Commit 5394079e authored by Geoffroy ARNOUD's avatar Geoffroy ARNOUD
Browse files

Added copyrights, Licence and document updates

parent 75f4a7ce
......@@ -6,11 +6,12 @@ See LICENSE file for details.
SWITCHwayf Changes
==================
SWITCHwayf version: v2.0
SWITCHwayf version: v2.X
Bundled with:
* JQuery v3.3.1
* ImprovedDropDown v1.0.2 (with modifications)
* Select2 v4.0.6-rc.0 and i18n files for languages supported by SWITCHwayf
Find below the changes for past releases of the SWITCHwayf and in the credits
sections the people who contributed to the SWITCHwayf.
......@@ -24,20 +25,26 @@ sections the people who contributed to the SWITCHwayf.
Version Number Policy
---------------------
* Releases with a version number 'X.Y.Z' are bug fix releases
* Releases with a version number 'X.Y.Z' are bug fix releases
correcting small bugs, typos and graphical issues.
* Releases with a version number 'X.Y' are minor releases that
introduce new functionality of fix non-trivial bugs.
Few adaptions in the configuration might be necessary to
* Releases with a version number 'X.Y' are minor releases that
introduce new functionality of fix non-trivial bugs.
Few adaptions in the configuration might be necessary to
upgrade to minor releases.
* Releases with a version number X are major releases that will
require major changes in the configuration files. Therefore,
* Releases with a version number X are major releases that will
require major changes in the configuration files. Therefore,
a clean installation might be necessary for such releases.
-------------------------------------------------------------------------------
SWITCHwayf Version History
--------------------------
* Version 2.x - Not released
- Added support for a new type of dropdown: select2 (https://select2.org/),
which loads IDP from a new JSON API. All loading of IDP occurs through ajax
calls, including searches. Works with both standard and embedded WAYF.
Code provided by Geoffroy Arnoud and Guillaume Rousse@
* Version 2.0 - Release date: 7. March 2019
This version comes with a new directory structure that
is quite different from previous versions.
......@@ -47,11 +54,11 @@ SWITCHwayf Version History
- Added code to filter IdPs by entity categories.
Code provided by Michael Simon
- Added Turkish translation provided by M. Uğur Yilmaz
- Added improved sorting for accented strings.
- Added improved sorting for accented strings.
Code provided by Geoffroy Arnoud
* Version 1.21 - Release date: 19. January 2018
- Allow loading configuration from a path in a
- Allow loading configuration from a path in a
web server environment variable to allow multi-tenant
deployments. Code provided by Guillaume Rousse.
- Added code to readMetadata.php to ignore comments
......@@ -62,14 +69,14 @@ SWITCHwayf Version History
- Hide IdPs also from category 'Last Used IdP'
- User HTTP post has preference over session cookies
set by 'remember' checkbox
- Various other improvements suggested by Guillaume Rousse.
- Various other improvements suggested by Guillaume Rousse.
- Removed SWITCH-specific strings from languages file
- Made Javascript less prone to conflicts thanks to
contributed code from Christian Glahn
* Version 1.20.2 - Release date: 22. December 2015
- Upgraded JQuery library to 3.1
- Fixed bug #3736 that causes SProvider.metadata.php not to
- Fixed bug #3736 that causes SProvider.metadata.php not to
be written/updated if metadata file only contains IdPs.
- Updated in copyright information
......@@ -106,7 +113,7 @@ SWITCHwayf Version History
- Sorting of Identity Providers is now case-insensitive
- Improved the code to handle large metadata files to prevent memory
limit issues
- Improved drop-down list now does not reload JQuery 1.x unless JQuery
- Improved drop-down list now does not reload JQuery 1.x unless JQuery
version is older than 1.5
- Updated JQuery library to latest version, which is 1.11.1
......@@ -139,8 +146,8 @@ SWITCHwayf Version History
WAYF to show last n used IdPs at top of drop down list. Default is 3.
