Commit 48d1eadd authored by Martin van Es's avatar Martin van Es
Browse files

WIP

parent 82164e5c
{
"account1" : {
"type" : "Research and Scholarship",
"explanation": "This profile provides a R&S compatible attribute bundle with the name of the user name being provided in the 'displayname' attribute",
"display": "Account One (R&S)",
"eduPersonPrincipalName" : "account1@idp.example.org",
"displayName" : "Account One",
"mail" : "account1@idp.example.org"
},
"account2" : {
"type" : "Research and Scholarship",
"explanation": "This profile provides a R&S compatible attribute bundle with the name of the user name being provided in both a 'displayname' attribute as well as seperate 'surname' and 'givenname' attributes",
"display": "Account Two (R&S)",
"eduPersonPrincipalName" : "account2@idp.example.org",
"displayName" : "Account Two",
"givenName" : "Account",
"sn" : "Two",
"mail" : "account2@idp.example.org"
},
"account3" : {
"type" : "Research and Scholarship",
"explanation": "This profile provides a R&S compatible attribute bundle with the name of the user name being provided as seperate 'surname' and 'givenname' attributes. In addition the users affiliations are provided in the 'eduPersonScopedAffiliation' attribute",
"display": "Account Three (R&S)",
"eduPersonPrincipalName" : "account3@idp.example.org",
"givenName" : "Account",
"sn" : "Three",
"mail" : "account3@idp.example.org",
"eduPersonScopedAffiliation" : ["member@idp.example.org", "student@idp.example.org"]
},
"account4" : {
"type" : "Research and Scholarship",
"explanation": "This profile provides a R&S compatible attribute bundle with the name of the user name being provided as seperate 'surname' and 'givenname' attributes. Please note the usage of both 'eduPersonPrincipalName' as well as 'eduPersonTargetedID' which suggest the 'eduPersonPrincipalName' may not be a stable identifier, but may be reassigned at some point",
"display": "Account Four (R&S)",
"eduPersonPrincipalName" : "account4@idp.example.org",
"eduPersonTargetedID" : "bd09168cf0c2e675b2def0ade6f50b7d4bb4aae",
"givenName" : "Account4",
"sn" : "Four",
"mail" : "account4@idp.example.org",
"eduPersonScopedAffiliation" : ["member@idp.example.org", "employee@idp.example.org", "faculty@idp.example.org"]
},
"account5" : {
"type" : "Research and Scholarship",
"explanation": "This profile provides a R&S compatible attribute bundle with the name of the user name being provided in the displayname attribute. Please note the usage of both 'eduPersonPrincipalName' as well as 'eduPersonTargetedID' which suggest the 'eduPersonPrincipalName' may not be a stable identifier, but may be reassigned at some point",
"display": "Account Five (R&S)",
"eduPersonPrincipalName" : "account5@idp.example.org",
"eduPersonTargetedId" : "account5@idp.example.org",
"displayName" : "Account Five",
"mail" : "account5@idp.example.org"
},
"account6" : {
"type" : "Research and Scholarship",
"explanation": "This profile provides a R&S compatible attribute bundle with the name of the user name being provided as seperate 'surname' and 'givenname' attributes. Please note the usage of both 'eduPersonPrincipalName' as well as 'eduPersonTargetedID' which suggest the 'eduPersonPrincipalName' may not be a stable identifier, but may be reassigned at some point",
"display": "Account Six (R&S)",
"eduPersonPrincipalName" : "account6@idp.example.org",
"eduPersonTargetedId" : "account6@idp.example.org",
"givenName" : "Account6",
"sn" : "Six",
"mail" : "account6@idp.example.org"
},
"account7" : {
"type" : "Research and Scholarship",
"explanation": "This profile provides a R&S compatible attribute bundle with the name of the user name being provided in the displayname attribute. Please note the usage of both 'eduPersonPrincipalName' as well as 'eduPersonTargetedID' which suggest the 'eduPersonPrincipalName' may not be a stable identifier, but may be reassigned at some point. In addition the users affiliations are provided in the 'eduPersonScopedAffiliation' attribute",
"display": "Account Seven (R&S)",
"eduPersonPrincipalName" : "account7@idp.example.org",
"eduPersonTargetedId" : "account7@idp.example.org",
"displayName" : "Account Seven",
"mail" : "account7@idp.example.org",
"eduPersonScopedAffiliation" : ["employee@idp.example.org", "staff@idp.example.org", "member@idp.example.org", "student@idp.example.org"]
},
"account8" : {
"type" : "Research and Scholarship",
