From d0e4936cbce3d7ae213650afad936d555353f40f Mon Sep 17 00:00:00 2001
From: root <root@adelauth>
Date: Tue, 21 Oct 2008 16:05:43 +0200
Subject: [PATCH 01/18] fixed a missing migration to get_cfg

---
 extra/modules/admin.ptl | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/extra/modules/admin.ptl b/extra/modules/admin.ptl
index 11e399c..8045b8a 100644
--- a/extra/modules/admin.ptl
+++ b/extra/modules/admin.ptl
@@ -101,7 +101,7 @@ class CollectivityUI:
         form.add(StringWidget, 'name', title = _('Name'), required = True, size = 30,
                 value = self.collectivity.name)
         options = [('', _('None'))]
-        for klp, lp in misc.cfg.get('providers', {}).items():
+        for klp, lp in get_cfg('providers', {}).items():
             if lp['role'] != lasso.PROVIDER_ROLE_IDP:
                 continue
             p = lasso.Provider(lp['role'],

From aa2bdf229959130bac14778c0c999246cff3ac27 Mon Sep 17 00:00:00 2001
From: root <root@adelauth>
Date: Thu, 23 Oct 2008 11:37:53 +0200
Subject: [PATCH 02/18] * extra/modules/liberty.py:  - add timeout parameter to
 soap_call function, default = 240s  - escape content of SoapFault/Detail
 relaying python exceptions  - handle desynchronization of state of
 federation:    - if asking for creation when on already exist, switch
 automatically to      requesting,    - if asking for an existing federation
 switch to creation.  - rework user clicking 'Back' (or MSP refusing to
 authenticate us):    - when user click 'Back' on msp page, return to /login
 if not logged locally      else return to '/'.  - replace authentic original
 soap_call function with the authentic-adeline    version  - add printing of
 reponse, destination url and timing of soap calls

---
 extra/modules/liberty.py | 105 +++++++++++++++++++++++++++------------
 1 file changed, 74 insertions(+), 31 deletions(-)

diff --git a/extra/modules/liberty.py b/extra/modules/liberty.py
index 9e9425d..eab6057 100644
--- a/extra/modules/liberty.py
+++ b/extra/modules/liberty.py
@@ -6,6 +6,8 @@ import Cookie
 import StringIO
 import cgi
 import traceback
+import socket
+import xml.sax.saxutils
 
 import lasso
 
@@ -116,38 +118,64 @@ class AlternateLibertyDirectory(authentic.liberty.root.RootDirectory):
                 try:
                     login.processResponseMsg(soap_answer)
                 except lasso.Error, error:
+                    # Traitement d'une demande de federation existante
+                    # apres désynchro, on recree a la volee
                     if error[0] == lasso.LOGIN_ERROR_FEDERATION_NOT_FOUND:
                         t = self.proxy_auth_federation_not_found(login)
                         if t:
                             return t
-                    if error[0] != lasso.LOGIN_ERROR_UNKNOWN_PRINCIPAL:
-                        try:
-                            msg = login.response.status.statusMessage
-                            return template.error_page(_('Response is not Success (%s)') % msg)
-                        except:
-                            pass
-                        if error[0] == lasso.PROFILE_ERROR_INVALID_MSG:
-                            print 'Received invalid SOAP answer when resolving artifact: \'%s\'' % soap_answer
-                        raise error
-                    t = self.proxy_auth_peer_cancelled(login)
-                    if t:
-                        return t
-                    session = get_session()
-                    if not session.lasso_login_dump:
-                        # probably user clicked on "back" on MSP (see bug 138)
                         get_response().expire_cookie('msp-user',
                                 domain = get_publisher().config.session_cookie_domain,
                                 path = '/')
-                        return redirect('/login')
-                    login = lasso.Login.newFromDump(authentic.misc.get_lasso_server(),
-                            session.lasso_login_dump)
-                    session.lasso_login_dump = None
-                    return self.sso_after_authentication(login, False, proxied = True)
+                        return redirect('/federate_msp')
+                    # Traitement particulie pour le cas d'une demande de creation
+                    # alors que la federation existe
+                    if error[0] == lasso.LOGIN_ERROR_STATUS_NOT_SUCCESS and\
+                        login.response.status and\
+                        login.response.status.statusCode and\
+                        login.response.status.statusCode.statusCode and\
+                        login.response.status.statusCode.statusCode.statusCode and\
+                        login.response.status.statusCode.statusCode.statusCode.value == 'msp:AlreadyFederated':
+                            print 'Interception already federated'
+                            return redirect('/login_msp')
+
+                    if error[0] == lasso.LOGIN_ERROR_UNKNOWN_PRINCIPAL:
+                        get_response().expire_cookie('msp-user',
+                                domain = get_publisher().config.session_cookie_domain,
+                                path = '/')
+                        if not session.lasso_login_dump:
+                            # probably user clicked on "back" on MSP (see bug 138)
+                            if not session.user:
+                               return redirect('/login')
+                            else:
+                                try:
+                                    msg = login.response.status.statusMessage
+                                    return template.error_page(_('Response is not Success (%s)') % msg, continue_to=('/', _('Home')))
+                                except:
+                                    return redirect('/')
+                        login = lasso.Login.newFromDump(authentic.misc.get_lasso_server(),
+                                session.lasso_login_dump)
+                        session.lasso_login_dump = None
+                        return self.sso_after_authentication(login, False, proxied = True)
+                          
+                    try:
+                        msg = login.response.status.statusMessage
+                        return template.error_page(_('Response is not Success (%s)') % msg, continue_to=('/', _('Home')))
+                    except:
+                        pass
+                    if error[0] == lasso.PROFILE_ERROR_INVALID_MSG:
+                        print 'Received invalid SOAP answer when resolving artifact: \'%s\'' % soap_answer
+                    raise error
+                    
+                    t = self.proxy_auth_peer_cancelled(login)
+                    if t:
+                        return t
+                    
                 else:
                     self.proxy_auth_ok(login)
             else:
                 login.processAuthnResponseMsg(get_field('LARES'))
-            session = get_session()
+
             if session.lasso_proxy_session_dump:
                 login.setSessionFromDump(session.lasso_proxy_session_dump)
             ni = login.nameIdentifier.content
@@ -531,7 +559,7 @@ class AlternateLibertyDirectory(authentic.liberty.root.RootDirectory):
            <Detail>%s</Detail>
     </Fault>
     </Body>
-    </Envelope>''' % msg
+    </Envelope>''' % xml.sax.saxutils.escape(msg)
             return body
 
     msp_oids = {
@@ -822,7 +850,8 @@ class AlternateLibertyDirectory(authentic.liberty.root.RootDirectory):
 import urllib
 import httplib
 
-def soap_call(url, msg, client_cert = None, more_headers = None):
+def soap_call(url, msg, client_cert = None, more_headers = None, timeout = 3600):
+    print 'Entering SOAP_CALL for %s' % url
     if url.startswith('http://'):
         host, query = urllib.splithost(url[5:])
         conn = httplib.HTTPConnection(host)
@@ -833,16 +862,30 @@ def soap_call(url, msg, client_cert = None, more_headers = None):
     headers = {'Content-Type': 'text/xml'}
     if more_headers:
         headers.update(more_headers)
-    conn.set_debuglevel(1) 
-    conn.request('POST', query, msg, headers)
-    response = conn.getresponse()
-    data = response.read()
-    conn.close()
-    if response.status not in (200, 204): # 204 ok for federation termination
-        get_logger().warn('SOAP error (%s) (on %s)' % (response.status, url))
-        raise SOAPError()
+    conn.set_debuglevel(3) 
+    oldtimeout = socket.getdefaulttimeout()
+    start = time.time()
+    try:
+        try:
+            socket.setdefaulttimeout(timeout)
+            conn.request('POST', query, msg, headers)
+            response = conn.getresponse()
+            data = response.read()
+            print 'reponse: %s' % str(data)
+            if response.status not in (200, 204): # 204 ok for federation termination
+                get_logger().warn('SOAP error (%s) (on %s)' % (response.status, url))
+                raise SOAPError()
+        except Exception, exception:
+            get_logger().warn('SOAP error (%s) (on %s)' % (exception, url))
+            raise SOAPError(str(exception))
+    finally:
+        socket.setdefaulttimeout(oldtimeout)
+        conn.close()
+        print "Temps ecoule: %s" % str(time.time()-start)
     return data
 
+authentic.liberty.root.soap_call = soap_call
+
 # import uuid # only in 2.5
 import smtplib
 try:

From 6c76cc53bc58a145309434791d34ac3e93c88901 Mon Sep 17 00:00:00 2001
From: root <root@adelauth>
Date: Thu, 23 Oct 2008 15:34:55 +0200
Subject: [PATCH 03/18] * extra/modules/liberty.py:  - create variable to hold
 continue_to tuple  - add continue_to argument for failed artifact request  -
 remove invalid character in comments

---
 extra/modules/liberty.py | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/extra/modules/liberty.py b/extra/modules/liberty.py
index eab6057..5d0d91e 100644
--- a/extra/modules/liberty.py
+++ b/extra/modules/liberty.py
@@ -95,9 +95,9 @@ class AlternateLibertyDirectory(authentic.liberty.root.RootDirectory):
     def proxyAssertionConsumer(self):
         session = get_session()
         request = get_request()
+        continue_home = ('/',_('Home'))
 
         server = authentic.misc.get_lasso_server(lasso.PROVIDER_ROLE_SP)
-
         if session.msp_login_dump:
             login = lasso.Login.newFromDump(server, session.msp_login_dump)
             session.msp_login_dump = None
@@ -114,12 +114,12 @@ class AlternateLibertyDirectory(authentic.liberty.root.RootDirectory):
                 try:
                     soap_answer = soap_call(login.msgUrl, login.msgBody)
                 except authentic.liberty.root.SOAPError:
-                    return template.error_page(_('Failed to get Assertion from identity provider'))
+                    return template.error_page(_('Failed to get Assertion from identity provider'),continue_to=continue_home)
                 try:
                     login.processResponseMsg(soap_answer)
                 except lasso.Error, error:
                     # Traitement d'une demande de federation existante
-                    # apres désynchro, on recree a la volee
+                    # apres desynchro, on recree a la volee
                     if error[0] == lasso.LOGIN_ERROR_FEDERATION_NOT_FOUND:
                         t = self.proxy_auth_federation_not_found(login)
                         if t:

