What are the separators for Automatic role population from simpleSAMLphp attributes
154 views
Skip to first unread message
kc...@optimoz.com
Oct 17, 2018, 2:13:30 PM10/17/18
to SimpleSAMLphp
I am new to Drupal and simpleSAMLphp. Trying to integrate Apigee Dev portal with SAML IDP. Reading the documents of https://www.drupal.org/project/simplesamlphp_auth/issues/1931394 regarding "Automatic role population from simpleSAMLphp attributes. Nowhere I can find the list of separators and what do the separator "=", "@=" "~=" mean?
Also I have an IDP attribute which returns possible multiple values, like this:
<saml:Attribute Name="groups">
<saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">Support Staff</saml:AttributeValue>
<saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">Affirmative Data Entry</saml:AttributeValue>
</saml:Attribute>How to map such m
How can I map this multiple values to multiple roles?
thanks,
Kan
Peter Schober
Oct 18, 2018, 7:41:45 AM10/18/18
to SimpleSAMLphp
* kc...@optimoz.com <kc...@optimoz.com> [2018-10-17 20:13]:
> Also I have an IDP attribute which returns possible multiple values,
[...
https://simplesamlphp.org/docs/stable/core:authproc_attributemap
is not up to the task you can usually fall back to using your own PHP
code by using the PHP authproc filter:
https://simplesamlphp.org/docs/stable/core:authproc_php
-peter
> I am new to Drupal and simpleSAMLphp. Trying to integrate Apigee Dev portal
> with SAML IDP. Reading the documents
> of https://www.drupal.org/project/simplesamlphp_auth/issues/1931394
> regarding "Automatic role population from simpleSAMLphp attributes. Nowhere
> I can find the list of separators and what do the separator "=", "@=" "~="
> mean?
You'd have to ask that the people supporting that code.
> with SAML IDP. Reading the documents
> of https://www.drupal.org/project/simplesamlphp_auth/issues/1931394
> regarding "Automatic role population from simpleSAMLphp attributes. Nowhere
> I can find the list of separators and what do the separator "=", "@=" "~="
> mean?
> Also I have an IDP attribute which returns possible multiple values,
> How can I map this multiple values to multiple roles?
If you have determined that
https://simplesamlphp.org/docs/stable/core:authproc_attributemap
is not up to the task you can usually fall back to using your own PHP
code by using the PHP authproc filter:
https://simplesamlphp.org/docs/stable/core:authproc_php
-peter
kc...@optimoz.com
Oct 18, 2018, 11:19:50 AM10/18/18
to SimpleSAMLphp
For document purpose, I found the answer there: https://cgit.drupalcode.org/simplesamlphp_auth/tree/src/Service/SimplesamlphpDrupalAuth.php
// A '=' requires the $value exactly matches the $attribute, A '@=' // requires the portion after a '@' in the $attribute to match the // $value and a '~=' allows the value to match any part of any // element in the $attribute array.
Also = will match an element in the array of attributes
Reply all
Reply to author
Forward
0 new messages