feat: Added possibility to add a service name on WAYF

Author: BaranekD

config-templates/module_perun.php

@@ -261,6 +261,9 @@
                 'entityIds' => [],
             ],
         ],
+        'display_sp_name' => false,
+        // interface needed just in case of display_sp_name => true
+        'interface' => 'rpc',
     ],
 
     'warning_test_sp_config' => [

dictionaries/disco.definition.json

@@ -1,7 +1,11 @@
 {
   "header": {
     "en": "Choose how to log in",
-    "cs": "Vyberte čím se chcete přihlásit"
+    "cs": "Vyberte, čím se chcete přihlásit"
+  },
+  "header_display_service": {
+    "en": "to the service",
+    "cs": "ke službě"
   },
   "institutional_account": {
     "en": "your institutional account",

lib/Adapter.php

@@ -131,6 +131,12 @@ abstract public function getFacilityAttribute($facility, $attrName);
      */
     abstract public function getFacilityByEntityId($spEntityId);
 
+    /**
+     * @param string $clientId
+     * @return Facility facility
+     */
+    abstract public function getFacilityByClientId($clientId);
+
     /**
      * @param string $spEntityId entity id of the sp
      * @param int $userId

lib/AdapterLdap.php

@@ -307,6 +307,29 @@ public function getFacilityByEntityId($spEntityId)
         return $facility;
     }
 
+    public function getFacilityByClientId($clientId)
+    {
+        $ldapResult = $this->connector->searchForEntity(
+            $this->ldapBase,
+            '(&(objectClass=perunFacility)(OIDCClientID=' . $clientId . '))',
+            [self::PERUN_FACILITY_ID, self::CN, self::DESCRIPTION]
+        );
+
+        if (empty($ldapResult)) {
+            Logger::warning('perun:AdapterLdap: No facility with clientId \'' . $clientId . '\' found.');
+            return null;
+        }
+
+        $facility = new Facility(
+            $ldapResult[self::PERUN_FACILITY_ID][0],
+            $ldapResult[self::CN][0],
+            $ldapResult[self::DESCRIPTION][0],
+            $clientId
+        );
+
+        return $facility;
+    }
+
     public function getEntitylessAttribute($attrName)
     {
         return $this->fallbackAdapter->getEntitylessAttribute($attrName);

lib/AdapterRpc.php

@@ -390,6 +390,26 @@ public function getFacilityByEntityId($spEntityId)
         return new Facility($perunAttr[0]['id'], $perunAttr[0]['name'], $perunAttr[0]['description'], $spEntityId);
     }
 
+    public function getFacilityByClientId($clientId)
+    {
+        $perunAttr = $this->connector->get('facilitiesManager', 'getFacilitiesByAttribute', [
+            'attributeName' => 'urn:perun:facility:attribute-def:def:OIDCClientID',
+            'attributeValue' => $clientId,
+        ]);
+
+        if (empty($perunAttr)) {
+            Logger::warning('perun:AdapterRpc: No facility with clientId \'' . $clientId . '\' found.');
+            return null;
+        }
+
+        if (count($perunAttr) > 1) {
+            Logger::warning('perun:AdapterRpc: There is more than one facility with clientId \'' . $clientId . '.');
+            return null;
+        }
+
+        return new Facility($perunAttr[0]['id'], $perunAttr[0]['name'], $perunAttr[0]['description'], $clientId);
+    }
+
     /**
      * Returns member by User and Vo
      *

lib/Disco.php

@@ -7,6 +7,7 @@
 use SimpleSAML\Auth\State;
 use SimpleSAML\Configuration;
 use SimpleSAML\Error\Exception;
+use SimpleSAML\Locale\Translate;
 use SimpleSAML\Logger;
 use SimpleSAML\Module;
 use SimpleSAML\Module\discopower\PowerIdPDisco;
@@ -42,6 +43,8 @@ class Disco extends PowerIdPDisco
 
     public const DISABLE_WHITELISTING = 'disable_whitelisting';
 
+    public const DISPLAY_SP_NAME = 'display_sp_name';
+
     # CONFIGURATION ENTRIES IDP BLOCKS
     public const IDP_BLOCKS = 'idp_blocks_config';
 
@@ -121,6 +124,18 @@ class Disco extends PowerIdPDisco
 
     public const SAML_SP_SSO = 'saml:sp:sso';
 
+    public const NAME = 'name';
+
+    # DISPLAY SERVICE NAME KEYS
+
+    public const CLIENT_ID_PREFIX = 'urn:cesnet:proxyidp:Client_id:';
+
+    public const INTERFACE = 'interface';
+
+    public const RPC = 'rpc';
+
+    public const SERVICE_NAME_ATTR = 'urn:perun:facility:attribute-def:def:serviceName';
+
     private $originalsp;
 
     private array $originalAuthnContextClassRef = [];
@@ -129,6 +144,12 @@ class Disco extends PowerIdPDisco
 
     private $perunModuleConfiguration;
 
+    private $displaySpName;
+
+    private $spName;
+
+    private $adapter;
+
     private $proxyIdpEntityId;
 
     public function __construct(array $metadataSets, $instance)
@@ -156,12 +177,19 @@ public function __construct(array $metadataSets, $instance)
             if ($state !== null) {
                 if (isset($state[self::SAML_REQUESTED_AUTHN_CONTEXT][self::AUTHN_CONTEXT_CLASS_REF])) {
                     $this->originalAuthnContextClassRef = $state[self::SAML_REQUESTED_AUTHN_CONTEXT][self::AUTHN_CONTEXT_CLASS_REF];
+
                     $this->removeAuthContextClassRefWithPrefixes($state);
                     if (isset($state['IdPMetadata']['entityid'])) {
                         $this->proxyIdpEntityId = $state['IdPMetadata']['entityid'];
                     }
                     State::saveState($state, self::SAML_SP_SSO);
                 }
+
+                $this->displaySpName = $this->wayfConfiguration->getBoolean(self::DISPLAY_SP_NAME, false);
+                if ($this->displaySpName) {
+                    $this->fillSpName($state);
+                }
+
                 $e = explode('=', $returnURL)[0];
                 $newReturnURL = $e . '=' . urlencode($id);
                 $_GET[self::RETURN] = $newReturnURL;
@@ -248,6 +276,8 @@ public function handleRequest()
         $t->data[self::AUTHN_CONTEXT_CLASS_REF] = $this->originalAuthnContextClassRef;
         $t->data[self::WARNING_ATTRIBUTES] = $warningAttributes;
         $t->data[self::WAYF] = $this->wayfConfiguration;
+        $t->data[self::NAME] = $this->spName;
+        $t->data[self::DISPLAY_SP_NAME] = $this->displaySpName;
         $t->show();
     }
 
@@ -844,4 +874,43 @@ private static function constructSearchData($idpMetadata): string
 
         return strtolower(str_replace('"', '', iconv('UTF-8', 'US-ASCII//TRANSLIT', $res)));
     }
+
+    private static function substrInArray($needle, array $haystack)
+    {
+        foreach ($haystack as $item) {
+            if (strpos($item, $needle) !== false) {
+                return $item;
+            }
+        }
+
+        return null;
+    }
+
+    private function fillSpName($state)
+    {
+        $translate = new Translate(Configuration::getInstance());
+
+        $clientIdWithPrefix = self::substrInArray(self::CLIENT_ID_PREFIX, $this->originalAuthnContextClassRef);
+
+        if ($clientIdWithPrefix !== null) {
+            $parts = explode(':', $clientIdWithPrefix);
+            $clientId = end($parts);
+
+            $this->adapter = Adapter::getInstance($this->wayfConfiguration->getString(self::INTERFACE, self::RPC));
+
+            $facility = $this->adapter->getFacilityByClientId($clientId);
+
+            if ($facility !== null) {
+                $spNameMap = $this->adapter->getFacilityAttribute($facility, self::SERVICE_NAME_ATTR);
+            }
+
+            if (! empty($spNameMap)) {
+                $this->spName = $translate->getPreferredTranslation($spNameMap);
+            }
+        } else {
+            if (! empty($state[self::STATE_SP_METADATA][self::NAME])) {
+                $this->spName = $translate->getPreferredTranslation($state[self::STATE_SP_METADATA][self::NAME]);
+            }
+        }
+    }
 }

themes/perun/perun/disco-tpl.php

@@ -29,6 +29,8 @@
     Module::getModuleUrl('perun/res/css/disco.css') . '" />';
 
 $wayfConfig = $this->data[Disco::WAYF];
+$displaySpName = $this->data[Disco::DISPLAY_SP_NAME];
+$spName = $this->data[Disco::NAME];
 
 $translateModule = $wayfConfig->getString(Disco::TRANSLATE_MODULE, 'disco');
 $addInstitutionConfig = $wayfConfig->getConfigItem(Disco::ADD_INSTITUTION, null);
@@ -55,6 +57,10 @@
     $this->data['header'] = $this->t('{perun:disco:add_institution}');
 } else {
     $this->data['header'] = $this->t('{perun:disco:header}');
+
+    if ($displaySpName && ! empty($spName)) {
+        $this->data['header'] .= ' ' . $this->t('{perun:disco:header_display_service}') . ' ' . $spName;
+    }
 }
 
 $this->includeAtTemplateBase('includes/header.php');