From 5e1d3178125345dbef8b9832576f0ac4d4645d70 Mon Sep 17 00:00:00 2001
From: root <root@adelauth>
Date: Thu, 23 Oct 2008 15:36:03 +0200
Subject: [PATCH 04/18] * extra/modules/root.ptl:  - modifiy attoma login
 template to use old name for federation with msp    checkbox  - change code
 reading checkbox (donot try to validate value of form variable,    just check
 its presence)

---
 extra/modules/root.ptl | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/extra/modules/root.ptl b/extra/modules/root.ptl
index 5522428..0fae7ff 100644
--- a/extra/modules/root.ptl
+++ b/extra/modules/root.ptl
@@ -418,12 +418,13 @@ class AlternateRootDirectory(OldRootDirectory):
 
     def login_success(self, identity):
         session = get_session()
+        print 'Formulaire', get_request().form
         if session.msp_login_dump:
             identity = identities.get_store().get_identity(get_session().user)
-            if get_request().form.get('tfConfirmFederationFromMSP') == 'true' or \
+            if get_request().form.get('tfConfirmFederationFromMSP') or \
                     get_response().filter.get('federated_with_msp'):
                 return self.liberty.proxyAssertionConsumer()
-        elif get_request().form.get('tfConfirmFederationFromMSP') == 'true':
+        elif get_request().form.get('tfConfirmFederationFromMSP'):
             if session.msp_init_federate:
                 session.msp_init_federate = False
                 return self.federate_msp()
@@ -566,8 +567,8 @@ class MspLoginForm(Form):
         <div class="cdc_plus"><a href="forgot_password">Mot de passe perdu ?</a></div>
     </fieldset>
     <fieldset class="cdc_coche">
-        <input type="checkbox" id="cdc_champ_liaison" name="cdc_champ_liaison" checked="checked"/>
-        <label for="cdc_champ_liaison">Cr&eacute;er une liaison avec <img src="/themes/adeline/images/logo_servicepublic_mini.gif" alt="mon servicepublic.fr" /></label>                             
+        <input type="checkbox" id="tfConfirmFederationFromMSP" name="tfConfirmFederationFromMSP" checked="checked"/>
+        <label for="tfConfirmFederationFromMSP">Cr&eacute;er une liaison avec <img src="/themes/adeline/images/logo_servicepublic_mini.gif" alt="mon servicepublic.fr" /></label>                             
     </fieldset>
     <fieldset class="cdc_valider">
         <input type="submit" value="Valider" />

From 280101f086e617e9dd4489e0e0b885cc2398e7e6 Mon Sep 17 00:00:00 2001
From: root <root@adelauth>
Date: Thu, 23 Oct 2008 15:47:39 +0200
Subject: [PATCH 05/18] * extra/modules/root.ptl:  - remove print statement

---
 extra/modules/root.ptl | 1 -
 1 file changed, 1 deletion(-)

diff --git a/extra/modules/root.ptl b/extra/modules/root.ptl
index 0fae7ff..27976d2 100644
--- a/extra/modules/root.ptl
+++ b/extra/modules/root.ptl
@@ -418,7 +418,6 @@ class AlternateRootDirectory(OldRootDirectory):
 
     def login_success(self, identity):
         session = get_session()
-        print 'Formulaire', get_request().form
         if session.msp_login_dump:
             identity = identities.get_store().get_identity(get_session().user)
             if get_request().form.get('tfConfirmFederationFromMSP') or \

From 924bc883f920d7562d68b0b10fce1402f5856b65 Mon Sep 17 00:00:00 2001
From: root <root@adelauth>
Date: Thu, 6 Nov 2008 10:13:30 +0100
Subject: [PATCH 06/18] bunch of uncommited changes

---
 data/themes/adeline/template.ezt |  2 +-
 extra/modules/liberty.py         | 25 +++++++++++++------------
 2 files changed, 14 insertions(+), 13 deletions(-)

diff --git a/data/themes/adeline/template.ezt b/data/themes/adeline/template.ezt
index ed9fc19..9ef8eab 100644
--- a/data/themes/adeline/template.ezt
+++ b/data/themes/adeline/template.ezt
@@ -37,7 +37,7 @@
     <div class="cdc_coinhaut">
       <div class="cdc_bandeau">
         <h2>Bienvenue [user]</h2>
-	<div class="cdc_bouton"><a href="/singleLogout">ME D&Eacute;CONNECTER</a></div>
+	<div class="cdc_bouton"><a href="/logout">ME D&Eacute;CONNECTER</a></div>
 	<div class="cdc_mrpropre">&nbsp;</div>
       </div>
     </div>
diff --git a/extra/modules/liberty.py b/extra/modules/liberty.py
index 5d0d91e..53b04c1 100644
--- a/extra/modules/liberty.py
+++ b/extra/modules/liberty.py
@@ -261,7 +261,7 @@ class AlternateLibertyDirectory(authentic.liberty.root.RootDirectory):
                 adeline_service.initQuery('/ad:PersonalDocumentList', 'doclist')
                 adeline_service.buildRequestMsg()
                 try:
-                    soap_anwser = soap_call(adeline_service.msgUrl, adeline_service.msgBody)
+                    soap_anwser = soap_call(adeline_service.msgUrl, adeline_service.msgBody + '  ')
                     adeline_service.processQueryResponseMsg(soap_anwser)
                     doc_list = adeline_service.getAnswer('/ad:PersonalDocumentList')
                     if doc_list:
@@ -368,7 +368,7 @@ class AlternateLibertyDirectory(authentic.liberty.root.RootDirectory):
         wsc_proxy_service = self.msp_disco_query(latest_session)
         wsc_proxy_service.initDownloadFileRequest(lasso.SECURITY11_MECH_TLS_SAML)
         # FIXME: set appropriate teleserviceId
-        wsc_proxy_service.request.teleserviceId = '1260'
+        wsc_proxy_service.request.teleserviceId = '1001'
         # Add interaction service header
         headers = wsc_proxy_service.soapEnvelopeRequest.header.other 
         user_interaction = lasso.IsUserInteraction()
@@ -394,15 +394,16 @@ class AlternateLibertyDirectory(authentic.liberty.root.RootDirectory):
             '<is:UserInteraction', '<is:UserInteraction xmlns:is="urn:liberty:is:2003-08"')
         soap_answer = soap_call(wsc_proxy_service.msgUrl, body + '  ',
                 more_headers = more_headers)
-        # FIXME: MSP for dummies !
-        soap_answer = soap_answer.replace('faultcode','S:faultcode').replace('faultstring', 'S:faultstring').replace(
-           'faultactor', 'S:faultactor').replace('detail', 'S:Detail')
-
         try:
             wsc_proxy_service.processResponseMsg(soap_answer)
         except lasso.Error, error:
+            print 'erreur', error
+            print 'dump', wsc_proxy_service.response.dump()
+            if wsc_proxy_service.response and wsc_proxy_service.response.detail and wsc_proxy_service.response.detail.any[0]:
+                print wsc_proxy_service.response.detail.any[0].dump()
             if error[0] != lasso.SOAP_FAULT_REDIRECT_REQUEST or not wsc_proxy_service.msgUrl:
                 raise
+            print 'redirect'
             messageId = self.getMessageId(wsc_proxy_service.soapEnvelopeResponse)
             return None, wsc_proxy_service.msgUrl, messageId
         # Convert DownloadFileReponse to a document
@@ -658,7 +659,7 @@ class AlternateLibertyDirectory(authentic.liberty.root.RootDirectory):
         wsc_proxy_service = self.msp_disco_query(latest_session)
         wsc_proxy_service.initReadOidRequest(lasso.SECURITY11_MECH_TLS_SAML)
         # FIXME: set appropriate teleserviceId
-        wsc_proxy_service.request.teleserviceId = '1260'
+        wsc_proxy_service.request.teleserviceId = '1001'
 
         # Request complete description
         for oid in self.msp_oids:
@@ -737,7 +738,7 @@ class AlternateLibertyDirectory(authentic.liberty.root.RootDirectory):
         # Init UpdateOid request
         wsc_proxy_service = self.msp_disco_query(latest_session)
         wsc_proxy_service.initUpdateOidRequest(lasso.SECURITY11_MECH_TLS_SAML)
-        wsc_proxy_service.request.teleserviceId = '1260'
+        wsc_proxy_service.request.teleserviceId = '1001'
         if service_type == adeline_urn:
             modify_oids = []
             pp = ET.XML(resource_data)
@@ -820,7 +821,7 @@ class AlternateLibertyDirectory(authentic.liberty.root.RootDirectory):
         # Init UpdateOid request
         wsc_proxy_service = self.msp_disco_query(latest_session)
         wsc_proxy_service.initUploadToken(lasso.SECURITY11_MECH_TLS_SAML, 1, filename, datedepot)
-        wsc_proxy_service.request.teleserviceId = '1260'
+        wsc_proxy_service.request.teleserviceId = '1001'
         wsc_proxy_service.buildRequestMsg()
         more_headers = {}
         if get_cfg('adeline', {}).get('http_auth_tuple'):
@@ -968,7 +969,7 @@ def envoie_fichier(adeline_service, filename, filecontent, identity):
             <titreMessage>Message hors demarche avec PJ</titreMessage>
             <emailTransportResponse>admin@entrouvert.com</emailTransportResponse>
             <arDemande>true</arDemande>
-            <idTSEmetteur>1260</idTSEmetteur>
+            <idTSEmetteur>1001</idTSEmetteur>
             <refMessage>abcd</refMessage>
             <reponseAutorisee>true</reponseAutorisee>
             <isurgent>true</isurgent>
@@ -980,8 +981,8 @@ def envoie_fichier(adeline_service, filename, filecontent, identity):
             <intitule>%(filename)s</intitule>
             <lbNom>%(filename)s</lbNom>
             <typeDocument>1</typeDocument>
-            <infoEmeteur>1260</infoEmeteur>
-            <infoAuteur>1260</infoAuteur>
+            <infoEmeteur>1001</infoEmeteur>
+            <infoAuteur>1001</infoAuteur>
             <description>%(filename)s</description>
             <dateReference>%(date)s</dateReference>
             <dateFinValidite>2100-12-17T09:30:47.0Z</dateFinValidite>

From 58e13f1eae17daec8a53c032d3a86fa878313b69 Mon Sep 17 00:00:00 2001
From: root <root@adelauth>
Date: Thu, 6 Nov 2008 10:50:03 +0100
Subject: [PATCH 07/18] more width adjustments

---
 data/themes/adeline/styles/cdc_structure.css | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/data/themes/adeline/styles/cdc_structure.css b/data/themes/adeline/styles/cdc_structure.css
index e044436..ce72b63 100644
--- a/data/themes/adeline/styles/cdc_structure.css
+++ b/data/themes/adeline/styles/cdc_structure.css
@@ -341,7 +341,7 @@ body {
 	float:left;
 }
 #cdc_page #cdc_bloc_identification form fieldset.cdc_valider input{
-	width:80px;
+	width:70px;
 	float:right;
 }
 #cdc_page #cdc_bloc_identification form fieldset.cdc_coche{
@@ -354,7 +354,7 @@ body {
 	width:auto;
 }
 #cdc_page #cdc_bloc_identification form fieldset.cdc_coche label{
-	width:210px;
+	width:180px;
 	padding-top:0;
 }
 #cdc_page #cdc_bloc_identification form fieldset.cdc_coche label img{
@@ -364,14 +364,14 @@ body {
 }
 #cdc_page #cdc_bloc_identification form fieldset label{
 	font-size:0.75em;
-	width:85px;
+	width:75px;
 	float:left;
 	display:block;
 	padding-top:4px;
 }
 #cdc_page #cdc_bloc_identification form fieldset input{
 	font-size:0.75em;
-	width:150px;
+	width:140px;
 	float:left;
 	display:block;
 }
@@ -410,7 +410,7 @@ body {
 	padding:15px 10px;
 }
 #cdc_page #cdc_bloc_identification .cdc_boite_connexion .cdc_bouton a{
-	padding:2px 25px;
+	padding:2px 15px;
 }
 #cdc_page #cdc_bloc_identification .cdc_boite_connexion .cdc_logo{
 	padding:10px;

From 5625741cc283008372e0fcf5af8a50b502293d95 Mon Sep 17 00:00:00 2001
From: root <root@adelauth>
Date: Thu, 13 Nov 2008 09:17:17 +0100
Subject: [PATCH 08/18] another bunch of uncommited changes

---
 extra/modules/liberty.py | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/extra/modules/liberty.py b/extra/modules/liberty.py
index 53b04c1..4b1e8e5 100644
--- a/extra/modules/liberty.py
+++ b/extra/modules/liberty.py
@@ -394,6 +394,7 @@ class AlternateLibertyDirectory(authentic.liberty.root.RootDirectory):
             '<is:UserInteraction', '<is:UserInteraction xmlns:is="urn:liberty:is:2003-08"')
         soap_answer = soap_call(wsc_proxy_service.msgUrl, body + '  ',
                 more_headers = more_headers)
+        soap_answer = soap_answer.replace('S:detail', 'S:Detail')
         try:
             wsc_proxy_service.processResponseMsg(soap_answer)
         except lasso.Error, error:
@@ -463,6 +464,7 @@ class AlternateLibertyDirectory(authentic.liberty.root.RootDirectory):
 
         length = int(request.environ.get('CONTENT_LENGTH'))
         soap_message = request.stdin.read(length)
+        print 'Received on mspProxySoapEndpoint: %s' % soap_message
 
         request_type = lasso.getRequestTypeFromSoapMsg(soap_message) 
         service = lasso.DataService(authentic.misc.get_lasso_server())
@@ -543,6 +545,7 @@ class AlternateLibertyDirectory(authentic.liberty.root.RootDirectory):
                     # the refToMessageId on the proxyed request
                     # to set refToMessageId on the request to MSP
                     self.setMessageId(service.soapEnvelopeResponse, messageId)
+                    print 'Redirection sur %s' % result
                     service.needRedirectUser(result)
                     
                 service.buildModifyResponseMsg()
@@ -678,6 +681,7 @@ class AlternateLibertyDirectory(authentic.liberty.root.RootDirectory):
         else:
             soap_answer = soap_call(wsc_proxy_service.msgUrl, wsc_proxy_service.msgBody + '  ',
                 more_headers = more_headers)
+        soap_answer = soap_answer.replace('S:detail', 'S:Detail')
 
         # Process ReadOid response from MSP
         wsc_proxy_service.processResponseMsg(soap_answer)
@@ -772,16 +776,21 @@ class AlternateLibertyDirectory(authentic.liberty.root.RootDirectory):
                     get_cfg('adeline', {}).get('http_auth_tuple'))
         body = wsc_proxy_service.msgBody
         # FIXME: MSP is void !
+        body = body.replace('xmlns:is="urn:liberty:is:2003-08"','').replace(
+            '<is:UserInteraction', '<is:UserInteraction xmlns:is="urn:liberty:is:2003-08"')
         soap_answer = soap_call(wsc_proxy_service.msgUrl, body + '  ',
                 more_headers = more_headers)
         # FIXME: MSP for dummies !
-        soap_answer = soap_answer.replace('faultcode','S:faultcode').replace(
-           'faultstring', 'S:faultstring').replace('faultactor', 'S:faultactor').replace('detail', 'S:Detail')
+        soap_answer = soap_answer.replace('S:detail', 'S:Detail')
+        print 'after replace: ', soap_answer
         try:
             wsc_proxy_service.processResponseMsg(soap_answer)
         except lasso.Error, error:
+            print 'erreur sur update', error
+            print 'dump', wsc_proxy_service.response.dump()
             if error[0] != lasso.SOAP_FAULT_REDIRECT_REQUEST or not wsc_proxy_service.msgUrl:
                 raise
+            print 'redirect'
             messageId = self.getMessageId(wsc_proxy_service.soapEnvelopeResponse)
             return (wsc_proxy_service.msgUrl, messageId)
         if wsc_proxy_service.response.status.code == 'Ok':

From 58cb4ba37b38bf4ee1401f8fa94fee90f0ba788b Mon Sep 17 00:00:00 2001
From: root <root@adelauth>
Date: Thu, 13 Nov 2008 11:00:54 +0100
Subject: [PATCH 09/18] benjamin debugging stuff

---
 extra/modules/liberty.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/extra/modules/liberty.py b/extra/modules/liberty.py
index 2363bf6..93ccb48 100644
--- a/extra/modules/liberty.py
+++ b/extra/modules/liberty.py
@@ -756,11 +756,15 @@ class AlternateLibertyDirectory(authentic.liberty.root.RootDirectory):
         if service_type == adeline_urn:
             modify_oids = []
             pp = ET.XML(resource_data)
+            print 'resource: ', resource_data
             for oid in self.msp_oids:
                 name = self.msp_oids[oid]['name']
+                print 'name: ', name
                 item = pp.findall('{%s}%s' % (adeline_urn, name))
+                print 'item: ', item
                 if item:
                     item = item[0]
+                    print 'item[0]: ', item
                     if item.text != dummy_value:
                         text = item.text
                         if text == None:

From ae81e867b7da831ff0755b3bf1ac1a95da3e77e8 Mon Sep 17 00:00:00 2001
From: root <root@adelauth>
Date: Wed, 19 Nov 2008 12:38:56 +0100
Subject: [PATCH 10/18] Add a confirmation page when asking for defederation

---
 extra/modules/alternatespui.ptl | 45 +++++++++++++++++++++++++++++++++
 extra/modules/liberty.py        |  3 +++
 extra/modules/root.ptl          |  4 +--
 3 files changed, 49 insertions(+), 3 deletions(-)
 create mode 100644 extra/modules/alternatespui.ptl

diff --git a/extra/modules/alternatespui.ptl b/extra/modules/alternatespui.ptl
new file mode 100644
index 0000000..d5d9ff1
--- /dev/null
+++ b/extra/modules/alternatespui.ptl
@@ -0,0 +1,45 @@
+import time
+import sys
+import re
+import base64
+import Cookie
+import StringIO
+import cgi
+import traceback
+import socket
+import xml.sax.saxutils
+
+import lasso
+
+try:
+    import lassodgme
+except ImportError:
+    print >> sys.stderr, 'Missing lassodgme module; ID-WSF proxy has been disabled'
+    lassodgme = None
+
+from quixote import get_session, get_session_manager, get_request, get_response, redirect, get_field, get_publisher
+from quixote.http_request import parse_header
+
+from qommon import get_cfg, get_logger
+from qommon import errors, template
+
+import misc
+
+import authentic.liberty.root
+from authentic.liberty.root import SOAPError
+
+
+class AlternateSpUI(authentic.liberty.root.SpUI):
+    _q_exports = ['proxy_terminate_confirm','terminate','login','proxy_terminate']
+
+    def proxy_terminate_confirm [html] (self):
+        template.html_top()
+        u'<p>Souhaitez-vous vraiment supprimer la liaison avec Mon Service Public ?</p>'
+        u'<p><ul>'
+        u'<li><a href="proxy_terminate">Valider<a/></li>'
+        u'<li><a href="../../..">Annuler</a></li>'
+        u'</ul></p>'
+
+class AlternateSpDir(authentic.liberty.root.SpDir):
+    def _q_lookup(self, component):
+        return AlternateSpUI(component)
diff --git a/extra/modules/liberty.py b/extra/modules/liberty.py
index 2ba3c48..0f935df 100644
--- a/extra/modules/liberty.py
+++ b/extra/modules/liberty.py
@@ -27,6 +27,7 @@ import misc
 
 import authentic.liberty.root
 from authentic.liberty.root import SOAPError
+from alternatespui import AlternateSpDir
 
 ED_MIGRATION_DISABLED = False
 ED_DOCUMENTS_MIGRATION_DISABLED = True
@@ -58,6 +59,8 @@ class AlternateLibertyDirectory(authentic.liberty.root.RootDirectory):
             "proxySoapEndpoint", "proxyAssertionConsumer", "proxySingleLogout",
             "proxySingleLogoutNext", 'mspProxyEndpoint', 'proxySingleLogoutReturn']
 
+    sp = AlternateSpDir()
+
     def perform_proxy_login(self, idp = None, nameIdPolicy = None, extensions = None):
         session = get_session()
         server = authentic.misc.get_lasso_server(lasso.PROVIDER_ROLE_SP)
diff --git a/extra/modules/root.ptl b/extra/modules/root.ptl
index 9a03552..9391341 100644
--- a/extra/modules/root.ptl
+++ b/extra/modules/root.ptl
@@ -52,8 +52,6 @@ class MspUserHash(StorableObject):
         return cls.get(hash)
     get_by_cookie = classmethod(get_by_cookie)
 
-
-
 class AlternateRootDirectory(OldRootDirectory):
     _q_exports = ['', 'admin', 'liberty', 'login', 'logout', 'change_password', 'register',
             'forgot_password', 'update_info', 'saml', 'singleLogout',
@@ -140,7 +138,7 @@ class AlternateRootDirectory(OldRootDirectory):
         if identity.is_federated_with_msp():
             msp_provider_id = get_cfg('adeline', {}).get('msp_idp')
             klp = get_key_from_provider_id(msp_provider_id)
-            terminate_url = '/liberty/sp/%s/proxy_terminate' % klp
+            terminate_url = '/liberty/sp/%s/proxy_terminate_confirm' % klp
             msp_portal_url = get_cfg('adeline', {}).get('msp_portal_url')
             '<li>%s <span class="but-right"><a href="%s">%s</a> <a href="%s">%s</a></span></li>' % (
                     _('Access MSP'), msp_portal_url, _('Connect'), terminate_url, _('Remove Link'))

From d9cef3decca3b3769aecaf3c8a7c79205cd3e603 Mon Sep 17 00:00:00 2001
From: root <root@adelauth>
Date: Tue, 25 Nov 2008 19:48:04 +0100
Subject: [PATCH 11/18] Add a new controller endpoint for msp sso with setting
 up of a return url.

---
 extra/modules/root.ptl | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/extra/modules/root.ptl b/extra/modules/root.ptl
index 9391341..fe94167 100644
--- a/extra/modules/root.ptl
+++ b/extra/modules/root.ptl
@@ -55,7 +55,7 @@ class MspUserHash(StorableObject):
 class AlternateRootDirectory(OldRootDirectory):
     _q_exports = ['', 'admin', 'liberty', 'login', 'logout', 'change_password', 'register',
             'forgot_password', 'update_info', 'saml', 'singleLogout',
-            'federations', 'login_local', 'login_msp', 'federate_msp',
+            'federations', 'login_local', 'login_msp_for_proxy', 'login_msp', 'federate_msp',
             'migration_done', 'reset', 'add_msp_cookie']
 
     liberty = AlternateLibertyDirectory()
@@ -254,6 +254,12 @@ class AlternateRootDirectory(OldRootDirectory):
         get_session().peer_cancelled = False
         return self.sso_to_msp(nameIdPolicy = 'federated')
 
+    def login_msp_for_proxy(self):
+        session = get_session()
+        request = get_request()
+        session.after_url = get_field('ReturnToURL')
+        return redirect('login_msp')
+
     def login_msp(self):
         if get_field('idTs'):
             for coll in collectivity.Collectivity.select():

From 4c105e414dd7b2fb35cbd78618c8fa5bf5797452 Mon Sep 17 00:00:00 2001
From: root <root@adelauth>
Date: Tue, 25 Nov 2008 19:48:54 +0100
Subject: [PATCH 12/18] Implement interaction redirect on ED service request
 when not connected to MSP

 * add a method to generate proper built SOAP faults
 * add a method to generate unique ID
 * add a method to generate InteractionRedirect SOAP faults
 * overload get_identity_by_resource to always return a proxy DST service for MSP ED.
 * add a new exception class to handle case needing a redirect soap fault
 * remove all debugging code
---
 extra/modules/liberty.py | 82 +++++++++++++++++++++++++++++++++-------
 1 file changed, 69 insertions(+), 13 deletions(-)

diff --git a/extra/modules/liberty.py b/extra/modules/liberty.py
index 0f935df..de7fb61 100644
--- a/extra/modules/liberty.py
+++ b/extra/modules/liberty.py
@@ -8,6 +8,8 @@ import cgi
 import traceback
 import socket
 import xml.sax.saxutils
+import string
+import random
 
 import lasso
 
@@ -35,6 +37,9 @@ ED_DOCUMENTS_MIGRATION_DISABLED = True
 def isotime(offset = 0):
     return time.strftime('%Y-%m-%dT%H:%M:%SZ', time.gmtime(time.time()+offset))
 
+def get_unique_id():
+    return base64.encodestring("".join([random.choice("0123456789ABCDEF") for x in range(40)]).decode('hex'))
+
 msp_urn     = 'urn:dgme:msp:ed:2007-01'
 adeline_urn = 'urn:fr.icdc.dei.adeline:ppAdeline:2008-01'
 dummy_value = 'd41d8cd98f00b204e9800998ecf8427e'
@@ -50,6 +55,9 @@ except ImportError:
         except ImportError:
             import xml.etree.ElementTree as ET
 
+class RedirectException(Exception):
+    def __init__(self, redirect_url):
+        self.redirect_url = redirect_url
 
 class AlternateLibertyDirectory(authentic.liberty.root.RootDirectory):
     _q_exports = ["", "sp", "singleSignOn", "soapEndpoint",
@@ -99,6 +107,8 @@ class AlternateLibertyDirectory(authentic.liberty.root.RootDirectory):
         session = get_session()
         request = get_request()
         continue_home = ('/',_('Home'))
+        if session.after_url:
+            continue_home = (session.after_url, _('request origin'))
 
         server = authentic.misc.get_lasso_server(lasso.PROVIDER_ROLE_SP)
 
@@ -233,8 +243,6 @@ class AlternateLibertyDirectory(authentic.liberty.root.RootDirectory):
             return redirect(after_url)
         return redirect(get_request().environ['SCRIPT_NAME'] + '/')
 
-
-
     def migrationMsp(self, login, identity, session):
         if not identity.lasso_dump:
             # create empty identity
@@ -309,6 +317,28 @@ class AlternateLibertyDirectory(authentic.liberty.root.RootDirectory):
 
         return None
 
+    def get_identity_by_resource_id(self, resource_id):
+        identity = authentic.liberty.root.RootDirectory.get_identity_by_resource_id(self, resource_id)
+        if not identity:
+            return None
+        if lasso.WSF_SUPPORT:
+            lasso_identity = lasso.Identity.newFromDump(identity.lasso_dump)
+            server = authentic.misc.get_lasso_server()
+            offerings = lasso_identity.getOfferings(adeline_urn)
+            if offerings:
+                lst = [x for x in lasso_identity.getOfferings(adeline_urn) if \
+                      x.serviceInstance.providerId == server.providerId]
+            else:
+                lst = []
+            if len(lst) == 0:
+                # adds authentic id-sis ppa offering
+                resource_offering = lasso.DiscoResourceOffering(self.get_ppa_proxy_service())
+                resource_offering.resourceId = lasso.DiscoResourceID(identity.resource_id)
+                resource_offering.abstract = "Adeline Personal Profile with Authentic informations"
+                lasso_identity.addResourceOffering(resource_offering)
+                identity.lasso_dump = lasso_identity.dump()
+                authentic.identities.get_store().save(identity)
+        return identity
 
     def get_pp_proxy_service(self):
         server = authentic.misc.get_lasso_server()
@@ -402,13 +432,10 @@ class AlternateLibertyDirectory(authentic.liberty.root.RootDirectory):
         try:
             wsc_proxy_service.processResponseMsg(soap_answer)
         except lasso.Error, error:
-            print 'erreur', error
-            print 'dump', wsc_proxy_service.response.dump()
             if wsc_proxy_service.response and wsc_proxy_service.response.detail and wsc_proxy_service.response.detail.any[0]:
                 print wsc_proxy_service.response.detail.any[0].dump()
             if error[0] != lasso.SOAP_FAULT_REDIRECT_REQUEST or not wsc_proxy_service.msgUrl:
                 raise
-            print 'redirect'
             messageId = self.getMessageId(wsc_proxy_service.soapEnvelopeResponse)
             return None, wsc_proxy_service.msgUrl, messageId
         # Convert DownloadFileReponse to a document
@@ -451,6 +478,36 @@ class AlternateLibertyDirectory(authentic.liberty.root.RootDirectory):
         else:
             return None, None, None
             
+    def get_blank_soap_fault(self, message_id):
+        header = lasso.SoapHeader()
+        if (message_id):
+            correlation = lasso.SoapBindingCorrelation()
+            correlation.messageId = get_unique_id()
+            correlation.refToMessageId = message_id
+            correlation.mustUnderstand = 1
+            correlation.id = correlation.messageId
+            correlation.actor = "http://schemas.xmlsoap.org/soap/actor/next"
+            corrleation.timestamp = isotime()
+            header.other = (correlation,)
+        fault = lasso.SoapFault()
+        fault.faultcode = 'S:Server'
+        fault.faultstring = 'Server Error'
+        body = lasso.SoapBody()
+        body.any = (fault,)
+        envelope = lasso.SoapEnvelope(body)
+        envelope.header = header
+        return envelope
+
+    def get_redirect_soap_fault(self, redirect_url,message_id):
+        soap_fault = self.get_blank_soap_fault(message_id)
+        if lasso.WSF_SUPPORT:
+            redirectrequest = lasso.IsRedirectRequest(redirect_url)
+            detail = lasso.SoapDetail()
+            detail.any = (redirectrequest,)
+            soap_fault.body.any[0].detail = detail
+        else:
+            print 'Pas de support ID-WSF, redirect request impossible'
+        return soap_fault
                 
     def mspProxyEndpoint(self):
         request = get_request()
@@ -472,6 +529,7 @@ class AlternateLibertyDirectory(authentic.liberty.root.RootDirectory):
 
         request_type = lasso.getRequestTypeFromSoapMsg(soap_message) 
         service = lasso.DataService(authentic.misc.get_lasso_server())
+        messageId = None
         try:
             if request_type == lasso.REQUEST_TYPE_DST_QUERY:
                 try:
@@ -554,6 +612,10 @@ class AlternateLibertyDirectory(authentic.liberty.root.RootDirectory):
                     
                 service.buildModifyResponseMsg()
                 return service.msgBody
+        except RedirectException, redirect_exception:
+            soap_fault = self.get_redirect_soap_fault(redirect_exception.redirect_url, messageId)
+            body = soap_fault.exportToXml()
+            return body
         except:
             fp = StringIO.StringIO()
             traceback.print_exc(file=fp)
@@ -750,15 +812,11 @@ class AlternateLibertyDirectory(authentic.liberty.root.RootDirectory):
         if service_type == adeline_urn:
             modify_oids = []
             pp = ET.XML(resource_data)
-            print 'resource: ', resource_data
             for oid in self.msp_oids:
                 name = self.msp_oids[oid]['name']
-                print 'name: ', name
                 item = pp.findall('{%s}%s' % (adeline_urn, name))
-                print 'item: ', item
                 if item:
                     item = item[0]
-                    print 'item[0]: ', item
                     if item.text != dummy_value:
                         text = item.text
                         if text == None:
@@ -790,15 +848,11 @@ class AlternateLibertyDirectory(authentic.liberty.root.RootDirectory):
                 more_headers = more_headers)
         # FIXME: MSP for dummies !
         soap_answer = soap_answer.replace('S:detail', 'S:Detail')
-        print 'after replace: ', soap_answer
         try:
             wsc_proxy_service.processResponseMsg(soap_answer)
         except lasso.Error, error:
-            print 'erreur sur update', error
-            print 'dump', wsc_proxy_service.response.dump()
             if error[0] != lasso.SOAP_FAULT_REDIRECT_REQUEST or not wsc_proxy_service.msgUrl:
                 raise
-            print 'redirect'
             messageId = self.getMessageId(wsc_proxy_service.soapEnvelopeResponse)
             return (wsc_proxy_service.msgUrl, messageId)
         if wsc_proxy_service.response.status.code == 'Ok':
@@ -810,6 +864,8 @@ class AlternateLibertyDirectory(authentic.liberty.root.RootDirectory):
         disco = lasso.Discovery(authentic.misc.get_lasso_server())
         if session.lasso_proxy_session_dump:
             disco.setSessionFromDump(session.lasso_proxy_session_dump)
+        else:
+            raise RedirectException('http://' + get_request().get_server().replace('-app','') + '/login_msp_for_proxy')
         # XXX: else build an error response ?
         # if CredentialRef is present can activate lasso.SECURITY11_MECH_TLS_SAML
         try:

