value will only pass if it conforms to the validation rule for each configured option.

Installing the module

You can install the module with composer:, (*5)

composer require niif/simplesamlphp-module-attributescope

Example configuration

config/config.php, (*6)

   authproc.sp = array(
       ...
        // 49 => array('class' => 'core:AttributeMap', 'oid2name'),
        // Verify scoped attributes with the metadata:
        50 => array(
            'class' => 'attributescope:FilterAttributes',
            // Default attributes with scope attributes.
            // 'attributesWithScope' => array('eduPersonPrincipalName', 'eduPersonScopedAffiliation'),
            // Default scopeAttribute
            // 'scopeAttributes' => array('schacHomeOrganization'),
       ),

Configurations Options

  • attributesWithScope an array of attributes that should be scoped and should match the scope from the metadata
  • attributesWithScopeSuffix an array of attributes that have the scope as a suffix. For example, user@department.example.com and department.example.com are both suffixed with example.com. Useful when an SP is reliant on mail attribute to identify users and the IdP users various subdomains for mail.
  • scopeAttributes an array of attributes that should exactly match the scope from the metadata
  • ignoreCheckForEntities an array of IdP entity IDs to skip scope checking for. Useful when an IdP is a SAML proxy and is trusted to assert any scope.
  • ignoreCase ignore the case of the scoped attribute. The new 'Subject Identifier Attributes' profile stipulates that comparison should be case insensitive. Default is false, for backwards compatability.

Development

Runing tests

./vendor/phpunit/phpunit/phpunit

The Versions

28/06 2018

dev-master

9999999-dev

Filter to remove attribute values which are not properly scoped.

  Sources   Download

The Requires

 

The Development Requires

filter module simplesamlphp scope sp

28/06 2018

v1.0.3

1.0.3.0

Filter to remove attribute values which are not properly scoped.

  Sources   Download

The Requires

 

The Development Requires

filter module simplesamlphp scope sp

13/11 2015

v1.0.2

1.0.2.0

Filter to remove attribute values which are not properly scoped.

  Sources   Download

The Requires

 

12/11 2015

v1.0.1

1.0.1.0

Filter to remove attribute values which are not properly scoped.

  Sources   Download

The Requires

 

12/11 2015

v1.0.0

1.0.0.0

Filter to remove attribute values which are not properly scoped.

  Sources   Download

The Requires