entrouvert
/
simplesamlphp
Archived
17
0
Fork 0
Code Issues Pull Requests Releases Activity

Implement metarefreshsupann

This commit is contained in:
Benjamin Dauvergne 2015-01-06 16:26:07 +01:00
parent db940492bd
commit c40927bfec
7 changed files with 302 additions and 62 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

79
modules/metarefreshsupann/README Normal file
View File

@ -0,0 +1,79 @@
Fork du module metarefresh du projet SimpleSAMLPhp (SSP) pour le cas particulier de
la fédération Éducation-Recherche Renater
Ce fork ajouter la gestion des règles de filtrage d'attribut au format Shibboleth.
Il est nécessaire de copier les fichiers du module metarefreshsupann/ dans le
répertoire modules/ de SSP et le fichier supann_name2oid.php dans le répertoire
attributemap/ de SSP.
Dans le fichier config/config.php on configurera les sources de métadonnés de
sorte à lire celles générées par le script metarefresh, comme cela:
'metadata.sources' => array(
array('type' => 'flatfile'),
array('type' => 'flatfile', 'directory' => 'metadata/federation/'),
),
Dans le fichier de configuration de l'IdP metadata/saml20-idp-hosted.php, on
ajoutera les clés suivantes (la clé authproc est pensé en fonction de la
configuration par défaut dans config/config.php si vous n'utilitisez pas cette
configuration, il faut penser à activer le module 'core:AttributeLimit').
'AttributeNameFormat' => 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri'
'authproc' => array(
100 => array(
'class' => 'core:AttributeMap',
'name2oid',
),
101 => array(
'class' => 'core:AttributeMap',
'supann_name2oid',
),
)
Pour permettre l'accès aux services nécessitant l'attribut eduPersonTargetedID
ajouter la clé suivante à la clé 'authproc':
10 => array( # il faut quand même vérifier que userid.attribute = uid dans la configuration
'class' => 'core:TargetedID',
'attributename' => 'eduPersonTargetedID',
),
Finalement il sera possible de charger les métadonnées manuellement via la commande:
./modules/metarefreshsupann/bin/metarefresh.php \
--output-dir=metadata/federation/ \
--shibboleth-afp=https://federation.renater.fr/renater/filtres/renater-attribute-filters-all.xml \
https://federation.renater.fr/renater/renater-metadata.xml
ou bien l'on pourra utiliser le module cron de SSP via la configuration
suivante dans le fichier config/config-metarefresh.php:
$config = array( 'sets' => array(
'renater' => array(
'cron' => array('hourly'),
'sources' => array(
array(
'src' => 'https://federation.renater.fr/renater/renater-metadata.xml',
'template' => array(
'tags' => array('renater'),
),
),
),
'afps' => array('https://federation.renater.fr/renater/filtres/renater-attribute-filters-all.xml'),
'expireAfter' => 60*60*24*4, // Maximum 4 days cache time.
'outputDir' => 'metadata/federation/',
/*
* Which output format the metadata should be saved as.
* Can be 'flatfile' or 'serialize'. 'flatfile' is the default.
*/
'outputFormat' => 'flatfile',
),
));
On pourra se référ à la documentation de référence de SSP pour plus de détail
sur la configuration du mode cron ou du module metarefresh:
https://simplesamlphp.org/docs/1.5/simplesamlphp-automated_metadata

23
modules/metarefreshsupann/bin/metarefresh.php
View File

@ -15,7 +15,7 @@ require_once($baseDir . '/lib/_autoload.php');
SimpleSAML_Session::useTransientSession(); /* No need to try to create a session here. */
if(!SimpleSAML_Module::isModuleEnabled('metarefresh')) {
if(!SimpleSAML_Module::isModuleEnabled('metarefreshsupann')) {
echo("You need to enable the metarefresh module before this script can be used.\n");
echo("You can enable it by running the following command:\n");
echo(' echo >"' . $baseDir . '/modules/metarefresh/enable' . "\"\n");
@ -44,6 +44,9 @@ $validateFingerprint = NULL;
/* This variable contains the files we will parse. */
$files = array();
/* This variable contains the Shibboleth attribute filters policies */
$afps = array();
/* Parse arguments. */
$progName = array_shift($argv);
@ -97,6 +100,14 @@ foreach($argv as $a) {
}
$outputDir = $baseDir . ($v[0] == '/' ? $v : '/' . $v);
break;
case '--shibboleth-afp':
if($v === NULL || strlen($v) === 0) {
echo('The --shibboleth-afp option requires a parameter.' . "\n");
echo('Please run `' . $progName . ' --help` for usage information.' . "\n");
exit(1);
}
$afps[] = $v;
break;
case '--stdout':
$toStdOut = TRUE;
break;
@ -116,7 +127,13 @@ if(count($files) === 0) {
/* The metadata global variable will be filled with the metadata we extract. */
$metaloader = new sspmod_metarefresh_MetaLoader();
$metaloader = new sspmod_metarefreshsupann_MetaLoader();
if ($afps) {
foreach($afps as $afp) {
$metaloader->loadAfp($afp);
}
}
foreach($files as $f) {
$source = array('src' => $f);
@ -154,6 +171,8 @@ function printHelp() {
echo(' default directory is metadata-generated/.' . "\n");
echo(' Path will be relative to the simpleSAMLphp' . "\n");
echo(' base directory.' . "\n");
echo(' --shibboleth-afp=<FILE> Generate attributes parameters using an' . "\n");
echo(' existing Attribute Filter Policy file.' . "\n");
echo(' -s, --stdout Write the output to stdout instead of' . "\n");
echo(' seperate files in the output directory.' . "\n");
echo("\n");

26
modules/metarefreshsupann/hooks/hook_cron.php
View File

@ -4,26 +4,26 @@
*
* @param array &$croninfo Output
*/
function metarefresh_hook_cron(&$croninfo) {
function metarefreshsupann_hook_cron(&$croninfo) {
assert('is_array($croninfo)');
assert('array_key_exists("summary", $croninfo)');
assert('array_key_exists("tag", $croninfo)');
SimpleSAML_Logger::info('cron [metarefresh]: Running cron in cron tag [' . $croninfo['tag'] . '] ');
