From 53c3b122c194c786ef69ad5ff66cceeca78e5d5b Mon Sep 17 00:00:00 2001
From: Guillaume Rousse <guillaume.rousse@renater.fr>
Date: Fri, 10 Nov 2017 11:34:24 +0100
Subject: [PATCH] simplification: output directly from included templates
---
bin/account-manager.pl.in | 1 +
lib/IdPAccountManager/Tools.pm | 22 ++--------
lib/IdPAccountManager/WebRequest.pm | 3 +-
templates/accountProfiles/alumni1.tt2 | 31 ++++++-------
templates/accountProfiles/employee1.tt2 | 33 +++++++-------
templates/accountProfiles/fullset1.tt2 | 36 +++++++---------
templates/accountProfiles/generic1.tt2 | 22 ++++------
templates/accountProfiles/librarywalkin1.tt2 | 43 +++++++++++--------
templates/accountProfiles/limitedset1.tt2 | 15 +++----
templates/accountProfiles/researcher1.tt2 | 33 +++++++-------
templates/accountProfiles/student1.tt2 | 31 ++++++-------
templates/accountProfiles/student2.tt2 | 30 ++++++-------
templates/accountProfiles/teacher1.tt2 | 32 ++++++--------
templates/accountProfiles/teacher2.tt2 | 18 +++-----
.../accountProfiles/valid-accounts.php.tt2 | 19 +++-----
15 files changed, 160 insertions(+), 209 deletions(-)
diff --git a/bin/account-manager.pl.in b/bin/account-manager.pl.in
index 1b297f3..e89f075 100755
--- a/bin/account-manager.pl.in
+++ b/bin/account-manager.pl.in
@@ -147,6 +147,7 @@ sub list_accounts {
IdPAccountManager::Tools::update_ssp_authsources(
$configuration->{templates_dir},
$configuration->{idp_accounts_file},
+ $configuration->{idp_scope},
$accounts
);
};
diff --git a/lib/IdPAccountManager/Tools.pm b/lib/IdPAccountManager/Tools.pm
index cf8dc9e..2448018 100644
--- a/lib/IdPAccountManager/Tools.pm
+++ b/lib/IdPAccountManager/Tools.pm
@@ -6,23 +6,6 @@ use warnings;
use Digest::SHA;
use Encode;
use Template;
-use Template::Stash;
-
-INIT {
- ## a TT2 virtual method to get a variable type
- $Template::Stash::LIST_OPS->{isa} = sub {
- my ($list, $type) = @_;
-
- return 1 if ($type eq 'ARRAY');
- return 0;
- };
- $Template::Stash::SCALAR_OPS->{isa} = sub {
- my ($list, $type) = @_;
-
- return 1 if ($type eq 'SCALAR');
- return 0;
- };
-}
# get SHA256 hash for a string
sub sha256_hash {
@@ -80,14 +63,15 @@ sub generate_password {
## Updates simpleSamlPhp authsources.php configuration file
sub update_ssp_authsources {
- my ($templates_dir, $output, $accounts) = @_;
+ my ($templates_dir, $output, $idp_scope, $accounts) = @_;
my $tt2 = Template->new({
INCLUDE_PATH => $templates_dir
});
my $template = 'accountProfiles/valid-accounts.php.tt2';
my $data = {
- accounts => $accounts
+ accounts => $accounts,
+ idp_scope => $idp_scope
};
$tt2->process($template, $data, $output) or die $tt2->error();
diff --git a/lib/IdPAccountManager/WebRequest.pm b/lib/IdPAccountManager/WebRequest.pm
index c87f50d..0ff7dba 100755
--- a/lib/IdPAccountManager/WebRequest.pm
+++ b/lib/IdPAccountManager/WebRequest.pm
@@ -489,7 +489,8 @@ sub req_validate_token {
IdPAccountManager::Tools::update_ssp_authsources(
$self->{configuration}->{templates_dir},
$self->{configuration}->{idp_accounts_file},
- \@accounts
+ $self->{configuration}->{idp_scope},
+ \@accounts,
);
};
if ($EVAL_ERROR) {
diff --git a/templates/accountProfiles/alumni1.tt2 b/templates/accountProfiles/alumni1.tt2
index d89e987..fa143cf 100644
--- a/templates/accountProfiles/alumni1.tt2
+++ b/templates/accountProfiles/alumni1.tt2
@@ -1,17 +1,14 @@
-[% account_sp_entityid = account.sp_entityid() %]
-[% account_id = account.id() %]
-
-[% SET account_profile = {
- 'type' => 'Alumni',
- 'comment' => 'Value "member" is not set for eduPersonAffiliation, contrary to current students.',
- 'internal_uid' => "user${account_id}",
- 'eduPersonAffiliation' => ['alum'],
- 'eduPersonScopedAffiliation' => ["alum@${conf.idp_scope}"],
- 'displayName' => 'Åsold Wahlstrøm - eduGAIN Access Check account',
- 'cn' => 'Åsold Wahlstrøm - eduGAIN Access Check account',
- 'mail' => "asold.wahlstrom@${conf.idp_scope}",
- 'eduPersonPrincipalName' =>"${account_id}@${conf.idp_scope}",
- 'schacHomeOrganization' => "${conf.idp_scope}",
- 'schacHomeOrganizationType' => 'urn:schac:homeOrganizationType:int:other',
-} %]
-
+ /*
+ profile type: alumni
+ Value "member" is not set for eduPersonAffiliation, contrary to
+ current students
+ */
+ 'internal_uid' => 'user[% account.id() %]',
+ 'cn' => 'Åsold Wahlstrøm - eduGAIN Access Check account',
+ 'displayName' => 'Åsold Wahlstrøm - eduGAIN Access Check account',
+ 'mail' => 'asold.wahlstrom@[% idp_scope %]',
+ 'eduPersonAffiliation' => ['alum'],
+ 'eduPersonScopedAffiliation' => ['alum@[% idp_scope %]'],
+ 'eduPersonPrincipalName' => '[% account.id() %]@[% idp_scope %]',
+ 'schacHomeOrganization' => '[% idp_scope %]',
+ 'schacHomeOrganizationType' => 'urn:schac:homeOrganizationType:int:other',
diff --git a/templates/accountProfiles/employee1.tt2 b/templates/accountProfiles/employee1.tt2
index 88f3282..91f22fe 100644
--- a/templates/accountProfiles/employee1.tt2
+++ b/templates/accountProfiles/employee1.tt2
@@ -1,17 +1,16 @@
-[% account_sp_entityid = account.sp_entityid() %]
-[% account_id = account.id() %]
-
-[% SET account_profile = {
- 'type' => 'Employee',
- 'comment' => 'There are conflicting definitions of "staff" and "employee" from country to country that make those values particularly unreliable in any international context. However in this example we set both values.',
- 'internal_uid' => "user${account_id}",
- 'eduPersonAffiliation' => ['member','staff','employee'],
- 'eduPersonScopedAffiliation' => ["member@${conf.idp_scope}","staff@${conf.idp_scope}","employee@${conf.idp_scope}"],
- 'displayName' => 'Linnéa Hsu - eduGAIN Access Check account',
- 'cn' => 'Linnéa Hsu - eduGAIN Access Check account',
- 'mail' => "linnea.hsu@${conf.idp_scope}",
- 'eduPersonPrincipalName' =>"${account_id}@${conf.idp_scope}",
- 'schacHomeOrganization' => "${conf.idp_scope}",
- 'schacHomeOrganizationType' => 'urn:schac:homeOrganizationType:int:other',
-} %]
-
+ /*
+ profile type: employee
+ There are conflicting definitions of "staff" and "employee" from
+ country to country that make those values particularly unreliable
+ in any international context. However in this example we set both
+ values
+ */
+ 'internal_uid' => 'user[% account.id() %]',
+ 'cn' => 'Linnéa Hsu - eduGAIN Access Check account',
+ 'displayName' => 'Linnéa Hsu - eduGAIN Access Check account',
+ 'mail' => 'linnea.hsu@[% idp_scope %]',
+ 'eduPersonAffiliation' => ['member','staff','employee'],
+ 'eduPersonScopedAffiliation' => ['member@[% idp_scope %]','staff@[% idp_scope %]','employee@[% idp_scope %]'],
+ 'eduPersonPrincipalName' => '[% account.id() %]@[% idp_scope %]',