From 9a921fecb36d22b28241f616579de00a6b115681 Mon Sep 17 00:00:00 2001
From: root <root@adelauth>
Date: Thu, 27 Nov 2008 09:35:53 +0100
Subject: [PATCH 13/18] Name of the daemon is authentic-adeline not authentic

---
 debian/authentic-adeline.init | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/debian/authentic-adeline.init b/debian/authentic-adeline.init
index db3b684..5667879 100755
--- a/debian/authentic-adeline.init
+++ b/debian/authentic-adeline.init
@@ -11,7 +11,7 @@
 
 PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
 DESC="Authentic (+Adeline)"
-NAME=authentic
+NAME=authentic-adeline
 DAEMON=/usr/sbin/authenticctl
 PIDFILE=/var/run/$NAME.pid
 SCRIPTNAME=/etc/init.d/$NAME

From a02f2e293811659ff65f55e45279876d068e8cc8 Mon Sep 17 00:00:00 2001
From: root <root@adelauth>
Date: Sat, 29 Nov 2008 09:43:02 +0100
Subject: [PATCH 14/18] Fix installation of themes

 - add .gif extension to data file list of extensions
 - install themes
---
 setup.py | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/setup.py b/setup.py
index a100c68..0117b9c 100644
--- a/setup.py
+++ b/setup.py
@@ -5,7 +5,7 @@ import distutils.core
 from quixote.ptl.qx_distutils import qx_build_py
 
 def data_tree(destdir, sourcedir):
-    extensions = ['.css', '.png', '.jpeg', '.jpg', '.xml', '.html', '.js', '.ezt']
+    extensions = ['.css', '.png', '.jpeg', '.jpg', '.xml', '.html', '.js', '.ezt', '.gif']
     r = []
     for root, dirs, files in os.walk(sourcedir):
         l = [os.path.join(root, x) for x in files if os.path.splitext(x)[1] in extensions]
@@ -20,5 +20,6 @@ distutils.core.setup(
         package_dir = { 'extra': 'extra' },
         packages = ['extra', 'extra.modules'],
         cmdclass = {'build_py': qx_build_py},
-        data_files = data_tree('share/authentic/texts', 'data/texts')
+        data_files = data_tree('share/authentic/texts', 'data/texts') +\
+            data_tree('share/authentic/themes/', 'data/themes/'),
     )

From b0098d168be8f12048fdc7754673c067a803b233 Mon Sep 17 00:00:00 2001
From: root <root@adelauth>
Date: Sat, 29 Nov 2008 09:44:08 +0100
Subject: [PATCH 15/18] Save line number adjust in translation files

---
 po/authentic-adeline.pot | 171 ++++++++++++++++----------------
 po/fr.po                 | 204 +++++++++++++++++++++------------------
 2 files changed, 198 insertions(+), 177 deletions(-)

diff --git a/po/authentic-adeline.pot b/po/authentic-adeline.pot
index e0b51bb..22da952 100644
--- a/po/authentic-adeline.pot
+++ b/po/authentic-adeline.pot
@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2008-10-15 13:32+0200\n"
+"POT-Creation-Date: 2008-11-25 19:53+0100\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -16,149 +16,140 @@ msgstr ""
 "Content-Type: text/plain; charset=CHARSET\n"
 "Content-Transfer-Encoding: 8bit\n"
 
-#: ../extra/modules/root.ptl:99 ../extra/modules/root.ptl:142
-#: ../extra/modules/root.ptl:145
+#: ../extra/modules/root.ptl:101 ../extra/modules/root.ptl:144
+#: ../extra/modules/root.ptl:147
 msgid "Connect"
 msgstr ""
 
-#: ../extra/modules/root.ptl:118
+#: ../extra/modules/root.ptl:120
 msgid "Your keyring allows you to access..."
 msgstr ""
 
-#: ../extra/modules/root.ptl:122
+#: ../extra/modules/root.ptl:124
 msgid "To access to the service of your choice..."
 msgstr ""
 
-#: ../extra/modules/root.ptl:128
+#: ../extra/modules/root.ptl:130
 msgid "Your local services"
 msgstr ""
 
-#: ../extra/modules/root.ptl:133
+#: ../extra/modules/root.ptl:135
 msgid "Our partners services"
 msgstr ""
 
-#: ../extra/modules/root.ptl:142
+#: ../extra/modules/root.ptl:144
 msgid "Access MSP"
 msgstr ""
 
-#: ../extra/modules/root.ptl:142
+#: ../extra/modules/root.ptl:144
 msgid "Remove Link"
 msgstr ""
 
-#: ../extra/modules/root.ptl:145
+#: ../extra/modules/root.ptl:147
 msgid "Create a Link with MSP"
 msgstr ""
 
-#: ../extra/modules/root.ptl:149
+#: ../extra/modules/root.ptl:151
 #, python-format
 msgid "Log on %s"
 msgstr ""
 
-#: ../extra/modules/root.ptl:154
+#: ../extra/modules/root.ptl:156
 msgid "Debug"
 msgstr ""
 
-#: ../extra/modules/root.ptl:156
+#: ../extra/modules/root.ptl:158
 msgid "Reset account federations and offerings"
 msgstr ""
 
-#: ../extra/modules/root.ptl:174
+#: ../extra/modules/root.ptl:176
 msgid "Username (your email address)"
 msgstr ""
 
-#: ../extra/modules/root.ptl:176 ../extra/modules/root.ptl:507
+#: ../extra/modules/root.ptl:178 ../extra/modules/root.ptl:538
 msgid "Username"
 msgstr ""
 
-#: ../extra/modules/root.ptl:177 ../extra/modules/root.ptl:511
+#: ../extra/modules/root.ptl:179 ../extra/modules/root.ptl:542
 msgid "Password"
 msgstr ""
 
-#: ../extra/modules/root.ptl:179
+#: ../extra/modules/root.ptl:181
 msgid "Log in"
 msgstr ""
 
-#: ../extra/modules/root.ptl:182
+#: ../extra/modules/root.ptl:184
 #, python-format
 msgid "Move to %s Identity Provider"
 msgstr ""
 
-#: ../extra/modules/root.ptl:187 ../extra/modules/root.ptl:525
+#: ../extra/modules/root.ptl:189 ../extra/modules/root.ptl:556
 #: ../extra/modules/admin.ptl:36 ../extra/modules/admin.ptl:77
-#: ../extra/modules/admin.ptl:122 ../extra/modules/admin.ptl:163
-#: ../extra/modules/admin.ptl:286 ../extra/modules/admin.ptl:318
+#: ../extra/modules/admin.ptl:109 ../extra/modules/admin.ptl:150
+#: ../extra/modules/admin.ptl:273 ../extra/modules/admin.ptl:305
 msgid "Cancel"
 msgstr ""
 
-#: ../extra/modules/root.ptl:195
+#: ../extra/modules/root.ptl:197
 msgid "MSP Identity Provider Id is not known."
 msgstr ""
 
-#: ../extra/modules/root.ptl:335
+#: ../extra/modules/root.ptl:358
 msgid "Authentication Failure"
 msgstr ""
 
-#: ../extra/modules/root.ptl:340 ../extra/modules/root.ptl:343
+#: ../extra/modules/root.ptl:363 ../extra/modules/root.ptl:366
 msgid "Login"
 msgstr ""
 
-#: ../extra/modules/root.ptl:473
+#: ../extra/modules/root.ptl:496
 msgid "Debug page"
 msgstr ""
 
-#: ../extra/modules/root.ptl:476
+#: ../extra/modules/root.ptl:499
 msgid "Out-of-flow MSP cookie set"
 msgstr ""
 
-#: ../extra/modules/root.ptl:499
+#: ../extra/modules/root.ptl:530
 msgid "First Name / Last Name"
 msgstr ""
 
-#: ../extra/modules/root.ptl:500
+#: ../extra/modules/root.ptl:531
 msgid "Email"
 msgstr ""
 
-#: ../extra/modules/root.ptl:513
+#: ../extra/modules/root.ptl:544
 msgid "A password will be mailed to you."
 msgstr ""
 
-#: ../extra/modules/root.ptl:518
+#: ../extra/modules/root.ptl:549
 msgid "If you forget your password..."
 msgstr ""
 
-#: ../extra/modules/root.ptl:520
+#: ../extra/modules/root.ptl:551
 msgid "Security question"
 msgstr ""
 
-#: ../extra/modules/root.ptl:521
+#: ../extra/modules/root.ptl:552
 msgid "[Select a question]"
 msgstr ""
 
-#: ../extra/modules/root.ptl:522
+#: ../extra/modules/root.ptl:553
 msgid "Your answer"
 msgstr ""
 
-#: ../extra/modules/root.ptl:524 ../extra/modules/admin.ptl:35
-#: ../extra/modules/admin.ptl:76 ../extra/modules/admin.ptl:121
-#: ../extra/modules/admin.ptl:162 ../extra/modules/admin.ptl:285
-#: ../extra/modules/admin.ptl:317
+#: ../extra/modules/root.ptl:555 ../extra/modules/admin.ptl:35
+#: ../extra/modules/admin.ptl:76 ../extra/modules/admin.ptl:108
+#: ../extra/modules/admin.ptl:149 ../extra/modules/admin.ptl:272
+#: ../extra/modules/admin.ptl:304
 msgid "Submit"
 msgstr ""
 
-#: ../extra/modules/root.ptl:536 ../extra/modules/root.ptl:537
+#: ../extra/modules/root.ptl:567 ../extra/modules/root.ptl:568
 msgid "Registration"
 msgstr ""
 
-#: ../extra/modules/liberty.py:88
-msgid "Failed to get Assertion from identity provider"
-msgstr ""
-
-#: ../extra/modules/liberty.py:99
-#, python-format
-msgid "Response is not Success (%s)"
-msgstr ""
-
-#: ../extra/modules/admin.ptl:29 ../extra/modules/admin.ptl:101
+#: ../extra/modules/admin.ptl:29 ../extra/modules/admin.ptl:102
 msgid "Name"
 msgstr ""
 
@@ -187,109 +178,123 @@ msgid "Deleting National Service:"
 msgstr ""
 
 #: ../extra/modules/admin.ptl:99
-msgid "Collectivity Id"
+msgid "Collectivity SPL Id"
 msgstr ""
 
-#: ../extra/modules/admin.ptl:103
-msgid "None"
+#: ../extra/modules/admin.ptl:104
+msgid "MSP tsId"
 msgstr ""
 
-#: ../extra/modules/admin.ptl:117
-msgid "Collectivity Own Identity Provider"
+#: ../extra/modules/admin.ptl:106
+msgid "URL on Logout"
 msgstr ""
 
-#: ../extra/modules/admin.ptl:119
-msgid "Propose MSP as Identity Provider"
-msgstr ""
-
-#: ../extra/modules/admin.ptl:150 ../extra/modules/admin.ptl:151
+#: ../extra/modules/admin.ptl:137 ../extra/modules/admin.ptl:138
 msgid "Edit Collectivity"
 msgstr ""
 
-#: ../extra/modules/admin.ptl:161
+#: ../extra/modules/admin.ptl:148
 msgid "You are about to irrevocably delete this collectivity."
 msgstr ""
 
-#: ../extra/modules/admin.ptl:167
+#: ../extra/modules/admin.ptl:154
 msgid "Delete Collectivity"
 msgstr ""
 
-#: ../extra/modules/admin.ptl:168
+#: ../extra/modules/admin.ptl:155
 msgid "Deleting Collectivity:"
 msgstr ""
 
-#: ../extra/modules/admin.ptl:189
+#: ../extra/modules/admin.ptl:176
 msgid "New Collectivity"
 msgstr ""
 
-#: ../extra/modules/admin.ptl:190
+#: ../extra/modules/admin.ptl:177
 msgid "New National Service"
 msgstr ""
 
-#: ../extra/modules/admin.ptl:191
-msgid "SP Mapping for MSP"
-msgstr ""
-
-#: ../extra/modules/admin.ptl:192
+#: ../extra/modules/admin.ptl:178
 msgid "Options"
 msgstr ""
 
-#: ../extra/modules/admin.ptl:194
+#: ../extra/modules/admin.ptl:180
 msgid "Collectivities"
 msgstr ""
 
-#: ../extra/modules/admin.ptl:208
+#: ../extra/modules/admin.ptl:186
+msgid "SPL Code: "
+msgstr ""
+
+#: ../extra/modules/admin.ptl:195
 msgid "National Services (for MSP)"
 msgstr ""
 
-#: ../extra/modules/admin.ptl:229 ../extra/modules/admin.ptl:230
+#: ../extra/modules/admin.ptl:216 ../extra/modules/admin.ptl:217
 msgid "New Adeline Collectivity"
 msgstr ""
 
-#: ../extra/modules/admin.ptl:245 ../extra/modules/admin.ptl:246
+#: ../extra/modules/admin.ptl:232 ../extra/modules/admin.ptl:233
 msgid "New MSP National Service"
 msgstr ""
 
-#: ../extra/modules/admin.ptl:258
+#: ../extra/modules/admin.ptl:245
 msgid "Unknown"
 msgstr ""
 
-#: ../extra/modules/admin.ptl:272
+#: ../extra/modules/admin.ptl:259
 msgid "MSP IdP"
 msgstr ""
 
-#: ../extra/modules/admin.ptl:274
+#: ../extra/modules/admin.ptl:261
 msgid "MSP Portal URL"
 msgstr ""
 
-#: ../extra/modules/admin.ptl:276
+#: ../extra/modules/admin.ptl:263
 msgid "Data Migration URL"
 msgstr ""
 
-#: ../extra/modules/admin.ptl:278
+#: ../extra/modules/admin.ptl:265
 msgid "MSP Session Image URL"
 msgstr ""
 
-#: ../extra/modules/admin.ptl:280
+#: ../extra/modules/admin.ptl:267
 msgid "MSP New Account URL"
 msgstr ""
 
-#: ../extra/modules/admin.ptl:282
+#: ../extra/modules/admin.ptl:269
 msgid "HTTP Authentication Tuple"
 msgstr ""
 
-#: ../extra/modules/admin.ptl:284
+#: ../extra/modules/admin.ptl:271
 msgid "Format: username:password"
 msgstr ""
 
-#: ../extra/modules/admin.ptl:291 ../extra/modules/admin.ptl:292
+#: ../extra/modules/admin.ptl:278 ../extra/modules/admin.ptl:279
 msgid "Adeline Options"
 msgstr ""
 
-#: ../extra/modules/admin.ptl:321 ../extra/modules/admin.ptl:322
+#: ../extra/modules/admin.ptl:308 ../extra/modules/admin.ptl:309
 msgid "MSP SP Mapping"
 msgstr ""
 
-#: ../extra/modules/admin.ptl:344
+#: ../extra/modules/admin.ptl:331
 msgid "Adeline"
 msgstr ""
+
+#: ../extra/modules/liberty.py:109 ../extra/modules/liberty.py:167
+#: ../extra/modules/liberty.py:177
+msgid "Home"
+msgstr ""
+
+#: ../extra/modules/liberty.py:111
+msgid "request origin"
+msgstr ""
+
+#: ../extra/modules/liberty.py:131
+msgid "Failed to get Assertion from identity provider"
+msgstr ""
+
+#: ../extra/modules/liberty.py:167 ../extra/modules/liberty.py:177
+#, python-format
+msgid "Response is not Success (%s)"
+msgstr ""
diff --git a/po/fr.po b/po/fr.po
index ad265d7..06cfcbb 100644
--- a/po/fr.po
+++ b/po/fr.po
@@ -5,7 +5,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: Authentic 0\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2008-10-15 13:32+0200\n"
+"POT-Creation-Date: 2008-11-25 19:53+0100\n"
 "PO-Revision-Date: 2007-03-13 13:15+0100\n"
 "Last-Translator: Pierre Cros <pcros@entrouvert.com>\n"
 "Language-Team: French\n"
@@ -14,155 +14,144 @@ msgstr ""
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=2; plural=n>1;\n"
 
-#: ../extra/modules/root.ptl:99 ../extra/modules/root.ptl:142
-#: ../extra/modules/root.ptl:145
+#: ../extra/modules/root.ptl:101 ../extra/modules/root.ptl:144
+#: ../extra/modules/root.ptl:147
 msgid "Connect"
 msgstr "Se connecter"
 
-#: ../extra/modules/root.ptl:118
+#: ../extra/modules/root.ptl:120
 msgid "Your keyring allows you to access..."
 msgstr ""
-"Votre porte-clé vous permet d'accéder de manière unique à nos services "
-"ainsi qu'à ceux proposés par nos partenaires."
+"Votre porte-clé vous permet d'accéder de manière unique à nos services ainsi "
+"qu'à ceux proposés par nos partenaires."
 
-#: ../extra/modules/root.ptl:122
+#: ../extra/modules/root.ptl:124
 msgid "To access to the service of your choice..."
 msgstr ""
-"Pour accéder au service de votre choix, cliquez sur le bouton « Se "
-"connecter »."
+"Pour accéder au service de votre choix, cliquez sur le bouton « Se connecter "
+"»."
 
-#: ../extra/modules/root.ptl:128
+#: ../extra/modules/root.ptl:130
 msgid "Your local services"
 msgstr "Vos services communaux"
 
-#: ../extra/modules/root.ptl:133
+#: ../extra/modules/root.ptl:135
 msgid "Our partners services"
 msgstr "Les services de nos partenaires"
 
-#: ../extra/modules/root.ptl:142
+#: ../extra/modules/root.ptl:144
 msgid "Access MSP"
 msgstr "Accéder à mon.Service-Public.fr"
 
-#: ../extra/modules/root.ptl:142
+#: ../extra/modules/root.ptl:144
 msgid "Remove Link"
 msgstr "Supprimer la liaison"
 
-#: ../extra/modules/root.ptl:145
+#: ../extra/modules/root.ptl:147
 msgid "Create a Link with MSP"
 msgstr "Créer une liaison avec mon.Service-Public.fr"
 
-#: ../extra/modules/root.ptl:149
+#: ../extra/modules/root.ptl:151
 #, python-format
 msgid "Log on %s"
 msgstr "Se connecter à %s"
 
-#: ../extra/modules/root.ptl:154
+#: ../extra/modules/root.ptl:156
 msgid "Debug"
 msgstr "Débuguage"
 
-#: ../extra/modules/root.ptl:156
+#: ../extra/modules/root.ptl:158
 msgid "Reset account federations and offerings"
 msgstr "Réinitialiser le compte (fédérations et offres de ressources)"
 
-#: ../extra/modules/root.ptl:174
+#: ../extra/modules/root.ptl:176
 msgid "Username (your email address)"
 msgstr "Identifiant (votre adresse électronique)"
 
-#: ../extra/modules/root.ptl:176 ../extra/modules/root.ptl:507
+#: ../extra/modules/root.ptl:178 ../extra/modules/root.ptl:538
 msgid "Username"
 msgstr "Identifiant"
 
-#: ../extra/modules/root.ptl:177 ../extra/modules/root.ptl:511
+#: ../extra/modules/root.ptl:179 ../extra/modules/root.ptl:542
 msgid "Password"
 msgstr "Mot de passe"
 
-#: ../extra/modules/root.ptl:179
+#: ../extra/modules/root.ptl:181
 msgid "Log in"
 msgstr "S'identifier"
 
-#: ../extra/modules/root.ptl:182
+#: ../extra/modules/root.ptl:184
 #, python-format
 msgid "Move to %s Identity Provider"
 msgstr "Aller sur le fournisseur d'identités de %s"
 
-#: ../extra/modules/root.ptl:187 ../extra/modules/root.ptl:525
+#: ../extra/modules/root.ptl:189 ../extra/modules/root.ptl:556
 #: ../extra/modules/admin.ptl:36 ../extra/modules/admin.ptl:77
-#: ../extra/modules/admin.ptl:122 ../extra/modules/admin.ptl:163
-#: ../extra/modules/admin.ptl:286 ../extra/modules/admin.ptl:318
+#: ../extra/modules/admin.ptl:109 ../extra/modules/admin.ptl:150
+#: ../extra/modules/admin.ptl:273 ../extra/modules/admin.ptl:305
 msgid "Cancel"
 msgstr "Annuler"
 
-#: ../extra/modules/root.ptl:195
+#: ../extra/modules/root.ptl:197
 msgid "MSP Identity Provider Id is not known."
 msgstr "L'identifiant du fournisseur d'identités MSP n'est pas connu."
 
