Commit f00b8587 authored by haemmer's avatar haemmer

Moved from internal to external SVN

parents
<?php
// WAYF Identity Provider Configuration file
// In the following you see some example entries of Identity Providers and
// cascaded WAYFs
// The keys of $IDProviders must correspond to the entityId of the
// Identity Providers or a unique value in case of a cascaded WAYF/DS or
// a category
// The sequence of IdPs and SPs play a role. No sorting is done.
// A general entry for an IdP can consist of the form:
// Type: [Optional] Some type that is used for the embedded wayf to hide
// or show certain categories. Default type will
// be 'unknown' if not specified.
// Name: [Mandatory] Default name to display in drop-down list
// [en|it|fr||de|pt][Name]: [Optional] Display name in other languages
// SSO: [Mandatory] Should be the SAML1 SSO endpoint of the IdP
// Realm: [Optional] Kerberos Realm
// IP[]: [Optional] IP ranges of that organizations that can be used to guess
// a user's Identity Provider
// An entry for another WAYF that the user shall be redirected to should have:
// Type: 'wayf'
// A category entry can be used to group multiple IdP entries into a optgroup
// The category entries should look like:
// Name: [Mandatory] Default name to display in drop-down list
// [en|it|fr||de|pt][Name]: [Optional] Display name in other languages
// Type: 'category' Category type
// As stated above, the sequence of entries is important. So, one is completely
// flexible when it comes to ordering the category and IdP entries.
//
// Category
$IDProviders['university'] = array (
'Type' => 'category',
'Name' => 'Universities',
);
// Example of a Kerberos-enabled Identity Provider
$IDProviders['bristol.ac.uk'] = array (
'Type' => 'university',
'Name' => 'University of Bristol',
'SSO' => 'https://sso.bris.ac.uk/sso/index.jsp',
'Realm' => 'ADS.BRIS.AC.UK',
);
// Example with optional network blocks that can be used as an
// additional IdP preselection hint
$IDProviders['aitta.funet.fi'] = array (
'Type' => 'university',
'Name' => 'Tampere University of Technology',
'SSO' => 'https://idp.tut.fi/shibboleth-idp/SSO',
'IP' => array ('193.166.2.0/24','130.233.0.0/16'),
);
// Category
$IDProviders['vho'] = array (
'Type' => 'category',
'Name' => 'Virtual Home Organization',
);
// An example of a configuration with multiple network blocks and multiple languages
$IDProviders['urn:mace:switch.ch:SWITCHaai:vho-switchaai.ch'] = array (
'Type' => 'vho',
'Name' => 'Virtual Home Organisation',
'de' => array ('Name' => 'Virtuelle Home Organisation'),
'fr' => array ('Name' => 'Home Organisation Virtuelle'),
'it' => array ('Name' => 'Virtuale Home Organisation'),
'IP' => array ('130.59.6.0/16','127.0.0.0/24'),
'SSO' => 'https://aai.vho-switchaai.ch/shibboleth-idp/SSO',
);
// Example of a WAYF entry that would redirect the user to this cascaded WAYF
// For SAML2 authentication requests, you must set the type to 'wayf' so that
// The user is not returned back to the Service Provider but forwarded to this
// additional Discovery Service
$IDProviders['urn:mace:switch.ch:SWITCHaai:edugain.net'] = array (
'SSO' => 'https://maclh.switch.ch/ShiBE-R/ShiBEWebSSORequester',
'Name' => 'Login via eduGAIN (testing)',
'Type' => 'wayf',
);
$IDProviders['urn:geant:edugain:component:be:switch:development.switch.ch'] = array (
'Type' => 'other',
'Name' => 'Login via eduGAIN (development)',
'SSO' => 'https://maclh.switch.ch/ShiBE-H/WebSSORequestListener',
);
// Example of an IDP you want not to be displayed when IDPs are parsed from
// a metadata file and SAML2MetaOverLocalConf is set to false
//$IDProviders['urn:mace:switch.ch:SWITCHaai:invisibleidp'] = '-';
// Category
$IDProviders['other'] = array (
'Type' => 'category',
'Name' => 'Others',
'de' => array ('Name' => 'Andere'),
'fr' => array ('Name' => 'Autres'),
'it' => array ('Name' => 'Altri'),
);
// Standard example with a Type that could be used to hide certain
// Identity Providers in the list of an embedded WAYF according to their type
$IDProviders['https://toba.switch.ch/idp/shibboleth'] = array(
'Type' => 'other',
'Name' => 'SWITCH - Serving Swiss Universities',
'SSO' => 'https://toba.switch.ch/idp/profile/Shibboleth/SSO',
);
?>
Copyright (c) 2010, SWITCH - Serving Swiss Universities
All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are
met:
* Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
* Neither the name of SWITCH nor the names of its contributors may
be used to endorse or promote products derived from this software
without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER
OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
This diff is collapsed.
This diff is collapsed.
<?php
//******************************************************************************
// This file contains the WAYF/DS configuration. Adapt the settings to reflect
// your environment and then do some testing before deploying the WAYF.
//******************************************************************************
// Language settings
//******************
$defaultLanguage = 'en';
// Cookie settings
//****************
// Domain within the WAYF cookei shall be readable. Must start with a .
$commonDomain = '.switch.ch';
// Optionnal cookie name prefix in case you run several
// instances of the WAYF in the same domain.
// Example: $cookieNamePrefix = '_mywayf';
$cookieNamePrefix = '';
// Names of the cookies where to store the settings to temporarily
// redirect users transparently to their last selected IdP
$redirectCookieName = $cookieNamePrefix.'_redirect_user_idp';
$redirectStateCookieName = $cookieNamePrefix.'_redirection_state';
// Stores last selected IdPs
// This value shouldn't be changed because _saml_idp is the officilly
// defined name in the SAML specification
$SAMLDomainCookieName = $cookieNamePrefix.'_saml_idp';
// Stores last selected SP
// This value can be choosen as you like because it is something specific
// to this WAYF implementation. It can be used to display help/contact
// information on a page in the same domain as $commonDomain by accessing
// the federation metadata and parsing out the contact information of the
// selected IdP and SP using $SAMLDomainCookieName and $SPCookieName
$SPCookieName = $cookieNamePrefix.'_saml_sp';
// Enabled/Disabled Features
//**************************
// Whether to show the checkbox to permanently remember a setting
$showPermanentSetting = false;
// Set to true in order to enable dynamic generation of the IdP list displayed
$useSAML2Metadata = false;
// Parsed metadata shall have precedence
// when conflicts between SAML2 metadata and local IDProvider.conf are detected.
$SAML2MetaOverLocalConf = false;
// If includeLocalConfEntries parameter is set to true, mergeInfo() will also consider IDPs
// not listed in metadataIDProviders but defined in IDProviders file
// This is required if you need to add local exceptions over the federation metadata
$includeLocalConfEntries = true;
// Whether to turn on Kerberos support for IdP preselection
$useKerberos = false;
// If true, the users IP is used for a reverse DNS lookup whose
// resulting domain name then is matched with the URN values of the IdPs
$useReverseDNSLookup = false;
// Whether the JavaScript for embedding the WAYF
// on a remote site shall be generated or not
$useEmbeddedWAYF = true;
// Whether to enable logging of WAYF/DS requests
// If turned on make sure to also configure $WAYFLogFile
$useLogging = true;
// Whether or not to add the entityID of the preselected IdP to the
// exported JSON/Text/PHP Code
// You have to be aware that if this value is set to true, any web page
// in the world can easily find out with a high probability from which
// organization a user is from. This could be misused for various kinds of
// things and even for phishing attacks. Therefore, only enable this feature
// if you know what you are doing!
$exportPreselectedIdP = false;
// Look&feel settings
//*******************
// Name of the federation
$federationName = 'SWITCHaai Federation';
// URL to send user to when clicking on federation logo
$federationURL = 'http://www.switch.ch/aai/';
// Use an absolute URL in case you want to use the embedded WAYF
$imageURL = 'https://'.$_SERVER['SERVER_NAME'].'/SWITCHaai/images';
// URL to the logo that shall be displayed
$logoURL = $imageURL.'/switch-aai-transparent.png';
// URL to the small logo that shall be displayed in the embedded WAYF if dimensions are small
$smallLogoURL = $imageURL.'/switch-aai-transparent-small.png';
// Involved files settings
//************************
// Set both config files to the same value if you don't want to use the
// the WAYF to read a (potential) automatically generated file that undergoes
// some plausability checks before being used
$IDPConfigFile = 'IDProvider.conf.php'; // Config file
$backupIDPConfigFile = 'IDProvider.conf.php'; // Backup config file
// Use $metadataFile as source federation's metadata.
$metadataFile = '/etc/shibboleth/metadata.switchaai.xml';
// File to store the parsed IdP list in if the metadataFile modification time
// is more recent than the metadataIDPFile's
// The user running the script must have permission to create $metadataIdpFile
$metadataIDPFile = 'IDProvider.metadata.conf.php';
// A Kerboros-protected soft link back to this script!
$kerberosRedirectURL = '/SWITCHaai/kerberosRedirect.php';
// Where to log the access
// Make sure the web server user has write access to this file!
$WAYFLogFile = '/var/log/apache2/wayf.log';
// Development mode settings
//**************************
// If the development mode is activated, PHP errors and warnings will be displayed
$developmentMode = true;
?>
<!-- Identity Provider Selection: Start-->
<h1><?php echo getLocalString('header'); ?></h1>
<p class="switchaai">
<?php echo $promptMessage ?>
</p>
<form id="IdPList" name="IdPList" method="post" onSubmit="return checkForm()" action="<?php echo $actionURL ?>">
<p>
<select name="user_idp">
<option value="-" <?php echo $defaultSelected ?>><?php echo getLocalString('select_idp') ?> ...</option>
<?php printDropDownList($IDProviders, $selectedIDP) ?>
</select>
<input type="submit" name="Select" accesskey="s" tabindex="10" value="<?php echo getLocalString('select_button') ?>" >
</p>
<p>
<input tabindex="8" type="checkbox" <?php $rememberSelectionChecked ?> name="session" value="true">
<span class="warning"><?php echo getLocalString('remember_selection') ?></span><br>
<?if ($showPermanentSetting) : ?>
<!-- Value permanent must be a number which is equivalent to the days the cookie shall be valid -->
<input type="checkbox" tabindex="9" name="permanent" value="100">
<span class="warning"><?php echo getLocalString('permanently_remember_selection') ?></span>
<?php endif ?>
</p>
</form>
<table border="0" cellpadding="1" cellspacing="0">
<tr>
<td valign="top" width="14"><img src="<?php echo $imageURL; ?>/arrow-12.gif" alt="arrow"></td>
<td valign="top"><p class="switchaai"><?php echo getLocalString('switch_description') ?></p></td>
</tr>
</table>
<!-- Identity Provider Selection: End-->
<!-- EMBEDDED-WAYF-START -->
<script type="text/javascript"><!--
// To use this JavaScript, please access:
// https://<?php echo $host ?><?php echo $path ?>/embedded-wayf.js/snippet.html
// and copy/paste the resulting HTML snippet to an unprotected web page that
// you want the embedded WAYF to be displayed
//////////////////// ESSENTIAL SETTINGS ////////////////////
// URL of the WAYF to use
// Examples: "https://wayf.switch.ch/SWITCHaai/WAYF", "https://wayf-test.switch.ch/aaitest/WAYF";
// [Mandatory]
var wayf_URL = "https://<?php echo $host ?><?php echo $path ?>";
// EntityID of the Service Provider that protects this Resource
// Examples: "https://econf.switch.ch/shibboleth", "https://dokeos.unige.ch/shibboleth"
// [Mandatory]
var wayf_sp_entityID = "https://my-app.switch.ch/shibboleth";
// Session Initiator URL of the Service Provider
// Examples: "https://econf.switch.ch/Shibboleth.sso/DS", "https://dokeos.unige.ch/Shibboleth.sso/DS"
// [Mandatory, if wayf_use_discovery_service = false]
var wayf_sp_handlerURL = "https://my-app.switch.ch/Shibboleth.sso";
// URL on this resource that the user shall be returned to after authentication
// Examples: "https://econf.switch.ch/aai/home", "https://olat.uzh.ch/my/courses"
// [Mandatory]
var wayf_return_url = "https://my-app.switch.ch/aai/index.php?page=show_welcome";
//////////////////// RECOMMENDED SETTINGS ////////////////////
// Width of the embedded WAYF in pixels or "auto"
// [Optional, default: "auto"]
var wayf_width = 200;
// Height of the embedded WAYF in pixels or "auto"
// [Optional, default: "auto"]
var wayf_height = "auto";
// Whether to show the checkbox to remember settings for this session
// [Optional, default: true]
var wayf_show_remember_checkbox = true;
// Logo size
// [Optional, default: true]
var wayf_use_small_logo = true;
// Font size
// [Optional, default: 12]
var wayf_font_size = 12;
// Font color
// [Optional, default: #000000]
var wayf_font_color = '#000000';
// Border color
// [Optional, default: #00247D]
var wayf_border_color = '#00247D';
// Background color
// [Optional, default: #F4F7F7]
var wayf_background_color = '#F4F7F7';
// Whether to automatically log in user if he has a session/permanent redirect
// cookie set at central wayf
// [Optional, default: true]
var wayf_auto_login = true;
// Whether to hide the WAYF after the user was logged in
// This requires that the _shib_session_* cookie is set when a user
// could be authenticated, which is the default case when Shibboleth is used.
