Commit af6e5977 authored by haemmer's avatar haemmer
Browse files

Added cookieSecurity option to set and transmit cookies securely

Added additional data protection feature that uses the referer to decide whether or not to preselect an Identity Provider in the Embedded WAYF
If the Discovery Feed feature is activated only those IdPs are shown that are contained in the feed. Others will be hidden automatically.
Added code to automatically set default proper values in case there are not defined in the configuration
Added improved drop-down feature with search as you type functionality
Added licenses of added libraries
parent 5590a93f
......@@ -25,6 +25,15 @@ necessary for such releases.
SWITCHwayf Changes and Version History:
1.16 Release date:
- Added an improved version of the drop down list to the WAYF
- Added cookieSecurity option to set and transmit cookies securely
- Added additional data protection feature that uses the referer to
decide whether or not to preselect an Identity Provider in the
Embedded WAYF
- If the Discovery Feed feature is activated only those IdPs are shown
that are contained in the feed. Others will be hidden automatically.
1.15 Release date: 21. October 2011
- A default and custom CSS file can now be used
- Graphical design now is based new SWITCH harmos elements
......
License note for the SWITCHwayf code
-----------------------------------
Copyright (c) 2011, SWITCH - Serving Swiss Universities
All rights reserved.
......@@ -25,3 +27,44 @@ PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
License note for the Improved Drop Down
---------------------------------------
Copyright 2011 - John Fuex
Licensed under the Apache License, Version 2.0 (the "License"); you
may not use this file except in compliance with the License. You may
obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied. See the License for the specific language governing
permissions and limitations under the License.
License note for JQuery
-----------------------
Copyright (c) 2011 John Resig, http://jquery.com/
Permission is hereby granted, free of charge, to any person obtaining
a copy of this software and associated documentation files (the
"Software"), to deal in the Software without restriction, including
without limitation the rights to use, copy, modify, merge, publish,
distribute, sublicense, and/or sell copies of the Software, and to
permit persons to whom the Software is furnished to do so, subject to
the following conditions:
The above copyright notice and this permission notice shall be
included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
\ No newline at end of file
......@@ -3,7 +3,7 @@
/*
******************************************************************************
SWITCHwayf
Version: 1.15
Version: 1.16
Contact: aai@switch.ch
Web site: http://www.switch.ch/aai/wayf
******************************************************************************
......@@ -18,7 +18,13 @@ require_once('templates.php');
require_once('functions.php');
require_once('languages.php');
// Read custom strings
// Set P3P headers just in case they were not set in Apache already
header('P3P: CP="NOI CUR DEVa OUR IND COM NAV PRE"');
// Set default config options
initConfigOptions();
// Read custom locales
if (file_exists('custom-languages.php')){
require_once('custom-languages.php');
}
......@@ -26,7 +32,7 @@ if (file_exists('custom-languages.php')){
/*------------------------------------------------*/
// Turn on PHP error reporting
/*------------------------------------------------*/
if (isset($developmentMode) && $developmentMode){
if ($developmentMode){
ini_set('error_reporting', E_ALL);
ini_set('display_errors', 'On');
ini_set('log_erros', 'Off');
......@@ -54,7 +60,7 @@ if ($IDPConfigFile == $backupIDPConfigFile){
}
// Read metadata file if configuration option is set
if(isset($useSAML2Metadata) && $useSAML2Metadata && function_exists('xml_parser_create')){
if($useSAML2Metadata && function_exists('xml_parser_create')){
require('readMetadata.php');
}
......@@ -89,7 +95,7 @@ if(isValidDSRequest()){
exit;
}
if (isset($enableDSReturnParamCheck) && $enableDSReturnParamCheck){
if ($enableDSReturnParamCheck){
