/** * Returns an array with attributes that are released to each SP. * * We check if there is an ARP and then return this otherwise all attributes we have gotten. * * @param array $spList all service providers * @return array with service providers Id's with the ARP */ protected function _getSpAttributeList(array $spList) { $attributes = $this->_normalizeAttributes(); $results = array(); $serviceRegistryClient = $this->_getServiceRegistryClient(); $enforcer = new EngineBlock_Arp_AttributeReleasePolicyEnforcer(); foreach ($spList as $spId) { if (!isset($this->spList[$spId])) { continue; } $arp = $serviceRegistryClient->getArp($spId); if (empty($arp)) { continue; } $results[$spId] = $enforcer->enforceArp(new AttributeReleasePolicy($arp['attributes']), $attributes); } return $results; }
public function execute() { $logger = EngineBlock_ApplicationSingleton::getLog(); $enforcer = new EngineBlock_Arp_AttributeReleasePolicyEnforcer(); $attributes = $this->_responseAttributes; // Get the Requester chain, which starts at the oldest (farthest away from us SP) and ends with our next hop. $requesterChain = EngineBlock_SamlHelper::getSpRequesterChain($this->_serviceProvider, $this->_request, $this->_server->getRepository()); // Note that though we should traverse in reverse ordering, it doesn't make a difference. // A then B filter or B then A filter are equivalent. foreach ($requesterChain as $spMetadata) { $spEntityId = $spMetadata->entityId; $arp = $this->getMetadataRepository()->fetchServiceProviderArp($spMetadata); if (!$arp) { continue; } $logger->info("Applying attribute release policy for {$spEntityId}"); $attributes = $enforcer->enforceArp($arp, $attributes); } $this->_responseAttributes = $attributes; }
protected function _doEnforceArp($arp, $responseAttributes = array()) { $responseAttributes = empty($responseAttributes) ? $this->_responseAttributes() : $responseAttributes; return $this->_arpEnforcer->enforceArp($arp === null ? null : new AttributeReleasePolicy($arp), $responseAttributes); }