+ 'schacHomeOrganization' => '[% idp_scope %]',
+ 'schacHomeOrganizationType' => 'urn:schac:homeOrganizationType:int:other',
diff --git a/templates/accountProfiles/fullset1.tt2 b/templates/accountProfiles/fullset1.tt2
index 6ddaa48..b2db8a9 100644
--- a/templates/accountProfiles/fullset1.tt2
+++ b/templates/accountProfiles/fullset1.tt2
@@ -1,20 +1,16 @@
-[% account_sp_entityid = account.sp_entityid() %]
-[% account_id = account.id() %]
-
-[% SET account_profile = {
- 'type' => 'FullSet',
- 'comment' => "This user profile respresents a researcher with all eduGAIN user attributes plus givenName and surname.",
- 'internal_uid' => "user${account_id}",
- 'eduPersonAffiliation' => ['member', 'faculty'],
- 'eduPersonScopedAffiliation' => ["member@${conf.idp_scope}", "faculty@${conf.idp_scope}"],
- 'displayName' => 'Gundabald Lightfoot - eduGAIN Access Check account',
- 'cn' => 'Gundabald Lightfoot - eduGAIN Access Check account',
- 'givenName' => 'Gundabald',
- 'sn' => 'Lightfoot - eduGAIN Access Check account',
- 'mail' => "gundabald.lightfoot@${conf.idp_scope}",
- 'eduPersonPrincipalName' =>"${account_id}@${conf.idp_scope}",
- 'schacHomeOrganization' => "${conf.idp_scope}",
- 'schacHomeOrganizationType' => 'urn:schac:homeOrganizationType:int:other',
-} %]
-
-
+ /*
+ profile type: full set
+ This user profile respresents a researcher with all eduGAIN user
+ attributes plus givenName and surname.",
+ */
+ 'internal_uid' => 'user[% account.id() %]',
+ 'cn' => 'Gundabald Lightfoot - eduGAIN Access Check account',
+ 'displayName' => 'Gundabald Lightfoot - eduGAIN Access Check account',
+ 'givenName' => 'Gundabald',
+ 'sn' => 'Lightfoot - eduGAIN Access Check account',
+ 'mail' => 'gundabald.lightfoot@[% idp_scope %]',
+ 'eduPersonAffiliation' => ['member', 'faculty'],
+ 'eduPersonScopedAffiliation' => ['member@[% idp_scope %]', 'faculty@[% idp_scope %]'],
+ 'eduPersonPrincipalName' => '[% account.id() %]@[% idp_scope %]',
+ 'schacHomeOrganization' => '[% idp_scope %]',
+ 'schacHomeOrganizationType' => 'urn:schac:homeOrganizationType:int:other',
diff --git a/templates/accountProfiles/generic1.tt2 b/templates/accountProfiles/generic1.tt2
index ed49adb..e37fd55 100644
--- a/templates/accountProfiles/generic1.tt2
+++ b/templates/accountProfiles/generic1.tt2
@@ -1,13 +1,9 @@
-[% account_sp_entityid = account.sp_entityid() %]
-[% account_id = account.id() %]
-
-[% SET account_profile = {
- 'type' => 'Generic',
- 'comment' => 'This account provides a limited set of user attributes (eduPersonPrincipalName, mail and displayName).',
- 'internal_uid' => "user${account_id}",
- 'displayName' => '山崎 弘å樫野 陽å - eduGAIN Access Check account',
- 'mail' => "forearartian@${conf.idp_scope}",
- 'eduPersonPrincipalName' =>"${account_id}@${conf.idp_scope}",
-} %]
-
-
+ /*
+ profile type: generic
+ This account provides a limited set of user attributes
+ (eduPersonPrincipalName, mail and displayName)
+ */
+ 'internal_uid' => 'user[% account.id() %]',
+ 'displayName' => '山崎 弘å樫野 陽å - eduGAIN Access Check account',
+ 'mail' => 'forearartian@[% idp_scope %]',
+ 'eduPersonPrincipalName' => '[% account.id() %]@[% idp_scope %]',
diff --git a/templates/accountProfiles/librarywalkin1.tt2 b/templates/accountProfiles/librarywalkin1.tt2
index 096b1ec..f84acea 100644
--- a/templates/accountProfiles/librarywalkin1.tt2
