Small brush ups

Author: thijskh

README.md

@@ -3,7 +3,8 @@ OpenConext Stepup Second Factor Only Authproc Filter for SimpleSAMLphp
 
 See [documentation](docs/stepupsfo.md).
 
-Copyright 2018 SURFnet B.V.
+Copyright 2018-2021 SURF B.V.
+
 Licensed under the CC-GNU LGPG version 2.1 or any later version.
 See [COPYING](COPYING) for details.
 

docs/stepupsfo.md

@@ -9,29 +9,29 @@ The module requires the following:
 1. Metadata for the SFO endpoint in saml20-idp-remote.
 1. Configuration of the authproc's own metadata.
 1. An attribute containing the full collabPersonId of the authenticated
-   user o send to SFO.
+   user to send to SFO.
 
 You can get the metadata of the SFO endpoint from the party running that
 endpoint. In `saml20-idp-remote.php` it could look like this. Note that
 SHA-256 and signed authentication requests are mandatory. Optionally
 you can add the `sfo:selfserviceurl` config parameter used in the
 feedback message when a user does not have a token registered.
 
-    $metadata['https://gateway.pilot.stepup.surfconext.nl/second-factor-only/metadata'] = array (
+    $metadata['https://gateway.pilot.stepup.surfconext.nl/second-factor-only/metadata'] = [
         'certificate' => 'sa_pilot_saml_signing_certificate_pem.crt',
         'metadata-set' => 'saml20-idp-remote',
         'signature.algorithm' => 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256',
-        'SingleSignOnService' => array(
-              0 => array(
+        'SingleSignOnService' => [
+              0 => [
                 'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
                 'Location' => 'https://gateway.pilot.stepup.surfconext.nl/second-factor-only/single-sign-on',
-              )),
+              ]],
         'redirect.sign' => true,
         // ssp has broken/fixed the fact that you could set this to null see #771
         //'NameIDPolicy' => null,
         
         'sfo:selfserviceUrl' => 'https://selfservice.pilot.stepup.surfconext.nl/',
-    );
+    ];
 
 Configuration of the authproc filter could be done in any place that supports
 authproc filters, so it runs after the first factor has been authenticated.
@@ -45,17 +45,17 @@ attributes e.g. with the `core:AttributeAlter` filter. In the example the
 existing uid attribute is prefixed with the right urn and stored in the
 collabPersonId attribute. SFO is configured to read that attribute.
 
-    'authproc' => array(
+    'authproc' => [
         // prepare attribute for sfo
-        24 => array(
+        24 => [
                 'class' => 'core:AttributeAlter',
                 'subject' => 'uid',
                 'pattern' => '/^/',
                 'replacement' => 'urn:collab:person:example.org:',
                 'target' => 'collabPersonId'
-        ),
+        ],
         // fire off sfo
-        25 => array(
+        25 => [
             'class' => 'stepupsfo:SFO',
 
             // attribute to use as identifier to the sfo idp
@@ -76,8 +76,8 @@ collabPersonId attribute. SFO is configured to read that attribute.
             // optional: list of remote entityids/requesterids for which SFO
             // should NOT be performed, instead they will just pass through.
             // 'skipentities' => [],
-        ),
-    )
+        ],
+    ]
 
 If you use the module to protect an IdP, you will want to exclude at least the
 token registration portal via the `skipentities` setting, if that portal uses

lib/Auth/Process/SFO.php

@@ -54,7 +54,7 @@ public function process(&$state)
         $samlstateid = SimpleSAML_Auth_State::saveState($state, 'stepupsfo:pre');
 
         if ( empty($state['Attributes'][$this->subjectidattribute]) ) {
-            throw new Exception("Subjectid " . $this->subjectid . " not found in attributes.");
+            throw new Exception("Subjectid " . $this->subjectidattribute . " not found in attributes.");
         }
 
         $subjectid = $state['Attributes'][$this->subjectidattribute][0];