[simplesamlphp] r3044 committed - consent: Allow disabling of consent from SP metadata.

[simplesamlphp]

Revision: 3044
Author:   olavmrk
Date:     Tue Mar 13 02:40:25 2012
Log:      consent: Allow disabling of consent from SP metadata.
http://code.google.com/p/simplesamlphp/source/detail?r=3044
Modified:
 /trunk/modules/consent/docs/consent.txt
 /trunk/modules/consent/lib/Auth/Process/Consent.php

=======================================
--- /trunk/modules/consent/docs/consent.txt     Tue Mar 13 02:40:13 2012
+++ /trunk/modules/consent/docs/consent.txt     Tue Mar 13 02:40:25 2012
@@ -187,26 +187,49 @@
 Disabling consent
 -----------------

-It is possible to disable consent for a given service. You can add an  
option
-in the metadata on the IdP, that will disable consent for the given  
service.
-Add 'consent.disable' array option and enter the entityids of the services,
-that you do not want consent for.
-
-Example:
-
-    'consent.disable' => array(
-        'sp.example.com',
-        'sp2.example.com',
-        ...
+Consent can be disabled either in the IdP metadata or in the SP metadata.
+To disable consent for one or more SPs for a given IdP, add the
+`consent.disable`-option to the IdP metadata. To disable consent for one or
+more IdPs for a given SP, add the `consent.disable`-option to the SP  
metadata.
+
+### Examples ###
+
+Disable consent for a given IdP:
+
+    $metadata['https://idp.example.org/'] = array(
+        [...],
+        'consent.disable' => TRUE,
+    );
+
+Disable consent for some SPs connected to a given IdP:
+
+    $metadata['https://idp.example.org/'] = array(
+        [...],
+        'consent.disable' => array(
+            'https://sp1.example.org/',
+            'https://sp2.example.org/',
+        ),
+    );
+
+
+Disable consent for a given SP:
+
+    $metadata['https://sp.example.org'] = array(
+        [...]
+        'consent.disable' => TRUE,
     ),

-It is also possible to disable consent for all SPs for a given IdP by  
setting
-the 'consent.disable' option to TRUE:
-
-    'consent.disable' => TRUE,
+Disable consent for some IdPs for a given SP:
+
+    $metadata['https://sp.example.org'] = array(
+        [...]
+        'consent.disable' => array(
+            'https://idp1.example.org/',
+            'https://idp2.example.org/',
+        ),
+    ),


-
 Attribute presentation
 ----------------------

=======================================
--- /trunk/modules/consent/lib/Auth/Process/Consent.php	Tue Mar 13 02:40:13  
2012
+++ /trunk/modules/consent/lib/Auth/Process/Consent.php	Tue Mar 13 02:40:25  
2012
@@ -181,9 +181,13 @@
             $state['Source'] = $idpmeta;
         }

-        // Do not use consent if disabled on source entity
+        // Do not use consent if disabled
         if (isset($state['Source']['consent.disable']) &&  
self::checkDisable($state['Source']['consent.disable'], $spEntityId)) {
-            SimpleSAML_Logger::debug('Consent: Consent disabled for  
entity ' . $spEntityId);
+            SimpleSAML_Logger::debug('Consent: Consent disabled for  
entity ' . $spEntityId . ' with IdP ' . $idpEntityId);
+            return;
+        }
+        if (isset($state['Destination']['consent.disable']) &&  
self::checkDisable($state['Destination']['consent.disable'], $idpEntityId))  
{
+            SimpleSAML_Logger::debug('Consent: Consent disabled for  
entity ' . $spEntityId . ' with IdP ' . $idpEntityId);
             return;
         }

--
You received this message because you are subscribed to the Google Groups 
"simpleSAMLphp commits" group.
To post to this group, send email to simplesamlphp-commits@googlegroups.com.
To unsubscribe from this group, send email to 
simplesamlphp-commits+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/simplesamlphp-commits?hl=en.