From 32063a86a57888a44fd4c0f915a9045b3d0cc4b5 Mon Sep 17 00:00:00 2001 From: Tyler Antonio Date: Wed, 9 Nov 2016 11:28:01 -0700 Subject: [PATCH 1/7] Add ability to define additional attributes on ContactPerson element --- composer.json | 2 +- lib/SimpleSAML/Metadata/SAMLBuilder.php | 4 ++++ lib/SimpleSAML/Utils/Config/Metadata.php | 14 ++++++++++++++ 3 files changed, 19 insertions(+), 1 deletion(-) diff --git a/composer.json b/composer.json index fbe519d128..ee3202e080 100644 --- a/composer.json +++ b/composer.json @@ -35,7 +35,7 @@ "ext-date": "*", "ext-hash": "*", "ext-json": "*", - "simplesamlphp/saml2": "dev-master#00e38f85b417be1e10a2d738dd2f5ea82edb472c as 2.2", + "simplesamlphp/saml2": "dev-master#a94403bfe5627c90fe3764e0ada5a44841a11e80 as 2.3.3", "robrichards/xmlseclibs": "~2.0", "whitehat101/apr1-md5": "~1.0", "twig/twig": "~1.0", diff --git a/lib/SimpleSAML/Metadata/SAMLBuilder.php b/lib/SimpleSAML/Metadata/SAMLBuilder.php index 35156f7dbe..90451b7130 100644 --- a/lib/SimpleSAML/Metadata/SAMLBuilder.php +++ b/lib/SimpleSAML/Metadata/SAMLBuilder.php @@ -688,6 +688,10 @@ public function addContact($type, $details) $e = new \SAML2\XML\md\ContactPerson(); $e->contactType = $type; + if (!empty($details['attributes'])) { + $e->ContactPersonAttributes = $details['attributes']; + } + if (isset($details['company'])) { $e->Company = $details['company']; } diff --git a/lib/SimpleSAML/Utils/Config/Metadata.php b/lib/SimpleSAML/Utils/Config/Metadata.php index d9f9328352..8232e2d3fe 100644 --- a/lib/SimpleSAML/Utils/Config/Metadata.php +++ b/lib/SimpleSAML/Utils/Config/Metadata.php @@ -27,6 +27,12 @@ class Metadata /** + * Valid options for the ContactPerson element + * + * The 'attributes' option isn't defined in section 2.3.2.2 of the OASIS document, but + * it is required to allow additons to the main contact person element for trust + * frameworks. + * * @var array The valid configuration options for a contact configuration array. * @see "Metadata for the OASIS Security Assertion Markup Language (SAML) V2.0", section 2.3.2.2. */ @@ -37,6 +43,7 @@ class Metadata 'surName', 'telephoneNumber', 'company', + 'attributes', ); @@ -108,6 +115,13 @@ function ($t) { throw new \InvalidArgumentException('"contactType" is mandatory and must be one of '.$types."."); } + // check attributes is an associative array + if (isset($contact['attributes'])) { + if (empty($contact['attributes']) || empty(array_filter(array_keys($contact['attributes']), 'is_string'))) { + throw new \InvalidArgumentException('"attributes" must be an array and cannot be empty.'); + } + } + // try to fill in givenName and surName from name if (isset($contact['name']) && !isset($contact['givenName']) && !isset($contact['surName'])) { // first check if it's comma separated From 6e3322250a412f6b24538c59e3d8d42091e6df5c Mon Sep 17 00:00:00 2001 From: Tyler Antonio Date: Wed, 9 Nov 2016 14:36:21 -0700 Subject: [PATCH 2/7] Address issues from unit tests --- lib/SimpleSAML/Utils/Config/Metadata.php | 2 +- tests/lib/SimpleSAML/Utils/Config/MetadataTest.php | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/lib/SimpleSAML/Utils/Config/Metadata.php b/lib/SimpleSAML/Utils/Config/Metadata.php index 8232e2d3fe..297cae30a3 100644 --- a/lib/SimpleSAML/Utils/Config/Metadata.php +++ b/lib/SimpleSAML/Utils/Config/Metadata.php @@ -117,7 +117,7 @@ function ($t) { // check attributes is an associative array if (isset($contact['attributes'])) { - if (empty($contact['attributes']) || empty(array_filter(array_keys($contact['attributes']), 'is_string'))) { + if (empty($contact['attributes']) || !is_array($contact['attributes']) || empty(array_filter(array_keys($contact['attributes']), 'is_string'))) { throw new \InvalidArgumentException('"attributes" must be an array and cannot be empty.'); } } diff --git a/tests/lib/SimpleSAML/Utils/Config/MetadataTest.php b/tests/lib/SimpleSAML/Utils/Config/MetadataTest.php index 3189834386..95f0aa547c 100644 --- a/tests/lib/SimpleSAML/Utils/Config/MetadataTest.php +++ b/tests/lib/SimpleSAML/Utils/Config/MetadataTest.php @@ -215,6 +215,7 @@ public function testGetContact() } $contact['contactType'] = 'technical'; $contact['name'] = 'to_be_removed'; + $contact['attributes'] = array('test' => 'testval'); $parsed = Metadata::getContact($contact); foreach (array_keys($parsed) as $key) { $this->assertEquals($parsed[$key], $contact[$key]); From 1ce9a0cd64a16f09103cadf024f2af2a522f9637 Mon Sep 17 00:00:00 2001 From: Tyler Antonio Date: Wed, 9 Nov 2016 15:56:08 -0700 Subject: [PATCH 3/7] Use count() instead of empty(). Cannot provide array_filter() output directly to empty() in conditional in PHP <= 5.4. --- lib/SimpleSAML/Utils/Config/Metadata.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/SimpleSAML/Utils/Config/Metadata.php b/lib/SimpleSAML/Utils/Config/Metadata.php index 297cae30a3..9b586790ab 100644 --- a/lib/SimpleSAML/Utils/Config/Metadata.php +++ b/lib/SimpleSAML/Utils/Config/Metadata.php @@ -117,7 +117,7 @@ function ($t) { // check attributes is an associative array if (isset($contact['attributes'])) { - if (empty($contact['attributes']) || !is_array($contact['attributes']) || empty(array_filter(array_keys($contact['attributes']), 'is_string'))) { + if (empty($contact['attributes']) || !is_array($contact['attributes']) || count(array_filter(array_keys($contact['attributes']), 'is_string')) == 0) { throw new \InvalidArgumentException('"attributes" must be an array and cannot be empty.'); } } From 62b08710c1706f0882338966cb1eb02f966e1691 Mon Sep 17 00:00:00 2001 From: Tyler Antonio Date: Tue, 15 Nov 2016 09:44:45 -0700 Subject: [PATCH 4/7] Added documentation for contactPerson attributes --- docs/simplesamlphp-reference-idp-hosted.md | 31 ++++++++++++++++++++++ 1 file changed, 31 insertions(+) diff --git a/docs/simplesamlphp-reference-idp-hosted.md b/docs/simplesamlphp-reference-idp-hosted.md index dc0fae3424..6bf36bcc35 100644 --- a/docs/simplesamlphp-reference-idp-hosted.md +++ b/docs/simplesamlphp-reference-idp-hosted.md @@ -123,6 +123,37 @@ Common options any value in the SP-remote metadata overrides the one configured in the IdP metadata. +`contacts` +: Specify contacts in addition to the technical contact configured through config/config.php. + For example, specifying a support contact: + + 'contacts' => array( + array( + 'contactType' => 'support', + 'emailAddress' => 'support@example.org', + 'givenName' => 'John', + 'surName' => 'Doe', + 'telephoneNumber' => '+31(0)12345678', + 'company' => 'Example Inc.', + ), + ), + +: If you have support for a trust framework that requires extra attributes on the contact person element in your IdP metadata (for example, SIRTFI), you can specify an array of attributes on a contact. + + 'contacts' => array( + array( + 'contactType' => 'other', + 'emailAddress' => 'abuse@example.org', + 'givenName' => 'John', + 'surName' => 'Doe', + 'telephoneNumber' => '+31(0)12345678', + 'company' => 'Example Inc.', + 'attributes' => array( + 'xmlns:remd' => 'http://refeds.org/metadata', + 'remd:contactType => 'http://refeds.org/metadata/contactType/security', + ), + ), + ), SAML 2.0 options ---------------- From e142bd05db9f75a578fb18f4ff853edb41e28172 Mon Sep 17 00:00:00 2001 From: Tyler Antonio Date: Fri, 13 Jan 2017 11:11:29 -0700 Subject: [PATCH 5/7] Fixed errors in documentation --- docs/simplesamlphp-reference-idp-hosted.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/simplesamlphp-reference-idp-hosted.md b/docs/simplesamlphp-reference-idp-hosted.md index 6bf36bcc35..0e5cb6298e 100644 --- a/docs/simplesamlphp-reference-idp-hosted.md +++ b/docs/simplesamlphp-reference-idp-hosted.md @@ -143,14 +143,14 @@ Common options 'contacts' => array( array( 'contactType' => 'other', - 'emailAddress' => 'abuse@example.org', + 'emailAddress' => 'mailto:abuse@example.org', 'givenName' => 'John', 'surName' => 'Doe', 'telephoneNumber' => '+31(0)12345678', 'company' => 'Example Inc.', 'attributes' => array( 'xmlns:remd' => 'http://refeds.org/metadata', - 'remd:contactType => 'http://refeds.org/metadata/contactType/security', + 'remd:contactType' => 'http://refeds.org/metadata/contactType/security', ), ), ), From 404f20843fe16c2304e1f793e625a0ac85477fd7 Mon Sep 17 00:00:00 2001 From: Tyler Antonio Date: Fri, 20 Jan 2017 10:22:29 -0700 Subject: [PATCH 6/7] Split condition on multiple lines and added strict comparison --- lib/SimpleSAML/Utils/Config/Metadata.php | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/lib/SimpleSAML/Utils/Config/Metadata.php b/lib/SimpleSAML/Utils/Config/Metadata.php index 9b586790ab..2bf4b480a4 100644 --- a/lib/SimpleSAML/Utils/Config/Metadata.php +++ b/lib/SimpleSAML/Utils/Config/Metadata.php @@ -117,7 +117,10 @@ function ($t) { // check attributes is an associative array if (isset($contact['attributes'])) { - if (empty($contact['attributes']) || !is_array($contact['attributes']) || count(array_filter(array_keys($contact['attributes']), 'is_string')) == 0) { + if (empty($contact['attributes']) + || !is_array($contact['attributes']) + || count(array_filter(array_keys($contact['attributes']), 'is_string')) === 0 + ) { throw new \InvalidArgumentException('"attributes" must be an array and cannot be empty.'); } } From a28b7605e5f7c82b7fbe91725f99dbd31e593562 Mon Sep 17 00:00:00 2001 From: Tyler Antonio Date: Fri, 20 Jan 2017 10:24:28 -0700 Subject: [PATCH 7/7] Removed changes to composer.json --- composer.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/composer.json b/composer.json index ee3202e080..fbe519d128 100644 --- a/composer.json +++ b/composer.json @@ -35,7 +35,7 @@ "ext-date": "*", "ext-hash": "*", "ext-json": "*", - "simplesamlphp/saml2": "dev-master#a94403bfe5627c90fe3764e0ada5a44841a11e80 as 2.3.3", + "simplesamlphp/saml2": "dev-master#00e38f85b417be1e10a2d738dd2f5ea82edb472c as 2.2", "robrichards/xmlseclibs": "~2.0", "whitehat101/apr1-md5": "~1.0", "twig/twig": "~1.0",