Internet2 · ioigoume · Jan 8, 2025
diff --git a/app/AvailablePlugin/FederationSource/Config/Schema/schema.xml b/app/AvailablePlugin/FederationSource/Config/Schema/schema.xml
@@ -41,6 +41,7 @@
       <constraint>REFERENCES cm_servers(id)</constraint>
     </field>
     <field name="protocol" type="C" size="2" />
+    <field name="entities" type="C" size="2" />
     <field name="created" type="T" />
     <field name="modified" type="T" />
 

diff --git a/app/AvailablePlugin/FederationSource/Lib/enum.php b/app/AvailablePlugin/FederationSource/Lib/enum.php
@@ -30,3 +30,8 @@ class MetadataProtocol
   const File  = "F";
   const MDQ   = "MQ";
 }
+
+class MdqProtocol
+{
+  const IdpsOnly   = "IO";
+}
diff --git a/app/AvailablePlugin/FederationSource/Lib/lang.php b/app/AvailablePlugin/FederationSource/Lib/lang.php
@@ -42,11 +42,17 @@
     MetadataProtocol::MDQ   => "MDQ"
   ),
 
+  // Enumeration language texts
+  'pl.federationsource.en.entities' => array(
+    MdqProtocol::IdpsOnly => 'Idps Only',
+  ),
+
   // Error messages
   'er.federationsource.notfound.entityid' => 'entityID not found in metadata response',
 
   // Plugin texts
   'pl.federationsource.count'       => 'Populated %1$s records from all IdPs endpoint',
   'pl.federationsource.entityid'    => 'Entity ID',
-  'pl.federationsource.protocol'    => 'Protocol'
+  'pl.federationsource.protocol'    => 'Protocol',
+  'pl.federationsource.entities'    => 'Entities Filtering'
 );
diff --git a/app/AvailablePlugin/FederationSource/Model/FederationSource.php b/app/AvailablePlugin/FederationSource/Model/FederationSource.php
@@ -63,6 +63,12 @@ class FederationSource extends OrganizationSourceBackend {
                             MetadataProtocol::MDQ)),
       'required' => true,
       'allowEmpty' => false
+    ),
+    'entities' => array(
+      'rule' => array('inList',
+                      array(MdqProtocol::IdpsOnly)),
+      'required' => false,
+      'allowEmpty' => true
     )
   );
 
@@ -107,22 +113,23 @@ protected function doRequest($entityID=null) {
 
     $Http->setBaseUrl($srvr['HttpServer']['serverurl']);
 
-    if($cfg['FederationSource']['protocol'] == MetadataProtocol::MDQ) {
+    $url = '';
+    if($cfg['FederationSource']['protocol'] === MetadataProtocol::MDQ) {
       $Http->setRequestOptions(array(
         'header' => array(
           'Content-Type'  => 'application/samlmetadata+xml'
         )
       ));
 
-      $url = "/entities/";
+      // CO-2883
+      // https://datatracker.ietf.org/doc/html/draft-young-md-query-22#name-request-all-entities
+      $url = '/entities';
 
       if($entityID) {
-        $url .= urlencode($entityID);
-      } else {
-        $url .= "idps/all";
+        $url .= '/' . urlencode($entityID);
+      } elseif($cfg['FederationSource']['entities'] === MdqProtocol::IdpsOnly) {
+        $url .= '/idps/all';
       }
-    } else {
-      $url = "";
     }
 
     return $Http->get($url);

diff --git a/app/AvailablePlugin/FederationSource/View/FederationSources/fields.inc b/app/AvailablePlugin/FederationSource/View/FederationSources/fields.inc
@@ -59,6 +59,18 @@
 
   print $this->Form->hidden('organization_source_id', array('default' => $vv_osid)) . "\n";
 ?>
+<script type="text/javascript">
+  function fields_update_entities(self) {
+    const mdq = '<?= MetadataProtocol::MDQ?>'
+    const mode = ($(self).find(":checked").val())
+    if (mode === mdq) {
+      $('#mdq-entities-selector').show()
+    } else {
+      $('#mdq-entities-selector').hide()
+    }
+  }
+</script>
+
 <?php if(empty($vv_servers)): ?>
 <div class="co-info-topbox">
   <em class="material-icons">info</em>
@@ -110,8 +122,9 @@
         global $cm_lang, $cm_texts;
 
         $attrs = array();
-        $attrs['value'] = (isset($federation_sources[0]['FederationSource']['protocol']) ? $federation_sources[0]['FederationSource']['protocol'] : "");
+        $attrs['value'] = ($federation_sources[0]['FederationSource']['protocol'] ?? '');
         $attrs['empty'] = true;
+        $attrs['onchange'] = 'fields_update_entities(this)';
 
         if($e) {
           print $this->Form->select('protocol',
@@ -127,6 +140,36 @@
       ?>
     </div>
   </li>
+  <?php if(!empty($federation_sources[0]['FederationSource']['protocol']) && $federation_sources[0]['FederationSource']['protocol'] === MetadataProtocol::MDQ): ?>
+  <li id="mdq-entities-selector">
+    <div class="field-name">
+      <div class="field-title">
+        <?php print ($e ? $this->Form->label('entities', _txt('pl.federationsource.entities')) : _txt('pl.federationsource.entities')); ?>
+      </div>
+    </div>
+    <div class="field-info">
+      <?php
+      global $cm_lang, $cm_texts;
+
+      $attrs = array();
+      $attrs['value'] = ($federation_sources[0]['FederationSource']['entities'] ?? '');
+      $attrs['empty'] = true;
+
+      if($e) {
+        print $this->Form->select('entities',
+                                  $cm_texts[ $cm_lang ]['pl.federationsource.en.entities'],
+                                  $attrs);
+
+        if($this->Form->isFieldError('entities')) {
+          print $this->Form->error('entities');
+        }
+      } else {
+        print _txt('pl.federationsource.en.entities', null, filter_var($federation_sources[0]['FederationSource']['entities'],FILTER_SANITIZE_SPECIAL_CHARS));
+      }
+      ?>
+    </div>
+  </li>
+  <?php endif; ?>
   <?php if($e): ?>
     <li class="fields-submit">
       <div class="field-name">