Merge branch 'feature/mfa-module' into feature/silauth-module

silinternational · May 15, 2024 · cc7c0eb · cc7c0eb
2 parents 2aafb06 + ad06ac4
commit cc7c0eb
Show file tree

Hide file tree

Showing 6 changed files with 54 additions and 5 deletions.
diff --git a/README.md b/README.md
@@ -247,6 +247,55 @@ This is adapted from the `silinternational/simplesamlphp-module-mfa`
 module, which itself is adapted from other modules. Thanks to all those who
 contributed to that work.
 
+### Profile Review SimpleSAMLphp Module
+
+A simpleSAMLphp module for prompting the user review their profile (such as
+2-step verification, email, etc.).
+
+This module is implemented as an Authentication Processing Filter,
+or AuthProc. That means it can be configured in the global config.php file or
+the SP remote or IdP hosted metadata.
+
+It is recommended to run the profilereview module at the IdP, after all
+other authentication modules.
+
+#### How to use the module
+
+You will need to set filter parameters in your config. We recommend adding
+them to the `'authproc'` array in your `metadata/saml20-idp-hosted.php` file.
+
+Example (for `metadata/saml20-idp-hosted.php`):
+
+    use Sil\PhpEnv\Env;
+    use Sil\Psr3Adapters\Psr3SamlLogger;
+
+    // ...
+
+    'authproc' => [
+        10 => [
+            // Required:
+            'class' => 'profilereview:ProfileReview',
+            'employeeIdAttr' => 'employeeNumber',
+            'profileUrl' => Env::get('PROFILE_URL'),
+            'mfaLearnMoreUrl' => Env::get('MFA_LEARN_MORE_URL'),
+
+            // Optional:
+            'loggerClass' => Psr3SamlLogger::class,
+        ],
+        
+        // ...
+    ],
+
+The `employeeIdAttr` parameter represents the SAML attribute name which has
+the user's Employee ID stored in it. In certain situations, this may be
+displayed to the user, as well as being used in log messages.
+
+The `loggerClass` parameter specifies the name of a PSR-3 compatible class that
+can be autoloaded, to use as the logger within ExpiryDate.
+
+The `profileUrl` parameter is for the URL of where to send the user if they
+want/need to update their profile.
+
 ### SilAuth SimpleSAMLphp module
 
 SimpleSAMLphp auth module implementing custom business logic:

diff --git a/composer.json b/composer.json
@@ -46,7 +46,7 @@
       "vendor/yiisoft/yii2/Yii.php"
     ],
     "psr-4": {
-      "Sil\\SspMfa\\Behat\\": "features/"
+      "SilInternational\\SspBase\\Features\\": "features/"
     }
   },
   "config": {

diff --git a/development/idp-local/config/authsources.php b/development/idp-local/config/authsources.php
@@ -1,6 +1,6 @@
 <?php
 
-use Sil\SspMfa\Behat\fakes\FakeIdBrokerClient;
+use SilInternational\SspBase\Features\fakes\FakeIdBrokerClient;
 
 $config = [
 

diff --git a/development/idp-local/metadata/saml20-idp-hosted.php b/development/idp-local/metadata/saml20-idp-hosted.php
@@ -10,7 +10,7 @@
  */
 
 use Sil\Psr3Adapters\Psr3StdOutLogger;
-use Sil\SspMfa\Behat\fakes\FakeIdBrokerClient;
+use SilInternational\SspBase\Features\fakes\FakeIdBrokerClient;
 
 $metadata['http://ssp-idp1.local:8085'] = [
 	/*

diff --git a/features/bootstrap/MfaContext.php b/features/bootstrap/MfaContext.php
@@ -4,7 +4,7 @@
 use Behat\Mink\Exception\ElementNotFoundException;
 use PHPUnit\Framework\Assert;
 use Sil\PhpEnv\Env;
-use Sil\SspMfa\Behat\fakes\FakeIdBrokerClient;
+use SilInternational\SspBase\Features\fakes\FakeIdBrokerClient;
 use SimpleSAML\Module\mfa\LoginBrowser;
 
 /**

diff --git a/features/fakes/FakeIdBrokerClient.php b/features/fakes/FakeIdBrokerClient.php
@@ -1,5 +1,5 @@
 <?php
-namespace Sil\SspMfa\Behat\fakes;
+namespace SilInternational\SspBase\Features\fakes;
 
 use InvalidArgumentException;
 use Sil\Idp\IdBroker\Client\ServiceException;