Commit 518ddc1f authored by haemmer's avatar haemmer

Lots of changes for #2789

parent 9dfae529
...@@ -129,12 +129,20 @@ General Update Instructions: ...@@ -129,12 +129,20 @@ General Update Instructions:
Specific Update Instructions: Specific Update Instructions:
Updates from versions before 1.17.2 Updates from versions before 1.18
A new configuration option $supportContactEmail was introduced to provide The following new configuration options were introduced:
the user a support contact address in case of errors. Please add a line
like the following to the SWITCHwayf configuration file config.php: - $supportContactEmail
$supportContactEmail = 'your-support-contact@your.organisation.org'; - $organizationLogoURL
If not set, the default address support-contact@example.org will be used. - $organizationURL
- $faqURL
- $helpURL
- $privacyURL
Have a look at config.dist.php in section 4. Appearance settings for a
description on these settings. The make sure to configure them to config.php
which should contain your own configuration. Otherwise, default values
will be set.
Updates from versions before 1.15 Updates from versions before 1.15
......
...@@ -3,7 +3,7 @@ ...@@ -3,7 +3,7 @@
/* /*
****************************************************************************** ******************************************************************************
SWITCHwayf SWITCHwayf
Version: 1.17.2 Version: 1.18
Contact: aai@switch.ch Contact: aai@switch.ch
Web site: http://www.switch.ch/aai/wayf Web site: http://www.switch.ch/aai/wayf
****************************************************************************** ******************************************************************************
...@@ -13,10 +13,10 @@ Web site: http://www.switch.ch/aai/wayf ...@@ -13,10 +13,10 @@ Web site: http://www.switch.ch/aai/wayf
// Load general configuration and template file // Load general configuration and template file
/*------------------------------------------------*/ /*------------------------------------------------*/
require_once('config.php');
require_once('templates.php'); require_once('templates.php');
require_once('functions.php'); require_once('functions.php');
require_once('languages.php'); require_once('languages.php');
require_once('config.php');
// Set P3P headers just in case they were not set in Apache already // Set P3P headers just in case they were not set in Apache already
header('P3P: CP="NOI CUR DEVa OUR IND COM NAV PRE"'); header('P3P: CP="NOI CUR DEVa OUR IND COM NAV PRE"');
......
<?php // Copyright (c) 2013, SWITCH - Serving Swiss Universities <?php // Copyright (c) 2013, SWITCH - Serving Swiss Universities
//****************************************************************************** //******************************************************************************
// This file contains the WAYF/DS configuration. Adapt the settings to reflect // This file contains the configuration of SWITCHwayf, a light-weight
// your environment and then do some testing before deploying the WAYF. // implementation of a SAML Discovery Service. Adapt the settings to reflect
// your environment and then do some testing before going into production.
// Unless specifically set, default values will be used for all options.
//****************************************************************************** //******************************************************************************
// 1. Language settings // 1. Language settings
//********************* //*********************
$defaultLanguage = 'en'; // Language that is used by default if the language of the user's web browser
// is not available in languages.php or custom-languages.php.
// If string in local language is not available, english ('en') will be used
// as last resort.
//$defaultLanguage = 'en';
// 2. Cookie settings // 2. Cookie settings
//******************* //*******************
// Domain within the WAYF cookie should be readable. Must start with a . // Domain within the WAYF cookie should be readable. Must start with a .
$commonDomain = '.switch.ch'; // $commonDomain = '.example.org';
// Optionnal cookie name prefix in case you run several // Optionnal cookie name prefix in case you run several
// instances of the WAYF in the same domain. // instances of the WAYF in the same domain.
// Example: $cookieNamePrefix = '_mywayf'; // Example: $cookieNamePrefix = '_mywayf';
$cookieNamePrefix = ''; //$cookieNamePrefix = '';
// Names of the cookies where to store the settings to temporarily // Names of the cookies where to store the settings to temporarily
// redirect users transparently to their last selected IdP // redirect users transparently to their last selected IdP
$redirectCookieName = $cookieNamePrefix.'_redirect_user_idp'; //$redirectCookieName = $cookieNamePrefix.'_redirect_user_idp';
$redirectStateCookieName = $cookieNamePrefix.'_redirection_state';
// Stores last selected IdPs // Stores last selected IdPs
// This value shouldn't be changed because _saml_idp is the officilly // This value shouldn't be changed because _saml_idp is the officilly
// defined name in the SAML specification // defined name in the SAML specification
$SAMLDomainCookieName = $cookieNamePrefix.'_saml_idp'; //$SAMLDomainCookieName = $cookieNamePrefix.'_saml_idp';
// Stores last selected SP // Stores last selected SP
// This value can be choosen as you like because it is something specific // This value can be choosen as you like because it is something specific
...@@ -36,40 +41,40 @@ $SAMLDomainCookieName = $cookieNamePrefix.'_saml_idp'; ...@@ -36,40 +41,40 @@ $SAMLDomainCookieName = $cookieNamePrefix.'_saml_idp';
// information on a page in the same domain as $commonDomain by accessing // information on a page in the same domain as $commonDomain by accessing
// the federation metadata and parsing out the contact information of the // the federation metadata and parsing out the contact information of the
// selected IdP and SP using $SAMLDomainCookieName and $SPCookieName // selected IdP and SP using $SAMLDomainCookieName and $SPCookieName
$SPCookieName = $cookieNamePrefix.'_saml_sp'; //$SPCookieName = $cookieNamePrefix.'_saml_sp';
// If enabled cookies are set/transmitted only via https connections // If enabled cookies are set/transmitted only via https connections
// and the http only option is set to prevent javascripts from reading the // and the http only option is set to prevent javascripts from reading the
// cookies // cookies
$cookieSecurity = false; //$cookieSecurity = false;
// Number of days longterm cookies should be valid // Number of days longterm cookies should be valid
$cookieValidity = 100; //$cookieValidity = 100;
// 3. Features and extensions // 3. Features and extensions
//*************************** //***************************
// Whether to show the checkbox to permanently remember a setting // Whether to show the checkbox to permanently remember a setting
$showPermanentSetting = false; //$showPermanentSetting = false;
// Whether or not to use the search-as-you-type feature of the drop down list // Whether or not to use the search-as-you-type feature of the drop down list
$useImprovedDropDownList = true; //$useImprovedDropDownList = true;
// Set to true in order to enable reading the Identity Provider from a SAML2 // Set to true in order to enable reading the Identity Provider from a SAML2
// metadata file defined below in $metadataFile // metadata file defined below in $metadataFile
$useSAML2Metadata = false; //$useSAML2Metadata = false;
// If true parsed metadata should have precedence if there are entries defined // If true parsed metadata should have precedence if there are entries defined
// in metadata as well as the local IDProviders configuration file. // in metadata as well as the local IDProviders configuration file.
// Requires $useSAML2Metadata to be true // Requires $useSAML2Metadata to be true
$SAML2MetaOverLocalConf = false; //$SAML2MetaOverLocalConf = false;
// If includeLocalConfEntries parameter is set to true, Identity Providers // If includeLocalConfEntries parameter is set to true, Identity Providers
// not listed in metadata but defined in the local IDProviders file will also // not listed in metadata but defined in the local IDProviders file will also
// be displayed in the drop down list. This is required if you need to add // be displayed in the drop down list. This is required if you need to add
// local exceptions over the federation metadata // local exceptions over the federation metadata
// Requires $useSAML2Metadata to be true // Requires $useSAML2Metadata to be true
$includeLocalConfEntries = true; //$includeLocalConfEntries = true;
// Whether the return parameter is checked against SAML2 metadata or not // Whether the return parameter is checked against SAML2 metadata or not
// The Discovery Service specification says the DS SHOULD check this in order // The Discovery Service specification says the DS SHOULD check this in order
...@@ -78,7 +83,7 @@ $useSAML2Metadata = false; ...@@ -78,7 +83,7 @@ $useSAML2Metadata = false;
// contains an <idpdisc:DiscoveryResponse> or if the assertion consumer url // contains an <idpdisc:DiscoveryResponse> or if the assertion consumer url
// check below is enabled // check below is enabled
// Requires $useSAML2Metadata to be true // Requires $useSAML2Metadata to be true
$enableDSReturnParamCheck = true; //$enableDSReturnParamCheck = true;
// If true, the return parameter is checked for Service Providers that // If true, the return parameter is checked for Service Providers that
// don't have and <idpdisc:DiscoveryResponse> extension set. Instead of this // don't have and <idpdisc:DiscoveryResponse> extension set. Instead of this
...@@ -88,14 +93,17 @@ $useSAML2Metadata = false; ...@@ -88,14 +93,17 @@ $useSAML2Metadata = false;
// a <idpdisc:DiscoveryResponse> extension. It increases security for Service // a <idpdisc:DiscoveryResponse> extension. It increases security for Service
// Provider's that don't have an <idpdisc:DiscoveryResponse> extensions. // Provider's that don't have an <idpdisc:DiscoveryResponse> extensions.
