move intelligence in code, and keep templating for presentation only

d3e86dbf · Guillaume ROUSSE · 53c3b122 · d3e86dbf · d3e86dbf · d3e86dbf
Commit d3e86dbf authored 7 years ago by Guillaume ROUSSE
--- a/lib/IdPAccountManager/Data/TestAccount.pm
+++ b/lib/IdPAccountManager/Data/TestAccount.pm
@@ -22,6 +22,93 @@ __PACKAGE__->meta->setup(
    primary_key_columns => [ 'id' ],
 );

+my %cn = (
+    alumni1        => 'Åsold Wahlstrøm - eduGAIN Access Check account',
+    employee1      => 'Linnéa Hsu - eduGAIN Access Check account',
+    fullset1       => 'Gundabald Lightfoot - eduGAIN Access Check account',
+    librarywalkin1 => 'Ramón Núñez - eduGAIN Access Check account',
+    researcher1    => 'Stéphane Larivière - eduGAIN Access Check account',
+    student1       => 'Ciarán MacCárthaigh - eduGAIN Access Check account',
+    student2       => 'Damiën Kuijper - eduGAIN Access Check account',
+    teacher1       => 'Peter Müller - eduGAIN Access Check account',
+);
+
+my %givenName = (
+    fullset1       => 'Gundabald',
+);
+
+my %sn = (
+    fullset1       => 'Lightfoot - eduGAIN Access Check account',
+);
+
+my %mail = (
+    alumni1        => 'asold.wahlstrom',
+    employee1      => 'linnea.hsu',
+    fullset1       => 'gundabald.lightfoot',
+    generic1       => 'forearartian',
+    librarywalkin1 => 'ramon.nunez',
+    researcher1    => 'stephane.lariviere',
+    student1       => 'ciaran.maccarthaigh',
+    student2       => 'damien.kuijper',
+    teacher1       => 'peter.muller',
+);
+
+my %affiliation = (
+    alumni1        => [ qw/alum/ ],
+    employee1      => [ qw/member staff employee/ ],
+    fullset1       => [ qw/member faculty/ ],
+    librarywalkin1 => [ qw/library-walk-in/ ],
+    researcher1    => [ qw/member faculty/ ],
+    student1       => [ qw/member student/ ],
+    student2       => [ qw/member student faculty/ ],
+    teacher1       => [ qw/member faculty/ ],
+);
+
+my %scopedAffiliation = (
+    alumni1        => [ qw/alum/ ],
+    employee1      => [ qw/member staff employee/ ],
+    fullset1       => [ qw/member faculty/ ],
+    librarywalkin1 => [ qw/library-walk-in/ ],
+    researcher1    => [ qw/member faculty/ ],
+    student1       => [ qw/member student/ ],
+    student2       => [ qw/member student faculty/ ],
+    teacher1       => [ qw/member faculty/ ],
+    teacher2       => [ qw/member faculty/ ],
+);
+
+my %comment = (
+    alumni1         => <<EOF,
+Value "member" is not set for eduPersonAffiliation, contrary to current students.
+EOF
+    employee1      => <<EOF,
+There are conflicting definitions of "staff" and "employee" from country to country that make those values particularly unreliable in any international context. However in this example we set both values.
+EOF
+    fullset1       => <<EOF,
+This user profile respresents a researcher with all eduGAIN user attributes plus givenName and surname.
+EOF
+    generic1       => <<EOF,
+This account provides a limited set of user attributes (eduPersonPrincipalName, mail and displayName).
+EOF
+    librarywalkin1 => <<EOF,
+This term was created to cover the case where physical presence in a library facility grants someone access to electronic resources typically licensed for faculty, staff and students. In recent years the library walk-in provision has been extended to cover other cases such as library users on the campus network, or those using on-campus workstations.  Licensed resource providers have often been willing to interpret their contracts with licensees to accept this broader definition of "library-walk-in," though specific terms may vary. For a more direct way of using eduPerson attributes to express library privilege information, see the eduPersonEntitlement value "urn:mace:dir:entitlement:common-lib-terms" as defined in the MACE-Dir Registry of eduPersonEntitlement values <a href="http://middleware.internet2.edu/urn-mace/urn-mace-dir-entitlement.html">http://middleware.internet2.edu/urn-mace/urn-mace-dir-entitlement.html</a>.
+EOF
+    researcher1    => <<EOF,
+This account provides only an eduPersonTargetedID attribute.
+EOF
+    student1       => <<EOF,
+An active student has both "member" and "student" values set for eduPersonAffiliation.
+EOF
+    student2       => <<EOF,
+A PhD student, having three values set for eduPersonAffiliation: "member" and "student" and "faculty".
+EOF
+    teacher1       => <<EOF,
+This account provides a limited set of user attributes (eduPersonScopedAffiliation and eduPersonTargetedID).
+EOF
+    teacher2       => <<EOF,
+An active teacher has both "member" and "faculty" values set for eduPersonAffiliation.
+EOF
+);
+
 sub print {
    my ($self, $fd) = @_;
    $fd = \*STDOUT unless $fd;
@@ -57,4 +144,73 @@ sub save {
    $self->SUPER::save();
 }

