holm/egroupware
1
1
Fork 0
forked from extern/egroupware
Code Issues Pull Requests Packages Projects Releases Wiki Activity

* SAML/Shibboleth: fix metadata-URL to container eduPersonUniqueId or a custom OID, if specified

Browse Source
This commit is contained in:
Ralf Becker 2021-04-20 17:34:08 +02:00
parent a6bd16e2ad
commit df5cce7a74
1 changed files with 33 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
api/src/Auth/Saml.php
View File

@ -463,6 +463,17 @@ class Saml implements BackendSSO
$GLOBALS['egw_info']['server']['usecookies'] = true; $GLOBALS['egw_info']['server']['usecookies'] = true;
$config['baseurlpath'] = Api\Framework::getUrl(Api\Egw::link('/saml/')); $config['baseurlpath'] = Api\Framework::getUrl(Api\Egw::link('/saml/'));
$config['username_oid'] = [self::usernameOid($config)]; $config['username_oid'] = [self::usernameOid($config)];
$config['attribute_oids'] = [
'eduPersonPricipalName' => self::eduPersonPricipalName,
'eduPersonUniqueId' => self::eduPersonUniqueId,
'emailAddress' => self::emailAddress,
'firstName' => self::firstName,
'lastName' => self::lastName,
];
if (!in_array(self::usernameOid($config), $config['attribute_oids']))
{
$config['attribute_oids']['customOid'] = self::usernameOid($config);
}
// if multiple IdP's are configured, do NOT specify one to let user select // if multiple IdP's are configured, do NOT specify one to let user select
if (count(self::splitIdP($config['saml_idp'])) > 1) if (count(self::splitIdP($config['saml_idp'])) > 1)
{ {
@ -477,6 +488,7 @@ class Saml implements BackendSSO
'authsources.php' => [ 'authsources.php' => [
'saml_idp' => "/('default-sp' => *\\[.*?'idp' => *).*?$/ms", 'saml_idp' => "/('default-sp' => *\\[.*?'idp' => *).*?$/ms",
'saml_sp' => "/('default-sp' => *\\[.*?'name' => *\\[.*?'en' => *).*?$/ms", 'saml_sp' => "/('default-sp' => *\\[.*?'name' => *\\[.*?'en' => *).*?$/ms",
'attribute_oids' => "/('default-sp' => *\\[.*?'attributes' => *)\\[.*?\\],$/ms",
'username_oid' => "/('default-sp' => *\\[.*?'attributes.required' => *)\\[.*?\\],$/ms", 'username_oid' => "/('default-sp' => *\\[.*?'attributes.required' => *)\\[.*?\\],$/ms",
], ],
'config.php' => [ 'config.php' => [
@ -492,8 +504,7 @@ class Saml implements BackendSSO
foreach($replacements as $conf => $reg_exp) foreach($replacements as $conf => $reg_exp)
{ {
$content = preg_replace($reg_exp, '$1' . (is_array($config[$conf]) ? $content = preg_replace($reg_exp, '$1' . (is_array($config[$conf]) ?
"[".implode(',', array_map(self::class.'::quote', $config[$conf]))."]" : self::quoteArray($config[$conf]) : self::quote($config[$conf])) . ',', $content);
self::quote($config[$conf])) . ',', $content);
} }
if (!file_put_contents($path, $content)) if (!file_put_contents($path, $content))
{ {
@ -513,6 +524,24 @@ class Saml implements BackendSSO
return $str || isset($empty) ? "'".addslashes($str ?: $empty)."'" : 'null'; return $str || isset($empty) ? "'".addslashes($str ?: $empty)."'" : 'null';
} }
/**
* @param array $arr
* @param null $empty
* @return string
*/
private static function quoteArray($arr, $empty=null)
{
$str = "[\n";
foreach($arr as $key => $val)
{
$str .= "\t\t";
if (!is_int($key)) $str .= self::quote($key).'=>';
$str .= self::quote($val, $empty).",\n";
}
$str .= "\t]";
return $str;
}
/** /**
* Get the urn:oid of the username * Get the urn:oid of the username
* *
@ -532,7 +561,7 @@ class Saml implements BackendSSO
case 'emailAddress': case 'emailAddress':
return self::emailAddress; return self::emailAddress;
case 'customOid': case 'customOid':
return $config['saml_username_oid'] ?: self::emailAddress; return 'urn:oid:'.$config['saml_username_oid'] ?: self::emailAddress;
} }
return self::emailAddress; return self::emailAddress;
} }
@ -724,6 +753,7 @@ EOF
"\t],\n\n". "\t],\n\n".
"\t'attributes' => [\n". "\t'attributes' => [\n".
"\t\t'eduPersonPricipalName' => '".self::eduPersonPricipalName."',\n". "\t\t'eduPersonPricipalName' => '".self::eduPersonPricipalName."',\n".
"\t\t'eduPersonUniqueId' => '".self::eduPersonUniqueId."',\n".
"\t\t'emailAddress' => '".self::emailAddress."',\n". "\t\t'emailAddress' => '".self::emailAddress."',\n".
"\t\t'firstName' => '".self::firstName."',\n". "\t\t'firstName' => '".self::firstName."',\n".
"\t\t'lastName' => '".self::lastName."',\n". "\t\t'lastName' => '".self::lastName."',\n".