SimpleSAML_Logger::info('cron [metarefreshsupann]: Running cron in cron tag [' . $croninfo['tag'] . '] ');
try {
$config = SimpleSAML_Configuration::getInstance();
$mconfig = SimpleSAML_Configuration::getOptionalConfig('config-metarefresh.php');
$mconfig = SimpleSAML_Configuration::getOptionalConfig('config-metarefreshsupann.php');
$sets = $mconfig->getConfigList('sets', array());
$stateFile = $config->getPathValue('datadir', 'data/') . 'metarefresh-state.php';
$stateFile = $config->getPathValue('datadir', 'data/') . 'metarefreshsupann-state.php';
foreach ($sets AS $setkey => $set) {
// Only process sets where cron matches the current cron tag.
$cronTags = $set->getArray('cron');
if (!in_array($croninfo['tag'], $cronTags)) continue;
SimpleSAML_Logger::info('cron [metarefresh]: Executing set [' . $setkey . ']');
SimpleSAML_Logger::info('cron [metarefreshsupann]: Executing set [' . $setkey . ']');
$expireAfter = $set->getInteger('expireAfter', NULL);
if ($expireAfter !== NULL) {
@ -41,13 +41,17 @@ function metarefresh_hook_cron(&$croninfo) {
'directory' => $outputDir,
));
$metaloader = new sspmod_metarefresh_MetaLoader($expire, $stateFile, $oldMetadataSrc);
$metaloader = new sspmod_metarefreshsupann_MetaLoader($expire, $stateFile, $oldMetadataSrc);
# Get global blacklist, whitelist and caching info
$blacklist = $mconfig->getArray('blacklist', array());
$whitelist = $mconfig->getArray('whitelist', array());
$conditionalGET = $mconfig->getBoolean('conditionalGET', FALSE);
foreach($set->getArray('afps') AS $afp) {
$metaload->loadAfp($afp);
}
foreach($set->getArray('sources') AS $source) {
# Merge global and src specific blacklists
@ -69,7 +73,7 @@ function metarefresh_hook_cron(&$croninfo) {
$source['conditionalGET'] = $conditionalGET;
}
SimpleSAML_Logger::debug('cron [metarefresh]: In set [' . $setkey . '] loading source [' . $source['src'] . ']');
SimpleSAML_Logger::debug('cron [metarefreshsupann]: In set [' . $setkey . '] loading source [' . $source['src'] . ']');
$metaloader->loadSource($source);
}
@ -85,14 +89,10 @@ function metarefresh_hook_cron(&$croninfo) {
break;
}
if ($set->hasValue('arp')) {
$arpconfig = SimpleSAML_Configuration::loadFromArray($set->getValue('arp'));
$metaloader->writeARPfile($arpconfig);
}
}
} catch (Exception $e) {
$croninfo['summary'][] = 'Error during metarefresh: ' . $e->getMessage();
$croninfo['summary'][] = 'Error during metarefreshsupann: ' . $e->getMessage();
}
}
?>
?>

