Make Consent module use SP PrivacyStatementURL as a privacypolicy option
5 views
Skip to first unread message
Pavel Šipoš
Aug 12, 2019, 5:09:26 AM8/12/19
to SimpleSAMLphp developers
Hi everyone.
I already opened this topic on simplesamlphp-user group buy maybe here is a better place for it.
-------------
For our IdP we use metarefresh module (https://simplesamlphp.org/docs/stable/simplesamlphp-automated_metadata), which generates saml20-sp-remote from XML and PrivacyPolicy URL is defined for example like this:
```
[...]
$metadata['https://sp1.example.com/20190808'] = array (
UIInfo' =>
array (
'PrivacyStatementURL' =>
array (
'en' => 'https://sp1.example/policy',
'de' => 'https://sp1.example/policy',
),
)
[...]
```
Consent module is expecting Privacy Statement URL under 'privacypolicy' option and not 'PrivacyStatementURL'. Because of different naming of option (or should I say attribute), URL is not retreived from SP metadata and so privacypolicy URL from IdP is used at Consent page.
Can you please suggest what would be clean way to map PrivacyStatementURL to privacypolicy option?
Currently we have made fix with changing consent module logic:
```php
//Before
//if (array_key_exists('privacypolicy', $state['Destination'])) {
//After
if ( array_key_exists('PrivacyStatementURL', $state['Destination']['UIInfo']) && array_key_exists('en', $state['Destination']['UIInfo']['PrivacyStatementURL']) ){
$privacypolicy = $state['Destination']['UIInfo']['PrivacyStatementURL']['en'];
```
In the spirit of GDPR,
Thank you!
Pavel
Jaime Pérez Crespo
Aug 12, 2019, 6:26:53 AM8/12/19
to simplesa...@googlegroups.com
Hi Pavel,
I would actually categorize this as a bug. SimpleSAMLphp should be able to use the metadata itself generates for remote entities. I think the proper approach here would be to search for both options, giving the old one (privacypolicy) priority.
Would you mind providing a pull request with this?
--
Jaime Pérez
UNINETT / Feide
jaime...@uninett.no
jaime...@protonmail.com
9A08 EA20 E062 70B4 616B 43E3 562A FE3A 6293 62C2
"Two roads diverged in a wood, and I, I took the one less traveled by, and that has made all the difference."
- Robert Frost
I would actually categorize this as a bug. SimpleSAMLphp should be able to use the metadata itself generates for remote entities. I think the proper approach here would be to search for both options, giving the old one (privacypolicy) priority.
Would you mind providing a pull request with this?
Jaime Pérez
UNINETT / Feide
jaime...@uninett.no
jaime...@protonmail.com
9A08 EA20 E062 70B4 616B 43E3 562A FE3A 6293 62C2
"Two roads diverged in a wood, and I, I took the one less traveled by, and that has made all the difference."
- Robert Frost
Pavel Šipoš
Aug 12, 2019, 8:01:54 AM8/12/19
to SimpleSAMLphp developers
Done: https://github.com/simplesamlphp/simplesamlphp-module-consent/pull/6
I am open for better solution where URL is chosen based on current translation used and if does not exists then maybe first available value.
Dne ponedeljek, 12. avgust 2019 12.26.53 UTC+2 je oseba Jaime Pérez napisala:
Dne ponedeljek, 12. avgust 2019 12.26.53 UTC+2 je oseba Jaime Pérez napisala:
Reply all
Reply to author
Forward
0 new messages