// For other Service Provider implementations have a look at the setting
// wayf_check_login_state_function that allows you to customize this
// [Optional, default: true]
var wayf_hide_after_login = true;
// Whether or not to show the categories in the drop-down list
// Possible values are: true or false
// [Optional, default: true]
var wayf_show_categories = true;
// Favourite Identity Providers will be shown as top category in the drop down
// list if this feature is used.
// [Optional, commented out by default]
// var wayf_favourite_idps = new Array("urn:mace:switch.ch:SWITCHaai:unibas.ch", "https://aai.unil.ch/idp/shibboleth");
// Categories of Identity Provider that shall not be shown
// Possible values are: <?php echo $types ?>, "all"
// [Optional, commented out by default]
// var wayf_hide_categories = new Array();
// Example of how to hide categories
// var wayf_hide_categories = new Array("other", "library");
// EntityIDs of Identity Provider whose category is hidden but that shall be shown anyway
// If this array is not empty, wayf_show_categories will be disabled because
// otherwise, unhidden IdPs may be displayed in the wrong category
// Example of how to unhide certain Identity Providers
// var wayf_unhide_idps = new Array("urn:mace:switch.ch:aaitest:dukono.switch.ch");
// [Optional, commented out by default]
// var wayf_unhide_idps = new Array();
// EntityIDs of Identity Provider that shall not be shown at all
// Example of how to hide certain Identity Provider
// var wayf_hide_idps = new Array("urn:mace:switch.ch:aaitest:blupblup.switch.ch", "https://lewotolo.switch.ch/idp/shibboleth");
// [Optional, commented out by default]
// var wayf_hide_idps = new Array();
//////////////////// ADVANCED SETTINGS ////////////////////
// Whether or not the new SAML2/Shibboleth 2 flow shall be used that
// sends the user from the discovery service back to the the Service Provider
// Set this to true if you are using a Shibboleth Service Provider 2.x
// [Optional, default: true]
var wayf_use_discovery_service = true
// Session Initiator URL of the Service Provider
// Examples: "https://econf.switch.ch/Shibboleth.sso/DS", "https://dokeos.unige.ch/Shibboleth.sso/DS"
// This will implicitely be set to wayf_sp_samlDSURL = wayf_sp_handlerURL + "/DS";
// [Optional, if wayf_use_discovery_service = true
// or if wayf_additional_idps is not empty, default: commented out]
// var wayf_sp_samlDSURL = wayf_sp_handlerURL + "/Login";
// Default IdP to preselect when central WAYF couldn't guess IdP either
// This is usually the case the first time ever a user accesses a resource
// [Optional, default: commented out]
// var wayf_default_idp = "https://aai.switch.ch/idp/shibboleth";
// Set a custom Assertion Consumer URL instead of
// the default wayf_sp_handlerURL + '/SAML/POST'
// Only relevant if wayf_use_discovery_service is false
// Examples: "https://olat.uzh.ch/shib/samlaa",
// This will implicitely be set to wayf_sp_samlACURL = wayf_sp_handlerURL + "/SAML/POST";
// "https://foodle.feide.no/simplesaml/shib13/sp/AssertionConsumerService.php"
// [Optional, commented out by default]
// var wayf_sp_samlACURL = "https://maclh.switch.ch/foo/bar";
// Overwites the text of the checkbox if
// wayf_show_remember_checkbox is set to true
// [Optional, commented out by default]
// var wayf_overwrite_checkbox_label_text = 'Save setting for today';
// Overwrites the text of the submit button
// [Optional, commented out by default]
// var wayf_overwrite_submit_button_text = 'Go';
// Overwrites the intro text above the drop-down list
// [Optional, commented out by default]
// var wayf_overwrite_intro_text = 'Select your Home Organisation to log in';
// Whether to hide the WAYF after the user was logged in
// This requires that the _shib_session_* cookie is set when a user
// could be authenticated
// If you want to hide the embedded WAYF completely, uncomment
// the property and set it to "". This then won't draw anything
// [Optional, default commented out: You are already logged in]
// var wayf_logged_in_messsage = "";
// Provide the name of a JavaScript function that checks whether the user
// already is logged in. The function should return true if the user is logged
// in or false otherwise. If the user is logged in, the Embedded WAYF will
// hide itself or draw a custom message depending on the
// setting wayf_logged_in_messsage
// The function you specify has of course to be implemented by yourself!
