PHPackages                             cscfi/attribute-test-service - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Authentication &amp; Authorization](/categories/authentication)
4. /
5. cscfi/attribute-test-service

ActiveCakephp-plugin[Authentication &amp; Authorization](/categories/authentication)

cscfi/attribute-test-service
============================

SAML Attribute test service for shibboleth

1.0.7(8y ago)025[4 issues](https://github.com/CSCfi/Attribute-Test-Service/issues)MITPHPPHP &gt;=5.5.9

Since Jun 30Pushed 8y agoCompare

[ Source](https://github.com/CSCfi/Attribute-Test-Service)[ Packagist](https://packagist.org/packages/cscfi/attribute-test-service)[ Docs](https://github.com/CSCfi/Attribute-Test-Service)[ RSS](/packages/cscfi-attribute-test-service/feed)WikiDiscussions master Synced 3d ago

READMEChangelog (7)Dependencies (8)Versions (10)Used By (0)

SAML Attribute Test Service plugin for CakePHP
==============================================

[](#saml-attribute-test-service-plugin-for-cakephp)

Requirements
------------

[](#requirements)

- apache2
- shibboleth service provider
- php &gt;=5.5.9
- cakephp/cakephp : ~3.2
- friendsofcake/bootstrap-ui : ^0.5.0

Functionalities
---------------

[](#functionalities)

- Populates all active attributes from the /etc/shibboleth/attribute-map.xml
- Basic add/delete functionality for attributes
- Optional validation regex for attributes
- Comparation of received attributes against attributes in database with validation
- Stores names of released attributes and validation status for each individual user (persistent-id, schachomeorganization stored as received)

Preconditions
-------------

[](#preconditions)

Apache2 webserver installed with libapache2-mod-shib2

modify /etc/shibboleth/shibboleth2.xml

```
 [
  'default' => [
    ...
    'driver' => 'Cake\Database\Driver\Sqlite',
    'database' => '/var/www//db/database.sqlite',
    ...

```

And make sure that cakephp has access to directory where database will be created (example below is too permissive).

```
mkdir db; chmod 777 db

```

### Install attribute-test-service plugin

[](#install-attribute-test-service-plugin)

```
# Change to your created project directory
cd www

composer require csc-it-center-for-science/attribute-test-service

# copy needed bootstrap and jquery files in place.
cp -r vendor/csc-it-center-for-science/attribute-test-service/webroot/js/* webroot/js/.
cp -r vendor/csc-it-center-for-science/attribute-test-service/webroot/css/* webroot/css/.

# Migrate database tables and load plugin
./bin/cake migrations migrate -p CscItCenterForScience/AttributeTestService
chmod 777 ../db/database.sqlite
./bin/cake plugin load -r CscItCenterForScience/AttributeTestService

```

### Configure Bootstrap framework

[](#configure-bootstrap-framework)

```
# Copy extra layout types to your project layouts directory
cp -R vendor/friendsofcake/bootstrap-ui/src/Template/Layout/examples src/Template/Layout/TwitterBootstrap

./bin/cake plugin load BootstrapUI

```

Make your AppView class extend BootstrapUI\\View\\UIView (src/View/AppView.php).

```
# use Cake\View\View;
use BootstrapUI\View\UIView;
...
# class AppView extends View
class AppView extends UIView

public function initialize()  {
  // Don't forget to call the parent::initialize()
  parent::initialize();
}

```

### Authorization (Shibboleth handles the authentication)

[](#authorization-shibboleth-handles-the-authentication)

To use Auth component with shibboleth SAML authentication. In your project 'src/Controller/AppController.php' modify accordingly.

```
    public function initialize()
    {
        parent::initialize();

        $this->loadComponent('RequestHandler');
        $this->loadComponent('Flash');
        $this->loadComponent('Auth',[
                              'authorize' => [
                                'Controller'
                              ],
                              'loginAction' => [
                                'controller' => 'attribute/releases',
                                'action' => 'index'
                              ],
                              'flash' => [
                                'element' => 'error',
                                'key' => 'auth'
                              ],
                            ]);
        if ($this->request->env('Shib-Session-ID')!==null && $this->Auth->user('role')===null) :
            $role =  (strtolower($this->request->env('schachomeorganization'))=='csc.fi') ? 'admin' : 'user';
            $this->Auth->setUser(array('username'=>$this->request->env('displayname'),
                                       'email'=>$this->request->env('mail'),
                                       'eppn'=>$this->request->env('edupersonprincipalname'),
                                       'sn'=>$this->request->env('sn'),
                                       'givenname'=>$this->request->env('givenname'),
                                       'role'=>$role
                                       ));
        elseif ($this->request->env('Shib-Session-ID')===null && $this->Auth->user('role')!==null) :
          $this->Auth->logout();
        endif;
        $this->Auth->allow(['index','test','view']);

    }

    public function isAuthorized($user)
    {
      if(isset($user['role'])) :
        if ($user['role']=='admin') :
          return true;
        endif;
      endif;
      return false;
    }

```

Enable login/logout buttons in 'src/Template/Layout/TwitterBootstrap/dashboard.ctp'

```