8
modules/metarefreshsupann/hooks/hook_frontpage.php
View File

@ -4,14 +4,14 @@
*
* @param array &$links The links on the frontpage, split into sections.
*/
function metarefresh_hook_frontpage(&$links) {
function metarefreshsupann_hook_frontpage(&$links) {
assert('is_array($links)');
assert('array_key_exists("links", $links)');
$links['federation'][] = array(
'href' => SimpleSAML_Module::getModuleURL('metarefresh/fetch.php'),
'text' => array('en' => 'Metarefresh: fetch metadata'),
'href' => SimpleSAML_Module::getModuleURL('metarefreshsupann/fetch.php'),
'text' => array('en' => 'MetarefreshSupann: fetch metadata'),
);
}
?>
?>

181
modules/metarefreshsupann/lib/MetaLoader.php
View File

@ -4,7 +4,7 @@
* @package simpleSAMLphp
* @version $Id$
*/
class sspmod_metarefresh_MetaLoader {
class sspmod_metarefreshsupann_MetaLoader {
private $expire;
@ -12,6 +12,7 @@ class sspmod_metarefresh_MetaLoader {
private $oldMetadataSrc;
private $stateFile;
private $changed;
private $attributes;
private static $types = array('saml20-idp-remote', 'saml20-sp-remote',
'shib13-idp-remote', 'shib13-sp-remote', 'attributeauthority-remote');
@ -25,6 +26,7 @@ class sspmod_metarefresh_MetaLoader {
public function __construct($expire = NULL, $stateFile = NULL, $oldMetadataSrc = NULL) {
$this->expire = $expire;
$this->metadata = array();
$this->attributes = array();
$this->oldMetadataSrc = $oldMetadataSrc;
$this->stateFile = $stateFile;
$this->changed = FALSE;
@ -38,6 +40,128 @@ class sspmod_metarefresh_MetaLoader {
}
public function getChildNodes($dom_element) {
$ret = array();
foreach($dom_element->childNodes as $child) {
if ($child instanceof DOMText || $child instanceof DOMComment) {
continue;
}
$ret[] = $child;
}
return $ret;
}
/**
* This functions process a Shibboleth Attribute Filter Policy files
*
* @params $afps
*/
public function loadAfp($afp) {
$AFP = 'urn:mace:shibboleth:2.0:afp';
$BASIC = 'urn:mace:shibboleth:2.0:afp:mf:basic';
$XSI = 'http://www.w3.org/2001/XMLSchema-instance';
$AF_POLICY_GROUP = 'AttributeFilterPolicyGroup';
$AF_POLICY = 'AttributeFilterPolicy';
$AF_POLICY_REQUIREMENT_RULE = 'PolicyRequirementRule';
$AF_ATTRIBUTE_RULE = 'AttributeRule';
$AF_PERMIT_VALUE_RULE = 'PermitValueRule';
$XSI_TYPE = 'type';
$BASIC_ATTRIBUTE_REQUESTER_STRING = 'AttributeRequesterString';
$BASIC_ANY = 'ANY';
$VALUE = 'value';
$ATTRIBUTE_ID = 'attributeID';
$ID = 'id';
$data = SimpleSAML_Utilities::fetch($afp);
$doc = new DOMDocument();
$res = $doc->loadXML($data);
$element = $doc->documentElement;
if (! SimpleSAML_Utilities::isDOMElementOfType($element,
$AF_POLICY_GROUP, $AFP)) {
throw new Exception('Unexpected root node: [' . $element->namespaceURI . ']:' .
$element->localName);
}
foreach ($this->getChildNodes($element) as $child) {
if (! SimpleSAML_Utilities::isDOMElementOfType($child,
$AF_POLICY, $AFP)) {
throw new Exception('Unexpected child node: [' . $child->namespaceURI . ']:' .
$child->localName);
}
$subchildren = $this->getChildNodes($child);
if (! $subchildren) {
throw new Exception('Missing subchild');
}
$prr = $subchildren[0];
if (! SimpleSAML_Utilities::isDOMElementOfType($prr,
$AF_POLICY_REQUIREMENT_RULE, $AFP)) {
throw new Exception('Unexpected policy requirement rule node: [' . $prr->namespaceURI . ']:' .
$prr->localName);
}
if (! $prr->hasAttributeNS($XSI, $XSI_TYPE)) {
throw new Exception('Missing xsi:type attribute');
}
$xsi_type = $prr->getAttributeNodeNS($XSI, $XSI_TYPE)->value;
$xsi_type = explode(':', $xsi_type, 2);
if (count($xsi_type) != 2) {
throw new Exception('Missing namespace prefix in xsi:type value: ' . implode($xsi_type));
