/**
* Returns an array with attributes that are released to each SP.
*
* We check if there is an ARP and then return this otherwise all attributes we have gotten.
*
* @param array $spList all service providers
* @return array with service providers Id's with the ARP
*/
protected function _getSpAttributeList(array $spList)
{
$attributes = $this->_normalizeAttributes();
$results = array();
$serviceRegistryClient = $this->_getServiceRegistryClient();
$enforcer = new EngineBlock_Arp_AttributeReleasePolicyEnforcer();
foreach ($spList as $spId) {
if (!isset($this->spList[$spId])) {
continue;
}
$arp = $serviceRegistryClient->getArp($spId);
if (empty($arp)) {
continue;
}
$results[$spId] = $enforcer->enforceArp(new AttributeReleasePolicy($arp['attributes']), $attributes);
}
return $results;
}
public function execute()
{
$logger = EngineBlock_ApplicationSingleton::getLog();
$enforcer = new EngineBlock_Arp_AttributeReleasePolicyEnforcer();
$attributes = $this->_responseAttributes;
// Get the Requester chain, which starts at the oldest (farthest away from us SP) and ends with our next hop.
$requesterChain = EngineBlock_SamlHelper::getSpRequesterChain($this->_serviceProvider, $this->_request, $this->_server->getRepository());
// Note that though we should traverse in reverse ordering, it doesn't make a difference.
// A then B filter or B then A filter are equivalent.
foreach ($requesterChain as $spMetadata) {
$spEntityId = $spMetadata->entityId;
$arp = $this->getMetadataRepository()->fetchServiceProviderArp($spMetadata);
if (!$arp) {
continue;
}
$logger->info("Applying attribute release policy for {$spEntityId}");
$attributes = $enforcer->enforceArp($arp, $attributes);
}
$this->_responseAttributes = $attributes;
}
protected function _doEnforceArp($arp, $responseAttributes = array())
{
$responseAttributes = empty($responseAttributes) ? $this->_responseAttributes() : $responseAttributes;
return $this->_arpEnforcer->enforceArp($arp === null ? null : new AttributeReleasePolicy($arp), $responseAttributes);
}
