conf
ActivePublic
Actions

Authored by • svhu on Jun 25 2018, 4:34 PM.

Tags

None

Subscribers

None

	<?php
	/**
	* SAML 2.0 IdP configuration for simpleSAMLphp.
	*
	* See: https://simplesamlphp.org/docs/stable/simplesamlphp-reference-idp-hosted
	*/
	$metadata['__DYNAMIC:1__'] = array(
	/*
	* The hostname of the server (VHOST) that will use this SAML entity.
	*
	* Can be '__DEFAULT__', to use this entry by default.
	*/
	'host' => '__DEFAULT__',

	/* X.509 key and certificate. Relative to the cert directory. */
	'privatekey' => 'harid-sso.key',
	'certificate' => 'harid-sso.crt',

	/*
	* Authentication source to use. Must be one that is configured in
	* 'config/authsources.php'.
	*/
	'auth' => 'harid-sql',

	'sign.logout' => true, // sign logout messages sent from this IdP
	'validate.authnrequest' => true, // require signatures on authentication requests sent to this IdP
	'validate.logout' => true, // require signatures on logout messages send to this IdP
	'redirect.sign' => true, // sign logout requests send from this IdP
	'redirect.validate' => true, // validate logout requests sent to this IdP

	//FIXME: userid.attribute should be eduPersonPrincipalName
	'userid.attribute' => 'uid',

	/*
	'attributes' => array(
	'eduPersonPrincipalName',
	'urn:oid:1.3.6.1.4.1.5923.1.1.1.6', // 'eduPersonPrincipalName'
	'eduPersonTargetedID',
	'urn:oid:1.3.6.1.4.1.5923.1.1.1.10', // 'eduPersonTargetedID'
	'cn',
	'urn:oid:2.5.4.3', // 'cn'
	'sn',
	'urn:oid:2.5.4.4', // 'sn'
	'displayName',
	'urn:oid:2.16.840.1.113730.3.1.241', // 'displayName'
	'mail',
	'urn:oid:0.9.2342.19200300.100.1.3', // 'mail'
	'eduPersonAffiliation',
	'urn:oid:1.3.6.1.4.1.5923.1.1.1.1', // 'eduPersonAffiliation'
	'eduPersonEntitlement',
	'urn:oid:1.3.6.1.4.1.5923.1.1.1.7', // 'eduPersonEntitlement'
	'givenName',
	'urn:oid:2.5.4.42', // 'givenName'
	'schacHomeOrganization',
	'urn:oid:1.3.6.1.4.1.25178.1.2.9', // 'schacHomeOrganization',
	'eduPersonScopedAffiliation',
	'urn:oid:1.3.6.1.4.1.5923.1.1.1.9', // 'eduPersonScopedAffiliation',
	'uid',
	'urn:oid:0.9.2342.19200300.100.1.1', // 'uid', vajalik HarID portaali jaoks
	),
	*/

	'authproc' => array(

	/* !!!! IMPORTANT !!!
	*
	* 1 -149 General
	* 150-174 TAAT
	* 174-199 eduGAIN
	* 200-250 AttributeLimits
	*
	*/

	/***********************************
	\| 1-99 BASIC CONFIGURATION \|
	**********************************/

	// Adopts language from attribute to use in UI
	20 => array(
	'class' => 'core:AttributeMap',
	'add-oid-name'
	),
	30 => 'core:LanguageAdaptor',

	45 => array(
	'class' => 'core:StatisticsWithAttribute',
	'attributename' => 'realm',
	'type' => 'saml20-idp-SSO',
	),

	60 => array(
	'class' => 'core:TargetedID',
	'nameId' => TRUE,
	),

	/*
	90 => array(
	'class' => 'core:AttributeMap',
	'name2oid',
	),
	*/

	/* Adopts language from attribute to use in UI
	If language is set in Consent module it will be added as an attribute.*/
	99 => 'core:LanguageAdaptor',

	/*
	* Consent module is enabled (with no permanent storage, using cookies).