- Added Embedded WAYF option wayf_overwrite_from_other_federations_text
to overwrite the category name of IdPs from other federations
- Added Embedded WAYF option wayf_auto_redirect_if_logged_in that
automatically sends a user to the wayf_return_url if he already is
- Added Embedded WAYF option wayf_auto_redirect_if_logged_in that
automatically sends a user to the wayf_return_url if he already is
authenticated.
- Various Javascript improvements to offload computation from WAYF to client
and to improve the code quality.
......@@ -149,27 +156,27 @@ SWITCHwayf Version History
- SP names from MDUI metadata elements are now used if available
- Added new version of JQuery library
- Some small styling changes/CSS improvements
Issues: <https://forge.switch.ch/redmine/projects/wayf/versions/56>
Please read the specific update instructions in the README file.
* Version 1.18 - Release date: 5. August 2013
- Changed default SessionInitiator of the Embedded WAYF to
/Login because this has been the default SessionInitiator in
- Changed default SessionInitiator of the Embedded WAYF to
/Login because this has been the default SessionInitiator in
Shibboleth for quite some time now.
- Corrected viewport meta tag separator of default header as suggested
by Andrew Sokolov from Saint Petersburg State University
by Andrew Sokolov from Saint Petersburg State University
- Fixed a bug in the IdP preselection of the embedded wayf when
additional IdPs where added
- Removed as many SWITCH-specific graphics and texts as possible.
- Introduced configuration options to allow easier customization.
- Fixed a few small bugs
- Added some optimizations to the drop-down list search-as-you type
- Added some optimizations to the drop-down list search-as-you type
feature
- The log file now logs - if possible - also the SP entityID/providerId
- Some small styling changes/CSS improvements
- Added Japanese locales from the GakuNin version of the WAYF
Issues: <https://forge.switch.ch/redmine/projects/wayf/versions/62>
Please read the specific update instructions in the README file, as some
new configuration options were introduced that should be revised.
......@@ -179,7 +186,7 @@ SWITCHwayf Version History
Bug reported with a patch by Takeshi Nishimura
- Fixed typo in configuration otpion useImprovedDropDownList
- Added Javascripts required for improved drop down list
Issues: <https://forge.switch.ch/redmine/projects/wayf/versions/55>
* Version 1.17 Release date: 18. May 2012
......@@ -187,7 +194,7 @@ SWITCHwayf Version History
- Embedded WAYF now reads 'entityID' and 'return' GET arguments.
They get precedence over the values configured for the Embedded WAYF.
- Embedded WAYF logged in message now contains a link to target URL
Issues: <https://forge.switch.ch/redmine/projects/wayf/versions/45>
* Version 1.16 - Release date: 19. January 2012
......@@ -201,7 +208,7 @@ SWITCHwayf Version History
decide whether or not to preselect an Identity Provider in the
Embedded WAYF.
Code contributed by Takeshi Nishimura from NII (Japan)
- If the Discovery Feed feature is activated only those IdPs are shown
- If the Discovery Feed feature is activated only those IdPs are shown
that are contained in the feed. Others will be hidden automatically.
- Added Keywords property to format of IDP entries to allow users to
search Identity Providers using a keyword.
......@@ -219,7 +226,7 @@ SWITCHwayf Version History
- Focus on submit button works better with different browsers
- Invalid values for width and height are now defaulted to auto for
Embedded WAYF
- Fixed a URL composing bug that resulted in a wrong return URL to
- Fixed a URL composing bug that resulted in a wrong return URL to
the Service Provider if the return parameter did not contain any GET
arguments. Reported by Tom Scavo
- Made implementation behave according to the Discovery Service protocol
......@@ -228,7 +235,7 @@ SWITCHwayf Version History
Reported by Tom Scavo.
Issues: <https://forge.switch.ch/redmine/projects/wayf/versions/26>
* Version 1.14.3 - Release date: 4. March 2011
- Fixed a race condition.
Thanks go to Robert Basch for reporting the issue and providing a patch.
......@@ -240,7 +247,7 @@ SWITCHwayf Version History
- Logging to syslog now works properly and is more consistent
- Access log now properly locks file
- Unknown category is not shown anymore when there is no other category
- Namespaces are now taken properly into account when parsing SAML2
- Namespaces are now taken properly into account when parsing SAML2
metadata. Thanks go to Olivier Salaün for reporting this issue and
submitting a patch.
- Improved installation instructions
......@@ -250,8 +257,8 @@ SWITCHwayf Version History
* Version 1.14.1 - Release date: 12. November 2010
- Fixed an encoding bug that affected non-ASCII characters in JavaScripts.
Thanks to Prof. Kazutsuna Yamaji for reporting this issue.
- Corrected behaviour of $enableDSReturnParamCheck and
$useACURLsForReturnParamCheck. There won't be an error anymore if an SP
- Corrected behaviour of $enableDSReturnParamCheck and
$useACURLsForReturnParamCheck. There won't be an error anymore if an SP
has no <idpdisc:DiscoveryResponse> extension defined. In such a case
there will only be a check if $useACURLsForReturnParamCheck is enabled.
- Fixed a bug in readMetadata.php that prevented CLI execution
......@@ -274,7 +281,7 @@ Main developer of the SWITCHwayf: Lukas Hämmerle (SWITCH)
The SWITCHwayf uses code from the following libraries:
* jQuery by the jQuery Foundation and other contributors,
* jQuery by the jQuery Foundation and other contributors,
http://jquery.com/
* Improved Dropdown by John Fuex
https://bitbucket.org/Johnfx/improveddropdown-jquery-plugin/src
......@@ -283,9 +290,9 @@ The SWITCHwayf uses code from the following libraries:
Please consult the LICENSE.txt file for the individual licenses of these components.
Find below a list of people who have contributed to the code, either because they
found bugs, suggested improvements or contributed code. Have a look at the
version history in order to see the individual contributions. The list is sorted
Find below a list of people who have contributed to the code, either because they
found bugs, suggested improvements or contributed code. Have a look at the
version history in order to see the individual contributions. The list is sorted
alphabetically.
- Geoffroy Arnoud from RENATER (FR)
......@@ -315,8 +322,8 @@ alphabetically.
- And of course all SWITCH staff members who have contributed suggestions,
bug fixes and translation to this code.
Special thanks also go to RENATER, the French
Research & Education Network. The main developer
(Lukas Hämmerle) has been a guest at RENATER for 6 months in
2013, during which he worked - among other things - also on the
Special thanks also go to RENATER, the French
Research & Education Network. The main developer
(Lukas Hämmerle) has been a guest at RENATER for 6 months in
2013, during which he worked - among other things - also on the
versions 1.18 and 1.19 of the SWITCHwayf.
......@@ -26,7 +26,7 @@ Some of the Features:
- The central Discovery Service also works without Java Script
- Search-as-you type or selection from a list of organisations
- Various customizations options for header, footer, language strings etc.
- I18N support, currently language packs for en, de, it, fr and some other
- I18N support, currently language packs for en, de, it, fr, tr and some other
languages are included
- HTML code generation for embedding the WAYF directly into a web page
- Support for remembering IdP selection accross different services (when
......@@ -82,17 +82,22 @@ In particular, the following customizations can be applied:
both for the stand-alone WAYF as well as the Embedded WAYF. The styles are
loaded in addition to the default-ImprovedDropDown.css.
* CSS Improved Drop Down Style: `css/custom-select2.css`
Customize CSS styles to alter the appearance of the Select2 drop-down list,
both for the stand-alone WAYF as well as the Embedded WAYF. The styles are
loaded in addition to the default-select2.css.
* Languages: `custom-languages.php`
Can be used to change default or add new language strings. The custom
languages strings in addition to the default styles. Therefore, they can be
used to overwrite the default CSS styles.
This file can also be used to white or black list certain languages by
adding to the end of the file:
// Example to black list Japanase and Portuguese
unset($langStrings['ja']);
unset($langStrings['pt']);
// Example to white list English, Italian, French and German
foreach($langStrings as $lang => $strings){
if ($lang != 'en' && $lang != 'it' && $lang != 'fr' && $lang != 'de'){
......@@ -171,6 +176,10 @@ However, if the script is accessed via HTTPS, the overall speed gain by using
an opcode cacher is much less because the TLS hand-shake is what
needs most time.
When having lot's of IDP, using Select2 drop-down can provide great performane
increase from end-user point of view, because the full IDP list is not
downloaded.
-------------------------------------------------------------------------------
SAML2 Metadata support
......@@ -185,10 +194,10 @@ SAML2 Medatadata file that is used by Shibboleth:
- Make sure the files specified in $metadataIDPFile and $metadataSPFile can be
written by the userthat executes the PHP script (the web server user,
e.g. www-data or _www)
- You may want to execute php SWITCHwayf/bin/update-metadata.php
- You may want to execute php SWITCHwayf/bin/update-metadata.php
manually or with a cron job to avoid that delayed requests for users
who happen to trigger automatic processing of new metadata files.
See php bin/update-metadata.php -h for some details and
See php bin/update-metadata.php -h for some details and
suggestions on how to use the script.
The parsed IDP and SP entries will be stored in $metadataIDPFile and
......@@ -290,6 +299,10 @@ Embedded WAYF code limitations:
* If placed on a host where no Service Provider is installed, the Embedded WAYF
might not be able to detect whether a user is logged in or not. Also, the
wayf_use_disco_feed might not be used.
* When using Select2, one must activate settings both in the embedding web page
and as query param of the downloaded JS (this is explained in snippet)
* IDP Api allows '*' as origin for requests, but limiting this can obviously
prevent embedded WAYF to work with Select2
-------------------------------------------------------------------------------
......@@ -546,3 +559,6 @@ Path Info Extensions:
* [/IDProviders.php]
Same as above but as PHP code
* [/api/idps]
JSON API used by Select2 to fetch IDP. Supports pagination and server-side
searches.
......@@ -11,7 +11,7 @@ met:
* Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
* Neither the name of SWITCH nor the names of its contributors may
* Neither the name of SWITCH nor the names of its contributors may
be used to endorse or promote products derived from this software
without specific prior written permission.
......@@ -111,3 +111,30 @@ NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-------------------------------------------------------------------------
License note Select2
-------------------------------------------------------
Copyright 2017 - Select2, https://select2.org/
The MIT License (MIT)
Copyright (c) 2012-2017 Kevin Brown, Igor Vaynberg, and Select2 contributors
Permission is hereby granted, free of charge, to any person obtaining a copy of
this software and associated documentation files (the "Software"), to deal in
the Software without restriction, including without limitation the rights to
use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
the Software, and to permit persons to whom the Software is furnished to do so,
subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
......@@ -6,7 +6,7 @@ See LICENSE file for details.
SWITCHwayf
==========
This document contains important information for this release of SWITCHwayf,
This document contains important information for this release of SWITCHwayf,
including the installation and update instructions.
* Project web site: <https://forge.switch.ch/redmine/projects/wayf>
......@@ -21,7 +21,7 @@ Requirements
- PHP 5.3 or newer, PHP 7
- PHP XML Parser extension is required for parsing SAML2 metadata
(Debian/Ubuntu: 'apt install php-xml', CentOS/RedHat: yum install php-xml)
- The web server users must have write permissions to some files including:
- The web server users must have write permissions to some files including:
* $backupIDPConfigFile (default 'IDProvider.conf.php')
* $metadataIDPFile (default 'IDProvider.metadata.conf.php')
* $metadataSPFile (default 'SProvider.metadata.conf.php')
......@@ -39,26 +39,26 @@ The latest release can be downloaded from:
Installation
------------
1. Unpack the SWITCHwayf_binary ${VERSION}_${DATE}.zip ZIP archive into a
1. Unpack the SWITCHwayf_binary ${VERSION}_${DATE}.zip ZIP archive into a
directory that is *not* accessible via the web server.
