ILIAS  release_5-4 Revision v5.4.26-12-gabc799a52e6
GenerateGroups.php
Go to the documentation of this file.
1 <?php
2 
9 class sspmod_core_Auth_Process_GenerateGroups extends SimpleSAML_Auth_ProcessingFilter {
10 
11 
15  private $generateGroupsFrom;
16 
17 
24  public function __construct($config, $reserved) {
25  parent::__construct($config, $reserved);
26 
27  assert(is_array($config));
28 
29  if (count($config) === 0) {
30  // Use default groups
31  $this->generateGroupsFrom = array(
32  'eduPersonAffiliation',
33  'eduPersonOrgUnitDN',
34  'eduPersonEntitlement',
35  );
36 
37  } else {
38  // Validate configuration
39  foreach ($config as $attributeName) {
40  if (!is_string($attributeName)) {
41  throw new Exception('Invalid attribute name for core:GenerateGroups filter: ' .
42  var_export($attributeName, TRUE));
43  }
44  }
45 
46  $this->generateGroupsFrom = $config;
47  }
48  }
49 
50 
56  public function process(&$request) {
57  assert(is_array($request));
58  assert(array_key_exists('Attributes', $request));
59 
60  $groups = array();
61  $attributes =& $request['Attributes'];
62 
63  $realm = self::getRealm($attributes);
64  if ($realm !== NULL) {
65  $groups[] = 'realm-' . $realm;
66  }
67 
68 
69  foreach ($this->generateGroupsFrom as $name) {
70  if (!array_key_exists($name, $attributes)) {
71  SimpleSAML\Logger::debug('GenerateGroups - attribute \'' . $name . '\' not found.');
72  /* Attribute not present. */
73  continue;
74  }
75 
76  foreach ($attributes[$name] as $value) {
77  $value = self::escapeIllegalChars($value);
78  $groups[] = $name . '-' . $value;
79  if ($realm !== NULL) {
80  $groups[] = $name . '-' . $realm . '-' . $value;
81  }
82  }
83  }
84 
85  if (count($groups) > 0) {
86  $attributes['groups'] = $groups;
87  }
88  }
89 
90 
101  private static function getRealm($attributes) {
102  assert(is_array($attributes));
103 
104  if (!array_key_exists('eduPersonPrincipalName', $attributes)) {
105  return NULL;
106  }
107  $eppn = $attributes['eduPersonPrincipalName'];
108 
109  if (count($eppn) < 1) {
110  return NULL;
111  }
112  $eppn = $eppn[0];
113 
114  $realm = explode('@', $eppn, 2);
115  if (count($realm) < 2) {
116  return NULL;
117  }
118  $realm = $realm[1];
119 
120  return self::escapeIllegalChars($realm);
121  }
122 
123 
134  private static function escapeIllegalChars($string) {
135  assert(is_string($string));
136 
137  return preg_replace_callback('/([^a-zA-Z0-9_@=.])/',
138  function ($m) { return sprintf("%%%02x", ord($m[1])); },
139  $string);
140  }
141 
142 }
$config
$config
Definition: bootstrap.php:15
$request
foreach($paths as $path) $request
Definition: asyncclient.php:32
sspmod_core_Auth_Process_GenerateGroups\$generateGroupsFrom
$generateGroupsFrom
The attributes we should generate groups from.
Definition: GenerateGroups.php:15
SimpleSAML\Logger\debug
static debug($string)
Definition: Logger.php:211
sspmod_core_Auth_Process_GenerateGroups
Definition: GenerateGroups.php:9
$attributes
if(array_key_exists('yes', $_REQUEST)) $attributes
Definition: getconsent.php:85
sspmod_core_Auth_Process_GenerateGroups\__construct
__construct($config, $reserved)
Initialize this filter.
Definition: GenerateGroups.php:24
$name
$name
Definition: client_example.php:35
SimpleSAML_Auth_ProcessingFilter
Definition: ProcessingFilter.php:21
sspmod_core_Auth_Process_GenerateGroups\process
process(&$request)
Apply filter to add groups attribute.
Definition: GenerateGroups.php:56