simplesamlphp: update to 1.13.2

This commit is contained in:
Jérôme Schneider 2015-03-27 18:15:46 +01:00
parent 502161d955
commit c47b99cede
878 changed files with 55705 additions and 15278 deletions

View File

@ -0,0 +1,7 @@
SimpleSAMLphp
=============
This is the official repository of the SimpleSAMLphp software.
* [SimpleSAMLphp homepage](https://simplesamlphp.org)
* [SimpleSAMLphp Downloads](https://simplesamlphp.org/download)

View File

@ -0,0 +1,14 @@
<?php // Maps AD LDAP to Claims from http://msdn.microsoft.com/en-us/library/hh159803.aspx
$attributemap = array(
'c' => 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/country',
'givenName' => 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname',
'mail' => 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress',
'memberOf' => 'http://schemas.microsoft.com/ws/2008/06/identity/claims/role',
'postalcode' => 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/postalcode',
'uid' => 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name',
'sn' => 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname',
'st' => 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/stateorprovince',
'streetaddress' => 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/streetaddress',
'telephonenumber' => 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/otherphone',
);
?>

View File

@ -15,8 +15,6 @@ fi
cd /tmp
REPOPATH="http://simplesamlphp.googlecode.com/svn/tags/$TAG/"
if [ -a "$TAG" ]; then
echo "$0: Destination already exists: $TAG" >&2
exit 1
@ -24,7 +22,20 @@ fi
umask 0022
REPOPATH="http://simplesamlphp.googlecode.com/svn/tags/$TAG/"
svn export "$REPOPATH"
# Use composer only on newer versions that have a composer.json
if [ -f "$TAG/composer.json" ]; then
if [ ! -x composer.phar ]; then
curl -sS https://getcomposer.org/installer | php
fi
# Install dependencies (without vcs history or dev tools)
php composer.phar install --no-dev --prefer-dist -o -d "$TAG"
fi
mkdir -p "$TAG/config" "$TAG/metadata"
cp -rv "$TAG/config-templates/"* "$TAG/config/"
cp -rv "$TAG/metadata-templates/"* "$TAG/metadata/"

View File

@ -12,7 +12,7 @@ if (count($argv) < 1) {
}
// Needed in order to make session_start to be called before output is printed.
$session = SimpleSAML_Session::getInstance();
$session = SimpleSAML_Session::getSessionFromRequest();
$config = SimpleSAML_Configuration::getConfig('config.php');

View File

@ -1,7 +1,6 @@
#!/usr/bin/env php
<?php
/*
* $Id$
* Interactive script to generate password hashes.
*
*/

View File

@ -46,8 +46,14 @@ switch($action) {
case 'pull':
$content = SimpleSAML_Utilities::fetch($base . 'export.php?aid=' . $application . '&type=translation&file=' . $basefile);
file_put_contents($fileWithoutExt . '.translation.json' , $content);
try {
$content = SimpleSAML_Utilities::fetch($base . 'export.php?aid=' . $application . '&type=translation&file=' . $basefile);
file_put_contents($fileWithoutExt . '.translation.json' , $content);
}
catch (SimpleSAML_Error_Exception $e) {
echo 'Translation unavailable for ' . $basefile;
SimpleSAML_Logger::warning("Translation unavailable for $basefile in $base: " . $e->getMessage());
}
break;
case 'push':
@ -189,4 +195,4 @@ function json_format($data, $indentation = '') {
return $ret;
}
?>
?>

View File

@ -0,0 +1,34 @@
{
"name": "simplesamlphp/simplesamlphp",
"description": "A PHP implementation of SAML 2.0 service provider and identity provider functionality. And is also compatible with Shibboleth 1.3 and 2.0.",
"type": "project",
"keywords": [ "saml2", "shibboleth","aselect","openid","oauth","ws-federation","sp","idp" ],
"homepage": "http://simplesamlphp.org",
"license": "LGPL-2.1",
"authors": [
{
"name": "Andreas Åkre Solberg",
"email": "andreas.solberg@uninett.no"
},
{
"name": "Olav Morken",
"email": "olav.morken@uninett.no"
}
],
"autoload": {
"psr-0": {
"SimpleSAML_": "lib/"
},
"files": ["lib/_autoload_modules.php"]
},
"require": {
"php": "~5.3",
"simplesamlphp/saml2": "~0.3",
"simplesamlphp/xmlseclibs": "~1.3.2",
"openid/php-openid": "dev-master#ee669c6a9d4d95b58ecd9b6945627276807694fb as 2.2.2"
},
"support": {
"issues": "https://github.com/simplesamlphp/simplesamlphp/issues",
"source": "https://github.com/simplesamlphp/simplesamlphp"
}
}

214
inc/simplesamlphp/composer.lock generated Normal file
View File

@ -0,0 +1,214 @@
{
"_readme": [
"This file locks the dependencies of your project to a known state",
"Read more about it at http://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file",
"This file is @generated automatically"
],
"hash": "e609dc6172b06d1dd51be10f92c4d18b",
"packages": [
{
"name": "openid/php-openid",
"version": "dev-master",
"source": {
"type": "git",
"url": "https://github.com/openid/php-openid.git",
"reference": "ee669c6a9d4d95b58ecd9b6945627276807694fb"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/openid/php-openid/zipball/fff9217fb1acda132702730b66b10981ea9d4cac",
"reference": "ee669c6a9d4d95b58ecd9b6945627276807694fb",
"shasum": ""
},
"require": {
"ext-curl": "*",
"ext-dom": "*",
"ext-gmp": "*",
"php": ">=4.3"
},
"type": "library",
"autoload": {
"classmap": [
"Auth"
]
},
"notification-url": "https://packagist.org/downloads/",
"include-path": [
"."
],
"license": [
"Apache-2.0"
],
"authors": [
{
"name": "JanRain Inc.",
"homepage": "http://www.openidenabled.com"
}
],
"description": "OpenID library for PHP5",
"homepage": "http://github.com/openid/php-openid",
"keywords": [
"Authentication",
"OpenId",
"auth",
"yadis"
],
"time": "2013-10-03 21:21:20"
},
{
"name": "psr/log",
"version": "1.0.0",
"source": {
"type": "git",
"url": "https://github.com/php-fig/log.git",
"reference": "fe0936ee26643249e916849d48e3a51d5f5e278b"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/php-fig/log/zipball/fe0936ee26643249e916849d48e3a51d5f5e278b",
"reference": "fe0936ee26643249e916849d48e3a51d5f5e278b",
"shasum": ""
},
"type": "library",
"autoload": {
"psr-0": {
"Psr\\Log\\": ""
}
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"MIT"
],
"authors": [
{
"name": "PHP-FIG",
"homepage": "http://www.php-fig.org/"
}
],
"description": "Common interface for logging libraries",
"keywords": [
"log",
"psr",
"psr-3"
],
"time": "2012-12-21 11:40:51"
},
{
"name": "simplesamlphp/saml2",
"version": "v0.5.0",
"source": {
"type": "git",
"url": "https://github.com/simplesamlphp/saml2.git",
"reference": "497152245ec73c3f96c84306dcddf850017b84a8"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/simplesamlphp/saml2/zipball/497152245ec73c3f96c84306dcddf850017b84a8",
"reference": "497152245ec73c3f96c84306dcddf850017b84a8",
"shasum": ""
},
"require": {
"ext-dom": "*",
"ext-mcrypt": "*",
"ext-openssl": "*",
"php": ">=5.3.3",
"psr/log": "1.0.0",
"simplesamlphp/xmlseclibs": "~1.3.1"
},
"require-dev": {
"phpmd/phpmd": "~1.5",
"phpunit/phpunit": "~3.7",
"sebastian/phpcpd": "~1.4",
"sensiolabs/security-checker": "~1.1",
"squizlabs/php_codesniffer": "~1.4"
},
"type": "library",
"autoload": {
"psr-0": {
"SAML2_": "src/"
}
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"LGPL-2.1"
],
"authors": [
{
"name": "Andreas Åkre Solberg",
"email": "andreas.solberg@uninett.no"
}
],
"description": "SAML2 PHP library from SimpleSAMLphp",
"time": "2014-10-07 13:40:34"
},
{
"name": "simplesamlphp/xmlseclibs",
"version": "v1.3.2",
"source": {
"type": "git",
"url": "https://github.com/simplesamlphp/xmlseclibs.git",
"reference": "734e80899ade295b979de08553161cad63c2dd98"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/simplesamlphp/xmlseclibs/zipball/734e80899ade295b979de08553161cad63c2dd98",
"reference": "734e80899ade295b979de08553161cad63c2dd98",
"shasum": ""
},
"replace": {
"cdatazone/xmlseclibs": "self.version",
"fr3d/xmlseclibs": "self.version",
"robrichards/xmlseclibs": "self.version"
},
"suggest": {
"ext/mcrypt": "",
"ext/openssl": ""
},
"type": "library",
"autoload": {
"files": [
"xmlseclibs.php"
]
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"BSD-3-Clause"
],
"authors": [
{
"name": "Rob Richards"
}
],
"description": "A PHP library for XML Security",
"homepage": "http://code.google.com/p/xmlseclibs/",
"keywords": [
"certificate",
"security",
"signature",
"signing",
"x.509",
"xml",
"xmlsec"
],
"time": "2013-06-19 00:00:00"
}
],
"packages-dev": [],
"aliases": [
{
"alias": "2.2.2",
"alias_normalized": "2.2.2.0",
"version": "9999999-dev",
"package": "openid/php-openid"
}
],
"minimum-stability": "stable",
"stability-flags": {
"openid/php-openid": 20
},
"prefer-stable": false,
"platform": {
"php": "~5.3"
},
"platform-dev": []
}

View File

@ -2,346 +2,387 @@
$config = array(
// This is a authentication source which handles admin authentication.
'admin' => array(
// The default is to use core:AdminPassword, but it can be replaced with
// any authentication source.
// This is a authentication source which handles admin authentication.
'admin' => array(
// The default is to use core:AdminPassword, but it can be replaced with
// any authentication source.
'core:AdminPassword',
),
'core:AdminPassword',
),
// An authentication source which can authenticate against both SAML 2.0
// and Shibboleth 1.3 IdPs.
'default-sp' => array(
'saml:SP',
// An authentication source which can authenticate against both SAML 2.0
// and Shibboleth 1.3 IdPs.
'default-sp' => array(
'saml:SP',
// The entity ID of this SP.
// Can be NULL/unset, in which case an entity ID is generated based on the metadata URL.
'entityID' => NULL,
// The entity ID of this SP.
// Can be NULL/unset, in which case an entity ID is generated based on the metadata URL.
'entityID' => null,
// The entity ID of the IdP this should SP should contact.
// Can be NULL/unset, in which case the user will be shown a list of available IdPs.
'idp' => NULL,
// The entity ID of the IdP this should SP should contact.
// Can be NULL/unset, in which case the user will be shown a list of available IdPs.
'idp' => null,
// The URL to the discovery service.
// Can be NULL/unset, in which case a builtin discovery service will be used.
'discoURL' => NULL,
),
// The URL to the discovery service.
// Can be NULL/unset, in which case a builtin discovery service will be used.
'discoURL' => null,
/*
* WARNING: SHA-1 is disallowed starting January the 1st, 2014.
*
* Uncomment the following option to start using SHA-256 for your signatures.
* Currently, simpleSAMLphp defaults to SHA-1, which has been deprecated since
* 2011, and will be disallowed by NIST as of 2014. Please refer to the following
* document for more information:
*
* http://csrc.nist.gov/publications/nistpubs/800-131A/sp800-131A.pdf
*
* If you are uncertain about identity providers supporting SHA-256 or other
* algorithms of the SHA-2 family, you can configure it individually in the
* IdP-remote metadata set for those that support it. Once you are certain that
* all your configured IdPs support SHA-2, you can safely remove the configuration
* options in the IdP-remote metadata set and uncomment the following option.
*
* Please refer to the hosted SP configuration reference for more information.
*/
//'signature.algorithm' => 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256',
/*
* The attributes parameter must contain an array of desired attributes by the SP.
* The attributes can be expressed as an array of names or as an associative array
* in the form of 'friendlyName' => 'name'.
* The metadata will then be created as follows:
* <md:RequestedAttribute FriendlyName="friendlyName" Name="name" />
*/
/*'attributes' => array(
'attrname' => 'urn:oid:x.x.x.x',
),*/
/*'attributes.required' => array (
'urn:oid:x.x.x.x',
),*/
),
/*
'example-sql' => array(
'sqlauth:SQL',
'dsn' => 'pgsql:host=sql.example.org;port=5432;dbname=simplesaml',
'username' => 'simplesaml',
'password' => 'secretpassword',
'query' => 'SELECT "username", "name", "email" FROM "users" WHERE "username" = :username AND "password" = :password',
),
*/
/*
'example-sql' => array(
'sqlauth:SQL',
'dsn' => 'pgsql:host=sql.example.org;port=5432;dbname=simplesaml',
'username' => 'simplesaml',
'password' => 'secretpassword',
'query' => 'SELECT uid, givenName, email, eduPersonPrincipalName FROM users WHERE uid = :username AND password = SHA2(CONCAT((SELECT salt FROM users WHERE uid = :username), :password),256);',
),
*/
/*
'example-static' => array(
'exampleauth:Static',
'uid' => array('testuser'),
'eduPersonAffiliation' => array('member', 'employee'),
'cn' => array('Test User'),
),
*/
/*
'example-static' => array(
'exampleauth:Static',
'uid' => array('testuser'),
'eduPersonAffiliation' => array('member', 'employee'),
'cn' => array('Test User'),
),
*/
/*
'example-userpass' => array(
'exampleauth:UserPass',
/*
'example-userpass' => array(
'exampleauth:UserPass',
// Give the user an option to save their username for future login attempts
// And when enabled, what should the default be, to save the username or not
//'remember.username.enabled' => FALSE,
//'remember.username.checked' => FALSE,
// Give the user an option to save their username for future login attempts
// And when enabled, what should the default be, to save the username or not
//'remember.username.enabled' => FALSE,
//'remember.username.checked' => FALSE,
'student:studentpass' => array(
'uid' => array('test'),
'eduPersonAffiliation' => array('member', 'student'),
),
'employee:employeepass' => array(
'uid' => array('employee'),
'eduPersonAffiliation' => array('member', 'employee'),
),
),
*/
'student:studentpass' => array(
'uid' => array('test'),
'eduPersonAffiliation' => array('member', 'student'),
),
'employee:employeepass' => array(
'uid' => array('employee'),
'eduPersonAffiliation' => array('member', 'employee'),
),
),
*/
/*
'crypto-hash' => array(
'authcrypt:Hash',
// hashed version of 'verysecret', made with bin/pwgen.php
'professor:{SSHA256}P6FDTEEIY2EnER9a6P2GwHhI5JDrwBgjQ913oVQjBngmCtrNBUMowA==' => array(
'uid' => array('prof_a'),
'eduPersonAffiliation' => array('member', 'employee', 'board'),
),
),
*/
/*
'crypto-hash' => array(
'authcrypt:Hash',
// hashed version of 'verysecret', made with bin/pwgen.php
'professor:{SSHA256}P6FDTEEIY2EnER9a6P2GwHhI5JDrwBgjQ913oVQjBngmCtrNBUMowA==' => array(
'uid' => array('prof_a'),
'eduPersonAffiliation' => array('member', 'employee', 'board'),
),
),
*/
/*
'htpasswd' => array(
'authcrypt:Htpasswd',
'htpasswd_file' => '/var/www/foo.edu/legacy_app/.htpasswd',
'static_attributes' => array(
'eduPersonAffiliation' => array('member', 'employee'),
'Organization' => array('University of Foo'),
),
),
*/
/*
'htpasswd' => array(
'authcrypt:Htpasswd',
'htpasswd_file' => '/var/www/foo.edu/legacy_app/.htpasswd',
'static_attributes' => array(
'eduPersonAffiliation' => array('member', 'employee'),
'Organization' => array('University of Foo'),
),
),
*/
/*
// This authentication source serves as an example of integration with an
// external authentication engine. Take a look at the comment in the beginning
// of modules/exampleauth/lib/Auth/Source/External.php for a description of
// how to adjust it to your own site.
'example-external' => array(
'exampleauth:External',
),
*/
/*
// This authentication source serves as an example of integration with an
// external authentication engine. Take a look at the comment in the beginning
// of modules/exampleauth/lib/Auth/Source/External.php for a description of
// how to adjust it to your own site.
'example-external' => array(
'exampleauth:External',
),
*/
/*
'yubikey' => array(
'authYubiKey:YubiKey',
'id' => '000',
// 'key' => '012345678',
),
*/
/*
'yubikey' => array(
'authYubiKey:YubiKey',
'id' => '000',
// 'key' => '012345678',
),
*/
/*
'openid' => array(
'openid:OpenIDConsumer',
'attributes.required' => array('nickname'),
'attributes.optional' => array('fullname', 'email',),
// 'sreg.validate' => FALSE,
'attributes.ax_required' => array('http://axschema.org/namePerson/friendly'),
'attributes.ax_optional' => array('http://axschema.org/namePerson','http://axschema.org/contact/email'),
// Prefer HTTP redirect over POST
// 'prefer_http_redirect' => FALSE,
),
*/
/*
'openid' => array(
'openid:OpenIDConsumer',
'attributes.required' => array('nickname'),
'attributes.optional' => array('fullname', 'email',),
// 'sreg.validate' => FALSE,
'attributes.ax_required' => array('http://axschema.org/namePerson/friendly'),
'attributes.ax_optional' => array('http://axschema.org/namePerson','http://axschema.org/contact/email'),
// Prefer HTTP redirect over POST
// 'prefer_http_redirect' => FALSE,
),
*/
/*
// Example of an authsource that authenticates against Google.
// See: http://code.google.com/apis/accounts/docs/OpenID.html
'google' => array(
'openid:OpenIDConsumer',
// Googles OpenID endpoint.
'target' => 'https://www.google.com/accounts/o8/id',
// Custom realm
// 'realm' => 'http://*.example.org',
// Attributes that google can supply.
'attributes.ax_required' => array(
//'http://axschema.org/namePerson/first',
//'http://axschema.org/namePerson/last',
//'http://axschema.org/contact/email',
//'http://axschema.org/contact/country/home',
//'http://axschema.org/pref/language',
),
// custom extension arguments
'extension.args' => array(
//'http://specs.openid.net/extensions/ui/1.0' => array(
// 'mode' => 'popup',
// 'icon' => 'true',
//),
),
),
*/
/*
// Example of an authsource that authenticates against Google.
// See: http://code.google.com/apis/accounts/docs/OpenID.html
'google' => array(
'openid:OpenIDConsumer',
// Googles OpenID endpoint.
'target' => 'https://www.google.com/accounts/o8/id',
// Custom realm
// 'realm' => 'http://*.example.org',
// Attributes that google can supply.
'attributes.ax_required' => array(
//'http://axschema.org/namePerson/first',
//'http://axschema.org/namePerson/last',
//'http://axschema.org/contact/email',
//'http://axschema.org/contact/country/home',
//'http://axschema.org/pref/language',
),
// custom extension arguments
'extension.args' => array(
//'http://specs.openid.net/extensions/ui/1.0' => array(
// 'mode' => 'popup',
// 'icon' => 'true',
//),
),
),
*/
/*
'papi' => array(
'authpapi:PAPI',
),
*/
/*
'papi' => array(
'authpapi:PAPI',
),
*/
/*
'facebook' => array(
'authfacebook:Facebook',
// Register your Facebook application on http://www.facebook.com/developers
// App ID or API key (requests with App ID should be faster; https://github.com/facebook/php-sdk/issues/214)
'api_key' => 'xxxxxxxxxxxxxxxx',
// App Secret
'secret' => 'xxxxxxxxxxxxxxxx',
// which additional data permissions to request from user
// see http://developers.facebook.com/docs/authentication/permissions/ for the full list
// 'req_perms' => 'email,user_birthday',
),
*/
/*
'facebook' => array(
'authfacebook:Facebook',
// Register your Facebook application on http://www.facebook.com/developers
// App ID or API key (requests with App ID should be faster; https://github.com/facebook/php-sdk/issues/214)
'api_key' => 'xxxxxxxxxxxxxxxx',
// App Secret
'secret' => 'xxxxxxxxxxxxxxxx',
// which additional data permissions to request from user
// see http://developers.facebook.com/docs/authentication/permissions/ for the full list
// 'req_perms' => 'email,user_birthday',
),
*/
/*
// LinkedIn OAuth Authentication API.
// Register your application to get an API key here:
// https://www.linkedin.com/secure/developer
'linkedin' => array(
'authlinkedin:LinkedIn',
'key' => 'xxxxxxxxxxxxxxxx',
'secret' => 'xxxxxxxxxxxxxxxx',
),
*/
/*
// LinkedIn OAuth Authentication API.
// Register your application to get an API key here:
// https://www.linkedin.com/secure/developer
'linkedin' => array(
'authlinkedin:LinkedIn',
'key' => 'xxxxxxxxxxxxxxxx',
'secret' => 'xxxxxxxxxxxxxxxx',
),
*/
/*
// Twitter OAuth Authentication API.
// Register your application to get an API key here:
// http://twitter.com/oauth_clients
'twitter' => array(
'authtwitter:Twitter',
'key' => 'xxxxxxxxxxxxxxxx',
'secret' => 'xxxxxxxxxxxxxxxx',
),
*/
/*
// Twitter OAuth Authentication API.
// Register your application to get an API key here:
// http://twitter.com/oauth_clients
'twitter' => array(
'authtwitter:Twitter',
'key' => 'xxxxxxxxxxxxxxxx',
'secret' => 'xxxxxxxxxxxxxxxx',
/*
// MySpace OAuth Authentication API.
// Register your application to get an API key here:
// http://developer.myspace.com/
'myspace' => array(
'authmyspace:MySpace',
'key' => 'xxxxxxxxxxxxxxxx',
'secret' => 'xxxxxxxxxxxxxxxx',
),
*/
// Forces the user to enter their credentials to ensure the correct users account is authorized.
// Details: https://dev.twitter.com/docs/api/1/get/oauth/authenticate
'force_login' => FALSE,
),
*/
/*
// Windows Live ID Authentication API.
// Register your application to get an API key here:
// https://manage.dev.live.com
'windowslive' => array(
'authwindowslive:LiveID',
'key' => 'xxxxxxxxxxxxxxxx',
'secret' => 'xxxxxxxxxxxxxxxx',
),
*/
/*
// MySpace OAuth Authentication API.
// Register your application to get an API key here:
// http://developer.myspace.com/
'myspace' => array(
'authmyspace:MySpace',
'key' => 'xxxxxxxxxxxxxxxx',
'secret' => 'xxxxxxxxxxxxxxxx',
),
*/
/*
// Example of a LDAP authentication source.
'example-ldap' => array(
'ldap:LDAP',
/*
// Windows Live ID Authentication API.
// Register your application to get an API key here:
// https://manage.dev.live.com
'windowslive' => array(
'authwindowslive:LiveID',
'key' => 'xxxxxxxxxxxxxxxx',
'secret' => 'xxxxxxxxxxxxxxxx',
),
*/
// Give the user an option to save their username for future login attempts
// And when enabled, what should the default be, to save the username or not
//'remember.username.enabled' => FALSE,
//'remember.username.checked' => FALSE,
/*
// Example of a LDAP authentication source.
'example-ldap' => array(
'ldap:LDAP',
// The hostname of the LDAP server.
'hostname' => 'ldap.example.org',
// Give the user an option to save their username for future login attempts
// And when enabled, what should the default be, to save the username or not
//'remember.username.enabled' => FALSE,
//'remember.username.checked' => FALSE,
// Whether SSL/TLS should be used when contacting the LDAP server.
'enable_tls' => FALSE,
// The hostname of the LDAP server.
'hostname' => 'ldap.example.org',
// Whether debug output from the LDAP library should be enabled.
// Default is FALSE.
'debug' => FALSE,
// Whether SSL/TLS should be used when contacting the LDAP server.
'enable_tls' => TRUE,
// The timeout for accessing the LDAP server, in seconds.
// The default is 0, which means no timeout.
'timeout' => 0,
// Whether debug output from the LDAP library should be enabled.
// Default is FALSE.
'debug' => FALSE,
// Which attributes should be retrieved from the LDAP server.
// This can be an array of attribute names, or NULL, in which case
// all attributes are fetched.
'attributes' => NULL,
// The timeout for accessing the LDAP server, in seconds.
// The default is 0, which means no timeout.
'timeout' => 0,
// The pattern which should be used to create the users DN given the username.
// %username% in this pattern will be replaced with the users username.
//
// This option is not used if the search.enable option is set to TRUE.
'dnpattern' => 'uid=%username%,ou=people,dc=example,dc=org',
// Set whether to follow referrals. AD Controllers may require FALSE to function.
'referrals' => TRUE,
// As an alternative to specifying a pattern for the users DN, it is possible to
// search for the username in a set of attributes. This is enabled by this option.
'search.enable' => FALSE,
// Which attributes should be retrieved from the LDAP server.
// This can be an array of attribute names, or NULL, in which case
// all attributes are fetched.
'attributes' => NULL,
// The DN which will be used as a base for the search.
// This can be a single string, in which case only that DN is searched, or an
// array of strings, in which case they will be searched in the order given.
'search.base' => 'ou=people,dc=example,dc=org',
// The pattern which should be used to create the users DN given the username.
// %username% in this pattern will be replaced with the users username.
//
// This option is not used if the search.enable option is set to TRUE.
'dnpattern' => 'uid=%username%,ou=people,dc=example,dc=org',
// The attribute(s) the username should match against.
//
// This is an array with one or more attribute names. Any of the attributes in
// the array may match the value the username.
'search.attributes' => array('uid', 'mail'),
// As an alternative to specifying a pattern for the users DN, it is possible to
// search for the username in a set of attributes. This is enabled by this option.
'search.enable' => FALSE,
// The username & password the simpleSAMLphp should bind to before searching. If
// this is left as NULL, no bind will be performed before searching.
'search.username' => NULL,
'search.password' => NULL,
// The DN which will be used as a base for the search.
// This can be a single string, in which case only that DN is searched, or an
// array of strings, in which case they will be searched in the order given.
'search.base' => 'ou=people,dc=example,dc=org',
// If the directory uses privilege separation,
// the authenticated user may not be able to retrieve
// all required attribures, a privileged entity is required
// to get them. This is enabled with this option.
'priv.read' => FALSE,
// The attribute(s) the username should match against.
//
// This is an array with one or more attribute names. Any of the attributes in
// the array may match the value the username.
'search.attributes' => array('uid', 'mail'),
// The DN & password the simpleSAMLphp should bind to before
// retrieving attributes. These options are required if
// 'priv.read' is set to TRUE.
'priv.username' => NULL,
'priv.password' => NULL,
// The username & password the simpleSAMLphp should bind to before searching. If
// this is left as NULL, no bind will be performed before searching.
'search.username' => NULL,
'search.password' => NULL,
),
*/
// If the directory uses privilege separation,
// the authenticated user may not be able to retrieve
// all required attribures, a privileged entity is required
// to get them. This is enabled with this option.
'priv.read' => FALSE,
/*
// Example of an LDAPMulti authentication source.
'example-ldapmulti' => array(
'ldap:LDAPMulti',
// The DN & password the simpleSAMLphp should bind to before
// retrieving attributes. These options are required if
// 'priv.read' is set to TRUE.
'priv.username' => NULL,
'priv.password' => NULL,
// Give the user an option to save their username for future login attempts
// And when enabled, what should the default be, to save the username or not
//'remember.username.enabled' => FALSE,
//'remember.username.checked' => FALSE,
),
*/
// The way the organization as part of the username should be handled.
// Three possible values:
// - 'none': No handling of the organization. Allows '@' to be part
// of the username.
// - 'allow': Will allow users to type 'username@organization'.
// - 'force': Force users to type 'username@organization'. The dropdown
// list will be hidden.
//
// The default is 'none'.
'username_organization_method' => 'none',
/*
// Example of an LDAPMulti authentication source.
'example-ldapmulti' => array(
'ldap:LDAPMulti',
// Whether the organization should be included as part of the username
// when authenticating. If this is set to TRUE, the username will be on
// the form <username>@<organization identifier>. If this is FALSE, the
// username will be used as the user enters it.
//
// The default is FALSE.
'include_organization_in_username' => FALSE,
// Give the user an option to save their username for future login attempts
// And when enabled, what should the default be, to save the username or not
//'remember.username.enabled' => FALSE,
//'remember.username.checked' => FALSE,
// A list of available LDAP servers.
//
// The index is an identifier for the organization/group. When
// 'username_organization_method' is set to something other than 'none',
// the organization-part of the username is matched against the index.
//
// The value of each element is an array in the same format as an LDAP
// authentication source.
'employees' => array(
// A short name/description for this group. Will be shown in a dropdown list
// when the user logs on.
//
// This option can be a string or an array with language => text mappings.
'description' => 'Employees',
// The way the organization as part of the username should be handled.
// Three possible values:
// - 'none': No handling of the organization. Allows '@' to be part
// of the username.
// - 'allow': Will allow users to type 'username@organization'.
// - 'force': Force users to type 'username@organization'. The dropdown
// list will be hidden.
//
// The default is 'none'.
'username_organization_method' => 'none',
// The rest of the options are the same as those available for
// the LDAP authentication source.
'hostname' => 'ldap.employees.example.org',
'dnpattern' => 'uid=%username%,ou=employees,dc=example,dc=org',
),
// Whether the organization should be included as part of the username
// when authenticating. If this is set to TRUE, the username will be on
// the form <username>@<organization identifier>. If this is FALSE, the
// username will be used as the user enters it.
//
// The default is FALSE.
'include_organization_in_username' => FALSE,
'students' => array(
'description' => 'Students',
// A list of available LDAP servers.
//
// The index is an identifier for the organization/group. When
// 'username_organization_method' is set to something other than 'none',
// the organization-part of the username is matched against the index.
//
// The value of each element is an array in the same format as an LDAP
// authentication source.
'employees' => array(
// A short name/description for this group. Will be shown in a dropdown list
// when the user logs on.
//
// This option can be a string or an array with language => text mappings.
'description' => 'Employees',
'hostname' => 'ldap.students.example.org',
'dnpattern' => 'uid=%username%,ou=students,dc=example,dc=org',
),
// The rest of the options are the same as those available for
// the LDAP authentication source.
'hostname' => 'ldap.employees.example.org',
'dnpattern' => 'uid=%username%,ou=employees,dc=example,dc=org',
),
),
*/
'students' => array(
'description' => 'Students',
'hostname' => 'ldap.students.example.org',
'dnpattern' => 'uid=%username%,ou=students,dc=example,dc=org',
),
),
*/
);

View File

@ -13,7 +13,7 @@ $casldapconfig = array (
),
'ldap' => array(
'servers' => 'idpentityid.example.org',
'enable_tls' => false,
'enable_tls' => true,
'searchbase' => 'dc=example,dc=org',
'searchattributes' => 'uid',
'attributes' => array('cn', 'mail'),
@ -26,7 +26,7 @@ $casldapconfig = array (
),
'ldap' => array(
'servers' => 'ldap://idpentityid2.example.org',
'enable_tls' => false,
'enable_tls' => true,
'searchbase' => 'ou=users,dc=example,dc=org',
'searchattributes' => array('uid', 'mail'), # array for being able to login with either uid or mail.
'attributes' => null,

View File

@ -1,8 +1,6 @@
<?php
/*
* The configuration of the login-auto authentication module.
*
* $Id: config.php 451 2008-03-27 15:33:34Z olavmrk $
*/
$config = array (

File diff suppressed because it is too large Load Diff

View File

@ -1,8 +1,6 @@
<?php
/*
* Configuration for the LDAP authentication module.
*
* $Id: $
*/
$config = array (
@ -16,7 +14,7 @@ $config = array (
'auth.ldap.dnpattern' => 'uid=%username%,dc=feide,dc=no,ou=feide,dc=uninett,dc=no',
'auth.ldap.hostname' => 'ldap.uninett.no',
'auth.ldap.attributes' => null,
'auth.ldap.enable_tls' => false,
'auth.ldap.enable_tls' => true,
/*
* Searching the DN of the user.

View File

@ -3,7 +3,6 @@
/*
* Configuration for the multi-DN LDAP authentication module.
*
* $Id: ldapmulti.php 826 2008-08-20 14:14:08Z hans.zandbelt $
*/
$ldapmulti = array (
@ -14,7 +13,7 @@ $ldapmulti = array (
'dnpattern' => 'uid=%username%,dc=feide,dc=no,ou=feide,dc=uninett,dc=no',
'hostname' => 'ldap.uninett.no',
'attributes' => NULL,
'enable_tls' => FALSE,
'enable_tls' => TRUE,
'search.enable' => FALSE,
'search.base' => NULL,
'search.attributes' => NULL,

View File

@ -2,7 +2,6 @@
/*
* Configuration
*
* $Id: translation.php 2100 2010-01-12 11:33:22Z andreassolberg $
*/
$config = array (

View File

@ -2,358 +2,396 @@
$config = array(
// This is a authentication source which handles admin authentication.
'admin' => array(
// The default is to use core:AdminPassword, but it can be replaced with
// any authentication source.
// This is a authentication source which handles admin authentication.
'admin' => array(
// The default is to use core:AdminPassword, but it can be replaced with
// any authentication source.
'core:AdminPassword',
),
'core:AdminPassword',
),
// An authentication source which can authenticate against both SAML 2.0
// and Shibboleth 1.3 IdPs.
'default-sp' => array(
'saml:SP',
// An authentication source which can authenticate against both SAML 2.0
// and Shibboleth 1.3 IdPs.
'default-sp' => array(
'saml:SP',
// The entity ID of this SP.
// Can be NULL/unset, in which case an entity ID is generated based on the metadata URL.
'entityID' => NULL,
// The entity ID of this SP.
// Can be NULL/unset, in which case an entity ID is generated based on the metadata URL.
'entityID' => null,
// The entity ID of the IdP this should SP should contact.
// Can be NULL/unset, in which case the user will be shown a list of available IdPs.
// The entity ID of the IdP this should SP should contact.
// Can be NULL/unset, in which case the user will be shown a list of available IdPs.
'idp' => null,
// Production
'idp' => 'https://mon.meyzieu.fr/idp/saml2/metadata',
// Recette
//'idp' => 'https://mon-meyzieu.recette.entrouvert.com/idp/saml2/metadata',
//'idp' => 'https://mon-meyzieu.recette.entrouvert.com/idp/saml2/metadata',
// Dev
//'idp' => 'http://mon.meyzieu.dev.entrouvert.org/idp/saml2/metadata',
//'idp' => 'https://mon-meyzieu.dev.entrouvert.org/idp/saml2/metadata',
// The URL to the discovery service.
// Can be NULL/unset, in which case a builtin discovery service will be used.
'discoURL' => NULL,
// The URL to the discovery service.
// Can be NULL/unset, in which case a builtin discovery service will be used.
'discoURL' => null,
// Force persistent NameID
'NameIDFormat' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent',
'ProtocolBinding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact',
'privatekey' => 'server.pem',
'certificate' => 'server.crt',
),
/*
* WARNING: SHA-1 is disallowed starting January the 1st, 2014.
*
* Uncomment the following option to start using SHA-256 for your signatures.
* Currently, simpleSAMLphp defaults to SHA-1, which has been deprecated since
* 2011, and will be disallowed by NIST as of 2014. Please refer to the following
* document for more information:
*
* http://csrc.nist.gov/publications/nistpubs/800-131A/sp800-131A.pdf
*
* If you are uncertain about identity providers supporting SHA-256 or other
* algorithms of the SHA-2 family, you can configure it individually in the
* IdP-remote metadata set for those that support it. Once you are certain that
* all your configured IdPs support SHA-2, you can safely remove the configuration
* options in the IdP-remote metadata set and uncomment the following option.
*
* Please refer to the hosted SP configuration reference for more information.
*/
'signature.algorithm' => 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256',
/*
* The attributes parameter must contain an array of desired attributes by the SP.
* The attributes can be expressed as an array of names or as an associative array
* in the form of 'friendlyName' => 'name'.
* The metadata will then be created as follows:
* <md:RequestedAttribute FriendlyName="friendlyName" Name="name" />
*/
/*'attributes' => array(
'attrname' => 'urn:oid:x.x.x.x',
),*/
/*'attributes.required' => array (
'urn:oid:x.x.x.x',
),*/
),
/*
'example-sql' => array(
'sqlauth:SQL',
'dsn' => 'pgsql:host=sql.example.org;port=5432;dbname=simplesaml',
'username' => 'simplesaml',
'password' => 'secretpassword',
'query' => 'SELECT "username", "name", "email" FROM "users" WHERE "username" = :username AND "password" = :password',
),
*/
/*
'example-sql' => array(
'sqlauth:SQL',
'dsn' => 'pgsql:host=sql.example.org;port=5432;dbname=simplesaml',
'username' => 'simplesaml',
'password' => 'secretpassword',
'query' => 'SELECT uid, givenName, email, eduPersonPrincipalName FROM users WHERE uid = :username AND password = SHA2(CONCAT((SELECT salt FROM users WHERE uid = :username), :password),256);',
),
*/
/*
'example-static' => array(
'exampleauth:Static',
'uid' => array('testuser'),
'eduPersonAffiliation' => array('member', 'employee'),
'cn' => array('Test User'),
),
*/
/*
'example-static' => array(
'exampleauth:Static',
'uid' => array('testuser'),
'eduPersonAffiliation' => array('member', 'employee'),
'cn' => array('Test User'),
),
*/
/*
'example-userpass' => array(
'exampleauth:UserPass',
/*
'example-userpass' => array(
'exampleauth:UserPass',
// Give the user an option to save their username for future login attempts
// And when enabled, what should the default be, to save the username or not
//'remember.username.enabled' => FALSE,
//'remember.username.checked' => FALSE,
// Give the user an option to save their username for future login attempts
// And when enabled, what should the default be, to save the username or not
//'remember.username.enabled' => FALSE,
//'remember.username.checked' => FALSE,
'student:studentpass' => array(
'uid' => array('test'),
'eduPersonAffiliation' => array('member', 'student'),
),
'employee:employeepass' => array(
'uid' => array('employee'),
'eduPersonAffiliation' => array('member', 'employee'),
),
),
*/
'student:studentpass' => array(
'uid' => array('test'),
'eduPersonAffiliation' => array('member', 'student'),
),
'employee:employeepass' => array(
'uid' => array('employee'),
'eduPersonAffiliation' => array('member', 'employee'),
),
),
*/
/*
'crypto-hash' => array(
'authcrypt:Hash',
// hashed version of 'verysecret', made with bin/pwgen.php
'professor:{SSHA256}P6FDTEEIY2EnER9a6P2GwHhI5JDrwBgjQ913oVQjBngmCtrNBUMowA==' => array(
'uid' => array('prof_a'),
'eduPersonAffiliation' => array('member', 'employee', 'board'),
),
),
*/
/*
'crypto-hash' => array(
'authcrypt:Hash',
// hashed version of 'verysecret', made with bin/pwgen.php
'professor:{SSHA256}P6FDTEEIY2EnER9a6P2GwHhI5JDrwBgjQ913oVQjBngmCtrNBUMowA==' => array(
'uid' => array('prof_a'),
'eduPersonAffiliation' => array('member', 'employee', 'board'),
),
),
*/
/*
'htpasswd' => array(
'authcrypt:Htpasswd',
'htpasswd_file' => '/var/www/foo.edu/legacy_app/.htpasswd',
'static_attributes' => array(
'eduPersonAffiliation' => array('member', 'employee'),
'Organization' => array('University of Foo'),
),
),
*/
/*
'htpasswd' => array(
'authcrypt:Htpasswd',
'htpasswd_file' => '/var/www/foo.edu/legacy_app/.htpasswd',
'static_attributes' => array(
'eduPersonAffiliation' => array('member', 'employee'),
'Organization' => array('University of Foo'),
),
),
*/
/*
// This authentication source serves as an example of integration with an
// external authentication engine. Take a look at the comment in the beginning
// of modules/exampleauth/lib/Auth/Source/External.php for a description of
// how to adjust it to your own site.
'example-external' => array(
'exampleauth:External',
),
*/
/*
// This authentication source serves as an example of integration with an
// external authentication engine. Take a look at the comment in the beginning
// of modules/exampleauth/lib/Auth/Source/External.php for a description of
// how to adjust it to your own site.
'example-external' => array(
'exampleauth:External',
),
*/
/*
'yubikey' => array(
'authYubiKey:YubiKey',
'id' => '000',
// 'key' => '012345678',
),
*/
/*
'yubikey' => array(
'authYubiKey:YubiKey',
'id' => '000',
// 'key' => '012345678',
),
*/
/*
'openid' => array(
'openid:OpenIDConsumer',
'attributes.required' => array('nickname'),
'attributes.optional' => array('fullname', 'email',),
// 'sreg.validate' => FALSE,
'attributes.ax_required' => array('http://axschema.org/namePerson/friendly'),
'attributes.ax_optional' => array('http://axschema.org/namePerson','http://axschema.org/contact/email'),
// Prefer HTTP redirect over POST
// 'prefer_http_redirect' => FALSE,
),
*/
/*
'openid' => array(
'openid:OpenIDConsumer',
'attributes.required' => array('nickname'),
'attributes.optional' => array('fullname', 'email',),
// 'sreg.validate' => FALSE,
'attributes.ax_required' => array('http://axschema.org/namePerson/friendly'),
'attributes.ax_optional' => array('http://axschema.org/namePerson','http://axschema.org/contact/email'),
// Prefer HTTP redirect over POST
// 'prefer_http_redirect' => FALSE,
),
*/
/*
// Example of an authsource that authenticates against Google.
// See: http://code.google.com/apis/accounts/docs/OpenID.html
'google' => array(
'openid:OpenIDConsumer',
// Googles OpenID endpoint.
'target' => 'https://www.google.com/accounts/o8/id',
// Custom realm
// 'realm' => 'http://*.example.org',
// Attributes that google can supply.
'attributes.ax_required' => array(
//'http://axschema.org/namePerson/first',
//'http://axschema.org/namePerson/last',
//'http://axschema.org/contact/email',
//'http://axschema.org/contact/country/home',
//'http://axschema.org/pref/language',
),
// custom extension arguments
'extension.args' => array(
//'http://specs.openid.net/extensions/ui/1.0' => array(
// 'mode' => 'popup',
// 'icon' => 'true',
//),
),
),
*/
/*
// Example of an authsource that authenticates against Google.
// See: http://code.google.com/apis/accounts/docs/OpenID.html
'google' => array(
'openid:OpenIDConsumer',
// Googles OpenID endpoint.
'target' => 'https://www.google.com/accounts/o8/id',
// Custom realm
// 'realm' => 'http://*.example.org',
// Attributes that google can supply.
'attributes.ax_required' => array(
//'http://axschema.org/namePerson/first',
//'http://axschema.org/namePerson/last',
//'http://axschema.org/contact/email',
//'http://axschema.org/contact/country/home',
//'http://axschema.org/pref/language',
),
// custom extension arguments
'extension.args' => array(
//'http://specs.openid.net/extensions/ui/1.0' => array(
// 'mode' => 'popup',
// 'icon' => 'true',
//),
),
),
*/
/*
'papi' => array(
'authpapi:PAPI',
),
*/
/*
'papi' => array(
'authpapi:PAPI',
),
*/
/*
'facebook' => array(
'authfacebook:Facebook',
// Register your Facebook application on http://www.facebook.com/developers
// App ID or API key (requests with App ID should be faster; https://github.com/facebook/php-sdk/issues/214)
'api_key' => 'xxxxxxxxxxxxxxxx',
// App Secret
'secret' => 'xxxxxxxxxxxxxxxx',
// which additional data permissions to request from user
// see http://developers.facebook.com/docs/authentication/permissions/ for the full list
// 'req_perms' => 'email,user_birthday',
),
*/
/*
'facebook' => array(
'authfacebook:Facebook',
// Register your Facebook application on http://www.facebook.com/developers
// App ID or API key (requests with App ID should be faster; https://github.com/facebook/php-sdk/issues/214)
'api_key' => 'xxxxxxxxxxxxxxxx',
// App Secret
'secret' => 'xxxxxxxxxxxxxxxx',
// which additional data permissions to request from user
// see http://developers.facebook.com/docs/authentication/permissions/ for the full list
// 'req_perms' => 'email,user_birthday',
),
*/
/*
// LinkedIn OAuth Authentication API.
// Register your application to get an API key here:
// https://www.linkedin.com/secure/developer
'linkedin' => array(
'authlinkedin:LinkedIn',
'key' => 'xxxxxxxxxxxxxxxx',
'secret' => 'xxxxxxxxxxxxxxxx',
),
*/
/*
// LinkedIn OAuth Authentication API.
// Register your application to get an API key here:
// https://www.linkedin.com/secure/developer
'linkedin' => array(
'authlinkedin:LinkedIn',
'key' => 'xxxxxxxxxxxxxxxx',
'secret' => 'xxxxxxxxxxxxxxxx',
),
*/
/*
// Twitter OAuth Authentication API.
// Register your application to get an API key here:
// http://twitter.com/oauth_clients
'twitter' => array(
'authtwitter:Twitter',
'key' => 'xxxxxxxxxxxxxxxx',
'secret' => 'xxxxxxxxxxxxxxxx',
),
*/
/*
// Twitter OAuth Authentication API.
// Register your application to get an API key here:
// http://twitter.com/oauth_clients
'twitter' => array(
'authtwitter:Twitter',
'key' => 'xxxxxxxxxxxxxxxx',
'secret' => 'xxxxxxxxxxxxxxxx',
/*
// MySpace OAuth Authentication API.
// Register your application to get an API key here:
// http://developer.myspace.com/
'myspace' => array(
'authmyspace:MySpace',
'key' => 'xxxxxxxxxxxxxxxx',
'secret' => 'xxxxxxxxxxxxxxxx',
),
*/
// Forces the user to enter their credentials to ensure the correct users account is authorized.
// Details: https://dev.twitter.com/docs/api/1/get/oauth/authenticate
'force_login' => FALSE,
),
*/
/*
// Windows Live ID Authentication API.
// Register your application to get an API key here:
// https://manage.dev.live.com
'windowslive' => array(
'authwindowslive:LiveID',
'key' => 'xxxxxxxxxxxxxxxx',
'secret' => 'xxxxxxxxxxxxxxxx',
),
*/
/*
// MySpace OAuth Authentication API.
// Register your application to get an API key here:
// http://developer.myspace.com/
'myspace' => array(
'authmyspace:MySpace',
'key' => 'xxxxxxxxxxxxxxxx',
'secret' => 'xxxxxxxxxxxxxxxx',
),
*/
/*
// Example of a LDAP authentication source.
'example-ldap' => array(
'ldap:LDAP',
/*
// Windows Live ID Authentication API.
// Register your application to get an API key here:
// https://manage.dev.live.com
'windowslive' => array(
'authwindowslive:LiveID',
'key' => 'xxxxxxxxxxxxxxxx',
'secret' => 'xxxxxxxxxxxxxxxx',
),
*/
// Give the user an option to save their username for future login attempts
// And when enabled, what should the default be, to save the username or not
//'remember.username.enabled' => FALSE,
//'remember.username.checked' => FALSE,
/*
// Example of a LDAP authentication source.
'example-ldap' => array(
'ldap:LDAP',
// The hostname of the LDAP server.
'hostname' => 'ldap.example.org',
// Give the user an option to save their username for future login attempts
// And when enabled, what should the default be, to save the username or not
//'remember.username.enabled' => FALSE,
//'remember.username.checked' => FALSE,
// Whether SSL/TLS should be used when contacting the LDAP server.
'enable_tls' => FALSE,
// The hostname of the LDAP server.
'hostname' => 'ldap.example.org',
// Whether debug output from the LDAP library should be enabled.
// Default is FALSE.
'debug' => FALSE,
// Whether SSL/TLS should be used when contacting the LDAP server.
'enable_tls' => TRUE,
// The timeout for accessing the LDAP server, in seconds.
// The default is 0, which means no timeout.
'timeout' => 0,
// Whether debug output from the LDAP library should be enabled.
// Default is FALSE.
'debug' => FALSE,
// Which attributes should be retrieved from the LDAP server.
// This can be an array of attribute names, or NULL, in which case
// all attributes are fetched.
'attributes' => NULL,
// The timeout for accessing the LDAP server, in seconds.
// The default is 0, which means no timeout.
'timeout' => 0,
// The pattern which should be used to create the users DN given the username.
// %username% in this pattern will be replaced with the users username.
//
// This option is not used if the search.enable option is set to TRUE.
'dnpattern' => 'uid=%username%,ou=people,dc=example,dc=org',
// Set whether to follow referrals. AD Controllers may require FALSE to function.
'referrals' => TRUE,
// As an alternative to specifying a pattern for the users DN, it is possible to
// search for the username in a set of attributes. This is enabled by this option.
'search.enable' => FALSE,
// Which attributes should be retrieved from the LDAP server.
// This can be an array of attribute names, or NULL, in which case
// all attributes are fetched.
'attributes' => NULL,
// The DN which will be used as a base for the search.
// This can be a single string, in which case only that DN is searched, or an
// array of strings, in which case they will be searched in the order given.
'search.base' => 'ou=people,dc=example,dc=org',
// The pattern which should be used to create the users DN given the username.
// %username% in this pattern will be replaced with the users username.
//
// This option is not used if the search.enable option is set to TRUE.
'dnpattern' => 'uid=%username%,ou=people,dc=example,dc=org',
// The attribute(s) the username should match against.
//
// This is an array with one or more attribute names. Any of the attributes in
// the array may match the value the username.
'search.attributes' => array('uid', 'mail'),
// As an alternative to specifying a pattern for the users DN, it is possible to
// search for the username in a set of attributes. This is enabled by this option.
'search.enable' => FALSE,
// The username & password the simpleSAMLphp should bind to before searching. If
// this is left as NULL, no bind will be performed before searching.
'search.username' => NULL,
'search.password' => NULL,
// The DN which will be used as a base for the search.
// This can be a single string, in which case only that DN is searched, or an
// array of strings, in which case they will be searched in the order given.
'search.base' => 'ou=people,dc=example,dc=org',
// If the directory uses privilege separation,
// the authenticated user may not be able to retrieve
// all required attribures, a privileged entity is required
// to get them. This is enabled with this option.
'priv.read' => FALSE,
// The attribute(s) the username should match against.
//
// This is an array with one or more attribute names. Any of the attributes in
// the array may match the value the username.
'search.attributes' => array('uid', 'mail'),
// The DN & password the simpleSAMLphp should bind to before
// retrieving attributes. These options are required if
// 'priv.read' is set to TRUE.
'priv.username' => NULL,
'priv.password' => NULL,
// The username & password the simpleSAMLphp should bind to before searching. If
// this is left as NULL, no bind will be performed before searching.
'search.username' => NULL,
'search.password' => NULL,
),
*/
// If the directory uses privilege separation,
// the authenticated user may not be able to retrieve
// all required attribures, a privileged entity is required
// to get them. This is enabled with this option.
'priv.read' => FALSE,
/*
// Example of an LDAPMulti authentication source.
'example-ldapmulti' => array(
'ldap:LDAPMulti',
// The DN & password the simpleSAMLphp should bind to before
// retrieving attributes. These options are required if
// 'priv.read' is set to TRUE.
'priv.username' => NULL,
'priv.password' => NULL,
// Give the user an option to save their username for future login attempts
// And when enabled, what should the default be, to save the username or not
//'remember.username.enabled' => FALSE,
//'remember.username.checked' => FALSE,
),
*/
// The way the organization as part of the username should be handled.
// Three possible values:
// - 'none': No handling of the organization. Allows '@' to be part
// of the username.
// - 'allow': Will allow users to type 'username@organization'.
// - 'force': Force users to type 'username@organization'. The dropdown
// list will be hidden.
//
// The default is 'none'.
'username_organization_method' => 'none',
/*
// Example of an LDAPMulti authentication source.
'example-ldapmulti' => array(
'ldap:LDAPMulti',
// Whether the organization should be included as part of the username
// when authenticating. If this is set to TRUE, the username will be on
// the form <username>@<organization identifier>. If this is FALSE, the
// username will be used as the user enters it.
//
// The default is FALSE.
'include_organization_in_username' => FALSE,
// Give the user an option to save their username for future login attempts
// And when enabled, what should the default be, to save the username or not
//'remember.username.enabled' => FALSE,
//'remember.username.checked' => FALSE,
// A list of available LDAP servers.
//
// The index is an identifier for the organization/group. When
// 'username_organization_method' is set to something other than 'none',
// the organization-part of the username is matched against the index.
//
// The value of each element is an array in the same format as an LDAP
// authentication source.
'employees' => array(
// A short name/description for this group. Will be shown in a dropdown list
// when the user logs on.
//
// This option can be a string or an array with language => text mappings.
'description' => 'Employees',
// The way the organization as part of the username should be handled.
// Three possible values:
// - 'none': No handling of the organization. Allows '@' to be part
// of the username.
// - 'allow': Will allow users to type 'username@organization'.
// - 'force': Force users to type 'username@organization'. The dropdown
// list will be hidden.
//
// The default is 'none'.
'username_organization_method' => 'none',
// The rest of the options are the same as those available for
// the LDAP authentication source.
'hostname' => 'ldap.employees.example.org',
'dnpattern' => 'uid=%username%,ou=employees,dc=example,dc=org',
),
// Whether the organization should be included as part of the username
// when authenticating. If this is set to TRUE, the username will be on
// the form <username>@<organization identifier>. If this is FALSE, the
// username will be used as the user enters it.
//
// The default is FALSE.
'include_organization_in_username' => FALSE,
'students' => array(
'description' => 'Students',
// A list of available LDAP servers.
//
// The index is an identifier for the organization/group. When
// 'username_organization_method' is set to something other than 'none',
// the organization-part of the username is matched against the index.
//
// The value of each element is an array in the same format as an LDAP
// authentication source.
'employees' => array(
// A short name/description for this group. Will be shown in a dropdown list
// when the user logs on.
//
// This option can be a string or an array with language => text mappings.
'description' => 'Employees',
'hostname' => 'ldap.students.example.org',
'dnpattern' => 'uid=%username%,ou=students,dc=example,dc=org',
),
// The rest of the options are the same as those available for
// the LDAP authentication source.
'hostname' => 'ldap.employees.example.org',
'dnpattern' => 'uid=%username%,ou=employees,dc=example,dc=org',
),
),
*/
'students' => array(
'description' => 'Students',
'hostname' => 'ldap.students.example.org',
'dnpattern' => 'uid=%username%,ou=students,dc=example,dc=org',
),
),
*/
);

