Attribute Conversion library for simpleSAMLphp

EduGAIN

This library is intented to be configuration-compatible with the eduGAIN Attribute_Conversion_for_eduGAIN Java library. The module can read the eduGAIN converter and filter engine XML configuration and should operate the same way.

Configuration files

The eduGAIN attribute converter and filter module defines its own XML schema for attribute conversion and attribute filtering purposes. See the Attribute_Conversion_for_eduGAIN page for configuration reference.

SimpleSAMLphp module

EduGAIN is available for simpleSAMLphp as an authentication processing filter: edugain:Attributes. The Attributes processing filter takes the following configuration properties:

 'authproc' => array(
   50 => array(
    'class' => 'edugain:Attributes',
    'mode' => 'idp',
    'converterconfig' => '/path/to/AttributeConverter.xml',
    'filterconfig' => '/path/to/AttributeFilter.xml',
    'cache' => true
   )
 )

• class: defines the eduGAIN filter for simpleSAMLphp.
• mode: configures the way this module operates (idp or sp). See the #Operating_modes section below for more.
• converterconfig: configures the path of the attribute converter configuration xml file.
• filterconfig: configures the path of the attribute filter configuration xml file.
• cache: enables (default) or disables the internal configuration cache. See the #Configuration_cache section below for more.

Operating modes

EduGAIN module can be ran in two modes, idp or sp. This mode affects two behaviors: the provider matching and the filtering.

• in idp mode, attribute filter is ran after conversion and the RemoteProvider match is done against the SP which initiated the SSO session.
• in sp mode, attribute filter is ran before conversion and the RemoteProvider match is done against the IdP which released the attributes to our simpleSAMLphp SP.

In eduGAIN terms, the idp mode is often referred as home bridging element, and sp is referred as remote bridging element.

Configuration cache