"explanation": "This profile provides a R&S compatible attribute bundle with the name of the user name being provided as seperate 'surname' and 'givenname' attributes.Please note the usage of both 'eduPersonPrincipalName' as well as 'eduPersonTargetedID' which suggest the 'eduPersonPrincipalName' may not be a stable identifier, but may be reassigned at some point. In addition the users affiliations are provided in the 'eduPersonScopedAffiliation' attribute",
"display": "Account Eight (R&S)",
"eduPersonPrincipalName" : "account8@idp.example.org",
"eduPersonTargetedId" : "account8@idp.example.org",
"givenName" : "Account8",
"sn" : "Eight",
"mail" : "account8@idp.example.org",
"eduPersonScopedAffiliation" : ["employee@idp.example.org", "staff@idp.example.org", "member@idp.example.org", "student@idp.example.org"]
},
"account9" : {
"type": "Behaviour tests",
"explanation": "Test - multi-valued mail attribute",
"display": "Jordan R. Belfort",
"uid" : ["belfort"],
"schacHomeOrganization" : "harvard-example.edu",
"eduPersonPrincipalName" : "belfort@harvard-example.edu",
"cn" : "Jordan Ross Belfort",
"givenName" : "Jordan",
"sn" : "Belfort",
"displayName" : "Jordan R. Belfort",
"mail" : ["Jordan.Belfort@harvard-example.edu", "jordan@harvard-example.edu"],
"eduPersonAffiliation" : ["employee", "faculty", "member"],
"eduPersonScopedAffiliation" : ["employee@harvard-example.edu", "faculty@harvard-example.edu", "member@harvard-example.edu"],
"eduPersonEntitlement" : "urn:mace:dir:entitlement:common-lib-terms-example",
"isMemberOf" : "urn:collab:org:aarc-project.eu"
},
"account10" : {
"type": "Behaviour tests",
"explanation": "Test - No member affiliation ind eduPersonAffiliation",
"display": "Steve Wynn",
"uid" : ["wynn"],
"schacHomeOrganization" : "harvard-example.edu",
"eduPersonPrincipalName" : "wynn@harvard-example.edu",
"cn" : "Steve Alen Wynn",
"givenName" : "Steve",
"sn" : "Wynn",
"displayName" : "Steve Wynn",
"mail" : ["S.Wynn@harvard-example.edu", "Steve.Wynn@example-casino.com", "steve.Wynn@las.vegas.com"],
"eduPersonAffiliation" : ["employee", "faculty"],
"eduPersonScopedAffiliation" : ["employee@harvard-example.edu", "faculty@harvard-example.edu", "member@harvard-example.edu"],
"eduPersonEntitlement" : "urn:mace:dir:entitlement:common-lib-terms-example",
"isMemberOf" : "urn:collab:org:aarc-project.eu"
},
"account11" : {
"type": "Behaviour tests",
"explanation": "Test - Incorrect domain scope for Home organisation",
"display": "Isaac Newton",
"uid" : ["isaac"],
"schacHomeOrganization" : "university-example.org",
"eduPersonPrincipalName" : "isaac@university-example.edu",
"cn" : "Sir Isaac Newton",
"givenName" : "Isaac",
"sn" : "Newton",
"displayName" : "Isaac Newton",
"mail" : ["isaacnewton@university-example.org", "newton@university-example.org"],
"eduPersonScopedAffiliation" : ["employee@huniversity-example.org", "faculty@university-example.org", "member@university-example.org"],
"eduPersonEntitlement" : "urn:mace:dir:entitlement:common-lib-terms-example",
"isMemberOf" : "urn:collab:org:aarc-project.eu"
},
"account12" : {
"type": "Behaviour tests",
"explanation": "Test - Invalid email address, note that ePPN is NOT an email adress, so having multiple @ signs is allowed",
"display": "Oscar Burton",
"uid" : ["oburton"],
"schacHomeOrganization" : "university-example.org",
"eduPersonPrincipalName" : "o@burton@university-example.org",
"cn" : "Oscar Burton",
"givenName" : "Oscar",
"sn" : "Burton",
"displayName" : "Oscar Burton",
"mail" : "o@burton@university-example.edu",
"eduPersonAffiliation" : ["employee", "member", "staff"],
"eduPersonScopedAffiliation" : ["employee@huniversity-example.org", "staff@university-example.org", "member@university-example.org"],
"isMemberOf" : "urn:collab:org:aarc-project.eu"
},
"account13" : {
"type": "Behaviour tests",
"explanation": "Test - Invalid ePPN",
"display": "Oscar Burton",
"uid" : ["oburton"],
"schacHomeOrganization" : "university-example.org",
"eduPersonPrincipalName" : "oburton@university-example.edu",
"cn" : "Oscar Burton",
"givenName" : "Oscar",
"sn" : "Burton",
"displayName" : "Oscar Burton",
"mail" : "OscarBurton@university-example.org",
"eduPersonAffiliation" : ["employee", "member", "staff"],
"eduPersonScopedAffiliation" : ["employee@huniversity-example.org", "staff@university-example.org", "member@university-example.org"],
"isMemberOf" : "urn:collab:org:aarc-project.eu"
},
"account14" : {
"type": "Behaviour tests",
"explanation": "Test - Member only",
"display": "Student One",
"uid" : ["student1"],
"schacHomeOrganization" : "idp.example.org",
"eduPersonPrincipalName" : "student1@idp.example.org",
"cn" : "Student One",
"givenName" : "Student",
"sn" : "One",
"displayName" : "Student One",
"mail" : "student1@idp.example.org",
"eduPersonAffiliation" : ["member"],
"eduPersonScopedAffiliation" : ["member@idp.example.org"],
"isMemberOf" : "urn:collab:org:aarc-project.eu"
},
"account15" : {
"type": "Behaviour tests",
"explanation": "Test - Non human-friendly ePPN",
"display": "Student Two",
"uid" : ["FyHah7$J"],
"schacHomeOrganization" : "idp.example.org",
"eduPersonPrincipalName" : "FyHah7$J@idp.example.org",
"cn" : "Student Two",
"givenName" : "Student",
"sn" : "Two",
"displayName" : "Student Two",
"mail" : "s1869831907@example.org",
"eduPersonAffiliation" : ["student", "member"],
"eduPersonScopedAffiliation" : ["member@idp.example.org", "student@idp.example.org"],
"isMemberOf" : "urn:collab:org:aarc-project.eu"
},
"account16" : {
"type": "Behaviour tests",
"explanation": "Test - Blank attribute values",
"display": "Student Three",
"uid" : ["student3"],
"schacHomeOrganization" : "idp.example.org",
"eduPersonPrincipalName" : "student3@idp.example.org",
"cn" : "",
"givenName" : "",
"sn" : "Three",
"displayName" : "Student Three",
"mail" : "student3@idp.example.org",
"eduPersonAffiliation" : ["member", "student"],
"eduPersonScopedAffiliation" : ["member@idp.example.org", "student@idp.example.org"],
"isMemberOf" : "urn:collab:org:aarc-project.eu"
},
"account17" : {
"type": "Behaviour tests",
"explanation": "Test - Inconsistant user name",
"display": "Godfried Viggo",
"uid" : ["viggo7"],
"schacHomeOrganization" : "unidenmark-example.dk",
"eduPersonPrincipalName" : "viggo7@unidenmark-example.dk",
"cn" : "Christian Godfried Viggo Lind",
"givenName" : "Godfried",
"sn" : "Viggo",
"displayName" : "Godfried Viggo",
"mail" : "Godfried.Viggo@unidenmark-example.dk",
"eduPersonAffiliation" : "student",
"eduPersonScopedAffiliation" : ["student@unidenmark-example.dk"],
"isMemberOf" : "urn:collab:org:aarc-project.eu"
},
"account18" : {
"type": "Behaviour tests",
"explanation": "Test - non-ASCII UTF-8 common name ",
"display": "Daisuke Takahashi",
"uid" : ["U3342109"],
"schacHomeOrganization" : "exchange-example.edu",
"eduPersonPrincipalName" : "U3342109@exchange-example.edu",
"cn" : "Daisuke Takahashi, 髙橋 大輔",
"givenName" : "Daisuke",
"sn" : "Takahashi",
"displayName" : "Daisuke Takahashi",
"mail" : "U3342109@exchange-example.edu",
"eduPersonAffiliation" : ["member", "student"],
"eduPersonScopedAffiliation" : ["member@exchange-example.edu", "student@exchange-example.edu"],
"isMemberOf" : ["urn:collab:org:exchange-university.org", "urn:collab:org:home-university.org"]
},
"account19" : {
"type": "Behaviour tests",
"explanation": "Test - Diacritical marks",
"display": "Martin N. Jørgensen",
"uid" : ["student14"],
"schacHomeOrganization" : "stockholmuni-example.se",
"eduPersonPrincipalName" : "student14@stockholmuni-example.se",
"cn" : "Martin Nikolaus Jørgensen",
"givenName" : "Martin",
"sn" : "Jørgensen",
"displayName" : "Martin N. Jørgensen",
"mail" : "jorgensen07@stockholmuni-example.se",
"eduPersonAffiliation" : ["member", "student"],
"eduPersonScopedAffiliation" : ["member@stockholmuni-example.se", "student@stockholmuni-example.se"],
"isMemberOf" : "urn:collab:org:sunet-example.se"
}
}
......@@ -22,6 +22,16 @@ $vserver = $_SERVER['SERVER_NAME'];
$vparts = explode('.', $vserver);
$vhost = $vparts[0];
$raw_users = json_decode(file_get_contents('/opt/simplesamlphp/config/logins.json'), true);
$domains = [];
if (is_array($raw_users)) {
foreach($raw_users as $user => $values) {
$sho = @$values['schacHomeOrganization'];
if ($sho) $domains[] = $sho;
}
}
$domains = array_unique($domains);
$metadata['__DYNAMIC:1__'] = [
/*
* The hostname of the server (VHOST) that will use this SAML entity.
......@@ -62,6 +72,8 @@ $metadata['__DYNAMIC:1__'] = [
],
],
'scope' => $domains,
// X.509 key and certificate. Relative to the cert directory.
'privatekey' => 'server.key',
'certificate' => 'server.crt',
......
......@@ -45,8 +45,10 @@ $displays = [];
foreach ($raw_users as $user => $values) {
$explanations[$user] = $values['explanation'];
$displays[$user] = $values['display'];
$type[$user] = $values['type'];
unset($values['explanation']);
unset($values['display']);
unset($values['type']);
$users[$user] = $values;
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment