File: authproc_cardinalitysingle.md

package info (click to toggle)
simplesamlphp 1.19.7-2
  • links: PTS, VCS
  • area: main
  • in suites: sid
  • size: 42,920 kB
  • sloc: php: 202,044; javascript: 14,867; xml: 2,700; sh: 225; perl: 82; makefile: 70; python: 5
file content (88 lines) | stat: -rw-r--r-- 3,227 bytes parent folder | download | duplicates (4) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
 
`core:CardinalitySingle`
========================

Ensure the correct cardinality of single-valued attributes. This filter is a special case
of the more generic [`core:Cardinality`](./core:authproc_cardinality) filter that allows for optional corrective measures
when multi-valued attributes are received where single-valued ones are expected.

Parameters
----------

This filter implements a number of optional parameters:

`singleValued`
:   array of attribute names that *must* be single-valued, or a 403 error is generated.

`firstValue`
:   array of attribute names where only the first value of a multi-valued assertion should be returned.

`flatten`
:   array of attribute names where a multi-valued assertion is flattened into a single delimited string.

`flattenWith`
:   the delimiter for `flatten`. Defaults to ";".

`ignoreEntities`
:   array of entity IDs that should be ignored for testing, etc purposes.

When the same attribute name appears in multiple stanzas, they are processed in the order above.

Examples
--------

Abort with an error if any attribute defined as single-valued in the eduPerson or SCHAC schemas exists and has more than one value:

    'authproc' => array(
        50 => array(
            'class' => 'core:CardinalitySingle',
            'singleValued' => array(
                /* from eduPerson (internet2-mace-dir-eduperson-201602) */
                'eduPersonOrgDN', 'eduPersonPrimaryAffiliation', 'eduPersonPrimaryOrgUnitDN',
                'eduPersonPrincipalName', 'eduPersonUniqueId',
                /* from inetOrgPerson (RFC2798), referenced by internet2-mace-dir-eduperson-201602 */
                'displayName', 'preferredLanguage',
                /* from SCHAC-IAD Version 1.3.0 */
                'schacMotherTongue', 'schacGender', 'schacDateOfBirth', 'schacPlaceOfBirth',
                'schacPersonalTitle', 'schacHomeOrganization', 'schacHomeOrganizationType',
                'schacExpiryDate',
            ),
        ),
    ),

Abort if multiple values are received for `eduPersonPrincipalName`, but take the first value for `eduPersonPrimaryAffiliation`:

    'authproc' => array(
        50 => array(
            'class' => 'core:CardinalitySingle',
            'singleValued' => array('eduPersonPrincipalName'),
            'firstValue' => array('eduPersonPrimaryAffiliation'),
            ),
        ),
    ),

Construct `eduPersonPrimaryAffiliation` using the first value in `eduPersonAffiliation`:

    'authproc' => array(
        50 => array(
            'class' => 'core:AttributeCopy',
            'eduPersonAffiliation' => 'eduPersonPrimaryAffiliation',
        ),
        51 => array(
            'class' => 'core:CardinalitySingle',
            'firstValue' => array('eduPersonPrimaryAffiliation'),
        ),
    ),

Construct a single, comma-separated value version of `eduPersonAffiliation`:

    'authproc' => array(
        50 => array(
            'class' => 'core:AttributeCopy',
            'eduPersonAffiliation' => 'eduPersonAffiliationWithCommas',
        ),
        51 => array(
            'class' => 'core:CardinalitySingle',
            'flatten' => array('eduPersonAffiliationWithCommas'),
			'flattenWith' => ',',
        ),
    ),