Commit ed365064 authored by haemmer's avatar haemmer
Browse files

Updated version nummer

Completed README for next release
parent d4326fe7
...@@ -21,8 +21,9 @@ SSO protocols that make use of redirection. Therefore, the specification states ...@@ -21,8 +21,9 @@ SSO protocols that make use of redirection. Therefore, the specification states
that an implementation should examine the 'return' parameter used in a that an implementation should examine the 'return' parameter used in a
Discovery Service request and match it against the <idpdisc:DiscoveryResponse> Discovery Service request and match it against the <idpdisc:DiscoveryResponse>
extension in SAML metadata. The implementation of the Discovery Service protocol extension in SAML metadata. The implementation of the Discovery Service protocol
in the SWITCHwayf does NOT verify the return parameter because it only in the SWITCHwayf prior to version 1.14 does NOT verify the return parameter
optionally reads SAML metadata. even if SAML metadata was used to generate the list of Identity Provider.
Version 1.14 or newer fixes this problem.
Thanks to Tom Scavo for making us aware of this issue. Thanks to Tom Scavo for making us aware of this issue.
...@@ -58,15 +59,13 @@ Requirements: ...@@ -58,15 +59,13 @@ Requirements:
------------------------------------------------------------------------------- -------------------------------------------------------------------------------
Installation: Installation:
If you use Apache 2, insert the following statement in your Apache config file:
-- Unpack the Zip archive into an arbitrary directory on a host that has a deployed
<Location /path/to/WAYF> Apache (IIS also should work though). Make sure that permissions for the files
SetHandler php-script 'SProvider.metadata.php' and 'IDProvider.metadata.php' are set such that the
</Location> web server user (e.g. www-data, www or httpd) has write access on the files:
--
or for PHP5 If you use Apache 2, add the following statement to the Apache configugration:
-- --
<Location /path/to/WAYF> <Location /path/to/WAYF>
...@@ -87,11 +86,9 @@ Options +FollowSymLinks ...@@ -87,11 +86,9 @@ Options +FollowSymLinks
</IfModule> </IfModule>
-- --
You also could rename the file 'WAYF' to 'WAYF.php' or Alternatively, one also could rename the file 'WAYF' to 'WAYF.php'.
make a directory called 'WAYF', rename WAYF to 'index.php' and put it in that
directory.
When using the embedded WAYF feature it's probabl necessary to add a line to When using the embedded WAYF feature it might be necessary to add a line to
the Apache configuration like below in order to prevent certain web browsers the Apache configuration like below in order to prevent certain web browsers
from not displaying the Embedded WAYF or parts of it: from not displaying the Embedded WAYF or parts of it:
...@@ -118,6 +115,18 @@ However, you should be able to take over most of your old config.php ...@@ -118,6 +115,18 @@ However, you should be able to take over most of your old config.php
functions and use them in the new template.php file again to keep your functions and use them in the new template.php file again to keep your
customized look and feel. customized look and feel.
-------------------------------------------------------------------------------
Troubleshooting:
Generall, if there is an error or an exception, the WAYF will log the to syslog.
In case there is a problem and you see only a white page without any output,
open config.php in a text editor, go to the bottom of the file and set:
$developmentMode = true;
This will output PHP warning messages which are otherwise supressed.
------------------------------------------------------------------------------- -------------------------------------------------------------------------------
Customizations: Customizations:
...@@ -187,9 +196,13 @@ If your instance of the SWITCHwayf has many requests and the load is becoming ...@@ -187,9 +196,13 @@ If your instance of the SWITCHwayf has many requests and the load is becoming
higher and higher, you might want to think about using a PHP opcode cacher like higher and higher, you might want to think about using a PHP opcode cacher like
XCache, apc, eaccelerator, phpa, truck-mmcache or similar. XCache, apc, eaccelerator, phpa, truck-mmcache or similar.
Using such a tool can decrease the processing time of the PHP code almost by Using such a tool can decrease the processing time of the PHP code almost by
half. However, internal tests have shown that the bottleneck in general is noth half. However, internal tests have shown that the bottleneck in general is not
the PHP processing but the TLS handshake, which has nothing to do with PHP the PHP processing but the TLS handshake, which has nothing to do with PHP
itself. itself. Benchmark tests conducted by SWITCH demonstrated that generating the
Javascript WAYF/embedded-wayf.js can be speed up by 100% if the script provided
the script is accessed via HTTP (without TLS). However, if the script is
accessed via HTTPS (default in SWITCHaai), the overall speed gain by using
XCache is less than 1% because the TLS hand-shake is what consumes most CPU time.
------------------------------------------------------------------------------- -------------------------------------------------------------------------------
...@@ -328,15 +341,16 @@ For category entries, only Type, (local) Name and Index are relevant. ...@@ -328,15 +341,16 @@ For category entries, only Type, (local) Name and Index are relevant.
------------------------------------------------------------------------------- -------------------------------------------------------------------------------
Changes: Version History:
1.14 - Added the configuration option wayf_force_remember_for_session to 1.14 - Added the configuration option wayf_force_remember_for_session to
the Embedded WAYF on request of Wolgang Lierz from ETH Zurich. This the Embedded WAYF on request of Wolgang Lierz from ETH Zurich. This
option allows setting the remember for session checkbox to true option allows setting the remember for session checkbox to true
- Metadata parsing now uses DOM XML for PHP5 instead of Simple XML - Metadata parsing now uses DOM XML for PHP5 instead of Simple XML
- Fixed a minor HTML error in template for Embedded WAYF - Fixed a minor HTML error in template for Embedded WAYF
- Sorting within categories works now correctly if SAML2 metadata is - Sorting within categories works now correctly if SAML2 metadata is
used to generate Identity Provider drop-down list. Thanks to Prof. used to generate Identity Provider drop-down list. Thanks to
Kazu Yamaji from NII for reporting this issue. Kazutsuna Yamaji from the Japanese National Institute of
Informatics (NII) for reporting this issue.
- Fixed a minor bug in templates.php that cause PHP warnings to show up - Fixed a minor bug in templates.php that cause PHP warnings to show up
in case an invalid IdP was stored in the cookie. in case an invalid IdP was stored in the cookie.
- Fixed a bug affecting the Kerberos authentication. - Fixed a bug affecting the Kerberos authentication.
......
...@@ -4,7 +4,7 @@ ...@@ -4,7 +4,7 @@
****************************************************************************** ******************************************************************************
SWITCH PHP WAYF, SWITCH PHP WAYF,
Copyright 2009 SWITCH - Serving Swiss Universities Copyright 2009 SWITCH - Serving Swiss Universities
Version: 1.14b2 Version: 1.14
Contact: aai@switch.ch Contact: aai@switch.ch
Web site: http://www.switch.ch/aai/wayf Web site: http://www.switch.ch/aai/wayf
****************************************************************************** ******************************************************************************
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment