I’m familiar enough with using SAML (the PHP variant) to get a basic setup done, but the most recent setup was a doozy. The client required custom attributes to be passed to them, which means I needed to take the fields from our LDAP and replace them accordingly. There may be an easier way to do this using AttributeMap and/or AttributeFilter, but at this point I really don’t care.

• The client needs UserName, EmployeeID, SecurityKey (they provide me with the last item).
• Our LDAP has UID and peopleSoftID, respectively.

In saml20-idp-hosted.php I employ the core:php filter:

100 => array(
'class' => 'core:PHP',
'code' => '
if (!empty($attributes["peopleSoftID"])) {
$employeeID = $attributes["peopleSoftID"][0];
$attributes["employeeID"] = array($employeeID);
}
$attributes["securityKey"] = array("123456"); //Provided by client
if (!empty($attributes["uid"])) {
$displayname = $attributes["uid"][0];
$attributes["UserName"] = array($displayname);
}
',
),

Then, in saml20-sp-remote, I declare the LDAP attributes that I used above:

$metadata['SP-Entity'] = array(
'metadata-set' => 'saml20-sp-remote',
'simplesaml.attributes' => true,
'attributes' => array('uid','peopleSoftID'),
.........

);

Since securityKey is not retrieved from the LDAP there is no need to assign it to any attribute and hardcore it only.

That’s a wrap!