include simplesamlphp and fix sso

This commit is contained in:
Jérôme Schneider 2013-06-07 12:19:28 +02:00
parent bf196f5d5d
commit 148696b03f
1013 changed files with 129367 additions and 33 deletions

View File

@ -17,8 +17,12 @@ include_spip('inc/session');
include_spip('inc/cookie');
include_spip('inc/texte');
/* Loading simplesamlphp */
include_spip('inc/simplesamlphp/lib/_autoload');
// http://doc.spip.org/@balise_URL_LOGOUT
function balise_LOGIN_SAML ($p) {
spip_log("[auth_saml] balise_LOGIN_SAML");
return calculer_balise_dynamique($p,'LOGIN_SAML', array());
}
@ -31,31 +35,27 @@ function balise_LOGIN_SAML_stat ($args, $filtres) {
// http://doc.spip.org/@balise_URL_LOGOUT_dyn
function balise_LOGIN_SAML_dyn()
{
$simplesaml = new SimpleSAML_Auth_Simple('default-sp');
global $simplesaml;
spip_log("[auth_saml] balise_LOGIN_SAML_dyn");
if (!$simplesaml->isAuthenticated()) {
$url = lire_config('saml/login_url');
spip_log("[auth_saml] login url =".$url);
// Appeler le squelette du formulaire de login
return array('formulaires/saml',
$GLOBALS['delais']);
spip_log("[auth_saml] required auth");
$simplesaml->requireAuth();
}
else return login_saml_successfull();
}
function login_saml_successfull()
function login_saml_successfull()
{
global $simplesaml;
$simplesaml = new SimpleSAML_Auth_Simple('default-sp');
spip_log("[auth_saml] Traitement login SAML");
$attributes = $simplesaml->getAttributes();
$login = $attributes['uid'][0];
$first_name = $attributes['gn'][0];
$last_name = $attributes['sn'][0];
$last_name = $attributes['Nom'][0];
$email = $attributes['email'][0];
$given_name = $first_name . ' ' . $last_name;
@ -70,12 +70,8 @@ function login_saml_successfull()
if ($row_auteur) {
$GLOBALS['auteur_session'] = $row_auteur;
spip_log("[auth_saml] updating user [" . $login . "] attributes : ".\
$given_name);
spip_query("UPDATE spip_auteurs SET nom=" . \
_q($display_name) . \
", email=" . _q($email) . \
" WHERE login="._q($login));
spip_log("[auth_saml] updating user [" . $login . "] attributes : ". $given_name);
spip_query("UPDATE spip_auteurs SET nom=" . _q($display_name) . ", email=" . _q($email) . " WHERE login="._q($login));
$session = charger_fonction('session', 'inc');
$cookie_session = $session($row_auteur);

511
inc/simplesamlphp/COPYING Normal file
View File

@ -0,0 +1,511 @@
Copyright 2007-2009 UNINETT AS, http://www.uninett.no
SimpleSAMLphp is licensed under the CC-GNU LGPL version 2.1.
http://creativecommons.org/licenses/LGPL/2.1/
Note that some of the embedded libraries may be using other licenses.
In example xmlseclibs uses BSD license.
--
GNU LESSER GENERAL PUBLIC LICENSE
Version 2.1, February 1999
Copyright (C) 1991, 1999 Free Software Foundation, Inc.
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.
[This is the first released version of the Lesser GPL. It also counts
as the successor of the GNU Library Public License, version 2, hence
the version number 2.1.]
Preamble
The licenses for most software are designed to take away your
freedom to share and change it. By contrast, the GNU General Public
Licenses are intended to guarantee your freedom to share and change
free software--to make sure the software is free for all its users.
This license, the Lesser General Public License, applies to some
specially designated software packages--typically libraries--of the
Free Software Foundation and other authors who decide to use it. You
can use it too, but we suggest you first think carefully about whether
this license or the ordinary General Public License is the better
strategy to use in any particular case, based on the explanations below.
When we speak of free software, we are referring to freedom of use,
not price. Our General Public Licenses are designed to make sure that
you have the freedom to distribute copies of free software (and charge
for this service if you wish); that you receive source code or can get
it if you want it; that you can change the software and use pieces of
it in new free programs; and that you are informed that you can do
these things.
To protect your rights, we need to make restrictions that forbid
distributors to deny you these rights or to ask you to surrender these
rights. These restrictions translate to certain responsibilities for
you if you distribute copies of the library or if you modify it.
For example, if you distribute copies of the library, whether gratis
or for a fee, you must give the recipients all the rights that we gave
you. You must make sure that they, too, receive or can get the source
code. If you link other code with the library, you must provide
complete object files to the recipients, so that they can relink them
with the library after making changes to the library and recompiling
it. And you must show them these terms so they know their rights.
We protect your rights with a two-step method: (1) we copyright the
library, and (2) we offer you this license, which gives you legal
permission to copy, distribute and/or modify the library.
To protect each distributor, we want to make it very clear that
there is no warranty for the free library. Also, if the library is
modified by someone else and passed on, the recipients should know
that what they have is not the original version, so that the original
author's reputation will not be affected by problems that might be
introduced by others.
Finally, software patents pose a constant threat to the existence of
any free program. We wish to make sure that a company cannot
effectively restrict the users of a free program by obtaining a
restrictive license from a patent holder. Therefore, we insist that
any patent license obtained for a version of the library must be
consistent with the full freedom of use specified in this license.
Most GNU software, including some libraries, is covered by the
ordinary GNU General Public License. This license, the GNU Lesser
General Public License, applies to certain designated libraries, and
is quite different from the ordinary General Public License. We use
this license for certain libraries in order to permit linking those
libraries into non-free programs.
When a program is linked with a library, whether statically or using
a shared library, the combination of the two is legally speaking a
combined work, a derivative of the original library. The ordinary
General Public License therefore permits such linking only if the
entire combination fits its criteria of freedom. The Lesser General
Public License permits more lax criteria for linking other code with
the library.
We call this license the "Lesser" General Public License because it
does Less to protect the user's freedom than the ordinary General
Public License. It also provides other free software developers Less
of an advantage over competing non-free programs. These disadvantages
are the reason we use the ordinary General Public License for many
libraries. However, the Lesser license provides advantages in certain
special circumstances.
For example, on rare occasions, there may be a special need to
encourage the widest possible use of a certain library, so that it becomes
a de-facto standard. To achieve this, non-free programs must be
allowed to use the library. A more frequent case is that a free
library does the same job as widely used non-free libraries. In this
case, there is little to gain by limiting the free library to free
software only, so we use the Lesser General Public License.
In other cases, permission to use a particular library in non-free
programs enables a greater number of people to use a large body of
free software. For example, permission to use the GNU C Library in
non-free programs enables many more people to use the whole GNU
operating system, as well as its variant, the GNU/Linux operating
system.
Although the Lesser General Public License is Less protective of the
users' freedom, it does ensure that the user of a program that is
linked with the Library has the freedom and the wherewithal to run
that program using a modified version of the Library.
The precise terms and conditions for copying, distribution and
modification follow. Pay close attention to the difference between a
"work based on the library" and a "work that uses the library". The
former contains code derived from the library, whereas the latter must
be combined with the library in order to run.
GNU LESSER GENERAL PUBLIC LICENSE
TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
0. This License Agreement applies to any software library or other
program which contains a notice placed by the copyright holder or
other authorized party saying it may be distributed under the terms of
this Lesser General Public License (also called "this License").
Each licensee is addressed as "you".
A "library" means a collection of software functions and/or data
prepared so as to be conveniently linked with application programs
(which use some of those functions and data) to form executables.
The "Library", below, refers to any such software library or work
which has been distributed under these terms. A "work based on the
Library" means either the Library or any derivative work under
copyright law: that is to say, a work containing the Library or a
portion of it, either verbatim or with modifications and/or translated
straightforwardly into another language. (Hereinafter, translation is
included without limitation in the term "modification".)
"Source code" for a work means the preferred form of the work for
making modifications to it. For a library, complete source code means
all the source code for all modules it contains, plus any associated
interface definition files, plus the scripts used to control compilation
and installation of the library.
Activities other than copying, distribution and modification are not
covered by this License; they are outside its scope. The act of
running a program using the Library is not restricted, and output from
such a program is covered only if its contents constitute a work based
on the Library (independent of the use of the Library in a tool for
writing it). Whether that is true depends on what the Library does
and what the program that uses the Library does.
1. You may copy and distribute verbatim copies of the Library's
complete source code as you receive it, in any medium, provided that
you conspicuously and appropriately publish on each copy an
appropriate copyright notice and disclaimer of warranty; keep intact
all the notices that refer to this License and to the absence of any
warranty; and distribute a copy of this License along with the
Library.
You may charge a fee for the physical act of transferring a copy,
and you may at your option offer warranty protection in exchange for a
fee.
2. You may modify your copy or copies of the Library or any portion
of it, thus forming a work based on the Library, and copy and
distribute such modifications or work under the terms of Section 1
above, provided that you also meet all of these conditions:
a) The modified work must itself be a software library.
b) You must cause the files modified to carry prominent notices
stating that you changed the files and the date of any change.
c) You must cause the whole of the work to be licensed at no
charge to all third parties under the terms of this License.
d) If a facility in the modified Library refers to a function or a
table of data to be supplied by an application program that uses
the facility, other than as an argument passed when the facility
is invoked, then you must make a good faith effort to ensure that,
in the event an application does not supply such function or
table, the facility still operates, and performs whatever part of
its purpose remains meaningful.
(For example, a function in a library to compute square roots has
a purpose that is entirely well-defined independent of the
application. Therefore, Subsection 2d requires that any
application-supplied function or table used by this function must
be optional: if the application does not supply it, the square
root function must still compute square roots.)
These requirements apply to the modified work as a whole. If
identifiable sections of that work are not derived from the Library,
and can be reasonably considered independent and separate works in
themselves, then this License, and its terms, do not apply to those
sections when you distribute them as separate works. But when you
distribute the same sections as part of a whole which is a work based
on the Library, the distribution of the whole must be on the terms of
this License, whose permissions for other licensees extend to the
entire whole, and thus to each and every part regardless of who wrote
it.
Thus, it is not the intent of this section to claim rights or contest
your rights to work written entirely by you; rather, the intent is to
exercise the right to control the distribution of derivative or
collective works based on the Library.
In addition, mere aggregation of another work not based on the Library
with the Library (or with a work based on the Library) on a volume of
a storage or distribution medium does not bring the other work under
the scope of this License.
3. You may opt to apply the terms of the ordinary GNU General Public
License instead of this License to a given copy of the Library. To do
this, you must alter all the notices that refer to this License, so
that they refer to the ordinary GNU General Public License, version 2,
instead of to this License. (If a newer version than version 2 of the
ordinary GNU General Public License has appeared, then you can specify
that version instead if you wish.) Do not make any other change in
these notices.
Once this change is made in a given copy, it is irreversible for
that copy, so the ordinary GNU General Public License applies to all
subsequent copies and derivative works made from that copy.
This option is useful when you wish to copy part of the code of
the Library into a program that is not a library.
4. You may copy and distribute the Library (or a portion or
derivative of it, under Section 2) in object code or executable form
under the terms of Sections 1 and 2 above provided that you accompany
it with the complete corresponding machine-readable source code, which
must be distributed under the terms of Sections 1 and 2 above on a
medium customarily used for software interchange.
If distribution of object code is made by offering access to copy
from a designated place, then offering equivalent access to copy the
source code from the same place satisfies the requirement to
distribute the source code, even though third parties are not
compelled to copy the source along with the object code.
5. A program that contains no derivative of any portion of the
Library, but is designed to work with the Library by being compiled or
linked with it, is called a "work that uses the Library". Such a
work, in isolation, is not a derivative work of the Library, and
therefore falls outside the scope of this License.
However, linking a "work that uses the Library" with the Library
creates an executable that is a derivative of the Library (because it
contains portions of the Library), rather than a "work that uses the
library". The executable is therefore covered by this License.
Section 6 states terms for distribution of such executables.
When a "work that uses the Library" uses material from a header file
that is part of the Library, the object code for the work may be a
derivative work of the Library even though the source code is not.
Whether this is true is especially significant if the work can be
linked without the Library, or if the work is itself a library. The
threshold for this to be true is not precisely defined by law.
If such an object file uses only numerical parameters, data
structure layouts and accessors, and small macros and small inline
functions (ten lines or less in length), then the use of the object
file is unrestricted, regardless of whether it is legally a derivative
work. (Executables containing this object code plus portions of the
Library will still fall under Section 6.)
Otherwise, if the work is a derivative of the Library, you may
distribute the object code for the work under the terms of Section 6.
Any executables containing that work also fall under Section 6,
whether or not they are linked directly with the Library itself.
6. As an exception to the Sections above, you may also combine or
link a "work that uses the Library" with the Library to produce a
work containing portions of the Library, and distribute that work
under terms of your choice, provided that the terms permit
modification of the work for the customer's own use and reverse
engineering for debugging such modifications.
You must give prominent notice with each copy of the work that the
Library is used in it and that the Library and its use are covered by
this License. You must supply a copy of this License. If the work
during execution displays copyright notices, you must include the
copyright notice for the Library among them, as well as a reference
directing the user to the copy of this License. Also, you must do one
of these things:
a) Accompany the work with the complete corresponding
machine-readable source code for the Library including whatever
changes were used in the work (which must be distributed under
Sections 1 and 2 above); and, if the work is an executable linked
with the Library, with the complete machine-readable "work that
uses the Library", as object code and/or source code, so that the
user can modify the Library and then relink to produce a modified
executable containing the modified Library. (It is understood
that the user who changes the contents of definitions files in the
Library will not necessarily be able to recompile the application
to use the modified definitions.)
b) Use a suitable shared library mechanism for linking with the
Library. A suitable mechanism is one that (1) uses at run time a
copy of the library already present on the user's computer system,
rather than copying library functions into the executable, and (2)
will operate properly with a modified version of the library, if
the user installs one, as long as the modified version is
interface-compatible with the version that the work was made with.
c) Accompany the work with a written offer, valid for at
least three years, to give the same user the materials
specified in Subsection 6a, above, for a charge no more
than the cost of performing this distribution.
d) If distribution of the work is made by offering access to copy
from a designated place, offer equivalent access to copy the above
specified materials from the same place.
e) Verify that the user has already received a copy of these
materials or that you have already sent this user a copy.
For an executable, the required form of the "work that uses the
Library" must include any data and utility programs needed for
reproducing the executable from it. However, as a special exception,
the materials to be distributed need not include anything that is
normally distributed (in either source or binary form) with the major
components (compiler, kernel, and so on) of the operating system on
which the executable runs, unless that component itself accompanies
the executable.
It may happen that this requirement contradicts the license
restrictions of other proprietary libraries that do not normally
accompany the operating system. Such a contradiction means you cannot
use both them and the Library together in an executable that you
distribute.
7. You may place library facilities that are a work based on the
Library side-by-side in a single library together with other library
facilities not covered by this License, and distribute such a combined
library, provided that the separate distribution of the work based on
the Library and of the other library facilities is otherwise
permitted, and provided that you do these two things:
a) Accompany the combined library with a copy of the same work
based on the Library, uncombined with any other library
facilities. This must be distributed under the terms of the
Sections above.
b) Give prominent notice with the combined library of the fact
that part of it is a work based on the Library, and explaining
where to find the accompanying uncombined form of the same work.
8. You may not copy, modify, sublicense, link with, or distribute
the Library except as expressly provided under this License. Any
attempt otherwise to copy, modify, sublicense, link with, or
distribute the Library is void, and will automatically terminate your
rights under this License. However, parties who have received copies,
or rights, from you under this License will not have their licenses
terminated so long as such parties remain in full compliance.
9. You are not required to accept this License, since you have not
signed it. However, nothing else grants you permission to modify or
distribute the Library or its derivative works. These actions are
prohibited by law if you do not accept this License. Therefore, by
modifying or distributing the Library (or any work based on the
Library), you indicate your acceptance of this License to do so, and
all its terms and conditions for copying, distributing or modifying
the Library or works based on it.
10. Each time you redistribute the Library (or any work based on the
Library), the recipient automatically receives a license from the
original licensor to copy, distribute, link with or modify the Library
subject to these terms and conditions. You may not impose any further
restrictions on the recipients' exercise of the rights granted herein.
You are not responsible for enforcing compliance by third parties with
this License.
11. If, as a consequence of a court judgment or allegation of patent
infringement or for any other reason (not limited to patent issues),
conditions are imposed on you (whether by court order, agreement or
otherwise) that contradict the conditions of this License, they do not
excuse you from the conditions of this License. If you cannot
distribute so as to satisfy simultaneously your obligations under this
License and any other pertinent obligations, then as a consequence you
may not distribute the Library at all. For example, if a patent
license would not permit royalty-free redistribution of the Library by
all those who receive copies directly or indirectly through you, then
the only way you could satisfy both it and this License would be to
refrain entirely from distribution of the Library.
If any portion of this section is held invalid or unenforceable under any
particular circumstance, the balance of the section is intended to apply,
and the section as a whole is intended to apply in other circumstances.
It is not the purpose of this section to induce you to infringe any
patents or other property right claims or to contest validity of any
such claims; this section has the sole purpose of protecting the
integrity of the free software distribution system which is
implemented by public license practices. Many people have made
generous contributions to the wide range of software distributed
through that system in reliance on consistent application of that
system; it is up to the author/donor to decide if he or she is willing
to distribute software through any other system and a licensee cannot
impose that choice.
This section is intended to make thoroughly clear what is believed to
be a consequence of the rest of this License.
12. If the distribution and/or use of the Library is restricted in
certain countries either by patents or by copyrighted interfaces, the
original copyright holder who places the Library under this License may add
an explicit geographical distribution limitation excluding those countries,
so that distribution is permitted only in or among countries not thus
excluded. In such case, this License incorporates the limitation as if
written in the body of this License.
13. The Free Software Foundation may publish revised and/or new
versions of the Lesser General Public License from time to time.
Such new versions will be similar in spirit to the present version,
but may differ in detail to address new problems or concerns.
Each version is given a distinguishing version number. If the Library
specifies a version number of this License which applies to it and
"any later version", you have the option of following the terms and
conditions either of that version or of any later version published by
the Free Software Foundation. If the Library does not specify a
license version number, you may choose any version ever published by
the Free Software Foundation.
14. If you wish to incorporate parts of the Library into other free
programs whose distribution conditions are incompatible with these,
write to the author to ask for permission. For software which is
copyrighted by the Free Software Foundation, write to the Free
Software Foundation; we sometimes make exceptions for this. Our
decision will be guided by the two goals of preserving the free status
of all derivatives of our free software and of promoting the sharing
and reuse of software generally.
NO WARRANTY
15. BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE, THERE IS NO
WARRANTY FOR THE LIBRARY, TO THE EXTENT PERMITTED BY APPLICABLE LAW.
EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR
OTHER PARTIES PROVIDE THE LIBRARY "AS IS" WITHOUT WARRANTY OF ANY
KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE
LIBRARY IS WITH YOU. SHOULD THE LIBRARY PROVE DEFECTIVE, YOU ASSUME
THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
16. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN
WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY
AND/OR REDISTRIBUTE THE LIBRARY AS PERMITTED ABOVE, BE LIABLE TO YOU
FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR
CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE
LIBRARY (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING
RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A
FAILURE OF THE LIBRARY TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF
SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH
DAMAGES.
END OF TERMS AND CONDITIONS
How to Apply These Terms to Your New Libraries
If you develop a new library, and you want it to be of the greatest
possible use to the public, we recommend making it free software that
everyone can redistribute and change. You can do so by permitting
redistribution under these terms (or, alternatively, under the terms of the
ordinary General Public License).
To apply these terms, attach the following notices to the library. It is
safest to attach them to the start of each source file to most effectively
convey the exclusion of warranty; and each file should have at least the
"copyright" line and a pointer to where the full notice is found.
<one line to give the library's name and a brief idea of what it does.>
Copyright (C) <year> <name of author>
This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation; either
version 2.1 of the License, or (at your option) any later version.
This library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public
License along with this library; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
Also add information on how to contact you by electronic and paper mail.
You should also get your employer (if you work as a programmer) or your
school, if any, to sign a "copyright disclaimer" for the library, if
necessary. Here is a sample; alter the names:
Yoyodyne, Inc., hereby disclaims all copyright interest in the
library `Frob' (a library for tweaking knobs) written by James Random Hacker.
<signature of Ty Coon>, 1 April 1990
Ty Coon, President of Vice
That's all there is to it!

View File

@ -0,0 +1,22 @@
<?php
$attributemap = array(
'sn' => 'urn:mace:dir:attribute-def:sn',
'telephoneNumber' => 'urn:mace:dir:attribute-def:telephoneNumber',
'facsimileTelephoneNumber' => 'urn:mace:dir:attribute-def:facsimileTelephoneNumber',
'postalAddress' => 'urn:mace:dir:attribute-def:postalAddress',
'givenName' => 'urn:mace:dir:attribute-def:givenName',
'homePhone' => 'urn:mace:dir:attribute-def:homePhone',
'homePostalAddress' => 'urn:mace:dir:attribute-def:homePostalAddress',
'mail' => 'urn:mace:dir:attribute-def:mail',
'mobile' => 'urn:mace:dir:attribute-def:mobile',
'preferredLanguage' => 'urn:mace:dir:attribute-def:preferredLanguage',
'eduPersonPrincipalName' => 'urn:mace:dir:attribute-def:eduPersonPrincipalName',
'eduPersonAffiliation' => 'urn:mace:dir:attribute-def:eduPersonAffiliation',
'eduPersonScopedAffiliation' => 'urn:mace:dir:attribute-def:eduPersonScopedAffiliation',
'eduPersonEntitlement' => 'urn:mace:dir:attribute-def:eduPersonEntitlement',
'eduPersonOrgDN' => 'urn:mace:dir:attribute-def:eduPersonOrgDN',
'eduPersonOrgUnitDN' => 'urn:mace:dir:attribute-def:eduPersonOrgUnitDN',
);
?>

View File

@ -0,0 +1,21 @@
<?php
$attributemap = array(
// Generated Facebook Attributes
'facebook_user' => 'eduPersonPrincipalName', // username OR uid @ facebook.com
'facebook_targetedID' => 'eduPersonTargetedID', // http://facebook.com!uid
'facebook_cn' => 'cn', // duplicate of displayName
// Attributes Returned by Facebook
'facebook.first_name' => 'givenName',
'facebook.last_name' => 'sn',
'facebook.name' => 'displayName', // or 'cn'
'facebook.email' => 'mail',
//'facebook.pic' => 'jpegPhoto', // URL not image data
//'facebook.pic_square' => 'jpegPhoto', // URL not image data
'facebook.username' => 'uid', // facebook username (maybe blank)
//'facebook.uid' => 'uid', // numeric facebook user id
'facebook.profile_url' => 'labeledURI',
'facebook.locale' => 'preferredLanguage',
'facebook.about_me' => 'description',
);

View File

@ -0,0 +1,41 @@
<?php
$attributemap = array(
'mobile' => 'urn:mace:dir:attribute-def:mobile',
'displayName' => 'urn:oid:2.16.840.1.113730.3.1.241',
);
/*
ShibMapAttribute urn:mace:dir:attribute-def:sn Shib-LDAP-Surname surname
ShibMapAttribute urn:mace:dir:attribute-def:telephoneNumber Shib-LDAP-telephoneNumber telephoneNumber
ShibMapAttribute urn:mace:dir:attribute-def:facsimileTelephoneNumber Shib-LDAP-facsimileTelephoneNumber facsimileTelephoneNumber
ShibMapAttribute urn:mace:dir:attribute-def:postalAddress Shib-LDAP-postalAddress postalAddress
ShibMapAttribute urn:mace:dir:attribute-def:givenName Shib-LDAP-givenName givenName
ShibMapAttribute urn:mace:dir:attribute-def:homePhone Shib-LDAP-homePhone homePhone
ShibMapAttribute urn:mace:dir:attribute-def:homePostalAddress Shib-LDAP-homePostalAddress homePostalAddress
ShibMapAttribute urn:mace:dir:attribute-def:mail Shib-LDAP-mail mail
ShibMapAttribute urn:mace:dir:attribute-def:mobile Shib-LDAP-mobile mobile
ShibMapAttribute urn:mace:dir:attribute-def:preferredLanguage Shib-LDAP-preferredLanguage preferredLanguage
#
ShibMapAttribute urn:mace:dir:attribute-def:eduPersonPrincipalName Shib-EP-PrincipalName eppn
ShibMapAttribute urn:mace:dir:attribute-def:eduPersonAffiliation Shib-EP-Affiliation affiliation
ShibMapAttribute urn:mace:dir:attribute-def:eduPersonScopedAffiliation Shib-EP-ScopedAffiliation scopedAffiliation
ShibMapAttribute urn:mace:dir:attribute-def:eduPersonEntitlement Shib-EP-Entitlement entitlement
ShibMapAttribute urn:mace:dir:attribute-def:eduPersonOrgDN Shib-EP-OrgDN orgDN
ShibMapAttribute urn:mace:dir:attribute-def:eduPersonOrgUnitDN Shib-EP-OrgUnitDN orgUnitDN
#
ShibMapAttribute urn:mace:switch.ch:attribute-def:swissEduPersonUniqueID Shib-SwissEP-UniqueID uniqueID
ShibMapAttribute urn:mace:switch.ch:attribute-def:swissEduPersonDateOfBirth Shib-SwissEP-DateOfBirth dateOfBirth
ShibMapAttribute urn:mace:switch.ch:attribute-def:swissEduPersonGender Shib-SwissEP-Gender gender
ShibMapAttribute urn:mace:switch.ch:attribute-def:swissEduPersonHomeOrganization Shib-SwissEP-HomeOrganization homeOrganization
ShibMapAttribute urn:mace:switch.ch:attribute-def:swissEduPersonHomeOrganizationType Shib-SwissEP-HomeOrganizationType homeOrganizationType
ShibMapAttribute urn:mace:switch.ch:attribute-def:swissEduPersonStudyBranch1 Shib-SwissEP-StudyBranch1 studyBranch1
ShibMapAttribute urn:mace:switch.ch:attribute-def:swissEduPersonStudyBranch2 Shib-SwissEP-StudyBranch2 studyBranch2
ShibMapAttribute urn:mace:switch.ch:attribute-def:swissEduPersonStudyBranch3 Shib-SwissEP-StudyBranch3 studyBranch3
ShibMapAttribute urn:mace:switch.ch:attribute-def:swissEduPersonStudyLevel Shib-SwissEP-StudyLevel studyLevel
ShibMapAttribute urn:mace:switch.ch:attribute-def:swissEduPersonStaffCategory Shib-SwissEP-StaffCategory staffCategory
*/
?>

View File

@ -0,0 +1,19 @@
<?php
$attributemap = array(
// See http://developer.linkedin.com/docs/DOC-1061 for LinkedIn Profile fields.
// NB: JSON response requires the conversion of field names from hyphened to camelCase.
// For instance, first-name becomes firstName.
// Generated LinkedIn Attributes
'linkedin_user' => 'eduPersonPrincipalName', // id @ linkedin.com
'linkedin_targetedID' => 'eduPersonTargetedID', // http://linkedin.com!id
// Attributes Returned by LinkedIn
'linkedin.firstName' => 'givenName',
'linkedin.lastName' => 'sn',
'linkedin.id' => 'uid', // alpha + mixed case user id
//'linkedin.pictureUrl' => 'jpegPhoto', // URL not image data
'linkedin.headline' => 'title',
'linkedin.summary' => 'description',
);

View File

@ -0,0 +1,18 @@
<?php
$attributemap = array(
// See http://developerwiki.myspace.com/index.php?title=People_API for attributes
// Generated MySpace Attributes
'myspace_user' => 'eduPersonPrincipalName', // username OR uid @ myspace.com
'myspace_targetedID' => 'eduPersonTargetedID', // http://myspace.com!uid
'myspace_username' => 'uid', // myspace username (maybe numeric uid)
//'myspace_uid' => 'uid', // numeric myspace user id
// Attributes Returned by MySpace
'myspace.name.givenName' => 'givenName',
'myspace.name.familyName' => 'sn',
'myspace.displayName' => 'displayName',
//'myspace.thumbnailUrl' => 'jpegPhoto', // URL not image data
'myspace.profileUrl' => 'labeledURI',
);

View File

@ -0,0 +1,166 @@
<?php
$attributemap = array(
'aRecord' => 'urn:oid:0.9.2342.19200300.100.1.26',
'aliasedEntryName' => 'urn:oid:2.5.4.1',
'aliasedObjectName' => 'urn:oid:2.5.4.1',
'associatedDomain' => 'urn:oid:0.9.2342.19200300.100.1.37',
'associatedName' => 'urn:oid:0.9.2342.19200300.100.1.38',
'audio' => 'urn:oid:0.9.2342.19200300.100.1.55',
'authorityRevocationList' => 'urn:oid:2.5.4.38',
'buildingName' => 'urn:oid:0.9.2342.19200300.100.1.48',
'businessCategory' => 'urn:oid:2.5.4.15',
'c' => 'urn:oid:2.5.4.6',
'cACertificate' => 'urn:oid:2.5.4.37',
'cNAMERecord' => 'urn:oid:0.9.2342.19200300.100.1.31',
'carLicense' => 'urn:oid:2.16.840.1.113730.3.1.1',
'certificateRevocationList' => 'urn:oid:2.5.4.39',
'cn' => 'urn:oid:2.5.4.3',
'co' => 'urn:oid:0.9.2342.19200300.100.1.43',
'commonName' => 'urn:oid:2.5.4.3',
'countryName' => 'urn:oid:2.5.4.6',
'crossCertificatePair' => 'urn:oid:2.5.4.40',
'dITRedirect' => 'urn:oid:0.9.2342.19200300.100.1.54',
'dSAQuality' => 'urn:oid:0.9.2342.19200300.100.1.49',
'dc' => 'urn:oid:0.9.2342.19200300.100.1.25',
'deltaRevocationList' => 'urn:oid:2.5.4.53',
'departmentNumber' => 'urn:oid:2.16.840.1.113730.3.1.2',
'description' => 'urn:oid:2.5.4.13',
'destinationIndicator' => 'urn:oid:2.5.4.27',
'displayName' => 'urn:oid:2.16.840.1.113730.3.1.241',
'distinguishedName' => 'urn:oid:2.5.4.49',
'dmdName' => 'urn:oid:2.5.4.54',
'dnQualifier' => 'urn:oid:2.5.4.46',
'documentAuthor' => 'urn:oid:0.9.2342.19200300.100.1.14',
'documentIdentifier' => 'urn:oid:0.9.2342.19200300.100.1.11',
'documentLocation' => 'urn:oid:0.9.2342.19200300.100.1.15',
'documentPublisher' => 'urn:oid:0.9.2342.19200300.100.1.56',
'documentTitle' => 'urn:oid:0.9.2342.19200300.100.1.12',
'documentVersion' => 'urn:oid:0.9.2342.19200300.100.1.13',
'domainComponent' => 'urn:oid:0.9.2342.19200300.100.1.25',
'drink' => 'urn:oid:0.9.2342.19200300.100.1.5',
'eduOrgHomePageURI' => 'urn:oid:1.3.6.1.4.1.5923.1.2.1.2',
'eduOrgIdentityAuthNPolicyURI' => 'urn:oid:1.3.6.1.4.1.5923.1.2.1.3',
'eduOrgLegalName' => 'urn:oid:1.3.6.1.4.1.5923.1.2.1.4',
'eduOrgSuperiorURI' => 'urn:oid:1.3.6.1.4.1.5923.1.2.1.5',
'eduOrgWhitePagesURI' => 'urn:oid:1.3.6.1.4.1.5923.1.2.1.6',
'eduPersonAffiliation' => 'urn:oid:1.3.6.1.4.1.5923.1.1.1.1',
'eduPersonEntitlement' => 'urn:oid:1.3.6.1.4.1.5923.1.1.1.7',
'eduPersonNickname' => 'urn:oid:1.3.6.1.4.1.5923.1.1.1.2',
'eduPersonOrgDN' => 'urn:oid:1.3.6.1.4.1.5923.1.1.1.3',
'eduPersonOrgUnitDN' => 'urn:oid:1.3.6.1.4.1.5923.1.1.1.4',
'eduPersonPrimaryAffiliation' => 'urn:oid:1.3.6.1.4.1.5923.1.1.1.5',
'eduPersonPrimaryOrgUnitDN' => 'urn:oid:1.3.6.1.4.1.5923.1.1.1.8',
'eduPersonPrincipalName' => 'urn:oid:1.3.6.1.4.1.5923.1.1.1.6',
'eduPersonScopedAffiliation' => 'urn:oid:1.3.6.1.4.1.5923.1.1.1.9',
'eduPersonTargetedID' => 'urn:oid:1.3.6.1.4.1.5923.1.1.1.10',
'email' => 'urn:oid:1.2.840.113549.1.9.1',
'emailAddress' => 'urn:oid:1.2.840.113549.1.9.1',
'employeeNumber' => 'urn:oid:2.16.840.1.113730.3.1.3',
'employeeType' => 'urn:oid:2.16.840.1.113730.3.1.4',
'enhancedSearchGuide' => 'urn:oid:2.5.4.47',
'facsimileTelephoneNumber' => 'urn:oid:2.5.4.23',
'favouriteDrink' => 'urn:oid:0.9.2342.19200300.100.1.5',
'fax' => 'urn:oid:2.5.4.23',
'federationFeideSchemaVersion' => 'urn:oid:1.3.6.1.4.1.2428.90.1.9',
'friendlyCountryName' => 'urn:oid:0.9.2342.19200300.100.1.43',
'generationQualifier' => 'urn:oid:2.5.4.44',
'givenName' => 'urn:oid:2.5.4.42',
'gn' => 'urn:oid:2.5.4.42',
'homePhone' => 'urn:oid:0.9.2342.19200300.100.1.20',
'homePostalAddress' => 'urn:oid:0.9.2342.19200300.100.1.39',
'homeTelephoneNumber' => 'urn:oid:0.9.2342.19200300.100.1.20',
'host' => 'urn:oid:0.9.2342.19200300.100.1.9',
'houseIdentifier' => 'urn:oid:2.5.4.51',
'info' => 'urn:oid:0.9.2342.19200300.100.1.4',
'initials' => 'urn:oid:2.5.4.43',
'internationaliSDNNumber' => 'urn:oid:2.5.4.25',
'isMemberOf' => 'urn:oid:1.3.6.1.4.1.5923.1.5.1.1',
'janetMailbox' => 'urn:oid:0.9.2342.19200300.100.1.46',
'jpegPhoto' => 'urn:oid:0.9.2342.19200300.100.1.60',
'knowledgeInformation' => 'urn:oid:2.5.4.2',
'l' => 'urn:oid:2.5.4.7',
'labeledURI' => 'urn:oid:1.3.6.1.4.1.250.1.57',
'localityName' => 'urn:oid:2.5.4.7',
'mDRecord' => 'urn:oid:0.9.2342.19200300.100.1.27',
'mXRecord' => 'urn:oid:0.9.2342.19200300.100.1.28',
'mail' => 'urn:oid:0.9.2342.19200300.100.1.3',
'mailPreferenceOption' => 'urn:oid:0.9.2342.19200300.100.1.47',
'manager' => 'urn:oid:0.9.2342.19200300.100.1.10',
'member' => 'urn:oid:2.5.4.31',
'mobile' => 'urn:oid:0.9.2342.19200300.100.1.41',
'mobileTelephoneNumber' => 'urn:oid:0.9.2342.19200300.100.1.41',
'nSRecord' => 'urn:oid:0.9.2342.19200300.100.1.29',
'name' => 'urn:oid:2.5.4.41',
'norEduOrgAcronym' => 'urn:oid:1.3.6.1.4.1.2428.90.1.6',
'norEduOrgNIN' => 'urn:oid:1.3.6.1.4.1.2428.90.1.12',
'norEduOrgSchemaVersion' => 'urn:oid:1.3.6.1.4.1.2428.90.1.11',
'norEduOrgUniqueIdentifier' => 'urn:oid:1.3.6.1.4.1.2428.90.1.7',
'norEduOrgUniqueNumber' => 'urn:oid:1.3.6.1.4.1.2428.90.1.1',
'norEduOrgUnitUniqueIdentifier' => 'urn:oid:1.3.6.1.4.1.2428.90.1.8',
'norEduOrgUnitUniqueNumber' => 'urn:oid:1.3.6.1.4.1.2428.90.1.2',
'norEduPersonBirthDate' => 'urn:oid:1.3.6.1.4.1.2428.90.1.3',
'norEduPersonLIN' => 'urn:oid:1.3.6.1.4.1.2428.90.1.4',
'norEduPersonNIN' => 'urn:oid:1.3.6.1.4.1.2428.90.1.5',
'o' => 'urn:oid:2.5.4.10',
'objectClass' => 'urn:oid:2.5.4.0',
'organizationName' => 'urn:oid:2.5.4.10',
'organizationalStatus' => 'urn:oid:0.9.2342.19200300.100.1.45',
'organizationalUnitName' => 'urn:oid:2.5.4.11',
'otherMailbox' => 'urn:oid:0.9.2342.19200300.100.1.22',
'ou' => 'urn:oid:2.5.4.11',
'owner' => 'urn:oid:2.5.4.32',
'pager' => 'urn:oid:0.9.2342.19200300.100.1.42',
'pagerTelephoneNumber' => 'urn:oid:0.9.2342.19200300.100.1.42',
'personalSignature' => 'urn:oid:0.9.2342.19200300.100.1.53',
'personalTitle' => 'urn:oid:0.9.2342.19200300.100.1.40',
'photo' => 'urn:oid:0.9.2342.19200300.100.1.7',
'physicalDeliveryOfficeName' => 'urn:oid:2.5.4.19',
'pkcs9email' => 'urn:oid:1.2.840.113549.1.9.1',
'postOfficeBox' => 'urn:oid:2.5.4.18',
'postalAddress' => 'urn:oid:2.5.4.16',
'postalCode' => 'urn:oid:2.5.4.17',
'preferredDeliveryMethod' => 'urn:oid:2.5.4.28',
'preferredLanguage' => 'urn:oid:2.16.840.1.113730.3.1.39',
'presentationAddress' => 'urn:oid:2.5.4.29',
'protocolInformation' => 'urn:oid:2.5.4.48',
'pseudonym' => 'urn:oid:2.5.4.65',
'registeredAddress' => 'urn:oid:2.5.4.26',
'rfc822Mailbox' => 'urn:oid:0.9.2342.19200300.100.1.3',
'roleOccupant' => 'urn:oid:2.5.4.33',
'roomNumber' => 'urn:oid:0.9.2342.19200300.100.1.6',
'sOARecord' => 'urn:oid:0.9.2342.19200300.100.1.30',
'searchGuide' => 'urn:oid:2.5.4.14',
'secretary' => 'urn:oid:0.9.2342.19200300.100.1.21',
'seeAlso' => 'urn:oid:2.5.4.34',
'serialNumber' => 'urn:oid:2.5.4.5',
'singleLevelQuality' => 'urn:oid:0.9.2342.19200300.100.1.50',
'sn' => 'urn:oid:2.5.4.4',
'st' => 'urn:oid:2.5.4.8',
'stateOrProvinceName' => 'urn:oid:2.5.4.8',
'street' => 'urn:oid:2.5.4.9',
'streetAddress' => 'urn:oid:2.5.4.9',
'subtreeMaximumQuality' => 'urn:oid:0.9.2342.19200300.100.1.52',
'subtreeMinimumQuality' => 'urn:oid:0.9.2342.19200300.100.1.51',
'supportedAlgorithms' => 'urn:oid:2.5.4.52',
'supportedApplicationContext' => 'urn:oid:2.5.4.30',
'surname' => 'urn:oid:2.5.4.4',
'telephoneNumber' => 'urn:oid:2.5.4.20',
'teletexTerminalIdentifier' => 'urn:oid:2.5.4.22',
'telexNumber' => 'urn:oid:2.5.4.21',
'textEncodedORAddress' => 'urn:oid:0.9.2342.19200300.100.1.2',
'title' => 'urn:oid:2.5.4.12',
'uid' => 'urn:oid:0.9.2342.19200300.100.1.1',
'uniqueIdentifier' => 'urn:oid:0.9.2342.19200300.100.1.44',
'uniqueMember' => 'urn:oid:2.5.4.50',
'userCertificate' => 'urn:oid:2.5.4.36',
'userClass' => 'urn:oid:0.9.2342.19200300.100.1.8',
'userPKCS12' => 'urn:oid:2.16.840.1.113730.3.1.216',
'userPassword' => 'urn:oid:2.5.4.35',
'userSMIMECertificate' => 'urn:oid:2.16.840.1.113730.3.1.40',
'userid' => 'urn:oid:0.9.2342.19200300.100.1.1',
'x121Address' => 'urn:oid:2.5.4.24',
'x500UniqueIdentifier' => 'urn:oid:2.5.4.45',
'schacHomeOrganization' => 'urn:oid:1.3.6.1.4.1.25178.1.2.9',
'schacPersonalUniqueCode' => 'urn:oid:1.3.6.1.4.1.25178.1.2.14',
);
?>

View File

@ -0,0 +1,163 @@
<?php
$attributemap = array(
'aRecord' => 'urn:mace:dir:attribute-def:aRecord',
'aliasedEntryName' => 'urn:mace:dir:attribute-def:aliasedEntryName',
'aliasedObjectName' => 'urn:mace:dir:attribute-def:aliasedObjectName',
'associatedDomain' => 'urn:mace:dir:attribute-def:associatedDomain',
'associatedName' => 'urn:mace:dir:attribute-def:associatedName',
'audio' => 'urn:mace:dir:attribute-def:audio',
'authorityRevocationList' => 'urn:mace:dir:attribute-def:authorityRevocationList',
'buildingName' => 'urn:mace:dir:attribute-def:buildingName',
'businessCategory' => 'urn:mace:dir:attribute-def:businessCategory',
'c' => 'urn:mace:dir:attribute-def:c',
'cACertificate' => 'urn:mace:dir:attribute-def:cACertificate',
'cNAMERecord' => 'urn:mace:dir:attribute-def:cNAMERecord',
'carLicense' => 'urn:mace:dir:attribute-def:carLicense',
'certificateRevocationList' => 'urn:mace:dir:attribute-def:certificateRevocationList',
'cn' => 'urn:mace:dir:attribute-def:cn',
'co' => 'urn:mace:dir:attribute-def:co',
'commonName' => 'urn:mace:dir:attribute-def:commonName',
'countryName' => 'urn:mace:dir:attribute-def:countryName',
'crossCertificatePair' => 'urn:mace:dir:attribute-def:crossCertificatePair',
'dITRedirect' => 'urn:mace:dir:attribute-def:dITRedirect',
'dSAQuality' => 'urn:mace:dir:attribute-def:dSAQuality',
'dc' => 'urn:mace:dir:attribute-def:dc',
'deltaRevocationList' => 'urn:mace:dir:attribute-def:deltaRevocationList',
'departmentNumber' => 'urn:mace:dir:attribute-def:departmentNumber',
'description' => 'urn:mace:dir:attribute-def:description',
'destinationIndicator' => 'urn:mace:dir:attribute-def:destinationIndicator',
'displayName' => 'urn:mace:dir:attribute-def:displayName',
'distinguishedName' => 'urn:mace:dir:attribute-def:distinguishedName',
'dmdName' => 'urn:mace:dir:attribute-def:dmdName',
'dnQualifier' => 'urn:mace:dir:attribute-def:dnQualifier',
'documentAuthor' => 'urn:mace:dir:attribute-def:documentAuthor',
'documentIdentifier' => 'urn:mace:dir:attribute-def:documentIdentifier',
'documentLocation' => 'urn:mace:dir:attribute-def:documentLocation',
'documentPublisher' => 'urn:mace:dir:attribute-def:documentPublisher',
'documentTitle' => 'urn:mace:dir:attribute-def:documentTitle',
'documentVersion' => 'urn:mace:dir:attribute-def:documentVersion',
'domainComponent' => 'urn:mace:dir:attribute-def:domainComponent',
'drink' => 'urn:mace:dir:attribute-def:drink',
'eduOrgHomePageURI' => 'urn:mace:dir:attribute-def:eduOrgHomePageURI',
'eduOrgIdentityAuthNPolicyURI' => 'urn:mace:dir:attribute-def:eduOrgIdentityAuthNPolicyURI',
'eduOrgLegalName' => 'urn:mace:dir:attribute-def:eduOrgLegalName',
'eduOrgSuperiorURI' => 'urn:mace:dir:attribute-def:eduOrgSuperiorURI',
'eduOrgWhitePagesURI' => 'urn:mace:dir:attribute-def:eduOrgWhitePagesURI',
'eduPersonAffiliation' => 'urn:mace:dir:attribute-def:eduPersonAffiliation',
'eduPersonEntitlement' => 'urn:mace:dir:attribute-def:eduPersonEntitlement',
'eduPersonNickname' => 'urn:mace:dir:attribute-def:eduPersonNickname',
'eduPersonOrgDN' => 'urn:mace:dir:attribute-def:eduPersonOrgDN',
'eduPersonOrgUnitDN' => 'urn:mace:dir:attribute-def:eduPersonOrgUnitDN',
'eduPersonPrimaryAffiliation' => 'urn:mace:dir:attribute-def:eduPersonPrimaryAffiliation',
'eduPersonPrimaryOrgUnitDN' => 'urn:mace:dir:attribute-def:eduPersonPrimaryOrgUnitDN',
'eduPersonPrincipalName' => 'urn:mace:dir:attribute-def:eduPersonPrincipalName',
'eduPersonScopedAffiliation' => 'urn:mace:dir:attribute-def:eduPersonScopedAffiliation',
'eduPersonTargetedID' => 'urn:mace:dir:attribute-def:eduPersonTargetedID',
'email' => 'urn:mace:dir:attribute-def:email',
'emailAddress' => 'urn:mace:dir:attribute-def:emailAddress',
'employeeNumber' => 'urn:mace:dir:attribute-def:employeeNumber',
'employeeType' => 'urn:mace:dir:attribute-def:employeeType',
'enhancedSearchGuide' => 'urn:mace:dir:attribute-def:enhancedSearchGuide',
'facsimileTelephoneNumber' => 'urn:mace:dir:attribute-def:facsimileTelephoneNumber',
'favouriteDrink' => 'urn:mace:dir:attribute-def:favouriteDrink',
'fax' => 'urn:mace:dir:attribute-def:fax',
'federationFeideSchemaVersion' => 'urn:mace:dir:attribute-def:federationFeideSchemaVersion',
'friendlyCountryName' => 'urn:mace:dir:attribute-def:friendlyCountryName',
'generationQualifier' => 'urn:mace:dir:attribute-def:generationQualifier',
'givenName' => 'urn:mace:dir:attribute-def:givenName',
'gn' => 'urn:mace:dir:attribute-def:gn',
'homePhone' => 'urn:mace:dir:attribute-def:homePhone',
'homePostalAddress' => 'urn:mace:dir:attribute-def:homePostalAddress',
'homeTelephoneNumber' => 'urn:mace:dir:attribute-def:homeTelephoneNumber',
'host' => 'urn:mace:dir:attribute-def:host',
'houseIdentifier' => 'urn:mace:dir:attribute-def:houseIdentifier',
'info' => 'urn:mace:dir:attribute-def:info',
'initials' => 'urn:mace:dir:attribute-def:initials',
'internationaliSDNNumber' => 'urn:mace:dir:attribute-def:internationaliSDNNumber',
'janetMailbox' => 'urn:mace:dir:attribute-def:janetMailbox',
'jpegPhoto' => 'urn:mace:dir:attribute-def:jpegPhoto',
'knowledgeInformation' => 'urn:mace:dir:attribute-def:knowledgeInformation',
'l' => 'urn:mace:dir:attribute-def:l',
'labeledURI' => 'urn:mace:dir:attribute-def:labeledURI',
'localityName' => 'urn:mace:dir:attribute-def:localityName',
'mDRecord' => 'urn:mace:dir:attribute-def:mDRecord',
'mXRecord' => 'urn:mace:dir:attribute-def:mXRecord',
'mail' => 'urn:mace:dir:attribute-def:mail',
'mailPreferenceOption' => 'urn:mace:dir:attribute-def:mailPreferenceOption',
'manager' => 'urn:mace:dir:attribute-def:manager',
'member' => 'urn:mace:dir:attribute-def:member',
'mobile' => 'urn:mace:dir:attribute-def:mobile',
'mobileTelephoneNumber' => 'urn:mace:dir:attribute-def:mobileTelephoneNumber',
'nSRecord' => 'urn:mace:dir:attribute-def:nSRecord',
'name' => 'urn:mace:dir:attribute-def:name',
'norEduOrgAcronym' => 'urn:mace:dir:attribute-def:norEduOrgAcronym',
'norEduOrgNIN' => 'urn:mace:dir:attribute-def:norEduOrgNIN',
'norEduOrgSchemaVersion' => 'urn:mace:dir:attribute-def:norEduOrgSchemaVersion',
'norEduOrgUniqueIdentifier' => 'urn:mace:dir:attribute-def:norEduOrgUniqueIdentifier',
'norEduOrgUniqueNumber' => 'urn:mace:dir:attribute-def:norEduOrgUniqueNumber',
'norEduOrgUnitUniqueIdentifier' => 'urn:mace:dir:attribute-def:norEduOrgUnitUniqueIdentifier',
'norEduOrgUnitUniqueNumber' => 'urn:mace:dir:attribute-def:norEduOrgUnitUniqueNumber',
'norEduPersonBirthDate' => 'urn:mace:dir:attribute-def:norEduPersonBirthDate',
'norEduPersonLIN' => 'urn:mace:dir:attribute-def:norEduPersonLIN',
'norEduPersonNIN' => 'urn:mace:dir:attribute-def:norEduPersonNIN',
'o' => 'urn:mace:dir:attribute-def:o',
'objectClass' => 'urn:mace:dir:attribute-def:objectClass',
'organizationName' => 'urn:mace:dir:attribute-def:organizationName',
'organizationalStatus' => 'urn:mace:dir:attribute-def:organizationalStatus',
'organizationalUnitName' => 'urn:mace:dir:attribute-def:organizationalUnitName',
'otherMailbox' => 'urn:mace:dir:attribute-def:otherMailbox',
'ou' => 'urn:mace:dir:attribute-def:ou',
'owner' => 'urn:mace:dir:attribute-def:owner',
'pager' => 'urn:mace:dir:attribute-def:pager',
'pagerTelephoneNumber' => 'urn:mace:dir:attribute-def:pagerTelephoneNumber',
'personalSignature' => 'urn:mace:dir:attribute-def:personalSignature',
'personalTitle' => 'urn:mace:dir:attribute-def:personalTitle',
'photo' => 'urn:mace:dir:attribute-def:photo',
'physicalDeliveryOfficeName' => 'urn:mace:dir:attribute-def:physicalDeliveryOfficeName',
'pkcs9email' => 'urn:mace:dir:attribute-def:pkcs9email',
'postOfficeBox' => 'urn:mace:dir:attribute-def:postOfficeBox',
'postalAddress' => 'urn:mace:dir:attribute-def:postalAddress',
'postalCode' => 'urn:mace:dir:attribute-def:postalCode',
'preferredDeliveryMethod' => 'urn:mace:dir:attribute-def:preferredDeliveryMethod',
'preferredLanguage' => 'urn:mace:dir:attribute-def:preferredLanguage',
'presentationAddress' => 'urn:mace:dir:attribute-def:presentationAddress',
'protocolInformation' => 'urn:mace:dir:attribute-def:protocolInformation',
'pseudonym' => 'urn:mace:dir:attribute-def:pseudonym',
'registeredAddress' => 'urn:mace:dir:attribute-def:registeredAddress',
'rfc822Mailbox' => 'urn:mace:dir:attribute-def:rfc822Mailbox',
'roleOccupant' => 'urn:mace:dir:attribute-def:roleOccupant',
'roomNumber' => 'urn:mace:dir:attribute-def:roomNumber',
'sOARecord' => 'urn:mace:dir:attribute-def:sOARecord',
'searchGuide' => 'urn:mace:dir:attribute-def:searchGuide',
'secretary' => 'urn:mace:dir:attribute-def:secretary',
'seeAlso' => 'urn:mace:dir:attribute-def:seeAlso',
'serialNumber' => 'urn:mace:dir:attribute-def:serialNumber',
'singleLevelQuality' => 'urn:mace:dir:attribute-def:singleLevelQuality',
'sn' => 'urn:mace:dir:attribute-def:sn',
'st' => 'urn:mace:dir:attribute-def:st',
'stateOrProvinceName' => 'urn:mace:dir:attribute-def:stateOrProvinceName',
'street' => 'urn:mace:dir:attribute-def:street',
'streetAddress' => 'urn:mace:dir:attribute-def:streetAddress',
'subtreeMaximumQuality' => 'urn:mace:dir:attribute-def:subtreeMaximumQuality',
'subtreeMinimumQuality' => 'urn:mace:dir:attribute-def:subtreeMinimumQuality',
'supportedAlgorithms' => 'urn:mace:dir:attribute-def:supportedAlgorithms',
'supportedApplicationContext' => 'urn:mace:dir:attribute-def:supportedApplicationContext',
'surname' => 'urn:mace:dir:attribute-def:surname',
'telephoneNumber' => 'urn:mace:dir:attribute-def:telephoneNumber',
'teletexTerminalIdentifier' => 'urn:mace:dir:attribute-def:teletexTerminalIdentifier',
'telexNumber' => 'urn:mace:dir:attribute-def:telexNumber',
'textEncodedORAddress' => 'urn:mace:dir:attribute-def:textEncodedORAddress',
'title' => 'urn:mace:dir:attribute-def:title',
'uid' => 'urn:mace:dir:attribute-def:uid',
'uniqueIdentifier' => 'urn:mace:dir:attribute-def:uniqueIdentifier',
'uniqueMember' => 'urn:mace:dir:attribute-def:uniqueMember',
'userCertificate' => 'urn:mace:dir:attribute-def:userCertificate',
'userClass' => 'urn:mace:dir:attribute-def:userClass',
'userPKCS12' => 'urn:mace:dir:attribute-def:userPKCS12',
'userPassword' => 'urn:mace:dir:attribute-def:userPassword',
'userSMIMECertificate' => 'urn:mace:dir:attribute-def:userSMIMECertificate',
'userid' => 'urn:mace:dir:attribute-def:userid',
'x121Address' => 'urn:mace:dir:attribute-def:x121Address',
'x500UniqueIdentifier' => 'urn:mace:dir:attribute-def:x500UniqueIdentifier',
);
?>

View File

@ -0,0 +1,14 @@
<?php
$attributemap = array(
'urn:oid:0.9.2342.19200300.100.1.41' => 'mobile',
'urn:oid:1.3.6.1.4.1.5923.1.1.1.6' => 'eduPersonPrincipalName',
'urn:oid:0.9.2342.19200300.100.1.3' => 'mail',
'urn:oid:2.5.4.3' => 'cn',
'urn:oid:2.16.840.1.113730.3.1.241' => 'displayName',
'urn:oid:2.5.4.4' => 'sn',
'urn:oid:2.5.4.42' => 'givenName',
'urn:oid:2.16.756.1.2.5.1.1.1' => 'eduPerson',
);
?>

View File

@ -0,0 +1,145 @@
<?php
$attributemap = array(
'urn:oid:0.9.2342.19200300.100.1.1' => 'uid',
'urn:oid:0.9.2342.19200300.100.1.10' => 'manager',
'urn:oid:0.9.2342.19200300.100.1.11' => 'documentIdentifier',
'urn:oid:0.9.2342.19200300.100.1.12' => 'documentTitle',
'urn:oid:0.9.2342.19200300.100.1.13' => 'documentVersion',
'urn:oid:0.9.2342.19200300.100.1.14' => 'documentAuthor',
'urn:oid:0.9.2342.19200300.100.1.15' => 'documentLocation',
'urn:oid:0.9.2342.19200300.100.1.2' => 'textEncodedORAddress',
'urn:oid:0.9.2342.19200300.100.1.20' => 'homePhone',
'urn:oid:0.9.2342.19200300.100.1.21' => 'secretary',
'urn:oid:0.9.2342.19200300.100.1.22' => 'otherMailbox',
'urn:oid:0.9.2342.19200300.100.1.25' => 'dc',
'urn:oid:0.9.2342.19200300.100.1.26' => 'aRecord',
'urn:oid:0.9.2342.19200300.100.1.27' => 'mDRecord',
'urn:oid:0.9.2342.19200300.100.1.28' => 'mXRecord',
'urn:oid:0.9.2342.19200300.100.1.29' => 'nSRecord',
'urn:oid:0.9.2342.19200300.100.1.3' => 'mail',
'urn:oid:0.9.2342.19200300.100.1.30' => 'sOARecord',
'urn:oid:0.9.2342.19200300.100.1.31' => 'cNAMERecord',
'urn:oid:0.9.2342.19200300.100.1.37' => 'associatedDomain',
'urn:oid:0.9.2342.19200300.100.1.38' => 'associatedName',
'urn:oid:0.9.2342.19200300.100.1.39' => 'homePostalAddress',
'urn:oid:0.9.2342.19200300.100.1.4' => 'info',
'urn:oid:0.9.2342.19200300.100.1.40' => 'personalTitle',
'urn:oid:0.9.2342.19200300.100.1.41' => 'mobile',
'urn:oid:0.9.2342.19200300.100.1.42' => 'pager',
'urn:oid:0.9.2342.19200300.100.1.43' => 'co',
'urn:oid:0.9.2342.19200300.100.1.44' => 'uniqueIdentifier',
'urn:oid:0.9.2342.19200300.100.1.45' => 'organizationalStatus',
'urn:oid:0.9.2342.19200300.100.1.46' => 'janetMailbox',
'urn:oid:0.9.2342.19200300.100.1.47' => 'mailPreferenceOption',
'urn:oid:0.9.2342.19200300.100.1.48' => 'buildingName',
'urn:oid:0.9.2342.19200300.100.1.49' => 'dSAQuality',
'urn:oid:0.9.2342.19200300.100.1.5' => 'drink',
'urn:oid:0.9.2342.19200300.100.1.50' => 'singleLevelQuality',
'urn:oid:0.9.2342.19200300.100.1.51' => 'subtreeMinimumQuality',
'urn:oid:0.9.2342.19200300.100.1.52' => 'subtreeMaximumQuality',
'urn:oid:0.9.2342.19200300.100.1.53' => 'personalSignature',
'urn:oid:0.9.2342.19200300.100.1.54' => 'dITRedirect',
'urn:oid:0.9.2342.19200300.100.1.55' => 'audio',
'urn:oid:0.9.2342.19200300.100.1.56' => 'documentPublisher',
'urn:oid:0.9.2342.19200300.100.1.6' => 'roomNumber',
'urn:oid:0.9.2342.19200300.100.1.60' => 'jpegPhoto',
'urn:oid:0.9.2342.19200300.100.1.7' => 'photo',
'urn:oid:0.9.2342.19200300.100.1.8' => 'userClass',
'urn:oid:0.9.2342.19200300.100.1.9' => 'host',
'urn:oid:1.2.840.113549.1.9.1' => 'email',
'urn:oid:1.3.6.1.4.1.2428.90.1.1' => 'norEduOrgUniqueNumber',
'urn:oid:1.3.6.1.4.1.2428.90.1.11' => 'norEduOrgSchemaVersion',
'urn:oid:1.3.6.1.4.1.2428.90.1.12' => 'norEduOrgNIN',
'urn:oid:1.3.6.1.4.1.2428.90.1.2' => 'norEduOrgUnitUniqueNumber',
'urn:oid:1.3.6.1.4.1.2428.90.1.3' => 'norEduPersonBirthDate',
'urn:oid:1.3.6.1.4.1.2428.90.1.4' => 'norEduPersonLIN',
'urn:oid:1.3.6.1.4.1.2428.90.1.5' => 'norEduPersonNIN',
'urn:oid:1.3.6.1.4.1.2428.90.1.6' => 'norEduOrgAcronym',
'urn:oid:1.3.6.1.4.1.2428.90.1.7' => 'norEduOrgUniqueIdentifier',
'urn:oid:1.3.6.1.4.1.2428.90.1.8' => 'norEduOrgUnitUniqueIdentifier',
'urn:oid:1.3.6.1.4.1.2428.90.1.9' => 'federationFeideSchemaVersion',
'urn:oid:1.3.6.1.4.1.250.1.57' => 'labeledURI',
'urn:oid:1.3.6.1.4.1.5923.1.1.1.1' => 'eduPersonAffiliation',
'urn:oid:1.3.6.1.4.1.5923.1.1.1.10' => 'eduPersonTargetedID',
'urn:oid:1.3.6.1.4.1.5923.1.1.1.2' => 'eduPersonNickname',
'urn:oid:1.3.6.1.4.1.5923.1.1.1.3' => 'eduPersonOrgDN',
'urn:oid:1.3.6.1.4.1.5923.1.1.1.4' => 'eduPersonOrgUnitDN',
'urn:oid:1.3.6.1.4.1.5923.1.1.1.5' => 'eduPersonPrimaryAffiliation',
'urn:oid:1.3.6.1.4.1.5923.1.1.1.6' => 'eduPersonPrincipalName',
'urn:oid:1.3.6.1.4.1.5923.1.1.1.7' => 'eduPersonEntitlement',
'urn:oid:1.3.6.1.4.1.5923.1.1.1.8' => 'eduPersonPrimaryOrgUnitDN',
'urn:oid:1.3.6.1.4.1.5923.1.1.1.9' => 'eduPersonScopedAffiliation',
'urn:oid:1.3.6.1.4.1.5923.1.2.1.2' => 'eduOrgHomePageURI',
'urn:oid:1.3.6.1.4.1.5923.1.2.1.3' => 'eduOrgIdentityAuthNPolicyURI',
'urn:oid:1.3.6.1.4.1.5923.1.2.1.4' => 'eduOrgLegalName',
'urn:oid:1.3.6.1.4.1.5923.1.2.1.5' => 'eduOrgSuperiorURI',
'urn:oid:1.3.6.1.4.1.5923.1.2.1.6' => 'eduOrgWhitePagesURI',
'urn:oid:1.3.6.1.4.1.5923.1.5.1.1' => 'isMemberOf',
'urn:oid:2.16.840.1.113730.3.1.1' => 'carLicense',
'urn:oid:2.16.840.1.113730.3.1.2' => 'departmentNumber',
'urn:oid:2.16.840.1.113730.3.1.216' => 'userPKCS12',
'urn:oid:2.16.840.1.113730.3.1.241' => 'displayName',
'urn:oid:2.16.840.1.113730.3.1.3' => 'employeeNumber',
'urn:oid:2.16.840.1.113730.3.1.39' => 'preferredLanguage',
'urn:oid:2.16.840.1.113730.3.1.4' => 'employeeType',
'urn:oid:2.16.840.1.113730.3.1.40' => 'userSMIMECertificate',
'urn:oid:2.5.4.0' => 'objectClass',
'urn:oid:2.5.4.1' => 'aliasedObjectName',
'urn:oid:2.5.4.10' => 'o',
'urn:oid:2.5.4.11' => 'ou',
'urn:oid:2.5.4.12' => 'title',
'urn:oid:2.5.4.13' => 'description',
'urn:oid:2.5.4.14' => 'searchGuide',
'urn:oid:2.5.4.15' => 'businessCategory',
'urn:oid:2.5.4.16' => 'postalAddress',
'urn:oid:2.5.4.17' => 'postalCode',
'urn:oid:2.5.4.18' => 'postOfficeBox',
'urn:oid:2.5.4.19' => 'physicalDeliveryOfficeName',
'urn:oid:2.5.4.2' => 'knowledgeInformation',
'urn:oid:2.5.4.20' => 'telephoneNumber',
'urn:oid:2.5.4.21' => 'telexNumber',
'urn:oid:2.5.4.22' => 'teletexTerminalIdentifier',
'urn:oid:2.5.4.23' => 'facsimileTelephoneNumber',
'urn:oid:2.5.4.24' => 'x121Address',
'urn:oid:2.5.4.25' => 'internationaliSDNNumber',
'urn:oid:2.5.4.26' => 'registeredAddress',
'urn:oid:2.5.4.27' => 'destinationIndicator',
'urn:oid:2.5.4.28' => 'preferredDeliveryMethod',
'urn:oid:2.5.4.29' => 'presentationAddress',
'urn:oid:2.5.4.3' => 'cn',
'urn:oid:2.5.4.30' => 'supportedApplicationContext',
'urn:oid:2.5.4.31' => 'member',
'urn:oid:2.5.4.32' => 'owner',
'urn:oid:2.5.4.33' => 'roleOccupant',
'urn:oid:2.5.4.34' => 'seeAlso',
'urn:oid:2.5.4.35' => 'userPassword',
'urn:oid:2.5.4.36' => 'userCertificate',
'urn:oid:2.5.4.37' => 'cACertificate',
'urn:oid:2.5.4.38' => 'authorityRevocationList',
'urn:oid:2.5.4.39' => 'certificateRevocationList',
'urn:oid:2.5.4.4' => 'sn',
'urn:oid:2.5.4.40' => 'crossCertificatePair',
'urn:oid:2.5.4.41' => 'name',
'urn:oid:2.5.4.42' => 'givenName',
'urn:oid:2.5.4.43' => 'initials',
'urn:oid:2.5.4.44' => 'generationQualifier',
'urn:oid:2.5.4.45' => 'x500UniqueIdentifier',
'urn:oid:2.5.4.46' => 'dnQualifier',
'urn:oid:2.5.4.47' => 'enhancedSearchGuide',
'urn:oid:2.5.4.48' => 'protocolInformation',
'urn:oid:2.5.4.49' => 'distinguishedName',
'urn:oid:2.5.4.5' => 'serialNumber',
'urn:oid:2.5.4.50' => 'uniqueMember',
'urn:oid:2.5.4.51' => 'houseIdentifier',
'urn:oid:2.5.4.52' => 'supportedAlgorithms',
'urn:oid:2.5.4.53' => 'deltaRevocationList',
'urn:oid:2.5.4.54' => 'dmdName',
'urn:oid:2.5.4.6' => 'c',
'urn:oid:2.5.4.65' => 'pseudonym',
'urn:oid:2.5.4.7' => 'l',
'urn:oid:2.5.4.8' => 'st',
'urn:oid:2.5.4.9' => 'street',
'urn:oid:1.3.6.1.4.1.25178.1.2.9' => 'schacHomeOrganization',
'urn:oid:1.3.6.1.4.1.25178.1.2.14' => 'schacPersonalUniqueCode',
);
?>

View File

@ -0,0 +1,142 @@
<?php
$attributemap = array(
'urn:oid:0.9.2342.19200300.100.1.1' => 'urn:mace:dir:attribute-def:uid',
'urn:oid:0.9.2342.19200300.100.1.10' => 'urn:mace:dir:attribute-def:manager',
'urn:oid:0.9.2342.19200300.100.1.11' => 'urn:mace:dir:attribute-def:documentIdentifier',
'urn:oid:0.9.2342.19200300.100.1.12' => 'urn:mace:dir:attribute-def:documentTitle',
'urn:oid:0.9.2342.19200300.100.1.13' => 'urn:mace:dir:attribute-def:documentVersion',
'urn:oid:0.9.2342.19200300.100.1.14' => 'urn:mace:dir:attribute-def:documentAuthor',
'urn:oid:0.9.2342.19200300.100.1.15' => 'urn:mace:dir:attribute-def:documentLocation',
'urn:oid:0.9.2342.19200300.100.1.2' => 'urn:mace:dir:attribute-def:textEncodedORAddress',
'urn:oid:0.9.2342.19200300.100.1.20' => 'urn:mace:dir:attribute-def:homePhone',
'urn:oid:0.9.2342.19200300.100.1.21' => 'urn:mace:dir:attribute-def:secretary',
'urn:oid:0.9.2342.19200300.100.1.22' => 'urn:mace:dir:attribute-def:otherMailbox',
'urn:oid:0.9.2342.19200300.100.1.25' => 'urn:mace:dir:attribute-def:dc',
'urn:oid:0.9.2342.19200300.100.1.26' => 'urn:mace:dir:attribute-def:aRecord',
'urn:oid:0.9.2342.19200300.100.1.27' => 'urn:mace:dir:attribute-def:mDRecord',
'urn:oid:0.9.2342.19200300.100.1.28' => 'urn:mace:dir:attribute-def:mXRecord',
'urn:oid:0.9.2342.19200300.100.1.29' => 'urn:mace:dir:attribute-def:nSRecord',
'urn:oid:0.9.2342.19200300.100.1.3' => 'urn:mace:dir:attribute-def:mail',
'urn:oid:0.9.2342.19200300.100.1.30' => 'urn:mace:dir:attribute-def:sOARecord',
'urn:oid:0.9.2342.19200300.100.1.31' => 'urn:mace:dir:attribute-def:cNAMERecord',
'urn:oid:0.9.2342.19200300.100.1.37' => 'urn:mace:dir:attribute-def:associatedDomain',
'urn:oid:0.9.2342.19200300.100.1.38' => 'urn:mace:dir:attribute-def:associatedName',
'urn:oid:0.9.2342.19200300.100.1.39' => 'urn:mace:dir:attribute-def:homePostalAddress',
'urn:oid:0.9.2342.19200300.100.1.4' => 'urn:mace:dir:attribute-def:info',
'urn:oid:0.9.2342.19200300.100.1.40' => 'urn:mace:dir:attribute-def:personalTitle',
'urn:oid:0.9.2342.19200300.100.1.41' => 'urn:mace:dir:attribute-def:mobile',
'urn:oid:0.9.2342.19200300.100.1.42' => 'urn:mace:dir:attribute-def:pager',
'urn:oid:0.9.2342.19200300.100.1.43' => 'urn:mace:dir:attribute-def:co',
'urn:oid:0.9.2342.19200300.100.1.44' => 'urn:mace:dir:attribute-def:uniqueIdentifier',
'urn:oid:0.9.2342.19200300.100.1.45' => 'urn:mace:dir:attribute-def:organizationalStatus',
'urn:oid:0.9.2342.19200300.100.1.46' => 'urn:mace:dir:attribute-def:janetMailbox',
'urn:oid:0.9.2342.19200300.100.1.47' => 'urn:mace:dir:attribute-def:mailPreferenceOption',
'urn:oid:0.9.2342.19200300.100.1.48' => 'urn:mace:dir:attribute-def:buildingName',
'urn:oid:0.9.2342.19200300.100.1.49' => 'urn:mace:dir:attribute-def:dSAQuality',
'urn:oid:0.9.2342.19200300.100.1.5' => 'urn:mace:dir:attribute-def:drink',
'urn:oid:0.9.2342.19200300.100.1.50' => 'urn:mace:dir:attribute-def:singleLevelQuality',
'urn:oid:0.9.2342.19200300.100.1.51' => 'urn:mace:dir:attribute-def:subtreeMinimumQuality',
'urn:oid:0.9.2342.19200300.100.1.52' => 'urn:mace:dir:attribute-def:subtreeMaximumQuality',
'urn:oid:0.9.2342.19200300.100.1.53' => 'urn:mace:dir:attribute-def:personalSignature',
'urn:oid:0.9.2342.19200300.100.1.54' => 'urn:mace:dir:attribute-def:dITRedirect',
'urn:oid:0.9.2342.19200300.100.1.55' => 'urn:mace:dir:attribute-def:audio',
'urn:oid:0.9.2342.19200300.100.1.56' => 'urn:mace:dir:attribute-def:documentPublisher',
'urn:oid:0.9.2342.19200300.100.1.6' => 'urn:mace:dir:attribute-def:roomNumber',
'urn:oid:0.9.2342.19200300.100.1.60' => 'urn:mace:dir:attribute-def:jpegPhoto',
'urn:oid:0.9.2342.19200300.100.1.7' => 'urn:mace:dir:attribute-def:photo',
'urn:oid:0.9.2342.19200300.100.1.8' => 'urn:mace:dir:attribute-def:userClass',
'urn:oid:0.9.2342.19200300.100.1.9' => 'urn:mace:dir:attribute-def:host',
'urn:oid:1.2.840.113549.1.9.1' => 'urn:mace:dir:attribute-def:email',
'urn:oid:1.3.6.1.4.1.2428.90.1.1' => 'urn:mace:dir:attribute-def:norEduOrgUniqueNumber',
'urn:oid:1.3.6.1.4.1.2428.90.1.11' => 'urn:mace:dir:attribute-def:norEduOrgSchemaVersion',
'urn:oid:1.3.6.1.4.1.2428.90.1.12' => 'urn:mace:dir:attribute-def:norEduOrgNIN',
'urn:oid:1.3.6.1.4.1.2428.90.1.2' => 'urn:mace:dir:attribute-def:norEduOrgUnitUniqueNumber',
'urn:oid:1.3.6.1.4.1.2428.90.1.3' => 'urn:mace:dir:attribute-def:norEduPersonBirthDate',
'urn:oid:1.3.6.1.4.1.2428.90.1.4' => 'urn:mace:dir:attribute-def:norEduPersonLIN',
'urn:oid:1.3.6.1.4.1.2428.90.1.5' => 'urn:mace:dir:attribute-def:norEduPersonNIN',
'urn:oid:1.3.6.1.4.1.2428.90.1.6' => 'urn:mace:dir:attribute-def:norEduOrgAcronym',
'urn:oid:1.3.6.1.4.1.2428.90.1.7' => 'urn:mace:dir:attribute-def:norEduOrgUniqueIdentifier',
'urn:oid:1.3.6.1.4.1.2428.90.1.8' => 'urn:mace:dir:attribute-def:norEduOrgUnitUniqueIdentifier',
'urn:oid:1.3.6.1.4.1.2428.90.1.9' => 'urn:mace:dir:attribute-def:federationFeideSchemaVersion',
'urn:oid:1.3.6.1.4.1.250.1.57' => 'urn:mace:dir:attribute-def:labeledURI',
'urn:oid:1.3.6.1.4.1.5923.1.1.1.1' => 'urn:mace:dir:attribute-def:eduPersonAffiliation',
'urn:oid:1.3.6.1.4.1.5923.1.1.1.10' => 'urn:mace:dir:attribute-def:eduPersonTargetedID',
'urn:oid:1.3.6.1.4.1.5923.1.1.1.2' => 'urn:mace:dir:attribute-def:eduPersonNickname',
'urn:oid:1.3.6.1.4.1.5923.1.1.1.3' => 'urn:mace:dir:attribute-def:eduPersonOrgDN',
'urn:oid:1.3.6.1.4.1.5923.1.1.1.4' => 'urn:mace:dir:attribute-def:eduPersonOrgUnitDN',
'urn:oid:1.3.6.1.4.1.5923.1.1.1.5' => 'urn:mace:dir:attribute-def:eduPersonPrimaryAffiliation',
'urn:oid:1.3.6.1.4.1.5923.1.1.1.6' => 'urn:mace:dir:attribute-def:eduPersonPrincipalName',
'urn:oid:1.3.6.1.4.1.5923.1.1.1.7' => 'urn:mace:dir:attribute-def:eduPersonEntitlement',
'urn:oid:1.3.6.1.4.1.5923.1.1.1.8' => 'urn:mace:dir:attribute-def:eduPersonPrimaryOrgUnitDN',
'urn:oid:1.3.6.1.4.1.5923.1.1.1.9' => 'urn:mace:dir:attribute-def:eduPersonScopedAffiliation',
'urn:oid:1.3.6.1.4.1.5923.1.2.1.2' => 'urn:mace:dir:attribute-def:eduOrgHomePageURI',
'urn:oid:1.3.6.1.4.1.5923.1.2.1.3' => 'urn:mace:dir:attribute-def:eduOrgIdentityAuthNPolicyURI',
'urn:oid:1.3.6.1.4.1.5923.1.2.1.4' => 'urn:mace:dir:attribute-def:eduOrgLegalName',
'urn:oid:1.3.6.1.4.1.5923.1.2.1.5' => 'urn:mace:dir:attribute-def:eduOrgSuperiorURI',
'urn:oid:1.3.6.1.4.1.5923.1.2.1.6' => 'urn:mace:dir:attribute-def:eduOrgWhitePagesURI',
'urn:oid:2.16.840.1.113730.3.1.1' => 'urn:mace:dir:attribute-def:carLicense',
'urn:oid:2.16.840.1.113730.3.1.2' => 'urn:mace:dir:attribute-def:departmentNumber',
'urn:oid:2.16.840.1.113730.3.1.216' => 'urn:mace:dir:attribute-def:userPKCS12',
'urn:oid:2.16.840.1.113730.3.1.241' => 'urn:mace:dir:attribute-def:displayName',
'urn:oid:2.16.840.1.113730.3.1.3' => 'urn:mace:dir:attribute-def:employeeNumber',
'urn:oid:2.16.840.1.113730.3.1.39' => 'urn:mace:dir:attribute-def:preferredLanguage',
'urn:oid:2.16.840.1.113730.3.1.4' => 'urn:mace:dir:attribute-def:employeeType',
'urn:oid:2.16.840.1.113730.3.1.40' => 'urn:mace:dir:attribute-def:userSMIMECertificate',
'urn:oid:2.5.4.0' => 'urn:mace:dir:attribute-def:objectClass',
'urn:oid:2.5.4.1' => 'urn:mace:dir:attribute-def:aliasedObjectName',
'urn:oid:2.5.4.10' => 'urn:mace:dir:attribute-def:o',
'urn:oid:2.5.4.11' => 'urn:mace:dir:attribute-def:ou',
'urn:oid:2.5.4.12' => 'urn:mace:dir:attribute-def:title',
'urn:oid:2.5.4.13' => 'urn:mace:dir:attribute-def:description',
'urn:oid:2.5.4.14' => 'urn:mace:dir:attribute-def:searchGuide',
'urn:oid:2.5.4.15' => 'urn:mace:dir:attribute-def:businessCategory',
'urn:oid:2.5.4.16' => 'urn:mace:dir:attribute-def:postalAddress',
'urn:oid:2.5.4.17' => 'urn:mace:dir:attribute-def:postalCode',
'urn:oid:2.5.4.18' => 'urn:mace:dir:attribute-def:postOfficeBox',
'urn:oid:2.5.4.19' => 'urn:mace:dir:attribute-def:physicalDeliveryOfficeName',
'urn:oid:2.5.4.2' => 'urn:mace:dir:attribute-def:knowledgeInformation',
'urn:oid:2.5.4.20' => 'urn:mace:dir:attribute-def:telephoneNumber',
'urn:oid:2.5.4.21' => 'urn:mace:dir:attribute-def:telexNumber',
'urn:oid:2.5.4.22' => 'urn:mace:dir:attribute-def:teletexTerminalIdentifier',
'urn:oid:2.5.4.23' => 'urn:mace:dir:attribute-def:facsimileTelephoneNumber',
'urn:oid:2.5.4.24' => 'urn:mace:dir:attribute-def:x121Address',
'urn:oid:2.5.4.25' => 'urn:mace:dir:attribute-def:internationaliSDNNumber',
'urn:oid:2.5.4.26' => 'urn:mace:dir:attribute-def:registeredAddress',
'urn:oid:2.5.4.27' => 'urn:mace:dir:attribute-def:destinationIndicator',
'urn:oid:2.5.4.28' => 'urn:mace:dir:attribute-def:preferredDeliveryMethod',
'urn:oid:2.5.4.29' => 'urn:mace:dir:attribute-def:presentationAddress',
'urn:oid:2.5.4.3' => 'urn:mace:dir:attribute-def:cn',
'urn:oid:2.5.4.30' => 'urn:mace:dir:attribute-def:supportedApplicationContext',
'urn:oid:2.5.4.31' => 'urn:mace:dir:attribute-def:member',
'urn:oid:2.5.4.32' => 'urn:mace:dir:attribute-def:owner',
'urn:oid:2.5.4.33' => 'urn:mace:dir:attribute-def:roleOccupant',
'urn:oid:2.5.4.34' => 'urn:mace:dir:attribute-def:seeAlso',
'urn:oid:2.5.4.35' => 'urn:mace:dir:attribute-def:userPassword',
'urn:oid:2.5.4.36' => 'urn:mace:dir:attribute-def:userCertificate',
'urn:oid:2.5.4.37' => 'urn:mace:dir:attribute-def:cACertificate',
'urn:oid:2.5.4.38' => 'urn:mace:dir:attribute-def:authorityRevocationList',
'urn:oid:2.5.4.39' => 'urn:mace:dir:attribute-def:certificateRevocationList',
'urn:oid:2.5.4.4' => 'urn:mace:dir:attribute-def:sn',
'urn:oid:2.5.4.40' => 'urn:mace:dir:attribute-def:crossCertificatePair',
'urn:oid:2.5.4.41' => 'urn:mace:dir:attribute-def:name',
'urn:oid:2.5.4.42' => 'urn:mace:dir:attribute-def:givenName',
'urn:oid:2.5.4.43' => 'urn:mace:dir:attribute-def:initials',
'urn:oid:2.5.4.44' => 'urn:mace:dir:attribute-def:generationQualifier',
'urn:oid:2.5.4.45' => 'urn:mace:dir:attribute-def:x500UniqueIdentifier',
'urn:oid:2.5.4.46' => 'urn:mace:dir:attribute-def:dnQualifier',
'urn:oid:2.5.4.47' => 'urn:mace:dir:attribute-def:enhancedSearchGuide',
'urn:oid:2.5.4.48' => 'urn:mace:dir:attribute-def:protocolInformation',
'urn:oid:2.5.4.49' => 'urn:mace:dir:attribute-def:distinguishedName',
'urn:oid:2.5.4.5' => 'urn:mace:dir:attribute-def:serialNumber',
'urn:oid:2.5.4.50' => 'urn:mace:dir:attribute-def:uniqueMember',
'urn:oid:2.5.4.51' => 'urn:mace:dir:attribute-def:houseIdentifier',
'urn:oid:2.5.4.52' => 'urn:mace:dir:attribute-def:supportedAlgorithms',
'urn:oid:2.5.4.53' => 'urn:mace:dir:attribute-def:deltaRevocationList',
'urn:oid:2.5.4.54' => 'urn:mace:dir:attribute-def:dmdName',
'urn:oid:2.5.4.6' => 'urn:mace:dir:attribute-def:c',
'urn:oid:2.5.4.65' => 'urn:mace:dir:attribute-def:pseudonym',
'urn:oid:2.5.4.7' => 'urn:mace:dir:attribute-def:l',
'urn:oid:2.5.4.8' => 'urn:mace:dir:attribute-def:st',
'urn:oid:2.5.4.9' => 'urn:mace:dir:attribute-def:street',
);
?>

View File

@ -0,0 +1,40 @@
<?php
$attributemap = array(
// The following attributes can used to manufacture usernames
// 'openid' => '', // OpenID Claimed_ID/Identity_URL of the user
// 'openid.local_id' => '', // Identity URL returned by OpenID Server
// 'openid.server_url' => '', //
// Simple Registration + AX Schema
'http://axschema.org/namePerson/friendly' => 'displayName', // Alias/Username -> displayName
'openid.sreg.nickname' => 'displayName',
'http://axschema.org/contact/email' => 'mail', // Email
'openid.sreg.email' => 'mail',
'http://axschema.org/namePerson' => 'displayName', // Full name -> displayName
'openid.sreg.fullname' => 'displayName',
'http://axschema.org/contact/postalCode/home' => 'postalCode', // Postal code
'openid.sreg.postcode' => 'postalCode',
'http://axschema.org/contact/country/home' => 'countryName', // Country
'openid.sreg.country' => 'countryName',
'http://axschema.org/pref/language' => 'preferredLanguage', // Language
'openid.sreg.language' => 'preferredLanguage',
// Name
'http://axschema.org/namePerson/prefix' => 'personalTitle', // Name prefix
'http://axschema.org/namePerson/first' => 'givenName', // First name
'http://axschema.org/namePerson/last' => 'sn', // Last name
// Work
'http://axschema.org/company/name' => 'o', // Company name
'http://axschema.org/company/title' => 'title', // Job title
// Telephone
'http://axschema.org/contact/phone/default' => 'telephoneNumber', // Phone (preferred)
'http://axschema.org/contact/phone/home' => 'homePhone', // Phone (home)
'http://axschema.org/contact/phone/business' => 'telephoneNumber', // Phone (work)
'http://axschema.org/contact/phone/cell' => 'mobile', // Phone (mobile)
'http://axschema.org/contact/phone/fax' => 'facsimileTelephoneNumber', // Phone (fax)
// Further attributes can be found at http://www.axschema.org/types/
);

View File

@ -0,0 +1,22 @@
<?php
$attributemap = array(
'urn:mace:dir:attribute-def:sn' => 'sn',
'urn:mace:dir:attribute-def:telephoneNumber' => 'telephoneNumber',
'urn:mace:dir:attribute-def:facsimileTelephoneNumber' => 'facsimileTelephoneNumber',
'urn:mace:dir:attribute-def:postalAddress' => 'postalAddress',
'urn:mace:dir:attribute-def:givenName' => 'givenName',
'urn:mace:dir:attribute-def:homePhone' => 'homePhone',
'urn:mace:dir:attribute-def:homePostalAddress' => 'homePostalAddress',
'urn:mace:dir:attribute-def:mail' => 'mail',
'urn:mace:dir:attribute-def:mobile' => 'mobile',
'urn:mace:dir:attribute-def:preferredLanguage' => 'preferredLanguage',
'urn:mace:dir:attribute-def:eduPersonPrincipalName' => 'eduPersonPrincipalName',
'urn:mace:dir:attribute-def:eduPersonAffiliation' => 'eduPersonAffiliation',
'urn:mace:dir:attribute-def:eduPersonScopedAffiliation' => 'eduPersonScopedAffiliation',
'urn:mace:dir:attribute-def:eduPersonEntitlement' => 'eduPersonEntitlement',
'urn:mace:dir:attribute-def:eduPersonOrgDN' => 'eduPersonOrgDN',
'urn:mace:dir:attribute-def:eduPersonOrgUnitDN' => 'eduPersonOrgUnitDN',
);
?>

View File

@ -0,0 +1,40 @@
<?php
$attributemap = array(
'mobile' => 'urn:mace:dir:attribute-def:mobile'
);
/*
ShibMapAttribute urn:mace:dir:attribute-def:sn Shib-LDAP-Surname surname
ShibMapAttribute urn:mace:dir:attribute-def:telephoneNumber Shib-LDAP-telephoneNumber telephoneNumber
ShibMapAttribute urn:mace:dir:attribute-def:facsimileTelephoneNumber Shib-LDAP-facsimileTelephoneNumber facsimileTelephoneNumber
ShibMapAttribute urn:mace:dir:attribute-def:postalAddress Shib-LDAP-postalAddress postalAddress
ShibMapAttribute urn:mace:dir:attribute-def:givenName Shib-LDAP-givenName givenName
ShibMapAttribute urn:mace:dir:attribute-def:homePhone Shib-LDAP-homePhone homePhone
ShibMapAttribute urn:mace:dir:attribute-def:homePostalAddress Shib-LDAP-homePostalAddress homePostalAddress
ShibMapAttribute urn:mace:dir:attribute-def:mail Shib-LDAP-mail mail
ShibMapAttribute urn:mace:dir:attribute-def:mobile Shib-LDAP-mobile mobile
ShibMapAttribute urn:mace:dir:attribute-def:preferredLanguage Shib-LDAP-preferredLanguage preferredLanguage
#
ShibMapAttribute urn:mace:dir:attribute-def:eduPersonPrincipalName Shib-EP-PrincipalName eppn
ShibMapAttribute urn:mace:dir:attribute-def:eduPersonAffiliation Shib-EP-Affiliation affiliation
ShibMapAttribute urn:mace:dir:attribute-def:eduPersonScopedAffiliation Shib-EP-ScopedAffiliation scopedAffiliation
ShibMapAttribute urn:mace:dir:attribute-def:eduPersonEntitlement Shib-EP-Entitlement entitlement
ShibMapAttribute urn:mace:dir:attribute-def:eduPersonOrgDN Shib-EP-OrgDN orgDN
ShibMapAttribute urn:mace:dir:attribute-def:eduPersonOrgUnitDN Shib-EP-OrgUnitDN orgUnitDN
#
ShibMapAttribute urn:mace:switch.ch:attribute-def:swissEduPersonUniqueID Shib-SwissEP-UniqueID uniqueID
ShibMapAttribute urn:mace:switch.ch:attribute-def:swissEduPersonDateOfBirth Shib-SwissEP-DateOfBirth dateOfBirth
ShibMapAttribute urn:mace:switch.ch:attribute-def:swissEduPersonGender Shib-SwissEP-Gender gender
ShibMapAttribute urn:mace:switch.ch:attribute-def:swissEduPersonHomeOrganization Shib-SwissEP-HomeOrganization homeOrganization
ShibMapAttribute urn:mace:switch.ch:attribute-def:swissEduPersonHomeOrganizationType Shib-SwissEP-HomeOrganizationType homeOrganizationType
ShibMapAttribute urn:mace:switch.ch:attribute-def:swissEduPersonStudyBranch1 Shib-SwissEP-StudyBranch1 studyBranch1
ShibMapAttribute urn:mace:switch.ch:attribute-def:swissEduPersonStudyBranch2 Shib-SwissEP-StudyBranch2 studyBranch2
ShibMapAttribute urn:mace:switch.ch:attribute-def:swissEduPersonStudyBranch3 Shib-SwissEP-StudyBranch3 studyBranch3
ShibMapAttribute urn:mace:switch.ch:attribute-def:swissEduPersonStudyLevel Shib-SwissEP-StudyLevel studyLevel
ShibMapAttribute urn:mace:switch.ch:attribute-def:swissEduPersonStaffCategory Shib-SwissEP-StaffCategory staffCategory
*/
?>

View File

@ -0,0 +1,17 @@
<?php
$attributemap = array(
// Generated Twitter Attributes
'twitter_screen_n_realm' => 'eduPersonPrincipalName', // screen_name@twitter.com
//'twitter_at_screen_name' => 'eduPersonPrincipalName', // legacy @twitter format
'twitter_targetedID' => 'eduPersonTargetedID', // http://twitter.com!id_str
// Attributes Returned by Twitter
'twitter.screen_name' => 'uid', // equivalent to twitter username without leading @
//'twitter.id_str' => 'uid', // persistent numeric twitter user id
'twitter.name' => 'displayName',
'twitter.url' => 'labeledURI',
'twitter.lang' => 'preferredLanguage',
//'twitter.profile_image_url' => 'jpegPhoto',
'twitter.description' => 'description',
);

View File

@ -0,0 +1,163 @@
<?php
$attributemap = array(
'urn:mace:dir:attribute-def:aRecord' => 'aRecord',
'urn:mace:dir:attribute-def:aliasedEntryName' => 'aliasedEntryName',
'urn:mace:dir:attribute-def:aliasedObjectName' => 'aliasedObjectName',
'urn:mace:dir:attribute-def:associatedDomain' => 'associatedDomain',
'urn:mace:dir:attribute-def:associatedName' => 'associatedName',
'urn:mace:dir:attribute-def:audio' => 'audio',
'urn:mace:dir:attribute-def:authorityRevocationList' => 'authorityRevocationList',
'urn:mace:dir:attribute-def:buildingName' => 'buildingName',
'urn:mace:dir:attribute-def:businessCategory' => 'businessCategory',
'urn:mace:dir:attribute-def:c' => 'c',
'urn:mace:dir:attribute-def:cACertificate' => 'cACertificate',
'urn:mace:dir:attribute-def:cNAMERecord' => 'cNAMERecord',
'urn:mace:dir:attribute-def:carLicense' => 'carLicense',
'urn:mace:dir:attribute-def:certificateRevocationList' => 'certificateRevocationList',
'urn:mace:dir:attribute-def:cn' => 'cn',
'urn:mace:dir:attribute-def:co' => 'co',
'urn:mace:dir:attribute-def:commonName' => 'commonName',
'urn:mace:dir:attribute-def:countryName' => 'countryName',
'urn:mace:dir:attribute-def:crossCertificatePair' => 'crossCertificatePair',
'urn:mace:dir:attribute-def:dITRedirect' => 'dITRedirect',
'urn:mace:dir:attribute-def:dSAQuality' => 'dSAQuality',
'urn:mace:dir:attribute-def:dc' => 'dc',
'urn:mace:dir:attribute-def:deltaRevocationList' => 'deltaRevocationList',
'urn:mace:dir:attribute-def:departmentNumber' => 'departmentNumber',
'urn:mace:dir:attribute-def:description' => 'description',
'urn:mace:dir:attribute-def:destinationIndicator' => 'destinationIndicator',
'urn:mace:dir:attribute-def:displayName' => 'displayName',
'urn:mace:dir:attribute-def:distinguishedName' => 'distinguishedName',
'urn:mace:dir:attribute-def:dmdName' => 'dmdName',
'urn:mace:dir:attribute-def:dnQualifier' => 'dnQualifier',
'urn:mace:dir:attribute-def:documentAuthor' => 'documentAuthor',
'urn:mace:dir:attribute-def:documentIdentifier' => 'documentIdentifier',
'urn:mace:dir:attribute-def:documentLocation' => 'documentLocation',
'urn:mace:dir:attribute-def:documentPublisher' => 'documentPublisher',
'urn:mace:dir:attribute-def:documentTitle' => 'documentTitle',
'urn:mace:dir:attribute-def:documentVersion' => 'documentVersion',
'urn:mace:dir:attribute-def:domainComponent' => 'domainComponent',
'urn:mace:dir:attribute-def:drink' => 'drink',
'urn:mace:dir:attribute-def:eduOrgHomePageURI' => 'eduOrgHomePageURI',
'urn:mace:dir:attribute-def:eduOrgIdentityAuthNPolicyURI' => 'eduOrgIdentityAuthNPolicyURI',
'urn:mace:dir:attribute-def:eduOrgLegalName' => 'eduOrgLegalName',
'urn:mace:dir:attribute-def:eduOrgSuperiorURI' => 'eduOrgSuperiorURI',
'urn:mace:dir:attribute-def:eduOrgWhitePagesURI' => 'eduOrgWhitePagesURI',
'urn:mace:dir:attribute-def:eduPersonAffiliation' => 'eduPersonAffiliation',
'urn:mace:dir:attribute-def:eduPersonEntitlement' => 'eduPersonEntitlement',
'urn:mace:dir:attribute-def:eduPersonNickname' => 'eduPersonNickname',
'urn:mace:dir:attribute-def:eduPersonOrgDN' => 'eduPersonOrgDN',
'urn:mace:dir:attribute-def:eduPersonOrgUnitDN' => 'eduPersonOrgUnitDN',
'urn:mace:dir:attribute-def:eduPersonPrimaryAffiliation' => 'eduPersonPrimaryAffiliation',
'urn:mace:dir:attribute-def:eduPersonPrimaryOrgUnitDN' => 'eduPersonPrimaryOrgUnitDN',
'urn:mace:dir:attribute-def:eduPersonPrincipalName' => 'eduPersonPrincipalName',
'urn:mace:dir:attribute-def:eduPersonScopedAffiliation' => 'eduPersonScopedAffiliation',
'urn:mace:dir:attribute-def:eduPersonTargetedID' => 'eduPersonTargetedID',
'urn:mace:dir:attribute-def:email' => 'email',
'urn:mace:dir:attribute-def:emailAddress' => 'emailAddress',
'urn:mace:dir:attribute-def:employeeNumber' => 'employeeNumber',
'urn:mace:dir:attribute-def:employeeType' => 'employeeType',
'urn:mace:dir:attribute-def:enhancedSearchGuide' => 'enhancedSearchGuide',
'urn:mace:dir:attribute-def:facsimileTelephoneNumber' => 'facsimileTelephoneNumber',
'urn:mace:dir:attribute-def:favouriteDrink' => 'favouriteDrink',
'urn:mace:dir:attribute-def:fax' => 'fax',
'urn:mace:dir:attribute-def:federationFeideSchemaVersion' => 'federationFeideSchemaVersion',
'urn:mace:dir:attribute-def:friendlyCountryName' => 'friendlyCountryName',
'urn:mace:dir:attribute-def:generationQualifier' => 'generationQualifier',
'urn:mace:dir:attribute-def:givenName' => 'givenName',
'urn:mace:dir:attribute-def:gn' => 'gn',
'urn:mace:dir:attribute-def:homePhone' => 'homePhone',
'urn:mace:dir:attribute-def:homePostalAddress' => 'homePostalAddress',
'urn:mace:dir:attribute-def:homeTelephoneNumber' => 'homeTelephoneNumber',
'urn:mace:dir:attribute-def:host' => 'host',
'urn:mace:dir:attribute-def:houseIdentifier' => 'houseIdentifier',
'urn:mace:dir:attribute-def:info' => 'info',
'urn:mace:dir:attribute-def:initials' => 'initials',
'urn:mace:dir:attribute-def:internationaliSDNNumber' => 'internationaliSDNNumber',
'urn:mace:dir:attribute-def:janetMailbox' => 'janetMailbox',
'urn:mace:dir:attribute-def:jpegPhoto' => 'jpegPhoto',
'urn:mace:dir:attribute-def:knowledgeInformation' => 'knowledgeInformation',
'urn:mace:dir:attribute-def:l' => 'l',
'urn:mace:dir:attribute-def:labeledURI' => 'labeledURI',
'urn:mace:dir:attribute-def:localityName' => 'localityName',
'urn:mace:dir:attribute-def:mDRecord' => 'mDRecord',
'urn:mace:dir:attribute-def:mXRecord' => 'mXRecord',
'urn:mace:dir:attribute-def:mail' => 'mail',
'urn:mace:dir:attribute-def:mailPreferenceOption' => 'mailPreferenceOption',
'urn:mace:dir:attribute-def:manager' => 'manager',
'urn:mace:dir:attribute-def:member' => 'member',
'urn:mace:dir:attribute-def:mobile' => 'mobile',
'urn:mace:dir:attribute-def:mobileTelephoneNumber' => 'mobileTelephoneNumber',
'urn:mace:dir:attribute-def:nSRecord' => 'nSRecord',
'urn:mace:dir:attribute-def:name' => 'name',
'urn:mace:dir:attribute-def:norEduOrgAcronym' => 'norEduOrgAcronym',
'urn:mace:dir:attribute-def:norEduOrgNIN' => 'norEduOrgNIN',
'urn:mace:dir:attribute-def:norEduOrgSchemaVersion' => 'norEduOrgSchemaVersion',
'urn:mace:dir:attribute-def:norEduOrgUniqueIdentifier' => 'norEduOrgUniqueIdentifier',
'urn:mace:dir:attribute-def:norEduOrgUniqueNumber' => 'norEduOrgUniqueNumber',
'urn:mace:dir:attribute-def:norEduOrgUnitUniqueIdentifier' => 'norEduOrgUnitUniqueIdentifier',
'urn:mace:dir:attribute-def:norEduOrgUnitUniqueNumber' => 'norEduOrgUnitUniqueNumber',
'urn:mace:dir:attribute-def:norEduPersonBirthDate' => 'norEduPersonBirthDate',
'urn:mace:dir:attribute-def:norEduPersonLIN' => 'norEduPersonLIN',
'urn:mace:dir:attribute-def:norEduPersonNIN' => 'norEduPersonNIN',
'urn:mace:dir:attribute-def:o' => 'o',
'urn:mace:dir:attribute-def:objectClass' => 'objectClass',
'urn:mace:dir:attribute-def:organizationName' => 'organizationName',
'urn:mace:dir:attribute-def:organizationalStatus' => 'organizationalStatus',
'urn:mace:dir:attribute-def:organizationalUnitName' => 'organizationalUnitName',
'urn:mace:dir:attribute-def:otherMailbox' => 'otherMailbox',
'urn:mace:dir:attribute-def:ou' => 'ou',
'urn:mace:dir:attribute-def:owner' => 'owner',
'urn:mace:dir:attribute-def:pager' => 'pager',
'urn:mace:dir:attribute-def:pagerTelephoneNumber' => 'pagerTelephoneNumber',
'urn:mace:dir:attribute-def:personalSignature' => 'personalSignature',
'urn:mace:dir:attribute-def:personalTitle' => 'personalTitle',
'urn:mace:dir:attribute-def:photo' => 'photo',
'urn:mace:dir:attribute-def:physicalDeliveryOfficeName' => 'physicalDeliveryOfficeName',
'urn:mace:dir:attribute-def:pkcs9email' => 'pkcs9email',
'urn:mace:dir:attribute-def:postOfficeBox' => 'postOfficeBox',
'urn:mace:dir:attribute-def:postalAddress' => 'postalAddress',
'urn:mace:dir:attribute-def:postalCode' => 'postalCode',
'urn:mace:dir:attribute-def:preferredDeliveryMethod' => 'preferredDeliveryMethod',
'urn:mace:dir:attribute-def:preferredLanguage' => 'preferredLanguage',
'urn:mace:dir:attribute-def:presentationAddress' => 'presentationAddress',
'urn:mace:dir:attribute-def:protocolInformation' => 'protocolInformation',
'urn:mace:dir:attribute-def:pseudonym' => 'pseudonym',
'urn:mace:dir:attribute-def:registeredAddress' => 'registeredAddress',
'urn:mace:dir:attribute-def:rfc822Mailbox' => 'rfc822Mailbox',
'urn:mace:dir:attribute-def:roleOccupant' => 'roleOccupant',
'urn:mace:dir:attribute-def:roomNumber' => 'roomNumber',
'urn:mace:dir:attribute-def:sOARecord' => 'sOARecord',
'urn:mace:dir:attribute-def:searchGuide' => 'searchGuide',
'urn:mace:dir:attribute-def:secretary' => 'secretary',
'urn:mace:dir:attribute-def:seeAlso' => 'seeAlso',
'urn:mace:dir:attribute-def:serialNumber' => 'serialNumber',
'urn:mace:dir:attribute-def:singleLevelQuality' => 'singleLevelQuality',
'urn:mace:dir:attribute-def:sn' => 'sn',
'urn:mace:dir:attribute-def:st' => 'st',
'urn:mace:dir:attribute-def:stateOrProvinceName' => 'stateOrProvinceName',
'urn:mace:dir:attribute-def:street' => 'street',
'urn:mace:dir:attribute-def:streetAddress' => 'streetAddress',
'urn:mace:dir:attribute-def:subtreeMaximumQuality' => 'subtreeMaximumQuality',
'urn:mace:dir:attribute-def:subtreeMinimumQuality' => 'subtreeMinimumQuality',
'urn:mace:dir:attribute-def:supportedAlgorithms' => 'supportedAlgorithms',
'urn:mace:dir:attribute-def:supportedApplicationContext' => 'supportedApplicationContext',
'urn:mace:dir:attribute-def:surname' => 'surname',
'urn:mace:dir:attribute-def:telephoneNumber' => 'telephoneNumber',
'urn:mace:dir:attribute-def:teletexTerminalIdentifier' => 'teletexTerminalIdentifier',
'urn:mace:dir:attribute-def:telexNumber' => 'telexNumber',
'urn:mace:dir:attribute-def:textEncodedORAddress' => 'textEncodedORAddress',
'urn:mace:dir:attribute-def:title' => 'title',
'urn:mace:dir:attribute-def:uid' => 'uid',
'urn:mace:dir:attribute-def:uniqueIdentifier' => 'uniqueIdentifier',
'urn:mace:dir:attribute-def:uniqueMember' => 'uniqueMember',
'urn:mace:dir:attribute-def:userCertificate' => 'userCertificate',
'urn:mace:dir:attribute-def:userClass' => 'userClass',
'urn:mace:dir:attribute-def:userPKCS12' => 'userPKCS12',
'urn:mace:dir:attribute-def:userPassword' => 'userPassword',
'urn:mace:dir:attribute-def:userSMIMECertificate' => 'userSMIMECertificate',
'urn:mace:dir:attribute-def:userid' => 'userid',
'urn:mace:dir:attribute-def:x121Address' => 'x121Address',
'urn:mace:dir:attribute-def:x500UniqueIdentifier' => 'x500UniqueIdentifier',
);
?>

View File

@ -0,0 +1,163 @@
<?php
$attributemap = array(
'urn:mace:dir:attribute-def:aRecord' => 'urn:oid:0.9.2342.19200300.100.1.26',
'urn:mace:dir:attribute-def:aliasedEntryName' => 'urn:oid:2.5.4.1',
'urn:mace:dir:attribute-def:aliasedObjectName' => 'urn:oid:2.5.4.1',
'urn:mace:dir:attribute-def:associatedDomain' => 'urn:oid:0.9.2342.19200300.100.1.37',
'urn:mace:dir:attribute-def:associatedName' => 'urn:oid:0.9.2342.19200300.100.1.38',
'urn:mace:dir:attribute-def:audio' => 'urn:oid:0.9.2342.19200300.100.1.55',
'urn:mace:dir:attribute-def:authorityRevocationList' => 'urn:oid:2.5.4.38',
'urn:mace:dir:attribute-def:buildingName' => 'urn:oid:0.9.2342.19200300.100.1.48',
'urn:mace:dir:attribute-def:businessCategory' => 'urn:oid:2.5.4.15',
'urn:mace:dir:attribute-def:c' => 'urn:oid:2.5.4.6',
'urn:mace:dir:attribute-def:cACertificate' => 'urn:oid:2.5.4.37',
'urn:mace:dir:attribute-def:cNAMERecord' => 'urn:oid:0.9.2342.19200300.100.1.31',
'urn:mace:dir:attribute-def:carLicense' => 'urn:oid:2.16.840.1.113730.3.1.1',
'urn:mace:dir:attribute-def:certificateRevocationList' => 'urn:oid:2.5.4.39',
'urn:mace:dir:attribute-def:cn' => 'urn:oid:2.5.4.3',
'urn:mace:dir:attribute-def:co' => 'urn:oid:0.9.2342.19200300.100.1.43',
'urn:mace:dir:attribute-def:commonName' => 'urn:oid:2.5.4.3',
'urn:mace:dir:attribute-def:countryName' => 'urn:oid:2.5.4.6',
'urn:mace:dir:attribute-def:crossCertificatePair' => 'urn:oid:2.5.4.40',
'urn:mace:dir:attribute-def:dITRedirect' => 'urn:oid:0.9.2342.19200300.100.1.54',
'urn:mace:dir:attribute-def:dSAQuality' => 'urn:oid:0.9.2342.19200300.100.1.49',
'urn:mace:dir:attribute-def:dc' => 'urn:oid:0.9.2342.19200300.100.1.25',
'urn:mace:dir:attribute-def:deltaRevocationList' => 'urn:oid:2.5.4.53',
'urn:mace:dir:attribute-def:departmentNumber' => 'urn:oid:2.16.840.1.113730.3.1.2',
'urn:mace:dir:attribute-def:description' => 'urn:oid:2.5.4.13',
'urn:mace:dir:attribute-def:destinationIndicator' => 'urn:oid:2.5.4.27',
'urn:mace:dir:attribute-def:displayName' => 'urn:oid:2.16.840.1.113730.3.1.241',
'urn:mace:dir:attribute-def:distinguishedName' => 'urn:oid:2.5.4.49',
'urn:mace:dir:attribute-def:dmdName' => 'urn:oid:2.5.4.54',
'urn:mace:dir:attribute-def:dnQualifier' => 'urn:oid:2.5.4.46',
'urn:mace:dir:attribute-def:documentAuthor' => 'urn:oid:0.9.2342.19200300.100.1.14',
'urn:mace:dir:attribute-def:documentIdentifier' => 'urn:oid:0.9.2342.19200300.100.1.11',
'urn:mace:dir:attribute-def:documentLocation' => 'urn:oid:0.9.2342.19200300.100.1.15',
'urn:mace:dir:attribute-def:documentPublisher' => 'urn:oid:0.9.2342.19200300.100.1.56',
'urn:mace:dir:attribute-def:documentTitle' => 'urn:oid:0.9.2342.19200300.100.1.12',
'urn:mace:dir:attribute-def:documentVersion' => 'urn:oid:0.9.2342.19200300.100.1.13',
'urn:mace:dir:attribute-def:domainComponent' => 'urn:oid:0.9.2342.19200300.100.1.25',
'urn:mace:dir:attribute-def:drink' => 'urn:oid:0.9.2342.19200300.100.1.5',
'urn:mace:dir:attribute-def:eduOrgHomePageURI' => 'urn:oid:1.3.6.1.4.1.5923.1.2.1.2',
'urn:mace:dir:attribute-def:eduOrgIdentityAuthNPolicyURI' => 'urn:oid:1.3.6.1.4.1.5923.1.2.1.3',
'urn:mace:dir:attribute-def:eduOrgLegalName' => 'urn:oid:1.3.6.1.4.1.5923.1.2.1.4',
'urn:mace:dir:attribute-def:eduOrgSuperiorURI' => 'urn:oid:1.3.6.1.4.1.5923.1.2.1.5',
'urn:mace:dir:attribute-def:eduOrgWhitePagesURI' => 'urn:oid:1.3.6.1.4.1.5923.1.2.1.6',
'urn:mace:dir:attribute-def:eduPersonAffiliation' => 'urn:oid:1.3.6.1.4.1.5923.1.1.1.1',
'urn:mace:dir:attribute-def:eduPersonEntitlement' => 'urn:oid:1.3.6.1.4.1.5923.1.1.1.7',
'urn:mace:dir:attribute-def:eduPersonNickname' => 'urn:oid:1.3.6.1.4.1.5923.1.1.1.2',
'urn:mace:dir:attribute-def:eduPersonOrgDN' => 'urn:oid:1.3.6.1.4.1.5923.1.1.1.3',
'urn:mace:dir:attribute-def:eduPersonOrgUnitDN' => 'urn:oid:1.3.6.1.4.1.5923.1.1.1.4',
'urn:mace:dir:attribute-def:eduPersonPrimaryAffiliation' => 'urn:oid:1.3.6.1.4.1.5923.1.1.1.5',
'urn:mace:dir:attribute-def:eduPersonPrimaryOrgUnitDN' => 'urn:oid:1.3.6.1.4.1.5923.1.1.1.8',
'urn:mace:dir:attribute-def:eduPersonPrincipalName' => 'urn:oid:1.3.6.1.4.1.5923.1.1.1.6',
'urn:mace:dir:attribute-def:eduPersonScopedAffiliation' => 'urn:oid:1.3.6.1.4.1.5923.1.1.1.9',
'urn:mace:dir:attribute-def:eduPersonTargetedID' => 'urn:oid:1.3.6.1.4.1.5923.1.1.1.10',
'urn:mace:dir:attribute-def:email' => 'urn:oid:1.2.840.113549.1.9.1',
'urn:mace:dir:attribute-def:emailAddress' => 'urn:oid:1.2.840.113549.1.9.1',
'urn:mace:dir:attribute-def:employeeNumber' => 'urn:oid:2.16.840.1.113730.3.1.3',
'urn:mace:dir:attribute-def:employeeType' => 'urn:oid:2.16.840.1.113730.3.1.4',
'urn:mace:dir:attribute-def:enhancedSearchGuide' => 'urn:oid:2.5.4.47',
'urn:mace:dir:attribute-def:facsimileTelephoneNumber' => 'urn:oid:2.5.4.23',
'urn:mace:dir:attribute-def:favouriteDrink' => 'urn:oid:0.9.2342.19200300.100.1.5',
'urn:mace:dir:attribute-def:fax' => 'urn:oid:2.5.4.23',
'urn:mace:dir:attribute-def:federationFeideSchemaVersion' => 'urn:oid:1.3.6.1.4.1.2428.90.1.9',
'urn:mace:dir:attribute-def:friendlyCountryName' => 'urn:oid:0.9.2342.19200300.100.1.43',
'urn:mace:dir:attribute-def:generationQualifier' => 'urn:oid:2.5.4.44',
'urn:mace:dir:attribute-def:givenName' => 'urn:oid:2.5.4.42',
'urn:mace:dir:attribute-def:gn' => 'urn:oid:2.5.4.42',
'urn:mace:dir:attribute-def:homePhone' => 'urn:oid:0.9.2342.19200300.100.1.20',
'urn:mace:dir:attribute-def:homePostalAddress' => 'urn:oid:0.9.2342.19200300.100.1.39',
'urn:mace:dir:attribute-def:homeTelephoneNumber' => 'urn:oid:0.9.2342.19200300.100.1.20',
'urn:mace:dir:attribute-def:host' => 'urn:oid:0.9.2342.19200300.100.1.9',
'urn:mace:dir:attribute-def:houseIdentifier' => 'urn:oid:2.5.4.51',
'urn:mace:dir:attribute-def:info' => 'urn:oid:0.9.2342.19200300.100.1.4',
'urn:mace:dir:attribute-def:initials' => 'urn:oid:2.5.4.43',
'urn:mace:dir:attribute-def:internationaliSDNNumber' => 'urn:oid:2.5.4.25',
'urn:mace:dir:attribute-def:janetMailbox' => 'urn:oid:0.9.2342.19200300.100.1.46',
'urn:mace:dir:attribute-def:jpegPhoto' => 'urn:oid:0.9.2342.19200300.100.1.60',
'urn:mace:dir:attribute-def:knowledgeInformation' => 'urn:oid:2.5.4.2',
'urn:mace:dir:attribute-def:l' => 'urn:oid:2.5.4.7',
'urn:mace:dir:attribute-def:labeledURI' => 'urn:oid:1.3.6.1.4.1.250.1.57',
'urn:mace:dir:attribute-def:localityName' => 'urn:oid:2.5.4.7',
'urn:mace:dir:attribute-def:mDRecord' => 'urn:oid:0.9.2342.19200300.100.1.27',
'urn:mace:dir:attribute-def:mXRecord' => 'urn:oid:0.9.2342.19200300.100.1.28',
'urn:mace:dir:attribute-def:mail' => 'urn:oid:0.9.2342.19200300.100.1.3',
'urn:mace:dir:attribute-def:mailPreferenceOption' => 'urn:oid:0.9.2342.19200300.100.1.47',
'urn:mace:dir:attribute-def:manager' => 'urn:oid:0.9.2342.19200300.100.1.10',
'urn:mace:dir:attribute-def:member' => 'urn:oid:2.5.4.31',
'urn:mace:dir:attribute-def:mobile' => 'urn:oid:0.9.2342.19200300.100.1.41',
'urn:mace:dir:attribute-def:mobileTelephoneNumber' => 'urn:oid:0.9.2342.19200300.100.1.41',
'urn:mace:dir:attribute-def:nSRecord' => 'urn:oid:0.9.2342.19200300.100.1.29',
'urn:mace:dir:attribute-def:name' => 'urn:oid:2.5.4.41',
'urn:mace:dir:attribute-def:norEduOrgAcronym' => 'urn:oid:1.3.6.1.4.1.2428.90.1.6',
'urn:mace:dir:attribute-def:norEduOrgNIN' => 'urn:oid:1.3.6.1.4.1.2428.90.1.12',
'urn:mace:dir:attribute-def:norEduOrgSchemaVersion' => 'urn:oid:1.3.6.1.4.1.2428.90.1.11',
'urn:mace:dir:attribute-def:norEduOrgUniqueIdentifier' => 'urn:oid:1.3.6.1.4.1.2428.90.1.7',
'urn:mace:dir:attribute-def:norEduOrgUniqueNumber' => 'urn:oid:1.3.6.1.4.1.2428.90.1.1',
'urn:mace:dir:attribute-def:norEduOrgUnitUniqueIdentifier' => 'urn:oid:1.3.6.1.4.1.2428.90.1.8',
'urn:mace:dir:attribute-def:norEduOrgUnitUniqueNumber' => 'urn:oid:1.3.6.1.4.1.2428.90.1.2',
'urn:mace:dir:attribute-def:norEduPersonBirthDate' => 'urn:oid:1.3.6.1.4.1.2428.90.1.3',
'urn:mace:dir:attribute-def:norEduPersonLIN' => 'urn:oid:1.3.6.1.4.1.2428.90.1.4',
'urn:mace:dir:attribute-def:norEduPersonNIN' => 'urn:oid:1.3.6.1.4.1.2428.90.1.5',
'urn:mace:dir:attribute-def:o' => 'urn:oid:2.5.4.10',
'urn:mace:dir:attribute-def:objectClass' => 'urn:oid:2.5.4.0',
'urn:mace:dir:attribute-def:organizationName' => 'urn:oid:2.5.4.10',
'urn:mace:dir:attribute-def:organizationalStatus' => 'urn:oid:0.9.2342.19200300.100.1.45',
'urn:mace:dir:attribute-def:organizationalUnitName' => 'urn:oid:2.5.4.11',
'urn:mace:dir:attribute-def:otherMailbox' => 'urn:oid:0.9.2342.19200300.100.1.22',
'urn:mace:dir:attribute-def:ou' => 'urn:oid:2.5.4.11',
'urn:mace:dir:attribute-def:owner' => 'urn:oid:2.5.4.32',
'urn:mace:dir:attribute-def:pager' => 'urn:oid:0.9.2342.19200300.100.1.42',
'urn:mace:dir:attribute-def:pagerTelephoneNumber' => 'urn:oid:0.9.2342.19200300.100.1.42',
'urn:mace:dir:attribute-def:personalSignature' => 'urn:oid:0.9.2342.19200300.100.1.53',
'urn:mace:dir:attribute-def:personalTitle' => 'urn:oid:0.9.2342.19200300.100.1.40',
'urn:mace:dir:attribute-def:photo' => 'urn:oid:0.9.2342.19200300.100.1.7',
'urn:mace:dir:attribute-def:physicalDeliveryOfficeName' => 'urn:oid:2.5.4.19',
'urn:mace:dir:attribute-def:pkcs9email' => 'urn:oid:1.2.840.113549.1.9.1',
'urn:mace:dir:attribute-def:postOfficeBox' => 'urn:oid:2.5.4.18',
'urn:mace:dir:attribute-def:postalAddress' => 'urn:oid:2.5.4.16',
'urn:mace:dir:attribute-def:postalCode' => 'urn:oid:2.5.4.17',
'urn:mace:dir:attribute-def:preferredDeliveryMethod' => 'urn:oid:2.5.4.28',
'urn:mace:dir:attribute-def:preferredLanguage' => 'urn:oid:2.16.840.1.113730.3.1.39',
'urn:mace:dir:attribute-def:presentationAddress' => 'urn:oid:2.5.4.29',
'urn:mace:dir:attribute-def:protocolInformation' => 'urn:oid:2.5.4.48',
'urn:mace:dir:attribute-def:pseudonym' => 'urn:oid:2.5.4.65',
'urn:mace:dir:attribute-def:registeredAddress' => 'urn:oid:2.5.4.26',
'urn:mace:dir:attribute-def:rfc822Mailbox' => 'urn:oid:0.9.2342.19200300.100.1.3',
'urn:mace:dir:attribute-def:roleOccupant' => 'urn:oid:2.5.4.33',
'urn:mace:dir:attribute-def:roomNumber' => 'urn:oid:0.9.2342.19200300.100.1.6',
'urn:mace:dir:attribute-def:sOARecord' => 'urn:oid:0.9.2342.19200300.100.1.30',
'urn:mace:dir:attribute-def:searchGuide' => 'urn:oid:2.5.4.14',
'urn:mace:dir:attribute-def:secretary' => 'urn:oid:0.9.2342.19200300.100.1.21',
'urn:mace:dir:attribute-def:seeAlso' => 'urn:oid:2.5.4.34',
'urn:mace:dir:attribute-def:serialNumber' => 'urn:oid:2.5.4.5',
'urn:mace:dir:attribute-def:singleLevelQuality' => 'urn:oid:0.9.2342.19200300.100.1.50',
'urn:mace:dir:attribute-def:sn' => 'urn:oid:2.5.4.4',
'urn:mace:dir:attribute-def:st' => 'urn:oid:2.5.4.8',
'urn:mace:dir:attribute-def:stateOrProvinceName' => 'urn:oid:2.5.4.8',
'urn:mace:dir:attribute-def:street' => 'urn:oid:2.5.4.9',
'urn:mace:dir:attribute-def:streetAddress' => 'urn:oid:2.5.4.9',
'urn:mace:dir:attribute-def:subtreeMaximumQuality' => 'urn:oid:0.9.2342.19200300.100.1.52',
'urn:mace:dir:attribute-def:subtreeMinimumQuality' => 'urn:oid:0.9.2342.19200300.100.1.51',
'urn:mace:dir:attribute-def:supportedAlgorithms' => 'urn:oid:2.5.4.52',
'urn:mace:dir:attribute-def:supportedApplicationContext' => 'urn:oid:2.5.4.30',
'urn:mace:dir:attribute-def:surname' => 'urn:oid:2.5.4.4',
'urn:mace:dir:attribute-def:telephoneNumber' => 'urn:oid:2.5.4.20',
'urn:mace:dir:attribute-def:teletexTerminalIdentifier' => 'urn:oid:2.5.4.22',
'urn:mace:dir:attribute-def:telexNumber' => 'urn:oid:2.5.4.21',
'urn:mace:dir:attribute-def:textEncodedORAddress' => 'urn:oid:0.9.2342.19200300.100.1.2',
'urn:mace:dir:attribute-def:title' => 'urn:oid:2.5.4.12',
'urn:mace:dir:attribute-def:uid' => 'urn:oid:0.9.2342.19200300.100.1.1',
'urn:mace:dir:attribute-def:uniqueIdentifier' => 'urn:oid:0.9.2342.19200300.100.1.44',
'urn:mace:dir:attribute-def:uniqueMember' => 'urn:oid:2.5.4.50',
'urn:mace:dir:attribute-def:userCertificate' => 'urn:oid:2.5.4.36',
'urn:mace:dir:attribute-def:userClass' => 'urn:oid:0.9.2342.19200300.100.1.8',
'urn:mace:dir:attribute-def:userPKCS12' => 'urn:oid:2.16.840.1.113730.3.1.216',
'urn:mace:dir:attribute-def:userPassword' => 'urn:oid:2.5.4.35',
'urn:mace:dir:attribute-def:userSMIMECertificate' => 'urn:oid:2.16.840.1.113730.3.1.40',
'urn:mace:dir:attribute-def:userid' => 'urn:oid:0.9.2342.19200300.100.1.1',
'urn:mace:dir:attribute-def:x121Address' => 'urn:oid:2.5.4.24',
'urn:mace:dir:attribute-def:x500UniqueIdentifier' => 'urn:oid:2.5.4.45',
);
?>

View File

@ -0,0 +1,16 @@
<?php
$attributemap = array(
// Generated Windows Live ID Attributes
'windowslive_user' => 'eduPersonPrincipalName', // uid @ windowslive.com
'windowslive_targetedID' => 'eduPersonTargetedID', // http://windowslive.com!uid
'windowslive_uid' => 'uid', // windows live id
'windowslive_mail' => 'mail',
// Attributes Returned by Windows Live ID
'windowslive.FirstName' => 'givenName',
'windowslive.LastName' => 'sn',
'windowslive.Location' => 'l',
//'windowslive.ThumbnailImageLink'=> 'jpegPhoto', // URL not image data
);

View File

@ -0,0 +1,34 @@
#!/usr/bin/env bash
set -e
TAG=$1
if ! shift; then
echo "$0: Missing required tag parameter." >&2
exit 1
fi
if [ -z "$TAG" ]; then
echo "$0: Empty tag parameter." >&2
exit 1
fi
cd /tmp
REPOPATH="http://simplesamlphp.googlecode.com/svn/tags/$TAG/"
if [ -a "$TAG" ]; then
echo "$0: Destination already exists: $TAG" >&2
exit 1
fi
umask 0022
svn export "$REPOPATH"
mkdir -p "$TAG/config" "$TAG/metadata"
cp -rv "$TAG/config-templates/"* "$TAG/config/"
cp -rv "$TAG/metadata-templates/"* "$TAG/metadata/"
tar --owner 0 --group 0 -cvzf "$TAG.tar.gz" "$TAG"
rm -rf "$TAG"
echo "Created: /tmp/$TAG.tar.gz"

View File

@ -0,0 +1,102 @@
#!/usr/bin/env perl
use strict;
use warnings;
my @valid_formats = (
'simple',
'oid2name',
'oid2urn',
'name2oid',
'name2urn',
'urn2oid',
'urn2name',
);
my $format = shift;
unless (defined($format)) {
print(STDERR "Usage: simpleparser.pl FORMAT <FILES>\n");
print(STDERR "Valid formats: ", join(' ', @valid_formats), "\n");
exit(1);
}
unless (grep { $_ eq $format } @valid_formats) {
print(STDERR "Invalid format: $format\n");
print(STDERR "Valid formats: ", join(' ', @valid_formats), "\n");
exit(1);
}
# Load file
my $text = join('', <>);
# Strip comments
$text =~ s/#.*$//gm;
my %oids;
my %names;
while ($text =~ m"attributetype\s*\(\s*([\d.]+).*?NAME\s+(?:'(.*?)'|(\(.*?\)))"sg) {
my $oid = $1;
my @attributes;
if (defined($2)) {
# Single attribute
@attributes = ($2);
} else {
# Multiple attributes
my $input = $3;
while ($input =~ m"'(.*?)'"gs) {
push(@attributes, $1);
}
}
foreach my $attrname (@attributes) {
$names{$attrname} = $oid;
}
$oids{$oid} = [ @attributes ];
}
if ($format eq 'simple') {
foreach my $oid (sort keys %oids) {
my @names = @{$oids{$oid}};
print "$oid ", join(' ', @names), "\n";
}
exit(0);
}
print "<?php\n";
print "\$attributemap = array(\n";
if ($format eq 'oid2name') {
foreach my $oid (sort keys %oids) {
my $name = $oids{$oid}->[0];
print "\t'urn:oid:$oid' => '$name',\n";
}
} elsif ($format eq 'oid2urn') {
foreach my $oid (sort keys %oids) {
my $name = $oids{$oid}->[0];
print "\t'urn:oid:$oid' => 'urn:mace:dir:attribute-def:$name',\n";
}
} elsif ($format eq 'name2oid') {
foreach my $name (sort keys %names) {
my $oid = $names{$name};
print "\t'$name' => 'urn:oid:$oid',\n";
}
} elsif ($format eq 'name2urn') {
foreach my $name (sort keys %names) {
print "\t'$name' => 'urn:mace:dir:attribute-def:$name',\n";
}
} elsif ($format eq 'urn2oid') {
foreach my $name (sort keys %names) {
my $oid = $names{$name};
print "\t'urn:mace:dir:attribute-def:$name' => 'urn:oid:$oid',\n";
}
} elsif ($format eq 'urn2name') {
foreach my $name (sort keys %names) {
print "\t'urn:mace:dir:attribute-def:$name' => '$name',\n";
}
}
print ");\n";
print "?>";

View File

@ -0,0 +1,165 @@
#!/usr/bin/env php
<?php
/* Check that the memcache library is enabled. */
if(!class_exists('Memcache')) {
echo("Error: the memcache library appears to be unavailable.\n");
echo("\n");
echo("This is most likely because PHP doesn't load it for the command line\n");
echo("version. You probably need to enable it somehow.\n");
echo("\n");
if(is_dir('/etc/php5/cli/conf.d')) {
echo("It is possible that running the following command as root will fix it:\n");
echo(" echo 'extension=memcache.so' >/etc/php5/cli/conf.d/memcache.ini\n");
}
exit(1);
}
/* This is the base directory of the simpleSAMLphp installation. */
$baseDir = dirname(dirname(__FILE__));
/* Add library autoloader. */
require_once($baseDir . '/lib/_autoload.php');
/* Initialize the configuration. */
$configdir = $baseDir . '/config';
SimpleSAML_Configuration::setConfigDir($configdir);
/* Things we should warn the user about. */
$warnServerDown = 0;
$warnBigSlab = 0;
/* We use the stats interface to determine which servers exists. */
$stats = SimpleSAML_Memcache::getRawStats();
$keys = array();
foreach($stats as $group) {
foreach($group as $server => $state) {
if($state === FALSE) {
echo("WARNING: Server " . $server . " is down.\n");
$warnServerDown++;
continue;
}
$items = $state['curr_items'];
echo("Server " . $server . " has " . $items . " items.\n");
$serverKeys = getServerKeys($server);
$keys = array_merge($keys, $serverKeys);
}
}
echo("Total number of keys: " . count($keys) . "\n");
$keys = array_unique($keys);
echo("Total number of unique keys: " . count($keys) . "\n");
echo("Starting synchronization.\n");
$skipped = 0;
$sync = 0;
foreach($keys as $key) {
$res = SimpleSAML_Memcache::get($key);
if($res === NULL) {
$skipped += 1;
} else {
$sync += 1;
}
}
echo("Synchronization done.\n");
echo($sync . " keys in sync.\n");
if($skipped > 0) {
echo($skipped . " keys skipped.\n");
echo("Keys are skipped because they are either expired, or are of a type unknown\n");
echo("to simpleSAMLphp.\n");
}
if($warnServerDown > 0) {
echo("WARNING: " . $warnServerDown . " server(s) down. Not all servers are synchronized.\n");
}
if($warnBigSlab > 0) {
echo("WARNING: " . $warnBigSlab . " slab(s) may have contained more keys than we were told about.\n");
}
/**
* Fetch all keys available in an server.
*
* @param $server The server, as a string with <hostname>:<port>.
* @return An array with all the keys available on the server.
*/
function getServerKeys($server) {
$server = explode(':', $server);
$host = $server[0];
$port = (int)$server[1];
echo("Connecting to: " . $host . ":" . $port . "\n");
$socket = fsockopen($host, $port);
echo("Connected. Finding keys.\n");
if(fwrite($socket, "stats slabs\r\n") === FALSE) {
echo("Error requesting slab dump from server.\n");
exit(1);
}
/* Read list of slabs. */
$slabs = array();
while( ($line = fgets($socket)) !== FALSE) {
$line = rtrim($line);
if($line === 'END') {
break;
}
if(preg_match('/^STAT (\d+):/', $line, $matches)) {
$slab = (int)$matches[1];
if(!in_array($slab, $slabs, TRUE)) {
$slabs[] = $slab;
}
}
}
/* Dump keys in slabs. */
$keys = array();
foreach($slabs as $slab) {
if(fwrite($socket, "stats cachedump " . $slab . " 1000000\r\n") === FALSE) {
echo("Error requesting cache dump from server.\n");
exit(1);
}
/* We keep track of the result size, to be able to warn the user if it is
* so big that keys may have been lost.
*/
$resultSize = 0;
while( ($line = fgets($socket)) !== FALSE) {
$resultSize += strlen($line);
$line = rtrim($line);
if($line === 'END') {
break;
}
if(preg_match('/^ITEM (.*) \[\d+ b; \d+ s\]/', $line, $matches)) {
$keys[] = $matches[1];
} else {
echo("Unknown result from cache dump: " . $line . "\n");
}
}
if($resultSize > 1900000 || count($keys) >= 1000000) {
echo("WARNING: Slab " . $slab . " on server " . $host . ":" . $port .
" may have contained more keys than we were told about.\n");
$GLOBALS['warnBigSlab'] += 1;
}
}
echo("Found " . count($keys) . " key(s).\n");
fclose($socket);
return $keys;
}
?>

77
inc/simplesamlphp/bin/pack.php Executable file
View File

@ -0,0 +1,77 @@
#!/usr/bin/env php
<?php
/* This is the base directory of the simpleSAMLphp installation. */
$baseDir = dirname(dirname(__FILE__));
/* Add library autoloader. */
require_once($baseDir . '/lib/_autoload.php');
if (count($argv) < 1) {
echo "Wrong number of parameters. Run: " . $argv[0] . " [install,show] url [branch]\n"; exit;
}
// Needed in order to make session_start to be called before output is printed.
$session = SimpleSAML_Session::getInstance();
$config = SimpleSAML_Configuration::getConfig('config.php');
$action = $argv[1];
function getModinfo() {
global $argv;
if (count($argv) < 2)
throw new Exception('Missing second parameter: URL/ID');
return sspmod_core_ModuleDefinition::load($argv[2]);
}
function getBranch() {
global $argv;
if (isset($argv[3])) return $argv[3];
return NULL;
}
switch($action) {
case 'install':
$mod = getModinfo();
$installer = new sspmod_core_ModuleInstaller($mod);
$installer->install(getBranch());
break;
case 'remove':
$mod = getModinfo();
$installer = new sspmod_core_ModuleInstaller($mod);
$installer->remove(getBranch());
break;
case 'upgrade':
$mod = getModinfo();
$installer = new sspmod_core_ModuleInstaller($mod);
$installer->upgrade(getBranch());
break;
case 'upgrade-all' :
$mdir = scandir($config->getBaseDir() . 'modules/');
foreach($mdir AS $md) {
if (!sspmod_core_ModuleDefinition::validId($md)) continue;
if (!sspmod_core_ModuleDefinition::isDefined($md)) continue;
$moduledef = sspmod_core_ModuleDefinition::load($md, 'remote');
$installer = new sspmod_core_ModuleInstaller($moduledef);
if ($moduledef->updateExists() || $moduledef->alwaysUpdate()) {
echo "Upgrading [" . $md . "]\n";
$installer->upgrade();
} else {
echo "No updates available for [" . $md . "]\n";
}
}
break;
default:
throw new Exception('Unknown action [' . $action . ']');
}

48
inc/simplesamlphp/bin/pwgen.php Executable file
View File

@ -0,0 +1,48 @@
#!/usr/bin/env php
<?php
/*
* $Id$
* Interactive script to generate password hashes.
*
*/
/* This is the base directory of the simpleSAMLphp installation. */
$baseDir = dirname(dirname(__FILE__));
/* Add library autoloader. */
require_once($baseDir . '/lib/_autoload.php');
echo "Enter password: ";
$password = trim(fgets(STDIN));
if(empty($password)) {
echo "Need at least one character for a password\n";
exit(1);
}
$table = '';
foreach (array_chunk(hash_algos(), 6) as $chunk) {
foreach($chunk as $algo) {
$table .= sprintf('%-13s', $algo);
}
$table .= "\n";
}
echo "The following hashing algorithms are available:\n" . $table . "\n";
echo "Which one do you want? [sha256] ";
$algo = trim(fgets(STDIN));
if(empty($algo)) {
$algo = 'sha256';
}
if(!in_array(strtolower($algo), hash_algos())) {
echo "Hashing algorithm '$algo' is not supported\n";
exit(1);
}
echo "Do you want to use a salt? (yes/no) [yes] ";
$s = (trim(fgets(STDIN)) == 'no') ? '' : 'S';
echo "\n " . SimpleSAML_Utils_Crypto::pwHash($password, strtoupper( $s . $algo ) ). "\n\n";

View File

@ -0,0 +1,192 @@
#!/usr/bin/env php
<?php
/* This is the base directory of the simpleSAMLphp installation. */
$baseDir = dirname(dirname(__FILE__));
/* Add library autoloader. */
require_once($baseDir . '/lib/_autoload.php');
if (count($argv) !== 3) {
echo "Wrong number of parameters. Run: " . $argv[0] . " [pulldef,push,pull] filename\n"; exit;
}
$action = $argv[1];
$file = $argv[2];
$translationconfig = SimpleSAML_Configuration::getConfig('translation.php');
$application = $translationconfig->getString('application', 'simplesamlphp');
$base = $translationconfig->getString('baseurl') . '/module.php/translationportal/';
if (!preg_match('/^(.*?)(?:\.(definition|translation))?\.(json|php)/', $file, $match))
throw new Exception('Illlegal file name. Must end on (definition|translation).json');
$fileWithoutExt = $match[1];
if (!empty($match[2])) {
$type = $match[2];
} else {
$type = 'definition';
}
$basefile = basename($fileWithoutExt);
echo 'Action: [' . $action. ']' . "\n";
echo 'Application: [' . $application. ']' . "\n";
echo 'File orig: [' . $file . ']'. "\n";
echo 'File base: [' . $basefile . ']'. "\n";
switch($action) {
case 'pulldef':
$content = SimpleSAML_Utilities::fetch($base . 'export.php?aid=' . $application . '&type=def&file=' . $basefile);
file_put_contents($fileWithoutExt . '.definition.json' , $content);
break;
case 'pull':
$content = SimpleSAML_Utilities::fetch($base . 'export.php?aid=' . $application . '&type=translation&file=' . $basefile);
file_put_contents($fileWithoutExt . '.translation.json' , $content);
break;
case 'push':
#$content = file_get_contents($base . 'export.php?aid=' . $application . '&type=translation&file=' . $basefile);
#file_put_contents($fileWithoutExt . '.translation.json' , $content);
push($file, $basefile, $application, $type);
break;
case 'convert':
include($file);
$definition = json_format(convert_definition($lang));
$translation = json_format(convert_translation($lang)) . "\n";
file_put_contents($fileWithoutExt . '.definition.json' , $definition);
file_put_contents($fileWithoutExt . '.translation.json' , $translation);
break;
default:
throw new Exception('Unknown action [' . $action . ']');
}
function ssp_readline($prompt = '') {
echo $prompt;
return rtrim( fgets( STDIN ), "\n" );
}
function convert_definition($data) {
$new = array();
foreach($data AS $key => $value) {
$new[$key] = array('en' => $value['en']);
}
return $new;
}
function convert_translation($data) {
foreach ($data as &$value) {
unset($value['en']);
}
return $data;
}
function push($file, $fileWithoutExt, $aid, $type) {
if (!file_exists($file)) throw new Exception('Could not find file: ' . $file);
$fileContent = file_get_contents($file);
global $baseDir;
require_once($baseDir . '/modules/oauth/libextinc/OAuth.php');
$translationconfig = SimpleSAML_Configuration::getConfig('translation.php');
$baseurl = $translationconfig->getString('baseurl');
$key = $translationconfig->getString('key');
$secret = $translationconfig->getString('secret');
echo 'Using OAuth to authenticate you to the translation portal' . "\n";
$consumer = new sspmod_oauth_Consumer($key, $secret);
$storage = new sspmod_core_Storage_SQLPermanentStorage('oauth_clientcache');
$cachedAccessToken = $storage->get('accesstoken', 'translation', '');
$accessToken = NULL;
if (empty($cachedAccessToken)) {
// Get the request token
$requestToken = $consumer->getRequestToken($baseurl . '/module.php/oauth/requestToken.php');
echo "Got a request token from the OAuth service provider [" . $requestToken->key . "] with the secret [" . $requestToken->secret . "]\n";
// Authorize the request token
$url = $consumer->getAuthorizeRequest($baseurl . '/module.php/oauth/authorize.php', $requestToken, FALSE);
echo('Go to this URL to authenticate/authorize the request: ' . $url . "\n");
system('open ' . $url);
ssp_readline('Click enter when you have completed the authorization step using your web browser...');
// Replace the request token with an access token
$accessToken = $consumer->getAccessToken( $baseurl . '/module.php/oauth/accessToken.php', $requestToken);
echo "Got an access token from the OAuth service provider [" . $accessToken->key . "] with the secret [" . $accessToken->secret . "]\n";
$storage->set('accesstoken', 'translation', '', $accessToken);
} else {
$accessToken = $cachedAccessToken['value'];
echo 'Successfully read OAuth Access Token from cache [' . $accessToken->key . ']' . "\n";
}
$pushURL = $baseurl . '/module.php/translationportal/push.php';
$request = array('data' => base64_encode($fileContent), 'file' => $fileWithoutExt, 'aid' => $aid, 'type' => $type);
$result = $consumer->postRequest($pushURL, $accessToken, $request);
echo $result;
}
/**
* Format an associative array as a json string.
*
* @param mixed $data The data that should be json encoded.
* @param string $indentation The current indentation level. Optional.
* @return string The json encoded data.
*/
function json_format($data, $indentation = '') {
assert('is_string($indentation)');
if (!is_array($data)) {
return json_encode($data);
}
$ret = "{";
$first = TRUE;
foreach ($data as $k => $v) {
$k = json_encode((string)$k);
$v = json_format($v, $indentation . "\t");
if ($first) {
$ret .= "\n";
$first = FALSE;
} else {
$ret .= ",\n";
}
$ret .= $indentation . "\t" . $k . ': ' . $v;
}
$ret .= "\n" . $indentation . '}';
return $ret;
}
?>

View File

@ -0,0 +1,16 @@
-----BEGIN CERTIFICATE-----
MIICgTCCAeoCCQCbOlrWDdX7FTANBgkqhkiG9w0BAQUFADCBhDELMAkGA1UEBhMC
Tk8xGDAWBgNVBAgTD0FuZHJlYXMgU29sYmVyZzEMMAoGA1UEBxMDRm9vMRAwDgYD
VQQKEwdVTklORVRUMRgwFgYDVQQDEw9mZWlkZS5lcmxhbmcubm8xITAfBgkqhkiG
9w0BCQEWEmFuZHJlYXNAdW5pbmV0dC5ubzAeFw0wNzA2MTUxMjAxMzVaFw0wNzA4
MTQxMjAxMzVaMIGEMQswCQYDVQQGEwJOTzEYMBYGA1UECBMPQW5kcmVhcyBTb2xi
ZXJnMQwwCgYDVQQHEwNGb28xEDAOBgNVBAoTB1VOSU5FVFQxGDAWBgNVBAMTD2Zl
aWRlLmVybGFuZy5ubzEhMB8GCSqGSIb3DQEJARYSYW5kcmVhc0B1bmluZXR0Lm5v
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDivbhR7P516x/S3BqKxupQe0LO
NoliupiBOesCO3SHbDrl3+q9IbfnfmE04rNuMcPsIxB161TdDpIesLCn7c8aPHIS
KOtPlAeTZSnb8QAu7aRjZq3+PbrP5uW3TcfCGPtKTytHOge/OlJbo078dVhXQ14d
1EDwXJW1rRXuUt4C8QIDAQABMA0GCSqGSIb3DQEBBQUAA4GBACDVfp86HObqY+e8
BUoWQ9+VMQx1ASDohBjwOsg2WykUqRXF+dLfcUH9dWR63CtZIKFDbStNomPnQz7n
bK+onygwBspVEbnHuUihZq3ZUdmumQqCw4Uvs/1Uvq3orOo/WJVhTyvLgFVK2Qar
Q4/67OZfHd7R+POBXhophSMv1ZOo
-----END CERTIFICATE-----

View File

@ -0,0 +1,15 @@
-----BEGIN RSA PRIVATE KEY-----
MIICXgIBAAKBgQDivbhR7P516x/S3BqKxupQe0LONoliupiBOesCO3SHbDrl3+q9
IbfnfmE04rNuMcPsIxB161TdDpIesLCn7c8aPHISKOtPlAeTZSnb8QAu7aRjZq3+
PbrP5uW3TcfCGPtKTytHOge/OlJbo078dVhXQ14d1EDwXJW1rRXuUt4C8QIDAQAB
AoGAD4/Z4LWVWV6D1qMIp1Gzr0ZmdWTE1SPdZ7Ej8glGnCzPdguCPuzbhGXmIg0V
J5D+02wsqws1zd48JSMXXM8zkYZVwQYIPUsNn5FetQpwxDIMPmhHg+QNBgwOnk8J
K2sIjjLPL7qY7Itv7LT7Gvm5qSOkZ33RCgXcgz+okEIQMYkCQQDzbTOyDL0c5WQV
6A2k06T/azdhUdGXF9C0+WkWSfNaovmTgRXh1G+jMlr82Snz4p4/STt7P/XtyWzF
3pkVgZr3AkEA7nPjXwHlttNEMo6AtxHd47nizK2NUN803ElIUT8P9KSCoERmSXq6
6PDekGNic4ldpsSvOeYCk8MAYoDBy9kvVwJBAMLgX4xg6lzhv7hR5+pWjTb1rIY6
rCHbrPfU264+UZXz9v2BT/VUznLF81WMvStD9xAPHpFS6R0OLghSZhdzhI0CQQDL
8Duvfxzrn4b9QlmduV8wLERoT6rEVxKLsPVz316TGrxJvBZLk/cV0SRZE1cZf4uk
XSWMfEcJ/0Zt+LdG1CqjAkEAqwLSglJ9Dy3HpgMz4vAAyZWzAxvyA1zW0no9GOLc
PQnYaNUN/Fy2SYtETXTb0CQ9X1rt8ffkFP7ya+5TC83aMg==
-----END RSA PRIVATE KEY-----

View File

@ -0,0 +1,61 @@
<?php
/*
* This file defines "named" access control lists, which can
* be reused in several places.
*/
$config = array(
'adminlist' => array(
//array('allow', 'equals', 'mail', 'admin1@example.org'),
//array('allow', 'has', 'groups', 'admin'),
/* The default action is to deny access. */
),
'example-simple' => array(
array('allow', 'equals', 'mail', 'admin1@example.org'),
array('allow', 'equals', 'mail', 'admin2@example.org'),
/* The default action is to deny access. */
),
'example-deny-some' => array(
array('deny', 'equals', 'mail', 'eviluser@example.org'),
array('allow'), /* Allow everybody else. */
),
'example-maildomain' => array(
array('allow', 'equals-preg', 'mail', '/@example\.org$/'),
/* The default action is to deny access. */
),
'example-allow-employees' => array(
array('allow', 'has', 'eduPersonAffiliation', 'employee'),
/* The default action is to deny access. */
),
'example-allow-employees-not-students' => array(
array('deny', 'has', 'eduPersonAffiliation', 'student'),
array('allow', 'has', 'eduPersonAffiliation', 'employee'),
/* The default action is to deny access. */
),
'example-deny-student-except-one' => array(
array('deny', 'and',
array('has', 'eduPersonAffiliation', 'student'),
array('not', 'equals', 'mail', 'user@example.org'),
),
array('allow'),
),
'example-allow-or' => array(
array('allow', 'or',
array('equals', 'eduPersonAffiliation', 'student', 'member'),
array('equals', 'mail', 'someuser@example2.org'),
),
),
'example-allow-all' => array(
array('allow'),
),
);

View File

@ -0,0 +1,86 @@
<?php
/**
* This is the configuration file for the Auth MemCookie example.
*/
$config = array(
/*
* What type of login Auth MemCookie will use.
* Can be either 'authsource', 'saml2' or 'shib13'.
*
* For backwards compatibility, the default value if unset is 'saml2'.
* New installations should use 'authsource'.
*/
'loginmethod' => 'authsource',
/*
* The authentication source that should be used.
*
* This must be one of the authentication sources configured in config/authsources.php.
*/
'authsource' => 'default-sp',
/*
* This is the name of the cookie we should save the session id in. The value of this option must match the
* Auth_memCookie_CookieName option in the Auth MemCookie configuration. The default value is 'AuthMemCookie'.
*
* Default:
* 'cookiename' => 'AuthMemCookie',
*/
'cookiename' => 'AuthMemCookie',
/*
* This option specifies the name of the attribute which contains the username of the user. It must be set to
* a valid attribute name.
*
* Examples:
* 'username' => 'uid', // LDAP attribute for user id.
* 'username' => 'mail', // LDAP attribute for email address.
*
* Default:
* No default value.
*/
'username' => NULL,
/*
* This option specifies the name of the attribute which contains the groups of the user. Set this option to
* NULL if you don't want to include any groups.
*
* Example:
* 'groups' => 'edupersonaffiliation',
*
* Default:
* 'groups' => NULL,
*/
'groups' => NULL,
/*
* This option contains the hostnames or IP addresses of the memcache servers where we should store the
* authentication information. Separator is a comma. This option should match the address part of the
* Auth_memCookie_Memcached_AddrPort option in the Auth MemCookie configuration.
*
* Examples:
* 'memcache.host' => '192.168.93.52',
* 'memcache.host' => 'memcache.example.org',
* 'memcache.host' => 'memcache1.example.org,memcache2.example.org'
*
* Default:
* 'memcache.host' => '127.0.0.1',
*/
'memcache.host' => '127.0.0.1',
/*
* This option contains the port number of the memcache server where we should store the
* authentication information. This option should match the port part of the
* Auth_memCookie_Memcached_AddrPort option in the Auth MemCookie configuration.
*
* Default:
* 'memcache.port' => 11211,
*/
'memcache.port' => 11211,
);
?>