+sub scope {
+    my ($self, $scope) = @_;
+
+    if ($scope) {
+        $self->{scope} = $scope;
+    } else {
+        return $self->{scope};
+    }
+}
+
+sub internal_uid {
+    my ($self) = @_;
+    return 'user' . $self->id();
+}
+
+sub cn {
+    my ($self) = @_;
+    return $cn{$self->account_profile()};
+}
+
+sub displayName {
+    my ($self) = @_;
+    return $cn{$self->account_profile()};
+}
+
+sub givenName {
+    my ($self) = @_;
+    return $givenName{$self->account_profile()};
+}
+
+sub mail {
+    my ($self) = @_;
+    my $prefix = $mail{$self->account_profile()};
+    return $prefix ?
+        $prefix . '@' . $self->{scope} : undef;
+}
+
+sub eduPersonAffiliation {
+    my ($self) = @_;
+    return $affiliation{$self->account_profile()};
+}
+
+sub eduPersonScopedAffiliation {
+    my ($self) = @_;
+    my $affiliations = $scopedAffiliation{$self->account_profile()};
+    return $affiliations ?
+        [ map { $_ . '@' . $self->{scope} } @$affiliations ] : undef;
+}
+
+sub eduPersonPrincipalName {
+    my ($self) = @_;
+    return $self->id() . '@'. $self->{scope};
+}
+
+sub schacHomeOrganization {
+    my ($self) = @_;
+    return $self->{scope};
+}
+
+sub schacHomeOrganizationType {
+    my ($self) = @_;
+    return "urn:schac:homeOrganizationType:int:other";
+}
+
+sub comment {
+    my ($self) = @_;
+    return $comment{$self->account_profile()};
+}
+
 1;
--- a/lib/IdPAccountManager/Tools.pm
+++ b/lib/IdPAccountManager/Tools.pm
@@ -63,7 +63,7 @@ sub generate_password {

 ## Updates simpleSamlPhp authsources.php configuration file
 sub update_ssp_authsources {
-    my ($templates_dir, $output, $idp_scope, $accounts) = @_;
+    my ($templates_dir, $output, $accounts) = @_;

    my $tt2 = Template->new({
        INCLUDE_PATH => $templates_dir
@@ -71,7 +71,6 @@ sub update_ssp_authsources {
    my $template = 'accountProfiles/valid-accounts.php.tt2';
    my $data = {
        accounts  => $accounts,
-        idp_scope => $idp_scope
    };

    $tt2->process($template, $data, $output) or die $tt2->error();

--- a/lib/IdPAccountManager/WebRequest.pm
+++ b/lib/IdPAccountManager/WebRequest.pm
@@ -468,10 +468,13 @@ sub req_validate_token {
        my $account = IdPAccountManager::Data::TestAccount->new(
            db              => $self->{db},
            account_profile => $profile,
-            sp_entityid     => $self->{in}->{sp_entityid}
+            sp_entityid     => $self->{in}->{sp_entityid},
+            scope           => $self->{configuration}->{idp_scope},
        );
        next unless $account;
-        next unless $account->save();
+        next unless $account->save(
+            account_validity_period => $self->{configuration}->{account_validity_period}
+        );
        push @accounts, $account;
    }

@@ -489,7 +492,6 @@ sub req_validate_token {
    IdPAccountManager::Tools::update_ssp_authsources(
            $self->{configuration}->{templates_dir},
            $self->{configuration}->{idp_accounts_file},
-            $self->{configuration}->{idp_scope},
            \@accounts,
        );
    };
@@ -509,7 +511,7 @@ sub req_validate_token {
    );