View File

@ -13,7 +13,7 @@ $casldapconfig = array (
),
'ldap' => array(
'servers' => 'idpentityid.example.org',
'enable_tls' => false,
'enable_tls' => true,
'searchbase' => 'dc=example,dc=org',
'searchattributes' => 'uid',
'attributes' => array('cn', 'mail'),
@ -26,7 +26,7 @@ $casldapconfig = array (
),
'ldap' => array(
'servers' => 'ldap://idpentityid2.example.org',
'enable_tls' => false,
'enable_tls' => true,
'searchbase' => 'ou=users,dc=example,dc=org',
'searchattributes' => array('uid', 'mail'), # array for being able to login with either uid or mail.
'attributes' => null,

View File

@ -1,8 +1,6 @@
<?php
/*
* The configuration of the login-auto authentication module.
*
* $Id: config.php 451 2008-03-27 15:33:34Z olavmrk $
*/
$config = array (

File diff suppressed because it is too large Load Diff

View File

@ -1,8 +1,6 @@
<?php
/*
* Configuration for the LDAP authentication module.
*
* $Id: $
*/
$config = array (
@ -16,7 +14,7 @@ $config = array (
'auth.ldap.dnpattern' => 'uid=%username%,dc=feide,dc=no,ou=feide,dc=uninett,dc=no',
'auth.ldap.hostname' => 'ldap.uninett.no',
'auth.ldap.attributes' => null,
'auth.ldap.enable_tls' => false,
'auth.ldap.enable_tls' => true,
/*
* Searching the DN of the user.

View File

@ -3,7 +3,6 @@
/*
* Configuration for the multi-DN LDAP authentication module.
*
* $Id: ldapmulti.php 826 2008-08-20 14:14:08Z hans.zandbelt $
*/
$ldapmulti = array (
@ -14,7 +13,7 @@ $ldapmulti = array (
'dnpattern' => 'uid=%username%,dc=feide,dc=no,ou=feide,dc=uninett,dc=no',
'hostname' => 'ldap.uninett.no',
'attributes' => NULL,
'enable_tls' => FALSE,
'enable_tls' => TRUE,
'search.enable' => FALSE,
'search.base' => NULL,
'search.attributes' => NULL,

View File

@ -2,7 +2,6 @@
/*
* Configuration
*
* $Id: translation.php 2100 2010-01-12 11:33:22Z andreassolberg $
*/
$config = array (

View File

@ -68,6 +68,12 @@
"metaover_group_metadata.shib13-idp-remote": {
"en": "Shib 1.3 Identity Provider (Remote)"
},
"metaover_group_metadata.adfs-sp-remote": {
"en": "ADFS Service Provider (Remote)"
},
"metaover_group_metadata.adfs-idp-hosted": {
"en": "ADFS Identity Provider (Hosted)"
},
"metaover_group_metadata.wsfed-sp-hosted": {
"en": "WS-Federation Service Provider (Hosted)"
},
@ -95,6 +101,12 @@
"metadata_shib13-idp": {
"en": "Shib 1.3 IdP Metadata"
},
"metadata_adfs-sp": {
"en": "ADFS SP Metadata"
},
"metadata_adfs-idp": {
"en": "ADFS IdP Metadata"
},
"metadata_intro": {
"en": "Here is the metadata that simpleSAMLphp has generated for you. You may send this metadata document to trusted partners to setup a trusted federation."
},

