From d2e7f0d35ceaaa990700fc10aabb23e1489bc167 Mon Sep 17 00:00:00 2001 From: haemmer Date: Fri, 11 May 2012 09:21:14 +0000 Subject: [PATCH] Added #1760 and #1702 --- CHANGES | 5 ++- default-embedded-wayf.php | 4 +++ languages.php | 10 +++--- templates.php | 76 ++++++++++++++++++++++++++++----------- 4 files changed, 69 insertions(+), 26 deletions(-) diff --git a/CHANGES b/CHANGES index 19857db..ba9911d 100755 --- a/CHANGES +++ b/CHANGES @@ -26,8 +26,11 @@ necessary for such releases. SWITCHwayf Changes and Version History: -1.17 Release date: 2012 +1.17 Release date: Mai 2012 - Added CSS styles for mobile view + - Embedded WAYF now reads 'entityID' and 'return' GET arguments. + They get precedence over the values configured for the Embedded WAYF. + - Embedded WAYF logged in message now contains a link to target URL 1.16 Release date: 19. January 2012 - Added an improved version of the drop down list to the WAYF diff --git a/default-embedded-wayf.php b/default-embedded-wayf.php index c4f9a88..49b3b2f 100644 --- a/default-embedded-wayf.php +++ b/default-embedded-wayf.php @@ -16,6 +16,8 @@ var wayf_URL = "https://"; // EntityID of the Service Provider that protects this Resource +// Value will be overwritten automatically if the page where the Embedded WAYF +// is displayed is called with a GET argument 'entityID' as automatically set by Shibboleth // Examples: "https://econf.switch.ch/shibboleth", "https://dokeos.unige.ch/shibboleth" // [Mandatory] var wayf_sp_entityID = "https://my-app.switch.ch/shibboleth"; @@ -143,6 +145,8 @@ var wayf_show_categories = true; // Session Initiator URL of the Service Provider // Examples: "https://econf.switch.ch/Shibboleth.sso/DS", "https://dokeos.unige.ch/Shibboleth.sso/DS" // This will implicitely be set to wayf_sp_samlDSURL = wayf_sp_handlerURL + "/DS"; +// or will be set automatically if the page where the Embedded WAYF is placed is called +// with a 'return' and an 'entityID' GET Arguments // [Optional, if wayf_use_discovery_service = true // or if wayf_additional_idps is not empty, default: commented out] // var wayf_sp_samlDSURL = wayf_sp_handlerURL + "/Login"; diff --git a/languages.php b/languages.php index da57e3b..cae0b79 100755 --- a/languages.php +++ b/languages.php @@ -42,7 +42,7 @@ $langStrings['en'] = array ( 'login' => 'Login', 'login_with' => 'Login with:', 'other_federation' => 'From other federations', -'logged_in' => 'You are already authenticated.', +'logged_in' => 'You are already authenticated. Proceed.', 'most_used' => 'Most often used Home Organisations', 'invalid_return_url' => 'The return URL \'%s\' is not a valid URL.', 'unverified_return_url' => 'The return URL \'%s\' could not be verified for Service Provider \'%s\'.', @@ -89,7 +89,7 @@ $langStrings['de'] = array ( 'login' => 'Anmelden', 'login_with' => 'Anmelden über:', 'other_federation' => 'Von anderen Föderationen', -'logged_in' => 'Sie sind bereits angemeldet.', +'logged_in' => 'Sie sind bereits angemeldet. Weiter.', 'most_used' => 'Meist genutzte Home Organisationen', 'invalid_return_url' => 'Die return URL \'%s\' ist keine gütige URL.', 'unverified_return_url' => 'Die return URL \'%s\' ist nicht gütige für den Service Provider \'%s\'.', @@ -135,7 +135,7 @@ $langStrings['fr'] = array ( 'login' => 'Connexion', 'login_with' => 'Se connecter avec:', 'other_federation' => 'D\'autres féderations', -'logged_in' => 'Vous êtes déjà authentifié.', +'logged_in' => 'Vous êtes déjà authentifié. Continuez.', 'most_used' => 'Home Organisations les plus utilisées', ); @@ -176,7 +176,7 @@ $langStrings['it'] = array ( 'login' => 'Login', 'login_with' => 'Login con:', 'other_federation' => 'Di altra federaziones', -'logged_in' => 'Lei è già autenticato.', +'logged_in' => 'Lei è già autenticato. Proseguire.', 'most_used' => 'Home Organisations utilizzate più spesso', ); @@ -216,7 +216,7 @@ $langStrings['pt'] = array ( 'login' => 'Autenticar', 'login_with' => 'Autenticar em:', 'other_federation' => 'Outra FederaçAtilde;o', -'logged_in' => 'Já se encontra autenticado', +'logged_in' => 'Já se encontra autenticado. Continue.', 'most_used' => 'Instituição de Origem mais utilizada', ); diff --git a/templates.php b/templates.php index 8e3769c..d1a8aa1 100755 --- a/templates.php +++ b/templates.php @@ -313,8 +313,6 @@ function submitForm(){ } // User chose non-federation IdP - // TODO: FIX windows error - // 4 >= (8 - 3/4) if ( wayf_additional_idps.length > 0 && document.IdPList.user_idp @@ -328,11 +326,20 @@ function submitForm(){ // Redirect user to SP handler if (wayf_use_discovery_service){ - redirect_url = wayf_sp_samlDSURL + '?entityID=' - + encodeURIComponent(NonFedEntityID) - + '&target=' + encodeURIComponent(wayf_return_url); - // Make sure the redirect always is being done in parent window + var entityIDGETParam = getGETArgument("entityID"); + var returnGETParam = getGETArgument("return"); + if (entityIDGETParam != "" && returnGETParam != ""){ + redirect_url = returnGETParam; + } else { + redirect_url = wayf_sp_samlDSURL ; + redirect_url += '?target=' + encodeURIComponent(wayf_return_url); + } + + // Append selected Identity Provider + redirect_url += '&entityID=' + encodeURIComponent(NonFedEntityID); + + // Make sure the redirect always is being executed in parent window if (window.parent){ window.parent.location = redirect_url; } else { @@ -690,10 +697,27 @@ function decodeBase64(input) { return output; } +function getGETArgument(name){ + name = name.replace(/[\[]/,"\\\[").replace(/[\]]/,"\\\]"); + var regexString = "[\\?&]"+name+"=([^&#]*)"; + var regex = new RegExp(regexString); + var results = regex.exec(window.location.href); + + if( results == null ){ + return ""; + } else { + return decodeURIComponent(results[1]); + } +} + (function() { var config_ok = true; + // Get GET parameters that maybe are set by Shibboleth + var returnGETParam = getGETArgument("return"); + var entityIDGETParam = getGETArgument("entityID"); + // First lets make sure properties are available if( typeof(wayf_use_discovery_service) == "undefined" @@ -702,6 +726,12 @@ function decodeBase64(input) { wayf_use_discovery_service = true; } + // Overwrite entityID with GET argument if present + var entityIDGETParam = getGETArgument("entityID"); + if (entityIDGETParam != ""){ + wayf_sp_entityID = entityIDGETParam; + } + if( typeof(wayf_sp_entityID) == "undefined" || typeof(wayf_sp_entityID) != "string" @@ -841,7 +871,7 @@ function decodeBase64(input) { typeof(wayf_logged_in_messsage) == "undefined" || typeof(wayf_logged_in_messsage) != "string" ){ - wayf_logged_in_messsage = "{$loggedInString}"; + wayf_logged_in_messsage = "{$loggedInString}".replace(/%s/, wayf_return_url); } if( @@ -975,24 +1005,30 @@ function decodeBase64(input) { var form_start = ''; if (wayf_use_discovery_service == true){ - var return_url = wayf_sp_samlDSURL + '?SAMLDS=1&target=' + encodeURIComponent(wayf_return_url); + // New SAML Discovery Service protocol - wayf_authReq_URL = wayf_URL - + '?entityID=' + encodeURIComponent(wayf_sp_entityID) - + '&return=' + encodeURIComponent(return_url); + wayf_authReq_URL = wayf_URL; - form_start = '
'; + // Use GET arguments or use configuration parameters + if (entityIDGETParam != "" && returnGETParam != ""){ + wayf_authReq_URL += '?entityID=' + encodeURIComponent(entityIDGETParam); + wayf_authReq_URL += '&return=' + encodeURIComponent(returnGETParam); + } else { + var return_url = wayf_sp_samlDSURL + '?SAMLDS=1&target=' + encodeURIComponent(wayf_return_url); + wayf_authReq_URL += '?entityID=' + encodeURIComponent(wayf_sp_entityID); + wayf_authReq_URL += '&return=' + encodeURIComponent(return_url); + } } else { - - wayf_authReq_URL = wayf_URL - + '?providerId=' + encodeURIComponent(wayf_sp_entityID) - + '&shire=' + encodeURIComponent(wayf_sp_samlACURL) - + '&target=' + encodeURIComponent(wayf_return_url); - - form_start = ''; + // Old Shibboleth WAYF protocol + wayf_authReq_URL = wayf_URL; + wayf_authReq_URL += '?providerId=' + encodeURIComponent(wayf_sp_entityID); + wayf_authReq_URL += '&shire=' + encodeURIComponent(wayf_sp_samlACURL); + wayf_authReq_URL += '&time={$utcTime}'; } + // Add form element + form_start = ''; + SCRIPT; // Create redirect links in case the checkbox is checked -- GitLab