// Check SP
if(!isset($SProviders[$_GET['entityID']])){
// Show error
......@@ -120,7 +126,7 @@ if (isRequestType('deleteSettings')){
$cookies = array($redirectCookieName, $redirectStateCookieName, $SAMLDomainCookieName, $SPCookieName);
foreach ($cookies as $cookie){
if (isset($_COOKIE[$cookie])){
setcookie($cookie,'',time()-86400, '/', $commonDomain);
setcookie($cookie,'',time()-86400, '/', $commonDomain, $cookieSecurity, $cookieSecurity);
}
}
......@@ -135,7 +141,7 @@ if (isRequestType('deleteSettings')){
// Delete permanent cookie
if (isset($_POST['clear_user_idp'])){
setcookie ($redirectCookieName, '', time() - 3600, '/', $commonDomain, false);
setcookie ($redirectCookieName, '', time() - 3600, '/', $commonDomain, $cookieSecurity, $cookieSecurity);
redirectTo('?'.$_SERVER['QUERY_STRING']);
exit;
}
......@@ -155,43 +161,43 @@ if (isset($_COOKIE[$SPCookieName])){
}
// Set Cookie to remember the selection
if (isset($_POST['user_idp']) && checkIDP($_POST['user_idp'])){
if (isset($_POST['user_idp']) && checkIDPAndShowErrors($_POST['user_idp'])){
$IDPArray = appendValueToIdPArray($_POST['user_idp'], $IDPArray);
setcookie ($SAMLDomainCookieName, getValueFromIdPArray($IDPArray) , time() + (1000*24*3600), '/', $commonDomain, false);
setcookie ($SAMLDomainCookieName, getValueFromIdPArray($IDPArray) , time() + ($cookieValidity*24*3600), '/', $commonDomain, $cookieSecurity, $cookieSecurity);
}
// Set cookie for most recently used Service Provider
if (isset($_GET['entityID'])){
$SPArray = appendValueToIdPArray($_GET['entityID'], array());
setcookie ($SPCookieName, getValueFromIdPArray($SPArray), time() + (10*24*3600), '/', $commonDomain, false);
setcookie ($SPCookieName, getValueFromIdPArray($SPArray), time() + (10*24*3600), '/', $commonDomain, $cookieSecurity, $cookieSecurity);
} else if (isset($_GET['providerId'])){
$SPArray = appendValueToIdPArray($_GET['providerId'], array());
setcookie ($SPCookieName, getValueFromIdPArray($SPArray), time() + (10*24*3600), '/', $commonDomain, false);
setcookie ($SPCookieName, getValueFromIdPArray($SPArray), time() + (10*24*3600), '/', $commonDomain, $cookieSecurity, $cookieSecurity);
}
// Set the permanent or session cookie
if (isset($_POST['permanent'])
&& isset($_POST['user_idp'])
&& checkIDP($_POST['user_idp'])){
&& checkIDPAndShowErrors($_POST['user_idp'])){
// Set permanent cookie
if (is_numeric($_POST['permanent'])){
setcookie ($redirectCookieName, $_POST['user_idp'], time() + ($_POST['permanent']*24*3600), '/', $commonDomain, false);
setcookie ($redirectCookieName, $_POST['user_idp'], time() + ($_POST['permanent']*24*3600), '/', $commonDomain, $cookieSecurity, $cookieSecurity);
} else {
setcookie ($redirectCookieName, $_POST['user_idp'], time() + (100*24*3600), '/', $commonDomain, false);
setcookie ($redirectCookieName, $_POST['user_idp'], time() + ($cookieValidity*24*3600), '/', $commonDomain, $cookieSecurity, $cookieSecurity);
}
} elseif (
isset($_POST['user_idp'])
&& checkIDP($_POST['user_idp'])
&& checkIDPAndShowErrors($_POST['user_idp'])
){
if (isset($_POST['session'])){
// Set redirection cookie and redirection state cookie
setcookie ($redirectCookieName, $_POST['user_idp'], null, '/', $commonDomain, false);
setcookie ($redirectStateCookieName, 'checked', time() + (100*24*3600), '/', $commonDomain, false);
setcookie ($redirectCookieName, $_POST['user_idp'], null, '/', $commonDomain, $cookieSecurity, $cookieSecurity);
setcookie ($redirectStateCookieName, 'checked', time() + ($cookieValidity*24*3600), '/', $commonDomain, $cookieSecurity, $cookieSecurity);
} else {
setcookie ($redirectStateCookieName, 'checked', time() - 3600, '/', $commonDomain, false);
setcookie ($redirectStateCookieName, 'checked', time() - 3600, '/', $commonDomain, $cookieSecurity, $cookieSecurity);
}
}
......@@ -203,7 +209,7 @@ if (isset($_POST['permanent'])
if (
isValidShibRequest()
&& isset($_COOKIE[$redirectCookieName])
&& checkIDP($_COOKIE[$redirectCookieName], false)
&& checkIDP($_COOKIE[$redirectCookieName])
){
$cookieIdP = $_COOKIE[$redirectCookieName];
......@@ -238,7 +244,7 @@ if ($useKerberos && isset($_SERVER['REMOTE_USER'])) {
// Bingo - we have a winner!
$kerberosRealm = substr($user, 1 + strlen($kerberosPrincipal) - strlen(strrchr($kerberosPrincipal, "@")));
if ($kerberosIDP = getKerberosRealm($kerberosRealm) && checkIDP($kerberosIDP, false)){
if ($kerberosIDP = getKerberosRealm($kerberosRealm) && checkIDP($kerberosIDP)){
// Handle cascaded WAYF
if (isset($IDProviders[$kerberosIDP]['Type']) && $IDProviders[$kerberosIDP]['Type'] == 'wayf'){
......@@ -290,7 +296,7 @@ if (
isset($_GET['shire'])
&& isset($_GET['target'])
&& isset($_GET['origin'])
&& checkIDP($_GET['origin'])
&& checkIDPAndShowErrors($_GET['origin'])
){
redirectTo($IDProviders[$_GET['origin']]['SSO'].'?'.$_SERVER['QUERY_STRING']);
......@@ -311,7 +317,7 @@ if ($hintedPathIDP != '-'){
} elseif ( checkPathInfo('redirect') ){
// Set redirect cookie for this session
setcookie ($redirectCookieName, $hintedPathIDP, null, '/', $commonDomain, false);
setcookie ($redirectCookieName, $hintedPathIDP, null, '/', $commonDomain, $cookieSecurity, $cookieSecurity);
// Determine if DS or WAYF request
if (isValidDSRequest()){
......@@ -334,7 +340,7 @@ if ($hintedPathIDP != '-'){
// Redirect using user selection
if (
isset($_POST['user_idp'])
&& checkIDP($_POST['user_idp'])
&& checkIDPAndShowErrors($_POST['user_idp'])
&& isValidShibRequest()
&& !isset($_POST['permanent'])
){
......@@ -394,7 +400,7 @@ $hintedIPIDP = getIPAdressHint();
// Reverse DNS lookup hint
$hintedDomainIDP = '-';
if (isset($useReverseDNSLookup) && $useReverseDNSLookup){
if ($useReverseDNSLookup){
$hintedDomainIDP = getDomainNameFromURIHint();
}
......@@ -425,7 +431,7 @@ if ($hintedCookieIdP != '-'){
// Sort Identity Providers
/*------------------------------------------------*/
if (isset($useSAML2Metadata) && $useSAML2Metadata){
if ($useSAML2Metadata){
// Only automatically sort if list of Identity Provider is parsed
// from metadata instead of being manualy managed
sortIdentityProviders($IDProviders);
......@@ -511,7 +517,7 @@ if (
} elseif(isRequestType('snippet.html')){
// Check if this feature is activated at all
if (!isset($useEmbeddedWAYF) || !$useEmbeddedWAYF){
if (!$useEmbeddedWAYF){
echo '// The embedded WAYF feature is deactivated in the configuration';
exit;
}
......@@ -526,7 +532,7 @@ if (
header('Content-Type: text/plain');
// Check if this feature is activated at all
if (!isset($useEmbeddedWAYF) || !$useEmbeddedWAYF){
if (!$useEmbeddedWAYF){
echo '// The embedded WAYF feature is deactivated in the configuration';
exit;
}
......@@ -539,7 +545,7 @@ if (
} elseif(isRequestType('embedded-wayf.js')){
// Check if this feature is activated at all
if (!isset($useEmbeddedWAYF) || !$useEmbeddedWAYF){
if (!$useEmbeddedWAYF){
echo '// The embedded WAYF feature is deactivated in the configuration';
exit;
}
......@@ -547,10 +553,16 @@ if (
// Set JavaScript content type
header('Content-type: text/javascript;charset="utf-8"');
// Is Embedded WAYF data protection feature enabled?
