Skip to content

Commit

Permalink
CIL-598 Add skin config option for IdPs registered by InCommon.
Browse files Browse the repository at this point in the history
  • Loading branch information
@terrencegf
terrencegf committed Sep 17, 2019
1 parent f87cc18 commit a0a2c22
Show file tree
Hide file tree
Showing 2 changed files with 60 additions and 26 deletions.
35 changes: 24 additions & 11 deletions src/Service/Content.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -236,11 +236,11 @@ public static function printFormHead(
*
* @param bool $showremember (Optional) Show the 'Remember this
* selection' checkbox? Defaults to true.
* @param bool $incommonidps (Optional) Show all InCommon IdPs in
* @param bool $samlidps (Optional) Show all SAML-based IdPs in
* selection list? Defaults to false, which means show
* only whitelisted IdPs.
*/
public static function printWAYF($showremember = true, $incommonidps = false)
public static function printWAYF($showremember = true, $samlidps = false)
{
$helptext = 'Check this box to bypass the welcome page on ' .
'subsequent visits and proceed directly to the selected ' .
Expand All @@ -249,7 +249,7 @@ public static function printWAYF($showremember = true, $incommonidps = false)
$searchtext = "Enter characters to search for in the list above.";

// Get an array of IdPs
$idps = static::getCompositeIdPList($incommonidps);
$idps = static::getCompositeIdPList($samlidps);

$skin = Util::getSkin();

Expand Down Expand Up @@ -427,7 +427,7 @@ public static function printWAYF($showremember = true, $incommonidps = false)
<div>
';

if ($incommonidps) { // InCommon IdPs only means running from /testidp/
if ($samlidps) { // SAML-based IdPs only means running from /testidp/
echo '
<p>
CILogon facilitates secure access to CyberInfrastructure
Expand Down Expand Up @@ -2460,22 +2460,36 @@ public static function getMachineHostname($idp = '')
* IdPs based on the skin's whitelist/blacklist and the global
* blacklist file. For the TestIdP page, the list is all InCommon IdPs.
*
* @param bool $incommonidps (Optional) Show all InCommon IdPs in
* @param bool $samlidps (Optional) Show all SAML-based IdPs in
* selection list? Defaults to false, which means show only
* whitelisted IdPs.
* @return array A two-dimensional array where the primary key is the
* entityID and the secondary key is either 'Display_Name'
* or 'Organization_Name'.
*/
public static function getCompositeIdPList($incommonidps = false)
public static function getCompositeIdPList($samlidps = false)
{
$retarray = array();

$idplist = Util::getIdpList();
if ($incommonidps) { // Get all InCommon IdPs only
$retarray = $idplist->getInCommonIdPs();
} else { // Get the whitelisted InCommon IdPs, plus maybe OAuth2 IdPs
$retarray = $idplist->getWhitelistedIdPs();
if ($samlidps) { // Get all SAML-based IdPs only
$retarray = $idplist->getSAMLIdPs();
} else { // Get the selected InCommon IdPs, plus maybe OAuth2 IdPs
$skin = Util::getSkin();

// Check if the skin's config.xml has set the
// 'registeredbyincommonidps' option, which restricts the SAML-
// based IdPs to those with the <Registered_By_InCommon> tag.
// Otherwise, just get the SAML-based IdPs that have the
// <Whitelisted> tag. Note that the skin's <idpwhitelist>
// is still consulted in either case (below).
$registeredbyincommonidps = $skin->getConfigOption('registeredbyincommonidps');
if ((!is_null($registeredbyincommonidps)) &&
((int)$registeredbyincommonidps == 1)) {
$retarray = $idplist->getRegisteredByInCommonIdPs();
} else {
$retarray = $idplist->getWhitelistedIdPs();
}