    $self->{out}->{sp_entityid}   = $self->{in}->{sp_entityid};
-    $self->{out}->{test_accounts} = \@accounts;
+    $self->{out}->{accounts} = \@accounts;
    $self->{out}->{subtitle} = 'Complete Email Challenge';

    return 1;

--- a/templates/Makefile.am
+++ b/templates/Makefile.am
 nobase_templates_DATA = \
-	accountProfiles/alumni1.tt2 \
-	accountProfiles/employee1.tt2 \
-	accountProfiles/fullset1.tt2 \
-	accountProfiles/generic1.tt2 \
-	accountProfiles/librarywalkin1.tt2 \
-	accountProfiles/limitedset1.tt2 \
-	accountProfiles/researcher1.tt2 \
-	accountProfiles/student1.tt2 \
-	accountProfiles/student2.tt2 \
-	accountProfiles/teacher1.tt2 \
-	accountProfiles/teacher2.tt2 \
 	accountProfiles/valid-accounts.php.tt2 \
 	mail/send_authentication_token.tt2.eml \
 	web/account_wizard.tt2.html \

--- a/templates/accountProfiles/alumni1.tt2
+++ b/templates/accountProfiles/alumni1.tt2
-        /*
-            profile type: alumni
-            Value "member" is not set for eduPersonAffiliation, contrary to 
-            current students
-        */ 
-        'internal_uid' => 'user[% account.id() %]',
-        'cn'           => 'Åsold Wahlstrøm - eduGAIN Access Check account',
-        'displayName'  => 'Åsold Wahlstrøm - eduGAIN Access Check account',
-        'mail'         => 'asold.wahlstrom@[% idp_scope %]',
-        'eduPersonAffiliation'       => ['alum'],
-        'eduPersonScopedAffiliation' => ['alum@[% idp_scope %]'],
-        'eduPersonPrincipalName'     => '[% account.id() %]@[% idp_scope %]',
-        'schacHomeOrganization'      => '[% idp_scope %]',
-        'schacHomeOrganizationType'  => 'urn:schac:homeOrganizationType:int:other',
--- a/templates/accountProfiles/employee1.tt2
+++ b/templates/accountProfiles/employee1.tt2
-        /*
-            profile type: employee
-            There are conflicting definitions of "staff" and "employee" from
-            country to country that make those values particularly unreliable
-            in any international context. However in this example we set both
-            values
-        */ 
-        'internal_uid' => 'user[% account.id() %]',
-        'cn'           => 'Linnéa Hsu - eduGAIN Access Check account',
-        'displayName'  => 'Linnéa Hsu - eduGAIN Access Check account',
-        'mail'         => 'linnea.hsu@[% idp_scope %]',
-        'eduPersonAffiliation'       => ['member','staff','employee'],
-        'eduPersonScopedAffiliation' => ['member@[% idp_scope %]','staff@[% idp_scope %]','employee@[% idp_scope %]'],
-        'eduPersonPrincipalName'     => '[% account.id() %]@[% idp_scope %]',
-        'schacHomeOrganization'      => '[% idp_scope %]',
-        'schacHomeOrganizationType'  => 'urn:schac:homeOrganizationType:int:other',
--- a/templates/accountProfiles/fullset1.tt2
+++ b/templates/accountProfiles/fullset1.tt2
-        /*
-            profile type: full set
-            This user profile respresents a researcher with all eduGAIN user
-            attributes plus givenName and surname.",
-        */
-        'internal_uid' => 'user[% account.id() %]',
-        'cn'           => 'Gundabald Lightfoot - eduGAIN Access Check account',
-        'displayName'  => 'Gundabald Lightfoot - eduGAIN Access Check account',
-        'givenName'    => 'Gundabald',
-        'sn'           => 'Lightfoot - eduGAIN Access Check account',
-        'mail'         => 'gundabald.lightfoot@[% idp_scope %]',
-        'eduPersonAffiliation'       => ['member', 'faculty'],
-        'eduPersonScopedAffiliation' => ['member@[% idp_scope %]', 'faculty@[% idp_scope %]'],
-        'eduPersonPrincipalName'     => '[% account.id() %]@[% idp_scope %]',
-        'schacHomeOrganization'      => '[% idp_scope %]',
-        'schacHomeOrganizationType'  => 'urn:schac:homeOrganizationType:int:other',
--- a/templates/accountProfiles/generic1.tt2
+++ b/templates/accountProfiles/generic1.tt2
-        /*
-            profile type: generic
-            This account provides a limited set of user attributes
-            (eduPersonPrincipalName, mail and displayName)
-        */
-        'internal_uid' => 'user[% account.id() %]',
-        'displayName'  => '山崎 弘子樫野 陽子 - eduGAIN Access Check account',
-        'mail'         => 'forearartian@[% idp_scope %]',
-        'eduPersonPrincipalName' => '[% account.id() %]@[% idp_scope %]',
--- a/templates/accountProfiles/librarywalkin1.tt2
+++ b/templates/accountProfiles/librarywalkin1.tt2
-        /*
-            profile type: library walk-in
-            This term was created to cover the case where physical presence in
-            a library facility grants someone access to electronic resources
-            typically licensed for faculty, staff and students. In recent years
-            the library walk-in provision has been extended to cover other
-            cases such as library users on the campus network, or those using
-            on-campus workstations.  Licensed resource providers have often
-            been willing to interpret their contracts with licensees to accept
-            this broader definition of "library-walk-in," though specific terms
-            may vary. For a more direct way of using eduPerson attributes to
-            express library privilege information, see the eduPersonEntitlement
-            value "urn:mace:dir:entitlement:common-lib-terms" as defined in the
-            MACE-Dir Registry of eduPersonEntitlement values http://middleware.internet2.edu/urn-mace/urn-mace-dir-entitlement.html
-        */
-        'internal_uid' => 'user[% account.id() %]',
-        'cn'           => 'Ramón Núñez - eduGAIN Access Check account',
-        'displayName'  => 'Ramón Núñez - eduGAIN Access Check account',
-        'mail'         => 'ramon.nunez@[% idp_scope %]',
-        'eduPersonAffiliation'       => ['library-walk-in'],
-        'eduPersonScopedAffiliation' => ['library-walk-in@[% idp_scope %]'],
-        'eduPersonPrincipalName'     => '[% account.id() %]@[% idp_scope %]',
-        'eduPersonEntitlement'       => 'urn:mace:dir:entitlement:common-lib-terms',
-        'schacHomeOrganization'      => '[% idp_scope %]',
-        'schacHomeOrganizationType'  => 'urn:schac:homeOrganizationType:int:other',
--- a/templates/accountProfiles/limitedset1.tt2
+++ b/templates/accountProfiles/limitedset1.tt2
-        /*
-            profile type: limited set
-            This account provides only an eduPersonTargetedID attribute
-        */
-        'internal_uid' => 'user[% account.id() %]',
--- a/templates/accountProfiles/researcher1.tt2
+++ b/templates/accountProfiles/researcher1.tt2
-        /*
-            profile type: researcher
-            No standard value for eduPersonAffiliation can be used to represent
-            a researcher. Therefore you can't differenciate a teacher from a
-            researcher
-        */
-        'internal_uid' => 'user[% account.id() %]',
-        'cn'           => 'Stéphane Larivière - eduGAIN Access Check account',
-        'displayName'  => 'Stéphane Larivière - eduGAIN Access Check account',
-        'mail'         => 'stephane.lariviere@[% idp_scope %]',
-        'eduPersonAffiliation'       => ['member', 'faculty'],
-        'eduPersonScopedAffiliation' => ['member@[% idp_scope %]', 'faculty@[% idp_scope %]'],
-        'eduPersonPrincipalName'     => '[% account.id() %]@[% idp_scope %]',
-        'schacHomeOrganization'      => '[% idp_scope %]',
-        'schacHomeOrganizationType'  => 'urn:schac:homeOrganizationType:int:other',
--- a/templates/accountProfiles/student1.tt2
+++ b/templates/accountProfiles/student1.tt2
-        /*
-            profile type: student
