„Attribute Conversion for simpleSAMLphp” változatai közötti eltérés

Innen: KIFÜ Wiki
(Operating modes)
(Configuration cache)
37. sor: 37. sor:
  
 
== Configuration cache ==
 
== Configuration cache ==
 +
The simpleSAMLphp eduGAIN module reads the eduGAIN format XML configuration. This XML reading is very time-consuming as every request triggers it. Because of that, the eduGAIN module can cache the XML configuration locally in a directory named ''cache''.
 +
 +
If cache is enabled, the parsed configuration is serialized into a file (named ''md5(full_configuration_file_path).cache.php''). If the XML file modification time is older than the cache file, then the cache is used.
 +
 +
Please note that enabling the cache is strongly recommended in production environment.

A lap 2009. május 12., 15:08-kori változata

Attribute Conversion library for simpleSAMLphp

EduGAIN

This library is intented to be configuration-compatible with the eduGAIN Attribute_Conversion_for_eduGAIN Java library. The module can read the eduGAIN converter and filter engine XML configuration and should operate the same way.

Configuration files

The eduGAIN attribute converter and filter module defines its own XML schema for attribute conversion and attribute filtering purposes. See the Attribute_Conversion_for_eduGAIN page for configuration reference.

SimpleSAMLphp module

EduGAIN is available for simpleSAMLphp as an authentication processing filter: edugain:Attributes. The Attributes processing filter takes the following configuration properties:

 'authproc' => array(
   50 => array(
    'class' => 'edugain:Attributes',
    'mode' => 'idp',
    'converterconfig' => '/path/to/AttributeConverter.xml',
    'filterconfig' => '/path/to/AttributeFilter.xml',
    'cache' => true
   )
 )
  • class: defines the eduGAIN filter for simpleSAMLphp.
  • mode: configures the way this module operates (idp or sp). See the #Operating_modes section below for more.
  • converterconfig: configures the path of the attribute converter configuration xml file.
  • filterconfig: configures the path of the attribute filter configuration xml file.
  • cache: enables (default) or disables the internal configuration cache. See the #Configuration_cache section below for more.

Operating modes

EduGAIN module can be ran in two modes, idp or sp. This mode affects two behaviors: the provider matching and the filtering.

  • in idp mode, attribute filter is ran after conversion and the RemoteProvider match is done against the SP which initiated the SSO session.
  • in sp mode, attribute filter is ran before conversion and the RemoteProvider match is done against the IdP which released the attributes to our simpleSAMLphp SP.

In eduGAIN terms, the idp mode is often referred as home bridging element, and sp is referred as remote bridging element.

Configuration cache

The simpleSAMLphp eduGAIN module reads the eduGAIN format XML configuration. This XML reading is very time-consuming as every request triggers it. Because of that, the eduGAIN module can cache the XML configuration locally in a directory named cache.

If cache is enabled, the parsed configuration is serialized into a file (named md5(full_configuration_file_path).cache.php). If the XML file modification time is older than the cache file, then the cache is used.

Please note that enabling the cache is strongly recommended in production environment.