diff --git a/CHANGES b/CHANGES index ae747f57d7dd4463454cb120eb57e2eed35fa85f..ffbd881d72b6e788e1c23670154e54e16a696613 100755 --- a/CHANGES +++ b/CHANGES @@ -38,8 +38,8 @@ SWITCHwayf Changes and Version History: Code contributed by Takeshi Nishimura from NII (Japan) - If the Discovery Feed feature is activated only those IdPs are shown that are contained in the feed. Others will be hidden automatically. - - Added Location property to format of IDP entries to allow users to - search Identity Providers using a geographical hint. + - Added Keywords property to format of IDP entries to allow users to + search Identity Providers using a keyword. 1.15 Release date: 21. October 2011 - A default and custom CSS file can now be used diff --git a/DOC b/DOC index be1223ab215a99226d608cea125a1f56da5f721f..5dddeb1ee0444546a1e4bc8716a0abbe4a18bbe2 100755 --- a/DOC +++ b/DOC @@ -261,15 +261,17 @@ the entry stands for an Identity Provider. For entries of Type category, the words that are not allowed to be assigned to entries for Identity Providers. ['Name']: Mandatory Default name to display in drop-down list -['en'|'it'|'fr'|'de'|'pt']['Name']: - Optional Display name in other languages + +['en'|'it'|'fr'|'de'|...] Language dependent: + ['Name']: Optional Display name + ['Keywords']: Optional Keywords associated with the Identity Provider. + Used for search-as-you-type feature of improved + drop-down list. Space delimited. + ['SSO']: Mandatory Should be the SAML1 SSO endpoint of the IdP ['Realm']: Optional Kerberos Realm ['IP'][]: Optional IP ranges of that organizations that can be used to guess a user's Identity Provider -['Location'][]: Optional Geographical places associated with the - Identity Provider. Used for search-as-you-type - feature of improved drop-down list. ['Index']: Optional An alphanumerical value that is used for sorting categories and Identity Provider in ascending order if the Identity Providers are parsed from metadata. diff --git a/IDProvider.conf.dist.php b/IDProvider.conf.dist.php index 7321f443af0280eeaf140a8cb9fb199aa005d7cd..cceef3e8c8d197a86fd40eeac3e0faa825dc1465 100755 --- a/IDProvider.conf.dist.php +++ b/IDProvider.conf.dist.php @@ -25,7 +25,7 @@ $IDProviders['bristol.ac.uk'] = array ( 'Name' => 'University of Bristol', 'SSO' => 'https://sso.bris.ac.uk/sso/index.jsp', 'Realm' => 'ADS.BRIS.AC.UK', - 'Location' => array ('Bristol','South West England','England'), + 'en' => array ('Keywords' => 'Bristol South+West+England'), ); // Example with optional network blocks that can be used as an @@ -48,11 +48,17 @@ $IDProviders['vho'] = array ( $IDProviders['urn:mace:switch.ch:SWITCHaai:vho-switchaai.ch'] = array ( 'Type' => 'vho', 'Name' => 'Virtual Home Organisation', - 'de' => array ('Name' => 'Virtuelle Home Organisation'), + 'en' => array ( + 'Name' => 'Virtual Home Organisation', + 'Keywords','Zurich Switzerland', + ), + 'de' => array ( + 'Name' => 'Virtuelle Home Organisation', + 'Keywords','Zürich Schweiz', + ), 'fr' => array ('Name' => 'Home Organisation Virtuelle'), 'it' => array ('Name' => 'Virtuale Home Organisation'), 'IP' => array ('130.59.6.0/16','127.0.0.0/24'), - 'Location' => array ('Zurich','Switzerland'), 'SSO' => 'https://aai.vho-switchaai.ch/shibboleth-idp/SSO', ); diff --git a/config.dist.php b/config.dist.php index e8f5e15a0949d50f7aa51b19ee5e8e9eefabeb18..4f2700584797ccc8084dc3927f48227f8fe169fd 100755 --- a/config.dist.php +++ b/config.dist.php @@ -57,37 +57,36 @@ $userImprovedDropDownList = true; // metadata file defined below in $metadataFile $useSAML2Metadata = true; -// If ture parsed metadata shall have precedence if there are entries defined -// in metadata as well as the local IDProviders configuration file. -// Only relevant if $useSAML2Metadata is true -$SAML2MetaOverLocalConf = false; - -// If includeLocalConfEntries parameter is set to true, Identity Providers -// not listed in metadata but defined in the local IDProviders file will also -// be displayed in the drop down list. This is required if you need to add -// local exceptions over the federation metadata -// Only relevant if $useSAML2Metadata is true -$includeLocalConfEntries = true; - -// Whether the return parameter is checked against SAML2 metadata or not -// The Discovery Service specification says the DS SHOULD check this in order -// to mitigate phising problems. -// You must have $useSAML2Metadata = true in order to activate this check. -// The return parameter will only be checked if the Service Provider's metadata -// contains an or if the assertion consumer url -// check below is enabled -$enableDSReturnParamCheck = true; - -// If true, the return parameter is checked for Service Providers that -// don't have and extension set. Instead of this -// extension, the hostnames of the assertion consumer URLs are used to check -// the return parameter against. -// This feature is useful in case the Service Provider's metadata doesn't contain -// a extension. It increases security for Service -// Provider's that don't have an extensions. -// This feature only is active if $enableDSReturnParamCheck = true -// and if $useSAML2Metadata = true -$useACURLsForReturnParamCheck = false; + // If true parsed metadata shall have precedence if there are entries defined + // in metadata as well as the local IDProviders configuration file. + // Requires $useSAML2Metadata to be true + $SAML2MetaOverLocalConf = false; + + // If includeLocalConfEntries parameter is set to true, Identity Providers + // not listed in metadata but defined in the local IDProviders file will also + // be displayed in the drop down list. This is required if you need to add + // local exceptions over the federation metadata + // Requires $useSAML2Metadata to be true + $includeLocalConfEntries = true; + + // Whether the return parameter is checked against SAML2 metadata or not + // The Discovery Service specification says the DS SHOULD check this in order + // to mitigate phising problems. + // The return parameter will only be checked if the Service Provider's metadata + // contains an or if the assertion consumer url + // check below is enabled + // Requires $useSAML2Metadata to be true + $enableDSReturnParamCheck = true; + + // If true, the return parameter is checked for Service Providers that + // don't have and extension set. Instead of this + // extension, the hostnames of the assertion consumer URLs are used to check + // the return parameter against. + // This feature is useful in case the Service Provider's metadata doesn't contain + // a extension. It increases security for Service + // Provider's that don't have an extensions. + // Requires $useSAML2Metadata and $enableDSReturnParamCheck to be true + $useACURLsForReturnParamCheck = false; // Whether to turn on Kerberos support for Identity Provider preselection $useKerberos = false; @@ -105,21 +104,22 @@ $useReverseDNSLookup = false; // Therefore, only enable this feature if you know what you are doing! $useEmbeddedWAYF = false; -// If enabled the Embedded WAYF will prevent releasing information -// about the user's preselected Identity Provider -// While this is benefical to the data protection of the user, it will also -// prevent preselecting the user's Identity Provider. Thus, users will have -// to preselect their IdP each and every time -$useEmbeddedWAYFPrivacyProtection = false; - -// If enabled, the referer hostname of the request must match tan assertion -// consumer URL or a discovery URL of a Service Provider in $metadataSPFile -// in order to let the Embedded WAYF preselect an Identity Provider. -// Therefore, this option is a good compromise between data protection and -// userfriendlyness. -// This option can only be used if $useEmbeddedWAYFPrivacyProtection is false -// and $useSAML2Metadata is true -$useEmbeddedWAYFRefererForPrivacyProtection = false; + // If enabled the Embedded WAYF will prevent releasing information + // about the user's preselected Identity Provider + // While this is benefical to the data protection of the user, it will also + // prevent preselecting the user's Identity Provider. Thus, users will have + // to preselect their IdP each and every time + // Requires $useEmbeddedWAYF to be true + $useEmbeddedWAYFPrivacyProtection = false; + + // If enabled, the referer hostname of the request must match tan assertion + // consumer URL or a discovery URL of a Service Provider in $metadataSPFile + // in order to let the Embedded WAYF preselect an Identity Provider. + // Therefore, this option is a good compromise between data protection and + // userfriendlyness. + // Requires $useSAML2Metadata to be true and $useEmbeddedWAYFPrivacyProtection + // to be false + $useEmbeddedWAYFRefererForPrivacyProtection = false; // Whether or not to add the entityID of the preselected IdP to the // exported JSON/Text/PHP Code diff --git a/functions.php b/functions.php index 8f8d27dfcfba320fb07df18a4377dfff811c9c58..9d5f96c539bb2037acf2699be465e5911f38f89c 100644 --- a/functions.php +++ b/functions.php @@ -472,8 +472,8 @@ function composeOptionTitle($IdPValues){ foreach($IdPValues as $key => $value){ if (is_array($value) && isset($value['Name'])){ $title .= ' '.$value['Name']; - } elseif ($key == 'Location' && is_array($value)) { - $title .= ' '.implode(' ', $value); + } elseif (is_array($value) && isset($value['Keywords'])) { + $title .= ' '.$value['Keywords']; } }