From 932f71bc6d8495d6787690179dc091fccf79c346 Mon Sep 17 00:00:00 2001
From: Olav Morken <olav.morken@uninett.no>
Date: Mon, 23 Jun 2008 11:59:32 +0000
Subject: [PATCH] Consent: Add support for displaying a link to a privacy
policy in the consent page.
Thanks to Harald Hannelius for the original patch.
git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@696 44740490-163a-0410-bde0-09ae8108e29a
---
dictionaries/consent.php | 5 +++++
docs/source/simplesamlphp-idp.xml | 22 ++++++++++++++++++++++
templates/default/consent.php | 6 ++++++
www/saml2/idp/SSOService.php | 14 ++++++++++++++
www/shib13/idp/SSOService.php | 14 ++++++++++++++
5 files changed, 61 insertions(+)
diff --git a/dictionaries/consent.php b/dictionaries/consent.php
index 976f930f2..2921095c7 100644
--- a/dictionaries/consent.php
+++ b/dictionaries/consent.php
@@ -79,6 +79,11 @@ $lang = array(
'hr' => 'Tijekom procesa prijavljivanja vaša matična ustanova će servisu poslati atribute koji sadrže podatke o vašem identitetu. Slažete li se s time?',
'hu' => 'Az azonosĂtás során az azonosĂtĂł szolgáltatĂł szemĂ©lyes adatokat fog kĂĽldeni ennek a szolgáltatásnak. EngedĂ©lyezi?',
),
+ 'consent_privacypolicy' => array (
+ 'en' => 'Privacypolicy for the service',
+ 'sv' => 'Registerbeskrivning för tjänsten',
+ 'fi' => 'Tietosuojaseloste palvelulle',
+ ),
'login' => array (
'no' => 'innlogging',
'nn' => 'Logg inn',
diff --git a/docs/source/simplesamlphp-idp.xml b/docs/source/simplesamlphp-idp.xml
index 33ee032e3..d04bff698 100644
--- a/docs/source/simplesamlphp-idp.xml
+++ b/docs/source/simplesamlphp-idp.xml
@@ -541,6 +541,17 @@ openssl x509 -req -days 60 -in server2.csr -signkey server2.key -out server2.crt
page.</para>
</glossdef>
</glossentry>
+
+ <glossentry>
+ <glossterm>privacypolicy</glossterm>
+
+ <glossdef>
+ <para>This is an absolute URL for where an user can find a
+ privacypolicy. If set, this will be shown on the consent page.
+ <literal>%SPENTITYID%</literal> in the URL will be replaced with
+ the entity id of the service the user is accessing.</para>
+ </glossdef>
+ </glossentry>
</glosslist>
</section>
@@ -854,6 +865,17 @@ openssl x509 -req -days 60 -in server2.csr -signkey server2.key -out server2.crt
<literal>FALSE</literal> by default.</para>
</glossdef>
</glossentry>
+
+ <glossentry>
+ <glossterm>privacypolicy</glossterm>
+
+ <glossdef>
+ <para>This is an absolute URL for where an user can find a
+ privacypolicy for this SP. If set, this will be shown on the
+ consent page. <literal>%SPENTITYID%</literal> in the URL will be
+ replaced with the entity id of this service provider.</para>
+ </glossdef>
+ </glossentry>
</glosslist>
</section>
</section>
diff --git a/templates/default/consent.php b/templates/default/consent.php
index 8ef0ebbc6..8622e73eb 100644
--- a/templates/default/consent.php
+++ b/templates/default/consent.php
@@ -11,6 +11,12 @@
<?php echo htmlspecialchars($this->t('consent_accept')) ?>
</p>
+ <?php if ($this->data['sppp'] !== FALSE) {
+ echo "<p>" . htmlspecialchars($this->t('consent_privacypolicy')) . " ";
+ echo "<a target='_new_window' href='" . htmlspecialchars($this->data['sppp']) . "'>" . htmlspecialchars($this->t('spname')) . "</a>";
+ echo "</p>";
+ } ?>
+
<form style="display: inline" action="<?php echo htmlspecialchars($this->data['consenturl']); ?>">
<input type="submit" value="<?php echo htmlspecialchars($this->t('yes')) ?>" />
<input type="hidden" name="consent" value="<?php echo htmlspecialchars($this->data['consent_cookie']); ?>" />
diff --git a/www/saml2/idp/SSOService.php b/www/saml2/idp/SSOService.php
index b9b621331..925dcf9fb 100644
--- a/www/saml2/idp/SSOService.php
+++ b/www/saml2/idp/SSOService.php
@@ -282,6 +282,20 @@ if($needAuth && !$isPassive) {
$t->data['consent_cookie'] = $requestcache['ConsentCookie'];
$t->data['usestorage'] = $consent->useStorage();
$t->data['noconsent'] = '/' . $config->getBaseURL() . 'noconsent.php';
+
+ if (array_key_exists('privacypolicy', $spmetadata)) {
+ $privacypolicy = $spmetadata['privacypolicy'];
+ } elseif (array_key_exists('privacypolicy', $idpmetadata)) {
+ $privacypolicy = $idpmetadata['privacypolicy'];
+ } else {
+ $privacypolicy = FALSE;
+ }
+ if($privacypolicy !== FALSE) {
+ $privacypolicy = str_replace('%SPENTITYID%', urlencode($spentityid),
+ $privacypolicy);
+ }
+ $t->data['sppp'] = $privacypolicy;
+
$t->show();
exit;
}
diff --git a/www/shib13/idp/SSOService.php b/www/shib13/idp/SSOService.php
index a2e0038c9..d905e0725 100644
--- a/www/shib13/idp/SSOService.php
+++ b/www/shib13/idp/SSOService.php
@@ -194,6 +194,20 @@ if (!$session->isAuthenticated($authority) ) {
$t->data['consent_cookie'] = $requestcache['ConsentCookie'];
$t->data['usestorage'] = $consent->useStorage();
$t->data['noconsent'] = '/' . $config->getBaseURL() . 'noconsent.php';
+
+ if (array_key_exists('privacypolicy', $spmetadata)) {
+ $privacypolicy = $spmetadata['privacypolicy'];
+ } elseif (array_key_exists('privacypolicy', $idpmetadata)) {
+ $privacypolicy = $idpmetadata['privacypolicy'];
+ } else {
+ $privacypolicy = FALSE;
+ }
+ if($privacypolicy !== FALSE) {
+ $privacypolicy = str_replace('%SPENTITYID%', urlencode($spentityid),
+ $privacypolicy);
+ }
+ $t->data['sppp'] = $privacypolicy;
+
$t->show();
exit;
}
--
GitLab