From fdfd5a9525dc0c92be3ef05639e68af99d80421c Mon Sep 17 00:00:00 2001
From: Martin <martin.vanes@surf.nl>
Date: Tue, 6 Jul 2021 16:18:17 +0200
Subject: [PATCH] WIP
---
config/logins.json | 678 ++++++++++--------
.../customauth/templates/authenticate.tpl.bak | 75 --
.../customauth/templates/authenticate.tpl.php | 32 +-
modules/customauth/www/authpage.php | 28 +-
4 files changed, 432 insertions(+), 381 deletions(-)
delete mode 100644 modules/customauth/templates/authenticate.tpl.bak
diff --git a/config/logins.json b/config/logins.json
index 46d3e38..b551f97 100644
--- a/config/logins.json
+++ b/config/logins.json
@@ -1,284 +1,398 @@
{
- "account1" : {
- "type" : "Research and Scholarship",
- "explanation": "This profile provides a R&S compatible attribute bundle with the name of the user name being provided in the 'displayname' attribute",
- "display": "John D. Rockefeller",
- "eduPersonPrincipalName" : "jrockefeller@idp.example.org",
- "displayName" : "John D. Rockefeller",
- "mail" : "John.D.Rockefeller@idp.example.org"
- },
- "account2" : {
- "type" : "Research and Scholarship",
- "explanation": "This profile provides a R&S compatible attribute bundle with the name of the user name being provided in both a 'displayname' attribute as well as seperate 'surname' and 'givenname' attributes",
- "display": "Georg Ohm",
- "eduPersonPrincipalName" : "g_ohm@idp.example.org",
- "displayName" : "Georg Ohm",
- "givenName" : "Georg",
- "sn" : "Ohm",
- "mail" : "georg.ohm@idp.example.org"
- },
- "account3" : {
- "type" : "Research and Scholarship",
- "explanation": "This profile provides a R&S compatible attribute bundle with the name of the user name being provided as seperate 'surname' and 'givenname' attributes. In addition the users affiliations are provided in the 'eduPersonScopedAffiliation' attribute",
- "display": "Joseph Weeler",
- "eduPersonPrincipalName" : "jweeler@idp.example.org",
- "givenName" : "Joseph",
- "sn" : "Weeler",
- "mail" : "joseph.weeler@idp.example.org",
- "eduPersonScopedAffiliation" : ["member@idp.example.org", "student@idp.example.org"]
- },
- "account4" : {
- "type" : "Research and Scholarship",
- "explanation": "This profile provides a R&S compatible attribute bundle with the name of the user name being provided as seperate 'surname' and 'givenname' attributes. Please note the usage of both 'eduPersonPrincipalName' as well as 'eduPersonTargetedID' which suggest the 'eduPersonPrincipalName' may not be a stable identifier, but may be reassigned at some point",
- "display": "Anthony West",
- "eduPersonPrincipalName" : "awest@idp.example.org",
- "eduPersonTargetedID" : "bd09168cf0c2e675b2def0ade6f50b7d4bb4aae",
- "givenName" : "Anthony",
- "sn" : "West",
- "mail" : "anthony.west@idp.example.org",
- "eduPersonScopedAffiliation" : ["member@idp.example.org", "employee@idp.example.org", "faculty@idp.example.org"]
- },
- "account5" : {
- "type" : "Research and Scholarship",
- "explanation": "This profile provides a R&S compatible attribute bundle with the name of the user name being provided in the displayname attribute. Please note the usage of both 'eduPersonPrincipalName' as well as 'eduPersonTargetedID' which suggest the 'eduPersonPrincipalName' may not be a stable identifier, but may be reassigned at some point",
- "display": "Ben Bernanke",
- "eduPersonPrincipalName" : "bbernanke@idp.example.org",
- "eduPersonTargetedId" : "bbernanke@idp.example.org",
- "displayName" : "Ben Bernanke",
- "mail" : "bbernanke@idp.example.org"
- },
- "account6" : {
- "type" : "Research and Scholarship",
- "explanation": "This profile provides a R&S compatible attribute bundle with the name of the user name being provided as seperate 'surname' and 'givenname' attributes. Please note the usage of both 'eduPersonPrincipalName' as well as 'eduPersonTargetedID' which suggest the 'eduPersonPrincipalName' may not be a stable identifier, but may be reassigned at some point",
- "display": "Alan Greenspan",
- "eduPersonPrincipalName" : "agreenspan@idp.example.org",
- "eduPersonTargetedId" : "agreenspan@idp.example.org",
- "givenName" : "Alan",
- "sn" : "Greenspan",
- "mail" : "agreenspan6@idp.example.org"
- },
- "account7" : {
- "type" : "Research and Scholarship",
- "explanation": "This profile provides a R&S compatible attribute bundle with the name of the user name being provided in the displayname attribute. Please note the usage of both 'eduPersonPrincipalName' as well as 'eduPersonTargetedID' which suggest the 'eduPersonPrincipalName' may not be a stable identifier, but may be reassigned at some point. In addition the users affiliations are provided in the 'eduPersonScopedAffiliation' attribute",
- "display": "André-Marie Ampère",
- "eduPersonPrincipalName" : "am_ampere@idp.example.org",
- "eduPersonTargetedId" : "am_ampere@idp.example.org",
- "displayName" : "André-Marie Ampère",
- "mail" : "am_ampere@idp.example.org",
- "eduPersonScopedAffiliation" : ["employee@idp.example.org", "staff@idp.example.org", "member@idp.example.org", "student@idp.example.org"]
- },
- "account8" : {
- "type" : "Research and Scholarship",
- "explanation": "This profile provides a R&S compatible attribute bundle with the name of the user name being provided as seperate 'surname' and 'givenname' attributes.Please note the usage of both 'eduPersonPrincipalName' as well as 'eduPersonTargetedID' which suggest the 'eduPersonPrincipalName' may not be a stable identifier, but may be reassigned at some point. In addition the users affiliations are provided in the 'eduPersonScopedAffiliation' attribute",
- "display": "Wilhelm Röntgen",
- "eduPersonPrincipalName" : "w_rontgen@idp.example.org",
- "eduPersonTargetedId" : "w_rontgen@idp.example.org",
- "givenName" : "Wilhelm",
- "sn" : "Röntgen",
- "mail" : "w_rontgen@idp.example.org",
- "eduPersonScopedAffiliation" : ["employee@idp.example.org", "staff@idp.example.org", "member@idp.example.org", "student@idp.example.org"]
- },
- "account9" : {
- "type": "Custom attributes",
- "explanation": "More expansive attribute list",
- "display": "Joseph Stiglitz",
- "uid" : ["jstiglitz"],
- "schacHomeOrganization" : "harvard-example.edu",
- "eduPersonPrincipalName" : "stiglitz@harvard-example.edu",
- "cn" : "Joseph Eugene Stiglitz",
- "givenName" : "Joseph",
- "sn" : "Stiglitz",
- "displayName" : "Joseph Stiglitz",
- "mail" : "stiglitz@harvard-example.edu",
- "homePhone" : "+1 827 675 3232",
- "eduPersonOrcid" : "http://orcid.org/0000-1111-2222-3333",
- "eduPersonAffiliation" : ["member", "student"],
- "eduPersonScopedAffiliation" : ["employee@harvard-example.edu", "faculty@harvard-example.edu", "member@harvard-example.edu"],
- "isMemberOf" : "urn:collab:org:aarc-project.eu"
- },
- "account10" : {
- "type": "Behaviour tests",
- "explanation": "Test - multi-valued mail attribute.",
- "display": "Jordan R. Belfort",
- "uid" : ["belfort"],
- "schacHomeOrganization" : "harvard-example.edu",
- "eduPersonPrincipalName" : "belfort@harvard-example.edu",
- "cn" : "Jordan Ross Belfort",
- "givenName" : "Jordan",
- "sn" : "Belfort",
- "displayName" : "Jordan R. Belfort",
- "mail" : ["Jordan.Belfort@harvard-example.edu", "jordan@harvard-example.edu"],
- "eduPersonAffiliation" : ["employee", "faculty", "member"],
- "eduPersonScopedAffiliation" : ["employee@harvard-example.edu", "faculty@harvard-example.edu", "member@harvard-example.edu"],
- "eduPersonEntitlement" : "urn:mace:dir:entitlement:common-lib-terms-example",
- "isMemberOf" : "urn:collab:org:aarc-project.eu"
- },
- "account11" : {
- "type": "Behaviour tests",
- "explanation": "Test - No member affiliation ind eduPersonAffiliation.",
- "display": "Steve Wynn",
- "uid" : ["wynn"],
- "schacHomeOrganization" : "harvard-example.edu",
- "eduPersonPrincipalName" : "wynn@harvard-example.edu",
- "cn" : "Steve Alen Wynn",
- "givenName" : "Steve",
- "sn" : "Wynn",
- "displayName" : "Steve Wynn",
- "mail" : ["S.Wynn@harvard-example.edu", "Steve.Wynn@example-casino.com", "steve.Wynn@las.vegas.com"],
- "eduPersonAffiliation" : ["employee", "faculty"],
- "eduPersonScopedAffiliation" : ["employee@harvard-example.edu", "faculty@harvard-example.edu", "member@harvard-example.edu"],
- "eduPersonEntitlement" : "urn:mace:dir:entitlement:common-lib-terms-example",
- "isMemberOf" : "urn:collab:org:aarc-project.eu"
- },
- "account12" : {
- "type": "Behaviour tests",
- "explanation": "Test - Incorrect domain scope for Home organisation",
- "display": "Isaac Newton",
- "uid" : ["isaac"],
- "schacHomeOrganization" : "university-example.org",
- "eduPersonPrincipalName" : "isaac@university-example.edu",
- "cn" : "Sir Isaac Newton",
- "givenName" : "Isaac",
- "sn" : "Newton",