+++ b/templates/accountProfiles/librarywalkin1.tt2
@@ -1,18 +1,25 @@
-[% account_sp_entityid = account.sp_entityid() %]
-[% account_id = account.id() %]
-
-[% SET account_profile = {
- 'type' => 'Library walk-in',
- 'comment' => 'This term was created to cover the case where physical presence in a library facility grants someone access to electronic resources typically licensed for faculty, staff and students. In recent years the library walk-in provision has been extended to cover other cases such as library users on the campus network, or those using on-campus workstations. Licensed resource providers have often been willing to interpret their contracts with licensees to accept this broader definition of "library-walk-in," though specific terms may vary. For a more direct way of using eduPerson attributes to express library privilege information, see the eduPersonEntitlement value "urn:mace:dir:entitlement:common-lib-terms" as defined in the MACE-Dir Registry of eduPersonEntitlement values <a href="http://middleware.internet2.edu/urn-mace/urn-mace-dir-entitlement.html">http://middleware.internet2.edu/urn-mace/urn-mace-dir-entitlement.html</a>.',
- 'internal_uid' => "user${account_id}",
- 'eduPersonAffiliation' => ['library-walk-in'],
- 'eduPersonScopedAffiliation' => ["library-walk-in@${conf.idp_scope}"],
- 'displayName' => 'Ramón Núñez - eduGAIN Access Check account',
- 'cn' => 'Ramón Núñez - eduGAIN Access Check account',
- 'mail' => "ramon.nunez@${conf.idp_scope}",
- 'eduPersonPrincipalName' =>"${account_id}@${conf.idp_scope}",
- 'schacHomeOrganization' => "${conf.idp_scope}",
- 'schacHomeOrganizationType' => 'urn:schac:homeOrganizationType:int:other',
- 'eduPersonEntitlement' => 'urn:mace:dir:entitlement:common-lib-terms',
-} %]
-
+ /*
+ profile type: library walk-in
+ This term was created to cover the case where physical presence in
+ a library facility grants someone access to electronic resources
+ typically licensed for faculty, staff and students. In recent years
+ the library walk-in provision has been extended to cover other
+ cases such as library users on the campus network, or those using
+ on-campus workstations. Licensed resource providers have often
+ been willing to interpret their contracts with licensees to accept
+ this broader definition of "library-walk-in," though specific terms
+ may vary. For a more direct way of using eduPerson attributes to
+ express library privilege information, see the eduPersonEntitlement
+ value "urn:mace:dir:entitlement:common-lib-terms" as defined in the
+ MACE-Dir Registry of eduPersonEntitlement values http://middleware.internet2.edu/urn-mace/urn-mace-dir-entitlement.html
+ */
+ 'internal_uid' => 'user[% account.id() %]',
+ 'cn' => 'Ramón Núñez - eduGAIN Access Check account',
+ 'displayName' => 'Ramón Núñez - eduGAIN Access Check account',
+ 'mail' => 'ramon.nunez@[% idp_scope %]',
+ 'eduPersonAffiliation' => ['library-walk-in'],
+ 'eduPersonScopedAffiliation' => ['library-walk-in@[% idp_scope %]'],
+ 'eduPersonPrincipalName' => '[% account.id() %]@[% idp_scope %]',
+ 'eduPersonEntitlement' => 'urn:mace:dir:entitlement:common-lib-terms',
+ 'schacHomeOrganization' => '[% idp_scope %]',
+ 'schacHomeOrganizationType' => 'urn:schac:homeOrganizationType:int:other',
diff --git a/templates/accountProfiles/limitedset1.tt2 b/templates/accountProfiles/limitedset1.tt2
index 6beb400..7100ec4 100644
--- a/templates/accountProfiles/limitedset1.tt2
+++ b/templates/accountProfiles/limitedset1.tt2
@@ -1,10 +1,5 @@
-[% account_sp_entityid = account.sp_entityid() %]
-[% account_id = account.id() %]
-
-[% SET account_profile = {
- 'type' => 'LimitedSet',
- 'comment' => 'This account provides only an eduPersonTargetedID attribute.',
- 'internal_uid' => "user${account_id}",
-} %]
-
-
+ /*
+ profile type: limited set
+ This account provides only an eduPersonTargetedID attribute
+ */
+ 'internal_uid' => 'user[% account.id() %]',
diff --git a/templates/accountProfiles/researcher1.tt2 b/templates/accountProfiles/researcher1.tt2
index f2e57b4..6322ddd 100644
--- a/templates/accountProfiles/researcher1.tt2
+++ b/templates/accountProfiles/researcher1.tt2
@@ -1,18 +1,15 @@
-[% account_sp_entityid = account.sp_entityid() %]
-[% account_id = account.id() %]
-
-[% SET account_profile = {
- 'type' => 'Researcher',
- 'comment' => "No standard value for eduPersonAffiliation can be used to represent a researcher. Therefore you can't differenciate a teacher from a researcher.",
- 'internal_uid' => "user${account_id}",
- 'eduPersonAffiliation' => ['member', 'faculty'],
- 'eduPersonScopedAffiliation' => ["member@${conf.idp_scope}", "faculty@${conf.idp_scope}"],
- 'displayName' => 'Stéphane Larivière - eduGAIN Access Check account',
- 'cn' => 'Stéphane Larivière - eduGAIN Access Check account',
- 'mail' => "stephane.lariviere@${conf.idp_scope}",
- 'eduPersonPrincipalName' =>"${account_id}@${conf.idp_scope}",
- 'schacHomeOrganization' => "${conf.idp_scope}",
- 'schacHomeOrganizationType' => 'urn:schac:homeOrganizationType:int:other',
-} %]
-
-
+ /*
+ profile type: researcher
+ No standard value for eduPersonAffiliation can be used to represent
+ a researcher. Therefore you can't differenciate a teacher from a
+ researcher
+ */
+ 'internal_uid' => 'user[% account.id() %]',
+ 'cn' => 'Stéphane Larivière - eduGAIN Access Check account',
+ 'displayName' => 'Stéphane Larivière - eduGAIN Access Check account',
+ 'mail' => 'stephane.lariviere@[% idp_scope %]',
+ 'eduPersonAffiliation' => ['member', 'faculty'],
+ 'eduPersonScopedAffiliation' => ['member@[% idp_scope %]', 'faculty@[% idp_scope %]'],
+ 'eduPersonPrincipalName' => '[% account.id() %]@[% idp_scope %]',
+ 'schacHomeOrganization' => '[% idp_scope %]',
+ 'schacHomeOrganizationType' => 'urn:schac:homeOrganizationType:int:other',
diff --git a/templates/accountProfiles/student1.tt2 b/templates/accountProfiles/student1.tt2
index 3a6e7c6..4525c8d 100644
--- a/templates/accountProfiles/student1.tt2
+++ b/templates/accountProfiles/student1.tt2
@@ -1,17 +1,14 @@
-[% account_sp_entityid = account.sp_entityid() %]
-[% account_id = account.id() %]
-
-[% SET account_profile = {
- 'type' => 'Student',
- 'comment' => 'An active student has both "member" and "student" values set for eduPersonAffiliation.',
- 'internal_uid' => "user${account_id}",
- 'eduPersonAffiliation' => ['member', 'student'],
- 'eduPersonScopedAffiliation' => ["member@${conf.idp_scope}","student@${conf.idp_scope}"],
- 'displayName' => 'Ciarán MacCárthaigh - eduGAIN Access Check account',
- 'cn' => 'Ciarán MacCárthaigh - eduGAIN Access Check account',
- 'mail' => "ciaran.maccarthaigh@${conf.idp_scope}",
- 'eduPersonPrincipalName' =>"${account_id}@${conf.idp_scope}",
- 'schacHomeOrganization' => "${conf.idp_scope}",
- 'schacHomeOrganizationType' => 'urn:schac:homeOrganizationType:int:other',
-} %]
-
+ /*
+ profile type: student
+ An active student has both "member" and "student" values set for
+ eduPersonAffiliation
+ */
+ 'internal_uid' => 'user[% account.id() %]',
+ 'cn' => 'Ciarán MacCárthaigh - eduGAIN Access Check account',
+ 'displayName' => 'Ciarán MacCárthaigh - eduGAIN Access Check account',
+ 'mail' => 'ciaran.maccarthaigh@[% idp_scope %]',
+ 'eduPersonAffiliation' => ['member', 'student'],
+ 'eduPersonScopedAffiliation' => ['member@[% idp_scope %]','student@[% idp_scope %]'],
+ 'eduPersonPrincipalName' => '[% account.id() %]@[% idp_scope %]',
+ 'schacHomeOrganization' => '[% idp_scope %]',
+ 'schacHomeOrganizationType' => 'urn:schac:homeOrganizationType:int:other',
diff --git a/templates/accountProfiles/student2.tt2 b/templates/accountProfiles/student2.tt2
index 60bf538..5055ef1 100644
--- a/templates/accountProfiles/student2.tt2
+++ b/templates/accountProfiles/student2.tt2
@@ -1,17 +1,15 @@
-[% account_sp_entityid = account.sp_entityid() %]
-[% account_id = account.id() %]
-
-[% SET account_profile = {
- 'type' => 'Student',
- 'comment' => 'A PhD student, having three values set for eduPersonAffiliation: "member" and "student" and "faculty".',
- 'internal_uid' => "user${account_id}",
- 'eduPersonAffiliation' => ['member', 'student','faculty'],
- 'eduPersonScopedAffiliation' => ["member@${conf.idp_scope}","student@${conf.idp_scope}","faculty@${conf.idp_scope}"],
- 'displayName' => 'Damiën Kuijper - eduGAIN Access Check account',
- 'cn' => 'Damiën Kuijper - eduGAIN Access Check account',
- 'mail' => "damien.kuijper@${conf.idp_scope}",
- 'eduPersonPrincipalName' =>"${account_id}@${conf.idp_scope}",
- 'schacHomeOrganization' => "${conf.idp_scope}",
- 'schacHomeOrganizationType' => 'urn:schac:homeOrganizationType:int:other',
-} %]
+ /*
+ profile type: student
+ A PhD student, having three values set for eduPersonAffiliation:
+ "member" and "student" and "faculty"
+ */
+ 'internal_uid' => 'user[% account.id() %]',
+ 'cn' => 'Damiën Kuijper - eduGAIN Access Check account',
+ 'displayName' => 'Damiën Kuijper - eduGAIN Access Check account',
+ 'mail' => 'damien.kuijper@[% idp_scope %]',
+ 'eduPersonAffiliation' => ['member', 'student','faculty'],
+ 'eduPersonScopedAffiliation' => ['member@[% idp_scope %]','student@[% idp_scope %]','faculty@[% idp_scope %]'],
+ 'eduPersonPrincipalName' => '[% account.id() %]@[% idp_scope %]',
+ 'schacHomeOrganization' => '[% idp_scope %]',
+ 'schacHomeOrganizationType' => 'urn:schac:homeOrganizationType:int:other',
diff --git a/templates/accountProfiles/teacher1.tt2 b/templates/accountProfiles/teacher1.tt2
index 0128501..97a02fe 100644
--- a/templates/accountProfiles/teacher1.tt2
+++ b/templates/accountProfiles/teacher1.tt2
@@ -1,18 +1,14 @@
-[% account_sp_entityid = account.sp_entityid() %]
-[% account_id = account.id() %]
-
-[% SET account_profile = {
- 'type' => 'Teacher',
- 'comment' => 'An active teacher has both "member" and "faculty" values set for eduPersonAffiliation.',
- 'internal_uid' => "user${account_id}",
- 'eduPersonAffiliation' => ['member', 'faculty'],
- 'eduPersonScopedAffiliation' => ["member@${conf.idp_scope}", "faculty@${conf.idp_scope}"],
- 'displayName' => 'Peter Müller - eduGAIN Access Check account',
- 'cn' => 'Peter Müller - eduGAIN Access Check account',
- 'mail' => "peter.muller@${conf.idp_scope}",
- 'eduPersonPrincipalName' =>"${account_id}@${conf.idp_scope}",
- 'schacHomeOrganization' => "${conf.idp_scope}",
- 'schacHomeOrganizationType' => 'urn:schac:homeOrganizationType:int:other',
-} %]
-
-
+ /*
+ profile type: teacher
+ An active teacher has both "member" and "faculty" values set for
+ eduPersonAffiliation
+ */
+ 'internal_uid' => 'user[% account.id() %]',
+ 'cn' => 'Peter Müller - eduGAIN Access Check account',
+ 'displayName' => 'Peter Müller - eduGAIN Access Check account',
+ 'mail' => 'peter.muller@[% idp_scope %]',
+ 'eduPersonAffiliation' => ['member', 'faculty'],
+ 'eduPersonScopedAffiliation' => ['member@[% idp_scope %]', 'faculty@[% idp_scope %]'],
+ 'eduPersonPrincipalName' => '[% account.id() %]@[% idp_scope %]',
+ 'schacHomeOrganization' => '[% idp_scope %]',
+ 'schacHomeOrganizationType' => 'urn:schac:homeOrganizationType:int:other',
diff --git a/templates/accountProfiles/teacher2.tt2 b/templates/accountProfiles/teacher2.tt2
index f7a4807..4fb05e8 100644
--- a/templates/accountProfiles/teacher2.tt2
+++ b/templates/accountProfiles/teacher2.tt2
@@ -1,11 +1,7 @@
-[% account_sp_entityid = account.sp_entityid() %]
-[% account_id = account.id() %]
-
-[% SET account_profile = {
- 'type' => 'Teacher',
- 'comment' => 'This account provides a limited set of user attributes (eduPersonScopedAffiliation and eduPersonTargetedID).',
- 'internal_uid' => "user${account_id}",
- 'eduPersonScopedAffiliation' => ["member@${conf.idp_scope}", "faculty@${conf.idp_scope}"],
-} %]
-
-
+ /*
+ profile type: teacher
+ This account provides a limited set of user attributes
+ (eduPersonScopedAffiliation and eduPersonTargetedID)
+ */
+ 'internal_uid' => 'user[% account.id() %]',
+ 'eduPersonScopedAffiliation' => ['member@[% idp_scope %]', 'faculty@[% idp_scope %]'],
diff --git a/templates/accountProfiles/valid-accounts.php.tt2 b/templates/accountProfiles/valid-accounts.php.tt2
index 1c36165..5074ce9 100644
--- a/templates/accountProfiles/valid-accounts.php.tt2
+++ b/templates/accountProfiles/valid-accounts.php.tt2
@@ -1,22 +1,13 @@
<?php
-// template for a PhP configuration file loaded in simpleSamlPhp authsources.php file
+// PhP configuration file loaded in simpleSamlPhp authsources.php file
$validTestAccounts = array (
'authcrypt:Hash',
[% FOREACH account IN accounts %]
- [% PROCESS "accountProfiles/${account.account_profile()}.tt2" %]
- 'user[% account.id() %]:{SHA256}[% account.user_password_hash() %]=' => array(
- [% FOREACH attribute IN account_profile.pairs -%]
- [% NEXT IF attribute.key.match('^(type|comment)$') %]
- [% IF attribute.value.isa('SCALAR') -%]
- '[% attribute.key %]' => '[% attribute.value %]',
- [% ELSE -%]
- '[% attribute.key %]' => array('[% attribute.value.join("','") %]'),
- [% END %]
- [% END %]
- 'associatedSP' => "[% account.sp_entityid() %]",
-
- ),
+ 'user[% account.id() %]:{SHA256}[% account.user_password_hash() %]=' => array(
+[% INCLUDE "accountProfiles/${account.account_profile()}.tt2" -%]
+ 'associatedSP' => '[% account.sp_entityid() %]',
+ ),
[% END %]
);
--
GitLab