-            An active student has both "member" and "student" values set for
-            eduPersonAffiliation
-        */
-        'internal_uid' => 'user[% account.id() %]',
-        'cn'           => 'Ciarán MacCárthaigh - eduGAIN Access Check account',
-        'displayName'  => 'Ciarán MacCárthaigh - eduGAIN Access Check account',
-        'mail'         => 'ciaran.maccarthaigh@[% idp_scope %]',
-        'eduPersonAffiliation'       => ['member', 'student'],
-        'eduPersonScopedAffiliation' => ['member@[% idp_scope %]','student@[% idp_scope %]'],
-        'eduPersonPrincipalName'     => '[% account.id() %]@[% idp_scope %]',
-        'schacHomeOrganization'      => '[% idp_scope %]',
-        'schacHomeOrganizationType'  => 'urn:schac:homeOrganizationType:int:other',
--- a/templates/accountProfiles/student2.tt2
+++ b/templates/accountProfiles/student2.tt2
-        /*
-            profile type: student
-            A PhD student, having three values set for eduPersonAffiliation:
-            "member" and "student" and "faculty"
-        */
-
-        'internal_uid' => 'user[% account.id() %]',
-        'cn'           => 'Damiën Kuijper - eduGAIN Access Check account',
-        'displayName'  => 'Damiën Kuijper - eduGAIN Access Check account',
-        'mail'         => 'damien.kuijper@[% idp_scope %]',
-        'eduPersonAffiliation'       => ['member', 'student','faculty'],
-        'eduPersonScopedAffiliation' => ['member@[% idp_scope %]','student@[% idp_scope %]','faculty@[% idp_scope %]'],
-        'eduPersonPrincipalName'     => '[% account.id() %]@[% idp_scope %]',
-        'schacHomeOrganization'      => '[% idp_scope %]',
-        'schacHomeOrganizationType'  => 'urn:schac:homeOrganizationType:int:other',
--- a/templates/accountProfiles/teacher1.tt2
+++ b/templates/accountProfiles/teacher1.tt2
-        /*
-            profile type: teacher
-            An active teacher has both "member" and "faculty" values set for
-            eduPersonAffiliation
-        */
-        'internal_uid' => 'user[% account.id() %]',
-        'cn'           => 'Peter Müller - eduGAIN Access Check account',
-        'displayName'  => 'Peter Müller - eduGAIN Access Check account',
-        'mail'         => 'peter.muller@[% idp_scope %]',
-        'eduPersonAffiliation'       => ['member', 'faculty'],
-        'eduPersonScopedAffiliation' => ['member@[% idp_scope %]', 'faculty@[% idp_scope %]'],
-        'eduPersonPrincipalName'     => '[% account.id() %]@[% idp_scope %]',
-        'schacHomeOrganization'      => '[% idp_scope %]',
-        'schacHomeOrganizationType'  => 'urn:schac:homeOrganizationType:int:other',
--- a/templates/accountProfiles/teacher2.tt2
+++ b/templates/accountProfiles/teacher2.tt2
-        /*
-            profile type: teacher
-            This account provides a limited set of user attributes
-            (eduPersonScopedAffiliation and eduPersonTargetedID)
-        */
-        'internal_uid' => 'user[% account.id() %]',
-        'eduPersonScopedAffiliation' => ['member@[% idp_scope %]', 'faculty@[% idp_scope %]'],
--- a/templates/accountProfiles/valid-accounts.php.tt2
+++ b/templates/accountProfiles/valid-accounts.php.tt2
+[% MACRO enumerate(list) BLOCK -%]
+[% FOREACH item IN list -%]
+'[% item %]'[% IF ! loop.last -%], [% END -%]
+[% END -%]
+[% END -%]
+[% MACRO print_attribute(account, attribute) BLOCK -%]
+[% IF account.$attribute -%]
+        '[% attribute %]' => '[% account.$attribute %]',
+[% END -%]
+[% END -%]
+[% MACRO print_multivalued_attribute(account, attribute) BLOCK -%]
+[% IF account.$attribute -%]
+        '[% attribute %]' => [ [% enumerate(account.$attribute) -%] ],
+[% END -%]
+[% END -%]
 <?php
 // PhP configuration file loaded in simpleSamlPhp authsources.php file
 $validTestAccounts = array (
    'authcrypt:Hash',

-[% FOREACH account IN accounts %]
+[% FOREACH account IN accounts -%]
    'user[% account.id() %]:{SHA256}[% account.user_password_hash() %]=' => array(
-[% INCLUDE "accountProfiles/${account.account_profile()}.tt2" -%]
-        'associatedSP'               => '[% account.sp_entityid() %]',
+[% print_attribute(account, 'internal_uid') -%]
+[% print_attribute(account, 'cn') -%]
+[% print_attribute(account, 'displayName') -%]
+[% print_attribute(account, 'givenName') -%]
+[% print_attribute(account, 'sn') -%]
+[% print_attribute(account, 'mail') -%]
+[% print_multivalued_attribute(account, 'eduPersonAffiliation') -%]
+[% print_multivalued_attribute(account, 'eduPersonScopedAffiliation') -%]
+[% print_attribute(account, 'eduPersonPrincipalName') -%]
+[% print_attribute(account, 'schacHomeOrganization') -%]
+[% print_attribute(account, 'schacHomeOrganizationType') -%]
+[% print_attribute(account, 'associatedSP') -%]
    ),

-[% END %]
+[% END -%]
 );
--- a/templates/web/validate_token.tt2.html
+++ b/templates/web/validate_token.tt2.html
@@ -16,44 +16,40 @@

 <div class="accounts_profile">

-    [% FOREACH account IN test_accounts %]
-      [% PROCESS "${account.get('account_profile')}.tt2" %]
+    [% FOREACH account IN accounts %]
 		<div class="tbl">
 			<table>
-				<caption>Account profile: [% account_profile.type %]</caption>
+				<caption>Account profile: [% account.account_profile() %]</caption>
 				<tr>
-					<th>user name:</th><td> user[% account.get('id') %]</td>
+					<th>user name:</th><td> user[% account.id() %]</td>
 				</tr>
 				<tr>
-					<th>user password:</th><td>[% account.get('user_password') %]</td>
+					<th>user password:</th><td>[% account.user_password() %]</td>
 				</tr>
 				<tr>
-					<td colspan="2"><strong>comment:</strong><div><p>[% account_profile.comment %]</p></div></td>
+					<td colspan="2"><strong>comment:</strong><div><p>[% account.comment() %]</p></div></td>
 				</tr>
 				<tr>
-				<td colspan=2 class="align-center" ><button data-reveal-id="account_details_[% account.get('id') %]" class="show_account_details" id="show_account_details_[% account.get('id') %]">show account details</button></td> 
+				<td colspan=2 class="align-center" ><button data-reveal-id="account_details_[% account.id() %]" class="show_account_details" id="show_account_details_[% account.id() %]">show account details</button></td>
 				</tr>
 			</table>
 		</div>
-        <div class="accounts_profile reveal-modal" data-reveal id="account_details_[% account.get('id') %]"> <!-- old version : class="account_details"-->
+        <div class="accounts_profile reveal-modal" data-reveal id="account_details_[% account.id() %]"> <!-- old version : class="account_details"-->
            <h3>List of user attributes associated</h3>
            <p>Below is the list of user attributes associated to this test account. After a successfull authentication process these attributes are transmited
            via the SAML protocol from [% conf.app_name %] Identity Provider to your Service Provider.</p>
 <div>
 			<table>
 				<caption>List of user attributes</caption>
-            [% FOREACH attribute IN account_profile.pairs -%]
-              [% NEXT IF attribute.key.match('^(type|comment|internal_uid)$') %]
-              
-              [% IF attribute.value.isa('SCALAR') -%]
+            [% FOREACH attribute IN [ 'cn', 'displayName', 'givenName', 'sn', 'mail', 'schacHomeOrganization', 'schacHomeOrganizationType', 'eduPersonPrincipalName' ] -%]
 				<tr>
-					<th>[% attribute.key %][% IF attribute.key == 'eduPersonAffiliation' || attribute.key == 'eduPersonScopedAffiliation' %](1) [% END %]:</th><td> [% attribute.value %]</td>
+					<th>[% attribute %]</th><td> [% account.$attribute %]</td>
 				</tr>
-			  [% ELSE -%]
+            [% END %]
+            [% FOREACH attribute IN [ 'eduPersonAffiliation', 'eduPersonScopedAffiliation' ] -%]
 				<tr>
-					<th>[% attribute.key %][% IF attribute.key == 'eduPersonAffiliation' || attribute.key == 'eduPersonScopedAffiliation' %](1) [% END %]:</th><td> [% attribute.value.join(",") %]</td>
+					<th>[% attribute %]</th><td> [% account.$attribute.join(', ') %]</td>
 				</tr>
-			  [% END %]
            [% END %]
            <tr><th>eduPersonTargetedID:</th><td><i>value dynamically generated by the SP</i></td></tr>
 			</table>