Adding Custom Attributes to SimpleSAMLPhp

Question

I'm using this page as a reference guide: core:PHP

It reads as applying to attributes that already exist in my LDAP, but what if I wanted to add a new attribute entirely?

I added the following two new ones; the first is being renamed to something new, and the second one is static:

saml20-idp-hosted.php
_____________________
   100 => array(
    'class' => 'core:PHP',
    'code' => '
        if (!empty($attributes["blahblahID"])) {
              $employeeID = $attributes["blahblahID"][0];
              $attributes["employeeID"] = array($employeeID);
        }
        $attributes["securityKey"] = array("123456");
        if (!empty($attributes["displayname"])) {
              $displayname = $attributes["displayname"][0];
              $attributes["UserName"] = array($displayname);
        }
    ',
),

saml20-sp-remote.php
____________________
$metadata['Corestream'] = array(
    'metadata-set' => 'saml20-sp-remote',
    'simplesaml.attributes'      => true,
    'attributes' => array('UserName','employeeID','securityKey'),
.........

Will the employeeID and securityKey attributes automatically pass to the SP in this way?

EDIT:

I was able to run a test and am getting an error from the SP that the attribute UserName does not exist. What did I do incorrectly?

Answer 1

You will be better off using core:AttributeMap and core:AttributeAdd for this. Usage of the core:PHP module is generally not recommended, due to PHP recommending against these kinds of constructions. If you really need something that is not offered by the included AuthProc filters, consider writing your own.