}
$xsi_type_ns_uri = $prr->lookupNamespaceURI($xsi_type[0]);
if ($xsi_type_ns_uri != $BASIC || $xsi_type[1] != $BASIC_ATTRIBUTE_REQUESTER_STRING) {
throw new Exception('xsi:type is not basic:AttributeRequesterString');
}
$entity_id = $prr->attributes->getNamedItem($VALUE);
if (! $entity_id) {
throw new Exception('PolicyRequirementRule missing a value attribute');
}
$entity_id = $entity_id->value;
$attributes = array();
$this->attributes[$entity_id] = $attributes;
foreach (array_slice($subchildren, 1) as $subchild) {
if (! SimpleSAML_Utilities::isDOMElementOfType($subchild,
$AF_ATTRIBUTE_RULE, $AFP)) {
throw new Exception('Unexpected attribute rule node: [' . $subchild->namespaceURI . ']:' .
$subchild->localName);
}
$attribute_id = $subchild->attributes->getNamedItem($ATTRIBUTE_ID);
if (! $attribute_id) {
throw new Exception('Missing attributeID attribute on attribute rule node');
}
$attribute_id = $attribute_id->value;
$subsubchildren = $this->getChildNodes($subchild);
if (count($subsubchildren) != 1) {
throw new Exception("Attribute rule node must have only one child");
}
$pvr = $subsubchildren[0];
if (! SimpleSAML_Utilities::isDOMElementOfType($pvr,
$AF_PERMIT_VALUE_RULE, $AFP)) {
throw new Exception('Unexpected PermiteValueRule node: [' . $pvr->namespaceURI . ']:' .
$pvr->localName);
}
if (! $pvr->hasAttributeNS($XSI, $XSI_TYPE)) {
throw new Exception('Missing xsi:type attribute');
}
$xsi_type = $pvr->getAttributeNodeNS($XSI, $XSI_TYPE)->value;
$xsi_type = explode(':', $xsi_type, 2);
if (count($xsi_type) != 2) {
throw new Exception('Missing namespace prefix in xsi:type value');
}
$xsi_type_ns_uri = $pvr->lookupNamespaceURI($xsi_type[0]);
if ($xsi_type_ns_uri != $BASIC || $xsi_type[1] != $BASIC_ANY) {
throw new Exception('xsi:type is not basic:ANY');
}
$renater_is_weird = array(
'email' => 'mail',
);
if (isset($renater_is_weird[$attribute_id])) { # fix wrongly named attributes
$attribute_id = $renater_is_weird[$attribute_id];
}
$this->attributes[$entity_id][] = $attribute_id;
# echo $entity_id . ' ' . $attribute_id . "\n";
}
}
}
/**
* This function processes a SAML metadata file.
*
@ -53,7 +177,7 @@ class sspmod_metarefresh_MetaLoader {
try {
list($data, $responseHeaders) = SimpleSAML_Utilities::fetch($source['src'], $context, TRUE);
} catch(Exception $e) {
SimpleSAML_Logger::warning('metarefresh: ' . $e->getMessage());
SimpleSAML_Logger::warning('metarefreshsupann: ' . $e->getMessage());
}
// We have response headers, so the request succeeded
@ -137,7 +261,7 @@ class sspmod_metarefresh_MetaLoader {
$name = $config->getString('technicalcontact_name', NULL);
$mail = $config->getString('technicalcontact_email', NULL);
$rawheader = "User-Agent: SimpleSAMLphp metarefresh, run by $name <$mail>\r\n";
$rawheader = "User-Agent: SimpleSAMLphp metarefreshsupann, run by $name <$mail>\r\n";
if (isset($source['conditionalGET']) && $source['conditionalGET']) {
if(array_key_exists($source['src'], $this->state)) {
@ -214,7 +338,7 @@ class sspmod_metarefresh_MetaLoader {
if($doc->documentElement === NULL) throw new Exception('Opened file is not an XML document: ' . $source['src']);
$entities = SimpleSAML_Metadata_SAMLParser::parseDescriptorsElement($doc->documentElement);
} catch(Exception $e) {
SimpleSAML_Logger::warning('metarefresh: Failed to retrieve metadata. ' . $e->getMessage());
SimpleSAML_Logger::warning('metarefreshsupann: Failed to retrieve metadata. ' . $e->getMessage());
}
return $entities;
}
@ -228,7 +352,7 @@ class sspmod_metarefresh_MetaLoader {
SimpleSAML_Logger::debug('Writing: ' . $this->stateFile);
SimpleSAML_Utilities::writeFile(
$this->stateFile,
"<?php\n/* This file was generated by the metarefresh module at ".$this->getTime() . ".\n".
"<?php\n/* This file was generated by the metarefreshsupann module at ".$this->getTime() . ".\n".
" Do not update it manually as it will get overwritten. */\n".
'$state = ' . var_export($this->state, TRUE) . ";\n?>\n",
0644
@ -277,6 +401,11 @@ class sspmod_metarefresh_MetaLoader {
if($metadata === NULL) {
return;
}
if ($type == 'saml20-sp-remote' && isset($this->attributes)
&& isset($this->attributes[$metadata['entityid']])) {
$metadata['attributes'] = $this->attributes[$metadata['entityid']];
}
if (isset($template)) {
// foreach($metadata AS $mkey => $mentry) {
@ -311,38 +440,6 @@ class sspmod_metarefresh_MetaLoader {
$this->metadata[$type][] = array('filename' => $filename, 'metadata' => $metadata);
}
/**
* This function writes the metadata to an ARP file
*/
function writeARPfile($config) {
assert('is_a($config, \'SimpleSAML_Configuration\')');
$arpfile = $config->getValue('arpfile');
$types = array('saml20-sp-remote');
$md = array();
foreach($this->metadata as $category => $elements) {
if (!in_array($category, $types)) continue;
$md = array_merge($md, $elements);
}
#$metadata, $attributemap, $prefix, $suffix
$arp = new sspmod_metarefresh_ARP($md,
$config->getValue('attributemap', ''),
$config->getValue('prefix', ''),
$config->getValue('suffix', '')
);
$arpxml = $arp->getXML();
SimpleSAML_Logger::info('Writing ARP file: ' . $arpfile . "\n");
file_put_contents($arpfile, $arpxml);
}
/**
@ -370,7 +467,7 @@ class sspmod_metarefresh_MetaLoader {
$elements = $this->metadata[$type];
SimpleSAML_Logger::debug('Writing: ' . $filename);
$content = '<?php' . "\n" . '/* This file was generated by the metarefresh module at '. $this->getTime() . "\n";
$content = '<?php' . "\n" . '/* This file was generated by the metarefreshsupann module at '. $this->getTime() . "\n";
$content .= ' Do not update it manually as it will get overwritten' . "\n" . '*/' . "\n";
foreach($elements as $m) {
@ -408,7 +505,7 @@ class sspmod_metarefresh_MetaLoader {
foreach ($elements as $m) {
$entityId = $m['metadata']['entityid'];
SimpleSAML_Logger::debug('metarefresh: Add metadata entry ' .
SimpleSAML_Logger::debug('metarefreshsupann: Add metadata entry ' .
var_export($entityId, TRUE) . ' in set ' . var_export($set, TRUE) . '.');
$metaHandler->saveMetadata($entityId, $set, $m['metadata']);
}
@ -419,15 +516,15 @@ class sspmod_metarefresh_MetaLoader {
foreach ($metaHandler->getMetadataSets() as $set) {
foreach ($metaHandler->getMetadataSet($set) as $entityId => $metadata) {
if (!array_key_exists('expire', $metadata)) {
SimpleSAML_Logger::warning('metarefresh: Metadata entry without expire timestamp: ' . var_export($entityId, TRUE) .
SimpleSAML_Logger::warning('metarefreshsupann: Metadata entry without expire timestamp: ' . var_export($entityId, TRUE) .
' in set ' . var_export($set, TRUE) . '.');
continue;
}
if ($metadata['expire'] > $ct) {
continue;
}
SimpleSAML_Logger::debug('metarefresh: ' . $entityId . ' expired ' . date('l jS \of F Y h:i:s A', $metadata['expire']) );
SimpleSAML_Logger::debug('metarefresh: Delete expired metadata entry ' .
SimpleSAML_Logger::debug('metarefreshsupann: ' . $entityId . ' expired ' . date('l jS \of F Y h:i:s A', $metadata['expire']) );
SimpleSAML_Logger::debug('metarefreshsupann: Delete expired metadata entry ' .
var_export($entityId, TRUE) . ' in set ' . var_export($set, TRUE) . '. (' . ($ct - $metadata['expire']) . ' sec)');
$metaHandler->deleteMetadata($entityId, $set);
}

41
modules/metarefreshsupann/supann_name2oid.php Normal file
View File

@ -0,0 +1,41 @@
<?php
$attributemap = array(
'supannEtuAnneeInscription' => 'urn:oid:1.3.6.1.4.1.7135.1.2.1.25',
'supannGroupeAdminDN' => 'urn:oid:1.3.6.1.4.1.7135.1.2.1.19',
'supannParrainDN' => 'urn:oid:1.3.6.1.4.1.7135.1.2.1.17',
'supannTypeEntite' => 'urn:oid:1.3.6.1.4.1.7135.1.2.1.16',
'supannEtuTypeDiplome' => 'urn:oid:1.3.6.1.4.1.7135.1.2.1.33',
'supannCodeINE' => 'urn:oid:1.3.6.1.4.1.7135.1.2.1.9',
'supannOrganisme' => 'urn:oid:1.3.6.1.4.1.7135.1.2.1.3',
'supannMailPerso' => 'urn:oid:1.3.6.1.4.1.7135.1.2.1.15',
'supannGroupeDateFin' => 'urn:oid:1.3.6.1.4.1.7135.1.2.1.18',
'supannEtuCursusAnnee' => 'urn:oid:1.3.6.1.4.1.7135.1.2.1.26',
'supannActivite' => 'urn:oid:1.3.6.1.4.1.7135.1.2.1.2',
'supannEmpId' => 'urn:oid:1.3.6.1.4.1.7135.1.2.1.11',
'supannTypeEntiteAffectation' => 'urn:oid:1.3.6.1.4.1.7135.1.2.1.36',
'supannEtuDiplome' => 'urn:oid:1.3.6.1.4.1.7135.1.2.1.27',
'supannEtuId' => 'urn:oid:1.3.6.1.4.1.7135.1.2.1.10',
'supannCivilite' => 'urn:oid:1.3.6.1.4.1.7135.1.2.1.4',
'supannEtuRegimeInscription' => 'urn:oid:1.3.6.1.4.1.7135.1.2.1.31',
'supannEtablissement' => 'urn:oid:1.3.6.1.4.1.7135.1.2.1.14',
'supannCodeEntiteParent' => 'urn:oid:1.3.6.1.4.1.7135.1.2.1.7',
'supannEntiteAffectationPrincipale' => 'urn:oid:1.3.6.1.4.1.7135.1.2.1.13',
'supannEtuElementPedagogique' => 'urn:oid:1.3.6.1.4.1.7135.1.2.1.28',
'supannAffectation' => 'urn:oid:1.3.6.1.4.1.7135.1.2.1.5',
'supannAutreTelephone' => 'urn:oid:1.3.6.1.4.1.7135.1.2.1.12',
'supannEmpCorps' => 'urn:oid:1.3.6.1.4.1.7135.1.2.1.35',
'supannCodeEntite' => 'urn:oid:1.3.6.1.4.1.7135.1.2.1.6',
'supannEtuInscription' => 'urn:oid:1.3.6.1.4.1.7135.1.2.1.30',
'supannRefId' => 'urn:oid:1.3.6.1.4.1.7135.1.2.1.37',
'supannListeRouge' => 'urn:oid:1.3.6.1.4.1.7135.1.2.1.1',
'supannEtuSecteurDisciplinaire' => 'urn:oid:1.3.6.1.4.1.7135.1.2.1.32',
'supannEntiteAffectation' => 'urn:oid:1.3.6.1.4.1.7135.1.2.1.8',
'supannRoleEntite' => 'urn:oid:1.3.6.1.4.1.7135.1.2.1.24',
'supannRole' => 'urn:oid:1.3.6.1.4.1.7135.1.2.1.21',
'supannEtuEtape' => 'urn:oid:1.3.6.1.4.1.7135.1.2.1.29',
'supannAutreMail' => 'urn:oid:1.3.6.1.4.1.7135.1.2.1.34',
'supannRoleGenerique' => 'urn:oid:1.3.6.1.4.1.7135.1.2.1.23',
'supannGroupeLecteurDN' => 'urn:oid:1.3.6.1.4.1.7135.1.2.1.22',
'supannAliasLogin' => 'urn:oid:1.3.6.1.4.1.7135.1.2.1.20',
);
?>

6
modules/metarefreshsupann/www/fetch.php
View File

@ -30,6 +30,10 @@ foreach ($sets AS $setkey => $set) {
$blacklist = $mconfig->getArray('blacklist', array());
$whitelist = $mconfig->getArray('whitelist', array());
foreach($set->getArray('afps') AS $afp) {
$metaload->loadAfp($afp);
}
foreach($set->getArray('sources') AS $source) {
# Merge global and src specific blacklists
@ -74,4 +78,4 @@ $logentries = SimpleSAML_Logger::getCapturedLog();
$t = new SimpleSAML_XHTML_Template($config, 'metarefresh:fetch.tpl.php');
$t->data['logentries'] = $logentries;
$t->show();
$t->show();