Skip to content
This repository was archived by the owner on Sep 19, 2022. It is now read-only.

Commit 1c70c77

Browse files
tauceti2tauceti2
committed
Added optional attribute groupNamePrefix.
It allows to set prefix and follow recommendations of AARC for group membership expression.
1 parent 658d95d commit 1c70c77

File tree

1 file changed

+20
-5
lines changed

1 file changed

+20
-5
lines changed

lib/Auth/Process/PerunGroups.php

Lines changed: 20 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -3,16 +3,21 @@
33
/**
44
* Class sspmod_perun_Auth_Process_PerunGroups
55
*
6-
* This filter extracts group names from cached groups from PerunIdentity filter and save them into attribute.
7-
* It means it strongly relays on it.
8-
* It also translates (renames) given name of group based on associative array 'groupMapping' in SP metadata.
6+
* This filter extracts group names from cached groups from PerunIdentity filter and save them into attribute defined by attrName.
7+
* By default attribute value will be filled with the groupNamePrefix + groupName.
8+
*
9+
* It is also capable of translation of (renames) group names using 'groupMapping' attribute in SP metadata.
910
*
1011
* @author Ondrej Velisek <[email protected]>
12+
* @author Michal Prochazka <[email protected]>
1113
*/
1214
class sspmod_perun_Auth_Process_PerunGroups extends SimpleSAML_Auth_ProcessingFilter
1315
{
1416

17+
const GROUPNAMEPREFIX_ATTR = 'groupNamePrefix';
18+
1519
private $attrName;
20+
private $groupNamePrefix;
1621

1722
public function __construct($config, $reserved)
1823
{
@@ -24,6 +29,13 @@ public function __construct($config, $reserved)
2429
throw new SimpleSAML_Error_Exception("perun:PerunGroups: missing mandatory configuration option 'attrName'.");
2530
}
2631
$this->attrName = (string) $config['attrName'];
32+
33+
if (!isset($config[self::GROUPNAMEPREFIX_ATTR])) {
34+
SimpleSAML_Logger::warning("perun:PerunGroups: optional attribute '". self::GROUPNAMEPREFIX_ATTR . "' is missing, assuming empty prefix");
35+
$this->groupNamePrefix = '';
36+
} else {
37+
$this->groupNamePrefix = (string) $config[self::GROUPNAMEPREFIX_ATTR];
38+
}
2739
}
2840

2941

@@ -58,10 +70,13 @@ protected function mapGroupName($request, $groupName) {
5870
if (isset($request["SPMetadata"]["groupMapping"]) && isset($request["SPMetadata"]["groupMapping"][$groupName])) {
5971
SimpleSAML_Logger::debug("Mapping $groupName to " . $request["SPMetadata"]["groupMapping"][$groupName] . " for SP " . $request["SPMetadata"]["entityid"]);
6072
return $request["SPMetadata"]["groupMapping"][$groupName];
73+
} else if (isset($request["SPMetadata"][self::GROUPNAMEPREFIX_ATTR])) {
74+
SimpleSAML_Logger::debug("GroupNamePrefix overridden by a SP " . $request["SPMetadata"]["entityid"] . " to " . $request["SPMetadata"][self::GROUPNAMEPREFIX_ATTR]);
75+
return $request["SPMetadata"][self::GROUPNAMEPREFIX_ATTR] . $groupName;
6176
} else {
62-
# No mapping defined
77+
# No mapping defined, so just put groupNamePrefix in front of the group
6378
SimpleSAML_Logger::debug("No mapping found for group $groupName for SP " . $request["SPMetadata"]["entityid"]);
64-
return $groupName;
79+
return $this->groupNamePrefix . $groupName;
6580
}
6681
}
6782

0 commit comments

Comments
 (0)