// Requires $useSAML2Metadata and $enableDSReturnParamCheck to be true // Requires $useSAML2Metadata and $enableDSReturnParamCheck to be true
$useACURLsForReturnParamCheck = false; //$useACURLsForReturnParamCheck = false;
// Whether to turn on Kerberos support for Identity Provider preselection // Whether to turn on Kerberos support for Identity Provider preselection
$useKerberos = false; //$useKerberos = false;
// A Kerboros-protected page that redirects back to the WAYF script
//$kerberosRedirectURL = '/myFederation/kerberosRedirect.php';
// If enabled, the user's IP is used for a reverse DNS lookup whose resulting // If enabled, the user's IP is used for a reverse DNS lookup whose resulting
// domain name then is matched with the URN values of the Identity Providers // domain name then is matched with the URN values of the Identity Providers
$useReverseDNSLookup = false; //$useReverseDNSLookup = false;
// Whether the JavaScript required for embedding the WAYF // Whether the JavaScript required for embedding the WAYF
// on a remote site should be generated or not // on a remote site should be generated or not
...@@ -104,7 +112,7 @@ $useReverseDNSLookup = false; ...@@ -104,7 +112,7 @@ $useReverseDNSLookup = false;
// (with some efforts) find out with a high probability from which // (with some efforts) find out with a high probability from which
// organization a user is from. This could be misused for phishing attacks. // organization a user is from. This could be misused for phishing attacks.
// Therefore, only enable this feature if you know what you are doing! // Therefore, only enable this feature if you know what you are doing!
$useEmbeddedWAYF = false; //$useEmbeddedWAYF = false;
// If enabled the Embedded WAYF will prevent releasing information // If enabled the Embedded WAYF will prevent releasing information
// about the user's preselected Identity Provider // about the user's preselected Identity Provider
...@@ -112,7 +120,7 @@ $useEmbeddedWAYF = false; ...@@ -112,7 +120,7 @@ $useEmbeddedWAYF = false;
// prevent preselecting the user's Identity Provider. Thus, users will have // prevent preselecting the user's Identity Provider. Thus, users will have
// to preselect their IdP each and every time // to preselect their IdP each and every time
// Requires $useEmbeddedWAYF to be true // Requires $useEmbeddedWAYF to be true
$useEmbeddedWAYFPrivacyProtection = false; //$useEmbeddedWAYFPrivacyProtection = false;
// If enabled, the referer hostname of the request must match tan assertion // If enabled, the referer hostname of the request must match tan assertion
// consumer URL or a discovery URL of a Service Provider in $metadataSPFile // consumer URL or a discovery URL of a Service Provider in $metadataSPFile
...@@ -121,7 +129,7 @@ $useEmbeddedWAYF = false; ...@@ -121,7 +129,7 @@ $useEmbeddedWAYF = false;
// userfriendlyness. // userfriendlyness.
// Requires $useSAML2Metadata to be true and $useEmbeddedWAYFPrivacyProtection // Requires $useSAML2Metadata to be true and $useEmbeddedWAYFPrivacyProtection
// to be false // to be false
$useEmbeddedWAYFRefererForPrivacyProtection = false; //$useEmbeddedWAYFRefererForPrivacyProtection = false;
// Whether or not to add the entityID of the preselected IdP to the // Whether or not to add the entityID of the preselected IdP to the
// exported JSON/Text/PHP Code // exported JSON/Text/PHP Code
...@@ -130,40 +138,56 @@ $useEmbeddedWAYF = false; ...@@ -130,40 +138,56 @@ $useEmbeddedWAYF = false;
// in the world can easily find out with a high probability from which // in the world can easily find out with a high probability from which
// organization a user is from. This could be misused for phishing attacks. // organization a user is from. This could be misused for phishing attacks.
// Therefore, only enable this feature if you know what you are doing! // Therefore, only enable this feature if you know what you are doing!
$exportPreselectedIdP = false; //$exportPreselectedIdP = false;
// Whether to enable logging of WAYF/DS requests // Whether to enable logging of WAYF/DS requests
// If turned on make sure to also configure $WAYFLogFile // If turned on make sure to also configure $WAYFLogFile
$useLogging = true; //$useLogging = true;
// Where to log the access
// Make sure the web server user has write access to this file!
//$WAYFLogFile = '/var/log/apache2/wayf.log';
// 4. Appearance settings // 4. Appearance settings
//************************** //**************************
// Name of the federation // Name of the federation
$federationName = 'SWITCHaai Federation'; //$federationName = 'myFederation';
// URL to send user to when clicking on federation logo // URL to send user to when clicking on federation logo
$federationURL = 'http://www.switch.ch/aai/'; // Insert %s as macro to be substituted by the language (e.g. 'en', 'de', 'fr', ...) the WAYF uses
//$federationURL = 'http://www.example.org/myFed/';
// Absolute URL to the federation logo that should be displayed in the Embedded WAYF
//$logoURL = 'http://ds.example.org/SWITCHwayf/images/federation-logo.png';
// Absolute URL to the small federation logo that should be displayed in the
// embedded WAYF if dimensions must be small
//$smallLogoURL = 'http://ds.example.org/SWITCHwayf/images/small-federation-logo.png';
// Support contact email address // Support contact email address
$supportContactEmail = 'helpdesk@example.org'; //$supportContactEmail = 'helpdesk@example.org';
// Use an absolute URL in case you want to use the embedded WAYF // Absolute URL to the logo of the organization operating this Discovery Service
$imageURL = 'https://'.$_SERVER['SERVER_NAME'].dirname($_SERVER['SCRIPT_NAME']).'/images'; //$organizationLogoURL = 'https://ds.example.org/SWITCHwayf/images/organization-logo.png';
// Absolute URL to point to css directory // Absolute URL to the organization's web page
$cssURL = 'https://'.$_SERVER['SERVER_NAME'].dirname($_SERVER['SCRIPT_NAME']).'/css'; // Insert %s as macro to be substituted by the language (e.g. 'en', 'de', 'fr', ...) the WAYF uses
//$organizationURL = 'http://www.example.org/';
// Absolute URL to point to javascript directory // Absolute URL to an FAQ page
$javascriptURL = 'https://'.$_SERVER['SERVER_NAME'].dirname($_SERVER['SCRIPT_NAME']).'/js'; // This entries local string is 'faq' in languages.php
// Insert %s as macro to be substituted by the language (e.g. 'en', 'de', 'fr', ...) the WAYF uses
//$faqURL = 'http://www.example.org/%s/myFed/faq/';
// Absolute URL to the logo that should be displayed in the Embedded WAYF // Absolute URL to a help/support page
$logoURL = $imageURL.'/switch-aai-transparent.png'; // Insert %s as macro to be substituted by the language (e.g. 'en', 'de', 'fr', ...) the WAYF uses
//$helpURL = 'http://www.example.org/%s/myFed/help/';
// Absolute URL to the small logo that should be displayed in the // Absolute URL to a privacy policy page
// embedded WAYF if dimensions must be small // Insert %s as macro to be substituted by the language (e.g. 'en', 'de', 'fr', ...) the WAYF uses
$smallLogoURL = $imageURL.'/switch-aai-transparent-small.png'; //$privacyURL = 'http://www.example.org/%s/myFed/privacy/';
// 5. Files and path settings // 5. Files and path settings
...@@ -172,43 +196,43 @@ $smallLogoURL = $imageURL.'/switch-aai-transparent-small.png'; ...@@ -172,43 +196,43 @@ $smallLogoURL = $imageURL.'/switch-aai-transparent-small.png';
// Set both config files to the same value if you don't want to use the // Set both config files to the same value if you don't want to use the
// the WAYF to read a (potential) automatically generated file that undergoes // the WAYF to read a (potential) automatically generated file that undergoes
// some plausability checks before being used // some plausability checks before being used
$IDPConfigFile = 'IDProvider.conf.php'; //$IDPConfigFile = 'IDProvider.conf.php';
$backupIDPConfigFile = 'IDProvider.conf.php'; //$backupIDPConfigFile = 'IDProvider.conf.php';
// Use $metadataFile as source federation's metadata. // Use $metadataFile as source federation's metadata.
$metadataFile = '/etc/shibboleth/metadata.switchaai.xml'; //$metadataFile = '/etc/shibboleth/metadata.myFederation.xml';
// File to store the parsed IdP list // File to store the parsed IdP list
// Will be updated automatically if the metadataFile modification time // Will be updated automatically if the metadataFile modification time
// is more recent than this file's // is more recent than this file's
// The user running the script must have permission to create $metadataIdpFile // The user running the script must have permission to create $metadataIdpFile
$metadataIDPFile = 'IDProvider.metadata.php'; //$metadataIDPFile = 'IDProvider.metadata.php';
// File to store the parsed SP list. // File to store the parsed SP list.
// Will be updated automatically if the metadataFile modification time // Will be updated automatically if the metadataFile modification time
// is more recent than this file's // is more recent than this file's
// The user running the script must have permission to create $metadataIdpFile // The user running the script must have permission to create $metadataIdpFile
$metadataSPFile = 'SProvider.metadata.php'; //$metadataSPFile = 'SProvider.metadata.php';
// File to use as the lock file for writing the parsed IdP and SP lists. // File to use as the lock file for writing the parsed IdP and SP lists.
// The user running the script must have permission to write $metadataLockFile // The user running the script must have permission to write $metadataLockFile
$metadataLockFile = '/tmp/wayf_metadata.lock'; //$metadataLockFile = '/tmp/wayf_metadata.lock';
// Where to log the access // Use an absolute URL in case you want to use the embedded WAYF
// Make sure the web server user has write access to this file! //$imageURL = 'https://ds.example.org/SWITCHwayf/images';
$WAYFLogFile = '/var/log/apache2/wayf.log';
// Absolute URL to point to css directory
//$cssURL = 'https://ds.example.org/SWITCHwayf/css';
// 6. Other settings // Absolute URL to point to javascript directory
//****************** //$javascriptURL = 'https://ds.example.org/SWITCHwayf/js';
// A Kerboros-protected soft link back to this script!
$kerberosRedirectURL = '/SWITCHaai/kerberosRedirect.php';
// Development mode settings // Development mode settings
//************************** //**************************
// If the development mode is activated, PHP errors and warnings will be displayed // If the development mode is activated, PHP errors and warnings will be displayed
$developmentMode = false; // on pages the SWITCHwayf generates
//$developmentMode = false;
?> ?>
...@@ -26,5 +26,7 @@ ...@@ -26,5 +26,7 @@
</div> </div>
</form> </form>
<?php if (getLocalString('additional_info') != '') { ?>
<p><?php echo getLocalString('additional_info') ?></p> <p><?php echo getLocalString('additional_info') ?></p>
<?php } ?>
<!-- Identity Provider Selection: End --> <!-- Identity Provider Selection: End -->
...@@ -11,7 +11,7 @@ ...@@ -11,7 +11,7 @@
//////////////////// ESSENTIAL SETTINGS //////////////////// //////////////////// ESSENTIAL SETTINGS ////////////////////
// URL of the WAYF to use // URL of the WAYF to use
// Examples: "https://wayf.switch.ch/SWITCHaai/WAYF", "https://wayf-test.switch.ch/aaitest/WAYF"; // Examples: "https://wayf.example.org/SWITCHwayf/WAYF"
// [Mandatory] // [Mandatory]
var wayf_URL = "https://<?php echo $host ?><?php echo $path ?>"; var wayf_URL = "https://<?php echo $host ?><?php echo $path ?>";
...@@ -127,7 +127,7 @@ var wayf_show_categories = true; ...@@ -127,7 +127,7 @@ var wayf_show_categories = true;
// EntityIDs of Identity Provider that should not be shown at all // EntityIDs of Identity Provider that should not be shown at all
// Example of how to hide certain Identity Provider // Example of how to hide certain Identity Provider
// var wayf_hide_idps = new Array("https://idp.unige.ch/idp/shibboleth", "https://lewotolo.switch.ch/idp/shibboleth"); // var wayf_hide_idps = new Array("https://idp.unige.ch/idp/shibboleth", "https://aai-logon.switch.ch/idp/shibboleth");
// [Optional, commented out by default] // [Optional, commented out by default]
// var wayf_hide_idps = new Array(); // var wayf_hide_idps = new Array();
...@@ -143,7 +143,7 @@ var wayf_show_categories = true; ...@@ -143,7 +143,7 @@ var wayf_show_categories = true;
// var wayf_use_discovery_service = false; // var wayf_use_discovery_service = false;
// Session Initiator URL of the Service Provider // Session Initiator URL of the Service Provider
// Examples: "https://econf.switch.ch/Shibboleth.sso/Login", "https://dokeos.unige.ch/Shibboleth.sso/DS" // Examples: "https://interact.switch.ch/Shibboleth.sso/Login", "https://dokeos.unige.ch/Shibboleth.sso/DS"
// This will implicitely be set to wayf_sp_samlDSURL = wayf_sp_handlerURL + "/Login"; // This will implicitely be set to wayf_sp_samlDSURL = wayf_sp_handlerURL + "/Login";
// or will be set automatically if the page where the Embedded WAYF is placed is called // or will be set automatically if the page where the Embedded WAYF is placed is called
// with a 'return' and an 'entityID' GET Arguments // with a 'return' and an 'entityID' GET Arguments
...@@ -154,16 +154,15 @@ var wayf_show_categories = true; ...@@ -154,16 +154,15 @@ var wayf_show_categories = true;
// Default IdP to preselect when central WAYF couldn't guess IdP either // Default IdP to preselect when central WAYF couldn't guess IdP either
// This is usually the case the first time ever a user accesses a resource // This is usually the case the first time ever a user accesses a resource
// [Optional, default: commented out] // [Optional, default: commented out]
// var wayf_default_idp = "https://aai.switch.ch/idp/shibboleth"; // var wayf_default_idp = "https://aai-logon.switch.ch/idp/shibboleth";
// Set a custom Assertion Consumer URL instead of // Set a custom Assertion Consumer URL instead of
// the default wayf_sp_handlerURL + '/SAML/POST' // the default wayf_sp_handlerURL + '/SAML/POST'
// Only relevant if wayf_use_discovery_service is false // Only relevant if wayf_use_discovery_service is false
// Examples: "https://olat.uzh.ch/shib/samlaa", // Examples: "https://my-app.switch.ch/custom/saml-implementation/samlaa"
// This will implicitely be set to wayf_sp_samlACURL = wayf_sp_handlerURL + "/SAML/POST"; // This will implicitely be set to wayf_sp_samlACURL = wayf_sp_handlerURL + "/SAML/POST";
// "https://foodle.feide.no/simplesaml/shib13/sp/AssertionConsumerService.php"
// [Optional, commented out by default] // [Optional, commented out by default]
// var wayf_sp_samlACURL = "https://maclh.switch.ch/foo/bar"; // var wayf_sp_samlACURL = "https://my-app.switch.ch/custom/saml-implementation/samlaa";
// Overwites the text of the checkbox if // Overwites the text of the checkbox if
// wayf_show_remember_checkbox is set to true // wayf_show_remember_checkbox is set to true
...@@ -215,7 +214,7 @@ var wayf_show_categories = true; ...@@ -215,7 +214,7 @@ var wayf_show_categories = true;
// var wayf_additional_idps = [ // var wayf_additional_idps = [
// //
// {name:"International University X", // {name:"International University X",
// entityID:"urn:mace:switch.ch:SWITCHaai:example.university.org", // entityID:"urn:mace:example.org:example.university.org",
// SAML1SSOurl:"https://int.univ.org/shibboleth-idp/SSO"}, // SAML1SSOurl:"https://int.univ.org/shibboleth-idp/SSO"},
// //
// {name:"Some Other University", // {name:"Some Other University",
......
...@@ -109,14 +109,14 @@ ...@@ -109,14 +109,14 @@
<div id="container"> <div id="container">
<div class="box"> <div class="box">
<div id="header"> <div id="header">
<a href="http://www.switch.ch/aai"><img src="<?php echo $logoURL ?>" alt="SWITCHaai" id="federationLogo"></a> <a href="<?php echo sprintf($federationURL, $language) ?>"><img src="<?php echo $logoURL ?>" alt="Federation Logo" id="federationLogo"></a>
<a href="http://www.switch.ch/"><img src="<?php echo $imageURL ?>/switch-logo.png" alt="SWITCH" id="organisationLogo"></a> <a href="<?php echo sprintf($organizationURL, $language) ?>"><img src="<?php echo $organizationLogoURL ?>" alt="Organization Logo" id="organisationLogo"></a>
</div> </div>
<div id="content"> <div id="content">
<ul class="menu"> <ul class="menu">
<li><a href="http://www.switch.ch/<?php echo $language ?>/aai/about/"><?php echo getLocalString('about_federation'); ?></a></li> <li><a href="<?php echo sprintf($federationURL, $language) ?>"><?php echo getLocalString('about_federation'); ?></a></li>
<li class="last"><a href="http://www.switch.ch/<?php echo $language ?>/aai/faq/"><?php echo getLocalString('faq') ?></a></li> <li class="last"><a href="<?php echo sprintf($faqURL, $language) ?>"><?php echo getLocalString('faq') ?></a></li>
<li class="last"><a href="http://www.switch.ch/<?php echo $language ?>/aai/help/"><?php echo getLocalString('help') ?></a></li> <li class="last"><a href="<?php echo sprintf($helpURL, $language) ?>"><?php echo getLocalString('help') ?></a></li>
<li class="last"><a href="http://www.switch.ch/<?php echo $language ?>/aai/privacy/"><?php echo getLocalString('privacy') ?></a></li> <li class="last"><a href="<?php echo sprintf($privacyURL, $language) ?>"><?php echo getLocalString('privacy') ?></a></li>
</ul> </ul>
<!-- Body: Start --> <!-- Body: Start -->
...@@ -32,11 +32,16 @@ function initConfigOptions(){ ...@@ -32,11 +32,16 @@ function initConfigOptions(){
global $federationName; global $federationName;
global $supportContactEmail; global $supportContactEmail;
global $federationURL; global $federationURL;
global $organizationURL;
global $faqURL;
global $helpURL;
global $privacyURL;
global $imageURL; global $imageURL;
global $javascriptURL; global $javascriptURL;
global $cssURL; global $cssURL;
global $logoURL; global $logoURL;
global $smallLogoURL; global $smallLogoURL;
global $organizationLogoURL;
global $IDPConfigFile; global $IDPConfigFile;
global $backupIDPConfigFile; global $backupIDPConfigFile;
global $metadataFile; global $metadataFile;
...@@ -50,13 +55,13 @@ function initConfigOptions(){ ...@@ -50,13 +55,13 @@ function initConfigOptions(){
// Set independet default configuration options // Set independet default configuration options
$defaults = array(); $defaults = array();
$defaults['defaultLanguage'] = 'en'; $defaults['defaultLanguage'] = 'en';
$defaults['commonDomain'] = '.switch.ch'; $defaults['commonDomain'] = getTopLevelDomain($_SERVER['SERVER_NAME']);
$defaults['cookieNamePrefix'] = ''; $defaults['cookieNamePrefix'] = '';
$defaults['cookieSecurity'] = false; $defaults['cookieSecurity'] = false;
$defaults['cookieValidity'] = 100; $defaults['cookieValidity'] = 100;
$defaults['showPermanentSetting'] = false; $defaults['showPermanentSetting'] = false;
$defaults['useImprovedDropDownList'] = true; $defaults['useImprovedDropDownList'] = true;
$defaults['useSAML2Metadata'] = true; $defaults['useSAML2Metadata'] = false;
$defaults['SAML2MetaOverLocalConf'] = false; $defaults['SAML2MetaOverLocalConf'] = false;
$defaults['includeLocalConfEntries'] = true; $defaults['includeLocalConfEntries'] = true;
$defaults['enableDSReturnParamCheck'] = true; $defaults['enableDSReturnParamCheck'] = true;
...@@ -68,9 +73,13 @@ function initConfigOptions(){ ...@@ -68,9 +73,13 @@ function initConfigOptions(){
$defaults['useEmbeddedWAYFRefererForPrivacyProtection'] = false; $defaults['useEmbeddedWAYFRefererForPrivacyProtection'] = false;
$defaults['useLogging'] = true; $defaults['useLogging'] = true;
$defaults['exportPreselectedIdP'] = false; $defaults['exportPreselectedIdP'] = false;
$defaults['federationName'] = 'SWITCHaai Federation'; $defaults['federationName'] = 'Identity Federation';
$defaults['federationURL'] = 'http://www.switch.ch/aai/'; $defaults['organizationURL'] = 'http://www.'.$defaults['commonDomain'];
$defaults['supportContactEmail'] = 'support-contact@example.org'; $defaults['federationURL'] = $defaults['organizationURL'].'/aai';
$defaults['faqURL'] = $defaults['federationURL'].'/faq';
$defaults['helpURL'] = $defaults['federationURL'].'/help';
$defaults['privacyURL'] = $defaults['federationURL'].'/privacy';
$defaults['supportContactEmail'] = 'support-contact@'.$defaults['commonDomain'];
$defaults['imageURL'] = 'https://'.$_SERVER['SERVER_NAME'].dirname($_SERVER['SCRIPT_NAME']).'/images'; $defaults['imageURL'] = 'https://'.$_SERVER['SERVER_NAME'].dirname($_SERVER['SCRIPT_NAME']).'/images';
$defaults['javascriptURL'] = 'https://'.$_SERVER['SERVER_NAME'].dirname($_SERVER['SCRIPT_NAME']).'/js'; $defaults['javascriptURL'] = 'https://'.$_SERVER['SERVER_NAME'].dirname($_SERVER['SCRIPT_NAME']).'/js';
$defaults['cssURL'] = 'https://'.$_SERVER['SERVER_NAME'].dirname($_SERVER['SCRIPT_NAME']).'/css'; $defaults['cssURL'] = 'https://'.$_SERVER['SERVER_NAME'].dirname($_SERVER['SCRIPT_NAME']).'/css';
...@@ -97,8 +106,9 @@ function initConfigOptions(){ ...@@ -97,8 +106,9 @@ function initConfigOptions(){
$defaults['redirectStateCookieName'] = $cookieNamePrefix.'_redirection_state'; $defaults['redirectStateCookieName'] = $cookieNamePrefix.'_redirection_state';
$defaults['SAMLDomainCookieName'] = $cookieNamePrefix.'_saml_idp'; $defaults['SAMLDomainCookieName'] = $cookieNamePrefix.'_saml_idp';
$defaults['SPCookieName'] = $cookieNamePrefix.'_saml_sp'; $defaults['SPCookieName'] = $cookieNamePrefix.'_saml_sp';
$defaults['logoURL'] = $imageURL.'/switch-aai-transparent.png'; $defaults['logoURL'] = $imageURL.'/federation-logo.png';
$defaults['smallLogoURL'] = $imageURL.'/switch-aai-transparent-small.png';