Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
S
SWITCHwayf
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Service Desk
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Operations
Operations
Incidents
Environments
Packages & Registries
Packages & Registries
Container Registry
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Guillaume Rousse
SWITCHwayf
Commits
fa6788e0
Commit
fa6788e0
authored
Dec 19, 2011
by
haemmer
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Renamed Location property to Keywords property
parent
9527f9f4
Changes
5
Show whitespace changes
Inline
Side-by-side
Showing
5 changed files
with
66 additions
and
58 deletions
+66
-58
CHANGES
CHANGES
+2
-2
DOC
DOC
+7
-5
IDProvider.conf.dist.php
IDProvider.conf.dist.php
+9
-3
config.dist.php
config.dist.php
+46
-46
functions.php
functions.php
+2
-2
No files found.
CHANGES
View file @
fa6788e0
...
...
@@ -38,8 +38,8 @@ SWITCHwayf Changes and Version History:
Code contributed by Takeshi Nishimura from NII (Japan)
- If the Discovery Feed feature is activated only those IdPs are shown
that are contained in the feed. Others will be hidden automatically.
- Added
Location
property to format of IDP entries to allow users to
search Identity Providers using a
geographical hint
.
- Added
Keywords
property to format of IDP entries to allow users to
search Identity Providers using a
keyword
.
1.15 Release date: 21. October 2011
- A default and custom CSS file can now be used
...
...
DOC
View file @
fa6788e0
...
...
@@ -261,15 +261,17 @@ the entry stands for an Identity Provider. For entries of Type category, the
words that are not allowed to be assigned to
entries for Identity Providers.
['Name']: Mandatory Default name to display in drop-down list
['en'|'it'|'fr'|'de'|'pt']['Name']:
Optional Display name in other languages
['en'|'it'|'fr'|'de'|...] Language dependent:
['Name']: Optional Display name
['Keywords']: Optional Keywords associated with the Identity Provider.
Used for search-as-you-type feature of improved
drop-down list. Space delimited.
['SSO']: Mandatory Should be the SAML1 SSO endpoint of the IdP
['Realm']: Optional Kerberos Realm
['IP'][]: Optional IP ranges of that organizations that can be used to
guess a user's Identity Provider
['Location'][]: Optional Geographical places associated with the
Identity Provider. Used for search-as-you-type
feature of improved drop-down list.
['Index']: Optional An alphanumerical value that is used for sorting
categories and Identity Provider in ascending order
if the Identity Providers are parsed from metadata.
...
...
IDProvider.conf.dist.php
View file @
fa6788e0
...
...
@@ -25,7 +25,7 @@ $IDProviders['bristol.ac.uk'] = array (
'Name'
=>
'University of Bristol'
,
'SSO'
=>
'https://sso.bris.ac.uk/sso/index.jsp'
,
'Realm'
=>
'ADS.BRIS.AC.UK'
,
'
Location'
=>
array
(
'Bristol'
,
'South West England'
,
'
England'
),
'
en'
=>
array
(
'Keywords'
=>
'Bristol South+West+
England'
),
);
// Example with optional network blocks that can be used as an
...
...
@@ -48,11 +48,17 @@ $IDProviders['vho'] = array (
$IDProviders
[
'urn:mace:switch.ch:SWITCHaai:vho-switchaai.ch'
]
=
array
(
'Type'
=>
'vho'
,
'Name'
=>
'Virtual Home Organisation'
,
'de'
=>
array
(
'Name'
=>
'Virtuelle Home Organisation'
),
'en'
=>
array
(
'Name'
=>
'Virtual Home Organisation'
,
'Keywords'
,
'Zurich Switzerland'
,
),
'de'
=>
array
(
'Name'
=>
'Virtuelle Home Organisation'
,
'Keywords'
,
'Zrich Schweiz'
,
),
'fr'
=>
array
(
'Name'
=>
'Home Organisation Virtuelle'
),
'it'
=>
array
(
'Name'
=>
'Virtuale Home Organisation'
),
'IP'
=>
array
(
'130.59.6.0/16'
,
'127.0.0.0/24'
),
'Location'
=>
array
(
'Zurich'
,
'Switzerland'
),
'SSO'
=>
'https://aai.vho-switchaai.ch/shibboleth-idp/SSO'
,
);
...
...
config.dist.php
View file @
fa6788e0
...
...
@@ -57,37 +57,36 @@ $userImprovedDropDownList = true;
// metadata file defined below in $metadataFile
$useSAML2Metadata
=
true
;
// If ture parsed metadata shall have precedence if there are entries defined
// in metadata as well as the local IDProviders configuration file.
// Only relevant if $useSAML2Metadata is true
$SAML2MetaOverLocalConf
=
false
;
// If includeLocalConfEntries parameter is set to true, Identity Providers
// not listed in metadata but defined in the local IDProviders file will also
// be displayed in the drop down list. This is required if you need to add
// local exceptions over the federation metadata
// Only relevant if $useSAML2Metadata is true
$includeLocalConfEntries
=
true
;
// Whether the return parameter is checked against SAML2 metadata or not
// The Discovery Service specification says the DS SHOULD check this in order
// to mitigate phising problems.