// If the data protection feature is enabled, don't preselect the IdP
if ($useEmbeddedWAYFPrivacyProtection){
$selectedIDP = '-';
}
// If the referer check is enabled but fails, don't preselect the IdP
if (
isset($useEmbeddedWAYFPrivacyProtection)
&& $useEmbeddedWAYFPrivacyProtection == true
!$useEmbeddedWAYFPrivacyProtection
&& $useEmbeddedWAYFRefererForPrivacyProtection
&& !isRequestRefererMatchingSPHost()
){
$selectedIDP = '-';
}
......@@ -568,7 +580,7 @@ if (
}
// Add guessed Identity Provider
if (isset($exportPreselectedIdP) && $exportPreselectedIdP){
if ($exportPreselectedIdP){
$IDProviders['preselectedIDP'] = $selectedIDP;
}
......@@ -585,7 +597,7 @@ if (
header('Content-type: text/javascript;charset="utf-8"');
// Add guessed Identity Provider
if (isset($exportPreselectedIdP) && $exportPreselectedIdP){
if ($exportPreselectedIdP){
$IDProviders['preselectedIDP'] = $selectedIDP;
}
......@@ -604,7 +616,7 @@ if (
}
// Add guessed Identity Provider
if (isset($exportPreselectedIdP) && $exportPreselectedIdP){
if ($exportPreselectedIdP){
$IDProviders['preselectedIDP'] = $selectedIDP;
}
......@@ -619,7 +631,7 @@ if (
header('Content-Type: text/plain');
// Add guessed Identity Provider
if (isset($exportPreselectedIdP) && $exportPreselectedIdP){
if ($exportPreselectedIdP){
$IDProviders['preselectedIDP'] = $selectedIDP;
}
......@@ -636,7 +648,7 @@ if (
header('Content-Type: text/plain');
// Add guessed Identity Provider
if (isset($exportPreselectedIdP) && $exportPreselectedIdP){
if ($exportPreselectedIdP){
$IDProviders['preselectedIDP'] = $selectedIDP;
}
......@@ -648,10 +660,10 @@ if (
exit;
} elseif (
(isset($_POST['user_idp']) && checkIDP($_POST['user_idp']))
(isset($_POST['user_idp']) && checkIDPAndShowErrors($_POST['user_idp']))
|| (
isset($_COOKIE[$redirectCookieName])
&& checkIDP($_COOKIE[$redirectCookieName], false)
&& checkIDP($_COOKIE[$redirectCookieName])
)
){
......
......@@ -38,6 +38,11 @@ $SAMLDomainCookieName = $cookieNamePrefix.'_saml_idp';
// selected IdP and SP using $SAMLDomainCookieName and $SPCookieName
$SPCookieName = $cookieNamePrefix.'_saml_sp';
// If enabled cookies are set/transmitted only via https connections
$cookieSecurity = false;
// Number of days longterm cookies shall be valid
$cookieValidity = 100;
// 3. Features and extensions
//***************************
......@@ -45,6 +50,9 @@ $SPCookieName = $cookieNamePrefix.'_saml_sp';
// Whether to show the checkbox to permanently remember a setting
$showPermanentSetting = false;
// Whether or not to use the search-as-you-type feature of the drop down list
$userImprovedDropDownList = true;
// Set to true in order to enable reading the Identity Provider from a SAML2
// metadata file defined below in $metadataFile
$useSAML2Metadata = true;
......@@ -97,16 +105,21 @@ $useReverseDNSLookup = false;
// Therefore, only enable this feature if you know what you are doing!