View File

@ -13,6 +13,7 @@
"pt": "Verifica\u00e7\u00e3o da configura\u00e7\u00e3o",
"pl": "Sprawdzenie konfiguracji",
"cs": "Verifikace konfigurace",
"eu": "Konfigurazioa egiaztatu",
"tr": "Konfig\u00fcrasyon kontrol\u00fc",
"de": "Konfigurationscheck",
"fr": "V\u00e9rification de la configuration",
@ -25,8 +26,10 @@
"ru": "\u041f\u0440\u043e\u0432\u0435\u0440\u043a\u0430 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438",
"zh": "\u914d\u7f6e\u68c0\u67e5",
"ar": "\u0645\u0631\u0627\u062c\u0639\u0629 \u0627\u0644\u062a\u0631\u062a\u064a\u0628",
"lv": "Konfigur\u0101cijas p\u0101rbaude",
"id": "Pemeriksaan konfigurasi",
"sr": "Provera pode\u0161avanja"
"sr": "Provera pode\u0161avanja",
"ro": "Verificarea configura\u021biei"
},
"cfg_check_select_file": {
"no": "Velg hvilken konfigurasjonfil som skal sjekkes",
@ -41,7 +44,7 @@
"pt-br": "Selecione o arquivo de configura\u00e7\u00e3o para verificar",
"pt": "Escolha o ficheiro de configura\u00e7\u00e3o a verificar:",
"pl": "Wybierz plik konfiguracyjny do sprawdzenia:",
"cs": "Vyber konfiguracniho souboru k verifikaci:",
"cs": "Vyber konfigura\u010dn\u00edho souboru k verifikaci:",
"tr": "Kontrol edilecek konfig\u00fcrasyon dosyas\u0131n\u0131 se\u00e7:",
"de": "W\u00e4hlen Sie die Konfigurationsdatei, die gecheckt werden soll:",
"fr": "S\u00e9lectionnez le fichier de configuration \u00e0 v\u00e9rifier :",
@ -54,8 +57,11 @@
"ru": "\u0412\u044b\u0431\u0435\u0440\u0438\u0442\u0435 \u0444\u0430\u0439\u043b \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438 \u0434\u043b\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438:",
"zh": "\u9009\u62e9\u4e00\u4e2a\u914d\u7f6e\u6587\u4ef6\u7528\u4e8e\u68c0\u6d4b",
"ar": "\u0627\u062e\u062a\u0627\u0631\u0645\u0644\u0641 \u0627\u0644\u062a\u0631\u062a\u064a\u0628 \u0627\u0644\u0630\u064a \u062a\u0631\u063a\u0628 \u0628\u0645\u0631\u0627\u062c\u0639\u062a\u0647",
"lv": "Izv\u0113lieties p\u0101rbaud\u0101mos konfigur\u0101cijas failus:",
"id": "Pilih file konfigurasi untuk diperiksa",
"sr": "Odaberite konfiguracionu fajl koji \u017eelite proveriti:"
"sr": "Odaberite konfiguracionu fajl koji \u017eelite proveriti:",
"ro": "Alege\u021bi fi\u0219ierul de configurare care dori\u021bi s\u0103-l verifica\u021bi:",
"eu": "Hautatu ezazu egiaztatu beharreko konfigurazio fitxategia:"
},
"cfg_check_missing": {
"no": "Mangler element i konfigurasjonsfilen",
@ -82,8 +88,12 @@
"he": "\u05d0\u05e4\u05e9\u05e8\u05d5\u05d9\u05d5\u05ea \u05d7\u05e1\u05e8\u05d5\u05ea \u05de\u05e7\u05d5\u05d1\u05e5 \u05d4\u05d4\u05d2\u05d3\u05e8\u05d5\u05ea",
"zh": "\u914d\u7f6e\u6587\u4ef6\u4e2d\u9009\u9879\u7f3a\u5931",
"ar": "\u062e\u064a\u0627\u0631\u0627\u062a \u0645\u0641\u0642\u0648\u062f\u0629 \u0645\u0646 \u0645\u0644\u0641 \u0627\u0644\u062a\u0631\u062a\u064a\u0628",
"lv": "Konfigur\u0101cijas fail\u0101 tr\u016bkst opciju",
"id": "Opsi-opsi uang hilang dari file konfigurasi",
"sr": "Paramentri koji nedostaju u konfiguracionom fajlu"
"sr": "Paramentri koji nedostaju u konfiguracionom fajlu",
"ro": "Op\u021biuni care nu apar \u00een fi\u0219ierul de configurare",
"ru": "\u041f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u044b, \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0443\u044e\u0449\u0438\u0435 \u0432 \u0444\u0430\u0439\u043b\u0435 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438",
"eu": "Konfigurazio fitxategian falta diren aukerak"
},
"cfg_check_superfluous": {
"no": "Overf\u00f8ldig element i konfigurasjonsfilen",
@ -110,8 +120,12 @@
"he": "\u05d0\u05e4\u05e9\u05e8\u05d5\u05d9\u05d5\u05ea \u05de\u05d9\u05d5\u05ea\u05e8\u05d5\u05ea \u05d1\u05e7\u05d5\u05d1\u05e5 \u05d4\u05d4\u05d2\u05d3\u05e8\u05d5\u05ea",
"zh": "\u914d\u7f6e\u6587\u4ef6\u4e2d\u62e5\u6709\u8fc7\u591a\u7684\u9009\u9879",
"ar": "\u062e\u064a\u0627\u0631\u0627\u062a \u0641\u0627\u0626\u0636\u0629 \u0628\u0645\u0644\u0641 \u0627\u0644\u062a\u0631\u062a\u064a\u0628",
"lv": "S\u012bkas (superfluous) opcijas konfigur\u0101cijas fail\u0101",
"id": "Pilihan tak beguna di file konfigurasi",
"sr": "Suvi\u0161ni parametri u konfiguracionom fajlu"
"sr": "Suvi\u0161ni parametri u konfiguracionom fajlu",
"ro": "Op\u021biuni inutile \u00een fi\u0219ierul de configurare",
"ru": "\u0418\u0437\u0431\u044b\u0442\u043e\u0447\u043d\u044b\u0435 \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u044b \u0432 \u0444\u0430\u0439\u043b\u0435 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438",
"eu": "Konfigurazio fitxategian soberan dauden aukerak"
},
"cfg_check_noerrors": {
"no": "Ingen feil funnet",
@ -127,6 +141,7 @@
"pt": "N\u00e3o foram encontrados erros.",
"pl": "Nie znaleziono b\u0142\u0119d\u00f3w.",
"cs": "Nenalezeny \u017e\u00e1dn\u00e9 chyby",
"eu": "Ez da errorerik aurkitu",
"tr": "Hata bulunmad\u0131.",
"de": "Keine Fehler gefunden.",
"fr": "Aucune erreur.",
@ -138,8 +153,11 @@
"he": "\u05dc\u05d0 \u05e0\u05de\u05e6\u05d0\u05d5 \u05e9\u05d2\u05d9\u05d0\u05d5\u05ea.",
"zh": "\u6ca1\u6709\u53d1\u73b0\u9519\u8bef",
"ar": "\u0644\u0627 \u062a\u0648\u062c\u062f \u0623\u062e\u0637\u0627\u0621 ",
"lv": "K\u013c\u016bdas nav atrastas.",
"id": "Tidak ada error yang ditemukan",
"sr": "Nije prona\u0111ena nijedna gre\u0161ka."
"sr": "Nije prona\u0111ena nijedna gre\u0161ka.",
"ro": "Nu au fost depistate erori.",
"ru": "\u041e\u0448\u0438\u0431\u043e\u043a \u043d\u0435 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043e."
},
"cfg_check_back": {
"no": "G\u00e5 tilbake til fil-listen",
@ -155,6 +173,7 @@
"pt": "Voltar \u00e0 lista de ficheiros",
"pl": "Powr\u00f3t do listy plik\u00f3w",
"cs": "Zp\u00e1tky na seznam soubor\u016f",
"eu": "Itzuli fitxategien zerrendara",
"tr": "Dosya listesine geri d\u00f6n",
"de": "Gehe zur\u00fcck zur Dateiliste",
"fr": "Retour \u00e0 la liste des fichiers",
@ -166,8 +185,11 @@
"he": "\u05d7\u05d6\u05d5\u05e8 \u05d0\u05dc \u05e8\u05e9\u05d9\u05de\u05ea \u05d4\u05e7\u05d1\u05e6\u05d9\u05dd",
"zh": "\u8fd4\u56de\u81f3\u6587\u4ef6\u5217\u8868",
"ar": "\u0639\u062f \u0644\u0642\u0627\u0626\u0645\u0629 \u0627\u0644\u0645\u0644\u0641\u0627\u062a",
"lv": "Iet atpaka\u013c uz sarakstu",
"id": "Kembali ke daftar file",
"sr": "Vrati se natrag na listu fajlova"
"sr": "Vrati se natrag na listu fajlova",
"ro": "Merge\u021bi \u00eenapoi la lista de fi\u0219iere",
"ru": "\u0412\u0435\u0440\u043d\u0443\u0442\u044c\u0441\u044f \u043a \u0441\u043f\u0438\u0441\u043a\u0443 \u0444\u0430\u0439\u043b\u043e\u0432"
},
"metaover_header": {
"no": "Oversikt over metadata",
@ -194,8 +216,12 @@
"he": "\u05e1\u05e7\u05d9\u05e8\u05ea \u05de\u05d8\u05d0-\u05de\u05d9\u05d3\u05e2",
"zh": "\u5143\u4fe1\u606f\u6d4f\u89c8",
"ar": "\u0646\u0638\u0631\u0629 \u0639\u0627\u0645\u0629 \u0644\u0644\u0628\u064a\u0627\u0646\u0627\u062a \u0627\u0644\u0648\u0635\u0641\u064a\u0629\/ \u0627\u0644\u0645\u064a\u062a\u0627\u062f\u0627\u062a\u0627",
"lv": "Metadatu p\u0101rskats",
"id": "Ikhtisar Metadata",
"sr": "Pregled metapodataka"
"sr": "Pregled metapodataka",
"ro": "Prezentare general\u0103 a metadatelor",
"ru": "\u041a\u0440\u0430\u0442\u043a\u043e\u0435 \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043c\u0435\u0442\u0430\u0434\u0430\u043d\u043d\u044b\u0445",
"eu": "Ikusi metadatuak"
},
"metaover_intro": {
"no": "For \u00e5 se p\u00e5 detaljene i en SAML-entitet, klikk p\u00e5 SAML-entitet overskriften",
@ -222,8 +248,12 @@
"he": "\u05db\u05d3\u05d9 \u05dc\u05d4\u05e1\u05ea\u05db\u05dc \u05e2\u05dc \u05d4\u05e4\u05e8\u05d8\u05d9\u05dd \u05e9\u05dc \u05d9\u05e9\u05d5\u05ea SAML, \u05dc\u05d7\u05e5 \u05e2\u05dc \u05db\u05d5\u05ea\u05e8\u05ea \u05d9\u05e9\u05d5\u05ea \u05d4SAML ",
"zh": "\u60f3\u8981\u67e5\u770bSAML\u5b9e\u4f53\u7684\u8be6\u7ec6\u60c5\u51b5\uff0c\u8bf7\u70b9\u51fbSAML\u5b9e\u4f53\u8f7d\u5165\u5668",
"ar": "\u0644\u0625\u0644\u063a\u0627\u0621 \u0646\u0638\u0631\u0629 \u0639\u0644\u064a \u062a\u0641\u0627\u0635\u064a\u0644 \u0627\u062d\u062f\u064a \u0648\u062d\u062f\u0627\u062a SAML, \u0627\u0636\u063a\u0637 \u0639\u0644\u064a \u062a\u0631\u0648\u064a\u0633\u0629 \u0627\u0644\u0648\u062d\u062f\u0629 ",
"lv": "Lai apl\u016bkotu SAML vienuma deta\u013cas, klik\u0161\u0137iniet uz vienuma galvenes.",
"id": "Untuk melihat detail entiti SAML, klik pada bagian header entiti SAML",
"sr": "Da biste videli detalje o SAML entitetu, kliknite na njegovo zaglavlje."
"sr": "Da biste videli detalje o SAML entitetu, kliknite na njegovo zaglavlje.",
"ro": "Pentru a vizualiza detalii privind o entitate SAML, ap\u0103sa\u021bi pe antetul entit\u0103\u021bii SAML.",
"ru": "\u0414\u043b\u044f \u043f\u0440\u043e\u0441\u043c\u043e\u0442\u0440\u0430 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u0435\u0439 \u0437\u0430\u043f\u0438\u0441\u0438 SAML, \u043a\u043b\u0438\u043a\u043d\u0438\u0442\u0435 \u043d\u0430 \u0437\u0430\u0433\u043e\u043b\u043e\u0432\u043e\u043a \u0437\u0430\u043f\u0438\u0441\u0438 SAML.",
"eu": "SAML entitate baten xehetasunak ikusteko, klikatu entitatearen goiburua."
},
"metaover_errorentry": {
"no": "Feil i metadataoppf\u00f8ringen",
@ -250,8 +280,12 @@
"he": "\u05e9\u05d2\u05d9\u05d0\u05d4 \u05d1\u05e8\u05e9\u05d5\u05de\u05ea \u05de\u05d8\u05d0-\u05de\u05d9\u05d3\u05e2 \u05d6\u05d5",
"zh": "\u8be5\u5143\u4fe1\u606f\u5b9e\u4f53\u5b58\u5728\u9519\u8bef",
"ar": "\u062e\u0637\u0627 \u0628\u0647\u0630\u0627 \u0627\u0644\u0628\u064a\u0627\u0646 \u0627\u0644\u0648\u0635\u0641\u064a\/ \u0627\u0644\u0645\u064a\u062a\u0627\u062f\u0627\u062a\u0627",
"lv": "K\u013c\u016bda \u0161aj\u0101 metadatu ierakst\u0101",
"id": "Error pada entri metadata ini",
"sr": "Ovaj zapis metapodataka sadr\u017ei gre\u0161ku"
"sr": "Ovaj zapis metapodataka sadr\u017ei gre\u0161ku",
"ro": "Eroare \u00een aceast\u0103 metadat\u0103",
"ru": "\u041e\u0448\u0438\u0431\u043a\u0430 \u043f\u0440\u0438 \u0432\u0432\u043e\u0434\u0435 \u0434\u0430\u043d\u043d\u043e\u0439 \u0437\u0430\u043f\u0438\u0441\u0438 \u043c\u0435\u0442\u0430\u0434\u0430\u043d\u043d\u044b\u0445",
"eu": "Metadatu sarrera honetan errorea"
},
"metaover_required_found": {
"no": "Obligatorisk felt",
@ -278,8 +312,12 @@
"he": "\u05e9\u05d3\u05d5\u05ea \u05e0\u05d3\u05e8\u05e9\u05d9\u05dd",
"zh": "\u5fc5\u9700\u7684\u533a\u57df",
"ar": "\u062d\u0642\u0644 \u0625\u062c\u0628\u0627\u0631\u064a",
"lv": "Oblig\u0101tie lauki",
"id": "Field-field yang wajib diisi",
"sr": "Obavezna polja"
"sr": "Obavezna polja",
"ro": "C\u00e2mpuri obligatorii",
"ru": "\u041e\u0431\u044f\u0437\u0430\u0442\u0435\u043b\u044c\u043d\u044b\u0435 \u043f\u043e\u043b\u044f",
"eu": "Derrigorrezko eremuak"
},
"metaover_required_not_found": {
"no": "F\u00f8lgende obligatoriske felter ble ikke funnet",
@ -306,8 +344,12 @@
"he": "\u05d4\u05e9\u05d3\u05d5\u05ea \u05d4\u05d3\u05e8\u05d5\u05e9\u05d9\u05dd \u05d4\u05d1\u05d0\u05d9\u05dd \u05dc\u05d0 \u05e0\u05de\u05e6\u05d0\u05d5",
"zh": "\u4e0b\u5217\u5fc5\u9700\u7684\u533a\u57df\u6ca1\u6709\u627e\u5230",
"ar": "\u0627\u0644\u062d\u0642\u0648\u0644 \u0627\u0644\u0625\u062c\u0628\u0627\u0631\u064a\u0629 \u0623\u062f\u0646\u0627\u0647 \u0645\u0641\u0642\u0648\u062f\u0629",
"lv": "Nav atrasti oblig\u0101tie lauki",
"id": "Field-field yang diperlukan wajib disisi berikut ini tidak ditemukan",
"sr": "Nisu prona\u0111ena slede\u0107a opciona polja"
"sr": "Nisu prona\u0111ena slede\u0107a opciona polja",
"ro": "Urm\u0103toarele c\u00e2mpuri obligatorii nu au fost g\u0103site",
"ru": "\u0421\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0435 \u043e\u0431\u044f\u0437\u0430\u0442\u0435\u043b\u044c\u043d\u044b\u0435 \u043f\u043e\u043b\u044f \u043d\u0435 \u043d\u0430\u0439\u0434\u0435\u043d\u044b",
"eu": "Derrigorrezko datu hauek ez dira aurkitu"
},
"metaover_optional_found": {
"no": "Valgbart felt",
@ -334,8 +376,12 @@
"he": "\u05e9\u05d3\u05d5\u05ea \u05e8\u05e9\u05d5\u05ea",
"zh": "\u9009\u9879\u533a\u57df",
"ar": "\u062d\u0642\u0644 \u0627\u062e\u062a\u064a\u0627\u0631\u064a",
"lv": "Neoblig\u0101tie lauki",
"id": "Field-field opsional",
"sr": "Opciona polja"
"sr": "Opciona polja",
"ro": "C\u00e2mpuri op\u021bionale",
"ru": "\u041d\u0435\u043e\u0431\u044f\u0437\u0430\u0442\u0435\u043b\u044c\u043d\u044b\u0435 \u043f\u043e\u043b\u044f",
"eu": "Hautazko datuak"
},
"metaover_optional_not_found": {
"no": "F\u00f8lgende valgbare felt ble ikke funnet",
@ -351,7 +397,7 @@
"pt-br": "Os seguintes campos opcionais n\u00e3o foram encontrados",
"pt": "Os seguintes campos opcionais n\u00e3o foram encontrados",
"pl": "Nastepuj\u0105ce pola opcjonalne nie zosta\u0142y znalezione",
"cs": "asleduj\u00edc\u00ed voliteln\u00e1 pole nenalezena",
"cs": "Nasleduj\u00edc\u00ed voliteln\u00e1 pole nenalezena",
"tr": "\u015eu iste\u011fe ba\u011fl\u0131 alanlar bulunamad\u0131",
"fr": "Les champs optionnels suivants n'ont pas \u00e9t\u00e9 trouv\u00e9s",
"it": "I seguenti campi, opzionali, non sono stati trovati",
@ -362,8 +408,12 @@
"he": "\u05e9\u05d3\u05d5\u05ea \u05d4\u05e8\u05e9\u05d5\u05ea \u05d4\u05d1\u05d0\u05d9\u05dd \u05dc\u05d0 \u05e0\u05de\u05e6\u05d0\u05d5",
"zh": "\u4e0b\u5217\u5fc5\u9700\u7684\u9009\u9879\u533a\u57df\u6ca1\u6709\u627e\u5230",
"ar": "\u0627\u0644\u062d\u0642\u0648\u0644 \u0627\u0644\u0627\u062e\u062a\u064a\u0627\u0631\u064a\u0629 \u0623\u062f\u0646\u0627\u0647 \u0645\u0641\u0642\u0648\u062f\u0629",
"lv": "Nav atrasti neoblig\u0101tie lauki",
"id": "Field-field opsional berikut tidak dapat ditemukan",
"sr": "Nisu prona\u0111ena slede\u0107a opciona polja"
"sr": "Nisu prona\u0111ena slede\u0107a opciona polja",
"ro": "Urm\u0103toarele c\u00e2mpuri op\u021bionale nu au fost g\u0103site",
"ru": "\u0421\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0435 \u043d\u0435\u043e\u0431\u044f\u0437\u0430\u0442\u0435\u043b\u044c\u043d\u044b\u0435 \u043f\u043e\u043b\u044f \u043d\u0435 \u043d\u0430\u0439\u0434\u0435\u043d\u044b",
"eu": "Hautazko datu hauek ez dira aurkitu"
},
"metaover_unknown_found": {
"no": "F\u00f8lgende felt ble ikke gjenkjent",
@ -390,8 +440,12 @@
"he": "\u05d4\u05e9\u05d3\u05d5\u05ea \u05d4\u05d1\u05d0\u05d9\u05dd \u05dc\u05d0 \u05d6\u05d5\u05d4\u05d5",
"zh": "\u4e0b\u5217\u533a\u57df\u65e0\u6cd5\u8bc6\u522b",
"ar": "\u0644\u0645 \u064a\u062a\u0645 \u0627\u0644\u062a\u0639\u0631\u0641 \u0639\u0644\u064a \u0627\u0644\u0642\u0644 \u0623\u062f\u0646\u0627\u0647 ",
"lv": "Nav atpaz\u012bti \u0161\u0101di ievadlauki",
"id": "Field-field berikut ini tidak dapat dikenali",
"sr": "Slede\u0107a polja nisu prepoznata"
"sr": "Slede\u0107a polja nisu prepoznata",
"ro": "Urm\u0103toarele c\u00e2mpuri nu au fost recunoscute",
"ru": "\u0421\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0435 \u043f\u043e\u043b\u044f \u043d\u0435 \u0440\u0430\u0441\u043f\u043e\u0437\u043d\u0430\u043d\u044b",
"eu": "Datu hauek ez dira antzeman"
},
"metadata_metadata": {
"no": "Metadata",
@ -418,14 +472,18 @@
"he": "\u05de\u05d8\u05d0-\u05de\u05d9\u05d3\u05e2",
"zh": "\u5143\u4fe1\u606f",
"ar": "\u0628\u064a\u0627\u0646\u0627\u062a \u0648\u0635\u0641\u064a\u0629\/ \u0645\u064a\u062a\u0627\u062f\u0627\u062a\u0627",
"lv": "Metadati",
"id": "Metadata",
"sr": "Metapodaci"
"sr": "Metapodaci",
"ro": "Metadate",
"ru": "\u041c\u0435\u0442\u0430\u0434\u0430\u043d\u043d\u044b\u0435",
"eu": "Metadatuak"
},
"metadata_xmlformat": {
"no": "I SAML 2.0 Metadata XML Format:",
"nn": "P\u00e5 SAML 2.0 metadata XML-format",
"sv": "I SAML 2.0 Metadata XML-format:",
"es": "en formato xml de metadatos SAML 2.0:",
"es": "En formato xml de metadatos SAML 2.0:",
"nl": "In SAML 2.0 Metadata XML formaat:",
"sl": "V SAML 2.0 Metapodatkovni XML format:",
"da": "I SAML 2.0 metadata xml-format:",
@ -446,8 +504,12 @@
"he": "\u05de\u05d8\u05d0-\u05de\u05d9\u05d3\u05e2 \u05e2\u05d1\u05d5\u05e8 SAML 2.0 \u05d1\u05ea\u05d1\u05e0\u05d9\u05ea XML:",
"zh": "\u5728SAML 2.0 XML \u5143\u4fe1\u606f\u683c\u5f0f\u4e2d\uff1a",
"ar": "\u0628\u064a\u0627\u0646\u0627\u062a SAML 2.0 \u0627\u0644\u0648\u0635\u0641\u064a\u0629 \u0628\u0635\u064a\u063a\u0629 XML",
"lv": "SAML 2.0 metadatos XML form\u0101t\u0101:",
"id": "Dalam format XML Metadata SAML 2.0",
"sr": "Metapodaci u SAML 2.0 XML formatu:"
"sr": "Metapodaci u SAML 2.0 XML formatu:",
"ro": "\u00cen format metadate XML SAML 2.0:",
"ru": "xml \u0444\u043e\u0440\u043c\u0430\u0442 \u043c\u0435\u0442\u0430\u0434\u0430\u043d\u043d\u044b\u0445 SAML 2.0:",
"eu": "SAML 2.0 metadatuetako xml formatuan:"
},
"debug_sending_message_text_link": {
"no": "Du er i ferd med \u00e5 sende en melding. Trykk p\u00e5 send melding knappen for \u00e5 fortsette.",
@ -462,6 +524,7 @@
"pt-br": "Voc\u00ea est\u00e1 prestes a enviar uma mensagem. Clique no link enviar a mensagem para continuar.",
"pt": "Est\u00e1 prestes a enviar uma mensagem. Carregue na liga\u00e7\u00e3o para continuar.",
"cs": "M\u016f\u017eete poslat zpr\u00e1vu. Klikn\u011bte na odkaz pro pokra\u010dov\u00e1n\u00ed.",
"eu": "Mezu bat bidaltzeari ekingo zaio. Saka ezazu \"Mezua bidali\" lotura jarraitzeko.",
"tr": "Mesaj g\u00f6ndermek \u00fczeresiniz. Devam etmek i\u00e7in mesaj g\u00f6nder linkine t\u0131klay\u0131n.",
"de": "Sie sind dabei eine Nachricht zu senden. Klicken Sie auf den Nachricht senden Link um fortzufahren.",
"fr": "Vous allez envoyer un message. Cliquez sur le lien d'envoi pour continuer.",
@ -473,8 +536,11 @@
"he": "\u05d0\u05ea\u05d4 \u05e2\u05d5\u05de\u05d3 \u05dc\u05e9\u05dc\u05d5\u05d7 \u05d4\u05d5\u05d3\u05e2\u05d4. \u05dc\u05d7\u05e5 \u05e2\u05dc \u05db\u05e4\u05ea\u05d5\u05e8 \u05d4\u05e9\u05dc\u05d9\u05d7\u05d4 \u05db\u05d3\u05d9 \u05dc\u05d4\u05de\u05e9\u05d9\u05da.",
"zh": "\u4f60\u51c6\u5907\u53d1\u9001\u4e00\u4e2a\u6d88\u606f\uff0c\u8bf7\u70b9\u51fb\u63d0\u4ea4\u94fe\u63a5\u4ee5\u7ee7\u7eed",
"ar": "\u0627\u0646\u062a \u0639\u0644\u064a \u0648\u0634\u0643 \u0625\u0631\u0633\u0627\u0644 \u0631\u0633\u0627\u0644\u0629. \u0627\u0636\u063a\u0637 \u0639\u0644\u064a \u0627\u0644\u0631\u0627\u0628\u0637 \u0644\u0644\u0645\u0648\u0627\u0635\u0644\u0629",
"lv": "J\u016bs gatavojaties s\u016bt\u012bt zi\u0146u. Spiediet saiti S\u016bt\u012bt zi\u0146u.",
"id": "Anda baru saja akan mengirim sebuah pesan. Tekan link submit pesan untuk melanjutkan.",
"sr": "Kliknite na link \"Po\u0161alji poruku\" da biste poslali poruku."
"sr": "Kliknite na link \"Po\u0161alji poruku\" da biste poslali poruku.",
"ro": "Mesajul este preg\u0103tit pentru a fi trimis. Ap\u0103sa\u021bi link-ul de trimitere pentru a continua.",
"ru": "\u0412\u044b \u0441\u043e\u0431\u0438\u0440\u0430\u0435\u0442\u0435\u0441\u044c \u043e\u0442\u043f\u0440\u0430\u0432\u0438\u0442\u044c \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u0435. \u041a\u043b\u0438\u043a\u043d\u0438\u0442\u0435 \u0441\u0441\u044b\u043b\u043a\u0443 \u043e\u0442\u043f\u0440\u0430\u0432\u043a\u0438 \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u043f\u0440\u043e\u0434\u043e\u043b\u0436\u0435\u043d\u0438\u044f."
},
"debug_sending_message_send": {
"no": "Send melding",
@ -490,6 +556,7 @@
"pt": "Enviar mensagem",
"pl": "Wy\u015blij wiadomo\u015b\u0107",
"cs": "Poslat zpr\u00e1vu",
"eu": "Mezua bidali",
"tr": "Mesaj g\u00f6nder",
"de": "Nachricht senden",
"fr": "Envoi du message",
@ -501,8 +568,11 @@
"he": "\u05e9\u05dc\u05d7 \u05d4\u05d5\u05d3\u05e2\u05d4",
"zh": "\u63d0\u4ea4\u4fe1\u606f",
"ar": "\u0633\u0644\u0645 \u0627\u0644\u0631\u0633\u0627\u0644\u0629",
"lv": "S\u016bt\u012bt zi\u0146u",
"id": "Submit pesan",
"sr": "Po\u0161alji poruku"
"sr": "Po\u0161alji poruku",
"ro": "Trimite mesajul",
"ru": "\u041e\u0442\u043f\u0440\u0430\u0432\u0438\u0442\u044c \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u0435"
},
"debug_sending_message_msg_title": {
"no": "Melding",
@ -529,8 +599,12 @@
"he": "\u05d4\u05d5\u05d3\u05e2\u05d4",
"zh": "\u4fe1\u606f",
"ar": "\u0631\u0633\u0627\u0644\u0629",
"lv": "Zi\u0146a",
"id": "Pesan",
"sr": "Poruka"
"sr": "Poruka",
"ro": "Mesaj",