-#: ../extra/modules/root.ptl:335
+#: ../extra/modules/root.ptl:358
 msgid "Authentication Failure"
 msgstr "Erreur d'authentification"
 
-#: ../extra/modules/root.ptl:340 ../extra/modules/root.ptl:343
+#: ../extra/modules/root.ptl:363 ../extra/modules/root.ptl:366
 msgid "Login"
 msgstr "Connexion"
 
-#: ../extra/modules/root.ptl:473
+#: ../extra/modules/root.ptl:496
 msgid "Debug page"
 msgstr "Page de débuguage"
 
-#: ../extra/modules/root.ptl:476
+#: ../extra/modules/root.ptl:499
 msgid "Out-of-flow MSP cookie set"
 msgstr "Cookie MSP positionné hors du déroulé"
 
-#: ../extra/modules/root.ptl:499
+#: ../extra/modules/root.ptl:530
 msgid "First Name / Last Name"
 msgstr "Prénom / Nom"
 
-#: ../extra/modules/root.ptl:500
+#: ../extra/modules/root.ptl:531
 msgid "Email"
 msgstr "Courriel"
 
-#: ../extra/modules/root.ptl:513
+#: ../extra/modules/root.ptl:544
 msgid "A password will be mailed to you."
 msgstr "Un mot de passe vous sera envoyé par courriel."
 
-#: ../extra/modules/root.ptl:518
+#: ../extra/modules/root.ptl:549
 msgid "If you forget your password..."
 msgstr "Si vous oubliez votre mot de passe..."
 
-#: ../extra/modules/root.ptl:520
+#: ../extra/modules/root.ptl:551
 msgid "Security question"
 msgstr "Question de sécurité"
 
-#: ../extra/modules/root.ptl:521
+#: ../extra/modules/root.ptl:552
 msgid "[Select a question]"
 msgstr "[Choisissez une question]"
 
-#: ../extra/modules/root.ptl:522
+#: ../extra/modules/root.ptl:553
 msgid "Your answer"
 msgstr "Votre réponse"
 
-#: ../extra/modules/root.ptl:524 ../extra/modules/admin.ptl:35
-#: ../extra/modules/admin.ptl:76 ../extra/modules/admin.ptl:121
-#: ../extra/modules/admin.ptl:162 ../extra/modules/admin.ptl:285
-#: ../extra/modules/admin.ptl:317
+#: ../extra/modules/root.ptl:555 ../extra/modules/admin.ptl:35
+#: ../extra/modules/admin.ptl:76 ../extra/modules/admin.ptl:108
+#: ../extra/modules/admin.ptl:149 ../extra/modules/admin.ptl:272
+#: ../extra/modules/admin.ptl:304
 msgid "Submit"
 msgstr "Valider"
 
-#: ../extra/modules/root.ptl:536 ../extra/modules/root.ptl:537
+#: ../extra/modules/root.ptl:567 ../extra/modules/root.ptl:568
 msgid "Registration"
 msgstr "Inscription"
 
-#: ../extra/modules/liberty.py:88
-msgid "Failed to get Assertion from identity provider"
-msgstr ""
-"Tentative ratée de récupérer une assertion depuis le fournisseur "
-"d'identité"
-
-#: ../extra/modules/liberty.py:99
-#, python-format
-msgid "Response is not Success (%s)"
-msgstr "La réponse n'est pas \"Success\" (%s)"
-
-#: ../extra/modules/admin.ptl:29 ../extra/modules/admin.ptl:101
+#: ../extra/modules/admin.ptl:29 ../extra/modules/admin.ptl:102
 msgid "Name"
 msgstr "Nom"
 
@@ -191,119 +180,146 @@ msgid "Deleting National Service:"
 msgstr "Suppression du service national :"
 
 #: ../extra/modules/admin.ptl:99
-msgid "Collectivity Id"
+#, fuzzy
+msgid "Collectivity SPL Id"
 msgstr "Id de collectivité"
 
-#: ../extra/modules/admin.ptl:103
-msgid "None"
-msgstr "Aucun"
+#: ../extra/modules/admin.ptl:104
+#, fuzzy
+msgid "MSP tsId"
+msgstr "IdP MSP"
 
-#: ../extra/modules/admin.ptl:117
-msgid "Collectivity Own Identity Provider"
-msgstr "Fournisseur d'identités de la collectivité"
+#: ../extra/modules/admin.ptl:106
+#, fuzzy
+msgid "URL on Logout"
+msgstr "Déconnexion globale"
 
-#: ../extra/modules/admin.ptl:119
-msgid "Propose MSP as Identity Provider"
-msgstr "Proposer MSP comme fournisseur d'identités"
-
-#: ../extra/modules/admin.ptl:150 ../extra/modules/admin.ptl:151
+#: ../extra/modules/admin.ptl:137 ../extra/modules/admin.ptl:138
 msgid "Edit Collectivity"
 msgstr "Modifier la collectivité"
 
-#: ../extra/modules/admin.ptl:161
+#: ../extra/modules/admin.ptl:148
 msgid "You are about to irrevocably delete this collectivity."
 msgstr "Vous allez définitivement supprimer cette collectivité."
 
-#: ../extra/modules/admin.ptl:167
+#: ../extra/modules/admin.ptl:154
 msgid "Delete Collectivity"
 msgstr "Supprimer la collectivité"
 
-#: ../extra/modules/admin.ptl:168
+#: ../extra/modules/admin.ptl:155
 msgid "Deleting Collectivity:"
 msgstr "Suppression de la collectivité :"
 
-#: ../extra/modules/admin.ptl:189
+#: ../extra/modules/admin.ptl:176
 msgid "New Collectivity"
 msgstr "Nouvelle collectivité"
 
-#: ../extra/modules/admin.ptl:190
+#: ../extra/modules/admin.ptl:177
 msgid "New National Service"
 msgstr "Nouveau service national"
 
-#: ../extra/modules/admin.ptl:191
-msgid "SP Mapping for MSP"
-msgstr "Mapping des SP pour MSP"
-
-#: ../extra/modules/admin.ptl:192
+#: ../extra/modules/admin.ptl:178
 msgid "Options"
 msgstr "Options"
 
-#: ../extra/modules/admin.ptl:194
+#: ../extra/modules/admin.ptl:180
 msgid "Collectivities"
 msgstr "Collectivités"
 
-#: ../extra/modules/admin.ptl:208
+#: ../extra/modules/admin.ptl:186
+msgid "SPL Code: "
+msgstr ""
+
+#: ../extra/modules/admin.ptl:195
 msgid "National Services (for MSP)"
 msgstr "Services nationaux (pour MSP)"
 
-#: ../extra/modules/admin.ptl:229 ../extra/modules/admin.ptl:230
+#: ../extra/modules/admin.ptl:216 ../extra/modules/admin.ptl:217
 msgid "New Adeline Collectivity"
 msgstr "Nouvelle collectivité Adeline"
 
-#: ../extra/modules/admin.ptl:245 ../extra/modules/admin.ptl:246
+#: ../extra/modules/admin.ptl:232 ../extra/modules/admin.ptl:233
 msgid "New MSP National Service"
 msgstr "Nouveau service national MSP"
 
-#: ../extra/modules/admin.ptl:258
+#: ../extra/modules/admin.ptl:245
 msgid "Unknown"
 msgstr "Inconnu"
 
-#: ../extra/modules/admin.ptl:272
+#: ../extra/modules/admin.ptl:259
 msgid "MSP IdP"
 msgstr "IdP MSP"
 
-#: ../extra/modules/admin.ptl:274
+#: ../extra/modules/admin.ptl:261
 msgid "MSP Portal URL"
 msgstr "Adresse du portail MSP"
 
-#: ../extra/modules/admin.ptl:276
+#: ../extra/modules/admin.ptl:263
 msgid "Data Migration URL"
 msgstr "Adresse pour la migration des données"
 
-#: ../extra/modules/admin.ptl:278
+#: ../extra/modules/admin.ptl:265
 msgid "MSP Session Image URL"
 msgstr "Adresse de l'image de maintien de session MSP"
 
-#: ../extra/modules/admin.ptl:280
+#: ../extra/modules/admin.ptl:267
 msgid "MSP New Account URL"
 msgstr "Adresse de la création de compte MSP"
 
-#: ../extra/modules/admin.ptl:282
+#: ../extra/modules/admin.ptl:269
 msgid "HTTP Authentication Tuple"
 msgstr "Paire pour l'authentification HTTP"
 
-#: ../extra/modules/admin.ptl:284
+#: ../extra/modules/admin.ptl:271
 msgid "Format: username:password"
 msgstr "Format: identifiant:mot-de-passe"
 
-#: ../extra/modules/admin.ptl:291 ../extra/modules/admin.ptl:292
+#: ../extra/modules/admin.ptl:278 ../extra/modules/admin.ptl:279
 msgid "Adeline Options"
 msgstr "Options Adeline"
 
-#: ../extra/modules/admin.ptl:321 ../extra/modules/admin.ptl:322
+#: ../extra/modules/admin.ptl:308 ../extra/modules/admin.ptl:309
 msgid "MSP SP Mapping"
 msgstr "Mapping SP MSP"
 
-#: ../extra/modules/admin.ptl:344
+#: ../extra/modules/admin.ptl:331
 msgid "Adeline"
 msgstr "Adeline"
 
+#: ../extra/modules/liberty.py:109 ../extra/modules/liberty.py:167
+#: ../extra/modules/liberty.py:177
+msgid "Home"
+msgstr ""
+
+#: ../extra/modules/liberty.py:111
+msgid "request origin"
+msgstr ""
+
+#: ../extra/modules/liberty.py:131
+msgid "Failed to get Assertion from identity provider"
+msgstr ""
+"Tentative ratée de récupérer une assertion depuis le fournisseur d'identité"
+
+#: ../extra/modules/liberty.py:167 ../extra/modules/liberty.py:177
+#, python-format
+msgid "Response is not Success (%s)"
+msgstr "La réponse n'est pas \"Success\" (%s)"
+
+#~ msgid "None"
+#~ msgstr "Aucun"
+
+#~ msgid "Collectivity Own Identity Provider"
+#~ msgstr "Fournisseur d'identités de la collectivité"
+
+#~ msgid "Propose MSP as Identity Provider"
+#~ msgstr "Proposer MSP comme fournisseur d'identités"
+
+#~ msgid "SP Mapping for MSP"
+#~ msgstr "Mapping des SP pour MSP"
+
 #~ msgid "Welcome to your keyring"
 #~ msgstr "Bienvenue dans votre porte-clés"
 
-#~ msgid "Global Logout"
-#~ msgstr "Déconnexion globale"
-
 #~ msgid "To access to this service you must identify first"
 #~ msgstr ""
 #~ "Pour accéder à ce service, vous devez au préalable vous identifier en "

From de376a1c8ed235f21eea2e6c0c0747dc64d66d25 Mon Sep 17 00:00:00 2001
From: root <root@adelauth>
Date: Sat, 29 Nov 2008 09:45:07 +0100
Subject: [PATCH 16/18] Fix difference between adeline and default theme

---
 data/themes/adeline/template.ezt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/data/themes/adeline/template.ezt b/data/themes/adeline/template.ezt
index 89977c0..d49613c 100644
--- a/data/themes/adeline/template.ezt
+++ b/data/themes/adeline/template.ezt
@@ -5,7 +5,7 @@
   <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/>
   <link rel="stylesheet" href="/themes/adeline/styles/cdc_structure.css" media="all" />
 </head>
-<body>
+<body[if-any onload] onload="[onload]"[end]>
 <div id="cdc_page" style="width:550px">
 
 <div class="cdc_bloc" id="cdc_bloc_demarches">

From 7481556f307f5b9b50b9ff237149cd62edfad0fe Mon Sep 17 00:00:00 2001
From: root <root@adelauth>
Date: Tue, 2 Dec 2008 11:56:40 +0100
Subject: [PATCH 17/18] Add missing link for account creation and fix logout
 link

 - Add a link to /register
 - Change logout link from /logout to /singleLogout
---
 data/themes/adeline/template.ezt | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/data/themes/adeline/template.ezt b/data/themes/adeline/template.ezt
index d49613c..9444aa4 100644
--- a/data/themes/adeline/template.ezt
+++ b/data/themes/adeline/template.ezt
@@ -15,7 +15,7 @@
 			[if-any user]
 			[else]
 			<div class="cdc_connexion">
-                                <div class="cdc_creer"><span>CR&Eacute;ER MON COMPTE</span></div>
+                                <div class="cdc_creer"><a href="/register"><span>CR&Eacute;ER MON COMPTE</span></a></div>
                                 <div class="cdc_identifier"><span>M'IDENTIFIER</span></div>
 			</div>
 			[end]
@@ -37,7 +37,7 @@
     <div class="cdc_coinhaut">
       <div class="cdc_bandeau">
         <h2>Bienvenue [user]</h2>
-	<div class="cdc_bouton"><a href="/logout">ME D&Eacute;CONNECTER</a></div>
+	<div class="cdc_bouton"><a href="/singleLogout">ME D&Eacute;CONNECTER</a></div>
 	<div class="cdc_mrpropre">&nbsp;</div>
       </div>
     </div>

From 7d5030c8d33417bb1db7477cfcc2c313062f536e Mon Sep 17 00:00:00 2001
From: root <root@adelauth>
Date: Mon, 8 Dec 2008 14:24:53 +0100
Subject: [PATCH 18/18]  * extra/modules/liberty.py:   - (mspProxyEndpoint)
 produce a common end block, remote multiple return statements, print returned
 body.   - (do_modify_msp_for_pp) add code to query MSP and only update
 changed fields.

---
 extra/modules/liberty.py | 72 +++++++++++++++++++++++++---------------
 1 file changed, 45 insertions(+), 27 deletions(-)

diff --git a/extra/modules/liberty.py b/extra/modules/liberty.py
index de7fb61..a6750dd 100644
--- a/extra/modules/liberty.py
+++ b/extra/modules/liberty.py
@@ -512,6 +512,7 @@ class AlternateLibertyDirectory(authentic.liberty.root.RootDirectory):
     def mspProxyEndpoint(self):
         request = get_request()
         ctype = request.environ.get("CONTENT_TYPE")
+        body = None
         if not ctype:
             get_logger().warn('SOAP Endpoint got message without content-type')
             return
@@ -555,7 +556,7 @@ class AlternateLibertyDirectory(authentic.liberty.root.RootDirectory):
                 if '/ad:PersonalDocument' in query_items:
                     resource, redirect_url, messageId = self.get_msp_document(identity, messageId)
                 else:
-                    resource = self.query_msp_for_pp(service_href, identity, query_items)
+                    resource = self.query_msp_for_pp(service_href, identity)
                     redirect_url = None
                 if resource:
                     service.resourceData = resource
@@ -571,7 +572,7 @@ class AlternateLibertyDirectory(authentic.liberty.root.RootDirectory):
                     raise Exception('No Resource!!!')
 
                 service.buildResponseMsg()
-                return service.msgBody
+                body = service.msgBody
 
 
             if request_type == lasso.REQUEST_TYPE_DST_MODIFY:
@@ -594,10 +595,7 @@ class AlternateLibertyDirectory(authentic.liberty.root.RootDirectory):
                 except:
                     pass # XXX: build deny request
                 resource = self.init_modify_msp_for_pp(service_href, modify_items)
-                if resource:
-                    service.resourceData = resource
-                else:
-                    return 'ERROR'
+                service.resourceData = resource
                 service.buildModifyResponseMsg()
                 result, messageId = self.do_modify_msp_for_pp(service_href, identity, service.resourceData, messageId)
                 if result and result != 'Ok':
@@ -611,15 +609,15 @@ class AlternateLibertyDirectory(authentic.liberty.root.RootDirectory):
                     service.needRedirectUser(result)
                     
                 service.buildModifyResponseMsg()
-                return service.msgBody
+                body = service.msgBody
         except RedirectException, redirect_exception:
             soap_fault = self.get_redirect_soap_fault(redirect_exception.redirect_url, messageId)
             body = soap_fault.exportToXml()
-            return body
-        except:
+        except Exception, exception:
             fp = StringIO.StringIO()
             traceback.print_exc(file=fp)
             msg = fp.getvalue()
+            print msg
             body = '''<Envelope xmlns="http://schemas.xmlsoap.org/soap/envelope/">
     <Header/>
     <Body>
@@ -630,7 +628,7 @@ class AlternateLibertyDirectory(authentic.liberty.root.RootDirectory):
     </Fault>
     </Body>
     </Envelope>''' % xml.sax.saxutils.escape(msg)
-            return body
+        return body
 
     msp_oids = {
         'OID.1.1.1' : { 'name': 'lbNomFamille'},
@@ -714,7 +712,7 @@ class AlternateLibertyDirectory(authentic.liberty.root.RootDirectory):
     </PP>
 '''
 
-    def query_msp_for_pp(self, service_type, identity, query_items):
+    def query_msp_for_pp(self, service_type, identity, wsc_proxy_service = None):
         # 1st, get current user session
         sessions = [x for x in get_session_manager().values() if x.user == identity.id]
         sessions.sort(lambda x,y: cmp(x.get_creation_time(), y.get_creation_time()))
@@ -725,7 +723,8 @@ class AlternateLibertyDirectory(authentic.liberty.root.RootDirectory):
         # 2nd, query MSP
 
         # Init ReadOid request
-        wsc_proxy_service = self.msp_disco_query(latest_session)
+        if not wsc_proxy_service:
+            wsc_proxy_service = self.msp_disco_query(latest_session)
         wsc_proxy_service.initReadOidRequest(lasso.SECURITY11_MECH_TLS_SAML)
         # FIXME: set appropriate teleserviceId
         wsc_proxy_service.request.teleserviceId = '1001'
@@ -807,21 +806,40 @@ class AlternateLibertyDirectory(authentic.liberty.root.RootDirectory):
 
         # Init UpdateOid request
         wsc_proxy_service = self.msp_disco_query(latest_session)
-        wsc_proxy_service.initUpdateOidRequest(lasso.SECURITY11_MECH_TLS_SAML)
-        wsc_proxy_service.request.teleserviceId = '1001'
-        if service_type == adeline_urn:
-            modify_oids = []
-            pp = ET.XML(resource_data)
-            for oid in self.msp_oids:
-                name = self.msp_oids[oid]['name']
-                item = pp.findall('{%s}%s' % (adeline_urn, name))
-                if item:
-                    item = item[0]
-                    if item.text != dummy_value:
-                        text = item.text
-                        if text == None:
-                            text = ""
-                        wsc_proxy_service.addUpdateOidItem(oid, text.encode('utf-8'))
+        try:
+            # Get previous datas
+            old_datas = self.query_msp_for_pp(service_type, identity)
+            wsc_proxy_service.initUpdateOidRequest(lasso.SECURITY11_MECH_TLS_SAML)
+            wsc_proxy_service.request.teleserviceId = '1001'
+            if service_type == adeline_urn:
+                modify_oids = []
+                pp = ET.XML(resource_data)
+                if old_datas:
+                    oldpp = ET.XML(old_datas)
+                else:
+                    oldpp = None
+                for oid in self.msp_oids:
+                    name = self.msp_oids[oid]['name']
+                    item = pp.findall('{%s}%s' % (adeline_urn, name))
+                    olditem = oldpp.findall('{%s}%s' % (adeline_urn, name))
+                    if item:
+                        item = item[0]
+                        if item.text != dummy_value:
+                            text = item.text
+                            if text == None:
+                                text = ""
+                            if olditem:
+                                olditem = olditem[0]
+                            if olditem is not None:
+                                olditem = olditem.text
+                            if olditem is None:
+                                olditem = ""
+                            if olditem is not None and text != olditem:
+                                wsc_proxy_service.addUpdateOidItem(oid, text.encode('utf-8'))
+        except Exception, exception:
+            print 'Got an exception in new code'
+            print exception
+            raise exception
         if service_type == lasso.PP_HREF:
             pass # FIXME
         # Add interaction service header