// Add all OAuth2 IdPs to the list
foreach (Util::$oauth2idps as $key => $value) {
Expand All @@ -2486,7 +2500,6 @@ public static function getCompositeIdPList($incommonidps = false)
// Check to see if the skin's config.xml has a whitelist of IDPs.
// If so, go thru master IdP list and keep only those IdPs in the
// config.xml's whitelist.
$skin = Util::getSkin();
if ($skin->hasIdpWhitelist()) {
foreach ($retarray as $entityId => $names) {
if (!$skin->idpWhitelisted($entityId)) {
Expand Down
51 changes: 36 additions & 15 deletions src/Service/IdpList.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@
/**
* IdpList
*
* This class manages the list of InCommon IdPs and their
* This class manages the list of SAML-based IdPs and their
* attributes of interest. Since the InCommon-metadata.xml
* file is rather large and slow to parse using xpath
* queries, this class creates/reads/writes a smaller
Expand Down Expand Up @@ -1077,9 +1077,9 @@ public function isSIRTFI($entityID)
}

/**
* getInCommonIdPs
* getSAMLIdPs
*
* This method returns a two-dimensional array of InCommon IdPs.
* This method returns a two-dimensional array of SAML-based IdPs.
* The primary key of the array is the entityID, the secondary key is
* either 'Organization_Name' (corresponds to OrganizationDisplayName)
* or 'Display_Name' (corresponds to mdui:DisplayName).
Expand All @@ -1088,14 +1088,15 @@ public function isSIRTFI($entityID)
* only whitelisted IdPs, 2 means list only R&S IdPs.
*
* @param int $filter
* null => all InCommonIdPs
* 0 => non-whitelisted InCommon IdPs
* 1 => whitelisted InCommon IdPs
* 2 => R&S InCommon IdPs
* $return array An array of InCommon IdP Organization Names and Display
* null => all SAML-based IdPs
* 0 => non-whitelisted SAML-based IdPs
* 1 => whitelisted SAML-based IdPs
* 2 => R&S SAML-based IdPs
* 3 => whitelisted "Registered By InCommon" IdPs
* $return array An array of SAML-based IdP Organization Names and Display
* Names, possibly filtered by whitelisted / non-whitelisted / R&S.
*/
public function getInCommonIdPs($filter = null)
public function getSAMLIdPs($filter = null)
{
$retarr = array();

Expand All @@ -1106,7 +1107,11 @@ public function getInCommonIdPs($filter = null)
(($filter === 1) &&
(!$this->isWhitelisted($key))) ||
(($filter === 2) &&
(!$this->isRandS($key)))) {
(!$this->isRandS($key))) ||
(($filter === 3) &&
(!$this->isRegisteredByInCommon($key)) ||
(!$this->isWhitelisted($key)))
) {
continue;
}
$retarr[$key]['Organization_Name'] = $this->idparray[$key]['Organization_Name'];
Expand All @@ -1121,27 +1126,29 @@ public function getInCommonIdPs($filter = null)
*
* This method returns an array of non-whitelisted IdPs where the
* keys of the array are the entityIDs and the values are the
* pretty print Organization Names.
* pretty print Organization Names. Note that this essentially
* returns the IdPs in the blacklist.txt file.
*
* @return array An array of non-whitelisted IdPs.
*/
public function getNonWhitelistedIdPs()
{
return $this->getInCommonIdPs(0);
return $this->getSAMLIdPs(0);
}

/**
* getWhitelistedIdPs
*
* This method returns an array of whitelisted IdPs where the keys
* of the array are the entityIDs and the values are the
* pretty print Organization Names.
* pretty print Organization Names. Note that this returns all of the
* IdPs not in the blacklist.txt file.
*
* @return array An array of whitelisted IdPs.
*/
public function getWhitelistedIdPs()
{
return $this->getInCommonIdPs(1);
return $this->getSAMLIdPs(1);
}

/**
Expand All @@ -1155,7 +1162,21 @@ public function getWhitelistedIdPs()
*/
public function getRandSIdPs()
{
return $this->getInCommonIdPs(2);
return $this->getSAMLIdPs(2);
}

/**
* getRegisteredByInCommonIdPs
*
* This method returns an array of IdPs that have been tagged as
* "Registered_By_InCommon". The keys of the array are the entityIDs
* and the values are the pretty print Organization Names.
*
* @return array An array of Research and Scholarship (R&S) IdPs.
*/
public function getRegisteredByInCommonIdPs()
{
return $this->getSAMLIdPs(3);
}

/**
Expand Down

0 comments on commit a0a2c22

Please sign in to comment.