feat(settings): Add gui settings for passthrough parameters

mickenordin · mickenordin · commit 70c7758ccb7f · 2024-11-05T15:22:21.000+01:00
Signed-off-by: Micke Nordin &lt;kano@sunet.se&gt;
diff --git a/lib/Controller/SAMLController.php b/lib/Controller/SAMLController.php
@@ -150,12 +150,16 @@ public function login(int $idp = 1): Http\RedirectResponse {
 		$type = $this->config->getAppValue($this->appName, 'type');
 		switch ($type) {
 			case 'saml':
-				$auth = new Auth($this->samlSettings->getOneLoginSettingsArray($idp));
-				$passthroughParams = $this->config->getSystemValue('user_saml.passthrough_parameters', []);
+				$settings= $this->samlSettings->getOneLoginSettingsArray($idp);
+				$auth = new Auth($settings);
+				$passthroughParamsString = trim($settings['passthroughParameters'] ?? '') ;
+				$passthroughParams = array_map('trim', explode(',', $passthroughParamsString));
+
 				$passthroughValues = [];
 				foreach ($passthroughParams as $passthroughParam) {
 					$value = (string)$this->request->getParam($passthroughParam, '');
 					if ($value !== '') {
+						$this->logger->info('Passthrough parameters: ' . $passthroughParam . ' : ' . $value);
 						$passthroughValues[$passthroughParam] = $value;
 					}
 				}
diff --git a/lib/Controller/SettingsController.php b/lib/Controller/SettingsController.php
@@ -57,6 +57,7 @@ public function getSamlProviderSettings(int $providerId): array {
 			'singleSignOnService.url' => ['required' => false],
 			'entityId' => ['required' => false],
 			'x509cert' => ['required' => false],
+			'passthroughParameters' => ['required' => false],
 		];
 		/* Fetch all config values for the given providerId */
 
diff --git a/lib/SAMLSettings.php b/lib/SAMLSettings.php
@@ -30,6 +30,7 @@ class SAMLSettings {
 		'idp-singleLogoutService.responseUrl',
 		'idp-singleLogoutService.url',
 		'idp-singleSignOnService.url',
+		'passthroughParameters',
 		'idp-x509cert',
 		'security-authnRequestsSigned',
 		'security-general',
@@ -133,6 +134,7 @@ public function getOneLoginSettingsArray(int $idp): array {
 			'strict' => true,
 			'debug' => $this->config->getSystemValue('debug', false),
 			'baseurl' => $this->urlGenerator->linkToRouteAbsolute('user_saml.SAML.base'),
+			'passthroughParameters' => $this->configurations[$idp]['passthroughParameters'] ?? '',
 			'security' => [
 				'nameIdEncrypted' => ($this->configurations[$idp]['security-nameIdEncrypted'] ?? '0') === '1',
 				'authnRequestsSigned' => ($this->configurations[$idp]['security-authnRequestsSigned'] ?? '0') === '1',
diff --git a/templates/admin.php b/templates/admin.php
@@ -153,6 +153,10 @@
 					<label class="user-saml-standalone-label" for="user-saml-x509cert"><?php p($l->t('Public X.509 certificate of the IdP')) ?></label><br/>
 					<textarea id="user-saml-x509cert" name="x509cert"><?php p($_['config']['idp-x509cert'] ?? '') ?></textarea>
 				</p>
+				<p>
+					<label class="user-saml-standalone-label" for="user-saml-passthroughParameters"><?php p($l->t('Request parameters to pass-through to IdP (comma separated list)')) ?></label><br/>
+					<input id="user-saml-passthroughParameters" name="passthroughParameters" value="<?php p($_['config']['passthroughParameters'] ?? '') ?>" type="text" placeholder="idp_hint,extra_parameter"/>
+				</p>
 			</div>
 		</div>
 
