From a7c63a7410340df6336b7b4ae5f93d46fd4056f1 Mon Sep 17 00:00:00 2001 From: briskt <3172830+briskt@users.noreply.github.com> Date: Wed, 15 May 2024 13:16:08 +0800 Subject: [PATCH 1/2] add Profile Review README details [skip ci] --- README.md | 49 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 49 insertions(+) diff --git a/README.md b/README.md index 4986cd25..8aaebb94 100644 --- a/README.md +++ b/README.md @@ -171,3 +171,52 @@ can be autoloaded, to use as the logger within ExpiryDate. This is adapted from the `ssp-iidp-expirycheck` and `expirycheck` modules. Thanks to Alex Mihičinac, Steve Moitozo, and Steve Bagwell for the initial work they did on those two modules. + +### Profile Review SimpleSAMLphp Module + +A simpleSAMLphp module for prompting the user review their profile (such as +2-step verification, email, etc.). + +This module is implemented as an Authentication Processing Filter, +or AuthProc. That means it can be configured in the global config.php file or +the SP remote or IdP hosted metadata. + +It is recommended to run the profilereview module at the IdP, after all +other authentication modules. + +#### How to use the module + +You will need to set filter parameters in your config. We recommend adding +them to the `'authproc'` array in your `metadata/saml20-idp-hosted.php` file. + +Example (for `metadata/saml20-idp-hosted.php`): + + use Sil\PhpEnv\Env; + use Sil\Psr3Adapters\Psr3SamlLogger; + + // ... + + 'authproc' => [ + 10 => [ + // Required: + 'class' => 'profilereview:ProfileReview', + 'employeeIdAttr' => 'employeeNumber', + 'profileUrl' => Env::get('PROFILE_URL'), + 'mfaLearnMoreUrl' => Env::get('MFA_LEARN_MORE_URL'), + + // Optional: + 'loggerClass' => Psr3SamlLogger::class, + ], + + // ... + ], + +The `employeeIdAttr` parameter represents the SAML attribute name which has +the user's Employee ID stored in it. In certain situations, this may be +displayed to the user, as well as being used in log messages. + +The `loggerClass` parameter specifies the name of a PSR-3 compatible class that +can be autoloaded, to use as the logger within ExpiryDate. + +The `profileUrl` parameter is for the URL of where to send the user if they +want/need to update their profile. From a8939e5c8f9152fb261c7ae238a4092c24731f36 Mon Sep 17 00:00:00 2001 From: briskt <3172830+briskt@users.noreply.github.com> Date: Wed, 15 May 2024 15:32:20 +0800 Subject: [PATCH 2/2] changed namespace on FakeIdBrokerClient to match the repo name and path --- composer.json | 2 +- development/idp-local/config/authsources.php | 2 +- development/idp-local/metadata/saml20-idp-hosted.php | 2 +- features/bootstrap/MfaContext.php | 2 +- features/fakes/FakeIdBrokerClient.php | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/composer.json b/composer.json index b5a9031d..a28cafb2 100644 --- a/composer.json +++ b/composer.json @@ -38,7 +38,7 @@ "vendor/yiisoft/yii2/Yii.php" ], "psr-4": { - "Sil\\SspMfa\\Behat\\": "features/" + "SilInternational\\SspBase\\Features\\": "features/" } }, "config": { diff --git a/development/idp-local/config/authsources.php b/development/idp-local/config/authsources.php index 3af3dac7..99069ecd 100644 --- a/development/idp-local/config/authsources.php +++ b/development/idp-local/config/authsources.php @@ -1,6 +1,6 @@