- "displayName" : "Isaac Newton",
- "mail" : ["isaacnewton@university-example.org", "newton@university-example.org"],
- "eduPersonScopedAffiliation" : ["employee@huniversity-example.org", "faculty@university-example.org", "member@university-example.org"],
- "eduPersonEntitlement" : "urn:mace:dir:entitlement:common-lib-terms-example",
- "isMemberOf" : "urn:collab:org:aarc-project.eu"
- },
- "account13" : {
- "type": "Behaviour tests",
- "explanation": "Test - Invalid email address, note that ePPN is NOT an email adress, so having multiple @ signs is allowed",
- "display": "Oscar Burton",
- "uid" : ["oburton"],
- "schacHomeOrganization" : "university-example.org",
- "eduPersonPrincipalName" : "o@burton@university-example.org",
- "cn" : "Oscar Burton",
- "givenName" : "Oscar",
- "sn" : "Burton",
- "displayName" : "Oscar Burton",
- "mail" : "o@burton@university-example.edu",
- "eduPersonAffiliation" : ["employee", "member", "staff"],
- "eduPersonScopedAffiliation" : ["employee@huniversity-example.org", "staff@university-example.org", "member@university-example.org"],
- "isMemberOf" : "urn:collab:org:aarc-project.eu"
- },
-
- "account14" : {
- "type": "Behaviour tests",
- "explanation": "Test - Invalid ePPN",
- "display": "Nikola Tesla",
- "uid" : ["n_tesla"],
- "schacHomeOrganization" : "university-example.org",
- "eduPersonPrincipalName" : "n_tesla@university-example.edu",
- "cn" : "Nikola Tesla",
- "givenName" : "Nikola",
- "sn" : "Tesla",
- "displayName" : "Nikola Tesla",
- "mail" : "n_tesla@university-example.org",
- "eduPersonAffiliation" : ["employee", "member", "staff"],
- "eduPersonScopedAffiliation" : ["employee@huniversity-example.org", "staff@university-example.org", "member@university-example.org"],
- "isMemberOf" : "urn:collab:org:aarc-project.eu"
- },
-
- "account15" : {
- "type": "Behaviour tests",
- "explanation": "Test - Member only",
- "display": "Steve Jobs",
- "uid" : ["s_jobs"],
- "schacHomeOrganization" : "idp.example.org",
- "eduPersonPrincipalName" : "student1@idp.example.org",
- "cn" : "Steven Paul Jobs",
- "givenName" : "Steve",
- "sn" : "Jobs",
- "displayName" : "Steve Jobs",
- "mail" : "steve.jobs@idp.example.org",
- "eduPersonAffiliation" : ["member"],
- "eduPersonScopedAffiliation" : ["member@idp.example.org"],
- "isMemberOf" : "urn:collab:org:aarc-project.eu"
- },
- "account16" : {
- "type": "Behaviour tests",
- "explanation": "Test - Non human-friendly ePPN",
- "display": "Bill Gates",
- "uid" : ["FyHah7$J"],
- "schacHomeOrganization" : "idp.example.org",
- "eduPersonPrincipalName" : "FyHah7$J@idp.example.org",
- "cn" : "William Henry Gates III",
- "givenName" : "Bill",
- "sn" : "Gates",
- "displayName" : "Bill Gates",
- "mail" : "bill.gates@example.org",
- "eduPersonAffiliation" : ["student", "member"],
- "eduPersonScopedAffiliation" : ["member@idp.example.org", "student@idp.example.org"],
- "isMemberOf" : "urn:collab:org:aarc-project.eu"
- },
- "account17" : {
- "type": "Behaviour tests",
- "explanation": "Test - Blank attribute values",
- "display": "Michael Faraday",
- "uid" : ["m_faraday"],
- "schacHomeOrganization" : "idp.example.org",
- "eduPersonPrincipalName" : "m_faraday@idp.example.org",
- "cn" : "",
- "givenName" : "",
- "sn" : "Faraday",
- "displayName" : "Michael Faraday",
- "mail" : "m_faraday@idp.example.org",
- "eduPersonAffiliation" : ["member", "student"],
- "eduPersonScopedAffiliation" : ["member@idp.example.org", "student@idp.example.org"],
- "isMemberOf" : "urn:collab:org:aarc-project.eu"
- },
- "account18" : {
- "type": "Behaviour tests",
- "explanation": "Test - Inconsistant user name",
- "display": "Godfried Viggo",
- "uid" : ["viggo7"],
- "schacHomeOrganization" : "unidenmark-example.dk",
- "eduPersonPrincipalName" : "viggo7@unidenmark-example.dk",
- "cn" : "Christian Godfried Viggo Lind",
- "givenName" : "Godfried",
- "sn" : "Viggo",
- "displayName" : "Godfried Viggo",
- "mail" : "Godfried.Viggo@unidenmark-example.dk",
- "eduPersonAffiliation" : "student",
- "eduPersonScopedAffiliation" : ["student@unidenmark-example.dk"],
- "isMemberOf" : "urn:collab:org:aarc-project.eu"
- },
- "account19" : {
- "type": "Behaviour tests",
- "explanation": "Test - non-ASCII UTF-8 common name ",
- "display": "Daisuke Takahashi",
- "uid" : ["U3342109"],
- "schacHomeOrganization" : "exchange-example.edu",
- "eduPersonPrincipalName" : "U3342109@exchange-example.edu",
- "cn" : "Daisuke Takahashi, 髙橋 大輔",
- "givenName" : "Daisuke",
- "sn" : "Takahashi",
- "displayName" : "Daisuke Takahashi",
- "mail" : "U3342109@exchange-example.edu",
- "eduPersonAffiliation" : ["member", "student"],
- "eduPersonScopedAffiliation" : ["member@exchange-example.edu", "student@exchange-example.edu"],
- "isMemberOf" : ["urn:collab:org:exchange-university.org", "urn:collab:org:home-university.org"]
- },
-
- "account20" : {
- "type": "Behaviour tests",
- "explanation": "Test - Diacritical marks",
- "display": "Martin N. Jørgensen",
- "uid" : ["jorgensen"],
- "schacHomeOrganization" : "stockholmuni-example.se",
- "eduPersonPrincipalName" : "jorgensen@stockholmuni-example.se",
- "cn" : "Martin Nikolaus Jørgensen",
- "givenName" : "Martin",
- "sn" : "Jørgensen",
- "displayName" : "Martin N. Jørgensen",
- "mail" : "jorgensen07@stockholmuni-example.se",
- "eduPersonAffiliation" : ["member", "student"],
- "eduPersonScopedAffiliation" : ["member@stockholmuni-example.se", "student@stockholmuni-example.se"],
- "isMemberOf" : "urn:collab:org:sunet-example.se"
- }
-
-
-
+ "Research and Scholarship": {
+ "message": "This is the Research ad Scholarship Section",
+ "profiles": {
+ "account1": {
+ "explanation": "This profile provides a R&S compatible attribute bundle with the name of the user name being provided in the 'displayname' attribute",
+ "display": "John D. Rockefeller",
+ "eduPersonPrincipalName": "jrockefeller@idp.example.org",
+ "displayName": "John D. Rockefeller",
+ "mail": "John.D.Rockefeller@idp.example.org"
+ },
+ "account2": {
+ "explanation": "This profile provides a R&S compatible attribute bundle with the name of the user name being provided in both a 'displayname' attribute as well as seperate 'surname' and 'givenname' attributes",
+ "display": "Georg Ohm",
+ "eduPersonPrincipalName": "g_ohm@idp.example.org",
+ "displayName": "Georg Ohm",
+ "givenName": "Georg",
+ "sn": "Ohm",
+ "mail": "georg.ohm@idp.example.org"
+ },
+ "account3": {
+ "explanation": "This profile provides a R&S compatible attribute bundle with the name of the user name being provided as seperate 'surname' and 'givenname' attributes. In addition the users affiliations are provided in the 'eduPersonScopedAffiliation' attribute",
+ "display": "Joseph Weeler",
+ "eduPersonPrincipalName": "jweeler@idp.example.org",
+ "givenName": "Joseph",
+ "sn": "Weeler",
+ "mail": "joseph.weeler@idp.example.org",
+ "eduPersonScopedAffiliation": [
+ "member@idp.example.org",
+ "student@idp.example.org"
+ ]
+ },
+ "account4": {
+ "explanation": "This profile provides a R&S compatible attribute bundle with the name of the user name being provided as seperate 'surname' and 'givenname' attributes. Please note the usage of both 'eduPersonPrincipalName' as well as 'eduPersonTargetedID' which suggest the 'eduPersonPrincipalName' may not be a stable identifier, but may be reassigned at some point",
+ "display": "Anthony West",
+ "eduPersonPrincipalName": "awest@idp.example.org",
+ "eduPersonTargetedID": "bd09168cf0c2e675b2def0ade6f50b7d4bb4aae",
+ "givenName": "Anthony",
+ "sn": "West",
+ "mail": "anthony.west@idp.example.org",
+ "eduPersonScopedAffiliation": [
+ "member@idp.example.org",
+ "employee@idp.example.org",
+ "faculty@idp.example.org"
+ ]
+ },
+ "account5": {
+ "explanation": "This profile provides a R&S compatible attribute bundle with the name of the user name being provided in the displayname attribute. Please note the usage of both 'eduPersonPrincipalName' as well as 'eduPersonTargetedID' which suggest the 'eduPersonPrincipalName' may not be a stable identifier, but may be reassigned at some point",
+ "display": "Ben Bernanke",
+ "eduPersonPrincipalName": "bbernanke@idp.example.org",
+ "eduPersonTargetedId": "bbernanke@idp.example.org",
+ "displayName": "Ben Bernanke",
+ "mail": "bbernanke@idp.example.org"
+ },
+ "account6": {
+ "explanation": "This profile provides a R&S compatible attribute bundle with the name of the user name being provided as seperate 'surname' and 'givenname' attributes. Please note the usage of both 'eduPersonPrincipalName' as well as 'eduPersonTargetedID' which suggest the 'eduPersonPrincipalName' may not be a stable identifier, but may be reassigned at some point",
+ "display": "Alan Greenspan",
