diff options
| author | Jaime Perez Crespo <jaime.perez@uninett.no> | 2015-08-05 10:26:25 +0200 |
|---|---|---|
| committer | Jaime Perez Crespo <jaime.perez@uninett.no> | 2015-08-05 10:26:25 +0200 |
| commit | d145cb7b2ea4c00f6e7907f71a3541a92ad471c6 (patch) | |
| tree | 184defac2a0ffdfa5382249d68a4f27b5c722af6 | |
| parent | 9ccb23dd88e33e6c05133ec40cc29a7fee5719e8 (diff) | |
| download | simplesamlphp-d145cb7b2ea4c00f6e7907f71a3541a92ad471c6.zip simplesamlphp-d145cb7b2ea4c00f6e7907f71a3541a92ad471c6.tar.gz simplesamlphp-d145cb7b2ea4c00f6e7907f71a3541a92ad471c6.tar.bz2 | |
Add a 'hide.from.discovery' configuration option for remote IdP metadata. This allows to hide an IdP from the discovery service. Defaults to false, so every IdP in the metadata that doesn't have this option set to true will be listed.
| -rw-r--r-- | docs/simplesamlphp-reference-idp-remote.txt | 3 | ||||
| -rw-r--r-- | lib/SimpleSAML/XHTML/IdPDisco.php | 26 |
2 files changed, 28 insertions, 1 deletions
diff --git a/docs/simplesamlphp-reference-idp-remote.txt b/docs/simplesamlphp-reference-idp-remote.txt index 0ecf9e0..078b3ce 100644 --- a/docs/simplesamlphp-reference-idp-remote.txt +++ b/docs/simplesamlphp-reference-idp-remote.txt @@ -111,6 +111,9 @@ The following SAML 2.0 options are available: discouraged to do so. For your own safety, please include the string 'http://www.w3.org/2001/04/xmlenc#rsa-1_5' if you make use of this option. +`hide.from.discovery` +: Whether to hide hide this IdP from the local discovery or not. Set to true to hide it. Defaults to false. + `nameid.encryption` : Whether NameIDs sent to this IdP should be encrypted. The default value is `FALSE`. diff --git a/lib/SimpleSAML/XHTML/IdPDisco.php b/lib/SimpleSAML/XHTML/IdPDisco.php index 8b084f3..e93d193 100644 --- a/lib/SimpleSAML/XHTML/IdPDisco.php +++ b/lib/SimpleSAML/XHTML/IdPDisco.php @@ -448,7 +448,30 @@ class SimpleSAML_XHTML_IdPDisco { protected function getScopedIDPList() { return $this->scopedIDPList; } - + + + /** + * Filter the list of IdPs. + * + * This method returns the IdPs that comply with the following conditions: + * - The IdP does not have the 'hide.from.discovery' configuration option. + * + * @param array $list An associative array containing metadata for the IdPs to apply the filtering to. + * + * @return array An associative array containing metadata for the IdPs that were not filtered out. + */ + protected function filter($list) + { + foreach ($list as $entity => $metadata) { + if (array_key_exists('hide.from.discovery', $metadata) && $metadata['hide.from.discovery'] === true) { + unset($list[$entity]); + } + } + return $list; + } + + + /** * Handles a request to this discovery service. * @@ -487,6 +510,7 @@ class SimpleSAML_XHTML_IdPDisco { /* No choice made. Show discovery service page. */ $idpList = $this->getIdPList(); + $idpList = $this->filter($idpList); $preferredIdP = $this->getRecommendedIdP(); $idpintersection = array_intersect(array_keys($idpList), $this->getScopedIDPList()); |