Commit a8ced3afa6b6f93d84e983429d20141d05c1cf5c

Authored by Esmeralda Pires
0 parents
Exists in master

1ª Versão

bin/checkMergedMetadata.php
... ... @@ -0,0 +1,52 @@
  1 +#!/usr/bin/env php
  2 +<?php
  3 +
  4 +define('SIMPLESAMLPATH', dirname(dirname(dirname(dirname(__FILE__)))));
  5 +define('MODULEPATH', (dirname(dirname(__FILE__))));
  6 +ini_set('error_level', E_ALL & E_STRICT);
  7 +ini_set('display_errors', true);
  8 +
  9 +require(MODULEPATH.'/config/config.php');
  10 +
  11 +
  12 +if(!($gen = @file_get_contents(SIMPLESAMLPATH.'/'.$destinationgenerated.'/saml20-sp-merged.php'))) {
  13 + echo("failed to get generated file's contents\n");
  14 + exit(2);
  15 +}
  16 +
  17 +$gen = preg_replace('/<\?php/', '', $gen);
  18 +$gen = preg_replace('/\?>/', '', $gen);
  19 +
  20 +if(($ret = @eval($gen) === false)) {
  21 + echo("parse error in generated code\n");
  22 + exit(2);
  23 +}
  24 +
  25 +function _raise_error($msg) {
  26 + echo($msg."\n");
  27 + exit(3);
  28 +}
  29 +
  30 +if(!isset($metadata))
  31 + _raise_error('metadata variable not set');
  32 +
  33 +if(!is_array($metadata))
  34 + _raise_error('metadata variable is not an array');
  35 +
  36 +if(sizeof($metadata) < 10)
  37 + _raise_error('metadata array holds less than 10 items');
  38 +
  39 +foreach($metadata as $k => $m) {
  40 + if(!is_array($m))
  41 + _raise_error('metadata item '.((string)$k).' is not an array');
  42 + if(empty($m['entityid']) || !is_string($m['entityid']))
  43 + _raise_error('metadata item '.((string)$k).' has empty or non-string \'entityid\' member');
  44 + if(empty($m['authproc']) || !is_array($m['authproc']))
  45 + _raise_error('metadata item '.((string)$k).' has empty or non-array \'authproc\' member');
  46 + if(empty($m['attributes']) || !is_array($m['attributes']))
  47 + _raise_error('metadata item '.((string)$k).' has empty or non-array \'attributes\' member');
  48 +}
  49 +
  50 +exit(0);
  51 +
  52 +?>
... ...
bin/fetchFederationMetadata.php
... ... @@ -0,0 +1,31 @@
  1 +#!/usr/bin/env php
  2 +<?php
  3 +
  4 +define('SCRIPTPATH', (dirname(__FILE__)));
  5 +define('BASEPATH', dirname(dirname(dirname(dirname(__FILE__)))));
  6 +
  7 +require(SCRIPTPATH.'/../config/config.php');
  8 +
  9 +$command = BASEPATH.'/modules/metarefresh/bin/metarefresh.php -o='.$destinationgenerated.' --validate-fingerprint=' . $fingerprint . ' ' . $metadatasource . ' >'.BASEPATH.'/log/'.$logdestination;
  10 +exec($command, $output, $exitCode);
  11 +if ($exitCode != 0) {
  12 + echo($output[0]);
  13 + exit($exitCode);
  14 +}
  15 +
  16 +exec(SCRIPTPATH.'/mergeMetadata.php', $output, $exitCode);
  17 +if ($exitCode != 0) {
  18 + echo($output[0]);
  19 + exit($exitCode);
  20 +}
  21 +
  22 +exec(SCRIPTPATH.'/checkMergedMetadata.php', $output, $exitCode);
  23 +if ($exitCode != 0) {
  24 + echo($output[0]);
  25 + exit($exitCode);
  26 +}
  27 +
  28 +rename(BASEPATH.'/'.$destinationgenerated.'/saml20-sp-merged.php', BASEPATH.'/metadata/'.$destination);
  29 +exit(0);
  30 +
  31 +?>
... ...
bin/mergeMetadata.php
... ... @@ -0,0 +1,93 @@
  1 +#!/usr/bin/env php
  2 +<?php
  3 +
  4 +define('SIMPLESAMLPATH', dirname(dirname(dirname(dirname(__FILE__)))));
  5 +define('MODULEPATH', (dirname(dirname(__FILE__))));
  6 +ini_set('error_level', E_ALL & E_STRICT);
  7 +ini_set('display_errors', true);
  8 +
  9 +/*
  10 + Merge metadata-generated/saml20-sp-remote.php with ../config/saml20-sp-mixin.php
  11 + and drop superfluous fields.
  12 + Templates may be specified by entityID or by category (http://macedir.org/entity-category).
  13 + If specified by entity-category fields in the metadata dominate otherwise the template
  14 + fields overwrite fields in the imported metadata.
  15 + Merged metadata are written to metadata-generated/saml20-sp-merged.php.
  16 + */
  17 +
  18 +require(MODULEPATH.'/config/config.php');
  19 +
  20 +require_once(SIMPLESAMLPATH.'/lib/_autoload.php');
  21 +require(SIMPLESAMLPATH.'/'.$destinationgenerated.'/saml20-sp-remote.php');
  22 +require(MODULEPATH.'/config/saml20-sp-mixin.php');
  23 +
  24 +foreach($template as $url => $mdata) {
  25 + if(!isset($metadata[$url])) {
  26 + passthru("logger -t IDP-METADATA-DIFF 'INFO: template url not found in metadata array: $url'");
  27 + }
  28 +}
  29 +
  30 +if(!($fh = @fopen(SIMPLESAMLPATH.'/'.$destinationgenerated.'/saml20-sp-merged.php', 'w'))) {
  31 + echo("cannot open/create output file\n");
  32 + exit(1);
  33 +}
  34 +@fwrite($fh, "<?php\n");
  35 +
  36 +foreach($metadata as $url => $mdata) {
  37 + foreach($fieldsToStrip as $field) unset($mdata[$field]);
  38 +
  39 +// map "attributes" and "attributes.required" from OIDs to friendly names
  40 + $mapper = new sspmod_core_Auth_Process_AttributeMap(array('oid2name'), NULL);
  41 + foreach(['attributes', 'attributes.required'] as $field) {
  42 + if(isset($mdata[$field])) {
  43 + $tmp = array('Attributes' => array_fill_keys($mdata[$field], 0));
  44 + $mapper->process($tmp);
  45 + $mdata[$field] = array_keys($tmp['Attributes']);
  46 + }
  47 + }
  48 +
  49 + $templateWins = true;
  50 + if(isset($template[$url])) $currentTemplate = $template[$url];
  51 + else $currentTemplate = NULL;
  52 +
  53 + if($currentTemplate == NULL && isset($mdata['EntityAttributes']['http://macedir.org/entity-category'])) {
  54 + foreach($mdata['EntityAttributes']['http://macedir.org/entity-category'] as $category) {
  55 + if(isset($template[$category])) {
  56 + $currentTemplate = $template[$category];
  57 + $templateWins = false;
  58 + }
  59 + }
  60 + }
  61 + if($currentTemplate == NULL) $currentTemplate = $defaultTemplate;
  62 +
  63 + foreach($currentTemplate as $field => $value) {
  64 + if($templateWins || !isset($mdata[$field])) $mdata[$field] = $value;
  65 + }
  66 +
  67 + if(isset($mdata['attributes.allowed'])) {
  68 + $mdata['attributes'] = array_intersect($mdata['attributes'], $mdata['attributes.allowed']);
  69 + unset($mdata['attributes.allowed']);
  70 + }
  71 + if(isset($mdata['attributes.required']) && isset($mdata['attributes.allowed.ifRequired'])) {
  72 + $allowed = array_intersect($mdata['attributes.required'], $mdata['attributes.allowed.ifRequired']);
  73 + $mdata['attributes'] = $mdata['attributes'] + $allowed;
  74 + }
  75 + unset($mdata['attributes.allowed.ifRequired']);
  76 + unset($mdata['attributes.required']);
  77 +
  78 + // output
  79 + if(!@fwrite($fh, "\n\$metadata['$url'] = ".var_export($mdata, true).";\n")) {
  80 + echo("cannot write to output file\n");
  81 + exit(1);
  82 + }
  83 +}
  84 +
  85 +@fwrite($fh, "\n?>");
  86 +if(!@fclose($fh)) {
  87 + echo("cannot close output file\n");
  88 + exit(1);
  89 +}
  90 +
  91 +exit(0);
  92 +
  93 +?>
... ...
