From d2e7f0d35ceaaa990700fc10aabb23e1489bc167 Mon Sep 17 00:00:00 2001
From: haemmer <haemmer@630430ee-30e2-4e44-a323-da843f692fab>
Date: Fri, 11 May 2012 09:21:14 +0000
Subject: [PATCH] Added #1760 and #1702

---
 CHANGES                   |  5 ++-
 default-embedded-wayf.php |  4 +++
 languages.php             | 10 +++---
 templates.php             | 76 ++++++++++++++++++++++++++++-----------
 4 files changed, 69 insertions(+), 26 deletions(-)

diff --git a/CHANGES b/CHANGES
index 19857db..ba9911d 100755
--- a/CHANGES
+++ b/CHANGES
@@ -26,8 +26,11 @@ necessary for such releases.
 SWITCHwayf Changes and Version History:
 
 
-1.17    Release date:  2012
+1.17    Release date:  Mai 2012
         - Added CSS styles for mobile view
+        - Embedded WAYF now reads 'entityID' and 'return' GET arguments.
+          They get precedence over the values configured for the Embedded WAYF.
+        - Embedded WAYF logged in message now contains a link to target URL
 
 1.16    Release date: 19. January 2012
         - Added an improved version of the drop down list to the WAYF
diff --git a/default-embedded-wayf.php b/default-embedded-wayf.php
index c4f9a88..49b3b2f 100644
--- a/default-embedded-wayf.php
+++ b/default-embedded-wayf.php
@@ -16,6 +16,8 @@
 var wayf_URL = "https://<?php echo $host ?><?php echo $path ?>";
 
 // EntityID of the Service Provider that protects this Resource
+// Value will be overwritten automatically if the page where the Embedded WAYF
+// is displayed is called with a GET argument 'entityID' as automatically set by Shibboleth
 // Examples: "https://econf.switch.ch/shibboleth", "https://dokeos.unige.ch/shibboleth"
 // [Mandatory]
 var wayf_sp_entityID = "https://my-app.switch.ch/shibboleth";
@@ -143,6 +145,8 @@ var wayf_show_categories =  true;
 // Session Initiator URL of the Service Provider
 // Examples: "https://econf.switch.ch/Shibboleth.sso/DS", "https://dokeos.unige.ch/Shibboleth.sso/DS"
 // This will implicitely be set to wayf_sp_samlDSURL = wayf_sp_handlerURL + "/DS";
+// or will be set automatically if the page where the Embedded WAYF is placed is called
+// with a 'return' and an 'entityID' GET Arguments
 // [Optional, if wayf_use_discovery_service = true 
 //  or if wayf_additional_idps is not empty, default: commented out]
 // var wayf_sp_samlDSURL = wayf_sp_handlerURL + "/Login";
diff --git a/languages.php b/languages.php
index da57e3b..cae0b79 100755
--- a/languages.php
+++ b/languages.php
@@ -42,7 +42,7 @@ $langStrings['en'] = array (
 'login' => 'Login',
 'login_with' => 'Login with:',
 'other_federation' => 'From other federations',
-'logged_in' => 'You are already authenticated.',
+'logged_in' => 'You are already authenticated. <a href=\"%s\">Proceed</a>.',
 'most_used' => 'Most often used Home Organisations',
 'invalid_return_url' => 'The return URL <tt>\'%s\'</tt> is not a valid URL.',
 'unverified_return_url' => 'The return URL <tt>\'%s\'</tt> could not be verified for Service Provider <tt>\'%s\'</tt>.',
@@ -89,7 +89,7 @@ $langStrings['de'] = array (
 'login' => 'Anmelden',
 'login_with' => 'Anmelden &uuml;ber:',
 'other_federation' => 'Von anderen F&ouml;derationen',
-'logged_in' => 'Sie sind bereits angemeldet.',
+'logged_in' => 'Sie sind bereits angemeldet. <a href=\"%s\">Weiter</a>.',
 'most_used' => 'Meist genutzte Home Organisationen',
 'invalid_return_url' => 'Die return URL <tt>\'%s\'</tt> ist keine g&uuml;tige URL.',
 'unverified_return_url' => 'Die return URL <tt>\'%s\'</tt> ist nicht g&uuml;tige f&uuml;r den Service Provider <tt>\'%s\'</tt>.',
@@ -135,7 +135,7 @@ $langStrings['fr'] =  array (
 'login' => 'Connexion',
 'login_with' => 'Se connecter avec:',
 'other_federation' => 'D\'autres f&eacute;derations',
-'logged_in' => 'Vous &ecirc;tes d&eacute;j&agrave; authentifi&eacute;.',
+'logged_in' => 'Vous &ecirc;tes d&eacute;j&agrave; authentifi&eacute;. <a href=\"%s\">Continuez</a>.',
 'most_used' => 'Home Organisations les plus utilis&eacute;es',
 );
 
@@ -176,7 +176,7 @@ $langStrings['it'] = array (
 'login' => 'Login',
 'login_with' => 'Login con:',
 'other_federation' => 'Di altra federaziones',
-'logged_in' => 'Lei &egrave; gi&agrave; autenticato.',
+'logged_in' => 'Lei &egrave; gi&agrave; autenticato. <a href=\"%s\">Proseguire</a>.',
 'most_used' => 'Home Organisations utilizzate pi&ugrave; spesso',
 );
 
@@ -216,7 +216,7 @@ $langStrings['pt'] = array (
 'login' => 'Autenticar',
 'login_with' => 'Autenticar em:',
 'other_federation' => 'Outra Federa&ccedil;Atilde;o',
-'logged_in' => 'J&aacute; se encontra autenticado',
+'logged_in' => 'J&aacute; se encontra autenticado. <a href=\"%s\">Continue</a>.',
 'most_used' => 'Institui&ccedil;&atilde;o de Origem mais utilizada',
 );
 
diff --git a/templates.php b/templates.php
index 8e3769c..d1a8aa1 100755
--- a/templates.php
+++ b/templates.php
@@ -313,8 +313,6 @@ function submitForm(){
 	}
 	
 	// User chose non-federation IdP
-	// TODO: FIX windows error
-	// 4 >= (8 - 3/4)
 	if (
 		wayf_additional_idps.length > 0 
 		&& document.IdPList.user_idp
@@ -328,11 +326,20 @@ function submitForm(){
 		
 		// Redirect user to SP handler
 		if (wayf_use_discovery_service){
-			redirect_url = wayf_sp_samlDSURL + '?entityID=' 
-			+ encodeURIComponent(NonFedEntityID)
-			+ '&target=' + encodeURIComponent(wayf_return_url);
 			
-			// Make sure the redirect always is being done in parent window
+			var entityIDGETParam = getGETArgument("entityID");
+			var returnGETParam = getGETArgument("return");
+			if (entityIDGETParam != "" && returnGETParam != ""){
+				redirect_url = returnGETParam;
+			} else {
+				redirect_url = wayf_sp_samlDSURL ;
+				redirect_url += '?target=' + encodeURIComponent(wayf_return_url);
+			}
+			
+			// Append selected Identity Provider
+			redirect_url += '&entityID=' + encodeURIComponent(NonFedEntityID);
+			
+			// Make sure the redirect always is being executed in parent window
 			if (window.parent){
 				window.parent.location = redirect_url;
 			} else {
@@ -690,10 +697,27 @@ function decodeBase64(input) {
 	return output;
 }
 
+function getGETArgument(name){
+	name = name.replace(/[\[]/,"\\\[").replace(/[\]]/,"\\\]");
+	var regexString = "[\\?&]"+name+"=([^&#]*)";
+	var regex = new RegExp(regexString);
+	var results = regex.exec(window.location.href);
+	
+	if( results == null ){
+		return "";
+	} else {
+		return decodeURIComponent(results[1]);
+	}
+}
+
 (function() {
 	
 	var config_ok = true; 
 	
+	// Get GET parameters that maybe are set by Shibboleth
+	var returnGETParam = getGETArgument("return");
+	var entityIDGETParam = getGETArgument("entityID");
+	
 	// First lets make sure properties are available
 	if(
 		typeof(wayf_use_discovery_service)  == "undefined"  
@@ -702,6 +726,12 @@ function decodeBase64(input) {
 		wayf_use_discovery_service = true;
 	}
 	
+	// Overwrite entityID with GET argument if present
+	var entityIDGETParam = getGETArgument("entityID");
+	if (entityIDGETParam != ""){
+		wayf_sp_entityID = entityIDGETParam;
+	}
+	
 	if(
 		typeof(wayf_sp_entityID) == "undefined"
 		|| typeof(wayf_sp_entityID) != "string"
@@ -841,7 +871,7 @@ function decodeBase64(input) {
 		typeof(wayf_logged_in_messsage) == "undefined"
 		|| typeof(wayf_logged_in_messsage) != "string"
 		){
-		wayf_logged_in_messsage = "{$loggedInString}";
+		wayf_logged_in_messsage = "{$loggedInString}".replace(/%s/, wayf_return_url);
 	}
 	
 	if(
@@ -975,24 +1005,30 @@ function decodeBase64(input) {
 		var form_start = '';
 		
 		if (wayf_use_discovery_service == true){
-			var return_url = wayf_sp_samlDSURL + '?SAMLDS=1&target=' + encodeURIComponent(wayf_return_url);
+			// New SAML Discovery Service protocol
 			
-			wayf_authReq_URL = wayf_URL 
-			+ '?entityID=' + encodeURIComponent(wayf_sp_entityID)
-			+ '&amp;return=' + encodeURIComponent(return_url);
+			wayf_authReq_URL = wayf_URL;
 			
-			form_start = '<form id="IdPList" name="IdPList" method="post" target="_parent" action="' + wayf_authReq_URL + '">';
+			// Use GET arguments or use configuration parameters
+			if (entityIDGETParam != "" && returnGETParam != ""){
+				wayf_authReq_URL += '?entityID=' + encodeURIComponent(entityIDGETParam);
+				wayf_authReq_URL += '&amp;return=' + encodeURIComponent(returnGETParam);
+			} else {
+				var return_url = wayf_sp_samlDSURL + '?SAMLDS=1&target=' + encodeURIComponent(wayf_return_url);
+				wayf_authReq_URL += '?entityID=' + encodeURIComponent(wayf_sp_entityID);
+				wayf_authReq_URL += '&amp;return=' + encodeURIComponent(return_url);
+			}
 		} else {
-			
-			wayf_authReq_URL = wayf_URL 
-			+ '?providerId=' + encodeURIComponent(wayf_sp_entityID)
-			+ '&amp;shire=' + encodeURIComponent(wayf_sp_samlACURL)
-			+ '&amp;target=' + encodeURIComponent(wayf_return_url);
-			
-			form_start = '<form id="IdPList" name="IdPList" method="post" target="_parent" action="' + wayf_authReq_URL + '&amp;time={$utcTime}'
-			+ '">';
+			// Old Shibboleth WAYF protocol
+			wayf_authReq_URL = wayf_URL;
+			wayf_authReq_URL += '?providerId=' + encodeURIComponent(wayf_sp_entityID);
+			wayf_authReq_URL += '&amp;shire=' + encodeURIComponent(wayf_sp_samlACURL);
+			wayf_authReq_URL += '&amp;time={$utcTime}';
 		}
 		
+		// Add form element
+		form_start = '<form id="IdPList" name="IdPList" method="post" target="_parent" action="' + wayf_authReq_URL + '">';
+		
 SCRIPT;
 	
 	// Create redirect links in case the checkbox is checked
-- 
GitLab