InCommonRSAttributeReleasePolicy.java

package org.apereo.cas.support.saml.services;

import com.fasterxml.jackson.annotation.JsonIgnore;
import org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceServiceProviderMetadataFacade;
import org.apereo.cas.support.saml.services.idp.metadata.cache.SamlRegisteredServiceCachingMetadataResolver;
import org.opensaml.saml.common.profile.logic.EntityAttributesPredicate;
import org.opensaml.saml.saml2.metadata.EntityDescriptor;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.context.ApplicationContext;

import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;

/**
 * This is {@link InCommonRSAttributeReleasePolicy}.
 *
 * @author Misagh Moayyed
 * @since 5.1.0
 */
public class InCommonRSAttributeReleasePolicy extends BaseSamlRegisteredServiceAttributeReleasePolicy {
    private static final long serialVersionUID = 1532960981124784595L;
    private static final Logger LOGGER = LoggerFactory.getLogger(InCommonRSAttributeReleasePolicy.class);

    private List<String> allowedAttributes = Arrays.asList("eduPersonPrincipalName",
            "eduPersonTargetedID", "email", "displayName", "givenName", "surname",
            "eduPersonScopedAffiliation");

    public InCommonRSAttributeReleasePolicy() {
        setAllowedAttributes(allowedAttributes);
    }
    
    @Override
    protected Map<String, Object> getAttributesForSamlRegisteredService(final Map<String, Object> attributes,
                                                                        final SamlRegisteredService service,
                                                                        final ApplicationContext applicationContext,
                                                                        final SamlRegisteredServiceCachingMetadataResolver resolver,
                                                                        final SamlRegisteredServiceServiceProviderMetadataFacade facade,
                                                                        final EntityDescriptor entityDescriptor) {
        final EntityAttributesPredicate.Candidate attr =
                new EntityAttributesPredicate.Candidate("http://macedir.org/entity-category");
        attr.setValues(Collections.singletonList("http://refeds.org/category/research-and-scholarship"));

        LOGGER.debug("Loading entity attribute predicate filter for candidate [{}] with values [{}]",
                attr.getName(), attr.getValues());

        final EntityAttributesPredicate predicate = new EntityAttributesPredicate(
                Collections.singletonList(attr), true);

        if (predicate.apply(entityDescriptor)) {
            return authorizeReleaseOfAllowedAttributes(attributes);
        }
        return new HashMap<>();
    }

    @JsonIgnore
    @Override
    public List<String> getAllowedAttributes() {
        return super.getAllowedAttributes();
    }
}