diff --git a/conf/default-Conf.pm b/conf/default-Conf.pm
index 08640a81a68d855988744223607816b0f21cc1e9..abdb936c2d326fc8992e012e18cec98a68abd68e 100644
--- a/conf/default-Conf.pm
+++ b/conf/default-Conf.pm
@@ -81,7 +81,7 @@ our %global = (
'federation_metadata_file_path' => '/opt/testidp/IdPAccountManager/conf/edugain-md.xml',
## valid account profiles
- 'account_profiles' => ['student1','teacher1','alumni1','librarywalkin1','employee1','researcher1'],
+ 'account_profiles' => ['generic1','student1','student2','teacher1','teacher2','alumni1','librarywalkin1','employee1','researcher1'],
);
1; # Magic true value required at end of module
diff --git a/templates/accountProfiles/alumni1.tt2 b/templates/accountProfiles/alumni1.tt2
index 719d09e66c8bf5eba648074259f624c60af961bb..dd556545ae3a9ad0d279e5c40a50b4d1e1e54966 100644
--- a/templates/accountProfiles/alumni1.tt2
+++ b/templates/accountProfiles/alumni1.tt2
@@ -2,6 +2,8 @@
[% account_id = account.get('id') %]
[% SET account_profile = {
+ 'type' => 'Alumni',
+ 'comment' => 'Value "member" is not set for eduPersonAffiliation, contrary to current students.',
'uid' => "${account_id}",
'eduPersonAffiliation' => ['alum'],
'eduPersonScopedAffiliation' => ["alum@${conf.idp_scope}"],
diff --git a/templates/accountProfiles/employee1.tt2 b/templates/accountProfiles/employee1.tt2
index 5ea524f0f497e8c42bf1986177e53b22cb9428ed..e2dfa9e3eaa244012d9a81a4e9af17ae29f1912e 100644
--- a/templates/accountProfiles/employee1.tt2
+++ b/templates/accountProfiles/employee1.tt2
@@ -2,6 +2,8 @@
[% account_id = account.get('id') %]
[% SET account_profile = {
+ 'type' => 'Employee',
+ 'comment' => 'There are conflicting definitions of "staff" and "employee" from country to country that make those values particularly unreliable in any international context. However in this example we set both values.',
'uid' => "${account_id}",
'eduPersonAffiliation' => ['member','staff','employee'],
'eduPersonScopedAffiliation' => ["member@${conf.idp_scope}","staff@${conf.idp_scope}","employee@${conf.idp_scope}"],
diff --git a/templates/accountProfiles/generic1.tt2 b/templates/accountProfiles/generic1.tt2
new file mode 100644
index 0000000000000000000000000000000000000000..9d2b90c87a6e297578a98f048d5154c17747a998
--- /dev/null
+++ b/templates/accountProfiles/generic1.tt2
@@ -0,0 +1,12 @@
+[% account_sp_entityid = account.get('sp_entityid') %]
+[% account_id = account.get('id') %]
+
+[% SET account_profile = {
+ 'type' => 'Generic',
+ 'comment' => 'This account provides a limited set of user attributes (eduPersonPrincipalName, mail and displayName).',
+ 'displayName' => '山崎 弘å樫野 陽å',
+ 'mail' => "forearartian@${conf.idp_scope}",
+ 'eduPersonPrincipalName' =>"${account_id}@${conf.idp_scope}",
+} %]
+
+
diff --git a/templates/accountProfiles/librarywalkin1.tt2 b/templates/accountProfiles/librarywalkin1.tt2
index 5e67dd8cd40c5adda9083562f012a95a65350dda..9407e74aac03c6e4002aad28e2d3251a97c4dbb1 100644
--- a/templates/accountProfiles/librarywalkin1.tt2
+++ b/templates/accountProfiles/librarywalkin1.tt2
@@ -2,6 +2,8 @@
[% account_id = account.get('id') %]
[% SET account_profile = {
+ 'type' => 'Library walk-in',
