diff options
| author | Jaime PĂ©rez Crespo <jaime.perez@uninett.no> | 2017-01-23 14:42:54 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2017-01-23 14:42:54 +0100 |
| commit | 7aeb580d784f06c25ae73609df8c5fe18379f02c (patch) | |
| tree | b522efa62d2899d263156ecab1f7f5e9cce6edfe | |
| parent | abb3a2b0a4ddebc00c6d779d458082799ab41b28 (diff) | |
| parent | a28b7605e5f7c82b7fbe91725f99dbd31e593562 (diff) | |
| download | simplesamlphp-7aeb580d784f06c25ae73609df8c5fe18379f02c.zip simplesamlphp-7aeb580d784f06c25ae73609df8c5fe18379f02c.tar.gz simplesamlphp-7aeb580d784f06c25ae73609df8c5fe18379f02c.tar.bz2 | |
Merge pull request #509 from tdiscuit/master
Add ability to define additional attributes on ContactPerson element
| -rw-r--r-- | docs/simplesamlphp-reference-idp-hosted.md | 31 | ||||
| -rw-r--r-- | lib/SimpleSAML/Metadata/SAMLBuilder.php | 4 | ||||
| -rw-r--r-- | lib/SimpleSAML/Utils/Config/Metadata.php | 17 | ||||
| -rw-r--r-- | tests/lib/SimpleSAML/Utils/Config/MetadataTest.php | 1 |
4 files changed, 53 insertions, 0 deletions
diff --git a/docs/simplesamlphp-reference-idp-hosted.md b/docs/simplesamlphp-reference-idp-hosted.md index dc0fae3..0e5cb62 100644 --- a/docs/simplesamlphp-reference-idp-hosted.md +++ b/docs/simplesamlphp-reference-idp-hosted.md @@ -123,6 +123,37 @@ Common options any value in the SP-remote metadata overrides the one configured in the IdP metadata. +`contacts` +: Specify contacts in addition to the technical contact configured through config/config.php. + For example, specifying a support contact: + + 'contacts' => array( + array( + 'contactType' => 'support', + 'emailAddress' => 'support@example.org', + 'givenName' => 'John', + 'surName' => 'Doe', + 'telephoneNumber' => '+31(0)12345678', + 'company' => 'Example Inc.', + ), + ), + +: If you have support for a trust framework that requires extra attributes on the contact person element in your IdP metadata (for example, SIRTFI), you can specify an array of attributes on a contact. + + 'contacts' => array( + array( + 'contactType' => 'other', + 'emailAddress' => 'mailto:abuse@example.org', + 'givenName' => 'John', + 'surName' => 'Doe', + 'telephoneNumber' => '+31(0)12345678', + 'company' => 'Example Inc.', + 'attributes' => array( + 'xmlns:remd' => 'http://refeds.org/metadata', + 'remd:contactType' => 'http://refeds.org/metadata/contactType/security', + ), + ), + ), SAML 2.0 options ---------------- diff --git a/lib/SimpleSAML/Metadata/SAMLBuilder.php b/lib/SimpleSAML/Metadata/SAMLBuilder.php index 35156f7..90451b7 100644 --- a/lib/SimpleSAML/Metadata/SAMLBuilder.php +++ b/lib/SimpleSAML/Metadata/SAMLBuilder.php @@ -688,6 +688,10 @@ class SimpleSAML_Metadata_SAMLBuilder $e = new \SAML2\XML\md\ContactPerson(); $e->contactType = $type; + if (!empty($details['attributes'])) { + $e->ContactPersonAttributes = $details['attributes']; + } + if (isset($details['company'])) { $e->Company = $details['company']; } diff --git a/lib/SimpleSAML/Utils/Config/Metadata.php b/lib/SimpleSAML/Utils/Config/Metadata.php index d9f9328..2bf4b48 100644 --- a/lib/SimpleSAML/Utils/Config/Metadata.php +++ b/lib/SimpleSAML/Utils/Config/Metadata.php @@ -27,6 +27,12 @@ class Metadata /** + * Valid options for the ContactPerson element + * + * The 'attributes' option isn't defined in section 2.3.2.2 of the OASIS document, but + * it is required to allow additons to the main contact person element for trust + * frameworks. + * * @var array The valid configuration options for a contact configuration array. * @see "Metadata for the OASIS Security Assertion Markup Language (SAML) V2.0", section 2.3.2.2. */ @@ -37,6 +43,7 @@ class Metadata 'surName', 'telephoneNumber', 'company', + 'attributes', ); @@ -108,6 +115,16 @@ class Metadata throw new \InvalidArgumentException('"contactType" is mandatory and must be one of '.$types."."); } + // check attributes is an associative array + if (isset($contact['attributes'])) { + if (empty($contact['attributes']) + || !is_array($contact['attributes']) + || count(array_filter(array_keys($contact['attributes']), 'is_string')) === 0 + ) { + throw new \InvalidArgumentException('"attributes" must be an array and cannot be empty.'); + } + } + // try to fill in givenName and surName from name if (isset($contact['name']) && !isset($contact['givenName']) && !isset($contact['surName'])) { // first check if it's comma separated diff --git a/tests/lib/SimpleSAML/Utils/Config/MetadataTest.php b/tests/lib/SimpleSAML/Utils/Config/MetadataTest.php index 3189834..95f0aa5 100644 --- a/tests/lib/SimpleSAML/Utils/Config/MetadataTest.php +++ b/tests/lib/SimpleSAML/Utils/Config/MetadataTest.php @@ -215,6 +215,7 @@ class MetadataTest extends \PHPUnit_Framework_TestCase } $contact['contactType'] = 'technical'; $contact['name'] = 'to_be_removed'; + $contact['attributes'] = array('test' => 'testval'); $parsed = Metadata::getContact($contact); foreach (array_keys($parsed) as $key) { $this->assertEquals($parsed[$key], $contact[$key]); |