From f7bb55baa6fac00229b14c8353e887ba4bd5f7c1 Mon Sep 17 00:00:00 2001
From: "renater.salaun" <renater.salaun@047e039d-479c-447e-8a29-aa6bf4a09bab>
Date: Mon, 3 Nov 2014 11:12:41 +0000
Subject: [PATCH] Add 3 user profiles. Also adding type and comment for each
profile
git-svn-id: https://svn.geant.net/GEANT/edugain_testidp_account_manager/trunk@67 047e039d-479c-447e-8a29-aa6bf4a09bab
---
conf/default-Conf.pm | 2 +-
templates/accountProfiles/alumni1.tt2 | 2 ++
templates/accountProfiles/employee1.tt2 | 2 ++
templates/accountProfiles/generic1.tt2 | 12 ++++++++++++
templates/accountProfiles/librarywalkin1.tt2 | 2 ++
templates/accountProfiles/researcher1.tt2 | 2 ++
templates/accountProfiles/student1.tt2 | 4 +++-
templates/accountProfiles/student2.tt2 | 18 ++++++++++++++++++
templates/accountProfiles/teacher1.tt2 | 2 ++
templates/accountProfiles/teacher2.tt2 | 11 +++++++++++
.../accountProfiles/valid-accounts.php.tt2 | 1 +
templates/web/validate_token.tt2.html | 9 ++++++---
12 files changed, 62 insertions(+), 5 deletions(-)
create mode 100644 templates/accountProfiles/generic1.tt2
create mode 100644 templates/accountProfiles/student2.tt2
create mode 100644 templates/accountProfiles/teacher2.tt2
diff --git a/conf/default-Conf.pm b/conf/default-Conf.pm
index 08640a8..abdb936 100644
--- a/conf/default-Conf.pm
+++ b/conf/default-Conf.pm
@@ -81,7 +81,7 @@ our %global = (
'federation_metadata_file_path' => '/opt/testidp/IdPAccountManager/conf/edugain-md.xml',
## valid account profiles
- 'account_profiles' => ['student1','teacher1','alumni1','librarywalkin1','employee1','researcher1'],
+ 'account_profiles' => ['generic1','student1','student2','teacher1','teacher2','alumni1','librarywalkin1','employee1','researcher1'],
);
1; # Magic true value required at end of module
diff --git a/templates/accountProfiles/alumni1.tt2 b/templates/accountProfiles/alumni1.tt2
index 719d09e..dd55654 100644
--- a/templates/accountProfiles/alumni1.tt2
+++ b/templates/accountProfiles/alumni1.tt2
@@ -2,6 +2,8 @@
[% account_id = account.get('id') %]
[% SET account_profile = {
+ 'type' => 'Alumni',
+ 'comment' => 'Value "member" is not set for eduPersonAffiliation, contrary to current students.',
'uid' => "${account_id}",
'eduPersonAffiliation' => ['alum'],
'eduPersonScopedAffiliation' => ["alum@${conf.idp_scope}"],
diff --git a/templates/accountProfiles/employee1.tt2 b/templates/accountProfiles/employee1.tt2
index 5ea524f..e2dfa9e 100644
--- a/templates/accountProfiles/employee1.tt2
+++ b/templates/accountProfiles/employee1.tt2
@@ -2,6 +2,8 @@
[% account_id = account.get('id') %]
[% SET account_profile = {
+ 'type' => 'Employee',
+ 'comment' => 'There are conflicting definitions of "staff" and "employee" from country to country that make those values particularly unreliable in any international context. However in this example we set both values.',
'uid' => "${account_id}",
'eduPersonAffiliation' => ['member','staff','employee'],
'eduPersonScopedAffiliation' => ["member@${conf.idp_scope}","staff@${conf.idp_scope}","employee@${conf.idp_scope}"],
diff --git a/templates/accountProfiles/generic1.tt2 b/templates/accountProfiles/generic1.tt2
new file mode 100644
index 0000000..9d2b90c
--- /dev/null
+++ b/templates/accountProfiles/generic1.tt2
@@ -0,0 +1,12 @@
+[% account_sp_entityid = account.get('sp_entityid') %]
+[% account_id = account.get('id') %]
+
+[% SET account_profile = {
+ 'type' => 'Generic',
+ 'comment' => 'This account provides a limited set of user attributes (eduPersonPrincipalName, mail and displayName).',
+ 'displayName' => '山崎 弘å樫野 陽å',
+ 'mail' => "forearartian@${conf.idp_scope}",
+ 'eduPersonPrincipalName' =>"${account_id}@${conf.idp_scope}",
+} %]
+
+
diff --git a/templates/accountProfiles/librarywalkin1.tt2 b/templates/accountProfiles/librarywalkin1.tt2
index 5e67dd8..9407e74 100644
--- a/templates/accountProfiles/librarywalkin1.tt2
+++ b/templates/accountProfiles/librarywalkin1.tt2
@@ -2,6 +2,8 @@
[% account_id = account.get('id') %]
[% SET account_profile = {
+ 'type' => 'Library walk-in',
+ 'comment' => 'This term was created to cover the case where physical presence in a library facility grants someone access to electronic resources typically licensed for faculty, staff and students. In recent years the library walk-in provision has been extended to cover other cases such as library users on the campus network, or those using on-campus workstations. Licensed resource providers have often been willing to interpret their contracts with licensees to accept this broader definition of "library-walk-in," though specific terms may vary. For a more direct way of using eduPerson attributes to express library privilege information, see the eduPersonEntitlement value "urn:mace:dir:entitlement:common-lib-terms" as defined in the MACE-Dir Registry of eduPersonEntitlement values <a href="http://middleware.internet2.edu/urn-mace/urn-mace-dir-entitlement.html">http://middleware.internet2.edu/urn-mace/urn-mace-dir-entitlement.html</a>.',
'uid' => "${account_id}",
'eduPersonAffiliation' => ['library-walk-in'],
'eduPersonScopedAffiliation' => ["library-walk-in@${conf.idp_scope}"],
diff --git a/templates/accountProfiles/researcher1.tt2 b/templates/accountProfiles/researcher1.tt2
index adcb58c..6b2c2ee 100644
--- a/templates/accountProfiles/researcher1.tt2
+++ b/templates/accountProfiles/researcher1.tt2
@@ -2,6 +2,8 @@
[% account_id = account.get('id') %]
[% SET account_profile = {
+ 'type' => 'Researcher',
+ 'comment' => 'No standard value for eduPersonAffiliation can be used to represent a researcher. In this example we set schacHomeOrganizationType to a value representing a research institute; but note that a researcher may belong to a university.',
'uid' => "${account_id}",
'eduPersonAffiliation' => ['member', 'faculty'],
'eduPersonScopedAffiliation' => ["member@${conf.idp_scope}", "faculty@${conf.idp_scope}"],
diff --git a/templates/accountProfiles/student1.tt2 b/templates/accountProfiles/student1.tt2
index fd72d9e..ffd2b0d 100644
--- a/templates/accountProfiles/student1.tt2
+++ b/templates/accountProfiles/student1.tt2
@@ -2,9 +2,11 @@
[% account_id = account.get('id') %]
[% SET account_profile = {
+ 'type' => 'Student',
+ 'comment' => 'An active student has both "member" and "student" values set for eduPersonAffiliation.',
'uid' => "${account_id}",
'eduPersonAffiliation' => ['member', 'student'],
- 'eduPersonScopedAffiliation' => ["member@${conf.idp_scope}", "student@${conf.idp_scope}"],
+ 'eduPersonScopedAffiliation' => ["member@${conf.idp_scope}","student@${conf.idp_scope}"],
'displayName' => 'Ciarán MacCárthaigh',
'cn' => 'Ciarán MacCárthaigh',
'mail' => "ciaran.maccarthaigh@${conf.idp_scope}",
diff --git a/templates/accountProfiles/student2.tt2 b/templates/accountProfiles/student2.tt2
new file mode 100644
index 0000000..fe96661
--- /dev/null
+++ b/templates/accountProfiles/student2.tt2
@@ -0,0 +1,18 @@
+[% account_sp_entityid = account.get('sp_entityid') %]
+[% account_id = account.get('id') %]
+
+[% SET account_profile = {
+ 'type' => 'Student',
+ 'comment' => 'A PhD student, having three values set for eduPersonAffiliation: "member" and "student" and "faculty".',
+ 'uid' => "${account_id}",
+ 'eduPersonAffiliation' => ['member', 'student','faculty'],
+ 'eduPersonScopedAffiliation' => ["member@${conf.idp_scope}","student@${conf.idp_scope}","faculty@${conf.idp_scope}"],
+ 'displayName' => 'Damiën Kuijper',
+ 'cn' => 'Damiën Kuijper',
+ 'mail' => "damien.kuijper@${conf.idp_scope}",
+ 'eduPersonPrincipalName' =>"${account_id}@${conf.idp_scope}",
+ 'eduPersonTargetedID' =>"${conf.idp_entityid}!${account_sp_entityid}!X622UR2A7PG1uVhATobBOrMz+Ys=",
+ 'schacHomeOrganization' => "${conf.idp_scope}",
+ 'schacHomeOrganizationType' => 'urn:schac:homeOrganizationType:int:university',
+} %]
+
diff --git a/templates/accountProfiles/teacher1.tt2 b/templates/accountProfiles/teacher1.tt2
index c2d4a54..6e5e6a1 100644
--- a/templates/accountProfiles/teacher1.tt2
+++ b/templates/accountProfiles/teacher1.tt2
@@ -2,6 +2,8 @@
[% account_id = account.get('id') %]
[% SET account_profile = {
+ 'type' => 'Teacher',
+ 'comment' => 'An active teacher has both "member" and "faculty" values set for eduPersonAffiliation.',
'uid' => "${account_id}",
'eduPersonAffiliation' => ['member', 'faculty'],
'eduPersonScopedAffiliation' => ["member@${conf.idp_scope}", "faculty@${conf.idp_scope}"],
diff --git a/templates/accountProfiles/teacher2.tt2 b/templates/accountProfiles/teacher2.tt2
new file mode 100644
index 0000000..16c8e08
--- /dev/null
+++ b/templates/accountProfiles/teacher2.tt2
@@ -0,0 +1,11 @@
+[% account_sp_entityid = account.get('sp_entityid') %]
+[% account_id = account.get('id') %]
+
+[% SET account_profile = {
+ 'type' => 'Teacher',
+ 'comment' => 'This account provides a limited set of user attributes (eduPersonScopedAffiliation and eduPersonTargetedID).',
+ 'eduPersonScopedAffiliation' => ["member@${conf.idp_scope}", "faculty@${conf.idp_scope}"],
+ 'eduPersonTargetedID' =>"${conf.idp_entityid}!${account_sp_entityid}!X622UR2A7PG1uVhATobBOrMz+Ys=",
+} %]
+
+
diff --git a/templates/accountProfiles/valid-accounts.php.tt2 b/templates/accountProfiles/valid-accounts.php.tt2
index 5760178..297d040 100644
--- a/templates/accountProfiles/valid-accounts.php.tt2
+++ b/templates/accountProfiles/valid-accounts.php.tt2
@@ -7,6 +7,7 @@ $validTestAccounts = array (
[% PROCESS "${account.get('account_profile')}.tt2" %]
'user[% account.get('id') %]:{SHA256}[% account.get('user_password_hash') %]=' => array(
[% FOREACH attribute IN account_profile.pairs -%]
+ [% NEXT IF attribute.key.match('^(type|comment)$') %]
[% IF attribute.value.isa('SCALAR') -%]
'[% attribute.key %]' => '[% attribute.value %]',
[% ELSE -%]
diff --git a/templates/web/validate_token.tt2.html b/templates/web/validate_token.tt2.html
index 48d9b5e..f2aa108 100644
--- a/templates/web/validate_token.tt2.html
+++ b/templates/web/validate_token.tt2.html
@@ -32,17 +32,20 @@ Your identity as administrator of the Service Provider with entityID [% sp_entit
The following test accounts with different profiles were created for you:
<ol>
[% FOREACH account IN test_accounts %]
- <li>account profile: [% account.get('account_profile') %]
- <dl>
+ [% PROCESS "${account.get('account_profile')}.tt2" %]
+
+ <li>account profile: [% account_profile.type %]
+ <dl>
<dd>user name: user[% account.get('id') %]</dd>
<dd>user password: [% account.get('user_password') %]</dd>
+ <dd>comment: [% account_profile.comment %]</dd>
<dd><button class="show_account_details" id="show_account_details_[% account.get('id') %]">show account details</button></dd>
<div class="account_details" id="account_details_[% account.get('id') %]">
- [% PROCESS "${account.get('account_profile')}.tt2" %]
Below is the list of user attributes associated to this test account. After a successfull authentication process these attributes are transmited
via the SAML protocol from the Test Identity Provider to your Service Provider.
<ul>
[% FOREACH attribute IN account_profile.pairs -%]
+ [% NEXT IF attribute.key.match('^(type|comment)$') %]
[% IF attribute.value.isa('SCALAR') -%]
<li>[% attribute.key %]: [% attribute.value %]</li>
[% ELSE -%]
--
GitLab