Object to BaseObject, and SamlSettings

Author: lucidprogrammer

README.md

@@ -48,9 +48,26 @@ Yii configuration straightforward, just add the following in your config/web.php
 ```
 'user' => [
     'class' => 'lucidprogrammer\simplesamlphp\SamlUser',
+    //idAttribute is mandatory
+    //for example, if your IDP is sending a SAML payload which has ID, you may do as follows
+    'idAttribute' => 'ID',
+    //if you want to map IDP provided attributes to something else, you may do additional mappings as name value pairs.
+    //following are some examples, not mandatory
+    'firstName' => 'givenName',
+    'company' => 'companyName',
 ],
 
 ```
+ADFS example,
+```
+'user' => [
+    'class' => 'lucidprogrammer\simplesamlphp\SamlUser',
+    //for example, if your IDP is ADFS, and you want to use email address as the unique ID
+    'idAttribute' => 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress',
+],
+
+```
+
 
 ### Note on enabling authentication for a route using yii2
 
@@ -80,6 +97,14 @@ After the component is installed, the moment you hit the site/about page, it sho
 So, if you want to do SAML provided attributes and want to implement a fine grained access control, yii2 makes it easy.
 
 ### Note on yii2 login link.
-If your application has links to login, for example, 'site/#', you need to change to _saml/#.
+If your application has links to login, for example, 'site/#', you need to change to _saml/#._
 
 However, it is best if you use Yii::$app->user->loginUrl[0], so it will take whatever is the correct loginUrl, so it will work with or without this plugin.
+
+# Changelog
+
+02 March 2018
+http://www.yiiframework.com/doc-2.0/yii-base-object.html
+The class name `Object` is invalid since PHP 7.2, use [[BaseObject]] instead.
+Added SamlSettings options for easy configuration.
+Tested with ADFS 3.0, Windows 2012 R2 & simplesamlphp (IDP)

src/Saml.php

@@ -10,9 +10,9 @@
  */
 
 namespace lucidprogrammer\simplesamlphp;
-use yii\base\Object;
+use yii\base\BaseObject;
 
-class Saml extends Object {
+class Saml extends BaseObject {
 
     /**
      * Authentication source you will use.

src/SamlIdentity.php

@@ -14,11 +14,11 @@
 
 
 use yii;
-use yii\base\Object;
+use yii\base\BaseObject;
 use yii\web\IdentityInterface;
 use lucidprogrammer\simplesamlphp\SamlIdentity;
 
-class SamlIdentity extends Object implements IdentityInterface {
+class SamlIdentity extends BaseObject implements IdentityInterface {
 
   public $id;
   public $attributes;
@@ -43,8 +43,9 @@ public static function findIdentity($id)
     {
       $attributes = Yii::$container->get('saml')->getAttributes();
       if(sizeof($attributes) > 0){
+        // just in case the user didn't set idAttribute, give something anyway, he can troubleshoot later instead of throwing errors here
         $id = mt_rand();
-        $uniqueIdentifierFromIdp = getenv('IDP_PROVIDED_USER_IDENTIFIER_NAME') ? getenv('IDP_PROVIDED_USER_IDENTIFIER_NAME') : '';
+        $uniqueIdentifierFromIdp = Yii::$container->get('samlsettings')->idAttribute ? Yii::$container->get('samlsettings')->idAttribute : '';
         if($uniqueIdentifierFromIdp){
           $id = $attributes[$uniqueIdentifierFromIdp] && count($attributes[$uniqueIdentifierFromIdp])>0 ? $attributes[$uniqueIdentifierFromIdp][0] : $id;
         }
@@ -86,7 +87,15 @@ public static function findIdentityByAccessToken($token, $type = null)
 
     public function __get($name)
     {
-        return isset($this->attributes[$name]) ? $this->attributes[$name][0] : null;
+      $result = null;
+      $mappings = Yii::$container->get('samlsettings')->mappings;
+      if(isset($mappings[$name]))
+      {
+        $result = isset($this->attributes[$mappings[$name]]) ? $this->attributes[$mappings[$name]][0] : null;
+      } else {
+        $result = isset($this->attributes[$name]) ? $this->attributes[$name][0] : null;
+      }
+        return $result;
     }
 
 

src/SamlSettings.php

@@ -0,0 +1,27 @@
+<?php
+/**
+ * Saml Object which uses the simplesamlphp project
+ *
+ * @see https://simplesamlphp.org
+ * @author     Lucid Programmer<lucidprogrammer@hotmail.com>
+ * @copyright  2017 Lucid Programmer
+ * @license    https://github.com/lucidprogrammer/yii2-simplesamlphp/blob/master/README.md
+ * @link       https://github.com/lucidprogrammer/yii2-simplesamlphp
+ */
+
+namespace lucidprogrammer\simplesamlphp;
+use yii\base\BaseObject;
+
+class SamlSettings extends BaseObject {
+var $idAttribute;
+var $mappings;
+
+  public function __construct ( $idAttribute, $mappings=[], $config = [] ){
+          $this->idAttribute = $idAttribute;
+          $this->mappings = $mappings;
+          parent::__construct ( $config = [] );
+    }
+
+
+
+}

src/SamlUser.php

@@ -13,9 +13,24 @@
 
 use yii;
 use yii\web\User;
+use ArrayObject;
+use lucidprogrammer\simplesamlphp\SamlSettings;
 
 class SamlUser extends User
 {
+
+  function __construct($attributes=[]) {
+    $idAttribute = null;
+    $mappings = null;
+    if(array_key_exists('idAttribute', $attributes)){
+      $idAttribute = $attributes['idAttribute'];
+      $mappings = (new ArrayObject($attributes))->getArrayCopy();
+      unset($mappings['idAttribute']);
+      $mappings = array_values($mappings);
+    }
+    Yii::$container->set('samlsettings',new SamlSettings($idAttribute,$mappings,[]));
+    parent::__construct();
+  }
   /**
   * changing the loginUrl and identityClass
   * so while configuring yii2, just point to the user class and all other auth rules should automatically work.

src/_SamlController.php

@@ -22,8 +22,9 @@ public function actionLogin(){
       Yii::$container->get('saml')->requireAuth();
     } else {
       $attributes = Yii::$container->get('saml')->getAttributes();
+      // just in case the user didn't set idAttribute, give something anyway, he can troubleshoot later instead of throwing errors here
       $id = mt_rand();
-      $uniqueIdentifierFromIdp = getenv('IDP_PROVIDED_USER_IDENTIFIER_NAME') ? getenv('IDP_PROVIDED_USER_IDENTIFIER_NAME') : '';
+      $uniqueIdentifierFromIdp = Yii::$container->get('samlsettings')->idAttribute ? Yii::$container->get('samlsettings')->idAttribute : '';
       if($uniqueIdentifierFromIdp){
         $id = $attributes[$uniqueIdentifierFromIdp] && count($attributes[$uniqueIdentifierFromIdp])>0 ? $attributes[$uniqueIdentifierFromIdp][0] : $id;
       }