diff --git a/lib/IdPAccountManager/Data/TestAccount.pm b/lib/IdPAccountManager/Data/TestAccount.pm
index a249db2a512302e61a8b33de2f427fa32aab70ee..f58f63cb89f28e4aa08585cd205dbe69b75069a1 100644
--- a/lib/IdPAccountManager/Data/TestAccount.pm
+++ b/lib/IdPAccountManager/Data/TestAccount.pm
@@ -22,6 +22,93 @@ __PACKAGE__->meta->setup(
primary_key_columns => [ 'id' ],
);
+my %cn = (
+ alumni1 => 'Åsold Wahlstrøm - eduGAIN Access Check account',
+ employee1 => 'Linnéa Hsu - eduGAIN Access Check account',
+ fullset1 => 'Gundabald Lightfoot - eduGAIN Access Check account',
+ librarywalkin1 => 'Ramón Núñez - eduGAIN Access Check account',
+ researcher1 => 'Stéphane Larivière - eduGAIN Access Check account',
+ student1 => 'Ciarán MacCárthaigh - eduGAIN Access Check account',
+ student2 => 'Damiën Kuijper - eduGAIN Access Check account',
+ teacher1 => 'Peter Müller - eduGAIN Access Check account',
+);
+
+my %givenName = (
+ fullset1 => 'Gundabald',
+);
+
+my %sn = (
+ fullset1 => 'Lightfoot - eduGAIN Access Check account',
+);
+
+my %mail = (
+ alumni1 => 'asold.wahlstrom',
+ employee1 => 'linnea.hsu',
+ fullset1 => 'gundabald.lightfoot',
+ generic1 => 'forearartian',
+ librarywalkin1 => 'ramon.nunez',
+ researcher1 => 'stephane.lariviere',
+ student1 => 'ciaran.maccarthaigh',
+ student2 => 'damien.kuijper',
+ teacher1 => 'peter.muller',
+);
+
+my %affiliation = (
+ alumni1 => [ qw/alum/ ],
+ employee1 => [ qw/member staff employee/ ],
+ fullset1 => [ qw/member faculty/ ],
+ librarywalkin1 => [ qw/library-walk-in/ ],
+ researcher1 => [ qw/member faculty/ ],
+ student1 => [ qw/member student/ ],
+ student2 => [ qw/member student faculty/ ],
+ teacher1 => [ qw/member faculty/ ],
+);
+
+my %scopedAffiliation = (
+ alumni1 => [ qw/alum/ ],
+ employee1 => [ qw/member staff employee/ ],
+ fullset1 => [ qw/member faculty/ ],
+ librarywalkin1 => [ qw/library-walk-in/ ],
+ researcher1 => [ qw/member faculty/ ],
+ student1 => [ qw/member student/ ],
+ student2 => [ qw/member student faculty/ ],
+ teacher1 => [ qw/member faculty/ ],
+ teacher2 => [ qw/member faculty/ ],
+);
+
+my %comment = (
+ alumni1 => <<EOF,
+Value "member" is not set for eduPersonAffiliation, contrary to current students.
+EOF
+ employee1 => <<EOF,
+There are conflicting definitions of "staff" and "employee" from country to country that make those values particularly unreliable in any international context. However in this example we set both values.
+EOF
+ fullset1 => <<EOF,
+This user profile respresents a researcher with all eduGAIN user attributes plus givenName and surname.
+EOF
+ generic1 => <<EOF,
+This account provides a limited set of user attributes (eduPersonPrincipalName, mail and displayName).
+EOF
+ librarywalkin1 => <<EOF,
+This term was created to cover the case where physical presence in a library facility grants someone access to electronic resources typically licensed for faculty, staff and students. In recent years the library walk-in provision has been extended to cover other cases such as library users on the campus network, or those using on-campus workstations. Licensed resource providers have often been willing to interpret their contracts with licensees to accept this broader definition of "library-walk-in," though specific terms may vary. For a more direct way of using eduPerson attributes to express library privilege information, see the eduPersonEntitlement value "urn:mace:dir:entitlement:common-lib-terms" as defined in the MACE-Dir Registry of eduPersonEntitlement values <a href="http://middleware.internet2.edu/urn-mace/urn-mace-dir-entitlement.html">http://middleware.internet2.edu/urn-mace/urn-mace-dir-entitlement.html</a>.
+EOF
+ researcher1 => <<EOF,
+This account provides only an eduPersonTargetedID attribute.
+EOF
+ student1 => <<EOF,
+An active student has both "member" and "student" values set for eduPersonAffiliation.
+EOF
+ student2 => <<EOF,
+A PhD student, having three values set for eduPersonAffiliation: "member" and "student" and "faculty".
+EOF
+ teacher1 => <<EOF,
+This account provides a limited set of user attributes (eduPersonScopedAffiliation and eduPersonTargetedID).
+EOF
+ teacher2 => <<EOF,
+An active teacher has both "member" and "faculty" values set for eduPersonAffiliation.
+EOF
+);
+
sub print {
my ($self, $fd) = @_;
$fd = \*STDOUT unless $fd;
@@ -57,4 +144,73 @@ sub save {
$self->SUPER::save();
}
+sub scope {
+ my ($self, $scope) = @_;
+
+ if ($scope) {
+ $self->{scope} = $scope;
+ } else {
+ return $self->{scope};
+ }
+}
+
+sub internal_uid {
+ my ($self) = @_;
+ return 'user' . $self->id();
+}
+
+sub cn {
+ my ($self) = @_;
+ return $cn{$self->account_profile()};
+}
+
+sub displayName {
+ my ($self) = @_;
+ return $cn{$self->account_profile()};
+}
+
+sub givenName {
+ my ($self) = @_;
+ return $givenName{$self->account_profile()};
+}
+
+sub mail {
+ my ($self) = @_;
+ my $prefix = $mail{$self->account_profile()};
+ return $prefix ?
+ $prefix . '@' . $self->{scope} : undef;
+}
+
+sub eduPersonAffiliation {
+ my ($self) = @_;
+ return $affiliation{$self->account_profile()};
+}
+
+sub eduPersonScopedAffiliation {
+ my ($self) = @_;
+ my $affiliations = $scopedAffiliation{$self->account_profile()};
+ return $affiliations ?
+ [ map { $_ . '@' . $self->{scope} } @$affiliations ] : undef;
+}
+
+sub eduPersonPrincipalName {
+ my ($self) = @_;
+ return $self->id() . '@'. $self->{scope};
+}
+
+sub schacHomeOrganization {
+ my ($self) = @_;
+ return $self->{scope};
+}
+
+sub schacHomeOrganizationType {
+ my ($self) = @_;
+ return "urn:schac:homeOrganizationType:int:other";
+}
+
+sub comment {
+ my ($self) = @_;
+ return $comment{$self->account_profile()};
+}
+
1;
diff --git a/lib/IdPAccountManager/Tools.pm b/lib/IdPAccountManager/Tools.pm
index 24480188305b13d23aa1da1f87a4a7b48bea574a..82368f21fb88256b21a076ef9e470551713adbe6 100644
--- a/lib/IdPAccountManager/Tools.pm
+++ b/lib/IdPAccountManager/Tools.pm
@@ -63,7 +63,7 @@ sub generate_password {
## Updates simpleSamlPhp authsources.php configuration file
sub update_ssp_authsources {
- my ($templates_dir, $output, $idp_scope, $accounts) = @_;
+ my ($templates_dir, $output, $accounts) = @_;
my $tt2 = Template->new({
INCLUDE_PATH => $templates_dir
@@ -71,7 +71,6 @@ sub update_ssp_authsources {
my $template = 'accountProfiles/valid-accounts.php.tt2';
my $data = {
accounts => $accounts,
- idp_scope => $idp_scope
};
$tt2->process($template, $data, $output) or die $tt2->error();
diff --git a/lib/IdPAccountManager/WebRequest.pm b/lib/IdPAccountManager/WebRequest.pm
index 0ff7dba6d214b90831bb5050757567387f53a112..db5d96b768ceb43aec80f75d6b6ba8af1cfeee4c 100755
--- a/lib/IdPAccountManager/WebRequest.pm
+++ b/lib/IdPAccountManager/WebRequest.pm
@@ -468,10 +468,13 @@ sub req_validate_token {
my $account = IdPAccountManager::Data::TestAccount->new(
db => $self->{db},
account_profile => $profile,
- sp_entityid => $self->{in}->{sp_entityid}
+ sp_entityid => $self->{in}->{sp_entityid},
+ scope => $self->{configuration}->{idp_scope},
);
next unless $account;
- next unless $account->save();
+ next unless $account->save(
+ account_validity_period => $self->{configuration}->{account_validity_period}
+ );
push @accounts, $account;
}
@@ -489,7 +492,6 @@ sub req_validate_token {
IdPAccountManager::Tools::update_ssp_authsources(
$self->{configuration}->{templates_dir},
$self->{configuration}->{idp_accounts_file},
- $self->{configuration}->{idp_scope},
\@accounts,
);
};
@@ -509,7 +511,7 @@ sub req_validate_token {
);
$self->{out}->{sp_entityid} = $self->{in}->{sp_entityid};
- $self->{out}->{test_accounts} = \@accounts;
+ $self->{out}->{accounts} = \@accounts;
$self->{out}->{subtitle} = 'Complete Email Challenge';
return 1;
diff --git a/templates/Makefile.am b/templates/Makefile.am
index f24227ff98d0c4f36a9fbf5a8954f4ebb34ef5ae..ebeefc076a1447f1bcd78e972c911fb22d6ca727 100644
--- a/templates/Makefile.am
+++ b/templates/Makefile.am
@@ -1,15 +1,4 @@
nobase_templates_DATA = \
- accountProfiles/alumni1.tt2 \
- accountProfiles/employee1.tt2 \
- accountProfiles/fullset1.tt2 \
- accountProfiles/generic1.tt2 \
- accountProfiles/librarywalkin1.tt2 \
- accountProfiles/limitedset1.tt2 \
- accountProfiles/researcher1.tt2 \
- accountProfiles/student1.tt2 \
- accountProfiles/student2.tt2 \
- accountProfiles/teacher1.tt2 \
- accountProfiles/teacher2.tt2 \
accountProfiles/valid-accounts.php.tt2 \
mail/send_authentication_token.tt2.eml \
web/account_wizard.tt2.html \
diff --git a/templates/accountProfiles/alumni1.tt2 b/templates/accountProfiles/alumni1.tt2
deleted file mode 100644
index fa143cf7c78ba7afddefb177d261053c3f9b6b42..0000000000000000000000000000000000000000
--- a/templates/accountProfiles/alumni1.tt2
+++ /dev/null
@@ -1,14 +0,0 @@
- /*
- profile type: alumni
- Value "member" is not set for eduPersonAffiliation, contrary to
- current students
- */
- 'internal_uid' => 'user[% account.id() %]',
- 'cn' => 'Åsold Wahlstrøm - eduGAIN Access Check account',
- 'displayName' => 'Åsold Wahlstrøm - eduGAIN Access Check account',
- 'mail' => 'asold.wahlstrom@[% idp_scope %]',
- 'eduPersonAffiliation' => ['alum'],
- 'eduPersonScopedAffiliation' => ['alum@[% idp_scope %]'],
- 'eduPersonPrincipalName' => '[% account.id() %]@[% idp_scope %]',
- 'schacHomeOrganization' => '[% idp_scope %]',
- 'schacHomeOrganizationType' => 'urn:schac:homeOrganizationType:int:other',
diff --git a/templates/accountProfiles/employee1.tt2 b/templates/accountProfiles/employee1.tt2
deleted file mode 100644
index 91f22fe2a4d5a488275cb9ec05e0cddaeb4d14c6..0000000000000000000000000000000000000000
--- a/templates/accountProfiles/employee1.tt2
+++ /dev/null
@@ -1,16 +0,0 @@
- /*
- profile type: employee
- There are conflicting definitions of "staff" and "employee" from
- country to country that make those values particularly unreliable
- in any international context. However in this example we set both
- values
- */
- 'internal_uid' => 'user[% account.id() %]',
- 'cn' => 'Linnéa Hsu - eduGAIN Access Check account',
- 'displayName' => 'Linnéa Hsu - eduGAIN Access Check account',
- 'mail' => 'linnea.hsu@[% idp_scope %]',
- 'eduPersonAffiliation' => ['member','staff','employee'],
- 'eduPersonScopedAffiliation' => ['member@[% idp_scope %]','staff@[% idp_scope %]','employee@[% idp_scope %]'],
- 'eduPersonPrincipalName' => '[% account.id() %]@[% idp_scope %]',
- 'schacHomeOrganization' => '[% idp_scope %]',
- 'schacHomeOrganizationType' => 'urn:schac:homeOrganizationType:int:other',
diff --git a/templates/accountProfiles/fullset1.tt2 b/templates/accountProfiles/fullset1.tt2
deleted file mode 100644
index b2db8a9ac819c49ebcc85f71ad2b036670b2907d..0000000000000000000000000000000000000000
--- a/templates/accountProfiles/fullset1.tt2
+++ /dev/null
@@ -1,16 +0,0 @@
- /*
- profile type: full set
- This user profile respresents a researcher with all eduGAIN user
- attributes plus givenName and surname.",
- */
- 'internal_uid' => 'user[% account.id() %]',
- 'cn' => 'Gundabald Lightfoot - eduGAIN Access Check account',
- 'displayName' => 'Gundabald Lightfoot - eduGAIN Access Check account',
- 'givenName' => 'Gundabald',
- 'sn' => 'Lightfoot - eduGAIN Access Check account',
- 'mail' => 'gundabald.lightfoot@[% idp_scope %]',
- 'eduPersonAffiliation' => ['member', 'faculty'],
- 'eduPersonScopedAffiliation' => ['member@[% idp_scope %]', 'faculty@[% idp_scope %]'],
- 'eduPersonPrincipalName' => '[% account.id() %]@[% idp_scope %]',
- 'schacHomeOrganization' => '[% idp_scope %]',
- 'schacHomeOrganizationType' => 'urn:schac:homeOrganizationType:int:other',
diff --git a/templates/accountProfiles/generic1.tt2 b/templates/accountProfiles/generic1.tt2
deleted file mode 100644
index e37fd5510c42a129b3c7da9a5bc48edcd8a3d235..0000000000000000000000000000000000000000
--- a/templates/accountProfiles/generic1.tt2
+++ /dev/null
@@ -1,9 +0,0 @@
- /*
- profile type: generic
- This account provides a limited set of user attributes
- (eduPersonPrincipalName, mail and displayName)
- */
- 'internal_uid' => 'user[% account.id() %]',
- 'displayName' => '山崎 弘子樫野 陽子 - eduGAIN Access Check account',
- 'mail' => 'forearartian@[% idp_scope %]',
- 'eduPersonPrincipalName' => '[% account.id() %]@[% idp_scope %]',
diff --git a/templates/accountProfiles/librarywalkin1.tt2 b/templates/accountProfiles/librarywalkin1.tt2
deleted file mode 100644
index f84aceaa70ef3d8d7be8c6e29db61fbae5791901..0000000000000000000000000000000000000000
--- a/templates/accountProfiles/librarywalkin1.tt2
+++ /dev/null
@@ -1,25 +0,0 @@
- /*
- profile type: library walk-in
- This term was created to cover the case where physical presence in
- a library facility grants someone access to electronic resources
- typically licensed for faculty, staff and students. In recent years
- the library walk-in provision has been extended to cover other
- cases such as library users on the campus network, or those using
- on-campus workstations. Licensed resource providers have often
- been willing to interpret their contracts with licensees to accept
- this broader definition of "library-walk-in," though specific terms
- may vary. For a more direct way of using eduPerson attributes to
- express library privilege information, see the eduPersonEntitlement
- value "urn:mace:dir:entitlement:common-lib-terms" as defined in the
- MACE-Dir Registry of eduPersonEntitlement values http://middleware.internet2.edu/urn-mace/urn-mace-dir-entitlement.html
- */
- 'internal_uid' => 'user[% account.id() %]',
- 'cn' => 'Ramón Núñez - eduGAIN Access Check account',
- 'displayName' => 'Ramón Núñez - eduGAIN Access Check account',
- 'mail' => 'ramon.nunez@[% idp_scope %]',
- 'eduPersonAffiliation' => ['library-walk-in'],
- 'eduPersonScopedAffiliation' => ['library-walk-in@[% idp_scope %]'],
- 'eduPersonPrincipalName' => '[% account.id() %]@[% idp_scope %]',
- 'eduPersonEntitlement' => 'urn:mace:dir:entitlement:common-lib-terms',
- 'schacHomeOrganization' => '[% idp_scope %]',
- 'schacHomeOrganizationType' => 'urn:schac:homeOrganizationType:int:other',
diff --git a/templates/accountProfiles/limitedset1.tt2 b/templates/accountProfiles/limitedset1.tt2
deleted file mode 100644
index 7100ec444c68fa1032b5277c7e893b5a76e43437..0000000000000000000000000000000000000000
--- a/templates/accountProfiles/limitedset1.tt2
+++ /dev/null
@@ -1,5 +0,0 @@
- /*
- profile type: limited set
- This account provides only an eduPersonTargetedID attribute
- */
- 'internal_uid' => 'user[% account.id() %]',
diff --git a/templates/accountProfiles/researcher1.tt2 b/templates/accountProfiles/researcher1.tt2
deleted file mode 100644
index 6322ddd5dd5ce16b20abb3d9f633b20ff2ef7486..0000000000000000000000000000000000000000
--- a/templates/accountProfiles/researcher1.tt2
+++ /dev/null
@@ -1,15 +0,0 @@
- /*
- profile type: researcher
- No standard value for eduPersonAffiliation can be used to represent
- a researcher. Therefore you can't differenciate a teacher from a
- researcher
- */
- 'internal_uid' => 'user[% account.id() %]',
- 'cn' => 'Stéphane Larivière - eduGAIN Access Check account',
- 'displayName' => 'Stéphane Larivière - eduGAIN Access Check account',
- 'mail' => 'stephane.lariviere@[% idp_scope %]',
- 'eduPersonAffiliation' => ['member', 'faculty'],
- 'eduPersonScopedAffiliation' => ['member@[% idp_scope %]', 'faculty@[% idp_scope %]'],
- 'eduPersonPrincipalName' => '[% account.id() %]@[% idp_scope %]',
- 'schacHomeOrganization' => '[% idp_scope %]',
- 'schacHomeOrganizationType' => 'urn:schac:homeOrganizationType:int:other',
diff --git a/templates/accountProfiles/student1.tt2 b/templates/accountProfiles/student1.tt2
deleted file mode 100644
index 4525c8d1a2c33edaa185ad519037a5aa6e3d322f..0000000000000000000000000000000000000000
--- a/templates/accountProfiles/student1.tt2
+++ /dev/null
@@ -1,14 +0,0 @@
- /*
- profile type: student
- An active student has both "member" and "student" values set for
- eduPersonAffiliation
- */
- 'internal_uid' => 'user[% account.id() %]',
- 'cn' => 'Ciarán MacCárthaigh - eduGAIN Access Check account',
- 'displayName' => 'Ciarán MacCárthaigh - eduGAIN Access Check account',
- 'mail' => 'ciaran.maccarthaigh@[% idp_scope %]',
- 'eduPersonAffiliation' => ['member', 'student'],
- 'eduPersonScopedAffiliation' => ['member@[% idp_scope %]','student@[% idp_scope %]'],
- 'eduPersonPrincipalName' => '[% account.id() %]@[% idp_scope %]',
- 'schacHomeOrganization' => '[% idp_scope %]',
- 'schacHomeOrganizationType' => 'urn:schac:homeOrganizationType:int:other',
diff --git a/templates/accountProfiles/student2.tt2 b/templates/accountProfiles/student2.tt2
deleted file mode 100644
index 5055ef11a352f82a36d6fc637be67f7f5deb02cd..0000000000000000000000000000000000000000
--- a/templates/accountProfiles/student2.tt2
+++ /dev/null
@@ -1,15 +0,0 @@
- /*
- profile type: student
- A PhD student, having three values set for eduPersonAffiliation:
- "member" and "student" and "faculty"
- */
-
- 'internal_uid' => 'user[% account.id() %]',
- 'cn' => 'Damiën Kuijper - eduGAIN Access Check account',
- 'displayName' => 'Damiën Kuijper - eduGAIN Access Check account',
- 'mail' => 'damien.kuijper@[% idp_scope %]',
- 'eduPersonAffiliation' => ['member', 'student','faculty'],
- 'eduPersonScopedAffiliation' => ['member@[% idp_scope %]','student@[% idp_scope %]','faculty@[% idp_scope %]'],
- 'eduPersonPrincipalName' => '[% account.id() %]@[% idp_scope %]',
- 'schacHomeOrganization' => '[% idp_scope %]',
- 'schacHomeOrganizationType' => 'urn:schac:homeOrganizationType:int:other',
diff --git a/templates/accountProfiles/teacher1.tt2 b/templates/accountProfiles/teacher1.tt2
deleted file mode 100644
index 97a02feddc4fc5f41a2f3f35f18ed8527d97fcb7..0000000000000000000000000000000000000000
--- a/templates/accountProfiles/teacher1.tt2
+++ /dev/null
@@ -1,14 +0,0 @@
- /*
- profile type: teacher
- An active teacher has both "member" and "faculty" values set for
- eduPersonAffiliation
- */
- 'internal_uid' => 'user[% account.id() %]',
- 'cn' => 'Peter Müller - eduGAIN Access Check account',
- 'displayName' => 'Peter Müller - eduGAIN Access Check account',
- 'mail' => 'peter.muller@[% idp_scope %]',
- 'eduPersonAffiliation' => ['member', 'faculty'],
- 'eduPersonScopedAffiliation' => ['member@[% idp_scope %]', 'faculty@[% idp_scope %]'],
- 'eduPersonPrincipalName' => '[% account.id() %]@[% idp_scope %]',
- 'schacHomeOrganization' => '[% idp_scope %]',
- 'schacHomeOrganizationType' => 'urn:schac:homeOrganizationType:int:other',
diff --git a/templates/accountProfiles/teacher2.tt2 b/templates/accountProfiles/teacher2.tt2
deleted file mode 100644
index 4fb05e8dc6659d8b6c0aa80ff1a5287555bc688b..0000000000000000000000000000000000000000
--- a/templates/accountProfiles/teacher2.tt2
+++ /dev/null
@@ -1,7 +0,0 @@
- /*
- profile type: teacher
- This account provides a limited set of user attributes
- (eduPersonScopedAffiliation and eduPersonTargetedID)
- */
- 'internal_uid' => 'user[% account.id() %]',
- 'eduPersonScopedAffiliation' => ['member@[% idp_scope %]', 'faculty@[% idp_scope %]'],
diff --git a/templates/accountProfiles/valid-accounts.php.tt2 b/templates/accountProfiles/valid-accounts.php.tt2
index 5074ce965141042e61ee3c4a8404f1a53019a71c..c9f145a6237fbc222d9a12072414ba5b9a6c0c3a 100644
--- a/templates/accountProfiles/valid-accounts.php.tt2
+++ b/templates/accountProfiles/valid-accounts.php.tt2
@@ -1,13 +1,38 @@
+[% MACRO enumerate(list) BLOCK -%]
+[% FOREACH item IN list -%]
+'[% item %]'[% IF ! loop.last -%], [% END -%]
+[% END -%]
+[% END -%]
+[% MACRO print_attribute(account, attribute) BLOCK -%]
+[% IF account.$attribute -%]
+ '[% attribute %]' => '[% account.$attribute %]',
+[% END -%]
+[% END -%]
+[% MACRO print_multivalued_attribute(account, attribute) BLOCK -%]
+[% IF account.$attribute -%]
+ '[% attribute %]' => [ [% enumerate(account.$attribute) -%] ],
+[% END -%]
+[% END -%]
<?php
// PhP configuration file loaded in simpleSamlPhp authsources.php file
$validTestAccounts = array (
'authcrypt:Hash',
-[% FOREACH account IN accounts %]
+[% FOREACH account IN accounts -%]
'user[% account.id() %]:{SHA256}[% account.user_password_hash() %]=' => array(
-[% INCLUDE "accountProfiles/${account.account_profile()}.tt2" -%]
- 'associatedSP' => '[% account.sp_entityid() %]',
+[% print_attribute(account, 'internal_uid') -%]
+[% print_attribute(account, 'cn') -%]
+[% print_attribute(account, 'displayName') -%]
+[% print_attribute(account, 'givenName') -%]
+[% print_attribute(account, 'sn') -%]
+[% print_attribute(account, 'mail') -%]
+[% print_multivalued_attribute(account, 'eduPersonAffiliation') -%]
+[% print_multivalued_attribute(account, 'eduPersonScopedAffiliation') -%]
+[% print_attribute(account, 'eduPersonPrincipalName') -%]
+[% print_attribute(account, 'schacHomeOrganization') -%]
