Add requestedAttributes to Metadata

Created on 12 September 2023, over 1 year ago
Updated 21 September 2023, over 1 year ago

Problem/Motivation

In a SAML request I need to specify the attributes I need to collect in an attributeConsumingService object with requestedAttributes.
I can't seem to find a config, where I can add these.

Am I missing it or is it just not a feature (yet)?

I have hardcoded them in the SamlService::reformatConfig to see it work.
The part I am adding is like this:

  protected static function reformatConfig(ImmutableConfig $config, $base_url = '', $purpose = '', KeyRepositoryInterface $key_repository = NULL) {
    $library_config = [
      'debug' => (bool) $config->get('debug_phpsaml'),
      'sp' => [
        'entityId' => $config->get('sp_entity_id'),

        'attributeConsumingService' => [
          "serviceName" => "Ignored",
          "requestedAttributes" => [
            [
              "name" => "https://data.gov.dk/model/core/specVersion",
              "isRequired" => true,
              "nameFormat" => "urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
            ],
            ...
          ]
        ],

        'assertionConsumerService' => [
Feature request
Status

Active

Version

3.0

Component

Code

Created by

🇩🇰Denmark nicklasmf

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

  • Issue created by @nicklasmf
  • Open on Drupal.org →
    Core: 9.5.5 + Environment: PHP 7.4 & MySQL 5.7
    last update over 1 year ago
    Not currently mergeable.
  • @nicklasmf opened merge request.
  • Open in Jenkins → Open on Drupal.org →
    Core: 9.5.5 + Environment: PHP 7.4 & MySQL 5.7
    last update over 1 year ago
    2 fail
  • Open in Jenkins → Open on Drupal.org →
    Core: 9.5.5 + Environment: PHP 7.4 & MySQL 5.7
    last update over 1 year ago
    2 fail
  • Open in Jenkins → Open on Drupal.org →
    Core: 9.5.5 + Environment: PHP 7.4 & MySQL 5.7
    last update over 1 year ago
    2 fail
  • 🇳🇱Netherlands roderik Amsterdam,NL / Budapest,HU

    Thanks for the merge request. You're not missing anything; noone has asked for this before. And I wasn't aware of requestedAttributes.

    (For the errors: you should just be able to make line 1033 if ($config->get('requested_attributes')) { I think. Also if you now open the form without having anything attributes configured, it's showing the same error on screen.)

    I'm having initial thoughts that compete with this, and I'm not sure yet where they're going:

    • When I initially saw your request, I figured it would be an extra argument for some 'additional_options' in settings.php mentioned in Possibility to add OneLogin config items like Contacts Active . Although on the other hand... you're proving out that things aren't all that hard to implement with the multivalue element, so maybe that one could also be implemented that way.
    • I'm guessing that for many people, their requestedAttributes are equal to the fields they want to map using the samlauth_user_fields submodule. (Although I see how not all people that need requestedAttributes, want to use exactly this mapping.) So I'm kind-of wondering if we can prevent a duplicate list of attributes.

    (And the samlauth_user_fields edit screen is not a multivalue thing, because

    • i foresaw some kind of extension / things becoming unwieldy, at some point
    • it means administrators need to do a lot of clicking, but hey, it's a one-time setup...
Production build 0.71.5 2024