...
Implementation of AA with SimpleSAMLphp
...
We can start out with a stock simpleSAMLphp. Currently (20 June, 2016) this is version 1.14.4. : https://simplesamlphp.org/
The "Attribute Authority" module has to be added to this installation: https://github.com/NIIF/simplesamlphp-module-aa
This provides the functionality for handling Attribute Queries.
After that, we need to create a new Authentication Processing Filter by extending SimpleSAML_Auth_ProcessingFilter. The best way to implement this is to create a new module called "comanage" or similar.
The important part of the code should look like this:
| Code Block |
|---|
class sspmod_comanage_Auth_Process_Comanage extends SimpleSAML_Auth_ProcessingFilter
{
public function __construct($config, $reserved) {
//fetch config
}
public function process(&$state) {
$nameId = $state['Attributes'][(configured nameId)][0];
$spid = $state['Destination']['entityid'];
// database lookup comes here
$state['Attributes'] = //set the attributes to return
}
}
|
Then ssp has to be configured to use the newly created module in config/config.php
| Code Block |
|---|
authproc.aa = array(
...
'60' => array(
'class' => 'comanage:Comanage',
'nameId_attribute_name' => 'subject_nameid', // look at the aa authsource config
'comanage_db_host' => '()',
'comanage_db_port' => '()',
'comanage_db_dbname' => '()',
'comanage_db_user' => '()',
'comanage_db_password' => '()'
),
|