2. Make a copy of the *.dist.php files:
- Copy the file SWITCHwayf/etc/config.dist.php and name it
SWITCHwayf/etc/config.php
- Copy the file SWITCHwayf/etc/config.dist.php and name it
SWITCHwayf/etc/config.php
This is the main configuration file of the SWITCHwayf
- Copy the file etc/IDProvider.conf.dist.php and name it
- Copy the file etc/IDProvider.conf.dist.php and name it
SWITCHwayf/etc/IDProvider.conf.php
This file contains the list of Identity Providers that that can be
configured by hand
3. Adapt the SWITCHwayf configuration in SWITCHwayf/etc/config.php.
There are comments in that file that should help you make
3. Adapt the SWITCHwayf configuration in SWITCHwayf/etc/config.php.
There are comments in that file that should help you make
suitable choices for your use case.
If you are relying on metadata for SP/IdP information,
initialize the
IDProvider.metadata.php//SProvider.metadata.php files with a
If you are relying on metadata for SP/IdP information,
initialize the
IDProvider.metadata.php//SProvider.metadata.php files with a
command like
php bin/update-metadata.php --metadata-file #PATH-TO-SAML2-METADATA#/metadata.xml --metadata-idp-file etc/IDProvider.metadata.php --metadata-sp-file etc/SProvider.metadata.php --verbose
4. Ensure that permissions for the files:
......@@ -66,36 +66,38 @@ Installation
- SWITCHwayf/etc/IDProvider.metadata.php (configured in $metadataIDPFile)
- /tmp/metadata.lock (configured in $metadataLockFile)
- /var/log/apache2/wayf.log (configured in $WAYFLogFile)
are set such that the web server user (e.g. www-data, www or httpd) has write
permissions for them. E.g. with a command like:
chown www-data etc/*metadata.php
5. If Apache 2 is used, add the following statement to the Apache configuration:
Alias /#SOME_PATH# /#YOUR-PATH-TO#/SWITCHwayf/www
Alias /#SOME_PATH#/api/idps /#YOUR-PATH-TO#/SWITCHwayf/lib/idpApi.php
<Directory /#YOUR-PATH-TO#/SWITCHwayf/www>
Options Indexes MultiViews
AllowOverride None
Order allow,deny
Allow from all
<Files WAYF>
SetHandler php7-script
AcceptPathInfo On
</Files>
</Directory>
Beware, only the www subdirectory should be exposed, but
Beware, only the www subdirectory should be exposed, but
not the whole top-level directory (SWITCHwayf).
Alternatively, one also could rename the file 'WAYF' to
'WAYF.php' to avoid setting the PHP handler explicitly on
Alternatively, one also could rename the file 'WAYF' to
'WAYF.php' to avoid setting the PHP handler explicitly on
this file.
6. When using the embedded WAYF feature it might be necessary to add a line to
the Apache configuration like below in order to prevent certain web browsers
6. When using the embedded WAYF feature it might be necessary to add a line to
the Apache configuration like below in order to prevent certain web browsers
from not displaying the Embedded WAYF or parts of it:
Header set P3P "CP=\"NOI CUR DEVa OUR IND COM NAV PRE\""
......@@ -110,11 +112,11 @@ Installation
See <http://www.w3.org/P3P/> for more details on P3P.
7. Test access by calling the WAYF with a URL like:
<https://your.host.com/#SOME_PATH#/WAYF>
Use this URL as Location for your Shibboleth configuration. The WAYF
will automatically be able to detect whether it receives a Shibboleth
will automatically be able to detect whether it receives a Shibboleth
authentication request or a Discovery Service request.
8. Ensure to set the mode of the SWITCHwayf from developmentMode
......@@ -132,44 +134,44 @@ Check out the latest SWITHCHwayf code with:
git clone https://gitlab.switch.ch/aai/SWITCHwayf.git
Although the code in the GIT repository should always be
executable, it should be considered unstable and not be used for
Although the code in the GIT repository should always be
executable, it should be considered unstable and not be used for
production environments without prior testing.
-------------------------------------------------------------------------------
General Update Instructions
---------------------------
1. Make a backup of the directory where the currently active version of the
1. Make a backup of the directory where the currently active version of the
SWITCHwayf is installed, e.g. with 'cp -a SWITCHwayf SWITCHwayf.bak'
2. Get the ZIP archive of the new version and move it into the same
2. Get the ZIP archive of the new version and move it into the same
directory as the WAYF script of the currently deployed version.
Download from <https://forge.switch.ch/redmine/projects/wayf/files>
3. Unzip the archive, e.g. with the command:
unzip -d #DD# SWITCHwayf_x.y_YYYYMMDD.zip
This step will overwrite all files except those whose names start
This step will overwrite all files except those whose names start
with 'custom-'.
Alternatively, create a new directory, move the ZIP archive in that directory,
unzip it and then copy the config.php and all custom-.* files from the
unzip it and then copy the config.php and all custom-.* files from the
current SWITCHwayf installation over to the new directory.
4. Have a look at config.dist.php and compare this file with your current
config.php in order to identify new configuration options.
> Since version 1.18 the script 'update-config.php' can be used to
> Since version 1.18 the script 'update-config.php' can be used to
> merge an existing configuration (from config.php) with the default
> configuration (config.dist.php) into a new configuration file
> configuration (config.dist.php) into a new configuration file
> (config.new.php). This allows easily getting a clean configuration file
> while keeping the current settings.
> while keeping the current settings.
> Run the script with: `php update-config.php`
> Ensure that the user has the necessary write privileges to create the
> file config.new.php. Also note that all comments you might have
> added in the current.php will not be copied over.
Also compare the custom-.* files to the default-.* files that might have
changed. Some features like the improved drop-down list require the WAYF
to load additional javascripts. If a custom header file is missing them,
......@@ -177,7 +179,7 @@ General Update Instructions
5. Ensure that permissions for the files:
- SProvider.metadata.php
- IDProvider.metadata.php
- IDProvider.metadata.php
- metadata.lock
- $WAYFLogFile (typically /var/log/apache2/wayf.log)
are set such that the web server user (e.g. www-data, www or httpd) has write
......@@ -186,11 +188,11 @@ General Update Instructions
6. If SAML2 metadata is used by SWITCHwayf, you might have to run the following
command to bootstrap the metadata reading process again:
php bin/update-metadata.php --metadata-file #PATH-TO-SAML2-METADATA#/metadata.xml --metadata-idp-file etc/IDProvider.metadata.php --metadata-sp-file etc/SProvider.metadata.php --verbose
It's also possible to retrieve the latest code directly from the GIT
repository, which is located here:
It's also possible to retrieve the latest code directly from the GIT
repository, which is located here:
git clone https://gitlab.switch.ch/aai/SWITCHwayf.git
......@@ -200,7 +202,7 @@ Specific Update Instructions
----------------------------
* Updates from versions before 2.0
It's best to install version 2.0 or newer from scratch and
It's best to install version 2.0 or newer from scratch and
then copy over the following files from the pre 2.0 deployment
to the new deployement:
- IDProvider.conf.php -> SWITCHwayf/etc/
......@@ -210,29 +212,29 @@ Specific Update Instructions
- config.php -> SWITCHwayf/etc/
- custom-languages.php -> SWITCHwayf/lib/
- css/custom-* -> SWITCHwayf/www/css/
You then might run php SWITCHwayf/bin/update-config.php to
create a new configuration file based on previous settings.
* Updates from versions before 1.18
The following new configuration options were introduced:
- $supportContactEmail
- $organizationLogoURL
- $organizationURL
- $faqURL
- $helpURL
- $privacyURL
Have a look at config.dist.php in section "5. Appearance Settings" for a
Have a look at config.dist.php in section "5. Appearance Settings" for a
description on these settings. Then make sure to add them to config.php
with your own values (or empty strings to ignore them). Otherwise, default
with your own values (or empty strings to ignore them). Otherwise, default
values will be set.
The default behaviour for the Embedded WAYF setting
wayf_use_small_logo was changed from false to true as most instances
of the Embedded WAYF seem to prefer the small logo. All non-mandatory
settings of the Embedded WAYF are now commented out in the default
settings of the Embedded WAYF are now commented out in the default
template that is generated for the Embedded WAYF. This implies that
if there are Service Providers using your Embedded WAYF feature, they might
have to review their Embedded WAYF settings if they still want to use the
......@@ -249,28 +251,28 @@ Specific Update Instructions
* Update from versions before 1.14.3:
The new setting '$metadataLockFile' was introduced in config.php. It allows
configuring the location of the lock file. When the SWITCHwayf is used in a
configuring the location of the lock file. When the SWITCHwayf is used in a
Windows environment, the path to this file probably has to be adapted.
* Update from versions before 1.8:
This version has a slightly different structure than previous versions.
Therefore, it is recommended to start with a clean installation.
However, you should be able to take over most of your old config.php
functions and use them in the new template.php file again to keep your
This version has a slightly different structure than previous versions.
Therefore, it is recommended to start with a clean installation.
However, you should be able to take over most of your old config.php
functions and use them in the new template.php file again to keep your
customized look and feel.
-------------------------------------------------------------------------------
Security Notes
--------------
The Discovery Service protocol as defined in
The Discovery Service protocol as defined in
<http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-idp-discovery.pdf>
states that the protocol creates opportunities for phishing attacks as do all
SSO protocols that make use of redirection. The specification states that an
implementation "SHOULD" examine the 'return' parameter used in a Discovery
Service request and match it against the <idpdisc:DiscoveryResponse>
extension in SAML metadata. Since version 1.14 the SWITCHwayf supports this
SSO protocols that make use of redirection. The specification states that an
implementation "SHOULD" examine the 'return' parameter used in a Discovery
Service request and match it against the <idpdisc:DiscoveryResponse>
extension in SAML metadata. Since version 1.14 the SWITCHwayf supports this
feature. In order to activate it, the SWITCHwayf has to use the SAML 2 metadata
parsing features by using
......@@ -284,7 +286,7 @@ and potentially
$useACURLsForReturnParamCheck = true;
in case the metadata loaded by SWITCHwayf does not include DiscoveryResponse
in case the metadata loaded by SWITCHwayf does not include DiscoveryResponse
elements for many Service Providers.
......@@ -292,8 +294,8 @@ elements for many Service Providers.
Troubleshooting
---------------
Generally, if there is an error or an exception, the WAYF will log it to syslog.
In case there is a problem and only a white page without any output is displayed,
Generally, if there is an error or an exception, the WAYF will log it to syslog.
In case there is a problem and only a white page without any output is displayed,
open config.php in a text editor, go to the bottom of the file and set:
$developmentMode = true;
......@@ -304,5 +306,5 @@ This should output PHP warning messages which are otherwise supressed.
Documentation
-------------
Consult the DOC file in the same directly as this file for further information
Consult the DOC file in the same directly as this file for further information
on configuring and customizing the SWITCHwayf.
<?php // Copyright (c) 2018, SWITCH
<?php // Copyright (c) 2019, SWITCH
/*------------------------------------------------*/
// Common stuff for PHP executable URI (WAYF, idps)
......
<?php
<?php // Copyright (c) 2019 Geoffroy Arnoud, Guillaume Rousse, and SWITCHwayf contributors
/*------------------------------------------------*/
// JSON Api to retrieve IDPs with paging and query
......
<?php
<?php // Copyright (c) 2019 Geoffroy Arnoud, Guillaume Rousse, and SWITCHwayf contributors
/*------------------------------------------------*/
/*------------------------------------------------*/
......
<?php
<?php // Copyright (c) 2019 Geoffroy Arnoud, Guillaume Rousse, and SWITCHwayf contributors
use PHPUnit\Framework\TestCase;