Implement metarefreshsupann
This commit is contained in:
parent
db940492bd
commit
c40927bfec
|
@ -0,0 +1,79 @@
|
|||
Fork du module metarefresh du projet SimpleSAMLPhp (SSP) pour le cas particulier de
|
||||
la fédération Éducation-Recherche Renater
|
||||
|
||||
Ce fork ajouter la gestion des règles de filtrage d'attribut au format Shibboleth.
|
||||
|
||||
Il est nécessaire de copier les fichiers du module metarefreshsupann/ dans le
|
||||
répertoire modules/ de SSP et le fichier supann_name2oid.php dans le répertoire
|
||||
attributemap/ de SSP.
|
||||
|
||||
Dans le fichier config/config.php on configurera les sources de métadonnés de
|
||||
sorte à lire celles générées par le script metarefresh, comme cela:
|
||||
|
||||
'metadata.sources' => array(
|
||||
array('type' => 'flatfile'),
|
||||
array('type' => 'flatfile', 'directory' => 'metadata/federation/'),
|
||||
),
|
||||
|
||||
Dans le fichier de configuration de l'IdP metadata/saml20-idp-hosted.php, on
|
||||
ajoutera les clés suivantes (la clé authproc est pensé en fonction de la
|
||||
configuration par défaut dans config/config.php si vous n'utilitisez pas cette
|
||||
configuration, il faut penser à activer le module 'core:AttributeLimit').
|
||||
|
||||
'AttributeNameFormat' => 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri'
|
||||
|
||||
'authproc' => array(
|
||||
100 => array(
|
||||
'class' => 'core:AttributeMap',
|
||||
'name2oid',
|
||||
),
|
||||
101 => array(
|
||||
'class' => 'core:AttributeMap',
|
||||
'supann_name2oid',
|
||||
),
|
||||
)
|
||||
|
||||
Pour permettre l'accès aux services nécessitant l'attribut eduPersonTargetedID
|
||||
ajouter la clé suivante à la clé 'authproc':
|
||||
|
||||
10 => array( # il faut quand même vérifier que userid.attribute = uid dans la configuration
|
||||
'class' => 'core:TargetedID',
|
||||
'attributename' => 'eduPersonTargetedID',
|
||||
),
|
||||
|
||||
Finalement il sera possible de charger les métadonnées manuellement via la commande:
|
||||
|
||||
./modules/metarefreshsupann/bin/metarefresh.php \
|
||||
--output-dir=metadata/federation/ \
|
||||
--shibboleth-afp=https://federation.renater.fr/renater/filtres/renater-attribute-filters-all.xml \
|
||||
https://federation.renater.fr/renater/renater-metadata.xml
|
||||
|
||||
ou bien l'on pourra utiliser le module cron de SSP via la configuration
|
||||
suivante dans le fichier config/config-metarefresh.php:
|
||||
|
||||
$config = array( 'sets' => array(
|
||||
|
||||
'renater' => array(
|
||||
'cron' => array('hourly'),
|
||||
'sources' => array(
|
||||
array(
|
||||
'src' => 'https://federation.renater.fr/renater/renater-metadata.xml',
|
||||
'template' => array(
|
||||
'tags' => array('renater'),
|
||||
),
|
||||
),
|
||||
),
|
||||
'afps' => array('https://federation.renater.fr/renater/filtres/renater-attribute-filters-all.xml'),
|
||||
'expireAfter' => 60*60*24*4, // Maximum 4 days cache time.
|
||||
'outputDir' => 'metadata/federation/',
|
||||
/*
|
||||
* Which output format the metadata should be saved as.
|
||||
* Can be 'flatfile' or 'serialize'. 'flatfile' is the default.
|
||||
*/
|
||||
'outputFormat' => 'flatfile',
|
||||
),
|
||||
));
|
||||
|
||||
On pourra se référ à la documentation de référence de SSP pour plus de détail
|
||||
sur la configuration du mode cron ou du module metarefresh:
|
||||
https://simplesamlphp.org/docs/1.5/simplesamlphp-automated_metadata
|
|
@ -15,7 +15,7 @@ require_once($baseDir . '/lib/_autoload.php');
|
|||
|
||||
SimpleSAML_Session::useTransientSession(); /* No need to try to create a session here. */
|
||||
|
||||
if(!SimpleSAML_Module::isModuleEnabled('metarefresh')) {
|
||||
if(!SimpleSAML_Module::isModuleEnabled('metarefreshsupann')) {
|
||||
echo("You need to enable the metarefresh module before this script can be used.\n");
|
||||
echo("You can enable it by running the following command:\n");
|
||||
echo(' echo >"' . $baseDir . '/modules/metarefresh/enable' . "\"\n");
|
||||
|
@ -44,6 +44,9 @@ $validateFingerprint = NULL;
|
|||
/* This variable contains the files we will parse. */
|
||||
$files = array();
|
||||
|
||||
/* This variable contains the Shibboleth attribute filters policies */
|
||||
$afps = array();
|
||||
|
||||
/* Parse arguments. */
|
||||
|
||||
$progName = array_shift($argv);
|
||||
|
@ -97,6 +100,14 @@ foreach($argv as $a) {
|
|||
}
|
||||
$outputDir = $baseDir . ($v[0] == '/' ? $v : '/' . $v);
|
||||
break;
|
||||
case '--shibboleth-afp':
|
||||
if($v === NULL || strlen($v) === 0) {
|
||||
echo('The --shibboleth-afp option requires a parameter.' . "\n");
|
||||
echo('Please run `' . $progName . ' --help` for usage information.' . "\n");
|
||||
exit(1);
|
||||
}
|
||||
$afps[] = $v;
|
||||
break;
|
||||
case '--stdout':
|
||||
$toStdOut = TRUE;
|
||||
break;
|
||||
|
@ -116,7 +127,13 @@ if(count($files) === 0) {
|
|||
|
||||
|
||||
/* The metadata global variable will be filled with the metadata we extract. */
|
||||
$metaloader = new sspmod_metarefresh_MetaLoader();
|
||||
$metaloader = new sspmod_metarefreshsupann_MetaLoader();
|
||||
|
||||
if ($afps) {
|
||||
foreach($afps as $afp) {
|
||||
$metaloader->loadAfp($afp);
|
||||
}
|
||||
}
|
||||
|
||||
foreach($files as $f) {
|
||||
$source = array('src' => $f);
|
||||
|
@ -154,6 +171,8 @@ function printHelp() {
|
|||
echo(' default directory is metadata-generated/.' . "\n");
|
||||
echo(' Path will be relative to the simpleSAMLphp' . "\n");
|
||||
echo(' base directory.' . "\n");
|
||||
echo(' --shibboleth-afp=<FILE> Generate attributes parameters using an' . "\n");
|
||||
echo(' existing Attribute Filter Policy file.' . "\n");
|
||||
echo(' -s, --stdout Write the output to stdout instead of' . "\n");
|
||||
echo(' seperate files in the output directory.' . "\n");
|
||||
echo("\n");
|
||||
|
|
|
@ -4,26 +4,26 @@
|
|||
*
|
||||
* @param array &$croninfo Output
|
||||
*/
|
||||
function metarefresh_hook_cron(&$croninfo) {
|
||||
function metarefreshsupann_hook_cron(&$croninfo) {
|
||||
assert('is_array($croninfo)');
|
||||
assert('array_key_exists("summary", $croninfo)');
|
||||
assert('array_key_exists("tag", $croninfo)');
|
||||
|
||||
SimpleSAML_Logger::info('cron [metarefresh]: Running cron in cron tag [' . $croninfo['tag'] . '] ');
|
||||
SimpleSAML_Logger::info('cron [metarefreshsupann]: Running cron in cron tag [' . $croninfo['tag'] . '] ');
|
||||
|
||||
try {
|
||||
$config = SimpleSAML_Configuration::getInstance();
|
||||
$mconfig = SimpleSAML_Configuration::getOptionalConfig('config-metarefresh.php');
|
||||
$mconfig = SimpleSAML_Configuration::getOptionalConfig('config-metarefreshsupann.php');
|
||||
|
||||
$sets = $mconfig->getConfigList('sets', array());
|
||||
$stateFile = $config->getPathValue('datadir', 'data/') . 'metarefresh-state.php';
|
||||
$stateFile = $config->getPathValue('datadir', 'data/') . 'metarefreshsupann-state.php';
|
||||
|
||||
foreach ($sets AS $setkey => $set) {
|
||||
// Only process sets where cron matches the current cron tag.
|
||||
$cronTags = $set->getArray('cron');
|
||||
if (!in_array($croninfo['tag'], $cronTags)) continue;
|
||||
|
||||
SimpleSAML_Logger::info('cron [metarefresh]: Executing set [' . $setkey . ']');
|
||||
SimpleSAML_Logger::info('cron [metarefreshsupann]: Executing set [' . $setkey . ']');
|
||||
|
||||
$expireAfter = $set->getInteger('expireAfter', NULL);
|
||||
if ($expireAfter !== NULL) {
|
||||
|
@ -41,13 +41,17 @@ function metarefresh_hook_cron(&$croninfo) {
|
|||
'directory' => $outputDir,
|
||||
));
|
||||
|
||||
$metaloader = new sspmod_metarefresh_MetaLoader($expire, $stateFile, $oldMetadataSrc);
|
||||
$metaloader = new sspmod_metarefreshsupann_MetaLoader($expire, $stateFile, $oldMetadataSrc);
|
||||
|
||||
# Get global blacklist, whitelist and caching info
|
||||
$blacklist = $mconfig->getArray('blacklist', array());
|
||||
$whitelist = $mconfig->getArray('whitelist', array());
|
||||
$conditionalGET = $mconfig->getBoolean('conditionalGET', FALSE);
|
||||
|
||||
foreach($set->getArray('afps') AS $afp) {
|
||||
$metaload->loadAfp($afp);
|
||||
}
|
||||
|
||||
foreach($set->getArray('sources') AS $source) {
|
||||
|
||||
# Merge global and src specific blacklists
|
||||
|
@ -69,7 +73,7 @@ function metarefresh_hook_cron(&$croninfo) {
|
|||
$source['conditionalGET'] = $conditionalGET;
|
||||
}
|
||||
|
||||
SimpleSAML_Logger::debug('cron [metarefresh]: In set [' . $setkey . '] loading source [' . $source['src'] . ']');
|
||||
SimpleSAML_Logger::debug('cron [metarefreshsupann]: In set [' . $setkey . '] loading source [' . $source['src'] . ']');
|
||||
$metaloader->loadSource($source);
|
||||
}
|
||||
|
||||
|
@ -85,14 +89,10 @@ function metarefresh_hook_cron(&$croninfo) {
|
|||
break;
|
||||
}
|
||||
|
||||
if ($set->hasValue('arp')) {
|
||||
$arpconfig = SimpleSAML_Configuration::loadFromArray($set->getValue('arp'));
|
||||
$metaloader->writeARPfile($arpconfig);
|
||||
}
|
||||
}
|
||||
|
||||
} catch (Exception $e) {
|
||||
$croninfo['summary'][] = 'Error during metarefresh: ' . $e->getMessage();
|
||||
$croninfo['summary'][] = 'Error during metarefreshsupann: ' . $e->getMessage();
|
||||
}
|
||||
}
|
||||
?>
|
||||
?>
|
||||
|
|
|
@ -4,14 +4,14 @@
|
|||
*
|
||||
* @param array &$links The links on the frontpage, split into sections.
|
||||
*/
|
||||
function metarefresh_hook_frontpage(&$links) {
|
||||
function metarefreshsupann_hook_frontpage(&$links) {
|
||||
assert('is_array($links)');
|
||||
assert('array_key_exists("links", $links)');
|
||||
|
||||
$links['federation'][] = array(
|
||||
'href' => SimpleSAML_Module::getModuleURL('metarefresh/fetch.php'),
|
||||
'text' => array('en' => 'Metarefresh: fetch metadata'),
|
||||
'href' => SimpleSAML_Module::getModuleURL('metarefreshsupann/fetch.php'),
|
||||
'text' => array('en' => 'MetarefreshSupann: fetch metadata'),
|
||||
);
|
||||
|
||||
}
|
||||
?>
|
||||
?>
|
||||
|
|
|
@ -4,7 +4,7 @@
|
|||
* @package simpleSAMLphp
|
||||
* @version $Id$
|
||||
*/
|
||||
class sspmod_metarefresh_MetaLoader {
|
||||
class sspmod_metarefreshsupann_MetaLoader {
|
||||
|
||||
|
||||
private $expire;
|
||||
|
@ -12,6 +12,7 @@ class sspmod_metarefresh_MetaLoader {
|
|||
private $oldMetadataSrc;
|
||||
private $stateFile;
|
||||
private $changed;
|
||||
private $attributes;
|
||||
private static $types = array('saml20-idp-remote', 'saml20-sp-remote',
|
||||
'shib13-idp-remote', 'shib13-sp-remote', 'attributeauthority-remote');
|
||||
|
||||
|
@ -25,6 +26,7 @@ class sspmod_metarefresh_MetaLoader {
|
|||
public function __construct($expire = NULL, $stateFile = NULL, $oldMetadataSrc = NULL) {
|
||||
$this->expire = $expire;
|
||||
$this->metadata = array();
|
||||
$this->attributes = array();
|
||||
$this->oldMetadataSrc = $oldMetadataSrc;
|
||||
$this->stateFile = $stateFile;
|
||||
$this->changed = FALSE;
|
||||
|
@ -38,6 +40,128 @@ class sspmod_metarefresh_MetaLoader {
|
|||
|
||||
}
|
||||
|
||||
public function getChildNodes($dom_element) {
|
||||
$ret = array();
|
||||
foreach($dom_element->childNodes as $child) {
|
||||
if ($child instanceof DOMText || $child instanceof DOMComment) {
|
||||
continue;
|
||||
}
|
||||
$ret[] = $child;
|
||||
}
|
||||
return $ret;
|
||||
}
|
||||
|
||||
/**
|
||||
* This functions process a Shibboleth Attribute Filter Policy files
|
||||
*
|
||||
* @params $afps
|
||||
*/
|
||||
public function loadAfp($afp) {
|
||||
$AFP = 'urn:mace:shibboleth:2.0:afp';
|
||||
$BASIC = 'urn:mace:shibboleth:2.0:afp:mf:basic';
|
||||
$XSI = 'http://www.w3.org/2001/XMLSchema-instance';
|
||||
$AF_POLICY_GROUP = 'AttributeFilterPolicyGroup';
|
||||
$AF_POLICY = 'AttributeFilterPolicy';
|
||||
$AF_POLICY_REQUIREMENT_RULE = 'PolicyRequirementRule';
|
||||
$AF_ATTRIBUTE_RULE = 'AttributeRule';
|
||||
$AF_PERMIT_VALUE_RULE = 'PermitValueRule';
|
||||
$XSI_TYPE = 'type';
|
||||
$BASIC_ATTRIBUTE_REQUESTER_STRING = 'AttributeRequesterString';
|
||||
$BASIC_ANY = 'ANY';
|
||||
$VALUE = 'value';
|
||||
$ATTRIBUTE_ID = 'attributeID';
|
||||
$ID = 'id';
|
||||
|
||||
$data = SimpleSAML_Utilities::fetch($afp);
|
||||
|
||||
$doc = new DOMDocument();
|
||||
$res = $doc->loadXML($data);
|
||||
$element = $doc->documentElement;
|
||||
if (! SimpleSAML_Utilities::isDOMElementOfType($element,
|
||||
$AF_POLICY_GROUP, $AFP)) {
|
||||
throw new Exception('Unexpected root node: [' . $element->namespaceURI . ']:' .
|
||||
$element->localName);
|
||||
}
|
||||
foreach ($this->getChildNodes($element) as $child) {
|
||||
if (! SimpleSAML_Utilities::isDOMElementOfType($child,
|
||||
$AF_POLICY, $AFP)) {
|
||||
throw new Exception('Unexpected child node: [' . $child->namespaceURI . ']:' .
|
||||
$child->localName);
|
||||
}
|
||||
$subchildren = $this->getChildNodes($child);
|
||||
if (! $subchildren) {
|
||||
throw new Exception('Missing subchild');
|
||||
}
|
||||
$prr = $subchildren[0];
|
||||
if (! SimpleSAML_Utilities::isDOMElementOfType($prr,
|
||||
$AF_POLICY_REQUIREMENT_RULE, $AFP)) {
|
||||
throw new Exception('Unexpected policy requirement rule node: [' . $prr->namespaceURI . ']:' .
|
||||
$prr->localName);
|
||||
}
|
||||
if (! $prr->hasAttributeNS($XSI, $XSI_TYPE)) {
|
||||
throw new Exception('Missing xsi:type attribute');
|
||||
}
|
||||
$xsi_type = $prr->getAttributeNodeNS($XSI, $XSI_TYPE)->value;
|
||||
$xsi_type = explode(':', $xsi_type, 2);
|
||||
if (count($xsi_type) != 2) {
|
||||
throw new Exception('Missing namespace prefix in xsi:type value: ' . implode($xsi_type));
|
||||
}
|
||||
$xsi_type_ns_uri = $prr->lookupNamespaceURI($xsi_type[0]);
|
||||
if ($xsi_type_ns_uri != $BASIC || $xsi_type[1] != $BASIC_ATTRIBUTE_REQUESTER_STRING) {
|
||||
throw new Exception('xsi:type is not basic:AttributeRequesterString');
|
||||
}
|
||||
$entity_id = $prr->attributes->getNamedItem($VALUE);
|
||||
if (! $entity_id) {
|
||||
throw new Exception('PolicyRequirementRule missing a value attribute');
|
||||
}
|
||||
$entity_id = $entity_id->value;
|
||||
$attributes = array();
|
||||
$this->attributes[$entity_id] = $attributes;
|
||||
foreach (array_slice($subchildren, 1) as $subchild) {
|
||||
if (! SimpleSAML_Utilities::isDOMElementOfType($subchild,
|
||||
$AF_ATTRIBUTE_RULE, $AFP)) {
|
||||
throw new Exception('Unexpected attribute rule node: [' . $subchild->namespaceURI . ']:' .
|
||||
$subchild->localName);
|
||||
}
|
||||
$attribute_id = $subchild->attributes->getNamedItem($ATTRIBUTE_ID);
|
||||
if (! $attribute_id) {
|
||||
throw new Exception('Missing attributeID attribute on attribute rule node');
|
||||
}
|
||||
$attribute_id = $attribute_id->value;
|
||||
$subsubchildren = $this->getChildNodes($subchild);
|
||||
if (count($subsubchildren) != 1) {
|
||||
throw new Exception("Attribute rule node must have only one child");
|
||||
}
|
||||
$pvr = $subsubchildren[0];
|
||||
if (! SimpleSAML_Utilities::isDOMElementOfType($pvr,
|
||||
$AF_PERMIT_VALUE_RULE, $AFP)) {
|
||||
throw new Exception('Unexpected PermiteValueRule node: [' . $pvr->namespaceURI . ']:' .
|
||||
$pvr->localName);
|
||||
}
|
||||
if (! $pvr->hasAttributeNS($XSI, $XSI_TYPE)) {
|
||||
throw new Exception('Missing xsi:type attribute');
|
||||
}
|
||||
$xsi_type = $pvr->getAttributeNodeNS($XSI, $XSI_TYPE)->value;
|
||||
$xsi_type = explode(':', $xsi_type, 2);
|
||||
if (count($xsi_type) != 2) {
|
||||
throw new Exception('Missing namespace prefix in xsi:type value');
|
||||
}
|
||||
$xsi_type_ns_uri = $pvr->lookupNamespaceURI($xsi_type[0]);
|
||||
if ($xsi_type_ns_uri != $BASIC || $xsi_type[1] != $BASIC_ANY) {
|
||||
throw new Exception('xsi:type is not basic:ANY');
|
||||
}
|
||||
$renater_is_weird = array(
|
||||
'email' => 'mail',
|
||||
);
|
||||
if (isset($renater_is_weird[$attribute_id])) { # fix wrongly named attributes
|
||||
$attribute_id = $renater_is_weird[$attribute_id];
|
||||
}
|
||||
$this->attributes[$entity_id][] = $attribute_id;
|
||||
# echo $entity_id . ' ' . $attribute_id . "\n";
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* This function processes a SAML metadata file.
|
||||
*
|
||||
|
@ -53,7 +177,7 @@ class sspmod_metarefresh_MetaLoader {
|
|||
try {
|
||||
list($data, $responseHeaders) = SimpleSAML_Utilities::fetch($source['src'], $context, TRUE);
|
||||
} catch(Exception $e) {
|
||||
SimpleSAML_Logger::warning('metarefresh: ' . $e->getMessage());
|
||||
SimpleSAML_Logger::warning('metarefreshsupann: ' . $e->getMessage());
|
||||
}
|
||||
|
||||
// We have response headers, so the request succeeded
|
||||
|
@ -137,7 +261,7 @@ class sspmod_metarefresh_MetaLoader {
|
|||
$name = $config->getString('technicalcontact_name', NULL);
|
||||
$mail = $config->getString('technicalcontact_email', NULL);
|
||||
|
||||
$rawheader = "User-Agent: SimpleSAMLphp metarefresh, run by $name <$mail>\r\n";
|
||||
$rawheader = "User-Agent: SimpleSAMLphp metarefreshsupann, run by $name <$mail>\r\n";
|
||||
|
||||
if (isset($source['conditionalGET']) && $source['conditionalGET']) {
|
||||
if(array_key_exists($source['src'], $this->state)) {
|
||||
|
@ -214,7 +338,7 @@ class sspmod_metarefresh_MetaLoader {
|
|||
if($doc->documentElement === NULL) throw new Exception('Opened file is not an XML document: ' . $source['src']);
|
||||
$entities = SimpleSAML_Metadata_SAMLParser::parseDescriptorsElement($doc->documentElement);
|
||||
} catch(Exception $e) {
|
||||
SimpleSAML_Logger::warning('metarefresh: Failed to retrieve metadata. ' . $e->getMessage());
|
||||
SimpleSAML_Logger::warning('metarefreshsupann: Failed to retrieve metadata. ' . $e->getMessage());
|
||||
}
|
||||
return $entities;
|
||||
}
|
||||
|
@ -228,7 +352,7 @@ class sspmod_metarefresh_MetaLoader {
|
|||
SimpleSAML_Logger::debug('Writing: ' . $this->stateFile);
|
||||
SimpleSAML_Utilities::writeFile(
|
||||
$this->stateFile,
|
||||
"<?php\n/* This file was generated by the metarefresh module at ".$this->getTime() . ".\n".
|
||||
"<?php\n/* This file was generated by the metarefreshsupann module at ".$this->getTime() . ".\n".
|
||||
" Do not update it manually as it will get overwritten. */\n".
|
||||
'$state = ' . var_export($this->state, TRUE) . ";\n?>\n",
|
||||
0644
|
||||
|
@ -277,6 +401,11 @@ class sspmod_metarefresh_MetaLoader {
|
|||
if($metadata === NULL) {
|
||||
return;
|
||||
}
|
||||
|
||||
if ($type == 'saml20-sp-remote' && isset($this->attributes)
|
||||
&& isset($this->attributes[$metadata['entityid']])) {
|
||||
$metadata['attributes'] = $this->attributes[$metadata['entityid']];
|
||||
}
|
||||
|
||||
if (isset($template)) {
|
||||
// foreach($metadata AS $mkey => $mentry) {
|
||||
|
@ -311,38 +440,6 @@ class sspmod_metarefresh_MetaLoader {
|
|||
|
||||
$this->metadata[$type][] = array('filename' => $filename, 'metadata' => $metadata);
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* This function writes the metadata to an ARP file
|
||||
*/
|
||||
function writeARPfile($config) {
|
||||
|
||||
assert('is_a($config, \'SimpleSAML_Configuration\')');
|
||||
|
||||
$arpfile = $config->getValue('arpfile');
|
||||
$types = array('saml20-sp-remote');
|
||||
|
||||
$md = array();
|
||||
foreach($this->metadata as $category => $elements) {
|
||||
if (!in_array($category, $types)) continue;
|
||||
$md = array_merge($md, $elements);
|
||||
}
|
||||
|
||||
#$metadata, $attributemap, $prefix, $suffix
|
||||
$arp = new sspmod_metarefresh_ARP($md,
|
||||
$config->getValue('attributemap', ''),
|
||||
$config->getValue('prefix', ''),
|
||||
$config->getValue('suffix', '')
|
||||
);
|
||||
|
||||
|
||||
$arpxml = $arp->getXML();
|
||||
|
||||
SimpleSAML_Logger::info('Writing ARP file: ' . $arpfile . "\n");
|
||||
file_put_contents($arpfile, $arpxml);
|
||||
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
|
@ -370,7 +467,7 @@ class sspmod_metarefresh_MetaLoader {
|
|||
$elements = $this->metadata[$type];
|
||||
SimpleSAML_Logger::debug('Writing: ' . $filename);
|
||||
|
||||
$content = '<?php' . "\n" . '/* This file was generated by the metarefresh module at '. $this->getTime() . "\n";
|
||||
$content = '<?php' . "\n" . '/* This file was generated by the metarefreshsupann module at '. $this->getTime() . "\n";
|
||||
$content .= ' Do not update it manually as it will get overwritten' . "\n" . '*/' . "\n";
|
||||
|
||||
foreach($elements as $m) {
|
||||
|
@ -408,7 +505,7 @@ class sspmod_metarefresh_MetaLoader {
|
|||
foreach ($elements as $m) {
|
||||
$entityId = $m['metadata']['entityid'];
|
||||
|
||||
SimpleSAML_Logger::debug('metarefresh: Add metadata entry ' .
|
||||
SimpleSAML_Logger::debug('metarefreshsupann: Add metadata entry ' .
|
||||
var_export($entityId, TRUE) . ' in set ' . var_export($set, TRUE) . '.');
|
||||
$metaHandler->saveMetadata($entityId, $set, $m['metadata']);
|
||||
}
|
||||
|
@ -419,15 +516,15 @@ class sspmod_metarefresh_MetaLoader {
|
|||
foreach ($metaHandler->getMetadataSets() as $set) {
|
||||
foreach ($metaHandler->getMetadataSet($set) as $entityId => $metadata) {
|
||||
if (!array_key_exists('expire', $metadata)) {
|
||||
SimpleSAML_Logger::warning('metarefresh: Metadata entry without expire timestamp: ' . var_export($entityId, TRUE) .
|
||||
SimpleSAML_Logger::warning('metarefreshsupann: Metadata entry without expire timestamp: ' . var_export($entityId, TRUE) .
|
||||
' in set ' . var_export($set, TRUE) . '.');
|
||||
continue;
|
||||
}
|
||||
if ($metadata['expire'] > $ct) {
|
||||
continue;
|
||||
}
|
||||
SimpleSAML_Logger::debug('metarefresh: ' . $entityId . ' expired ' . date('l jS \of F Y h:i:s A', $metadata['expire']) );
|
||||
SimpleSAML_Logger::debug('metarefresh: Delete expired metadata entry ' .
|
||||
SimpleSAML_Logger::debug('metarefreshsupann: ' . $entityId . ' expired ' . date('l jS \of F Y h:i:s A', $metadata['expire']) );
|
||||
SimpleSAML_Logger::debug('metarefreshsupann: Delete expired metadata entry ' .
|
||||
var_export($entityId, TRUE) . ' in set ' . var_export($set, TRUE) . '. (' . ($ct - $metadata['expire']) . ' sec)');
|
||||
$metaHandler->deleteMetadata($entityId, $set);
|
||||
}
|
||||
|
|
|
@ -0,0 +1,41 @@
|
|||
<?php
|
||||
$attributemap = array(
|
||||
'supannEtuAnneeInscription' => 'urn:oid:1.3.6.1.4.1.7135.1.2.1.25',
|
||||
'supannGroupeAdminDN' => 'urn:oid:1.3.6.1.4.1.7135.1.2.1.19',
|
||||
'supannParrainDN' => 'urn:oid:1.3.6.1.4.1.7135.1.2.1.17',
|
||||
'supannTypeEntite' => 'urn:oid:1.3.6.1.4.1.7135.1.2.1.16',
|
||||
'supannEtuTypeDiplome' => 'urn:oid:1.3.6.1.4.1.7135.1.2.1.33',
|
||||
'supannCodeINE' => 'urn:oid:1.3.6.1.4.1.7135.1.2.1.9',
|
||||
'supannOrganisme' => 'urn:oid:1.3.6.1.4.1.7135.1.2.1.3',
|
||||
'supannMailPerso' => 'urn:oid:1.3.6.1.4.1.7135.1.2.1.15',
|
||||
'supannGroupeDateFin' => 'urn:oid:1.3.6.1.4.1.7135.1.2.1.18',
|
||||
'supannEtuCursusAnnee' => 'urn:oid:1.3.6.1.4.1.7135.1.2.1.26',
|
||||
'supannActivite' => 'urn:oid:1.3.6.1.4.1.7135.1.2.1.2',
|
||||
'supannEmpId' => 'urn:oid:1.3.6.1.4.1.7135.1.2.1.11',
|
||||
'supannTypeEntiteAffectation' => 'urn:oid:1.3.6.1.4.1.7135.1.2.1.36',
|
||||
'supannEtuDiplome' => 'urn:oid:1.3.6.1.4.1.7135.1.2.1.27',
|
||||
'supannEtuId' => 'urn:oid:1.3.6.1.4.1.7135.1.2.1.10',
|
||||
'supannCivilite' => 'urn:oid:1.3.6.1.4.1.7135.1.2.1.4',
|
||||
'supannEtuRegimeInscription' => 'urn:oid:1.3.6.1.4.1.7135.1.2.1.31',
|
||||
'supannEtablissement' => 'urn:oid:1.3.6.1.4.1.7135.1.2.1.14',
|
||||
'supannCodeEntiteParent' => 'urn:oid:1.3.6.1.4.1.7135.1.2.1.7',
|
||||
'supannEntiteAffectationPrincipale' => 'urn:oid:1.3.6.1.4.1.7135.1.2.1.13',
|
||||
'supannEtuElementPedagogique' => 'urn:oid:1.3.6.1.4.1.7135.1.2.1.28',
|
||||
'supannAffectation' => 'urn:oid:1.3.6.1.4.1.7135.1.2.1.5',
|
||||
'supannAutreTelephone' => 'urn:oid:1.3.6.1.4.1.7135.1.2.1.12',
|
||||
'supannEmpCorps' => 'urn:oid:1.3.6.1.4.1.7135.1.2.1.35',
|
||||
'supannCodeEntite' => 'urn:oid:1.3.6.1.4.1.7135.1.2.1.6',
|
||||
'supannEtuInscription' => 'urn:oid:1.3.6.1.4.1.7135.1.2.1.30',
|
||||
'supannRefId' => 'urn:oid:1.3.6.1.4.1.7135.1.2.1.37',
|
||||
'supannListeRouge' => 'urn:oid:1.3.6.1.4.1.7135.1.2.1.1',
|
||||
'supannEtuSecteurDisciplinaire' => 'urn:oid:1.3.6.1.4.1.7135.1.2.1.32',
|
||||
'supannEntiteAffectation' => 'urn:oid:1.3.6.1.4.1.7135.1.2.1.8',
|
||||
'supannRoleEntite' => 'urn:oid:1.3.6.1.4.1.7135.1.2.1.24',
|
||||
'supannRole' => 'urn:oid:1.3.6.1.4.1.7135.1.2.1.21',
|
||||
'supannEtuEtape' => 'urn:oid:1.3.6.1.4.1.7135.1.2.1.29',
|
||||
'supannAutreMail' => 'urn:oid:1.3.6.1.4.1.7135.1.2.1.34',
|
||||
'supannRoleGenerique' => 'urn:oid:1.3.6.1.4.1.7135.1.2.1.23',
|
||||
'supannGroupeLecteurDN' => 'urn:oid:1.3.6.1.4.1.7135.1.2.1.22',
|
||||
'supannAliasLogin' => 'urn:oid:1.3.6.1.4.1.7135.1.2.1.20',
|
||||
);
|
||||
?>
|
|
@ -30,6 +30,10 @@ foreach ($sets AS $setkey => $set) {
|
|||
$blacklist = $mconfig->getArray('blacklist', array());
|
||||
$whitelist = $mconfig->getArray('whitelist', array());
|
||||
|
||||
foreach($set->getArray('afps') AS $afp) {
|
||||
$metaload->loadAfp($afp);
|
||||
}
|
||||
|
||||
foreach($set->getArray('sources') AS $source) {
|
||||
|
||||
# Merge global and src specific blacklists
|
||||
|
@ -74,4 +78,4 @@ $logentries = SimpleSAML_Logger::getCapturedLog();
|
|||
|
||||
$t = new SimpleSAML_XHTML_Template($config, 'metarefresh:fetch.tpl.php');
|
||||
$t->data['logentries'] = $logentries;
|
||||
$t->show();
|
||||
$t->show();
|
||||
|
|
Reference in New Issue