	100 => array(
	'class' => 'consent:Consent',
	'store' => 'consent:Cookie',
	'focus' => 'yes',
	'checked' => TRUE
	),
	*/

	/* Turn lowercase attributes to camelcase*/
	147 => array(
	'class' => 'core:AttributeMap', 'name2camelcase'
	),

	148 => array( /* Log uid, ePPN and affiliations for auditing */
	'class' => 'core:PHP',
	'code' => '
	$uid = array_key_exists("uid", $attributes) ? implode(", ", $attributes["uid"]) : "";
	$eppn = array_key_exists("eduPersonPrincipalName", $attributes) ? implode(", ", $attributes["eduPersonPrincipalName"]) : "";
	$affiliations = array_key_exists("eduPersonAffiliation", $attributes) ? implode(", ", $attributes["eduPersonAffiliation"]) : "()";
	SimpleSAML_Logger::notice("HARID-SSO-INFO: Logged-in. Primary attributes: uid=\'$uid\', ePPN=\'$eppn\', affiliations=\'$affiliations\'");
	'
	),


	/*************************************
	\| 150-174 TAAT CONFIGURATION \|
	********************************'/


	/*********************************
	\| 175-199 eduGAIN CONFIGURATION \|
	*********************************/

	//TODO: 'eduPersonUniqueId' and 'schacHomeOrganizationType', are not in oid2name list and therefore cannot be used.
	//TODO: Add eduPersonUniqueId to attribute map file and ensure that it's in right format.
	/*
	175 => array(
	'class' => 'core:AttributeCopy',
	'eduPersonUniqueId' => 'eduPersonTargetedID',
	),
	*/

	/*****************************************
	\| 200-250 AttributeLimits CONFIGURATION \|
	*****************************************/

	/* Last step is to filter out attributes */


	/* Add OID formatted attributes */

	201 => array(
	// FIXME: Can't send out Basic names with NameFormat=URI
	// 'class' => 'core:AttributeMap', 'add-oid-name'
	'class' => 'core:AttributeMap', 'name2oid'
	),

	202 => 'core:AttributeLimit',

	/*
	203 => array(
	'class' => 'core:AttributeLimit',
	'default' => TRUE,
	'urn:oid:1.3.6.1.4.1.5923.1.1.1.6', // 'eduPersonPrincipalName'
	'urn:oid:1.3.6.1.4.1.5923.1.1.1.10', // 'eduPersonTargetedID'
	'urn:oid:2.5.4.3', // 'cn'
	'urn:oid:2.5.4.4', // 'sn'
	'urn:oid:2.16.840.1.113730.3.1.241', // 'displayName'
	'urn:oid:0.9.2342.19200300.100.1.3', // 'mail'
	'urn:oid:1.3.6.1.4.1.5923.1.1.1.1', // 'eduPersonAffiliation'
	'urn:oid:1.3.6.1.4.1.5923.1.1.1.7', // 'eduPersonEntitlement'
	'urn:oid:2.5.4.42', // 'givenName'
	'urn:oid:1.3.6.1.4.1.25178.1.2.9', // 'schacHomeOrganization',
	'urn:oid:1.3.6.1.4.1.5923.1.1.1.9', // 'eduPersonScopedAffiliation',
	'urn:oid:0.9.2342.19200300.100.1.1', // 'uid', vajalik HarID portaali jaoks
	),
	*/

	),
	'AttributeNameFormat' => 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri',
	'attributeencodings' => array(
	'urn:oid:1.3.6.1.4.1.5923.1.1.1.10' => 'raw', /* eduPersonTargetedID with oid NameFormat. */
	),
	);

Event Timeline

• svhu created this paste.Jun 25 2018, 4:34 PM

• svhu created this object with visibility "Public (No Login Required)".

confActivePublicActions

Event Timeline

conf
ActivePublic
Actions