Topic on Extension talk:SimpleSAMLphp

received attributes as oid not name

2 comments • 12:25, 1 August 2023 1 year ago

2

Caslatcmu (talkcontribs)

The simplesaml/module.php/admin/test/default-sp URL shows my attributes with both "name" and "urn:oid..." values.

In the debug log, I see them only with urn:oid... values.

[SimpleSAMLphp] Received attributes: {"urn:oid:2.16.840.1.113730.3.1.241":["First M Last"],"urn:oid:0.9.2342.19200300.10 0.1.3":["email@domain"],"urn:oid:1.3.6.1.4.1.5923.1.1.1.9":["Staff@domain","Member@domain"],"urn:oid:2. 5.4.42":["First"],"urn:oid:1.3.6.1.4.1.5923.1.1.1.6":["user@domain"],"urn:oid:2.5.4.4":["Last"],"urn:oid:2.5.4.3 ":["First M Last"]}

And when I try to use these in $wgPluggableAuth_Config, only the urn:oid values seem to be valid.

I see the /var/simplesamlphp/attributemap/* files seem to have these defined, but they are not being propagated back to the SimpleSAMLphp and PluggableAuth extensions.

I'm not sure what I'm missing.

Reply 21:00, 28 July 2023 1 year ago

Osnard (talkcontribs)

So these are the attributes you receive:

{
  "urn:oid:2.16.840.1.113730.3.1.241": [
    "First M Last"
  ],
  "urn:oid:0.9.2342.19200300.10 0.1.3": [
    "email@domain"
  ],
  "urn:oid:1.3.6.1.4.1.5923.1.1.1.9": [
    "Staff@domain",
    "Member@domain"
  ],
  "urn:oid:2. 5.4.42": [
    "First"
  ],
  "urn:oid:1.3.6.1.4.1.5923.1.1.1.6": [
    "user@domain"
  ],
  "urn:oid:2.5.4.4": [
    "Last"
  ],
  "urn:oid:2.5.4.3 ": [
    "First M Last"
  ]
}

ATTENTION: The keys look a little bit odd. E.g. "urn:oid:0.9.2342.19200300.10 0.1.3", "urn:oid:2.5.4.3 " and "urn:oid:2. 5.4.42" contain spaces!

OIDRefs

"First M Last" - https://oidref.com/2.16.840.1.113730.3.1.241 -> displayName
"email@domain" - https://oidref.com/0.9.2342.19200300.100.1.3 -> rfc822Mailbox
"Staff@domain", "Member@domain" - https://oidref.com/1.3.6.1.4.1.5923.1.1.1.9 -> ???, probably user groups
"First" - https://oidref.com/2.5.4.42 -> givenName
"user@domain" - https://oidref.com/1.3.6.1.4.1.5923.1.1.1.6 --> ??? probably user ID
"Last" - https://oidref.com/2.5.4.4 -> surname
"First M Last" - https://oidref.com/2.5.4.3 -> commonName

Your config should looks something like this:

$wgPluggableAuth_Config['Log in using my SAML'] = [
	'plugin' => 'SimpleSAMLphp',
	'data' => [
		'authSourceId' => 'default-sp',
		'usernameAttribute' => 'urn:oid:1.3.6.1.4.1.5923.1.1.1.6', //Acctually not used, see "myusername" below
		'realNameAttribute' => 'urn:oid:2.16.840.1.113730.3.1.241',
		'emailAttribute' => 'urn:oid:0.9.2342.19200300.10 0.1.3', //ATTENTION: SPACE!
		'userinfoProviders' => [
			'username' => 'myusername'
		]
	]
];

$wgSimpleSAMLphp_MandatoryUserInfoProviders['myusername'] = [
	'factory' => function() {
		return new \MediaWiki\Extension\SimpleSAMLphp\UserInfoProvider\GenericCallback( function( $attributes ) {
			if ( !isset( $attributes['urn:oid:1.3.6.1.4.1.5923.1.1.1.6'] ) ) {
				throw new Exception( 'No user ID!' );
			}
			$parts = explode( '@', $attributes['urn:oid:1.3.6.1.4.1.5923.1.1.1.6'][0] );
			return strtolower( $parts[0] );
		} );
	}
];

Reply 12:25, 1 August 2023 1 year ago

Reply to "received attributes as oid not name"