Commit 0120565d authored by Lukas Haemmerle's avatar Lukas Haemmerle

Various improvements and patches

parent f9434bdf
......@@ -31,7 +31,10 @@ necessary for such releases.
SWITCHwayf Version History
--------------------------
* Version 1.20.3 - Release date: x. y 2017
* Version 1.21 - Release date: x. y 2017
- Allow loading configuration from a path in a
web server environment variable to allow multi-tenant
deployments. Code provided by Guillaume Rousse.
- Updated JQuery to v3.2.1
- Made Javascript less prone to conflicts thanks to
contributed code from Christian Glahn
......@@ -267,6 +270,7 @@ alphabetically.
- Christian Glahn, HTW Chur (CH)
- Nuno Gonçalves from FCCN (PT)
- Florent Guilleux from CRU (FR)
- Guillaume Rousse from RENATER (FR)
- Josh Howlett from University of Bristol (UK)
- Franz Kuster from ETH Zurich (CH)
- Wolgang Lierz from ETH Zurich (CH)
......
......@@ -454,6 +454,44 @@ $langStrings['de_CH']['title'] = 'Auswahl der Heimorganisation';
-------------------------------------------------------------------------------
Multi-tenant Deployment:
------------------------
If there should be deployed multiple instances of the SWITCHwayf
on the same host, it might be desired to make all instances
use the same code base but different configuration files.
To achieve this, the SWITCHWAYF_CONFIG environment variable can
be used.
The usage of SWITCHWAYF_CONFIG environment variable allows to
specify an alternative location for the configuration file.
The default configuration file is still used, if this variable
is not defined. This allows a single software deployment to
provides a discovery services for multiple federations,
depending of virtual host or URL used.
Below is an example of an Apache httpd server configuration
with two different virtual hosts using different
configuration files:
DocumentRoot /usr/share/switchwayf
<Directory /usr/share/switchwayf>
Require all granted
DirectoryIndex WAYF
</Directory>
<VirtualHost *:443>
ServerName wayf.switch.ch
SetEnv SWITCHWAYF_CONFIG=/etc/switchwayf/switch_config.php
</VirtualHost>
<VirtualHost *:443>
ServerName wayf.edugain.org
SetEnv SWITCHWAYF_CONFIG=/etc/switchwayf/edugain_config.php
</VirtualHost>
-------------------------------------------------------------------------------
Special handlers:
-----------------
In order for the Embedded WAYF feature to work there are some special files that
......
......@@ -13,7 +13,11 @@ Web site: https://www.switch.ch/aai/support/tools/wayf/
// Load general configuration and template file
/*------------------------------------------------*/
require_once('config.php');
if (isset($_SERVER{'SWITCHWAYF_CONFIG'})){
require_once($_SERVER{'SWITCHWAYF_CONFIG'});
} else {
require_once('config.php');
}
require_once('languages.php');
require_once('functions.php');
require_once('templates.php');
......@@ -208,6 +212,61 @@ if (isset($_POST['permanent'])
// Redirecting user
/*------------------------------------------------*/
// Redirect using user selection
if (
isset($_POST['user_idp'])
&& checkIDPAndShowErrors($_POST['user_idp'])
&& isValidShibRequest()
&& !isset($_POST['permanent'])
){
$selectedIDP = $_POST['user_idp'];
// Handle cascaded WAYF
if (isset($IDProviders[$selectedIDP]['Type']) && $IDProviders[$selectedIDP]['Type'] == 'wayf'){
// Send user to cascaded WAYF with same request
redirectTo($IDProviders[$selectedIDP]['SSO'].'?'.$_SERVER['QUERY_STRING']);
