OID

OID

关注
发信
关注(28)粉丝(399)

如何将 IDP 返回的属性映射到 SimpleSAMLphp 中的友好名称?

本文介绍了如何将 IDP 返回的属性映射到 SimpleSAMLphp 中的友好名称?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我已成功配置 simpleSAMLphp,以便它通过 Test Shib IDP (

  • urn:oid:0.9.2342.19200300.100.1.1
  • urn:oid:1.3.6.1.4.1.5923.1.1.1.1
  • urn:oid:1.3.6.1.4.1.5923.1.1.1.6
  • urn:oid:2.5.4.4
  • urn:oid:1.3.6.1.4.1.5923.1.1.1.9
  • urn:oid:2.5.4.42
  • urn:oid:1.3.6.1.4.1.5923.1.1.1.7
  • urn:oid:2.5.4.3
  • urn:oid:1.3.6.1.4.1.5923.1.1.1.10
  • urn:oid:2.5.4.20

我想将这些属性映射到友好名称.谁能给我一些关于如何做到这一点的指示?

authsources.php 中的 default-sp 示例如下:

/** 属性参数必须包含 SP 所需属性的数组.* 属性可以表示为名称数组或关联数组* 以friendlyName"的形式 =>'名称'.* 然后将按如下方式创建元数据:* <md:RequestedAttribute FriendlyName="friendlyName" Name="name"/>*//*'属性'=>大批('属性名' =>'骨灰盒:oid:x.x.x.x',),*/

但是设置

'attributes' =>数组('myTestValue' => 'urn:oid:0.9.2342.19200300.100.1.1'),

没有效果.

非常感谢您的帮助!

解决方案

假设 SimpleSAMLPHP 1.6 及更高版本,您可以简单地使用 oid2name 属性映射中的构建来进行映射给你.

'authproc' =>大批(50 =>大批('类' =>'核心:属性映射','oid2name',),),

要添加到 Luke 的答案中,您只需在以下位置添加一个 authproc 过滤器:

  • 全局在 config.php 中
  • 关于 SP:仅针对 authsources.php 中的 SP
  • 在 SP:特定于 saml20-idp-remote 或 shib13-idp-remote 中的一个远程 IdP
  • 关于 IdP:仅针对 saml20-idp-hosted 或 shib13-idp-hosted 中的一个托管 IdP
  • 关于 IdP:特定于 saml20-sp-remote 或 shib13-sp-remote 中的一个远程 SP

取自 https://simplesamlphp.org/docs/stable/simplesamlphp-authproc

您可以在此处找到的源中看到其他 AttributeMap,例如 oid2urnoid2feide:

https://github.com/simplesamlphp/simplesamlphp/tree/master/attributemap

I have successfully configured simpleSAMLphp so that it authenticates via the Test Shib IDP (https://www.testshib.org/).

Test Shib returns the following attributes:

  • urn:oid:0.9.2342.19200300.100.1.1
  • urn:oid:1.3.6.1.4.1.5923.1.1.1.1
  • urn:oid:1.3.6.1.4.1.5923.1.1.1.6
  • urn:oid:2.5.4.4
  • urn:oid:1.3.6.1.4.1.5923.1.1.1.9
  • urn:oid:2.5.4.42
  • urn:oid:1.3.6.1.4.1.5923.1.1.1.7
  • urn:oid:2.5.4.3
  • urn:oid:1.3.6.1.4.1.5923.1.1.1.10
  • urn:oid:2.5.4.20

I would like to map these attributes to friendly names. Can anyone give me some pointers as to how to do that?

The default-sp example in authsources.php has the following:

/*
 * The attributes parameter must contain an array of desired attributes by the SP.
 * The attributes can be expressed as an array of names or as an associative array
 * in the form of 'friendlyName' => 'name'.
 * The metadata will then be created as follows:
 * <md:RequestedAttribute FriendlyName="friendlyName" Name="name" />
 */
 /*'attributes' => array(
   'attrname' => 'urn:oid:x.x.x.x',
 ),*/

But setting 

'attributes' => array('myTestValue' => 'urn:oid:0.9.2342.19200300.100.1.1'),

has no effect.

Any help will be very gratefully received!

解决方案

Assuming SimpleSAMLPHP 1.6 and higher, you can simply use the build in oid2name attributemap to do the mapping for you.

'authproc' => array( 50 => array( 'class' => 'core:AttributeMap', 'oid2name', ),),

To add to Luke's answer, you can simply add an authproc filter in the following places:

  • Globally in config.php
  • On the SP: Specific for only the SP in authsources.php
  • On the SP: Specific for only one remote IdP in saml20-idp-remote or shib13-idp-remote
  • On the IdP: Specific for only one hosted IdP in saml20-idp-hosted or shib13-idp-hosted
  • On the IdP: Specific for only one remote SP in saml20-sp-remote or shib13-sp-remote

Taken from https://simplesamlphp.org/docs/stable/simplesamlphp-authproc

You can see additional AttributeMaps such as oid2urn and oid2feide in the source found here:

https://github.com/simplesamlphp/simplesamlphp/tree/master/attributemap

这篇关于如何将 IDP 返回的属性映射到 SimpleSAMLphp 中的友好名称?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

10-16 21:49
Powered by LMLPHP ©2024 OID 0.004527