$useEmbeddedWAYF = false;
// If activated the Embedded WAYF will prevent releasing information
// about the user's preselected Identity Provider
// If enabled the Embedded WAYF will prevent releasing information
// about the user's preselected Identity Provider
// While this is benefical to the data protection of the user, it will also
// prevent preselecting the user's Identity Provider. Thus, users will have
// to preselect their IdP each and every time
$useEmbeddedWAYFPrivacyProtection = false;
// Whether to enable logging of WAYF/DS requests
// If turned on make sure to also configure $WAYFLogFile
$useLogging = true;
// If enabled, the referer hostname of the request must match tan assertion
// consumer URL or a discovery URL of a Service Provider in $metadataSPFile
// in order to let the Embedded WAYF preselect an Identity Provider.
// Therefore, this option is a good compromise between data protection and
// userfriendlyness.
// This option can only be used if $useEmbeddedWAYFPrivacyProtection is false
// and $useSAML2Metadata is true
$useEmbeddedWAYFRefererForPrivacyProtection = false;
// Whether or not to add the entityID of the preselected IdP to the
// exported JSON/Text/PHP Code
......@@ -117,8 +130,12 @@ $useLogging = true;
// Therefore, only enable this feature if you know what you are doing!
$exportPreselectedIdP = false;
// Whether to enable logging of WAYF/DS requests
// If turned on make sure to also configure $WAYFLogFile
$useLogging = true;
// 4. Look and feel settings
// 4. Appearance settings
//**************************
// Name of the federation
......@@ -128,12 +145,19 @@ $federationName = 'SWITCHaai Federation';
$federationURL = 'http://www.switch.ch/aai/';
// Use an absolute URL in case you want to use the embedded WAYF
$imageURL = 'https://'.$_SERVER['SERVER_NAME'].'/SWITCHaai/images';
$imageURL = 'https://'.$_SERVER['SERVER_NAME'].dirname($_SERVER['SCRIPT_NAME']).'/images';
// URL to the logo that shall be displayed
// Absolute URL to point to css directory
$cssURL = 'https://'.$_SERVER['SERVER_NAME'].dirname($_SERVER['SCRIPT_NAME']).'/css';
// Absolute URL to point to javascript directory
$javascriptURL = 'https://'.$_SERVER['SERVER_NAME'].dirname($_SERVER['SCRIPT_NAME']).'/js';
// Absolute URL to the logo that shall be displayed in the Embedded WAYF
$logoURL = $imageURL.'/switch-aai-transparent.png';
// URL to the small logo that shall be displayed in the embedded WAYF if dimensions are small
// Absolute URL to the small logo that shall be displayed in the
// embedded WAYF if dimensions must be small
$smallLogoURL = $imageURL.'/switch-aai-transparent-small.png';
......@@ -143,8 +167,8 @@ $smallLogoURL = $imageURL.'/switch-aai-transparent-small.png';
// Set both config files to the same value if you don't want to use the
// the WAYF to read a (potential) automatically generated file that undergoes
// some plausability checks before being used
$IDPConfigFile = 'IDProvider.conf.php'; // Config file
$backupIDPConfigFile = 'IDProvider.conf.php'; // Backup config file
$IDPConfigFile = 'IDProvider.conf.php';
$backupIDPConfigFile = 'IDProvider.conf.php';
// Use $metadataFile as source federation's metadata.
$metadataFile = '/etc/shibboleth/metadata.switchaai.xml';
......@@ -176,6 +200,7 @@ $WAYFLogFile = '/var/log/apache2/wayf.log';
// A Kerboros-protected soft link back to this script!
$kerberosRedirectURL = '/SWITCHaai/kerberosRedirect.php';
// Development mode settings
//**************************
// If the development mode is activated, PHP errors and warnings will be displayed
......
......@@ -129,3 +129,68 @@ pre {
#userIdPSelection {
width: 400px;
}
/* Improved Drop Down CSS */
/* textbox part of the dropdown list */
.idd_textbox {
border-style: solid;
border-color: #333333;
vertical-align: middle;
}
/* dropdown arrow control */
.idd_icon {
border-color: #C0C0C0;
border-style: solid solid solid none;
border-width: 0;
}
/* Dropdown list */
div.idd_list {
border: thin solid #C0C0C0;
background-color: #FFFFFF;
padding-left: 5px;
padding-top: 0px;
padding-bottom: 0px;
z-index: 900;
}
/* Option Group headers */
.idd_listItemGroupHeader
{
font-family:Verdana, sans-serif;
font-size: 12px;
padding-bottom: 2px;
font-weight: bold;
text-align: left
}
/* Dropdown list items except group headers */
.idd_listItem {
font-family:Verdana, sans-serif;
font-size: 12px;
height: 1em;
margin: 0px;
padding-bottom: 2px;
text-align:left;
}
/* Dropdown list items nested under group headers */
.idd_listItem_Nested {
padding-left: 15px;
}
/* mouseover on all list items except group headers */
.idd_listItem_Hover
{
color: #FFFFFF;
background-color: #00247D;
}
/* List items that are disabled */
.idd_listItem_Disabled {
color: #C0C0C0;
cursor: default;
}

/* textbox part of the dropdown list */
.idd_textbox {
border-style: solid;
border-color: #333333;
vertical-align: middle;
}
/* dropdown arrow control */
.idd_icon {
border-color: #C0C0C0;
border-style: solid solid solid none;
border-width: 0;
}
/* Dropdown list */
div.idd_list {
border: thin solid #C0C0C0;
max-height: 300px;
background-color: #FFFFFF;
padding-left: 5px;
padding-top: 0px;
padding-bottom: 0px;
z-index: 900;
}
/* Option Group headers */
.idd_listItemGroupHeader
{
font-family:Verdana, sans-serif;
font-size: 12px;
padding-bottom: 2px;
font-weight: bold;
text-align: left
}
/* Dropdown list items except group headers */
.idd_listItem {
font-family:Verdana, sans-serif;
font-size: 12px;
height: 1em;
margin: 0px;
padding-bottom: 2px;
text-align:left;
}
/* Dropdown list items nested under group headers */
.idd_listItem_Nested {
padding-left: 15px;
}
/* mouseover on all list items except group headers */
.idd_listItem_Hover
{
color: #FFFFFF;
background-color: #00247D;
}
/* List items that are disabled */
.idd_listItem_Disabled {
color: #C0C0C0;
cursor: default;
}
......@@ -221,10 +221,14 @@ var wayf_show_categories = true;
// Whether to load Identity Providers from the Discovery Feed provided by
// the Service Provider. The discovery feed feature might have to be activated
// on the SP first.
// The loaded Identity Providers are added to the wayf_additional_idps and the
// whole array will be sorted alphabetically
// the Service Provider.
// IdPs that are not listed in the Discovery Feed and that the SP therefore is
// not are able to accept assertions from, are hidden by the Embedded WAYF
// IdPs that are in the Discovery Feed but are unknown to the SWITCHwayf
// are added to the wayf_additional_idps.
// The list wayf_additional_idps will be sorted alphabetically
// The SP must have configured the discovery feed handler that generates a
// JSON object. Otherwise it won't generate the JSON data containing the IdPs.
// [Optional, commented out by default]
// var wayf_use_disco_feed = true;
......
......@@ -6,6 +6,9 @@
<meta http-equiv="content-type" content="text/html; charset=utf-8">
<meta name="keywords" content="Discovery Service, WAYF, Shibboleth">
<meta name="description" content="Choose your home organization to authenticate">
<script type="text/javascript" src="<?php echo $javascriptURL ?>/jquery.js"></script>
<script type="text/javascript" src="<?php echo $javascriptURL ?>/improvedDropDown.js"></script>
<link rel="StyleSheet" href="<?php echo $cssURL ?>/improvedDropdown.css" type="text/css">
<script language="JavaScript" type="text/javascript">
<!--
......@@ -89,7 +92,17 @@
// Init WAYF
function init(){
preventIframeEmbedding();
setFocus();
if (<?php echo ($userImprovedDropDownList) ? 'true' : 'false' ?>){
// Convert select element into improved drop down list
$("#userIdPSelection").improveDropDown({
iconPath:'<?php echo $imageURL ?>/drop_icon.png',
noMatchesText: '<?php echo getLocalString('no_idp_found', 'js') ?>',
noItemsText: '<?php echo getLocalString('no_idp_available', 'js') ?>'
});
}
}
// Add new DomReady function
......
......@@ -4,6 +4,108 @@
// Commonly used functions for the WAYF
/******************************************************************************/