public static function getEGIAAIRoleMappings($key)
{
$res = array();
$roles = explode('\\n', ApplicationConfiguration::saml('egiaai.entitlements.' . $key, ''));
foreach ($roles as $role) {
$role = explode('=', $role);
if (count($role) <= 1) {
continue;
}
$local = $role[0];
$remote = explode(';', $role[1]);
if (count($remote) === 0) {
continue;
}
$res = array_merge($res, array_fill_keys($remote, $local));
}
return $res;
}
/**
* Checks if requestor is allowed to view saml user information.
* This function is based on saml.profile.allow values in application.ini.
*
* @return boolean
*/
private function isAllowedProfileDataDomain()
{
$ref = isset($_SERVER['HTTP_REFERER']) && trim($_SERVER['HTTP_REFERER']) !== '' ? trim($_SERVER['HTTP_REFERER']) : '';
if ($ref === '') {
return false;
}
$allowed = explode(';', ApplicationConfiguration::saml('profile.allow', ''));
if (count($allowed) === 0) {
return false;
}
if (count($allowed) === 1) {
if ($allowed[0] === '') {
return false;
} else {
if ($allowed[0] === '*') {
return true;
}
}
}
$url = parse_url($ref);
$domain = $url['scheme'] . '://' . $url['host'];
foreach ($allowed as $allow) {
$pregallow = '/^' . str_replace('_________', '\\w+', preg_quote(str_replace('*', '_________', trim($allow)), '/')) . '$/';
$matches = null;
preg_match($pregallow, $domain, $matches);
if (count($matches) > 0) {
return true;
}
}
return false;
}
