Skip to content

Latest commit

 

History

History
89 lines (85 loc) · 3.52 KB

README.md

File metadata and controls

89 lines (85 loc) · 3.52 KB
Raw

Grundlagen der Authentication Processing Filters

Links

Teilschritte

  • config/config.php
  • config/authsources.php
  • metadata/saml20-idp-remote.php

Anpassungen

Änderungen

@@ -1019,6 +1019,9 @@
      * Authentication processing filters that will be executed for all SPs
      */
     'authproc.sp' => [
+        10 => [
+            'class' => 'core:AttributeMap', 'oid2name'
+        ],
         /*
         10 => [
             'class' => 'core:AttributeMap', 'removeurnprefix'
@@ -11,6 +11,15 @@
                     //'validateFingerprint' => 'cbf57ce9e8b1bf2abd0605bd943a0ce505829325',
                     'template' => [
                         'tags' => ['dfntest'],
+                        'authproc' => [
+                            50 => [
+                                'class' => 'core:GenerateGroups',
+                                'eduPersonScopedAffiliation',
+                            ],
+                            90 => [
+                                'class' => 'saml:FilterScopes',
+                            ]
+                        ],
                     ],
                 ],
             ],
@@ -27,6 +36,15 @@
 					//'validateFingerprint' => 'cbf57ce9e8b1bf2abd0605bd943a0ce505829325',
 					'template' => [
 						'tags'	    => ['dfn'],
+                        'authproc' => [
+                            50 => [
+                                'class' => 'core:GenerateGroups',
+                                'eduPersonScopedAffiliation',
+                            ],
+                            90 => [
+                                'class' => 'saml:FilterScopes',
+                            ]
+                        ],
 					],
 				],
 			],
@@ -42,17 +42,17 @@
 if ($as->isAuthenticated()) {
     if ($_SESSION['ssp']) {
         // check if remote user changed
-        if (isset($attributes['urn:oid:1.3.6.1.4.1.5923.1.1.1.6'])) {
-            if ($_SESSION['ssp_username'] != $attributes['urn:oid:1.3.6.1.4.1.5923.1.1.1.6'][0]) {
+        if (isset($attributes['eduPersonPrincipalName'])) {
+            if ($_SESSION['ssp_username'] != $attributes['eduPersonPrincipalName'][0]) {
                 // logout user? switch to new user? ...
-                $_SESSION['ssp_username'] = $attributes['urn:oid:1.3.6.1.4.1.5923.1.1.1.6'][0];
+                $_SESSION['ssp_username'] = $attributes['eduPersonPrincipalName'][0];
             }
         }
     } else {
         // init app session
         $_SESSION['ssp'] = true;
-        if (isset($attributes['urn:oid:1.3.6.1.4.1.5923.1.1.1.6'])) {
-            $_SESSION['ssp_username'] = $attributes['urn:oid:1.3.6.1.4.1.5923.1.1.1.6'][0];
+        if (isset($attributes['eduPersonPrincipalName'])) {
+            $_SESSION['ssp_username'] = $attributes['eduPersonPrincipalName'][0];
             $_SESSION["mapa_authn"] = true;
             $_SESSION["mapa_authn_sso"] = true;
             $_SESSION["mapa_authn_timestamp"] = date(DATE_RFC822);