+ 'comment' => 'This term was created to cover the case where physical presence in a library facility grants someone access to electronic resources typically licensed for faculty, staff and students. In recent years the library walk-in provision has been extended to cover other cases such as library users on the campus network, or those using on-campus workstations. Licensed resource providers have often been willing to interpret their contracts with licensees to accept this broader definition of "library-walk-in," though specific terms may vary. For a more direct way of using eduPerson attributes to express library privilege information, see the eduPersonEntitlement value "urn:mace:dir:entitlement:common-lib-terms" as defined in the MACE-Dir Registry of eduPersonEntitlement values <a href="http://middleware.internet2.edu/urn-mace/urn-mace-dir-entitlement.html">http://middleware.internet2.edu/urn-mace/urn-mace-dir-entitlement.html</a>.',
'uid' => "${account_id}",
'eduPersonAffiliation' => ['library-walk-in'],
'eduPersonScopedAffiliation' => ["library-walk-in@${conf.idp_scope}"],
diff --git a/templates/accountProfiles/researcher1.tt2 b/templates/accountProfiles/researcher1.tt2
index adcb58c25723785b65af4cc04ab3720dd1ade7a5..6b2c2eeb1e8fc9d097488d75709cf5160202636e 100644
--- a/templates/accountProfiles/researcher1.tt2
+++ b/templates/accountProfiles/researcher1.tt2
@@ -2,6 +2,8 @@
[% account_id = account.get('id') %]
[% SET account_profile = {
+ 'type' => 'Researcher',
+ 'comment' => 'No standard value for eduPersonAffiliation can be used to represent a researcher. In this example we set schacHomeOrganizationType to a value representing a research institute; but note that a researcher may belong to a university.',
'uid' => "${account_id}",
'eduPersonAffiliation' => ['member', 'faculty'],
'eduPersonScopedAffiliation' => ["member@${conf.idp_scope}", "faculty@${conf.idp_scope}"],
diff --git a/templates/accountProfiles/student1.tt2 b/templates/accountProfiles/student1.tt2
index fd72d9eb61449519a1ac8bc1ed5ec26579cf1448..ffd2b0de4e451bb398f94b7017918913d7c34d0f 100644
--- a/templates/accountProfiles/student1.tt2
+++ b/templates/accountProfiles/student1.tt2
@@ -2,9 +2,11 @@
[% account_id = account.get('id') %]
[% SET account_profile = {
+ 'type' => 'Student',
+ 'comment' => 'An active student has both "member" and "student" values set for eduPersonAffiliation.',
'uid' => "${account_id}",
'eduPersonAffiliation' => ['member', 'student'],
- 'eduPersonScopedAffiliation' => ["member@${conf.idp_scope}", "student@${conf.idp_scope}"],
+ 'eduPersonScopedAffiliation' => ["member@${conf.idp_scope}","student@${conf.idp_scope}"],
'displayName' => 'Ciarán MacCárthaigh',
'cn' => 'Ciarán MacCárthaigh',
'mail' => "ciaran.maccarthaigh@${conf.idp_scope}",
diff --git a/templates/accountProfiles/student2.tt2 b/templates/accountProfiles/student2.tt2
new file mode 100644
index 0000000000000000000000000000000000000000..fe96661f65497eadc02fd8bd7625ee4b878d3ac3
--- /dev/null
+++ b/templates/accountProfiles/student2.tt2
@@ -0,0 +1,18 @@
+[% account_sp_entityid = account.get('sp_entityid') %]
+[% account_id = account.get('id') %]
+
+[% SET account_profile = {
+ 'type' => 'Student',
+ 'comment' => 'A PhD student, having three values set for eduPersonAffiliation: "member" and "student" and "faculty".',
+ 'uid' => "${account_id}",
+ 'eduPersonAffiliation' => ['member', 'student','faculty'],
+ 'eduPersonScopedAffiliation' => ["member@${conf.idp_scope}","student@${conf.idp_scope}","faculty@${conf.idp_scope}"],
+ 'displayName' => 'Damiën Kuijper',
+ 'cn' => 'Damiën Kuijper',
+ 'mail' => "damien.kuijper@${conf.idp_scope}",
+ 'eduPersonPrincipalName' =>"${account_id}@${conf.idp_scope}",
+ 'eduPersonTargetedID' =>"${conf.idp_entityid}!${account_sp_entityid}!X622UR2A7PG1uVhATobBOrMz+Ys=",
+ 'schacHomeOrganization' => "${conf.idp_scope}",
+ 'schacHomeOrganizationType' => 'urn:schac:homeOrganizationType:int:university',
+} %]
+
diff --git a/templates/accountProfiles/teacher1.tt2 b/templates/accountProfiles/teacher1.tt2