+[% print_attribute(account, 'schacHomeOrganizationType') -%]
+[% print_attribute(account, 'associatedSP') -%]
),
-[% END %]
+[% END -%]
);
diff --git a/templates/web/validate_token.tt2.html b/templates/web/validate_token.tt2.html
index bd04d0eb2cf12188db83d57f7e8e952bf1b82e07..3088358a4488a612b2796bb75e5859df3d7119d8 100644
--- a/templates/web/validate_token.tt2.html
+++ b/templates/web/validate_token.tt2.html
@@ -16,44 +16,40 @@
<div class="accounts_profile">
- [% FOREACH account IN test_accounts %]
- [% PROCESS "${account.get('account_profile')}.tt2" %]
+ [% FOREACH account IN accounts %]
<div class="tbl">
<table>
- <caption>Account profile: [% account_profile.type %]</caption>
+ <caption>Account profile: [% account.account_profile() %]</caption>
<tr>
- <th>user name:</th><td> user[% account.get('id') %]</td>
+ <th>user name:</th><td> user[% account.id() %]</td>
</tr>
<tr>
- <th>user password:</th><td>[% account.get('user_password') %]</td>
+ <th>user password:</th><td>[% account.user_password() %]</td>
</tr>
<tr>
- <td colspan="2"><strong>comment:</strong><div><p>[% account_profile.comment %]</p></div></td>
+ <td colspan="2"><strong>comment:</strong><div><p>[% account.comment() %]</p></div></td>
</tr>
<tr>
- <td colspan=2 class="align-center" ><button data-reveal-id="account_details_[% account.get('id') %]" class="show_account_details" id="show_account_details_[% account.get('id') %]">show account details</button></td>
+ <td colspan=2 class="align-center" ><button data-reveal-id="account_details_[% account.id() %]" class="show_account_details" id="show_account_details_[% account.id() %]">show account details</button></td>
</tr>
</table>
</div>
- <div class="accounts_profile reveal-modal" data-reveal id="account_details_[% account.get('id') %]"> <!-- old version : class="account_details"-->
+ <div class="accounts_profile reveal-modal" data-reveal id="account_details_[% account.id() %]"> <!-- old version : class="account_details"-->
<h3>List of user attributes associated</h3>
<p>Below is the list of user attributes associated to this test account. After a successfull authentication process these attributes are transmited
via the SAML protocol from [% conf.app_name %] Identity Provider to your Service Provider.</p>
<div>
<table>
<caption>List of user attributes</caption>
- [% FOREACH attribute IN account_profile.pairs -%]
- [% NEXT IF attribute.key.match('^(type|comment|internal_uid)$') %]
-
- [% IF attribute.value.isa('SCALAR') -%]
+ [% FOREACH attribute IN [ 'cn', 'displayName', 'givenName', 'sn', 'mail', 'schacHomeOrganization', 'schacHomeOrganizationType', 'eduPersonPrincipalName' ] -%]
<tr>
- <th>[% attribute.key %][% IF attribute.key == 'eduPersonAffiliation' || attribute.key == 'eduPersonScopedAffiliation' %](1) [% END %]:</th><td> [% attribute.value %]</td>
+ <th>[% attribute %]</th><td> [% account.$attribute %]</td>
</tr>
- [% ELSE -%]
+ [% END %]
+ [% FOREACH attribute IN [ 'eduPersonAffiliation', 'eduPersonScopedAffiliation' ] -%]
<tr>
- <th>[% attribute.key %][% IF attribute.key == 'eduPersonAffiliation' || attribute.key == 'eduPersonScopedAffiliation' %](1) [% END %]:</th><td> [% attribute.value.join(",") %]</td>
+ <th>[% attribute %]</th><td> [% account.$attribute.join(', ') %]</td>
</tr>
- [% END %]
[% END %]
<tr><th>eduPersonTargetedID:</th><td><i>value dynamically generated by the SP</i></td></tr>
</table>