diff --git a/docs/simplesamlphp-reference-idp-hosted.md b/docs/simplesamlphp-reference-idp-hosted.md index dc0fae3424..0e5cb6298e 100644 --- a/docs/simplesamlphp-reference-idp-hosted.md +++ b/docs/simplesamlphp-reference-idp-hosted.md @@ -123,6 +123,37 @@ Common options any value in the SP-remote metadata overrides the one configured in the IdP metadata. +`contacts` +: Specify contacts in addition to the technical contact configured through config/config.php. + For example, specifying a support contact: + + 'contacts' => array( + array( + 'contactType' => 'support', + 'emailAddress' => 'support@example.org', + 'givenName' => 'John', + 'surName' => 'Doe', + 'telephoneNumber' => '+31(0)12345678', + 'company' => 'Example Inc.', + ), + ), + +: If you have support for a trust framework that requires extra attributes on the contact person element in your IdP metadata (for example, SIRTFI), you can specify an array of attributes on a contact. + + 'contacts' => array( + array( + 'contactType' => 'other', + 'emailAddress' => 'mailto:abuse@example.org', + 'givenName' => 'John', + 'surName' => 'Doe', + 'telephoneNumber' => '+31(0)12345678', + 'company' => 'Example Inc.', + 'attributes' => array( + 'xmlns:remd' => 'http://refeds.org/metadata', + 'remd:contactType' => 'http://refeds.org/metadata/contactType/security', + ), + ), + ), SAML 2.0 options ---------------- diff --git a/lib/SimpleSAML/Metadata/SAMLBuilder.php b/lib/SimpleSAML/Metadata/SAMLBuilder.php index 35156f7dbe..90451b7130 100644 --- a/lib/SimpleSAML/Metadata/SAMLBuilder.php +++ b/lib/SimpleSAML/Metadata/SAMLBuilder.php @@ -688,6 +688,10 @@ public function addContact($type, $details) $e = new \SAML2\XML\md\ContactPerson(); $e->contactType = $type; + if (!empty($details['attributes'])) { + $e->ContactPersonAttributes = $details['attributes']; + } + if (isset($details['company'])) { $e->Company = $details['company']; } diff --git a/lib/SimpleSAML/Utils/Config/Metadata.php b/lib/SimpleSAML/Utils/Config/Metadata.php index d9f9328352..2bf4b480a4 100644 --- a/lib/SimpleSAML/Utils/Config/Metadata.php +++ b/lib/SimpleSAML/Utils/Config/Metadata.php @@ -27,6 +27,12 @@ class Metadata /** + * Valid options for the ContactPerson element + * + * The 'attributes' option isn't defined in section 2.3.2.2 of the OASIS document, but + * it is required to allow additons to the main contact person element for trust + * frameworks. + * * @var array The valid configuration options for a contact configuration array. * @see "Metadata for the OASIS Security Assertion Markup Language (SAML) V2.0", section 2.3.2.2. */ @@ -37,6 +43,7 @@ class Metadata 'surName', 'telephoneNumber', 'company', + 'attributes', ); @@ -108,6 +115,16 @@ function ($t) { throw new \InvalidArgumentException('"contactType" is mandatory and must be one of '.$types."."); } + // check attributes is an associative array + if (isset($contact['attributes'])) { + if (empty($contact['attributes']) + || !is_array($contact['attributes']) + || count(array_filter(array_keys($contact['attributes']), 'is_string')) === 0 + ) { + throw new \InvalidArgumentException('"attributes" must be an array and cannot be empty.'); + } + } + // try to fill in givenName and surName from name if (isset($contact['name']) && !isset($contact['givenName']) && !isset($contact['surName'])) { // first check if it's comma separated diff --git a/tests/lib/SimpleSAML/Utils/Config/MetadataTest.php b/tests/lib/SimpleSAML/Utils/Config/MetadataTest.php index 3189834386..95f0aa547c 100644 --- a/tests/lib/SimpleSAML/Utils/Config/MetadataTest.php +++ b/tests/lib/SimpleSAML/Utils/Config/MetadataTest.php @@ -215,6 +215,7 @@ public function testGetContact() } $contact['contactType'] = 'technical'; $contact['name'] = 'to_be_removed'; + $contact['attributes'] = array('test' => 'testval'); $parsed = Metadata::getContact($contact); foreach (array_keys($parsed) as $key) { $this->assertEquals($parsed[$key], $contact[$key]);