"ru": "\u0421\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u0435",
"eu": "Mezua"
},
"debug_sending_message_msg_text": {
"no": "Siden du er i debug modus kan du se innholdet i meldingene du sender.",
@ -556,8 +630,12 @@
"he": "\u05db\u05d9\u05d5\u05d5\u05df \u05e9\u05d0\u05ea\u05d4 \u05d1\u05de\u05e6\u05d1 \u05de\u05d1\u05d3\u05d9\u05e7\u05ea \u05d1\u05d0\u05d2\u05d9\u05dd, \u05d0\u05ea\u05d4 \u05e8\u05d5\u05d0\u05d4 \u05d0\u05ea \u05ea\u05d5\u05db\u05df \u05d4\u05d4\u05d5\u05d3\u05e2\u05d4 \u05e9\u05d0\u05ea\u05d4 \u05e9\u05d5\u05dc\u05d7:",
"zh": "\u5f53\u4f60\u5904\u5728\u8c03\u8bd5\u6a21\u5f0f\u4e2d\u65f6\uff0c\u4f60\u5c06\u770b\u5230\u4f60\u6b63\u5728\u53d1\u9001\u7684\u6d88\u606f\u7684\u5185\u5bb9",
"ar": "\u064a\u0645\u0643\u0646\u0643 \u0631\u0624\u064a\u0629 \u0645\u062d\u062a\u0648\u064a \u0627\u0644\u0631\u0633\u0627\u0644\u0629 \u0637\u0627\u0644\u0645\u0627 \u0643\u0646\u062a \u0641\u064a \u062d\u0627\u0644\u0629 \u062a\u0635\u062d\u064a\u062d",
"lv": "T\u0101 k\u0101 \u0161is ir atk\u013c\u016bdo\u0161anas re\u017e\u012bms, J\u016bs varat redz\u0113t s\u016bt\u0101m\u0101s zi\u0146as saturu:",
"id": "Karena anda berada pada mode debug, anda dapat melihat isi pesan yang anda kirim:",
"sr": "Obzirom da ste u debug modu, imate mogu\u0107nost videti sadr\u017eaj poruke koju \u0161aljete:"
"sr": "Obzirom da ste u debug modu, imate mogu\u0107nost videti sadr\u017eaj poruke koju \u0161aljete:",
"ro": "\u00centruc\u00e2t sunte\u021bi \u00een modul depanare, ve\u021bi vedea con\u021binutul mesajului care va fi trimis:",
"ru": "\u0415\u0441\u043b\u0438 \u0432\u044b \u043d\u0430\u0445\u043e\u0434\u0438\u0442\u0435\u0441\u044c \u0432 \u0440\u0435\u0436\u0438\u043c\u0435 \u043e\u0442\u043b\u0430\u0434\u043a\u0438 \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u044f, \u0432\u044b \u0441\u043c\u043e\u0436\u0435\u0442\u0435 \u043d\u0430\u0431\u043b\u044e\u0434\u0430\u0442\u044c \u0441\u043e\u0434\u0435\u0440\u0436\u0438\u043c\u043e\u0435 \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u044f.",
"eu": "Arazketa moduan egonez gero, bidaltzera zoazen mezuaren edukia ikusiko duzu:"
},
"metaover_group_metadata.saml20-sp-remote": {
"no": "SAML 2.0 Tjenesteleverand\u00f8r (ekstern)",
@ -584,8 +662,12 @@
"he": "\u05e1\u05e4\u05e7 \u05e9\u05d9\u05e8\u05d5\u05ea \u05de\u05e8\u05d5\u05d7\u05e7 \u05de\u05e1\u05d5\u05d2 SAML 2.0",
"zh": "SAML 2.0 \u670d\u52a1\u63d0\u4f9b\u8005 (\u8fdc\u7a0b)",
"ar": "\u0645\u0642\u062f\u0645 \u062e\u062f\u0645\u0629 SAML 2.0 \u0627\u0644\u0628\u0639\u064a\u062f",
"lv": "SAML 2.0 servisa pieg\u0101d\u0101t\u0101js (att\u0101lin\u0101ts)",
"id": "Service Provider SAML 2.0 (Remote)",
"sr": "SAML 2.0 Davalac Servisa (udaljeni)"
"sr": "SAML 2.0 Davalac Servisa (udaljeni)",
"ro": "Furnizor de servicii SAML 2.0 (distant)",
"ru": "\u0421\u0435\u0440\u0432\u0438\u0441 \u043f\u0440\u043e\u0432\u0430\u0439\u0434\u0435\u0440 SAML 2.0 (\u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0435 \u0440\u0430\u0437\u043c\u0435\u0449\u0435\u043d\u0438\u0435)",
"eu": "SAML 2.0 Zerbitzu hornitzailea (Urrunekoa)"
},
"metaover_group_metadata.saml20-idp-hosted": {
"no": "SAML 2.0 Identitetsleverand\u00f8r (ekstern)",
@ -612,8 +694,12 @@
"he": "\u05e1\u05e4\u05e7 \u05d6\u05d4\u05d5\u05ea \u05de\u05e7\u05d5\u05de\u05d9 \u05de\u05e1\u05d5\u05d2 SAML 2.0",
"zh": "SAML 2.0 \u8eab\u4efd\u63d0\u4f9b\u8005\uff08\u672c\u5730\uff09",
"ar": "\u0645\u0642\u062f\u0645 \u0647\u0648\u064a\u0629 SAML 2.0 \u0627\u0644\u0645\u0633\u062a\u0636\u0627\u0641",
"lv": "SAML 2.0 identit\u0101tes pieg\u0101d\u0101t\u0101js (host\u0113ts)",
"id": "Identity Provider SAML 2.0 (Hosted)",
"sr": "SAML 2.0 Davalac Identiteta (lokalni)"
"sr": "SAML 2.0 Davalac Identiteta (lokalni)",
"ro": "Furnizor de identitate SAML 2.0 (g\u0103zduit)",
"ru": "\u041f\u0440\u043e\u0432\u0430\u0439\u0434\u0435\u0440 \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 SAML 2.0 (\u043b\u043e\u043a\u0430\u043b\u044c\u043d\u043e\u0435 \u0440\u0430\u0437\u043c\u0435\u0449\u0435\u043d\u0438\u0435)",
"eu": "SAML 2.0 Identitate hornitzailea (Anfitrioia)"
},
"metaover_group_metadata.saml20-idp-remote": {
"no": "SAML 2.0 Identitetsleverand\u00f8r (ekstern)",
@ -640,8 +726,12 @@
"he": "\u05e1\u05e4\u05e7 \u05d6\u05d4\u05d5\u05ea \u05de\u05e8\u05d5\u05d7\u05e7 \u05de\u05e1\u05d5\u05d2 SAML 2.0",
"zh": "SAML 2.0 \u8eab\u4efd\u63d0\u4f9b\u8005\uff08\u8fdc\u7a0b\uff09",
"ar": "\u0645\u0642\u062f\u0645 \u0647\u0648\u064a\u0629 SAML 2.0 \u0627\u0644\u0628\u0639\u064a\u062f",
"lv": "SAML 2.0 identit\u0101tes pieg\u0101d\u0101t\u0101js (att\u0101lin\u0101ts)",
"id": "Identity Provider SAML 2.0 (Remote)",
"sr": "SAML 2.0 Davalac Identiteta (udaljeni)"
"sr": "SAML 2.0 Davalac Identiteta (udaljeni)",
"ro": "Furnizor de identitate SAML 2.0 (distant)",
"ru": "\u041f\u0440\u043e\u0432\u0430\u0439\u0434\u0435\u0440 \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 SAML 2.0 (\u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0435 \u0440\u0430\u0437\u043c\u0435\u0449\u0435\u043d\u0438\u0435)",
"eu": "SAML 2.0 Identitate hornitzailea (Urrunekoa)"
},
"metaover_group_metadata.shib13-sp-hosted": {
"no": "Shib 1.3 Tjenesteleverand\u00f8r (intern)",
@ -668,8 +758,12 @@
"he": "\u05e1\u05e4\u05e7 \u05e9\u05d9\u05e8\u05d5\u05ea \u05de\u05e7\u05d5\u05de\u05d9 \u05de\u05e1\u05d5\u05d2 Shib 1.3",
"zh": "Shib 1.3 \u670d\u52a1\u63d0\u4f9b\u8005\uff08\u672c\u5730\uff09",
"ar": "\u0645\u0642\u062f\u0645 \u062e\u062f\u0645\u0629 Shib 1.3 \u0627\u0644\u0645\u0633\u062a\u0636\u0627\u0641",
"lv": "Shib 1.3 servisa pieg\u0101d\u0101t\u0101js (host\u0113ts)",
"id": "Service Provider Shib 1.3 (Hosted)",
"sr": "Shib 1.3 Davalac Servisa (lokalni)"
"sr": "Shib 1.3 Davalac Servisa (lokalni)",
"ro": "Furnizor de servicii Shib 1.3 (g\u0103zduit)",
"ru": "\u0421\u0435\u0440\u0432\u0438\u0441 \u043f\u0440\u043e\u0432\u0430\u0439\u0434\u0435\u0440 Shib 1.3 (\u043b\u043e\u043a\u0430\u043b\u044c\u043d\u043e\u0435 \u0440\u0430\u0437\u043c\u0435\u0449\u0435\u043d\u0438\u0435)",
"eu": "Shib 1.3 Zerbitzu hornitzailea (Anfitrioia)"
},
"metaover_group_metadata.shib13-sp-remote": {
"no": "Shib 1.3 Tjenesteleverand\u00f8r (ekstern)",
@ -696,8 +790,12 @@
"he": "\u05e1\u05e4\u05e7 \u05e9\u05d9\u05e8\u05d5\u05ea \u05de\u05e8\u05d5\u05d7\u05e7 \u05de\u05e1\u05d5\u05d2 Shib 1.3",
"zh": "Shib 1.3 \u670d\u52a1\u63d0\u4f9b\u8005\uff08\u8fdc\u7a0b\uff09",
"ar": "\u0645\u0642\u062f\u0645 \u062e\u062f\u0645\u0629 Shib 1.3 \u0627\u0644\u0628\u0639\u064a\u062f",
"lv": "Shib 1.3 servisa pieg\u0101d\u0101t\u0101js (att\u0101lin\u0101ts)",
"id": "Service Provider Shib 1.3 (Remote)",
"sr": "Shib 1.3 Davalac Servisa (udaljeni)"
"sr": "Shib 1.3 Davalac Servisa (udaljeni)",
"ro": "Furnizor de servicii Shib 1.3 (distant)",
"ru": "\u0421\u0435\u0440\u0432\u0438\u0441 \u043f\u0440\u043e\u0432\u0430\u0439\u0434\u0435\u0440 Shib 1.3 (\u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0435 \u0440\u0430\u0437\u043c\u0435\u0449\u0435\u043d\u0438\u0435)",
"eu": "Shib 1.3 Zerbitzu hornitzailea (Urrunekoa)"
},
"metaover_group_metadata.shib13-idp-hosted": {
"no": "Shib 1.3 Identitetsleverand\u00f8r (ekstern)",
@ -724,8 +822,12 @@
"he": "\u05e1\u05e4\u05e7 \u05d6\u05d4\u05d5\u05ea \u05de\u05e7\u05d5\u05de\u05d9 \u05de\u05e1\u05d5\u05d2 Shib 1.3",
"zh": "Shib 1.3 \u8ba4\u8bc1\u63d0\u4f9b\u8005\uff08\u672c\u5730\uff09",
"ar": "\u0645\u0642\u062f\u0645 \u0647\u0648\u064a\u0629 Shib 1.3 \u0627\u0644\u0645\u0633\u062a\u0636\u0627\u0641",
"lv": "Shib 1.3 identit\u0101tes pieg\u0101d\u0101t\u0101js (host\u0113ts)",
"id": "Identity Provider Shib 1.3 (Hosted)",
"sr": "Shib 1.3 Davalac Identiteta(lokalni)"
"sr": "Shib 1.3 Davalac Identiteta(lokalni)",
"ro": "Furnizor de identitate Shib 1.3 (g\u0103zduit)",
"ru": "\u041f\u0440\u043e\u0432\u0430\u0439\u0434\u0435\u0440 \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 Shib 1.3 (\u043b\u043e\u043a\u0430\u043b\u044c\u043d\u043e\u0435 \u0440\u0430\u0437\u043c\u0435\u0449\u0435\u043d\u0438\u0435)",
"eu": "Shib 1.3 Identitate hornitzailea (Anfitrioia)"
},
"metaover_group_metadata.shib13-idp-remote": {
"no": "Shib 1.3 Identitetsleverand\u00f8r (ekstern) ",
@ -752,9 +854,75 @@
"he": "\u05e1\u05e4\u05e7 \u05d6\u05d4\u05d5\u05ea \u05de\u05e8\u05d5\u05d7\u05e7 \u05de\u05e1\u05d5\u05d2 Shib 1.3",
"zh": "Shib 1.3 \u8ba4\u8bc1\u63d0\u4f9b\u8005\uff08\u8fdc\u7a0b\uff09",
"ar": "\u0645\u0642\u062f\u0645 \u0647\u0648\u064a\u0629 Shib 1.3 \u0627\u0644\u0628\u0639\u064a\u062f",
"lv": "Shib 1.3 identit\u0101tes pieg\u0101d\u0101t\u0101js (att\u0101lin\u0101ts)",
"id": "Identity Provider Shib 1.3 (Remote)",
"sr": "Shib 1.3 Davalac Identiteta (udaljeni)"
"sr": "Shib 1.3 Davalac Identiteta (udaljeni)",
"ro": "Furnizor de identitate Shib 1.3 (distant)",
"ru": "\u041f\u0440\u043e\u0432\u0430\u0439\u0434\u0435\u0440 \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 Shib 1.3 (\u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0435 \u0440\u0430\u0437\u043c\u0435\u0449\u0435\u043d\u0438\u0435)",
"eu": "Shib 1.3 Identitate hornitzailea (Urrunekoa)"
},
"metaover_group_metadata.adfs-sp-remote": {
"no": "ADFS Tjenesteleverand\u00f8r (ekstern)",
"nn": "ADFS Service Provider (Remote)",
"sv": "ADFS Service Provider (Fj\u00e4rr)",
"es": "Proveedor de Servicio ADFS (Remoto)",
"nl": "ADFS Service Provider (Remote)",
"sl": "ADFS SP (Oddaljeni)",
"da": "ADFS tjenesteudbyder (remote)",
"hr": "ADFS davatelj usluge (udaljeni)",
"hu": "ADFS alkalmaz\u00e1sszolg\u00e1ltat\u00f3 (t\u00e1voli)",
"pt-br": "ADFS Service Provider (Remoto)",
"pt": "Fornecedor de servi\u00e7o (SP) ADFS (Remoto)",
"pl": "ADFS Dostawca Serwisu (Zdalny)",
"cs": "SAML 2.O Service Provider (Remote - vzd\u00e1len\u00fd)",
"tr": "ADFS Servis Sa\u011flay\u0131c\u0131 (Uzak sistemde sunulan)",
"de": "ADFS Service Provider (entfernt)",
"fr": "Fournisseur de service ADFS distant",
"it": "ADFS Service Provider (Remoto)",
"ja": "ADFS\u30b5\u30fc\u30d3\u30b9\u30d7\u30ed\u30d0\u30a4\u30c0(\u30ea\u30e2\u30fc\u30c8)",
"lt": "ADFS Paslaugos teik\u0117jas (nutol\u0119s)",
"zh-tw": "ADFS \u670d\u52d9\u63d0\u4f9b\u8005(\u9060\u7aef)",
"et": "ADFS teenusepakkuja (kaug)",
"he": "\u05e1\u05e4\u05e7 \u05e9\u05d9\u05e8\u05d5\u05ea \u05de\u05e8\u05d5\u05d7\u05e7 \u05de\u05e1\u05d5\u05d2 ADFS",
"zh": "ADFS \u670d\u52a1\u63d0\u4f9b\u8005 (\u8fdc\u7a0b)",
"ar": "\u0645\u0642\u062f\u0645 \u062e\u062f\u0645\u0629 ADFS \u0627\u0644\u0628\u0639\u064a\u062f",
"lv": "ADFS servisa pieg\u0101d\u0101t\u0101js (att\u0101lin\u0101ts)",
"id": "Service Provider ADFS (Remote)",
"sr": "ADFS Davalac Servisa (udaljeni)",
"ro": "Furnizor de servicii ADFS (distant)",
"ru": "\u0421\u0435\u0440\u0432\u0438\u0441 \u043f\u0440\u043e\u0432\u0430\u0439\u0434\u0435\u0440 ADFS (\u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0435 \u0440\u0430\u0437\u043c\u0435\u0449\u0435\u043d\u0438\u0435)"
},
"metaover_group_metadata.adfs-idp-hosted": {
"no": "ADFS Identitetsleverand\u00f8r (ekstern)",
"nn": "ADFS Identity Provider (Hosted)",
"sv": "ADFS Identity Provider (V\u00e4rd)",
"es": "Proveedor de Identidad ADFS (Anfitri\u00f3n)",
"nl": "ADFS Identity Provider (Hosted)",
"sl": "ADFS IdP (Lokalni)",
"da": "ADFS identitetsudbyder (hosted)",
"hr": "ADFS autentifikacijski servis (lokalni)",
"hu": "ADFS szem\u00e9lyazonoss\u00e1g-szolg\u00e1ltat\u00f3 (helyi)",
"pt-br": "ADFS Identity Provider (Local)",
"pt": "Fornecedor de identidade (IdP) ADFS (Local)",
"pl": "ADFS Dostawca To\u017csamo\u015bci (Lokalny)",
"cs": "ADFS Identity Provider (Hosted - lok\u00e1ln\u00ed)",
"tr": "ADFS Kimlik Sa\u011flay\u0131c\u0131 (Bu sistemde sunulan)",
"de": "ADFS Identity Provider (gehosted)",
"fr": "Fournisseur d'identit\u00e9 ADFS local",
"it": "SAML 2.o Identity Provider (Hosted)",
"ja": "ADFS\u30a2\u30a4\u30c7\u30f3\u30c6\u30a3\u30c6\u30a3\u30d7\u30ed\u30d0\u30a4\u30c0(\u30db\u30b9\u30c8)",
"lt": "ADFS Tapatybi\u0173 teik\u0117jas (vietinis)",
"zh-tw": "ADFS \u9a57\u8b49\u63d0\u4f9b\u8005(\u4e3b\u6a5f)",
"et": "ADFS identiteedipakkuja (hostitud)",
"he": "\u05e1\u05e4\u05e7 \u05d6\u05d4\u05d5\u05ea \u05de\u05e7\u05d5\u05de\u05d9 \u05de\u05e1\u05d5\u05d2 ADFS",
"zh": "ADFS \u8eab\u4efd\u63d0\u4f9b\u8005\uff08\u672c\u5730\uff09",
"ar": "\u0645\u0642\u062f\u0645 \u0647\u0648\u064a\u0629 ADFS \u0627\u0644\u0645\u0633\u062a\u0636\u0627\u0641",
"lv": "ADFS identit\u0101tes pieg\u0101d\u0101t\u0101js (host\u0113ts)",
"id": "Identity Provider ADFS (Hosted)",
"sr": "ADFS Davalac Identiteta (lokalni)",
"ro": "Furnizor de identitate ADFS (g\u0103zduit)",
"ru": "\u041f\u0440\u043e\u0432\u0430\u0439\u0434\u0435\u0440 \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 ADFS (\u043b\u043e\u043a\u0430\u043b\u044c\u043d\u043e\u0435 \u0440\u0430\u0437\u043c\u0435\u0449\u0435\u043d\u0438\u0435)"
},
"metaover_group_metadata.wsfed-sp-hosted": {
"no": "WS-Federation tjenesteleverand\u00f8r (intern)",
"nn": "WS-Federation Service Provider (Hosted)",
@ -780,8 +948,12 @@
"he": "\u05e1\u05e4\u05e7 \u05e9\u05d9\u05e8\u05d5\u05ea \u05de\u05e7\u05d5\u05de\u05d9 \u05de\u05e1\u05d5\u05d2 \u05d0\u05d9\u05d7\u05d5\u05d3-WS",
"zh": "WS-Federation \u670d\u52a1\u63d0\u4f9b\u8005\uff08\u672c\u5730\uff09",
"ar": "\u0645\u0642\u062f\u0645 \u062e\u062f\u0645\u0629 WS-\u0627\u0644\u0641\u062f\u0631\u0627\u0644\u064a\u0629 \u0627\u0644\u0645\u0633\u062a\u0636\u0627\u0641 ",
"lv": "WS-Federation servisa pieg\u0101d\u0101t\u0101js (host\u0113ts)",
"id": "Servide Provider WS-Federation (Hosted)",
"sr": "WS-Federation Davalac Servisa (lokalni)"
"sr": "WS-Federation Davalac Servisa (lokalni)",
"ro": "Furnizor de servicii federa\u021bie WS (g\u0103zduit)",
"ru": "\u0421\u0435\u0440\u0432\u0438\u0441 \u043f\u0440\u043e\u0432\u0430\u0439\u0434\u0435\u0440 WS-Federation (\u043b\u043e\u043a\u0430\u043b\u044c\u043d\u043e\u0435 \u0440\u0430\u0437\u043c\u0435\u0449\u0435\u043d\u0438\u0435)",
"eu": "WS-Federation Zerbitzu hornitzailea (Anfitrioia)"
},
"metaover_group_metadata.wsfed-idp-remote": {
"no": "WS-Federation identitetsleverand\u00f8r (ekstern)",
@ -808,8 +980,12 @@
"he": "\u05e1\u05e4\u05e7 \u05d6\u05d4\u05d5\u05ea \u05de\u05e8\u05d5\u05d7\u05e7 \u05de\u05e1\u05d5\u05d2 \u05d0\u05d9\u05d7\u05d5\u05d3-WS",
"zh": "WS-Federation \u8eab\u4efd\u63d0\u4f9b\u8005\uff08\u8fdc\u7a0b\uff09",
"ar": "\u0645\u0642\u062f\u0645 \u062e\u062f\u0645\u0629 WS-\u0627\u0644\u0641\u062f\u0631\u0627\u0644\u064a\u0629 \u0627\u0644\u0628\u0639\u064a\u062f",
"lv": "WS-Federation servisa pieg\u0101d\u0101t\u0101js (att\u0101lin\u0101ts)",
"id": "Identity Provider WS-Federation (Remote)",
"sr": "WS-Federation Davalac Servisa (udaljeni)"
"sr": "WS-Federation Davalac Servisa (udaljeni)",
"ro": "Furnizor de servicii federa\u021bie WS (distant)",
"ru": "\u041f\u0440\u043e\u0432\u0430\u0439\u0434\u0435\u0440 \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 WS-Federation (\u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0435 \u0440\u0430\u0437\u043c\u0435\u0449\u0435\u043d\u0438\u0435)",
"eu": "WS-Federation Identitate hornitzailea (Urrunekoa)"
},
"metaconv_title": {
"no": "Metadata parser",
@ -836,8 +1012,12 @@
"he": "\u05de\u05e0\u05ea\u05d7 \u05de\u05d8\u05d0-\u05de\u05d9\u05d3\u05e2",
"zh": "\u5143\u4fe1\u606f\u5206\u6790\u5668",
"ar": "\u0645\u062d\u0644\u0644 \u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a \u0627\u0644\u0648\u0635\u0641\u064a\u0629\/\u0627\u0644\u0645\u064a\u062a\u0627\u062f\u0627\u062a\u0627",
"lv": "Metadatu pars\u0113t\u0101js",
"id": "Parser metadata",
"sr": "Metadata analizator"
"sr": "Metadata analizator",
"ro": "Analizor de metadate",
"ru": "\u0421\u0440\u0435\u0434\u0441\u0442\u0432\u043e \u0441\u0438\u043d\u0442\u0430\u043a\u0441\u0438\u0447\u0435\u0441\u043a\u043e\u0433\u043e \u0430\u043d\u0430\u043b\u0438\u0437\u0430 \u043c\u0435\u0442\u0430\u0434\u0430\u043d\u043d\u044b\u0445",
"eu": "Metadatuak aztertu"
},
"metaconv_xmlmetadata": {
"no": "XML metadata",
@ -864,8 +1044,12 @@
"he": "\u05de\u05d8\u05d0-\u05de\u05d9\u05d3\u05e2 \u05d1\u05ea\u05d1\u05e0\u05d9\u05ea XML",
"zh": "XML\u5143\u4fe1\u606f",
"ar": "\u0628\u064a\u0627\u0646\u0627\u062a \u0648\u0635\u0641\u064a\u0629 \u0628\u0635\u064a\u063a\u0629 XML",
"lv": "XML metadati",
"id": "metadata XML",
"sr": "Metapodaci u XML formatu"
"sr": "Metapodaci u XML formatu",
"ro": "Metadate XML",
"ru": "XML \u043c\u0435\u0442\u0430\u0434\u0430\u043d\u043d\u044b\u0435",
"eu": "XML metadatuak"
},
"metaconv_parse": {
"no": "Pars",
@ -892,8 +1076,12 @@
"he": "\u05e0\u05ea\u05d7",
"zh": "\u5206\u6790\u5668",
"ar": "\u062d\u0644\u0644",
"lv": "Pars\u0113t",
"id": "Parse",
"sr": "Analiziraj"
"sr": "Analiziraj",
"ro": "Analizeaz\u0103",
"ru": "\u0412\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u0441\u0438\u043d\u0442\u0430\u043a\u0441\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0430\u043d\u0430\u043b\u0438\u0437",
"eu": "Aztertu"
},
"metaconv_converted": {
"no": "Konvertert metadata",
@ -920,8 +1108,12 @@
"he": "\u05de\u05d8\u05d0-\u05de\u05d9\u05d3\u05e2 \u05de\u05d5\u05de\u05e8",
"zh": "\u8f6c\u6362\u8fc7\u7684\u5143\u4fe1\u606f",
"ar": "\u0628\u064a\u0627\u0646\u0627\u062a \u0648\u0635\u0641\u064a\u0629 \u0645\u062d\u0648\u0644\u0629",
"lv": "Konvert\u0113tie metadati",
"id": "Metadata yang telah dikonvesi",
"sr": "Konvertovani metapodaci"
"sr": "Konvertovani metapodaci",
"ro": "Metadate convertite",
"ru": "\u041f\u0440\u0435\u043e\u0431\u0440\u0430\u0437\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u043c\u0435\u0442\u0430\u0434\u0430\u043d\u043d\u044b\u0435",
"eu": "Bihurtutako metadatuak"
},
"metadata_saml20-sp": {
"no": "SAML 2.0 SP metadata",
@ -948,8 +1140,12 @@
"he": "\u05de\u05d8\u05d0-\u05de\u05d9\u05d3\u05e2 \u05e9\u05dc \u05e1\u05e9 \u05de\u05e1\u05d5\u05d2 SAML 2.0 ",
"zh": "SAML 2.0 SP \u5143\u4fe1\u606f",
"ar": "\u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a \u0627\u0644\u0648\u0635\u0641\u064a\u0629 \u0644 SAML 2.0 SP",
"lv": "SAML 2.0 SP metadati",
"id": "Metadata SAML 2.0 SP",
"sr": "SAML 2.0 SP metapodaci"
"sr": "SAML 2.0 SP metapodaci",
"ro": "Metadate furnizor de servicii (SP) SAML 2.0",
"ru": "\u041c\u0435\u0442\u0430\u0434\u0430\u043d\u043d\u044b\u0435 SAML 2.0 SP",
"eu": "SAML 2.0 SP Metadatuak"
},
"metadata_saml20-idp": {
"no": "SAML 2.0 IdP metadata",
@ -976,8 +1172,12 @@
"he": "\u05de\u05d8\u05d0-\u05de\u05d9\u05d3\u05e2 \u05e9\u05dc \u05e1\u05d6 \u05de\u05e1\u05d5\u05d2 SAML 2.0 ",
"zh": "SAML 2.0 IdP \u5143\u4fe1\u606f",
"ar": "\u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a \u0627\u0644\u0648\u0635\u0641\u064a\u0629 \u0644 SAML 2.0 IdP",
"lv": "SAML 2.0 IdP metadati",
"id": "Metadata SAML 2.0 IdP",
"sr": "SAML 2.0 IdP metapodaci"
"sr": "SAML 2.0 IdP metapodaci",
"ro": "Metadate furnizor de identitate (IdP) SAML 2.0",
"ru": "\u041c\u0435\u0442\u0430\u0434\u0430\u043d\u043d\u044b\u0435 SAML 2.0 IdP",
"eu": "SAML 2.0 IdP Metadatuak"
},
"metadata_shib13-sp": {
"no": "Shib 1.3 SP metadata",
@ -1004,8 +1204,12 @@
"he": "\u05de\u05d8\u05d0-\u05de\u05d9\u05d3\u05e2 \u05e9\u05dc \u05e1\u05e9 \u05de\u05e1\u05d5\u05d2 Shib 1.3",
"zh": "Shib 1.3 SP \u5143\u4fe1\u606f",
"ar": "\u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a \u0627\u0644\u0648\u0635\u0641\u064a\u0629 \u0644Shib 1.3 SP",
"lv": "Shib 1.3 SP metadati",
"id": "Metadata Shib 1.3 SP",
"sr": "Shib 1.3 SP metapodaci"
"sr": "Shib 1.3 SP metapodaci",
"ro": "Metadate furnizor de servicii (SP) Shib 1.3",
"ru": "\u041c\u0435\u0442\u0430\u0434\u0430\u043d\u043d\u044b\u0435 Shib 1.3 SP",
"eu": "Shib 1.3 SP Metadatuak"
},
"metadata_shib13-idp": {
"no": "Shib 1.3 IdP metadata",
@ -1032,10 +1236,76 @@
"he": "\u05de\u05d8\u05d0-\u05de\u05d9\u05d3\u05e2 \u05e9\u05dc \u05e1\u05d6 \u05de\u05e1\u05d5\u05d2 Shib 1.3",
"zh": "Shib 1.3 IdP \u5143\u4fe1\u606f",