View File

@ -0,0 +1,347 @@
<?php
$config = array(
// This is a authentication source which handles admin authentication.
'admin' => array(
// The default is to use core:AdminPassword, but it can be replaced with
// any authentication source.
'core:AdminPassword',
),
// An authentication source which can authenticate against both SAML 2.0
// and Shibboleth 1.3 IdPs.
'default-sp' => array(
'saml:SP',
// The entity ID of this SP.
// Can be NULL/unset, in which case an entity ID is generated based on the metadata URL.
'entityID' => NULL,
// The entity ID of the IdP this should SP should contact.
// Can be NULL/unset, in which case the user will be shown a list of available IdPs.
'idp' => NULL,
// The URL to the discovery service.
// Can be NULL/unset, in which case a builtin discovery service will be used.
'discoURL' => NULL,
),
/*
'example-sql' => array(
'sqlauth:SQL',
'dsn' => 'pgsql:host=sql.example.org;port=5432;dbname=simplesaml',
'username' => 'simplesaml',
'password' => 'secretpassword',
'query' => 'SELECT "username", "name", "email" FROM "users" WHERE "username" = :username AND "password" = :password',
),
*/
/*
'example-static' => array(
'exampleauth:Static',
'uid' => array('testuser'),
'eduPersonAffiliation' => array('member', 'employee'),
'cn' => array('Test User'),
),
*/
/*
'example-userpass' => array(
'exampleauth:UserPass',
// Give the user an option to save their username for future login attempts
// And when enabled, what should the default be, to save the username or not
//'remember.username.enabled' => FALSE,
//'remember.username.checked' => FALSE,
'student:studentpass' => array(
'uid' => array('test'),
'eduPersonAffiliation' => array('member', 'student'),
),
'employee:employeepass' => array(
'uid' => array('employee'),
'eduPersonAffiliation' => array('member', 'employee'),
),
),
*/
/*
'crypto-hash' => array(
'authcrypt:Hash',
// hashed version of 'verysecret', made with bin/pwgen.php
'professor:{SSHA256}P6FDTEEIY2EnER9a6P2GwHhI5JDrwBgjQ913oVQjBngmCtrNBUMowA==' => array(
'uid' => array('prof_a'),
'eduPersonAffiliation' => array('member', 'employee', 'board'),
),
),
*/
/*
'htpasswd' => array(
'authcrypt:Htpasswd',
'htpasswd_file' => '/var/www/foo.edu/legacy_app/.htpasswd',
'static_attributes' => array(
'eduPersonAffiliation' => array('member', 'employee'),
'Organization' => array('University of Foo'),
),
),
*/
/*
// This authentication source serves as an example of integration with an
// external authentication engine. Take a look at the comment in the beginning
// of modules/exampleauth/lib/Auth/Source/External.php for a description of
// how to adjust it to your own site.
'example-external' => array(
'exampleauth:External',
),
*/
/*
'yubikey' => array(
'authYubiKey:YubiKey',
'id' => '000',
// 'key' => '012345678',
),
*/
/*
'openid' => array(
'openid:OpenIDConsumer',
'attributes.required' => array('nickname'),
'attributes.optional' => array('fullname', 'email',),
// 'sreg.validate' => FALSE,
'attributes.ax_required' => array('http://axschema.org/namePerson/friendly'),
'attributes.ax_optional' => array('http://axschema.org/namePerson','http://axschema.org/contact/email'),
// Prefer HTTP redirect over POST
// 'prefer_http_redirect' => FALSE,
),
*/
/*
// Example of an authsource that authenticates against Google.
// See: http://code.google.com/apis/accounts/docs/OpenID.html
'google' => array(
'openid:OpenIDConsumer',
// Googles OpenID endpoint.
'target' => 'https://www.google.com/accounts/o8/id',
// Custom realm
// 'realm' => 'http://*.example.org',
// Attributes that google can supply.
'attributes.ax_required' => array(
//'http://axschema.org/namePerson/first',
//'http://axschema.org/namePerson/last',
//'http://axschema.org/contact/email',
//'http://axschema.org/contact/country/home',
//'http://axschema.org/pref/language',
),
// custom extension arguments
'extension.args' => array(
//'http://specs.openid.net/extensions/ui/1.0' => array(
// 'mode' => 'popup',
// 'icon' => 'true',
//),
),
),
*/
/*
'papi' => array(
'authpapi:PAPI',
),
*/
/*
'facebook' => array(
'authfacebook:Facebook',
// Register your Facebook application on http://www.facebook.com/developers
// App ID or API key (requests with App ID should be faster; https://github.com/facebook/php-sdk/issues/214)
'api_key' => 'xxxxxxxxxxxxxxxx',
// App Secret
'secret' => 'xxxxxxxxxxxxxxxx',
// which additional data permissions to request from user
// see http://developers.facebook.com/docs/authentication/permissions/ for the full list
// 'req_perms' => 'email,user_birthday',
),
*/
/*
// LinkedIn OAuth Authentication API.
// Register your application to get an API key here:
// https://www.linkedin.com/secure/developer
'linkedin' => array(
'authlinkedin:LinkedIn',
'key' => 'xxxxxxxxxxxxxxxx',
'secret' => 'xxxxxxxxxxxxxxxx',
),
*/
/*
// Twitter OAuth Authentication API.
// Register your application to get an API key here:
// http://twitter.com/oauth_clients
'twitter' => array(
'authtwitter:Twitter',
'key' => 'xxxxxxxxxxxxxxxx',
'secret' => 'xxxxxxxxxxxxxxxx',
),
*/
/*
// MySpace OAuth Authentication API.
// Register your application to get an API key here:
// http://developer.myspace.com/
'myspace' => array(
'authmyspace:MySpace',
'key' => 'xxxxxxxxxxxxxxxx',
'secret' => 'xxxxxxxxxxxxxxxx',
),
*/
/*
// Windows Live ID Authentication API.
// Register your application to get an API key here:
// https://manage.dev.live.com
'windowslive' => array(
'authwindowslive:LiveID',
'key' => 'xxxxxxxxxxxxxxxx',
'secret' => 'xxxxxxxxxxxxxxxx',
),
*/
/*
// Example of a LDAP authentication source.
'example-ldap' => array(
'ldap:LDAP',
// Give the user an option to save their username for future login attempts
// And when enabled, what should the default be, to save the username or not
//'remember.username.enabled' => FALSE,
//'remember.username.checked' => FALSE,
// The hostname of the LDAP server.
'hostname' => 'ldap.example.org',
// Whether SSL/TLS should be used when contacting the LDAP server.
'enable_tls' => FALSE,
// Whether debug output from the LDAP library should be enabled.
// Default is FALSE.
'debug' => FALSE,
// The timeout for accessing the LDAP server, in seconds.
// The default is 0, which means no timeout.
'timeout' => 0,
// Which attributes should be retrieved from the LDAP server.
// This can be an array of attribute names, or NULL, in which case
// all attributes are fetched.
'attributes' => NULL,
// The pattern which should be used to create the users DN given the username.
// %username% in this pattern will be replaced with the users username.
//
// This option is not used if the search.enable option is set to TRUE.
'dnpattern' => 'uid=%username%,ou=people,dc=example,dc=org',
// As an alternative to specifying a pattern for the users DN, it is possible to
// search for the username in a set of attributes. This is enabled by this option.
'search.enable' => FALSE,
// The DN which will be used as a base for the search.
// This can be a single string, in which case only that DN is searched, or an
// array of strings, in which case they will be searched in the order given.
'search.base' => 'ou=people,dc=example,dc=org',
// The attribute(s) the username should match against.
//
// This is an array with one or more attribute names. Any of the attributes in
// the array may match the value the username.
'search.attributes' => array('uid', 'mail'),
// The username & password the simpleSAMLphp should bind to before searching. If
// this is left as NULL, no bind will be performed before searching.
'search.username' => NULL,
'search.password' => NULL,
// If the directory uses privilege separation,
// the authenticated user may not be able to retrieve
// all required attribures, a privileged entity is required
// to get them. This is enabled with this option.
'priv.read' => FALSE,
// The DN & password the simpleSAMLphp should bind to before
// retrieving attributes. These options are required if
// 'priv.read' is set to TRUE.
'priv.username' => NULL,
'priv.password' => NULL,
),
*/
/*
// Example of an LDAPMulti authentication source.
'example-ldapmulti' => array(
'ldap:LDAPMulti',
// Give the user an option to save their username for future login attempts
// And when enabled, what should the default be, to save the username or not
//'remember.username.enabled' => FALSE,
//'remember.username.checked' => FALSE,
// The way the organization as part of the username should be handled.
// Three possible values:
// - 'none': No handling of the organization. Allows '@' to be part
// of the username.
// - 'allow': Will allow users to type 'username@organization'.
// - 'force': Force users to type 'username@organization'. The dropdown
// list will be hidden.
//
// The default is 'none'.
'username_organization_method' => 'none',
// Whether the organization should be included as part of the username
// when authenticating. If this is set to TRUE, the username will be on
// the form <username>@<organization identifier>. If this is FALSE, the
// username will be used as the user enters it.
//
// The default is FALSE.
'include_organization_in_username' => FALSE,
// A list of available LDAP servers.
//
// The index is an identifier for the organization/group. When
// 'username_organization_method' is set to something other than 'none',
// the organization-part of the username is matched against the index.
//
// The value of each element is an array in the same format as an LDAP
// authentication source.
'employees' => array(
// A short name/description for this group. Will be shown in a dropdown list
// when the user logs on.
//
// This option can be a string or an array with language => text mappings.
'description' => 'Employees',
// The rest of the options are the same as those available for
// the LDAP authentication source.
'hostname' => 'ldap.employees.example.org',
'dnpattern' => 'uid=%username%,ou=employees,dc=example,dc=org',
),
'students' => array(
'description' => 'Students',
'hostname' => 'ldap.students.example.org',
'dnpattern' => 'uid=%username%,ou=students,dc=example,dc=org',
),
),
*/
);

View File

@ -0,0 +1,39 @@
<?php
/*
* The configuration of simpleSAMLphp
*
*
*/
$casldapconfig = array (
'idpentityid.example.org' => array(
'cas' => array(
'login' => 'https://idpentityid.example.org/cas/login',
'validate' => 'https://idpentityid.example.org/cas/validate',
),
'ldap' => array(
'servers' => 'idpentityid.example.org',
'enable_tls' => false,
'searchbase' => 'dc=example,dc=org',
'searchattributes' => 'uid',
'attributes' => array('cn', 'mail'),
),
),
'idpentityid2.example.org' => array(
'cas' => array(
'login' => 'https://idpentityid2.example.org/login',
'validate' => 'https://idpentityid2.example.org/validate',
),
'ldap' => array(
'servers' => 'ldap://idpentityid2.example.org',
'enable_tls' => false,
'searchbase' => 'ou=users,dc=example,dc=org',
'searchattributes' => array('uid', 'mail'), # array for being able to login with either uid or mail.
'attributes' => null,
'priv_user_dn' => 'uid=admin,ou=users,dc=example,dc=org',
'priv_user_pw' => 'xxxxx',
),
),
);
?>

View File

@ -0,0 +1,68 @@
<?php
/*
* The configuration of the login-auto authentication module.
*
* $Id: config.php 451 2008-03-27 15:33:34Z olavmrk $
*/
$config = array (
/*
* This option enables or disables the login-auto authentication
* handler. This handler is implemented in 'www/auth/login-auto.php'.
*
* When this option is set to true, a user can go to the
* 'auth/login-auto.php' web page to be authenticated as an example
* user. The user will receive the attributes set in the
* 'auth.auto.attributes' option.
*
* WARNING: setting this option to true will make it possible to use
* this authenticator for all users, irrespectively of the 'auth'
* setting in the IdP's metadata. They can always use it by opening the
* 'auth/login-auto.php' webpage manually.
*/
'auth.auto.enable' => true,
/*
* This option configures which attributes the login-auto
* authentication handler will set for the user. It is an array of
* arrays. The name of the attribute is the index in the first array,
* and all the values for the attribute is given in the array
* referenced to by the name.
*
* Example:
* 'auth.auto.attributes' => array(
* 'edupersonaffiliation' => array('student', 'member'),
* 'uid' => array('example_uid'),
* 'mail' => array('example@example.com'),
* ),
*/
'auth.auto.attributes' => array(
'edupersonaffiliation' => array('student', 'member'),
'title' => array('Example user title'),
'uid' => array('example_uid'),
'mail' => array('example@example.com'),
'cn' => array('Example user commonname'),
'givenname' => array('Example user givenname'),
'sn' => array("Example surname"),
),
/*
* When this option is set to true, the login-auto authentication
* handler will ask for a username and a password. This can be used to
* test the IdP. The username and password isn't verified, and the
* user/script can enter anything.
*/
'auth.auto.ask_login' => false,
/*
* This option configures a delay in the login-auto authentication
* handler. The script will wait for the given number of milliseconds
* before authenticating the user. This can, for example, be used in
* a simple simulation of a slow LDAP server.
*/
'auth.auto.delay_login' => 0,
);
?>

View File

@ -0,0 +1,39 @@
<?php
/*
* Configuration for the auth/login-feide.php login module.
*
* The configuration file is an array with multiple organizations. The user
* can select which organization he/she wants to log in with, with a drop-down
* menu in the user interface.
*
*/
$config = array (
'orgldapconfig' => array(
'example1.com' => array(
'description' => 'Example Org 1',
'searchbase' => 'cn=people,dc=example1,dc=com',
'hostname' => 'ldaps://ldap.example1.com',
'attributes' => null,
'contactMail' => 'admin@example1.com',
'contactURL' => 'http://admin.example1.com',
// System user to bind() before we do a search for eduPersonPrincipalName
'adminUser' => 'uid=admin,dc=example1,dc=com',
'adminPassword' => 'xxx',
),
'example1.com' => array(
'description' => 'Example Org 1',
'searchbase' => 'cn=people,dc=example1,dc=com',
'hostname' => 'ldaps://ldap.example1.com',
'attributes' => array('mail', 'street'),
),
),
);
?>

View File

@ -0,0 +1,638 @@
<?php
/*
* The configuration of simpleSAMLphp
*
* $Id: config.php 3171 2012-09-25 08:54:06Z jaimepc@gmail.com $
*/
$config = array (
/**
* Setup the following parameters to match the directory of your installation.
* See the user manual for more details.
*
* Valid format for baseurlpath is:
* [(http|https)://(hostname|fqdn)[:port]]/[path/to/simplesaml/]
* (note that it must end with a '/')
*
* The full url format is useful if your simpleSAMLphp setup is hosted behind
* a reverse proxy. In that case you can specify the external url here.
*
* Please note that simpleSAMLphp will then redirect all queries to the
* external url, no matter where you come from (direct access or via the
* reverse proxy).
*/
'baseurlpath' => 'simplesaml/',
'certdir' => 'cert/',
'loggingdir' => 'log/',
'datadir' => 'data/',
/*
* A directory where simpleSAMLphp can save temporary files.
*
* SimpleSAMLphp will attempt to create this directory if it doesn't exist.
*/
'tempdir' => '/tmp/simplesaml',
/*
* If you enable this option, simpleSAMLphp will log all sent and received messages
* to the log file.
*
* This option also enables logging of the messages that are encrypted and decrypted.
*
* Note: The messages are logged with the DEBUG log level, so you also need to set
* the 'logging.level' option to LOG_DEBUG.
*/
'debug' => FALSE,
'showerrors' => TRUE,
/**
* Custom error show function called from SimpleSAML_Error_Error::show.
* See docs/simplesamlphp-errorhandling.txt for function code example.
*
* Example:
* 'errors.show_function' => array('sspmod_example_Error_Show', 'show'),
*/
/**
* This option allows you to enable validation of XML data against its
* schemas. A warning will be written to the log if validation fails.
*/
'debug.validatexml' => FALSE,
/**
* This password must be kept secret, and modified from the default value 123.
* This password will give access to the installation page of simpleSAMLphp with
* metadata listing and diagnostics pages.
* You can also put a hash here; run "bin/pwgen.php" to generate one.
*/
'auth.adminpassword' => '123',
'admin.protectindexpage' => false,
'admin.protectmetadata' => false,
/**
* This is a secret salt used by simpleSAMLphp when it needs to generate a secure hash
* of a value. It must be changed from its default value to a secret value. The value of
* 'secretsalt' can be any valid string of any length.
*
* A possible way to generate a random salt is by running the following command from a unix shell:
* tr -c -d '0123456789abcdefghijklmnopqrstuvwxyz' </dev/urandom | dd bs=32 count=1 2>/dev/null;echo
*/
'secretsalt' => 'defaultsecretsalt',
/*
* Some information about the technical persons running this installation.
* The email address will be used as the recipient address for error reports, and
* also as the technical contact in generated metadata.
*/
'technicalcontact_name' => 'Administrator',
'technicalcontact_email' => 'na@example.org',
/*
* The timezone of the server. This option should be set to the timezone you want
* simpleSAMLphp to report the time in. The default is to guess the timezone based
* on your system timezone.
*
* See this page for a list of valid timezones: http://php.net/manual/en/timezones.php
*/
'timezone' => NULL,
/*
* Logging.
*
* define the minimum log level to log
* SimpleSAML_Logger::ERR No statistics, only errors
* SimpleSAML_Logger::WARNING No statistics, only warnings/errors
* SimpleSAML_Logger::NOTICE Statistics and errors
* SimpleSAML_Logger::INFO Verbose logs
* SimpleSAML_Logger::DEBUG Full debug logs - not reccomended for production
*
* Choose logging handler.
*
* Options: [syslog,file,errorlog]
*
*/
'logging.level' => SimpleSAML_Logger::NOTICE,
'logging.handler' => 'syslog',
/*
* Choose which facility should be used when logging with syslog.
*
* These can be used for filtering the syslog output from simpleSAMLphp into its
* own file by configuring the syslog daemon.
*
* See the documentation for openlog (http://php.net/manual/en/function.openlog.php) for available
* facilities. Note that only LOG_USER is valid on windows.
*
* The default is to use LOG_LOCAL5 if available, and fall back to LOG_USER if not.
*/
'logging.facility' => defined('LOG_LOCAL5') ? constant('LOG_LOCAL5') : LOG_USER,
/*
* The process name that should be used when logging to syslog.
* The value is also written out by the other logging handlers.
*/
'logging.processname' => 'simplesamlphp',
/* Logging: file - Logfilename in the loggingdir from above.
*/
'logging.logfile' => 'simplesamlphp.log',
/* (New) statistics output configuration.
*
* This is an array of outputs. Each output has at least a 'class' option, which
* selects the output.
*/
'statistics.out' => array(
// Log statistics to the normal log.
/*
array(
'class' => 'core:Log',
'level' => 'notice',
),
*/
// Log statistics to files in a directory. One file per day.
/*
array(
'class' => 'core:File',
'directory' => '/var/log/stats',
),
*/
),
/*
* Enable
*
* Which functionality in simpleSAMLphp do you want to enable. Normally you would enable only
* one of the functionalities below, but in some cases you could run multiple functionalities.
* In example when you are setting up a federation bridge.
*/
'enable.saml20-idp' => false,
'enable.shib13-idp' => false,
'enable.adfs-idp' => false,
'enable.wsfed-sp' => false,
'enable.authmemcookie' => false,
/*
* This value is the duration of the session in seconds. Make sure that the time duration of
* cookies both at the SP and the IdP exceeds this duration.
*/
'session.duration' => 8 * (60*60), // 8 hours.
'session.requestcache' => 4 * (60*60), // 4 hours
/*
* Sets the duration, in seconds, data should be stored in the datastore. As the datastore is used for
* login and logout requests, thid option will control the maximum time these operations can take.
* The default is 4 hours (4*60*60) seconds, which should be more than enough for these operations.
*/
'session.datastore.timeout' => (4*60*60), // 4 hours
/*
* Sets the duration, in seconds, auth state should be stored.
*/
'session.state.timeout' => (60*60), // 1 hour
/*
* Option to override the default settings for the session cookie name
*/
'session.cookie.name' => 'SimpleSAMLSessionID',
/*
* Expiration time for the session cookie, in seconds.
*
* Defaults to 0, which means that the cookie expires when the browser is closed.
*
* Example:
* 'session.cookie.lifetime' => 30*60,
*/
'session.cookie.lifetime' => 0,
/*
* Limit the path of the cookies.
*
* Can be used to limit the path of the cookies to a specific subdirectory.
*
* Example:
* 'session.cookie.path' => '/simplesaml/',
*/
'session.cookie.path' => '/',
/*
* Cookie domain.
*
* Can be used to make the session cookie available to several domains.
*
* Example:
* 'session.cookie.domain' => '.example.org',
*/
'session.cookie.domain' => NULL,
/*
* Set the secure flag in the cookie.
*
* Set this to TRUE if the user only accesses your service
* through https. If the user can access the service through
* both http and https, this must be set to FALSE.
*/
'session.cookie.secure' => FALSE,
/*
* When set to FALSE fallback to transient session on session initialization
* failure, throw exception otherwise.
*/
'session.disable_fallback' => FALSE,
/*
* Enable secure POST from HTTPS to HTTP.
*
* If you have some SP's on HTTP and IdP is normally on HTTPS, this option
* enables secure POSTing to HTTP endpoint without warning from browser.
*
* For this to work, module.php/core/postredirect.php must be accessible
* also via HTTP on IdP, e.g. if your IdP is on
* https://idp.example.org/ssp/, then
* http://idp.example.org/ssp/module.php/core/postredirect.php must be accessible.
*/
'enable.http_post' => FALSE,
/*
* Options to override the default settings for php sessions.
*/
'session.phpsession.cookiename' => null,
'session.phpsession.savepath' => null,
'session.phpsession.httponly' => FALSE,
/*
* Option to override the default settings for the auth token cookie
*/
'session.authtoken.cookiename' => 'SimpleSAMLAuthToken',
/*
* Languages available, RTL languages, and what language is default
*/
'language.available' => array('en', 'no', 'nn', 'se', 'da', 'de', 'sv', 'fi', 'es', 'fr', 'it', 'nl', 'lb', 'cs', 'sl', 'lt', 'hr', 'hu', 'pl', 'pt', 'pt-br', 'tr', 'ja', 'zh', 'zh-tw', 'ru', 'et', 'he', 'id', 'sr'),
'language.rtl' => array('ar','dv','fa','ur','he'),
'language.default' => 'en',
/**
* Custom getLanguage function called from SimpleSAML_XHTML_Template::getLanguage().
* Function should return language code of one of the available languages or NULL.
* See SimpleSAML_XHTML_Template::getLanguage() source code for more info.
*
* This option can be used to implement a custom function for determining
* the default language for the user.
*
* Example:
* 'language.get_language_function' => array('sspmod_example_Template', 'getLanguage'),
*/
/*
* Extra dictionary for attribute names.
* This can be used to define local attributes.
*
* The format of the parameter is a string with <module>:<dictionary>.
*
* Specifying this option will cause us to look for modules/<module>/dictionaries/<dictionary>.definition.json
* The dictionary should look something like:
*
* {
* "firstattribute": {
* "en": "English name",
* "no": "Norwegian name"
* },
* "secondattribute": {
* "en": "English name",
* "no": "Norwegian name"
* }
* }
*
* Note that all attribute names in the dictionary must in lowercase.
*
* Example: 'attributes.extradictionary' => 'ourmodule:ourattributes',
*/
'attributes.extradictionary' => NULL,
/*
* Which theme directory should be used?
*/
'theme.use' => 'default',
/*
* Default IdP for WS-Fed.
*/
'default-wsfed-idp' => 'urn:federation:pingfederate:localhost',
/*
* Whether the discovery service should allow the user to save his choice of IdP.
*/
'idpdisco.enableremember' => TRUE,
'idpdisco.rememberchecked' => TRUE,
// Disco service only accepts entities it knows.
'idpdisco.validate' => TRUE,
'idpdisco.extDiscoveryStorage' => NULL,
/*
* IdP Discovery service look configuration.
* Wether to display a list of idp or to display a dropdown box. For many IdP' a dropdown box
* gives the best use experience.
*
* When using dropdown box a cookie is used to highlight the previously chosen IdP in the dropdown.
* This makes it easier for the user to choose the IdP
*
* Options: [links,dropdown]
*
*/
'idpdisco.layout' => 'dropdown',
/*
* Whether simpleSAMLphp should sign the response or the assertion in SAML 1.1 authentication
* responses.
*
* The default is to sign the assertion element, but that can be overridden by setting this
* option to TRUE. It can also be overridden on a pr. SP basis by adding an option with the
* same name to the metadata of the SP.
*/
'shib13.signresponse' => TRUE,
/*
* Authentication processing filters that will be executed for all IdPs
* Both Shibboleth and SAML 2.0
*/
'authproc.idp' => array(
/* Enable the authproc filter below to add URN Prefixces to all attributes
10 => array(
'class' => 'core:AttributeMap', 'addurnprefix'
), */
/* Enable the authproc filter below to automatically generated eduPersonTargetedID.
20 => 'core:TargetedID',
*/
// Adopts language from attribute to use in UI
30 => 'core:LanguageAdaptor',
/* Add a realm attribute from edupersonprincipalname
40 => 'core:AttributeRealm',
*/
45 => array(
'class' => 'core:StatisticsWithAttribute',
'attributename' => 'realm',
'type' => 'saml20-idp-SSO',
),
/* When called without parameters, it will fallback to filter attributes the old way
* by checking the 'attributes' parameter in metadata on IdP hosted and SP remote.
*/
50 => 'core:AttributeLimit',
/*
* Search attribute "distinguishedName" for pattern and replaces if found
60 => array(
'class' => 'core:AttributeAlter',
'pattern' => '/OU=studerende/',
'replacement' => 'Student',
'subject' => 'distinguishedName',
'%replace',
),
*/
/*
* Consent module is enabled (with no permanent storage, using cookies).
90 => array(
'class' => 'consent:Consent',
'store' => 'consent:Cookie',
'focus' => 'yes',
'checked' => TRUE
),
*/
// If language is set in Consent module it will be added as an attribute.
99 => 'core:LanguageAdaptor',
),
/*
* Authentication processing filters that will be executed for all SPs
* Both Shibboleth and SAML 2.0
*/
'authproc.sp' => array(
/*
10 => array(
'class' => 'core:AttributeMap', 'removeurnprefix'
),
*/
/*
* Generate the 'group' attribute populated from other variables, including eduPersonAffiliation.
*/
60 => array('class' => 'core:GenerateGroups', 'eduPersonAffiliation'),
// All users will be members of 'users' and 'members'
61 => array('class' => 'core:AttributeAdd', 'groups' => array('users', 'members')),
// Adopts language from attribute to use in UI
90 => 'core:LanguageAdaptor',
),
/*
* This option configures the metadata sources. The metadata sources is given as an array with
* different metadata sources. When searching for metadata, simpleSAMPphp will search through
* the array from start to end.
*
* Each element in the array is an associative array which configures the metadata source.
* The type of the metadata source is given by the 'type' element. For each type we have
* different configuration options.
*
* Flat file metadata handler:
* - 'type': This is always 'flatfile'.
* - 'directory': The directory we will load the metadata files from. The default value for
* this option is the value of the 'metadatadir' configuration option, or
* 'metadata/' if that option is unset.
*
* XML metadata handler:
* This metadata handler parses an XML file with either an EntityDescriptor element or an
* EntitiesDescriptor element. The XML file may be stored locally, or (for debugging) on a remote
* web server.
* The XML hetadata handler defines the following options:
* - 'type': This is always 'xml'.
* - 'file': Path to the XML file with the metadata.
* - 'url': The url to fetch metadata from. THIS IS ONLY FOR DEBUGGING - THERE IS NO CACHING OF THE RESPONSE.
*
*
* Examples:
*
* This example defines two flatfile sources. One is the default metadata directory, the other
* is a metadata directory with autogenerated metadata files.
*
* 'metadata.sources' => array(
* array('type' => 'flatfile'),
* array('type' => 'flatfile', 'directory' => 'metadata-generated'),
* ),
*
* This example defines a flatfile source and an XML source.
* 'metadata.sources' => array(
* array('type' => 'flatfile'),
* array('type' => 'xml', 'file' => 'idp.example.org-idpMeta.xml'),
* ),
*
*
* Default:
* 'metadata.sources' => array(
* array('type' => 'flatfile')
* ),
*/
'metadata.sources' => array(
array('type' => 'flatfile'),
),
/*
* Configure the datastore for simpleSAMLphp.
*
* - 'phpsession': Limited datastore, which uses the PHP session.
* - 'memcache': Key-value datastore, based on memcache.
* - 'sql': SQL datastore, using PDO.
*
* The default datastore is 'phpsession'.
*
* (This option replaces the old 'session.handler'-option.)
*/
'store.type' => 'phpsession',
/*
* The DSN the sql datastore should connect to.
*
* See http://www.php.net/manual/en/pdo.drivers.php for the various
* syntaxes.
*/
'store.sql.dsn' => 'sqlite:/path/to/sqlitedatabase.sq3',
/*
* The username and password to use when connecting to the database.
*/
'store.sql.username' => NULL,
'store.sql.password' => NULL,
/*
* The prefix we should use on our tables.
*/
'store.sql.prefix' => 'simpleSAMLphp',
/*
* Configuration for the MemcacheStore class. This allows you to store
* multiple redudant copies of sessions on different memcache servers.
*
* 'memcache_store.servers' is an array of server groups. Every data
* item will be mirrored in every server group.
*
* Each server group is an array of servers. The data items will be
* load-balanced between all servers in each server group.
*
* Each server is an array of parameters for the server. The following
* options are available:
* - 'hostname': This is the hostname or ip address where the
* memcache server runs. This is the only required option.
* - 'port': This is the port number of the memcache server. If this
* option isn't set, then we will use the 'memcache.default_port'
* ini setting. This is 11211 by default.
* - 'weight': This sets the weight of this server in this server
* group. http://php.net/manual/en/function.Memcache-addServer.php
* contains more information about the weight option.
* - 'timeout': The timeout for this server. By default, the timeout
* is 3 seconds.
*
* Example of redudant configuration with load balancing:
* This configuration makes it possible to lose both servers in the
* a-group or both servers in the b-group without losing any sessions.
* Note that sessions will be lost if one server is lost from both the
* a-group and the b-group.
*
* 'memcache_store.servers' => array(
* array(
* array('hostname' => 'mc_a1'),
* array('hostname' => 'mc_a2'),
* ),
* array(
* array('hostname' => 'mc_b1'),
* array('hostname' => 'mc_b2'),
* ),
* ),
*
* Example of simple configuration with only one memcache server,
* running on the same computer as the web server:
* Note that all sessions will be lost if the memcache server crashes.
*
* 'memcache_store.servers' => array(
* array(
* array('hostname' => 'localhost'),
* ),
* ),
*
*/
'memcache_store.servers' => array(
array(
array('hostname' => 'localhost'),
),
),
/*
* This value is the duration data should be stored in memcache. Data
* will be dropped from the memcache servers when this time expires.
* The time will be reset every time the data is written to the
* memcache servers.
*
* This value should always be larger than the 'session.duration'
* option. Not doing this may result in the session being deleted from
* the memcache servers while it is still in use.
*
* Set this value to 0 if you don't want data to expire.
*
* Note: The oldest data will always be deleted if the memcache server
* runs out of storage space.
*/
'memcache_store.expires' => 36 * (60*60), // 36 hours.
/*
* Should signing of generated metadata be enabled by default.
*
* Metadata signing can also be enabled for a individual SP or IdP by setting the
* same option in the metadata for the SP or IdP.
*/
'metadata.sign.enable' => FALSE,
/*
* The default key & certificate which should be used to sign generated metadata. These
* are files stored in the cert dir.
* These values can be overridden by the options with the same names in the SP or
* IdP metadata.
*
* If these aren't specified here or in the metadata for the SP or IdP, then
* the 'certificate' and 'privatekey' option in the metadata will be used.
* if those aren't set, signing of metadata will fail.
*/
'metadata.sign.privatekey' => NULL,
'metadata.sign.privatekey_pass' => NULL,
'metadata.sign.certificate' => NULL,
/*
* Proxy to use for retrieving URLs.
*
* Example:
* 'proxy' => 'tcp://proxy.example.com:5100'
*/
'proxy' => NULL,
);

View File

@ -0,0 +1,46 @@
<?php
/*
* Configuration for the LDAP authentication module.
*
* $Id: $
*/
$config = array (
/**
* LDAP configuration. This is only relevant if you use the LDAP authentication plugin.
*
* The attributes parameter is a list of attributes that should be retrieved.
* If the attributes parameter is set to null, all attributes will be retrieved.
*/
'auth.ldap.dnpattern' => 'uid=%username%,dc=feide,dc=no,ou=feide,dc=uninett,dc=no',
'auth.ldap.hostname' => 'ldap.uninett.no',
'auth.ldap.attributes' => null,
'auth.ldap.enable_tls' => false,
/*
* Searching the DN of the user.
*/
/* Set this to TRUE to enable searching. */
'auth.ldap.search.enable' => FALSE,
/* The base DN for the search. */
'auth.ldap.search.base' => NULL,
/* The attribute(s) to search for.
*
* This may be a single string, or an array of string. If this is an array, then any of the attributes
* in the array may match the value the user supplied as the username.
*/
'auth.ldap.search.attributes' => NULL,
/* The username & password the simpleSAMLphp should bind as before searching. If this is left
* as NULL, no bind will be performed before searching.
*/
'auth.ldap.search.username' => NULL,
'auth.ldap.search.password' => NULL,
);
?>

View File

@ -0,0 +1,34 @@
<?php
/*
* Configuration for the multi-DN LDAP authentication module.
*
* $Id: ldapmulti.php 826 2008-08-20 14:14:08Z hans.zandbelt $
*/
$ldapmulti = array (
'feide.no' => array(
'description' => 'Feide',
/* for a description of options see equivalent options in ldap.php starting with auth.ldap. */
'dnpattern' => 'uid=%username%,dc=feide,dc=no,ou=feide,dc=uninett,dc=no',
'hostname' => 'ldap.uninett.no',
'attributes' => NULL,
'enable_tls' => FALSE,
'search.enable' => FALSE,
'search.base' => NULL,
'search.attributes' => NULL,
'search.username' => NULL,
'search.password' => NULL,
),
'uninett.no' => array(
'description' => 'UNINETT',
'dnpattern' => 'uid=%username%,ou=people,dc=uninett,dc=no',
'hostname' => 'ldap.uninett.no',
'attributes' => NULL,
)
);
?>

View File

@ -0,0 +1,17 @@
<?php
/*
* Configuration
*
* $Id: translation.php 2100 2010-01-12 11:33:22Z andreassolberg $
*/
$config = array (
'application' => 'simplesamlphp',
'baseurl' => 'https://translation.rnd.feide.no/simplesaml',
'key' => '_e7224d54cda84434e25ef087e5c22c1fa5f6ae87cc',
'secret' => '_0e29f782d295bc9782112981f654f1db58174d19d7',
);
?>

View File

@ -0,0 +1,61 @@
<?php
/*
* This file defines "named" access control lists, which can
* be reused in several places.
*/
$config = array(
'adminlist' => array(
//array('allow', 'equals', 'mail', 'admin1@example.org'),
//array('allow', 'has', 'groups', 'admin'),
/* The default action is to deny access. */
),
'example-simple' => array(
array('allow', 'equals', 'mail', 'admin1@example.org'),
array('allow', 'equals', 'mail', 'admin2@example.org'),
/* The default action is to deny access. */
),
'example-deny-some' => array(
array('deny', 'equals', 'mail', 'eviluser@example.org'),
array('allow'), /* Allow everybody else. */
),
'example-maildomain' => array(
array('allow', 'equals-preg', 'mail', '/@example\.org$/'),
/* The default action is to deny access. */
),
'example-allow-employees' => array(
array('allow', 'has', 'eduPersonAffiliation', 'employee'),
/* The default action is to deny access. */
),
'example-allow-employees-not-students' => array(
array('deny', 'has', 'eduPersonAffiliation', 'student'),
array('allow', 'has', 'eduPersonAffiliation', 'employee'),
/* The default action is to deny access. */
),
'example-deny-student-except-one' => array(
array('deny', 'and',
array('has', 'eduPersonAffiliation', 'student'),
array('not', 'equals', 'mail', 'user@example.org'),
),
array('allow'),
),
'example-allow-or' => array(
array('allow', 'or',
array('equals', 'eduPersonAffiliation', 'student', 'member'),
array('equals', 'mail', 'someuser@example2.org'),
),
),
'example-allow-all' => array(
array('allow'),
),
);

View File

@ -0,0 +1,86 @@
<?php
/**
* This is the configuration file for the Auth MemCookie example.
*/
$config = array(
/*
* What type of login Auth MemCookie will use.
* Can be either 'authsource', 'saml2' or 'shib13'.
*
* For backwards compatibility, the default value if unset is 'saml2'.
* New installations should use 'authsource'.
*/
'loginmethod' => 'authsource',
/*
* The authentication source that should be used.
*
* This must be one of the authentication sources configured in config/authsources.php.
*/
'authsource' => 'default-sp',
/*
* This is the name of the cookie we should save the session id in. The value of this option must match the
* Auth_memCookie_CookieName option in the Auth MemCookie configuration. The default value is 'AuthMemCookie'.
*
* Default:
* 'cookiename' => 'AuthMemCookie',
*/
'cookiename' => 'AuthMemCookie',
/*
* This option specifies the name of the attribute which contains the username of the user. It must be set to
* a valid attribute name.
*
* Examples:
* 'username' => 'uid', // LDAP attribute for user id.
* 'username' => 'mail', // LDAP attribute for email address.
*
* Default:
* No default value.
*/
'username' => NULL,
/*
* This option specifies the name of the attribute which contains the groups of the user. Set this option to
* NULL if you don't want to include any groups.
*
* Example:
* 'groups' => 'edupersonaffiliation',
*
* Default:
* 'groups' => NULL,
*/
'groups' => NULL,
/*
* This option contains the hostnames or IP addresses of the memcache servers where we should store the
* authentication information. Separator is a comma. This option should match the address part of the
* Auth_memCookie_Memcached_AddrPort option in the Auth MemCookie configuration.
*
* Examples:
* 'memcache.host' => '192.168.93.52',
* 'memcache.host' => 'memcache.example.org',
* 'memcache.host' => 'memcache1.example.org,memcache2.example.org'
*
* Default:
* 'memcache.host' => '127.0.0.1',
*/
'memcache.host' => '127.0.0.1',
/*
* This option contains the port number of the memcache server where we should store the
* authentication information. This option should match the port part of the
* Auth_memCookie_Memcached_AddrPort option in the Auth MemCookie configuration.
*
* Default:
* 'memcache.port' => 11211,
*/
'memcache.port' => 11211,
);
?>

View File

@ -0,0 +1,350 @@
<?php
$config = array(
// This is a authentication source which handles admin authentication.
'admin' => array(
// The default is to use core:AdminPassword, but it can be replaced with
// any authentication source.
'core:AdminPassword',
),
// An authentication source which can authenticate against both SAML 2.0
// and Shibboleth 1.3 IdPs.
'default-sp' => array(
'saml:SP',
// The entity ID of this SP.
// Can be NULL/unset, in which case an entity ID is generated based on the metadata URL.
'entityID' => NULL,
// The entity ID of the IdP this should SP should contact.
// Can be NULL/unset, in which case the user will be shown a list of available IdPs.
'idp' => NULL,
// The URL to the discovery service.
// Can be NULL/unset, in which case a builtin discovery service will be used.
'discoURL' => NULL,
// Force persistent NameID
'NameIDFormat' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent',
),
/*
'example-sql' => array(
'sqlauth:SQL',
'dsn' => 'pgsql:host=sql.example.org;port=5432;dbname=simplesaml',
'username' => 'simplesaml',
'password' => 'secretpassword',
'query' => 'SELECT "username", "name", "email" FROM "users" WHERE "username" = :username AND "password" = :password',
),
*/
/*
'example-static' => array(
'exampleauth:Static',
'uid' => array('testuser'),
'eduPersonAffiliation' => array('member', 'employee'),
'cn' => array('Test User'),
),
*/
/*
'example-userpass' => array(
'exampleauth:UserPass',
// Give the user an option to save their username for future login attempts
// And when enabled, what should the default be, to save the username or not
//'remember.username.enabled' => FALSE,
//'remember.username.checked' => FALSE,
'student:studentpass' => array(
'uid' => array('test'),
'eduPersonAffiliation' => array('member', 'student'),
),
'employee:employeepass' => array(
'uid' => array('employee'),
'eduPersonAffiliation' => array('member', 'employee'),
),
),
*/
/*
'crypto-hash' => array(
'authcrypt:Hash',
// hashed version of 'verysecret', made with bin/pwgen.php
'professor:{SSHA256}P6FDTEEIY2EnER9a6P2GwHhI5JDrwBgjQ913oVQjBngmCtrNBUMowA==' => array(
'uid' => array('prof_a'),
'eduPersonAffiliation' => array('member', 'employee', 'board'),
),
),
*/
/*
'htpasswd' => array(
'authcrypt:Htpasswd',
'htpasswd_file' => '/var/www/foo.edu/legacy_app/.htpasswd',
'static_attributes' => array(
'eduPersonAffiliation' => array('member', 'employee'),
'Organization' => array('University of Foo'),
),
),
*/
/*
// This authentication source serves as an example of integration with an
// external authentication engine. Take a look at the comment in the beginning
// of modules/exampleauth/lib/Auth/Source/External.php for a description of
// how to adjust it to your own site.
'example-external' => array(
'exampleauth:External',
),
*/
/*
'yubikey' => array(
'authYubiKey:YubiKey',
'id' => '000',
// 'key' => '012345678',
),
*/
/*
'openid' => array(
'openid:OpenIDConsumer',
'attributes.required' => array('nickname'),
'attributes.optional' => array('fullname', 'email',),
// 'sreg.validate' => FALSE,
'attributes.ax_required' => array('http://axschema.org/namePerson/friendly'),
'attributes.ax_optional' => array('http://axschema.org/namePerson','http://axschema.org/contact/email'),
// Prefer HTTP redirect over POST
// 'prefer_http_redirect' => FALSE,
),
*/
/*
// Example of an authsource that authenticates against Google.
// See: http://code.google.com/apis/accounts/docs/OpenID.html
'google' => array(
'openid:OpenIDConsumer',
// Googles OpenID endpoint.
'target' => 'https://www.google.com/accounts/o8/id',
// Custom realm
// 'realm' => 'http://*.example.org',
// Attributes that google can supply.
'attributes.ax_required' => array(
//'http://axschema.org/namePerson/first',
//'http://axschema.org/namePerson/last',
//'http://axschema.org/contact/email',
//'http://axschema.org/contact/country/home',
//'http://axschema.org/pref/language',
),
// custom extension arguments
'extension.args' => array(
//'http://specs.openid.net/extensions/ui/1.0' => array(
// 'mode' => 'popup',
// 'icon' => 'true',
//),
),
),
*/
/*
'papi' => array(
'authpapi:PAPI',
),
*/
/*
'facebook' => array(
'authfacebook:Facebook',
// Register your Facebook application on http://www.facebook.com/developers
// App ID or API key (requests with App ID should be faster; https://github.com/facebook/php-sdk/issues/214)
'api_key' => 'xxxxxxxxxxxxxxxx',
// App Secret
'secret' => 'xxxxxxxxxxxxxxxx',
// which additional data permissions to request from user
// see http://developers.facebook.com/docs/authentication/permissions/ for the full list
// 'req_perms' => 'email,user_birthday',
),
*/
/*
// LinkedIn OAuth Authentication API.
// Register your application to get an API key here:
// https://www.linkedin.com/secure/developer
'linkedin' => array(
'authlinkedin:LinkedIn',
'key' => 'xxxxxxxxxxxxxxxx',
'secret' => 'xxxxxxxxxxxxxxxx',
),
*/
/*
// Twitter OAuth Authentication API.
// Register your application to get an API key here:
// http://twitter.com/oauth_clients
'twitter' => array(
'authtwitter:Twitter',
'key' => 'xxxxxxxxxxxxxxxx',
'secret' => 'xxxxxxxxxxxxxxxx',
),
*/
/*
// MySpace OAuth Authentication API.
// Register your application to get an API key here:
// http://developer.myspace.com/
'myspace' => array(
'authmyspace:MySpace',
'key' => 'xxxxxxxxxxxxxxxx',
'secret' => 'xxxxxxxxxxxxxxxx',
),
*/
/*
// Windows Live ID Authentication API.
// Register your application to get an API key here:
// https://manage.dev.live.com
'windowslive' => array(
'authwindowslive:LiveID',
'key' => 'xxxxxxxxxxxxxxxx',
'secret' => 'xxxxxxxxxxxxxxxx',
),
*/
/*
// Example of a LDAP authentication source.
'example-ldap' => array(
'ldap:LDAP',
// Give the user an option to save their username for future login attempts
// And when enabled, what should the default be, to save the username or not
//'remember.username.enabled' => FALSE,
//'remember.username.checked' => FALSE,
// The hostname of the LDAP server.
'hostname' => 'ldap.example.org',
// Whether SSL/TLS should be used when contacting the LDAP server.
'enable_tls' => FALSE,
// Whether debug output from the LDAP library should be enabled.
// Default is FALSE.
'debug' => FALSE,
// The timeout for accessing the LDAP server, in seconds.
// The default is 0, which means no timeout.
'timeout' => 0,
// Which attributes should be retrieved from the LDAP server.
// This can be an array of attribute names, or NULL, in which case
// all attributes are fetched.
'attributes' => NULL,
// The pattern which should be used to create the users DN given the username.
// %username% in this pattern will be replaced with the users username.
//
// This option is not used if the search.enable option is set to TRUE.
'dnpattern' => 'uid=%username%,ou=people,dc=example,dc=org',
// As an alternative to specifying a pattern for the users DN, it is possible to
// search for the username in a set of attributes. This is enabled by this option.
'search.enable' => FALSE,
// The DN which will be used as a base for the search.
// This can be a single string, in which case only that DN is searched, or an
// array of strings, in which case they will be searched in the order given.
'search.base' => 'ou=people,dc=example,dc=org',
// The attribute(s) the username should match against.
//
// This is an array with one or more attribute names. Any of the attributes in
// the array may match the value the username.
'search.attributes' => array('uid', 'mail'),
// The username & password the simpleSAMLphp should bind to before searching. If
// this is left as NULL, no bind will be performed before searching.
'search.username' => NULL,
'search.password' => NULL,
// If the directory uses privilege separation,
// the authenticated user may not be able to retrieve
// all required attribures, a privileged entity is required
// to get them. This is enabled with this option.
'priv.read' => FALSE,
// The DN & password the simpleSAMLphp should bind to before
// retrieving attributes. These options are required if
// 'priv.read' is set to TRUE.
'priv.username' => NULL,
'priv.password' => NULL,
),
*/
/*
// Example of an LDAPMulti authentication source.
'example-ldapmulti' => array(
'ldap:LDAPMulti',
// Give the user an option to save their username for future login attempts
// And when enabled, what should the default be, to save the username or not
//'remember.username.enabled' => FALSE,
//'remember.username.checked' => FALSE,
// The way the organization as part of the username should be handled.
// Three possible values:
// - 'none': No handling of the organization. Allows '@' to be part
// of the username.
// - 'allow': Will allow users to type 'username@organization'.
// - 'force': Force users to type 'username@organization'. The dropdown
// list will be hidden.
//
// The default is 'none'.
'username_organization_method' => 'none',
// Whether the organization should be included as part of the username
// when authenticating. If this is set to TRUE, the username will be on
// the form <username>@<organization identifier>. If this is FALSE, the
// username will be used as the user enters it.
//
// The default is FALSE.
'include_organization_in_username' => FALSE,
// A list of available LDAP servers.
//
// The index is an identifier for the organization/group. When
// 'username_organization_method' is set to something other than 'none',
// the organization-part of the username is matched against the index.
//
// The value of each element is an array in the same format as an LDAP
// authentication source.
'employees' => array(
// A short name/description for this group. Will be shown in a dropdown list
// when the user logs on.
//
// This option can be a string or an array with language => text mappings.
'description' => 'Employees',
// The rest of the options are the same as those available for
// the LDAP authentication source.
'hostname' => 'ldap.employees.example.org',
'dnpattern' => 'uid=%username%,ou=employees,dc=example,dc=org',
),
'students' => array(
'description' => 'Students',
'hostname' => 'ldap.students.example.org',
'dnpattern' => 'uid=%username%,ou=students,dc=example,dc=org',
),
),
*/
);

View File

@ -0,0 +1,39 @@
<?php
/*
* The configuration of simpleSAMLphp
*
*
*/
$casldapconfig = array (
'idpentityid.example.org' => array(
'cas' => array(
'login' => 'https://idpentityid.example.org/cas/login',
'validate' => 'https://idpentityid.example.org/cas/validate',
),
'ldap' => array(
'servers' => 'idpentityid.example.org',
'enable_tls' => false,
'searchbase' => 'dc=example,dc=org',
'searchattributes' => 'uid',
'attributes' => array('cn', 'mail'),
),
),
'idpentityid2.example.org' => array(
'cas' => array(
'login' => 'https://idpentityid2.example.org/login',
'validate' => 'https://idpentityid2.example.org/validate',
),
'ldap' => array(
'servers' => 'ldap://idpentityid2.example.org',
'enable_tls' => false,
'searchbase' => 'ou=users,dc=example,dc=org',
'searchattributes' => array('uid', 'mail'), # array for being able to login with either uid or mail.
'attributes' => null,
'priv_user_dn' => 'uid=admin,ou=users,dc=example,dc=org',
'priv_user_pw' => 'xxxxx',
),
),
);
?>

View File

@ -0,0 +1,68 @@
<?php
/*
* The configuration of the login-auto authentication module.
*
* $Id: config.php 451 2008-03-27 15:33:34Z olavmrk $
*/
$config = array (
/*
* This option enables or disables the login-auto authentication
* handler. This handler is implemented in 'www/auth/login-auto.php'.
*
* When this option is set to true, a user can go to the
* 'auth/login-auto.php' web page to be authenticated as an example
* user. The user will receive the attributes set in the
* 'auth.auto.attributes' option.
*
* WARNING: setting this option to true will make it possible to use
* this authenticator for all users, irrespectively of the 'auth'
* setting in the IdP's metadata. They can always use it by opening the
* 'auth/login-auto.php' webpage manually.
*/
'auth.auto.enable' => true,
/*
* This option configures which attributes the login-auto
* authentication handler will set for the user. It is an array of
* arrays. The name of the attribute is the index in the first array,
* and all the values for the attribute is given in the array
* referenced to by the name.
*
* Example:
* 'auth.auto.attributes' => array(
* 'edupersonaffiliation' => array('student', 'member'),
* 'uid' => array('example_uid'),
* 'mail' => array('example@example.com'),
* ),
*/
'auth.auto.attributes' => array(
'edupersonaffiliation' => array('student', 'member'),
'title' => array('Example user title'),
'uid' => array('example_uid'),
'mail' => array('example@example.com'),
'cn' => array('Example user commonname'),
'givenname' => array('Example user givenname'),
'sn' => array("Example surname"),
),
/*
* When this option is set to true, the login-auto authentication
* handler will ask for a username and a password. This can be used to
* test the IdP. The username and password isn't verified, and the
* user/script can enter anything.
*/
'auth.auto.ask_login' => false,
/*
* This option configures a delay in the login-auto authentication
* handler. The script will wait for the given number of milliseconds
* before authenticating the user. This can, for example, be used in
* a simple simulation of a slow LDAP server.
*/
'auth.auto.delay_login' => 0,
);
?>

View File

@ -0,0 +1,39 @@
<?php
/*
* Configuration for the auth/login-feide.php login module.
*
* The configuration file is an array with multiple organizations. The user
* can select which organization he/she wants to log in with, with a drop-down
* menu in the user interface.
*
*/
$config = array (
'orgldapconfig' => array(
'example1.com' => array(
'description' => 'Example Org 1',
'searchbase' => 'cn=people,dc=example1,dc=com',
'hostname' => 'ldaps://ldap.example1.com',
'attributes' => null,
'contactMail' => 'admin@example1.com',
'contactURL' => 'http://admin.example1.com',
// System user to bind() before we do a search for eduPersonPrincipalName
'adminUser' => 'uid=admin,dc=example1,dc=com',
'adminPassword' => 'xxx',
),
'example1.com' => array(
'description' => 'Example Org 1',
'searchbase' => 'cn=people,dc=example1,dc=com',
'hostname' => 'ldaps://ldap.example1.com',
'attributes' => array('mail', 'street'),
),
),
);
?>

View File

@ -0,0 +1,645 @@
<?php
/*
* The configuration of simpleSAMLphp
*
* $Id: config.php 3171 2012-09-25 08:54:06Z jaimepc@gmail.com $
*/
$config = array (
/**
* Setup the following parameters to match the directory of your installation.
* See the user manual for more details.
*
* Valid format for baseurlpath is:
* [(http|https)://(hostname|fqdn)[:port]]/[path/to/simplesaml/]
* (note that it must end with a '/')
*
* The full url format is useful if your simpleSAMLphp setup is hosted behind
* a reverse proxy. In that case you can specify the external url here.
*
* Please note that simpleSAMLphp will then redirect all queries to the
* external url, no matter where you come from (direct access or via the
* reverse proxy).
*/
'baseurlpath' => 'simplesaml/',
'certdir' => 'cert/',
'loggingdir' => 'log/',
'datadir' => 'data/',
/*
* A directory where simpleSAMLphp can save temporary files.
*
* SimpleSAMLphp will attempt to create this directory if it doesn't exist.
*/
'tempdir' => '/tmp/simplesaml',
/*
* If you enable this option, simpleSAMLphp will log all sent and received messages
* to the log file.
*
* This option also enables logging of the messages that are encrypted and decrypted.
*
* Note: The messages are logged with the DEBUG log level, so you also need to set
* the 'logging.level' option to LOG_DEBUG.
*/
'debug' => FALSE,
'showerrors' => TRUE,
/**
* Custom error show function called from SimpleSAML_Error_Error::show.
* See docs/simplesamlphp-errorhandling.txt for function code example.
*
* Example:
* 'errors.show_function' => array('sspmod_example_Error_Show', 'show'),
*/
/**
* This option allows you to enable validation of XML data against its
* schemas. A warning will be written to the log if validation fails.
*/
'debug.validatexml' => FALSE,
/**
* This password must be kept secret, and modified from the default value 123.
* This password will give access to the installation page of simpleSAMLphp with
* metadata listing and diagnostics pages.
* You can also put a hash here; run "bin/pwgen.php" to generate one.
*/
'auth.adminpassword' => '123',
'admin.protectindexpage' => false,
'admin.protectmetadata' => false,
/**
* This is a secret salt used by simpleSAMLphp when it needs to generate a secure hash
* of a value. It must be changed from its default value to a secret value. The value of
* 'secretsalt' can be any valid string of any length.
*
* A possible way to generate a random salt is by running the following command from a unix shell:
* tr -c -d '0123456789abcdefghijklmnopqrstuvwxyz' </dev/urandom | dd bs=32 count=1 2>/dev/null;echo
*/
'secretsalt' => 'defaultsecretsalt',
/*
* Some information about the technical persons running this installation.
* The email address will be used as the recipient address for error reports, and
* also as the technical contact in generated metadata.
*/
'technicalcontact_name' => 'Administrator',
'technicalcontact_email' => 'na@example.org',
/*
* The timezone of the server. This option should be set to the timezone you want
* simpleSAMLphp to report the time in. The default is to guess the timezone based
* on your system timezone.
*
* See this page for a list of valid timezones: http://php.net/manual/en/timezones.php
*/
'timezone' => NULL,
/*
* Logging.
*
* define the minimum log level to log
* SimpleSAML_Logger::ERR No statistics, only errors
* SimpleSAML_Logger::WARNING No statistics, only warnings/errors
* SimpleSAML_Logger::NOTICE Statistics and errors
* SimpleSAML_Logger::INFO Verbose logs
* SimpleSAML_Logger::DEBUG Full debug logs - not reccomended for production
*
* Choose logging handler.
*
* Options: [syslog,file,errorlog]
*
*/
'logging.level' => SimpleSAML_Logger::NOTICE,
'logging.handler' => 'syslog',
/*
* Choose which facility should be used when logging with syslog.
*
* These can be used for filtering the syslog output from simpleSAMLphp into its
* own file by configuring the syslog daemon.
*
* See the documentation for openlog (http://php.net/manual/en/function.openlog.php) for available
* facilities. Note that only LOG_USER is valid on windows.
*
* The default is to use LOG_LOCAL5 if available, and fall back to LOG_USER if not.
*/
'logging.facility' => defined('LOG_LOCAL5') ? constant('LOG_LOCAL5') : LOG_USER,
/*
* The process name that should be used when logging to syslog.
* The value is also written out by the other logging handlers.
*/
'logging.processname' => 'simplesamlphp',
/* Logging: file - Logfilename in the loggingdir from above.
*/
'logging.logfile' => 'simplesamlphp.log',
/* (New) statistics output configuration.
*
* This is an array of outputs. Each output has at least a 'class' option, which
* selects the output.
*/
'statistics.out' => array(
// Log statistics to the normal log.
/*
array(
'class' => 'core:Log',
'level' => 'notice',
),
*/
// Log statistics to files in a directory. One file per day.
/*
array(
'class' => 'core:File',
'directory' => '/var/log/stats',
),
*/
),
/*
* Enable
*
* Which functionality in simpleSAMLphp do you want to enable. Normally you would enable only
* one of the functionalities below, but in some cases you could run multiple functionalities.
* In example when you are setting up a federation bridge.
*/
'enable.saml20-idp' => false,
'enable.shib13-idp' => false,
'enable.adfs-idp' => false,
'enable.wsfed-sp' => false,
'enable.authmemcookie' => false,
/*
* This value is the duration of the session in seconds. Make sure that the time duration of
* cookies both at the SP and the IdP exceeds this duration.
*/
'session.duration' => 8 * (60*60), // 8 hours.
'session.requestcache' => 4 * (60*60), // 4 hours
/*
* Sets the duration, in seconds, data should be stored in the datastore. As the datastore is used for
* login and logout requests, thid option will control the maximum time these operations can take.
* The default is 4 hours (4*60*60) seconds, which should be more than enough for these operations.
*/
'session.datastore.timeout' => (4*60*60), // 4 hours
/*
* Sets the duration, in seconds, auth state should be stored.
*/
'session.state.timeout' => (60*60), // 1 hour
/*
* Option to override the default settings for the session cookie name
*/
'session.cookie.name' => 'SimpleSAMLSessionID',
/*
* Expiration time for the session cookie, in seconds.
*
* Defaults to 0, which means that the cookie expires when the browser is closed.
*
* Example:
* 'session.cookie.lifetime' => 30*60,
*/
'session.cookie.lifetime' => 0,
/*
* Limit the path of the cookies.
*
* Can be used to limit the path of the cookies to a specific subdirectory.
*
* Example:
* 'session.cookie.path' => '/simplesaml/',
*/
'session.cookie.path' => '/',
/*
* Cookie domain.
*
* Can be used to make the session cookie available to several domains.
*
* Example:
* 'session.cookie.domain' => '.example.org',
*/
'session.cookie.domain' => NULL,
/*
* Set the secure flag in the cookie.
*
* Set this to TRUE if the user only accesses your service
* through https. If the user can access the service through
* both http and https, this must be set to FALSE.
*/
'session.cookie.secure' => FALSE,
/*
* When set to FALSE fallback to transient session on session initialization
* failure, throw exception otherwise.
*/
'session.disable_fallback' => FALSE,
/*
* Enable secure POST from HTTPS to HTTP.
*
* If you have some SP's on HTTP and IdP is normally on HTTPS, this option
* enables secure POSTing to HTTP endpoint without warning from browser.
*
* For this to work, module.php/core/postredirect.php must be accessible
* also via HTTP on IdP, e.g. if your IdP is on
* https://idp.example.org/ssp/, then
* http://idp.example.org/ssp/module.php/core/postredirect.php must be accessible.
*/
'enable.http_post' => FALSE,
/*
* Options to override the default settings for php sessions.
*/
'session.phpsession.cookiename' => null,
'session.phpsession.savepath' => null,
'session.phpsession.httponly' => FALSE,
/*
* Option to override the default settings for the auth token cookie
*/
'session.authtoken.cookiename' => 'SimpleSAMLAuthToken',
/*
* Languages available, RTL languages, and what language is default
*/
'language.available' => array('en', 'no', 'nn', 'se', 'da', 'de', 'sv', 'fi', 'es', 'fr', 'it', 'nl', 'lb', 'cs', 'sl', 'lt', 'hr', 'hu', 'pl', 'pt', 'pt-br', 'tr', 'ja', 'zh', 'zh-tw', 'ru', 'et', 'he', 'id', 'sr'),
'language.rtl' => array('ar','dv','fa','ur','he'),
'language.default' => 'en',
/**
* Custom getLanguage function called from SimpleSAML_XHTML_Template::getLanguage().
* Function should return language code of one of the available languages or NULL.
* See SimpleSAML_XHTML_Template::getLanguage() source code for more info.
*
* This option can be used to implement a custom function for determining
* the default language for the user.
*
* Example:
* 'language.get_language_function' => array('sspmod_example_Template', 'getLanguage'),
*/
/*
* Extra dictionary for attribute names.
* This can be used to define local attributes.
*
* The format of the parameter is a string with <module>:<dictionary>.
*
* Specifying this option will cause us to look for modules/<module>/dictionaries/<dictionary>.definition.json
* The dictionary should look something like:
*
* {
* "firstattribute": {
* "en": "English name",
* "no": "Norwegian name"
* },
* "secondattribute": {
* "en": "English name",
* "no": "Norwegian name"
* }
* }
*
* Note that all attribute names in the dictionary must in lowercase.
*
* Example: 'attributes.extradictionary' => 'ourmodule:ourattributes',
*/
'attributes.extradictionary' => NULL,
/*
* Which theme directory should be used?
*/
'theme.use' => 'default',
/*
* Default IdP for WS-Fed.
*/
'default-wsfed-idp' => 'urn:federation:pingfederate:localhost',
/*
* Whether the discovery service should allow the user to save his choice of IdP.
*/
'idpdisco.enableremember' => TRUE,
'idpdisco.rememberchecked' => TRUE,
// Disco service only accepts entities it knows.
'idpdisco.validate' => TRUE,
'idpdisco.extDiscoveryStorage' => NULL,
/*
* IdP Discovery service look configuration.
* Wether to display a list of idp or to display a dropdown box. For many IdP' a dropdown box
* gives the best use experience.
*
* When using dropdown box a cookie is used to highlight the previously chosen IdP in the dropdown.
* This makes it easier for the user to choose the IdP
*
* Options: [links,dropdown]
*
*/
'idpdisco.layout' => 'dropdown',
/*
* Whether simpleSAMLphp should sign the response or the assertion in SAML 1.1 authentication
* responses.
*
* The default is to sign the assertion element, but that can be overridden by setting this
* option to TRUE. It can also be overridden on a pr. SP basis by adding an option with the
* same name to the metadata of the SP.
*/
'shib13.signresponse' => TRUE,
/*
* Authentication processing filters that will be executed for all IdPs
* Both Shibboleth and SAML 2.0
*/
'authproc.idp' => array(
/* Enable the authproc filter below to add URN Prefixces to all attributes
10 => array(
'class' => 'core:AttributeMap', 'addurnprefix'
), */
/* Enable the authproc filter below to automatically generated eduPersonTargetedID.
20 => 'core:TargetedID',
*/
// Adopts language from attribute to use in UI
30 => 'core:LanguageAdaptor',
/* Add a realm attribute from edupersonprincipalname
40 => 'core:AttributeRealm',
*/
45 => array(
'class' => 'core:StatisticsWithAttribute',
'attributename' => 'realm',
'type' => 'saml20-idp-SSO',
),
/* When called without parameters, it will fallback to filter attributes the old way
* by checking the 'attributes' parameter in metadata on IdP hosted and SP remote.
*/
50 => 'core:AttributeLimit',
/*
* Search attribute "distinguishedName" for pattern and replaces if found
60 => array(
'class' => 'core:AttributeAlter',
'pattern' => '/OU=studerende/',
'replacement' => 'Student',
'subject' => 'distinguishedName',
'%replace',
),
*/
/*
* Consent module is enabled (with no permanent storage, using cookies).
90 => array(
'class' => 'consent:Consent',
'store' => 'consent:Cookie',
'focus' => 'yes',
'checked' => TRUE
),
*/
// If language is set in Consent module it will be added as an attribute.
99 => 'core:LanguageAdaptor',
),
/*
* Authentication processing filters that will be executed for all SPs
* Both Shibboleth and SAML 2.0
*/
'authproc.sp' => array(
/*
10 => array(
'class' => 'core:AttributeMap', 'removeurnprefix'
),
*/
/* Exposes nameid */
10 => array(
'class' => 'saml:NameIDAttribute',
'format' => '%V',
'attribute' => 'NameID',
),
/*
* Generate the 'group' attribute populated from other variables, including eduPersonAffiliation.
*/
60 => array('class' => 'core:GenerateGroups', 'eduPersonAffiliation'),
// All users will be members of 'users' and 'members'
61 => array('class' => 'core:AttributeAdd', 'groups' => array('users', 'members')),
// Adopts language from attribute to use in UI
90 => 'core:LanguageAdaptor',
),
/*
* This option configures the metadata sources. The metadata sources is given as an array with
* different metadata sources. When searching for metadata, simpleSAMPphp will search through
* the array from start to end.
*
* Each element in the array is an associative array which configures the metadata source.
* The type of the metadata source is given by the 'type' element. For each type we have
* different configuration options.
*
* Flat file metadata handler:
* - 'type': This is always 'flatfile'.
* - 'directory': The directory we will load the metadata files from. The default value for
* this option is the value of the 'metadatadir' configuration option, or
* 'metadata/' if that option is unset.
*
* XML metadata handler:
* This metadata handler parses an XML file with either an EntityDescriptor element or an
* EntitiesDescriptor element. The XML file may be stored locally, or (for debugging) on a remote
* web server.
* The XML hetadata handler defines the following options:
* - 'type': This is always 'xml'.
* - 'file': Path to the XML file with the metadata.
* - 'url': The url to fetch metadata from. THIS IS ONLY FOR DEBUGGING - THERE IS NO CACHING OF THE RESPONSE.
*
*
* Examples:
*
* This example defines two flatfile sources. One is the default metadata directory, the other
* is a metadata directory with autogenerated metadata files.
*
* 'metadata.sources' => array(
* array('type' => 'flatfile'),
* array('type' => 'flatfile', 'directory' => 'metadata-generated'),
* ),
*
* This example defines a flatfile source and an XML source.
* 'metadata.sources' => array(
* array('type' => 'flatfile'),
* array('type' => 'xml', 'file' => 'idp.example.org-idpMeta.xml'),
* ),
*
*
* Default:
* 'metadata.sources' => array(
* array('type' => 'flatfile')
* ),
*/
'metadata.sources' => array(
array('type' => 'flatfile'),
),
/*
* Configure the datastore for simpleSAMLphp.
*
* - 'phpsession': Limited datastore, which uses the PHP session.
* - 'memcache': Key-value datastore, based on memcache.
* - 'sql': SQL datastore, using PDO.
*
* The default datastore is 'phpsession'.
*
* (This option replaces the old 'session.handler'-option.)
*/
'store.type' => 'phpsession',
/*
* The DSN the sql datastore should connect to.
*
* See http://www.php.net/manual/en/pdo.drivers.php for the various
* syntaxes.
*/
'store.sql.dsn' => 'sqlite:/path/to/sqlitedatabase.sq3',
/*
* The username and password to use when connecting to the database.
*/
'store.sql.username' => NULL,
'store.sql.password' => NULL,
/*
* The prefix we should use on our tables.
*/
'store.sql.prefix' => 'simpleSAMLphp',
/*
* Configuration for the MemcacheStore class. This allows you to store
* multiple redudant copies of sessions on different memcache servers.
*
* 'memcache_store.servers' is an array of server groups. Every data
* item will be mirrored in every server group.
*
* Each server group is an array of servers. The data items will be
* load-balanced between all servers in each server group.
*
* Each server is an array of parameters for the server. The following
* options are available:
* - 'hostname': This is the hostname or ip address where the
* memcache server runs. This is the only required option.
* - 'port': This is the port number of the memcache server. If this
* option isn't set, then we will use the 'memcache.default_port'
* ini setting. This is 11211 by default.
* - 'weight': This sets the weight of this server in this server
* group. http://php.net/manual/en/function.Memcache-addServer.php
* contains more information about the weight option.
* - 'timeout': The timeout for this server. By default, the timeout
* is 3 seconds.
*
* Example of redudant configuration with load balancing:
* This configuration makes it possible to lose both servers in the
* a-group or both servers in the b-group without losing any sessions.
* Note that sessions will be lost if one server is lost from both the
* a-group and the b-group.
*
* 'memcache_store.servers' => array(
* array(
* array('hostname' => 'mc_a1'),
* array('hostname' => 'mc_a2'),
* ),
* array(
* array('hostname' => 'mc_b1'),
* array('hostname' => 'mc_b2'),
* ),
* ),
*
* Example of simple configuration with only one memcache server,
* running on the same computer as the web server:
* Note that all sessions will be lost if the memcache server crashes.
*
* 'memcache_store.servers' => array(
* array(
* array('hostname' => 'localhost'),
* ),
* ),
*
*/
'memcache_store.servers' => array(
array(
array('hostname' => 'localhost'),
),
),
/*
* This value is the duration data should be stored in memcache. Data
* will be dropped from the memcache servers when this time expires.
* The time will be reset every time the data is written to the
* memcache servers.
*
* This value should always be larger than the 'session.duration'
* option. Not doing this may result in the session being deleted from
* the memcache servers while it is still in use.
*
* Set this value to 0 if you don't want data to expire.
*
* Note: The oldest data will always be deleted if the memcache server
* runs out of storage space.
*/
'memcache_store.expires' => 36 * (60*60), // 36 hours.
/*
* Should signing of generated metadata be enabled by default.
*
* Metadata signing can also be enabled for a individual SP or IdP by setting the
* same option in the metadata for the SP or IdP.
*/
'metadata.sign.enable' => FALSE,
/*
* The default key & certificate which should be used to sign generated metadata. These
* are files stored in the cert dir.
* These values can be overridden by the options with the same names in the SP or
* IdP metadata.
*
* If these aren't specified here or in the metadata for the SP or IdP, then
* the 'certificate' and 'privatekey' option in the metadata will be used.
* if those aren't set, signing of metadata will fail.
*/
'metadata.sign.privatekey' => NULL,
'metadata.sign.privatekey_pass' => NULL,
'metadata.sign.certificate' => NULL,
/*
* Proxy to use for retrieving URLs.
*
* Example:
* 'proxy' => 'tcp://proxy.example.com:5100'
*/
'proxy' => NULL,
);

View File

@ -0,0 +1,46 @@
<?php
/*
* Configuration for the LDAP authentication module.
*
* $Id: $
*/
$config = array (
/**
* LDAP configuration. This is only relevant if you use the LDAP authentication plugin.
*
* The attributes parameter is a list of attributes that should be retrieved.
* If the attributes parameter is set to null, all attributes will be retrieved.
*/
'auth.ldap.dnpattern' => 'uid=%username%,dc=feide,dc=no,ou=feide,dc=uninett,dc=no',
'auth.ldap.hostname' => 'ldap.uninett.no',
'auth.ldap.attributes' => null,
'auth.ldap.enable_tls' => false,
/*
* Searching the DN of the user.
*/
/* Set this to TRUE to enable searching. */
'auth.ldap.search.enable' => FALSE,
/* The base DN for the search. */
'auth.ldap.search.base' => NULL,
/* The attribute(s) to search for.
*
* This may be a single string, or an array of string. If this is an array, then any of the attributes
* in the array may match the value the user supplied as the username.
*/
'auth.ldap.search.attributes' => NULL,
/* The username & password the simpleSAMLphp should bind as before searching. If this is left
* as NULL, no bind will be performed before searching.
*/
'auth.ldap.search.username' => NULL,
'auth.ldap.search.password' => NULL,
);
?>

View File

@ -0,0 +1,34 @@
<?php
/*
* Configuration for the multi-DN LDAP authentication module.
*
* $Id: ldapmulti.php 826 2008-08-20 14:14:08Z hans.zandbelt $
*/
$ldapmulti = array (
'feide.no' => array(
'description' => 'Feide',
/* for a description of options see equivalent options in ldap.php starting with auth.ldap. */
'dnpattern' => 'uid=%username%,dc=feide,dc=no,ou=feide,dc=uninett,dc=no',
'hostname' => 'ldap.uninett.no',
'attributes' => NULL,
'enable_tls' => FALSE,
'search.enable' => FALSE,
'search.base' => NULL,
'search.attributes' => NULL,
'search.username' => NULL,
'search.password' => NULL,
),
'uninett.no' => array(
'description' => 'UNINETT',
'dnpattern' => 'uid=%username%,ou=people,dc=uninett,dc=no',
'hostname' => 'ldap.uninett.no',
'attributes' => NULL,
)
);
?>

View File

@ -0,0 +1,17 @@
<?php
/*
* Configuration
*
* $Id: translation.php 2100 2010-01-12 11:33:22Z andreassolberg $
*/
$config = array (
'application' => 'simplesamlphp',
'baseurl' => 'https://translation.rnd.feide.no/simplesaml',
'key' => '_e7224d54cda84434e25ef087e5c22c1fa5f6ae87cc',
'secret' => '_0e29f782d295bc9782112981f654f1db58174d19d7',
);
?>

View File

@ -0,0 +1,143 @@
{
"cfg_check_header": {
"en": "Configuration check"
},
"cfg_check_select_file": {
"en": "Select configuration file to check:"
},
"cfg_check_notices": {
"en": "Notices"
},
"cfg_check_missing": {
"en": "Options missing from config file"
},
"cfg_check_superfluous": {
"en": "Superfluous options in config file"
},
"cfg_check_noerrors": {
"en": "No errors found."
},
"cfg_check_back": {
"en": "Go back to the file list"
},
"metaover_header": {
"en": "Metadata overview"
},
"metaover_intro": {
"en": "To look at the details for an SAML entity, click on the SAML entity header."
},
"metaover_errorentry": {
"en": "Error in this metadata entry"
},
"metaover_required_found": {
"en": "Required fields"
},
"metaover_required_not_found": {
"en": "The following required fields was not found"
},
"metaover_optional_found": {
"en": "Optional fields"
},
"metaover_optional_not_found": {
"en": "The following optional fields was not found"
},
"metaover_unknown_found": {
"en": "The following fields was not recognized"
},
"metaover_group_metadata.saml20-sp-hosted": {
"en": "SAML 2.0 Service Provider (Hosted)"
},
"metaover_group_metadata.saml20-sp-remote": {
"en": "SAML 2.0 Service Provider (Remote)"
},
"metaover_group_metadata.saml20-idp-hosted": {
"en": "SAML 2.0 Identity Provider (Hosted)"
},
"metaover_group_metadata.saml20-idp-remote": {
"en": "SAML 2.0 Identity Provider (Remote)"
},
"metaover_group_metadata.shib13-sp-hosted": {
"en": "Shib 1.3 Service Provider (Hosted)"
},
"metaover_group_metadata.shib13-sp-remote": {
"en": "Shib 1.3 Service Provider (Remote)"
},
"metaover_group_metadata.shib13-idp-hosted": {
"en": "Shib 1.3 Identity Provider (Hosted)"
},
"metaover_group_metadata.shib13-idp-remote": {
"en": "Shib 1.3 Identity Provider (Remote)"
},
"metaover_group_metadata.wsfed-sp-hosted": {
"en": "WS-Federation Service Provider (Hosted)"
},
"metaover_group_metadata.wsfed-idp-remote": {
"en": "WS-Federation Identity Provider (Remote)"
},
"metaconv_title": {
"en": "Metadata parser"
},
"metaconv_parse": {
"en": "Parse"
},
"metaconv_converted": {
"en": "Converted metadata"
},
"metadata_saml20-sp": {
"en": "SAML 2.0 SP Metadata"
},
"metadata_saml20-idp": {
"en": "SAML 2.0 IdP Metadata"
},
"metadata_shib13-sp": {
"en": "Shib 1.3 SP Metadata"
},
"metadata_shib13-idp": {
"en": "Shib 1.3 IdP Metadata"
},
"metadata_intro": {
"en": "Here is the metadata that simpleSAMLphp has generated for you. You may send this metadata document to trusted partners to setup a trusted federation."
},
"metadata_xmlurl": {
"en": "You can <a href=\"%METAURL%\">get the metadata xml on a dedicated URL<\/a>:"
},
"metadata_metadata": {
"en": "Metadata"
},
"metadata_cert": {
"en": "Certificates"
},
"metadata_cert_intro": {
"en": "Download the X509 certificates as PEM-encoded files."
},
"metadata_xmlformat": {
"en": "In SAML 2.0 Metadata XML format:"
},
"metadata_simplesamlformat": {
"en": "In simpleSAMLphp flat file format - use this if you are using a simpleSAMLphp entity on the other side:"
},
"debug_sending_message_title": {
"en": "Sending message"
},
"debug_sending_message_text_button": {
"en": "You are about to send a message. Hit the submit message button to continue."
},
"debug_sending_message_text_link": {
"en": "You are about to send a message. Hit the submit message link to continue."
},
"debug_sending_message_send": {
"en": "Submit message"
},
"debug_sending_message_msg_title": {
"en": "Message"
},
"debug_sending_message_msg_text": {
"en": "As you are in debug mode, you get to see the content of the message you are sending:"
},
"debug_disable_debug_mode": {
"en": "You can turn off debug mode in the global simpleSAMLphp configuration file <tt>config\/config.php<\/tt>."
},
"metaconv_xmlmetadata": {
"en": "XML metadata"
}
}

File diff suppressed because it is too large Load Diff

View File

@ -0,0 +1,140 @@
{
"attribute_edupersonaffiliation": {
"en": "Affiliation"
},
"attribute_title": {
"en": "Title"
},
"attribute_uid": {
"en": "User ID"
},
"attribute_sn": {
"en": "Surname"
},
"attribute_givenname": {
"en": "Given name"
},
"attribute_cn": {
"en": "Common name"
},
"attribute_mail": {
"en": "Mail"
},
"attribute_mobile": {
"en": "Mobile"
},
"attribute_preferredlanguage": {
"en": "Preferred language"
},
"attribute_noredupersonnin": {
"en": "Identity number assigned by public authorities"
},
"attribute_schachomeorganization": {
"en": "Home organization domain name"
},
"attribute_organisationname": {
"en": "Organization name"
},
"attribute_edupersonentitlement": {
"en": "Entitlement regarding the service"
},
"attribute_edupersonscopedaffiliation": {
"en": "Affiliation at home organization"
},
"attribute_edupersontargetedid": {
"en": "Persistent pseudonymous ID"
},
"attribute_edupersonprincipalname": {
"en": "Person's principal name at home organization"
},
"attribute_o": {
"en": "Organization name"
},
"attribute_dc": {
"en": "Domain component (DC)"
},
"attribute_displayname": {
"en": "Display name"
},
"attribute_facsimiletelephonenumber": {
"en": "Fax number"
},
"attribute_homephone": {
"en": "Home telephone"
},
"attribute_homepostaladdress": {
"en": "Home postal address"
},
"attribute_jpegphoto": {
"en": "JPEG Photo"
},
"attribute_l": {
"en": "Locality"
},
"attribute_labeleduri": {
"en": "Labeled URI"
},
"attribute_manager": {
"en": "Manager"
},
"attribute_ou": {
"en": "Organizational unit"
},
"attribute_postaladdress": {
"en": "Postal address"
},
"attribute_postalcode": {
"en": "Postal code"
},
"attribute_postofficebox": {
"en": "Post office box"
},
"attribute_street": {
"en": "Street"
},
"attribute_telephonenumber": {
"en": "Telephone number"
},
"attribute_eduorghomepageuri": {
"en": "Organizational homepage"
},
"attribute_eduorglegalname": {
"en": "Organization's legal name"
},
"attribute_edupersonassurance": {
"en": "Identity assurance profile"
},
"attribute_edupersonnickname": {
"en": "Nickname"
},
"attribute_edupersonorgdn": {
"en": "Distinguished name (DN) of person's home organization"
},
"attribute_edupersonorgunitdn": {
"en": "Distinguished name (DN) of the person's home organizational unit"
},
"attribute_edupersonprimaryaffiliation": {
"en": "Primary affiliation"
},
"attribute_noreduorgnin": {
"en": "Organizational number"
},
"attribute_noredupersonbirthdate": {
"en": "Date of birth"
},
"attribute_noredupersonlegalname": {
"en": "Legal name"
},
"attribute_noredupersonlin": {
"en": "Local identity number"
},
"attribute_edupersonprimaryorgunitdn": {
"en": "Distinguished name (DN) of person's primary Organizational Unit"
},
"attribute_userpassword": {
"en": "User's password hash"
},
"attribute_schacuserprivateattribute": {
"en": "Private information elements"
}
}

File diff suppressed because it is too large Load Diff

View File

@ -0,0 +1,23 @@
{
"selectidp": {
"en": "Select your identity provider"
},
"selectidp_full": {
"en": "Please select the identity provider where you want to authenticate:"
},
"select": {
"en": "Select"
},
"remember": {
"en": "Remember my choice"
},
"icon_prefered_idp": {
"en": "[Preferred choice]"
},
"previous_auth": {
"en": "You have previously chosen to authenticate at"
},
"login_at": {
"en": "Login at"
}
}

View File

@ -0,0 +1,207 @@
{
"selectidp": {
"no": "Velg din identitetsleverand\u00f8r",
"nn": "Vel innloggingsteneste",
"sv": "V\u00e4lj din identitetsleverant\u00f6r",
"es": "Seleccione su proveedor de identidad",
"fr": "S\u00e9lectionnez votre fournisseur d'identit\u00e9",
"de": "W\u00e4hlen Sie Ihren Identity Provider",
"nl": "Kies je Identity Provider",
"sl": "Izberite IdP doma\u010de organizacije",
"da": "V\u00e6lg institution (identitetsudbyder)",
"hr": "Odaberite autentifikacijski servis",
"hu": "V\u00e1lasszon szem\u00e9lyazonoss\u00e1g-szolg\u00e1ltat\u00f3t (IdP)",
"fi": "Valitse identiteettill\u00e4hteeis",
"pt-br": "Selecione seu provedor de identidade",
"pt": "Escolha o seu fornecedor de identidade (IdP)",
"pl": "wybierz swojego Dostawc\u0119 To\u017csamo\u015bci.",
"cs": "Zvol sv\u00e9ho poskytovatele identity (IdP)",
"tr": "Kimlik sa\u011flay\u0131c\u0131n\u0131z\u0131 se\u00e7iniz.",
"lt": "Pasirinkite savo tapatybi\u0173 tiek\u0117j\u0105",
"it": "Selezionare il proprio identity provider",
"ja": "\u30a2\u30a4\u30c7\u30f3\u30c6\u30a3\u30c6\u30a3\u30d7\u30ed\u30d0\u30a4\u30c0\u3092\u9078\u629e\u3057\u3066\u304f\u3060\u3055\u3044",
"zh-tw": "\u9078\u64c7\u4f60\u7684\u8b58\u5225\u63d0\u4f9b\u8005(idp)",
"ru": "\u0412\u044b\u0431\u0438\u0440\u0435\u0442\u0435 \u0432\u0430\u0448 identity provider",
"et": "Vali oma identiteedipakkuja",
"he": "\u05d1\u05d7\u05e8 \u05d0\u05ea \u05e1\u05e4\u05e7 \u05d4\u05d6\u05d4\u05d5\u05ea \u05e9\u05dc\u05da",
"zh": "\u9009\u62e9\u4f60\u7684\u8eab\u4efd\u63d0\u4f9b\u8005",
"ar": "\u0627\u062e\u062a\u0627\u0631 \u0645\u0648\u0642\u0639 \u0647\u0648\u064a\u062a\u0643",
"id": "Pilih identity provider anda",
"sr": "Odaberite va\u0161eg davaoca identiteta"
},
"selectidp_full": {
"no": "Vennligst velg hvilken identitetsleverand\u00f8r du vil bruke for \u00e5 logge inn:",
"nn": "Vel innloggingsteneste (IdP) der du \u00f8nskjer \u00e5 logga inn.",
"sv": "V\u00e4lj vilken identitetsleverant\u00f6r du vill logga in med:",
"es": "Por favor, seleccione el proveedor de identidad donde desea autenticarse",
"fr": "S\u00e9lectionnez le fournisseur d'identit\u00e9 aupr\u00e8s duquel vous souhaitez vous authentifier :",
"de": "Bitte w\u00e4hlen Sie den Identity Provider, bei dem Sie Sich authentifizieren m\u00f6chten:",
"nl": "Selecteer de Identity Provider waar je wil authenticeren:",
"sl": "Izberite IdP, na katerem se boste avtenticirali:",
"da": "V\u00e6lg institutionen (identitetsudbyderen) hvor du vil logge ind",
"hr": "Molimo odaberite servis preko kojeg se \u017eelite autentificirati:",
"hu": "K\u00e9rj\u00fck, v\u00e1lassza ki azt a szem\u00e9lyazonoss\u00e1g-szolg\u00e1ltat\u00f3t (IdP), ahol azonos\u00edtani k\u00edv\u00e1nja mag\u00e1t:",
"fi": "Valitse identiteettil\u00e4hteesi jossa haluat kirjautua",
"pt-br": "Por favor selecione o provedor de identidade ao qual deseja se autenticar",
"pt": "Por favor, escolha o fornecedor de identidade (IdP) que ir\u00e1 usar para se autenticar:",
"pl": "Prosz\u0119 wybra\u0107 Dostawc\u0119 To\u017csamo\u015bci, przez kt\u00f3rego chcesz si\u0119 uwierzytelni\u0107:",
"cs": "Pros\u00edm zvolte sve\u00e9ho poskytovatele identity, kter\u00fd v\u00e1m dovol\u00ed se p\u0159ihl\u00e1sit",
"tr": "L\u00fctfen, kimlik do\u011frulamas\u0131 yapaca\u011f\u0131n\u0131z kimlik sa\u011flay\u0131c\u0131y\u0131 se\u00e7iniz: ",
"lt": "Pra\u0161ome pasirinkite tapatybi\u0173 tiek\u0117j\u0105, kuriame norite autentikuotis:",
"it": "Si prega di selezionare l'identity provider con il quale autenticarsi:",
"ja": "\u8a8d\u8a3c\u3092\u884c\u3044\u305f\u3044\u30a2\u30a4\u30c7\u30f3\u30c6\u30a3\u30c6\u30a3\u30d7\u30ed\u30d0\u30a4\u30c0\u3092\u9078\u629e\u3057\u3066\u304f\u3060\u3055\u3044:",
"zh-tw": "\u8acb\u9078\u64c7\u60a8\u6240\u8981\u524d\u5f80\u8a8d\u8b49\u7684\u9a57\u8b49\u63d0\u4f9b\u8005\uff1a",
"ru": "\u041f\u043e\u0436\u0430\u043b\u0443\u0439\u0441\u0442\u0430, \u0432\u044b\u0431\u0438\u0440\u0435\u0442\u0435 identity provider \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u043a\u043e\u0442\u043e\u0440\u043e\u0433\u043e \u0432\u044b \u0445\u043e\u0442\u0438\u0442\u0435 \u043f\u0440\u043e\u0439\u0442\u0438 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u044e:",
"et": "Palun vali identiteedipakkuja, mille juures soovid autentida:",
"he": "\u05d1\u05d7\u05e8 \u05d0\u05ea \u05e1\u05e4\u05e7 \u05d4\u05d6\u05d9\u05d4\u05d5\u05ea \u05d0\u05dc\u05d9\u05d5 \u05d0\u05ea\u05d4 \u05e8\u05d5\u05e6\u05d4 \u05dc\u05d4\u05d9\u05d6\u05d3\u05d4\u05d5\u05ea:",
"zh": "\u9009\u62e9\u4f60\u8981\u8ba4\u8bc1\u7684\u8eab\u4efd\u63d0\u4f9b\u8005",
"ar": "\u0627\u062e\u062a\u0631 \u0645\u0648\u0642\u0639 \u0627\u0644\u0647\u0648\u064a\u0629 \u0627\u0644\u0630\u064a \u062a\u0631\u063a\u0628 \u0628\u062f\u062e\u0648\u0644\u0647",
"id": "Silahkan pilih identity provider tempat anda ingin melakukan autentifikasi",
"sr": "Molimo vas odaberite davaoca identiteta kod koga se \u017eelite autentifikovati:"
},
"select": {
"no": "Velg",
"nn": "Vel",
"sv": "V\u00e4lj",
"es": "Seleccione",
"fr": "S\u00e9lectionner",
"de": "Auswahl",
"nl": "Kies",
"sl": "Izberite",
"da": "V\u00e6lg",
"hr": "Odaberi",
"hu": "V\u00e1laszt",
"fi": "Valitse",
"pt-br": "Selecione",
"pt": "Escolher",
"pl": "Wybierz",
"cs": "Zvol",
"tr": "Se\u00e7",
"lt": "Pasirinkite",
"it": "Selezionare",
"ja": "\u9078\u629e",
"zh-tw": "\u9078\u64c7",
"ru": "\u0412\u044b\u0431\u0440\u0430\u0442\u044c",
"et": "Vali",
"he": "\u05d1\u05d7\u05e8",
"zh": "\u9009\u62e9",
"ar": "\u0627\u062e\u062a\u0627\u0631",
"id": "Pilih",
"sr": "Odaberi"
},
"remember": {
"no": "Husk mitt valg",
"nn": "Hugs mitt val",
"sv": "Kom ih\u00e5g mitt val",
"es": "Recordar mi elecci\u00f3n",
"fr": "Retenir ce choix",
"de": "Meine Auswahl merken",
"nl": "Onthoud mijn keuze",
"sl": "Shrani kot privzeto izbiro",
"da": "Husk valget",
"hr": "Zapamti moj odabir",
"hu": "Eml\u00e9kezzen erre",
"fi": "Muista valintani",
"pt-br": "Lembrar minha escolha",
"pt": "Lembrar esta escolha",
"pl": "Zapami\u0119taj m\u00f3j wyb\u00f3r",
"cs": "Zapamatuj moji volbu",
"tr": "Se\u00e7imimi hat\u0131rla",
"lt": "Prisiminti pasirinkim\u0105",
"it": "Ricorda la mia scelta",
"ja": "\u9078\u629e\u3092\u8a18\u61b6\u3059\u308b",
"zh-tw": "\u8a18\u4f4f\u6211\u7684\u9078\u64c7",
"ru": "\u0417\u0430\u043f\u043e\u043c\u043d\u0438\u0442\u044c \u043c\u043e\u0439 \u0432\u044b\u0431\u043e\u0440",
"et": "J\u00e4ta valik meelde",
"he": "\u05d6\u05db\u05d5\u05e8 \u05d0\u05ea \u05d4\u05d1\u05d7\u05d9\u05e8\u05d4 \u05e9\u05dc\u05d9",
"zh": "\u8bb0\u4f4f\u6211\u7684\u9009\u62e9",
"ar": "\u062a\u0630\u0643\u0631 \u062e\u064a\u0627\u0631\u0627\u062a\u064a",
"id": "Ingat pilihan saya",
"sr": "Zapamti moj izbor"
},
"icon_prefered_idp": {
"no": "[Foretrukket valg]",
"sv": "Prioriterat val",
"es": "[Opci\u00f3n preference]",
"de": "[Bevorzugte Auswahl]",
"nl": "[Voorkeurskeuze]",
"sl": "Prioritetna izbira",
"da": "Foretrukket valg",
"hu": "[K\u00edv\u00e1nt v\u00e1laszt\u00e1s]",
"fi": "[Oletusvalinta]",
"pt": "Escolha preferida",
"pl": "Preferowany wyb\u00f3r",
"tr": "[Tercih edilen se\u00e7enek]",
"fr": "[Choix pr\u00e9f\u00e9r\u00e9]",
"hr": "[Primarni odabir]",
"nn": "Beste val",
"lt": "[Rekomenduojame]",
"it": "[Scelta preferita]",
"ja": "[\u63a8\u5968\u3059\u308b\u9078\u629e]",
"zh-tw": "\u559c\u597d\u9078\u64c7",
"ru": "[\u041f\u0440\u0435\u0434\u043f\u043e\u0447\u0442\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0439 \u0432\u044b\u0431\u043e\u0440]",
"et": "[Eelistatud valik]",
"he": "[\u05d1\u05d7\u05d9\u05e8\u05d4 \u05de\u05e2\u05d5\u05d3\u05e4\u05ea]",
"pt-br": "[Op\u00e7\u00e3o preferida]",
"zh": "\u9996\u9009\u9009\u9879",
"ar": "\u0627\u062e\u062a\u064a\u0627\u0631\u064a \u0627\u0644\u0645\u0641\u0636\u0644",
"id": "Pilihan yang disukai",
"sr": "[Preferirani izbor]"
},
"previous_auth": {
"no": "Du har tidligere valg \u00e5 autentisere deg hos",
"sv": "Du har tidigare valt att logga in med",
"es": "Previamente solicit\u00f3 autenticarse en",
"nl": "Je hebt eerder gekozen voor authenticatie bij",
"sl": "Predhodnje ste se prijavljali \u017ee pri",
"da": "Du har tidligere valgt at logge ind hos",
"de": "Sie haben sich zu einem fr\u00fcheren Zeitpunkt entschieden, sich zu authentifizieren bei ",
"fi": "Olet aikaisemmin valinnut identiteettil\u00e4hteeksesi",
"pt": "Escolheu autenticar-se anteriormente em",
"fr": "Pr\u00e9c\u00e9demment, vous aviez choisi de vous authentifier sur",
"hr": "Prethodno ste odabrali autentifikaciju kroz",
"nn": "Du har tidlegare logga inn ved",
"lt": "Anks\u010diau pasirinkote autentikuotis",
"it": "Precedentemente si \u00e8 scelto di autenticarsi con",
"hu": "Kor\u00e1bban ezt a szem\u00e9lyazonoss\u00e1g-szolg\u00e1ltat\u00f3t (IdP) v\u00e1lasztotta: ",
"ja": "\u524d\u56de\u9078\u629e\u3057\u305f\u8a8d\u8a3c: ",
"zh-tw": "\u60a8\u5148\u524d\u5df2\u9078\u64c7\u8a8d\u8b49\u65bc",
"pl": "Poprzednio wybra\u0142e\u015b",
"ru": "\u0412\u044b \u0443\u0436\u0435 \u0432\u044b\u0431\u0440\u0430\u043b\u0438 \u0434\u043b\u044f \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0432",
"et": "Varem oled valinud autentida, kasutades",
"he": "\u05d1\u05e2\u05d1\u05e8 \u05d1\u05d7\u05e8\u05ea \u05dc\u05d4\u05d6\u05d3\u05d4\u05d5\u05ea \u05d1-",
"pt-br": "Voc\u00ea j\u00e1 escolheu para autenticar a",
"zh": "\u4f60\u5148\u524d\u9009\u62e9\u7684\u8ba4\u8bc1",
"ar": "\u0642\u0645\u062a \u0633\u0627\u0628\u0642\u0627 \u0628\u0627\u0644\u062a\u0635\u062f\u064a\u0642 \u0641\u064a",
"id": "Sebelumnya anda telah memilih untuk melakukan autentifikasi di ",
"sr": "Prethodno ste izabrali da se autentifikujete kroz"
},
"login_at": {
"no": "Logg inn hos",
"sv": "Logga in med",
"es": "Identificarse en",
"nl": "Inloggen bij",
"sl": "Prijavi se pri",
"da": "Login hos",
"de": "Login bei",
"fi": "Kirjaudu",
"pt": "Entrar em",
"fr": "S'authentifier sur",
"hr": "Prijavi se kroz",
"nn": "Logg inn ved",
"lt": "Prisijungti prie",
"it": "Effettua il login con",
"hu": "Bel\u00e9p\u00e9s ide:",
"ja": "\u30ed\u30b0\u30a4\u30f3: ",
"zh-tw": "\u767b\u5165\u81f3",
"pl": "Zaloguj w",
"ru": "\u0412\u043e\u0439\u0442\u0438 \u0432",
"et": "Logi sisse",
"he": "\u05db\u05e0\u05e1 \u05dc-",
"pt-br": "Logado como",
"zh": "\u767b\u5f55\u4e8e",
"ar": "\u0633\u062c\u0644 \u062f\u062e\u0648\u0644\u064a \u0639\u0644\u064a",
"id": "Login di",
"sr": "Prijavi se kroz"
}
}

View File

@ -0,0 +1,221 @@
{
"error_header": {
"en": "simpleSAMLphp error"
},
"report_trackid": {
"en": "If you report this error, please also report this tracking number which makes it possible to locate your session in the logs available to the system administrator:"
},
"debuginfo_header": {
"en": "Debug information"
},
"debuginfo_text": {
"en": "The debug information below may be of interest to the administrator \/ help desk:"
},
"report_header": {
"en": "Report errors"
},
"report_text": {
"en": "Optionally enter your email address, for the administrators to be able contact you for further questions about your issue:"
},
"report_email": {
"en": "E-mail address:"
},
"report_explain": {
"en": "Explain what you did when this error occurred..."
},
"report_submit": {
"en": "Send error report"
},
"howto_header": {
"en": "How to get help"
},
"howto_text": {
"en": "This error probably is due to some unexpected behaviour or to misconfiguration of simpleSAMLphp. Contact the administrator of this login service, and send them the error message above."
},
"title_CREATEREQUEST": {
"en": "Error creating request"
},
"descr_CREATEREQUEST": {
"en": "An error occurred when trying to create the SAML request."
},
"title_DISCOPARAMS": {
"en": "Bad request to discovery service"
},
"descr_DISCOPARAMS": {
"en": "The parameters sent to the discovery service were not according to specifications."
},
"title_GENERATEAUTHNRESPONSE": {
"en": "Could not create authentication response"
},
"descr_GENERATEAUTHNRESPONSE": {
"en": "When this identity provider tried to create an authentication response, an error occurred."
},
"title_LDAPERROR": {
"en": "LDAP Error"
},
"descr_LDAPERROR": {
"en": "LDAP is the user database, and when you try to login, we need to contact an LDAP database. An error occurred when we tried it this time."
},
"title_LOGOUTREQUEST": {
"en": "Error processing the Logout Request"
},
"descr_LOGOUTREQUEST": {
"en": "An error occurred when trying to process the Logout Request."
},
"title_METADATA": {
"en": "Error loading metadata"
},
"descr_METADATA": {
"en": "There is some misconfiguration of your simpleSAMLphp installation. If you are the administrator of this service, you should make sure your metadata configuration is correctly setup."
},
"title_NOACCESS": {
"en": "No access"
},
"descr_NOACCESS": {
"en": "This endpoint is not enabled. Check the enable options in your configuration of simpleSAMLphp."
},
"title_NORELAYSTATE": {
"en": "No RelayState"
},
"descr_NORELAYSTATE": {
"en": "The initiator of this request did not provide a RelayState parameter indicating where to go next."
},
"title_PROCESSASSERTION": {
"en": "Error processing response from Identity Provider"
},
"descr_PROCESSASSERTION": {
"en": "We did not accept the response sent from the Identity Provider."
},
"title_PROCESSAUTHNREQUEST": {
"en": "Error processing request from Service Provider"
},
"descr_PROCESSAUTHNREQUEST": {
"en": "This Identity Provider received an Authentication Request from a Service Provider, but an error occurred when trying to process the request."
},
"title_SLOSERVICEPARAMS": {
"en": "No SAML message provided"
},
"descr_SLOSERVICEPARAMS": {
"en": "You accessed the SingleLogoutService interface, but did not provide a SAML LogoutRequest or LogoutResponse."
},
"title_ACSPARAMS": {
"en": "No SAML response provided"
},
"descr_ACSPARAMS": {
"en": "You accessed the Assertion Consumer Service interface, but did not provide a SAML Authentication Response."
},
"title_CASERROR": {
"en": "CAS Error"
},
"descr_CASERROR": {
"en": "Error when communicating with the CAS server."
},
"title_CONFIG": {
"en": "Configuration error"
},
"descr_CONFIG": {
"en": "simpleSAMLphp appears to be misconfigured."
},
"title_NOTVALIDCERT": {
"en": "Invalid certificate"
},
"descr_NOTVALIDCERT": {
"en": "You did not present a valid certificate."
},
"title_NOTSET": {
"en": "Password not set"
},
"descr_NOTSET": {
"en": "The password in the configuration (auth.adminpassword) is not changed from the default value. Please edit the configuration file."
},
"errorreport_header": {
"en": "Error report sent"
},
"errorreport_text": {
"en": "The error report has been sent to the administrators."
},
"title_LOGOUTINFOLOST": {
"en": "Logout information lost"
},
"descr_LOGOUTINFOLOST": {
"en": "The information about the current logout operation has been lost. You should return to the service you were trying to log out from and try to log out again. This error can be caused by the logout information expiring. The logout information is stored for a limited amout of time - usually a number of hours. This is longer than any normal logout operation should take, so this error may indicate some other error with the configuration. If the problem persists, contact your service provider."
},
"title_UNHANDLEDEXCEPTION": {
"en": "Unhandled exception"
},
"descr_UNHANDLEDEXCEPTION": {
"en": "An unhandled exception was thrown."
},
"title_NOTFOUND": {
"en": "Page not found"
},
"descr_NOTFOUND": {
"en": "The given page was not found. The URL was: %URL%"
},
"title_NOTFOUNDREASON": {
"en": "Page not found"
},
"descr_NOTFOUNDREASON": {
"en": "The given page was not found. The reason was: %REASON% The URL was: %URL%"
},
"title_BADREQUEST": {
"en": "Bad request received"
},
"descr_BADREQUEST": {
"en": "There is an error in the request to this page. The reason was: %REASON%"
},
"title_WRONGUSERPASS": {
"en": "Incorrect username or password"
},
"descr_WRONGUSERPASS": {
"en": "Either no user with the given username could be found, or the password you gave was wrong. Please check the username and try again."
},
"title_RESPONSESTATUSNOSUCCESS": {
"en": "Error received from Identity Provider"
},
"descr_RESPONSESTATUSNOSUCCESS": {
"en": "The Identity Provider responded with an error. (The status code in the SAML Response was not success)"
},
"title_NOCERT": {
"en": "No certificate"
},
"descr_NOCERT": {
"en": "Authentication failed: your browser did not send any certificate"
},
"title_INVALIDCERT": {
"en": "Invalid certificate"
},
"descr_INVALIDCERT": {
"en": "Authentication failed: the certificate your browser sent is invalid or cannot be read"
},
"title_UNKNOWNCERT": {
"en": "Unknown certificate"
},
"descr_UNKNOWNCERT": {
"en": "Authentication failed: the certificate your browser sent is unknown"
},
"title_USERABORTED": {
"en": "Authentication aborted"
},
"descr_USERABORTED": {
"en": "The authentication was aborted by the user"
},
"title_NOSTATE": {
"en": "State information lost"
},
"descr_NOSTATE": {
"en": "State information lost, and no way to restart the request"
},
"title_METADATANOTFOUND": {
"en": "Metadata not found"
},
"descr_METADATANOTFOUND": {
"en": "Unable to locate metadata for %ENTITYID%"
},
"title_AUTHSOURCEERROR": {
"en": "Authentication source error"
},
"descr_AUTHSOURCEERROR": {
"en": "Authentication error in source %AUTHSOURCE%. The reason was: %REASON%"
}
}

File diff suppressed because it is too large Load Diff

View File

@ -0,0 +1,62 @@
{
"error_header": {
"en": "Error"
},
"user_pass_header": {
"en": "Enter your username and password"
},
"user_pass_text": {
"en": "A service has requested you to authenticate yourself. Please enter your username and password in the form below."
},
"login_button": {
"en": "Login"
},
"username": {
"en": "Username"
},
"organization": {
"en": "Organization"
},
"password": {
"en": "Password"
},
"help_header": {
"en": "Help! I don't remember my password."
},
"help_text": {
"en": "Too bad! - Without your username and password you cannot authenticate yourself for access to the service. There may be someone that can help you. Consult the help desk at your university!"
},
"error_nopassword": {
"en": "You sent something to the login page, but for some reason the password was not sent. Try again please."
},
"error_wrongpassword": {
"en": "Incorrect username or password."
},
"select_home_org": {
"en": "Choose your home organization"
},
"next": {
"en": "Next"
},
"change_home_org_title": {
"en": "Change your home organization"
},
"change_home_org_text": {
"en": "You have chosen <b>%HOMEORG%<\/b> as your home organization. If this is wrong you may choose another one."
},
"change_home_org_button": {
"en": "Choose home organization"
},
"help_desk_link": {
"en": "Help desk homepage"
},
"help_desk_email": {
"en": "Send e-mail to help desk"
},
"contact_info": {
"en": "Contact information:"
},
"remember_username": {
"en": "Remember my username"
}
}

View File

@ -0,0 +1,588 @@
{
"error_header": {
"no": "Feil",
"nn": "Feil",
"sv": "Fel",
"es": "Los datos que ha suministrado no son v\u00e1lidos",
"fr": "Erreur",
"de": "Fehler",
"nl": "Fout",
"lb": "Fehler",
"sl": "Napaka",
"da": "Fejl",
"hr": "Gre\u0161ka",
"hu": "Hiba",
"fi": "Virhe",
"pt-br": "Erro",
"pt": "Erro",
"pl": "B\u0142\u0105d",
"cs": "Chyba",
"tr": "Hata",
"lt": "Klaida",
"it": "Errore",
"ja": "\u30a8\u30e9\u30fc",
"zh-tw": "\u932f\u8aa4",
"et": "T\u00f5rge",
"he": "\u05e9\u05d2\u05d9\u05d0\u05d4",
"ru": "\u041e\u0448\u0438\u0431\u043a\u0430",
"zh": "\u9519\u8bef",
"ar": "\u062e\u0637\u0627",
"id": "Error",
"sr": "Gre\u0161ka"
},
"user_pass_header": {
"no": "Skriv inn brukernavn og passord",
"nn": "Skriv inn brukarnamn og passord",
"sv": "Ange ditt anv\u00e4ndarnamn och l\u00f6senord",
"es": "Indique su nombre de usuario y clave de acceso",
"fr": "Entrez votre identifiant et votre mot de passe",
"de": "Bitten geben sie ihren Nutzernamen und Passwort ein",
"nl": "Geef je gebruikersnaam en wachtwoord",
"lb": "Gid w.e.g Aeren Benotzernumm an d Passwuert an",
"sl": "Vnesite svoje uporabni\u0161ko ime in geslo",
"da": "Indtast brugernavn og kodeord",
"hr": "Unesite korisni\u010dku oznaku i zaporku",
"hu": "Felhaszn\u00e1l\u00f3n\u00e9v \u00e9s jelsz\u00f3",
"fi": "Sy\u00f6t\u00e4 tunnuksesi ja salasanasi",
"pt-br": "Digite seu usu\u00e1rio e senha",
"pt": "Introduza o seu nome de utilizador e senha",
"pl": "Wprowad\u017a nazw\u0119 uzytkownika i has\u0142o",
"cs": "lo\u017ete sv\u00e9 jm\u00e9no a heslo",
"tr": "Kullan\u0131c\u0131 ad\u0131 ve \u015fifrenizi giriniz",
"lt": "\u012eveskite savo prisijungimo vard\u0105 ir slapta\u017eod\u012f",
"it": "Inserire nome utente e password",
"ja": "\u30e6\u30fc\u30b6\u30fc\u540d\u3068\u30d1\u30b9\u30ef\u30fc\u30c9\u3092\u5165\u529b\u3057\u3066\u304f\u3060\u3055\u3044",
"zh-tw": "\u8acb\u8f38\u5165\u60a8\u7684\u5e33\u865f\u53ca\u5bc6\u78bc",
"et": "Sisesta oma kasutajatunnus ja parool",
"he": "\u05d4\u05db\u05e0\u05e1 \u05e9\u05dd \u05de\u05e9\u05ea\u05de\u05e9 \u05d5\u05e1\u05d9\u05e1\u05de\u05d4",
"ru": "\u0412\u0432\u0435\u0434\u0438\u0442\u0435 \u0438\u043c\u044f \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f \u0438 \u043f\u0430\u0440\u043e\u043b\u044c",
"zh": "\u8f93\u5165\u4f60\u7684\u7528\u6237\u540d\u548c\u5bc6\u7801",
"ar": "\u0627\u062f\u062e\u0644 \u0627\u0633\u0645 \u0627\u0644\u0645\u0633\u062a\u062e\u062f\u0645 \u0648 \u0643\u0644\u0645\u0629 \u0627\u0644\u0633\u0631",
"id": "Masukkan username dan password Anda",
"sr": "Unesite va\u0161e korisni\u010dko ime i lozinku"
},
"user_pass_text": {
"no": "En tjeneste har bedt om bekreftelse p\u00e5 din identitet. Skriv inn ditt brukernavn og passord for \u00e5 autentisere deg.",
"nn": "Ei webteneste har spurt etter autentisering av deg. Skriv inn brukarnamnet ditt og passordet ditt for \u00e5 autentisera deg.",
"sv": "En webbtj\u00e4nst har beg\u00e4rt att du ska logga in. Detta betyder att du beh\u00f6ver ange ditt anv\u00e4ndarnamn och ditt l\u00f6senord i formul\u00e4ret nedan.",
"es": "Un servicio solicita que se autentique. Esto significa que debe indicar su nombre de usuario y su clave de acceso en el siguiente formulario.",
"fr": "Un service a demand\u00e9 \u00e0 ce que vous vous authentifiez. Cela signifie que vous devez entrer votre identifiant et votre mot de passe dans le formulaire ci-dessous.",
"de": "Um diesen Dienst zu nutzen, m\u00fcssen sie sich authentifizieren. Bitte geben sie daher unten Nutzernamen und Passwort ein.",
"nl": "Voor deze dienst is authenticatie vereist. Geef je gebruikersnaam en wachtwoord in onderstaand formulier.",
"lb": "En Service huet ungefrot aerch ze authentifiz\u00e9iren. Daat heescht daer musst aeren Benotzernumm an d'Passwuert an de Formulairen heidr\u00ebnner angin.",
"sl": "Storitev zahteva, da se prijavite. To pomeni, da je potreben vnos uporabni\u0161kega imena in gesla v spodnji polji.",
"da": "En web-tjeneste har bedt om at tilkendegiver dig. Det betyder, at du skal indtaste dit brugernavn og kodeord herunder",
"hr": "Aplikacija zahtjeva od vas da se autentificirate. Unesite va\u0161u korisni\u010dku oznaku i zaporku u dolje navedena polja.",
"hu": "Ez a szolg\u00e1ltat\u00e1s megk\u00f6veteli, hogy azonos\u00edtsa mag\u00e1t. K\u00e9rj\u00fck, adja meg felhaszn\u00e1l\u00f3nev\u00e9t \u00e9s jelszav\u00e1t az al\u00e1bbi \u0171rlapon.",
"fi": "Palvelu on pyyt\u00e4nyt kirjautumista. Ole hyv\u00e4 ja sy\u00f6t\u00e4 tunnuksesi ja salasanasi alla olevaan kaavakkeeseen.",
"pt-br": "Um servi\u00e7o que voc\u00ea pediu necessita que voc\u00ea se autentique. Digite seu nome de usu\u00e1rio e senha no formul\u00e1rio abaixo.",
"pt": "Foi pedida a sua autentica\u00e7\u00e3o por um servi\u00e7o. Por favor, introduza o seu nome de utilizador e senha nos campos seguintes.",
"pl": "Serwis za\u017c\u0105da\u0142 autentykacji. Prosz\u0119 w poni\u017cszym formularzu wprowadzi\u0107 nazw\u0119 uzytkownika oraz has\u0142o.",
"cs": "Slu\u017eba po\u017eaduje va\u0161i identifikaci. Pros\u00edm vlo\u017ete sv\u00e9 jm\u00e9no a heslo.",
"tr": "Bir servis kendinizi yetkilendirmenizi istedi. L\u00fctfen a\u015fa\u011f\u0131daki forma kullan\u0131c\u0131 ad\u0131n\u0131z\u0131 ve \u015fifrenizi giriniz.",
"lt": "Paslauga pra\u0161o autentikacijos. \u017demiau \u012fveskite savo prisijungimo vard\u0105 ir slapta\u017eod\u012f.",
"it": "Un servizio ha richiesto l'autenticazione. Si prega di inserire le proprie credenziali nella maschera di login sottostante.",
"ja": "\u30b5\u30fc\u30d3\u30b9\u306f\u3042\u306a\u305f\u81ea\u8eab\u306e\u8a8d\u8a3c\u3092\u8981\u6c42\u3057\u3066\u3044\u307e\u3059\u3002\u4ee5\u4e0b\u306e\u30d5\u30a9\u30fc\u30e0\u306b\u30e6\u30fc\u30b6\u30fc\u540d\u3068\u30d1\u30b9\u30ef\u30fc\u30c9\u3092\u5165\u529b\u3057\u3066\u304f\u3060\u3055\u3044\u3002",
"zh-tw": "\u8acb\u4f7f\u7528\u5e33\u865f\u5bc6\u78bc\u767b\u5165\uff0c\u4ee5\u4fbf\u9032\u5165\u7cfb\u7d71\u3002",
"et": "Teenus n\u00f5uab autentimist. Palun sisesta allpool olevasse vormi oma kasutajatunnus ja parool.",
"he": "\u05e9\u05d9\u05e8\u05d5\u05ea \u05d1\u05d9\u05e7\u05e9 \u05e9\u05ea\u05d6\u05d3\u05d4\u05d4. \u05d0\u05e0\u05d0 \u05d4\u05db\u05e0\u05e1 \u05d0\u05ea \u05e9\u05dd \u05d4\u05de\u05e9\u05ea\u05de\u05e9 \u05d5\u05d4\u05e1\u05d9\u05e1\u05de\u05d4 \u05e9\u05dc\u05da \u05d1\u05d8\u05d5\u05e4\u05e1 \u05de\u05ea\u05d7\u05ea.",
"ru": "\u0421\u043b\u0443\u0436\u0431\u0430 \u0437\u0430\u043f\u0440\u0430\u0448\u0438\u0432\u0430\u0435\u0442 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u044e. \u041f\u043e\u0436\u0430\u043b\u0443\u0439\u0441\u0442\u0430, \u0432\u0432\u0435\u0434\u0438\u0442\u0435 \u0438\u043c\u044f \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f \u0438 \u043f\u0430\u0440\u043e\u043b\u044c.",
"zh": "\u4e00\u4e2a\u670d\u52a1\u9700\u8981\u4f60\u7684\u8ba4\u8bc1\uff0c\u8bf7\u5728\u4e0b\u9762\u8f93\u5165\u4f60\u7684\u7528\u6237\u540d\u548c\u5bc6\u7801",
"ar": "\u0637\u0644\u0628\u062a \u0627\u062d\u062f\u064a \u0627\u0644\u062e\u062f\u0645\u0627\u062a \u0627\u0646 \u062a\u0648\u062b\u0642 \u0627\u0646\u0643 \u0627\u0646\u062a. \u0631\u062c\u0627\u0621\u0627\u064b \u0642\u0645 \u0628\u0625\u062f\u0631\u0627\u062c \u0627\u0633\u0645 \u0627\u0644\u0645\u0633\u062a\u062e\u062f\u0645 \u0648 \u0643\u0644\u0645\u0629 \u0627\u0644\u0633\u0631 \u062e\u0627\u0635\u062a\u0643 \u0628\u0627\u0644\u0627\u0633\u062a\u0645\u0627\u0631\u0629 \u0623\u062f\u0646\u0627\u0647",
"id": "Sebuah layanan telah meminta Anda untuk melakukan autentifikasi. Silahkan masukkan username dan password Anda pada form dibawah",
"sr": "Servis zahteva od vas da se autentifikujete. Unesite va\u0161e korisni\u010dko ime i lozinku u dole navedena polja."
},
"login_button": {
"no": "Logg inn",
"nn": "Logg inn",
"sv": "Logga in",
"es": "Login",
"fr": "S'identifier",
"de": "Anmelden",
"nl": "Inloggen",
"lb": "Login",
"sl": "Prijava",
"da": "Login",
"se": "Mana sis",
"hr": "Prijavi se",
"hu": "Bejelentkez\u00e9s",
"fi": "Kirjaudu",
"pt-br": "Acessar",
"pt": "Entrar",
"pl": "Login",
"cs": "P\u0159ihl\u00e1sit",
"tr": "Giri\u015f",
"lt": "Prisijungti",
"it": "Login",
"ja": "\u30ed\u30b0\u30a4\u30f3",
"zh-tw": "\u767b\u5165",
"et": "Logi sisse",
"he": "\u05db\u05e0\u05d9\u05e1\u05d4",
"ru": "\u0412\u043e\u0439\u0442\u0438",
"zh": "\u767b\u5f55",
"ar": "\u062a\u0633\u062c\u064a\u0644 \u0627\u0644\u062f\u062e\u0648\u0644",
"id": "Login",
"sr": "Prijavi se"
},
"username": {
"no": "Brukernavn",
"nn": "Brukarnamn",
"sv": "Anv\u00e4ndarnamn",
"es": "Nombre de usuario",
"fr": "Identifiant",
"de": "Nutzername",
"nl": "Gebruikersnaam",
"lb": "Benotzernumm",
"sl": "Uporabni\u0161ko ime",
"da": "Brugernavn",
"se": "Geavahusnamma",
"hr": "Korisni\u010dka oznaka",
"hu": "Felhaszn\u00e1l\u00f3n\u00e9v",
"fi": "Tunnus",
"pt-br": "Usu\u00e1rio",
"pt": "Nome de utilizador",
"pl": "Nazwa u\u017cytkownika",
"cs": "U\u017eivatel",
"tr": "Kullan\u0131c\u0131 ad\u0131",
"lt": "Prisijungimo vardas",
"it": "Nome utente",
"ja": "\u30e6\u30fc\u30b6\u30fc\u540d",
"zh-tw": "\u5e33\u865f",
"et": "Kasutajatunnus",
"he": "\u05e9\u05dd \u05de\u05e9\u05ea\u05de\u05e9",
"ru": "\u0418\u043c\u044f \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f",
"zh": "\u7528\u6237\u540d",
"ar": "\u0627\u0633\u0645 \u0627\u0644\u0645\u0633\u062a\u062e\u062f\u0645",
"id": "Username",
"sr": "Korisni\u010dko ime"
},
"organization": {
"no": "Organisasjon",
"nn": "Organisasjon",
"sv": "Organisation",
"es": "Organizaci\u00f3n",
"fr": "Fournisseur",
"de": "Organisation",
"nl": "Organisatie",
"lb": "Organisatioun",
"sl": "Organizacija",
"da": "Organistationsnavn",
"se": "Organisa&#353;uvdna",
"hr": "Ustanova",
"hu": "Szervezet",
"fi": "Organisaatio",
"pt-br": "Organiza\u00e7\u00e3o",
"pt": "Organiza\u00e7\u00e3o",
"pl": "Organizacja",
"cs": "Organizace",
"tr": "Organizasyon",
"lt": "Organizacija",
"it": "Organizzazione",
"ja": "\u7d44\u7e54",
"zh-tw": "\u7d44\u7e54",
"et": "Organisatsioon",
"he": "\u05d0\u05d9\u05e8\u05d2\u05d5\u05df",
"ru": "\u041e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u044f",
"zh": "\u7ec4\u7ec7",
"ar": "\u0627\u0644\u062c\u0647\u0629 ",
"id": "Organisasi",
"sr": "Institucija"
},
"password": {
"no": "Passord",
"nn": "Passord",
"sv": "L\u00f6senord",
"es": "Clave de acceso",
"fr": "Mot de passe",
"de": "Passwort",
"nl": "Wachtwoord",
"lb": "Passwuert",
"sl": "Geslo",
"da": "Kodeord",
"se": "Beassans&aacute;tni",
"hr": "Zaporka",
"hu": "Jelsz\u00f3",
"fi": "Salasana",
"pt-br": "Senha",
"pt": "Senha",
"pl": "Has\u0142o",
"cs": "Heslo",
"tr": "\u015eifre",
"lt": "Slapta\u017eodis",
"it": "Password",
"ja": "\u30d1\u30b9\u30ef\u30fc\u30c9",
"zh-tw": "\u5bc6\u78bc",
"et": "Parool",
"he": "\u05e1\u05d9\u05e1\u05de\u05d4",
"ru": "\u041f\u0430\u0440\u043e\u043b\u044c",
"zh": "\u5bc6\u7801",
"ar": "\u0643\u0644\u0645\u0629 \u0627\u0644\u0633\u0631",
"id": "Password",
"sr": "Lozinka"
},
"help_header": {
"no": "Hjelp! Jeg har glemt passordet mitt.",
"nn": "Hjelp! Eg har gl\u00f8ymd passordet mitt",
"sv": "Hj\u00e4lp! Jag kommer inte ih\u00e5g mitt l\u00f6senord.",
"es": "&iexcl;Socorro! Se me ha olvidado mi clave de acceso.",
"fr": "\u00c0 l'aide! Je ne me souviens plus de mon mot de passe.",
"de": "Hilfe, ich habe mein Passwort vergessen.",
"nl": "Help! Ik weet mijn wachtwoord niet meer.",
"lb": "Hellef! Ech hun m\u00e4in Passwuert vergiess!",
"sl": "Na pomo\u010d! Pozabil sem svoje geslo.",
"da": "Hj\u00e6lp! Jeg har glemt mit kodeord",
"hr": "Upomo\u0107! Zaboravio\/la sam svoju zaporku.",
"hu": "Seg\u00edts\u00e9g! Elfelejtettem a jelszavam.",
"fi": "Apua! En muista salasanaani",
"pt-br": "Ajude-me! N\u00e3o lembro minha senha.",
"pt": "N\u00e3o me lembro da minha senha",
"pl": "Pomocy! Nie pami\u0119tam has\u0142a.",
"cs": "Chci pomoci. Zapomn\u011bl jsem heslo.",
"tr": "Yard\u0131m! \u015eifremi hat\u0131rlam\u0131yorum.",
"lt": "Pagalbos! Nepamenu savo slapta\u017eod\u017eio.",
"it": "Aiuto! Non ricordo la mia password.",
"ja": "\u305f\u3059\u3051\u3066! \u30d1\u30b9\u30ef\u30fc\u30c9\u3092\u601d\u3044\u51fa\u305b\u307e\u305b\u3093\u3002",
"zh-tw": "\u7cdf\u7cd5\uff01\u5fd8\u8a18\u5bc6\u78bc\u4e86\u3002",
"et": "Appi! Ma ei m\u00e4leta parooli.",
"he": "\u05d4\u05e6\u05d9\u05dc\u05d5! \u05e9\u05db\u05d7\u05ea\u05d9 \u05d0\u05ea \u05d4\u05e1\u05d9\u05e1\u05de\u05d4.",
"ru": "\u041f\u043e\u043c\u043e\u0433\u0438\u0442\u0435! \u042f \u043d\u0435 \u043f\u043e\u043c\u043d\u044e \u0441\u0432\u043e\u0439 \u043f\u0430\u0440\u043e\u043b\u044c.",
"zh": "\u5e2e\u52a9\uff01\u6211\u5fd8\u8bb0\u6211\u7684\u5bc6\u7801\u4e86\uff01",
"ar": "\u0633\u0627\u0639\u062f\u0646\u064a! \u0644\u0627 \u0627\u0630\u0643\u0631 \u0643\u0644\u0645\u0629 \u0627\u0644\u0633\u0631",
"id": "Tolong! Saya tidak ingat password saya",
"sr": "Upomo\u0107! Zaboravio\/la sam svoju lozinku."
},
"help_text": {
"no": "Synd! - Uten riktig brukernavn og passord kan du ikke autentisere deg. Det kan v\u00e6re noen som kan hjelpe deg. Fors\u00f8k \u00e5 kontakt brukerst\u00f8tte ved din vertsorganisasjon.",
"nn": "Synd! - Utan riktig brukarnamn og passord kan du ikkje autentisera deg. Ta kontakt med brukarst\u00f8tte hos din organisasjon.",
"sv": "Tyv\u00e4rr kan du inte logga in i tj\u00e4nsten om du inte har ditt anv\u00e4ndarnamn och ditt l\u00f6senord. Ta kontakt med din organisations support eller helpdesk f\u00f6r att f\u00e5 hj\u00e4lp.",
"es": "&iexcl;Muy mal! - Sin su nombre de usuario y su clave de acceso usted no se puede identificar y acceder al servicio. A lo mejor hay alguien que puede ayudarle. &iexcl;P&oacute;ngase en contacto con el centro de ayuda de su universidad!",
"fr": "Pas de chance! Sans votre identifiant et votre mot de passe vous ne pouvez pas vous authentifier et acc\u00e9der au service. Il y a peut-\u00eatre quelqu'un pour vous aider. Contactez le help desk de votre universit\u00e9!",
"de": "Pech! - Ohne Nutzername und Passwort k\u00f6nnen sie sich nicht authentifizieren und somit den Dienst nicht nutzen. M\u00f6glicherweise kann ihnen jemand helfen, kontaktieren sie dazu den Helpdesk ihrer Einrichtung.",
"nl": "Vette pech! - Zonder je gebruikersnaam en wachtwoord kun je je niet authenticeren en dus niet gebruikmaken van deze dienst.",
"lb": "Pesch gehaat! - Ouni aeren Benotzernumm an d'Passwuert k\u00ebnn der aerch net authentifiz\u00e9iren an op den Service zougraiffen.",
"sl": "\u017dal se brez uporabni\u0161kega imena in gesla ne morete prijaviti in uporabljati storitev.",
"da": "Desv\u00e6rre, uden korrekt brugernavn og kodeord kan du ikke f\u00e5 adgang til tjenesten. M\u00e5ske kan help-desk p\u00e5 din hjemmeinstitution hj\u00e6lpe dig",
"hr": "\u0160teta! - Bez ispravne korisni\u010dke oznake i zaporke ne mo\u017eete pristupiti aplikaciji. Da biste saznali va\u0161u zaporku kontaktirajte administratora elektroni\u010dkog (LDAP) imenika va\u0161e ustanove.",
"hu": "Ajaj! - Felhaszn\u00e1l\u00f3i neve \u00e9s jelszava n\u00e9lk\u00fcl nem tudja azonos\u00edtani mag\u00e1t, \u00edgy nem f\u00e9rhet hozz\u00e1 a szolg\u00e1ltat\u00e1shoz. Biztosan van valaki, aki tud \u00f6nnek seg\u00edteni. Vegye fel a kapcsolatot az \u00fcgyf\u00e9lszolg\u00e1lattal!",
"fi": "Pahus! - Ilman tunnusta ja salasanaa et voi kirjautua palveluun. Voi olla, ett\u00e4 joku voi auttaa sinua. Ole hyv\u00e4 ja ota yhteytt\u00e4 korkeakoulusi tukeen!",
"pt-br": "Muito mal! - Sem o seu nome de usu\u00e1rio e a senha voc\u00ea n\u00e3o pode autenticar-se para acessar o servi\u00e7o. Pode haver algu\u00e9m que possa lhe ajudar. Consulte a central de d\u00favidas!",
"pt": "Sem o seu nome de utilizador e senha n\u00e3o se pode autenticar para acesso ao servi\u00e7o. Para obter ajuda, consulte o seu servi\u00e7o de apoio ao utilizador.",
"pl": "Niedobrze! - Bez nazwy u\u017cytkownika i\/lub has\u0142a nie mo\u017cesz zosta\u0107 uwierzytelniony dla tego serwisu. Mo\u017ce jest kto\u015b, kto mo\u017ce Ci pom\u00f3c. Skonsultuj si\u0119 z dzia\u0142em pomocy technicznej na Twojej uczelni.",
"cs": "Probl\u00e9m! Bez jm\u00e9na a hesla se nem\u016f\u017eete identifikovat. Existuje n\u011bkdo kdo v\u00e1m pom\u016f\u017ee. Konzultujte helpdesk va\u0161\u00ed organizace.",
"tr": "\u00c7ok k\u00f6t\u00fc! - Kullan\u0131c\u0131 ad\u0131n\u0131z ve \u015fifreniz olmadan bu servisi kullanamazs\u0131n\u0131z. Size yard\u0131mc\u0131 olabilecek birileri olabilir. Kurulu\u015funuza dan\u0131\u015f\u0131n. ",
"lt": "Blogai - be prisijungimo vardo ir slapta\u017eod\u017eio negal\u0117site autentikuotis ir patekti \u012f reikiam\u0105 paslaug\u0105. Galb\u016bt yra kas Jums gal\u0117t\u0173 pad\u0117ti. Susisiekite su savo universiteto vartotoj\u0173 aptarnavimo specialistais.",
"it": "Senza il nome utente e la password, non \u00e8 possibile effettuare l'autenticazione al servizio. C'\u00e8 probabilmente qualcuno che pu\u00f2 fornire aiuto. Consultare il proprio help desk.",
"ja": "\u304a\u6c17\u306e\u6bd2\u3067\u3059! - \u30e6\u30fc\u30b6\u30fc\u540d\u3068\u30d1\u30b9\u30ef\u30fc\u30c9\u304c\u7121\u304f\u3066\u306f\u30b5\u30fc\u30d3\u30b9\u306b\u30a2\u30af\u30bb\u30b9\u3059\u308b\u70ba\u306b\u3042\u306a\u305f\u81ea\u8eab\u3092\u8a8d\u8a3c\u3059\u308b\u4e8b\u304c\u51fa\u6765\u307e\u305b\u3093\u3002\u3042\u306a\u305f\u306e\u5927\u5b66\u306e\u30d8\u30eb\u30d7\u30c7\u30b9\u30af\u306b\u76f8\u8ac7\u3059\u308b\u3068\u3001\u3042\u306a\u305f\u306e\u52a9\u3051\u306b\u306a\u3063\u3066\u304f\u308c\u308b\u3067\u3057\u3087\u3046\u3002",
"zh-tw": "\u5594\u5594\uff01\u5982\u679c\u60a8\u7684\u5e33\u865f\u548c\u5bc6\u78bc\u932f\u8aa4\uff0c\u7cfb\u7d71\u5c07\u7121\u6cd5\u63d0\u4f9b\u76f8\u95dc\u670d\u52d9\uff01",
"et": "Paha lugu! Ilma kasutajatunnust ja parooli teadmata pole v\u00f5imalik seda teenust kasutada. Loodetavasti saab sind keegi aidata. V\u00f5ta \u00fchendust oma \u00fclikooli kasutajatoeteenusega!",
"he": "\u05d7\u05d1\u05dc! - \u05d1\u05dc\u05d9 \u05e9\u05dd \u05d4\u05de\u05e9\u05ea\u05de\u05e9 \u05d5\u05d4\u05e1\u05d9\u05e1\u05de\u05d4 \u05e9\u05dc\u05da \u05d0\u05ea\u05d4 \u05dc\u05d0 \u05d9\u05db\u05d5\u05dc \u05dc\u05d4\u05d6\u05d3\u05d4\u05d5\u05ea \u05d1\u05db\u05d3\u05d9 \u05dc\u05d2\u05e9\u05ea \u05dc\u05e9\u05d9\u05e8\u05d5\u05ea. \u05d9\u05db\u05d5\u05dc \u05dc\u05d4\u05d9\u05d5\u05ea \u05e9\u05d9\u05e9 \u05de\u05d9\u05e9\u05d4\u05d5 \u05e9\u05d9\u05db\u05d5\u05dc \u05dc\u05e2\u05d6\u05d5\u05e8 \u05dc\u05da. \u05e4\u05e0\u05d4 \u05dc\u05ea\u05de\u05d9\u05db\u05d4 \u05d4\u05d8\u05db\u05e0\u05d9\u05ea \u05d1\u05d0\u05d5\u05e0\u05d9\u05d1\u05e8\u05e1\u05d9\u05d8\u05d4 \u05e9\u05dc\u05da!",
"ru": "\u041e\u0447\u0435\u043d\u044c \u043f\u043b\u043e\u0445\u043e! - \u0411\u0435\u0437 \u0432\u0430\u0448\u0438\u0445 \u0438\u043c\u0435\u043d\u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f \u0438 \u043f\u0430\u0440\u043e\u043b\u044f \u0432\u044b \u043d\u0435 \u043c\u043e\u0436\u0435\u0442\u0435 \u043f\u043e\u0434\u0442\u0432\u0435\u0440\u0434\u0438\u0442\u044c \u0432\u0430\u0448\u0435 \u043f\u0440\u0430\u0432\u043e \u043d\u0430 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0441\u043b\u0443\u0436\u0431\u0435. \u041c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u0435\u0441\u0442\u044c \u043a\u0442\u043e-\u043d\u0438\u0431\u0443\u0434\u044c, \u043a\u0442\u043e \u0441\u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u043c\u043e\u0447\u044c \u0432\u0430\u043c. \u041f\u0440\u043e\u043a\u043e\u043d\u0441\u0443\u043b\u044c\u0442\u0438\u0440\u0443\u0439\u0442\u0435\u0441\u044c \u0441\u043e \u0441\u0432\u043e\u0435\u0439 \u0441\u043b\u0443\u0436\u0431\u043e\u0439 \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0438 \u0432 \u0432\u0430\u0448\u0435\u043c \u0443\u043d\u0438\u0432\u0435\u0440\u0441\u0438\u0442\u0435\u0442\u0435!",
"zh": "\u592a\u7cdf\u7cd5\u4e86\uff01-\u6ca1\u6709\u4f60\u7684\u7528\u6237\u540d\u548c\u5bc6\u7801\u4f60\u5c06\u4e0d\u80fd\u8bbf\u95ee\u8be5\u670d\u52a1\uff0c\u4e5f\u8bb8\u6709\u4eba\u80fd\u591f\u5e2e\u52a9\u4f60\uff0c\u8bf7\u54a8\u8be2\u4f60\u6240\u5728\u5927\u5b66\u7684\u670d\u52a1\u53f0",
"ar": "\u0644\u0633\u0648\u0621 \u0627\u0644\u062d\u0638 \u0644\u0627 \u064a\u0645\u0643\u0646\u0646\u0627 \u0627\u0644\u062a\u0648\u062b\u0642 \u0645\u0646 \u0647\u0648\u064a\u062a\u0643 \u0628\u062f\u0648\u0646 \u0627\u0633\u0645 \u0627\u0644\u0645\u0633\u062a\u062e\u062f\u0645 \u0648 \u0643\u0644\u0645\u0629 \u0627\u0644\u0633\u0631 \u0648\u0628\u0627\u0644\u062a\u0627\u0644\u064a \u0644\u0627 \u064a\u0645\u0643\u0646\u0643 \u0627\u0633\u062a\u062e\u062f\u0627\u0645 \u0627\u0644\u062e\u062f\u0645\u0629. \u0644\u0644\u0645\u0633\u0627\u0639\u062f\u0629 \u0627\u062a\u0635\u0644 \u0628\u0627\u0644\u0645\u0648\u0638\u0641 \u0627\u0644\u0645\u0633\u0624\u0648\u0644 \u0628\u0635\u0641\u062d\u0629 \u0627\u0644\u0645\u0633\u0627\u0639\u062f\u0629 \u0628\u062c\u0627\u0645\u0639\u062a\u0643",
"id": "Sayang sekali! - Tanpa username dan password Anda tidak dapat melakukan autentifikasi agar dapat mengakses layanan. Mungkin ada seseorang yang dapat menolong Anda. Hubungi help desk pada universitas Anda.",
"sr": "\u0160teta! - Bez ispravnog korisni\u010dkog imena i lozinke ne mo\u017eete pristupiti servisu. Da biste saznali va\u0161e korisni\u010dko ime i lozinku obratite se va\u0161oj mati\u010dnoj instituciji."
},
"error_nopassword": {
"no": "Du kontaktet loginsiden, men passordet ble ikke sendt med. Fors\u00f8k igjen.",
"nn": "Passordet blei ikkje sendt. Pr\u00f8v p\u00e5 nytt.",
"sv": "Du skicka in en inloggningsf\u00f6rfr\u00e5gan men det verkar som om ditt l\u00f6senord inte fanns med i f\u00f6rfr\u00e5gan. F\u00f6rs\u00f6k igen!",
"es": "Usted envi\u00f3 algo a la p\u00e1gina de acceso pero, por alg\u00fan motivo, la clave no fue enviada. Int\u00e9ntelo de nuevo, por favor.",
"fr": "Vous avez envoy\u00e9 quelque chose sur la page d'identification mais pour une raison inconnue votre mot de passe n'a pas \u00e9t\u00e9 transmis. Veuillez r\u00e9essayer.",
"de": "Sie haben etwas an die Anmeldeseite geschickt, aber aus irgendeinem Grund ist das Passwort nicht \u00fcbermittelt worden. Bitte versuchen Sie es erneut.",
"nl": "Je hebt wel iets ingetikt, maar blijkbaar is je wachtwoord niet verstuurd. Probeer het opnieuw AUB.",
"lb": "Der hud eppes un d'Login Sait gesch\u00e9eckt me aus iergentengem Grond huet d Passwuert gefehlt. Prob\u00e9iert w.e.g nach eng K\u00e9ier.",
"sl": "Pri\u0161lo je do napake, poskusite znova.",
"da": "Dit kodeord blev ikke sendt - pr\u00f8v igen",
"hr": "Iz nekog razloga autentifikacijskom servisu nije proslije\u0111ena va\u0161a zaporka. Molimo poku\u0161ajte ponovo.",
"hu": "Valamilyen okn\u00e1l fogva a jelsz\u00f3 nem olvashat\u00f3. K\u00e9rj\u00fck, pr\u00f3b\u00e1lja \u00fajra!",
"fi": "L\u00e4hetit jotain kirjautumissivulle, mutta jostain syyst\u00e4 salasanaa ei l\u00e4hetetty. Ole hyv\u00e4 ja yrit\u00e4 uudestaan.",
"pt-br": "Voc\u00ea enviou alguma coisa para a p\u00e1gina de login, mas por alguma raz\u00e3o a senha n\u00e3o foi enviada. Por favor tente novamente.",
"pt": "A senha n\u00e3o foi enviada no seu pedido. Por favor tente de novo.",
"pl": "Wys\u0142a\u0142e\u015b \"co\u015b\" do strony logowania, ale z jaki\u015b powod\u00f3w has\u0142o nie zosta\u0142o wys\u0142ane. Spr\u00f3buj jeszcze raz.",
"cs": "Odeslal jste data do p\u0159ihla\u0161ovac\u00ed stranky, ale z n\u011bjak\u00e9ho d\u016fvodu nebylo odesl\u00e1no heslo. Pros\u00edm zkuste to znovu.",
"tr": "Giri\u015f sayfas\u0131na bir\u015feyler g\u00f6nderdiniz, fakat baz\u0131 nedenlerden dolay\u0131 \u015fifreniz g\u00f6nderilemedi. L\u00fctfen tekrar deneyiniz.",
"lt": "J\u016bs ka\u017ek\u0105 nusiunt\u0117te \u012f prisijungimo puslap\u012f, ta\u010diau d\u0117l ka\u017ekoki\u0173 prie\u017eas\u010di\u0173 slapta\u017eodis nebuvo nusi\u0173stas. Pra\u0161ome bandyti dar kart\u0105.",
"it": "Sono state inviate delle informazioni alla pagina di login, ma per qualche motivo la password risulta mancante. Si prega di riprovare.",
"ja": "\u3042\u306a\u305f\u306f\u30ed\u30b0\u30a4\u30f3\u30da\u30fc\u30b8\u3067\u4f55\u304b\u3092\u9001\u4fe1\u3057\u307e\u3057\u305f\u304c\u3001\u4f55\u3089\u304b\u306e\u7406\u7531\u3067\u30d1\u30b9\u30ef\u30fc\u30c9\u304c\u9001\u4fe1\u3055\u308c\u307e\u305b\u3093\u3067\u3057\u305f\u3002\u518d\u5ea6\u8a66\u3057\u3066\u307f\u3066\u304f\u3060\u3055\u3044\u3002",
"zh-tw": "\u60a8\u53ef\u80fd\u6709\u50b3\u9001\u81f3\u7db2\u9801\uff0c\u4f46\u662f\u5bc6\u78bc\u56e0\u70ba\u67d0\u4e9b\u539f\u56e0\u672a\u50b3\u9001\uff0c\u8acb\u91cd\u65b0\u767b\u5165\u3002",
"et": "Sa saatsid midagi sisselogimislehele, kuid miskip\u00e4rast parooli ei saadetud. Palun proovi uuesti.",
"he": "\u05e9\u05dc\u05d7\u05ea \u05de\u05e9\u05d4\u05d5 \u05dc\u05d3\u05e3 \u05d4\u05db\u05e0\u05d9\u05e1\u05d4 \u05dc\u05de\u05e2\u05e8\u05db\u05ea, \u05d0\u05d1\u05dc \u05d1\u05d2\u05dc\u05dc \u05e1\u05d9\u05d1\u05d4 \u05db\u05dc \u05e9\u05d4\u05d9\u05d0 \u05d4\u05e1\u05d9\u05e1\u05de\u05d4 \u05dc\u05d0 \u05e0\u05e9\u05dc\u05d7\u05d4. \u05d1\u05d1\u05e7\u05e9\u05d4 \u05e0\u05e1\u05d4 \u05e9\u05d5\u05d1.",
"ru": "\u0412\u044b \u043f\u043e\u0441\u043b\u0430\u043b\u0438 \u0447\u0442\u043e-\u0442\u043e \u043d\u0430 \u0441\u0442\u0440\u0430\u043d\u0438\u0446\u0443 \u0432\u0445\u043e\u0434\u0430, \u043d\u043e \u043f\u043e \u043a\u0430\u043a\u0438\u043c-\u0442\u043e \u043f\u0440\u0438\u0447\u0438\u043d\u0430\u043c \u043f\u0430\u0440\u043e\u043b\u044c \u043d\u0435 \u043f\u043e\u0441\u043b\u0430\u043d. \u041f\u043e\u0436\u0430\u043b\u0443\u0439\u0441\u0442\u0430, \u043f\u043e\u043f\u0440\u043e\u0431\u0443\u0439\u0442\u0435 \u0441\u043d\u043e\u0432\u0430.",
"zh": "\u4f60\u786e\u5b9e\u53d1\u9001\u4e86\u4e00\u4e9b\u4fe1\u606f\u7ed9\u767b\u5f55\u9875\u9762\uff0c\u4f46\u7531\u4e8e\u67d0\u4e9b\u539f\u56e0\uff0c\u4f60\u6ca1\u6709\u53d1\u9001\u5bc6\u7801\uff0c\u8bf7\u518d\u8bd5\u4e00\u6b21",
"ar": "\u0644\u0642\u062f \u0642\u0645\u062a \u0628\u0625\u0631\u0633\u0627\u0644 \u0645\u0639\u0644\u0648\u0645\u0627\u062a \u0644\u0635\u0641\u062d\u0629 \u0627\u0644\u062f\u062e\u0648\u0644 \u0644\u0643\u0646 \u0643\u0644\u0645\u0629 \u0627\u0644\u0633\u0631 \u063a\u064a\u0631 \u0645\u0631\u0641\u0642\u0629. \u0631\u062c\u0627\u0621\u0627\u064b \u0627\u0639\u062f \u0627\u0644\u0645\u062d\u0627\u0648\u0644\u0629",
"id": "Anda mengirimkan sesuatu ke halaman login, tetapi karena suatu alasan tertentu password tidak terkirimkan, Silahkan coba lagi.",
"sr": "Iz nekog razloga autentifikacionom servisu nije prosle\u0111ena va\u0161a lozinka. Molimo poku\u0161ajte ponovo."
},
"error_wrongpassword": {
"no": "Feil brukernavn eller passord.",
"nn": "Feil brukarnamn eller passord.",
"sv": "Fel anv\u00e4ndarnamn eller l\u00f6senord.",
"es": "Nombre de usuario o contrase\u00f1a err\u00f3neos",
"fr": "Mauvais identifiant ou mot de passe.",
"de": "Falscher Nutzername oder Passwort.",
"nl": "Gebruikersnaam of wachtwoord niet bekend.",
"lb": "Falschen Benotzernumm oder Passwuert",
"sl": "Napa\u010dno uporabni\u0161ko ime ali geslo!",
"da": "Forkert brugernavn eller kodeord",
"se": "Boastu geavahusnamma, beassans&aacute;tni dehe organisa&#353;uvdna.",
"hr": "Neispravna korisni\u010dka oznaka ili zaporka.",
"hu": "Hib\u00e1s felhaszn\u00e1l\u00f3i n\u00e9v vagy jelsz\u00f3!",
"fi": "V\u00e4\u00e4r\u00e4 tunnus tai salasana.",
"pt-br": "Nome de usu\u00e1rio ou senha incorretos.",
"pt": "Nome de utilizador ou senha incorrecta.",
"pl": "Nieprawid\u0142owa nazwa u\u017cytkownika lub has\u0142o.",
"cs": "Nekorektn\u00ed jmeno nebo heslo.",
"tr": "Kullan\u0131c\u0131 ad\u0131 ve\/veya \u015fifre yanl\u0131\u015f.",
"lt": "Neteisingas prisijungimo vardas arba slapta\u017eodis.",
"it": "Nome utente o password errati.",
"ja": "\u30e6\u30fc\u30b6\u30fc\u540d\u304b\u30d1\u30b9\u30ef\u30fc\u30c9\u304c\u9593\u9055\u3063\u3066\u3044\u307e\u3059\u3002",
"zh-tw": "\u932f\u8aa4\u7684\u5e33\u865f\u6216\u5bc6\u78bc\u3002",
"et": "Kasutajatunnus v\u00f5i parool pole \u00f5ige.",
"he": "\u05e1\u05d9\u05e1\u05de\u05d4 \u05d0\u05d5 \u05e9\u05dd \u05de\u05e9\u05ea\u05de\u05e9 \u05dc\u05d0 \u05e0\u05db\u05d5\u05e0\u05d9\u05dd.",
"ru": "\u041d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u043e\u0435 \u0438\u043c\u044f \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f \u0438\u043b\u0438 \u043f\u0430\u0440\u043e\u043b\u044c.",
"zh": "\u9519\u8bef\u7684\u7528\u6237\u540d\u6216\u8005\u5bc6\u7801",
"ar": " \u0627\u0633\u0645 \u0645\u0633\u062a\u062e\u062f\u0645 \u0627\u0648 \u0643\u0644\u0645\u0629 \u0633\u0631 \u062e\u0637\u0627",
"id": "Username atau password salah",
"sr": "Neispravno korisni\u010dko ime ili lozinka."
},
"contact_info": {
"no": "Kontaktinformasjon:",
"nn": "Kontaktinformasjon:",
"sv": "Kontaktinformation:",
"es": "Informaci\u00f3n de contacto:",
"fr": "Coordonn\u00e9es :",
"de": "Kontakt",
"nl": "Contactinformatie",
"sl": "Kontakt",
"da": "Kontaktoplysninger",
"hr": "Kontakt podaci:",
"hu": "El\u00e9r\u00e9si inform\u00e1ci\u00f3k",
"fi": "Yhteystiedot",
"pt-br": "Informa\u00e7\u00f5es de Contato",
"pt": "Contactos:",
"pl": "Informacje kontaktowe:",
"cs": "Kontaktn\u00ed informace",
"tr": "\u0130leti\u015fim bilgileri:",
"lt": "Kontaktai:",
"it": "Informazioni di contatto:",
"ja": "\u9023\u7d61\u5148:",
"zh-tw": "\u806f\u7d61\u8cc7\u8a0a\uff1a",
"et": "Kontaktinfo:",
"he": "\u05e6\u05d5\u05e8 \u05e7\u05e9\u05e8",
"ru": "\u041a\u043e\u043d\u0442\u0430\u043a\u0442\u043d\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f",
"zh": "\u8054\u7cfb\u65b9\u5f0f",
"ar": "\u0628\u064a\u0627\u0646\u0627\u062a \u0627\u0644\u0627\u062a\u0635\u0627\u0644",
"id": "Informasi Kontak",
"sr": "Kontakt podaci:"
},
"select_home_org": {
"no": "Velg vertsorganisasjon",
"nn": "Vel vertsorganisasjon",
"sv": "V\u00e4lj vilken organisation du kommer ifr\u00e5n",
"es": "Seleccione su organizaci\u00f3n origen",
"fr": "Choisissez votre fournisseur.",
"de": "W\u00e4hlen sie die Einrichtung, von der sie ihre Zugangsdaten beziehen",
"nl": "Kies je organisatie",
"sl": "Izberite va\u0161o doma\u010do organizacijo",
"da": "V\u00e6lg din hjemmeinstitution",
"hr": "Odaberite va\u0161u mati\u010dnu ustanovu",
"hu": "V\u00e1lassza ki az \u00f6n szervezet\u00e9t",
"fi": "Valitse kotiorganisaatiosi",
"pt-br": "Escolha a sua organiza\u00e7\u00e3o principal",
"pt": "Escolha a sua organiza\u00e7\u00e3o de origem",
"pl": "Wybierz swoj\u0105 domow\u0105 organizacj\u0119",
"cs": "Zvolte svou organizaci",
"tr": "Organizasyonunuzu se\u00e7iniz",
"lt": "Pasirinkite savo organizacij\u0105",
"it": "Selezionare la propria organizzazione",
"ja": "\u3042\u306a\u305f\u306e\u7d44\u7e54\u3092\u9078\u629e\u3057\u3066\u304f\u3060\u3055\u3044",
"zh-tw": "\u9078\u64c7\u60a8\u7684\u9810\u8a2d\u7d44\u7e54",
"et": "Vali oma koduorganisatsioon",
"he": "\u05d1\u05d7\u05e8 \u05d0\u05ea \u05d0\u05d9\u05e8\u05d2\u05d5\u05df \u05d4\u05d1\u05d9\u05ea \u05e9\u05dc\u05da",
"ru": "\u0412\u044b\u0431\u0435\u0440\u0435\u0442\u0435 \u0432\u0430\u0448\u0443 \u0434\u043e\u043c\u0430\u0448\u043d\u044e\u044e \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u044e",
"zh": "\u9009\u62e9\u4f60\u7684\u7ec4\u7ec7",
"ar": "\u0627\u062e\u062a\u0627\u0631 \u062c\u0647\u062a\u0643 \u0627\u0644\u0627\u0645",
"id": "Pilih Basis Organisasi Anda",
"sr": "Izaberite va\u0161u mati\u010dnu instituciju"
},
"change_home_org_title": {
"no": "Endre din vertsorganisasjon",
"nn": "Endra vertsorganisasjon",
"sv": "\u00c4ndra vilken organisation du kommer ifr\u00e5n",
"es": "Cambiar su organizaci\u00f3n origen",
"fr": "Changez votre fournisseur",
"de": "Eine andere Einrichtung, von der sie Zugangsdaten erhalten, ausw\u00e4hlen",
"nl": "Verander je organisatie",
"sl": "Izberite va\u0161o doma\u010do organizacijo.",
"da": "Skift hjemmeinstitution",
"hr": "Promjenite odabir va\u0161e mati\u010dne ustanove",
"hu": "V\u00e1lasszon m\u00e1sik szervezetet",
"fi": "Muuta kotiorganisaatiotasi",
"pt-br": "Mudar a organiza\u00e7\u00e3o principal",
"pt": "Alterar a sua organiza\u00e7\u00e3o de origem",
"pl": "Zmie\u0144 swoj\u0105 domow\u0105 organizacj\u0119",
"cs": "Zm\u011bnte svou organizaci",
"tr": "Organizasyonunuzu de\u011fi\u015ftirin",
"lt": "Pakeisti savo organizacij\u0105",
"it": "Cambiare la propria organizzazione",
"ja": "\u3042\u306a\u305f\u306e\u7d44\u7e54\u3092\u5909\u66f4\u3057\u3066\u304f\u3060\u3055\u3044",
"zh-tw": "\u8b8a\u66f4\u60a8\u7684\u9810\u8a2d\u7d44\u7e54",
"et": "Muuda oma koduorganisatsiooni",
"he": "\u05d4\u05d7\u05dc\u05e3 \u05d0\u05ea \u05d0\u05d9\u05e8\u05d2\u05d5\u05df \u05d4\u05d1\u05d9\u05ea \u05e9\u05dc\u05da",
"ru": "\u0421\u043c\u0435\u043d\u0438\u0442\u044c \u0434\u043e\u043c\u0430\u0448\u043d\u044e\u044e \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u044e",
"zh": "\u6539\u53d8\u4f60\u7684\u5bb6\u5ead\u7ec4\u7ec7",
"ar": "\u063a\u064a\u0631\u0627\u0644\u062c\u0647\u0629 \u0627\u0644\u0627\u0645",
"id": "Ubah basis organisasi anda",
"sr": "Promenite izbor za va\u0161u mati\u010dnu instituciju"
},
"change_home_org_text": {
"no": "Du har valgt <b>%HOMEORG%<\/b> som din vertsorganisasjon. Dersom dette er feil kan du velge en annen.",
"nn": "Du har vald <b>%HOMEORG%<\/b> som din vertsorganisasjon. Dersom dette er feil, kan du velja ein annan organisasjon fr\u00e5 menyen.",
"sv": "Du har valt <b>%HOMEORG%<\/b> som organisation du kommer ifr\u00e5n. Om detta \u00e4r fel s\u00e5 kan du v\u00e4lja en annan.",
"es": "Ha seleccionado <b>%HOMEORG%<\/b> como organizaci\u00f3n origen. Si esta informaci\u00f3n es incorrecta puede seleccionar otra.",
"fr": "Vous avez choisi <b>%HOMEORG%<\/b> comme votre fournisseur. Si ce n'est pas correct, vous pouvez le changer.",
"de": "Sie haben <b>%HOMEORG%<\/b> als ihre Einrichtung gew\u00e4hlt, k\u00f6nnen diese Auswahl aber noch \u00e4ndern.",
"nl": "Je hebt <b>%HOMEORG%<\/b> gekozen als je organisatie. Als dit niet correct is kun je een andere keuze maken.",
"sl": "Izbrali ste <b>%HOMEORG%<\/b> kot va\u0161o doma\u010do organizacijo. V primeru da je izbor napa\u010den, izberite drugo.",
"da": "Du har valgt <b>%HOMEORG%<\/b> som din hjemmeinstitution. Hvis dette ikke er korrekt, kan du v\u00e6lge en anden,",
"hr": "Odabrali ste <b>%HOMEORG%<\/b> kao va\u0161u mati\u010dnu ustanovu. Ako to nije to\u010dno mo\u017eete odabrati drugu ustanovu.",
"hu": "A <b>%HOMEORG%<\/b> szervezetet v\u00e1lasztotta ki. Ha a v\u00e1laszt\u00e1s nem volt helyes, k\u00e9rem v\u00e1lasszon m\u00e1sikat.",
"fi": "Olet valinnut kotiorganisaatioksesi <b>%HOMEORG%<\/b> . Voit muuttaa asetusta valitsemalla toisen.",
"pt-br": "Voc\u00ea escolheu <b>%HOMEORG%<\/b> como sua organiza\u00e7\u00e3o pessoal. Se isto estiver incorreto voc\u00ea pode escolher outra.",
"pt": "Escolheu <b>%HOMEORG%<\/b> como a sua organiza\u00e7\u00e3o de origem. Se n\u00e3o estiver correcto, pode escolher outra.",
"pl": "Wybra\u0142e\u015b <b>%HOMEORG%<\/b> jako swoj\u0105 domow\u0105 organizacj\u0119. Je\u015bli nieprawid\u0142owa mo\u017cesz wybra\u0107 inn\u0105.",
"cs": "M\u00e1te nastavenu <b>%HOMEORG%<\/b> jako domovskou organizaci. Pokud je to \u0161patn\u011b zvolte jinou.",
"tr": "<b>%HOMEORG%<\/b>'u organizasyonunuz olarak se\u00e7tiniz. E\u011fer yanl\u0131\u015f ise, ba\u015fka bir tanesini se\u00e7ebilirsiniz.",
"lt": "J\u016bs savo nam\u0173 organizacija pasirinkote <b>%HOMEORG%<\/b>. Jei tai yra neteisingas pasirinkimas, galite pasirinkti kit\u0105.",
"it": "E' stata selezionata <b>%HOMEORG%<\/b> come propria organizzazione. Se \u00e8 sbagliata, \u00e8 possibile selezionarne un'altra.",
"ja": "\u3042\u306a\u305f\u306f <b>%HOMEORG%<\/b> \u3092\u7d44\u7e54\u3068\u3057\u3066\u9078\u629e\u3057\u307e\u3057\u305f\u3002\u3053\u308c\u306b\u554f\u984c\u304c\u3042\u308b\u5834\u5408\u306f\u4ed6\u306e\u3082\u306e\u3092\u9078\u3076\u4e8b\u3082\u53ef\u80fd\u3067\u3059\u3002",
"zh-tw": "\u60a8\u5df2\u9078\u64c7 <b>%HOMEORG%<\\\/b> \u4f5c\u70ba\u9810\u8a2d\u7d44\u7e54\u3002\u5982\u679c\u932f\u8aa4\uff0c\u60a8\u96a8\u6642\u90fd\u53ef\u4ee5\u91cd\u65b0\u9078\u64c7\u3002",
"et": "Sa valisid oma koduorganisatsiooniks <b>%HOMEORG%<\/b>. Kui see pole \u00f5ige, siis v\u00f5id uuesti valida.",
"he": "\u05d1\u05d7\u05e8\u05ea \u05d0\u05ea <b>%HOMEORG%<\/b> \u05db\u05d0\u05d9\u05e8\u05d2\u05d5\u05df \u05d4\u05d1\u05d9\u05ea \u05e9\u05dc\u05da. \u05d0\u05dd \u05d4\u05de\u05d9\u05d3\u05e2 \u05de\u05d5\u05d8\u05e2\u05d4 \u05d0\u05ea\u05d4 \u05d9\u05db\u05d5\u05dc \u05dc\u05d1\u05d7\u05d5\u05e8 \u05d0\u05d9\u05e8\u05d2\u05d5\u05df \u05d0\u05d7\u05e8.",
"ru": "\u0412\u044b \u0432\u044b\u0431\u0440\u0430\u043b\u0438 <b>%HOMEORG%<\/b> \u043a\u0430\u043a \u0432\u0430\u0448\u0443 \u0434\u043e\u043c\u0430\u0448\u043d\u044e\u044e \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u044e. \u0415\u0441\u043b\u0438 \u0432\u044b \u043e\u0448\u0438\u0431\u043b\u0438\u0441\u044c - \u0432\u044b \u043c\u043e\u0436\u0435\u0442\u0435 \u0432\u044b\u0431\u0440\u0430\u0442\u044c \u0434\u0440\u0443\u0433\u0443\u044e.",
"zh": "\u4f60\u9009\u62e9\u4e86<b>%HOMEORG%<\/b>\u4f5c\u4e3a\u4f60\u7684\u5bb6\u5ead\u7ec4\u7ec7\u3002\u5982\u679c\u9519\u4e86\u8bf7\u9009\u62e9\u5176\u4ed6\u7684",
"ar": "\u0644\u0642\u062f \u0642\u0645\u062a \u0628\u0627\u062e\u062a\u064a\u0627\u0631 <b>%HOMEORG%<\/b> \u0643\u062c\u0647\u062a\u0643 \u0627\u0644\u0627\u0645. \u0627\u0646 \u0643\u0627\u0646 \u0647\u0630\u0627 \u0627\u0644\u0627\u062e\u062a\u064a\u0627\u0631 \u063a\u064a\u0631 \u0635\u062d\u064a\u062d \u064a\u0645\u0643\u0646\u0643 \u062a\u063a\u064a\u064a\u0631\u0647",
"id": "Anda telah memilih <b>%HOMEORG%<\/b> sebagai basis organisasi anda. Jika ini salah anda dapat memilih yang lain.",
"sr": "Odabrali ste <b>%HOMEORG%<\/b> kao va\u0161u mati\u010dnu instituciju. Ako to nije ta\u010dno mo\u017eete odabrati drugu instituciju."
},
"change_home_org_button": {
"no": "Velg vertsorganisasjon",
"nn": "Vel vertsorganisasjon",
"sv": "\u00c4ndra organisation",
"es": "Seleccionar la organizaci\u00f3n origen",
"fr": "Choisissez votre fournisseur.",
"de": "Einrichtung ausw\u00e4hlen",
"nl": "Kies je organisatie",
"sl": "Izberite doma\u010do organizacijo.",
"da": "V\u00e6lg hjemmeinstitution",
"hr": "Odaberite mati\u010dnu ustanovu",
"hu": "V\u00e1lassza ki a szervezet\u00e9t",
"fi": "Valitse kotiorganisaatiosi",
"pt-br": "Escolher uma organiza\u00e7\u00e3o principal",
"pt": "Escolha a sua organiza\u00e7\u00e3o de origem",
"pl": "Wybierz domow\u0105 organizacj\u0119",
"cs": "Zvolte domovskou organizaci",
"tr": "Organizasyon se\u00e7iniz",
"lt": "Pasirinkite organizacij\u0105",
"it": "Selezionare la propria organizzazione",
"ja": "\u7d44\u7e54\u306e\u9078\u629e",
"zh-tw": "\u9078\u64c7\u9810\u8a2d\u7d44\u7e54",
"et": "Vali koduorganisatsioon",
"he": "\u05d4\u05d7\u05dc\u05e3 \u05d0\u05d9\u05e8\u05d2\u05d5\u05df \u05d1\u05d9\u05ea",
"ru": "\u0412\u044b\u0431\u0435\u0440\u0438\u0442\u0435 \u0434\u043e\u043c\u0430\u0448\u043d\u044e\u044e \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u044e",
"zh": "\u9009\u62e9\u4f60\u7684\u5bb6\u5ead\u7ec4\u7ec7",
"ar": "\u0627\u062e\u062a\u0627\u0631 \u062c\u0647\u062a\u0643 \u0627\u0644\u0627\u0645",
"id": "Pilih basis organisasi",
"sr": "Izaberite mati\u010dnu instituciju"
},
"help_desk_link": {
"no": "Hjemmesiden til brukerst\u00f8tte",
"nn": "Heimeside for brukarst\u00f8tte",
"sv": "Hemsida f\u00f6r helpdesk",
"es": "P\u00e1gina de soporte t\u00e9cnico",
"fr": "Page web de l'assistance technique",
"de": "Seite des Helpdesk",
"nl": "Helpdesk homepage",
"sl": "Spletna stran tehni\u010dne podpore uporabnikom.",
"da": "Servicedesk",
"hr": "Stranice slu\u017ebe za podr\u0161ku korisnicima",
"hu": "\u00dcgyf\u00e9lszolg\u00e1lat weboldala",
"fi": "Helpdeskin kotisivu",
"pt-br": "Central de Ajuda",
"pt": "P\u00e1gina do servi\u00e7o de apoio ao utilizador",
"pl": "Strona domowa pomocy technicznej (Helpdesk)",
"cs": "Help desk",
"tr": "Yard\u0131m anasayfas\u0131",
"lt": "Vartotoj\u0173 aptarnavimo puslapis",
"it": "Homepage del servizio di assistenza",
"ja": "\u30d8\u30eb\u30d7\u30c7\u30b9\u30af\u30da\u30fc\u30b8",
"zh-tw": "\u5354\u52a9\u9801\u9762",
"et": "Kasutajatoe koduleht",
"he": "\u05ea\u05de\u05d9\u05db\u05d4 \u05d8\u05db\u05e0\u05d9\u05ea",
"ru": "\u0414\u043e\u043c\u0430\u0448\u043d\u044f\u044f \u0441\u0442\u0440\u0430\u043d\u0438\u0446\u0430 \u0441\u043b\u0443\u0436\u0431\u044b \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0438",
"zh": "\u670d\u52a1\u53f0\u7684\u4e3b\u9875",
"ar": "\u0635\u0641\u062d\u0629 \u0627\u0644\u0645\u0633\u0627\u0639\u062f\u0629",
"id": "Homepage Help desk",
"sr": "Stranice slu\u017ebe za podr\u0161ku korisnicima"
},
"help_desk_email": {
"no": "Send e-post til brukerst\u00f8tte",
"nn": "Send epost til brukarst\u00f8tte",
"sv": "Skicka e-post till helpdesk",
"es": "Enviar correo electr\u00f3nico al soporte t\u00e9cnico",
"fr": "Assistance technique par courriel",
"de": "Email an den Helpdesk senden",
"nl": "Stuur een e-mail naar de helpdesk",
"sl": "Po\u0161lji sporo\u010dilo tehni\u010dni podpori.",
"da": "Send en e-mail servicedesk",
"hr": "Po\u0161aljite e-mail slu\u017ebi za podr\u0161ku korisnicima",
"hu": "K\u00fcldj\u00f6n e-mailt az \u00fcgyf\u00e9lszolg\u00e1latnak",
"fi": "L\u00e4het\u00e4 s\u00e4hk\u00f6posti helpdeskille.",
"pt-br": "Envie um e-mail para a Central de Ajuda.",
"pt": "Enviar um e-mail para o servi\u00e7o de apoio ao utilizador",
"pl": "wy\u015blij e-mail do helpdesku",
"cs": "Email helpdesku zasl\u00e1n.",
"tr": "Yard\u0131m'a e-posta g\u00f6nderin",
"lt": "Si\u0173sti el. lai\u0161k\u0105 vartotoj\u0173 aptarnavimo specialistams",
"it": "Invia una mail al servizio di assistenza",
"ja": "\u30d8\u30eb\u30d7\u30c7\u30b9\u30af\u306b\u30e1\u30fc\u30eb\u3059\u308b",
"zh-tw": "\u50b3\u9001 e-mail \u5c0b\u6c42\u5354\u52a9",
"et": "Saada kasutajatoele e-kiri.",
"he": "\u05e9\u05dc\u05d7 \u05d3\u05d5\u05d0\u05dc \u05dc\u05ea\u05d9\u05db\u05d4 \u05d4\u05d8\u05db\u05e0\u05d9\u05ea",
"ru": "\u041f\u043e\u0441\u043b\u0430\u0442\u044c email \u0432 \u0441\u043b\u0443\u0436\u0431\u0443 \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0438",
"zh": "\u53d1\u9001Email\u7ed9\u670d\u52a1\u53f0",
"ar": "\u0627\u0631\u0633\u0644 \u0625\u064a\u0645\u064a\u0644 \u0644\u0635\u0641\u062d\u0629 \u0627\u0644\u0645\u0633\u0627\u0639\u062f\u0629",
"id": "Kirim e-mail ke help dek",
"sr": "Po\u0161alji e-mail slu\u017ebi za podr\u0161ku korisnicima"
},
"next": {
"no": "Fortsett",
"nn": "Neste",
"sv": "N\u00e4sta",
"es": "Siguiente",
"fr": "Suivant",
"de": "Weiter",
"nl": "Volgende",
"sl": "Naprej",
"da": "N\u00e6ste",
"hr": "Dalje",
"hu": "K\u00f6vetkez\u0151",
"fi": "Seuraava",
"pt-br": "Pr\u00f3ximo",
"pt": "Seguinte",
"pl": "Nast\u0119pny",
"cs": "Dal\u0161\u00ed",
"tr": "S\u0131radaki",
"lt": "Kitas",
"it": "Avanti",
"ja": "\u6b21\u3078",
"zh-tw": "\u4e0b\u4e00\u6b65",
"et": "Edasi",
"he": "\u05d4\u05d1\u05d0",
"ru": "\u0414\u0430\u043b\u0435\u0435",
"zh": "\u4e0b\u4e00\u6b65",
"ar": "\u0627\u0644\u062a\u0627\u0644\u064a",
"id": "Selanjutnya",
"sr": "Dalje"
}
}

View File

@ -0,0 +1,56 @@
{
"title": {
"en": "Logged out"
},
"logged_out_text": {
"en": "You have been logged out."
},
"default_link_text": {
"en": "Go back to simpleSAMLphp installation page"
},
"hold": {
"en": "On hold"
},
"completed": {
"en": "Completed"
},
"progress": {
"en": "Logging out..."
},
"failed": {
"en": "Logout failed"
},
"return": {
"en": "Return to service"
},
"success": {
"en": "You have successfully logged out from all services listed above."
},
"loggedoutfrom": {
"en": "You are now successfully logged out from %SP%."
},
"also_from": {
"en": "You are also logged in on these services:"
},
"logout_all_question": {
"en": "Do you want to logout from all the services above?"
},
"logout_all": {
"en": "Yes, all services"
},
"logout_only": {
"en": "No, only %SP%"
},
"incapablesps": {
"en": "One or more of the services you are logged into <i>do not support logout<\/i>. To ensure that all your sessions are closed, you are encouraged to <i>close your webbrowser<\/i>."
},
"no": {
"en": "No"
},
"logging_out_from": {
"en": "Logging out of the following services:"
},
"failedsps": {
"en": "Unable to log out of one or more services. To ensure that all your sessions are closed, you are encouraged to <i>close your webbrowser<\/i>."
}
}

View File

@ -0,0 +1,517 @@
{
"title": {
"no": "Utlogget",
"nn": "Utlogga",
"sv": "Utloggad",
"es": "Desconectado",
"fr": "D\u00e9connect\u00e9",
"de": "Abgemeldet",
"nl": "Uitgelogd",
"sl": "Odjavljen",
"da": "Du er logget ud",
"hr": "Odjavljeni ste",
"hu": "Sikeres kil\u00e9p\u00e9s",
"fi": "Uloskirjautunut",
"pt-br": "Desconectado",
"pt": "Sa\u00edda efectuada com sucesso",
"pl": "Wylogowano",
"cs": "Odhl\u00e1\u0161en",
"tr": "\u00c7\u0131kt\u0131n\u0131z",
"it": "Disconnesso",
"lt": "Atsijungta",
"ja": "\u30ed\u30b0\u30a2\u30a6\u30c8",
"zh-tw": "\u6a19\u984c",
"et": "Logis v\u00e4lja",
"he": "\u05d4\u05ea\u05e0\u05ea\u05e7\u05d5\u05ea \u05de\u05d4\u05de\u05e2\u05e8\u05db\u05ea",
"zh": "\u9000\u51fa",
"ar": "\u062e\u0631\u0648\u062c",
"id": "Log out",
"sr": "Odjavljeni ste"
},
"logged_out_text": {
"no": "Du er n\u00e5 utlogget.",
"nn": "Du har blitt logga ut. Takk for at du brukte denne tenesta.",
"sv": "Du har blivit uloggad. Tack f\u00f6r att du anv\u00e4nde denna tj\u00e4nst.",
"es": "Ha sido desconectado. Gracias por usar este servicio.",
"fr": "Vous avez \u00e9t\u00e9 d\u00e9connect\u00e9. Merci d'utiliser ce service.",
"de": "Sie wurden abgemeldet. Danke, dass Sie diesen Dienst verwendet haben.",
"nl": "U bent uitgelogd. Dank u voor het gebruiken van deze dienst.",
"sl": "Odjava je bila uspe\u0161na. Hvala, ker uporabljate to storitev.",
"da": "Du er blevet logget ud. Tak for fordi du brugte denne tjeneste.",
"hr": "Uspje\u0161no ste se odjavili.",
"hu": "Sikeresen kijelentkezett. K\u00f6sz\u00f6nj\u00fck, hogy haszn\u00e1lta a szolg\u00e1ltat\u00e1st.",
"fi": "Olet kirjautunut ulos",
"pt-br": "Voc\u00ea foi desconectado.",
"pt": "Sa\u00edda efectuada com sucesso. Obrigado por ter usado este servi\u00e7o.",
"pl": "Zosta\u0142e\u015b wylogowany. Dzi\u0119kuj\u0119 za skorzystanie z serwisu.",
"cs": "Jste odhl\u00e1\u0161en. D\u011bkujeme za pou\u017eit\u00ed t\u00e9to slu\u017eby.",
"tr": "\u00c7\u0131kt\u0131n\u0131z",
"it": "Sei stato disconnesso",
"lt": "J\u016bs buvote atjungtas nuo sistemos.",
"ja": "\u30ed\u30b0\u30a2\u30a6\u30c8\u3057\u307e\u3057\u305f\u3002",
"zh-tw": "\u60a8\u5df2\u767b\u51fa",
"et": "Sa oled v\u00e4lja logitud.",
"he": "\u05d4\u05ea\u05e0\u05ea\u05e7\u05ea \u05de\u05df \u05d4\u05de\u05e2\u05e8\u05db\u05ea",
"zh": "\u4f60\u5df2\u7ecf\u9000\u51fa\u4e86",
"ar": "\u0644\u0642\u062f\u062e\u0631\u0648\u062c \u0644\u0642\u062f \u0642\u0645\u062a \u0628\u0627\u0644\u062e\u0631\u0648\u062c",
"id": "Anda telah log out.",
"sr": "Uspe\u0161no ste se odjavili."
},
"default_link_text": {
"no": "G\u00e5 tilbake til simpleSAMLphp installasjonen sin startside.",
"nn": "G\u00e5 tilbake til simpleSAMLphp installasjonssida",
"sv": "\u00c5ter till installationssidan f\u00f6r simpleSAMLphp",
"es": "Volver a la p\u00e1gina de instalaci\u00f3n de simpleSAMLphp",
"fr": "Retournez \u00e0 la page d'installation de SimpleSAML.",
"de": "Zur\u00fcck zur simpleSAMLphp Installationsseite",
"nl": "Ga terug naar de simpleSAMLphp installatiepagina",
"sl": "Nazaj na namestitveno stran simpleSAMLphp",
"da": "Tilbage til simpleSAMLphp installationssiden",
"hr": "Natrag na po\u010detnu stranicu simpleSAMLphp instalacije",
"hu": "Vissza a simpleSAMLphp telep\u00edt\u0151 oldal\u00e1ra",
"fi": "Palaa simpleSAMLphp asennussivulle",
"pt-br": "Voltar a instala\u00e7\u00e3o do simpleSAMLphp",
"pt": "Voltar \u00e0 p\u00e1gina de instala\u00e7\u00e3o do simpleSAMLphp",
"pl": "Wr\u00f3c do strony \"instalacja simpleSAMLphp\"",
"cs": "Zp\u00e1tky na simpleSAMLphp instala\u010dn\u00ed str\u00e1nku",
"tr": "simpleSAMLphp kurulum sayfas\u0131na geri d\u00f6n",
"it": "Torna alla pagine di installazione di simpleSAMLphp",
"lt": "Gr\u012f\u017eti atgal \u012f simpleSAMLphp diegimo puslap\u012f",
"ja": "simpleSAMLphp\u306e\u8a2d\u5b9a\u30da\u30fc\u30b8\u306b\u623b\u308b",
"zh-tw": "\u56de\u5230 simpleSAMLphp \u5b89\u88dd\u9801\u9762",
"et": "Mine tagasi simpleSAMLphp paigalduslehek\u00fcljele",
"he": "\u05d7\u05d6\u05d5\u05e8 \u05dc\u05d3\u05e3 \u05d4\u05d4\u05ea\u05e7\u05e0\u05d4 \u05e9\u05dc simpleSAMLphp",
"zh": "\u8fd4\u56desimpleSAMLphp\u5b89\u88c5\u9875\u9762",
"ar": "\u0639\u062f \u0644\u0635\u0641\u062d\u0629 \u0625\u0646\u0632\u0627\u0644 simpleSAMLphp",
"id": "Kembali ke halaman instalasi simpleSAMLphp",
"sr": "Natrag na po\u010detnu stranicu simpleSAMLphp instalacije"
},
"hold": {
"no": "P\u00e5 vent",
"nn": "Venter",
"sv": "Vilande",
"es": "En espera",
"fr": "En cours",
"nl": "Vastgehouden",
"sl": "V teku",
"da": "I k\u00f8",
"hr": "Na \u010dekanju",
"hu": "Felf\u00fcggesztve",
"pt": "Em espera",
"pl": "W zawieszeniu",
"cs": "\u010cek\u00e1m",
"tr": "Beklemede",
"de": "In der Wartschleife",
"fi": "Odota",
"lt": "Pra\u0161ome palaukti",
"it": "In attesa",
"ja": "\u4fdd\u7559",
"zh-tw": "\u66ab\u505c",
"et": "Ootel",
"he": "\u05d1\u05d4\u05e9\u05e2\u05d9\u05d9\u05d4",
"pt-br": "Aguardando",
"zh": "\u4fdd\u6301",
"ar": "\u0628\u0627\u0644\u0627\u0646\u062a\u0638\u0627\u0631 ",
"id": "Ditahan",
"sr": "Na \u010dekanju"
},
"completed": {
"no": "Fullf\u00f8rt",
"nn": "Ferdig",
"sv": "Klar",
"es": "Terminado",
"fr": "Fait",
"de": "abgeschlossen",
"nl": "Voltooid",
"sl": "Dokon\u010dano",
"da": "F\u00e6rdig",
"hr": "Zavr\u0161eno",
"hu": "Befejezve",
"fi": "Valmis",
"pt": "Completa",
"pl": "Zako\u0144czono",
"cs": "Dokon\u010deno",
"tr": "Tamamland\u0131",
"lt": "Atlikta",
"it": "Completato",
"ja": "\u5b8c\u4e86\u3057\u307e\u3057\u305f",
"zh-tw": "\u5df2\u5b8c\u6210",
"et": "L\u00f5petatud",
"he": "\u05d4\u05e1\u05ea\u05d9\u05d9\u05dd",
"pt-br": "Completado",
"zh": "\u5b8c\u6210",
"ar": "\u0627\u0643\u062a\u0645\u0644",
"id": "Selesai",
"sr": "Zavr\u0161eno"
},
"progress": {
"no": "Logger ut...",
"nn": "Loggar ut...",
"sv": "Loggar ut...",
"es": "Desconectando...",
"fr": "D\u00e9connexion...",
"de": "Abmeldung l\u00e4uft...",
"nl": "Uitloggen...",
"sl": "Odjavljanje...",
"da": "Logger ud...",
"hr": "Odjava u tijeku...",
"hu": "Kijelentkez\u00e9s...",
"fi": "Kirjautuu ulos...",
"pt": "A sair...",
"pl": "Wylogowywanie...",
"cs": "Odhla\u0161uji...",
"tr": "\u00c7\u0131k\u0131yor",
"lt": "Atjungiama...",
"it": "Disconnessione...",
"ja": "\u30ed\u30b0\u30a2\u30a6\u30c8\u4e2d\u2026",
"zh-tw": "\u767b\u51fa\u4e2d...",
"et": "V\u00e4lja logimine...",
"he": "\u05de\u05ea\u05e0\u05ea\u05e7 \u05de\u05d4\u05de\u05e2\u05e8\u05db\u05ea...",
"pt-br": "Saindo do servi\u00e7o...",
"zh": "\u6b63\u5728\u9000\u51fa",
"ar": "\u062a\u0633\u062c\u064a\u0644 \u0627\u0644\u062e\u0631\u0648\u062c",
"id": "Log out...",
"sr": "Odjava u toku..."
},
"failed": {
"no": "Utlogging feilet",
"nn": "Utlogging feila",
"sv": "Utloggning misslyckades",
"es": "Proceso de desconexi\u00f3n fallido",
"fr": "\u00c9chec de la d\u00e9connexion",
"de": "Abmeldung fehlgeschlagen",
"nl": "Uitloggen mislukt",
"sl": "Odjava je spodletela.",
"da": "Logout fejlede",
"hr": "Odjava nije uspjela",
"hu": "Kijelentkez\u00e9s nem siker\u00fclt",
"fi": "Uloskirjautuminen ep\u00e4onnistunut",
"pt": "Sa\u00edda falhada",
"pl": "Wyst\u0105pi\u0142 b\u0142ad podczas wylogowania",
"cs": "Odhla\u0161en\u00ed selhalo",
"tr": "\u00c7\u0131k\u0131\u015f ba\u015far\u0131lamad\u0131",
"lt": "Atsijungimas nepavyko",
"it": "Disconnessione fallita",
"ja": "\u30ed\u30b0\u30a2\u30a6\u30c8\u306b\u5931\u6557\u3057\u307e\u3057\u305f",
"zh-tw": "\u767b\u51fa\u5931\u6557",
"et": "V\u00e4lja logimine eba\u00f5nnestus",
"he": "\u05d4\u05ea\u05e0\u05ea\u05e7\u05d5\u05ea \u05e0\u05db\u05e9\u05dc\u05d4",
"pt-br": "Falha ao sair do servi\u00e7o",
"zh": "\u9000\u51fa\u5931\u8d25",
"ar": "\u062a\u0633\u062c\u064a\u0644 \u062e\u0631\u0648\u062c \u0641\u0627\u0634\u0644",
"id": "Log out gagal",
"sr": "Odjava nije uspela"
},
"return": {
"no": "Tilbake til tjenesten",
"nn": "G\u00e5 tilbake til tenesta",
"sv": "\u00c5ter till tj\u00e4nsten",
"es": "Volver al servicio",
"fr": "Retour au service",
"de": "Zum Dienst zur\u00fcckkehren",
"nl": "Terug naar service",
"sl": "Vrni se nazaj na storitev.",
"da": "Tilbage til service",
"hr": "Povratak u aplikaciju",
"hu": "Vissza a szolg\u00e1ltat\u00e1shoz",
"fi": "Palaa palveluun",
"pt": "Regressar ao servi\u00e7o",
"pl": "Powr\u00f3t do serwisu",
"cs": "Zp\u00e1tky na slu\u017ebu",
"tr": "Servise geri d\u00f6n",
"lt": "Gr\u012f\u017eti \u012f paslaug\u0105",
"it": "Ritornare al servizio",
"ja": "\u30b5\u30fc\u30d3\u30b9\u3078\u623b\u308b",
"zh-tw": "\u56de\u5230\u670d\u52d9",
"et": "Tagasi teenuse juurde",
"he": "\u05d7\u05d6\u05e8\u05d4 \u05dc\u05e9\u05e8\u05d5\u05ea",
"pt-br": "Retornar ao servi\u00e7o",
"zh": "\u8fd4\u56de\u81f3\u670d\u52a1",
"ar": "\u0639\u062f \u0644\u0644\u062e\u062f\u0645\u0629",
"id": "Kembali ke layanan",
"sr": "Povratak u aplikaciju"
},
"success": {
"no": "Du har n&aring; logget ut fra alle tjenestene listet ovenfor.",
"nn": "Du er ferdig utlogga fr\u00e5 alle tenestene",
"sv": "Du har loggat ut fr\u00e5n alla nedanst\u00e5ende tj\u00e4nster.",
"es": "Ha sido correctamente desconectado de todo los servicios listados a continuaci\u00f3n",
"fr": "Vous avez \u00e9t\u00e9 d\u00e9connect\u00e9 avec succ\u00e8s des services list\u00e9s ci dessus",
"de": "Sie haben sich erfolgreich von allen obenstehenden Diensten abgemeldet.",
"nl": "Je bent succesvol uitgelogd van de bovenvermelde services.",
"sl": "Uspe\u0161no ste se odjavili z vseh na\u0161tetih storitev.",
"da": "Du har logget ud fra alle overn\u00e6vnte services. ",
"hr": "Uspje\u0161no ste se odjavili iz svih gore navedenih servisa.",
"hu": "Sikeresen kijelentkezett az fent felsorolt \u00f6sszes alkalmaz\u00e1sb\u00f3l.",
"fi": "Olet onnistuneesti kirjautunut ulos kaikista yll\u00e4 listatuista palveluista.",
"pt": "Saiu com sucesso de todos os servi\u00e7os listados em cima.",
"pl": "Zosta\u0142e\u015b pomy\u015blnie wylogowany ze wszystkich powy\u017cszych serwis\u00f3w.",
"cs": "\u00dasp\u011b\u0161n\u011b jste se odhl\u00e1sili z n\u00e1sleduj\u00edc\u00edch slu\u017eeb.",
"tr": "Yukar\u0131da listelenen t\u00fcm servislerden ba\u015far\u0131yla \u00e7\u0131kt\u0131n\u0131z.",
"lt": "J\u016bs s\u0117kmingai buvote atjungtas nuo vis\u0173 \u017eemiau i\u0161vardint\u0173 paslaug\u0173.",
"it": "Sei stato disconnesso da tutti i servizi sopra elencati.",
"ja": "\u4e0a\u8a18\u306e\u5168\u3066\u306e\u30b5\u30fc\u30d3\u30b9\u304b\u3089\u30ed\u30b0\u30a2\u30a6\u30c8\u3057\u307e\u3057\u305f\u3002",
"zh-tw": "\u60a8\u5df2\u7d93\u6210\u529f\u767b\u51fa\u4e86\u5217\u8868\u4e2d\u6240\u6709\u670d\u52d9\u3002",
"et": "Sa oled k\u00f5igist \u00fclal loetletud teenustest edukalt v\u00e4lja logitud.",
"he": "\u05d4\u05ea\u05e0\u05ea\u05e7\u05ea \u05d1\u05d4\u05e6\u05dc\u05d7\u05d4 \u05de\u05db\u05dc \u05d4\u05e9\u05e8\u05d5\u05ea\u05d9\u05dd \u05d4\u05db\u05ea\u05d5\u05d1\u05d9\u05dd \u05dc\u05de\u05e2\u05dc\u05d4",
"pt-br": "Voc\u00ea saiu com sucesso de todos os servi\u00e7os listados acima.",
"zh": "\u4f60\u6210\u529f\u7684\u9000\u51fa\u4e86\u4e0a\u9762\u5217\u8868\u4e2d\u7684\u670d\u52a1",
"ar": "\u062a\u0633\u062c\u064a\u0644 \u062e\u0631\u0648\u062c \u0646\u0627\u062c\u062d \u0645\u0646 \u062c\u0645\u064a\u0639 \u0627\u0644\u062e\u062f\u0645\u0627\u062a \u0623\u0639\u0644\u0627\u0647 ",
"id": "Anda telah berhasil log out dari semua layanan yang tercantuh diatas.",
"sr": "Uspe\u0161no ste se odjavili iz svih gore navedenih servisa."
},
"loggedoutfrom": {
"no": "Du er n\u00e5 logget ut fra %SP%.",
"nn": "Du er ferdig utlogga fr\u00e5 %SP%.",
"sv": "Du har nu loggat ut fr\u00e5n %SP%.",
"es": "Ha sido desconectado correctamente de %SP%.",
"fr": "Vous avez \u00e9t\u00e9 d\u00e9connect\u00e9 de %SP%.",
"de": "Sie wurden nun erfolgreich von %SP% abgemeldet",
"nl": "Je bent nu succesvol uitgelogd van %SP%.",
"sl": "Uspe\u0161no ste se odjavili s ponudnika storitev: %SP%",
"da": "Du er nu logget ud fra %SP%.",
"hu": "Sikeresen kil\u00e9pett a(z) %SP% szolg\u00e1ltat\u00e1sb\u00f3l",
"fi": "Olet kirjautunut ulos palvelusta %SP%.",
"pt": "Saiu com sucesso de %SP%.",
"pl": "Zosta\u0142e\u015b pomy\u015blnie wylogowany z %SP%.",
"cs": "Zah\u00e1jil jste <strong>glob\u00e1ln\u00ed odhl\u00e1\u0161en\u00ed<\/strong> z slu\u017eby <strong>%REQUESTERNAME%<\/strong>. Glob\u00e1ln\u00ed odhl\u00e1\u0161en\u00ed znamen\u00e1, \u017ee budete odhl\u00e1\u0161en z v\u0161ech n\u00e1sleduj\u00edc\u00ed slu\u017eeb.",
"tr": "%SP%'den ba\u015far\u0131yla \u00e7\u0131kt\u0131n\u0131z.",
"it": "Adesso sei correttamente disconnesso da %SP%",
"hr": "Uspje\u0161no ste odjavljeni iz %SP%.",
"lt": "J\u016bs s\u0117kmingai buvote atjungtas i\u0161 %SP%.",
"ja": "\u3042\u306a\u305f\u306f %SP% \u304b\u3089\u306e\u30ed\u30b0\u30a2\u30a6\u30c8\u306b\u6210\u529f\u3057\u307e\u3057\u305f\u3002",
"zh-tw": "\u60a8\u5df2\u6210\u529f\u5f9e %SP% \u767b\u51fa\u3002",
"et": "Sa oled n\u00fc\u00fcd edukalt v\u00e4lja logitud teenusest %SP%.",
"he": "%SP%-\u05e0\u05d5\u05ea\u05e7\u05ea \u05d1\u05d4\u05e6\u05dc\u05d7\u05d4 \u05de",
"pt-br": "Voc\u00ea est\u00e1 saiu com sucesso de %SP%.",
"zh": "\u4f60\u5df2\u6210\u529f\u4ece%SP%\u9000\u51fa",
"ar": "\u0644\u0642\u062f \u062e\u0631\u062c\u062a \u0628\u0646\u062c\u0627\u062d \u0645\u0646 %SP%",
"id": "Sekarang anda telah sukses log out dari %SP%.",
"sr": "Uspe\u0161no ste odjavljeni iz %SP%."
},
"also_from": {
"no": "Du er ogs\u00e5 logget inn p\u00e5 disse tjenestene:",
"nn": "Du er i tillegg logga inn p\u00e5 desse tenestene:",
"sv": "Du \u00e4r \u00e4ven inloggad i f\u00f6ljande tj\u00e4nster:",
"es": "Tambi\u00e9n est\u00e1 autenticado en los siguientes servicios:",
"fr": "Vous \u00eates actuellement connect\u00e9 aux services suivants:",
"de": "Sie sind auch auf diesen Diensten angemeldet:",
"nl": "Je bent ook ingelogd bij deze diensten:",
"sl": "Prijavljeni ste v naslednje storitve:",
"da": "Du er ogs\u00e5 logget ud fra disse services:",
"hu": "Ezen alkalmaz\u00e1sokban van m\u00e9g bejelentkezve:",
"fi": "Olet kirjautunut seuraaviin palveluihin:",
"pt": "Est\u00e1 tamb\u00e9m autenticado nos seguintes servi\u00e7os:",
"pl": "Jeste\u015b tak\u017ce zalogowany w nastepuj\u0105cych serwisach:",
"cs": "Jste je\u0161te p\u0159ihl\u00e1\u0161en na tyto slu\u017eby:",
"tr": "Ayr\u0131ca \u015fu servislere giri\u015f yapt\u0131n\u0131z:",
"it": "Attualmente sei anche connesso ai seguenti servizi:",
"hr": "Tako\u0111er ste prijavljeni u sljede\u0107im servisima:",
"lt": "J\u016bs taip pat esate prisijung\u0119s prie:",
"ja": "\u3042\u306a\u305f\u306f\u307e\u3060\u3053\u308c\u3089\u306e\u30b5\u30fc\u30d3\u30b9\u306b\u30ed\u30b0\u30a4\u30f3\u3057\u3066\u3044\u307e\u3059:",
"zh-tw": "\u60a8\u9084\u6301\u7e8c\u767b\u5165\u4e0b\u5217\u670d\u52d9\uff1a",
"et": "Sa oled sisse logitud ja nendesse teenustesse:",
"he": "\u05d0\u05ea\u05d4 \u05de\u05d7\u05d5\u05d1\u05e8 \u05d2\u05dd \u05dc\u05e9\u05e8\u05d5\u05ea\u05d9\u05dd \u05d4\u05d1\u05d0\u05d9\u05dd:",
"pt-br": "Voc\u00ea tamb\u00e9m est\u00e1 logado nestes servi\u00e7os:",
"zh": "\u4f60\u540c\u65f6\u767b\u5f55\u8fd9\u4ee5\u4e0b\u8fd9\u4e9b\u670d\u52a1",
"ar": "\u0644\u0642\u062f \u0642\u0645\u062a \u0628\u062a\u0633\u062c\u064a\u0644 \u0627\u0644\u062f\u062e\u0648\u0644 \u0644\u0644\u062e\u062f\u0645\u0627\u062a ",
"id": "Anda juga telah log out dari layanan berikut: ",
"sr": "Tako\u0111e ste prijavljeni u slede\u0107im servisima:"
},
"logout_all_question": {
"no": "Vil du logge ut fra alle tjenestene ovenfor?",
"nn": "Vil du logga ut fr\u00e5 alle tenestene?",
"sv": "Vill du logga ut fr\u00e5n alla ovanst\u00e5ende tj\u00e4nster?",
"es": "\u00bfDesea desconectarse de todos los servicios que se muestran m\u00e1s arriba?",
"fr": "Voulez vous r\u00e9ellement terminer les connexions \u00e0 tout ces services?",
"de": "Wollen Sie sich von allen obenstehenden Diensten abmelden?",
"nl": "Wil je uitloggen van alle bovenvermelde diensten?",
"sl": "Ali se \u017eelite odjaviti z vseh na\u0161tetih storitev?",
"da": "Vil du logge ud fra alle ovenst\u00e5ende services?",
"hu": "Ki akar jelentkezni az \u00f6sszes fenti alkalmaz\u00e1sb\u00f3l?",
"pt": "Deseja sair de todos os servi\u00e7os listados em cima?",
"pl": "Czy chcesz zosta\u0107 wylogowany z powy\u017cszych serwis\u00f3w?",
"cs": "Chcete se odhl\u00e1sit ze v\u0161ech t\u011bchto slu\u017eeb?",
"tr": "Yukar\u0131daki t\u00fcm servislerden \u00e7\u0131kmak istiyor musunuz?",
"it": "Vuoi disconnetterti da tutti i servizi qui sopra riportati?",
"fi": "Haluatko uloskirjautua edell\u00e4mainituista palveluista?",
"hr": "\u017delite li se odjaviti iz svih gore navedenih servisa?",
"lt": "Ar norite atsijungti nuo vis\u0173 \u017eemiau i\u0161vardint\u0173 paslaug\u0173?",
"ja": "\u4e0a\u8a18\u306e\u5168\u3066\u306e\u30b5\u30fc\u30d3\u30b9\u304b\u3089\u30ed\u30b0\u30a2\u30a6\u30c8\u3057\u307e\u3059\u304b?",
"zh-tw": "\u662f\u5426\u767b\u51fa\u6240\u6709\u670d\u52d9\uff1f",
"et": "Kas sa soovid k\u00f5igist \u00fclal loetletud teenustest v\u00e4lja logida?",
"he": "\u05d4\u05d0\u05dd \u05d0\u05ea\u05d4 \u05e8\u05d5\u05e6\u05d4 \u05dc\u05d4\u05ea\u05e0\u05ea\u05e7 \u05de\u05db\u05dc \u05d4\u05e9\u05e8\u05d5\u05ea\u05d9\u05dd \u05d4\u05de\u05d5\u05d6\u05db\u05e8\u05d9\u05dd \u05dc\u05de\u05e2\u05dc\u05d4?",
"pt-br": "Voc\u00ea quer sair de todos os servi\u00e7os acima?",
"zh": "\u4f60\u60f3\u540c\u65f6\u4ece\u4e0a\u9762\u7684\u8fd9\u4e9b\u670d\u52a1\u4e2d\u9000\u51fa\u5417\uff1f",
"ar": "\u0647\u0644 \u062a\u0631\u063a\u0628 \u0628\u062a\u0633\u062c\u064a\u0644 \u0627\u0644\u062e\u0631\u0648\u062c \u0645\u0646 \u062c\u0645\u064a\u0639 \u0627\u0644\u062e\u062f\u0645\u0627\u062a \u0623\u0639\u0644\u0627\u061f",
"id": "Apakah anda ingin logout dari semua layanan diatas ?",
"sr": "\u017delite li se odjaviti iz svih gore navedenih servisa?"
},
"logout_all": {
"no": "Ja, alle tjenestene over",
"nn": "Ja, logg ut fr\u00e5 alle",
"sv": "Ja, alla tj\u00e4nster",
"es": "Si, todos los servicios",
"fr": "Oui, de tous les services",
"de": "Ja, alle Dienste",
"nl": "Ja, alle diensten",
"sl": "Da, odjavi me z vseh storitev",
"da": "Ja, alle services",
"hu": "Igen, minden alkalmaz\u00e1sb\u00f3l",
"fi": "Kyll\u00e4, kaikista palveluista",
"pt": "Sim, todos os servi\u00e7os",
"pl": "Tak, wszystkie serwisy",
"cs": "Ano, v\u0161echny slu\u017eby",
"tr": "Evet, t\u00fcm servisler.",
"it": "Si, da tutti i servizi",
"hr": "Da, iz svih servisa",
"lt": "Taip, vis\u0173 paslaug\u0173",
"ja": "\u306f\u3044\u3001\u5168\u3066\u306e\u30b5\u30fc\u30d3\u30b9\u304b\u3089\u30ed\u30b0\u30a2\u30a6\u30c8\u3057\u307e\u3059",
"zh-tw": "Yea\uff0c\u767b\u51fa\u6240\u6709\u670d\u52d9",
"et": "Jah, k\u00f5igist teenustest",
"he": "\u05db\u05df, \u05db\u05dc \u05d4\u05e9\u05e8\u05d5\u05ea\u05d9\u05dd",
"pt-br": "Sim, todos os servi\u00e7os",
"zh": "\u662f\u7684\uff0c\u6240\u6709\u7684\u670d\u52a1",
"ar": "\u0646\u0639\u0645 \u0645\u0646 \u062c\u0645\u064a\u0639 \u0627\u0644\u062e\u062f\u0645\u0627\u062a",
"id": "Ya, semua layanan",
"sr": "Da, iz svih servisa"
},
"logout_only": {
"no": "Nei, bare %SP%",
"nn": "Nei, logg berre ut fr\u00e5 %SP%",
"sv": "Nej, endast %SP%",
"es": "No, s\u00f3lo %SPS",
"fr": "Non, seulement de %SP%",
"de": "Nein, nur %SP%",
"nl": "Nee, alleen %SP%",
"sl": "Ne, odjavi me samo z naslednjega %SP%",
"da": "Nej, kun %SP%",
"hu": "Nem, csak innen: %SP%",
"fi": "Ei, vain %SP%",
"pt": "N\u00e3o, apenas %SP%",
"pl": "Nie, tylko %SP%",
"cs": "Ne, jen %SP%",
"tr": "Hay\u0131r, sadece %SP%",
"it": "No, solo da %SP%",
"hr": "Ne, samo iz %SP%",
"lt": "Ne, tik %SP%",
"ja": "\u3044\u3044\u3048\u3001%SP% \u306e\u307f\u30ed\u30b0\u30a2\u30a6\u30c8\u3057\u307e\u3059",
"zh-tw": "\u4e0d\uff0c\u53ea\u6709 %SP%",
"et": "Ei, ainult %SP%",
"he": "\u05dc\u05d0, \u05e8\u05e7 %SP%",
"pt-br": "N\u00e3o, apenas de %SP%",
"zh": "\u4e0d\uff0c\u4ec5%SP%",
"ar": "\u0644\u0627 \u0645\u0646 %SP% \u0641\u0642\u0637",
"id": "Tidak, hanya %SP%",
"sr": "Ne, samo iz %SP%"
},
"incapablesps": {
"no": "En eller flere av tjenestene du er logget inn p\u00e5 <i>st\u00f8tter ikke logout<\/i>. Lukk nettleseren, dersom du \u00f8nsker \u00e5 logge ut fra disse tjenestene.",
"nn": "Ei eller fleire av tenestene du er innlogga p\u00e5 <i>st\u00f8tter ikkje utlogging<\/i>. Lukk weblesaren din for \u00e5 sikra at alle sesjonar blir lukka",
"sv": "En eller flera av tj\u00e4nsterna du \u00e4r inloggad i <i>kan inte hantera utloggning<\/i>. F\u00f6r att s\u00e4kerst\u00e4lla att du inte l\u00e4ngre \u00e4r inloggad i n\u00e5gon tj\u00e4nst ska du <i>st\u00e4nga din webbl\u00e4sare<\/i>.",
"es": "Uno o m\u00e1s de los servicios en los que est\u00e1 autenticado <i>no permite desconexi\u00f3n<\/i>. Para asegurarse de que todas sus sesiones se cierran, se le recomienda que <i>cierre todas las ventanas de su navegador<\/i>.",
"fr": "Un ou plusieurs des services auxquels vous \u00eates connect\u00e9 <i>ne g\u00e8rent pas la d\u00e9connexion<\/i>. Pour terminer les sessions sur ces services, vous devrez <i>fermer votre navigateur<\/i>.",
"de": "Einer oder mehrere Dienste an denen Sie angemeldet sind, <i>unterst\u00fctzen keine Abmeldung<\/i>. Um sicherzustellen, dass Sie abgemeldet sind, <i>schlie\u00dfen Sie bitte Ihren Webbrowser<\/i>.",
"nl": "Een of meer diensten waarop je bent inlogd hebben <i>geen ondersteuning voor uitloggen<\/i>. Om er zeker van te zijn dat al je sessies zijn be\u00ebindigd, kun je het beste <i>je webbrowser afsluiten<\/i>.",
"sl": "Ena ali ve\u010d storitev, v katere ste prijavljeni, <i>ne omogo\u010da odjave<\/i>. Odjavo iz teh storitev izvedete tako, da <i>zaprete spletni brskalnik<\/i>.",
"da": "En eller flere services som du er logget ind hos <i>underst\u00f8tter ikke log ou<\/i>. For at sikre at alle dine forbindelser er lukket, bedes du <i>lukke din browser<\/i>.",
"hu": "Egy vagy t\u00f6bb alkalmaz\u00e1s <i>nem t\u00e1mogatja a kijelenkez\u00e9st<\/i>. Hogy biztos\u00edtani lehessen, hogy nem maradt bejelentkezve, k\u00e9rj\u00fck, <i>l\u00e9pjen ki a b\u00f6ng\u00e9sz\u0151b\u0151l!<\/i>",
"pt": "Um ou mais dos servi\u00e7os onde se encontra autenticado <i>n\u00e3o suporta(m) a sa\u00edda<\/i>. Para garantir que todas as sess\u00f5es s\u00e3o encerradas, dever\u00e1 <i>encerrar o seu navegador Web<\/i>.",
"pl": "Jeden lub wi\u0119cej serwis\u00f3w , w kt\u00f3rych jeste\u015b zalogowany <i>nie obs\u0142uguje procesu wylogowania<\/i>. W celu upewnienia si\u0119, \u017ce wszystkie sesje s\u0105 zako\u0144czone, zalecane jest aby\u015b <i>zamkn\u0105\u0142 przegl\u0105dark\u0119<\/i>",
"cs": "Jedna, nebo v\u00edce slu\u017eeb, do kter\u00fdch jste p\u0159ihla\u0161en, nepodporuje odhla\u0161en\u00ed. Pokud se chcete odhl\u00e1sit, mus\u00edte ukon\u010dit v\u00e1\u0161 webov\u00fd prohl\u00ed\u017ee\u010d.",
"tr": "Giri\u015f yapt\u0131\u011f\u0131n\u0131z bir yada daha fazla servis <i>\u00e7\u0131k\u0131\u015f\u0131 desteklemiyor<\/i>. T\u00fcm oturumlar\u0131n\u0131z\u0131n kapat\u0131ld\u0131\u011f\u0131ndan emin olmak i\u00e7in, <i>taray\u0131c\u0131n\u0131z\u0131 kapatman\u0131z<\/i> \u00f6nerilir.",
"it": "Uno o pi&ugrave; servizi a cui sei connesso <i>non supportano la disconnessione<\/i>. Per assicurarsi di chiudere tutte le sessioni si consiglia di <i>chiudere il browser<\/i>",
"fi": "Yksi tai useampi palvelu johon olet kirjautunut <i>ei tue uloskirjautumista<\/i>. Varmistaaksesi, ett\u00e4 kaikki istuntosi sulkeutuvat, olet velvollinen <i>sulkemaan web-selaimsesi<\/i>.",
"hr": "Jedan ili vi\u0161e servisa na koje ste prijavljeni <i>ne podr\u017eava odjavljivanje<\/i>. Da biste bili sigurni da su sve va\u0161e sjednice zavr\u0161ene, preporu\u010damo da <i>zatvorite web preglednik<\/i>.",
"lt": "Viena ar daugiau paslaug\u0173, prie kuri\u0173 esate prisijung\u0119s <i>nepalaiko atsijungimo<\/i>. Siekiant u\u017etikrinti s\u0117kming\u0105 darbo pabaig\u0105, rekomenduojame <i>u\u017edaryti nar\u0161ykl\u0119<\/i>.",
"ja": "<i>\u30ed\u30b0\u30a2\u30a6\u30c8\u3092\u30b5\u30dd\u30fc\u30c8\u3057\u3066\u3044\u306a\u3044<\/i>\u4e00\u3064\u4ee5\u4e0a\u306e\u30b5\u30fc\u30d3\u30b9\u306b\u30ed\u30b0\u30a4\u30f3\u4e2d\u3067\u3059\u3002\u78ba\u5b9f\u306b\u30bb\u30c3\u30b7\u30e7\u30f3\u3092\u7d42\u4e86\u3055\u305b\u308b\u306b\u306f\u3001<i>WEB\u30d6\u30e9\u30a6\u30b6\u3092\u9589\u3058\u308b<\/i>\u4e8b\u3092\u63a8\u5968\u3057\u307e\u3059\u3002",
"zh-tw": "\u60a8\u767b\u5165\u7684\u670d\u52d9\u4e2d\u6709\u4e00\u500b\u6216\u4ee5\u4e0a <i>\u4e0d\u652f\u63f4\u767b\u51fa<\\\/i>\u3002\u8acb\u78ba\u8a8d\u60a8\u5df2\u95dc\u9589\u6240\u6709\u9023\u7dda\uff0c\u4e26<i>\u95dc\u9589\u700f\u89bd\u5668<\\\/i>\u3002",
"et": "\u00dcks v\u00f5i mitu teenust, millesse oled sisselogitud <i>ei toeta v\u00e4lja logimise<\/i>. Selleks, et olla kindel k\u00f5igi sessioonide l\u00f5petamises soovitame <i>sulgeda k\u00f5ik brauseri aknad<\/i>.",
"he": "\u05d0\u05d7\u05d3 \u05d0\u05d5 \u05d9\u05d5\u05ea\u05e8 \u05de\u05df \u05d4\u05e9\u05e8\u05d5\u05ea\u05d9\u05dd \u05e9\u05d0\u05ea\u05d4 \u05de\u05d7\u05d5\u05d1\u05e8 \u05d0\u05dc\u05d9\u05d4\u05dd <i>\u05dc\u05d0 \u05ea\u05d5\u05de\u05db\u05d9\u05dd \u05d1\u05d4\u05ea\u05e0\u05ea\u05e7\u05d5\u05ea<\/i> .\u05db\u05d3\u05d9 \u05dc\u05d5\u05d5\u05d3\u05d0 \u05e9\u05d4\u05ea\u05e0\u05ea\u05e7\u05ea \u05de\u05db\u05dc \u05d4\u05e9\u05d9\u05e8\u05d5\u05ea\u05d9\u05dd \u05de\u05de\u05d5\u05dc\u05e5 <i>\u05e9\u05ea\u05e1\u05d2\u05d5\u05e8 \u05d0\u05ea \u05d4\u05d3\u05e4\u05d3\u05e4\u05df<\/i>",
"pt-br": "Um ou mais dos servi\u00e7os que voc\u00ea est\u00e1 conectado <i>n\u00e3o suportam logout.<\/i> Para garantir que todas as suas sess\u00f5es ser\u00e3o fechadas, incentivamos voc\u00ea a <i>fechar seu navegador<\/i>.",
"zh": "\u4e00\u4e2a\u6216\u591a\u4e2a\u4f60\u5df2\u767b\u5f55\u7684\u670d\u52a1<i>\u4e0d\u652f\u6301\u9000\u51fa<\/i>\uff0c\u8bf7\u786e\u8ba4\u4f60\u6240\u6709sessions\u5df2\u5173\u95ed\uff0c\u6211\u4eec\u9f13\u52b1\u4f60 <i>\u5173\u95ed\u6d4f\u89c8\u5668<\/i>",
"ar": "\u0648\u0627\u062d\u062f\u0629 \u0627\u0648 \u0627\u0643\u062b\u0631 \u0645\u0646 \u0627\u0644\u062e\u062f\u0645\u0627\u062a \u0627\u0644\u062a\u064a \u0642\u0645\u062a \u0628\u062a\u0633\u062c\u064a\u0644 \u062f\u062e\u0648\u0644\u0643 \u0628\u0647\u0627 \u0644\u0627 \u062a\u062f\u0639\u0645 \u062a\u0633\u062c\u064a\u0644 \u0627\u0644\u062e\u0631\u0648\u062c. \u0644\u0644\u062a\u0623\u0643\u062f \u0645\u0646 \u0627\u0646 \u062c\u0645\u064a\u0639 \u0635\u0641\u062d\u0627\u062a\u0643 \u0642\u062f \u062a\u0645 \u0625\u063a\u0644\u0627\u0642\u0647\u0627 \u0642\u0645 \u0628\u0625\u063a\u0644\u0627\u0642 \u0645\u062a\u0635\u0641\u062d\u0643",
"id": "Satu atau beberapa layanan yang anda telah login <i>tidak mendukung logout<\/i>.Untuk meyakinkan semua session anda ditutup, anda disarankan untuk <i>menutup web browser anda<\/i>.",
"sr": "Jedan ili vi\u0161e servisa na koje ste prijavljeni <i>ne podr\u017eava odjavljivanje<\/i>. Da biste bili sigurni da su sve va\u0161e sesije zavr\u0161ene, preporu\u010dujemo da <i>zatvorite web pretra\u017eiva\u010d<\/i>."
},
"no": {
"no": "Nei",
"nn": "Nei",
"sv": "Nej",
"es": "No",
"fr": "Non",
"de": "Nein",
"nl": "Nee",
"sl": "Ne",
"da": "Nej",
"hu": "Nem",
"fi": "Ei",
"pt": "N\u00e3o",
"pl": "Nie",
"cs": "Ne",
"tr": "Hay\u0131r",
"it": "No",
"hr": "Ne",
"lt": "Ne",
"ja": "\u3044\u3044\u3048",
"zh-tw": "\u53d6\u6d88",
"et": "Ei",
"he": "\u05dc\u05d0",
"pt-br": "N\u00e3o",
"zh": "\u4e0d",
"ar": "\u0644\u0627",
"id": "Tidak",
"sr": "Ne"
},
"logging_out_from": {
"sl": "Odjava iz naslednjih storitev:",
"da": "Du logger ud af f\u00f8lgende services:",
"pt": "A sair dos servi\u00e7os seguintes:",
"sv": "Loggar ut fr\u00e5n f\u00f6ljande tj\u00e4nster:",
"no": "Logger ut fra f\u00f8lgende tjenester:",
"nn": "Logger ut fr\u00e5 f\u00f8lgende tenester:",
"de": "Melde Sie von den folgenden Diensten ab:",
"hr": "Odjavljujete se iz sljede\u0107ih servisa:",
"fr": "D\u00e9connexion des services suivants :",
"lt": "Vyksta atjungimas nuo \u0161i\u0173 paslaug\u0173:",
"it": "Disconnessione in corso dai seguenti servizi:",
"es": "Desconectarse de los siguientes servicios:",
"hu": "Kil\u00e9p\u00e9s az al\u00e1bbi szolg\u00e1ltat\u00e1sokb\u00f3l:",
"ja": "\u4ee5\u4e0b\u306e\u30b5\u30fc\u30d3\u30b9\u304b\u3089\u30ed\u30b0\u30a2\u30a6\u30c8\u3057\u307e\u3057\u305f:",
"nl": "Uitloggen van de volgende diensten:",
"zh-tw": "\u5f9e\u4e0b\u5217\u670d\u52d9\u767b\u51fa\uff1a",
"pl": "Wylogowanie z nast\u0119puj\u0105cych serwis\u00f3w:",
"et": "V\u00e4lja logimine j\u00e4rgmistest teenustest:",
"he": "\u05de\u05ea\u05e0\u05ea\u05e7 \u05de\u05d4\u05e9\u05e8\u05d5\u05ea\u05d9\u05dd \u05d4\u05d1\u05d0\u05d9\u05dd:",
"pt-br": "Saindo dos seguintes servi\u00e7os:",
"zh": "\u4ece\u4e0b\u5217\u670d\u52a1\u4e2d\u9000\u51fa",
"ar": "\u062a\u0633\u062c\u064a\u0644 \u062e\u0631\u0648\u062c \u0645\u0646 \u0627\u0644\u062e\u062f\u0645\u0627\u062a \u0623\u062f\u0646\u0627\u0647 ",
"id": "Log out dari layanan-layanan berikut:",
"sr": "Odjavljujete se iz slede\u0107ih servisa"
},
"failedsps": {
"sl": "Odjava z ene ali ve\u010d storitev ni uspela. Odjavo dokon\u010dajte tako, da <i>zaprete spletni brskalnik<\/i>.",
"da": "Kan ikke logge ud af en eller flere services. For at sikre at alle dine sessioner er lukket <i>skal du lukke din browser<\/i>.",
"pt": "N\u00e3o foi poss\u00edvel sair de um ou mais servi\u00e7os. Para garantir que todas as suas sess\u00f5es s\u00e3o fechadas, \u00e9 recomendado <i>fechar o seu browser<\/i>.",
"sv": "Kan inte logga ut fr\u00e5n eller flera tj\u00e4nster. F\u00f6r att vara s\u00e4ker p\u00e5 att du fortfarande inte \u00e4r inloggad ska du <i>st\u00e4nga igen alla dina webbl\u00e4sarf\u00f6nster<\/i>.",
"no": "Greide ikke \u00e5 logge ut fra en eller flere tjenester. For \u00e5 forsikre deg om at du blir logget ut, oppfordrer vi deg til \u00e5 <i>lukke nettleseren din<\/i>.",
"nn": "Greide ikkje \u00e5 logge ut fr\u00e5 ein eller fleire tenester. For \u00e5 sikre deg at du blir logga ut, oppfordrar vi deg til \u00e5 <i>lukke nettlesaren din<\/i>.",
"de": "Abmelden von einem oder mehreren Diensten schlug fehl. Um sicherzustellen, dass alle Ihre Sitzungen geschlossen sind, wird Ihnen empfohlen, <i>Ihren Webbrowser zu schlie\u00dfen<\/i>.",
"hr": "Odjavljivanje iz jednog ili vi\u0161e servisa nije uspjelo. Da biste bili sigurni da su sve va\u0161e sjednice zavr\u0161ene, preporu\u010damo da <i>zatvorite web preglednik<\/i>.",
"fr": "Impossible de se d\u00e9connecter d'un ou plusieurs services. Pour \u00eatre certain de clore vos sessions, il vous est recommand\u00e9 de <i>fermer votre navigateur<\/i>.",
"lt": "Nepavyksta atsijungti nuo vienos ar daugiau paslaug\u0173. Siekiant u\u017etikrinti s\u0117kming\u0105 darbo pabaig\u0105, rekomenduojame <i>u\u017edaryti nar\u0161ykl\u0119<\/i>.",
"it": "Impossibile disconnettersi da uno o pi\u00f9 servizi. Per assicurarsi di chiudere tutte le sessioni si consiglia di <i>chiudere il browser<\/i>",
"es": "Imposible desconectarse de uno o m\u00e1s servicios. Para asegurar que todas sus sesiones han sido cerradas, se recomienda que <i>cierre su navegador web<\/i>.",
"hu": "Legal\u00e1bb egy szolg\u00e1ltat\u00e1sb\u00f3l nem siker\u00fclt kil\u00e9pni. Ahhoz, hogy biztosan lez\u00e1rja a megkezdett munkamenetet, k\u00e9rj\u00fck, <i>z\u00e1rja be b\u00f6ng\u00e9sz\u0151j\u00e9t<\/i>.",
"ja": "\u4e00\u3064\u4ee5\u4e0a\u306e\u30b5\u30fc\u30d3\u30b9\u304b\u305f\u30ed\u30b0\u30a2\u30a6\u30c8\u51fa\u6765\u307e\u305b\u3093\u3067\u3057\u305f\u3002\u78ba\u5b9f\u306b\u30bb\u30c3\u30b7\u30e7\u30f3\u3092\u7d42\u4e86\u3055\u305b\u308b\u306b\u306f\u3001<i>WEB\u30d6\u30e9\u30a6\u30b6\u3092\u9589\u3058\u308b<\/i>\u4e8b\u3092\u63a8\u5968\u3057\u307e\u3059\u3002",
"nl": "Het was niet mogelijk bij een of meerdere diensten uit te loggen. Om alle sessies te sluiten, raden wij u aan uw <i>webbrowser te af te sluiten<\/i>.",
"zh-tw": "\u7121\u6cd5\u6b63\u5e38\u767b\u51fa\uff0c\u8acb\u78ba\u8a8d\u60a8\u5df2\u95dc\u9589\u6240\u6709\u9023\u7dda\uff0c<i>\u540c\u6642\u95dc\u9589\u6240\u6709\u700f\u89bd\u5668<\\\/i>\u3002",
"et": "\u00dchest v\u00f5i mitmest teenusest v\u00e4lja logimine ei \u00f5nnestunud. Selleks, et olla kindel k\u00f5igi sessioonide l\u00f5petamises soovitame <i>sulgeda k\u00f5ik brauseri aknad<\/i>.",
"he": "\u05d0\u05d9 \u05d0\u05e4\u05e9\u05e8 \u05dc\u05d4\u05ea\u05e0\u05ea\u05e7 \u05de\u05d0\u05d7\u05d3 \u05d0\u05d5 \u05d9\u05d5\u05ea\u05e8 \u05de\u05d4\u05e9\u05e8\u05d5\u05ea\u05d9\u05dd. \u05db\u05d3\u05d9 \u05dc\u05d5\u05d5\u05d3\u05d0 \u05e9\u05d4\u05ea\u05e0\u05ea\u05e7\u05ea <i>\u05de\u05d5\u05de\u05dc\u05e5 \u05dc\u05e1\u05d2\u05d5\u05e8 \u05d0\u05ea <\/i>.\u05d4\u05d3\u05e4\u05d3\u05e4\u05df \u05e9\u05dc\u05da",
"pt-br": "Incapaz de sair de um ou mais servi\u00e7os. Para garantir que todas as suas sess\u00f5es ser\u00e3o fechadas, incentivamos voc\u00ea a <i>fechar seu navegador<\/i>.",
"zh": "\u65e0\u6cd5\u4ece\u4e00\u4e2a\u6216\u8005\u591a\u4e2a\u670d\u52a1\u4e2d\u9000\u51fa\uff0c\u8bf7\u786e\u8ba4\u4f60\u6240\u6709sessions\u5df2\u5173\u95ed\uff0c\u6211\u4eec\u9f13\u52b1\u4f60 <i>\u5173\u95ed\u6d4f\u89c8\u5668<\/i>",
"ar": "\u0644\u0645 \u0627\u0633\u062a\u0637\u0639 \u062a\u0633\u062c\u064a\u0644 \u0627\u0644\u062e\u0631\u0648\u062c \u0645\u0646 \u0648\u0627\u062d\u062f\u0629 \u0627\u0648 \u0627\u0643\u062b\u0631 \u0645\u0646 \u0627\u0644\u062e\u062f\u0645\u0627\u062a. \u0644\u0644\u062a\u0623\u0643\u062f \u0645\u0646 \u0627\u0646 \u062c\u0645\u064a\u0639 \u0635\u0641\u062d\u0627\u062a\u0643 \u0642\u062f \u0623\u063a\u0644\u0642\u062a \u0642\u0645 \u0628\u0625\u063a\u0644\u0627\u0642 \u0645\u062a\u0635\u0641\u062d\u0643",
"id": "Tidak dapat log out dari satu atau beberapa layanan. Untuk memastikan semua session anda ditutup, anda disaranakan untuk <i>menutup web browser anda<\/i>.",
"sr": "Odjavljivanje iz jednog ili vi\u0161e servisa nije uspelo. Da biste bili sigurni da su sve va\u0161e sesija zavr\u0161ene, preporu\u010dujemo da <i>zatvorite web pretra\u017eiva\u010d<\/i>."
}
}

View File

@ -0,0 +1,32 @@
{
"header_saml20_sp": {
"en": "SAML 2.0 SP Demo Example"
},
"header_shib": {
"en": "Shibboleth demo"
},
"header_wsfed": {
"en": "WS-Fed SP Demo Example"
},
"header_diagnostics": {
"en": "SimpleSAMLphp Diagnostics"
},
"some_error_occurred": {
"en": "Some error occurred"
},
"intro": {
"en": "Hi, this is the status page of SimpleSAMLphp. Here you can see if your session is timed out, how long it lasts until it times out and all the attributes that are attached to your session."
},
"validfor": {
"en": "Your session is valid for %SECONDS% seconds from now."
},
"sessionsize": {
"en": "Session size: %SIZE%"
},
"attributes_header": {
"en": "Your attributes"
},
"logout": {
"en": "Logout"
}
}