config/config.php
... ... @@ -0,0 +1,17 @@
  1 +<?php
  2 +
  3 +
  4 +// IDPs and SPs from eduGAIN, downloaded from RCTSaai infrastrucuture.
  5 +
  6 +/* Metadata signer certificate SHA1 fingerprint obtained using the following command
  7 + # openssl x509 -in rctsaai-metadatasigner.pem -noout -fingerprint -sha1
  8 +*/
  9 +$fingerprint = 'aea789f491a4abdc7202ff18c6900623d3181ac2'; // Obtained via "openssl x509 -figerprint -sha1 -in "
  10 +$metadatasource = 'https://rctsaai-rr.fccn.pt/rr/signedmetadata/federation/UkNUU2FhaQ~~/metadata.xml';
  11 +
  12 +// NOTE: You need to create <simpleSAMLphp path>/metadata/metarefresh-services/metamerge-rctsaai with privileges for
  13 +// the cronjob to create saml20-sp-remote.php inside that directory
  14 +$destination = 'metarefresh-services/metamerge-rctsaai/saml20-sp-remote.php';
  15 +$destinationgenerated = 'metadata-generated-rctsaai';
  16 +$logdestination = 'metadataimport-rctsaai.log';
  17 +?>
... ...
config/saml20-sp-mixin.php
... ... @@ -0,0 +1,613 @@
  1 +<?php
  2 +
  3 +$fieldsToStrip = array('entityDescriptor');
  4 +
  5 +// NB: The examples assume that the authsource delivers attributes using friendly names
  6 +// and that the following global attribute filters are configured:
  7 +// 50 => 'core:AttributeLimit',
  8 +// 90 => array( 'class' => 'consent:Consent', ...),
  9 +// 95 => array('class' => 'core:AttributeMap', 'name2oid'),
  10 +
  11 +
  12 +
  13 +// ---( default Service Provider configuration template )---
  14 +
  15 +$defaultTemplate = array (
  16 + 'attributes' => array(
  17 + 'eduPersonTargetID',
  18 + ),
  19 + 'authproc' => array(
  20 + 3 => array(
  21 + 'class' => 'core:TargetedID',
  22 + 'nameId' => TRUE,
  23 + ),
  24 + 50 => array(
  25 + 'class' => 'core:AttributeLimit',
  26 + ),
  27 + 90 => array(
  28 + 'class' => 'core:AttributeMap',
  29 + 'name2oid'
  30 + ),
  31 + ),
  32 +);
  33 +
  34 +// ---( Service Provider specific configuration templates )---
  35 +$template['https://shibboleth.msacademicverify.com/shibboleth-sp'] = array (
  36 + 'attributes' => array(
  37 + 'eduPersonScopedAffiliation',
  38 + 'eduPersonPrincipalName',
  39 + ),
  40 + 'authproc' => array(
  41 + 3 => array(
  42 + 'class' => 'core:TargetedID',
  43 + 'nameId' => TRUE,
  44 + ),
  45 + 50 => array(
  46 + 'class' => 'core:AttributeLimit',
  47 + ),
  48 + 90 => array(
  49 + 'class' => 'core:AttributeMap',
  50 + 'name2oid'
  51 + ),
  52 + ),
  53 +
  54 +);
  55 +
  56 +$template['https://confluence.fccn.pt'] = array (
  57 + 'attributes' => array(
  58 + 'email',
  59 + 'commonName',
  60 + 'eduPersonPrincipalName',
  61 + 'organizationName',
  62 + 'eduPersonPrimaryAffiliation',
  63 + ),
  64 + 'authproc' => array(
  65 + 3 => array(
  66 + 'class' => 'core:TargetedID',
  67 + 'nameId' => TRUE,
  68 + ),
  69 + 50 => array(
  70 + 'class' => 'core:AttributeLimit',
  71 + ),
  72 + 90 => array(
  73 + 'class' => 'core:AttributeMap',
  74 + 'name2oid'
  75 + ),
  76 + ),
  77 +
  78 +);
  79 +
  80 +
  81 +$template['https://myservices.rcts.pt'] = array (
  82 + 'attributes' => array(
  83 + 'email',
  84 + 'surname',
  85 + 'givenName',
  86 + 'organizationName',
  87 + 'eduPersonPrimaryAffiliation',
  88 + ),
  89 + 'authproc' => array(
  90 + 3 => array(
  91 + 'class' => 'core:TargetedID',
  92 + 'nameId' => TRUE,
  93 + ),
  94 + 50 => array(
  95 + 'class' => 'core:AttributeLimit',
  96 + ),
  97 + 90 => array(
  98 + 'class' => 'core:AttributeMap',
  99 + 'name2oid'
  100 + ),
  101 + ),
  102 +
  103 +);
  104 +
  105 +
  106 +$template['https://webconference.fccn.pt/shibboleth'] = array (
  107 + 'attributes' => array(
  108 + 'email',
  109 + 'displayName',
  110 + 'givenName',
  111 + 'telephoneNumber',
  112 + 'eduPersonPrimaryAffiliation',
  113 + ),
  114 + 'authproc' => array(
  115 + 3 => array(
  116 + 'class' => 'core:TargetedID',
  117 + 'nameId' => TRUE,
  118 + ),
  119 + 50 => array(
  120 + 'class' => 'core:AttributeLimit',
  121 + ),
  122 + 90 => array(
  123 + 'class' => 'core:AttributeMap',
  124 + 'name2oid'
  125 + ),
  126 + ),
  127 +
  128 +);
  129 +
  130 +
  131 +$template['https://webconf-colibri.fccn.pt'] = array (
  132 + 'attributes' => array(
  133 + 'email',
  134 + 'displayName',
  135 + 'givenName',
  136 + 'telephoneNumber',
  137 + 'eduPersonPrimaryAffiliation',
  138 + ),
  139 + 'authproc' => array(
  140 + 3 => array(
  141 + 'class' => 'core:TargetedID',
  142 + 'nameId' => TRUE,
  143 + ),
  144 + 50 => array(
  145 + 'class' => 'core:AttributeLimit',
  146 + ),
  147 + 90 => array(
  148 + 'class' => 'core:AttributeMap',
  149 + 'name2oid'
  150 + ),
  151 + ),
  152 +
  153 +);
  154 +
  155 +
  156 +$template['https://educast.fccn.pt/shibboleth'] = array (
  157 + 'attributes' => array(
  158 + 'email',
  159 + 'surname',
  160 + 'givenName',
  161 + 'organizationName',
  162 + 'eduPersonPrimaryAffiliation',
  163 + ),
  164 + 'authproc' => array(
  165 + 3 => array(
  166 + 'class' => 'core:TargetedID',
  167 + 'nameId' => TRUE,
  168 + ),
  169 + 50 => array(
  170 + 'class' => 'core:AttributeLimit',
  171 + ),
  172 + 90 => array(
  173 + 'class' => 'core:AttributeMap',
  174 + 'name2oid'
  175 + ),
  176 + ),
  177 +);
  178 +
  179 +
  180 +$template['https://educast.fccn.pt'] = array (
  181 + 'attributes' => array(
  182 + 'email',
  183 + 'surname',
  184 + 'givenName',
  185 + 'organizationName',
  186 + 'eduPersonPrimaryAffiliation',
  187 + ),
  188 + 'authproc' => array(
  189 + 3 => array(
  190 + 'class' => 'core:TargetedID',
  191 + 'nameId' => TRUE,
  192 + ),
  193 + 50 => array(
  194 + 'class' => 'core:AttributeLimit',
  195 + ),
  196 + 90 => array(
  197 + 'class' => 'core:AttributeMap',
  198 + 'name2oid'
  199 + ),
  200 + ),
  201 +
  202 +);
  203 +
  204 +
  205 +
  206 +$template['https://recorder.educast.fccn.pt'] = array (
  207 + 'attributes' => array(
  208 + 'email',
  209 + 'surname',
  210 + 'givenName',
  211 + 'organizationName',
  212 + 'eduPersonPrimaryAffiliation',
  213 + ),
  214 + 'authproc' => array(
  215 + 3 => array(
  216 + 'class' => 'core:TargetedID',
  217 + 'nameId' => TRUE,
  218 + ),
  219 + 50 => array(
  220 + 'class' => 'core:AttributeLimit',
  221 + ),
  222 + 90 => array(
  223 + 'class' => 'core:AttributeMap',
  224 + 'name2oid'
  225 + ),
  226 + ),
  227 +
  228 +);
  229 +
  230 +
  231 +
  232 +$template['https://filesender.fccn.pt/simplesaml/module.php/saml/sp/metadata.php/default-sp'] = array (
  233 + 'attributes' => array(
  234 + 'email',
  235 + 'commonName',
  236 + 'eduPersonPrincipalName',
  237 + ),
  238 + 'authproc' => array(
  239 + 3 => array(
  240 + 'class' => 'core:TargetedID',
  241 + 'nameId' => TRUE,
  242 + ),
  243 + 50 => array(
  244 + 'class' => 'core:AttributeLimit',
  245 + ),
  246 + 90 => array(
  247 + 'class' => 'core:AttributeMap',
  248 + 'name2oid'
  249 + ),
  250 + ),
  251 +
  252 +);
  253 +
  254 +$template['https://rctsaai-rr.fccn.pt'] = array (
  255 + 'attributes' => array(
  256 + 'email',
  257 + 'surname',
  258 + 'givenName',
  259 + 'organizationName',
  260 + 'eduPersonTargetedID',
  261 + 'eduPersonPrincipalName',
  262 + ),
  263 + 'authproc' => array(
  264 + 3 => array(
  265 + 'class' => 'core:TargetedID',
  266 + 'nameId' => TRUE,
  267 + ),
  268 + 50 => array(
  269 + 'class' => 'core:AttributeLimit',
  270 + ),
  271 + 90 => array(
  272 + 'class' => 'core:AttributeMap',
  273 + 'name2oid'
  274 + ),
  275 + ),
  276 +
  277 +);
  278 +
  279 +
  280 +
  281 +$template['https://eduroam.pt/simplesaml/module.php/saml/sp/metadata.php/eduroam.pt'] = array (
  282 + 'attributes' => array(
  283 + 'email',
  284 + 'surname',
  285 + 'givenName',
  286 + 'displayName',
  287 + 'eduPersonPrincipalName',
  288 + 'eduPersonPrimaryAffiliation',
  289 + ),
  290 + 'authproc' => array(
  291 + 3 => array(
  292 + 'class' => 'core:TargetedID',
  293 + 'nameId' => TRUE,
  294 + ),
  295 + 50 => array(
  296 + 'class' => 'core:AttributeLimit',
  297 + ),
  298 + 90 => array(
  299 + 'class' => 'core:AttributeMap',
  300 + 'name2oid'
  301 + ),
  302 + ),
  303 +
  304 +);
  305 +
  306 +
  307 +
  308 +$template['videoconf-colibri.zoom.us'] = array (
  309 + 'attributes' => array(
  310 + 'email',
  311 + 'surname',
  312 + 'givenName',
  313 + ),
  314 + 'authproc' => array(
  315 + 3 => array(
  316 + 'class' => 'core:TargetedID',
  317 + 'nameId' => TRUE,
  318 + ),
  319 + 50 => array(
  320 + 'class' => 'core:AttributeLimit',
  321 + ),
  322 + 90 => array(
  323 + 'class' => 'core:AttributeMap',
  324 + 'name2oid'
  325 + ),
  326 + ),
  327 +
  328 +);
  329 +
  330 +
  331 +$template['https://www.authenticus.pt/shibboleth'] = array (
  332 + 'attributes' => array(
  333 + 'email',
  334 + 'surname',
  335 + 'givenName',
  336 + 'displayName',
  337 + 'commonName',
  338 + 'organizationName',
  339 + 'eduPersonPrincipalName',
  340 + ),
  341 + 'authproc' => array(
  342 + 3 => array(
  343 + 'class' => 'core:TargetedID',
  344 + 'nameId' => TRUE,
  345 + ),
  346 + 50 => array(
  347 + 'class' => 'core:AttributeLimit',
  348 + ),
  349 + 90 => array(
  350 + 'class' => 'core:AttributeMap',
  351 + 'name2oid'
  352 + ),
  353 + ),
  354 +
  355 +);
  356 +
  357 +// -------------- SERVICOS B-On ---------------
  358 +
  359 +
  360 +$template['http://shibboleth.ebscohost.com'] = array (
  361 + 'attributes' => array(
  362 + 'eduPersonScopedAffiliation',
  363 + 'eduPersonEntitlement',
  364 + ),
  365 + 'authproc' => array(
  366 + 3 => array(
  367 + 'class' => 'core:TargetedID',
  368 + 'nameId' => TRUE,
  369 + ),
  370 + 50 => array(
  371 + 'class' => 'core:AttributeLimit',
  372 + ),
  373 + 90 => array(
  374 + 'class' => 'core:AttributeMap',
  375 + 'name2oid'
  376 + ),
  377 + ),
  378 +
  379 +
  380 +);
  381 +
  382 +
  383 +
  384 +$template['https://www.annualreviews.org/shibboleth'] = array (
  385 + 'attributes' => array(
  386 + 'eduPersonScopedAffiliation',
  387 + ),
  388 + 'authproc' => array(
  389 + 3 => array(
  390 + 'class' => 'core:TargetedID',
  391 + 'nameId' => TRUE,
  392 + ),
  393 + 50 => array(
  394 + 'class' => 'core:AttributeLimit',
  395 + ),
  396 + 90 => array(
  397 + 'class' => 'core:AttributeMap',
  398 + 'name2oid'
  399 + ),
  400 + ),
  401 +
  402 +);
  403 +
  404 +
  405 +
  406 +$template['https://sp.tshhosting.com/shibboleth'] = array (
  407 + 'attributes' => array(
  408 + 'eduPersonTargetedID',
  409 + 'eduPersonPrincipalName',
  410 + 'eduPersonEntitlement',
  411 + ),
  412 + 'authproc' => array(
  413 + 50 => array(
  414 + 'class' => 'core:AttributeLimit',
  415 + 'eduPersonEntitlement' => array('uurn:mace:dir:entitlement:common-lib-terms')
  416 + ),
  417 + ),
  418 +);
  419 +
  420 +
  421 +
  422 +$template['https://ticket.iop.org/shibboleth'] = array (
  423 + 'attributes' => array(
  424 + 'eduPersonScopedAffiliation',
  425 + ),
  426 + 'authproc' => array(
  427 + 3 => array(
  428 + 'class' => 'core:TargetedID',
  429 + 'nameId' => TRUE,
  430 + ),
  431 + 50 => array(
  432 + 'class' => 'core:AttributeLimit',
  433 + ),
  434 + 90 => array(
  435 + 'class' => 'core:AttributeMap',
  436 + 'name2oid'
  437 + ),
  438 + ),
  439 +
  440 +);
  441 +
  442 +$template['https://ieeexplore.ieee.org/shibboleth-sp'] = array (
  443 + 'attributes' => array(
  444 + 'eduPersonEntitlement',
  445 + ),
  446 + 'authproc' => array(
  447 + 50 => array(
  448 + 'class' => 'core:AttributeLimit',
  449 + 'eduPersonEntitlement' => array('uurn:mace:dir:entitlement:common-lib-terms')
  450 + ),
  451 + ),
  452 +);
  453 +
  454 +
  455 +
  456 +$template['http://shibboleth.metapress.com/shibboleth-sp'] = array (
  457 + 'attributes' => array(
  458 + 'eduPersonScopedAffiliation',
  459 + ),
  460 + 'authproc' => array(
  461 + 3 => array(
  462 + 'class' => 'core:TargetedID',
  463 + 'nameId' => TRUE,
  464 + ),
  465 + 50 => array(
  466 + 'class' => 'core:AttributeLimit',
  467 + ),
  468 + 90 => array(
  469 + 'class' => 'core:AttributeMap',
  470 + 'name2oid'
  471 + ),
  472 + ),
  473 +
  474 +);
  475 +
  476 +
  477 +
  478 +$template['https://shib.rsc.org/shibboleth'] = array (
  479 + 'attributes' => array(
  480 + 'eduPersonScopedAffiliation',
  481 + ),
  482 + 'authproc' => array(
  483 + 3 => array(
  484 + 'class' => 'core:TargetedID',
  485 + 'nameId' => TRUE,
  486 + ),
  487 + 50 => array(
  488 + 'class' => 'core:AttributeLimit',
  489 + ),
  490 + 90 => array(
  491 + 'class' => 'core:AttributeMap',
  492 + 'name2oid'
  493 + ),
  494 + ),
  495 +
  496 +);
  497 +
  498 +
  499 +
  500 +$template['https://shibboleth.cambridge.org/shibboleth-sp'] = array (
  501 + 'attributes' => array(
  502 + 'eduPersonScopedAffiliation',
  503 + ),
  504 + 'authproc' => array(
  505 + 3 => array(
  506 + 'class' => 'core:TargetedID',
  507 + 'nameId' => TRUE,
  508 + ),
  509 + 50 => array(
  510 + 'class' => 'core:AttributeLimit',
  511 + ),
  512 + 90 => array(
  513 + 'class' => 'core:AttributeMap',
  514 + 'name2oid'
  515 + ),
  516 + ),
  517 +
  518 +);
  519 +
  520 +
  521 +
  522 +$template['https://sdauth.sciencedirect.com/'] = array (
  523 + 'attributes' => array(
  524 + 'eduPersonTargetedID',
  525 + 'eduPersonEntitlement',
  526 + ),
  527 + 'authproc' => array(
  528 + 50 => array(
  529 + 'class' => 'core:AttributeLimit',
  530 + 'eduPersonEntitlement' => array('uurn:mace:dir:entitlement:common-lib-terms')
  531 + ),
  532 + ),
  533 +);
  534 +
  535 +$template['https://scauth.scopus.com/'] = array (
  536 + 'attributes' => array(
  537 + 'eduPersonEntitlement',
  538 + ),
  539 + 'authproc' => array(
  540 + 50 => array(
  541 + 'class' => 'core:AttributeLimit',
  542 + 'eduPersonEntitlement' => array('uurn:mace:dir:entitlement:common-lib-terms')
  543 + ),
  544 + ),
  545 +);
  546 +
  547 +
  548 +$template['https://pubs.acs.org/shibboleth'] = array (
  549 + 'attributes' => array(
  550 + 'eduPersonScopedAffiliation',
  551 + ),
  552 + 'authproc' => array(
  553 + 3 => array(
  554 + 'class' => 'core:TargetedID',
  555 + 'nameId' => TRUE,
  556 + ),
  557 + 50 => array(
  558 + 'class' => 'core:AttributeLimit',
  559 + ),
  560 + 90 => array(
  561 + 'class' => 'core:AttributeMap',
  562 + 'name2oid'
  563 + ),
  564 + ),
  565 +
  566 +);
  567 +
  568 +
  569 +$template['https://secure.nature.com/shibboleth'] = array (
  570 + 'attributes' => array(
  571 + 'eduPersonScopedAffiliation',
  572 + ),
  573 + 'authproc' => array(
  574 + 3 => array(
  575 + 'class' => 'core:TargetedID',
  576 + 'nameId' => TRUE,
  577 + ),
  578 + 50 => array(
  579 + 'class' => 'core:AttributeLimit',
  580 + ),
  581 + 90 => array(
  582 + 'class' => 'core:AttributeMap',
  583 + 'name2oid'
  584 + ),
  585 + ),
  586 +);
  587 +
  588 +
  589 +$template['https://secure.palgrave-journals.com/shibboleth'] = array (
  590 + 'attributes' => array(
  591 + 'eduPersonScopedAffiliation',
  592 + ),
  593 + 'authproc' => array(
  594 + 3 => array(
  595 + 'class' => 'core:TargetedID',
  596 + 'nameId' => TRUE,
  597 + ),
  598 + 50 => array(
  599 + 'class' => 'core:AttributeLimit',
  600 + ),
  601 + 90 => array(
  602 + 'class' => 'core:AttributeMap',
  603 + 'name2oid'
  604 + ),
  605 + ),
  606 +
  607 +);
  608 +
  609 +
  610 +
  611 +
  612 +
  613 +?>
... ...
default-disable
docs/MetaMerge.txt
... ... @@ -0,0 +1,23 @@
  1 +MetaMerge
  2 +=========
  3 +
  4 +This module augments SAML20-SP matadata that have been fetched by MetaRefresh. Elements are added either based on entityId or on entity category (http://macedir.org/entity-category). If specified by entity category fields in the metadata dominate otherwise the template fields overwrite fields in the imported metadata.
  5 +
  6 +Superfluous metadata elements can be stripped to save space.
  7 +
  8 +Merged metadata are written to metadata-generated/saml20-sp-merged.php. After a plausibility check they are moved to the destination specified in the configuration.
  9 +
  10 +Configuration files are located in the metamerge/config directory.
  11 +
  12 +config.php specifies the metadata source, its fingerprint and the path of the merged data relative to the metadata directory.
  13 +
  14 +saml20-sp-mixin.php specifies the transformation process:
  15 +
  16 +$fieldsToStrip is an array of element names to remove.
  17 +$defaultTemplate is used for entities that have no match in the template array.
  18 +$template is an array of templates indexed by entityId or category.
  19 +
  20 +'attributes.allowed' restricts the set of attributes that may be released. For use in category templates to avoid unwanted attribute releases.
  21 +'attributes.allowed.ifRequired' lists attributes that may only be released if they are marked as required. For use in category templates to avoid unwanted attribute releases.
  22 +
  23 +Usage: Enable the MetaRefresh module and call metamerge/bin/fetchFederationMetadata.php in a cron job.
0 24 \ No newline at end of file
... ...
enable