Skip to content
Snippets Groups Projects
Commit 07fed5a0 authored by Mads Freek Petersen's avatar Mads Freek Petersen
Browse files

ConsentAdmin config in separate module config file. 

Added option to include attribute values in consent hash.
Various fixex.

All from jach@wayf.dk



git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@1477 44740490-163a-0410-bde0-09ae8108e29a
parent 2aceb85c
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
modules/consentAdmin/config-templates/module_consentAdmin.php 0 → 100644
+ 25
0
View file @ 07fed5a0
<?php
/**
* Config file for consentAdmin
*
* @author Jacob Christiansen, <jach@wayf.dk>
* @package simpleSAMLphp
* @version $Id$
*/
$config = array(
/*
* Configuration for the database connection.
*/
'consentadmin' => array(
'consent:Database',
'dsn' => 'mysql:host=DBHOST;dbname=DBNAME',
'username' => 'USERNAME',
'password' => 'PASSWORD',
),
// Hash attributes including values or not
'attributes.hash' => TRUE,
// Where to direct the user after logout
'relaystate' => 'www.wayf.dk',
);
modules/consentAdmin/dictionaries/consentadmin.php
+ 0
177
View file @ 07fed5a0
<?php
// consentadmin dictionary
/*
'' => array(
'en' => '',
'no' => '',
'nn' => '',
'da' => '',
'es' => '',
'fr' => '',
'de' => '',
'nl' => '',
'lu' => '',
'sl' => '',
),
*
* */
$lang = array(
// WAYF: Additional attributes START
'attribute_org' => array(
'en' => 'Organisation',
'da' => 'Organisation',
),
'added' => array(
'en' => 'Consent Added',
'da' => 'Samtykke givet',
),
'removed' => array(
'en' => 'Consent Removed',
'da' => 'Samtykke slettet',
),
'updated' => array(
'en' => 'Consent Updated',
'da' => 'Samtykke Opdateret!!!',
),
'unknown' => array(
'en' => 'Unknown ...',
'da' => 'Ukendt ...',
),
'attribute_id' => array(
'en' => 'Identity',
'da' => 'Identitet',
),
'attribute_injected' => array(
'en' => 'Injected attribut',
'da' => 'Injiceret attribut',
),
// WAYF: Additional attributes END
// Text
'show' => array(
'en' => 'Show',
'da' => 'Vis',
),
'hide' => array(
'en' => 'Hide',
'da' => 'Skjul',
),
'attributes_text' => array(
'en' => 'attributes',
'da' => 'attributter',
),
'consentadmin_header' => array(
'en' => 'Consent Administration',
'da' => 'Administrer dine samtykker',
),
'consentadmin_description1' => array(
'en' => 'Here you can view and edit your consent for the Service Providers.',
'da' => '
WAYF videregiver kun oplysninger til eksterne tjenester, hvis du giver dit samtykke til det. Hvilke oplysninger det drejer sig om, varierer alt efter hvad tjenesteudbyderen har behov for. Det kan for eksempel være:
<ul>
<li> Dit navn
<li> Din e-mail-adresse
<li> Din institution
<li> Etc.
</ul>
Hvis du sætter et flueben ud for <b>Husk dette samtykke</b>, vil du ikke blive spurgt, næste gang du besøger tjenesteudbyderen.
Så husker WAYF, at du allerede har givet samtykke til at videregive oplysninger til tjenesteudbyderen.
<p>Nedenfor er opført de tjenester, som du for øjeblikket har givet løbende samtykke til:</a>
', //da
),
'consentadmin_description2' => array(
'en' => '
<h3>How to delete your consent</h3>
Uncheck the box corresponding to the service provider
<h3>Links</h3>
<ul>
<li><a href="https://www.wayf.dk">Start</a> </li>
<li><a href="https://www.wayf.dk/FAQ">FAQ</a> </li>
</ul>
', // en
'da' => '
<h3>Sådan sletter du et samtykke</h3>
Fjern fluebenet ud for tjenesten, samtykket tilhører.
<h3>Hvilke data gemmer WAYF om dig?</h3>
<ul>
<li> Når du giver dit samtykke, henter WAYF dine oplysninger fra din institution og sender de relevante videre til tjenesteudbyderen
<li> Ingen af oplysningerne gemmes af WAYF
<li> Hvis du har bedt WAYF huske dit samtykke, gemmes personhenførbare data heller ikke hos WAYF. Oplysningen om, at du har givet dit samtykke, gemmes på en ikke-personhenførbar måde
</ul>
<h3>Hvilke rettigheder har du?</h3>
Du har ret til at trække et samtykke tilbage.
<h3>Hvor længe gemmes dine samtykker?</h3>
Et samtykke slettes tre år efter, at du sidst har benyttet det.
<h3>Hvordan beskyttes mine oplysninger?</h3>
WAYF foretager behandlinger af personoplysninger i henhold til persondataloven (lov nr. 429 af 31. maj 2000 med senere ændringer). Du kan læse nærmere om registreredes rettigheder i persondatalovens afsnit III.
<a href="http://www.datatilsynet.dk/lovgivning/persondataloven/">Persondataloven</a>
<h3>Links</h3>
<ul>
<li><a href="https://www.wayf.dk">Start</a> </li>
<li><a href="https://www.wayf.dk/FAQ">FAQ</a> </li>
</ul>
', // da
),
'login' => array(
'en' => 'login',
'da' => 'login',
),
'service_providers_for' => array(
'en' => 'Service Providers for',
'da' => 'Service Providers for',
),
'service_provider_header' => array(
'en' => 'Service Provider',
'da' => 'Service Provider',
),
'status_header' => array(
'en' => 'Consent status',
'da' => 'Samtykke status',
),
'show_hide_attributes' => array(
'en' => 'show/hide attributes',
'da' => 'vis/skjul attributter',
),
);
modules/consentAdmin/www/consentAdmin.php
+ 17
33
View file @ 07fed5a0
......@@ -8,14 +8,14 @@
* The module relies on methods and functions from the Consent module and can
* not be user without it.
*
* Author: Mads Freen - WAYF, Jacob Christiansen - WAYF
* Author: Mads Freen <freek@ruc.dk>, Jacob Christiansen <jach@wayf.dk>
*/
/*
* Runs the processingchain and ignores all filter which have user
* interaction.
*/
function driveProcessingChain($idp_metadata, $source, $sp_metadata, $sp_entityid, $attributes, $userid) {
function driveProcessingChain($idp_metadata, $source, $sp_metadata, $sp_entityid, $attributes, $userid, $hashAttributes = FALSE) {
/*
* Create a new processing chain
......@@ -47,7 +47,7 @@ function driveProcessingChain($idp_metadata, $source, $sp_metadata, $sp_entityid
$destination = $sp_metadata['metadata-set'] . '|' . $sp_entityid;
$targeted_id = sspmod_consent_Auth_Process_Consent::getTargetedID($userid, $source, $destination);
$attribute_hash = sspmod_consent_Auth_Process_Consent::getAttributeHash($attributes, false);
$attribute_hash = sspmod_consent_Auth_Process_Consent::getAttributeHash($attributes, $hashAttributes);
SimpleSAML_Logger::info('consentAdmin: user: ' . $hashed_user_id);
SimpleSAML_Logger::info('consentAdmin: target: ' . $targeted_id);
......@@ -59,6 +59,9 @@ function driveProcessingChain($idp_metadata, $source, $sp_metadata, $sp_entityid
// Get config object
$config = SimpleSAML_Configuration::getInstance();
$cA_config = $config->copyFromBase('consentAdmin', 'module_consentAdmin.php');
$hashAttributes = $cA_config->getValue('attributes.hash');
// Get session object
$session = SimpleSAML_Session::getInstance();
......@@ -126,7 +129,7 @@ SimpleSAML_Logger::info('consentAdmin: '.$idp_entityid);
$source = $idp_metadata['metadata-set'] . '|' . $idp_entityid;
// Parse consent config
$consent_storage = sspmod_consent_Store::parseStoreConfig($config->getValue('consentadmin'));
$consent_storage = sspmod_consent_Store::parseStoreConfig($cA_config->getValue('consentadmin'));
// Calc correct user ID hash
$hashed_user_id = sspmod_consent_Auth_Process_Consent::getHashedUserID($userid, $source);
......@@ -137,7 +140,7 @@ if ($action != null && $sp_entityid != null) {
$sp_metadata = $metadata->getMetaData($sp_entityid, 'saml20-sp-remote');
// Run AuthProc filters
list($targeted_id, $attribute_hash, $attributes_new) = driveProcessingChain($idp_metadata, $source, $sp_metadata, $sp_entityid, $attributes, $userid);
list($targeted_id, $attribute_hash, $attributes_new) = driveProcessingChain($idp_metadata, $source, $sp_metadata, $sp_entityid, $attributes, $userid, $hashAttributes);
// Add a consent (or update if attributes have changed and old consent for SP and IdP exists)
if($action == 'true') {
......@@ -177,40 +180,21 @@ foreach ($user_consent_list as $c) {
$user_consent[$c[0]]=$c[1];
}
$sp_empty_name = array(
'en' => '(name not specified)',
'no' => '(namn ikke spesifisert)',
'nn' => '(name not specified)',
'da' => '(navn ikke angivet)',
'en' => '(name not specified)',
'fr' => '(name not specified)',
'de' => '(name nicht definiert)',
'nl' => '(name not specified)',
'lu' => '(name not specified)',
'sl' => '(name not specified)',
); // TODO: Should be moved to language file
$sp_empty_description = array(
'en' => '(no description)',
'no' => '(ingen beskrivelse)',
'nn' => '(no description)',
'da' => '(ingen beskrivelse)',
'es' => '(no description)',
'fr' => '(no description)',
'de' => '(no description)',
'nl' => '(no description)',
'lu' => '(no description)',
'sl' => '(no description)',
); // TODO: Should be moved to language file
$template_sp_content = array();
// Init template
$et = new SimpleSAML_XHTML_Template($config, 'consentAdmin:consentadmin.php', 'consentAdmin:consentadmin');
$sp_empty_name = $et->getTag('sp_empty_name');
$sp_empty_description = $et->getTag('sp_empty_description');
// Process consents for all SP
foreach ($all_sp_metadata as $sp_entityid => $sp_values) {
// Get metadata for SP
$sp_metadata = $metadata->getMetaData($sp_entityid, 'saml20-sp-remote');
// Run attribute filters
list($targeted_id, $attribute_hash, $attributes_new) = driveProcessingChain($idp_metadata, $source, $sp_metadata, $sp_entityid, $attributes, $userid);
list($targeted_id, $attribute_hash, $attributes_new) = driveProcessingChain($idp_metadata, $source, $sp_metadata, $sp_entityid, $attributes, $userid, $hashAttributes);
// Check if consent exists
if (array_key_exists($targeted_id, $user_consent)) {
......@@ -252,10 +236,10 @@ foreach ($all_sp_metadata as $sp_entityid => $sp_values) {
);
}
// Init template
$et = new SimpleSAML_XHTML_Template($config, 'consentAdmin:consentadmin.php', 'consentAdmin:consentadmin');
$relaystate = $cA_config->getValue('relaystate');
$et->data['header'] = 'Consent Administration';
$et->data['logout'] = '<p>[ <a href="/' . $config->getValue('baseurlpath') . 'saml2/sp/initSLO.php?RelayState=https://www.wayf.dk">Logout</a> ]'; // TODO: Fix RelayState. Should be set in config
$et->data['logout'] = '<p>[ <a href="/' . $config->getValue('baseurlpath') . 'saml2/sp/initSLO.php?RelayState='. $relaystate .'">Logout</a> ]';
$et->data['spList'] = $sp_list;
$et->show();
?>
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment