a-menshchikov
commented
2 years ago @montaniasystemab thanks for your help!
Could you explain more details about problem with security contact and php-saml?
Closed montaniasystemab closed 2 years ago
a-menshchikov
commented
2 years ago @montaniasystemab thanks for your help!
Could you explain more details about problem with security contact and php-saml?
montaniasystemab
commented
2 years ago SWAMID would like a ContactPerson that looks like this:
<md:ContactPerson xmlns:remd="http://refeds.org/metadata" contactType="other" remd:contactType="http://refeds.org/metadata/contactType/security">
<md:GivenName>Security Response Team</md:GivenName>
<md:EmailAddress>mailto:abuse@exempel.se</md:EmailAddress>
</md:ContactPerson>However looking at the source of onelogin/php-saml there does not seem to be a way to add attributes to the ContactPerson element in this way:
$contactsInfo[] = <<<CONTACT
<md:ContactPerson contactType="{$type}">
<md:GivenName>{$info['givenName']}</md:GivenName>
<md:EmailAddress>{$info['emailAddress']}</md:EmailAddress>
</md:ContactPerson>
CONTACT;If you don't use security.signMetadata setting, you can extend Hslavich\OneloginSamlBundle\Controller\SamlController and override metadataAction to replace generated by php-saml md:ContactPerson opening tag with yours.
https://github.com/hslavich/OneloginSamlBundle/blob/2.x/Controller/SamlController.php#L47
montaniasystemab
commented
2 years ago Yes, this is basically what we're doing but with a Response Listener instead to inject our own XML-tags into the response.
We're trying to comply to the requirements of SWAMID which requires an administrative contact type:
https://wiki.sunet.se/display/SWAMID/Contact+and+Organization+information+for+Service+providers
I've added a configuration option for this in this PR.
There's also a security contact required but AFAICS there's no way to add that type of metadata using onelogin php-saml library. If you have any ideas for adding a security contact I'm happy to discuss options