} else if (isValidDSRequest()){
redirectToSP($_GET['return'], $selectedIDP);
// Create log entry
if (isset($_POST['request_type']) && $_POST['request_type'] == 'embedded'){
$dsType = 'Embedded-DS';
} else {
$dsType = 'DS';
}
logAccessEntry($dsType, 'Request', $_GET['entityID'], $selectedIDP, $_GET['return']);
} else {
redirectTo($IDProviders[$selectedIDP]['SSO'].'?'.$_SERVER['QUERY_STRING']);
// Create log entry
if (isset($_POST['request_type']) && $_POST['request_type'] == 'embedded'){
$dsType = 'Embedded-WAYF';
} else {
$dsType = 'WAYF';
}
logAccessEntry($dsType, 'Request', (isset($_GET['providerId'])) ? $_GET['providerId'] : '-', $selectedIDP, $_GET['shire']);
}
exit;
}
// For backwards compatiblity
if (
isset($_GET['shire'])
&& isset($_GET['target'])
&& isset($_GET['origin'])
&& checkIDPAndShowErrors($_GET['origin'])
){
redirectTo($IDProviders[$_GET['origin']]['SSO'].'?'.$_SERVER['QUERY_STRING']);
// Create log entry
logAccessEntry('WAYF', 'Old-Request', (isset($_GET['providerId'])) ? $_GET['providerId'] : '-', $_GET['origin'], $_GET['shire']);
exit;
}
// IDP determined by redirect cookie
if (
isValidShibRequest()
......@@ -294,20 +353,6 @@ if ($useKerberos && !isset($kerberosRealm)) {
// If the User Agent doesn't support Negotiate, we continue as usual.
}
// For backwards compatiblity
if (
isset($_GET['shire'])
&& isset($_GET['target'])
&& isset($_GET['origin'])
&& checkIDPAndShowErrors($_GET['origin'])
){
redirectTo($IDProviders[$_GET['origin']]['SSO'].'?'.$_SERVER['QUERY_STRING']);
// Create log entry
logAccessEntry('WAYF', 'Old-Request', (isset($_GET['providerId'])) ? $_GET['providerId'] : '-', $_GET['origin'], $_GET['shire']);
exit;
}
// Redirect using resource hint
$hintedPathIDP = getIdPPathInfoHint();
if ($hintedPathIDP != '-'){
......@@ -340,46 +385,7 @@ if ($hintedPathIDP != '-'){
}
}
// Redirect using user selection
if (
isset($_POST['user_idp'])
&& checkIDPAndShowErrors($_POST['user_idp'])
&& isValidShibRequest()
&& !isset($_POST['permanent'])
){
$selectedIDP = $_POST['user_idp'];
// Handle cascaded WAYF
if (isset($IDProviders[$selectedIDP]['Type']) && $IDProviders[$selectedIDP]['Type'] == 'wayf'){
// Send user to cascaded WAYF with same request
redirectTo($IDProviders[$selectedIDP]['SSO'].'?'.$_SERVER['QUERY_STRING']);
} else if (isValidDSRequest()){
redirectToSP($_GET['return'], $selectedIDP);
// Create log entry
if (isset($_POST['request_type']) && $_POST['request_type'] == 'embedded'){
$dsType = 'Embedded-DS';
} else {
$dsType = 'DS';
}
logAccessEntry($dsType, 'Request', $_GET['entityID'], $selectedIDP, $_GET['return']);
} else {
redirectTo($IDProviders[$selectedIDP]['SSO'].'?'.$_SERVER['QUERY_STRING']);
// Create log entry
if (isset($_POST['request_type']) && $_POST['request_type'] == 'embedded'){
$dsType = 'Embedded-WAYF';
} else {
$dsType = 'WAYF';
}
logAccessEntry($dsType, 'Request', (isset($_GET['providerId'])) ? $_GET['providerId'] : '-', $selectedIDP, $_GET['shire']);
}
exit;
}
/*------------------------------------------------*/
// Gather data to preselect user's IdP
......
......@@ -15,7 +15,11 @@ if (!isset($_SERVER['SERVER_NAME'])){
}
require_once('functions.php');
require_once('config.php');
if (isset($_SERVER{'SWITCHWAYF_CONFIG'})){
require_once($_SERVER{'SWITCHWAYF_CONFIG'});
} else {
require_once('config.php');
}
// Make sure this script is not accessed directly
if(isRunViaCLI()){
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment