Add 3 user profiles.

Also adding type and comment for each profile git-svn-id: https://svn.geant.net/GEANT/edugain_testidp_account_manager/trunk@67 047e039d-479c-447e-8a29-aa6bf4a09bab

Add 3 user profiles.
f7bb55ba · renater.salaun · 8f41ba28 · f7bb55ba · f7bb55ba · f7bb55ba
Commit f7bb55ba authored 10 years ago by renater.salaun
--- a/conf/default-Conf.pm
+++ b/conf/default-Conf.pm
@@ -81,7 +81,7 @@ our %global = (
    'federation_metadata_file_path' => '/opt/testidp/IdPAccountManager/conf/edugain-md.xml',
    
    ## valid account profiles
-    'account_profiles' => ['student1','teacher1','alumni1','librarywalkin1','employee1','researcher1'],
+    'account_profiles' => ['generic1','student1','student2','teacher1','teacher2','alumni1','librarywalkin1','employee1','researcher1'],
 );
    
 1; # Magic true value required at end of module

--- a/templates/accountProfiles/alumni1.tt2
+++ b/templates/accountProfiles/alumni1.tt2
@@ -2,6 +2,8 @@
 [% account_id = account.get('id') %]

 [% SET account_profile = {
+	'type' => 'Alumni',
+	'comment' => 'Value "member" is not set for eduPersonAffiliation, contrary to current students.',
  	'uid' => "${account_id}",
 	'eduPersonAffiliation' => ['alum'],
 	'eduPersonScopedAffiliation' => ["alum@${conf.idp_scope}"],

--- a/templates/accountProfiles/employee1.tt2
+++ b/templates/accountProfiles/employee1.tt2
@@ -2,6 +2,8 @@
 [% account_id = account.get('id') %]

 [% SET account_profile = {
+	'type' => 'Employee',
+	'comment' => 'There are conflicting definitions of "staff" and "employee" from country to country that make those values particularly unreliable in any international context. However in this example we set both values.',
  	'uid' => "${account_id}",
 	'eduPersonAffiliation' => ['member','staff','employee'],
 	'eduPersonScopedAffiliation' => ["member@${conf.idp_scope}","staff@${conf.idp_scope}","employee@${conf.idp_scope}"],

--- a/templates/accountProfiles/generic1.tt2
+++ b/templates/accountProfiles/generic1.tt2
+[% account_sp_entityid = account.get('sp_entityid') %]
+[% account_id = account.get('id') %]
+
+[% SET account_profile = {
+	'type' => 'Generic',
+	'comment' => 'This account provides a limited set of user attributes (eduPersonPrincipalName, mail and displayName).',
+        'displayName' => '山崎 弘子樫野 陽子',
+        'mail' => "forearartian@${conf.idp_scope}",
+        'eduPersonPrincipalName' =>"${account_id}@${conf.idp_scope}",
+} %]
+
+
--- a/templates/accountProfiles/librarywalkin1.tt2
+++ b/templates/accountProfiles/librarywalkin1.tt2
@@ -2,6 +2,8 @@
 [% account_id = account.get('id') %]

 [% SET account_profile = {
+	'type' => 'Library walk-in',
+	'comment' => 'This term was created to cover the case where physical presence in a library facility grants someone access to electronic resources typically licensed for faculty, staff and students. In recent years the library walk-in provision has been extended to cover other cases such as library users on the campus network, or those using on-campus workstations. Licensed resource providers have often been willing to interpret their contracts with licensees to accept this broader definition of "library-walk-in," though specific terms may vary. For a more direct way of using eduPerson attributes to express library privilege information, see the eduPersonEntitlement value "urn:mace:dir:entitlement:common-lib-terms" as defined in the MACE-Dir Registry of eduPersonEntitlement values <a href="http://middleware.internet2.edu/urn-mace/urn-mace-dir-entitlement.html">http://middleware.internet2.edu/urn-mace/urn-mace-dir-entitlement.html</a>.',
  	'uid' => "${account_id}",
 	'eduPersonAffiliation' => ['library-walk-in'],
 	'eduPersonScopedAffiliation' => ["library-walk-in@${conf.idp_scope}"],

--- a/templates/accountProfiles/researcher1.tt2
+++ b/templates/accountProfiles/researcher1.tt2
@@ -2,6 +2,8 @@
 [% account_id = account.get('id') %]

 [% SET account_profile = {
+	'type' => 'Researcher',
+	'comment' => 'No standard value for eduPersonAffiliation can be used to represent a researcher. In this example we set schacHomeOrganizationType to a value representing a research institute; but note that a researcher may belong to a university.',
  	'uid' => "${account_id}",
 	'eduPersonAffiliation' => ['member', 'faculty'],
 	'eduPersonScopedAffiliation' => ["member@${conf.idp_scope}", "faculty@${conf.idp_scope}"],

--- a/templates/accountProfiles/student1.tt2
+++ b/templates/accountProfiles/student1.tt2
@@ -2,9 +2,11 @@
 [% account_id = account.get('id') %]

 [% SET account_profile = {
+	'type' => 'Student',
+	'comment' => 'An active student has both "member" and "student" values set for eduPersonAffiliation.',
  	'uid' => "${account_id}",
 	'eduPersonAffiliation' => ['member', 'student'],
-	'eduPersonScopedAffiliation' => ["member@${conf.idp_scope}", "student@${conf.idp_scope}"],
+	'eduPersonScopedAffiliation' => ["member@${conf.idp_scope}","student@${conf.idp_scope}"],
        'displayName' => 'Ciarán MacCárthaigh',
        'cn' => 'Ciarán MacCárthaigh',
        'mail' => "ciaran.maccarthaigh@${conf.idp_scope}",

--- a/templates/accountProfiles/student2.tt2
+++ b/templates/accountProfiles/student2.tt2
+[% account_sp_entityid = account.get('sp_entityid') %]
+[% account_id = account.get('id') %]
+
+[% SET account_profile = {
+	'type' => 'Student',
+	'comment' => 'A PhD student, having three values set for eduPersonAffiliation: "member" and "student" and "faculty".',
+  	'uid' => "${account_id}",
+	'eduPersonAffiliation' => ['member', 'student','faculty'],
+	'eduPersonScopedAffiliation' => ["member@${conf.idp_scope}","student@${conf.idp_scope}","faculty@${conf.idp_scope}"],
+        'displayName' => 'Damiën Kuijper',
+        'cn' => 'Damiën Kuijper',
+        'mail' => "damien.kuijper@${conf.idp_scope}",
+        'eduPersonPrincipalName' =>"${account_id}@${conf.idp_scope}",
+        'eduPersonTargetedID' =>"${conf.idp_entityid}!${account_sp_entityid}!X622UR2A7PG1uVhATobBOrMz+Ys=",
+        'schacHomeOrganization' => "${conf.idp_scope}",
+        'schacHomeOrganizationType' => 'urn:schac:homeOrganizationType:int:university',
+} %]
+
--- a/templates/accountProfiles/teacher1.tt2
+++ b/templates/accountProfiles/teacher1.tt2
@@ -2,6 +2,8 @@
 [% account_id = account.get('id') %]

 [% SET account_profile = {
+	'type' => 'Teacher',
+	'comment' => 'An active teacher has both "member" and "faculty" values set for eduPersonAffiliation.',
  	'uid' => "${account_id}",
 	'eduPersonAffiliation' => ['member', 'faculty'],
 	'eduPersonScopedAffiliation' => ["member@${conf.idp_scope}", "faculty@${conf.idp_scope}"],

--- a/templates/accountProfiles/teacher2.tt2
+++ b/templates/accountProfiles/teacher2.tt2
+[% account_sp_entityid = account.get('sp_entityid') %]
+[% account_id = account.get('id') %]
+
+[% SET account_profile = {
+	'type' => 'Teacher',
+	'comment' => 'This account provides a limited set of user attributes (eduPersonScopedAffiliation and eduPersonTargetedID).',
+	'eduPersonScopedAffiliation' => ["member@${conf.idp_scope}", "faculty@${conf.idp_scope}"],
+        'eduPersonTargetedID' =>"${conf.idp_entityid}!${account_sp_entityid}!X622UR2A7PG1uVhATobBOrMz+Ys=",
+} %]
+
+
--- a/templates/accountProfiles/valid-accounts.php.tt2
+++ b/templates/accountProfiles/valid-accounts.php.tt2
@@ -7,6 +7,7 @@ $validTestAccounts = array (
  [% PROCESS "${account.get('account_profile')}.tt2" %]
  'user[% account.get('id') %]:{SHA256}[% account.get('user_password_hash') %]=' => array(
  [% FOREACH attribute IN account_profile.pairs -%]
+   [% NEXT IF attribute.key.match('^(type|comment)$') %]
   [% IF attribute.value.isa('SCALAR') -%]
 	'[% attribute.key %]' => '[% attribute.value %]',
   [% ELSE -%]

--- a/templates/web/validate_token.tt2.html
+++ b/templates/web/validate_token.tt2.html
@@ -32,17 +32,20 @@ Your identity as administrator of the Service Provider with entityID [% sp_entit
 The following test accounts with different profiles were created for you:
 <ol>
    [% FOREACH account IN test_accounts %]
-    <li>account profile: [% account.get('account_profile') %]
-        <dl>    
+      [% PROCESS "${account.get('account_profile')}.tt2" %]
+
+    <li>account profile: [% account_profile.type %]
+        <dl>
        <dd>user name: user[% account.get('id') %]</dd>
        <dd>user password: [% account.get('user_password') %]</dd>
+        <dd>comment: [% account_profile.comment %]</dd>
        <dd><button class="show_account_details" id="show_account_details_[% account.get('id') %]">show account details</button></dd>
        <div class="account_details" id="account_details_[% account.get('id') %]">
-            [% PROCESS "${account.get('account_profile')}.tt2" %]
            Below is the list of user attributes associated to this test account. After a successfull authentication process these attributes are transmited
            via the SAML protocol from the Test Identity Provider to your Service Provider.
            <ul>
            [% FOREACH attribute IN account_profile.pairs -%]
+              [% NEXT IF attribute.key.match('^(type|comment)$') %]
              [% IF attribute.value.isa('SCALAR') -%]
                <li>[% attribute.key %]: [% attribute.value %]</li>
              [% ELSE -%]