// [Optional, commented out by default]
// var wayf_check_login_state_function = function() {
// if (# specify user-is-logged-in condition#)
// return true;
// else
// return false;
// }
// EntityIDs, Names and SSO URLs of Identity Providers from other federations
// that shall be added to the drop-down list
// The IdPs will be displayed in the sequence they are defined
// [Optional, commented out by default]
// var wayf_additional_idps = [ ];
// Example of how to add Identity Provider from other federations
// var wayf_additional_idps = [
//
// {name:"International University X",
// entityID:"urn:mace:switch.ch:SWITCHaai:internation.university.org",
// SAML1SSOurl:"https://int.univ.org/shibboleth-idp/SSO"},
//
// {name:"Some Other University",
// entityID:"https://other.univ.edu/idp/shibboleth",
// SAML1SSOurl:"https://other.univ.edu/shibboleth-idp/SSO"},
// ];
//////////////////// ADDITIONAL CSS CUSTOMIZATIONS ////////////////////
// To further customize the appearance of the Embedded WAYF you could
// define CSS rules for the following CSS IDs that are used within the
// Embedded WAYF:
// #wayf_div - Container for complete Embedded WAYF
// #wayf_logo_div - Container for logo
// #wayf_logo - Image for logo
// #wayf_intro_div - Container of drop-down list intro label
// #wayf_intro_label - Label of intro text
// #IdPList - The form element
// #user_idp - Select element for drop-down list
// #wayf_remember_checkbox_div - Container of checkbox and its label
// #wayf_remember_checkbox - Checkbox for remembering settings for session
// #wayf_remember_checkbox_label - Text of checkbox
// #wayf_submit_button - Submit button
//
// Use these CSS IDs carefully and at own risk because future updates could
// interfere with the rules you created and the IDs may change without notice!
//-->
</script>
<script type="text/javascript" src="https://<?php echo $host ?><?php echo $path ?>/embedded-wayf.js"></script>
<noscript>
<!--
Fallback to Shibboleth DS session initiator for non-JavaScript users
You should set the value of the target GET parameter to an URL-encoded
absolute URL that points to a Shibboleth protected web page where the user
is logged in into your application.
-->
<p>
<strong>Login:</strong> Javascript is not available for your web browser. Therefore, please <a href="/Shibboleth.sso/DS?target=">proceed manually</a>.
</p>
</noscript>
<!-- EMBEDDED-WAYF-END -->
<!-- Error Message: Start-->
<h2><?php echo getLocalString('invalid_query') ?></h2>
<p>
<?php echo $message ?>
</p>
<p>
<?php echo getLocalString('contact_assistance') ?>
</p>
<!-- Error Message: End-->
<!-- Body: End -->
</td>
</tr>
</table>
</td>
</tr>
</table>
</body>
</html>
\ No newline at end of file
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title><?php echo getLocalString('title') ?></title>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
<style type="text/css">
<!--
body
{
color: #000000;
background-color: #EFF1F1;
font-family: Verdana, Arial, Helvetica, sans-serif;
font-size: 12px;
}
a
{
color: #203781;
font-family: Verdana, Arial, Helvetica, sans-serif;
font-size: 12px;
}
a:hover
{
color: #203781;
text-decoration: underline;
}
h2.switchaai
{
font-family: Verdana, Arial, Helvetica, sans-serif;
color: #000000;
font-size: 17px;
}
h1
{
font-family: Verdana, Arial, Helvetica, sans-serif;
color: #000000;
font-size: 18px;
}
p
{
color: #000000;
font-family: Verdana, Arial, Helvetica, sans-serif;
line-height: 1.2;
font-size: 12px;
}
b
{
color: #000000;
font-family: Verdana, Arial, Helvetica, sans-serif;
line-height: 1.2;
font-size: 12px;
font-weight: bold;
}
tt
{
line-height: 1.2;
font-weight: bold;
}
span.switchaai
{
line-height: 30px;
}
input.switchaai
{
border-width: 1px;
border-style: solid;
border-color: #888888;
}
a.switchaai
{
font-family: Verdana, Arial, Helvetica, sans-serif;
color: #000000;
font-size: 12px;
}
.outer-box
{
margin-left:auto; margin-right:auto;
border-style: solid;
border-color: #00247D;
border-width: 1px;
padding: 10px;
text-align: left;
background-color: white;
}
.selectedIdP
{
font-family: Verdana, Arial, Helvetica, sans-serif;
color: #000000;
font-size: 12px;
background-color: white;
border-color: #203781;
border-style: solid;
margin: 2px;
border-width: 1px;
width: 400px;
height: 25px;
text-align: center;
line-height: 25px;
}
.fullheight
{
height: 100%;
min-height: 100%;
}
.inner-box
{
border-width: 1px;
border-color: #203781;
background-color: #979CE3;
border-style: solid;
padding: 3px;
}
-->
</style>
</head>
<body bgcolor="#ffffff" onLoad="if (document.IdPList && document.IdPList.Select) document.IdPList.Select.focus()">
<script language="JavaScript" type="text/javascript">
<!--
function showConfirmation(){
return confirm(unescape('<?php echo getLocalString('confirm_permanent_selection', 'js') ?>'));
}
function checkForm(){
if(document.IdPList.user_idp && document.IdPList.user_idp.selectedIndex == 0){
alert(unescape('<?php echo getLocalString('make_selection', 'js') ?>'));
return false;
} else {
if (document.IdPList.permanent && document.IdPList.permanent.checked){
return showConfirmation();
} else {
return true;
}
}
}
-->
</script>
<table border="0" cellpadding="0" cellspacing="0" style="width:100%; height:100%">
<tr>
<td align="center" valign="middle">
<table border="0" cellpadding="0" cellspacing="0" width="600" class="outer-box">
<tr>
<td class="switchaai">
<a href="http://www.switch.ch/aai/" target="_blank"><img src="<?php echo $logoURL ?>" border="0" class="switchaai" alt="Federation Logo"></a>
<br>
<a href="http://www.switch.ch/<?php echo $language ?>/aai/about/" class="switchaai-link"><?php echo getLocalString('about_aai'); ?></a>&nbsp;:&nbsp;<a href="http://www.switch.ch/<?php echo $language ?>/about/" class="switchaai-link"><?php echo getLocalString('about_switch'); ?></a>&nbsp;:&nbsp;<a href="http://www.switch.ch/<?php echo $language ?>/aai/faq/" class="switchaai-link"><?php echo getLocalString('faq') ?></a>&nbsp;:&nbsp;<a href="http://www.switch.ch/<?php echo $language ?>/aai/help/" class="switchaai-link"><?php echo getLocalString('help') ?></a>&nbsp;:&nbsp;<a href="http://www.switch.ch/<?php echo $language ?>/aai/privacy/" class="switchaai-link"><?php echo getLocalString('privacy') ?></a>
<!-- Body: Start -->
<!-- Identity Provider Permanent Note: Start-->
<h1><?php echo getLocalString('settings'); ?></h1>
<script language="JavaScript" type="text/javascript">
<!--
function showConfirmation(){
return alert(unescape('<?php echo getLocalString('permanent_cookie_note', 'js') ?>'));
}
-->
</script>
<div class="inner-box">
<p>
<?php echo getLocalString('permanent_cookie_notice'); ?>
</p>
<form id="IdPList" name="IdPList" method="post" action="<?php echo $actionURL ?>">