Download the PHP package simplesamlphp/simplesamlphp-module-entitycategories without Composer

On this page you can find all versions of the php package simplesamlphp/simplesamlphp-module-entitycategories. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:
If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

  • Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
  • To use Composer is sometimes complicated. Especially for beginners.
  • Composer needs much resources. Sometimes they are not available on a simple webspace.
  • If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
  • Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Please rate this library. Is it a good library?

Informations about the package simplesamlphp-module-entitycategories

Build Status Coverage Status Scrutinizer Code Quality Type Coverage Psalm Level

Entity Categories

This is a SimpleSAMLphp module to create attribute release policies based on entity categories. It allows the modification on the fly of the attributes requested by a service (both removing and adding attributes) depending on the entity category or categories that the service is declared to belong to.

Please note that this module is not a replacement for the core:AttributeLimit authentication processing filter. It will only modify the attributes requested by a service, and therefore it should be used together with the aforementioned core:AttributeLimit filter or any other filter that provides a similar functionality.

Installation

Once you have installed SimpleSAMLphp, installing this module is very simple. Just execute the following command in the root of your SimpleSAMLphp installation:

where dev-master instructs Composer to install the master (development) branch from the Git repository. See the releases available if you want to use a stable version of the module.

Configuration

Next thing you need to do is to enable the module:

in config.php, search for the module.enable key and set entitycategories to true:

This module includes an authentication processing filter that can be configured as any other filter. Please read the documentation for more general information about authentication processing filters.

You can define your own entity categories, and assign the attributes allowed for each of them. It accepts the following boolean configuration options:

The rest of the configuration would be category => attributes pairs, where category is the identifier of the entity category, and attributes is an array containing a list of attributes allowed for that category.

For example, to allow all the services in your domain to receive eduPersonPrincipalName as an identifier of the user, tag them all with a custom category, and define the following filter:

Now, all the services with the following fragment in their metadata are guaranteed to receive eduPersonPrincipalName in case they ask for it or they don't ask for any attributes at all:

Please note that if the service asks for other attributes, not including eduPersonPrincipalName, that attribute will not be sent. If the service asks for some attributes but not eduPersonPrincipalName, no attributes will be sent. Also remember that this filter must be used together with core:AttributeLimit or a similar filter. Therefore, after configuring the entitycategories:EntityCategory filter, you should also configure the former:

This will deny all attributes by default, but let the configuration of each service to override that limitation. Notice the indexes used for each filter. Filters are evaluated in order based on their indexes, so the filters defined in this module should have a lower index than the one assigned to core:AttributeLimit.

Now, if you just want to allow certain attributes to be sent to a service of a specific category, but don't want to send them in case the service doesn't ask for them, skip the default configuration option or set it to false:

Now, if a service belonging to the urn:something:local_service category requests the eduPersonPrincipalName attribute in the attributes array on its metadata, it is guaranteed to get it. If it doesn't request it (no matter whether it requests other attributes or not), it won't get it.

The following example will release the attribute bundle defined in Research and Scholarship Entity Category for SP's having the R&S entity category, but also the released set may be extended by additional attributes. For non-matching SP's, the the release rules are controlled by the metadata.

The following example implements the following logic:

  1. Attributes requested in metadata are released to SP's having the urn:x-myfederation:entities and GÉANT Data Protection Code of Conduct entity categories.
  2. The Research & Scholarship entity category attribute bundle is released to R&S SP's, but the list of attributes can be extended, if the SP has additional attribute requirements in metadata.
  3. No attributes are released to any other SP's.

You may want to release some attributes to SP's based on bilateral agreements rather than metadata. There is a modified version of core:AttributeLimit module available that makes it possible to add certain attributes to some listed SP's, as presented in the next example:


All versions of simplesamlphp-module-entitycategories with dependencies

PHP Build Version
Package Version
Requires php Version >=7.4 || ^8.0
simplesamlphp/composer-module-installer Version ~1.3.2
simplesamlphp/simplesamlphp Version ^2.0.0
Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package simplesamlphp/simplesamlphp-module-entitycategories contains the following files

Loading the files please wait ....