'__DEFAULT__', /* X.509 key and certificate. Relative to the cert directory. */ 'privatekey' => 'harid-sso.key', 'certificate' => 'harid-sso.crt', /* * Authentication source to use. Must be one that is configured in * 'config/authsources.php'. */ 'auth' => 'harid-sql', 'sign.logout' => true, // sign logout messages sent from this IdP 'validate.authnrequest' => true, // require signatures on authentication requests sent to this IdP 'validate.logout' => true, // require signatures on logout messages send to this IdP 'redirect.sign' => true, // sign logout requests send from this IdP 'redirect.validate' => true, // validate logout requests sent to this IdP //FIXME: userid.attribute should be eduPersonPrincipalName 'userid.attribute' => 'uid', /* 'attributes' => array( 'eduPersonPrincipalName', 'urn:oid:1.3.6.1.4.1.5923.1.1.1.6', // 'eduPersonPrincipalName' 'eduPersonTargetedID', 'urn:oid:1.3.6.1.4.1.5923.1.1.1.10', // 'eduPersonTargetedID' 'cn', 'urn:oid:2.5.4.3', // 'cn' 'sn', 'urn:oid:2.5.4.4', // 'sn' 'displayName', 'urn:oid:2.16.840.1.113730.3.1.241', // 'displayName' 'mail', 'urn:oid:0.9.2342.19200300.100.1.3', // 'mail' 'eduPersonAffiliation', 'urn:oid:1.3.6.1.4.1.5923.1.1.1.1', // 'eduPersonAffiliation' 'eduPersonEntitlement', 'urn:oid:1.3.6.1.4.1.5923.1.1.1.7', // 'eduPersonEntitlement' 'givenName', 'urn:oid:2.5.4.42', // 'givenName' 'schacHomeOrganization', 'urn:oid:1.3.6.1.4.1.25178.1.2.9', // 'schacHomeOrganization', 'eduPersonScopedAffiliation', 'urn:oid:1.3.6.1.4.1.5923.1.1.1.9', // 'eduPersonScopedAffiliation', 'uid', 'urn:oid:0.9.2342.19200300.100.1.1', // 'uid', vajalik HarID portaali jaoks ), */ 'authproc' => array( /* !!!! IMPORTANT !!! * * 1 -149 General * 150-174 TAAT * 174-199 eduGAIN * 200-250 AttributeLimits * */ /*********************************** | 1-99 BASIC CONFIGURATION | **********************************/ // Adopts language from attribute to use in UI 20 => array( 'class' => 'core:AttributeMap', 'add-oid-name' ), 30 => 'core:LanguageAdaptor', 45 => array( 'class' => 'core:StatisticsWithAttribute', 'attributename' => 'realm', 'type' => 'saml20-idp-SSO', ), 60 => array( 'class' => 'core:TargetedID', 'nameId' => TRUE, ), /* 90 => array( 'class' => 'core:AttributeMap', 'name2oid', ), */ /* Adopts language from attribute to use in UI If language is set in Consent module it will be added as an attribute.*/ 99 => 'core:LanguageAdaptor', /* * Consent module is enabled (with no permanent storage, using cookies). 100 => array( 'class' => 'consent:Consent', 'store' => 'consent:Cookie', 'focus' => 'yes', 'checked' => TRUE ), */ /* Turn lowercase attributes to camelcase*/ 147 => array( 'class' => 'core:AttributeMap', 'name2camelcase' ), 148 => array( /* Log uid, ePPN and affiliations for auditing */ 'class' => 'core:PHP', 'code' => ' $uid = array_key_exists("uid", $attributes) ? implode(", ", $attributes["uid"]) : ""; $eppn = array_key_exists("eduPersonPrincipalName", $attributes) ? implode(", ", $attributes["eduPersonPrincipalName"]) : ""; $affiliations = array_key_exists("eduPersonAffiliation", $attributes) ? implode(", ", $attributes["eduPersonAffiliation"]) : "()"; SimpleSAML_Logger::notice("HARID-SSO-INFO: Logged-in. Primary attributes: uid=\'$uid\', ePPN=\'$eppn\', affiliations=\'$affiliations\'"); ' ), /************************************* | 150-174 TAAT CONFIGURATION | **********************************'**/ /********************************* | 175-199 eduGAIN CONFIGURATION | *********************************/ //TODO: 'eduPersonUniqueId' and 'schacHomeOrganizationType', are not in oid2name list and therefore cannot be used. //TODO: Add eduPersonUniqueId to attribute map file and ensure that it's in right format. /* 175 => array( 'class' => 'core:AttributeCopy', 'eduPersonUniqueId' => 'eduPersonTargetedID', ), */ /***************************************** | 200-250 AttributeLimits CONFIGURATION | *****************************************/ /* Last step is to filter out attributes */ /* Add OID formatted attributes */ 201 => array( // FIXME: Can't send out Basic names with NameFormat=URI // 'class' => 'core:AttributeMap', 'add-oid-name' 'class' => 'core:AttributeMap', 'name2oid' ), 202 => 'core:AttributeLimit', /* 203 => array( 'class' => 'core:AttributeLimit', 'default' => TRUE, 'urn:oid:1.3.6.1.4.1.5923.1.1.1.6', // 'eduPersonPrincipalName' 'urn:oid:1.3.6.1.4.1.5923.1.1.1.10', // 'eduPersonTargetedID' 'urn:oid:2.5.4.3', // 'cn' 'urn:oid:2.5.4.4', // 'sn' 'urn:oid:2.16.840.1.113730.3.1.241', // 'displayName' 'urn:oid:0.9.2342.19200300.100.1.3', // 'mail' 'urn:oid:1.3.6.1.4.1.5923.1.1.1.1', // 'eduPersonAffiliation' 'urn:oid:1.3.6.1.4.1.5923.1.1.1.7', // 'eduPersonEntitlement' 'urn:oid:2.5.4.42', // 'givenName' 'urn:oid:1.3.6.1.4.1.25178.1.2.9', // 'schacHomeOrganization', 'urn:oid:1.3.6.1.4.1.5923.1.1.1.9', // 'eduPersonScopedAffiliation', 'urn:oid:0.9.2342.19200300.100.1.1', // 'uid', vajalik HarID portaali jaoks ), */ ), 'AttributeNameFormat' => 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri', 'attributeencodings' => array( 'urn:oid:1.3.6.1.4.1.5923.1.1.1.10' => 'raw', /* eduPersonTargetedID with oid NameFormat. */ ), );