ILIAS  release_5-3 Revision v5.3.23-19-g915713cf615
GenerateGroups.php
Go to the documentation of this file.
1<?php
2
9class sspmod_core_Auth_Process_GenerateGroups extends SimpleSAML_Auth_ProcessingFilter {
10
11
15 private $generateGroupsFrom;
16
17
24 public function __construct($config, $reserved) {
25 parent::__construct($config, $reserved);
26
27 assert('is_array($config)');
28
29 if (count($config) === 0) {
30 // Use default groups
31 $this->generateGroupsFrom = array(
32 'eduPersonAffiliation',
33 'eduPersonOrgUnitDN',
34 'eduPersonEntitlement',
35 );
36
37 } else {
38 // Validate configuration
39 foreach ($config as $attributeName) {
40 if (!is_string($attributeName)) {
41 throw new Exception('Invalid attribute name for core:GenerateGroups filter: ' .
42 var_export($attributeName, TRUE));
43 }
44 }
45
46 $this->generateGroupsFrom = $config;
47 }
48 }
49
50
56 public function process(&$request) {
57 assert('is_array($request)');
58 assert('array_key_exists("Attributes", $request)');
59
60 $groups = array();
61 $attributes =& $request['Attributes'];
62
63 $realm = self::getRealm($attributes);
64 if ($realm !== NULL) {
65 $groups[] = 'realm-' . $realm;
66 }
67
68
69 foreach ($this->generateGroupsFrom as $name) {
70 if (!array_key_exists($name, $attributes)) {
71 SimpleSAML\Logger::debug('GenerateGroups - attribute \'' . $name . '\' not found.');
72 /* Attribute not present. */
73 continue;
74 }
75
76 foreach ($attributes[$name] as $value) {
77 $value = self::escapeIllegalChars($value);
78 $groups[] = $name . '-' . $value;
79 if ($realm !== NULL) {
80 $groups[] = $name . '-' . $realm . '-' . $value;
81 }
82 }
83 }
84
85 if (count($groups) > 0) {
86 $attributes['groups'] = $groups;
87 }
88 }
89
90
101 private static function getRealm($attributes) {
102 assert('is_array($attributes)');
103
104 if (!array_key_exists('eduPersonPrincipalName', $attributes)) {
105 return NULL;
106 }
107 $eppn = $attributes['eduPersonPrincipalName'];
108
109 if (count($eppn) < 1) {
110 return NULL;
111 }
112 $eppn = $eppn[0];
113
114 $realm = explode('@', $eppn, 2);
115 if (count($realm) < 2) {
116 return NULL;
117 }
118 $realm = $realm[1];
119
120 return self::escapeIllegalChars($realm);
121 }
122
123
134 private static function escapeIllegalChars($string) {
135 assert('is_string($string)');
136
137 return preg_replace_callback('/([^a-zA-Z0-9_@=.])/',
138 function ($m) { return sprintf("%%%02x", ord($m[1])); },
139 $string);
140 }
141
142}
php
An exception for terminatinating execution or to throw for unit testing.
SimpleSAML\Logger\debug
static debug($string)
Definition: Logger.php:213
SimpleSAML_Auth_ProcessingFilter
Definition: ProcessingFilter.php:21
sspmod_core_Auth_Process_GenerateGroups
Definition: GenerateGroups.php:9
sspmod_core_Auth_Process_GenerateGroups\process
process(&$request)
Apply filter to add groups attribute.
Definition: GenerateGroups.php:56
sspmod_core_Auth_Process_GenerateGroups\$generateGroupsFrom
$generateGroupsFrom
The attributes we should generate groups from.
Definition: GenerateGroups.php:15
sspmod_core_Auth_Process_GenerateGroups\getRealm
static getRealm($attributes)
Determine which realm the user belongs to.
Definition: GenerateGroups.php:101
sspmod_core_Auth_Process_GenerateGroups\__construct
__construct($config, $reserved)
Initialize this filter.
Definition: GenerateGroups.php:24
$name
if($format !==null) $name
Definition: metadata.php:146
$attributes
$attributes
Definition: serviceValidate.php:33