<?php
require_once('vendor/autoload.php');
/* Start to develop here. Best regards https://php-download.com/ */
cirrusidentity / simplesamlphp-module-cirrusgeneral example snippets
'metadata.sources' => [
[
'type' => 'SimpleSAML\Module\cirrusgeneral\Metadata\Sources\ModifyingMetadataSource',
// Any sources that you want to delegate to
'sources' => [
array('type' => 'flatfile', 'directory' => __DIR__ . '/testMetadata'),
array('type' => 'flatfile', 'directory' => __DIR__ . '/testMetadata2'),
],
'strategies' => [
['type' => 'SimpleSAML\Module\cirrusgeneral\Metadata\AdfsMetadataStrategy'],
[
'type' => 'SimpleSAML\Module\cirrusgeneral\Metadata\OverridingMetadataStrategy',
'source' => array('type' => 'flatfile', 'directory' => __DIR__ . '/overrideMetadata'),
],
[
'type' => 'SimpleSAML\Module\cirrusgeneral\Metadata\PhpMetadataStrategy',
// Run php code to edit the metadat. Defined variables are $metadata, $set, and $entityId
'code' => '
if ($set === "saml20-sp-remote") {
$metadata["attributes"] = $metadata["attributes"] ?? ["attr1", "attr2"];
}
'
]
// some other strategy
// ['type' => 'Myclass', 'configOption1' => true],
],
],
// Any sources that you don't want to pass to the modifying strategis
// [ 'type' => 'flatfile' ],
]
// In your authProc config
20 => [
'class' => 'cirrusgeneral:AttributeSplitter',
'delimiter' => ',', // Optional. Default is comma
'attributes' => ['eduPersonAffiliation', 'urn:oid:1.3.6.1.4.1.5923.1.1.1.1'],
]
// In your authProc config
20 => [
'class' => 'cirrusgeneral:AttributeValueMapper',
'csvFile' => '/patch/to/csv',
'mappingLookup' => [
// source attribute name
'inc-eduPersonEntitlement' => [
// source value
'inc-eduPersonEntitlement-everfi' => [
// dest attribute => [ dest val1, dest val2]
'eduPersonEntitlement' => ['val1', 'val2'],
'localEntitlement' => ['anotherValue'],
]
],
]
]
// In your authProc config
20 => [
'class' => 'cirrusgeneral:PromptAttributeRelease',
'attribute' => 'eduPersonAffiliation',
// optional labels to prefix in front of values
'labels' => [
'student' => 'Student Role',
'member' => 'Generic Role'
// any other values don't get a label and are shown as the plain value in the UI
]
// optional: should the attribute value be shown after the label? defaults to true
'displayAttributeValue' => false
// In your authProc config of your IdP
20 => [
'class' => 'cirrusgeneral:ConditionalSetAuthnContext',
'path' => ['Attributes', 'mfaActivated'], // The path of keys to traverse in the request state,
'value' => 'true', // Using the string 'true' rather than a boolean true
'contextToAssert' => 'https://refeds.org/profile/mfa',
'ignoreForEntities' => ['match1', 'match2', 'other']
// Optional context to assert if there is no match
// 'elseContextToAssert' => 'https://refeds.org/profile/sfa'
]
// Example for Okta
25 => array(
'class' => 'cirrusgeneral:ConditionalSetAuthnContext',
'path' => ['Attributes', 'session.amr'],
'value' => 'mfa',
'contextToAssert' => 'https://refeds.org/profile/mfa',
),
// Exmample for Aure AD
49 => array(
'class' => 'cirrusgeneral:ConditionalSetAuthnContext',
'path' => ['Attributes', 'http://schemas.microsoft.com/claims/authnmethodsreferences'],
'value' => 'http://schemas.microsoft.com/claims/multipleauthn',
'contextToAssert' => 'https://refeds.org/profile/mfa',
),
// In your authProc config
20 => [
'class' => 'cirrusgeneral:AttributeRemove',
'attributes' => ['http://schemas.microsoft.com/identity/claims/tenantid', 'http://schemas.microsoft.com/identity/claims/objectidentifier'],
'attributeRegexes' => ['/^operational/']
]
// In your authsources.php or saml20-idp-metadata.php or whereever you define your authprocs
'authproc' => [
10 => [
// a norma authproc
'core:AttributeMap'
],
20 => [
'class' => 'cirrusgeneral:PhpConditionalAuthProcInserter',
//php boolean expression. Two variables are available: $attributes and $state
'condition' => 'return $state["saml:sp:State"]["saml:sp:AuthnContext"] === "https://refeds.org/profile/mfa";',
// These will only get created if AuthnContext is refeds MFA, and they will run immediately after
// PhpConditionalAuthProcInserter
'authproc' => [
[
'class' => 'core:AttributeAdd',
'newAttribute' => array('newValue'),
],
[
'class' => 'core:AttributeMap',
],
],
// These will only get created if authnContext is not refeds MFA
'elseAuthproc' => [
[
'class' => 'somemodule:PerformMfa',
],
[
'class' => 'somemodule:SetRefedsMfa',
],
]
],
30 => [
// another normal authproc
'core:AttributeMap'
]
]
Loading please wait ...
Before you can download the PHP files, the dependencies should be resolved. This can take some minutes. Please be patient.