diff options
| author | Olav Morken <olav.morken@uninett.no> | 2008-08-20 07:54:10 +0000 |
|---|---|---|
| committer | Olav Morken <olav.morken@uninett.no> | 2008-08-20 07:54:10 +0000 |
| commit | 25e43d4ff7c38806f90acfdc1b6b3b75da5d690d (patch) | |
| tree | e3e846e7da408919734f5157f2eb40561737b473 | |
| parent | 6f5059233cf41e86685c5108277df391aec25dde (diff) | |
| download | simplesamlphp-25e43d4ff7c38806f90acfdc1b6b3b75da5d690d.zip simplesamlphp-25e43d4ff7c38806f90acfdc1b6b3b75da5d690d.tar.gz simplesamlphp-25e43d4ff7c38806f90acfdc1b6b3b75da5d690d.tar.bz2 | |
Added core:TargetedID filter, for adding eduPersonTargetedID attribute.
git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@821 44740490-163a-0410-bde0-09ae8108e29a
| -rw-r--r-- | modules/core/lib/Auth/Process/TargetedID.php | 146 |
1 files changed, 146 insertions, 0 deletions
diff --git a/modules/core/lib/Auth/Process/TargetedID.php b/modules/core/lib/Auth/Process/TargetedID.php new file mode 100644 index 0000000..add19f2 --- /dev/null +++ b/modules/core/lib/Auth/Process/TargetedID.php @@ -0,0 +1,146 @@ +<?php + +/** + * Filter to generate the eduPersonTargetedID attribute. + * + * By default, this filter will generate the ID based on the UserID of the current user. + * This is by default generated from the attribute configured in 'userid.attribute' in the + * metadata. If this attribute isn't present, the userid will be generated from the + * eduPersonPrincipalName attribute, if it is present. + * + * It is possible to generate this attribute from another attribute by specifying this attribute + * in this configuration. + * + * Example - generate from user ID: + * <code> + * 'authproc' => array( + * array('core:TargetedID'), + * ), + * </code> + * + * Example - generate from mail-attribute: + * <code> + * 'authproc' => array( + * array('core:TargetedID' , 'attribute' => 'mail'), + * ), + * </code> + * + * @author Olav Morken, UNINETT AS. + * @package simpleSAMLphp + * @version $Id$ + */ +class sspmod_core_Auth_Process_TargetedID extends SimpleSAML_Auth_ProcessingFilter { + + + /** + * The attribute we should generate the targeted id from, or NULL if we should use the + * UserID. + */ + private $attribute = NULL; + + + /** + * Initialize this filter. + * + * @param array $config Configuration information about this filter. + * @param mixed $reserved For future use. + */ + public function __construct($config, $reserved) { + parent::__construct($config, $reserved); + + assert('is_array($config)'); + + if (array_key_exists('attribute', $config)) { + $this->attribute = $config['attribute']; + if (!is_string($this->attribute)) { + throw new Exception('Invalid attribute name given to core:TargetedID filter.'); + } + } + } + + + /** + * Apply filter to add the targeted ID. + * + * @param array &$state The current state. + */ + public function process(&$state) { + assert('is_array($state)'); + assert('array_key_exists("Attributes", $state)'); + + if ($this->attribute === NULL) { + if (!array_key_exists('UserID', $state)) { + throw new Exception('core:TargetedID: Missing UserID for this user. Please' . + ' check the \'userid.attribute\' option in the metadata against the' . + ' attributes provided by the authentication source.'); + } + + $userID = $state['UserID']; + } else { + if (!array_key_exists($this->attribute, $state['Attributes'])) { + throw new Exception('core:TargetedID: Missing attribute \'' . $this->attribute . + '\', which is needed to generate the targeted ID.'); + } + + $userID = $state['Attributes'][$this->attribute]; + } + + + $secretSalt = SimpleSAML_Configuration::getInstance()->getString('secretsalt'); + if ($secretSalt === 'defaultsecretsalt') { + throw new Exception('The "secretsalt" configuration option must be set to a secret' . + ' value.'); + } + + if (array_key_exists('Source', $state)) { + $srcID = self::getEntityId($state['Source']); + } else { + $srcID = ''; + } + + if (array_key_exists('Destination', $state)) { + $dstID = self::getEntityId($state['Destination']); + } else { + $dstID = ''; + } + + $uidData = 'uidhashbase' . $secretSalt; + $uidData .= strlen($srcID) . ':' . $srcID; + $uidData .= strlen($dstID) . ':' . $dstID; + $uidData .= strlen($userID) . ':' . $userID; + $uidData .= $secretSalt; + + $state['Attributes']['eduPersonTargetedID'] = array(hash('sha1', $uidData)); + } + + + /** + * Generate ID from entity metadata. + * + * This function takes in the metadata of an entity, and attempts to generate + * an unique identifier based on that. + * + * @param array $metadata The metadata of the entity. + * @return string The unique identifier for the entity. + */ + private static function getEntityId($metadata) { + assert('is_array($metadata)'); + + $id = ''; + + if (array_key_exists('metadata-set', $metadata)) { + $set = $metadata['metadata-set']; + $id .= 'set' . strlen($set) . ':' . $set; + } + + if (array_key_exists('entityid', $metadata)) { + $entityid = $metadata['entityid']; + $id .= 'set' . strlen($entityid) . ':' . $entityid; + } + + return $id; + } + +} + +?>
\ No newline at end of file |