Commit 38bef5fc authored by haemmer's avatar haemmer
Browse files

Updated and improved README

Improved German locale
parent af8208ed
...@@ -3,19 +3,18 @@ SWITCH WAYF ...@@ -3,19 +3,18 @@ SWITCH WAYF
Copyright 2010 SWITCH - Serving Swiss Universities Copyright 2010 SWITCH - Serving Swiss Universities
Contact: aai@switch.ch or go to http://www.switch.ch/aai/wayf Contact: aai@switch.ch or go to http://www.switch.ch/aai/wayf
Version: See head of file 'WAYF' in the same directory Version: See head of file 'WAYF' in the same directory
Project web site: https://forge.switch.ch/redmine/projects/wayf
Bug reports/feature requests: https://forge.switch.ch/redmine/projects/wayf/issues
------------------------------------------------------------------------------- -------------------------------------------------------------------------------
Description: Description:
This implementation of a Shibboleth WAYF is compliant to the Common Domain The SWITCHwayf is an implementation of the Shibboleth WAYF and SAML2 Discovery Service protocol for use withing a Shibboleth architecture.
Cookie described in:
http://docs.oasis-open.org/security/saml/v2.0/saml-profiles-2.0-os.pdf
and the Identity Provider Discovery Service Protocol and Profile (Draft 2)
(Draft 1 is available here: http://www.oasis-open.org/committees/download.php/22041)
------------------------------------------------------------------------------- -------------------------------------------------------------------------------
Features: Features:
Some of the features include
- Preselecting entry in drop down list by - Preselecting entry in drop down list by
- SAML common domain cookie that contains selected Identity Providers - SAML common domain cookie that contains selected Identity Providers
- resource path info hint (e.g. - resource path info hint (e.g.
...@@ -24,23 +23,17 @@ Features: ...@@ -24,23 +23,17 @@ Features:
- Kerberos preselection - Kerberos preselection
- IP range preselection - IP range preselection
- IP reverse DNS lookup preselection - IP reverse DNS lookup preselection
- Support for SAML2/Shibboleth 2 IdP discovery - Transparent redirection mode, e.g. /WAYF/unige.ch/redirect?shire=https://...
- Support of the OASIS Directory Service protocol used by Shibboleth2 SPs - Support for SAML2 metadata files
- Transparent mode, e.g. /WAYF/unige.ch/redirect?shire=https://... - Various customizations optionas for header, footer, language strings etc.
- Read metadata from SAML2 metadata file - HTML code generation for embedding the WAYF directly into a web page
- Customizations of header, footer, language strings etc - Support for remembering IdP selection permanently
- Generate code for embedding wayf directly on an SP-protected web site
- Permanent cookie support to redirect user directly
- I18N support, currently language packs for en, de, it, fr and pt are included - I18N support, currently language packs for en, de, it, fr and pt are included
- Light-weight
Wish List:
- Favourites list of IdPs for the Embedded WAYF
------------------------------------------------------------------------------- -------------------------------------------------------------------------------
Requirements: Requirements:
- Web server must be able to process PHP5 scripts. - The web server must support PHP5
- If the configuration and the backup configuration differ, you have to make - If the configuration and the backup configuration differ, you have to make
sure the user that runs the php script has write access for the configuration sure the user that runs the php script has write access for the configuration
files. files.
...@@ -81,14 +74,15 @@ You also could rename the file 'WAYF' to 'WAYF.php' or ...@@ -81,14 +74,15 @@ You also could rename the file 'WAYF' to 'WAYF.php' or
make a directory called 'WAYF', rename WAYF to 'index.php' and put it in that make a directory called 'WAYF', rename WAYF to 'index.php' and put it in that
directory. directory.
When using the embedded WAYF you also should also add a line to the Apache When using the embedded WAYF feature it's probabl necessary to add a line to
configuration like: the Apache configuration like below in order to prevent certain web browsers
from not displaying the Embedded WAYF or parts of it:
-- --
Header set P3P "CP=\"NOI CUR DEVa OUR IND COM NAV PRE\"" Header set P3P "CP=\"NOI CUR DEVa OUR IND COM NAV PRE\""
-- --
and enable the Apache header extension For that to work, the Apache header extension must also be enabled
with a command like: with a command like:
-- --
...@@ -96,7 +90,7 @@ a2enmod headers ...@@ -96,7 +90,7 @@ a2enmod headers
/etc/init.d/apache2 reload /etc/init.d/apache2 reload
-- --
See http://www.w3.org/P3P/ for more details See http://www.w3.org/P3P/ for more details on P3P.
------------------------------------------------------------------------------- -------------------------------------------------------------------------------
...@@ -204,9 +198,9 @@ services will depend on it. ...@@ -204,9 +198,9 @@ services will depend on it.
------------------------------------------------------------------------------- -------------------------------------------------------------------------------
Kerberos support: Kerberos support:
Your Apache needs to support Negotiate/SPNEGO Kerberos protocol (for example, Your web server needs to support Negotiate/SPNEGO Kerberos protocol. For
using mod_auth_kerb). example by using mod_auth_kerb.
- Make a symlink of the file 'WAYF' and name it like configured in variable - Make a symlink of the file 'WAYF' and name it like configured in the variable
$kerberosRedirectURL $kerberosRedirectURL
- Protect file $kerberosRedirectURL with Kerberos. The Kerberos realm must be - Protect file $kerberosRedirectURL with Kerberos. The Kerberos realm must be
specified in "IDProvider.conf.php" for each IdP. Each IdP's KDC must also specified in "IDProvider.conf.php" for each IdP. Each IdP's KDC must also
......
...@@ -67,7 +67,7 @@ $langStrings['de'] = array ( ...@@ -67,7 +67,7 @@ $langStrings['de'] = array (
'confirm_permanent_selection' => 'Sind Sie sicher, dass Sie die Auswahl als Home Organisation Einstellung speichern wollen? Dies ist z.B. nicht empfehlenswert, wenn Sie mehrere AAI Accounts verwenden.', 'confirm_permanent_selection' => 'Sind Sie sicher, dass Sie die Auswahl als Home Organisation Einstellung speichern wollen? Dies ist z.B. nicht empfehlenswert, wenn Sie mehrere AAI Accounts verwenden.',
'save_button' => 'Speichern', 'save_button' => 'Speichern',
'access_target' => 'Eine g&uuml;ltige Benutzerauthentifizierung ist n&ouml;tig um auf den Dienst <tt>\'<a href="%s">%s</a>\'</tt> zuzugreifen.', 'access_target' => 'Eine g&uuml;ltige Benutzerauthentifizierung ist n&ouml;tig um auf den Dienst <tt>\'<a href="%s">%s</a>\'</tt> zuzugreifen.',
'access_host' => 'Um auf Dienste auf dem Rechner <tt>\'%s\'</tt> zuzugreifen, ist eine g&uuml;ltige Benutzerauthentifizierung n&ouml;tig.', 'access_host' => 'Um auf Dienste auf dem Server <tt>\'%s\'</tt> zuzugreifen, ist eine g&uuml;ltige Benutzerauthentifizierung n&ouml;tig.',
'select_idp' => 'W&auml;hlen Sie Ihre Home Organisation', 'select_idp' => 'W&auml;hlen Sie Ihre Home Organisation',
'remember_selection' => 'Auswahl f&uuml;r die laufende Webbrowser Sitzung speichern.', 'remember_selection' => 'Auswahl f&uuml;r die laufende Webbrowser Sitzung speichern.',
'switch_description' => 'Die <a href="http://www.switch.ch/" target="_blank">Stiftung SWITCH</a> betreibt neben anderen Dienstleistungen das Schweizer Bildungs- &amp; Forschungsnetzwerk, welches allen h&ouml;heren Ausbildungseinrichtungen Hochgeschwindigkeitsanschl&uuml;sse ans Internet und an andere globale Wissenschaftsnetze zur Verf&uuml;gung stellt.', 'switch_description' => 'Die <a href="http://www.switch.ch/" target="_blank">Stiftung SWITCH</a> betreibt neben anderen Dienstleistungen das Schweizer Bildungs- &amp; Forschungsnetzwerk, welches allen h&ouml;heren Ausbildungseinrichtungen Hochgeschwindigkeitsanschl&uuml;sse ans Internet und an andere globale Wissenschaftsnetze zur Verf&uuml;gung stellt.',
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment