diff --git a/dictionaries/consent.php b/dictionaries/consent.php
index 976f930f2e3de91b03c8192cb42ec3e7ad4824b4..2921095c755aa89bb25dedd04c203f8d86740631 100644
--- a/dictionaries/consent.php
+++ b/dictionaries/consent.php
@@ -79,6 +79,11 @@ $lang = array(
'hr' => 'Tijekom procesa prijavljivanja vaša matična ustanova će servisu poslati atribute koji sadrže podatke o vašem identitetu. Slažete li se s time?',
'hu' => 'Az azonosĂtás során az azonosĂtĂł szolgáltatĂł szemĂ©lyes adatokat fog kĂĽldeni ennek a szolgáltatásnak. EngedĂ©lyezi?',
),
+ 'consent_privacypolicy' => array (
+ 'en' => 'Privacypolicy for the service',
+ 'sv' => 'Registerbeskrivning för tjänsten',
+ 'fi' => 'Tietosuojaseloste palvelulle',
+ ),
'login' => array (
'no' => 'innlogging',
'nn' => 'Logg inn',
diff --git a/docs/source/simplesamlphp-idp.xml b/docs/source/simplesamlphp-idp.xml
index 33ee032e3ed01b1ae8d3274f8dfe1aea8eb012d2..d04bff6980bdd4048b4d99b27eb4ca1a9157a880 100644
--- a/docs/source/simplesamlphp-idp.xml
+++ b/docs/source/simplesamlphp-idp.xml
@@ -541,6 +541,17 @@ openssl x509 -req -days 60 -in server2.csr -signkey server2.key -out server2.crt
page.</para>
</glossdef>
</glossentry>
+
+ <glossentry>
+ <glossterm>privacypolicy</glossterm>
+
+ <glossdef>
+ <para>This is an absolute URL for where an user can find a
+ privacypolicy. If set, this will be shown on the consent page.
+ <literal>%SPENTITYID%</literal> in the URL will be replaced with
+ the entity id of the service the user is accessing.</para>
+ </glossdef>
+ </glossentry>
</glosslist>
</section>
@@ -854,6 +865,17 @@ openssl x509 -req -days 60 -in server2.csr -signkey server2.key -out server2.crt
<literal>FALSE</literal> by default.</para>
</glossdef>
</glossentry>
+
+ <glossentry>
+ <glossterm>privacypolicy</glossterm>
+
+ <glossdef>
+ <para>This is an absolute URL for where an user can find a
+ privacypolicy for this SP. If set, this will be shown on the
+ consent page. <literal>%SPENTITYID%</literal> in the URL will be
+ replaced with the entity id of this service provider.</para>
+ </glossdef>
+ </glossentry>
</glosslist>
</section>
</section>
diff --git a/templates/default/consent.php b/templates/default/consent.php
index 8ef0ebbc61379c154099ed07ed9fec57fbd5d1e5..8622e73eb61d153bd69d3b9cccdbf41a8131bf8f 100644
--- a/templates/default/consent.php
+++ b/templates/default/consent.php
@@ -11,6 +11,12 @@
<?php echo htmlspecialchars($this->t('consent_accept')) ?>
</p>
+ <?php if ($this->data['sppp'] !== FALSE) {
+ echo "<p>" . htmlspecialchars($this->t('consent_privacypolicy')) . " ";
+ echo "<a target='_new_window' href='" . htmlspecialchars($this->data['sppp']) . "'>" . htmlspecialchars($this->t('spname')) . "</a>";
+ echo "</p>";
+ } ?>
+
<form style="display: inline" action="<?php echo htmlspecialchars($this->data['consenturl']); ?>">
<input type="submit" value="<?php echo htmlspecialchars($this->t('yes')) ?>" />
<input type="hidden" name="consent" value="<?php echo htmlspecialchars($this->data['consent_cookie']); ?>" />
diff --git a/www/saml2/idp/SSOService.php b/www/saml2/idp/SSOService.php
index b9b62133168a3142484a6a1c0e10a560c1199acb..925dcf9fba57597bb86b99ce65b51ff8403ca2ec 100644
--- a/www/saml2/idp/SSOService.php
+++ b/www/saml2/idp/SSOService.php
@@ -282,6 +282,20 @@ if($needAuth && !$isPassive) {
$t->data['consent_cookie'] = $requestcache['ConsentCookie'];
$t->data['usestorage'] = $consent->useStorage();
$t->data['noconsent'] = '/' . $config->getBaseURL() . 'noconsent.php';
+
+ if (array_key_exists('privacypolicy', $spmetadata)) {
+ $privacypolicy = $spmetadata['privacypolicy'];
+ } elseif (array_key_exists('privacypolicy', $idpmetadata)) {
+ $privacypolicy = $idpmetadata['privacypolicy'];
+ } else {
+ $privacypolicy = FALSE;
+ }
+ if($privacypolicy !== FALSE) {
+ $privacypolicy = str_replace('%SPENTITYID%', urlencode($spentityid),
+ $privacypolicy);
+ }
+ $t->data['sppp'] = $privacypolicy;
+
$t->show();
exit;
}
diff --git a/www/shib13/idp/SSOService.php b/www/shib13/idp/SSOService.php
index a2e0038c9cad35b2ee0484bf3ba1cb298f44cbb5..d905e07259a6a617c18c6d0a0416a847ec6c476f 100644
--- a/www/shib13/idp/SSOService.php
+++ b/www/shib13/idp/SSOService.php
@@ -194,6 +194,20 @@ if (!$session->isAuthenticated($authority) ) {
$t->data['consent_cookie'] = $requestcache['ConsentCookie'];
$t->data['usestorage'] = $consent->useStorage();
$t->data['noconsent'] = '/' . $config->getBaseURL() . 'noconsent.php';
+
+ if (array_key_exists('privacypolicy', $spmetadata)) {
+ $privacypolicy = $spmetadata['privacypolicy'];
+ } elseif (array_key_exists('privacypolicy', $idpmetadata)) {
+ $privacypolicy = $idpmetadata['privacypolicy'];
+ } else {
+ $privacypolicy = FALSE;
+ }
+ if($privacypolicy !== FALSE) {
+ $privacypolicy = str_replace('%SPENTITYID%', urlencode($spentityid),
+ $privacypolicy);
+ }
+ $t->data['sppp'] = $privacypolicy;
+
$t->show();
exit;
}