From 290e337df79da3aec842298304f5256b30e88beb Mon Sep 17 00:00:00 2001
From: "renater.salaun" <renater.salaun@047e039d-479c-447e-8a29-aa6bf4a09bab>
Date: Mon, 30 Mar 2015 13:45:53 +0000
Subject: [PATCH] Define a new attribute in the datasource 'internal_uid' used
for both generating eduPersonTargetedId and user consent. Otherwise we're in
trouble if 'uid' is not defined for a given account profile
git-svn-id: https://svn.geant.net/GEANT/edugain_testidp_account_manager/trunk@114 047e039d-479c-447e-8a29-aa6bf4a09bab
---
templates/accountProfiles/alumni1.tt2 | 1 +
templates/accountProfiles/employee1.tt2 | 1 +
templates/accountProfiles/generic1.tt2 | 1 +
templates/accountProfiles/librarywalkin1.tt2 | 1 +
templates/accountProfiles/researcher1.tt2 | 1 +
templates/accountProfiles/student1.tt2 | 1 +
templates/accountProfiles/student2.tt2 | 1 +
templates/accountProfiles/teacher1.tt2 | 1 +
templates/accountProfiles/teacher2.tt2 | 1 +
templates/web/validate_token.tt2.html | 2 +-
10 files changed, 10 insertions(+), 1 deletion(-)
diff --git a/templates/accountProfiles/alumni1.tt2 b/templates/accountProfiles/alumni1.tt2
index ee83492..fd689b5 100644
--- a/templates/accountProfiles/alumni1.tt2
+++ b/templates/accountProfiles/alumni1.tt2
@@ -4,6 +4,7 @@
[% SET account_profile = {
'type' => 'Alumni',
'comment' => 'Value "member" is not set for eduPersonAffiliation, contrary to current students.',
+ 'internal_uid' => "${account_id}",
'uid' => "${account_id}",
'eduPersonAffiliation' => ['alum'],
'eduPersonScopedAffiliation' => ["alum@${conf.idp_scope}"],
diff --git a/templates/accountProfiles/employee1.tt2 b/templates/accountProfiles/employee1.tt2
index 640a45d..02f4b62 100644
--- a/templates/accountProfiles/employee1.tt2
+++ b/templates/accountProfiles/employee1.tt2
@@ -4,6 +4,7 @@
[% SET account_profile = {
'type' => 'Employee',
'comment' => 'There are conflicting definitions of "staff" and "employee" from country to country that make those values particularly unreliable in any international context. However in this example we set both values.',
+ 'internal_uid' => "${account_id}",
'uid' => "${account_id}",
'eduPersonAffiliation' => ['member','staff','employee'],
'eduPersonScopedAffiliation' => ["member@${conf.idp_scope}","staff@${conf.idp_scope}","employee@${conf.idp_scope}"],
diff --git a/templates/accountProfiles/generic1.tt2 b/templates/accountProfiles/generic1.tt2
index 9d2b90c..95c7eb0 100644
--- a/templates/accountProfiles/generic1.tt2
+++ b/templates/accountProfiles/generic1.tt2
@@ -4,6 +4,7 @@
[% SET account_profile = {
'type' => 'Generic',
'comment' => 'This account provides a limited set of user attributes (eduPersonPrincipalName, mail and displayName).',
+ 'internal_uid' => "${account_id}",
'displayName' => '山崎 弘å樫野 陽å',
'mail' => "forearartian@${conf.idp_scope}",
'eduPersonPrincipalName' =>"${account_id}@${conf.idp_scope}",
diff --git a/templates/accountProfiles/librarywalkin1.tt2 b/templates/accountProfiles/librarywalkin1.tt2
index 7299dc6..7c4dc4f 100644
--- a/templates/accountProfiles/librarywalkin1.tt2
+++ b/templates/accountProfiles/librarywalkin1.tt2
@@ -4,6 +4,7 @@
[% SET account_profile = {
'type' => 'Library walk-in',
'comment' => 'This term was created to cover the case where physical presence in a library facility grants someone access to electronic resources typically licensed for faculty, staff and students. In recent years the library walk-in provision has been extended to cover other cases such as library users on the campus network, or those using on-campus workstations. Licensed resource providers have often been willing to interpret their contracts with licensees to accept this broader definition of "library-walk-in," though specific terms may vary. For a more direct way of using eduPerson attributes to express library privilege information, see the eduPersonEntitlement value "urn:mace:dir:entitlement:common-lib-terms" as defined in the MACE-Dir Registry of eduPersonEntitlement values <a href="http://middleware.internet2.edu/urn-mace/urn-mace-dir-entitlement.html">http://middleware.internet2.edu/urn-mace/urn-mace-dir-entitlement.html</a>.',
+ 'internal_uid' => "${account_id}",
'uid' => "${account_id}",
'eduPersonAffiliation' => ['library-walk-in'],
'eduPersonScopedAffiliation' => ["library-walk-in@${conf.idp_scope}"],
diff --git a/templates/accountProfiles/researcher1.tt2 b/templates/accountProfiles/researcher1.tt2
index 58b045d..538028d 100644
--- a/templates/accountProfiles/researcher1.tt2
+++ b/templates/accountProfiles/researcher1.tt2
@@ -4,6 +4,7 @@
[% SET account_profile = {
'type' => 'Researcher',
'comment' => "No standard value for eduPersonAffiliation can be used to represent a researcher. Therefore you can't differenciate a teacher from a researcher.",
+ 'internal_uid' => "${account_id}",
'uid' => "${account_id}",
'eduPersonAffiliation' => ['member', 'faculty'],
'eduPersonScopedAffiliation' => ["member@${conf.idp_scope}", "faculty@${conf.idp_scope}"],
diff --git a/templates/accountProfiles/student1.tt2 b/templates/accountProfiles/student1.tt2
index c8a0c26..aacaa1f 100644
--- a/templates/accountProfiles/student1.tt2
+++ b/templates/accountProfiles/student1.tt2
@@ -4,6 +4,7 @@
[% SET account_profile = {
'type' => 'Student',
'comment' => 'An active student has both "member" and "student" values set for eduPersonAffiliation.',
+ 'internal_uid' => "${account_id}",
'uid' => "${account_id}",
'eduPersonAffiliation' => ['member', 'student'],
'eduPersonScopedAffiliation' => ["member@${conf.idp_scope}","student@${conf.idp_scope}"],
diff --git a/templates/accountProfiles/student2.tt2 b/templates/accountProfiles/student2.tt2
index 50c35b9..476c424 100644
--- a/templates/accountProfiles/student2.tt2
+++ b/templates/accountProfiles/student2.tt2
@@ -4,6 +4,7 @@
[% SET account_profile = {
'type' => 'Student',
'comment' => 'A PhD student, having three values set for eduPersonAffiliation: "member" and "student" and "faculty".',
+ 'internal_uid' => "${account_id}",
'uid' => "${account_id}",
'eduPersonAffiliation' => ['member', 'student','faculty'],
'eduPersonScopedAffiliation' => ["member@${conf.idp_scope}","student@${conf.idp_scope}","faculty@${conf.idp_scope}"],
diff --git a/templates/accountProfiles/teacher1.tt2 b/templates/accountProfiles/teacher1.tt2
index 9c8ff94..79e53fb 100644
--- a/templates/accountProfiles/teacher1.tt2
+++ b/templates/accountProfiles/teacher1.tt2
@@ -4,6 +4,7 @@
[% SET account_profile = {
'type' => 'Teacher',
'comment' => 'An active teacher has both "member" and "faculty" values set for eduPersonAffiliation.',
+ 'internal_uid' => "${account_id}",
'uid' => "${account_id}",
'eduPersonAffiliation' => ['member', 'faculty'],
'eduPersonScopedAffiliation' => ["member@${conf.idp_scope}", "faculty@${conf.idp_scope}"],
diff --git a/templates/accountProfiles/teacher2.tt2 b/templates/accountProfiles/teacher2.tt2
index c65add1..58b76fe 100644
--- a/templates/accountProfiles/teacher2.tt2
+++ b/templates/accountProfiles/teacher2.tt2
@@ -4,6 +4,7 @@
[% SET account_profile = {
'type' => 'Teacher',
'comment' => 'This account provides a limited set of user attributes (eduPersonScopedAffiliation and eduPersonTargetedID).',
+ 'internal_uid' => "${account_id}",
'eduPersonScopedAffiliation' => ["member@${conf.idp_scope}", "faculty@${conf.idp_scope}"],
} %]
diff --git a/templates/web/validate_token.tt2.html b/templates/web/validate_token.tt2.html
index 463deb7..3583e2d 100644
--- a/templates/web/validate_token.tt2.html
+++ b/templates/web/validate_token.tt2.html
@@ -47,7 +47,7 @@
<table>
<caption>List of user attributes</caption>
[% FOREACH attribute IN account_profile.pairs -%]
- [% NEXT IF attribute.key.match('^(type|comment)$') %]
+ [% NEXT IF attribute.key.match('^(type|comment|internal_uid)$') %]
[% IF attribute.value.isa('SCALAR') -%]
<tr>
--
GitLab