// You must have $useSAML2Metadata = true in order to activate this check.
// The return parameter will only be checked if the Service Provider's metadata
// contains an <idpdisc:DiscoveryResponse> or if the assertion consumer url
// check below is enabled
$enableDSReturnParamCheck
=
true
;
// If true, the return parameter is checked for Service Providers that
// don't have and <idpdisc:DiscoveryResponse> extension set. Instead of this
// extension, the hostnames of the assertion consumer URLs are used to check
// the return parameter against.
// This feature is useful in case the Service Provider's metadata doesn't contain
// a <idpdisc:DiscoveryResponse> extension. It increases security for Service
// Provider's that don't have an <idpdisc:DiscoveryResponse> extensions.
// This feature only is active if $enableDSReturnParamCheck = true
// and if $useSAML2Metadata = true
$useACURLsForReturnParamCheck
=
false
;
// If true parsed metadata shall have precedence if there are entries defined
// in metadata as well as the local IDProviders configuration file.
// Requires $useSAML2Metadata to be true
$SAML2MetaOverLocalConf
=
false
;
// If includeLocalConfEntries parameter is set to true, Identity Providers
// not listed in metadata but defined in the local IDProviders file will also
// be displayed in the drop down list. This is required if you need to add
// local exceptions over the federation metadata
// Requires $useSAML2Metadata to be true
$includeLocalConfEntries
=
true
;
// Whether the return parameter is checked against SAML2 metadata or not
// The Discovery Service specification says the DS SHOULD check this in order
// to mitigate phising problems.
// The return parameter will only be checked if the Service Provider's metadata
// contains an <idpdisc:DiscoveryResponse> or if the assertion consumer url
// check below is enabled
// Requires $useSAML2Metadata to be true
$enableDSReturnParamCheck
=
true
;
// If true, the return parameter is checked for Service Providers that
// don't have and <idpdisc:DiscoveryResponse> extension set. Instead of this
// extension, the hostnames of the assertion consumer URLs are used to check
// the return parameter against.
// This feature is useful in case the Service Provider's metadata doesn't contain
// a <idpdisc:DiscoveryResponse> extension. It increases security for Service
// Provider's that don't have an <idpdisc:DiscoveryResponse> extensions.
// Requires $useSAML2Metadata and $enableDSReturnParamCheck to be true
$useACURLsForReturnParamCheck
=
false
;
// Whether to turn on Kerberos support for Identity Provider preselection
$useKerberos
=
false
;
...
...
@@ -105,21 +104,22 @@ $useReverseDNSLookup = false;
// Therefore, only enable this feature if you know what you are doing!
$useEmbeddedWAYF
=
false
;
// If enabled the Embedded WAYF will prevent releasing information
// about the user's preselected Identity Provider
// While this is benefical to the data protection of the user, it will also
// prevent preselecting the user's Identity Provider. Thus, users will have
// to preselect their IdP each and every time
$useEmbeddedWAYFPrivacyProtection
=
false
;
// If enabled, the referer hostname of the request must match tan assertion
// consumer URL or a discovery URL of a Service Provider in $metadataSPFile
// in order to let the Embedded WAYF preselect an Identity Provider.
// Therefore, this option is a good compromise between data protection and
// userfriendlyness.
// This option can only be used if $useEmbeddedWAYFPrivacyProtection is false
// and $useSAML2Metadata is true
$useEmbeddedWAYFRefererForPrivacyProtection
=
false
;
// If enabled the Embedded WAYF will prevent releasing information
// about the user's preselected Identity Provider
// While this is benefical to the data protection of the user, it will also
// prevent preselecting the user's Identity Provider. Thus, users will have
// to preselect their IdP each and every time
// Requires $useEmbeddedWAYF to be true
$useEmbeddedWAYFPrivacyProtection
=
false
;
// If enabled, the referer hostname of the request must match tan assertion
// consumer URL or a discovery URL of a Service Provider in $metadataSPFile
// in order to let the Embedded WAYF preselect an Identity Provider.
// Therefore, this option is a good compromise between data protection and
// userfriendlyness.
// Requires $useSAML2Metadata to be true and $useEmbeddedWAYFPrivacyProtection
// to be false
$useEmbeddedWAYFRefererForPrivacyProtection
=
false
;
// Whether or not to add the entityID of the preselected IdP to the
// exported JSON/Text/PHP Code
...
...
functions.php
View file @
fa6788e0
...
...
@@ -472,8 +472,8 @@ function composeOptionTitle($IdPValues){
foreach
(
$IdPValues
as
$key
=>
$value
){
if
(
is_array
(
$value
)
&&
isset
(
$value
[
'Name'
])){
$title
.
=
' '
.
$value
[
'Name'
];
}
elseif
(
$key
==
'Location'
&&
is_array
(
$value
))
{
$title
.
=
' '
.
implode
(
' '
,
$value
)
;
}
elseif
(
is_array
(
$value
)
&&
isset
(
$value
[
'Keywords'
]
))
{
$title
.
=
' '
.
$value
[
'Keywords'
]
;
}
}
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment