diff --git a/perun-oidc-server-webapp/src/main/resources/db/hsql/hsql_database_tables.sql b/perun-oidc-server-webapp/src/main/resources/db/hsql/hsql_database_tables.sql
index 38828753834d8e9c5a901d6b7423ed7cd7adcfe0..697322c73bd3c5f52be64663391aa7d4e90326be 100644
--- a/perun-oidc-server-webapp/src/main/resources/db/hsql/hsql_database_tables.sql
+++ b/perun-oidc-server-webapp/src/main/resources/db/hsql/hsql_database_tables.sql
@@ -302,13 +302,3 @@ CREATE TABLE IF NOT EXISTS device_code_request_parameter (
param VARCHAR(2048),
val VARCHAR(2048)
);
-
-CREATE TABLE IF NOT EXISTS client_only_allowed_idps (
- owner_id BIGINT,
- idp_entity_id VARCHAR(512)
-);
-
-CREATE TABLE IF NOT EXISTS client_blocked_idps (
- owner_id BIGINT,
- idp_entity_id VARCHAR(512)
-);
diff --git a/perun-oidc-server-webapp/src/main/resources/db/hsql/v18.0.0.sql b/perun-oidc-server-webapp/src/main/resources/db/hsql/v18.0.0.sql
deleted file mode 100644
index d7634d020757d1b37bc3973f542f2a1c36ca00c6..0000000000000000000000000000000000000000
--- a/perun-oidc-server-webapp/src/main/resources/db/hsql/v18.0.0.sql
+++ /dev/null
@@ -1,19 +0,0 @@
-CREATE TABLE IF NOT EXISTS client_only_allowed_idps (
- owner_id BIGINT,
- idp_entity_id VARCHAR(512)
-);
-
-CREATE TABLE IF NOT EXISTS client_blocked_idps (
- owner_id BIGINT,
- idp_entity_id VARCHAR(512)
-);
-
-alter table client_only_allowed_idps
- add constraint client_only_allowed_idps_client_details_id_fk
- foreign key (owner_id) references client_details (id)
- on update cascade on delete cascade;
-
-alter table client_blocked_idps
- add constraint client_blocked_idps_client_details_id_fk
- foreign key (owner_id) references client_details (id)
- on update cascade on delete cascade;
\ No newline at end of file
diff --git a/perun-oidc-server-webapp/src/main/resources/db/mysql/mysql_database_tables.sql b/perun-oidc-server-webapp/src/main/resources/db/mysql/mysql_database_tables.sql
index 5c0774dbf0dd837674412969a8166ee1a976bf20..2b0b07728e9beb5e24f8646bcb792025b29a7ad5 100644
--- a/perun-oidc-server-webapp/src/main/resources/db/mysql/mysql_database_tables.sql
+++ b/perun-oidc-server-webapp/src/main/resources/db/mysql/mysql_database_tables.sql
@@ -205,16 +205,6 @@ CREATE TABLE IF NOT EXISTS client_claims_redirect_uri (
redirect_uri VARCHAR(2048)
);
-CREATE TABLE IF NOT EXISTS client_only_allowed_idps (
- owner_id BIGINT,
- idp_entity_id VARCHAR(512)
-);
-
-CREATE TABLE IF NOT EXISTS client_blocked_idps (
- owner_id BIGINT,
- idp_entity_id VARCHAR(512)
-);
-
CREATE TABLE IF NOT EXISTS refresh_token (
id BIGINT AUTO_INCREMENT PRIMARY KEY,
token_value VARCHAR(4096),
@@ -481,13 +471,3 @@ alter table whitelisted_site_scope
add constraint whitelisted_site_scope_whitelisted_site_id_fk
foreign key (owner_id) references whitelisted_site (id)
on update cascade on delete cascade;
-
-alter table client_only_allowed_idps
- add constraint client_only_allowed_idps_client_details_id_fk
- foreign key (owner_id) references client_details (id)
- on update cascade on delete cascade;
-
-alter table client_blocked_idps
- add constraint client_blocked_idps_client_details_id_fk
- foreign key (owner_id) references client_details (id)
- on update cascade on delete cascade;
\ No newline at end of file
diff --git a/perun-oidc-server-webapp/src/main/resources/db/mysql/v18.0.0.sql b/perun-oidc-server-webapp/src/main/resources/db/mysql/v18.0.0.sql
deleted file mode 100644
index d7634d020757d1b37bc3973f542f2a1c36ca00c6..0000000000000000000000000000000000000000
--- a/perun-oidc-server-webapp/src/main/resources/db/mysql/v18.0.0.sql
+++ /dev/null
@@ -1,19 +0,0 @@
-CREATE TABLE IF NOT EXISTS client_only_allowed_idps (
- owner_id BIGINT,
- idp_entity_id VARCHAR(512)
-);
-
-CREATE TABLE IF NOT EXISTS client_blocked_idps (
- owner_id BIGINT,
- idp_entity_id VARCHAR(512)
-);
-
-alter table client_only_allowed_idps
- add constraint client_only_allowed_idps_client_details_id_fk
- foreign key (owner_id) references client_details (id)
- on update cascade on delete cascade;
-
-alter table client_blocked_idps
- add constraint client_blocked_idps_client_details_id_fk
- foreign key (owner_id) references client_details (id)
- on update cascade on delete cascade;
\ No newline at end of file
diff --git a/perun-oidc-server-webapp/src/main/resources/db/psql/psql_database_tables.sql b/perun-oidc-server-webapp/src/main/resources/db/psql/psql_database_tables.sql
index f3a0e5ee3ceb6b53bd945d45d3627b92b861dba8..44f4e85d25c0afd6645978deec654d8b20db2c1c 100644
--- a/perun-oidc-server-webapp/src/main/resources/db/psql/psql_database_tables.sql
+++ b/perun-oidc-server-webapp/src/main/resources/db/psql/psql_database_tables.sql
@@ -209,16 +209,6 @@ CREATE TABLE IF NOT EXISTS client_claims_redirect_uri (
redirect_uri VARCHAR(2048)
);
-CREATE TABLE IF NOT EXISTS client_only_allowed_idps (
- owner_id BIGINT,
- idp_entity_id VARCHAR(512)
-);
-
-CREATE TABLE IF NOT EXISTS client_blocked_idps (
- owner_id BIGINT,
- idp_entity_id VARCHAR(512)
-);
-
CREATE TABLE IF NOT EXISTS refresh_token (
id BIGSERIAL PRIMARY KEY,
token_value VARCHAR(4096),
@@ -445,16 +435,6 @@ alter table client_scope
foreign key (owner_id) references client_details (id)
on update cascade on delete cascade;
-alter table client_only_allowed_idps
- add constraint client_only_allowed_idps_client_details_id_fk
- foreign key (owner_id) references client_details (id)
- on update cascade on delete cascade;
-
-alter table client_blocked_idps
- add constraint client_blocked_idps_client_details_id_fk
- foreign key (owner_id) references client_details (id)
- on update cascade on delete cascade;
-
alter table device_code
add constraint device_code_client_details_id_fk
foreign key (client_id) references client_details (client_id)
diff --git a/perun-oidc-server-webapp/src/main/resources/db/psql/v18.0.0.sql b/perun-oidc-server-webapp/src/main/resources/db/psql/v18.0.0.sql
deleted file mode 100644
index d7634d020757d1b37bc3973f542f2a1c36ca00c6..0000000000000000000000000000000000000000
--- a/perun-oidc-server-webapp/src/main/resources/db/psql/v18.0.0.sql
+++ /dev/null
@@ -1,19 +0,0 @@
-CREATE TABLE IF NOT EXISTS client_only_allowed_idps (
- owner_id BIGINT,
- idp_entity_id VARCHAR(512)
-);
-
-CREATE TABLE IF NOT EXISTS client_blocked_idps (
- owner_id BIGINT,
- idp_entity_id VARCHAR(512)
-);
-
-alter table client_only_allowed_idps
- add constraint client_only_allowed_idps_client_details_id_fk
- foreign key (owner_id) references client_details (id)
- on update cascade on delete cascade;
-
-alter table client_blocked_idps
- add constraint client_blocked_idps_client_details_id_fk
- foreign key (owner_id) references client_details (id)
- on update cascade on delete cascade;
\ No newline at end of file
diff --git a/perun-oidc-server-webapp/src/main/webapp/WEB-INF/tags/common/footer.tag b/perun-oidc-server-webapp/src/main/webapp/WEB-INF/tags/common/footer.tag
index a1db11bfde5dcd83e347c29d2ebb0f3df8212a2c..483533b0a1788410a17366ab035955efd666e2ef 100644
--- a/perun-oidc-server-webapp/src/main/webapp/WEB-INF/tags/common/footer.tag
+++ b/perun-oidc-server-webapp/src/main/webapp/WEB-INF/tags/common/footer.tag
@@ -6,7 +6,6 @@
<%@ taglib prefix="ceitec" tagdir="/WEB-INF/tags/ceitec" %>
<%@ taglib prefix="envri" tagdir="/WEB-INF/tags/envri" %>
<%@ taglib prefix="muni" tagdir="/WEB-INF/tags/muni" %>
-<%@ taglib prefix="lsaai" tagdir="/WEB-INF/tags/lsaai" %>
<%@ taglib prefix="t" tagdir="/WEB-INF/tags/common" %>
<%@ attribute name="baseURL" required="true" %>
<%@ attribute name="samlResourcesURL" required="true" %>
@@ -28,9 +27,6 @@
<c:when test="${theme eq 'muni'}">
<muni:footer/>
</c:when>
- <c:when test="${theme eq 'lsaai'}">
- <lsaai:footer baseURL="${baseURL}" samlResourcesURL="${samlResourcesURL}"/>
- </c:when>
<c:otherwise>
<o:footer />
</c:otherwise>
diff --git a/perun-oidc-server-webapp/src/main/webapp/WEB-INF/tags/common/header.tag b/perun-oidc-server-webapp/src/main/webapp/WEB-INF/tags/common/header.tag
index 76d03546f13997d9653b181750c27cc3114febc2..8720989dd9796d7c2e98201a769baaa63c0f4cad 100644
--- a/perun-oidc-server-webapp/src/main/webapp/WEB-INF/tags/common/header.tag
+++ b/perun-oidc-server-webapp/src/main/webapp/WEB-INF/tags/common/header.tag
@@ -6,7 +6,6 @@
<%@ taglib prefix="ceitec" tagdir="/WEB-INF/tags/ceitec" %>
<%@ taglib prefix="envri" tagdir="/WEB-INF/tags/envri" %>
<%@ taglib prefix="muni" tagdir="/WEB-INF/tags/muni" %>
-<%@ taglib prefix="lsaai" tagdir="/WEB-INF/tags/lsaai" %>
<%@ attribute name="title" required="true" %>
<%@ attribute name="reqURL" required="true" %>
<%@ attribute name="baseURL" required="true" %>
@@ -30,9 +29,6 @@
<c:when test="${theme eq 'muni'}">
<muni:header title="${title}" reqURL="${reqURL}" cssLinks="${cssLinks}" baseURL="${baseURL}" samlResourcesURL="${samlResourcesURL}"/>
</c:when>
- <c:when test="${theme eq 'lsaai'}">
- <lsaai:header title="${title}" reqURL="${reqURL}" cssLinks="${cssLinks}" baseURL="${baseURL}" samlResourcesURL="${samlResourcesURL}"/>
- </c:when>
<c:otherwise>
<o:header title="${title}"/>
</c:otherwise>
diff --git a/perun-oidc-server-webapp/src/main/webapp/WEB-INF/tags/lsaai/footer.tag b/perun-oidc-server-webapp/src/main/webapp/WEB-INF/tags/lsaai/footer.tag
index 739924128ef7e55d1568cb22c9431760792501cb..a4024316bd96ff6192059041fa3fb666af8a4723 100644
--- a/perun-oidc-server-webapp/src/main/webapp/WEB-INF/tags/lsaai/footer.tag
+++ b/perun-oidc-server-webapp/src/main/webapp/WEB-INF/tags/lsaai/footer.tag
@@ -1,47 +1,21 @@
<%@ tag pageEncoding="UTF-8" trimDirectiveWhitespaces="true" %>
-<%@ attribute name="js" required="false"%>
-<%@ attribute name="baseURL" required="true"%>
-<%@ attribute name="samlResourcesURL" required="true"%>
-<%@ taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions"%>
-<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
-<%@ taglib prefix="fmt" uri="http://java.sun.com/jsp/jstl/fmt"%>
-<%@ taglib prefix="t" tagdir="/WEB-INF/tags/common" %>
-<%@ taglib prefix="spring" uri="http://www.springframework.org/tags" %>
-<jsp:useBean id="date" class="java.util.Date" />
-<div class="container" id="footer">
- <div class="row mt-1">
- <div class="col-xs-3 col-md-2">
- <div class="img-wrap" id="footer-ls-logo">
- <a href="https://lifescience-ri.eu/ls-login/" target="_blank">
- <img src="${samlResourcesURL}/module.php/perun/res/img/lsaai_logo_120.png"
- alt="European Life Science Research Infrastructures Logo">
- </a>
- </div>
+ </div> <!-- ENDCARD_BODY -->
+ </div> <!-- ENDCARD -->
+</div> <!-- ENDCOL -->
+</div> <!-- ENDROW -->
+<footer>
+ <div class="footer offset-1 col-10 offset-sm-1 col-sm-10 offset-md-2 col-md-8 offset-lg-3 col-lg-6 offset-xl-3 col-xl-6">
+ <div class="footer-contact">
+ <a class="contact-link" href="mailto:support@aai.lifescience-ri.eu">Contact us</a>
</div>
- <div class="col-xs-9 col-md-10 mt-xs-1">
- <p class="text-justify ">LS Login, an authentication service of the European Life Science Research
- Infrastructures (LS RI), is a community platform established via the EOSC-Life project and operated by
- Masaryk University, Brno, CZ. Visit our
- <a href="https://lifescience-ri.eu/ls-login/" target="_blank">homepage</a>
- or contact us at
- <a href="mailto:support@aai.lifescience-ri.eu">support@aai.lifescience-ri.eu</a>.</p>
+ <div class="footer-policy">
+ <a class="footer-policy-link" href="https://lifescience-ri.eu/ls-login/ls-aai-aup.html">Privacy Policy</a>
</div>
</div>
- <div class="row mb-2 mt-1">
- <div class="col-xs-3 col-md-2">
- <div class="img-wrap">
- <img src="${samlResourcesURL}/module.php/perun/res/img/eu_logo_120.png"
- alt="European Union flag">
- </div>
- </div>
- <div class="col-xs-9 col-md-10 mt-xs-1">
- <p class="text-justify">
- <a href="https://lifescience-ri.eu/" target="_blank">The European Life Science Research
- Infrastructures</a> has received funding from the European Union’s Horizon 2020 research
- and innovation programme under grant agreement No 654248 and from the European Union’s Horizon
- 2020 programme under grant agreement number 824087.
- </p>
- </div>
- </div>
-</div>
+</footer>
+<script type="text/javascript" src="${config.getIssuer(false)}/resources/js/lsaai/jquery.min.js"></script>
+<script type="text/javascript" src="${config.getIssuer(false)}/resources/js/lsaai/bootstrap.min.js"></script>
+<script type="text/javascript" src="${config.getIssuer(false)}/resources/js/lsaai/cmservice.js"></script>
+</body>
+</html>
\ No newline at end of file
diff --git a/perun-oidc-server-webapp/src/main/webapp/WEB-INF/tags/lsaai/header.tag b/perun-oidc-server-webapp/src/main/webapp/WEB-INF/tags/lsaai/header.tag
index 7628687171f7dbc50ffe5a8d6abda79a20dd5226..a6c2eed3fedac885f538dfd54b3aa80d1baafd73 100644
--- a/perun-oidc-server-webapp/src/main/webapp/WEB-INF/tags/lsaai/header.tag
+++ b/perun-oidc-server-webapp/src/main/webapp/WEB-INF/tags/lsaai/header.tag
@@ -1,27 +1,19 @@
<%@ tag pageEncoding="UTF-8" trimDirectiveWhitespaces="true" %>
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
<%@ taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions" %>
-<%@ taglib prefix="o" tagdir="/WEB-INF/tags/common" %>
-<%@ attribute name="title" required="true" %>
-<%@ attribute name="reqURL" required="true" %>
-<%@ attribute name="baseURL" required="true" %>
-<%@ attribute name="samlResourcesURL" required="true" %>
-<%@ attribute name="cssLinks" required="true" type="java.util.ArrayList<java.lang.String>" %>
-
-<c:set var="logoURL" value="${samlResourcesURL}/module.php/perun/res/img/lsaai_logo_200.png"/>
-
-<o:headerInit title="${title}" reqURL="${reqURL}" baseURL="${baseURL}" samlResourcesURL="${samlResourcesURL}"/>
-
-<link rel="icon" href="resources/images/lsaai.ico" />
-<link rel="stylesheet" type="text/css" href="${samlResourcesURL}/module.php/perun/res/bootstrap/css/bootstrap.min.css" />
-<link rel="stylesheet" type="text/css" href="${samlResourcesURL}/module.php/perun/res/css/lsaai.css" />
-
-<o:headerCssLinks cssLinks="${cssLinks}"/>
-
-</head>
-
+<html>
+ <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
+ <link href="${config.getIssuer(false)}/resources/css/lsaai/bootstrap.min.css" rel="stylesheet" type="text/css"/>
+ <link href="${config.getIssuer(false)}/resources/css/lsaai/eduteams.css" rel="stylesheet" type="text/css"/>
+ <link href="${config.getIssuer(false)}/resources/css/lsaai/cmservice.css" rel="stylesheet" type="text/css"/>
+ <link rel="icon" href="${config.favicon}">
+ <title>LS Login</title>
+ <link rel="preconnect" href="https://fonts.googleapis.com">
+ <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
+ <link href="https://fonts.googleapis.com/css2?family=Roboto:ital,wght@0,100;0,300;0,400;0,500;0,700;0,900;1,100;1,300;1,400;1,500;1,700;1,900&display=swap" rel="stylesheet">
<body>
-
- <div id="wrap" style="box-shadow: rgba(0, 0, 0, 0.15) 0 1rem 3rem 0.5rem;">
- <div id="header">
- <img src="${logoURL}" alt="logo">
+<div class="row">
+ <div class="offset-1 col-10 offset-sm-1 col-sm-10 offset-md-2 col-md-8 offset-lg-3 col-lg-6 offset-xl-3 col-xl-6">
+ <div class="card">
+ <img class="card-img-top" src="${config.getIssuer(false)}/resources/images/lsaai/lsaai_logo.png" alt="Life Science Login logo">
+ <div class="card-body">
\ No newline at end of file
diff --git a/perun-oidc-server-webapp/src/main/webapp/WEB-INF/user-context.xml b/perun-oidc-server-webapp/src/main/webapp/WEB-INF/user-context.xml
index 7862afc1cade81dc7212c2f37c35a229476534d7..0e7e1ef7c63fb5e5f8e26d6119a5dc4df400cfd7 100644
--- a/perun-oidc-server-webapp/src/main/webapp/WEB-INF/user-context.xml
+++ b/perun-oidc-server-webapp/src/main/webapp/WEB-INF/user-context.xml
@@ -98,8 +98,6 @@
<prop key="proxy.extSource.name"/>
<prop key="proxy.base.url"/>
<prop key="proxy.add_client_id_to_acrs">false</prop>
- <prop key="proxy.only_allowed_idps_enabled">false</prop>
- <prop key="proxy.blocked_idps_enabled">false</prop>
<!-- OIDC STUFF -->
<prop key="jwk">file:///etc/perun/perun-oidc-keystore.jwks</prop>
<prop key="id_token.scopes">openid,profile,email,phone,address</prop>
@@ -130,7 +128,6 @@
<prop key="filter.stats.spIdColumnName">spId</prop>
<prop key="sentry.config.location"/>
<prop key="ga4gh.tokenExchange.brokerUrl"/>
-
</props>
</property>
</bean>
@@ -479,8 +476,6 @@
<property name="krbTokenExchangeRequiredScopes" value="#{'${token-exchange.kerberos.requiredScopes}'.split('\s*,\s*')}"/>
<property name="requesterIdPrefix" value="${saml.requester-id.prefix}"/>
<property name="logRequestsEnabled" value="${logRequestsEnabled}"/>
- <property name="onlyAllowedIdpsEnabled" value="${proxy.only_allowed_idps_enabled}"/>
- <property name="blockedIdpsEnabled" value="${proxy.blocked_idps_enabled}"/>
</bean>
<bean id="facilityAttrsConfig" class="cz.muni.ics.oidc.server.configurations.FacilityAttrsConfig">
diff --git a/perun-oidc-server-webapp/src/main/webapp/WEB-INF/views/lsaai/approve.jsp b/perun-oidc-server-webapp/src/main/webapp/WEB-INF/views/lsaai/approve.jsp
index 5df046e975fcb3254d97bfc7216f9e7bd0bc701d..6f65d157f749eaf5e764b8192661b74994b669d4 100644
--- a/perun-oidc-server-webapp/src/main/webapp/WEB-INF/views/lsaai/approve.jsp
+++ b/perun-oidc-server-webapp/src/main/webapp/WEB-INF/views/lsaai/approve.jsp
@@ -1,119 +1,145 @@
-<%@ page import="java.util.ArrayList" %>
-<%@ page import="java.util.List" %>
-<%@ page contentType="text/html; charset=UTF-8" pageEncoding="UTF-8" trimDirectiveWhitespaces="true"%>
+<%@ page contentType="text/html; charset=utf-8" pageEncoding="utf-8" %>
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
+<%@ taglib prefix="fmt" uri="http://java.sun.com/jsp/jstl/fmt"%>
<%@ taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions" %>
-<%@ taglib prefix="t" tagdir="/WEB-INF/tags/common" %>
<%@ taglib prefix="spring" uri="http://www.springframework.org/tags" %>
+<%@ taglib prefix="ls" tagdir="/WEB-INF/tags/lsaai" %>
-<%
-
- String samlCssUrl = (String) request.getAttribute("samlResourcesURL");
- List<String> cssLinks = new ArrayList<>();
-
- cssLinks.add(samlCssUrl + "/module.php/consent/assets/css/consent.css");
- cssLinks.add(samlCssUrl + "/module.php/perun/res/css/consent.css");
-
- request.setAttribute("cssLinks", cssLinks);
-
-%>
-
-<spring:message code="consent_title" var="title"/>
-<t:header title="${title}" reqURL="${reqURL}" baseURL="${baseURL}"
- cssLinks="${cssLinks}" theme="${theme}" samlResourcesURL="${samlResourcesURL}"/>
-
-<h1 class="h3"><spring:message code="consent_header"/>${" "}${fn:escapeXml(client.clientName)}</h1>
-
-</div> <%-- header --%>
-
-<div id="content">
- <c:remove scope="session" var="SPRING_SECURITY_LAST_EXCEPTION" />
- <c:if test="${getsOfflineAccess}">
- <div class="alert alert-warning text-justify" role="alert">
- <h4>Continuous data access.</h4>
- <p>This service requests continuous access to your data. That means that the service might continuously fetch the
- information you allow to be released via the form below without further interaction needed.</p>
- </div>
- </c:if>
- <c:if test="${not empty(jurisdiction)}">
- <div class="alert alert-warning text-justify" role="alert">
- <c:choose>
- <c:when test="${'EMBL'.equalsIgnoreCase(jurisdiction)} or ${'INT'.equalsIgnoreCase(jurisdiction)}">
- <h4>This service is provided by an international organization.</h4>
- </c:when>
- <c:otherwise>
- <h4>This service is in ${jurisdiction}/></h4>
- </c:otherwise>
- </c:choose>
- <c:choose>
- <c:when test="${'EMBL'.equalsIgnoreCase(jurisdiction)}">
- <p>In order to access the requested services, the Life Science Login needs to transfer your personal data to
- an international organization outside EU/EEA jurisdictions.</p>
- <p>Please be aware that upon transfer your personal data will be protected by
- <a href="https://www.embl.org/documents/document/internal-policy-no-68-on-general-data-protection/"
- target="_blank">EMBL’s Internal Policy 68 on General Data Protection</a>.</p>;
- </c:when>
- <c:otherwise>
- <p>In order to access the requested services, the Life Science Login needs to transfer your personal data to
- a country outside EU/EEA. We cannot guarantee that this country offers an adequately high level of personal
- data protection as EU/EEA countries.</p>
- </c:otherwise>
- </c:choose>
+<ls:header />
+<!-- block container -->
+<div class="aas-message">
+ <p>
+ The service <strong><c:out value="${client.clientName}" /></strong> requires access to your personal data.
+ <c:if test="${not empty(client.policyUri)}">
+ Please, read the <a target="_blank" href="<c:out value="${client.policyUri}" />">Privacy Policy</a> of the service to learn more about its commitments to protect your data.
+ </c:if>
+ </p>
+</div>
+<c:if test="${empty(client.policyUri)}">
+<div class="alert alert-warning" role="alert">
+ <h6>This service is missing a Privacy Policy document.</h6>
+</div>
+</c:if>
+<c:if test="${getsOfflineAccess}">
+<div class="alert alert-warning" role="alert">
+ <div><h6>This service requests continuous access to your personal data.</h6>
+ <p>
+ Normally when you close your browser the service stops fetching your personal data from Life Science Login.
+ However, in this case, fetching your personal data continues as it is required for the service to work.
+ </p>
</div>
- </c:if>
- <c:if test="${not acceptedTos}">
+</div>
+</c:if>
+<c:if test="${isTestSp or (not client.acceptedTos)}">
<div class="alert alert-warning" role="alert">
- <h4>Terms of Use for Service Providers not accepted</h4>
- <p class="text-justify">You are entering a service which has not yet accepted the
- <a href="https://lifescience-ri.eu/ls-login/terms-of-use-for-service-providers.html"
- target="_blank">Terms of Use for Service Providers</a>.
- <c:if test="${isTestSp}">
- This might be due to the service being registered in the test environment, which does not force the service to
- do so. To get more information about the different environments of the LS Login, please visit
- <a href="https://lifescience-ri.eu/ls-login/relying-parties/environments.html" target="_blank">this page</a>.
- </c:if>
- </p>
+ <p>You are entering a service that is in the test environment of Life Science Login. The test environment is for service developers to test their relying service’s AAI integration before requesting to move them to the Life Science Login production environment.</p>
+ <p>The test environment is not intended for common users. You are able to access the service because you have opted in as a test user. You need to refresh your registration every 30 days.</p>
</div>
- </c:if>
- <form name="confirmationForm" method="post" action="${pageContext.request.contextPath.endsWith('/') ?
- pageContext.request.contextPath : pageContext.request.contextPath.concat('/')}auth/authorize">
- <c:choose>
- <c:when test="${not empty client.policyUri}">
- <p>Document with the privacy policy for this service can be found
- <a target="_blank" href="${fn:escapeXml(client.policyUri)}">here</a>.</p>
- </c:when>
- <c:otherwise>
- <div class="alert alert-warning" role="alert">
- <h4>Missing Privacy Policy document.</h4>
- <p class="text-justify">This servise has not yet provided link to the Privacy Policy document.
- <c:if test="${isTestSp}">
- This might be due to the service being registered in the test environment, which does not force the
- service to do so. To get more information about the different environments of the LS Login, please visit
- <a href="https://lifescience-ri.eu/ls-login/relying-parties/environments.html" target="_blank">this page</a>.
+</c:if>
+<form name="confirmationForm" id="allow_consent_form" class="form-group"
+ action="${ config.issuer }${ config.issuer.endsWith('/') ? '' : '/' }auth/authorize" method="post">
+ <div id="accordion">
+ <div class="section">
+ <div class="card-header" id="headingOne">
+ <h5 class="mb-0">
+ <button class="btn btn-link" type="button" data-toggle="collapse" data-target="#collapseOne" aria-expanded="true" aria-controls="collapseOne">
+ User Information
+ </button>
+ </h5>
+ </div>
+ <c:if test="${not empty scopes}">
+ <c:forEach var="scope" items="${scopes}">
+ <c:set var="singleClaim" value="${fn:length(claims[scope.value]) eq 1}" />
+ <c:set var="emptyClaim" value="${fn:length(claims[scope.value]) eq 0}" />
+ <div class="card-body <c:if test="${emptyClaim}">d-none</c:if>">
+ <div class="attribute-row">
+ <div class="attribute">
+ <div class="attribute-name form-check">
+ <input class="form-check-input" type="checkbox" name="scope_${ fn:escapeXml(scope.value) }" checked="checked"
+ id="scope_${fn:escapeXml(scope.value)}" value="${fn:escapeXml(scope.value)}">
+ <label class="form-check-label" for="scope_${fn:escapeXml(scope.value)}">
+ <spring:message code="${scope.value}"/>
+ </label>
+ </div>
+ </div>
+ <div class="attribute-values">
+ <c:forEach var="claim" items="${claims[scope.value]}">
+ <div class="attribute-choose">
+ <div class="attribute-value">
+ <c:if test="${claim.value.getClass().name eq 'java.util.ArrayList'}">
+ <c:forEach var="subValue" items="${claim.value}">
+ <div>
+ <code>${subValue}</code>
+ </div>
+ </c:forEach>
+ </c:if>
+ <c:if test="${not(claim.value.getClass().name eq 'java.util.ArrayList')}">
+ <c:if test="${not(singleClaim)}">
+ <strong><spring:message code="${claim.key}"/>:${' '}</strong>
+ </c:if>
+ <code>${claim.value}</code>
+ </c:if>
+ </div>
+ </div>
+ </c:forEach>
+ </div>
+ </div>
+ </div>
+ </c:forEach>
</c:if>
- </p>
</div>
- </c:otherwise>
- </c:choose>
- <t:attributesConsent />
- <c:if test="${rememberEnabled}">
- <div class="row" id="saveconsentcontainer">
- <div class="col-xs-12">
- <div class="checkbox">
- <input type="checkbox" name="remember" id="saveconsent" value="until-revoked"/>
- <label for="saveconsent"><spring:message code="remember"/></label>
- </div>
+ </div>
+
+ <c:if test="${not empty jurisdiction}">
+ <div class="alert alert-danger" role="alert">
+ <h6>
+ This service is${' '}
+ <c:if test="${jurisdiction eq 'INT' or jurisdiction eq 'EMBL'}">provided by an international organization. </c:if>
+ <c:if test="${jurisdiction ne 'INT' and jurisdiction ne 'EMBL'}">in ${jurisdiction}</c:if>
+ </h6>
+ <p>
+ <c:if test="${jurisdiction eq 'EMBL'}">
+ In order to access the requested services, the Life Science Login needs to transfer your personal data to an international organization outside EU/EEA jurisdictions.<br/>
+ <i>Please be aware that upon transfer your personal data will be protected by <a href="https://www.embl.org/documents/document/internal-policy-no-68-on-general-data-protection/" target="_blank">EMBL’s Internal Policy 68 on General Data Protection</a>.</i>
+ </c:if>
+ <c:if test="${jurisdiction ne 'EMBL'}">
+ In order to access the requested services, the Life Science Login needs to transfer your personal data to a country outside EU/EEA.
+ We cannot guarantee that this country offers an adequately high level of personal data protection as EU/EEA countries.
+ </c:if>
+ </p>
+ <c:if test="${not empty(client.policyUri)}">
+ <h6>Please, read the <a target="_blank" href="<c:out value="${client.policyUri}" />">Privacy Policy</a> of the service provider to learn more about its commitments to protect your data.</h6>
+ </c:if>
+ <div class="form-check">
+ <input class="form-check-input" type="checkbox" name="transfer" id="transfer" data-np-checked="1">
+ <label class="form-check-label" for="transfer">To continue, consent to the transfer of your personal data.</label>
</div>
- </div>
+ </div>
</c:if>
+ <div class="outro">
+ <p>
+ For withdrawing consent, contact <a href="mailto:support@aai.lifescience-ri.eu">support@aai.lifescience-ri.eu</a>
+ </p>
+ </div>
+ <div class="footer-buttons">
+ <div class="remember">
+ <label>Remember:</label>
+ <div id="select-amount">
+ <select name="remember" id="month" class="btn btn-sm btn-secondary amount">
+ <option value="none">Just this time</option>
+ <option value="until-revoked">Forever</option>
+ </select>
+ </div>
+ </div>
+ <div class="consent-button">
+ <a id="abort" class="btn btn-danger" href="https://lifescience-ri.eu/index.php?id=409">Abort</a>
+ <input type="submit" class="btn btn-primary" value="Consent" id="submit" name="authorize"
+ <c:if test="${not empty jurisdiction}">disabled=""</c:if>
+ onclick="$('#user_oauth_approval').attr('value',true)">
+ </div>
+ </div>
<input id="user_oauth_approval" name="user_oauth_approval" value="true" type="hidden" />
<input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}" />
- <t:consentButtons />
- <p class='mt-1'>
- For withdrawing consent, contact <a href='mailto:support@aai.lifescience-ri.eu'>support@aai.lifescience-ri.eu</a>
- </p>
- </form>
-</div>
-</div><!-- wrap -->
+</form>
-<t:footer baseURL="${baseURL}" theme="${theme}" samlResourcesURL="${samlResourcesURL}"/>
+<ls:footer />
diff --git a/perun-oidc-server-webapp/src/main/webapp/WEB-INF/views/lsaai/approveDevice.jsp b/perun-oidc-server-webapp/src/main/webapp/WEB-INF/views/lsaai/approveDevice.jsp
index 2261d5ebb6574fe71ddc9ec31788bf42b0ceb75b..f51b508029c24cd4734029985d675583fad2ecb6 100644
--- a/perun-oidc-server-webapp/src/main/webapp/WEB-INF/views/lsaai/approveDevice.jsp
+++ b/perun-oidc-server-webapp/src/main/webapp/WEB-INF/views/lsaai/approveDevice.jsp
@@ -1,98 +1,149 @@
-<%@ page import="java.util.ArrayList" %>
-<%@ page import="java.util.List" %>
-<%@ page contentType="text/html; charset=UTF-8" pageEncoding="UTF-8" trimDirectiveWhitespaces="true"%>
+<%@ page contentType="text/html; charset=utf-8" pageEncoding="utf-8"%>
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
+<%@ taglib prefix="fmt" uri="http://java.sun.com/jsp/jstl/fmt"%>
<%@ taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions" %>
-<%@ taglib prefix="t" tagdir="/WEB-INF/tags/common" %>
<%@ taglib prefix="spring" uri="http://www.springframework.org/tags" %>
+<%@ taglib prefix="ls" tagdir="/WEB-INF/tags/lsaai" %>
-
-<c:set var="reqURL" value="${reqURL}"/>
-
-
-<%
-
- String samlCssUrl = (String) request.getAttribute("samlResourcesURL");
- List<String> cssLinks = new ArrayList<>();
-
- cssLinks.add(samlCssUrl + "/module.php/consent/assets/css/consent.css");
- cssLinks.add(samlCssUrl + "/module.php/perun/res/css/consent.css");
-
- request.setAttribute("cssLinks", cssLinks);
-
-%>
-
-<spring:message code="device_approve_title" var="title"/>
-<t:header title="${title}" reqURL="${reqURL}" baseURL="${baseURL}"
- cssLinks="${cssLinks}" theme="${theme}" samlResourcesURL="${samlResourcesURL}"/>
-
-<h1 class="h3"><spring:message code="device_approve_header"/> ${" "} ${fn:escapeXml(client.clientName)}</h1>
-
-</div> <%-- header --%>
-
-<div id="content">
- <c:remove scope="session" var="SPRING_SECURITY_LAST_EXCEPTION" />
- <c:if test="${getsOfflineAccess}">
- <div class="alert alert-warning text-justify" role="alert">
- <h4>Continuous data access.</h4>
- <p>This service requests continuous access to your data. That means that the service might continuously fetch the
- information you allow to be released via the form below without further interaction needed.</p>
- </div>
- </c:if>
- <c:if test="${not empty(jurisdiction)}">
- <div class="alert alert-warning text-justify" role="alert">
- <c:choose>
- <c:when test="${'EMBL'.equalsIgnoreCase(jurisdiction)} or ${'INT'.equalsIgnoreCase(jurisdiction)}">
- <h4>This service is provided by an international organization.</h4>
- </c:when>
- <c:otherwise>
- <h4>This service is in ${jurisdiction}/></h4>
- </c:otherwise>
- </c:choose>
- <c:choose>
- <c:when test="${'EMBL'.equalsIgnoreCase(jurisdiction)}">
- <p>In order to access the requested services, the Life Science Login needs to transfer your personal data to
- an international organization outside EU/EEA jurisdictions.</p>
- <p>Please be aware that upon transfer your personal data will be protected by
- <a href="https://www.embl.org/documents/document/internal-policy-no-68-on-general-data-protection/"
- target="_blank">EMBL’s Internal Policy 68 on General Data Protection</a>.</p>;
- </c:when>
- <c:otherwise>
- <p>In order to access the requested services, the Life Science Login needs to transfer your personal data to
- a country outside EU/EEA. We cannot guarantee that this country offers an adequately high level of personal
- data protection as EU/EEA countries.</p>
- </c:otherwise>
- </c:choose>
- </div>
- </c:if>
- <c:if test="${not acceptedTos}">
- <div class="alert alert-warning" role="alert">
- <h4>Terms of Use for Service Providers not accepted</h4>
- <p class="text-justify">You are entering a service which has not yet accepted the
- <a href="https://lifescience-ri.eu/ls-login/terms-of-use-for-service-providers.html"
- target="_blank">Terms of Use for Service Providers</a>.
- <c:if test="${isTestSp}">
- This might be due to the service being registered in the test environment, which does not force the service to
- do so. To get more information about the different environments of the LS Login, please visit
- <a href="https://lifescience-ri.eu/ls-login/relying-parties/environments.html" target="_blank">this page</a>.
+<ls:header />
+<!-- block container -->
+<div class="aas-message">
+ <p>
+ The service <strong><c:out value="${client.clientName}" /></strong> requires access to your personal data.
+ <c:if test="${not empty(client.policyUri)}">
+ Please, read the <a target="_blank" href="<c:out value="${client.policyUri}" />">Privacy Policy</a> of the service to learn more about its commitments to protect your data.
+ </c:if>
+ </p>
+</div>
+<c:if test="${empty(client.policyUri)}">
+<div class="alert alert-warning" role="alert">
+ <h6>This service is missing a Privacy Policy document.</h6>
+</div>
+</c:if>
+<c:if test="${getsOfflineAccess}">
+<div class="alert alert-warning" role="alert">
+ <div><h6>This service requests continuous access to your personal data.</h6>
+ <p>
+ Normally when you close your browser the service stops fetching your personal data from Life Science Login.
+ However, in this case, fetching your personal data continues as it is required for the service to work.
+ </p>
+ </div>
+</div>
+</c:if>
+<c:if test="${isTestSp or (not client.acceptedTos)}">
+ <div class="alert alert-warning" role="alert">
+ <p>You are entering a service that is in the test environment of Life Science Login. The test environment is for service developers to test their relying service’s AAI integration before requesting to move them to the Life Science Login production environment.</p>
+ <p>The test environment is not intended for common users. You are able to access the service because you have opted in as a test user. You need to refresh your registration every 30 days.</p>
+ </div>
+</c:if>
+<form name="confirmationForm" id="allow_consent_form" class="form-group"
+ action="${ config.issuer }${ config.issuer.endsWith('/') ? '' : '/' }auth/device/approved" method="post">
+ <div id="accordion">
+ <div class="section">
+ <div class="card-header" id="headingOne">
+ <h5 class="mb-0">
+ <button class="btn btn-link" type="button" data-toggle="collapse" data-target="#collapseOne" aria-expanded="true" aria-controls="collapseOne">
+ User Information
+ </button>
+ </h5>
+ </div>
+ <div id="collapseOne" class="collapse show" aria-labelledby="headingOne" data-parent="#accordion">
+ <c:if test="${not empty scopes}">
+ <c:forEach var="scope" items="${scopes}">
+ <c:set var="singleClaim" value="${fn:length(claims[scope.value]) eq 1}" />
+ <c:set var="emptyClaim" value="${fn:length(claims[scope.value]) eq 0}" />
+ <div class="card-body <c:if test="${emptyClaim}">d-none</c:if>">
+ <div class="attribute-row">
+ <div class="attribute">
+ <div class="attribute-name form-check">
+ <input class="form-check-input" type="checkbox" name="scope_${ fn:escapeXml(scope.value) }" checked="checked"
+ id="scope_${fn:escapeXml(scope.value)}" value="${fn:escapeXml(scope.value)}">
+ <label class="form-check-label" for="scope_${fn:escapeXml(scope.value)}">
+ <spring:message code="${scope.value}"/>
+ </label>
+ </div>
+ </div>
+ <div class="attribute-values">
+ <c:forEach var="claim" items="${claims[scope.value]}">
+ <div class="attribute-choose">
+ <div class="attribute-value">
+ <c:if test="${claim.value.getClass().name eq 'java.util.ArrayList'}">
+ <c:forEach var="subValue" items="${claim.value}">
+ <div>
+ <code>${subValue}</code>
+ </div>
+ </c:forEach>
+ </c:if>
+ <c:if test="${not(claim.value.getClass().name eq 'java.util.ArrayList')}">
+ <c:if test="${not(singleClaim)}">
+ <strong><spring:message code="${claim.key}"/>:${' '}</strong>
+ </c:if>
+ <code>${claim.value}</code>
+ </c:if>
+ </div>
+ </div>
+ </c:forEach>
+ </div>
+ </div>
+ </div>
+ </c:forEach>
</c:if>
- </p>
+ </div>
</div>
- </c:if>
- <form name="confirmationForm"
- action="${ config.issuer }${ config.issuer.endsWith('/') ? '' : '/' }auth/device/approved" method="post">
+ </div>
+
+ <c:if test="${not empty jurisdiction}">
+ <div class="alert alert-danger" role="alert">
+ <h6>
+ This service is${' '}
+ <c:if test="${jurisdiction eq 'INT' or jurisdiction eq 'EMBL'}">provided by an international organization. </c:if>
+ <c:if test="${jurisdiction ne 'INT' and jurisdiction ne 'EMBL'}">in ${jurisdiction}</c:if>
+ </h6>
<p>
- <c:if test="${not empty client.policyUri}">
- <spring:message code="device_approve_privacy"/>${" "}<a target='_blank' href='${fn:escapeXml(client.policyUri)}'><em>${fn:escapeXml(client.clientName)}</em></a>
+ <c:if test="${jurisdiction eq 'EMBL'}">
+ In order to access the requested services, the Life Science Login needs to transfer your personal data to an international organization outside EU/EEA jurisdictions.<br/>
+ <i>Please be aware that upon transfer your personal data will be protected by <a href="https://www.embl.org/documents/document/internal-policy-no-68-on-general-data-protection/" target="_blank">EMBL’s Internal Policy 68 on General Data Protection</a>.</i>
+ </c:if>
+ <c:if test="${jurisdiction ne 'EMBL'}">
+ In order to access the requested services, the Life Science Login needs to transfer your personal data to a country outside EU/EEA.
+ We cannot guarantee that this country offers an adequately high level of personal data protection as EU/EEA countries.
</c:if>
</p>
- <t:attributesConsent/>
- <input id="user_oauth_approval" name="user_oauth_approval" value="true" type="hidden" />
- <input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}" />
- <input type="hidden" name="user_code" value="${ dc.userCode }" />
- <t:consentButtons/>
- </form>
+ <c:if test="${not empty(client.policyUri)}">
+ <h6>Please, read the <a target="_blank" href="<c:out value="${client.policyUri}" />">Privacy Policy</a> of the service provider to learn more about its commitments to protect your data.</h6>
+ </c:if>
+ <div class="form-check">
+ <input class="form-check-input" type="checkbox" name="transfer" id="transfer" data-np-checked="1">
+ <label class="form-check-label" for="transfer">To continue, consent to the transfer of your personal data.</label>
+ </div>
+ </div>
+ </c:if>
+ <div class="outro">
+ <p>
+ For withdrawing consent, contact
+ <a href="mailto:support@aai.lifescience-ri.eu">support@aai.lifescience-ri.eu</a>
+ </p>
+ </div>
+ <div class="footer-buttons">
+ <div class="remember">
+ <label>Remember:</label>
+ <div id="select-amount">
+ <select name="remember" id="month" class="btn btn-sm btn-secondary amount">
+ <option value="none">Just this time</option>
+ <option value="until-revoked">Forever</option>
+ </select>
+ </div>
+ </div>
+ <div class="consent-button">
+ <a id="abort" class="btn btn-danger" href="https://lifescience-ri.eu/index.php?id=409">Abort</a>
+ <input type="submit" class="btn btn-primary" value="Consent" id="submit" name="authorize"
+ <c:if test="${not empty jurisdiction}">disabled=""</c:if>
+ onclick="$('#user_oauth_approval').attr('value',true)">
+ </div>
</div>
-</div><!-- wrap -->
+ <input id="user_oauth_approval" name="user_oauth_approval" value="true" type="hidden" />
+ <input type="hidden" name="user_code" value="${ dc.userCode }" />
+ <input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}" />
+</form>
-<t:footer baseURL="${baseURL}" theme="${theme}" samlResourcesURL="${samlResourcesURL}"/>
+<ls:footer />
diff --git a/perun-oidc-server-webapp/src/main/webapp/WEB-INF/views/lsaai/aup.jsp b/perun-oidc-server-webapp/src/main/webapp/WEB-INF/views/lsaai/aup.jsp
new file mode 100644
index 0000000000000000000000000000000000000000..460cf1cb4cde8bed47fd28fbee21d0ff0b6cd5a9
--- /dev/null
+++ b/perun-oidc-server-webapp/src/main/webapp/WEB-INF/views/lsaai/aup.jsp
@@ -0,0 +1,26 @@
+<%@ page contentType="text/html; charset=utf-8" pageEncoding="utf-8"%>
+<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
+<%@ taglib prefix="fmt" uri="http://java.sun.com/jsp/jstl/fmt"%>
+<%@ taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions" %>
+<%@ taglib prefix="spring" uri="http://www.springframework.org/tags" %>
+<%@ taglib prefix="ls" tagdir="/WEB-INF/tags/lsaai" %>
+
+<ls:header />
+
+ <h3><spring:message code="must_agree_aup"/></h3>
+ <form method="POST" action="">
+ <c:forEach var="aup" items="${newAups}">
+ <div>
+ <p style="font-size: 16px; padding: 0; margin: 0;"><spring:message code="org_vo"/>${" "}<strong>${aup.key}</strong></p>
+ <p><spring:message code="see_aup"/>${" "}${aup.value.version}${" "}
+ <a href="${aup.value.link}"><spring:message code="here"/></a></p>
+ </div>
+ </c:forEach>
+ <input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}"/>
+ <div class="form-group">
+ <spring:message code="agree_aup" var="submit_value"/>
+ <input type="submit" value="${submit_value}" class="btn btn-lg btn-primary btn-block">
+ </div>
+ </form>
+
+<ls:footer/>
diff --git a/perun-oidc-server-webapp/src/main/webapp/WEB-INF/views/lsaai/device_flow_error.jsp b/perun-oidc-server-webapp/src/main/webapp/WEB-INF/views/lsaai/device_flow_error.jsp
new file mode 100644
index 0000000000000000000000000000000000000000..1f814927ee18113650d0e8baaf6b43c221526143
--- /dev/null
+++ b/perun-oidc-server-webapp/src/main/webapp/WEB-INF/views/lsaai/device_flow_error.jsp
@@ -0,0 +1,13 @@
+<%@ page contentType="text/html; charset=utf-8" pageEncoding="utf-8"%>
+<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
+<%@ taglib prefix="fmt" uri="http://java.sun.com/jsp/jstl/fmt"%>
+<%@ taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions" %>
+<%@ taglib prefix="spring" uri="http://www.springframework.org/tags" %>
+<%@ taglib prefix="ls" tagdir="/WEB-INF/tags/lsaai" %>
+
+<ls:header />
+
+ <h3><spring:message code="device_flow_error_header"/></h3>
+ <p><spring:message code="device_flow_error_message"/></p>
+
+<ls:footer/>
diff --git a/perun-oidc-server-webapp/src/main/webapp/WEB-INF/views/lsaai/isTestSpWarning.jsp b/perun-oidc-server-webapp/src/main/webapp/WEB-INF/views/lsaai/isTestSpWarning.jsp
new file mode 100644
index 0000000000000000000000000000000000000000..900cf4f6cc2aaf6b106f54cd228125d5c3e19415
--- /dev/null
+++ b/perun-oidc-server-webapp/src/main/webapp/WEB-INF/views/lsaai/isTestSpWarning.jsp
@@ -0,0 +1,23 @@
+<%@ page contentType="text/html; charset=utf-8" pageEncoding="utf-8"%>
+<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
+<%@ taglib prefix="fmt" uri="http://java.sun.com/jsp/jstl/fmt"%>
+<%@ taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions" %>
+<%@ taglib prefix="spring" uri="http://www.springframework.org/tags" %>
+<%@ taglib prefix="ls" tagdir="/WEB-INF/tags/lsaai" %>
+
+<ls:header />
+
+ <div id="head">
+ <h1><spring:message code="is_test_sp_warning_header"/></h1>
+ </div>
+ <p><spring:message code="is_test_sp_warning_text"/></p>
+
+ <form method="GET" action="${action}">
+ <hr/>
+ <br/>
+ <input type="hidden" name="target" value="${fn:escapeXml(target)}">
+ <input type="hidden" name="accepted" value="true">
+ <spring:message code="is_test_sp_warning_continue" var="submit_value"/>
+ <input type="submit" name="continue" value="${submit_value}" class="btn btn-lg btn-primary btn-block">
+ </form>
+<ls:footer />
diff --git a/perun-oidc-server-webapp/src/main/webapp/WEB-INF/views/lsaai/login_failure.jsp b/perun-oidc-server-webapp/src/main/webapp/WEB-INF/views/lsaai/login_failure.jsp
new file mode 100644
index 0000000000000000000000000000000000000000..db02f23053eb8b696fcba590a5a5646483ad7443
--- /dev/null
+++ b/perun-oidc-server-webapp/src/main/webapp/WEB-INF/views/lsaai/login_failure.jsp
@@ -0,0 +1,23 @@
+<%@ page contentType="text/html; charset=utf-8" pageEncoding="utf-8"%>
+<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
+<%@ taglib prefix="fmt" uri="http://java.sun.com/jsp/jstl/fmt"%>
+<%@ taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions" %>
+<%@ taglib prefix="spring" uri="http://www.springframework.org/tags" %>
+<%@ taglib prefix="ls" tagdir="/WEB-INF/tags/lsaai" %>
+
+<ls:header />
+
+ <div id="head">
+ <h1><spring:message code="login_failure_header"/></h1>
+ </div>
+ <div class="msg"><spring:message code="login_failure_msg"/></div>
+ <c:if test="${not empty('error_msg')}">
+ <div class="mgs">
+ <spring:message code="${error_msg}"/>
+ </div>
+ </c:if>
+ <div class="msg"><spring:message code="login_failure_contact_us"/>${" "}
+ <a href="mailto:${contactMail}">${contactMail}</a>.
+ </div>
+
+<ls:footer />
diff --git a/perun-oidc-server-webapp/src/main/webapp/WEB-INF/views/lsaai/login_success.jsp b/perun-oidc-server-webapp/src/main/webapp/WEB-INF/views/lsaai/login_success.jsp
new file mode 100644
index 0000000000000000000000000000000000000000..a6c545567d7def7fa9424922cc444051257dda4f
--- /dev/null
+++ b/perun-oidc-server-webapp/src/main/webapp/WEB-INF/views/lsaai/login_success.jsp
@@ -0,0 +1,15 @@
+<%@ page contentType="text/html; charset=utf-8" pageEncoding="utf-8"%>
+<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
+<%@ taglib prefix="fmt" uri="http://java.sun.com/jsp/jstl/fmt"%>
+<%@ taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions" %>
+<%@ taglib prefix="spring" uri="http://www.springframework.org/tags" %>
+<%@ taglib prefix="ls" tagdir="/WEB-INF/tags/lsaai" %>
+
+<ls:header />
+
+ <div id="head">
+ <h1><spring:message code="login_success_header"/></h1>
+ </div>
+ <div class="msg"><spring:message code="login_success_msg"/></div>
+
+<ls:footer />
diff --git a/perun-oidc-server-webapp/src/main/webapp/WEB-INF/views/lsaai/logout.jsp b/perun-oidc-server-webapp/src/main/webapp/WEB-INF/views/lsaai/logout.jsp
new file mode 100644
index 0000000000000000000000000000000000000000..dc036c78ebab04b7066dc0d8976538ab4360ba56
--- /dev/null
+++ b/perun-oidc-server-webapp/src/main/webapp/WEB-INF/views/lsaai/logout.jsp
@@ -0,0 +1,28 @@
+<%@ page contentType="text/html; charset=utf-8" pageEncoding="utf-8"%>
+<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
+<%@ taglib prefix="fmt" uri="http://java.sun.com/jsp/jstl/fmt"%>
+<%@ taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions" %>
+<%@ taglib prefix="spring" uri="http://www.springframework.org/tags" %>
+<%@ taglib prefix="ls" tagdir="/WEB-INF/tags/lsaai" %>
+
+<ls:header />
+
+ <h1><spring:message code="logout.confirmation.header"/></h1>
+ <form action="${config.issuer}${config.issuer.endsWith('/') ? '' : '/'}endsession" method="POST">
+ <p><spring:message code="logout.confirmation.explanation"/></p>
+ <div class="row">
+ <div class="col-md-6 mb-4">
+ <spring:message code="logout.confirmation.submit" var="submit_value_approve"/>
+ <input name="approve" value="${submit_value_approve}"
+ type="submit" class="btn btn-lg btn-block btn-primary" />
+ </div>
+ <div class="col-md-6 mb-4">
+ <spring:message code="logout.confirmation.deny" var="submit_value_deny"/>
+ <input name="deny" value="${submit_value_deny}"
+ type="submit" class="btn btn-lg btn-block" />
+ </div>
+ </div>
+ <input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}" />
+ </form>
+
+<ls:footer/>
diff --git a/perun-oidc-server-webapp/src/main/webapp/WEB-INF/views/lsaai/logoutConfirmation.jsp b/perun-oidc-server-webapp/src/main/webapp/WEB-INF/views/lsaai/logoutConfirmation.jsp
new file mode 100644
index 0000000000000000000000000000000000000000..106635b25685baeb7ef895732ad6011b672c81cc
--- /dev/null
+++ b/perun-oidc-server-webapp/src/main/webapp/WEB-INF/views/lsaai/logoutConfirmation.jsp
@@ -0,0 +1,48 @@
+<%@ page contentType="text/html; charset=utf-8" pageEncoding="utf-8"%>
+<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
+<%@ taglib prefix="fmt" uri="http://java.sun.com/jsp/jstl/fmt"%>
+<%@ taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions" %>
+<%@ taglib prefix="spring" uri="http://www.springframework.org/tags" %>
+<%@ taglib prefix="ls" tagdir="/WEB-INF/tags/lsaai" %>
+
+<ls:header />
+
+ <div class="well" style="text-align: center">
+
+ <h1><spring:message code="logout.confirmation.header"/></h1>
+
+ <form action="${ config.issuer }${ config.issuer.endsWith('/') ? '' : '/' }endsession" method="POST">
+
+ <div class="row-fluid">
+ <div class="span12">
+ <spring:message code="logout.confirmation.submit" var="authorize_label"/>
+ <spring:message code="logout.confirmation.deny" var="deny_label"/>
+ <div>
+ <c:if test="${ not empty client }">
+ <!-- display some client information -->
+ <spring:message code="logout.confirmation.requested"/>
+ <c:choose>
+ <c:when test="${empty client.clientName}">
+ <em><c:out value="${client.clientId}" /></em>
+ </c:when>
+ <c:otherwise>
+ <em><c:out value="${client.clientName}" /></em>
+ </c:otherwise>
+ </c:choose>
+ </c:if>
+ </div>
+ <div>
+ <spring:message code="logout.confirmation.explanation" />
+ </div>
+ <input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}" />
+ <input name="approve" value="${authorize_label}" type="submit" class="btn btn-info btn-large" />
+
+ <input name="deny" value="${deny_label}" type="submit" class="btn btn-large" />
+ </div>
+ </div>
+
+ </form>
+
+ </div>
+
+<ls:footer />
diff --git a/perun-oidc-server-webapp/src/main/webapp/WEB-INF/views/lsaai/logout_denied.jsp b/perun-oidc-server-webapp/src/main/webapp/WEB-INF/views/lsaai/logout_denied.jsp
new file mode 100644
index 0000000000000000000000000000000000000000..7d9e6e582070ef20d79d17a416cc9c274663b863
--- /dev/null
+++ b/perun-oidc-server-webapp/src/main/webapp/WEB-INF/views/lsaai/logout_denied.jsp
@@ -0,0 +1,15 @@
+<%@ page contentType="text/html; charset=utf-8" pageEncoding="utf-8"%>
+<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
+<%@ taglib prefix="fmt" uri="http://java.sun.com/jsp/jstl/fmt"%>
+<%@ taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions" %>
+<%@ taglib prefix="spring" uri="http://www.springframework.org/tags" %>
+<%@ taglib prefix="ls" tagdir="/WEB-INF/tags/lsaai" %>
+
+<ls:header />
+
+ <div id="head">
+ <h1><spring:message code="logout_denied_header"/></h1>
+ </div>
+ <div class="msg"><spring:message code="logout_denied_msg"/></div>
+
+<ls:footer/>
diff --git a/perun-oidc-server-webapp/src/main/webapp/WEB-INF/views/lsaai/logout_success.jsp b/perun-oidc-server-webapp/src/main/webapp/WEB-INF/views/lsaai/logout_success.jsp
new file mode 100644
index 0000000000000000000000000000000000000000..deebb7fd44f34bfa678c1a751ec5d1d04f853d0c
--- /dev/null
+++ b/perun-oidc-server-webapp/src/main/webapp/WEB-INF/views/lsaai/logout_success.jsp
@@ -0,0 +1,15 @@
+<%@ page contentType="text/html; charset=utf-8" pageEncoding="utf-8"%>
+<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
+<%@ taglib prefix="fmt" uri="http://java.sun.com/jsp/jstl/fmt"%>
+<%@ taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions" %>
+<%@ taglib prefix="spring" uri="http://www.springframework.org/tags" %>
+<%@ taglib prefix="ls" tagdir="/WEB-INF/tags/lsaai" %>
+
+<ls:header />
+
+ <div id="head">
+ <h1><spring:message code="logout_success_header"/></h1>
+ </div>
+ <div class="msg"><spring:message code="logout_success_msg"/></div>
+
+<ls:footer/>
diff --git a/perun-oidc-server-webapp/src/main/webapp/WEB-INF/views/lsaai/registrationForm.jsp b/perun-oidc-server-webapp/src/main/webapp/WEB-INF/views/lsaai/registrationForm.jsp
new file mode 100644
index 0000000000000000000000000000000000000000..4aa91e0102d8753082d498ad380de358a812c4ee
--- /dev/null
+++ b/perun-oidc-server-webapp/src/main/webapp/WEB-INF/views/lsaai/registrationForm.jsp
@@ -0,0 +1,62 @@
+<%@ page contentType="text/html; charset=utf-8" pageEncoding="utf-8"%>
+<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
+<%@ taglib prefix="fmt" uri="http://java.sun.com/jsp/jstl/fmt"%>
+<%@ taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions" %>
+<%@ taglib prefix="spring" uri="http://www.springframework.org/tags" %>
+<%@ taglib prefix="ls" tagdir="/WEB-INF/tags/lsaai" %>
+
+<ls:header />
+
+ <div id="head">
+ <h1><spring:message code="registration_header1"/>
+ <c:choose>
+ <c:when test="${not empty client.clientName and not empty client.clientUri}">
+  <a href="${fn:escapeXml(client.clientUri)}">${fn:escapeXml(client.clientName)}</a>
+ </c:when>
+ <c:when test="${not empty client.clientName}">
+  ${fn:escapeXml(client.clientName)}
+ </c:when>
+ </c:choose>
+ ${" "}<spring:message code="registration_header2"/>
+ </h1>
+ </div>
+ <div class="msg mt-3"><spring:message code="registration_message"/></div>
+
+ <div class="list-group">
+ <form action="${action}" method="get">
+ <c:choose>
+ <c:when test="${not empty groupsForRegistration and groupsForRegistration.size() > 1}">
+ <h4 class="mb-2"><spring:message code="registration_select_vo"/></h4>
+ <select id="selectVo mb-4" class="form-control" name="selectedVo" onchange="filter()" required>
+ <c:forEach var="voGroupPair" items="${groupsForRegistration}">
+ <option value="${fn:escapeXml(voGroupPair.key.shortName)}">
+ ${fn:escapeXml(voGroupPair.key.name)}
+ </option>
+ </c:forEach>
+ </select>
+ </c:when>
+ <c:when test="${not empty groupsForRegistration and groupsForRegistration.size() == 1}">
+ <c:forEach var="voGroupPair" items="${groupsForRegistration}">
+ <input type="hidden" name="selectedVo" value="${fn:escapeXml(voGroupPair.key.shortName)}">
+ </c:forEach>
+ </c:when>
+ </c:choose>
+
+ <h4 class="mb-2 selectGroup"><spring:message code="registration_select_group"/></h4>
+ <select class="selectGroup mb-4 form-control" name="selectedGroup" class="form-control" required>
+ <c:forEach var="voGroupPair" items="${groupsForRegistration}">
+ <c:forEach var="group" items="${voGroupPair.value}">
+ <option class="groupOption" value="${fn:escapeXml(voGroupPair.key.shortName)}:${fn:escapeXml(group.name)}">
+ ${fn:escapeXml(group.description)}
+ </option>
+ </c:forEach>
+ </c:forEach>
+ </select>
+
+ <spring:message code="registration_continue" var="submit_value"/>
+ <input type="submit" value="${submit_value}" class="btn btn-lg btn-primary btn-block">
+ </form>
+ </div>
+
+<ls:footer/>
+<script type="text/javascript" src="${config.getIssuer(false)}/resources/js/reg_form_select.js"></script>
diff --git a/perun-oidc-server-webapp/src/main/webapp/WEB-INF/views/lsaai/registrationFormContinue.jsp b/perun-oidc-server-webapp/src/main/webapp/WEB-INF/views/lsaai/registrationFormContinue.jsp
new file mode 100644
index 0000000000000000000000000000000000000000..29b06219b9ac90009e5156083c34dc1bcb82f806
--- /dev/null
+++ b/perun-oidc-server-webapp/src/main/webapp/WEB-INF/views/lsaai/registrationFormContinue.jsp
@@ -0,0 +1,35 @@
+<%@ page contentType="text/html; charset=utf-8" pageEncoding="utf-8"%>
+<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
+<%@ taglib prefix="fmt" uri="http://java.sun.com/jsp/jstl/fmt"%>
+<%@ taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions" %>
+<%@ taglib prefix="spring" uri="http://www.springframework.org/tags" %>
+<%@ taglib prefix="ls" tagdir="/WEB-INF/tags/lsaai" %>
+
+<ls:header />
+
+ <div id="head">
+ <h1><spring:message code="go_to_registration_header1"/>
+ <c:choose>
+ <c:when test="${not empty client.clientName and not empty client.clientUri}">
+ ${" "}<a href="${fn:escapeXml(client.uri)}">${fn:escapeXml(client.clientName)}</a>
+ </c:when>
+ <c:when test="${not empty client.clientName}">
+ ${" "}${fn:escapeXml(client.clientName)}
+ </c:when>
+ </c:choose>
+ ${" "}<spring:message code="go_to_registration_header2"/>
+ </h1>
+ </div>
+ <form method="GET" action="${action}">
+ <hr/>
+ <br/>
+ <input type="hidden" name="client_id" value="${fn:escapeXml(client_id)}" />
+ <input type="hidden" name="facility_id" value="${fn:escapeXml(facility_id)}" />
+ <input type="hidden" name="user_id" value="${fn:escapeXml(user_id)}" />
+ <spring:message code="go_to_registration_continue" var="submit_value"/>
+ <input type="submit" name="continueToRegistration" value="${submit_value}"
+ class="btn btn-lg btn-primary btn-block">
+ </form>
+
+
+<ls:footer/>
\ No newline at end of file
diff --git a/perun-oidc-server-webapp/src/main/webapp/WEB-INF/views/lsaai/requestUserCode.jsp b/perun-oidc-server-webapp/src/main/webapp/WEB-INF/views/lsaai/requestUserCode.jsp
new file mode 100644
index 0000000000000000000000000000000000000000..1e1e878da3b4beb03e5623584887b7a86fa6226b
--- /dev/null
+++ b/perun-oidc-server-webapp/src/main/webapp/WEB-INF/views/lsaai/requestUserCode.jsp
@@ -0,0 +1,55 @@
+<%@ page contentType="text/html; charset=utf-8" pageEncoding="utf-8"%>
+<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
+<%@ taglib prefix="fmt" uri="http://java.sun.com/jsp/jstl/fmt"%>
+<%@ taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions" %>
+<%@ taglib prefix="spring" uri="http://www.springframework.org/tags" %>
+<%@ taglib prefix="ls" tagdir="/WEB-INF/tags/lsaai" %>
+
+<ls:header />
+
+ <div class="well" style="text-align: center">
+
+ <h1><spring:message code="device.request_code.header"/></h1>
+
+ <c:if test="${ error != null }">
+ <c:choose>
+ <c:when test="${ error == 'noUserCode' }">
+ <div class="alert alert-error"><spring:message code="device.error.noUserCode"/></div>
+ </c:when>
+ <c:when test="${ error == 'expiredUserCode' }">
+ <div class="alert alert-error"><spring:message code="device.error.expiredUserCode"/></div>
+ </c:when>
+ <c:when test="${ error == 'userCodeAlreadyApproved' }">
+ <div class="alert alert-error"><spring:message code="device.error.userCodeAlreadyApproved"/></div>
+ </c:when>
+ <c:when test="${ error == 'userCodeMismatch' }">
+ <div class="alert alert-error"><spring:message code="device.error.userCodeMismatch"/></div>
+ </c:when>
+ <c:otherwise>
+ <div class="alert alert-error"><spring:message code="device.error.error"/></div>
+ </c:otherwise>
+ </c:choose>
+ </c:if>
+
+
+ <form action="${ config.issuer }${ config.issuer.endsWith('/') ? '' : '/' }auth/device" method="POST">
+
+ <div class="row-fluid">
+ <div class="span12">
+ <spring:message code="device.request_code.submit" var="authorize_label"/>
+ <div>
+ <div class="input-block-level input-xlarge">
+ <input type="text" name="user_code" placeholder="code" autocorrect="off"
+ autocapitalize="off" autocomplete="off" spellcheck="false" value="${user_code}" />
+ </div>
+ </div>
+ <input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}" />
+ <input name="approve" value="${authorize_label}" type="submit" class="btn btn-info btn-large" />
+ </div>
+ </div>
+
+ </form>
+
+ </div>
+
+<ls:footer/>
diff --git a/perun-oidc-server-webapp/src/main/webapp/WEB-INF/views/lsaai/themedDeviceApproved.jsp b/perun-oidc-server-webapp/src/main/webapp/WEB-INF/views/lsaai/themedDeviceApproved.jsp
new file mode 100644
index 0000000000000000000000000000000000000000..2bbf141c3f4981437c7c234dfe4491bf58c72eff
--- /dev/null
+++ b/perun-oidc-server-webapp/src/main/webapp/WEB-INF/views/lsaai/themedDeviceApproved.jsp
@@ -0,0 +1,33 @@
+<%@ page contentType="text/html; charset=utf-8" pageEncoding="utf-8"%>
+<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
+<%@ taglib prefix="fmt" uri="http://java.sun.com/jsp/jstl/fmt"%>
+<%@ taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions" %>
+<%@ taglib prefix="spring" uri="http://www.springframework.org/tags" %>
+<%@ taglib prefix="ls" tagdir="/WEB-INF/tags/lsaai" %>
+
+<ls:header />
+
+ <h1>
+ <c:if test="${ approved }"><p>✔ <spring:message code="device_approved_approved"/></p></c:if>
+ <c:if test="${ not approved }"><p>✗ <spring:message code="device_approved_rejected"/></p></c:if>
+ </h1>
+ <p class="mt-2">
+ <c:if test="${ approved }">
+ <spring:message code="device_approved_text_approved_start"/>${" "}
+ <c:if test="${empty client.clientName}"><em><c:out value="${client.clientId}" /></em></c:if>
+ <c:if test="${not empty client.clientName}"><em><c:out value="${client.clientName}" /></em></c:if>
+ ${" "}<spring:message code="device_approved_text_approved_end"/>
+ </c:if>
+ <c:if test="${not approved}">
+ <spring:message code="device_approved_text_rejected_start"/>
+ <c:if test="${empty client.clientName}">
+ <em>${" "}<c:out value="${client.clientId}"/></em>
+ </c:if>
+ <c:if test="${not empty client.clientName}">
+ <em>${" "}<c:out value="${client.clientName}"/></em>
+ </c:if>
+ ${". "}<spring:message code="device_approved_text_rejected_end"/>
+ </c:if>
+ </p>
+
+<ls:footer />
diff --git a/perun-oidc-server-webapp/src/main/webapp/WEB-INF/views/lsaai/themedRequestUserCode.jsp b/perun-oidc-server-webapp/src/main/webapp/WEB-INF/views/lsaai/themedRequestUserCode.jsp
new file mode 100644
index 0000000000000000000000000000000000000000..1f86cfbf619c6c5daafec001531f6c818414c7de
--- /dev/null
+++ b/perun-oidc-server-webapp/src/main/webapp/WEB-INF/views/lsaai/themedRequestUserCode.jsp
@@ -0,0 +1,60 @@
+<%@ page contentType="text/html; charset=utf-8" pageEncoding="utf-8"%>
+<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
+<%@ taglib prefix="fmt" uri="http://java.sun.com/jsp/jstl/fmt"%>
+<%@ taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions" %>
+<%@ taglib prefix="spring" uri="http://www.springframework.org/tags" %>
+<%@ taglib prefix="ls" tagdir="/WEB-INF/tags/lsaai" %>
+
+<ls:header/>
+
+ <h1><spring:message code="request_code_header"/></h1>
+ <c:choose>
+ <c:when test="${ not empty error }">
+ <p class="alert alert-danger mt-2">
+ <c:choose>
+ <c:when test="${ error == 'noUserCode' }">
+ <spring:message code="user_code_empty_or_not_found"/>
+ </c:when>
+ <c:when test="${ error == 'expiredUserCode' }">
+ <spring:message code="user_code_expired"/>
+ </c:when>
+ <c:when test="${ error == 'userCodeAlreadyApproved' }">
+ <spring:message code="user_code_already_approved"/>
+ </c:when>
+ <c:when test="${ error == 'userCodeMismatch' }">
+ <spring:message code="user_code_mismatch"/>
+ </c:when>
+ <c:otherwise>
+ <spring:message code="user_code_error"/>
+ </c:otherwise>
+ </c:choose>
+ </p>
+ </c:when>
+ <c:otherwise>
+ <p class="mt-2"><spring:message code="user_code_info"/></p>
+ </c:otherwise>
+ </c:choose>
+
+ <form name="confirmationForm" class="mt-2" method="POST"
+ action="${ config.issuer }${ config.issuer.endsWith('/') ? '' : '/' }device-verify">
+ <div class="row-fluid">
+ <div class="span12">
+ <div>
+ <div class="input-block-level input-xlarge">
+ <spring:message code="code" var="code_placeholder"/>
+ <input type="text" name="user_code" placeholder="${code_placeholder}"
+ autocapitalize="off" autocomplete="off" spellcheck="false" value="${user_code}" />
+ </div>
+ </div>
+ </div>
+ </div>
+ <div class="row-fluid mt-2">
+ <input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}" />
+ <spring:message code="user_code_submit" var="submit_value"/>
+ <input name="approve" value="${submit_value}" type="submit"
+ class="btn btn-success btn-block btn-large" />
+ </div>
+
+ </form>
+
+<ls:footer/>
\ No newline at end of file
diff --git a/perun-oidc-server-webapp/src/main/webapp/WEB-INF/views/lsaai/unapproved.jsp b/perun-oidc-server-webapp/src/main/webapp/WEB-INF/views/lsaai/unapproved.jsp
new file mode 100644
index 0000000000000000000000000000000000000000..e2d1d3ecc279f80a43f0df5cf7ee3416a72e41d1
--- /dev/null
+++ b/perun-oidc-server-webapp/src/main/webapp/WEB-INF/views/lsaai/unapproved.jsp
@@ -0,0 +1,36 @@
+<%@ page contentType="text/html; charset=utf-8" pageEncoding="utf-8"%>
+<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
+<%@ taglib prefix="fmt" uri="http://java.sun.com/jsp/jstl/fmt"%>
+<%@ taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions" %>
+<%@ taglib prefix="spring" uri="http://www.springframework.org/tags" %>
+<%@ taglib prefix="ls" tagdir="/WEB-INF/tags/lsaai" %>
+
+<ls:header />
+
+ <div class="error_message" style="word-wrap: break-word;">
+ <c:forEach var="contactIter" items="${client.contacts}" end="0">
+ <c:set var="contact" value="${contactIter}" />
+ </c:forEach>
+ <c:if test="${empty contact}">
+ <c:set var="contact" value="${contactMail}"/>
+ </c:if>
+ <h1><spring:message code="403_header"/></h1>
+ <p><spring:message code="403_text"/>${' '}${fn:escapeXml(client.clientName)}
+ <c:if test="${not empty client.clientUri}">
+ <br/>
+ <spring:message code="403_informationPage"/>${' '}
+ <a href="${fn:escapeXml(client.clientUri)}">
+ ${fn:escapeXml(client.clientUri)}
+ </a>
+ </c:if>
+ </p>
+
+ <spring:message code="403_subject" var="subject"/>
+ <p><spring:message code="403_contactSupport"/>${' '}
+ <a href="mailto:${contact}?subject=${subject} ${fn:escapeXml(client.clientName)}">
+ ${fn:escapeXml(contact)}
+ </a>
+ </p>
+ </div>
+
+<ls:footer />
diff --git a/perun-oidc-server-webapp/src/main/webapp/WEB-INF/views/lsaai/unapproved_is_eligible.jsp b/perun-oidc-server-webapp/src/main/webapp/WEB-INF/views/lsaai/unapproved_is_eligible.jsp
new file mode 100644
index 0000000000000000000000000000000000000000..e449206178f7d07eeb041b53197d4666b06d1a1f
--- /dev/null
+++ b/perun-oidc-server-webapp/src/main/webapp/WEB-INF/views/lsaai/unapproved_is_eligible.jsp
@@ -0,0 +1,21 @@
+<%@ page contentType="text/html; charset=utf-8" pageEncoding="utf-8"%>
+<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
+<%@ taglib prefix="fmt" uri="http://java.sun.com/jsp/jstl/fmt"%>
+<%@ taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions" %>
+<%@ taglib prefix="spring" uri="http://www.springframework.org/tags" %>
+<%@ taglib prefix="ls" tagdir="/WEB-INF/tags/lsaai" %>
+
+<ls:header />
+
+<div class="error_message" style="word-wrap: break-word;">
+ <h1><spring:message code="${outHeader}"/></h1>
+ <p><spring:message code="${outMessage}"/></p>
+ <c:if test="${hasTarget}">
+ <form method="POST" action="" class="mb-4">
+ <button class="btn btn-primary btn-block"><spring:message code="${outButton}"/></button>
+ </form>
+ </c:if>
+ <p><spring:message code="${outContactP}"/>${" "}<a href="mailto:${contactMail}">${contactMail}</a></p>
+</div>
+
+<ls:footer/>
diff --git a/perun-oidc-server-webapp/src/main/webapp/WEB-INF/views/lsaai/unapproved_spec.jsp b/perun-oidc-server-webapp/src/main/webapp/WEB-INF/views/lsaai/unapproved_spec.jsp
new file mode 100644
index 0000000000000000000000000000000000000000..6bdd59a7ca79e24becab2ae13085f23ef96df940
--- /dev/null
+++ b/perun-oidc-server-webapp/src/main/webapp/WEB-INF/views/lsaai/unapproved_spec.jsp
@@ -0,0 +1,16 @@
+<%@ page contentType="text/html; charset=utf-8" pageEncoding="utf-8"%>
+<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
+<%@ taglib prefix="fmt" uri="http://java.sun.com/jsp/jstl/fmt"%>
+<%@ taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions" %>
+<%@ taglib prefix="spring" uri="http://www.springframework.org/tags" %>
+<%@ taglib prefix="ls" tagdir="/WEB-INF/tags/lsaai" %>
+
+<ls:header />
+
+ <div class="error_message" style="word-wrap: break-word;">
+ <h1><spring:message code="${outHeader}"/></h1>
+ <p><spring:message code="${outMessage}"/></p>
+ <p><spring:message code="contact_p"/>${" "}<a href="mailto:${contactMail}">${contactMail}</a></p>
+ </div>
+
+<ls:footer />
diff --git a/perun-oidc-server/src/main/java/cz/muni/ics/oauth2/model/ClientDetailsEntity.java b/perun-oidc-server/src/main/java/cz/muni/ics/oauth2/model/ClientDetailsEntity.java
index 8d26683e31957b4766539497090738dfc840bfa5..06be4156d5bb2a5bf80dec032f1743bc162b2778 100644
--- a/perun-oidc-server/src/main/java/cz/muni/ics/oauth2/model/ClientDetailsEntity.java
+++ b/perun-oidc-server/src/main/java/cz/muni/ics/oauth2/model/ClientDetailsEntity.java
@@ -338,18 +338,6 @@ public class ClientDetailsEntity implements ClientDetails {
@Column(name = "parent_client_id")
private Long parentClientId;
- @ElementCollection(fetch = FetchType.EAGER)
- @CollectionTable(name = "client_only_allowed_idps", joinColumns = @JoinColumn(name = "owner_id"))
- @Column(name = "idp_entity_id")
- @CascadeOnDelete
- private Set<String> onlyAllowedIdps;
-
- @ElementCollection(fetch = FetchType.EAGER)
- @CollectionTable(name = "client_blocked_idps", joinColumns = @JoinColumn(name = "owner_id"))
- @Column(name = "idp_entity_id")
- @CascadeOnDelete
- private Set<String> blockedIdps;
-
@Transient
private Map<String, Object> additionalInformation = new HashMap<>();
diff --git a/perun-oidc-server/src/main/java/cz/muni/ics/oauth2/web/controller/OAuthConfirmationController.java b/perun-oidc-server/src/main/java/cz/muni/ics/oauth2/web/controller/OAuthConfirmationController.java
index 38b5d37d826c6f2b766fffe8d73649060c6babea..5505e255c2d5d029104069dd670dcef2fce148db 100644
--- a/perun-oidc-server/src/main/java/cz/muni/ics/oauth2/web/controller/OAuthConfirmationController.java
+++ b/perun-oidc-server/src/main/java/cz/muni/ics/oauth2/web/controller/OAuthConfirmationController.java
@@ -205,7 +205,6 @@ public class OAuthConfirmationController {
model.put("getsOfflineAccess", authRequest.getScope().contains("offline_access"));
model.put("jurisdiction", AuthenticationUtilities.getJurisdiction(client));
model.put("isTestSp", AuthenticationUtilities.isTestSp(client, perunAdapter, facilityAttrsConfig.getTestSpAttr()));
- model.put("acceptedTos", client.isAcceptedTos());
return "lsaai/approve";
}
return THEMED_APPROVE;
diff --git a/perun-oidc-server/src/main/java/cz/muni/ics/oauth2/web/endpoint/DeviceEndpoint.java b/perun-oidc-server/src/main/java/cz/muni/ics/oauth2/web/endpoint/DeviceEndpoint.java
index d379f94f7f12a6734acea9310e0b29461cfbd085..a8c0e219c6d6a36a7b483c9eb5a9212598ad3388 100644
--- a/perun-oidc-server/src/main/java/cz/muni/ics/oauth2/web/endpoint/DeviceEndpoint.java
+++ b/perun-oidc-server/src/main/java/cz/muni/ics/oauth2/web/endpoint/DeviceEndpoint.java
@@ -441,6 +441,9 @@ public class DeviceEndpoint {
ControllerUtils.setPageOptions(model, req, htmlClasses, perunOidcConfig);
model.put(PAGE, viewName);
+ if (perunOidcConfig.getTheme().equalsIgnoreCase("lsaai")) {
+ return "lsaai/" + themedViewName;
+ }
return themedViewName;
}
@@ -471,8 +474,7 @@ public class DeviceEndpoint {
model.put("getsOfflineAccess", dc.getScope().contains("offline_access"));
model.put("jurisdiction", AuthenticationUtilities.getJurisdiction(client));
model.put("isTestSp", AuthenticationUtilities.isTestSp(client, perunAdapter, facilityAttrsConfig.getTestSpAttr()));
- model.put("acceptedTos", client.isAcceptedTos());
- return "lsaai/approveDevice";
+ return "lsaai/" + APPROVE_DEVICE;
}
return THEMED_APPROVE_DEVICE;
}
@@ -512,6 +514,9 @@ public class DeviceEndpoint {
{
deviceCodeService.addErrorToCode(userCode, exception);
ControllerUtils.setPageOptions(model, req, htmlClasses, perunOidcConfig);
+ if (perunOidcConfig.getTheme().equalsIgnoreCase("lsaai")) {
+ return "lsaai/" + DEVICE_FLOW_ERROR_VIEW;
+ }
return DEVICE_FLOW_ERROR_VIEW;
}
diff --git a/perun-oidc-server/src/main/java/cz/muni/ics/oidc/saml/PerunSamlEntryPoint.java b/perun-oidc-server/src/main/java/cz/muni/ics/oidc/saml/PerunSamlEntryPoint.java
index 013cd6e6519bd15e825baa49375d83fb26beece1..4fd96fe19884440641e21702d1af4b30f88c7fce 100644
--- a/perun-oidc-server/src/main/java/cz/muni/ics/oidc/saml/PerunSamlEntryPoint.java
+++ b/perun-oidc-server/src/main/java/cz/muni/ics/oidc/saml/PerunSamlEntryPoint.java
@@ -1,9 +1,7 @@
package cz.muni.ics.oidc.saml;
-import cz.muni.ics.oauth2.model.ClientDetailsEntity;
import cz.muni.ics.oauth2.model.DeviceCode;
import cz.muni.ics.oauth2.repository.impl.DeviceCodeRepository;
-import cz.muni.ics.oauth2.service.ClientDetailsEntityService;
import cz.muni.ics.oidc.models.Facility;
import cz.muni.ics.oidc.models.PerunAttributeValue;
import cz.muni.ics.oidc.server.adapters.PerunAdapter;
@@ -41,12 +39,10 @@ import java.util.Set;
import static cz.muni.ics.oauth2.web.endpoint.DeviceEndpoint.PATH_DEVICE_AUTHORIZE;
import static cz.muni.ics.oauth2.web.endpoint.DeviceEndpoint.USER_CODE;
import static cz.muni.ics.oidc.server.filters.AuthProcFilterConstants.AARC_IDP_HINT;
-import static cz.muni.ics.oidc.server.filters.AuthProcFilterConstants.BLOCKED_IDPS_ACR_PREFIX;
import static cz.muni.ics.oidc.server.filters.AuthProcFilterConstants.CLIENT_ID_PREFIX;
import static cz.muni.ics.oidc.server.filters.AuthProcFilterConstants.EFILTER_PREFIX;
import static cz.muni.ics.oidc.server.filters.AuthProcFilterConstants.FILTER_PREFIX;
import static cz.muni.ics.oidc.server.filters.AuthProcFilterConstants.IDP_ENTITY_ID_PREFIX;
-import static cz.muni.ics.oidc.server.filters.AuthProcFilterConstants.ONLY_ALLOWED_IDPS_ACR_PREFIX;
import static cz.muni.ics.oidc.server.filters.AuthProcFilterConstants.PARAM_CLIENT_ID;
import static cz.muni.ics.oidc.server.filters.AuthProcFilterConstants.PARAM_MAX_AGE;
import static cz.muni.ics.oidc.server.filters.AuthProcFilterConstants.PARAM_PROMPT;
@@ -59,21 +55,18 @@ public class PerunSamlEntryPoint extends SAMLEntryPoint {
private final FacilityAttrsConfig facilityAttrsConfig;
private final SamlProperties samlProperties;
private final DeviceCodeRepository deviceCodeRepository;
- private final ClientDetailsEntityService clientDetailsEntityService;
public PerunSamlEntryPoint(PerunAdapter perunAdapter,
PerunOidcConfig config,
FacilityAttrsConfig facilityAttrsConfig,
SamlProperties samlProperties,
- DeviceCodeRepository deviceCodeRepository,
- ClientDetailsEntityService clientDetailsEntityService
- ) {
+ DeviceCodeRepository deviceCodeRepository)
+ {
this.perunAdapter = perunAdapter;
this.config = config;
this.facilityAttrsConfig = facilityAttrsConfig;
this.samlProperties = samlProperties;
this.deviceCodeRepository = deviceCodeRepository;
- this.clientDetailsEntityService = clientDetailsEntityService;
}
@Override
@@ -183,12 +176,12 @@ public class PerunSamlEntryPoint extends SAMLEntryPoint {
}
private void processPrompt(Map<String, String> requestParameters, WebSSOProfileOptions options) {
- String prompt = requestParameters.getOrDefault(PARAM_PROMPT, "");
- if (PerunSamlUtils.needsReAuthByPrompt(prompt)) {
- log.debug("Transformed prompt parameter ({}) to SAML forceAuthn=true", prompt);
+ if (PerunSamlUtils.needsReAuthByPrompt(requestParameters.getOrDefault(PARAM_PROMPT, null))) {
+ log.debug("Transformed prompt parameter ({}) to SAML forceAuthn=true",
+ requestParameters.get(PARAM_PROMPT));
options.setForceAuthN(true);
}
- if ("none".equalsIgnoreCase(prompt)) {
+ if ("none".equalsIgnoreCase(requestParameters.getOrDefault(PARAM_PROMPT, ""))) {
log.debug("Detected prompt=none, translating to 'isPassive=true' in SAML");
options.setPassive(true);
}
@@ -210,48 +203,25 @@ public class PerunSamlEntryPoint extends SAMLEntryPoint {
acrs = convertAcrValuesToList(acrValues);
}
- String clientId = requestParameters.getOrDefault(AuthProcFilterConstants.PARAM_CLIENT_ID, null);
- if (StringUtils.hasText(clientId)) {
- // ADD FILTER AND E-FILTER
- if (config.isAskPerunForIdpFiltersEnabled() && !hasAcrForcingIdp(acrs)) {
+ if (!hasAcrForcingIdp(acrs)) {
+ String clientId = requestParameters.getOrDefault(AuthProcFilterConstants.PARAM_CLIENT_ID, null);
+ if (clientId != null) {
String idpFilter = extractIdpFilterForRp(clientId);
if (idpFilter != null) {
log.debug("Added IdP filter as SAML AuthnContextClassRef ({})", idpFilter);
acrs.add(idpFilter);
}
}
+ }
- ClientDetailsEntity client = clientDetailsEntityService.loadClientByClientId(clientId);
- if (client != null) {
- // ADD BLOCKED IdPs
- String blockedIdps = getBlockedIdpsAcr(client);
- log.debug("blockedIdps ({})", blockedIdps);
- if (StringUtils.hasText(blockedIdps)) {
- String acr = BLOCKED_IDPS_ACR_PREFIX + blockedIdps;
- log.debug("Added blockedIdps as SAML AuthnContextClassRef ({})", acr);
- acrs.add(acr);
- }
-
- // ADD ONLY ALLOWED IdPs
- String onlyAllowedIdps = getOnlyAllowedIdpsAcr(client);
- log.debug("allowedIdps ({})", onlyAllowedIdps);
- if (StringUtils.hasText(onlyAllowedIdps)) {
- String acr = ONLY_ALLOWED_IDPS_ACR_PREFIX + onlyAllowedIdps;
- log.debug("Added onlyAllowedIdps as SAML AuthnContextClassRef ({})", acr);
- acrs.add(acr);
- }
- }
-
- // ADD CLIENT_ID
- if (config.isAddClientIdToAcrs()) {
- String clientIdAcr = CLIENT_ID_PREFIX + requestParameters.get(PARAM_CLIENT_ID);
- log.debug("Adding client_id ACR ({}) to list of AuthnContextClassRefs for purposes" +
- " of displaying service name on the wayf", clientIdAcr);
- acrs.add(clientIdAcr);
- }
+ if (StringUtils.hasText(requestParameters.getOrDefault(PARAM_CLIENT_ID, "")) && config.isAddClientIdToAcrs()) {
+ String clientIdAcr = CLIENT_ID_PREFIX + requestParameters.get(PARAM_CLIENT_ID);
+ log.debug("Adding client_id ACR ({}) to list of AuthnContextClassRefs for purposes" +
+ " of displaying service name on the wayf", clientIdAcr);
+ acrs.add(clientIdAcr);
}
- if (!acrs.isEmpty()) {
+ if (acrs.size() > 0) {
processAcrs(acrs);
options.setAuthnContexts(acrs);
log.debug("Transformed acr_values ({}) to SAML AuthnContextClassRef ({})",
@@ -267,7 +237,7 @@ public class PerunSamlEntryPoint extends SAMLEntryPoint {
}
String clientId = requestParameters.getOrDefault(PARAM_CLIENT_ID, null);
if (StringUtils.hasText(clientId)) {
- log.debug("Adding ClientID ({}) to SAML RequesterIDs", clientId);
+ log.debug("Adding ClientID ({}) to SAML RequesterIDs", requestParameters.get(PARAM_CLIENT_ID));
Set<String> requesterIds = options.getRequesterIds();
if (requesterIds == null) {
requesterIds = new HashSet<>();
@@ -386,26 +356,4 @@ public class PerunSamlEntryPoint extends SAMLEntryPoint {
return result;
}
- private String getOnlyAllowedIdpsAcr(ClientDetailsEntity client) {
- String result = null;
- if (config.isOnlyAllowedIdpsEnabled()) {
- Set<String> idps = client.getOnlyAllowedIdps();
- if (idps != null && !idps.isEmpty()) {
- result = String.join(";", idps);
- }
- }
- return result;
- }
-
- private String getBlockedIdpsAcr(ClientDetailsEntity client) {
- String result = null;
- if (config.isBlockedIdpsEnabled()) {
- Set<String> idps = client.getBlockedIdps();
- if (idps != null && !idps.isEmpty()) {
- result = String.join(";", idps);
- }
- }
- return result;
- }
-
}
diff --git a/perun-oidc-server/src/main/java/cz/muni/ics/oidc/server/configurations/FacilityAttrsConfig.java b/perun-oidc-server/src/main/java/cz/muni/ics/oidc/server/configurations/FacilityAttrsConfig.java
index d0d826185d462271cf3c4dbbc416d2c56ee52191..1af124f9d03b35144856f5541dc0bbd65b67627e 100644
--- a/perun-oidc-server/src/main/java/cz/muni/ics/oidc/server/configurations/FacilityAttrsConfig.java
+++ b/perun-oidc-server/src/main/java/cz/muni/ics/oidc/server/configurations/FacilityAttrsConfig.java
@@ -1,7 +1,5 @@
package cz.muni.ics.oidc.server.configurations;
-import lombok.Getter;
-import lombok.Setter;
import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.InitializingBean;
diff --git a/perun-oidc-server/src/main/java/cz/muni/ics/oidc/server/configurations/PerunOidcConfig.java b/perun-oidc-server/src/main/java/cz/muni/ics/oidc/server/configurations/PerunOidcConfig.java
index 7051aa73683c988e6e6764187fc816911f9565b8..d4f072cd8219510e0efeee2bcb464b56398b24ce 100644
--- a/perun-oidc-server/src/main/java/cz/muni/ics/oidc/server/configurations/PerunOidcConfig.java
+++ b/perun-oidc-server/src/main/java/cz/muni/ics/oidc/server/configurations/PerunOidcConfig.java
@@ -86,10 +86,6 @@ public class PerunOidcConfig implements InitializingBean {
private Set<String> krbTokenExchangeRequiredScopes;
- private boolean onlyAllowedIdpsEnabled = false;
-
- private boolean blockedIdpsEnabled = false;
-
@Autowired
private ServletContext servletContext;
@@ -173,8 +169,6 @@ public class PerunOidcConfig implements InitializingBean {
log.info("Localization files path: {}", localizationFilesPath);
log.info("Email contact: {}", emailContact);
log.info("Sentry enabled: {}", StringUtils.hasText(sentryConfigFileLocation));
- log.info("OnlyAllowedIdPs ACR enabled: {}", onlyAllowedIdpsEnabled);
- log.info("BlockedIdPs ACR enabled: {}", blockedIdpsEnabled);
log.info("Perun OIDC version: {}", getPerunOIDCVersion());
}
}
diff --git a/perun-oidc-server/src/main/java/cz/muni/ics/oidc/server/filters/AuthProcFilterConstants.java b/perun-oidc-server/src/main/java/cz/muni/ics/oidc/server/filters/AuthProcFilterConstants.java
index 2baf755d74f6551ec2233284a155d2c75775fbbc..63f6eae94a8768d5293427ba3bb838cc1496ae8c 100644
--- a/perun-oidc-server/src/main/java/cz/muni/ics/oidc/server/filters/AuthProcFilterConstants.java
+++ b/perun-oidc-server/src/main/java/cz/muni/ics/oidc/server/filters/AuthProcFilterConstants.java
@@ -32,9 +32,6 @@ public interface AuthProcFilterConstants {
String FILTER_PREFIX = "urn:cesnet:proxyidp:filter:";
String EFILTER_PREFIX = "urn:cesnet:proxyidp:efilter:";
- String ONLY_ALLOWED_IDPS_ACR_PREFIX = "urn:cesnet:proxyidp:only_allowed_idps:";
- String BLOCKED_IDPS_ACR_PREFIX = "urn:cesnet:proxyidp:blocked_idps:";
-
String SAML_EPUID = "urn:oid:1.3.6.1.4.1.5923.1.1.1.13";
String SAML_EPPN = "urn:oid:1.3.6.1.4.1.5923.1.1.1.6";
String SAML_EPTID = "urn:oid:1.3.6.1.4.1.5923.1.1.1.10";
diff --git a/perun-oidc-server/src/main/java/cz/muni/ics/oidc/web/controllers/AupController.java b/perun-oidc-server/src/main/java/cz/muni/ics/oidc/web/controllers/AupController.java
index 4367f0d35e7c904174030777f5d3cf0a6b63179a..031968243a53ab858e15bf585238442b8c3648b3 100644
--- a/perun-oidc-server/src/main/java/cz/muni/ics/oidc/web/controllers/AupController.java
+++ b/perun-oidc-server/src/main/java/cz/muni/ics/oidc/web/controllers/AupController.java
@@ -71,6 +71,10 @@ public class AupController {
model.put(NEW_AUPS, newAups);
ControllerUtils.setPageOptions(model, req, htmlClasses, perunOidcConfig);
+
+ if (perunOidcConfig.getTheme().equalsIgnoreCase("lsaai")) {
+ return "lsaai/aup";
+ }
return "aup";
}
diff --git a/perun-oidc-server/src/main/java/cz/muni/ics/oidc/web/controllers/IsTestSpController.java b/perun-oidc-server/src/main/java/cz/muni/ics/oidc/web/controllers/IsTestSpController.java
index 5c1dc2bb603bd9fe09fe915f498fd5f7fa9027f3..4eee32d749b33d0b0b073688d61f57eca0d139d7 100644
--- a/perun-oidc-server/src/main/java/cz/muni/ics/oidc/web/controllers/IsTestSpController.java
+++ b/perun-oidc-server/src/main/java/cz/muni/ics/oidc/web/controllers/IsTestSpController.java
@@ -47,6 +47,9 @@ public class IsTestSpController {
model.put(TARGET, returnUrl);
model.put(ACTION, req.getRequestURL().toString());
ControllerUtils.setPageOptions(model, req, htmlClasses, perunOidcConfig);
+ if (perunOidcConfig.getTheme().equalsIgnoreCase("lsaai")) {
+ return "lsaai/isTestSpWarning";
+ }
return "isTestSpWarning";
}
diff --git a/perun-oidc-server/src/main/java/cz/muni/ics/oidc/web/controllers/LoginController.java b/perun-oidc-server/src/main/java/cz/muni/ics/oidc/web/controllers/LoginController.java
index 536214c2751f8e8a754bfb6b3800dc5f6070bdde..6ae0e3f1248b240c639f1a2f80fba45af22d3512 100644
--- a/perun-oidc-server/src/main/java/cz/muni/ics/oidc/web/controllers/LoginController.java
+++ b/perun-oidc-server/src/main/java/cz/muni/ics/oidc/web/controllers/LoginController.java
@@ -37,6 +37,9 @@ public class LoginController {
@RequestMapping(value = MAPPING_SUCCESS)
public String loginSuccess(HttpServletRequest req, Map<String, Object> model) {
ControllerUtils.setPageOptions(model, req, htmlClasses, perunOidcConfig);
+ if (perunOidcConfig.getTheme().equalsIgnoreCase("lsaai")) {
+ return "lsaai/login_success";
+ }
return "login_success";
}
@@ -66,6 +69,9 @@ public class LoginController {
}
ControllerUtils.setPageOptions(model, req, htmlClasses, perunOidcConfig);
+ if (perunOidcConfig.getTheme().equalsIgnoreCase("lsaai")) {
+ return "lsaai/login_failure";
+ }
return "login_failure";
}
diff --git a/perun-oidc-server/src/main/java/cz/muni/ics/oidc/web/controllers/LogoutController.java b/perun-oidc-server/src/main/java/cz/muni/ics/oidc/web/controllers/LogoutController.java
index 2d06053eb0e6b58c3411734d5ef804b32ffea4fc..b34398a892acac04a97782d18c136dcc2ddc4fc6 100644
--- a/perun-oidc-server/src/main/java/cz/muni/ics/oidc/web/controllers/LogoutController.java
+++ b/perun-oidc-server/src/main/java/cz/muni/ics/oidc/web/controllers/LogoutController.java
@@ -28,6 +28,9 @@ public class LogoutController {
@RequestMapping(value = MAPPING_SUCCESS)
public String logoutSuccess(HttpServletRequest req, Map<String, Object> model) {
ControllerUtils.setPageOptions(model, req, htmlClasses, perunOidcConfig);
+ if (perunOidcConfig.getTheme().equalsIgnoreCase("lsaai")) {
+ return "lsaai/logout_success";
+ }
return "logout_success";
}
diff --git a/perun-oidc-server/src/main/java/cz/muni/ics/oidc/web/controllers/PerunUnapprovedController.java b/perun-oidc-server/src/main/java/cz/muni/ics/oidc/web/controllers/PerunUnapprovedController.java
index b9817c9681de884683702250d5d0eab25b4ae787..5347358cf9288798a2699fbe790de0abe4fda544 100644
--- a/perun-oidc-server/src/main/java/cz/muni/ics/oidc/web/controllers/PerunUnapprovedController.java
+++ b/perun-oidc-server/src/main/java/cz/muni/ics/oidc/web/controllers/PerunUnapprovedController.java
@@ -123,6 +123,10 @@ public class PerunUnapprovedController {
ControllerUtils.setPageOptions(model, req, htmlClasses, perunOidcConfig);
model.put("client", client);
+
+ if (perunOidcConfig.getTheme().equalsIgnoreCase("lsaai")) {
+ return "lsaai/unapproved";
+ }
return "unapproved";
}
@@ -137,6 +141,10 @@ public class PerunUnapprovedController {
model.put(OUT_MESSAGE, message);
model.put(OUT_CONTACT_P, CONTACT_LANG_PROP_KEY);
model.put(CONTACT_MAIL, perunOidcConfig.getEmailContact());
+
+ if (perunOidcConfig.getTheme().equalsIgnoreCase("lsaai")) {
+ return "lsaai/unapproved_spec";
+ }
return "unapproved_spec";
}
@@ -160,6 +168,10 @@ public class PerunUnapprovedController {
model.put(CONTACT_MAIL, perunOidcConfig.getEmailContact());
model.put(HAS_TARGET, StringUtils.hasText(target));
req.getSession(true).setAttribute(TARGET, target);
+
+ if (perunOidcConfig.getTheme().equalsIgnoreCase("lsaai")) {
+ return "lsaai/unapproved_is_eligible";
+ }
return "unapproved_is_eligible";
}
@@ -197,6 +209,10 @@ public class PerunUnapprovedController {
model.put(OUT_MESSAGE, AUTHORIZATION_MSG);
model.put(OUT_CONTACT_P, CONTACT_LANG_PROP_KEY);
model.put(CONTACT_MAIL, perunOidcConfig.getEmailContact());
+
+ if (perunOidcConfig.getTheme().equalsIgnoreCase("lsaai")) {
+ return "lsaai/unapproved_spec";
+ }
return "unapproved_spec";
}
@@ -208,6 +224,10 @@ public class PerunUnapprovedController {
model.put(OUT_MESSAGE, NOT_IN_TEST_VOS_GROUPS_MSG);
model.put(OUT_CONTACT_P, CONTACT_LANG_PROP_KEY);
model.put(CONTACT_MAIL, perunOidcConfig.getEmailContact());
+
+ if (perunOidcConfig.getTheme().equalsIgnoreCase("lsaai")) {
+ return "lsaai/unapproved_spec";
+ }
return "unapproved_spec";
}
@@ -219,6 +239,10 @@ public class PerunUnapprovedController {
model.put(OUT_MESSAGE, NOT_IN_PROD_VOS_GROUPS_MSG);
model.put(OUT_CONTACT_P, CONTACT_LANG_PROP_KEY);
model.put(CONTACT_MAIL, perunOidcConfig.getEmailContact());
+
+ if (perunOidcConfig.getTheme().equalsIgnoreCase("lsaai")) {
+ return "lsaai/unapproved_spec";
+ }
return "unapproved_spec";
}
@@ -230,6 +254,10 @@ public class PerunUnapprovedController {
model.put(OUT_MESSAGE, NOT_IN_MANDATORY_VOS_GROUPS_MSG);
model.put(OUT_CONTACT_P, CONTACT_LANG_PROP_KEY);
model.put(CONTACT_MAIL, perunOidcConfig.getEmailContact());
+
+ if (perunOidcConfig.getTheme().equalsIgnoreCase("lsaai")) {
+ return "lsaai/unapproved_spec";
+ }
return "unapproved_spec";
}
@@ -241,6 +269,10 @@ public class PerunUnapprovedController {
model.put(OUT_MESSAGE, NOT_LOGGED_IN_MSG);
model.put(OUT_CONTACT_P, CONTACT_LANG_PROP_KEY);
model.put(CONTACT_MAIL, perunOidcConfig.getEmailContact());
+
+ if (perunOidcConfig.getTheme().equalsIgnoreCase("lsaai")) {
+ return "lsaai/unapproved_spec";
+ }
return "unapproved_spec";
}
diff --git a/perun-oidc-server/src/main/java/cz/muni/ics/oidc/web/controllers/PerunUnapprovedRegistrationController.java b/perun-oidc-server/src/main/java/cz/muni/ics/oidc/web/controllers/PerunUnapprovedRegistrationController.java
index 3fab8a35b74c2bff82119b74423de90064bd0e20..edf30d2bd1c3c37c82545f73644522b4b2f2c52d 100644
--- a/perun-oidc-server/src/main/java/cz/muni/ics/oidc/web/controllers/PerunUnapprovedRegistrationController.java
+++ b/perun-oidc-server/src/main/java/cz/muni/ics/oidc/web/controllers/PerunUnapprovedRegistrationController.java
@@ -119,6 +119,10 @@ public class PerunUnapprovedRegistrationController {
model.put("action", buildActionUrl(request));
model.put("groupsForRegistration", groupsForRegistration);
model.put("page", "regForm");
+
+ if (perunOidcConfig.getTheme().equalsIgnoreCase("lsaai")) {
+ return "lsaai/registrationForm";
+ }
return "registrationForm";
}
@@ -150,6 +154,10 @@ public class PerunUnapprovedRegistrationController {
model.put("action", request.getRequestURL().toString()
.replace(REGISTRATION_CONTINUE_MAPPING, REGISTRATION_FORM_MAPPING));
ControllerUtils.setPageOptions(model, request, htmlClasses, perunOidcConfig);
+
+ if (perunOidcConfig.getTheme().equalsIgnoreCase("lsaai")) {
+ return "lsaai/registrationFormContinue";
+ }
return "registrationFormContinue";
}
diff --git a/perun-oidc-server/src/main/java/cz/muni/ics/oidc/web/controllers/RegistrationController.java b/perun-oidc-server/src/main/java/cz/muni/ics/oidc/web/controllers/RegistrationController.java
index 68bedde9740e4e4eb296c7c0478ee944fd92ace7..bb699dbd782a7466acec66dbb07213a023f30dc3 100644
--- a/perun-oidc-server/src/main/java/cz/muni/ics/oidc/web/controllers/RegistrationController.java
+++ b/perun-oidc-server/src/main/java/cz/muni/ics/oidc/web/controllers/RegistrationController.java
@@ -36,6 +36,9 @@ public class RegistrationController {
{
model.put(PARAM_TARGET, target);
ControllerUtils.setPageOptions(model, req, htmlClasses, perunOidcConfig);
+ if (perunOidcConfig.getTheme().equalsIgnoreCase("lsaai")) {
+ return "lsaai/registrationFormContinue";
+ }
return "registrationFormContinue";
}
diff --git a/perun-oidc-server/src/main/java/cz/muni/ics/openid/connect/web/endpoint/EndSessionEndpoint.java b/perun-oidc-server/src/main/java/cz/muni/ics/openid/connect/web/endpoint/EndSessionEndpoint.java
index 399306123dbb00184c2689de07605362d1cff411..8b7f14f29c6007edea8673a7d343035848ad6650 100644
--- a/perun-oidc-server/src/main/java/cz/muni/ics/openid/connect/web/endpoint/EndSessionEndpoint.java
+++ b/perun-oidc-server/src/main/java/cz/muni/ics/openid/connect/web/endpoint/EndSessionEndpoint.java
@@ -145,6 +145,11 @@ public class EndSessionEndpoint {
model.put("idToken", idTokenClaims);
ControllerUtils.setPageOptions(model, request, htmlClasses, perunOidcConfig);
+
+ // display the log out confirmation page
+ if (perunOidcConfig.getTheme().equalsIgnoreCase("lsaai")) {
+ return "lsaai/logout";
+ }
return "logout";
}
}
@@ -186,6 +191,9 @@ public class EndSessionEndpoint {
log.trace("redirecting to logout SAML only");
return "redirect:" + getLogoutUrl(null);
} else {
+ if (perunOidcConfig.getTheme().equalsIgnoreCase("lsaai")) {
+ return "lsaai/logout_denied";
+ }
return "logout_denied";
}
}