silinternational / ssp-utilities
SimpleSAMLphp related utility classes
Installs: 3 064
Dependents: 6
Suggesters: 0
Security: 0
Stars: 0
Watchers: 7
Forks: 1
Open Issues: 0
Requires
- php: ^8.1
- simplesamlphp/simplesamlphp: ^2.2
Requires (Dev)
- phpunit/phpunit: >=7.0
- roave/security-advisories: dev-master
README
SimpleSAMLphp related utility classes
Overview
This project includes utilities that are used by ssp-base
It provides business logic that determines which simplesamlphp Identity Providers can be used for authentication by a certain SP.
It also provides a utility that will gather together remote metadata from a folder and its sub-folders to be used by a saml20-*-remote.php file.
It includes unit tests that can be run from the /data folder via $ vendor/phpunit/phpunit/phpunit tests. These should provide insight into what the utilities do in practice.
Editing IdP Business Logic
There are several ways to limit which IdP's can be used for authentication by a certain SP. (These are provided by Utils.php::isIdpValidForSp
which is called by the DiscoUtils.php::getIdpsForSp
method.)
-
If an IDP's entry in the
saml20-idp-remote.php
file includes a'SPList'
entry (as an array), then only the SP's which have an entity id listed in that array will be permissible. -
If an IDP's entry in the
saml20-idp-remote.php
file includes an'excludeByDefault'
entry set toTrue
, then only the SP's which include the IdP's entity id in their'IDPList'
entry will be permissible. -
If an SP's entry in the
saml20-sp-remote.php
file includes an'IDPList'
entry (as an array), then only the IdP's which have an entity id listed in that array will be permissible.
Metadata Utilities
The metadata.php file includes utilities that pull in metadata from all the files named idp-.php and sp-.php respectively, including those in sub-folders.