547
szerkesztés
Módosítások
nincs szerkesztési összefoglaló
'''Beyond eduGAIN, you can use this module for every IdP or SP operating mode (shib13 SP/IdP, saml2 SP/IdP) of simpleSAMLphp in order to provide more powerful attribute conversion and filtering capabilities.'''
== Download and support ==
You can download the module from [https://www.aai.niif.hu/ssp-attributes here]. The module is in beta stage, it needs broader community review. It is not yet recommended for production environments.
If you have any questions regarding the module, please write to '''aai _aT_ niif _dOt hu''.
For changelogs please visit the [https://repo.niif.hu/gitweb/gitweb.cgi?p=simplesamlphp-edugain project repository].
== Compatibility ==
== Configuration file ==
The simpleSAMLphp eduGAIN module reads the eduGAIN XML configuration format and transforms it into php arrays using XSL transformation. The submodules (''edugain:SplitMerge'' and ''edugain:Filter'') are configured automatically by the edugain:Attributes class.
PHP configuration interface for these filters are not supported at the moment and may be subject to change, so please use the XML configuration.
== Differences between the Java and the PHP implementations ==
* There is no '''CustomRule''' for attribute conversion. One can use simpleSAMLphp authentication processing filter API to implement arbitrary conversion rules.
* '''LocalProvider''' matching is unsupported in simpleSAMLphp. Unfortunately when simpleSAMLphp is in bridging mode (using the SP module to protect an IdP), the IdP processing filters do not see the peer entity of the SP module. However, you can achieve the correct behavior by putting one ''edugain:Attributes'' processing filter in the SP configuration and use '''RemoteProvider''' matches to filter and convert attributes there.
* You don't need to use a separate attribute name mapper, because simpleSAMLphp contains built-in '''name2oid''','''oid2name''', '''name2urn''' and '''urn2name''' methods, which provide the same functionality.
* Regular expressions are somewhat different in PHP. The eduGAIN module uses perl-compatible regular expressions (see [http://hu.php.net/manual/en/function.preg-match.php preg_match documentation] for details). Plus, the reading of the configuration involves ''eval'', and thus it swallows the escaping characters. So if one wants to escape something in their regular expressions, double-escaping is needed (eg. 'foo\\.bar' instead of 'foo\.bar').{{TODO_EN|Double escaping sucks. We are looking for solutions to circumvent this limitation}}[[Kategória: AAI]][[Kategória: english]][[Kategória: simplesamlphp]]