+ "eduPersonPrincipalName": "agreenspan@idp.example.org",
+ "eduPersonTargetedId": "agreenspan@idp.example.org",
+ "givenName": "Alan",
+ "sn": "Greenspan",
+ "mail": "agreenspan6@idp.example.org"
+ },
+ "account7": {
+ "explanation": "This profile provides a R&S compatible attribute bundle with the name of the user name being provided in the displayname attribute. Please note the usage of both 'eduPersonPrincipalName' as well as 'eduPersonTargetedID' which suggest the 'eduPersonPrincipalName' may not be a stable identifier, but may be reassigned at some point. In addition the users affiliations are provided in the 'eduPersonScopedAffiliation' attribute",
+ "display": "André-Marie Ampère",
+ "eduPersonPrincipalName": "am_ampere@idp.example.org",
+ "eduPersonTargetedId": "am_ampere@idp.example.org",
+ "displayName": "André-Marie Ampère",
+ "mail": "am_ampere@idp.example.org",
+ "eduPersonScopedAffiliation": [
+ "employee@idp.example.org",
+ "staff@idp.example.org",
+ "member@idp.example.org",
+ "student@idp.example.org"
+ ]
+ },
+ "account8": {
+ "explanation": "This profile provides a R&S compatible attribute bundle with the name of the user name being provided as seperate 'surname' and 'givenname' attributes.Please note the usage of both 'eduPersonPrincipalName' as well as 'eduPersonTargetedID' which suggest the 'eduPersonPrincipalName' may not be a stable identifier, but may be reassigned at some point. In addition the users affiliations are provided in the 'eduPersonScopedAffiliation' attribute",
+ "display": "Wilhelm Röntgen",
+ "eduPersonPrincipalName": "w_rontgen@idp.example.org",
+ "eduPersonTargetedId": "w_rontgen@idp.example.org",
+ "givenName": "Wilhelm",
+ "sn": "Röntgen",
+ "mail": "w_rontgen@idp.example.org",
+ "eduPersonScopedAffiliation": [
+ "employee@idp.example.org",
+ "staff@idp.example.org",
+ "member@idp.example.org",
+ "student@idp.example.org"
+ ]
+ }
+ }
+ },
+ "Custom attributes": {
+ "message": "This is the Custom attributes Section",
+ "profiles": {
+ "account9": {
+ "explanation": "More expansive attribute list",
+ "display": "Joseph Stiglitz",
+ "uid": [
+ "jstiglitz"
+ ],
+ "schacHomeOrganization": "harvard-example.edu",
+ "eduPersonPrincipalName": "stiglitz@harvard-example.edu",
+ "cn": "Joseph Eugene Stiglitz",
+ "givenName": "Joseph",
+ "sn": "Stiglitz",
+ "displayName": "Joseph Stiglitz",
+ "mail": "stiglitz@harvard-example.edu",
+ "homePhone": "+1 827 675 3232",
+ "eduPersonOrcid": "http://orcid.org/0000-1111-2222-3333",
+ "eduPersonAffiliation": [
+ "member",
+ "student"
+ ],
+ "eduPersonScopedAffiliation": [
+ "employee@harvard-example.edu",
+ "faculty@harvard-example.edu",
+ "member@harvard-example.edu"
+ ],
+ "isMemberOf": "urn:collab:org:aarc-project.eu"
+ }
+ }
+ },
+ "Behaviour tests": {
+ "message": "This is the beahaviour tests Section",
+ "profiles": {
+ "account10": {
+ "explanation": "Test - multi-valued mail attribute.",
+ "display": "Jordan R. Belfort",
+ "uid": [
+ "belfort"
+ ],
+ "schacHomeOrganization": "harvard-example.edu",
+ "eduPersonPrincipalName": "belfort@harvard-example.edu",
+ "cn": "Jordan Ross Belfort",
+ "givenName": "Jordan",
+ "sn": "Belfort",
+ "displayName": "Jordan R. Belfort",
+ "mail": [
+ "Jordan.Belfort@harvard-example.edu",
+ "jordan@harvard-example.edu"
+ ],
+ "eduPersonAffiliation": [
+ "employee",
+ "faculty",
+ "member"
+ ],
+ "eduPersonScopedAffiliation": [
+ "employee@harvard-example.edu",
+ "faculty@harvard-example.edu",
+ "member@harvard-example.edu"
+ ],
+ "eduPersonEntitlement": "urn:mace:dir:entitlement:common-lib-terms-example",
+ "isMemberOf": "urn:collab:org:aarc-project.eu"
+ },
+ "account11": {
+ "explanation": "Test - No member affiliation ind eduPersonAffiliation.",
+ "display": "Steve Wynn",
+ "uid": [
+ "wynn"
+ ],
+ "schacHomeOrganization": "harvard-example.edu",
+ "eduPersonPrincipalName": "wynn@harvard-example.edu",
+ "cn": "Steve Alen Wynn",
+ "givenName": "Steve",
+ "sn": "Wynn",
+ "displayName": "Steve Wynn",
+ "mail": [
+ "S.Wynn@harvard-example.edu",
+ "Steve.Wynn@example-casino.com",
+ "steve.Wynn@las.vegas.com"
+ ],
+ "eduPersonAffiliation": [
+ "employee",
+ "faculty"
+ ],
+ "eduPersonScopedAffiliation": [
+ "employee@harvard-example.edu",
+ "faculty@harvard-example.edu",
+ "member@harvard-example.edu"
+ ],
+ "eduPersonEntitlement": "urn:mace:dir:entitlement:common-lib-terms-example",
+ "isMemberOf": "urn:collab:org:aarc-project.eu"
+ },
+ "account12": {
+ "explanation": "Test - Incorrect domain scope for Home organisation",
+ "display": "Isaac Newton",
+ "uid": [
+ "isaac"
+ ],
+ "schacHomeOrganization": "university-example.org",
+ "eduPersonPrincipalName": "isaac@university-example.edu",
+ "cn": "Sir Isaac Newton",
+ "givenName": "Isaac",
+ "sn": "Newton",
+ "displayName": "Isaac Newton",
+ "mail": [
+ "isaacnewton@university-example.org",
+ "newton@university-example.org"
+ ],
+ "eduPersonScopedAffiliation": [
+ "employee@huniversity-example.org",
+ "faculty@university-example.org",
+ "member@university-example.org"
+ ],
+ "eduPersonEntitlement": "urn:mace:dir:entitlement:common-lib-terms-example",
+ "isMemberOf": "urn:collab:org:aarc-project.eu"
+ },
+ "account13": {
+ "explanation": "Test - Invalid email address, note that ePPN is NOT an email adress, so having multiple @ signs is allowed",
+ "display": "Oscar Burton",
+ "uid": [
+ "oburton"
+ ],
+ "schacHomeOrganization": "university-example.org",
+ "eduPersonPrincipalName": "o@burton@university-example.org",
+ "cn": "Oscar Burton",
+ "givenName": "Oscar",
+ "sn": "Burton",
+ "displayName": "Oscar Burton",
+ "mail": "o@burton@university-example.edu",
+ "eduPersonAffiliation": [
+ "employee",
+ "member",
+ "staff"
+ ],
+ "eduPersonScopedAffiliation": [
+ "employee@huniversity-example.org",
+ "staff@university-example.org",
+ "member@university-example.org"
+ ],
+ "isMemberOf": "urn:collab:org:aarc-project.eu"
+ },
+ "account14": {
+ "explanation": "Test - Invalid ePPN",
+ "display": "Nikola Tesla",
+ "uid": [
+ "n_tesla"
+ ],
+ "schacHomeOrganization": "university-example.org",
+ "eduPersonPrincipalName": "n_tesla@university-example.edu",
+ "cn": "Nikola Tesla",
+ "givenName": "Nikola",
+ "sn": "Tesla",
+ "displayName": "Nikola Tesla",
+ "mail": "n_tesla@university-example.org",
+ "eduPersonAffiliation": [
+ "employee",
+ "member",
+ "staff"
+ ],
+ "eduPersonScopedAffiliation": [
+ "employee@huniversity-example.org",
+ "staff@university-example.org",
+ "member@university-example.org"
+ ],
+ "isMemberOf": "urn:collab:org:aarc-project.eu"
+ },
+ "account15": {
+ "explanation": "Test - Member only",
+ "display": "Steve Jobs",
+ "uid": [
+ "s_jobs"
+ ],
+ "schacHomeOrganization": "idp.example.org",
+ "eduPersonPrincipalName": "student1@idp.example.org",
+ "cn": "Steven Paul Jobs",
+ "givenName": "Steve",
+ "sn": "Jobs",
+ "displayName": "Steve Jobs",
+ "mail": "steve.jobs@idp.example.org",
+ "eduPersonAffiliation": [
+ "member"
+ ],
+ "eduPersonScopedAffiliation": [
+ "member@idp.example.org"
+ ],
+ "isMemberOf": "urn:collab:org:aarc-project.eu"
+ },
+ "account16": {
+ "explanation": "Test - Non human-friendly ePPN",
+ "display": "Bill Gates",
+ "uid": [
+ "FyHah7$J"
+ ],
+ "schacHomeOrganization": "idp.example.org",
+ "eduPersonPrincipalName": "FyHah7$J@idp.example.org",
+ "cn": "William Henry Gates III",
+ "givenName": "Bill",
+ "sn": "Gates",
+ "displayName": "Bill Gates",
+ "mail": "bill.gates@example.org",
+ "eduPersonAffiliation": [
+ "student",
+ "member"
+ ],
+ "eduPersonScopedAffiliation": [
+ "member@idp.example.org",
+ "student@idp.example.org"
+ ],
+ "isMemberOf": "urn:collab:org:aarc-project.eu"
+ },
+ "account17": {
+ "explanation": "Test - Blank attribute values",
+ "display": "Michael Faraday",
+ "uid": [
+ "m_faraday"
+ ],
+ "schacHomeOrganization": "idp.example.org",
+ "eduPersonPrincipalName": "m_faraday@idp.example.org",
+ "cn": "",
+ "givenName": "",
+ "sn": "Faraday",
+ "displayName": "Michael Faraday",
+ "mail": "m_faraday@idp.example.org",
+ "eduPersonAffiliation": [
+ "member",
+ "student"
+ ],
+ "eduPersonScopedAffiliation": [
+ "member@idp.example.org",
+ "student@idp.example.org"
+ ],
+ "isMemberOf": "urn:collab:org:aarc-project.eu"
+ },
+ "account18": {
+ "explanation": "Test - Inconsistant user name",
+ "display": "Godfried Viggo",
+ "uid": [
+ "viggo7"
+ ],
+ "schacHomeOrganization": "unidenmark-example.dk",
+ "eduPersonPrincipalName": "viggo7@unidenmark-example.dk",
+ "cn": "Christian Godfried Viggo Lind",
+ "givenName": "Godfried",
+ "sn": "Viggo",
+ "displayName": "Godfried Viggo",
+ "mail": "Godfried.Viggo@unidenmark-example.dk",
+ "eduPersonAffiliation": "student",
+ "eduPersonScopedAffiliation": [
+ "student@unidenmark-example.dk"
+ ],
+ "isMemberOf": "urn:collab:org:aarc-project.eu"
+ },
+ "account19": {
+ "explanation": "Test - non-ASCII UTF-8 common name ",
+ "display": "Daisuke Takahashi",
+ "uid": [
+ "U3342109"
+ ],
+ "schacHomeOrganization": "exchange-example.edu",
+ "eduPersonPrincipalName": "U3342109@exchange-example.edu",
+ "cn": "Daisuke Takahashi, 髙橋 大輔",
+ "givenName": "Daisuke",
+ "sn": "Takahashi",
+ "displayName": "Daisuke Takahashi",
+ "mail": "U3342109@exchange-example.edu",
+ "eduPersonAffiliation": [
+ "member",
+ "student"
+ ],
+ "eduPersonScopedAffiliation": [
+ "member@exchange-example.edu",
+ "student@exchange-example.edu"
+ ],
+ "isMemberOf": [
+ "urn:collab:org:exchange-university.org",
+ "urn:collab:org:home-university.org"
+ ]
+ },
+ "account20": {
+ "explanation": "Test - Diacritical marks",
+ "display": "Martin N. Jørgensen",
+ "uid": [
+ "jorgensen"
+ ],
+ "schacHomeOrganization": "stockholmuni-example.se",
+ "eduPersonPrincipalName": "jorgensen@stockholmuni-example.se",
+ "cn": "Martin Nikolaus Jørgensen",
+ "givenName": "Martin",
+ "sn": "Jørgensen",
+ "displayName": "Martin N. Jørgensen",
+ "mail": "jorgensen07@stockholmuni-example.se",
+ "eduPersonAffiliation": [
+ "member",
+ "student"
+ ],
+ "eduPersonScopedAffiliation": [
+ "member@stockholmuni-example.se",
+ "student@stockholmuni-example.se"
+ ],
+ "isMemberOf": "urn:collab:org:sunet-example.se"
+ }
+ }
+ }
}
-
diff --git a/modules/customauth/templates/authenticate.tpl.bak b/modules/customauth/templates/authenticate.tpl.bak
deleted file mode 100644
index 58919b4..0000000
--- a/modules/customauth/templates/authenticate.tpl.bak
+++ /dev/null
@@ -1,75 +0,0 @@
-<!DOCTYPE html>
-<html>
- <head>
- <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
- <script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js"></script>
- <title>customauth login page</title>
- </head>
- <body>
- <h1>CustomAuth login page</h1>
- <form method="post" action="?">
- <p><b>Choose User profile</b><p>
-<?php
- foreach ($this->data['users'] as $user => $values) {
- echo "<input type=radio name=username value='$user'> " . $values['displayName'] . "<br>\n";
- }
-?>
- <p><b>Choose attributes</b></p>
- <div style="float: left" id="attributes"></div>
- <div id="explanation"></div><br style="clear: both" />
- <p><b>Released attributes</b></p>
- <div id="output"></div>
- <input type="hidden" name="ReturnTo" value="<?= htmlspecialchars($this->data['returnTo']) ?>">
- <p><input type="submit" value="Log in"></p>
- </form>
- </body>
-
- <script>
- var users = [];
- var keys = [];
- var user = '';
-<?php
- foreach ($this->data['users'] as $user => $values) {
- echo "users['$user'] = [];\n";
- foreach ($values as $key => $value) {
- echo "users['$user']['$key'] = '$value';\n";
- echo "keys['$key'] = true;";
- }
- }
-
-?>
- function update() {
- var html = "";
- for (let key in users[user]) {
- if (keys[key]) {
- html += key + ": " + users[user][key] + "<br />\n";
- }
- }
- $('#output').html(html);
-
- };
- $('input[type=radio][name=username]').change(function() {
- var attributes = "";
- user = this.value;
- for (let key in users[user]) {
- attribute = users[user][key];
- attributes += "<input id=chkbx_" + key + " type=checkbox name=keys[" + key + "] " + (keys[key]?'checked':'') + ">" + key + "<br>\n";
- };
- $('#attributes').html(attributes);
- $('#explanation').html('');
- $('input[id^=chkbx_]').change(function() {
- var key = this.name.slice(5,-1);
- keys[key] = this.checked;
- if (this.checked) $('#explanation').html('Ah! You enabled ' + key + '!<br />\nIt\'s allways good to enable ' + key + ', because it\'s good you know!');
- else $('#explanation').html('Never disable ' + key + '! You should leave it there.<br />No good will come from disabling ' + key + '!');
- });
- update();
- });
-
- //$('#attributes').change(update);
- $('#attributes').change(function() {
- update();
- });
-
- </script>
-</html>
diff --git a/modules/customauth/templates/authenticate.tpl.php b/modules/customauth/templates/authenticate.tpl.php
index 5498c1b..fd29cc7 100644
--- a/modules/customauth/templates/authenticate.tpl.php
+++ b/modules/customauth/templates/authenticate.tpl.php
@@ -23,25 +23,32 @@
<form method="post" action="?">
<p><hr/><b>Choose User profile</b></p>
<div style="float:left; margin-right: 10px">
- <select name=username size=5>
+ <select name=username size=5 style='width: 250px;'>
<?php
- foreach ($this->data['users'] as $user => $values) {
- $uarr = explode(':', $user);
- $uid = $uarr[0];
- $display = $this->data['displays'][$user];
- echo "<option name=\"$uid\" value=\"$uid\">$display</option>\n";
+ $first = true;
+ $users = $this->data['users'];
+ $displays = $this->data['displays'];
+ $categories = $this->data['categories'];
+ foreach ($categories as $category => $cat) {
+ if (!$first) echo "<option></option>\n"; $first = false;
+ echo "<option value=\"$category\">--- $category ---</option>\n";
+ foreach ($cat['users'] as $user) {
+ $display = $displays[$user];
+ echo "<option name=\"$user\" value=\"$user\">$display</option>\n";
+ }
}
?>
+ <option></option>
+ <option value="Error Scenarios">--- Error Scenarios ---</option>
+ <option value="error">SAML Error</option>
</select>
</div>
- <div id="explanation">Woohaa!</div><br style="clear: both" />
+ <div id="explanation" style='display: grid'>Woohaa!</div><br style="clear: both" />
<p><hr/><b>Choose attributes</b></p>
<div style="float: left" id="attributes"></div>
<div id="about"></div><br style="clear: both" />
<p><hr/><b>Released attributes</b></p>
<div id="output"></div>
- <p><hr/><b>Special</b></p>
- <div><input type="checkbox" name="error" value="true"> Create SAML Error Response</div>
<input type="hidden" name="ReturnTo" value="<?= htmlspecialchars($this->data['returnTo']) ?>">
<p><input id="submit_button" class="btn" type="submit" value="Log in"></p>
</form>
@@ -69,11 +76,14 @@
}
?>
+ explanations['Error Scenarios'] = "These are the Error Scenarios";
+ explanations['error'] = "This generates a SAML Error";
+
function update() {
var html = "";
for (let key in users[user]) {
if (keys[key]) {
- html += key + ": " + users[user][key] + "<br />\n";
+ html += "<b>" + key + "</b>: " + users[user][key] + "<br />\n";
}
}
$('#output').html(html);
@@ -84,7 +94,7 @@
user = this.value;
for (let key in users[user]) {
attribute = users[user][key];
- attributes += "<input id=chkbx_" + key + " type=checkbox name=keys[" + key + "] " + (keys[key]?'checked':'') + ">" + key + "<br>\n";
+ attributes += "<input id=chkbx_" + key + " type=checkbox name=keys[" + key + "] " + (keys[key]?'checked':'') + " value='" + users[user][key] + "'><span title='" + message[key] + "'>" + key + "</span><br>\n";
};
$('#explanation').html(explanations[user]);
$('#attributes').html(attributes);
diff --git a/modules/customauth/www/authpage.php b/modules/customauth/www/authpage.php
index 7ec652e..e73f543 100644
--- a/modules/customauth/www/authpage.php
+++ b/modules/customauth/www/authpage.php
@@ -42,34 +42,35 @@ $attributes = json_decode(file_get_contents('/opt/simplesamlphp/config/attribute
$users = [];
$explanations = [];
$displays = [];
-foreach ($raw_users as $user => $values) {
+$categories = [];
+foreach ($raw_users as $category => $cat) {
+ $categories[$category]['name'] = $category;
+ $explanations[$category] = $cat['message'];
+ foreach ($cat['profiles'] as $user => $values) {
+ $categories[$category]['users'][] = $user;
$explanations[$user] = $values['explanation'];
$displays[$user] = $values['display'];
- $type[$user] = $values['type'];
unset($values['explanation']);
unset($values['display']);
- unset($values['type']);
$users[$user] = $values;
+ }
}
-
// time to handle login responses; since this is a dummy example, we accept any data
$badUserPass = false;
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
- $username = (string) $_REQUEST['username'];
-
- $user_aa = $users[$username];
-
if (!session_id()) {
// session_start not called before. Do it here.
session_start();
}
- foreach ($user_aa as $key => $value) {
- if (isset($_POST['keys'][$key])) {
- $_SESSION['attributes'][$key] = $value;
- }
+ $attributes = @$_POST['keys'] or [];
+
+ foreach ($attributes as $key => $value) {
+ $_SESSION['attributes'][$key] = $value;
}
- if (isset($_POST['error'])) {
+
+ $username = (string) $_REQUEST['username'];
+ if ($username == 'error') {
$_SESSION['ErrorResponse'] = TRUE;
}
@@ -83,5 +84,6 @@ $t->data['users'] = $users;
$t->data['attributes'] = $attributes;
$t->data['explanations'] = $explanations;
$t->data['displays'] = $displays;
+$t->data['categories'] = $categories;
$t->data['returnTo'] = $returnTo;
$t->show();
--
GitLab