From 932f71bc6d8495d6787690179dc091fccf79c346 Mon Sep 17 00:00:00 2001
From: Olav Morken <olav.morken@uninett.no>
Date: Mon, 23 Jun 2008 11:59:32 +0000
Subject: [PATCH] Consent: Add support for displaying a link to a privacy
 policy in the consent page.

Thanks to Harald Hannelius for the original patch.


git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@696 44740490-163a-0410-bde0-09ae8108e29a
---
 dictionaries/consent.php          |  5 +++++
 docs/source/simplesamlphp-idp.xml | 22 ++++++++++++++++++++++
 templates/default/consent.php     |  6 ++++++
 www/saml2/idp/SSOService.php      | 14 ++++++++++++++
 www/shib13/idp/SSOService.php     | 14 ++++++++++++++
 5 files changed, 61 insertions(+)

diff --git a/dictionaries/consent.php b/dictionaries/consent.php
index 976f930f2..2921095c7 100644
--- a/dictionaries/consent.php
+++ b/dictionaries/consent.php
@@ -79,6 +79,11 @@ $lang = array(
 		'hr' => 'Tijekom procesa prijavljivanja vaša matična ustanova će servisu poslati atribute koji sadrže podatke o vašem identitetu. Slažete li se s time?',
 		'hu' => 'Az azonosítás során az azonosító szolgáltató személyes adatokat fog küldeni ennek a szolgáltatásnak. Engedélyezi?',
 	),
+	'consent_privacypolicy' => array (
+		'en' => 'Privacypolicy for the service',
+		'sv' => 'Registerbeskrivning för tjänsten',
+		'fi' => 'Tietosuojaseloste palvelulle',
+	),
 	'login' => array (
 		'no' => 'innlogging',
 		'nn' => 'Logg inn',
diff --git a/docs/source/simplesamlphp-idp.xml b/docs/source/simplesamlphp-idp.xml
index 33ee032e3..d04bff698 100644
--- a/docs/source/simplesamlphp-idp.xml
+++ b/docs/source/simplesamlphp-idp.xml
@@ -541,6 +541,17 @@ openssl x509 -req -days 60 -in server2.csr -signkey server2.key -out server2.crt
               page.</para>
             </glossdef>
           </glossentry>
+
+          <glossentry>
+            <glossterm>privacypolicy</glossterm>
+
+            <glossdef>
+              <para>This is an absolute URL for where an user can find a
+              privacypolicy. If set, this will be shown on the consent page.
+              <literal>%SPENTITYID%</literal> in the URL will be replaced with
+              the entity id of the service the user is accessing.</para>
+            </glossdef>
+          </glossentry>
         </glosslist>
       </section>
 
@@ -854,6 +865,17 @@ openssl x509 -req -days 60 -in server2.csr -signkey server2.key -out server2.crt
               <literal>FALSE</literal> by default.</para>
             </glossdef>
           </glossentry>
+
+          <glossentry>
+            <glossterm>privacypolicy</glossterm>
+
+            <glossdef>
+              <para>This is an absolute URL for where an user can find a
+              privacypolicy for this SP. If set, this will be shown on the
+              consent page. <literal>%SPENTITYID%</literal> in the URL will be
+              replaced with the entity id of this service provider.</para>
+            </glossdef>
+          </glossentry>
         </glosslist>
       </section>
     </section>
diff --git a/templates/default/consent.php b/templates/default/consent.php
index 8ef0ebbc6..8622e73eb 100644
--- a/templates/default/consent.php
+++ b/templates/default/consent.php
@@ -11,6 +11,12 @@
 		<?php echo htmlspecialchars($this->t('consent_accept')) ?> 
 		</p>
 
+		<?php if ($this->data['sppp'] !== FALSE) {
+			echo "<p>" . htmlspecialchars($this->t('consent_privacypolicy')) . " ";
+			echo "<a target='_new_window' href='" . htmlspecialchars($this->data['sppp']) . "'>" . htmlspecialchars($this->t('spname')) . "</a>";
+			echo "</p>";
+		} ?>
+
 		<form style="display: inline" action="<?php echo htmlspecialchars($this->data['consenturl']); ?>">
 			<input type="submit" value="<?php echo htmlspecialchars($this->t('yes')) ?>" />
 			<input type="hidden" name="consent" value="<?php echo htmlspecialchars($this->data['consent_cookie']); ?>" />
diff --git a/www/saml2/idp/SSOService.php b/www/saml2/idp/SSOService.php
index b9b621331..925dcf9fb 100644
--- a/www/saml2/idp/SSOService.php
+++ b/www/saml2/idp/SSOService.php
@@ -282,6 +282,20 @@ if($needAuth && !$isPassive) {
 				$t->data['consent_cookie'] = $requestcache['ConsentCookie'];
 				$t->data['usestorage'] = $consent->useStorage();
 				$t->data['noconsent'] = '/' . $config->getBaseURL() . 'noconsent.php';
+
+				if (array_key_exists('privacypolicy', $spmetadata)) {
+					$privacypolicy = $spmetadata['privacypolicy'];
+				} elseif (array_key_exists('privacypolicy', $idpmetadata)) {
+					$privacypolicy = $idpmetadata['privacypolicy'];
+				} else {
+					$privacypolicy = FALSE;
+				}
+				if($privacypolicy !== FALSE) {
+					$privacypolicy = str_replace('%SPENTITYID%', urlencode($spentityid),
+						$privacypolicy);
+				}
+				$t->data['sppp'] = $privacypolicy;
+
 				$t->show();
 				exit;
 			}
diff --git a/www/shib13/idp/SSOService.php b/www/shib13/idp/SSOService.php
index a2e0038c9..d905e0725 100644
--- a/www/shib13/idp/SSOService.php
+++ b/www/shib13/idp/SSOService.php
@@ -194,6 +194,20 @@ if (!$session->isAuthenticated($authority) ) {
 				$t->data['consent_cookie'] = $requestcache['ConsentCookie'];
 				$t->data['usestorage'] = $consent->useStorage();
 				$t->data['noconsent'] = '/' . $config->getBaseURL() . 'noconsent.php';
+
+				if (array_key_exists('privacypolicy', $spmetadata)) {
+					$privacypolicy = $spmetadata['privacypolicy'];
+				} elseif (array_key_exists('privacypolicy', $idpmetadata)) {
+					$privacypolicy = $idpmetadata['privacypolicy'];
+				} else {
+					$privacypolicy = FALSE;
+				}
+				if($privacypolicy !== FALSE) {
+					$privacypolicy = str_replace('%SPENTITYID%', urlencode($spentityid),
+						$privacypolicy);
+				}
+				$t->data['sppp'] = $privacypolicy;
+
 				$t->show();
 				exit;
 			}
-- 
GitLab