index c2d4a5449c6ae7746391ee1e0572adddff2b9f9c..6e5e6a1cbd9d44b2f558c7b66a131adbeb81ee5f 100644
--- a/templates/accountProfiles/teacher1.tt2
+++ b/templates/accountProfiles/teacher1.tt2
@@ -2,6 +2,8 @@
[% account_id = account.get('id') %]
[% SET account_profile = {
+ 'type' => 'Teacher',
+ 'comment' => 'An active teacher has both "member" and "faculty" values set for eduPersonAffiliation.',
'uid' => "${account_id}",
'eduPersonAffiliation' => ['member', 'faculty'],
'eduPersonScopedAffiliation' => ["member@${conf.idp_scope}", "faculty@${conf.idp_scope}"],
diff --git a/templates/accountProfiles/teacher2.tt2 b/templates/accountProfiles/teacher2.tt2
new file mode 100644
index 0000000000000000000000000000000000000000..16c8e08caf8a2bf6d70d7e97720a75879e79d331
--- /dev/null
+++ b/templates/accountProfiles/teacher2.tt2
@@ -0,0 +1,11 @@
+[% account_sp_entityid = account.get('sp_entityid') %]
+[% account_id = account.get('id') %]
+
+[% SET account_profile = {
+ 'type' => 'Teacher',
+ 'comment' => 'This account provides a limited set of user attributes (eduPersonScopedAffiliation and eduPersonTargetedID).',
+ 'eduPersonScopedAffiliation' => ["member@${conf.idp_scope}", "faculty@${conf.idp_scope}"],
+ 'eduPersonTargetedID' =>"${conf.idp_entityid}!${account_sp_entityid}!X622UR2A7PG1uVhATobBOrMz+Ys=",
+} %]
+
+
diff --git a/templates/accountProfiles/valid-accounts.php.tt2 b/templates/accountProfiles/valid-accounts.php.tt2
index 5760178fe1f4e9521fa72ad8974eefd1e58b415e..297d040e92e74ce8a9805c7e4a6a751ea45876ed 100644
--- a/templates/accountProfiles/valid-accounts.php.tt2
+++ b/templates/accountProfiles/valid-accounts.php.tt2
@@ -7,6 +7,7 @@ $validTestAccounts = array (
[% PROCESS "${account.get('account_profile')}.tt2" %]
'user[% account.get('id') %]:{SHA256}[% account.get('user_password_hash') %]=' => array(
[% FOREACH attribute IN account_profile.pairs -%]
+ [% NEXT IF attribute.key.match('^(type|comment)$') %]
[% IF attribute.value.isa('SCALAR') -%]
'[% attribute.key %]' => '[% attribute.value %]',
[% ELSE -%]
diff --git a/templates/web/validate_token.tt2.html b/templates/web/validate_token.tt2.html
index 48d9b5e4c05d0c915653b3c152138fce3043cb5b..f2aa1081f099d62b824488e817ebdeb6747fd9dd 100644
--- a/templates/web/validate_token.tt2.html
+++ b/templates/web/validate_token.tt2.html
@@ -32,17 +32,20 @@ Your identity as administrator of the Service Provider with entityID [% sp_entit
The following test accounts with different profiles were created for you:
<ol>
[% FOREACH account IN test_accounts %]
- <li>account profile: [% account.get('account_profile') %]
- <dl>
+ [% PROCESS "${account.get('account_profile')}.tt2" %]
+
+ <li>account profile: [% account_profile.type %]
+ <dl>
<dd>user name: user[% account.get('id') %]</dd>
<dd>user password: [% account.get('user_password') %]</dd>
+ <dd>comment: [% account_profile.comment %]</dd>
<dd><button class="show_account_details" id="show_account_details_[% account.get('id') %]">show account details</button></dd>
<div class="account_details" id="account_details_[% account.get('id') %]">
- [% PROCESS "${account.get('account_profile')}.tt2" %]
Below is the list of user attributes associated to this test account. After a successfull authentication process these attributes are transmited
via the SAML protocol from the Test Identity Provider to your Service Provider.
<ul>
[% FOREACH attribute IN account_profile.pairs -%]
+ [% NEXT IF attribute.key.match('^(type|comment)$') %]
[% IF attribute.value.isa('SCALAR') -%]
<li>[% attribute.key %]: [% attribute.value %]</li>
[% ELSE -%]