View File

@ -0,0 +1,295 @@
{
"header_saml20_sp": {
"no": "SAML 2.0 SP Demo Eksempel",
"nn": "Demonstrasjon av SAML 2.0 SP",
"sv": "SAML 2.0 SP demoexempel",
"es": "Ejemplo de SAML 2.0 SP",
"fr": "Exemple de d\u00e9monstration de SP SAML 2.0",
"de": "SAML 2.0 SP Demo Beispiel",
"nl": "SAML 2.0 SP Demo",
"sl": "SAML 2.0 SP Demo primer",
"da": "SAML 2.0 tjenesteudbyder-demo",
"hr": "Primjer SAML 2.0 davatelja usluge",
"hu": "SAML 2.0 SP pr\u00f3ba p\u00e9lda",
"fi": "SAML 2.0 SP esimerkki",
"pt-br": "SAML 2.0 SP Exemplo",
"pt": "Exemplo de demonstra\u00e7\u00e3o do SP SAML 2.0",
"pl": "Przyk\u0142adowe Demo SAML 2.0 SP",
"cs": "SAML 2.0 SP Demo",
"tr": "SAML 2.0 SP Demo \u00d6rne\u011fi",
"it": "Demo di SAML 2.0 SP",
"lt": "SAML 2.0 SP Demonstracin\u0117s versijos Pavyzdys",
"ja": "SAML 2.0 SP \u30c7\u30e2\u4f8b",
"zh-tw": "SAML 2.0 SP \u5c55\u793a\u7bc4\u4f8b",
"et": "SAML 2.0 SP demon\u00e4ide",
"he": "\u05d4\u05d3\u05d2\u05de\u05ea \u05d3\u05d5\u05d2\u05de\u05d4 \u05dc\u05e1\"\u05e9 \u05de\u05e1\u05d5\u05d2 SAML 2.0",
"zh": "SAML 2.0 SP\u6f14\u793a\u6848\u4f8b",
"ar": "\u0627\u0633\u062a\u0639\u0631\u0627\u0636 \u0645\u062b\u0627\u0644 \u0644 SAML 2.0 SP",
"id": "Contoh Demo SAML 2.0 SP",
"sr": "SAML 2.0 SP Demo Primer"
},
"header_shib": {
"no": "Shibboleth Demo",
"nn": "Demonstrasjon av Shibboleth",
"sv": "Shibboleth demoexempel",
"es": "Ejemplo Shibboleth",
"fr": "Exemple de d\u00e9monstration de Shibboleth",
"de": "Shibboleth Demo",
"nl": "Shibboleth demo",
"sl": "Shibboleth demo primer",
"da": "Shibboleth-demo",
"hr": "Shibboleth primjer",
"hu": "Shibboleth pr\u00f3ba",
"fi": "Shibboleth esimerkki",
"pt-br": "Shibboleth Demo",
"pt": "Exemplo de demonstra\u00e7\u00e3o do SP Shibboleth 1.3",
"pl": "Demo Shibboleth",
"cs": "Shibboleth demo",
"tr": "Shibboleth demo",
"it": "Demo di Shibboleth",
"lt": "Shibboleth demonstracin\u0117 versija",
"ja": "Shibboleth \u30c7\u30e2",
"zh-tw": "\u7279\u5b9a\u5c55\u793a",
"et": "Shibbolethi demo",
"he": "\u05d4\u05d3\u05d2\u05de\u05d4 \u05dc- Shibboleth",
"zh": "Shibboleth\u6f14\u793a",
"ar": "\u0627\u0633\u062a\u0639\u0631\u0627\u0636 Shibboleth",
"id": "Demo Shibboleth",
"sr": "Shibboleth Demo"
},
"header_wsfed": {
"no": "WS-Fed SP Demo Eksempel",
"nn": "Demonstrasjon av WS-Federation SP",
"sv": "WS-Fed SP demoexempel",
"es": "Ejemplo WS-Fed SP",
"fr": "Exemple de d\u00e9monstration de WS-Fed SP",
"de": "WS-Fed SP Demo Beispiel",
"nl": "WS-Fed SP Demo",
"sl": "WS-Fed SP demo primer",
"da": "WS-Federation tjenesteudbyder-demo",
"hr": "Primjer WS-Fed davatelja usluge",
"hu": "WS-Fed SP pr\u00f3ba p\u00e9lda",
"fi": "WS-FED SP esimerkki",
"pt-br": "WS-Fed SP Exemplo",
"pt": "Exemplo de demonstra\u00e7\u00e3o do SP WS-Fed",
"pl": "Przyk\u0142adowe Demo WS-Fed SP",
"cs": "WS-Fed SP Demo",
"tr": "WS-Fed SP Demo \u00d6rne\u011fi",
"it": "Demo di WS-Fed SP",
"lt": "WS-Fed SP Demonstracin\u0117s versijos Pavyzdys",
"ja": "WS-Fed SP \u30c7\u30e2\u4f8b",
"zh-tw": "WS-Fed SP \u5c55\u793a\u7bc4\u4f8b",
"et": "WS-Fed SP demon\u00e4ide",
"he": "\u05d4\u05d3\u05d2\u05de\u05ea \u05d3\u05d5\u05d2\u05de\u05d4 \u05dc\u05e1\"\u05e9 \u05de\u05e1\u05d5\u05d2 WS-Fed",
"zh": "WS-Fed SP \u6f14\u793a\u6848\u4f8b",
"ar": "\u0627\u0633\u062a\u0639\u0631\u0627\u0636 \u0645\u062b\u0627\u0644 \u0644 WS-Fed",
"id": "Contoh Demo WS-Fed SP",
"sr": "WS-Fed SP Demo Primer"
},
"header_diagnostics": {
"no": "SimpleSAMLphp diagnostikk",
"nn": "Feils\u00f8king av simpleSAMLphp",
"sv": "SimpleSAMLphp diagnostik ",
"es": "Diagn\u00f3stico simpleSAMLphp",
"fr": "Diagnostics SimpleSAMLphp",
"de": "SimpleSAMLphp Diagnose",
"nl": "SimpleSAMLphp controle",
"sl": "SimpleSAMLphp diagnostika",
"da": "simpleSAMLphp diagnostics",
"hr": "SimpleSAMLphp dijagnostika",
"hu": "SimpleSAMLphp hibakeres\u00e9s",
"fi": "SimpleSAMLphp diagnostiikka",
"pt-br": "Diagn\u00f3sticos do SimpleSAMLphp",
"pt": "Diagn\u00f3sticos do simpleSAMLphp",
"pl": "Diagnostyka SimpleSAMLphp",
"cs": "SimpleSAMLphp diagnostika",
"tr": "SimpleSAMLphp Kontroller",
"it": "Diagnostici di SimpleSAMLphp",
"lt": "SimpleSAMLphp Diagnostika",
"ja": "SimpleSAMLphp \u8a3a\u65ad",
"zh-tw": "SimpleSAMLphp \u8a3a\u65b7\u5de5\u5177",
"et": "SimpleSAMLphp diagnostika",
"he": "\u05d0\u05d9\u05d1\u05d7\u05d5\u05df SimpleSAMLphp",
"zh": "SimpleSAMLphp \u8bca\u65ad",
"ar": "\u062a\u0634\u062e\u064a\u0635 SimpleSAMLphp",
"id": "Diagnostik SimpleSAMLphp",
"sr": "SimpleSAMLphp Dijagnostika"
},
"some_error_occurred": {
"no": "En feil har oppst\u00e5tt",
"nn": "Ein feilsituasjon oppsto",
"sv": "Ett fel har intr\u00e4ffat",
"es": "Se produjo un error",
"fr": "Une erreur est survenue",
"de": "Es ist ein Fehler aufgetreten",
"nl": "Er is een fout opgetreden",
"sl": "Pri\u0161lo je do napake!",
"da": "En fejl opstod.",
"hr": "Pojavila se gre\u0161ka",
"hu": "Hiba t\u00f6rt\u00e9nt",
"fi": "Virhe",
"pt-br": "Ocorreu algum erro",
"pt": "Ocorreu um erro",
"pl": "Wystapi\u0142 jaki\u015b b\u0142\u0105d",
"cs": "Nalezena chyba",
"tr": "Hata olu\u015ftu",
"it": "Si \u00e8 verificato un errore",
"lt": "\u012evyko tam tikra klaida",
"ja": "\u5e7e\u3064\u304b\u306e\u30a8\u30e9\u30fc\u304c\u767a\u751f\u3057\u307e\u3057\u305f",
"zh-tw": "\u6709\u932f\u8aa4\u767c\u751f",
"et": "Ilmnes mingi t\u00f5rge",
"he": "\u05d4\u05ea\u05e8\u05d7\u05e9\u05d4 \u05e9\u05d2\u05d9\u05d0\u05d4",
"zh": "\u67d0\u4e9b\u9519\u8bef\u53d1\u751f\u4e86",
"ar": "\u0644\u0642\u062f \u062d\u062f\u062b \u062e\u0637\u0627 \u0645\u0627",
"id": "Beberapa error telah terjadi",
"sr": "Desila se gre\u0161ka"
},
"intro": {
"no": "Hei, dette er en statusside p\u00e5 simpleSAMLphp. Her kan du se om sesjonen din er timet ut, hvor lenge det er til den timer ut og attributter som er knyttet til din sesjon.",
"nn": "Hei, dette er statussida for simpleSAMLphp. Her kan du sj\u00e5 om sesjonen din er gyldig, kor lenge han varer og du kan sj\u00e5 alle attributt som blir brukte i sesjonen din.",
"sv": "Detta \u00e4r stutussidan f\u00f6r simpleSAMLphp. H\u00e4r kan du se om sessions giltig har g\u00e5tt ut, hur l\u00e4nge det dr\u00f6jer innan den g\u00e5r ut samt alla attribut som tillh\u00f6r sessionen.",
"es": "Hola, esta es la p\u00e1gina de estado de simpleSAMLphp. Desde aqu\u00ed puede ver si su sesi\u00f3n ha caducado, cuanto queda hasta que lo haga y todos los atributos existentes en su sesi\u00f3n.",
"fr": "Bonjour, vous \u00eates sur la page de statut de simpleSAMLphp. Vous pouvez consulter ici le temps restant sur votre session, ainsi que les attributs qui y sont attach\u00e9s.",
"de": "Hallo, das ist die Statusseite von simpleSAMLphp. Hier k\u00f6nnen Sie sehen, ob Ihre Sitzung ausgelaufen ist, wie lange die Sitzung noch g\u00fcltig ist und alle Attribute Ihrer Sitzung.",
"nl": "Dit is de overzichtspagina van simpleSAMLphp. Hier kunt u zien of uw sessie nog geldig is, hoe lang het nog duurt voordat deze verloopt, en u kunt alle attributen bekijken die aanwezig zijn in deze sessie.",
"sl": "\u017divjo! To je statusna stran simpleSAMLphp, ki omogo\u010da pregled nad trajanjem va\u0161e trenutne seje in atributi, ki so povezani z njo.",
"da": "Dette er statussiden for simpleSAMLphp.Du kan se om din session er udl\u00f8bet, hvor lang tid der er til at den udl\u00f8ber samt alle \u00f8vrige oplysninger om din session.",
"hr": "Ovo je stranica s prikazom aktualnog stanja Single Sign-On sjednice. Na ovoj stranici mo\u017eete vidjeti je li vam istekla sjednica, koliko \u0107e jo\u0161 dugo va\u0161a sjednica trajati te sve atribute koji su vezani uz va\u0161u sjednicu.",
"hu": "\u00dcdv\u00f6z\u00f6lj\u00fck, ez a SimpleSAMLphp st\u00e1tus oldala. Itt l\u00e1thatja, ha lej\u00e1rt a munkamenete, mikor l\u00e9pett be utolj\u00e1ra \u00e9s a munkamenethez tartoz\u00f3 attrib\u00fatumokat.",
"fi": "T\u00e4m\u00e4 on simpleSAMLphp:n statussivu. N\u00e4et onko istuntosi voimassa, kauanko se on voimassa ja kaikki istuuntosi liitetyt attribuutit.",
"pt-br": "Ol\u00e1, esta \u00e9 a p\u00e1gina de status simpleSAMLphp. Aqui voc\u00ea pode ver \u00e9 se a sua sess\u00e3o expirou, o tempo que dura at\u00e9 ele expirar e todos os atributos que est\u00e3o anexados \u00e0 sua sess\u00e3o.",
"pt": "Est\u00e1 na p\u00e1gina de status do simpleSAMLphp. Aqui poder\u00e1 consultar informa\u00e7\u00f5es sobre a sua sess\u00e3o: o tempo de expira\u00e7\u00e3o e os seus atributos.",
"pl": "Hej, to jest status strony simpleSAMLphp. Tutaj mo\u017cesz zaboaczy\u0107, czy Twoja sesja jest nadal aktywna, jak d\u0142ugo pozosta\u0142o czasu do zako\u0144czenia sesji i wszystkie atrybuty, kt\u00f3re zosta\u0142y za\u0142\u0105czone do sesji.",
"cs": "V\u00edtejte na informa\u010dn\u00ed str\u00e1nce. Zde uvid\u00edte, pokud vypr\u0161elo va\u0161e sezen\u00ed, jak dlouho jste pry\u010d a v\u0161echny atributy p\u0159ipojen\u00e9 k va\u0161emu sezen\u00ed.",
"tr": "Merhaba, bu simpleSAMLphp durum sayfas\u0131d\u0131r. Oturumunuzun s\u00fcresinin dolup dolmad\u0131\u011f\u0131n\u0131, oturumunuzun ne kadar s\u00fcrd\u00fc\u011f\u00fcn\u00fc ve oturumunuza ait t\u00fcm bilgileri buradan g\u00f6rebilirsiniz.",
"it": "Salve, questa \u00e8 la pagina di stato di simpleSAMLphp. Qui \u00e8 possiible vedere se la sessione \u00e8 scaduta, quanto \u00e8 durata prima di scadere e tutti gli attributi ad essa collegati.",
"lt": "Sveikia, \u010dia simpleSAMLphp b\u016bsenos tinklapis. \u010cia galite pamatyti, ar J\u016bs\u0173 sesija turi laiko apribojim\u0105, kiek trunka tas laiko apribojimas bei kitus J\u016bs\u0173 sesijai priskirtus atributus.",
"ja": "\u3053\u3093\u306b\u3061\u306f\u3001\u3053\u3053\u306f simpleSAMLphp\u306e\u30b9\u30c6\u30fc\u30bf\u30b9\u30da\u30fc\u30b8\u3067\u3059\u3002\u3053\u3053\u3067\u306f\u30bb\u30c3\u30b7\u30e7\u30f3\u306e\u30bf\u30a4\u30e0\u30a2\u30a6\u30c8\u6642\u9593\u3084\u30bb\u30c3\u30b7\u30e7\u30f3\u306b\u7d50\u3073\u3064\u3051\u3089\u308c\u305f\u5c5e\u6027\u60c5\u5831\u3092\u898b\u308b\u3053\u3068\u304c\u51fa\u6765\u307e\u3059\u3002",
"zh-tw": "\u55e8\uff0c\u9019\u662f simpleSAMLphp \u72c0\u614b\u9801\uff0c\u5728\u9019\u908a\u60a8\u53ef\u4ee5\u770b\u5230\u60a8\u7684\u9023\u7dda\u662f\u5426\u903e\u6642\uff0c\u4ee5\u53ca\u9084\u6709\u591a\u4e45\u624d\u903e\u6642\uff0c\u6240\u6709\u5c6c\u6027\u503c(attributes)\u90fd\u6703\u9644\u52a0\u5728\u4f60\u7684\u9023\u7dda\u88e1(session)\u3002",
"et": "Tere! See on SimpleSAMLphp olekuteave. Siit on v\u00f5imalik n\u00e4ha, kas su sessioon on aegunud, kui kaua see veel kestab ja k\u00f5iki teisi sessiooniga seotud atribuute.",
"he": "\u05e9\u05dc\u05d5\u05dd, \u05d6\u05d4\u05d5 \u05d3\u05e3 \u05d4\u05de\u05e6\u05d1 \u05e9\u05dc simpleSAMLphp. \u05db\u05d0\u05df \u05d0\u05e4\u05e9\u05e8 \u05dc\u05e8\u05d0\u05d5\u05ea \u05d0\u05dd \u05d4\u05e9\u05d9\u05d7\u05d4 \u05d4\u05d5\u05e4\u05e1\u05e7\u05d4, \u05db\u05de\u05d4 \u05d6\u05de\u05df \u05d4\u05d9\u05d0 \u05ea\u05de\u05e9\u05d9\u05da \u05e2\u05d3 \u05dc\u05d4\u05e4\u05e1\u05e7\u05ea\u05d4 \u05d5\u05db\u05dc \u05d4\u05ea\u05db\u05d5\u05e0\u05d5\u05ea \u05d4\u05de\u05e6\u05d5\u05e8\u05e4\u05d5\u05ea \u05dc\u05e9\u05d9\u05d7\u05d4.",
"zh": "\u55e8\uff0c\u8fd9\u662fsimpleSAMLphp\u72b6\u6001\u9875\u3002\u8fd9\u91cc\u4f60\u53ef\u4ee5\u770b\u5230\uff0c\u5982\u679c\u60a8\u7684\u4f1a\u8bdd\u8d85\u65f6\uff0c\u5b83\u6301\u7eed\u591a\u4e45\uff0c\u76f4\u5230\u8d85\u65f6\u548c\u8fde\u63a5\u5230\u60a8\u7684\u4f1a\u8bdd\u7684\u6240\u6709\u5c5e\u6027\u3002",
"ar": "\u0645\u0631\u062d\u0628\u0627\u064b \u0628\u0643\u0645 \u0641\u064a \u0635\u0641\u062d\u0629 \u062d\u0627\u0644\u0629 SimpleSAMLphp. \u064a\u0645\u0643\u0646\u0643 \u0647\u0646\u0627 \u0645\u0631\u0627\u0642\u0628\u0629 \u0648\u0642\u062a \u0627\u0646\u062a\u0647\u0627\u0621 \u062c\u0644\u0633\u062a\u0643\u060c \u0641\u062a\u0631\u0629 \u0627\u0633\u062a\u0645\u0631\u0627\u0631\u0647\u0627\u060c \u0645\u062a\u064a \u0633\u062a\u0646\u062a\u0647\u064a \u0648 \u062c\u0645\u064a\u0639 \u0627\u0644\u0633\u0645\u0627\u062a \u0627\u0644\u0645\u0631\u062a\u0628\u0637\u0629 \u0628\u0627\u0644\u062c\u0644\u0633\u0629",
"id": "Hai, ini adalah halaman status dari simpleSAMLphp. Disini anda dapat melihat jika session anda telah time out, berapa lama ia berlaku sampai time out dan semua attribut yang menempel pada session anda.",
"sr": "Ovo je stranica s prikazom aktuelnog stanja va\u0161e sesije. Na ovoj stranici mo\u017eete videti je li vam je istekla sesija, koliko \u0107e jo\u0161 dugo va\u0161a sesija trajati i sve atribute koji su vezani uz va\u0161u sesiju."
},
"validfor": {
"no": "Din sesjon er gyldig i %SECONDS% sekunder fra n\u00e5.",
"nn": "Din sesjon er gyldig i %SECONDS% sekund fr\u00e5 no.",
"sv": "Din session \u00e4r giltig f\u00f6r %SECONDS% sekunder fr\u00e5n nu.",
"es": "Su sesi\u00f3n ser\u00e1 valida durante %SECONDS% segundos.",
"fr": "Votre session est encore valide pour %SECONDS% secondes.",
"de": "Ihre Sitzung ist noch f\u00fcr %SECONDS% g\u00fcltig.",
"nl": "Uw sessie is nog %SECONDS% seconden geldig vanaf dit moment.",
"sl": "Va\u0161a trenutna seja je veljavna \u0161e %SECONDS% sekund.",
"da": "Du har %SECONDS% tilbage af din session",
"hr": "Va\u0161a sjednica bit \u0107e valjana jo\u0161 %SECONDS% sekundi.",
"hu": "Az \u00f6n munkamenete m\u00e9g %SECONDS% m\u00e1sodpercig \u00e9rv\u00e9nyes",
"fi": "Istuntosi on viel\u00e4 voimassa %SECONDS% sekuntia",
"pt-br": "Sua sess\u00e3o \u00e9 v\u00e1lida por %SECONDS% segundos a partir de agora.",
"pt": "A sua sess\u00e3o \u00e9 v\u00e1lida por %SECONDS% segundos.",
"pl": "Twoja sesja jest jeszcze wa\u017cna przez %SECONDS% sekund",
"cs": "Va\u0161e sezen\u00ed je platn\u00e9 %SECONDS% sekund od te\u010f.",
"tr": "Oturumunuz, \u015fu andan itibaren %SECONDS% saniyeli\u011fine ge\u00e7erlidir.",
"it": "La tua sessione \u00e8 valida per ulteriori %SECONDS% secondi.",
"lt": "J\u016bs\u0173 sesija galioja %SECONDS% sekund\u017ei\u0173, skai\u010diuojant nuo \u0161io momento.",
"ja": "\u30bb\u30c3\u30b7\u30e7\u30f3\u306f\u4eca\u304b\u3089 %SECONDS% \u79d2\u9593\u6709\u52b9\u3067\u3059",
"zh-tw": "\u60a8\u7684 session \u5f9e\u73fe\u5728\u8d77\u9084\u6709 %SECONDS% \u6709\u6548\u3002",
"et": "Sinu sessioon kehtib veel %SECONDS% sekundit.",
"he": "\u05d4\u05e9\u05d9\u05d7\u05d4 \u05e9\u05dc\u05da \u05d1\u05e8\u05ea-\u05ea\u05d5\u05e7\u05e3 \u05dc\u05e2\u05d5\u05d3 %SECONDS% \u05e9\u05e0\u05d9\u05d5\u05ea \u05de\u05e2\u05db\u05e9\u05d9\u05d5.",
"zh": "\u4f60\u7684\u4f1a\u8bdd\u5728%SECONDS%\u79d2\u5185\u6709\u6548",
"ar": "\u0633\u062a\u0633\u062a\u0645\u0631 \u062c\u0644\u0633\u062a\u0643 \u0644\u066a\u0639\u062f\u062f \u062b\u0648\u0627\u0646\u064a\u066a \u062b\u0627\u0646\u064a\u0629 \u062a\u0628\u062f\u0623 \u0627\u0644\u0627\u0646",
"id": "Session anda valid untuk %SECONDS% detik dari sekarang.",
"sr": "Va\u0161a sesija \u0107e biti validna jo\u0161 %SECONDS% sekundi."
},
"sessionsize": {
"no": "Sesjons st\u00f8rrelse: %SIZE%",
"nn": "Sesjonsstorleik: %SIZE%",
"sv": "Sessionsstorlek: %SIZE%",
"es": "Tama\u00f1o de la sesi\u00f3n: %SIZE%",
"fr": "Taille de la session : %SIZE%",
"de": "Gr\u00f6sse der Sitzung: %SIZE%",
"nl": "Sessiegrootte: %SIZE%",
"sl": "Velikost seje: %SIZE% bajtov",
"da": "Sessionsst\u00f8rrelse: %SIZE%",
"hr": "Veli\u010dina sjednice: %SIZE%",
"hu": "Munkamenet m\u00e9rete: %SIZE%",
"fi": "Istunnon koko: %SIZE%",
"pt-br": "Tamanho da sess\u00e3o: %SIZE%",
"pt": "Tamanho da sess\u00e3o: %SIZE%",
"pl": "Rozmiar sesji: %SIZE%",
"cs": "Velikost sezeni: %SIZE%",
"tr": "Oturum b\u00fcy\u00fckl\u00fc\u011f\u00fc: %SIZE%",
"it": "Dimensione della session: %SIZE%",
"lt": "Sesijos trukm\u0117: %SIZE%",
"ja": "\u30bb\u30c3\u30b7\u30e7\u30f3\u30b5\u30a4\u30ba: %SIZE%",
"zh-tw": "Session \u5927\u5c0f: %SIZE%",
"et": "Sessiooni suurus: %SIZE%",
"he": "\u05d2\u05d5\u05d3\u05dc \u05e9\u05d9\u05d7\u05d4: %SIZE%",
"ru": "\u0420\u0430\u0437\u043c\u0435\u0440 \u0441\u0435\u0441\u0441\u0438\u0438: %SIZE%",
"zh": "Session \u5927\u5c0f: %SIZE%",
"ar": "\u062d\u062c\u0645 \u0627\u0644\u062c\u0644\u0633\u0629 \u066a\u062d\u062c\u0645\u066a",
"id": "Ukuran session: %SIZE%",
"sr": "Veli\u010dina sesije: %SIZE%"
},
"attributes_header": {
"no": "Dine attributter",
"nn": "Dine attributtar",
"sv": "Dina attribut",
"es": "Atributos",
"fr": "Vos attributs",
"de": "Ihre Attribute",
"nl": "Uw attributen",
"sl": "Va\u0161i atributi",
"da": "Dine oplysninger",
"hr": "Va\u0161i atributi",
"hu": "Az \u00f6n attrib\u00fatumai",
"fi": "Attribuuttisi",
"pt-br": "Seus atributos",
"pt": "Os seus atributos",
"pl": "Twoje atrybuty",
"cs": "Va\u0161e atributy",
"tr": "Bilgileriniz",
"it": "I tuoi attributi",
"lt": "J\u016bs\u0173 atributai",
"ja": "\u5c5e\u6027",
"zh-tw": "\u60a8\u7684\u5c6c\u6027\u503c",
"et": "Sinu atribuudid",
"he": "\u05d4\u05ea\u05db\u05d5\u05e0\u05d5\u05ea \u05e9\u05dc\u05da",
"ru": "\u0412\u0430\u0448\u0438 \u0430\u0442\u0440\u0438\u0431\u0443\u0442\u044b",
"zh": "\u4f60\u7684\u5c5e\u6027",
"ar": "\u0627\u0644\u0633\u0645\u0627\u062a",
"id": "Attribut Anda",
"sr": "Va\u0161i atributi"
},
"logout": {
"no": "Logg ut",
"nn": "Logg ut",
"sv": "Logga ut",
"es": "Salir",
"fr": "D\u00e9connexion",
"de": "Abmelden",
"nl": "Logout",
"sl": "Odjava",
"da": "Log ud",
"hr": "Odjava",
"hu": "Kil\u00e9p\u00e9s",
"fi": "Uloskirjautuminen",
"pt-br": "Desconectar",
"pt": "Sair",
"pl": "Wyloguj",
"cs": "Odhl\u00e1\u0161en\u00ed",
"tr": "\u00c7\u0131k\u0131\u015f",
"it": "Disconnessione",
"lt": "Atsijungti",
"ja": "\u30ed\u30b0\u30a2\u30a6\u30c8",
"zh-tw": "\u767b\u51fa",
"et": "Logi v\u00e4lja",
"he": "\u05d4\u05ea\u05e0\u05ea\u05e7\u05d5\u05ea",
"ru": "\u0412\u044b\u0439\u0442\u0438",
"zh": "\u9000\u51fa",
"ar": "\u062a\u0633\u062c\u064a\u0644 \u0627\u0644\u062e\u0631\u0648\u062c",
"id": "Logout",
"sr": "Odjava"
}
}

View File

@ -0,0 +1,17 @@
Updated: December 19th, 2007
All you need to know to install and configure simpleSAMLphp is available at:
http://simplesamlphp.org/docs/
simpleSAMLphp homepage:
http://rnd.feide.no/simplesamlphp
simpleSAMLphp mailinglist (for support):
http://rnd.feide.no/content/simplesamlphp-users-mailinglist
To contact the author team:
andreas@uninett.no
(please use the mailinglist as often as possible for support questions and feature requests)

View File

@ -0,0 +1,68 @@
SimpleSAMLphp Documentation
===========================
* [Installing simpleSAMLphp](simplesamlphp-install)
* [Upgrade notes for version 1.10](simplesamlphp-upgrade-notes-1.10)
* [Upgrade notes for version 1.9](simplesamlphp-upgrade-notes-1.9)
* [Upgrade notes for version 1.8](simplesamlphp-upgrade-notes-1.8)
* [Upgrade notes for version 1.7](simplesamlphp-upgrade-notes-1.7)
* [Upgrade notes for version 1.6](simplesamlphp-upgrade-notes-1.6)
* [Upgrade notes for version 1.5](simplesamlphp-upgrade-notes-1.5)
* [Installation from Subversion](simplesamlphp-subversion)
* [Changelog](simplesamlphp-changelog)
* [Using simpleSAMLphp as a SAML Service Provider](simplesamlphp-sp)
* [Hosted SP Configuration Reference](./saml:sp)
* [IdP remote reference](simplesamlphp-reference-idp-remote)
* [Connecting SimpleSAMLphp as a SP to UK Access Federation or InCommon](simplesamlphp-ukaccess)
* [Upgrading - migration to use the SAML authentication source](simplesamlphp-sp-migration)
* [Configuring HTTP-Artifact](./simplesamlphp-artifact-sp)
* [Using scoping](./simplesamlphp-scoping)
* [Holder-of-Key profile](simplesamlphp-hok-sp)
* [Identity Provider QuickStart](simplesamlphp-idp)
* [IdP hosted reference](simplesamlphp-reference-idp-hosted)
* [SP remote reference](simplesamlphp-reference-sp-remote)
* [Use case: Setting up an IdP for Google Apps](simplesamlphp-googleapps)
* [Configuring HTTP-Artifact](./simplesamlphp-artifact-idp)
* [Identity Provider Advanced Topics](simplesamlphp-idp-more)
* [Holder-of-Key profile](simplesamlphp-hok-idp)
* [Automated Metadata Management](simplesamlphp-automated_metadata)
* [Maintenance and configuration](simplesamlphp-maintenance) - covers session handling, php configuration etc.
* [Authentication Processing Filters](simplesamlphp-authproc) - attribute filtering, attribute mapping, consent, group generation etc.
* [Advanced features](simplesamlphp-advancedfeatures) - covers bridging protocols, attribute filtering, etc.
* [SimpleSAMLphp Dictionaries and Translation](simplesamlphp-translation)
* [Theming simpleSAMLphp](simplesamlphp-theming)
* [simpleSAMLphp Modules](simplesamlphp-modules) - how to create own customized modules
* [Installing third party modules with the pack.php tool](pack)
* [Key rollover](./saml:keyrollover)
* [Creating authentication sources](./simplesamlphp-authsource)
* [Implementing custom username/password authentication](./simplesamlphp-customauth)
* [Storing sessions in Riak](./riak:simplesamlphp-riak)
Documentation on specific simpleSAMLphp modules:
* [Consent module](./consent:consent)
* [Installing and configuring the consentAdmin module](./consentAdmin:consentAdmin)
* [OpenId Provider Module](./openidProvider:provider)
* [Authorization](./authorize:authorize)
* [InfoCard Module](./InfoCard:usage)
* [autotest Module](./autotest:test)
* [Statistics](./statistics:statistics)
* [Aggregator](./aggregator:aggregator)
Documentation for simpleSAMLphp developers:
* [Error handling in simpleSAMLphp](simplesamlphp-errorhandling)
## Externally contributed documentation
* [Notes on using SimpleSAMLphp SP and Shibboleth IdP using SAML 2.0](http://www.zeitoun.net/articles/configure-simplesaml-1.3-sp-and-shibboleth-2.1-idp/start)
## Video tutorials
* [Installation, configuration and test login with Feide (approx 8 minutes)](http://rnd.feide.no/content/video-tutorial-installing-and-configuring-simplesamlphp)
## Community help and support
* [Please join the mailinglist](http://rnd.feide.no/content/simplesamlphp-users-mailinglist)
* [The simpleSAMLphp wiki](https://ow.feide.no/simplesamlphp:start) contains information about different setup of simpleSAMLphp. In example eduGAIN setup, common errors, linux setup, shibboleth installation etc.

View File

@ -0,0 +1,149 @@
The pack.php tool - Installation of third party SimpleSAMLphp modules
=====================================================================
<!--
This file is written in Markdown syntax.
For more information about how to use the Markdown syntax, read here:
http://daringfireball.net/projects/markdown/syntax
-->
<!-- {{TOC}} -->
This document describes the use of the `bin/pack.php` command line tool, and how it can be used to install third party SimpleSAMLphp modules.
*WARNING:* The *pack.php* tool is a recently added cutting edge tool that is considered experimental. We need to gather more experience and add better security before we will reccomend using this tool for production setups.
Online Module Repository
------------------------
The official repository of SimpleSAMLphp modules is available at:
* <http://simplesamlphp.org/modules>
Anyone can contribute simpleSAMLphp modules, so no guarantees on the quality of the module.
The anatomy of a module
-----------------------
A module is represented by **an identifier** that should be unique (you may not install two modules with the same identifier). An example of such an identifier is `metalisting`. The identifier is also the name of the first level directory that will be placed within the `modules/` directory in your simpleSAMLphp installation.
For a module to be handled by the *pack.php* tool, the module must have a **definition file**. The author or distributor of the module will provide a definition file. In order to install and upgrade modules and use the *pack.php* tool you do not need to care about the definition file, but it is good to know what is going on under the hood. The definition file is encoded in JSON and should be publicly available over HTTP. The URL of the defintion file is often used as a parameter to the *pack.php* tool. Once the module is installed you may switch to use the identifier as a parameter representing the module instead, and the identifier now is known to your local installation, and may find it's way to the remote defintion file automatically.
Here is an example of a defintiion file:
{
"id" : "selfregister",
"name" : "Self-register",
"descr" : "Allows users to register new accounts.",
"definition" : "http://simplesamlphp-labs.googlecode.com/svn/trunk/modules/selfregister/definition.json",
"branch" : "dev",
"access" : {
"dev" : {
"type" : "svn",
"version" : "0.1",
"url" : "http://simplesamlphp-labs.googlecode.com/svn/trunk/modules/selfregister"
}
}
}
A module may be available as multiple **branches**. Typically a branch represents different levels of maturity; you may have a alpha branch including the latest feature but not well tested, and a stable branch including a well-tested version with not the latest features. Branches may also be used to provide multiple versions of the module that may work with different versions of simpleSAMLphp. Say that the module uses an internal SimpleSAMLphp API that changes from the simpleSAMLphp 1.X to 2.X version; then the module may exists in a 1.X and a 2.X version. The available branches shuold be well explained in the module description.
A module may be offered using different alternative **access methods**. Currently two access methods is supported:
* zip: The module is provided compressed to a zip file, offered on a HTTP location. This access method requires installation of the *unzip* command line tool, if not already available.
* svn: The module is available in a public subversion repository. This access method requires installation of the command line *svn* tool, if not already available.
A list of your installed modules
--------------------------------
In your simpleSAMLphp installation home page, on the *configuration* tab, there is a link *Available modules*.
This page shows a list of all modules available in your installation, and which of them that is currently *enabled*. For the third party modules some more information is available, such as the version number, the installed branch, and whether there exists a more recent version.
The screenshot below shows an example from the available modules page:
![](http://clippings.erlang.no/ZZ37ACC060.jpg)
Using the pack.php tool
-----------------------
Use the command line, and go to the installation directory of simpleSAMLphp.
### Installing a module
To install a module you should use this command:
bin/pack.php install [module] [branch]
The *[module]* parameter should be the URL of a definition file.
If the *[branch]* argument is left out, the default branch will be installed. Here is an example for installing the metalisting module:
bin/pack.php install http://simplesamlphp-labs.googlecode.com/svn/trunk/modules/metalisting/definition.json
The installation of a module will include the module in the `modules/` directory, and copy all configuratino files from `config-templates/` to the global `config/` directory. It will also force enabling the module, by creating an empty `enable` file in the module directory.
### Removing a module
To remove a module:
bin/pack.php remove [module]
The [module] argument may be either a defintion URL, or a module identifier. In example to remove the metalisting module, type:
bin/pack.php remove metalisting
### Upgrading a module
To upgrade a module:
bin/pack.php upgrade [module]
The [module] argument may be either a defintion URL, or a module identifier. In example to upgrade the metalisting module, type:
bin/pack.php upgrade metalisting
Upgrading a module will upgrade to the latest version of the currently installed branch. If the access method is subversion, it will run `svn update`. If the access method is zip, it will compare the version number of the latest available version with the locally installed version.
### Upgrading all modules
If you type:
bin/pack.php upgrade-all
all installed third party modules will be upgraded to the latest version of the currently installed branch.

Binary file not shown.

After

Width:  |  Height:  |  Size: 125 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 9.1 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 13 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 66 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 111 KiB

View File

@ -0,0 +1,191 @@
simpleSAMLphp Advanced Features
===============================
<!--
This file is written in Markdown syntax.
For more information about how to use the Markdown syntax, read here:
http://daringfireball.net/projects/markdown/syntax
-->
* Version: `$Id: simplesamlphp-advancedfeatures.txt 2943 2011-10-11 08:18:53Z olavmrk $`
<!-- {{TOC}} -->
simpleSAMLphp documentation
---------------------------
This document is part of the simpleSAMLphp documentation suite.
- [List of all simpleSAMLphp documentation](http://simplesamlphp.org/docs)
This document assumes that you already have a installation of
simpleSAMLphp running, configured and working. This is the next
step :)
Bridging between protocols
--------------------------
A bridge between two protocols is built using both an IdP and an SP, connected together.
To let a SAML 2.0 SP talk to a SAML 1.1 IdP, you build a simpleSAMLphp bridge from a SAML 2.0 IdP and a SAML 1.1 SP.
The SAML 2.0 SP talks to the SAML 2.0 IdP, which hands the request over to the SAML 1.1 SP, which forwards it to the SAML 1.1 IdP.
If you have followed the instructions for setting up an SP, and have configured an authentication source, all you need to do is to add that authentication source to the IdP.
**Example of bridge configuration**
In `metadata/saml20-idp-hosted.php`:
'auth' => 'default-sp',
In `config/authsources.php`:
'default-sp' => array(
'saml:SP',
),
Attribute control
-----------------
Filtering, mapping, etc can be performed by using existing or create new *Authentication Processing Filters*. For more information, read:
* [Authentication Processing Filters in SimpleSAMLphp](simplesamlphp-authproc)
Automatic update of SAML 2.0 Metadata XML from HTTPS
----------------------------------------------------
The `metarefresh` module is the preferred method for doing this.
Please see the [metarefresh documentation](simplesamlphp-automated_metadata).
Auth MemCookie
--------------
It is possible to integrate simpleSAMLphp with [Auth MemCookie](http://authmemcookie.sourceforge.net/). This allows you to integrate simpleSAMLphp with web applications written in another language than PHP.
Auth MemCookie works by reading authentication data from a memcache server and setting environment variables based on attributes in this data. It also allows you to use the default Apache access control features to restrict access to your site.
The simpleSAMLphp Auth MemCookie module can be found in `www/authmemcookie.php` and the configuration should be stored in `config/authmemcookie.php`. You may have to copy this file from `config-template/authmemcookie.php`.
To use Auth MemCookie, you need to do the following steps:
1. Install and configure simpleSAMLphp for running as an SP.
2. Install and configure a memcache server.
3. Install and configure Auth MemCookie. Go to the
[Auth MemCookie homepage](http://authmemcookie.sourceforge.net/)
for downloads and installation instructions. The following example
(from `extra/auth_memcookie.conf`) may be useful when configuring
Auth MemCookie:
<Location />
# This is a list of memcache servers which Auth MemCookie
# should use. It is a ','-separated list of
# host:port-pairs.
# Note that this list must list the same servers as the
# 'authmemcookie.servers'-option in config.php in the
# configuration for simpleSAMLphp.
Auth_memCookie_Memcached_AddrPort "127.0.0.1:11211"
# This must be set to 'on' to enable Auth MemCookie for
# this directory.
Auth_memCookie_Authoritative on
# This adjusts the maximum number of data elements in the
# session data. The default is 10, which can be to low.
Auth_memCookie_SessionTableSize "40"
# These two commands are required to enable access control
# in Apache.
AuthType Cookie
AuthName "My Login"
# This command causes apache to redirect to the given
# URL when we receive a '401 Authorization Required'
# error. We redirect to "/simplesaml/authmemcookie.php",
# which initializes a login to the IdP.
ErrorDocument 401 "/simplesaml/authmemcookie.php"
</Location>
<Location /secret>
# This allows all authenticated users to access the
# directory. To learn more about the 'Require' command,
# please look at:
# http://httpd.apache.org/docs/2.0/mod/core.html#require
Require valid-user
</Location>
4.
Configure the simpleSAMLphp Auth MemCookie module by editing
`config/authmemcookie.php`. You must set the `username` option to a
valid attribute name. All other can most likely be left at their
default values.
5.
Enable the simpleSAMLphp Auth MemCookie module by setting
`enable.authmemcookie` to *`true`* in `config/config.php`.
6.
To test the installation, you can add the following script as your
`/secret/index.php` directory:
<html><body><table>
<?php
foreach($_SERVER as $key=>$value) {
echo('<tr><td>' . htmlspecialchars($key) . '</td><td>' . htmlspecialchars($value) . '</td></tr>');
}
?>
</table></body></html>
You should now be able to go to `http://yourserver/secret/` to test
the configuration. You should be redirected to your IdP, and after
entering your username and password you should be taken back to
`http://yourserver/secret/`. The resulting page should list all
environment variables set by Apache, including the ones set by Auth
MemCookie.
Metadata signing
----------------
simpleSAMLphp supports signing of the metadata it generates. Metadata signing is configured by four options:
- `metadata.sign.enable`: Whether metadata signing should be enabled or not. Set to `TRUE` to enable metadata signing. Defaults to `FALSE`.
- `metadata.sign.privatekey`: Name of the file with the private key which should be used to sign the metadata. This file must exist in in the `cert` directory.
- `metadata.sign.privatekey_pass`: Passphrase which should be used to open the private key. This parameter is optional, and should be left out if the private key is unencrypted.
- `metadata.sign.certificate`: Name of the file with the certificate which matches the private key. This file must exist in in the `cert` directory.
These options can be configured globally in the `config/config.php`-file, or per SP/IdP by adding them to the hosted metadata for the SP/IdP. The configuration in the metadata for the SP/IdP takes precedence over the global configuration.
There is also an additional fallback for the private key and the certificate. If `metadata.sign.privatekey` and `metadata.sign.certificate` isn't configured, simpleSAMLphp will use the `privatekey`, `privatekey_pass` and `certificate` options in the metadata for the SP/IdP.
Support
-------
If you need help to make this work, or want to discuss
simpleSAMLphp with other users of the software, you are fortunate:
Around simpleSAMLphp there is a great Open source community, and
you are welcome to join! The forums are open for you to ask
questions, contribute answers other further questions, request
improvements or contribute with code or plugins of your own.
- [simpleSAMLphp homepage (at Feide RnD)](http://rnd.feide.no/simplesamlphp)
- [List of all available simpleSAMLphp documentation](http://simplesamlphp.org/docs/)
- [Join the simpleSAMLphp user's mailing list](http://rnd.feide.no/content/simplesamlphp-users-mailinglist)
- [Visit and contribute to the simpleSAMLphp wiki](https://ow.feide.no/simplesamlphp:start)

View File

@ -0,0 +1,94 @@
Adding HTTP-Artifact support to the IdP
=======================================
This document describes the necessary steps to enable support for the HTTP-Artifact binding on a simpleSAMLphp IdP:
1. Configure simpleSAMLphp to use memcache to store the session.
2. Enable support for sending artifacts in `saml20-idp-hosted`.
3. Add the webserver certificate to the generated metadata.
Memcache
--------
To enable memcache, you must first install and configure memcache on the server hosting your IdP.
You need both a memcache server and a the PHP memcache client.
How this is done depends on the distribution.
If you are running Debian Lenny, you can install both by running:
aptitude install memcached php5-memcache
*Note*: For security, you must make sure that the memcache server is inaccessible to other hosts.
The default configuration on Debian Lenny is for the memcache server to be accessible to only the local host.
Once the memcache server is configured, you can configure simplesamlphp to use it to store sessions.
You can do this by setting the `session.handler` option in `config.php` to `memcache`.
If you are running memcache on a different server than the IdP, you must also change the `memcache_store.servers` option in `config.php`.
Enabling artifact on the IdP
----------------------------
To enable the IdP to send artifacts, you must add the `saml20.sendartifact` option to the `saml20-idp-hosted` metadata file:
$metadata['__DYNAMIC:1__'] = array(
[....]
'auth' => 'example-userpass',
'saml20.sendartifact' => TRUE,
);
Add new metadata to SPs
-----------------------
After enabling the Artifact binding, your IdP metadata will change to add a ArtifactResolutionService endpoint.
You therefore need to update the metadata for your IdP at your SPs.
`saml20-idp-remote` metadata for simpleSAMLphp SPs should contain something like:
'ArtifactResolutionService' => array(
array(
'index' => 0,
'Location' => 'https://idp.example.org/simplesaml/saml2/idp/ArtifactResolutionService.php',
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:SOAP',
),
),
SP metadata on the IdP
----------------------
An SP using the HTTP-Artifact binding must have an AssertionConsumerService endpoint supporting that binding.
This means that you must use the complex endpoint format in `saml20-sp-remote` metadata.
In general, that should look something like:
'AssertionConsumerService' => array (
array(
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST',
'Location' => 'https://sp.example.org/simplesaml/module.php/saml/sp/saml2-acs.php/default-sp',
'index' => 0,
),
array(
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact',
'Location' => 'https://sp.example.org/simplesaml/module.php/saml/sp/saml2-acs.php/default-sp',
'index' => 2,
),
),
(The specific values of the various fields will vary depending on the SP.)
Certificate in metadata
-----------------------
Some SPs validates the SSL certificate on the ArtifactResolutionService using the certificates in the metadata.
You may therefore have to add the webserver certificate to the metadata that your IdP generates.
To do this, you need to set the `https.certificate` option in the `saml20-idp-hosted` metadata file.
That option should refer to a file containing the webserver certificate.
$metadata['__DYNAMIC:1__'] = array(
[....]
'auth' => 'example-userpass',
'saml20.sendartifact' => TRUE,
'https.certificate' => '/etc/apache2/webserver.crt',
);

View File

@ -0,0 +1,29 @@
Using HTTP-Artifact from a simpleSAMLphp SP
===========================================
This document describes how to use the HTTP-Artifact binding to receive authentication responses from the IdP.
Which binding the IdP should use when sending authentication responses is controlled by the `ProtocolBinding` in the SP configuration.
To make your Service Provider (SP) request that the response from the IdP is sent using the HTTP-Artifact binding, this option must be set to the HTTP-Artifact binding.
In addition to selecting the binding, you must also add a private key and certificate to your SP.
This is used for SSL client authentication when contacting the IdP.
To generate a private key and certificate, you may use the `openssl` commandline utility:
openssl req -newkey rsa:2048 -new -x509 -days 3652 -nodes -out sp.example.org.crt -keyout sp.example.org.pem
You can then add the private key and certificate to the SP configuration.
When this is done, you can add the metadata of your SP to the IdP, and test the authentication.
Example configuration
---------------------
'artifact-sp' => array(
'saml:SP',
'ProtocolBinding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact',
'privatekey' => 'sp.example.org.pem',
'certificate' => 'sp.example.org.crt',
),
See the [SP configuration reference](./saml:sp) for a description of the options.

View File

@ -0,0 +1,173 @@
Authentication Processing Filters in SimpleSAMLphp
==================================================
<!--
This file is written in Markdown syntax.
For more information about how to use the Markdown syntax, read here:
http://daringfireball.net/projects/markdown/syntax
-->
* Version: `$Id: simplesamlphp-authproc.txt 3031 2012-02-13 12:50:35Z olavmrk $`
<!-- {{TOC}} -->
In SimpleSAMLphp, there is an API where you can *do stuff* at the IdP after authentication is complete, and just before you are sent back to the SP. The same API is available on the SP, after you have received a successfull Authentication Response from the IdP and before you are sent back to the SP application.
Authentication processing filters postprocesses authentication information received from authentication sources. It is possible to use this for additional authentication checks, requesting the users consent before delivering attributes to the user, modifying the users attributes, and other things which should be performed before returning the user to the service provider he came from.
Examples of neat things to do using Authentication Processing Filters:
* Filter out a subset of available attributes that are sent to a SP.
* Mofify the name of attributes
* Generate new attributes that are composed of others. In example eduPersonTargetedID.
* Ask the user for consent, before the user is sent back to a service
* Implement basic Access Control on the IdP (not neccessarily a good idea), limiting access for some users to some SPs.
Be aware that Authentication Proccessing Filters do replace some of the preivous features in simpleSAMLphp, named:
* `attributemap`
* `attributealter`
* attribute filter
Later in this document, we will desribe in detail the alternative Authentication Proccessing Filters that will replicate these functionalities.
How to configure Auth Proc Filters
----------------------------------
*Auth Proc Filters* can be set globally, or to be specific for only one SP or one IdP. That means there is three locations where you can configure *Auth Proc Filters*:
* Globally in `config.php`
* On the SP: Specific for only the SP in `authsources.php`
* On the SP: Specific for only one remote IdP in `saml20-idp-remote` or `shib13-idp-remote`
* On the IdP: Specific for only one hosted IdP in `saml20-idp-hosted` or `shib13-idp-hosted`
* On the IdP: Specific for only one remote SP in `saml20-sp-remote` or `shib13-sp-remote`
The configuration of *Auth Proc Filters* is a list of filters with priority as *index*. Here is an example of *Auth Proc Filters* configured in `config.php`:
'authproc.idp' => array(
10 => array(
'class' => 'core:AttributeMap',
'addurnprefix'
),
20 => 'core:TargetedID',
40 => 'core:AttributeRealm',
50 => 'core:AttributeLimit',
90 => array(
'class' => 'consent:Consent',
'store' => 'consent:Cookie',
'focus' => 'yes',
'checked' => TRUE
),
),
This configuration will execute *Auth Proc Filters* one by one, with the priority value in increasing order. When *Auth Proc Filters* is configured in multiple places, in example both globally, in the hosted IdP and remote SP metadata, then the list is interleaved sorted by priority.
The most important parameter of each item on the list is the *class* of the *Auth Proc Filter*. The syntax of the class is `modulename:classname`. As an example the class definition `core:AttributeLimit` will be expanded to look for the class `sspmod_core_Auth_Process_AttributeLimit`. The location of this class file *must* then be: `modules/core/lib/Auth/Process/AttributeLimit.php`.
You will see that a bunch of useful filters is included in the `core` module. In addition the `consent` module that is included in the simpleSAMLphp distribution implements a filter. Beyond that, you are encourage to create your own filters and share with the community. If you have created a cool *Auth Proc Filter* that do something useful, let us know, and we may share it from the [simpleSAMLphp web site][].
[simpleSAMLphp web site]: http://rnd.feide.no/simplesamlphp
When you know the class definition of a filter, and the priority, the simple way to configure the filter is:
20 => 'core:TargetedID',
This is analogue to:
20 => array(
'class' => 'core:TargetedID'
),
Some *Auth Proc Filters* have optional or required *parameters*. To send parameters to *Auth Proc Filters*, you need to choose the second of the two alernatives above. Here is an example of provided parameters to the consent module:
90 => array(
'class' => 'consent:Consent',
'store' => 'consent:Cookie',
'focus' => 'yes',
'checked' => TRUE
),
### Filters in `config.php`
Global *Auth Proc Filters* is configured in the `config.php` file. You will see that the config template already includes an example configuration.
There is two config parameters:
* `authproc.idp` and
* `authproc.sp`
The filters in `authproc.idp` will be executed at the IdP side regardless of which IdP and SP entity that is involved.
The filters in `authproc.sp` will be executed at the SP side regardless of which SP and IdP entity that is involved.
### Filters in metadata
Filters can be added both in `hosted` and `remote` metadata. Here is an example of a filter added in a metadata file:
'__DYNAMIC:1__' => array(
'host' => '__DEFAULT_',
'privatekey' => 'server.pem',
'certificate' => 'server.crt',
'auth' => 'feide',
'authproc' => array(
40 => 'core:AttributeRealm',
),
)
The example above is in `saml20-idp-hosted`.
Auth Proc Filters included in the simpleSAMLphp distribution
------------------------------------------------------------
The following filters are included in the simpleSAMLphp distribution:
- [`authorize:Authorize`](./authorize:authorize): Access control based on regular expressions.
- [`consent:Consent`](./consent:consent): Ask the user for consent before transmitting attributes.
- [`core:AttributeAdd`](./core:authproc_attributeadd): Add attributes to the response.
- [`core:AttributeAlter`](./core:authproc_attributealter): Do search-and-replace on attributevalues.
- [`core:AttributeLimit`](./core:authproc_attributelimit): Limit the attributes in the response.
- [`core:AttributeMap`](./core:authproc_attributemap): Change the name of the attributes.
- [`core:AttributeRealm`](./core:authproc_attributerealm): Create a attribute with the realm of the user.
- [`core:GenerateGroups`](./core:authproc_generategroups): Generate a `group` attribute for the user.
- [`core:LanguageAdaptor`](./core:authproc_languageadaptor): Transfering language setting from IdP to SP.
- [`core:PHP`](./core:authproc_php): Modify attributes with custom PHP code.
- [`core:ScopeAttribute`](./core:authproc_scopeattribute): Add scope to attribute.
- [`core:ScopeFromAttribute`](./core:authproc_scopefromattribute): Create a new attribute based on the scope on a different attribute.
- [`core:StatisticsWithAttribute`](./core:authproc_statisticswithattribute): Create a statistics logentry.
- [`core:TargetedID`](./core:authproc_targetedid): Generate the `eduPersonTargetedID` attribute.
- [`core:WarnShortSSOInterval`](./core:authproc_warnshortssointerval): Give a warning if the user logs into the same SP twice within a few seconds.
- ['expirycheck:ExpiryDate`](./expirycheck:expirycheck): Block access to accounts that have expired.
- [`preprodwarning:Warning`](./preprodwarning:warning): Warn the user about accessing a test IdP.
- [`saml:AttributeNameID`](./saml:nameid): Generate custom NameID with the value of an attribute.
- [`saml:ExpectedAuthnContextClassRef`](./saml:authproc_expectedauthncontextclassref): Verify the user's authnentication context.
- [`saml:NameIDAttribute`](./saml:nameidattribute): Create an attribute based on the NameID we receive from the IdP.
- [`saml:PersistentNameID`](./saml:nameid): Generate persistent NameID from an attribute.
- [`saml:TransientNameID`](./saml:nameid): Generate transient NameID.
Writing your own Auth Proc Filter
---------------------------------
Look at the included *Auth Proc Filters* as examples. Copy the classes into your own module and start playing around.
Authentication processing filters are created by creating a class under `Auth/Process/` in a module. This class is expected to subclass `SimpleSAML_Auth_ProcessingFilter`. A filter must implement at lease one function - the `process(&$request)`-function. This function can access the `$request`-array add, delete and modify attributes, and can also do more advanced processing based on the SP/IdP metadata (which is also included in the `$request`-array). When this function returns, it is assumed that the filter has finished processing.
If a filter for some reason needs to redirect the user, for example to show a web page, it should save the current request. Upon completion it should retrieve the request, update it with the changes it is going to make, and call `SimpleSAML_Auth_ProcessingChain::resumeProcessing`. This function will continue processing the next configured filter.
Requirements for authentication processing filters:
- Must be derived from the `SimpleSAML_Auth_ProcessingFilter`-class.
- If a constructor is implemented, it must first call the parent constructor, passing along all parameters, before accessing any of the parameters. In general, only the $config parameter should be accessed.
- The `process(&$state)`-function must be implemented. If this function completes, it is assumed that processing is completed, and that the $request array has been updated.
- If the `process`-function does not return, it must at a later time call `SimpleSAML_Auth_ProcessingChain::resumeProcessing` with the new request state. The request state must be an update of the array passed to the `process`-function.
- No pages may be shown to the user from the `process`-function. Instead, the request state should be saved, and the user should be redirected to a new page. This must be done to prevent unpredictable events if the user for example reloads the page.
- No state information should be stored in the filter object. It must instead be stored in the request state array. Any changes to variables in the filter object may be lost.
- The filter object must be serializable. It may be serialized between being constructed and the call to the `process`-function. This means that, for example, no database connections should be created in the constructor and later used in the `process`-function.
Don't hestitate to ask on the simpleSAMLphp mailinglist if you have problems or questions, or want to share your *Auth Proc Filter* with others.

View File

@ -0,0 +1,107 @@
Creating authentication sources
===============================
All authentication sources are located in the `lib/Auth/Source/` directory in a module, and the class name is `sspmod_<module>_Auth_Source_<name>`.
The authentication source must extend the `SimpleSAML_Auth_Source` class or one of its subclasses.
The "entry point" of an authentication source is the `authenticate()`-function.
Once that function is called, the authentication module can do whatever it wishes to do.
There are only two requirements:
- Never show any pages to the user directly from within the `authenticate()`-function.
(This will lead to problems if the user decides to reload the page.)
- Return control to simpleSAMLphp after authenticating the user.
If the module is able to authenticate the user without doing any redirects, it should just update the state-array and return.
If the module does a redirect, it must call `SimpleSAML_Auth_Source::completeAuth()` with the updated state array.
Everything else is up to the module.
If the module needs to redirect the user, for example because it needs to show the user a page asking for credentials, it needs to save the state array.
For that we have the `SimpleSAML_Auth_State` class.
This is only a convenience class, and you are not required to use it (but its use is encouraged, since it handles some potential pitfalls).
Saving state
------------
The `SimpleSAML_Auth_State` class has two functions that you should use:
`saveState($state, $stage)`, and `loadState($id, $stage)`.
The `$stage` parameter must be an unique identifier for the current position in the authentication.
It is used to prevent a malicious user from taking a state you save in one location, and give it to a different location.
The `saveState()`-function returns an id, which you should pass to the `loadState()`-function later.
Username/password authentication
--------------------------------
Since username/password authentication is quite a common operation, a base class has been created for this.
This is the `sspmod_core_Auth_UserPassBase` class, which is can be found as `modules/core/lib/Auth/UserPassBase.php`.
The only function you need to implement is the `login($username, $password)`-function.
This function receives the username and password the user entered, and is expected to return the attributes of that user.
If the username or password is incorrect, it should throw an error saying so:
throw new SimpleSAML_Error_Error('WRONGUSERPASS');
"[Implementing custom username/password authentication](./simplesamlphp-customauth)" describes how to implement username/password authentication using that base class.
Generic rules & requirements
----------------------------
-
Must be derived from the `SimpleSAML_Auth_Source`-class.
**Rationale**:
- Deriving all authentication sources from a single base class allows us extend all authentication sources by extending the base class.
-
If a constructor is implemented, it must first call the parent constructor, passing along all parameters, before accessing any of the parameters.
In general, only the $config parameter should be accessed when implementing the authentication source.
**Rationale**:
- PHP doesn't automatically call any parent constructor, so it needs to be done manually.
- The `$info`-array is used to provide information to the `SimpleSAML_Auth_Source` base class, and therefore needs to be included.
- Including the `$config`-array makes it possible to add generic configuration options that are valid for all authentication sources.
-
The `authenticate(&$state)`-function must be implemented.
If this function completes, it is assumed that the user is authenticated, and that the `$state`-array has been updated with the user's attributes.
**Rationale**:
- Allowing the `authenticate()`-function to return after updating the `$state`-array enables us to do authentication without redirecting the user.
This can be used if the authentication doesn't require user input, for example if the authentication can be done based on the IP-address of the user.
-
If the `authenticate`-function does not return, it must at a later time call `SimpleSAML_Auth_Source::completeAuth` with the new state array.
The state array must be an update of the array passed to the `authenticate`-function.
**Rationale**:
- Preserving the same state array allows us to save information in that array before the authentication starts, and restoring it when authentication completes.
-
No pages may be shown to the user from the `authenticate()`-function.
Instead, the state should be saved, and the user should be redirected to a new page.
**Rationale**:
- The `authenticate()`-function is called in the context of a different PHP page.
If the user reloads that page, unpredictable results may occur.
-
No state information about any authentication should be stored in the authentication source object.
It must instead be stored in the state array.
Any changes to variables in the authentication source object may be lost.
**Rationale**:
- This saves us from having to save the entire authentication object between requests.
Instead, we can recreate it from the configuration.
-
The authentication source object must be serializable.
It may be serialized between being constructed and the call to the `authenticate()`-function.
This means that, for example, no database connections should be created in the constructor and later used in the `authenticate()`-function.
**Rationale**:
- If parsing the configuration and creating the authentication object is shown to be a bottleneck, we can cache an initialized authentication source.

View File

@ -0,0 +1,231 @@
Automated Metadata Management
=============================
<!--
This file is written in Markdown syntax.
For more information about how to use the Markdown syntax, read here:
http://daringfireball.net/projects/markdown/syntax
-->
* Version: `$Id: simplesamlphp-automated_metadata.txt 3034 2012-02-16 07:30:11Z olavmrk $`
<!-- {{TOC}} -->
Introduction
------------
If you want to connect an Identity Provider, or a Service Provider to a **federation**, you need to setup metadata for the entries that you trust. In many federation, in particular federations based upon the Shibboleth software, it is normal to setup automated distributed metadata using the SAML 2.0 Metadata XML Format.
Some central administration or authority, provides a URL with a SAML 2.0 document including metadata for all entities in the federation.
This document explains how to setup automated downloading and parsing of a metadata document on a specific URL.
Preparations
------------
You need to enable the following modules:
1. cron
2. metarefresh
The cron module allows you to do tasks regularly, by setting up a cronjob that calls a hook in simpleSAMLphp.
The metarefresh module will download and parse the metadata document and store it in cached local metadata files.
You also need to copy the `config-templates` files from the two modules above, into the global `config/` directory.
[root@simplesamlphp] cd /var/simplesamlphp
[root@simplesamlphp simplesamlphp] touch modules/cron/enable
[root@simplesamlphp simplesamlphp] cp modules/cron/config-templates/*.php config/
[root@simplesamlphp simplesamlphp] touch modules/metarefresh/enable
[root@simplesamlphp simplesamlphp] cp modules/metarefresh/config-templates/*.php config/
Testing to parse the metadata document
--------------------------------------
We'll use the SWITCH AAI Test Federation as an example in this document. This federation provides metadata on this URL:
http://metadata.aai.switch.ch/metadata.aaitest.xml
I reccomend to first test on the command line to parse the metadata URL.
cd modules/metarefresh/bin
./metarefresh.php -s http://metadata.aai.switch.ch/metadata.aaitest.xml
We use the `-s` option to send output to console (for testing purposes). If the output makes sense, continue. If you get a lot of error messages, send an e-mail to the simpleSAMLphp list and ask for advice.
Below is the documentation provided by Nuno Gonçalves <nuno@fccn.pt>
Configuring the cron module
---------------------------
At `/var/simplesamlphp/config`
[root@simplesamlphp-teste config]# vi module_cron.php
edit:
$config = array (
       'key' => 'kb10fu2sao',
       'allowed_tags' => array('daily', 'hourly', 'frequent'),
       'debug_message' => TRUE,
       'sendemail' => TRUE,
);
Then: With your browser go to => https://simplesamlphp_machine/simplesaml/module.php/cron/croninfo.php
And copy the cron's sugestion:
-------------------------------------------------------------------------------------------------------------------
Cron is a way to run things regularly on unix systems.
Here is a suggestion for a crontab file:
# Run cron [daily]
02 0 * * * curl --silent "https://simplesamlphp-teste.fccn.pt/simplesaml/module.php/cron/cron.php?key=kb10fu2sao&tag=daily" > /dev/null 2>&1
# Run cron [hourly]
01 * * * * curl --silent "https://simplesamlphp-teste.fccn.pt/simplesaml/module.php/cron/cron.php?key=kb10fu2sao&tag=hourly" > /dev/null 2>&1
# Run cron [frequent]
XXXXXXXXXX curl --silent "https://simplesamlphp-teste.fccn.pt/simplesaml/module.php/cron/cron.php?key=kb10fu2sao&tag=frequent" > /dev/null 2>&1
Click here to run the cron jobs:
Run cron [daily]
Run cron [hourly]
Run cron [frequent]
-------------------------------------------------------------------------------------------------------------------
Add to CRON with
[root@simplesamlphp config]# crontab -e
Errors
------
Problem with sanitycheck module
When executing [Run cron [daily]] ==> an error shows up
Cause : module sanitycheck  ==> It is active by default (`/var/simplesamlphp/modules/sanitycheck/default-enable`)
* When executing Cron daily It will search all active modules and it executes the hook_cron.php for each one of them in :
`/var/simplesamlphp/modules/<nome_modulo>/hooks/hooks_cron.php`
Meanwhile it is waiting that each module conf file exists in the folder: `/var/simplesamlphp/config/config-<nome_modulo>.php`
It should exist one for the sanitycheck module => `config-sanitycheck.php` but it wasn't there and therefore the error showed up.
Giving an error at this modules it aborted execution for the next active modules.
Configuring the metarefresh module
----------------------------------
At `/var/simplesamlphp/config/`
[root@simplesamlphp config]# vi config-metarefresh.php
edit:
$config = array( 'sets' => array(
'kalmar' => array(
'cron' => array('hourly'),
'sources' => array(
array(
'src' => 'https://kalmar.feide.no/simplesaml/module.php/aggregator/?id=kalmarcentral&mimetype=text/plain&exclude=norway',
'validateFingerprint' => '591d4b4670463eeda91fcc816dc0af2a092aa801',
'template' => array(
'tags' => array('kalmar'),
'authproc' => array(
51 => array('class' => 'core:AttributeMap', 'oid2name'),
),
),
),
),
'expireAfter' => 60*60*24*4, // Maximum 4 days cache time.
'outputDir' => 'metadata/federation/',
/*
* Which output format the metadata should be saved as.
* Can be 'flatfile' or 'serialize'. 'flatfile' is the default.
*/
'outputFormat' => 'flatfile',
),
));
TEMPLATE FILE : /var/simplesamlphp/modules/metarefresh/config-templates/config-metarefresh.php
The configuration consists of one or more metadata sets. Each metadata
set has its own configuration. The following options are available:
`cron`
: Which of the cron tags will refresh this metadata set.
`sources`
: An array of metadata sources which will be included in this
metadata set. The contents of this option will be described in more
detail later.
`expireAfter`
: The maximum number of seconds a metadata entry will be valid.
`outputDir`
: The directory where the generated metadata will be stored. The path
is relative to the simpleSAMLphp base directory.
`outputFormat`
: The format of the generated metadata files. This must match the
metadata source added in `config.php`.
Each metadata source has the following options:
`src`
: The source URL where the metadata will be fetched from.
`validateFingerprint`
: The fingerprint of the certificate used to sign the metadata. You
don't need this option if you don't want to validate the signature
on the metadata.
`template`
: This is an array which will be combined with the fetched metadata to
generate the final metadata array.
After you have configured the metadata source, you need to give the
web-server write access to the output directory. Depending on the
platform, this may be done by a command similar to:
chown www-data /var/simplesamlphp/metadata/metadata-federation/
Then configure your simpleSAMLphp installation to use the generated metadata:
In config.php:
'metadata.sources' => array(
array('type' => 'flatfile'),
array('type' => 'flatfile', 'directory' => 'metadata/federation'),
),
Metadata cacheDuration
----------------------
SAML metadata may supply a cacheDuration attribute which indicates the maxium time to cache metadata. Because this module is run from cron, it cannot influence how often it is run and enfore this attribute by itself. Take care that you run metarefresh from cron at least as often as the shortest cacheDuration in your metadata sources.

File diff suppressed because it is too large Load Diff

View File

@ -0,0 +1,350 @@
Implementing custom username/password authentication
====================================================
This is a step-by-step guide for creating a custom username/password [authentication source](./simplesamlphp-authsource) for simpleSAMLphp.
An authentication source is responsible for authenticating the user, typically by getting a username and password, and looking it up in some sort of database.
<!-- {{TOC}} -->
Create a custom module
----------------------
All custom code for simpleSAMLphp should be contained in a [module](./simplesamlphp-modules).
This ensures that you can upgrade your simpleSAMLphp installation without overwriting your own code.
In this example, we will call the module `mymodule`.
It will be located under `modules/mymodule`.
First we need to create the module directory:
cd modules
mkdir mymodule
Since this is a custom module, it should always be enabled.
Therefore we create a `default-enable` file in the module.
We do that by copying the `default-enable` file from the `core` module.
cd mymodule
cp ../core/default-enable .
Now that we have our own module, we can move on to creating an authentication source.
Creating a basic authentication source
--------------------------------------
Authentication sources are implemented using PHP classes.
We are going to create an authentication source named `mymodule:MyAuth`.
It will be implemented in the file `modules/mymodule/lib/Auth/Source/MyAuth.php`.
To begin with, we will create a very simple authentication source, where the username and password is hardcoded into the source code.
Create the file `modules/mymodule/lib/Auth/Source/MyAuth.php` with the following contents:
<?php
class sspmod_mymodule_Auth_Source_MyAuth extends sspmod_core_Auth_UserPassBase {
protected function login($username, $password) {
if ($username !== 'theusername' || $password !== 'thepassword') {
throw new SimpleSAML_Error_Error('WRONGUSERPASS');
}
return array(
'uid' => array('theusername'),
'displayName' => array('Some Random User'),
'eduPersonAffiliation' => array('member', 'employee'),
);
}
}
Some things to note:
- The classname is `sspmod_mymodule_Auth_Source_MyAuth`.
This tells simpleSAMLphp to look for the class in `modules/mymodule/lib/Auth/Source/MyAuth.php`.
- Our authentication source subclassese `sspmod_core_Auth_UserPassBase`.
This is a helper-class that implements much of the common code needed for username/password authentication.
- The `login` function receives the username and password the user enters.
It is expected to authenticate the user.
If the username or password is correct, it must return a set of attributes for the user.
Otherwise, it must throw the `SimpleSAML_Error_Error('WRONGUSERPASS');` exception.
- Attributes are returned as an associative array of `name => values` pairs.
All attributes can have multiple values, so the values are always stored in an array.
Configuring our authentication source
-------------------------------------
Before we can test our authentication source, we must add an entry for it in `config/authsources.php`.
`config/authsources.php` contains an list of enabled authentication sources.
The entry looks like this:
'myauthinstance' => array(
'mymodule:MyAuth',
),
You can add it to the beginning of the list, so that the file looks something like this:
<?php
$config = array(
'myauthinstance' => array(
'mymodule:MyAuth',
),
/* Other authentication sources follow. */
);
`myauthinstance` is the name of this instance of the authentication source.
(You are allowed to have multiple instances of an authentication source with different configuration.)
The instance name is used to refer to this authentication source in other configuration files.
The first element of the configuration of the authentication source must be `'mymodule:MyAuth'`.
This tells simpleSAMLphp to look for the `sspmod_mymodule_Auth_Source_MyAuth` class.
Testing our authentication source
---------------------------------
Now that we have configured the authentication source, we can test it by accessing "authentication"-page of the simpleSAMLphp web interface.
By default, the web interface can be found on `http://yourhostname.com/simplesaml/`.
(Obviously, "yourhostname.com" should be replaced with your real hostname.)
Then select the "Authentication"-tab, and choose "Test configured authentication sources".
You should then receive a list of authentication sources from `config/authsources.php`.
Select `myauthinstance`, and log in using "theusername" as the username, and "thepassword" as the password.
You should then arrive on a page listing the attributes we return from the `login` function.
Next, you should log out by following the log out link.
Using our authentication source in an IdP
-----------------------------------------
To use our new authentication source in an IdP we just need to update the IdP configuration to use it.
Open `metadata/saml20-idp-hosted.php`.
In that file you should locate the `auth`-option for your IdP, and change it to `myauthinstance`:
<?php
/* ... */
$metadata['__DYNAMIC:1__'] = array(
/* ... */
/*
* Authentication source to use. Must be one that is configured in
* 'config/authsources.php'.
*/
'auth' => 'myauthinstance',
/* ... */
);
You can then test logging in to the IdP.
If you have logged in previously, you may need to log out first.
Adding configuration to our authentication source
-------------------------------------------------
Instead of hardcoding options in our authentication source, they should be configurable.
We are now going to extend our authentication source to allow us to configure the username and password in `config/authsources.php`.
First, we need to define the properties in the class that should hold our configuration:
private $username;
private $password;
Next, we create a constructor for the class.
The constructor is responsible for parsing the configuration and storing it in the properties.
public function __construct($info, $config) {
parent::__construct($info, $config);
if (!is_string($config['username'])) {
throw new Exception('Missing or invalid username option in config.');
}
$this->username = $config['username'];
if (!is_string($config['password'])) {
throw new Exception('Missing or invalid password option in config.');
}
$this->password = $config['password'];
}
We can then use the properties in the `login` function.
The complete class file should look like this:
<?php
class sspmod_mymodule_Auth_Source_MyAuth extends sspmod_core_Auth_UserPassBase {
private $username;
private $password;
public function __construct($info, $config) {
parent::__construct($info, $config);
if (!is_string($config['username'])) {
throw new Exception('Missing or invalid username option in config.');
}
$this->username = $config['username'];
if (!is_string($config['password'])) {
throw new Exception('Missing or invalid password option in config.');
}
$this->password = $config['password'];
}
protected function login($username, $password) {
if ($username !== $this->username || $password !== $this->password) {
throw new SimpleSAML_Error_Error('WRONGUSERPASS');
}
return array(
'uid' => array($this->username),
'displayName' => array('Some Random User'),
'eduPersonAffiliation' => array('member', 'employee'),
);
}
}
We can then update our entry in `config/authsources.php` with the configuration options:
'myauthinstance' => array(
'mymodule:MyAuth',
'username' => 'theconfigusername',
'password' => 'theconfigpassword',
),
Next, you should go to the "Test configured authentication sources" page again, and test logging in.
Note that we have updated the username & password to "theconfigusername" and "theconfigpassword".
(You may need to log out first before you can log in again.)
A more complete example - custom database authentication
--------------------------------------------------------
The [sqlauth:SQL](./sqlauth:sql) authentication source can do simple authentication against SQL databases.
However, in some cases it cannot be used, for example because the database layout is too complex, or because the password validation routines cannot be implemented in SQL.
What follows is an example of an authentication source that fetches an user from a database, and validates the password using a custom function.
This code assumes that the database contains a table that looks like this:
CREATE TABLE userdb (
username VARCHAR(32) PRIMARY KEY NOT NULL,
password_hash VARCHAR(64) NOT NULL,
full_name TEXT NOT NULL);
An example user (with password "secret"):
INSERT INTO userdb (username, password_hash, full_name)
VALUES('exampleuser', 'QwVYkvlrAMsXIgULyQ/pDDwDI3dF2aJD4XeVxg==', 'Example User');
In this example, the `password_hash` contains a base64 encoded SSHA password.
A SSHA password is created like this:
$password = 'secret';
$numSalt = 8; /* Number of bytes with salt. */
$salt = '';
for ($i = 0; $i < $numSalt; $i++) {
$salt .= chr(mt_rand(0, 255));
}
$digest = sha1($password . $salt, TRUE);
$password_hash = base64_encode($digest . $salt);
The class follows:
<?php
class sspmod_mymodule_Auth_Source_MyAuth extends sspmod_core_Auth_UserPassBase {
/* The database DSN.
* See the documentation for the various database drivers for information about the syntax:
* http://www.php.net/manual/en/pdo.drivers.php
*/
private $dsn;
/* The database username & password. */
private $username;
private $password;
public function __construct($info, $config) {
parent::__construct($info, $config);
if (!is_string($config['dsn'])) {
throw new Exception('Missing or invalid dsn option in config.');
}
$this->dsn = $config['dsn'];
if (!is_string($config['username'])) {
throw new Exception('Missing or invalid username option in config.');
}
$this->username = $config['username'];
if (!is_string($config['password'])) {
throw new Exception('Missing or invalid password option in config.');
}
$this->password = $config['password'];
}
/**
* A helper function for validating a password hash.
*
* In this example we check a SSHA-password, where the database
* contains a base64 encoded byte string, where the first 20 bytes
* from the byte string is the SHA1 sum, and the remaining bytes is
* the salt.
*/
private function checkPassword($passwordHash, $password) {
$passwordHash = base64_decode($passwordHash);
$digest = substr($passwordHash, 0, 20);
$salt = substr($passwordHash, 20);
$checkDigest = sha1($password . $salt, TRUE);
return $digest === $checkDigest;
}
protected function login($username, $password) {
/* Connect to the database. */
$db = new PDO($this->dsn, $this->username, $this->password);
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
/* Ensure that we are operating with UTF-8 encoding.
* This command is for MySQL. Other databases may need different commands.
*/
$db->exec("SET NAMES 'utf8'");
/* With PDO we use prepared statements. This saves us from having to escape
* the username in the database query.
*/
$st = $db->prepare('SELECT username, password_hash, full_name FROM userdb WHERE username=:username');
if (!$st->execute(array('username' => $username))) {
throw new Exception('Failed to query database for user.');
}
/* Retrieve the row from the database. */
$row = $st->fetch(PDO::FETCH_ASSOC);
if (!$row) {
/* User not found. */
SimpleSAML_Logger::warning('MyAuth: Could not find user ' . var_export($username, TRUE) . '.');
throw new SimpleSAML_Error_Error('WRONGUSERPASS');
}
/* Check the password. */
if (!$this->checkPassword($row['password_hash'], $password)) {
/* Invalid password. */
SimpleSAML_Logger::warning('MyAuth: Wrong password for user ' . var_export($username, TRUE) . '.');
throw new SimpleSAML_Error_Error('WRONGUSERPASS');
}
/* Create the attribute array of the user. */
$attributes = array(
'uid' => array($username),
'displayName' => array($row['full_name']),
'eduPersonAffiliation' => array('member', 'employee'),
);
/* Return the attributes. */
return $attributes;
}
}
And configured in `config/authsources.php`:
'myauthinstance' => array(
'mymodule:MyAuth',
'dsn' => 'mysql:host=sql.example.org;dbname=userdatabase',
'username' => 'db_username',
'password' => 'secret_db_password',
),

View File

@ -0,0 +1,243 @@
Exception and error handling in simpleSAMLphp
=============================================
<!--
This file is written in Markdown syntax.
For more information about how to use the Markdown syntax, read here:
http://daringfireball.net/projects/markdown/syntax
-->
* Version: `$Id$`
<!-- {{TOC}} -->
This document describes the way errors and exceptions are handled in authentication sources and authentication processing filters.
The basic goal is to be able to throw an exception during authentication, and then have that exception transported back to the SP in a way that the SP understands.
This means that internal simpleSAMLphp exceptions must be mapped to transport specific error codes for the various transports that are supported by simpleSAMLphp.
E.g.: When a `SimpleSAML_Error_NoPassive` error is thrown by an authentication processing filter in a SAML 2.0 IdP, we want to map that exception to the `urn:oasis:names:tc:SAML:2.0:status:NoPassive` status code.
That status code should then be returned to the SP.
Throwing exceptions
-------------------
How you throw an exception depends on where you want to throw it from.
The simplest case is if you want to throw it during the `authenticate()`-method in an authentication module or during the `process()`-method in a processing filter.
In those methods, you can just throw an exception:
public function process(&$state) {
if ($state['something'] === FALSE) {
throw new SimpleSAML_Error_Exception('Something is wrong...');
}
}
Exceptions thrown at this stage will be caught and delivered to the appropriate error handler.
If you want to throw an exception outside of those methods, i.e. after you have done a redirect, you need to use the `SimpleSAML_Auth_State::throwException()` function:
<?php
$id = $_REQUEST['StateId'];
$state = SimpleSAML_Auth_State::loadState($id, 'somestage...');
SimpleSAML_Auth_State::throwException($state,
new SimpleSAML_Error_Exception('Something is wrong...'));
?>
The `SimpleSAML_Auth_State::throwException` function will then transfer your exception to the appropriate error handler.
### Note
Note that we use the `SimpleSAML_Error_Exception` class in both cases.
This is because the delivery of the exception may require a redirect to a different web page.
In those cases, the exception needs to be serialized.
The normal `Exception` class in PHP isn't always serializable.
If you throw an exception that isn't a subclass of the `SimpleSAML_Error_Exception` class, your exception will be converted to an instance of `SimpleSAML_Error_UnserializableException`.
The `SimpleSAML_Auth_State::throwException` function does not accept any exceptions that does not subclass the `SimpleSAML_Error_Exception` class.
Returning specific SAML 2 errors
--------------------------------
By default, all thrown exceptions will be converted to a generic SAML 2 error.
In some cases, you may want to convert the exception to a specific SAML 2 status code.
For example, the `SimpleSAML_Error_NoPassive` exception should be converted to a SAML 2 status code with the following properties:
* The top-level status code should be `urn:oasis:names:tc:SAML:2.0:status:Responder`.
* The second-level status code should be `urn:oasis:names:tc:SAML:2.0:status:NoPassive`.
* The status message should contain the cause of the exception.
The `sspmod_saml_Error` class represents SAML 2 errors.
It represents a SAML 2 status code with three elements: the top-level status code, the second-level status code and the status message.
The second-level status code and the status message is optional, and can be `NULL`.
The `sspmod_saml_Error` class contains a helper function named `fromException`.
The `fromException()` function is used by `www/saml2/idp/SSOService.php` to return SAML 2 errors to the SP.
The function contains a list which maps various exceptions to specific SAML 2 errors.
If it is unable to convert the exception, it will return a generic SAML 2 error describing the original exception in its status message.
To return a specific SAML 2 error, you should:
* Create a new exception class for your error. This exception class must subclass `SimpleSAML_Error_Exception`.
* Add that exception to the list in `fromException()`.
* Consider adding the exception to `toException()` in the same file. (See the next section.)
### Note
While it is possible to throw SAML 2 errors directly from within authentication sources and processing filters, this practice is discouraged.
Throwing SAML 2 errors will tie your code directly to the SAML 2 protocol, and it may be more difficult to use with other protocols.
Converting SAML 2 errors to normal exceptions
---------------------------------------------
On the SP side, we want to convert SAML 2 errors to simpleSAMLphp exceptions again.
This is handled by the `toException()` method in `sspmod_saml_Error`.
The assertion consumer script of the SAML 2 authentication source (`modules/saml2/sp/acs.php`) uses this method.
The result is that generic exceptions are thrown from that authentication source.
For example, `NoPassive` errors will be converted back to instances of `SimpleSAML_Error_NoPassive`.
Other protocols
---------------
The error handling code has not yet been added to other protocols, but the framework should be easy to adapt for other protocols.
To eventually support other protocols was a goal when designing this framework.
Technical details
-----------------------
This section attempts to describe the internals of the error handling framework.
### `SimpleSAML_Error_Exception`
The `SimpleSAML_Error_Exception` class extends the normal PHP `Exception` class.
It makes the exceptions serializable by overriding the `__sleep()` method.
The `__sleep()` method returns all variables in the class which should be serialized when saving the class.
To make sure that the class is serializable, we remove the `$trace` variable from the serialization.
The `$trace` variable contains the full stack trace to the point where the exception was instantiated.
This can be a problem, since the stack trace also contains the parameters to the function calls.
If one of the parameters in unserializable, serialization of the exception will fail.
Since preserving the stack trace can be useful for debugging, we save a variant of the stack trace in the `$backtrace` variable.
This variable can be accessed through the `getBacktrace()` method.
It returns an array with one line of text for each function call in the stack, ending on the point where the exception was created.
#### Note
Since we lose the original `$trace` variable during serialization, PHP will fill it with a new stack trace when the exception is unserialized.
This may be confusing since the new stack trace leads into the `unserialize()` function.
It is therefore recommended to use the getBacktrace() method.
### `SimpleSAML_Auth_State`
There are two methods in this class that deals with exceptions:
* `throwException($state, $exception)`, which throws an exception.
* `loadExceptionState($id)`, which restores a state containing an exception.
#### `throwException`
This method delivers the exception to the code that initialized the exception handling in the authentication state.
That would be `SimpleSAML_Auth_Default` for authtentication sources, and `www/saml2/idp/SSOService.php` for processing filters.
To configure how and where the exception should be delivered, there are two fields in the state-array which can be set:
* `SimpleSAML_Auth_State::EXCEPTION_HANDLER_FUNC`, in which case the exception will be delivered by a function call to the function specified in that field.
* `SimpleSAML_Auth_State::EXCEPTION_HANDLER_URL`, in which case the exception will be delivered by a redirect to the URL specified in that field.
If the exception is delivered by a function call, the function will be called with two parameters: The exception and the state array.
If the exception is delivered by a redirect, SimpleSAML_Auth_State will save the exception in a field in the state array, pass a parameter with the id of the state array to the URL.
The `SimpleSAML_Auth_State::EXCEPTION_PARAM` constant contains the name of that parameter, while the `SimpleSAML_Auth_State::EXCEPTION_DATA` constant holds the name of the field where the exception is saved.
#### `loadException`
To retrieve the exception, the application should check for the state parameter in the request, and then retrieve the state array by calling `SimpleSAML_Auth_State::loadExceptionState()`.
The exception can be located in a field named `SimpleSAML_Auth_State::EXCEPTION_DATA`.
The following code illustrates this behaviour:
if (array_key_exists(SimpleSAML_Auth_State::EXCEPTION_PARAM, $_REQUEST)) {
$state = SimpleSAML_Auth_State::loadExceptionState();
$exception = $state[SimpleSAML_Auth_State::EXCEPTION_DATA];
/* Process exception. */
}
### `SimpleSAML_Auth_Default`
This class accepts an `$errorURL` parameter to the `initLogin()` function.
This parameter is stored in the `SimpleSAML_Auth_State::EXCEPTION_HANDLER_URL` of the state array.
Exceptions thrown by the authentication source will be delivered to that URL.
It also wraps the call to the `authenticate()` function inside a try-catch block.
Any exceptions thrown during that function call will be delivered to the URL specified in the `$errorURL` parameter.
This is done for consistency, since `SimpleSAML_Auth_Default` never transfers control back to the caller by returning.
### `SimpleSAML_Auth_ProcessingChain`
This class requires the caller to add the error handler to the state array before calling the `processState()` function.
Exceptions thrown by the processing filters will be delivered directly to the caller of `processState()` if possible.
However, if one of the filters in the processing chain redirected the user away from the caller, exceptions will be delivered through the error handler saved in the state array.
This is the same behaviour as normal processing filters.
The result will be delivered directly if it is possible, but if not, it will be delivered through a redirect.
The code for handling this becomes something like:
if (array_key_exists(SimpleSAML_Auth_State::EXCEPTION_PARAM, $_REQUEST)) {
$state = SimpleSAML_Auth_State::loadExceptionState();
$exception = $state[SimpleSAML_Auth_State::EXCEPTION_DATA];
/* Handle exception... */
[...]
}
$procChain = [...];
$state = array(
'ReturnURL' => SimpleSAML_Utilities::selfURLNoQuery(),
SimpleSAML_Auth_State::EXCEPTION_HANDLER_URL => SimpleSAML_Utilities::selfURLNoQuery(),
[...],
)
try {
$procChain->processState($state);
} catch (SimpleSAML_Error_Exception $e) {
/* Handle exception. */
[...];
}
#### Note
An exception which isn't a subclass of `SimpleSAML_Error_Exception` will be converted to the `SimpleSAML_Error_UnserializedException` class.
This happens regardless of whether the exception is delivered directly or through the error handler.
This is done to be consistent in what the application receives - now it will always receive the same exception, regardless of whether it is delivered directly or through a redirect.
Custom error show function
--------------------------
Optional custom error show function, called from SimpleSAML_Error_Error::show, is defined with 'errors.show_function' in config.php.
Example code for this function, which implements the same functionality as SimpleSAML_Error_Error::show, looks something like:
public static function show(SimpleSAML_Configuration $config, array $data) {
$t = new SimpleSAML_XHTML_Template($config, 'error.php', 'errors');
$t->data = array_merge($t->data, $data);
$t->show();
exit;
}

View File

@ -0,0 +1,77 @@
SimpleSAMLphp Features
======================
<!--
This file is written in Markdown syntax.
For more information about how to use the Markdown syntax, read here:
http://daringfireball.net/projects/markdown/syntax
-->
* Version: `$Id`
<!-- {{TOC}} -->
## Automatic Metadata Retrieval
SimpleSAMLphp supports regurlarly downloading SAML metadata form a HTTP location, optionally validating the signature on the metadata, and then cache the metadata to be used by a SP or IdP. Shibboleth introduced this functionality, and SimpleSAMLphp implements it in a compatible way.
## User Concent on Attribute Release
The consent module in simpleSAMLphp, originally developed by [wayf.dk](http://wayf.dk), asks the user for consent when logging in the a new Service Provider for the first time.
## Generic Authentication Processing Filter API
The *Authentication Processing Filter* API allows you to add modules and plugins that processes every time after authentication is completed. This API is used to among others:
* Attribute name translation
* User consent
* Warning about access to Pre-production environment
* Retrieval of attributes from an external source
* Filtering attributes (Attribute Release Policy implementations)
A bunch of pre-made *Authentication Processing Filter* is included in the simpleSAMLphp distribution. They can be used and re-configured out of the box, or can be used as examples of implementation of new processingn filters.
## Multiple Protocol Support
SimpleSAMLphp has implementations of a wide variety of federation protocols, including:
* SAML 2.0
* SAML 1.1 (Shibboleth 1.3 compatible protocol)
* OAuth
* OpenID
* InfoCard
* ADFS
* CAS
Authentication protocols that may be used:
* LDAP authentication
* SQL authentication
* YubiKey authentication
* Facebook API authentication
* Twitter authentication
## Protocol Bridging
Because of the generic concept of authentication sources in simpleSAMLphp, it becomes easy to in example in an OpenID Provider, to configure to use the SAML 2.0 SP as an authentication source.
Example of bridges:
* SAML 2.0 to SAML 2.0
* Shib 1.3 to SAML 2.0
* OpenID Provider to SAML 2.0 SP
## POST-Save
SimpleSAMLphp SP allows you to restore a HTTP-POST sent from the browser, even if the session is timed out and a fresh authentication is required.
An example of a usability problem, is when you are editing a wiki, and are about to save your changes: if your session is timed out your work is lost when you return from reauthentication. SimpleSAMLphp is the only known federation software that have implemented a solution to this problem.
## Dynamic SAML
SimpleSAMLphp has experimental support for dynamically downloading the metadata of an Service Provider or Identity Provider when receiving a new incomming message where the entityId is unknown. Dynamic SAML requires the EntityID to be an URL pointing to the metadata of the entity.

View File

@ -0,0 +1,250 @@
Setting up a simpleSAMLphp SAML 2.0 IdP to use with Google Apps for Education
============================================
<!--
This file is written in Markdown syntax.
For more information about how to use the Markdown syntax, read here:
http://daringfireball.net/projects/markdown/syntax
-->
* Version: `$Id: simplesamlphp-googleapps.txt 2835 2011-05-11 06:11:51Z olavmrk $`
<!-- {{TOC}} -->
simpleSAMLphp news and documentation
------------------------------------
This document is part of the simpleSAMLphp documentation suite.
* [List of all simpleSAMLphp documentation](http://simplesamlphp.org/docs)
* [Latest news about simpleSAMLphp](http://rnd.feide.no/taxonomy/term/4). (Also conatins an RSS feed)
* [simpleSAMLphp homepage](http://rnd.feide.no/simplesamlphp)
## Introduction
This article assumes that you have already read the simpleSAMLphp installation manual, and installed a version of simpleSAMLphp at your
server.
In this example we will setup this server as an IdP for Google Apps for Education:
dev2.andreas.feide.no
## Enabling the Identity Provider functionality
Edit `config.php`, and enable the SAML 2.0 IdP:
'enable.saml20-idp' => true,
'enable.shib13-idp' => false,
## Setting up a SSL signing certificate
For test purposes, you can skip this section, and use the certificate included in the simpleSAMLphp distribution. For a production system, you MUST generate a new certificate for your IdP.
Here is an example of an openssl command to generate a new key and a self signed certificate to use for signing SAML messages:
openssl req -newkey rsa:2048 -new -x509 -days 3652 -nodes -out googleappsidp.crt -keyout googleappsidp.pem
The certificate above will be valid for 10 years.
Here is an example of typical user input when creating a certificate request:
Country Name (2 letter code) [AU]:NO
State or Province Name (full name) [Some-State]:Trondheim
Locality Name (eg, city) []:Trondheim
Organization Name (eg, company) [Internet Widgits Pty Ltd]:UNINETT
Organizational Unit Name (eg, section) []:
Common Name (eg, YOUR name) []:dev2.andreas.feide.no
Email Address []:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
**Note**: simpleSAMLphp will only work with RSA and not DSA certificates.
Authentication source
---------------------
The next step is to configure the way users authenticate on your IdP. Various modules in the `modules/` directory provides methods for authenticating your users. This is an overview of those that are included in the simpleSAMLphp distribution:
`exampleauth:UserPass`
: Authenticate against a list of usernames and passwords.
`exampleauth:Static`
: Automatically log in as a user with a set of attributes.
[`ldap:LDAP`](./ldap:ldap)
: Authenticates an user to a LDAP server.
For more authentication modules, see [SimpleSAMLphp Identity Provider QuickStart](simplesamlphp-idp).
In this guide, we will use the `exampleauth:UserPass` authentication module. This module does not have any dependencies, and is therefore simple to set up.
After you have successfuly tested that everything is working with the simple `exampleauth:UserPass`, you are encouraged to setup simpleSAMLphp IdP towards your user storage, such as an LDAP directory. (Use the links on the authentication sources above to read more about these setups. `ldap:LDAP` is the most common authentication source).
Configuring the authentication source
-------------------------------------
The `exampleauth:UserPass` authentication source is part of the `exampleauth` module. This module isn't enabled by default, so you will have to enable it. This is done by creating a file named `enable` in `modules/exampleauth/`.
On unix, this can be done by running (from the simpleSAMLphp installation directory):
touch modules/exampleauth/enable
The next step is to create an authentication source with this module. An authentication source is an authentication module with a specific configuration. Each authentication source has a name, which is used to refer to this specific configuration in the IdP configuration. Configuration for authentication sources can be found in `config/authsources.php`.
In this example we will use the `example-userpass`, and hence that section is what matters and will be used.
<?php
$config = array(
'example-userpass' => array(
'exampleauth:UserPass',
'student:studentpass' => array(
'uid' => array('student'),
),
'employee:employeepass' => array(
'uid' => array('employee'),
),
),
);
?>
This configuration creates two users - `student` and `employee`, with the passwords `studentpass` and `employeepass`. The username and password is stored in the array index `student:studentpass` for the `student`-user. The attributes (only `uid` in this example) will be returned by the IdP when the user logs on.
## Configuring metadata for an SAML 2.0 IdP
If you want to setup a SAML 2.0 IdP for Google Apps, you need to configure two metadata files: `saml20-idp-hosted.php` and `saml20-sp-remote.php`.
### Configuring SAML 2.0 IdP Hosted metadata
This is the configuration of the IdP itself. Here is some example config:
// The SAML entity ID is the index of this config. Dynamic:X will automatically generate an entity ID (Reccomended)
'__DYNAMIC:1__' => array(
// The hostname of the server (VHOST) that this SAML entity will use.
'host' => '__DEFAULT__',
// X.509 key and certificate. Relative to the cert directory.
'privatekey' => 'googleappsidp.pem',
'certificate' => 'googleappsidp.crt',
'auth' => 'example-userpass',
)
**Note**: You can only have one entry in the file with host equal `__DEFAULT__`, therefore you should replace the existing entry with this one, instead of adding this entry as a new entry in the file.
### Configuring SAML 2.0 SP Remote metadata
In the (`saml20-sp-remote.php`) file we will configure an entry for Google Apps for education. There is already an entry for Google Apps in the template, but we will change the domain name:
/*
* This example shows an example config that works with Google Apps for education.
* What is important is that you have an attribute in your IdP that maps to the local part of the email address
* at Google Apps. E.g. if your google account is foo.com, and you have a user with email john@foo.com, then you
* must set the simplesaml.nameidattribute to be the name of an attribute that for this user has the value of 'john'.
*/
'google.com' => array(
'AssertionConsumerService' => 'https://www.google.com/a/g.feide.no/acs',
'NameIDFormat' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:email',
'simplesaml.nameidattribute' => 'uid',
'simplesaml.attributes' => false
);
You must also map some attributes received from the authentication module into email field sent to Google Apps. In this example, the `uid` attribute is set. When you later configure the IdP to connect to a LDAP directory or some other authentication source, make sure that the `uid` attribute is set properly, or you can configure another attribute to use here. The `uid` attribute contains the local part of the user name.
For an e-mail address `student@g.feide.no`, the `uid` should be set to `student`.
You should modify the `AssertionConsumerService` to include your Google Apps domain name instead of `g.feide.no`.
For an explanation of the parameters, see the
[SimpleSAMLphp Identity Provider QuickStart](simplesamlphp-idp).
## Configure Google Apps for education
Start by logging in to our Google Apps for education account panel.
Then select "Advanced tools":
**Figure&nbsp;1.&nbsp;We go to advanced tools**
![We go to advanced tools](http://rnd.feide.no/doc/resources/simplesamlphp-googleapps/googleapps-menu.png)
Then select "Set up single sign-on (SSO)":
**Figure&nbsp;2.&nbsp;We go to setup SSO**
![We go to setup SSO](http://rnd.feide.no/doc/resources/simplesamlphp-googleapps/googleapps-sso.png)
Upload a certificate, such as the googleappsidp.crt created above:
**Figure&nbsp;3.&nbsp;Uploading certificate**
![Uploading certificate](http://rnd.feide.no/doc/resources/simplesamlphp-googleapps/googleapps-cert.png)
Fill out the remaining fields:
The most important field is the Sign-in page URL. Set it to
something similar to:
http://dev2.andreas.feide.no/simplesaml/saml2/idp/SSOService.php
using the hostname of your IdP server.
You must also configure the IdP initiated Single LogOut endpoint of your server. The RelayState parameter of the endpoint is the URL where the user is redirected after successfull logout. Recommended value:
http://dev2.andreas.feide.no/simplesaml/saml2/idp/initSLO.php?RelayState=/simplesaml/logout.php
again, using the host name of your IdP server.
The Sign-out page or change password url can be static pages on your server.
The network mask determines which IP addresses will be asked for SSO login. IP addresses not matching this mask will be presented with the normal Google Apps login page. I think you can leave this field empty to enable authentication for all URLs.
**Figure&nbsp;4.&nbsp;Fill out the remaining fields**
![Fill out the remaining fields](http://rnd.feide.no/doc/resources/simplesamlphp-googleapps/googleapps-ssoconfig.png)
### Add a user in Google Apps that is known to the IdP
Before we can test login, a new user must be defined in Google Apps. This user must have a mail field matching the email prefix mapped from the attribute as described above in the metadata section.
## Test to login to Google Apps for education
Go to the URL of your mail account for this domain, the URL is similar to the following:
http://mail.google.com/a/yourgoogleappsdomain.com
replacing the last part with your own google apps domain name.
## Security Considerations
Make sure that your IdP server runs HTTPS (SSL). The Apache documentation contains information for how to configure HTTPS.
Make sure you have replaced the default certificate delivered with the simpleSAMLphp distribution with your own certificate.
Support
-------
If you need help to make this work, or want to discuss simpleSAMLphp with other users of the software, you are fortunate: Around simpleSAMLphp there is a great Open source community, and you are welcome to join! The forums are open for you to ask questions, contribute answers other further questions, request improvements or contribute with code or plugins of your own.
- [simpleSAMLphp homepage (at Feide RnD)](http://rnd.feide.no/simplesamlphp)
- [List of all available simpleSAMLphp documentation](http://simplesamlphp.org/docs/)
- [Join the simpleSAMLphp user's mailing list](http://rnd.feide.no/content/simplesamlphp-users-mailinglist)
- [Visit and contribute to the simpleSAMLphp wiki](https://ow.feide.no/simplesamlphp:start)

View File

@ -0,0 +1,77 @@
Adding Holder-of-Key Web Browser SSO Profile support to the IdP
===============================================================
This document describes the necessary steps to enable support for the [SAML V2.0 Holder-of-Key (HoK) Web Browser SSO Profile](http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-holder-of-key-browser-sso.pdf)
on a simpleSAMLphp Identity Provider (IdP).
The SAML V2.0 HoK Web Browser SSO Profile is an alternate version of the standard SAML Web Browser SSO Profile. Its primary benefit is the enhanced security of the SSO process
while preserving maximum compatibility with existing deployments on client and server side.
When using this profile the communication between the user and the IdP is required to be protected by the TLS protocol. Additionally, the user needs a TLS client certificate.
This certificate is usually selfsigned and stored in the certificate store of the browser or the underlying operating system.
Configuring Apache
------------------
The IdP requests a client certificate from the user agent during the TLS handshake. This behaviour is enabled with the following Apache webserver configuration:
SSLEngine on
SSLCertificateFile /etc/openssl/certs/server.crt
SSLCertificateKeyFile /etc/openssl/private/server.key
SSLVerifyClient optional_no_ca
SSLOptions +ExportCertData
If the user agent can successfully prove possession of the private key associated to the public key from the certificate, the received certificate is stored in the
environment variable `SSL_CLIENT_CERT` of the webserver. The IdP embeds the client certificate into the created HoK assertion.
Enabling HoK SSO Profile on the IdP
-----------------------------------
To enable the IdP to send HoK assertions you must add the `saml20.hok.assertion` option to the `saml20-idp-hosted` metadata file:
$metadata['__DYNAMIC:1__'] = array(
[....]
'auth' => 'example-userpass',
'saml20.hok.assertion' => TRUE,
);
Add new metadata to SPs
-----------------------
After enabling the Holder-of-Key Web Browser SSO Profile your IdP metadata will change. An additional HoK `SingleSignOnService` endpoint is added.
You therefore need to update the metadata for your IdP at your SPs.
The `saml20-idp-remote` metadata for simpleSAMLphp SPs should contain something like the following code:
'SingleSignOnService' => array (
array (
'hoksso:ProtocolBinding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
'Binding' => 'urn:oasis:names:tc:SAML:2.0:profiles:holder-of-key:SSO:browser',
'Location' => 'https://idp.example.org/simplesaml/saml2/idp/SSOService.php',
),
array (
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
'Location' => 'https://idp.example.org/simplesaml/saml2/idp/SSOService.php',
),
),
SP metadata on the IdP
----------------------
A SP using the HoK Web Browser SSO Profile must have an `AssertionConsumerService` endpoint supporting that profile.
This means that you have to use the complex endpoint format in `saml20-sp-remote` metadata.
In general, this should look like the following code:
'AssertionConsumerService' => array (
array(
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST',
'Location' => 'https://sp.example.org/simplesaml/module.php/saml/sp/saml2-acs.php/default-sp',
'index' => 0,
),
array(
'Binding' => 'urn:oasis:names:tc:SAML:2.0:profiles:holder-of-key:SSO:browser',
'Location' => 'https://sp.example.org/simplesaml/module.php/saml/sp/saml2-acs.php/default-sp',
'index' => 4,
),
),
(The specific values of the various fields will vary depending on the SP.)

View File

@ -0,0 +1,38 @@
Using Holder-of-Key Web Browser SSO Profile on a simpleSAMLphp SP
=================================================================
This document describes how to enable the [SAML V2.0 Holder-of-Key (HoK) Web Browser SSO Profile](http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-holder-of-key-browser-sso.pdf)
on a simpleSAMLphp Service Provider (SP).
The SAML V2.0 HoK Web Browser SSO Profile is an alternate version of the standard SAML Web Browser SSO Profile. Its primary benefit is the enhanced security of the SSO process
while preserving maximum compatibility with existing deployments on client and server side.
When using this profile the communication between the user and the SP is required to be protected by the TLS protocol. Additionally, the user needs a TLS client certificate.
This certificate is usually selfsigned and stored in the certificate store of the browser or the underlying operating system.
Configuring Apache
------------------
The SP requests a client certificate from the user agent during the TLS handshake. This behaviour is enabled with the following Apache webserver configuration:
SSLEngine on
SSLCertificateFile /etc/openssl/certs/server.crt
SSLCertificateKeyFile /etc/openssl/private/server.key
SSLVerifyClient optional_no_ca
SSLOptions +ExportCertData
If the user agent can successfully prove possession of the private key associated to the public key from the certificate, the received certificate is stored in the
environment variable `SSL_CLIENT_CERT` of the webserver.
Enable HoK on SP
----------------
Which binding/profile the Identity Provider (IdP) should use when sending authentication responses to the SP is controlled by the `ProtocolBinding` option in the SP configuration.
To make your SP request that the response from the IdP is send using the HoK SSO Profile, this option must be set accordingly:
'hok-sp' => array(
'saml:SP',
'ProtocolBinding' => 'urn:oasis:names:tc:SAML:2.0:profiles:holder-of-key:SSO:browser',
),
When this is done, you can add the metadata of your SP to the IdP and test the authentication.

View File

@ -0,0 +1,90 @@
SimpleSAMLphp Identity Provider Advanced Topics
===============================================
<!--
This file is written in Markdown syntax.
For more information about how to use the Markdown syntax, read here:
http://daringfireball.net/projects/markdown/syntax
-->
* Version: `$Id: simplesamlphp-idp-more.txt 2884 2011-08-09 06:25:34Z olavmrk $`
<!-- {{TOC}} -->
AJAX iFrame Single Log-Out
--------------------------
If you have read about the AJAX iFrame Single Log-Out approach at Andreas' blog and want to enable it, edit your saml20-idp-hosted.php metadata, and add this configuration line for the IdP:
'logouttype' => 'iframe',
Attribute Release Consent
-------------------------
The attribute release consent is documented in a separate document.
* [Documentation on the consent module](./consent:consent)
Support for bookmarking the login page
--------------------------------------
Most SAML software crash fatally when users bookmarks the login page and returns later when the cached session information is lost. This is natural as the login page happens in the middle of a SAML transaction, and the SAML software needs some references to the request in order to be able to produce the SAML Response.
SimpleSAMLphp has implemented a graceful fallback to tackle this situation. When simpleSAMLphp is not able to lookup a session in the login process, it fall-backs to the *IdP-first flow*, described in next section, where the reference to the request is not needed.
What happens in the IdP-first flow is that an *SAML unsolicited response* is sent back to the SP. An *unsolicited response* is a SAML Response with no reference to a SAML Request (no `InReplyTo` field).
When an SimpleSAMLphp IdP fall-back to IdP-first flow, the `RelayState` parameter sent from the SP in the SAML request is also lost. The RelayState information contain a reference key for the SP to lookup where to send the user after successfull authentication. The SimpleSAMLphp Service Provider supports configuring a static URL to redirect the user after a unsolicited response is received. See more information about the `RelayState` parameter in the next section: *IdP-first flow*.
IdP-first flow
--------------
If you do not want to start the SSO flow at the SP, you may use the IdP-first setup. To do this, redirect the user to the SSOService endpoint on the IdP with one parameter `spentityid` that match the SP EntityId that the user should be logged into.
Here is an example of such an url:
https://idp.example.org/simplesaml/saml2/idp/SSOService.php?spentityid=urn:mace:feide.no:someservice
You can also add a RelayState parameter to the IdP-first URL:
https://idp.example.org/simplesaml/saml2/idp/SSOService.php?spentityid=urn:mace:feide.no:someservice&RelayState=https://sp.example.org/somepage
The RelayState parameter is often uset do carry the URL the SP should redirect to after authentication.
### IdP first with SAML 1.1
A SAML 1.1 SP does not send an authentication request to the IdP, but instead triggers IdP initiated authentication directly.
If you want to do it manually, you can access the following URL:
https://idp.example.org/simplesaml/shib13/idp/SSOService.php?providerId=urn:mace:feide.no:someservice&shire=https://sp.example.org/acs-endpoint&target=https://sp.example.org/somepage
The parameters are as follows:
`providerID`
: The entityID of the SP.
This parameter is required.
`shire`
: The AssertionConsumerService endpoint of the SP.
This parameter is required.
`target`
: The target parameter the SP should receive with the authentication response.
This is often the page the user should be sent to after authentication.
This parameter is optional for the IdP, but must be specified if the SP you are targeting is running simpleSAMLphp SP.
: *Note*: This parameter must be sent as `target` (with lowercase letters) when starting the authentication, while it is sent as `TARGET` (with uppercase letters) in the authentication response.
IdP-initiated logout
--------------------
IdP-initiated logout can be initiated by visiting the URL:
https://idp.example.org/simplesaml/saml2/idp/SingleLogoutService.php?ReturnTo=<URL to return to after logout>
It will send a logout request to each SP, and afterwards return the user to the URL specified in the `ReturnTo` parameter.

View File

@ -0,0 +1,268 @@
SimpleSAMLphp Identity Provider QuickStart
===========================================
<!--
This file is written in Markdown syntax.
For more information about how to use the Markdown syntax, read here:
http://daringfireball.net/projects/markdown/syntax
-->
* Version: `$Id: simplesamlphp-idp.txt 3175 2012-09-25 09:21:35Z jaimepc@gmail.com $`
<!-- {{TOC}} -->
This guide will describe how to configure simpleSAMLphp as an identity provider (IdP). You should previously have installed simpleSAMLphp as described in [the simpleSAMLphp installation instructions](simplesamlphp-install)
Enabling the Identity Provider functionality
--------------------------------------------
The first that must be done is to enable the identity provider functionality. This is done by editing `config/config.php`. The options `enable.saml20-idp` and `enable.shib13-idp` controls whether SAML 2.0 and Shibboleth 1.3 support is enabled. Enable one or both of those by assigning `true` to them:
'enable.saml20-idp' => true,
'enable.shib13-idp' => true,
Authentication module
---------------------
The next step is to configure the way users authenticate on your IdP. Various modules in the `modules/` directory provides methods for authenticating your users. This is an overview of those that are included in the simpleSAMLphp distribution:
[`authcrypt:Hash`](./authcrypt:authcrypt)
: Username & password authentication with hashed passwords.
[`authcrypt:Htpasswd`](./authcrypt:authcrypt)
: Username & password authentication against .htpasswd file.
[`authX509:authX509userCert`](./authX509:authX509)
: Authenticate against a LDAP database with a SSL client certificate.
`exampleauth:UserPass`
: Authenticate against a list of usernames and passwords.
`exampleauth:Static`
: Automatically log in as a user with a set of attributes.
[`ldap:LDAP`](./ldap:ldap)
: Authenticates an user to a LDAP server.
[`ldap:LDAPMulti`](./ldap:ldap)
: Authenticates an user to one of several LDAP server.
The user can choose the LDAP server from a dropdown list.
[`sqlauth:SQL`](./sqlauth:sql)
: Authenticate an user against a database.
[`radius:Radius`](./radius:radius)
: Authenticates an user to a Radius server.
[`InfoCard:ICAuth`](./InfoCard:usage)
: Authenticate with an InfoCard.
[`multiauth:MultiAuth`](./multiauth:multiauth)
: Allow the user to select from a list of authentication sources.
`openid:OpenIDConsumer`
: Authenticate against an OpenID provider.
[`saml:SP`](./saml:sp)
: Authenticate against a SAML IdP. Can be used for bridging.
`authYubiKey:YubiKey`
: Authenticate with [an YubiKey](http://www.yubico.com/products/yubikey/).
[`authfacebook:Facebook`](./authfacebook:authfacebook)
: Authenticate with a Facebook ID.
[`authtwitter:Twitter`](./authtwitter:oauthtwitter)
: Authenticate with your Twitter account using the Twitter OAuth API.
[`papi:PAPI`](./papi:papi)
: Authenticate by means of the PAPI protocol.
In this guide, we will use the `exampleauth:UserPass` authentication module. This module does not have any dependencies, and is therefore simple to set up.
Configuring the authentication module
-------------------------------------
The `exampleauth:UserPass` authentication module is part of the `exampleauth` module. This module isn't enabled by default, so you will have to enable it. This is done by creating a file named `enable` in `modules/exampleauth/`.
On unix, this can be done by running (from the simpleSAMLphp
installation directory):
touch modules/exampleauth/enable
The next step is to create an authentication source with this module. An authentication source is an authentication module with a specific configuration. Each authentication source has a name, which is used to refer to this specific configuration in the IdP configuration. Configuration for authentication sources can be found in `config/authsources.php`.
In this setup, this file should contain a single entry:
<?php
$config = array(
'example-userpass' => array(
'exampleauth:UserPass',
'student:studentpass' => array(
'uid' => array('student'),
'eduPersonAffiliation' => array('member', 'student'),
),
'employee:employeepass' => array(
'uid' => array('employee'),
'eduPersonAffiliation' => array('member', 'employee'),
),
),
);
This configuration creates two users - `student` and `employee`, with the passwords `studentpass` and `employeepass`. The username and password is stored in the array index (`student:studentpass` for the `student`-user. The attributes for each user is configured in the array referenced by the index. For the student user, these are:
array(
'uid' => array('student'),
'eduPersonAffiliation' => array('member', 'student'),
),
The attributes will be returned by the IdP when the user logs on.
Configuring the IdP
-------------------
The IdP is configured by the metadata stored in
`metadata/saml20-idp-hosted.php` and `metadata/shib13-idp-hosted.php`.
This is a minimal configuration of a SAML 2.0 IdP:
<?php
$metadata['__DYNAMIC:1__'] = array(
/*
* The hostname for this IdP. This makes it possible to run multiple
* IdPs from the same configuration. '__DEFAULT__' means that this one
* should be used by default.
*/
'host' => '__DEFAULT__',
/*
* The private key and certificate to use when signing responses.
* These are stored in the cert-directory.
*/
'privatekey' => 'server.pem',
'certificate' => 'server.crt',
/*
* The authentication source which should be used to authenticate the
* user. This must match one of the entries in config/authsources.php.
*/
'auth' => 'example-userpass',
);
For more information about available options in the idp-hosted metadata
files, see the [IdP hosted reference](simplesamlphp-reference-idp-hosted).
Using the `uri` NameFormat on attributes
----------------------------------------
The [interoperable SAML 2 profile](http://saml2int.org/profile/current) specifies that attributes should be delivered using the `urn:oasis:names:tc:SAML:2.0:attrname-format:uri` NameFormat.
We therefore recommended enabling this in new installations.
This can be done by adding the following to the saml20-idp-hosted configuration:
'attributes.NameFormat' => 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri',
'authproc' => array(
// Convert LDAP names to oids.
100 => array('class' => 'core:AttributeMap', 'name2oid'),
),
Adding SPs to the IdP
---------------------
The identity provider you are configuring needs to know about the service providers you are going to connect to it.
This is configured by metadata stored in `metadata/saml20-sp-remote.php` and `metadata/shib13-sp-remote.php`.
This is a minimal example of a `metadata/saml20-sp-remote.php` metadata file for a simpleSAMLphp SP:
<?php
$metadata['https://sp.example.org/simplesaml/module.php/saml/sp/metadata.php/default-sp'] = array(
'AssertionConsumerService' => 'https://sp.example.org/simplesaml/module.php/saml/sp/saml2-acs.php/default-sp',
'SingleLogoutService' => 'https://sp.example.org/simplesaml/module.php/saml/sp/saml2-logout.php/default-sp',
);
Note that the URI in the entityID and the URLs to the AssertionConsumerService and SingleLogoutService endpoints change between different service providers.
If you have the metadata of the remote SP as an XML file, you can use the built-in XML to simpleSAMLphp metadata converter, which by default is available as `/admin/metadata-converter.php` in your simpleSAMLphp installation.
For more information about available options in the sp-remote metadata files, see the [SP remote reference](simplesamlphp-reference-sp-remote).
Creating a SSL self signed certificate
--------------------------------------
For test purposes, you can skip this section, and use the certificate included in the simpleSAMLphp distribution.
Here is an example of an `openssl`-command which can be used to generate a new private key key and the corresponding self-signed certificate.
This key and certificate can be used to sign SAML messages:
openssl req -newkey rsa:2048 -new -x509 -days 3652 -nodes -out example.org.crt -keyout example.org.pem
The certificate above will be valid for 10 years.
### Note ###
simpleSAMLphp will only work with RSA certificates. DSA certificates are not supported.
### Warning ###
The certificate that is included in the simpleSAMLphp distribution must **NEVER** be used in production, as the private key is also included in the package and can be downloaded by anyone.
Adding this IdP to other SPs
----------------------------
The method for adding this IdP to a SP varies between different types of SPs. In general, most SPs need some metadata from the IdP. This should be available from `/saml2/idp/metadata.php` and `/shib13/idp/metadata.php`.
Testing the IdP
---------------
The simplest way to test the IdP is to configure a simpleSAMLphp SP
on the same machine. See the instructions for
[configuring simpleSAMLphp as an SP](simplesamlphp-sp).
### Note ###
When running a simpleSAMLphp IdP and a simpleSAMLphp SP on the same computer, the SP and IdP **MUST** be configured with different hostnames. This prevents cookies from the SP to interfere with cookies from the IdP.
Support
-------
If you need help to make this work, or want to discuss simpleSAMLphp with other users of the software, you are fortunate: Around simpleSAMLphp there is a great Open source community, and you are welcome to join! The forums are open for you to ask questions, contribute answers other further questions, request improvements or contribute with code or plugins of your own.
- [simpleSAMLphp homepage (at Feide RnD)](http://rnd.feide.no/simplesamlphp)
- [List of all available simpleSAMLphp documentation](http://simplesamlphp.org/docs/)
- [Join the simpleSAMLphp user's mailing list](http://rnd.feide.no/content/simplesamlphp-users-mailinglist)
- [Visit and contribute to the simpleSAMLphp wiki](https://ow.feide.no/simplesamlphp:start)
A. IdP-first setup
------------------
If you do not want to start the SSO flow at the SP, you may use the IdP-first setup. To do this, redirect the user to the SSOService endpoint on the IdP with one parameter `spentityid` that match the SP EntityId that the user should be logged into.
Here is an example of such an url:
https://idp.example.org/simplesaml/saml2/idp/SSOService.php?spentityid=sp.example.org
If the SP is a simpleSAMLphp SP, you must also specify a `RelayState` parameter for the SP.
This must be set to an URL the user should be redirected to after authentication.
The `RelayState` parameter can be specified in the [SP configuration](saml:sp), or it can be sent from the IdP.
To send the RelayState parameter from a simpleSAMLphp IdP, specify it in the query string to SSOService.php:
https://idp.example.org/simplesaml/saml2/idp/SSOService.php?spentityid=sp.example.org&RelayState=https://sp.example.org/welcome.php
To set it in the SP configuration, add it to `authsources.php`:
'default-sp' => array(
'saml:SP',
'RelayState' => 'https://sp.example.org/welcome.php',
),

View File

@ -0,0 +1,325 @@
simpleSAMLphp Installation and Configuration
============================================
<!--
This file is written in Markdown syntax.
For more information about how to use the Markdown syntax, read here:
http://daringfireball.net/projects/markdown/syntax
-->
* Version: `$Id: simplesamlphp-install.txt 3075 2012-04-24 05:41:03Z olavmrk $`
<!-- {{TOC}} -->
simpleSAMLphp news and documentation
------------------------------------
This document is part of the simpleSAMLphp documentation suite.
* [List of all simpleSAMLphp documentation](http://simplesamlphp.org/docs)
* [Latest news about simpleSAMLphp](http://rnd.feide.no/taxonomy/term/4). (Also conatins an RSS feed)
* [simpleSAMLphp homepage](http://rnd.feide.no/simplesamlphp)
Development version
--------------------
This document is about the latest stable version of simpleSAMLphp.
If you want to install the development version, look at the instructions for [installing simpleSAMLphp from Subversion](simplesamlphp-subversion).
Prerequisites
-------------
* Some webserver capable of executing PHP scripts.
* PHP version >= 5.2.0.
* Suppoort for the following PHP extensions:
* Always required: `date`, `dom`, `hash`, `libxml`, `openssl`, `pcre`, `SPL`, `zlib`
* When encrypting assertions: `mcrypt`
* When authenticating against LDAP server: `ldap`
* When authenticating against RADIUS server: `radius`
* When saving session information to memcache-server: `memcache`
* When using database:
* Always: `PDO`
* Database driver: (`mysql`, `pgsql`, ...)
What actual packages are required for the various extensions varies between different platforms and distributions.
Download and install simpleSAMLphp
----------------------------------
The most recent relase of simpleSAMLphp is found at [code.google.com/p/simplesamlphp/](http://code.google.com/p/simplesamlphp/).
To obtain the latest stable version, download the archive file listed under Featured Dowloads.
Go to the directory where you want to install simpleSAMLphp, and extract the archive file you just downloaded:
cd /var
tar xzf simplesamlphp-1.x.y.tar.gz
mv simplesamlphp-1.x.y simplesamlphp
## Upgrading from a previous version of simpleSAMLphp
Extract the new version:
cd /var
tar xzf simplesamlphp-1.x.y.tar.gz
Copy the configuration files from the previous version:
cd /var/simplesamlphp-1.x.y
rm -rf config metadata
cp -rv ../simplesamlphp/config config
cp -rv ../simplesamlphp/metadata metadata
Replace the old version with the new version:
cd /var
mv simplesamlphp simplesamlphp.old
mv simplesamlphp-1.x.y simplesamlphp
If the format of the config files or metadata has changed from your previous version of simpleSAMLphp (check the revision log), you may have to update your configuration and metadata after updating the simpleSAMLphp code:
### Upgrading configuration files
A good approach is to run a `diff` between your previous `config.php` file and the new `config.php` file located in `config-templates/config.php`, and apply relevant modifications to the new template.
This will ensure that all new entries in the latest version of config.php are included, as well as preserve your local modifications.
### Upgrading metadata files
Most likely the metadata format is backwards compatible. If not, you should receive a very clear error message at startup indicating how and what you need to update. You should look through the metadata in the metadata-templates directory after the upgrade to see whether recommended defaults have been changed.
Configuring Apache
------------------
Examples below assume that simpleSAMLphp is installed in the default location, `/var/simplesamlphp`. You may choose another location, but this requires a path update in a few files. See Appendix for details Installing simpleSAMLphp in alternative locations.
The only subdirectories of `simpleSAMLphp` that needs to be accessible from the web is `www`. There are several ways of putting the simpleSAMLphp depending on the way web sites are structured on your apache web server. Here is what I believe is the best configuration.
Find the Apache configuration file for the virtual hosts where you want to run simpleSAMLphp. The configuration may look like this:
<VirtualHost *>
ServerName service.example.com
DocumentRoot /var/www/service.example.com
Alias /simplesaml /var/simplesamlphp/www
</VirtualHost>
Note the `Alias` directive, which gives control to simpleSAMLphp for all urls matching `http(s)://service.example.com/simplesaml/*`. simpleSAMLphp makes several SAML interfaces available on the web; all of them are included in the `www` subdirectory of your simpleSAMLphp installation. You can name the alias whatever you want, but the name must be specified in the `config.php` file of simpleSAML as described in [the section called “simpleSAMLphp configuration: config.php”](#sect.config "simpleSAMLphp configuration: config.php"). Here is an example of how this configuration may look like in `config.php`:
$config = array (
[...]
'baseurlpath' => 'simplesaml/',
simpleSAMLphp configuration: config.php
---------------------------------------
There is a few steps that you should edit in the main configuration
file, `config.php`, right away:
- Set a administrator password. This is needed to access some of the pages in your simpleSAMLphp installation web interface.
'auth.adminpassword' => 'setnewpasswordhere',
Hashed passwords can also be used here. See the [`authcrypt`](./authcrypt:authcrypt) documentation for more information.
- Set a secret salt. This should be a random string. Some parts of the simpleSAMLphp needs this salt to generate cryptographically secure hashes. SimpleSAMLphp will give an error if the salt is not changed from the default value. The command below can help you to generated a random string on (some) unix systems:
tr -c -d '0123456789abcdefghijklmnopqrstuvwxyz' </dev/urandom | dd bs=32 count=1 2>/dev/null;echo
Here is an example of the config option:
'secretsalt' => 'randombytesinsertedhere',
-
Set technical contact information. This information will be
available in the generated metadata. The e-mail address will also
be used for receiving error reports sent automatically by
simpleSAMLphp. Here is an example:
'technicalcontact_name' => 'Andreas Åkre Solberg',
'technicalcontact_email' => 'andreas.solberg@uninett.no',
-
If you use simpleSAMLphp in a country where english is not
widespread, you may want to change the default language from
english to something else:
'language.default' => 'no',
-
Set the timezone which you use:
'timezone' => 'Europe/Oslo',
* [List of Supported Timezones at php.net](http://php.net/manual/en/timezones.php)
Configuring PHP
---------------
### Sending e-mails from PHP
Some parts of simpleSAMLphp will allow you to send e-mails. In example sending error reports to technical admin, as well as sending in metadata to the federation administrators. If you want to make use of this functionality, you should make sure your PHP installation is configured to be able to send e-mails. It's a common problem that PHP is not configured to send e-mails properly. The configuration differs from system to system. On UNIX, PHP is using sendmail, on Windows SMTP.
Enable modules
--------------
If you want to enable some of the modules that are installed with simpleSAMLphp, but are disabled by default, you should create an empty file in the module directory named `enable`.
# Enabling the consent module
cd modules
ls -l
cd consent
touch enable
If you later want to disable the module, rename the `enable` file
to `disable`.
cd modules/consent
mv enable disable
The simpleSAMLphp installation webpage
--------------------------------------
After installing simpleSAMLphp, you can access the homepage of your installation, which contains some information and a few links to the test services. The url of an installation can be e.g.:
https://service.example.org/simplesaml/
The exact link depends on how you set it up with Apache, and off course on your hostname.
### Warning
Don't click on any of the links yet, because they require you to
either have setup simpleSAMLphp as an Service Provider or as an
Identity Provider.
Here is an example screenshot of what the simpleSAMLphp page looks
like:
![Screenshot of the simpleSAMLphp installation page.](http://rnd.feide.no/doc/resources/simplesamlphp-install/screenshot-installationpage.png)
### Check your PHP environment
At the bottom of the installation page are some green lights. simpleSAML runs some tests to see whether required and recommended prerequisites are met. If any of the lights are red, you may have to add some extensions or modules to PHP, e.g. you need the PHP LDAP extension to use the LDAP authentication module.
## Next steps
You have now successfully installed simpleSAMLphp, and the next steps depends on whether you want to setup a service provider, to protect a website by authentication or if you want to setup an identity provider and connect it to a user catalog. Documentation on bridging between federation protocols is found in a separate document.
* [Using simpleSAMLphp as a SAML Service Provider](simplesamlphp-sp)
* [Hosted SP Configuration Reference](./saml:sp)
* [IdP remote reference](simplesamlphp-reference-idp-remote)
* [Connecting SimpleSAMLphp as a SP to UK Access Federation or InCommon](simplesamlphp-ukaccess)
* [Upgrading - migration to use the SAML authentication source](simplesamlphp-sp-migration)
* [Identity Provider QuickStart](simplesamlphp-idp)
* [IdP hosted reference](simplesamlphp-reference-idp-hosted)
* [SP remote reference](simplesamlphp-reference-sp-remote)
* [Use case: Setting up an IdP for Google Apps](simplesamlphp-googleapps)
* [Identity Provider Advanced Topics](simplesamlphp-idp-more)
* [Automated Metadata Management](simplesamlphp-automated_metadata)
Support
-------
If you need help to make this work, or want to discuss simpleSAMLphp with other users of the software, you are fortunate: Around simpleSAMLphp there is a great Open source community, and you are welcome to join! The forums are open for you to ask questions, contribute answers other further questions, request improvements or contribute with code or plugins of your own.
- [simpleSAMLphp homepage (at Feide RnD)](http://rnd.feide.no/simplesamlphp)
- [List of all available simpleSAMLphp documentation](http://simplesamlphp.org/docs/)
- [Join the simpleSAMLphp user's mailing list](http://rnd.feide.no/content/simplesamlphp-users-mailinglist)
- [Visit and contribute to the simpleSAMLphp wiki](https://ow.feide.no/simplesamlphp:start)
Installing simpleSAMLphp in alternative locations
-------------------------------------------------
There may be several reasons why you want to install simpleSAMLphp
in an alternative way.
1. You are installing simpleSAMLphp in a hosted environment where you
do not have root access, and cannot change Apache configuration.
Still you can install simpleSAMLphp - keep on reading.
2. You have full permissions to the server, but cannot edit Apache
configuration for some reason, polictics, policy or whatever.
The SimpleSAMLphp code contains one folder named `simplesamlphp`. In this folder there are a lot of subfolders for library, metadata, configuration and much more. One of these folders is named `www`. This and *only this* folder should be exposed on the web. The reccomended configuration is to put the whole `simplesamlphp` folder outside the webroot, and then link in the `www` folder by using the `Alias` directive, as described in [the section called “Configuring Apache”](#sect.apacheconfig "Configuring Apache"). But this is not the only possible way.
As an example, let's see how you can install simpleSAMLphp in your home directory on a shared hosting server.
Extract the simpleSAMLphp archive in your home directory:
cd ~
tar xzf simplesamlphp-1.x.y.tar.gz
mv simplesamlphp-1.x.y simplesamlphp
Then you can try to make a symlink into the `public\_html` directory.
cd ~/public_html
ln -s ../simplesamlphp/www simplesaml
Next, you need to update the configuration of paths in `simplesamlphp/config/config.php`:
And, then we need to set the `baseurlpath` parameter to match the base path of the URLs to the content of your `www` folder:
'baseurlpath' => '~andreas/simplesaml/',
Now, you can go to the URL of your installation and check if things work:
http://yourcompany.com/~andreas/simplesaml/
### Tip
Symlinking may fail, because some Apache configurations do not allow you to link in files from outside the public\_html folder. If so, move the folder instead of symlinking:
cd ~/public_html
mv ../simplesamlphp/www simplesaml
Now you have the following directory structure.
- `~/simplesamlphp`
-
`~/public_html/simplesaml` where `simplesaml` is the `www`
directory from the `simplesamlphp` installation directory, either
moved or a symlink.
Now, we need to make a few configuration changes. First, let's edit
`~/public_html/simplesaml/_include.php`:
Change the two lines from:
require_once(dirname(dirname(__FILE__)) . '/lib/_autoload.php');
to something like:
require_once('/home/andreas/simplesamlphp/lib/_autoload.php');
And then at the end of the file, you need to change another line
from:
$configdir = dirname(dirname(__FILE__)) . '/config';
to:
$configdir = '/home/andreas/simplesamlphp/config';
### Note
In a future version of simpleSAMLphp we'll make this a bit easier, and let you only change the path one place, instead of three as described above.

View File

@ -0,0 +1,211 @@
simpleSAMLphp Maintenance
=========================
<!--
This file is written in Markdown syntax.
For more information about how to use the Markdown syntax, read here:
http://daringfireball.net/projects/markdown/syntax
-->
* Version: `$Id: simplesamlphp-maintenance.txt 3110 2012-05-31 08:25:14Z olavmrk $`
<!-- {{TOC}} -->
simpleSAMLphp news and documentation
------------------------------------
This document is part of the simpleSAMLphp documentation suite.
* [List of all simpleSAMLphp documentation](http://simplesamlphp.org/docs)
* [Latest news about simpleSAMLphp](http://rnd.feide.no/taxonomy/term/4). (Also conatins an RSS feed)
* [simpleSAMLphp homepage](http://rnd.feide.no/simplesamlphp)
## Session management
simpleSAMLphp has an abstraction layer for session management. That means it is possible to choose between different kind of session stores, as well as write new session store plugins.
The `store.type` configuration option in `config.php` allows you to select which method SimpleSAMLphp should use to store the session information. Currently, three session handlers are included in the distribution:
* `phpsession` uses the built in session management in PHP. This is the default, and is simplest to use. It will not work in a load-balanced environement in most configurations.
* `memcache` uses the memcache software to cache sessions in memory. Sessions can be distributed and replicated among several memcache servers, enabling both load-balancing and fail-over.
* `sql` stores the session in an SQL database.
'store.type' => 'phpsession',
### Configuring memcache
To use the memcache session handler, set the `store.type` parameter in `config.php`:
'store.type' => 'memcache',
memcache allows you to store multiple redudant copies of sessions on different memcache servers.
The configuration parameter `memcache_store.servers` is an array of server groups. Every data item will be mirrored in every server group.
Each server group is an array of servers. The data items will be load-balanced between all servers in each server group.
Each server is an array of parameters for the server. The following options are available:
`hostname`
: Host name or ip address of a memcache server runs. This is the
only required option.
`port`
: Port number of the memcache server. If not set, the
`memcache.default_port` ini setting is used. This is 11211 by
default.
`weight`
: Weight of this server in this server group.
[http://php.net/manual/en/function.Memcache-addServer.php](http://php.net/manual/en/function.Memcache-addServer.php)
has more information about the weight option.
`timeout`
: Timeout for this server. By default, the timeout is 3
seconds.
Here are two examples of configuration of memcache session handling:
**Example&nbsp;1.&nbsp;Example of redudant configuration with load balancing**
Example of redudant configuration with load balancing: This configuration makes it possible to lose both servers in the a-group or both servers in the b-group without losing any sessions. Note that sessions will be lost if one server is lost from both the a-group and the b-group.
'memcache_store.servers' => array(
array(
array('hostname' => 'mc_a1'),
array('hostname' => 'mc_a2'),
),
array(
array('hostname' => 'mc_b1'),
array('hostname' => 'mc_b2'),
),
),
**Example&nbsp;2.&nbsp;Example of simple configuration with only one memcache server**
Example of simple configuration with only one memcache server, running on the same computer as the web server: Note that all sessions will be lost if the memcache server crashes.
'memcache_store.servers' => array(
array(
array('hostname' => 'localhost'),
),
),
The expiration value (`memcache_store.expires`) is the duration for which data should be retained in memcache. Data are dropped from the memcache servers when this time expires. The time will be reset every time the data is written to the memcache servers.
This value should always be larger than the `session.duration` option. Not doing this may result in the session being deleted from the memcache servers while it is still in use.
Set this value to 0 if you don't want data to expire.
#### Note
The oldest data will always be deleted if the memcache server runs
out of storage space.
**Example&nbsp;3.&nbsp;Example of configuration setting for session expiration**
Here is an example of this configuration parameter:
'memcache_store.expires' => 36 * (60*60), // 36 hours.
#### Memcache PHP configuration
Configure memcahce to not do internal failover. This parameter is
configured in `php.ini`.
memcache.allow_failover = Off
#### Environmental configuration
Setup a firewall restricting access to the memcache server.
Because simpleSAMLphp uses a timestamp to check which session is most recent in a fail-over setup, it is very important to run syncrhonized clocks on all webservers where you run simpleSAMLphp.
### Configuring SQL storage
To store session to a SQL database, set the `store.type` option to `sql`.
SimpleSAMLphp uses [PDO](http://www.php.net/manual/en/book.pdo.php) when accessing the database server, so the database source is configured as with a DSN.
The DSN is stored in the `store.sql.dsn` option. See the [PDO driver manual](http://www.php.net/manual/en/pdo.drivers.php) for the DSN syntax used by the different databases.
Username and password for accessing the database can be configured in the `store.sql.username` and `store.sql.password` options.
The required tables are created automatically. If you are storing data from multiple separate simpleSAMLphp installations in the same database, you can use the `store.sql.prefix` option to prevent conflicts.
## Logging and statistics
simpleSAMLphp supports standard `syslog` logging. As an
alternative, you may log to flat files.
## Apache configuration
## PHP configuration
Secure cookies (if you run HTTPS).
Turn off PHPSESSID in query string.
## Getting ready for production
Here are some checkpoints
1. Remove all entities in metadata files that you do not trust. It is easy to forget about some of the entities that were used for test.
2. If you during testing have been using a certificate that has been exposed (notably: the one found in the simpleSAMLphp distribution): Obtain and install a new one.
3. Make sure you have installed the latest security upgrades for your OS.
4. Make sure to use HTTPS rather than HTTP.
5. Block access to your servers on anything except port 443. simpleSAMLphp only uses plain HTTP(S), so there is no need to open ports for SOAP or other communication.
## Error handling, error reporting and metadata reporting
SimpleSAMLphp supports allowing the user when encountering errors to send an e-mail to the administrator. You can turn off this feature in the config.php file.
## Multi-language support
To add support for a new language, add your new language to the `language.available` configuration parameter in `config.php`:
/*
* Languages available and which language is default
*/
'language.available' => array('en', 'no', 'da', 'es', 'xx'),
'language.default' => 'en',
Please use the standarized two-character
[language codes as specified in ISO-639-1](http://en.wikipedia.org/wiki/List_of_ISO_639-1_codes).
You also can set the default language. You should ensure that the default language is complete, as it is used as a fallback when a text is not available in the language selected by the user.
Translation of simpleSAMLphp is done through the SimpleSAMLphp translation portal. To translate simpleSAMLphp to a new language, please contact the authors at the mailinglist, and the new language may be added to the translation portal.
* [Visit the SimpleSAMLphp translation portal](https://translation.rnd.feide.no/?aid=simplesamlphp)
All strings that can be localized are found in the files `dictionaries/`. Add a new entry for each string, with your language code, like this:
'user_pass_header' => array(
'en' => 'Enter your username and password',
'no' => 'Skriv inn brukernavn og passord',
'xx' => 'Pooa jujjique jamba',
),
You can translate as many of the texts as you would like; a full translation is not required unless you want to make this the default language. From the end users point of view, it looks best if all text fragments used in a given screen or form is in one single language.
## Customizing the web frontend with themes
Documentation on theming is moved [to a separate document](simplesamlphp-theming).
Support
-------
If you need help to make this work, or want to discuss simpleSAMLphp with other users of the software, you are fortunate: Around simpleSAMLphp there is a great Open source community, and you are welcome to join! The forums are open for you to ask questions, contribute answers other further questions, request improvements or contribute with code or plugins of your own.
- [simpleSAMLphp homepage (at Feide RnD)](http://rnd.feide.no/simplesamlphp)
- [List of all available simpleSAMLphp documentation](http://simplesamlphp.org/docs/)
- [Join the simpleSAMLphp user's mailing list](http://rnd.feide.no/content/simplesamlphp-users-mailinglist)
- [Visit and contribute to the simpleSAMLphp wiki](https://ow.feide.no/simplesamlphp:start)

View File

@ -0,0 +1,70 @@
Metadata endpoints
==================
This document gives a short introduction to the various methods forms metadata endpoints can take in simpleSAMLphp.
The endpoints we have are:
Endpoint | Indexed | Default binding
-------------------------------|---------|----------------
`ArtifactResolutionService` | Y | SOAP
`AssertionConsumerService` | Y | HTTP-POST
`SingleLogoutService` | N | HTTP-Redirect
`SingleSignOnService` | N | HTTP-Redirect
The various endpoints can be specified in three different ways:
* A single string.
* Array of strings.
* Array of arrays.
A single string
---------------
'AssertionConsumerService' => 'https://sp.example.org/ACS',
This is the simplest endpoint format.
It can be used when there is only a single endpoint that uses the default binding.
Array of strings
----------------
'AssertionConsumerService' => array(
'https://site1.example.org/ACS',
'https://site2.example.org/ACS',
),
This endpoint format can be used to represent multiple endpoints, all of which use the default binding.
Array of arrays
---------------
'AssertionConsumerService' => array(
array(
'index' => 1,
'isDefault' => TRUE,
'Location' => 'https://sp.example.org/ACS',
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST',
),
array(
'index' => 2,
'Location' => 'https://sp.example.org/ACS',
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact',
),
),
This endpoint format allows for specifying multiple endpoints with different bindings.
It can also be used to specify the ResponseLocation attribute on endpoints, e.g. on `SingleLogoutService`:
'SingleLogoutService' => array(
array(
'Location' => 'https://sp.example.org/LogoutRequest',
'ResponseLocation' => 'https://sp.example.org/LogoutResponse',
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
),
),

View File

@ -0,0 +1,113 @@
SAML V2.0 Metadata Extensions for Login and Discovery User Interface
=============================
<!--
This file is written in Markdown syntax.
For more information about how to use the Markdown syntax, read here:
http://daringfireball.net/projects/markdown/syntax
-->
* Version: `$Id:$`
* Author: Timothy Ace [tace@synacor.com](mailto:tace@synacor.com)
<!-- {{TOC}} -->
This is a reference for the SimpleSAMLphp implemenation of the [SAML
V2.0 Attribute Extensions](http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-attribute-ext.pdf)
defined by OASIS.
The `metadata/saml20-idp-hosted.php` entries are used to define the
metadata extension items. An example of this is:
<?php
$metadata['entity-id-1'] = array(
/* ... */
'EntityAttributes' => array(
'urn:simplesamlphp:v1:simplesamlphp' => array('is', 'really', 'cool'),
'{urn:simplesamlphp:v1}foo' => array('bar'),
),
/* ... */
);
The OASIS specification primarily defines how to include arbitrary
`Attribute` and `Assertion` elements within the metadata for an IdP.
*Note*: SimpleSAMLphp does not support `Assertion` elements within the
metadata at this time.
Defining Attributes
--------------
The `EntityAttributes` key is used to define the attributes in the
metadata. Each item in the `EntityAttributes` array defines a new
`<Attribute>` item in the metadata. The value for each key must be an
array. Each item in this array produces a separte `<AttributeValue>`
element within the `<Attribute>` element.
'EntityAttributes' => array(
'urn:simplesamlphp:v1:simplesamlphp' => array('is', 'really', 'cool'),
),
This generates:
<saml:Attribute xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Name="urn:simplesamlphp:v1:simplesamlphp" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<saml:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xs="http://www.w3.org/2001/XMLSchema" xsi:type="xs:string">is</saml:AttributeValue>
<saml:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xs="http://www.w3.org/2001/XMLSchema" xsi:type="xs:string">really</saml:AttributeValue>
<saml:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xs="http://www.w3.org/2001/XMLSchema" xsi:type="xs:string">cool</saml:AttributeValue>
</saml:Attribute>
Each `<Attribute>` element requires a `NameFormat` attribute. This is
specified using curly braces at the beginning of the key name:
'EntityAttributes' => array(
'{urn:simplesamlphp:v1}foo' => array('bar'),
),
This generates:
<saml:Attribute xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Name="foo" NameFormat="urn:simplesamlphp:v1">
<saml:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xs="http://www.w3.org/2001/XMLSchema" xsi:type="xs:string">bar</saml:AttributeValue>
</saml:Attribute>
When the curly braces are omitted, the NameFormat is automatically set
to "urn:oasis:names:tc:SAML:2.0:attrname-format:uri".
Generated XML Metadata Examples
----------------
If given the following configuration...
$metadata['https://www.example.com/saml/saml2/idp/metadata.php'] = array(
'host' => 'www.example.com',
'certificate' => 'server.crt',
'privatekey' => 'server.pem',
'auth' => 'example-userpass',
'EntityAttributes' => array(
'urn:simplesamlphp:v1:simplesamlphp' => array('is', 'really', 'cool'),
'{urn:simplesamlphp:v1}foo' => array('bar'),
),
);
... will generate the following XML metadata:
<?xml version="1.0"?>
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" entityID="https://www.example.com/saml/saml2/idp/metadata.php">
<md:Extensions>
<mdattr:EntityAttributes xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute">
<saml:Attribute xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Name="urn:simplesamlphp:v1:simplesamlphp" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<saml:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xs="http://www.w3.org/2001/XMLSchema" xsi:type="xs:string">is</saml:AttributeValue>
<saml:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xs="http://www.w3.org/2001/XMLSchema" xsi:type="xs:string">really</saml:AttributeValue>
<saml:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xs="http://www.w3.org/2001/XMLSchema" xsi:type="xs:string">cool</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Name="foo" NameFormat="urn:simplesamlphp:v1">
<saml:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xs="http://www.w3.org/2001/XMLSchema" xsi:type="xs:string">bar</saml:AttributeValue>
</saml:Attribute>
</mdattr:EntityAttributes>
</md:Extensions>
<md:IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<md:KeyDescriptor use="signing">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>
...

View File

@ -0,0 +1,265 @@
SAML V2.0 Metadata Extensions for Login and Discovery User Interface
=============================
<!--
This file is written in Markdown syntax.
For more information about how to use the Markdown syntax, read here:
http://daringfireball.net/projects/markdown/syntax
-->
* Version: `$Id:$`
* Author: Timothy Ace [tace@synacor.com](mailto:tace@synacor.com)
<!-- {{TOC}} -->
This is a reference for the SimpleSAMLphp implemenation of the [SAML
V2.0 Metadata Extensions for Login and Discovery User Interface](http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-metadata-ui/v1.0/sstc-saml-metadata-ui-v1.0.pdf)
defined by OASIS.
The `metadata/saml20-idp-hosted.php` entries are used to define the
metadata extension items. An example of this is:
<?php
$metadata['entity-id-1'] = array(
/* ... */
'UIInfo' => array(
'DisplayName' => array(
'en' => 'English name',
'es' => 'Nombre en Español',
),
'Description' => array(
'en' => 'English description',
'es' => 'Descripción en Español',
),
'InformationURL' => array(
'en' => 'http://example.com/info/en',
'es' => 'http://example.com/info/es',
),
'PrivacyStatementURL' => array(
'en' => 'http://example.com/privacy/en',
'es' => 'http://example.com/privacy/es',
),
'Keywords' => array(
'en' => array('communication', 'federated session'),
'es' => array('comunicación', 'sesión federated'),
),
'Logo' => array(
array(
'url' => 'http://example.com/logo1.png',
'height' => 200,
'width' => 400,
'lang' => 'en',
),
array(
'url' => 'http://example.com/logo2.png',
'height' => 201,
'width' => 401,
),
),
),
'DiscoHints' => array(
'IPHint' => array('130.59.0.0/16', '2001:620::0/96'),
'DomainHint' => array('example.com', 'www.example.com'),
'GeolocationHint' => array('geo:47.37328,8.531126', 'geo:19.34343,12.342514'),
),
/* ... */
);
The OASIS specification primarily defines how an IdP can communicate
metadata related to IdP discovery. There are two different types of
extensions defined. There are the `<mdui:UIInfo>`elements that define
how an IdP should be displayed and there are the `<mdui:DiscoHints>`
elements that define when an IdP should be choosen/displayed.
UIInfo Items
--------------
These elements are used for IdP discovery to determine what to display
about an IdP. These properties are all children of the `UIInfo` key.
*Note*: Most elements are localized strings that specify the language
using the array key as the language-code:
'DisplayName' => array(
'en' => 'English name',
'es' => 'Nombre en Español',
),
`DisplayName`
: The localized list of names for this IdP
'DisplayName' => array(
'en' => 'English name',
'es' => 'Nombre en Español',
),
`Description`
: The localized list of statements used to decribe this IdP
'Description' => array(
'en' => 'English description',
'es' => 'Descripción en Español',
),
`InformationURL`
: A localized list of URLs where more information about the IdP is
located.
'InformationURL' => array(
'en' => 'http://example.com/info/en',
'es' => 'http://example.com/info/es',
),
`PrivacyStatementURL`
: A localized list of URLs where the IdP's privacy statement is
located.
'PrivacyStatementURL' => array(
'en' => 'http://example.com/privacy/en',
'es' => 'http://example.com/privacy/es',
),
`Keywords`
: A localized list of keywords used to describe the IdP
'Keywords' => array(
'en' => array('communication', 'federated session'),
'es' => array('comunicación', 'sesión federated'),
),
: *Note*: The `+` (plus) character is forbidden by specification from
being part of a Keyword.
`Logo`
: The logos used to represent the IdP
'Logo' => array(
array(
'url' => 'http://example.com/logo1.png',
'height' => 200,
'width' => 400,
'lang' => 'en',
),
array(
'url' => 'http://example.com/logo2.png',
'height' => 201,
'width' => 401,
),
),
: An optional `lang` key containing a language-code is supported for
localized Logos.
DiscoHints Items
--------------
These elements are used for IdP discovery to determine when to choose or
present an IdP. These properties are all children of the `DiscoHints`
key.
`IPHint`
: This is a list of both IPv4 and IPv6 addresses in CIDR notation
services by or associated with this entity.
'IPHint' => array('130.59.0.0/16', '2001:620::0/96'),
`DomainHint`
: This specifies a list of domain names serviced by or associated with
this entity.
'DomainHint' => array('example.com', 'www.example.com'),
`GeolocationHint`
: This specifies a list of geographic coordinates associated with, or
serviced by, the entity. Coordinates are given in URI form using the
geo URI scheme [RFC5870](http://www.ietf.org/rfc/rfc5870.txt).
'GeolocationHint' => array('geo:47.37328,8.531126', 'geo:19.34343,12.342514'),
Generated XML Metadata Examples
----------------
If given the following configuration...
$metadata['https://www.example.com/saml/saml2/idp/metadata.php'] = array(
'host' => 'www.example.com',
'certificate' => 'server.crt',
'privatekey' => 'server.pem',
'auth' => 'example-userpass',
'UIInfo' => array(
'DisplayName' => array(
'en' => 'English name',
'es' => 'Nombre en Español',
),
'Description' => array(
'en' => 'English description',
'es' => 'Descripción en Español',
),
'InformationURL' => array(
'en' => 'http://example.com/info/en',
'es' => 'http://example.com/info/es',
),
'PrivacyStatementURL' => array(
'en' => 'http://example.com/privacy/en',
'es' => 'http://example.com/privacy/es',
),
'Keywords' => array(
'en' => array('communication', 'federated session'),
'es' => array('comunicación', 'sesión federated'),
),
'Logo' => array(
array(
'url' => 'http://example.com/logo1.png',
'height' => 200,
'width' => 400,
),
array(
'url' => 'http://example.com/logo2.png',
'height' => 201,
'width' => 401,
),
),
),
'DiscoHints' => array(
'IPHint' => array('130.59.0.0/16', '2001:620::0/96'),
'DomainHint' => array('example.com', 'www.example.com'),
'GeolocationHint' => array('geo:47.37328,8.531126', 'geo:19.34343,12.342514'),
),
);
... will generate the following XML metadata:
<?xml version="1.0"?>
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" entityID="https://www.example.com/saml/saml2/idp/metadata.php">
<md:IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<md:Extensions>
<mdui:UIInfo xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui">
<mdui:DisplayName xml:lang="en">English name</mdui:DisplayName>
<mdui:DisplayName xml:lang="es">Nombre en Espa&#xF1;ol</mdui:DisplayName>
<mdui:Description xml:lang="en">English description</mdui:Description>
<mdui:Description xml:lang="es">Descripci&#xF3;n en Espa&#xF1;ol</mdui:Description>
<mdui:InformationURL xml:lang="en">http://example.com/info/en</mdui:InformationURL>
<mdui:InformationURL xml:lang="es">http://example.com/info/es</mdui:InformationURL>
<mdui:PrivacyStatementURL xml:lang="en">http://example.com/privacy/en</mdui:PrivacyStatementURL>
<mdui:PrivacyStatementURL xml:lang="es">http://example.com/privacy/es</mdui:PrivacyStatementURL>
<mdui:Keywords xml:lang="en">communication federated+session</mdui:Keywords>
<mdui:Keywords xml:lang="es">comunicaci&#xF3;n sesi&#xF3;n+federated</mdui:Keywords>
<mdui:Logo width="400" height="200" xml:lang="en">http://example.com/logo1.png</mdui:Logo>
<mdui:Logo width="401" height="201">http://example.com/logo2.png</mdui:Logo>
</mdui:UIInfo>
<mdui:DiscoHints xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui">
<mdui:IPHint>130.59.0.0/16</mdui:IPHint>
<mdui:IPHint>2001:620::0/96</mdui:IPHint>
<mdui:DomainHint>example.com</mdui:DomainHint>
<mdui:DomainHint>www.example.com</mdui:DomainHint>
<mdui:GeolocationHint>geo:47.37328,8.531126</mdui:GeolocationHint>
<mdui:GeolocationHint>geo:19.34343,12.342514</mdui:GeolocationHint>
</mdui:DiscoHints>
</md:Extensions>
<md:KeyDescriptor use="signing">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>
...

View File

@ -0,0 +1,179 @@
simpleSAMLphp modules
==================================================
<!--
This file is written in Markdown syntax.
For more information about how to use the Markdown syntax, read here:
http://daringfireball.net/projects/markdown/syntax
-->
* Version: `$Id: simplesamlphp-modules.txt 2209 2010-03-08 12:41:15Z andreassolberg $`
<!-- {{TOC}} -->
This document describes how the module system in simpleSAMLphp
works. It descibes what types of modules there are, how they are
configured, and how to write new modules.
Overview
--------
There are currently three parts of simpleSAMLphp which can be stored in modules - authentication sources, authentication processing filters and themes. There is also support for defining hooks - functions run at specific times. More than one thing can be stored in a single module. There is also support for storing supporting files, such as templates and dictionaries, in modules.
The different functionalities which can be created as modules will be described in more detail in the following sections; what follows is a short introduction to what you can du with them:
- Authentication sources implement different methods for authenticating users, for example simple login forms which authenticate against a database backend, or login methods which use client-side certificates.
- Authentication processing filters perform various tasks after the user is authenticated and has a set of attributes. They can add, remove and modify attributes, do additional authentication checks, ask questions of the user, +++.
- Themes allow you to package custom templates for multiple modules into a single module.
## Module layout
Each simpleSAMLphp module is stored in a directory under the the
`modules`-directory. The module directory contains the following
directories and files:
default-disable
: The presence of this file indicates that the module is disabled
by default. This module can be enabled by creating a file named
`enable` in the same directory.
default-enable
: The presence of this file indicates that the module is enabled
by default. This module can be disabled by creating a file named
`disable` in the same directory.
dictionaries
: This directory contains dictionaries which belong to this
module. To use a dictionary stored in a module, the extended tag
names can be used:
`{<module name>:<dictionary name>:<tag name>}` For
example, `{example:login:hello}` will look up `hello` in
`modules/example/dictionaries/login.php`.
: It is also possible to specify
`<module name>:<dictionary name>` as the default
dictionary when instantiating the `SimpleSAML_XHTML_Template`
class.
hooks
: This directory contains hook functions for this module. Each
file in this directory represents a single function. See the
hook-section in the documentation for more information.
lib
: This directory contains classes which belong to this module.
All classes must be named in the following pattern:
`sspmod_<module name>_<class name>` When looking up the filename of
a class, simpleSAMLphp will search for `<class name>` in the `lib`
directory. Underscores in the class name will be translated into
slashes.
: Thus, if simpleSAMLphp needs to load a class named
`sspmod_example_Auth_Source_Example`, it will load the file named
`modules/example/lib/Auth/Source/Example.php`.
templates
: These are module-specific templates. To use one of these
templates, specify `<module name>:<template file>.php`
as the template file in the constructor of
`SimpleSAML_XHTML_Template`. For example, `example:login-form.php`
is translated to the file
`modules/example/templates/default/login-form.php`. Note that
`default` in the previous example is defined by the `theme.use`
configuration option.
themes
: This directory contains themes the module defines. A single
module can define multiple themes, and these themes may override
all templates in all modules. Each subdirectory of `themes` defines
a theme. The theme directory contains a subdirectory for each
module. The templates stored under `simplesamlphp/templates` can be
overridden by a directory named `default`.
: To use a theme provided by a module, the `theme.use`
configuration option should be set to
`<module name>:<theme name>`.
: When using the theme `example:blue`, the template
`templates/default/login.php` will be overridden by
`modules/example/themes/blue/default/login.php`, while the template
`modules/core/templates/default/loginuserpass.php` will be
overridden by
`modules/example/themes/blue/core/loginuserpass.php`.
www
: All files stored in this directory will be available by
accessing the URL
`https://.../simplesamlphp/module.php/<module name>/<file name>`.
For example, if a script named `login.php` is stored in
`modules/example/www/`, it can be accessed by the URL
`https://.../simplesamlphp/module.php/example/login.php`.
: To retrieve this URL, the
`SimpleSAML_Module::getModuleURL($resource)`-function can be used.
This function takes in a resource on the form `<module>/<file>`.
This function will then return an URL to the given file in the
`www`-directory of `module`.
## Authentication sources
An authentication source is used to authenticate a user and receive a set of attributes belonging to this user. In a single-signon setup, the authentication source will only be called once, and the attributes belonging to the user will be cached until the user logs out.
Authentication sources are defined in `config/authsources.php`. This file contains an array of `name => configuration` pairs. The name is used to refer to the authentication source in metadata. When configuring an IdP to authenticate against an authentication source, the `auth` option should be set to this name. The configuration for an authentication source is an array. The first element in the array identifies the class which implements the authentication source. The remaining elements in the array are configuration entries for the authentication source.
A typical configuration entry for an authentication source looks like this:
'example-static' => array(
/* This maps to modules/exampleauth/lib/Auth/Source/Static.php */
'exampleauth:Static',
/* The following is configuration which is passed on to the exampleauth:Static authentication source. */
'uid' => 'testuser',
'eduPersonAffiliation' => array('member', 'employee'),
'cn' => array('Test User'),
),
To use this authentication source in a SAML 2.0 IdP, set the
`auth`-option of the IdP to `'example-static'`:
'__DYNAMIC:1__' => array(
'host' => '__DEFAULT__',
'privatekey' => 'server.pem',
'certificate' => 'server.crt',
'auth' => 'example-static',
),
### Creating authentication sources
This is described in a separate document:
* [Creating authentication sources](simplesamlphp-authsource)
Authentication processing filters
---------------------------------
*Authentication processing filters* is explained in a separate document:
* [Authentication processing filters](simplesamlphp-authproc)
## Themes
This feature allows you to collect all your custom templates in one place. The directory structure is like this: `modules/<thememodule>/themes/<theme>/<module>/<template>` `thememodule` is the module where you store your theme, while `theme` is the name of the theme. A theme is activated by setting the `theme.use` configuration option to `<thememodule>:<theme>`. `module` is the module the template belongs to, and `template` is the template in that module.
For example, `modules/example/themes/test/core/loginuserpass.php` replaces `modules/core/templates/default/loginuserpass.php`. `modules/example/themes/test/default/frontpage.php` replaces `templates/default/frontpage.php`. This theme can be activated by setting `theme.use` to `example:test`.
## Hook interface
The hook interface allows you to call a hook function in all enabled modules which define that hook. Hook functions are stored in a directory called 'hooks' in each module directory. Each hook is stored in a file named `hook_<hook name>.php`, and each file defines a function named `<module name>_hook_<hook name>`.
Each hook function accepts a single argument. This argument will be passed by reference, which allows each hook to update that argument.
There is currently a single user of the hook interface - the front page. The front page defines a hook named `frontpage`, which allows modules to add things to the different sections on the front page. For an example of this, see `modules/modinfo/hooks/hook_frontpage.php`.

View File

@ -0,0 +1,339 @@
IdP hosted metadata reference
=============================
<!-- {{TOC}} -->
This is a reference for the metadata files
`metadata/saml20-idp-hosted.php` and `metadata/shib13-idp-hosted.php`.
Both files have the following format:
<?php
/* The index of the array is the entity ID of this IdP. */
$metadata['entity-id-1'] = array(
'host' => 'idp.example.org',
/* Configuration options for the first IdP. */
);
$metadata['entity-id-2'] = array(
'host' => '__DEFAULT__',
/* Configuration options for the default IdP. */
);
/* ... */
The entity ID should be an URI. It can, also be on the form
`__DYNAMIC:1__`, `__DYNAMIC:2__`, `...`. In that case, the entity ID
will be generated automatically.
The `host` option is the hostname of the IdP, and will be used to
select the correct configuration. One entry in the metadata-list can
have the host `__DEFAULT__`. This entry will be used when no other
entry matches.
Common options
--------------
`auth`
: Which authentication module should be used to authenticate users on
this IdP.
<!--
`authority`
: Who is authorized to create sessions for this IdP. Can be
`login` for LDAP login module, or `saml2` for SAML 2.0 SP.
Specifying this parameter is highly recommended.
-->
`authproc`
: Used to manipulate attributes, and limit access for each SP. See
the [authentication processing filter manual](simplesamlphp-authproc).
`certificate`
: Certificate file which should be used by this IdP, in PEM format.
The filename is relative to the `cert/`-directory.
`host`
: The hostname for this IdP. One IdP can also have the `host`-option
set to `__DEFAULT__`, and that IdP will be used when no other
entries in the metadata matches.
`logouttype`
: The logout handler to use. Either `iframe` or `traditional`. `traditional` is the default.
`OrganizationName`
: The name of the organization responsible for this IdP.
This name does not need to be suitable for display to end users.
: This option can be translated into multiple languages by specifying the value as an array of language-code to translated name:
'OrganizationName' => array(
'en' => 'Example organization',
'no' => 'Eksempel organisation',
),
: *Note*: If you specify this option, you must also specify the `OrganizationURL` option.
`OrganizationDisplayName`
: The name of the organization responsible for this IdP.
This name must be suitable for display to end users.
If this option isn't specified, `OrganizationName` will be used instead.
: This option can be translated into multiple languages by specifying the value as an array of language-code to translated name.
: *Note*: If you specify this option, you must also specify the `OrganizationName` option.
`OrganizationURL`
: An URL the end user can access for more information about the organization.
: This option can be translated into multiple languages by specifying the value as an array of language-code to translated URL.
: *Note*: If you specify this option, you must also specify the `OrganizationName` option.
`privacypolicy`
: This is an absolute URL for where an user can find a
privacypolicy. If set, this will be shown on the consent page.
`%SPENTITYID%` in the URL will be replaced with the entity id of
the service the user is accessing.
: Note that this option also exists in the SP-remote metadata, and
any value in the SP-remote metadata overrides the one configured
in the IdP metadata.
`privatekey`
: Name of private key file for this IdP, in PEM format. The filename
is relative to the `cert/`-directory.
`privatekey_pass`
: Passphrase for the private key. Leave this option out if the
private key is unencrypted.
`scope`
: An array with scopes for this IdP.
The scopes will be added to the generated XML metadata.
`userid.attribute`
: The attribute name of an attribute which uniquely identifies
the user. This attribute is used if simpleSAMLphp needs to generate
a persistent unique identifier for the user. This option can be set
in both the IdP-hosted and the SP-remote metadata. The value in the
sp-remote metadata has the highest priority. The default value is
`eduPersonPrincipalName`.
: Note that this option also exists in the SP-remote metadata, and
any value in the SP-remote metadata overrides the one configured
in the IdP metadata.
SAML 2.0 options
----------------
The following SAML 2.0 options are available:
`assertion.encryption`
: Whether assertions sent from this IdP should be encrypted. The default
value is `FALSE`.
: Note that this option can be set for each SP in the SP-remote metadata.
`attributes.NameFormat`
: What value will be set in the Format field of attribute
statements. This parameter can be configured multiple places, and
the actual value used is fetched from metadata by the following
priority:
: 1. SP Remote Metadata
2. IdP Hosted Metadata
: The default value is:
`urn:oasis:names:tc:SAML:2.0:attrname-format:basic`
: Some examples of values specified in the SAML 2.0 Core
Specification:
: - `urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified`
- `urn:oasis:names:tc:SAML:2.0:attrname-format:uri` (The default
in Shibboleth 2.0)
- `urn:oasis:names:tc:SAML:2.0:attrname-format:basic` (The
default in Sun Access Manager)
: You can also define your own value.
: Note that this option also exists in the SP-remote metadata, and
any value in the SP-remote metadata overrides the one configured
in the IdP metadata.
: (This option was previously named `AttributeNameFormat`.)
`encryption.blacklisted-algorithms`
: Blacklisted encryption algorithms. This is an array containing the algorithm identifiers.
: Note that this option can be set for each SP in the [SP-remote metadata](./simplesamlphp-reference-sp-remote).
`https.certificate`
: The certificate used by the webserver when handling connections.
This certificate will be added to the generated metadata of the IdP,
which is required by some SPs when using the HTTP-Artifact binding.
`nameid.encryption`
: Whether NameIDs sent from this IdP should be encrypted. The default
value is `FALSE`.
: Note that this option can be set for each SP in the [SP-remote metadata](./simplesamlphp-reference-sp-remote).
`SingleSignOnService`
: Override the default URL for the SingleSignOnService for this
IdP. This is an absolute URL. The default value is
`<simpleSAMLphp-root>/saml2/idp/SSOService.php`
: Note that this only changes the values in the generated
metadata and in the messages sent to others. You must also
configure your webserver to deliver this URL to the correct PHP
page.
`SingleLogoutService`
: Override the default URL for the SingleLogoutService for this
IdP. This is an absolute URL. The default value is
`<simpleSAMLphp-root>/saml2/idp/SingleLogoutService.php`
: Note that this only changes the values in the generated
metadata and in the messages sent to others. You must also
configure your webserver to deliver this URL to the correct PHP
page.
`saml20.sendartifact`
: Set to `TRUE` to enable the IdP to send responses with the HTTP-Artifact binding.
Defaults to `FALSE`.
: Note that this requires a configured memcache server.
`saml20.hok.assertion`
: Set to `TRUE` to enable the IdP to send responses according the [Holder-of-Key Web Browser SSO Profile](./simplesamlphp-hok-idp).
Defaults to `FALSE`.
`saml20.sign.response`
: Whether `<samlp:Response>` messages should be signed.
Defaults to `TRUE`.
: Note that this option also exists in the SP-remote metadata, and
any value in the SP-remote metadata overrides the one configured
in the IdP metadata.
`saml20.sign.assertion`
: Whether `<saml:Assertion>` elements should be signed.
Defaults to `TRUE`.
: Note that this option also exists in the SP-remote metadata, and
any value in the SP-remote metadata overrides the one configured
in the IdP metadata.
`sign.logout`
: Whether to sign logout messages sent from this IdP.
: Note that this option also exists in the SP-remote metadata, and
any value in the SP-remote metadata overrides the one configured
in the IdP metadata.
`validate.authnrequest`
: Whether we require signatures on authentication requests sent to this IdP.
: Note that this option also exists in the SP-remote metadata, and
any value in the SP-remote metadata overrides the one configured
in the IdP metadata.
`validate.logout`
: Whether we require signatures on logout messages sent to this IdP.
: Note that this option also exists in the SP-remote metadata, and
any value in the SP-remote metadata overrides the one configured
in the IdP metadata.
### Fields for signing and validating messages
simpleSAMLphp only signs authentication responses by default.
Signing of logout requests and logout responses can be enabled by
setting the `redirect.sign` option. Validation of received messages
can be enabled by the `redirect.validate` option.
These options set the default for this IdP, but options for each SP
can be set in `saml20-sp-remote`. Note that you need to add a
certificate for each SP to be able to validate signatures on
messages from that SP.
`redirect.sign`
: Whether logout requests and logout responses sent from this IdP
should be signed. The default is `FALSE`.
`redirect.validate`
: Whether authentication requests, logout requests and logout
responses received sent from this IdP should be validated. The
default is `FALSE`
**Example: Configuration for signed messages**
'redirect.sign' => true,
Shibboleth 1.3 options
----------------------
The following options for Shibboleth 1.3 IdP's are avaiblable:
`scopedattributes`
: Array with names of attributes which should be scoped. Scoped
attributes will receive a `Scope`-attribute on the
`AttributeValue`-element. The value of the Scope-attribute will
be taken from the attribute value:
: `<AttributeValue>someuser@example.org</AttributeValue>`
: will be transformed into
: `<AttributeValue Scope="example.org">someuser</AttributeValue>`
: By default, no attributes are scoped. Note that this option also
exists in the SP-remote metadata, and any value in the SP-remote
metadata overrides the one configured in the IdP metadata.
Metadata extensions
-------------------
SimpleSAMLphp supports generating metadata with the MDUI and EntityAttributes metadata extensions.
See the documentation for those extensions for more details:
* [MDUI extension](./simplesamlphp-metadata-extensions-ui)
* [EntityAttributes](./simplesamlphp-metadata-extensions-attributes)
Examples
--------
These are some examples of IdP metadata
### Minimal SAML 2.0 / Shibboleth 1.3 IdP ###
<?php
/*
* We use the '__DYNAMIC:1__' entity ID so that the entity ID
* will be autogenerated.
*/
$metadata['__DYNAMIC:1__'] = array(
/*
* We use '__DEFAULT__' as the hostname so we won't have to
* enter a hostname.
*/
'host' => '__DEFAULT__',
/* The private key and certificate used by this IdP. */
'certificate' => 'server.crt',
'privatekey' => 'server.pem',
/*
* The authentication source for this IdP. Must be one
* from config/authsources.php.
*/
'auth' => 'example-userpass',
);

View File

@ -0,0 +1,232 @@
IdP remote metadata reference
=============================
<!-- {{TOC}} -->
This is a reference for metadata options available for `metadata/saml20-idp-remote.php` and `metadata/shib13-idp-remote.php`. Both files have the following format:
<?php
/* The index of the array is the entity ID of this IdP. */
$metadata['entity-id-1'] = array(
/* Configuration options for the first IdP. */
);
$metadata['entity-id-2'] = array(
/* Configuration options for the second IdP. */
);
/* ... */
Common options
--------------
The following options are common between both the SAML 2.0 protocol and Shibboleth 1.3 protocol:
`authproc`
: Used to manipulate attributes, and limit access for each IdP. See the [authentication processing filter manual](simplesamlphp-authproc).
`base64attributes`
: Whether attributes received from this IdP should be base64 decoded. The default is `FALSE`.
`certData`
: The base64 encoded certificate for this IdP. This is an alternative to storing the certificate in a file on disk and specifying the filename in the `certificate`-option.
`certFingerprint`
: If you only need to validate signatures received from this IdP, you can specify the certificate fingerprint instead of storing the full certificate. To obtain this, you can enter a bogus value, and attempt to log in. You will then receive an error message with the correct fingerprint.
: It is also possible to add an array of valid fingerprints, where any fingerprints in that array is accepted as valid. This can be used to update the certificate of the IdP without having to update every SP at that exact time. Instead, one can update the SPs with the new fingerprint, and only update the certificate after every SP is updated.
`certificate`
: The file with the certificate for this IdP. The path is relative to the `cert`-directory.
`description`
: A description of this IdP. Will be used by various modules when they need to show a description of the IdP to the user.
: This option can be translated into multiple languages in the same way as the `name`-option.
`icon`
: A logo which will be shown next to this IdP in the discovery service.
`OrganizationName`
: The name of the organization responsible for this SPP.
This name does not need to be suitable for display to end users.
: This option can be translated into multiple languages by specifying the value as an array of language-code to translated name:
'OrganizationName' => array(
'en' => 'Example organization',
'no' => 'Eksempel organisation',
),
: *Note*: If you specify this option, you must also specify the `OrganizationURL` option.
`OrganizationDisplayName`
: The name of the organization responsible for this IdP.
This name must be suitable for display to end users.
If this option isn't specified, `OrganizationName` will be used instead.
: This option can be translated into multiple languages by specifying the value as an array of language-code to translated name.
: *Note*: If you specify this option, you must also specify the `OrganizationName` option.
`OrganizationURL`
: An URL the end user can access for more information about the organization.
: This option can be translated into multiple languages by specifying the value as an array of language-code to translated URL.
: *Note*: If you specify this option, you must also specify the `OrganizationName` option.
`name`
: The name of this IdP. Will be used by various modules when they need to show a name of the SP to the user.
: If this option is unset, the organization name will be used instead (if it is available).
: This option can be translated into multiple languages by specifying the value as an array of language-code to translated name:
'name' => array(
'en' => 'A service',
'no' => 'En tjeneste',
),
`SingleSignOnService`
: Endpoint URL for sign on. You should obtain this from the IdP. For SAML 2.0, simpleSAMLphp will use the HTTP-Redirect binding when contacting this endpoint.
: The value of this option is specified in one of several [endpoint formats](./simplesamlphp-metadata-endpoints).
SAML 2.0 options
----------------
The following SAML 2.0 options are available:
`encryption.blacklisted-algorithms`
: Blacklisted encryption algorithms. This is an array containing the algorithm identifiers.
: Note that this option also exists in the SP configuration. This
entry in the IdP-remote metadata overrides the option in the
[SP configuration](./saml:sp).
`nameid.encryption`
: Whether NameIDs sent to this IdP should be encrypted. The default
value is `FALSE`.
: Note that this option also exists in the SP configuration. This
entry in the IdP-remote metadata overrides the option in the
[SP configuration](./saml:sp).
`saml2.relaxvalidation`
: Can be used to relax some parts of the validation of assertions received from this IdP. This is an array, and can include one or more of the following flags:
- `unknowncondition` - Disables errors when encountering unknown &lt;Condition> nodes.
- `nosubject` - Ignore missing &lt;Subject&gt; in &lt;Assertion&gt;.
- `noconditions` - Ignore missing &lt;Conditions&gt; in &lt;Assertion&gt;.
- `noauthnstatement` - Ignore missing &lt;AuthnStatement&gt; in &lt;Assertion&gt;.
- `noattributestatement` - Ignore missing &lt;AttributeStatement&gt; in &lt;Assertion&gt;.
`sign.authnrequest`
: Whether to sign authentication requests sent to this IdP.
: Note that this option also exists in the SP configuration.
This value in the IdP remote metadata overrides the value in the SP configuration.
`sign.logout`
: Whether to sign logout messages sent to this IdP.
: Note that this option also exists in the SP configuration.
This value in the IdP remote metadata overrides the value in the SP configuration.
`SingleLogoutService`
: Endpoint URL for logout requests and responses. You should obtain this from the IdP. Users who log out from your service is redirected to this URL with the LogoutRequest using HTTP-REDIRECT.
: The value of this option is specified in one of several [endpoint formats](./simplesamlphp-metadata-endpoints).
`SingleLogoutServiceResponse`
: Endpoint URL for logout responses. Overrides the `SingleLogoutService`-option for responses.
`SPNameQualifier`
: This corresponds to the SPNameQualifier in the SAML 2.0 specification. It allows to give subjects a SP specific namespace. This option is rarely used, so if you don't need it, leave it out. When left out, simpleSAMLphp assumes the entityID of your SP as the SPNameQualifier.
`validate.logout`
: Whether we require signatures on logout messages sent from this IdP.
: Note that this option also exists in the SP configuration.
This value in the IdP remote metadata overrides the value in the SP configuration.
### Decrypting assertions
It is possible to decrypt the assertions received from an IdP. Currently the only algorithm supported is `AES128_CBC` or `RIJNDAEL_128`.
There are two modes of encryption supported by simpleSAMLphp. One is symmetric encryption, in which case both the SP and the IdP needs to share a key. The other mode is the use of public key encryption. In that mode, the public key of the SP is extracted from the certificate of the SP.
`assertion.encryption`
: Whether assertions received from this IdP must be encrypted. The default value is `FALSE`.
If this option is set to `TRUE`, assertions from the IdP must be encrypted.
Unencrypted assertions will be rejected.
: Note that this option overrides the option with the same name in the SP configuration.
`sharedkey`
: Symmetric key which should be used for decryption. This should be a 128-bit key. If this option is not specified, public key encryption will be used instead.
### Fields for signing and validating messages
simpleSAMLphp only signs authentication responses by default. Signing of authentication request, logout requests and logout responses can be enabled by setting the `redirect.sign` option. Validation of received messages can be enabled by the `redirect.validate` option.
These options overrides the options set in `saml20-sp-hosted`.
`redirect.sign`
: Whether authentication request, logout requests and logout responses sent to this IdP should be signed. The default is `FALSE`.
`redirect.validate`
: Whether logout requests and logout responses received from this IdP should be validated. The default is `FALSE`.
**Example: Configuration for validating messages**
'redirect.validate' => TRUE,
'certificate' => 'server.crt',
Shibboleth 1.3 options
----------------------
`caFile`
: Alternative to specifying a certificate. Allows you to specify a file with root certificates, and responses from the service be validated against these certificates. Note that simpleSAMLphp doesn't support chains with any itermediate certificates between the root and the certificate used to sign the response. Support for PKIX in SimpleSAMLphp is experimental, and we encourage users to not rely on PKIX for validation of signatures; for background information review [the SAML 2.0 Metadata Interoperability Profile](http://docs.oasis-open.org/security/saml/Post2.0/sstc-metadata-iop-cd-01.pdf).
`saml1.useartifact`
: Request that the IdP returns the result to the artifact binding.
The default is to use the POST binding, set this option to TRUE to use the artifact binding instead.
: This option can be set for all IdPs connected to a SP by setting it in the entry for the SP in `config/authsources.php`.
: *Note*: This option only works with the `saml:SP` authentication source.
Examples
--------
### Configuration for openidp.feide.no ###
<?php
$metadata['https://openidp.feide.no'] = array(
'name' => array(
'en' => 'Feide OpenIdP - guest users',
'no' => 'Feide Gjestebrukere',
),
'description' => 'Here you can login with your account on Feide RnD OpenID. If you do not already have an account on this identity provider, you can create a new one by following the create new account link and follow the instructions.',
'SingleSignOnService' => 'https://openidp.feide.no/simplesaml/saml2/idp/SSOService.php',
'SingleLogoutService' => 'https://openidp.feide.no/simplesaml/saml2/idp/SingleLogoutService.php',
'certFingerprint' => 'c9ed4dfb07caf13fc21e0fec1572047eb8a7a4cb',
);
Calculating the fingerprint of a certificate
--------------------------------------------
If you have obtained a certificate file, and want to calculate the fingerprint of the file, you can use the `openssl` command:
$ openssl x509 -noout -fingerprint -in "server.crt"
SHA1 Fingerprint=AF:E7:1C:28:EF:74:0B:C8:74:25:BE:13:A2:26:3D:37:97:1D:A1:F9
In this case, the certFingerprint option should be set to `AF:E7:1C:28:EF:74:0B:C8:74:25:BE:13:A2:26:3D:37:97:1D:A1:F9`.

View File

@ -0,0 +1,218 @@
SP hosted metadata reference
============================
<!-- {{TOC}} -->
This is a reference for the metadata files `metadata/saml20-sp-hosted.php` and `metadata/shib13-sp-hosted.php`. Both files have the following format:
<?php
/* The index of the array is the entity ID of this SP. */
$metadata['entity-id-1'] = array(
'host' => 'sp.example.org',
/* Configuration options for the first SP. */
);
$metadata['entity-id-2'] = array(
'host' => '__DEFAULT__',
/* Configuration options for the default SP. */
);
/* ... */
The entity ID should be an URI. It can also be on the form `__DYNAMIC:1__`, `__DYNAMIC:2__`, `...`. In that case, the entity ID will be generated automatically.
The `host` option is the hostname of the SP, and will be used to select the correct configuration. One entry in the metadata-list can have the host `__DEFAULT__`. This entry will be used when no other entry matches.
Common options
--------------
`AssertionConsumerService`
: Override the default URL for the AssertionConsumerService for this SP. This is an absolute URL. The default value is `<simpleSAMLphp-root>/{shib13|saml2}/sp/AssertionConsumerService.php`.
: Note that this only changes the values in the generated metadata and in the messages sent to others. You must also configure your webserver to deliver this URL to the correct PHP page.
`attributes`
: List of attributes this SP requests from the IdP.
This list will be added to the generated metadata.
: The attributes will be added without a `NameFormat` by default.
Use the `attributes.NameFormat` option to specify the `NameFormat` for the attributes.
: *Note*: This list will only be added to the metadata if the `name`-option is also specified.
`attributes.NameFormat`
: The `NameFormat` for the requested attributes.
`authproc`
: Used to manipulate attributes, and limit access for each SP. See the [authentication processing filter manual](simplesamlphp-authproc).
`certData`
: Base64 encoded certificate data. Can be used instead of the `certificate` option.
`certificate`
: File name of certificate for this SP. This certificate will be included in generated metadata.
`description`
: A description of this SP. Will be added to the generated metadata.
: This option can be translated into multiple languages by specifying the value as an array of language-code to translated description:
'description' => array(
'en' => 'A service',
'no' => 'En tjeneste',
),
: *Note*: For this to be added to the metadata, you must also specify the `attributes` and `name` options.
`host`
: The hostname for this SP. One SP can also have the `host`-option set to `__DEFAULT__`, and that SP will be used when no other entries in the metadata matches.
`idpdisco.url`
: Set which IdP discovery service this SP should use. If this is unset, the IdP discovery service specified in the global option `idpdisco.url.{saml20|shib13}` in `config/config.php` will be used. If that one is also unset, the builtin default discovery service will be used.
`OrganizationName`
: The name of the organization responsible for this SPP.
This name does not need to be suitable for display to end users.
: This option can be translated into multiple languages by specifying the value as an array of language-code to translated name:
'OrganizationName' => array(
'en' => 'Example organization',
'no' => 'Eksempel organisation',
),
: *Note*: If you specify this option, you must also specify the `OrganizationURL` option.
`OrganizationDisplayName`
: The name of the organization responsible for this SPP.
This name must be suitable for display to end users.
If this option isn't specified, `OrganizationName` will be used instead.
: This option can be translated into multiple languages by specifying the value as an array of language-code to translated name.
: *Note*: If you specify this option, you must also specify the `OrganizationName` option.
`OrganizationURL`
: An URL the end user can access for more information about the organization.
: This option can be translated into multiple languages by specifying the value as an array of language-code to translated URL.
: *Note*: If you specify this option, you must also specify the `OrganizationName` option.
`name`
: The name of this SP. Will be added to the generated metadata.
: This option can be translated into multiple languages by specifying the value as an array of language-code to translated name:
'name' => array(
'en' => 'A service',
'no' => 'En tjeneste',
),
: *Note*: You must also specify at least one attribute in the `attributes` option for this element to be added to the metadata.
`NameIDFormat`
: Override the default NameIDFormat in the generated metadata and in the authentication request.
: The default value for SAML 2.0 is `urn:oasis:names:tc:SAML:2.0:nameid-format:transient`, while the default for Shibboleth 1.3 is `urn:mace:shibboleth:1.0:nameIdentifier`. If you set the value to `NULL`, the `samlp:NameIDPolicy` element is removed from the authentication request.
SAML 2.0 options
----------------
The following SAML 2.0 SP options are available:
`AuthnContextClassRef`
: The SP can request authentication with a specific authentication context class. One example of usage could be if the IdP supports both username/password authentication as well as software-PKI.
`ForceAuthn`
: Force authentication allows you to force re-authentication of users even if the user has a SSO session at the IdP.
`IsPassive`
: IsPassive allows you to enable passive authentication by default for this SP.
`privatekey`
: File name of private key to be used for signing messages and decrypting messages from the IdP. This option is only required if you use encrypted assertions or if you enable signing of messages.
`privatekey_pass`
: The passphrase for the private key, if it is encrypted. If the private key is unencrypted, this can be left out.
`ProtocolBinding`
: The binding that should be used for SAML2 authentication responses.
This option controls the binding that is requested through the AuthnRequest message to the IdP.
By default the HTTP-Redirect binding is used.
`RelayState`
: The page the user should be redirected to after an IdP initiated SSO.
`saml.SOAPClient.certificate`
: A file with a certificate _and_ private key that should be used when issuing SOAP requests from this SP.
If this option isn't specified, the SP private key and certificate will be used.
`saml.SOAPClient.privatekey_pass`
: The passphrase of the privatekey in `saml.SOAPClient.certificate`.
`SingleLogoutService`
: Override the default URL for the SingleLogoutService for this SP. This is an absolute URL. The default value is `<simpleSAMLphp-root>/saml2/sp/SingleLogoutService.php`.
: Note that this only changes the values in the generated metadata and in the messages sent to others. You must also configure your webserver to deliver this URL to the correct PHP page.
### Fields for signing and validating messages
simpleSAMLphp SP doesn't signa any messages by default. To enable signing of authentication requests, logout requests and logout responses, enable the `redirect.sign` option. Validation of received messages can be enabled by the `redirect.validate` option.
These options set the default for this SP, but options for each IdP can be set in `saml20-idp-remote`.
`redirect.sign`
: Whether authentication requests, logout requests and logout responses sent from this SP should be signed. The default is `FALSE`.
`redirect.validate`
: Whether logout requests and logout responses received received by this SP should be validated. The default is `FALSE`.
**Example: Configuration for signed messages**
'redirect.sign' => true,
### Fields for scoping
Only relevant if you are a sp connected to a proxy/bridge.
`IDPList`
: The list of scoped idps ie. the list of entityids for idps that
are relevant for this sp. The final list is the concatenation of the
list given as parameter to InitSSO, the list configured at the sp
(here) and the list configured at the ipd for this sp. The
intersection of the final list and the idps configured at the
proxy/bridge will be presented to the user at the discovery service
if neccessary. If only one idp is in the intersection the
discoveryservice will go directly to the idp.
**Example: Configuration for scoping**
'IDPList' => array('https://idp1.wayf.dk', 'https://idp2.wayf.dk'),
Shibboleth 1.3 SP options
----------------------
There are no options specific for a Shibboleth 1.3 SP.
Examples
--------
These are some examples of SP metadata
### Minimal SAML 2.0 / Shibboleth 1.3 SP ###
<?php
/*
* We use the '__DYNAMIC:1__' entity ID so that the entity ID
* will be autogenerated.
*/
$metadata['__DYNAMIC:1__'] = array(
/*
* We use '__DEFAULT__' as the hostname so we won't have to
* enter a hostname.
*/
'host' => '__DEFAULT__',
);

View File

@ -0,0 +1,389 @@
SP remote metadata reference
============================
<!-- {{TOC}} -->
This is a reference for metadata options available for
`metadata/saml20-sp-remote.php` and `metadata/shib13-sp-remote.php`.
Both files have the following format:
<?php
/* The index of the array is the entity ID of this SP. */
$metadata['entity-id-1'] = array(
/* Configuration options for the first SP. */
);
$metadata['entity-id-2'] = array(
/* Configuration options for the second SP. */
);
/* ... */
Common options
--------------
The following options are common between both the SAML 2.0 protocol
and Shibboleth 1.3 protocol:
`attributes`
: This should indicate which attributes an SP should receive. It is
used by for example the `consent:Consent` module to tell the user
which attributes the SP will receive, and the `core:AttributeLimit`
module to limit which attributes are sent to the SP.
`authproc`
: Used to manipulate attributes, and limit access for each SP. See
the [authentication processing filter manual](simplesamlphp-authproc).
`base64attributes`
: Whether attributes sent to this SP should be base64 encoded. The
default is `FALSE`.
`description`
: A description of this SP. Will be used by various modules when they
need to show a description of the SP to the user.
: This option can be translated into multiple languages in the same
way as the `name`-option.
`name`
: The name of this SP. Will be used by various modules when they need
to show a name of the SP to the user.
: If this option is unset, the organization name will be used instead (if it is available).
: This option can be translated into multiple languages by specifying
the value as an array of language-code to translated name:
'name' => array(
'en' => 'A service',
'no' => 'En tjeneste',
),
`OrganizationName`
: The name of the organization responsible for this SPP.
This name does not need to be suitable for display to end users.
: This option can be translated into multiple languages by specifying the value as an array of language-code to translated name:
'OrganizationName' => array(
'en' => 'Example organization',
'no' => 'Eksempel organisation',
),
: *Note*: If you specify this option, you must also specify the `OrganizationURL` option.
`OrganizationDisplayName`
: The name of the organization responsible for this IdP.
This name must be suitable for display to end users.
If this option isn't specified, `OrganizationName` will be used instead.
: This option can be translated into multiple languages by specifying the value as an array of language-code to translated name.
: *Note*: If you specify this option, you must also specify the `OrganizationName` option.
`OrganizationURL`
: An URL the end user can access for more information about the organization.
: This option can be translated into multiple languages by specifying the value as an array of language-code to translated URL.
: *Note*: If you specify this option, you must also specify the `OrganizationName` option.
`privacypolicy`
: This is an absolute URL for where an user can find a privacypolicy
for this SP. If set, this will be shown on the consent page.
`%SPENTITYID%` in the URL will be replaced with the entity id of
this service provider.
: Note that this option also exists in the IdP-hosted metadata. This
entry in the SP-remote metadata overrides the option in the
IdP-hosted metadata.
`userid.attribute`
: The attribute name of an attribute which uniquely identifies
the user. This attribute is used if simpleSAMLphp needs to generate
a persistent unique identifier for the user. This option can be set
in both the IdP-hosted and the SP-remote metadata. The value in the
sp-remote metadata has the highest priority. The default value is
`eduPersonPrincipalName`.
: Note that this option also exists in the IdP-hosted metadata. This
entry in the SP-remote metadata overrides the option in the
IdP-hosted metadata.
SAML 2.0 options
----------------
The following SAML 2.0 options are available:
`AssertionConsumerService`
: The URL of the AssertionConsumerService endpoint for this SP.
This option is required - without it you will not be able to send
responses back to the SP.
: The value of this option is specified in one of several [endpoint formats](./simplesamlphp-metadata-endpoints).
`attributes.NameFormat`
: What value will be set in the Format field of attribute
statements. This parameter can be configured multiple places, and
the actual value used is fetched from metadata by the following
priority:
: 1. SP Remote Metadata
2. IdP Hosted Metadata
: The default value is:
`urn:oasis:names:tc:SAML:2.0:attrname-format:basic`
: Some examples of values specified in the SAML 2.0 Core
Specification:
: - `urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified`
- `urn:oasis:names:tc:SAML:2.0:attrname-format:uri` (The default
in Shibboleth 2.0)
- `urn:oasis:names:tc:SAML:2.0:attrname-format:basic` (The
default in Sun Access Manager)
: You can also define your own value.
: Note that this option also exists in the IdP-hosted metadata. This
entry in the SP-remote metadata overrides the option in the
IdP-hosted metadata.
: (This option was previously named `AttributeNameFormat`.)
`encryption.blacklisted-algorithms`
: Blacklisted encryption algorithms. This is an array containing the algorithm identifiers.
: Note that this option also exists in the IdP-hosted metadata. This
entry in the SP-remote metadata overrides the option in the
[IdP-hosted metadata](./simplesamlphp-reference-idp-hosted).
`ForceAuthn`
: Set this `TRUE` to force the user to reauthenticate when the IdP
receives authentication requests from this SP. The default is
`FALSE`.
`NameIDFormat`
: The `NameIDFormat` this SP should receive. There are three values
for NameIDFormat which is supported by simpleSAMLphp:
: 1. `urn:oasis:names:tc:SAML:2.0:nameid-format:transient`
2. `urn:oasis:names:tc:SAML:2.0:nameid-format:persistent`
3. `urn:oasis:names:tc:SAML:2.0:nameid-format:email`
: The `transient` format will generate a new unique ID every time
the SP logs in.
: The `persistent` and `email` formats will use the attribute
specified in the `simplesaml.nameidattribute`-option as the value
of the ID.
`nameid.encryption`
: Whether NameIDs sent to this SP should be encrypted. The default
value is `FALSE`.
: Note that this option also exists in the IdP-hosted metadata. This
entry in the SP-remote metadata overrides the option in the
[IdP-hosted metadata](./simplesamlphp-reference-idp-hosted).
`SingleLogoutService`
: The URL of the SingleLogoutService endpoint for this SP.
This option is required if you want to implement single logout for
this SP. If the option isn't specified, this SP will not be logged
out automatically when a single logout operation is initialized.
: The value of this option is specified in one of several [endpoint formats](./simplesamlphp-metadata-endpoints).
`SingleLogoutServiceResponse`
: The URL logout responses to this SP should be sent. If this option
is unspecified, the `SingleLogoutService` endpoint will be used as
the recipient of logout responses.
`SPNameQualifier`
: SP NameQualifier for this SP. If not set, the IdP will set the
SPNameQualifier to be the SP entity ID.
`certData`
: The base64 encoded certificate for this SP. This is an alternative to storing the certificate in a file on disk and specifying the filename in the `certificate`-option.
`certificate`
: Name of certificate file for this SP. The certificate is used to
verify the signature of messages received from the SP (if
`redirect.validate`is set to `TRUE`), and to encrypting assertions
(if `assertion.encryption` is set to TRUE and `sharedkey` is
unset.)
`saml20.sign.response`
: Whether `<samlp:Response>` messages should be signed.
Defaults to `TRUE`.
: Note that this option also exists in the IdP-hosted metadata.
The value in the SP-remote metadata overrides the value in the IdP-hosted metadata.
`saml20.sign.assertion`
: Whether `<saml:Assertion>` elements should be signed.
Defaults to `TRUE`.
: Note that this option also exists in the IdP-hosted metadata.
The value in the SP-remote metadata overrides the value in the IdP-hosted metadata.
`simplesaml.nameidattribute`
: When the value of the `NameIDFormat`-option is set to either
`email` or `persistent`, this is the name of the attribute which
should be used as the value of the `NameID`. The attribute must
be in the set of attributes exported to the SP (that is, be in
the `attributes` array). For more advanced control over `NameID`,
including the ability to specify any attribute regardless of
the set sent to the SP, see the [NameID processing filters](./saml:nameid).
: Typical values can be `mail` for when using the `email` format,
and `eduPersonTargetedID` when using the `persistent` format.
`simplesaml.attributes`
: Whether the SP should receive any attributes from the IdP. The
default value is `TRUE`.
`attributeencodings`
: What encoding should be used for the different attributes. This is
an array which maps attribute names to attribute encodings. There
are three different encodings:
: - `string`: Will include the attribute as a normal string. This is
the default.
: - `base64`: Store the attribute as a base64 encoded string. This
is the default when the `base64attributes`-option is set to
`TRUE`.
: - `raw`: Store the attribute without any modifications. This
makes it possible to include raw XML in the response.
`sign.logout`
: Whether to sign logout messages sent to this SP.
: Note that this option also exists in the IdP-hosted metadata.
The value in the SP-remote metadata overrides the value in the IdP-hosted metadata.
`validate.authnrequest`
: Whether we require signatures on authentication requests sent from this SP.
: Note that this option also exists in the IdP-hosted metadata.
The value in the SP-remote metadata overrides the value in the IdP-hosted metadata.
`validate.logout`
: Whether we require signatures on logout messages sent from this SP.
: Note that this option also exists in the IdP-hosted metadata.
The value in the SP-remote metadata overrides the value in the IdP-hosted metadata.
### Encrypting assertions
It is possible to encrypt the assertions sent to a SP. Currently the
only algorithm supported is `AES128_CBC` or `RIJNDAEL_128`.
There are two modes of encryption supported by simpleSAMLphp. One is
symmetric encryption, in which case both the SP and the IdP needs to
share a key. The other mode is the use of public key encryption. In
that mode, the public key of the SP is extracted from the certificate
of the SP.
`assertion.encryption`
: Whether assertions sent to this SP should be encrypted. The default
value is `FALSE`.
: Note that this option also exists in the IdP-hosted metadata. This
entry in the SP-remote metadata overrides the option in the
IdP-hosted metadata.
`sharedkey`
: Symmetric key which should be used for encryption. This should be a
128-bit key. If this option is not specified, public key encryption
will be used instead.
### Fields for signing and validating messages
simpleSAMLphp only signs authentication responses by default.
Signing of logout requests and logout responses can be enabled by
setting the `redirect.sign` option. Validation of received messages
can be enabled by the `redirect.validate` option.
These options overrides the options set in `saml20-idp-hosted`.
`redirect.sign`
: Whether logout requests and logout responses sent to this SP should
be signed. The default is `FALSE`.
`redirect.validate`
: Whether authentication requests, logout requests and logout
responses received from this SP should be validated. The default is
`FALSE`
**Example: Configuration for validating messages**
'redirect.validate' => TRUE,
'certificate' => 'server.crt',
### Fields for scoping
Only relevant if you are a proxy/bridge and wants to limit the idps this
sp can use.
`IDPList`
: The list of scoped idps ie. the list of entityids for idps that are
relevant for this sp. The final list is the concatenation of the list
given as parameter to InitSSO (at the sp), the list configured at the
sp and the list configured at the ipd (here) for this sp. The intersection
of the final list and the idps configured at the at this idp will be
presented to the user at the discovery service if neccessary. If only one
idp is in the intersection the discoveryservice will go directly to the idp.
**Example: Configuration for scoping**
'IDPList' => array('https://idp1.wayf.dk', 'https://idp2.wayf.dk'),
Shibboleth 1.3 options
----------------------
The following options for Shibboleth 1.3 SP's are avaiblable:
`AssertionConsumerService`
: The URL of the AssertionConsumerService endpoint for this SP.
This endpoint must accept the SAML responses encoded with the
`urn:oasis:names:tc:SAML:1.0:profiles:browser-post` encoding.
This option is required - without it you will not be able to send
responses back to the SP.
: The value of this option is specified in one of several [endpoint formats](./simplesamlphp-metadata-endpoints).
`NameQualifier`
: What the value of the `NameQualifier`-attribute of the
`<NameIdentifier>`-element should be. The default value is the
entity ID of the SP.
`audience`
: The value which should be given in the `<Audience>`-element in the
`<AudienceRestrictionCondition>`-element in the response. The
default value is the entity ID of the SP.
`scopedattributes`
: Array with names of attributes which should be scoped. Scoped
attributes will receive a `Scope`-attribute on the
`AttributeValue`-element. The value of the Scope-attribute will
be taken from the attribute value:
: `<AttributeValue>someuser@example.org</AttributeValue>`
: will be transformed into
: `<AttributeValue Scope="example.org">someuser</AttributeValue>`
: By default, no attributes are scoped. This option overrides the
option with the same name in the `shib13-idp-hosted.php` metadata
file.

View File

@ -0,0 +1,104 @@
Scoping
========================
<!--
This file is written in Markdown syntax.
For more information about how to use the Markdown syntax, read here:
http://daringfireball.net/projects/markdown/syntax
-->
* Version: `$Id: simplesamlphp-scoping.txt 2651 2010-11-16 14:32:43Z olavmrk $`
<!-- {{TOC}} -->
Scoping allows a service provider to specify a list of identity providers in an
authnRequest to a proxying identity provider. This is an indication to the
proxying identity provider, that the service will only deal with the identity
providers specified.
A common use is for a service provider in a hub-and-spoke architecture to
manage its own discovery service and being able to tell the hub/proxy-IdP which
(backend-end) identity provider to use. The standart discovery service in
SimpleSAMLphp will show the intersection of all the known IdPs and the IdPs
specified in the scoping element. If this intersection only contains on IdP,
then the request is automatically forwarded to that IdP.
Scoping is a SAML 2.0 specific option.
Options
-------
SimpleSAMLphp supports scoping by allowing the following options:
`ProxyCount`
: Specifies the number of proxying indirections permissible
between the identity provider receiving the request and the identity provider
who ultimately authenticates the user. A count of zero permits no proxying. If
ProxyCount is unspecified the number of proxy indirections is not limited.
`IDPList`
: The list of trusted idps ie. the list of entityIDs for identity providers
that are relevant for a service provider in an authnRequest.
### Note ###
SimpleSAMLphp does not support specifying the GetComplete option.
Usage
-----
The ProxyCount and IDPList option can be specified in the following places
- as a state parameter to the authentication source
- in the saml:SP authentication source configuration
- in the saml20-idp-remote metadata
- in the saml20-sp-remote metadata
# Add the IDPList
'IDPList' => array(
'IdPEntityID1',
'IdPEntityID2',
'IdPEntityID3',
),
# Set ProxyCount
'ProxyCount' => 2,
RequesterID element
-------------------
To allow an identity provider to identify the original requester and the
proxying identity providers, SimpleSAMLphp addes the RequesterID element to
the request and if necessary the scoping element even if explicit scoping is
not used.
The RequesterId elements are avaliable from the state array as an array, for
instance the authenticate method in an authentication source
$requesterIDs = $state['saml:RequesterID'];
AuthenticatingAuthority element
-------------------------------
To allow a service provider to identify the authentication authorities that
were involved in the authentication of the user, SimpleSAMLphp addes the
AuthenticatingAuthority elements.
The list of authenticating authorities (the AuthenticatingAuthority element)
can be retrived as an array from the authentication data.
# Get the authentication source.
$as = new SimpleSAML_Auth_Simple();
# Get the AuthenticatingAuthority
$aa = $as->getAuthData('saml:AuthenticatingAuthority');
Support
-------
If you need help to make this work, or want to discuss simpleSAMLphp with other users of the software, you are fortunate: Around simpleSAMLphp there is a great Open source community, and you are welcome to join! The forums are open for you to ask questions, contribute answers other further questions, request improvements or contribute with code or plugins of your own.
- [simpleSAMLphp homepage (at Feide RnD)](http://rnd.feide.no/simplesamlphp)
- [List of all available simpleSAMLphp documentation](http://simplesamlphp.org/docs/)
- [Join the simpleSAMLphp user's mailing list](http://rnd.feide.no/content/simplesamlphp-users-mailinglist)
- [Visit and contribute to the simpleSAMLphp wiki](https://ow.feide.no/simplesamlphp:start)

View File

@ -0,0 +1,270 @@
simpleSAMLphp SP API reference
==============================
<!-- {{TOC}} -->
This document describes the SimpleSAML_Auth_Simple API.
This is the preferred API for integrating simpleSAMLphp with other applications.
Constructor
-----------
new SimpleSAML_Auth_Simple(string $authSource)
The constructor initializes a SimpleSAML_Auth_Simple object.
### Parameters
It has a single parameter, which is the ID of the authentication source that should be used.
This authentication source must exist in `config/authsources.php`.
### Example
$auth = new SimpleSAML_Auth_Simple('default-sp');
`isAuthenticated`
-----------------
bool isAuthenticated()
Check whether the user is authenticated with this authentication source.
`TRUE` is returned if the user is authenticated, `FALSE` if not.
### Example
if (!$auth->isAuthenticated()) {
/* Show login link. */
print('<a href="/login">Login</a>');
}
`requireAuth`
-------------
void requireAuth(array $params = array())
Make sure that the user is authenticated.
This function will only return if the user is authenticated.
If the user isn't authenticated, this function will start the authentication process.
### Parameters
`$params` is an associative array with named parameters for this function.
See the documentation for the `login`-function for a description of the parameters.
### Example 1
$auth->requireAuth();
print("Hello, authenticated user!");
### Example 2
/*
* Return the user to the frontpage after authentication, don't post
* the current POST data.
*/
$auth->requireAuth(array(
'ReturnTo' => 'https://sp.example.org/',
'KeepPost' => FALSE,
));
print("Hello, authenticated user!");
`login`
-------------
void login(array $params = array())
Start a login operation.
This function will always start a new authentication process.
### Parameters
The following global parameters are supported:
`ErrorURL` (`string`)
: An URL to a page which will receive errors that may occur during authentication.
`KeepPost` (`bool`)
: If set to `TRUE`, the current POST data will be submitted again after authentication.
The default is `TRUE`.
`ReturnTo` (`string`)
: The URL the user should be returned to after authentication.
The default is to return the user to the current page.
`ReturnCallback` (`array`)
: The function we should call when the user finishes authentication.
The [`saml:SP`](./saml:sp) authentication source also defines some parameters.
### Example
# Send a passive authentication request.
$auth->login(array(
'isPassive' => TRUE,
'ErrorURL' => 'https://.../error_handler.php',
));
`logout`
--------
void logout(mixed $params = NULL)
Log the user out.
After logging out, the user will either be redirected to another page, or a function will be called.
This function never returns.
### Parameters
`$params`
: Parameters for the logout operation.
This can either be a simple string, in which case it is interpreted as the URL the user should be redirected to after logout, or an associative array with logout parameters.
If this parameter isn't specified, we will redirect the user to the current URL after logout.
If the parameter is an an array, it can have the following options:
- `ReturnTo`: The URL the user should be returned to after logout.
- `ReturnCallback`: The function that should be called after logout.
- `ReturnStateParam`: The parameter we should return the state in when redirecting.
- `ReturnStateStage`: The stage the state array should be saved with.
The `ReturnState` parameters allow access to the result of the logout operation after it completes.
### Example 1
Logout, and redirect to the specified URL.
$auth->logout('https://sp.example.org/logged_out.php');
### Example 2
Same as the previous, but check the result of the logout operation afterwards.
$auth->logout(array(
'ReturnTo' => 'https://sp.example.org/logged_out.php',
'ReturnStateParam' => 'LogoutState',
'ReturnStateStage' => 'MyLogoutState',
));
And in logged_out.php:
$state = SimpleSAML_Auth_State::loadState((string)$_REQUEST['LogoutState'], 'MyLogoutState');
$ls = $state['saml:sp:LogoutStatus']; /* Only works for SAML SP */
if ($ls['Code'] === 'urn:oasis:names:tc:SAML:2.0:status:Success' && !isset($ls['SubCode'])) {
/* Successful logout. */
echo("You have been logged out.");
} else {
/* Logout failed. Tell the user to close the browser. */
echo("We were unable to log you out of all your sessions. To be completely sure that you are logged out, you need to close your web browser.");
}
`getAttributes`
---------------
array getAttributes()
Retrieve the attributes of the current user.
If the user isn't authenticated, an empty array will be returned.
The attributes will be returned as an associative array with the name of the attribute as the key and the value as an array of one or more strings:
array(
'uid' => array('testuser'),
'eduPersonAffiliation' => array('student', 'member'),
)
### Example
$attrs = $auth->getAttributes();
if (!isset($attrs['displayName'][0])) {
throw new Exception('displayName attribute missing.');
}
$name = $attrs['displayName'][0];
print('Hello, ' . htmlspecialchars($name));
`getAuthData`
---------------
mixed getAuthData(string $name)
Retrieve the specified authentication data for the current session.
NULL is returned if the user isn't authenticated.
The available authentication data depends on the module used for authentication.
See the [`saml:SP`](./saml:sp) reference for information about available SAML authentication data.
### Example
$idp = $auth->getAuthData('saml:sp:IdP');
print('You are logged in from: ' . htmlspecialchars($idp));
`getLoginURL`
-------------
string getLoginURL(string $returnTo = NULL)
Retrieve an URL that can be used to start authentication.
### Parameters
`$returnTo`
: The URL the user should be returned to after authentication.
The default is the current page.
### Example
$url = $auth->getLoginURL();
print('<a href="' . htmlspecialchars($url) . '">Login</a>');
### Note
The URL returned by this function is static, and will not change.
You can easily create your own links without using this function.
The URL should be:
.../simplesaml/module.php/core/as_login.php?AuthId=<authentication source>&ReturnTo=<return URL>
`getLogoutURL`
--------------
string getLogoutURL(string $returnTo = NULL)
Retrieve an URL that can be used to trigger logout.
### Parameters
`$returnTo`
: The URL the user should be returned to after logout.
The default is the current page.
### Example
$url = $auth->getLogoutURL();
print('<a href="' . htmlspecialchars($url) . '">Logout</a>');
### Note
The URL returned by this function is static, and will not change.
You can easily create your own links without using this function.
The URL should be:
.../simplesaml/module.php/core/as_logout.php?AuthId=<authentication source>&ReturnTo=<return URL>

View File

@ -0,0 +1,283 @@
Migrating to the `saml` module
==============================
<!-- {{TOC}} -->
This document describes how you can migrate your code to use the `saml` module for authentication against SAML 2.0 and SAML 1.1 IdPs.
It assumes that you have previously set up a SP by using redirects to `saml2/sp/initSSO.php`.
The steps we are going to follow are:
1. Create a new authentication source.
2. Add the metadata for this authentication source to the IdP.
3. Test the new authentication source.
4. Convert the application to use the new API.
5. Test the application.
6. Remove the old metadata from the IdP.
7. Disable the old SAML 2 SP.
Create a new authentication source
----------------------------------
In this step we are going to create an authentication source which uses the `saml` module for authentication.
To do this, we open `config/authsources.php`. Create the file if it does not exist.
If you create the file, it should looke like this:
<?php
$config = array(
/* Here we can add entries for authentication sources we want to use. */
);
We are going to add an entry to this file.
The entry should look something like this:
'default-sp' => array(
'saml:SP',
/*
* The entity ID of this SP.
* Can be NULL/unset, in which case an entity ID is generated based on the metadata URL.
*/
'entityID' => NULL,
/*
* The entity ID of the IdP this should SP should contact.
* Can be NULL/unset, in which case the user will be shown a list of available IdPs.
*/
'idp' => NULL,
/* Here you can add other options to the SP. */
),
`default-sp` is the name of the authentication source.
It is used to refer to this authentication source when we use it.
`saml:SP` tells simpleSAMLphp that authentication with this authentication source is handled by the `saml` module.
The `idp` option should be set to the same value that is set in `default-saml20-idp` in `config.php`.
To ease migration, you probably want the entity ID on the new SP to be different than on the old SP.
This makes it possible to have both the old and the new SP active on the IdP at the same time.
You can also add other options this authentication source.
See the [`saml:SP`](./saml:sp) documentation for more information.
Add the metadata for this authentication source to the IdP
----------------------------------------------------------
After adding the authentication source on the SP, you need to register the metadata on the IdP.
To retrieve the metadata, open the frontpage of your simpleSAMLphp installation, and go to the federation tab.
You should have a list of metadata entries, and one will be marked with the name of the new authentication source.
In our case, that was `default-sp`.
Click the `Show metadata` link, and you will arrive on a web page with the metadata for that service provider.
How you proceed from here depends on which IdP you are connecting to.
If you use a simpleSAMLphp IdP, you can use the metadata in the flat file format at the bottom of the page.
That metadata should be added to `saml20-sp-remote.php` on the IdP.
For other IdPs you probably want to use the XML metadata.
Test the new authentication source
----------------------------------
You should now be able to log in using the new authentication source.
Go to the frontpage of your simpleSAMLphp installation and open the authentication tab.
There you will find a link to test authentication sources.
Click that link, and select the name of your authentication source (`default-sp` in our case).
You should be able to log in using that authentication source, and receive the attributes from the IdP.
Convert the application to use the new API
------------------------------------------
This section will go through some common changes that you need to do when you are using simpleSAMLphp from a different application.
### `_include.php`
You should also no longer include `.../simplesamlphp/www/_include.php`.
Instead, you should include `.../simplesamlphp/lib/_autoload.php`.
This means that you replace lines like:
require_once('.../simplesamlphp/www/_include.php');
with:
require_once('.../simplesamlphp/lib/_autoload.php');
`_autoload.php` will register an autoloader function for the simpleSAMLphp classes.
This makes it possible to access the classes from your application.
`_include.php` does the same, but also has some side-effects that you may not want in your application.
If you load any simpleSAMLphp class files directly, you should remove those lines.
That means that you should remove lines like the following:
require_once('SimpleSAML/Utilities.php');
require_once('SimpleSAML/Session.php');
require_once('SimpleSAML/XHTML/Template.php');
### Authentication API
There is a new authentication API in simpleSAMLphp which can be used to authenticate against authentication sources.
This API is designed to handle the common operations.
#### Overview
This is a quick overview of the API:
/* Get a reference to our authentication source. */
$as = new SimpleSAML_Auth_Simple('default-sp');
/* Require the user to be authentcated. */
$as->requireAuth();
/* When that function returns, we have an authenticated user. */
/*
* Retrieve attributes of the user.
*
* Note: If the user isn't authenticated when getAttributes() is
* called, an empty array will be returned.
*/
$attributes = $as->getAttributes();
/* Log the user out. */
$as->logout();
#### `$config` and `$session`
Generally, if you have:
$config = SimpleSAML_Configuration::getInstance();
$session = SimpleSAML_Session::getInstance();
you should replace it with this single line:
$as = new SimpleSAML_Auth_Simple('default-sp');
#### Requiring authentication
Blocks of code like the following:
/* Check if valid local session exists.. */
if (!isset($session) || !$session->isValid('saml2') ) {
SimpleSAML_Utilities::redirect(
'/' . $config->getBaseURL() .
'saml2/sp/initSSO.php',
array('RelayState' => SimpleSAML_Utilities::selfURL())
);
}
should be replaced with a single call to `requireAuth()`:
$as->requireAuth();
#### Fetching attributes
Where you previously called:
$session->getAttributes();
you should now call:
$as->getAttributes();
#### Logging out
Redirecting to the initSLO-script:
SimpleSAML_Utilities::redirect(
'/' . $config->getBaseURL() .
'saml2/sp/initSLO.php',
array('RelayState' => SimpleSAML_Utilities::selfURL())
);
should be replaced with a call to `logout()`:
$as->logout();
If you want to return to a specific URL after logging out, you should include that URL as a parameter to the logout function:
$as->logout('https://example.org/');
#### Login link
If you have any links to the initSSO-script, those links must be replaced with links to a new script.
The URL to the new script is `https://.../simplesaml/module.php/core/as_login.php`.
It has two mandatory parameters:
* `AuthId`: The id of the authentication source.
* `ReturnTo`: The URL the user should be redirected to after authentication.
#### Logout link
Any links to the initSLO-script must be replaced with links to a new script.
The URL to the new script is `https://.../simplesaml/module.php/core/as_logout.php`.
It has two mandatory parameters:
* `AuthId`: The id of the authentication source.
* `ReturnTo`: The URL the user should be redirected to after logout.
Test the application
--------------------
How you test the application is highly dependent on the application, but here are the elements you should test:
### SP initiated login
Make sure that it is still possible to log into the application.
### IdP initiated login
If you use a simpleSAMLphp IdP, and you want users to be able to bookmark the login page, you need to test IdP initiated login.
To test IdP initiated login from a simpleSAMLphp IdP, you can access:
https://.../simplesaml/saml2/idp/SSOService.php?spentityid=<entity ID of your SP>&RelayState=<URL the user should be sent to after login>
Note that the RelayState parameter is only supported if the IdP runs version 1.5 of simpleSAMLphp.
If it isn't supported by the IdP, you need to configure the `RelayState` option in the authentication source configuration.
### SP initiated logout
Make sure that logging out of your application also logs out of the IdP.
If this does not work, users who log out of your application can log in again without entering any username or password.
### IdP initiated logout
This is used by the IdP if the user logs out of a different SP connected to the IdP.
In this case, the user should also be logged out of your application.
The easiest way to test this is if you have two SPs connected to the IdP.
You can then log out of one SP and check that you are also logged out of the other.
Remove the old metadata from the IdP
------------------------------------
Once the new SP works correctly, you can remove the metadata for the old SP from the IdP.
How you do that depends on the IdP.
If you are running a simpleSAMLphp IdP, you can remove the entry for the old SP in `metadata/saml20-sp-remote.php`.
Disable the old SAML 2 SP
-------------------------
You may also want to disable the old SP code in simpleSAMLphp.
To do that, open `config/config.php`, and change the `enable.saml20-sp` option to `FALSE`.

View File

@ -0,0 +1,202 @@
SimpleSAMLphp Service Provider QuickStart
=========================================
<!--
This file is written in Markdown syntax.
For more information about how to use the Markdown syntax, read here:
http://daringfireball.net/projects/markdown/syntax
-->
* Version: `$Id: simplesamlphp-sp.txt 2711 2011-01-12 14:25:46Z olavmrk $`
<!-- {{TOC}} -->
This guide will describe how to configure simpleSAMLphp as a service provider (SP). You should previously have installed simpleSAMLphp as described in [the simpleSAMLphp installation instructions](simplesamlphp-install).
Configuring the SP
------------------
The SP is configured by an entry in `config/authsources.php`.
This is a minimal `authsources.php` for a SP:
<?php
$config = array(
/* This is the name of this authentication source, and will be used to access it later. */
'default-sp' => array(
'saml:SP',
),
);
For more information about additional options available for the SP, see the [`saml:SP` reference](./saml:sp).
If you want mulitple Service Providers in the same site and installation, you can add more entries in the `authsources.php` configuration. If so remember to set the EntityID explicitly. Here is an example:
'sp1' => array(
'saml:SP',
'entityID' => 'https://sp1.example.org/',
),
'sp2' => array(
'saml:SP',
'entityID' => 'https://sp2.example.org/',
),
### Enabling a certificate for your Service Provider
Some Identity Providers / Federations may require that your Service Providers holds a certificate. If you enable a certificate for your Service Provider, it may be able to sign requests and response sent to the Identity Provider, as well as receiving encrypted responses.
Create a self-signed certificate in the `cert/` directory.
cd cert
openssl req -newkey rsa:2048 -new -x509 -days 3652 -nodes -out saml.crt -keyout saml.pem
Then edit your `authsources.php` entry, and add references to your certificate:
'default-sp' => array(
'saml:SP',
'privatekey' => 'saml.pem',
'certificate' => 'saml.crt',
),
Adding IdPs to the SP
---------------------
The service provider you are configuring needs to know about the identity providers you are going to connect to it. This is configured by metadata stored in `metadata/saml20-idp-remote.php` and `metadata/shib13-idp-remote.php`.
This is a minimal example of a `metadata/saml20-idp-remote.php` metadata file:
<?php
$metadata['https://openidp.feide.no'] = array(
'SingleSignOnService' => 'https://openidp.feide.no/simplesaml/saml2/idp/SSOService.php',
'SingleLogoutService' => 'https://openidp.feide.no/simplesaml/saml2/idp/SingleLogoutService.php',
'certFingerprint' => 'c9ed4dfb07caf13fc21e0fec1572047eb8a7a4cb',
);
For more information about available options in the idp-remote metadata files, see the [IdP remote reference](simplesamlphp-reference-idp-remote).
If you have the metadata of the remote IdP as an XML file, you can use the built-in XML to simpleSAMLphp metadata converter, which by default is available as `/admin/metadata-converter.php` in your simpleSAMLphp installation.
Note that the idp-remote file lists all IdPs you trust. You should remove all IdPs that you don't use.
Setting the default IdP
-----------------------
An option in the authentication source allows you to configure which IdP should be used.
This is the `idp` option.
<?php
$config = array(
'default-sp' => array(
'saml:SP',
/*
* The entity ID of the IdP this should SP should contact.
* Can be NULL/unset, in which case the user will be shown a list of available IdPs.
*/
'idp' => 'https://openidp.feide.no',
),
);
Exchange metadata with the IdP
------------------------------
If you do not have an IdP yourself, you could use the Feide OpenIdP to test your Service Provider.
The metadata for Feide OpenIdP is already included in the metadata distributed with simpleSAMLphp.
In order to complete the connection between your SP and Feide OpenIdP, you must add the metadata for your SP to the IdP.
The metadata for your SP can be found on the `Federation`-tab.
Copy the SAML 2.0 XML Metadata document automatically generated by simpleSAMLphp, and go to the OpenIdP Metadata Self-Service Registry:
* [Feide OpenIdP Metadata Self-Service Registry](https://openidp.feide.no/simplesaml/module.php/metaedit/index.php)
You need to login with an OpenIdP account to authenticate (you can create a new account if you do not have one already).
Next, click the link 'Add from SAML 2.0 XML metadata', and paste in your SAML 2.0 XML Metadata.
After clicking the 'Import metadata' button, you will be presented with a form where you can edit your metadata.
You can check that your metadata was parsed correctly by looking at the 'SAML 2.0' tab.
The textfields for AssertionConsumerService and SingleLogoutService should contain two URLs:
`AssertionConsumerService`
: `https://sp.example.org/simplesaml/module.php/saml/sp/saml2-acs.php/default-sp`
`SingleLogoutService`
: `https://sp.example.org/simplesaml/module.php/saml/sp/saml2-logout.php/default-sp`
After checking your metadata, give your SP a proper name and description and click 'save'.
Test the SP
-----------------------------
After the metadata is is configured on the IdP, you should be able to test the configuration.
The installation page of simpleSAMLphp has a link to test authentication sources.
When you click the link, you should receive a list of authentication sources, including the one you have created for the SP.
After you click the link for that authentication source, you will be redirected to the IdP.
After entering your credentials, you should be redirected back to the test page.
The test page should contain a list of your attributes:
![Screenshot of the status page after an user have succesfully authenticated](http://rnd.feide.no/files/screenshot-example.png)
Integrating authentication with your own application
----------------------------------------------------
The API is documented in [the SP API reference](simplesamlphp-sp-api).
For those web resources you want to protect, you must add a few
lines of PHP code:
- Register the simpleSAMLphp classes with the PHP autoloader.
-
Require authentication of the user for those places it is required.
-
Access the users attributes.
Example code:
We start off with loading a file which registers the simpleSAMLphp classes with the autoloader.
require_once('../../lib/_autoload.php');
We select our authentication source:
$as = new SimpleSAML_Auth_Simple('default-sp');
We then require authentication:
$as->requireAuth();
And print the attributes:
$attributes = $as->getAttributes();
print_r($attributes);
Each attribute name can be used as an index into $attributes to obtain the value. Every attribute value is an array - a single-valued attribute is an array of a single element.
We can also request authentication with a specific IdP:
$as->login(array(
'saml:idp' => 'https://idp.example.org/',
));
Other options are also available.
Take a look in the documentation for the [SP module](./saml:sp) for a list of all parameters.
Support
-------
If you need help to make this work, or want to discuss simpleSAMLphp with other users of the software, you are fortunate: Around simpleSAMLphp there is a great Open source community, and you are welcome to join! The forums are open for you to ask questions, contribute answers other further questions, request improvements or contribute with code or plugins of your own.
- [simpleSAMLphp homepage (at Feide RnD)](http://rnd.feide.no/simplesamlphp)
- [List of all available simpleSAMLphp documentation](http://simplesamlphp.org/docs/)
- [Join the simpleSAMLphp user's mailing list](http://rnd.feide.no/content/simplesamlphp-users-mailinglist)
- [Visit and contribute to the simpleSAMLphp wiki](https://ow.feide.no/simplesamlphp:start)

View File

@ -0,0 +1,31 @@
simpleSAMLphp from Subversion
=============================
These are some notes about running simpleSAMLphp from subversion.
Installing from Subversion
--------------------------
Go to the directory where you want to install simpleSAMLphp:
cd /var
Then do a subversion checkout:
svn checkout http://simplesamlphp.googlecode.com/svn/trunk/ simplesamlphp
Initialize configuration and metadata:
cd /var/simplesamlphp
cp -r config-templates/* config/
cp -r metadata-templates/* metadata/
Upgrading
---------
Go to the root directory of your simpleSAMLphp installation:
cd /var/simplesamlphp
Ask subversion to update to the latest version:
svn update

View File

@ -0,0 +1,99 @@
Theming the user interface in SimpleSAMLphp
===========================================
<!--
This file is written in Markdown syntax.
For more information about how to use the Markdown syntax, read here:
http://daringfireball.net/projects/markdown/syntax
-->
* Version: `$Id: simplesamlphp-theming.txt 2206 2010-03-08 10:14:12Z andreassolberg $`
<!-- {{TOC}} -->
In SimpleSAMLphp every part that needs to interact with the user by using a web page, uses templates to present the XHTML. SimpleSAMLphp comes with a default set of templates that presents a anonymous look.
You may create your own theme, where you add one or more template files that will override the default ones. This document explains how to achieve that.
How themes work
--------------------
If you want to customize the UI, the right way to do that is to create a new **theme**. A theme is a set of templates that can be configured to override the default templates.
### Configuring which theme to use
In `config.php` there is a configuration option that controls theming. Here is an example:
'theme.use' => 'fancymodule:fancytheme',
The `theme.use` parameter points to which theme that will be used. If some functionality in simpleSAMLphp needs to present UI in example with the `logout.php` template, it will first look for `logout.php` in the `theme.use` theme, and if not found it will all fallback to look for the base templates.
All required templates SHOULD be available as a base in the `templates` folder, and you SHOULD never change the base templates. To customize UI, add a new theme within a module that overrides the base templates, instead of modifying it.
### Templates that includes other files
A template file may *include* other files. In example all the default templates will include a header and footer. In example the `login.php` template will first include `includes/header.php` then present the login page, and then include `includes/footer.php`.
SimpleSAMLphp allows themes to override the included templates files only, if needed. That means you can create a new theme `fancytheme` that includes only a header and footer. The header file refers to the CSS files, which means that a simple way of making a new look on simpleSAMLphp is to create a new theme, and copy the existing header, but point to your own CSS instead of the default CSS.
Creating your first theme
-------------------------
The first thing you need to do is having a simpleSAMLphp module to place your theme in. If you do not have a module already, create a new one:
cd modules
mkdir mymodule
cd mymodule
touch default-enable
Then within this module, you can create a new theme named `fancytheme`.
cd modules/mymodule
mkdir -p themes/fancytheme
Now, configure simpleSAMLphp to use your new theme in `config.php`:
'theme.use' => 'mymodule:fancytheme',
Next, we create `themes/fancytheme/default/includes`, and copy the header file from the base theme:
cp templates/includes/header.php modules/mymodule/themes/fancytheme/default/includes/
In the `modules/mymodule/themes/fancytheme/default/includes/header.php` type in something and go to the simpleSAMLphp front page to see that your new theme is in use.
A good start is to modify the reference to the default CSS:
<link rel="stylesheet" type="text/css" href="/<?php echo $this->data['baseurlpath']; ?>resources/default.css" />
to in example:
<link rel="stylesheet" type="text/css" href="/<?php echo $this->data['baseurlpath']; ?>resources/fancytheme/default.css" />
Examples
---------------------
To override the frontpage body, add the file:
modules/mymodule/themes/fancytheme/default/frontpage.php
In the path above `default` means that the frontpage template is not part of any modules. If you are replacing a template that is part of a module, then use the module name instead of `default`.
In example, to override the `preprodwarning` template, (the file is located in `modules/preprodwarning/templates/warning.php`), you need to add a new file:
modules/mymodule/themes/fancytheme/preprodwarning/warning.php
Say in a module `foomodule`, some code requests to present the `bar.php` template, simpleSAMLphp will:
1. first look in your theme for a replacement: `modules/mymodule/themes/fancytheme/foomodule/bar.php`.
2. If not found, it will use the base template of that module: `modules/foomodule/templates/bar.php`
Adding resource files
---------------------
You can put resource files within the www folder of your module, to make your module completely independent with included css, icons etc.

Some files were not shown because too many files have changed in this diff Show More