SAML attributes processing updated.

msyk · Jun 18, 2024 · 4109691 · 4109691
1 parent 1903b00
commit 4109691
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 1 deletion.
diff --git a/dist-docs/change_log.txt b/dist-docs/change_log.txt
@@ -18,6 +18,7 @@ Ver.13 (In Development)
 - The IMLibContext class has new property 'count', 'resultCount' and 'totalCount' about results of queried recordset.
 - The enrollment and password reset samples are updated. They are in samples/Auth_Support/User_Enrollment and PasswordReset.
 - The mailtemplate editing page is added in samples/Mail_Support/MySQL_mailtemplate.html
+- Field values from SAML attributes can merge from multiple entries.
 - [BUG FIX] On the Ver.12, SAML authentication didn't work in spite of Ver.11 can do. It didn't check with SAML manual
   test on Ver.12 after added types to php codes. Ver.13 works SAML.
 

diff --git a/params.php b/params.php
@@ -187,6 +187,7 @@
 //$samlExpiringSeconds = 1800;
 //$samlWithBuiltInAuth = true;
 //$samlAttrRules = ['username' => 'uid|0', 'realname' => 'eduPersonAffiliation|0'];
+// for Active Directory LDAP ['username' => 'cn|0', 'realname' => ['sn|0','givenName|0'], 'email' => 'mail|0']
 //$samlAdditionalRules = ['username' => '(user02|user03)'];
 
 // $extraButtons for additional buttons followed by the "SAML" button of authenticating panel.

diff --git a/src/php/SAMLAuth.php b/src/php/SAMLAuth.php
@@ -16,6 +16,7 @@
 
 namespace INTERMediator;
 
+use INTERMediator\DB\Logger;
 use SimpleSAML\Auth\Simple;
 
 /**
@@ -121,11 +122,22 @@ private function getValuesWithRule(string $rule): string
         $returnValue = null;
         $attributes = $this->authSimple->getAttributes();
         $comps = explode('|', $rule);
-        if (isset($attributes[$comps[0]][$comps[1]]) && count($comps) == 2) {
+        if (is_array($rule)) {
+            $returnValue = '';
+            foreach ($rule as $item) {
+                $returnValue = ((strlen($returnValue) > 0) ? ' ' : '') . $returnValue;
+                $returnValue .= $this->getValuesWithRule($item);
+            }
+        } else if (isset($attributes[$comps[0]][$comps[1]]) && count($comps) == 2) {
             $returnValue = $attributes[$comps[0]][$comps[1]];
         } else if (isset($attributes[$rule])) {
             $returnValue = $attributes[$rule];
         }
+        if (is_null($returnValue)) {
+            Logger::getInstance()->setWarningMessage('You have to set up the variable $samlAttrRules in params.php'
+                . ' to get the any value from saml attributes.');
+            $returnValue = '';
+        }
         return $returnValue;
     }