Commit 6e253853 authored by Robert Lyon's avatar Robert Lyon Committed by Gerrit Code Review
Browse files

Merge "Bug 1710005: Custom file mapping for sp and ids in saml"

parents aaf20215 bb7c7561
......@@ -284,6 +284,8 @@ $config = array (
*/
'authproc.idp' => array(
/* Enable the authproc filter below to add URN Prefixces to all attributes
IMPORTANT To add a custom mapping file, do not uncomment these lines.
Instead add the mapping file path to the saml_custommappingfile_idp in config.php
10 => array(
'class' => 'core:AttributeMap', 'addurnprefix'
), */
......@@ -341,6 +343,8 @@ $config = array (
*/
'authproc.sp' => array(
/*
IMPORTANT To add a custom mapping file, do not uncomment these lines.
Instead add the mapping file path to the saml_custommappingfile_sp in config.php
10 => array(
'class' => 'core:AttributeMap', 'mappings',
),
......@@ -517,3 +521,15 @@ $config = array (
'metashare.publishurl' => NULL,
);
// if we set custom mappings files paths in config.php
$filenames = get_config('saml_custommappingfile');
if (!empty($filenames['sp']) && is_array($filenames['sp'])) {
$map = AuthSaml::get_attributemappings($filenames['sp']);
$config['authproc.sp'][] = $map;
}
if (!empty($filenames['idp']) && is_array($filenames['idp'])) {
$map = AuthSaml::get_attributemappings($filenames['idp']);
$config['authproc.idp'][] = $map;
}
......@@ -11,6 +11,8 @@
defined('INTERNAL') || die();
$string['attributemapfilenotamap'] = 'Attribute map file "%s" didn\'t define an attribute map.';
$string['attributemapfilenotfound'] = 'Could not find attributemap file or it is not writable: %s';
$string['certificate1'] = 'SAML Service Provider signing and encryption certificate';
$string['manage_certificate1'] = 'This is the certificate generated as part of the SAML Service Provider <a href="%s">Metadata</a>.';
$string['nullprivatecert'] = "Could not generate or save the private key";
......
......@@ -27,6 +27,46 @@ class AuthSaml extends Auth {
return $path;
}
/**
* Loads and merges in a file with an attribute map.
*
* @param string $filepath Path of attribute map file.
* @param array $mapping Array where the attributes from the file should be added
*/
private static function custom_loadmapfile($filepath, $mapping = array()) {
if (!is_readable($filepath)) {
throw new Exception(get_string('attributemapfilenotfound', 'auth.saml', $filepath));
}
$attributemap = NULL;
include($filepath);
if (!is_array($attributemap)) {
throw new Exception(get_string('attributemapfilenotamap', 'auth.saml', $filepath));
}
$mapping = array_merge_recursive($mapping, $attributemap);
return $mapping;
}
/*
* Loads all mappings in the files into an array with 'class' => 'core:AttributeMap'
*
* @param filepaths array Paths to files that contain a mapping array
*/
public static function get_attributemappings($filepaths= array()) {
$configparameter = array(
'class' => 'core:AttributeMap',
);
$attributemap = array();
foreach ($filepaths as $key => $filepath) {
//get the $attributemap array in the file
$attributemap = self::custom_loadmapfile($filepath, $attributemap);
}
return array_merge($attributemap, $configparameter);
}
public static function get_certificate_path() {
check_dir_exists(get_config('dataroot') . 'certificate/');
return get_config('dataroot') . 'certificate/';
......
......@@ -721,4 +721,16 @@ $cfg->openbadgedisplayer_source = '{"backpack":"https://backpack.openbadges.org/
* An alternative session handler for SimpleSAMLphp if you do not wish to use memcache.
* Specify the name of the session handler.
*/
// $cfg->ssphpsessionhandler = 'memcached';
\ No newline at end of file
// $cfg->ssphpsessionhandler = 'memcached';
/**
* @global array $cfg->saml_custommappingfile
* A list of paths to custom attribute mapping files for SimpleSAMLphp IDP and SP
*/
/*
$cfg->saml_custommappingfile = '{
"idp" : ["' . $CFG->docroot . 'auth/saml/extlib/simplesamlphp/attributemap/name2oid.php"],
"sp" : ["' . $cfg->dataroot . '/customattributemap/customname2oid.php"]
}';
*/
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment