|
1
|
|
|
<?php |
|
2
|
|
|
|
|
3
|
|
|
namespace Kuleuven\AuthenticationBundle\Compiler; |
|
4
|
|
|
|
|
5
|
|
|
use Symfony\Component\DependencyInjection\Compiler\CompilerPassInterface; |
|
6
|
|
|
use Symfony\Component\DependencyInjection\ContainerBuilder; |
|
7
|
|
|
|
|
8
|
|
|
class KuleuvenShibbolethAttributeDefinitionsXmlParserPass implements CompilerPassInterface |
|
9
|
|
|
{ |
|
10
|
|
|
/** |
|
11
|
|
|
* @var string |
|
12
|
|
|
*/ |
|
13
|
|
|
protected $xmlPath; |
|
14
|
|
|
|
|
15
|
|
|
/** |
|
16
|
|
|
* @var array |
|
17
|
|
|
*/ |
|
18
|
|
|
protected $multivalues; |
|
19
|
|
|
|
|
20
|
|
|
/** |
|
21
|
|
|
* @param string $xmlPath |
|
22
|
|
|
*/ |
|
23
|
|
|
public function __construct($xmlPath) |
|
24
|
|
|
{ |
|
25
|
|
|
$this->xmlPath = $xmlPath; |
|
26
|
|
|
|
|
27
|
|
|
// Hard-coded, until there is a way to read this |
|
28
|
|
|
$this->multivalues = [ |
|
29
|
|
|
"eppn" => false, |
|
30
|
|
|
"affiliation" => true, |
|
31
|
|
|
"unscoped-affiliation" => true, |
|
32
|
|
|
"entitlement" => false, |
|
33
|
|
|
"targeted-id" => false, |
|
34
|
|
|
"persistent-id" => false, |
|
35
|
|
|
"primary-affiliation" => false, |
|
36
|
|
|
"nickname" => false, |
|
37
|
|
|
"primary-orgunit-dn" => false, |
|
38
|
|
|
"orgunit-dn" => true, |
|
39
|
|
|
"org-dn" => false, |
|
40
|
|
|
"cn" => false, |
|
41
|
|
|
"sn" => false, |
|
42
|
|
|
"givenName" => false, |
|
43
|
|
|
"mail" => false, |
|
44
|
|
|
"uid" => false, |
|
45
|
|
|
"telephoneNumber" => true, |
|
46
|
|
|
"title" => false, |
|
47
|
|
|
"description" => false, |
|
48
|
|
|
"facsimileTelephoneNumber" => true, |
|
49
|
|
|
"postalAddress" => true, |
|
50
|
|
|
"ou" => true, |
|
51
|
|
|
"roomNumber" => true, |
|
52
|
|
|
"KULluditServer" => false, |
|
53
|
|
|
"KULprimouNumber" => true, |
|
54
|
|
|
"KULouNumber" => true, |
|
55
|
|
|
"KULtap" => false, |
|
56
|
|
|
"KULemployeeType" => true, |
|
57
|
|
|
"KULdipl" => true, |
|
58
|
|
|
"KULopl" => true, |
|
59
|
|
|
"KULstamnr" => false, |
|
60
|
|
|
"KULid" => false, |
|
61
|
|
|
"KULlibisnr" => false, |
|
62
|
|
|
"KULstudentType" => true, |
|
63
|
|
|
"KULcampus" => false, |
|
64
|
|
|
"userAppUserID" => false, |
|
65
|
|
|
"syncoreLogonCode" => false, |
|
66
|
|
|
"KULMoreUnifiedUID" => false, |
|
67
|
|
|
"KULCardApplicationId" => true, |
|
68
|
|
|
"KULCardSN" => true, |
|
69
|
|
|
"KULPreferredMail" => false, |
|
70
|
|
|
"KULMainLocation" => true, |
|
71
|
|
|
"KULAssocUCCtag" => true, |
|
72
|
|
|
"KULOfficialGivenName" => false, |
|
73
|
|
|
"logoutURL" => false, |
|
74
|
|
|
"uidToledo" => false, |
|
75
|
|
|
"aid" => false, |
|
76
|
|
|
]; |
|
77
|
|
|
} |
|
78
|
|
|
|
|
79
|
|
|
public function process(ContainerBuilder $container) |
|
80
|
|
|
{ |
|
81
|
|
|
// Add default Shibboleth definitions |
|
82
|
|
|
// https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPAttributeAccess |
|
83
|
|
|
$attributeDefinitions = [ |
|
84
|
|
|
'Shib-Application-ID' => ['id' => 'Shib-Application-ID', 'names' => [], 'aliases' => [], 'multivalue' => false], |
|
85
|
|
|
'Shib-Session-ID' => ['id' => 'Shib-Session-ID', 'names' => [], 'aliases' => [], 'multivalue' => false], |
|
86
|
|
|
'Shib-Identity-Provider' => ['id' => 'Shib-Identity-Provider', 'names' => [], 'aliases' => [], 'multivalue' => false], |
|
87
|
|
|
'Shib-Authentication-Instant' => ['id' => 'Shib-Authentication-Instant', 'names' => [], 'aliases' => [], 'multivalue' => false], |
|
88
|
|
|
'Shib-Authentication-Method' => ['id' => 'Shib-Authentication-Method', 'names' => [], 'aliases' => [], 'multivalue' => false], |
|
89
|
|
|
'Shib-AuthnContext-Class' => ['id' => 'Shib-AuthnContext-Class', 'names' => [], 'aliases' => [], 'multivalue' => false], |
|
90
|
|
|
'Shib-AuthnContext-Decl' => ['id' => 'Shib-AuthnContext-Decl', 'names' => [], 'aliases' => [], 'multivalue' => false], |
|
91
|
|
|
'Shib-Handler' => ['id' => 'Shib-Handler', 'names' => [], 'aliases' => [], 'multivalue' => false], |
|
92
|
|
|
]; |
|
93
|
|
|
|
|
94
|
|
|
$xml = simplexml_load_file($this->xmlPath); |
|
95
|
|
|
|
|
96
|
|
|
/** @var \SimpleXMLElement $xmlElement */ |
|
97
|
|
|
foreach ($xml->children() as $xmlElement) { |
|
98
|
|
|
$name = (string)$xmlElement['name']; |
|
99
|
|
|
$id = (string)$xmlElement['id']; |
|
100
|
|
|
$aliases = array_filter(explode(' ', (string)$xmlElement['aliases'])); |
|
101
|
|
|
if (!isset($attributeDefinitions[$id])) { |
|
102
|
|
|
$attributeDefinitions[$id] = [ |
|
103
|
|
|
'id' => $id, |
|
104
|
|
|
'names' => [$name], |
|
105
|
|
|
'aliases' => !empty($aliases) ? $aliases : [], |
|
106
|
|
|
'multivalue' => isset($this->multivalues[$id]) ? $this->multivalues[$id] : null, |
|
107
|
|
|
]; |
|
108
|
|
|
} else { |
|
109
|
|
|
$attributeDefinitions[$id]['names'][] = $name; |
|
110
|
|
|
foreach ($aliases as $alias) { |
|
111
|
|
|
if (!in_array($alias, $attributeDefinitions[$id]['aliases'])) { |
|
112
|
|
|
$attributeDefinitions[$id]['aliases'][] = $alias; |
|
113
|
|
|
} |
|
114
|
|
|
} |
|
115
|
|
|
} |
|
116
|
|
|
foreach ($aliases as $alias) { |
|
117
|
|
|
$attributeDefinitions[$alias] =& $attributeDefinitions[$id]; |
|
118
|
|
|
} |
|
119
|
|
|
} |
|
120
|
|
|
|
|
121
|
|
|
$container->setParameter('kuleuven_shibboleth_attribute_definitions', $attributeDefinitions); |
|
122
|
|
|
} |
|
123
|
|
|
} |
|
124
|
|
|
|
MetalArend /
authentication-bundle
