From 3c5bc3efaeda15aa8df4846c12ede1734e8a9c64 Mon Sep 17 00:00:00 2001
From: Martin <martin.vanes@surf.nl>
Date: Mon, 30 Aug 2021 17:14:34 +0200
Subject: [PATCH] Add subject and pairwise-id

---
 config/logins.json                  |  2 ++
 metadata/saml20-idp-hosted.php      | 19 ++++++++++++++++---
 modules/customauth/www/authpage.php | 12 ++++++++++++
 3 files changed, 30 insertions(+), 3 deletions(-)

diff --git a/config/logins.json b/config/logins.json
index 77cf0b4..3484047 100644
--- a/config/logins.json
+++ b/config/logins.json
@@ -8,6 +8,8 @@
         "uid": [
           "jstiglitz"
         ],
+	"pairwise-id": "jstiglitz",
+	"subject-id": "jstiglitz",
         "eduPersonTargetedID": "bd0916qef0c2e675b2def4ahe6w50b7d4bb4aae",
         "schacHomeOrganization": "harvard-example.edu",
         "eduPersonPrincipalName": "stiglitz@harvard-example.edu",
diff --git a/metadata/saml20-idp-hosted.php b/metadata/saml20-idp-hosted.php
index a2a373e..0b2afb2 100644
--- a/metadata/saml20-idp-hosted.php
+++ b/metadata/saml20-idp-hosted.php
@@ -94,14 +94,27 @@ $metadata['__DYNAMIC:1__'] = [
 	  'identifyingAttribute' => 'eduPersonTargetedId',
 	  'nameId' => TRUE,
 	],
-        8 => [
+	8 => [
+	  'class' => 'subjectidattrs:PairwiseID',
+	  'identifyingAttribute' => 'pairwise-id',
+          'scopeAttribute' => 'scope',
+	],
+	9 => [
+	  'class' => 'subjectidattrs:SubjectID',
+	  'identifyingAttribute' => 'subject-id',
+          'scopeAttribute' => 'scope',
+	],
+        15 => [
           'class' => 'core:PHP',
           'code' => '
             unset($attributes["eduPersonTargetedId"]);
+            unset($attributes["pairwise-id"]);
+            unset($attributes["subject-id"]);
+            unset($attributes["scope"]);
           ',
-        ],	
+	],
         // Convert LDAP names to urn.
-	10 => [
+	20 => [
 	  'class' => 'core:AttributeMap',
 	  'name2oid'
 	],
diff --git a/modules/customauth/www/authpage.php b/modules/customauth/www/authpage.php
index 6487068..d81d71f 100644
--- a/modules/customauth/www/authpage.php
+++ b/modules/customauth/www/authpage.php
@@ -68,6 +68,18 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
 
     $attributes = @$_POST['keys'] or [];
 
+    // Fix subject scope
+    $scope = "dummy.org";
+    if (isset($attributes['schacHomeOrganization'])) {
+        $scope = $attributes['schacHomeOrganization'];
+    } elseif (isset($attributes['eduPersonScopedAffiliation'])) {
+        $scope = explode("@", explode(",", $attributes['eduPersonScopedAffiliation'])[0])[1];
+    } elseif (isset($attributes['eduPersonPrincipalName'])) {
+        $scope = explode("@", $attributes['eduPersonPrincipalName'])[1];
+    }
+    $attributes['scope'] = $scope;
+    //SimpleSAML\Logger::warning("Attributes: " . print_r($attributes, true));
+
     foreach ($attributes as $key => $value) {
         $_SESSION['attributes'][$key] = $value;
     }
-- 
GitLab