saml20-sp-mixin.php 3.3 KB
<?php

$fieldsToStrip = array('entityDescriptor');

// NB: The examples assume that the authsource delivers attributes using friendly names
// and that the following global attribute filters are configured:
// 		50 => 'core:AttributeLimit', 
// 		90 => array( 'class' => 'consent:Consent', ...),
// 		95 => array('class' => 'core:AttributeMap', 'name2oid'),



// ---( default Service Provider configuration template )---

$defaultTemplate = array (
  'AttributeNameFormat' => 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri',

  /*
   * NameID format to use (default is transient)
   */
  'NameIDFormat' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent',

  'attributes' => array(
  	'eduPersonPrincipalName',
  	'schacHomeOrganization',
  	'eduPersonScopedAffiliation',
  	'mail',
  ),
  'attributes.allowed.ifrequired' => array(
	'displayName',
	'givenName',
	'sn',
	'o',
	'ou',
	'eduPersonPrimaryAffiliation',
	'eduPersonPrincipalName',
	'eduPersonScopedAffiliation',
	'eduPersonTargetedID',
	'schacHomeOrganization',
	'cn',
	'mail'
  ),
  'authproc' => array(
	3 => array(
		'class' => 'core:TargetedID',
		'nameId' => TRUE,
	),
	50 => array(
		'class' => 'core:AttributeLimit',
 	),
	90 => array(
		'class' => 'core:AttributeMap',
		'name2oid'
	),
  ),
);

// ---( Attribute release configuration template for services that comply with service categories/profiles )---

/*
 * REFEDS Research and Scholarship service category
 */
$template['http://refeds.org/category/research-and-scholarship'] = array (
  'AttributeNameFormat' => 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri',

  /*
   * NameID format to use (default is transient)
   */
  'NameIDFormat' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent',

   // following attributes are default values
  'attributes' => array(
  	'mail',
  	'displayName',
  	'eduPersonPrincipalName',
  	'eduPersonScopedAffiliation',
  	'eduPersonTargetedID'
  ),
  'attributes.allowed.ifrequired' => array(
	'mail',
	'displayName',
	'givenName',
	'cn',
	'sn',
	'o',
	'ou',
	'eduPersonPrincipalName',
	'eduPersonTargetedID',
	'eduPersonPrimaryAffiliation',
	'eduPersonScopedAffiliation',
	'schacHomeOrganization',
  ),
  'authproc' => array(
	3 => array(
		'class' => 'core:TargetedID',
		'nameId' => TRUE,
	),
	50 => array(
		'class' => 'core:AttributeLimit',
  	),
	90 => array(
		'class' => 'core:AttributeMap',
		'name2oid'
	),
  ),
);

/*
 * GÉANT Data Protection Code of Conduct service category
 */
$template['http://www.geant.net/uri/dataprotection-code-of-conduct/v1'] = array (
  'AttributeNameFormat' => 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri',

  /*
   * NameID format to use (default is transient)
   */
  'NameIDFormat' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent',

  'attributes' => array(
  	'mail',
  	'eduPersonPrincipalName',
  	'schacHomeOrganization',
  	'eduPersonScopedAffiliation',
  ),
  'attributes.allowed.ifrequired' => array(
	'mail',
	'displayName',
	'givenName',
	'cn',
	'sn',
	'o',
	'ou',
	'eduPersonPrincipalName',
	'eduPersonTargetedID',
	'eduPersonPrimaryAffiliation',
	'eduPersonScopedAffiliation',
	'schacHomeOrganization',
  ),
  'authproc' => array(
	3 => array(
		'class' => 'core:TargetedID',
		'nameId' => TRUE,
	),
	50 => array(
		'class' => 'core:AttributeLimit',
  	),
	90 => array(
		'class' => 'core:AttributeMap',
		'name2oid'
	),
  ),
);

?>