"ar": "\u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a \u0627\u0644\u0648\u0635\u0641\u064a\u0629 \u0644Shib 1.3 IdP",
"lv": "Shib 1.3 IdP metadati",
"id": "Metadata Shib 1.3 IdP",
"sr": "Shib 1.3 IdP metapodaci"
"sr": "Shib 1.3 IdP metapodaci",
"ro": "Metadate furnizor de identitate (IdP) Shib 1.3",
"ru": "\u041c\u0435\u0442\u0430\u0434\u0430\u043d\u043d\u044b\u0435 Shib 1.3 IdP",
"eu": "Shib 1.3 IdP Metadatuak"
},
"metadata_intro": {
"metadata_adfs-sp": {
"no": "ADFS SP metadata",
"nn": "ADFS SP Metadata",
"sv": "ADFS SP Metadata",
"es": "Metadatos SP ADFS",
"nl": "ADFS SP Metadata",
"sl": "ADFS SP Metapodatki",
"da": "Shibboleth 1.3 tjenesteudbyders metadata",
"hr": "ADFS metapodaci o davatelju usluge",
"hu": "ADFS SP Metaadatok",
"pt-br": "ADFS SP Metadata",
"pt": "Metadados ADFS SP",
"pl": "ADFS SP - Metadane",
"cs": "ADFS SP Metadata",
"tr": "ADFS SP \u00dcstveri (Metadata)",
"de": "ADFS SP Metadaten",
"fr": "M\u00e9tadonn\u00e9es de SP ADFS",
"it": "Metadati ADFS SP",
"ja": "ADFS SP\u30e1\u30bf\u30c7\u30fc\u30bf",
"lt": "ADFS SP Metaduomenys",
"zh-tw": "ADFS SP \u8a6e\u91cb\u8cc7\u6599",
"et": "ADFS SP metaandmed",
"he": "\u05de\u05d8\u05d0-\u05de\u05d9\u05d3\u05e2 \u05e9\u05dc \u05e1\u05e9 \u05de\u05e1\u05d5\u05d2 ADFS",
"zh": "ADFS SP \u5143\u4fe1\u606f",
"ar": "\u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a \u0627\u0644\u0648\u0635\u0641\u064a\u0629 \u0644ADFS SP",
"lv": "ADFS SP metadati",
"id": "Metadata ADFS SP",
"sr": "ADFS SP metapodaci",
"ro": "Metadate furnizor de servicii (SP) ADFS",
"ru": "\u041c\u0435\u0442\u0430\u0434\u0430\u043d\u043d\u044b\u0435 ADFS SP"
},
"metadata_adfs-idp": {
"no": "ADFS IdP metadata",
"nn": "ADFS IdP Metadata",
"sv": "ADFS IdP Metadata",
"es": "Metadatos IdP ADFS",
"nl": "ADFS IdP Metadata",
"sl": "ADFS IdP Metapodatki",
"da": "ADFS identitetsudbyders metadata",
"hr": "ADFS metapodaci o autentifikacijskom servisu",
"hu": "ADFS IdP Metaadatok",
"pt-br": "ADFS IdP Metadata",
"pt": "Metadados ADFS IdP",
"pl": "ADFS IdP - Metadane",
"cs": "ADFS IdP Metadata",
"tr": "ADFS IdP \u00dcstveri (Metadata)",
"de": "ADFS IdP Metadaten",
"fr": "M\u00e9tadonn\u00e9es d'IdP ADFS",
"it": "Metadati ADFS IdP",
"ja": "ADFS IdP\u30e1\u30bf\u30c7\u30fc\u30bf",
"lt": "ADFS IdP Metaduomenys",
"zh-tw": "ADFS IdP \u8a6e\u91cb\u8cc7\u6599",
"et": "ADFS IdP metaandmed",
"he": "\u05de\u05d8\u05d0-\u05de\u05d9\u05d3\u05e2 \u05e9\u05dc \u05e1\u05d6 \u05de\u05e1\u05d5\u05d2 ADFS ",
"zh": "ADFS IdP \u5143\u4fe1\u606f",
"ar": "\u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a \u0627\u0644\u0648\u0635\u0641\u064a\u0629 \u0644 ADFS IdP",
"lv": "ADFS IdP metadati",
"id": "Metadata ADFS IdP",
"sr": "ADFS IdP metapodaci",
"ro": "Metadate furnizor de identitate (IdP) ADFS",
"ru": "\u041c\u0435\u0442\u0430\u0434\u0430\u043d\u043d\u044b\u0435 ADFS IdP"
},
"metadata_intro": {
"no": "Her er metadata som simpleSAMLphp har generert for deg. Du m\u00e5 utveksle metadata med de partene du stoler p\u00e5 for \u00e5 sette opp en f\u00f8derasjon.",
"nn": "Her er metadata generert av simpleSAMLphp for deg. Du kan senda dette metadata-dokumentet til dine partnarar, slik at de kan setja opp ein tillitsf\u00f8derasjon.",
"sv": "simpleSAMLphp har har genererat f\u00f6ljande metadata. F\u00f6r att s\u00e4tta upp en betrodd federation kan du skicka metadata till de parter du har f\u00f6rtroende f\u00f6r.",
@ -1060,8 +1330,12 @@
"he": "\u05d4\u05e0\u05d4 \u05d4\u05de\u05d8\u05d0-\u05de\u05d9\u05d3\u05e2 \u05e9 simpleSAMLphp \u05d9\u05d9\u05e6\u05e8 \u05e2\u05d1\u05d5\u05e8\u05da. \u05d0\u05ea\u05d4 \u05d9\u05db\u05d5\u05dc \u05dc\u05e9\u05dc\u05d5\u05d7 \u05d0\u05ea \u05de\u05e1\u05de\u05da \u05d4\u05de\u05d8\u05d0-\u05de\u05d9\u05d3\u05e2 \u05dc\u05e9\u05d5\u05ea\u05e4\u05d9\u05dd \u05de\u05d4\u05d9\u05de\u05e0\u05d9\u05dd \u05db\u05d3\u05d9 \u05dc\u05d9\u05e6\u05d5\u05e8 \u05d0\u05d9\u05d7\u05d5\u05d3 \u05de\u05d0\u05d5\u05d1\u05d8\u05d7. ",
"zh": "\u8fd9\u91cc\u662fsimpleSAMLphp\u4e3a\u4f60\u751f\u6210\u7684\u5143\u4fe1\u606f\uff0c\u4f60\u5e94\u8be5\u53d1\u9001\u8fd9\u4e2a\u5143\u4fe1\u606f\u6587\u6863\u7ed9\u4f60\u7684\u4fe1\u4efb\u7684\u5408\u4f5c\u4f19\u4f34\u4ee5\u5efa\u7acb\u4fe1\u4efb\u7684\u8054\u76df",
"ar": "\u0647\u0630\u0647 \u0647\u064a \u0628\u064a\u0627\u0646\u0627\u062a\u0643 \u0627\u0644\u0648\u0635\u0641\u064a\u0629 \u0627\u0644\u0645\u062c\u0647\u0632\u0629 \u0628\u0648\u0627\u0633\u0637\u0629 SAMLphp. \u0644\u0644\u062a\u062c\u0647\u064a\u0632 \u0644\u0641\u062f\u0631\u0627\u0644\u064a\u0629 \u0645\u0648\u062b\u0648\u0642 \u0628\u0647\u0627 \u0642\u0645 \u0628\u0625\u0631\u0633\u0627\u0644 \u0647\u0630\u0647 \u0627\u0644\u0648\u062b\u064a\u0642\u0629 \u0644\u0634\u0631\u0643\u0627\u0621 \u0645\u0648\u062b\u0648\u0642 \u0628\u0647\u0645",
"lv": "\u0160eit ir simpleSAMLphp \u0123ener\u0113tie metadati. J\u016bs varat tos s\u016bt\u012bt partneriem, lai izveidotu uzticamu feder\u0101ciju.",
"id": "Berikut ini adalah simpleSAMLphp metadata yang telah digenerate untuk Anda. Anda dapat mengirim dokumen metadata ini kepada rekan yang dipercayai untuk mensetup federasi terpercaya.",
"sr": "Ovo su metapodaci koje je simpleSAMLphp izgenerisao za vas. Te metapodatke mo\u017eete poslati davaocima servisa ili davaocima identiteta u koje imate poverenja i sa kojima \u017eelite uspostaviti federaciju."
"sr": "Ovo su metapodaci koje je simpleSAMLphp izgenerisao za vas. Te metapodatke mo\u017eete poslati davaocima servisa ili davaocima identiteta u koje imate poverenja i sa kojima \u017eelite uspostaviti federaciju.",
"ro": "Acestea sunt metadate generate de simpleSAMLphp. Metadatele pot fi trimise c\u0103tre parteneri de \u00eencredere pentru a configura o federa\u021bie de \u00eencredere.",
"ru": "\u041c\u0435\u0442\u0430\u0434\u0430\u043d\u043d\u044b\u0435, \u0441\u0433\u0435\u043d\u0435\u0440\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u0434\u043b\u044f \u0432\u0430\u0441 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e simpleSAMLphp. \u0412\u044b \u043c\u043e\u0436\u0435\u0442\u0435 \u043e\u0442\u043f\u0440\u0430\u0432\u0438\u0442\u044c \u0434\u0430\u043d\u043d\u044b\u0439 \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442 \u0441 \u043c\u0435\u0442\u0430\u0434\u0430\u043d\u043d\u044b\u043c\u0438 \u0434\u043e\u0432\u0435\u0440\u0435\u043d\u043d\u044b\u043c \u043f\u0430\u0440\u0442\u043d\u0435\u0440\u0430\u043c \u0434\u043b\u044f \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u044f \u0444\u0435\u0434\u0435\u0440\u0430\u0446\u0438\u0438.",
"eu": "Hona hemen simpleSAMLphp-ak zuretzat sortu dituen metadatuak. Metadatuen dokumentu hau konfidantzazko zure kideei bidal diezaiekezu federazio bat konfiguratzeko."
},
"metadata_xmlurl": {
"no": "Du kan n\u00e5 <a href=\"%METAURL%\">metadata i XML-format p\u00e5 en dedikert URL<\/a>:",
@ -1088,14 +1362,18 @@
"he": "\u05d0\u05ea\u05d4 \u05d9\u05db\u05d5\u05dc <a href=\"%METAURL%\">\u05dc\u05e7\u05d1\u05dc \u05d0\u05ea \u05d4\u05de\u05d8\u05d0 \u05de\u05d9\u05d3\u05e2 \u05d1\u05db\u05ea\u05d5\u05d1\u05ea \u05e0\u05e4\u05e8\u05d3\u05ea<\/a>:",
"zh": "\u4f60\u53ef\u4ee5\u5728 <a href=\"%METAURL%\">\u83b7\u53d6\u5143\u4fe1\u606fXML<\/a>",
"ar": "\u064a\u0645\u0643\u0646\u0643 \u0627\u0644\u062d\u0635\u0648\u0644 \u0639\u0644\u064a \u0628\u064a\u0627\u0646\u0627\u062a\u0643 \u0627\u0644\u0648\u0635\u0641\u064a\u0629 \u0628\u0645\u0644\u0641 xml \u0628 URL \u0645\u062a\u062e\u0635\u0635 \u0628\u0625\u062f\u062e\u0627\u0644<a href=\"%METAURL%\">",
"lv": "J\u016bs varat <a href=\"%METAURL%\">sa\u0146emt metadatu xml \u0161aj\u0101 URL<\/a>:",
"id": "Anda dapat <a href=\"%METAURL%\">mendapatkan xml metadata pada URL tersendiri<\/a>:",
"sr": "Metapodaci su dostupni na <a href=\"%METAURL%\">ovoj adresi<\/a>:"
"sr": "Metapodaci su dostupni na <a href=\"%METAURL%\">ovoj adresi<\/a>:",
"ro": "Pute\u021bi accesa <a href=\"%METAURL%\">metadatele xml de la un URL dedicat<\/a>:",
"ru": "\u0412\u044b \u043c\u043e\u0436\u0435\u0442\u0435<a href=\"%METAURL%\"> \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c xml \u0444\u0430\u0439\u043b \u0441 \u043c\u0435\u0442\u0430\u0434\u0430\u043d\u043d\u044b\u043c\u0438 \u043f\u043e \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0435\u043c\u0443 URL<\/a>:",
"eu": "<a href=\"%METAURL%\">xml metadatuekin URL bat<\/a> eskura dezakezu:"
},
"metadata_simplesamlformat": {
"no": "I simpleSAMLphp format - bruk denne dersom du benytter simpleSAMLphp i den andre enden:",
"nn": "P\u00e5 flat fil for simpleSAMLphp. Bruk denne dersom du bruker simpleSAMLphp p\u00e5 andre sida:",
"sv": "I filformatet f\u00f6r simpleSAML, anv\u00e4nd detta detta format om simpleSAMLphp anv\u00e4nds i mottagende sida:",
"es": "en un fichero de formato simpleSAMLphp - utilice esta opci\u00f3n si est\u00e1 usando una entidad simpleSAMLphp en el otro extremo:",
"es": "En un fichero de formato simpleSAMLphp - utilice esta opci\u00f3n si est\u00e1 usando una entidad simpleSAMLphp en el otro extremo:",
"nl": "In simpleSAMLphp flat file formaat - gebruik dit wanneer uw federatiepartner ook simpleSAMLphp gebruikt",
"sl": "V simpleSAMLphp \"flat file\" formatu - ta format uporabite, \u010de uporabljate simpleSAMLphp entiteto na drugi strani:",
"da": "I simpleSAMLphp flat-file format - brug dette hvis du ogs\u00e5 bruger simpleSAMLphp i den anden ende;",
@ -1115,8 +1393,12 @@
"he": "\u05d1\u05ea\u05d1\u05e0\u05d9\u05ea \u05e7\u05d5\u05d1\u05e5 simpleSAMLphp \u05e9\u05d8\u05d5\u05d7 - \u05dc\u05de\u05e7\u05e8\u05d9\u05dd \u05d1\u05d4\u05dd \u05d0\u05ea\u05d4 \u05de\u05e9\u05ea\u05de\u05e9 \u05d1\u05d9\u05e9\u05d5\u05ea simpleSAMLphp \u05d1\u05e6\u05d3 \u05d4\u05e9\u05e0\u05d9: ",
"zh": "\u5982\u679c\u4f60\u60f3\u5728\u5176\u4ed6\u7f51\u7ad9\u4f7f\u7528\u7684simpleSAMLphp\uff0c\u90a3\u4e48\u4f60\u5e94\u8be5\u4f7f\u7528simpleSAMLphp\u6241\u5e73\u7684\u6587\u4ef6\u683c\u5f0f",
"ar": "\u0628\u0635\u064a\u063a\u0629 simpleSAMLphp- \u0627\u0633\u062a\u062e\u062f\u0645 \u0647\u0630\u0647 \u0627\u0644\u0635\u064a\u063a\u0629 \u0627\u0646 \u0643\u0646\u062a \u062a\u0633\u062a\u062e\u062f\u0645 \u0648\u062d\u062f\u0629 simpleSAMLphp \u0628\u0627\u0644\u0627\u062a\u062c\u0627\u0647 \u0627\u0644\u0627\u062e\u0631 \u0627\u064a\u0636\u0627\u064b",
"lv": "SimpleSAMLphp parasta faila form\u0101t\u0101 - lietojiet \u0161o, ja izmantojat simpleSAMLphp ent\u012btiju otr\u0101 gal\u0101:",
"id": "Dalam format file biasa simpleSAMLphp - gunakan ini jika Anda menggunakan entiti simpleSAMLphp pada sisi lain:",
"sr": "U simpleSAMLphp formatu - koristite ovu opciju ako se na drugoj strani tako\u0111e nalazi simpleSAMLphp entitet:"
"sr": "U simpleSAMLphp formatu - koristite ovu opciju ako se na drugoj strani tako\u0111e nalazi simpleSAMLphp entitet:",
"ro": "\u00cen format fi\u0219ier simplu simpleSAMLphp - utiliza\u021bi aceast\u0103 variant\u0103 dac\u0103 \u00een cap\u0103tul cel\u0103lalt folosi\u021bi o entitate simpleSAMLphp:",
"ru": "\u0424\u043e\u0440\u043c\u0430\u0442 \u043f\u0440\u043e\u0441\u0442\u043e\u0433\u043e simpleSAMLphp \u0444\u0430\u0439\u043b\u0430",
"eu": "simpleSAMLphp formatuko fitxategi batean - beste muturrean simpleSAMLphp entitate bat erabiltzen ariz gero, erabil ezazu aukera hau:"
},
"debug_sending_message_title": {
"no": "Sender melding",
@ -1132,6 +1414,7 @@
"pt": "A enviar a mensagem",
"pl": "Wysy\u0142anie wiadomo\u015bci",
"cs": "Pos\u00edl\u00e1m zpr\u00e1vu",
"eu": "Mezua bidaltzen",
"tr": "Mesaj g\u00f6nderiliyor",
"de": "Sende Nachricht",
"fr": "Envoi du message",
@ -1143,8 +1426,11 @@
"he": "\u05e9\u05d5\u05dc\u05d7 \u05d4\u05d5\u05d3\u05e2\u05d4",
"zh": "\u6b63\u5728\u53d1\u9001\u6d88\u606f",
"ar": "\u0627\u0631\u0633\u0644 \u0631\u0633\u0627\u0644\u0629",
"lv": "Zi\u0146as s\u016bt\u012b\u0161ana",
"id": "Mengirimpan pesan",
"sr": "\u0160aljem poruku"
"sr": "\u0160aljem poruku",
"ro": "Se trimite mesajul",
"ru": "\u041e\u0442\u043f\u0440\u0430\u0432\u043a\u0430 \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u044f"
},
"debug_sending_message_text_button": {
"no": "Du er i ferd med \u00e5 sende en melding. Trykk knappen \u00abSend melding\u00bb for \u00e5 fortsette.",
@ -1159,6 +1445,7 @@
"pt-br": "Voc\u00ea est\u00e1 prestes a enviar uma mensagem. Aperte o bot\u00e3o enviar mensagem para continuar.",
"pt": "Est\u00e1 prestes a enviar uma mensagem. Carregue no bot\u00e3o para continuar.",
"cs": "M\u016f\u017eete poslat zpr\u00e1vu. Po\u017eijte tla\u010d\u00edtko k pokra\u010dov\u00e1n\u00ed.",
"eu": "Mezu bat bidaltzeari ekingo zaio. Saka ezazu \"Mezua bidali\" botoia jarraitzeko.",
"tr": "Mesaj g\u00f6ndermek \u00fczeresiniz. Devam etmek i\u00e7in mesaj g\u00f6nder butonuna t\u0131klay\u0131n.",
"de": "Sie sind dabei eine Nachricht zu senden. Klicken Sie auf den Nachricht senden Knopf um fortzufahren.",
"fr": "Vous allez envoyer un message. Cliquez sur le bouton d'envoi pour continuer.",
@ -1170,8 +1457,11 @@
"he": "\u05d0\u05ea\u05d4 \u05e2\u05d5\u05de\u05d3 \u05dc\u05e9\u05dc\u05d5\u05d7 \u05d4\u05d5\u05d3\u05e2\u05d4. \u05dc\u05d7\u05e5 \u05e2\u05dc \u05db\u05e4\u05ea\u05d5\u05e8 \u05d4\u05e9\u05dc\u05d9\u05d7\u05d4 \u05db\u05d3\u05d9 \u05dc\u05d4\u05de\u05e9\u05d9\u05da.",
"zh": "\u4f60\u51c6\u5907\u53d1\u9001\u4e00\u4e2a\u6d88\u606f\uff0c\u8bf7\u70b9\u51fb\u63d0\u4ea4\u6309\u94ae\u4ee5\u7ee7\u7eed",
"ar": "\u0627\u0646\u062a \u0639\u0644\u064a \u0648\u0634\u0643 \u0625\u0631\u0633\u0627\u0644 \u0631\u0633\u0627\u0644\u0629. \u0627\u0636\u063a\u0637 \u0639\u0644\u064a \u0627\u0644\u0632\u0631 \u0644\u0644\u0645\u0648\u0627\u0635\u0644\u0629",
"lv": "J\u016bs gatavojaties s\u016bt\u012bt zi\u0146u. Spiediet pogu S\u016bt\u012bt zi\u0146u.",
"id": "Anda baru saja akan mengirim sebuah pesan. Tekan tombol submit pesan untuk melanjutkan.",
"sr": "Kliknite na dugme \"Po\u0161alji poruku\" da biste poslali poruku."
"sr": "Kliknite na dugme \"Po\u0161alji poruku\" da biste poslali poruku.",
"ro": "Mesajul este preg\u0103tit pentru a fi trimis. Ap\u0103sa\u021bi butonul de trimitere pentru a continua.",
"ru": "\u0412\u044b \u0441\u043e\u0431\u0438\u0440\u0430\u0435\u0442\u0435\u0441\u044c \u043e\u0442\u043f\u0440\u0430\u0432\u0438\u0442\u044c \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u0435. \u041a\u043b\u0438\u043a\u043d\u0438\u0442\u0435 \u043a\u043b\u0430\u0432\u0438\u0448\u0443 \u043e\u0442\u043f\u0440\u0430\u0432\u043a\u0438 \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u043f\u0440\u043e\u0434\u043e\u043b\u0436\u0435\u043d\u0438\u044f."
},
"debug_disable_debug_mode": {
"no": "Do kan skru av debug modus i den globale simpleSAMLphp konfigurasjonsfila <tt>config\/config.php<\/tt>.",
@ -1198,8 +1488,12 @@
"he": "\u05d0\u05ea\u05d4 \u05d9\u05db\u05d5\u05dc \u05dc\u05db\u05d1\u05d5\u05ea \u05d0\u05ea \u05de\u05e6\u05d1 \u05d1\u05d3\u05d9\u05e7\u05ea \u05d4\u05d1\u05d0\u05d2\u05d9\u05dd \u05d1\u05e7\u05d5\u05d1\u05e5 \u05d1\u05d4\u05d4\u05d2\u05d3\u05e8\u05d5\u05ea \u05d4\u05d2\u05dc\u05d5\u05d1\u05dc\u05d9 \u05e9\u05dc simpleSAMLphp <tt>config\/config.php<\/tt>.",
"zh": "\u4f60\u53ef\u4ee5\u5173\u95ed\u8c03\u8bd5\u6a21\u5f0f\uff0c\u5728simpleSAMLphp\u5168\u5c40\u914d\u7f6e\u6587\u4ef6<tt>config\/config.php<\/tt>\u4e2d",
"ar": "\u064a\u0645\u0643\u0646\u0643 \u0625\u063a\u0644\u0627\u0642 \u062d\u0627\u0644\u0629 \u0627\u0644\u062a\u0635\u062d\u064a\u062d \u0628\u0645\u0644\u0641 \u062a\u0631\u062a\u064a\u0628 simpleSAMLphp<tt>config\/config.php<\/tt>",
"lv": "J\u016bs varat izsl\u0113gt atk\u013c\u016bdo\u0161anas re\u017e\u012bmu glob\u0101laj\u0101 simpleSAMLphp konfigur\u0101cijas fail\u0101 <tt>config\/config.php<\/tt>.",
"id": "Anda dapat menonaktifkan mode debuh pada file konfigurasi global simpleSAMLhphp <tt>config\/config.php<\/tt>.",
"sr": "Debug mod mo\u017eete isklju\u010diti u glavnom simpleSAMLphp konfiguracionom fajlu <tt>config\/config.php<\/tt>. "
"sr": "Debug mod mo\u017eete isklju\u010diti u glavnom simpleSAMLphp konfiguracionom fajlu <tt>config\/config.php<\/tt>. ",
"ro": "Se poate opri modul de depanare \u00een fi\u0219ierul de configurare simpleSAMLphp <tt>config\/config.php<\/tt>.",
"ru": "\u0412\u044b \u043c\u043e\u0436\u0435\u0442\u0435 \u043e\u0442\u043a\u043b\u044e\u0447\u0438\u0442\u044c \u0440\u0435\u0436\u0438\u043c \u043e\u0442\u043b\u0430\u0434\u043a\u0438 \u0432 \u0444\u0430\u0439\u043b\u0435 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438 global simpleSAMLphp -<tt>config\/config.php<\/tt>. ",
"eu": "Arazketa modua desaktibatu daiteke simpleSAMLphp <tt>config\/config.php<\/tt> konfigurazio orokorreko fitxategian."
},
"metaover_group_metadata.saml20-sp-hosted": {
"no": "SAML 2.0 tjenesteleverand\u00f8r (intern)",
@ -1226,8 +1520,12 @@
"he": "\u05e1\u05e4\u05e7 \u05e9\u05d9\u05e8\u05d5\u05ea \u05de\u05e7\u05d5\u05de\u05d9 \u05de\u05e1\u05d5\u05d2 SAML 2.0",
"zh": "SAML 2.0 \u670d\u52a1\u63d0\u4f9b\u8005\uff08\u672c\u5730\uff09",
"ar": "\u0645\u0642\u062f\u0645 \u062e\u062f\u0645\u0629 SAML 2.0 (\u0627\u0644\u0645\u0633\u062a\u0636\u0627\u0641)",
"lv": "SAML 2.0 servisa pieg\u0101d\u0101t\u0101js (host\u0113ts)",
"id": "Service Provider SAML 2.0 (Hosted)",
"sr": "SAML 2.0 Davalac Servisa (lokalni)"
"sr": "SAML 2.0 Davalac Servisa (lokalni)",
"ro": "Furnizor de servicii SAML 2.0 (g\u0103zduit)",
"ru": "\u0421\u0435\u0440\u0432\u0438\u0441 \u043f\u0440\u043e\u0432\u0430\u0439\u0434\u0435\u0440 SAML 2.0 (\u043b\u043e\u043a\u0430\u043b\u044c\u043d\u043e\u0435 \u0440\u0430\u0437\u043c\u0435\u0449\u0435\u043d\u0438\u0435)",
"eu": "SAML 2.0 Zerbitzu hornitzailea (Anfitrioia)"
},
"cfg_check_notices": {
"no": "Notiser",
@ -1255,8 +1553,11 @@
"ru": "\u0423\u0432\u0435\u0434\u043e\u043c\u043b\u0435\u043d\u0438\u044f",
"zh": "\u901a\u544a",
"ar": "\u0645\u0644\u062d\u0648\u0638\u0627\u062a",
"lv": "Br\u012bdin\u0101jumi",
"id": "Pemberitahuan",
"sr": "Napomene"
"sr": "Napomene",
"ro": "Note\/Observa\u021bii",
"eu": "Oharrak"
},
"metadata_cert": {
"nl": "Certificaten",
@ -1271,10 +1572,18 @@
"hu": "Tan\u00fas\u00edtv\u00e1nyok.",
"ar": "\u0627\u0644\u0634\u0647\u0627\u062f\u0627\u062a",
"hr": "Certifikati",
"lv": "Sertifik\u0101ti",
"id": "Sertifikat",
"sr": "Sertifikati",
"nn": "Sertifikat",
"fr": "Certificats"
"fr": "Certificats",
"cs": "Certifik\u00e1ty",
"it": "Certificati",
"es": "Certificados",
"ro": "Certificate",
"ru": "\u0421\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u044b",
"no": "Sertifikater",
"eu": "Ziurtagiriak"
},
"metadata_cert_intro": {
"nl": "Download de X509-certificaten in PEM-formaat.",
@ -1289,9 +1598,17 @@
"hu": "PEM form\u00e1tum\u00fa X509 tan\u00fas\u00edtv\u00e1ny let\u00f6lt\u00e9se.",
"ar": "\u062d\u0645\u0644 \u0634\u0647\u0627\u062f\u0627\u062a X509 \u0643\u0645\u0644\u0641\u0627\u062a \u0628\u062a\u0631\u0645\u064a\u0632 PEM",
"hr": "Preuzmite X509 certifikate u PEM formatu.",
"lv": "Lejupiel\u0101d\u0113t X509 sertifik\u0101tus k\u0101 PEM-kod\u0113tus failus.",
"id": "Download sertifikat X509 sebagai file dikodekan-PEM.",
"sr": "Preuzmite X509 sertifikate u PEM formatu.",
"nn": "Last ned X509-sertifikat som PEM-koda filer",
"fr": "T\u00e9l\u00e9charger les certificats X509 en tant que fichiers encod\u00e9s PEM."
"fr": "T\u00e9l\u00e9charger les certificats X509 en tant que fichiers encod\u00e9s PEM.",
"cs": "St\u00e1hn\u011bte certifik\u00e1t X509 jako PEM-encoded soubor",
"it": "Scarica i certificati X509 come file PEM-encoded",
"es": "Descargar los certificados X509 en formato PEM.",
"ro": "Desc\u0103rca\u021bi certificatele X509 ca fi\u0219iere PEM.",
"ru": "\u0421\u043a\u0430\u0447\u0430\u0442\u044c \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u044b X509 \u0432 \u0444\u043e\u0440\u043c\u0430\u0442\u0435 PEM \u0444\u0430\u0439\u043b\u043e\u0432.",
"no": "Last ned X509-sertifikatene som PEM-filer.",
"eu": "X509 ziurtagiriak PEM formatuan deskargatu."
}
}

View File

@ -20,6 +20,9 @@
"attribute_mail": {
"en": "Mail"
},
"attribute_ismemberof": {
"en": "Group membership"
},
"attribute_mobile": {
"en": "Mobile"
},

View File

@ -10,7 +10,7 @@
"lb": "Zesummenschloss",
"sl": "Vloga uporabnika",
"da": "Brugerens tilknytning til hjemmeorganisationen",
"se": "Du doaibma organisa&#353;uvnnas",
"se": "Du doaibma organisa\u0161uvnnas",
"hr": "Povezanost s ustanovom",
"hu": "Viszony",
"fi": "Suhde organisaatioon",
@ -29,7 +29,10 @@
"zh": "\u8054\u7edc\u65b9\u5f0f",
"sr": "Povezanost sa institucijom",
"ar": "\u062c\u0647\u0629 \u0627\u0644\u0639\u0645\u0644",
"id": "Afiliasi"
"id": "Afiliasi",
"lv": "Pieder\u012bba",
"ro": "Afiliere",
"eu": "Afiliazioa"
},
"attribute_title": {
"no": "Tittel",
@ -49,6 +52,7 @@
"pt": "T\u00edtulo",
"pl": "Tytu\u0142 (Title)",
"cs": "Nadpis",
"eu": "Tratamendua",
"tr": "Ba\u015fl\u0131k",
"it": "Titolo",
"lt": "Pavadinimas",
@ -60,7 +64,9 @@
"zh": "\u6807\u9898",
"sr": "Zvanje",
"ar": "\u0627\u0644\u0644\u0642\u0628",
"id": "Gelar"
"id": "Gelar",
"lv": "Amats",
"ro": "Titlu\/titulatur\u0103"
},
"attribute_uid": {
"no": "Bruker-ID",
@ -81,6 +87,7 @@
"pt": "Identifica\u00e7\u00e3o de utilizador",
"pl": "ID u\u017cytkownika (User ID)",
"cs": "Identifik\u00e1tor (UID)",
"eu": "Erabiltzaile ID",
"tr": "Kullan\u0131c\u0131 ID",
"it": "Identificativo utente",
"lt": "Naudotojo ID",
@ -92,7 +99,9 @@
"zh": "\u7528\u6237ID",
"sr": "Korisni\u010dko ime",
"ar": "\u0627\u0644\u0627\u0633\u0645 \u0627\u0644\u062a\u0639\u0631\u064a\u0641\u064a \u0644\u0644\u0645\u0633\u062a\u062e\u062f\u0645",
"id": "User ID"
"id": "User ID",
"lv": "Lietot\u0101ja ID",
"ro": "ID utilizator"
},
"attribute_sn": {
"no": "Etternavn",
@ -113,6 +122,7 @@
"pt": "Nome de fam\u00edlia",
"pl": "Nazwisko (Surname)",
"cs": "P\u0159\u00edjmen\u00ed",
"eu": "Abizenak",
"tr": "Soyad\u0131",
"it": "Cognome",
"lt": "Pavard\u0117",
@ -124,7 +134,9 @@
"zh": "\u59d3",
"sr": "Prezime",
"ar": "\u0627\u0633\u0645 \u0627\u0644\u0639\u0627\u0626\u0644\u0647",
"id": "Nama Keluaga"
"id": "Nama Keluaga",
"lv": "Uzv\u0101rds",
"ro": "Nume de familie"
},
"attribute_givenname": {
"no": "Fornavn",
@ -156,7 +168,10 @@
"zh": "\u540d",
"sr": "Ime",
"ar": "\u0627\u0644\u0627\u0633\u0645",
"id": "Nama"
"id": "Nama",
"lv": "V\u0101rds",
"ro": "Prenume",
"eu": "Izena"
},
"attribute_cn": {
"no": "Fullt navn",
@ -188,7 +203,10 @@
"zh": "\u5e38\u7528\u540d\u5b57",
"sr": "Ime i Prezime",
"ar": "\u0623\u0633\u0645\u0627\u0621 \u0627\u062e\u0631\u064a",
"id": "Common Name"
"id": "Common Name",
"lv": "V\u0101rds",
"ro": "Nume comun",
"eu": "Izen arrunta (CN)"
},
"attribute_mail": {
"no": "E-post",
@ -201,7 +219,7 @@
"lb": "E-mail",
"sl": "Elektronski naslov",
"da": "Emailadresse",
"se": "Elektrovnnala&#353; poasta&#269;ijuhus",
"se": "Elektrovnnala\u0161 poasta\u010dijuhus",
"hr": "Elektroni\u010dka adresa",
"hu": "E-mail",
"fi": "S\u00e4hk\u00f6posti",
@ -209,6 +227,7 @@
"pt": "E-mail",
"pl": "E-mail",
"cs": "Email",
"eu": "Posta",
"tr": "Posta",
"it": "Mail",
"lt": "El.pa\u0161tas",
@ -220,7 +239,9 @@
"zh": "\u90ae\u7bb1",
"sr": "Elektronska adresa",
"ar": "\u0627\u0644\u0639\u0646\u0648\u0627\u0646 \u0627\u0644\u0628\u0631\u064a\u062f\u064a",
"id": "Mail"
"id": "Mail",
"lv": "Pasts",
"ro": "Mail"
},
"attribute_mobile": {
"no": "Mobiltelefon",
@ -233,7 +254,7 @@
"lb": "GSM Nummer",
"sl": "Mobilni telefon",
"da": "Telefonnummer (mobil)",
"se": "M&aacute;tketelefovdna",
"se": "M\u00e1tketelefovdna",
"hr": "Broj mobilnog telefona",
"hu": "Mobil",
"fi": "K\u00e4nnykk\u00e4",
@ -241,6 +262,7 @@
"pt": "Telem\u00f3vel",
"pl": "Telefon kom\u00f3rkowy (Mobile)",
"cs": "Mobil",
"eu": "Mugikorra",
"tr": "Cep telefonu numaras\u0131",
"it": "Cellulare",
"lt": "Mobiliojo numeris",
@ -252,7 +274,9 @@
"zh": "\u624b\u673a",
"sr": "Broj mobilnog telefona",
"ar": "\u0631\u0642\u0645 \u0627\u0644\u0647\u0627\u062a\u0641 \u0627\u0644\u0633\u064a\u0627\u0631",
"id": "Handphone"
"id": "Handphone",
"lv": "Mobilais telefons",
"ro": "Mobil"
},
"attribute_preferredlanguage": {
"no": "Foretrukket spr\u00e5k",
@ -265,7 +289,7 @@
"lb": "Lieblingssprooch",
"sl": "\u017delen jezik",
"da": "Foretrukket sprog (evt. flere)",
"se": "Vuostta&#353;v&aacute;lljejuvvon giella dehe giellah&aacute;pmi",
"se": "Vuostta\u0161v\u00e1lljejuvvon giella dehe giellah\u00e1pmi",
"hr": "Primarni jezik",
"hu": "Els\u0151dleges nyelv",
"fi": "Ensisijainen kieli",
@ -284,7 +308,10 @@
"zh": "\u9996\u9009\u8bed\u8a00",
"sr": "Preferirani jezik",
"ar": "\u0627\u0644\u0644\u063a\u0629 \u0627\u0644\u0645\u0641\u0636\u0644\u0629",
"id": "Pilihan Bahasa"
"id": "Pilihan Bahasa",
"lv": "V\u0113lam\u0101 valoda",
"ro": "Limba preferat\u0103",
"eu": "Hizkuntza lehenetsia"
},
"attribute_noredupersonnin": {
"no": "F\u00f8dselsnummer",
@ -316,7 +343,10 @@
"zh": "\u8eab\u4efd\u8bc1\u53f7\u7801",
"sr": "Jedinstveni brojni identifikator osobe",
"ar": "\u0627\u0644\u0631\u0642\u0645 \u0627\u0644\u062a\u0639\u0631\u064a\u0641\u064a \u0627\u0644\u0645\u0639\u064a\u0646 \u0645\u0646 \u0642\u0628\u0644 \u0627\u0644\u0633\u0644\u0637\u0627\u062a \u0627\u0644\u0639\u0627\u0645\u0629 ",
"id": "Identity number assigned by public authorities"
"id": "Identity number assigned by public authorities",
"lv": "Publisko autorit\u0101\u0161u pie\u0161\u0137irtais identit\u0101tes numurs",
"ro": "Num\u0103r de identitate atribuit de autorit\u0103\u021bi publice",
"eu": "Gizarte-segurantzako zenbakia"
},
"attribute_schachomeorganization": {
"no": "Unik ID for organisasjon",
@ -347,7 +377,10 @@
"zh": "\u9996\u9875\u7ec4\u7ec7\u7684\u57df\u540d",
"ar": "\u0627\u0633\u0645 \u0627\u0644\u0646\u0637\u0627\u0642 \u0627\u0644\u0645\u062e\u0635\u0635 \u0644\u0644\u0645\u0646\u0638\u0645\u0629\u0627\u0644\u0627\u0645\\\u0627\u0644\u0645\u0648\u0642\u0639 \u0627\u0644\u0627\u0645 ",
"id": "Home organization domain name",
"sr": "Domen mati\u010dne institucije"
"lv": "Organiz\u0101cijas domeins",
"sr": "Domen mati\u010dne institucije",
"ro": "Njumele de domeniu pentru institu\u021bia de origine",
"eu": "Jatorrizko erakundearen domeinu izena"
},
"attribute_organisationname": {
"no": "Navn p\u00e5 organisasjon",
@ -360,7 +393,7 @@
"lb": "Organisatiounsnumm",
"sl": "Ime organizacije",
"da": "Hjemmeorganisationens kaldenavn",
"se": "Organisa&#353;uvdna",
"se": "Organisa\u0161uvdna",
"hr": "Naziv ustanove",
"hu": "Szervezet neve",
"fi": "Organisaation nimi",
@ -368,6 +401,7 @@
"pt": "Nome da Organiza\u00e7\u00e3o",
"pl": "Nazwa organizacji (Organization name)",
"cs": "Jm\u00e9no organizace",
"eu": "Erakundearen izena",
"tr": "Kurulu\u015f ad\u0131",
"it": "Nome dell'organizzazione",
"lt": "Organizacijos pavadinimas",
@ -379,7 +413,9 @@
"zh": "\u7ec4\u7ec7\u540d\u79f0",
"sr": "Naziv mati\u010dne institucije",
"ar": "\u0627\u0633\u0645 \u0627\u0644\u0645\u0646\u0638\u0645\u0629\u0627\u0644\u0627\u0645\\\u0627\u0644\u0645\u0648\u0642\u0639 \u0627\u0644\u0627\u0645",
"id": "Organization name"
"id": "Organization name",
"lv": "Organiz\u0101cijas nosaukums",
"ro": "Denumirea institu\u021biei"
},
"attribute_edupersonentitlement": {
"no": "Rettighet",
@ -392,7 +428,7 @@
"lb": "Berechtegung",
"sl": "Upravi\u010denost do storitve",
"da": "Specifik rolle i forhold til tjenesten",
"se": "URI mii &#269;ilge dihto vuoigatvuo&#273;a dihto ressurssaide",
"se": "URI mii \u010dilge dihto vuoigatvuo\u0111a dihto ressurssaide",
"hr": "Pripadnost grupi",
"hu": "Ezekre a szolg\u00e1ltat\u00e1sokra jogosult",
"fi": "Organisaationoikeudet",
@ -411,7 +447,10 @@
"zh": "\u5173\u4e8e\u670d\u52a1\u7684\u6743\u5229",
"sr": "Prava i privilegije korisnika na sistemu",
"ar": "\u0627\u0633\u062a\u062d\u0642\u0627\u0642\u0627\u062a \u0627\u0644\u062e\u062f\u0645\u0629",
"id": "Hak mengenai layanan ini"
"lv": "Pilnvaras attiec\u012bb\u0101 uz servisu",
"id": "Hak mengenai layanan ini",
"ro": "Drepturi relativ la acest serviciu",
"eu": "Zerbitzuari dagokion eskubidea"
},
"attribute_edupersonscopedaffiliation": {
"no": "Gruppetilh\u00f8righet",
@ -424,7 +463,7 @@
"lb": "Gruppen Zougeh\u00e9iregket",
"sl": "Vloga v organizaciji",
"da": "Gruppemedlemskab",
"se": "Rolla diehto organisa&#353;uvnnas, dehe dihto domenas.",
"se": "Rolla diehto organisa\u0161uvnnas, dehe dihto domenas.",
"hr": "Povezanost s mati\u010dnom ustanovom",
"hu": "Saj\u00e1t int\u00e9zm\u00e9nyhez val\u00f3 viszony",
"fi": "Henkil\u00f6n rooli kotiorganisaatiossa",
@ -443,7 +482,10 @@
"zh": "\u5bb6\u5ead\u8054\u7edc\u5730\u5740",
"sr": "Povezanost sa institucijom sa domenom",
"ar": "\u0627\u0644\u0648\u0636\u0639 \u0623\u0648 \u0627\u0644\u0648\u0638\u064a\u0641\u0629 \u0628\u0627\u0644\u0645\u0646\u0638\u0645\u0629\u0627\u0644\u0627\u0645\\\u0627\u0644\u0645\u0648\u0642\u0639 \u0627\u0644\u0627\u0645",
"id": "Afiliasi di organisasi asal"
"lv": "Amats organiz\u0101cij\u0101",
"id": "Afiliasi di organisasi asal",
"ro": "Afiliere \u00een cadrul institu\u021biei de origine",
"eu": "Afiliazioa jatorrizko erakundean"
},
"attribute_edupersontargetedid": {
"no": "Persistent anonym ID",
@ -474,7 +516,10 @@
"sr": "Trajni anonimni identifikator",
"ar": "\u0627\u0644\u0627\u0633\u0645 \u0627\u0644\u0645\u0633\u062a\u0639\u0627\u0631 ",
"pl": "Trwa\u0142y anonimowy identyfikator",
"id": "Persistent pseudonymous ID"
"lv": "Past\u0101v\u012bgs pseidon\u012bma ID",
"id": "Persistent pseudonymous ID",
"ro": "ID pseudonim persistent",
"eu": "Goitizen ID etengabea"
},
"attribute_edupersonprincipalname": {
"no": "Personlig ID hos organisasjonen",
@ -506,7 +551,10 @@
"sr": "Jedinstveni identifikator osobe",
"ar": "\u0623\u0644\u0627\u0633\u0645 \u0628\u0627\u0644\u0645\u0646\u0638\u0645\u0629 \u0627\u0644\u0627\u0645\\\u0627\u0644\u0645\u0648\u0642\u0639 \u0627\u0644\u0627\u0645 ",
"pl": "G\u0142\u00f3wna nazwa u\u017cytkownika w instytucji macierzystej",
"id": "Nama kepala pada organisasi asal"
"lv": "Priek\u0161nieka v\u0101rds",
"id": "Nama kepala pada organisasi asal",
"ro": "Numele de identificare a persoanei la institu\u021bia de origine (de forma nume_utilizator@domeniu.ro)",
"eu": "Jatorrizko erakundean pertsonak duen izen nagusia"
},
"attribute_o": {
"no": "Navn p\u00e5 organisasjon",
@ -526,6 +574,7 @@
"pt": "Nome da organiza\u00e7\u00e3o",
"pl": "Nazwa organizacji (Organization name)",
"cs": "Jm\u00e9no organizace",
"eu": "Erakundearen izena",
"tr": "Organizasyon ad\u0131",
"it": "Nome dell'organizzazione",
"lt": "Organizacijos pavadinimas",
@ -537,7 +586,9 @@
"zh": "\u7ec4\u7ec7\u540d\u79f0",
"sr": "Naziv mati\u010dne institucije",
"ar": "\u0627\u0633\u0645 \u0627\u0644\u0645\u0646\u0638\u0645\u0629",
"id": "Nama organisasi"
"lv": "Organiz\u0101cijas nosaukums",
"id": "Nama organisasi",
"ro": "Denumirea institu\u021biei"
},
"attribute_dc": {
"no": "Navneledd (DC)",
@ -568,7 +619,10 @@
"zh": "Opened the web browser with tabs saved from the previous session.\u57df\u7ec4\u4ef6\uff08DC\uff09",
"sr": "Domenska komponenta (DC)",
"ar": "\u0645\u0643\u0648\u0646\u0627\u062a \u0627\u0644\u0646\u0637\u0627\u0642",
"id": "Domain component(DC)"
"lv": "Dom\u0113ns (DC)",
"id": "Domain component(DC)",
"ro": "Componenta de domeniu (DC)",
"eu": "Domeinuaren osagaia (DC)"
},
"attribute_displayname": {
"no": "Navn som normalt vises",
@ -598,8 +652,11 @@
"ru": "\u041e\u0442\u043e\u0431\u0440\u0430\u0436\u0430\u0435\u043c\u043e\u0435 \u0438\u043c\u044f",
"zh": "\u663e\u793a\u540d\u79f0",
"ar": "\u0627\u0644\u0627\u0633\u0645 \u0627\u0644\u0645\u0633\u062a\u062e\u062f\u0645 ",
"lv": "Par\u0101d\u0101mais v\u0101rds",
"id": "Nama yang ditampilkan",
"sr": "Ime za prikaz"
"sr": "Ime za prikaz",
"ro": "Nume afi\u0219at",
"eu": "Bistaratzeko izena"
},
"attribute_facsimiletelephonenumber": {
"no": "Faksnummer",
@ -618,6 +675,7 @@
"pt": "N\u00famero de Fax",
"pl": "Numer Faksu (Fax number)",
"cs": "Fax",
"eu": "Fax-zenbakia",
"tr": "Faks numaras\u0131",
"fr": "Num\u00e9ro de fax",
"it": "Numero di fax",
@ -630,7 +688,9 @@
"zh": "\u4f20\u771f\u53f7\u7801",
"sr": "Fax broj",
"ar": "\u0631\u0642\u0645 \u0627\u0644\u0641\u0627\u0643\u0633",
"id": "No Fax"
"lv": "Fakss",
"id": "No Fax",
"ro": "Num\u0103r de fax"
},
"attribute_homephone": {
"no": "Hjemmetelefon",
@ -649,6 +709,7 @@
"pt": "Telefone de resid\u00eancia",
"pl": "Telefon domowy (Home telephone)",
"cs": "Telefon dom\u016f",
"eu": "Etxeko telefonoa",
"tr": "Ev telefonu",
"fr": "T\u00e9l\u00e9phone personnel",
"it": "Telefono",
@ -661,7 +722,9 @@
"zh": "\u5bb6\u5ead\u7535\u8bdd",
"sr": "Ku\u0107ni telefonski broj",
"ar": "\u0631\u0642\u0645 \u0627\u0644\u0647\u0627\u062a\u0641 \u0627\u0644\u0645\u0646\u0632\u0644\u064a",
"id": "Telepon rumah"
"lv": "Telefons",
"id": "Telepon rumah",
"ro": "Telefon acas\u0103"
},
"attribute_homepostaladdress": {
"no": "Postadresse hjemme",
@ -692,7 +755,10 @@
"zh": "\u5bb6\u5ead\u90ae\u653f\u5730\u5740",
"sr": "Ku\u0107na po\u0161tanska adresa",
"ar": "\u0627\u0644\u0639\u0646\u0648\u0627\u0646 \u0627\u0644\u0628\u0631\u064a\u062f\u064a",
"id": "Alamat pos rumah"
"lv": "Pasta adrese",
"id": "Alamat pos rumah",
"ro": "Adresa po\u0219tal\u0103 de acas\u0103",
"eu": "Etxeko helbidea"
},
"attribute_jpegphoto": {
"no": "JPEG-foto",
@ -711,6 +777,7 @@
"pt": "Foto JPEG",
"pl": "Fotografia JPEG",
"cs": "Foto JPEG",
"eu": "JPEG argazkia",
"tr": "JPEG foto\u011fraf",
"fr": "Photo JPEG",
"it": "Foto JPEG",
@ -723,7 +790,9 @@
"zh": "JPEG\u56fe\u7247",
"sr": "Slika osobe",
"ar": "\u0635\u0648\u0631\u0629 (JPEG)",
"id": "Foto JPEG"
"lv": "JPEG fotogr\u0101fija",
"id": "Foto JPEG",
"ro": "Fotografie JPEG"
},
"attribute_l": {
"no": "Sted",
@ -754,7 +823,10 @@
"zh": "\u4f4d\u7f6e",
"sr": "Lokacija(Mesto)",
"ar": "\u0627\u0644\u0645\u062d\u0644\u064a\u0629",
"id": "Lokalitas"
"lv": "Atra\u0161an\u0101s vieta",
"id": "Lokalitas",
"ro": "Localitate",
"eu": "Herria"
},
"attribute_labeleduri": {
"no": "URI med valgfri tilleggskommentar",
@ -785,7 +857,10 @@
"zh": "\u6807\u7b7eURI",
"sr": "URI adresa",
"ar": "URI \u0623\u0633\u0645 ",
"id": "Berlabel URL"
"lv": "URI nosaukums",
"id": "Berlabel URL",
"ro": "URI etichetat",
"eu": "URI etiketatua"
},
"attribute_ou": {
"no": "Organisasjonsenhet",
@ -816,7 +891,10 @@
"zh": "\u7ec4\u7ec7\u5355\u4f4d",
"sr": "Organizaciona jedinica",
"ar": "\u0627\u0644\u0648\u062d\u062f\u0629",
"id": "Organizational unit"
"lv": "Organiz\u0101cijas vien\u012bba",
"id": "Organizational unit",
"ro": "Unitate organiza\u021bional\u0103",
"eu": "Antolamendu-unitatea"
},
"attribute_postaladdress": {
"no": "Postadresse",
@ -835,6 +913,7 @@
"pt": "Morada",
"pl": "Adres pocztowy (Postal address)",
"cs": "Po\u0161tovn\u00ed adresa",
"eu": "Posta-helbidea",
"tr": "Posta adresi",
"fr": "Adresse postale",
"it": "Indirizzo postale",
@ -847,7 +926,9 @@
"zh": "\u90ae\u653f\u5730\u5740",
"sr": "Po\u0161tanska adresa",
"ar": "\u0627\u0644\u0639\u0646\u0648\u0627\u0646 \u0627\u0644\u0628\u0631\u064a\u062f\u064a \u0644\u0644\u0645\u0646\u0638\u0645\u0629",
"id": "Alamat pos"
"lv": "Pasta adrese",
"id": "Alamat pos",
"ro": "Adresa po\u0219tal\u0103"
},
"attribute_postalcode": {
"no": "Postnummer",
@ -865,7 +946,8 @@
"pt-br": "CEP",
"pt": "C\u00f3digo Postal",
"pl": "Kod pocztowy",
"cs": "Po\u0161tovn\u00ed k\u00f3d PSC",
"cs": "Po\u0161tovn\u00ed k\u00f3d PS\u010c",
"eu": "Posta-kodea",
"tr": "Posta kodu",
"fr": "Code postal",
"it": "CAP",
@ -878,7 +960,9 @@
"zh": "\u90ae\u653f\u7f16\u7801",
"sr": "Po\u0161tanski broj",
"ar": "\u0627\u0644\u0631\u0645\u0632 \u0627\u0644\u0628\u0631\u064a\u062f\u064a",
"id": "Kode pos"
"lv": "Pasta kods",
"id": "Kode pos",
"ro": "Cod po\u0219tal"
},
"attribute_postofficebox": {
"no": "Postboks",
@ -897,6 +981,7 @@
"pt": "Apartado",
"pl": "Skrzynka pocztowa (Post office box)",
"cs": "Postbox",
"eu": "Posta-bulegoko ontzia",
"tr": "Posta kutusu",
"fr": "Boite postale",
"it": "Casella postale",
@ -909,7 +994,9 @@
"zh": "\u90ae\u653f\u4fe1\u7bb1",
"sr": "Broj po\u0161tanskog sandu\u010deta",
"ar": "\u0627\u0644\u0635\u0646\u062f\u0648\u0642 \u0627\u0644\u0628\u0631\u064a\u062f\u064a",
"id": "PO Box"
"lv": "Pasta kaste",
"id": "PO Box",
"ro": "Cutie po\u0219tal\u0103"
},
"attribute_street": {
"no": "Gate",
@ -928,6 +1015,7 @@
"pt": "Rua",
"pl": "Ulica (Street)",
"cs": "Ulice",
"eu": "Kalea",
"tr": "Sokak",
"fr": "Rue",
"it": "Via",
@ -940,7 +1028,9 @@
"zh": "\u8857\u9053",
"sr": "Ulica i broj",
"ar": "\u0627\u0644\u0634\u0627\u0631\u0639",
"id": "Jalan"
"lv": "Iela",
"id": "Jalan",
"ro": "Strada"
},
"attribute_telephonenumber": {
"no": "Telefon",
@ -959,6 +1049,7 @@
"pt": "Telefone",
"pl": "Numer telefonu (Telephone number)",
"cs": "Telefon",
"eu": "Telefono zenbakia",
"tr": "Telefon numaras\u0131",
"fr": "Num\u00e9ro de t\u00e9l\u00e9phone",
"it": "Numero di telefono",
@ -971,7 +1062,9 @@
"zh": "\u7535\u8bdd\u53f7\u7801",
"sr": "Telefonski broj",
"ar": "\u0631\u0642\u0645 \u0627\u0644\u0647\u0627\u062a\u0641",
"id": "No Telepon"
"lv": "Telefons",
"id": "No Telepon",
"ro": "Num\u0103r de telefon"
},
"attribute_eduorghomepageuri": {
"no": "Organisasjonens hjemmeside",
@ -1002,7 +1095,10 @@
"zh": "\u7ec4\u7ec7\u7684\u9996\u9875",
"sr": "URL adresa institucije",
"ar": " \u0639\u0646\u0648\u0627\u0646 \u0627\u0644\u0635\u0641\u062d\u0629 \u0627\u0644\u0627\u0644\u0643\u062a\u0631\u0648\u0646\u064a\u0629 \u0644\u0644\u0645\u0646\u0638\u0645\u0629",
"id": "Homepage organisasi"
"lv": "Organiz\u0101cijas m\u0101jas lapa",
"id": "Homepage organisasi",
"ro": "Pagina web a institutu\u021biei",
"eu": "Erakundearen hasiera-orria"
},
"attribute_eduorglegalname": {
"no": "Foretaksnavn",
@ -1033,7 +1129,10 @@
"zh": "\u7ec4\u7ec7\u7684\u6cd5\u5b9a\u540d\u79f0",
"sr": "Zvani\u010dni naziv institucije",
"ar": "\u0627\u0644\u0627\u0633\u0645 \u0627\u0644\u0642\u0627\u0646\u0648\u0646\u064a \u0644\u0644\u0645\u0646\u0638\u0645\u0629",
"id": "Nama legal Organisasi"
"lv": "Organiz\u0101cijas juridiskais nosaukums",
"id": "Nama legal Organisasi",
"ro": "Denumirea legal\u0103 a institu\u021biei",
"eu": "Erakundearen izen legala"
},
"attribute_edupersonnickname": {
"no": "Kallenavn",
@ -1051,7 +1150,8 @@
"pt-br": "Apelido",
"pt": "Alcunha",
"pl": "Ksywka (Nickname)",
"cs": "Alias",
"cs": "P\u0159ezd\u00edvka",
"eu": "Ezizena",
"tr": "Takma ad",
"fr": "Pseudonyme",
"it": "Soprannome (nick)",
@ -1064,7 +1164,9 @@
"zh": "\u6635\u79f0",
"sr": "Nadimak",
"ar": "\u0627\u0644\u0643\u0646\u064a\u0629",
"id": "Nama panggilan"
"lv": "Niks",
"id": "Nama panggilan",
"ro": "Porecl\u0103"
},
"attribute_edupersonorgdn": {
"no": "Entydig navn (DN) for brukerens vertsorganisasjon",
@ -1082,7 +1184,7 @@
"pt-br": "Nome distinto (DN) da sua organiza\u00e7\u00e3o principal",
"pt": "DN da organiza\u00e7\u00e3o de origem",
"pl": "Distinguished name (DN) macierzystej organizacji osoby",
"cs": "Jm\u00e9no (DN) organizace",
"cs": "U\u017eivatelsk\u00e9 jm\u00e9no p\u0159id\u011blen\u00e9 organizac\u00ed",
"tr": "Ki\u015finin ba\u011fl\u0131 oldu\u011fu kurulu\u015fun belirgin ad\u0131",
"fr": "Nom unique (DN) de l'institution d'origine",
"it": "Distinguished name (DN) dell'organizzazione ",
@ -1095,7 +1197,10 @@
"sr": "Jedinstveni naziv (DN) korisnikove mati\u010dne institucije",
"ar": "\u0627\u0644\u0627\u0633\u0645 \u0627\u0644\u0645\u0645\u064a\u0632 \u0644\u0644\u0645\u0646\u0638\u0645\u0629 \u0631\u0628 \u0627\u0644\u0639\u0645\u0644",
"et": "Koduorganisatsiooni unikaalne nimi (DN)",
"id": "Distinguished name (DN) of person's home organization"
"lv": "Organiz\u0101cijas v\u0101rds (DN)",
"id": "Distinguished name (DN) of person's home organization",
"ro": "Nume distincitv (DN) al institu\u021bie de origine a persoanei",
"eu": "Pertsonaren jatorrizko erakundearen izen osatua (DN)"
},
"attribute_edupersonorgunitdn": {
"no": "Entydig navn (DN) for brukerens organisasjonsenhet",
@ -1113,11 +1218,11 @@
"pt-br": "Nome distinto (DN) da sua unidade organizacional principal",
"pt": "DN da unidade org\u00e2nica na organiza\u00e7\u00e3o de origem",
"pl": "Distinguished name (DN) macierzystej jednostki organizacyjnej osoby",
"cs": "Jm\u00e9no (DN) organiza\u010dn\u00ed jednotky",
"cs": "U\u017eivatelsk\u00e9 jm\u00e9no p\u0159id\u011blen\u00e9 organiza\u010dn\u00ed jednotkou",
"tr": "Ki\u015finin ba\u011fl\u0131 oldu\u011fu birimin belirgin ad\u0131",
"fr": "Nom unique (DN) de la section d'origine",
"it": "Distinguished name (DN) dell'unit\u00e0 organizzativa della persona",
"lt": "Asmens organizacijos skyriaus atpa\u017einomo vardas",
"lt": "Asmens organizacijos skyriaus atpa\u017einimo vardas",
"ja": "\u7d44\u7e54\u5358\u4f4d\u8b58\u5225\u540d",
"zh-tw": "Distinguished name (DN) \u500b\u4eba\u9810\u8a2d\u7d44\u7e54\u55ae\u4f4d",
"he": "\u05e9\u05dd \u05de\u05d6\u05d4\u05d4 (DN) \u05e9\u05dc \u05d4\u05d9\u05d7\u05d9\u05d3\u05d4 \u05d1\u05d0\u05d9\u05e8\u05d2\u05d5\u05df \u05d4\u05d1\u05d9\u05ea",
@ -1126,7 +1231,10 @@
"sr": "Jedinstveni naziv (DN) korisnikove organizacione jedinice",
"ar": "\u0627\u0644\u0627\u0633\u0645 \u0627\u0644\u0645\u0645\u064a\u0632 \u0644\u0644\u0648\u062d\u062f\u0629 \u0628\u0627\u0644\u0645\u0646\u0638\u0645\u0629 \u0631\u0628 \u0627\u0644\u0639\u0645\u0644",
"et": "Koduorganisatsiooni all\u00fcksuse unikaalne nimi (DN)",
"id": "Distinguished name (DN) of the person's home organizational unit"
"lv": "Organiz\u0101cijas vien\u012bbas v\u0101rds (DN)",
"id": "Distinguished name (DN) of the person's home organizational unit",
"ro": "Nume distincitv (DN) al unit\u0103\u021bii organiza\u021bionale de origine a persoanei",
"eu": "Pertsonaren jatorrizko erakundeko antolamendu-unitatearen izen osatua (DN)"
},
"attribute_edupersonprimaryaffiliation": {
"no": "Prim\u00e6r tilknytning til organisasjon",
@ -1144,7 +1252,7 @@
"pt-br": "Filia\u00e7\u00e3o Prim\u00e1ria",
"pt": "Afilia\u00e7\u00e3o principal com a organiza\u00e7\u00e3o de origem",
"pl": "G\u0142\u00f3wna przynale\u017cno\u015b\u0107 (Primary affiliation)",
"cs": "Hlavn\u00ed vztah",
"cs": "Hlavn\u00ed p\u0159\u00edslu\u0161nost",
"tr": "\u00d6ncelikli ba\u011flant\u0131",
"fr": "Affiliation primaire",
"it": "Affiliazione primaria",
@ -1157,7 +1265,10 @@
"zh": "\u4e3b\u8981\u7684\u8054\u7cfb\u65b9\u5f0f",
"sr": "Primarna povezanost sa institucijom",
"ar": "\u0627\u0644\u0648\u0638\u064a\u0641\u0629 \u0627\u0644\u0627\u0633\u0627\u0633\u064a\u0629",
"id": "Afiliasi utama"
"lv": "Pamatdarba amats",
"id": "Afiliasi utama",
"ro": "Afiliere primar\u0103",
"eu": "Lehen afiliazioa"
},
"attribute_noreduorgnin": {
"no": "Organisasjonsnummer",
@ -1187,8 +1298,11 @@
"zh": "\u7ec4\u7ec7\u53f7\u7801",
"sr": "Jedinstveni brojni identifikator institucije",
"ar": "\u0627\u0644\u0631\u0642\u0645 \u0628\u0627\u0644\u0645\u0646\u0638\u0645\u0629",
"lv": "Organiz\u0101cijas re\u0123istr\u0101cijas numurs",
"id": "Nomor Organisasi",
"et": "Registrikood"
"et": "Registrikood",
"ro": "Num\u0103r organiza\u021bional",
"eu": "Erakundearen zenbakia"
},
"attribute_noredupersonbirthdate": {
"no": "F\u00f8dselsdato",
@ -1207,6 +1321,7 @@
"pt": "Data de nascimento",
"pl": "Data urodzenia (Date of birth)",
"cs": "Datum narozeni",
"eu": "Jaioteguna",
"tr": "Do\u011fum tarihi",
"fr": "Date de naissance",
"it": "Data di nascita",
@ -1219,7 +1334,9 @@
"zh": "\u751f\u65e5",
"sr": "Datum ro\u0111enja",
"ar": "\u062a\u0627\u0631\u064a\u062e \u0627\u0644\u0645\u064a\u0644\u0627\u062f",
"id": "Tanggal lahir"
"lv": "Dzim\u0161anas datums",
"id": "Tanggal lahir",
"ro": "Data na\u0219terii"
},
"attribute_noredupersonlin": {
"no": "Lokalt ID-nummer",
@ -1250,7 +1367,10 @@
"zh": "\u672c\u5730\u8eab\u4efd\u53f7\u7801",
"sr": "Lokalni brojni identifikator osobe",
"ar": "\u0631\u0642\u0645 \u0627\u0644\u0647\u0648\u064a\u0629 \u0627\u0644\u0645\u062d\u0644\u064a",
"id": "Nomor identitas lokal"
"lv": "Personas kods",
"id": "Nomor identitas lokal",
"ro": "Num\u0103r de identificare local",
"eu": "Tokiko zenbaki identifikatzailea"
},
"attribute_manager": {
"no": "Overordnet",
@ -1268,7 +1388,7 @@
"pt-br": "Administrador",
"pt": "Respons\u00e1vel hier\u00e1rquico",
"pl": "Menad\u017cer (Manager)",
"cs": "Manager",
"cs": "Mana\u017eer",
"tr": "Y\u00f6netici",
"fr": "Gestionnaire",
"it": "Manager",
@ -1281,7 +1401,10 @@
"zh": "\u7ba1\u7406\u5458",
"sr": "Rukovodilac",
"ar": "\u0627\u0644\u0645\u062f\u064a\u0631",
"id": "Manager"
"lv": "Priek\u0161nieks",
"id": "Manager",
"ro": "Director\/Manager",
"eu": "Kudeatzailea"
},
"attribute_userpassword": {
"no": "Hash av brukerens passord",
@ -1311,7 +1434,10 @@
"zh": "\u7528\u6237\u5bc6\u7801\u7684HASH\u503c",
"sr": "He\u0161 vrednost korisnikove lozinke",
"ar": "\u0643\u0644\u0645\u0629 \u0627\u0644\u0633\u0631",
"id": "Hash password user"
"lv": "Paroles jauc\u0113jsumma (hash)",
"id": "Hash password user",
"ro": "Parola utilizatorului \u00een format <i>hash<\/i>",
"eu": "Erabiltzailearen pasahitzaren hash-a"
},
"attribute_edupersonprimaryorgunitdn": {
"no": "Entydig navn for organisasjonsenheten som brukeren prim\u00e6rt er tilknyttet",
@ -1325,7 +1451,7 @@
"hr": "Jedinstveni naziv (DN) korisnikove primarne organizacijske jedinice",
"hu": "A szem\u00e9ly els\u0151dleges szervezeti egys\u00e9g\u00e9nek azonos\u00edt\u00f3 neve (DN-je)",
"pt": "DN da unidade org\u00e2nica",
"cs": "Jm\u00e9no (DN) hlavn\u00ed organiza\u010dn\u00e1 jednotky",
"cs": "Jm\u00e9no hlavn\u00ed organiza\u010dn\u00ed jednotky",
"tr": "Ki\u015finin \u00f6ncelikli Kurumsal Birimi'nin belirgin ad\u0131",
"fr": "Nom unique (DN) de la section d'origine",
"it": "Distinguished name (DN) dell'unit\u00e0 organizzativa della persona",
@ -1339,7 +1465,10 @@
"ar": "\u0627\u0644\u0627\u0633\u0645 \u0627\u0644\u0645\u0645\u064a\u0632 \u0644\u0644\u0648\u062d\u062f\u0629 \u0627\u0644\u0623\u0633\u0627\u0633\u064a\u0629 \u0628\u0627\u0644\u0645\u0646\u0638\u0645\u0629 \u0631\u0628 \u0627\u0644\u0639\u0645\u0644",
"pl": "Nazwa osoby w jednostce organizacyjnej",
"et": "Peamise all\u00fcksuse unikaalne nimi (DN)",
"id": "Distinguished name (DN) of person's primary Organizational Unit"
"lv": "Personas pamata organiz\u0101cijas vien\u012bbas v\u0101rds (DN)",
"id": "Distinguished name (DN) of person's primary Organizational Unit",
"ro": "Nume distincitv (DN) al unit\u0103\u021bii organiza\u021bionale primare a persoanei",
"eu": "Pertsonaren antolamendu-unitatearen izen osatua (DN)"
},
"attribute_schacuserprivateattribute": {
"no": "Private informasjonselement",
@ -1353,7 +1482,7 @@
"hu": "V\u00e9dett adatokat tartalmaz\u00f3 attrib\u00fatumok",
"pt": "Elementos privados de informa\u00e7\u00e3o",
"pl": "Poufne atrybuty",
"cs": "Priv\u00e1tn\u00ed informa\u010dn\u00ed element",
"cs": "Priv\u00e1tn\u00ed informa\u010dn\u00ed elementy",
"tr": "\u00d6zel bilgi elemanlar\u0131",
"fr": "\u00c9l\u00e9ments d'informations priv\u00e9es",
"hr": "Postavke privatnosti",
@ -1367,7 +1496,10 @@
"zh": "\u4e2a\u4eba\u8d44\u6599",
"sr": "Privatni atribut",
"ar": "\u0648\u062d\u062f\u0627\u062a \u0627\u0644\u062a\u0639\u0631\u064a\u0641 \u0627\u0644\u062e\u0627\u0635\u0629",
"id": "Elemen-elemen informasi personal"
"lv": "Priv\u0101t\u0101s inform\u0101cijas elementi",
"id": "Elemen-elemen informasi personal",
"ro": "Informa\u021bii private",
"eu": "Informazio pribatuaren elementuak"
},
"attribute_noredupersonlegalname": {
"no": "Folkeregistrert navn",
@ -1391,8 +1523,12 @@
"pl": "Formalna nazwa u\u017cytkownika",
"et": "Ametlik nimi",
"hu": "Hivatalos n\u00e9v (noreduperson)",
"lv": "Juridiskais nosaukums",
"id": "Nama legal",
"sr": "Pravno ime"
"sr": "Pravno ime",
"cs": "Pr\u00e1vn\u00ed jm\u00e9no",
"ro": "Nume legal",
"eu": "Izen legala"
},
"attribute_edupersonassurance": {
"no": "Tillitsniv\u00e5 for autentisering",
@ -1415,6 +1551,10 @@
"zh": "\u53ef\u9760\u9a8c\u8bc1\u914d\u7f6e\u6587\u4ef6",
"sr": "Visina pouzdanosti davaoca digitalnih identiteta",
"ar": "\u0647\u0648\u064a\u0629 \u0627\u0644\u0636\u0645\u0627\u0646",
"id": "Profil penjamin identitas"
"lv": "Apraksts, k\u0101 at\u0161\u0137irt cilv\u0113ku no robota",
"id": "Profil penjamin identitas",
"cs": "Poskytovatel identifika\u010dn\u00edho profilu",
"ro": "Profilul de asigurare a identit\u0103\u021bii",
"eu": "Bermearen profilaren identifikatzailea"
}
}

View File

@ -11,11 +11,12 @@
"da": "V\u00e6lg institution (identitetsudbyder)",
"hr": "Odaberite autentifikacijski servis",
"hu": "V\u00e1lasszon szem\u00e9lyazonoss\u00e1g-szolg\u00e1ltat\u00f3t (IdP)",
"fi": "Valitse identiteettill\u00e4hteeis",
"fi": "Valitse identiteettill\u00e4hteesi",
"pt-br": "Selecione seu provedor de identidade",
"pt": "Escolha o seu fornecedor de identidade (IdP)",
"pl": "wybierz swojego Dostawc\u0119 To\u017csamo\u015bci.",
"cs": "Zvol sv\u00e9ho poskytovatele identity (IdP)",
"eu": "Hauta ezazu zure identitate hornitzailea",
"tr": "Kimlik sa\u011flay\u0131c\u0131n\u0131z\u0131 se\u00e7iniz.",
"lt": "Pasirinkite savo tapatybi\u0173 tiek\u0117j\u0105",
"it": "Selezionare il proprio identity provider",
@ -27,7 +28,9 @@
"zh": "\u9009\u62e9\u4f60\u7684\u8eab\u4efd\u63d0\u4f9b\u8005",
"ar": "\u0627\u062e\u062a\u0627\u0631 \u0645\u0648\u0642\u0639 \u0647\u0648\u064a\u062a\u0643",
"id": "Pilih identity provider anda",
"sr": "Odaberite va\u0161eg davaoca identiteta"
"lv": "Izv\u0113lieties identit\u0101tes pieg\u0101d\u0101t\u0101ju",
"sr": "Odaberite va\u0161eg davaoca identiteta",
"ro": "Alege\u021bi furnizorul de identitate"
},
"selectidp_full": {
"no": "Vennligst velg hvilken identitetsleverand\u00f8r du vil bruke for \u00e5 logge inn:",
@ -35,7 +38,7 @@
"sv": "V\u00e4lj vilken identitetsleverant\u00f6r du vill logga in med:",
"es": "Por favor, seleccione el proveedor de identidad donde desea autenticarse",
"fr": "S\u00e9lectionnez le fournisseur d'identit\u00e9 aupr\u00e8s duquel vous souhaitez vous authentifier :",
"de": "Bitte w\u00e4hlen Sie den Identity Provider, bei dem Sie Sich authentifizieren m\u00f6chten:",
"de": "Bitte w\u00e4hlen Sie den Identity Provider, bei dem Sie sich authentifizieren m\u00f6chten:",
"nl": "Selecteer de Identity Provider waar je wil authenticeren:",
"sl": "Izberite IdP, na katerem se boste avtenticirali:",
"da": "V\u00e6lg institutionen (identitetsudbyderen) hvor du vil logge ind",
@ -46,6 +49,7 @@
"pt": "Por favor, escolha o fornecedor de identidade (IdP) que ir\u00e1 usar para se autenticar:",
"pl": "Prosz\u0119 wybra\u0107 Dostawc\u0119 To\u017csamo\u015bci, przez kt\u00f3rego chcesz si\u0119 uwierzytelni\u0107:",
"cs": "Pros\u00edm zvolte sve\u00e9ho poskytovatele identity, kter\u00fd v\u00e1m dovol\u00ed se p\u0159ihl\u00e1sit",
"eu": "Mesedez, non kautotu nahi duzun identifikazio hornitzailea hauta ezazu ",
"tr": "L\u00fctfen, kimlik do\u011frulamas\u0131 yapaca\u011f\u0131n\u0131z kimlik sa\u011flay\u0131c\u0131y\u0131 se\u00e7iniz: ",
"lt": "Pra\u0161ome pasirinkite tapatybi\u0173 tiek\u0117j\u0105, kuriame norite autentikuotis:",
"it": "Si prega di selezionare l'identity provider con il quale autenticarsi:",
@ -57,7 +61,9 @@
"zh": "\u9009\u62e9\u4f60\u8981\u8ba4\u8bc1\u7684\u8eab\u4efd\u63d0\u4f9b\u8005",
"ar": "\u0627\u062e\u062a\u0631 \u0645\u0648\u0642\u0639 \u0627\u0644\u0647\u0648\u064a\u0629 \u0627\u0644\u0630\u064a \u062a\u0631\u063a\u0628 \u0628\u062f\u062e\u0648\u0644\u0647",
"id": "Silahkan pilih identity provider tempat anda ingin melakukan autentifikasi",
"sr": "Molimo vas odaberite davaoca identiteta kod koga se \u017eelite autentifikovati:"
"lv": "L\u016bdzu izv\u0113lieties identit\u0101tes pieg\u0101d\u0101t\u0101ju, pie kura v\u0113laties autentific\u0113ties:",
"sr": "Molimo vas odaberite davaoca identiteta kod koga se \u017eelite autentifikovati:",
"ro": "V\u0103 rug\u0103m s\u0103 alege\u021bi furnizorul de identitate pe care dori\u021bi s\u0103-l folosi\u021bi pentru autentificarea dumneavoastr\u0103:"
},
"select": {
"no": "Velg",
@ -76,6 +82,7 @@
"pt": "Escolher",
"pl": "Wybierz",
"cs": "Zvol",
"eu": "Hautatu",
"tr": "Se\u00e7",
"lt": "Pasirinkite",
"it": "Selezionare",
@ -87,7 +94,9 @@
"zh": "\u9009\u62e9",
"ar": "\u0627\u062e\u062a\u0627\u0631",
"id": "Pilih",
"sr": "Odaberi"
"lv": "Izv\u0113l\u0113ties",
"sr": "Odaberi",
"ro": "Selecta\u021bi"
},
"remember": {
"no": "Husk mitt valg",
@ -106,6 +115,7 @@
"pt": "Lembrar esta escolha",
"pl": "Zapami\u0119taj m\u00f3j wyb\u00f3r",
"cs": "Zapamatuj moji volbu",
"eu": "Nire hautaketa gogoratu",
"tr": "Se\u00e7imimi hat\u0131rla",
"lt": "Prisiminti pasirinkim\u0105",
"it": "Ricorda la mia scelta",
@ -117,7 +127,9 @@
"zh": "\u8bb0\u4f4f\u6211\u7684\u9009\u62e9",
"ar": "\u062a\u0630\u0643\u0631 \u062e\u064a\u0627\u0631\u0627\u062a\u064a",
"id": "Ingat pilihan saya",
"sr": "Zapamti moj izbor"
"lv": "Atcer\u0113ties manu izv\u0113li",
"sr": "Zapamti moj izbor",
"ro": "Memoreaz\u0103 alegerea f\u0103cut\u0103"
},
"icon_prefered_idp": {
"no": "[Foretrukket valg]",
@ -146,7 +158,11 @@
"zh": "\u9996\u9009\u9009\u9879",
"ar": "\u0627\u062e\u062a\u064a\u0627\u0631\u064a \u0627\u0644\u0645\u0641\u0636\u0644",
"id": "Pilihan yang disukai",
"sr": "[Preferirani izbor]"
"lv": "(Mana lab\u0101k\u0101 izv\u0113le)",
"sr": "[Preferirani izbor]",
"ro": "[Varianta preferat\u0103]",
"cs": "[Preferovan\u00e1 volba]",
"eu": "[Aukera gogokoena]"
},
"previous_auth": {
"no": "Du har tidligere valg \u00e5 autentisere deg hos",
@ -174,7 +190,11 @@
"zh": "\u4f60\u5148\u524d\u9009\u62e9\u7684\u8ba4\u8bc1",
"ar": "\u0642\u0645\u062a \u0633\u0627\u0628\u0642\u0627 \u0628\u0627\u0644\u062a\u0635\u062f\u064a\u0642 \u0641\u064a",
"id": "Sebelumnya anda telah memilih untuk melakukan autentifikasi di ",
"sr": "Prethodno ste izabrali da se autentifikujete kroz"
"lv": "Iepriek\u0161 J\u016bs autentific\u0113j\u0101ties pie",
"sr": "Prethodno ste izabrali da se autentifikujete kroz",
"ro": "Anterior a\u021bi ales s\u0103 v\u0103 autentifica\u021bi la",
"cs": "D\u0159\u00edve jste zvolil(a) ov\u011b\u0159en\u00ed u",
"eu": "Lehenago, hemen kautotzea hautatu duzu"
},
"login_at": {
"no": "Logg inn hos",
@ -202,6 +222,10 @@
"zh": "\u767b\u5f55\u4e8e",
"ar": "\u0633\u062c\u0644 \u062f\u062e\u0648\u0644\u064a \u0639\u0644\u064a",
"id": "Login di",
"sr": "Prijavi se kroz"
"lv": "Piesl\u0113gties pie",
"sr": "Prijavi se kroz",
"ro": "Autentificare la",
"cs": "P\u0159ihl\u00e1\u0161en\u00ed k",
"eu": "Non identifikatu"
}
}

File diff suppressed because it is too large Load Diff

View File

@ -24,7 +24,7 @@
"en": "Help! I don't remember my password."
},
"help_text": {
"en": "Too bad! - Without your username and password you cannot authenticate yourself for access to the service. There may be someone that can help you. Consult the help desk at your university!"
"en": "Too bad! - Without your username and password you cannot authenticate yourself for access to the service. There may be someone that can help you. Consult the help desk at your organization!"
},
"error_nopassword": {
"en": "You sent something to the login page, but for some reason the password was not sent. Try again please."
@ -58,5 +58,8 @@
},
"remember_username": {
"en": "Remember my username"
}
},
"remember_me": {
"en": "Remember me"
}
}

View File

@ -17,6 +17,7 @@
"pt": "Erro",
"pl": "B\u0142\u0105d",
"cs": "Chyba",
"eu": "Eman dituzun datuak okerrak dira",
"tr": "Hata",
"lt": "Klaida",
"it": "Errore",
@ -28,7 +29,9 @@
"zh": "\u9519\u8bef",
"ar": "\u062e\u0637\u0627",
"id": "Error",
"sr": "Gre\u0161ka"
"lv": "K\u013c\u016bda",
"sr": "Gre\u0161ka",
"ro": "Eroare"
},
"user_pass_header": {
"no": "Skriv inn brukernavn og passord",
@ -36,7 +39,7 @@
"sv": "Ange ditt anv\u00e4ndarnamn och l\u00f6senord",
"es": "Indique su nombre de usuario y clave de acceso",
"fr": "Entrez votre identifiant et votre mot de passe",
"de": "Bitten geben sie ihren Nutzernamen und Passwort ein",
"de": "Bitten geben Sie ihren Nutzernamen und Passwort ein",
"nl": "Geef je gebruikersnaam en wachtwoord",
"lb": "Gid w.e.g Aeren Benotzernumm an d Passwuert an",
"sl": "Vnesite svoje uporabni\u0161ko ime in geslo",
@ -47,7 +50,8 @@
"pt-br": "Digite seu usu\u00e1rio e senha",
"pt": "Introduza o seu nome de utilizador e senha",
"pl": "Wprowad\u017a nazw\u0119 uzytkownika i has\u0142o",
"cs": "lo\u017ete sv\u00e9 jm\u00e9no a heslo",
"cs": "Vlo\u017ete sv\u00e9 jm\u00e9no a heslo",
"eu": "Sartu erabiltzaile-izena eta pasahitza",
"tr": "Kullan\u0131c\u0131 ad\u0131 ve \u015fifrenizi giriniz",
"lt": "\u012eveskite savo prisijungimo vard\u0105 ir slapta\u017eod\u012f",
"it": "Inserire nome utente e password",
@ -59,7 +63,9 @@
"zh": "\u8f93\u5165\u4f60\u7684\u7528\u6237\u540d\u548c\u5bc6\u7801",
"ar": "\u0627\u062f\u062e\u0644 \u0627\u0633\u0645 \u0627\u0644\u0645\u0633\u062a\u062e\u062f\u0645 \u0648 \u0643\u0644\u0645\u0629 \u0627\u0644\u0633\u0631",
"id": "Masukkan username dan password Anda",
"sr": "Unesite va\u0161e korisni\u010dko ime i lozinku"
"lv": "Ievadiet savu lietot\u0101ja v\u0101rdu un paroli",
"sr": "Unesite va\u0161e korisni\u010dko ime i lozinku",
"ro": "V\u0103 rug\u0103m s\u0103 completa\u021bi numele de utilizator \u0219i parola"
},
"user_pass_text": {
"no": "En tjeneste har bedt om bekreftelse p\u00e5 din identitet. Skriv inn ditt brukernavn og passord for \u00e5 autentisere deg.",
@ -67,7 +73,7 @@
"sv": "En webbtj\u00e4nst har beg\u00e4rt att du ska logga in. Detta betyder att du beh\u00f6ver ange ditt anv\u00e4ndarnamn och ditt l\u00f6senord i formul\u00e4ret nedan.",
"es": "Un servicio solicita que se autentique. Esto significa que debe indicar su nombre de usuario y su clave de acceso en el siguiente formulario.",
"fr": "Un service a demand\u00e9 \u00e0 ce que vous vous authentifiez. Cela signifie que vous devez entrer votre identifiant et votre mot de passe dans le formulaire ci-dessous.",
"de": "Um diesen Dienst zu nutzen, m\u00fcssen sie sich authentifizieren. Bitte geben sie daher unten Nutzernamen und Passwort ein.",
"de": "Um diesen Dienst zu nutzen, m\u00fcssen Sie sich authentifizieren. Bitte geben sie daher unten Nutzernamen und Passwort ein.",
"nl": "Voor deze dienst is authenticatie vereist. Geef je gebruikersnaam en wachtwoord in onderstaand formulier.",
"lb": "En Service huet ungefrot aerch ze authentifiz\u00e9iren. Daat heescht daer musst aeren Benotzernumm an d'Passwuert an de Formulairen heidr\u00ebnner angin.",
"sl": "Storitev zahteva, da se prijavite. To pomeni, da je potreben vnos uporabni\u0161kega imena in gesla v spodnji polji.",
@ -90,7 +96,10 @@
"zh": "\u4e00\u4e2a\u670d\u52a1\u9700\u8981\u4f60\u7684\u8ba4\u8bc1\uff0c\u8bf7\u5728\u4e0b\u9762\u8f93\u5165\u4f60\u7684\u7528\u6237\u540d\u548c\u5bc6\u7801",
"ar": "\u0637\u0644\u0628\u062a \u0627\u062d\u062f\u064a \u0627\u0644\u062e\u062f\u0645\u0627\u062a \u0627\u0646 \u062a\u0648\u062b\u0642 \u0627\u0646\u0643 \u0627\u0646\u062a. \u0631\u062c\u0627\u0621\u0627\u064b \u0642\u0645 \u0628\u0625\u062f\u0631\u0627\u062c \u0627\u0633\u0645 \u0627\u0644\u0645\u0633\u062a\u062e\u062f\u0645 \u0648 \u0643\u0644\u0645\u0629 \u0627\u0644\u0633\u0631 \u062e\u0627\u0635\u062a\u0643 \u0628\u0627\u0644\u0627\u0633\u062a\u0645\u0627\u0631\u0629 \u0623\u062f\u0646\u0627\u0647",
"id": "Sebuah layanan telah meminta Anda untuk melakukan autentifikasi. Silahkan masukkan username dan password Anda pada form dibawah",
"sr": "Servis zahteva od vas da se autentifikujete. Unesite va\u0161e korisni\u010dko ime i lozinku u dole navedena polja."
"lv": "Serviss pieprasa autentifik\u0101ciju. L\u016bdzu ievadiet savu lietot\u0101ja v\u0101rdu un paroli.",
"sr": "Servis zahteva od vas da se autentifikujete. Unesite va\u0161e korisni\u010dko ime i lozinku u dole navedena polja.",
"ro": "Un serviciu a solicitat autentificarea dumneavoastr\u0103. V\u0103 rug\u0103m s\u0103 completa\u021bi numele de utilizator \u0219i parola \u00een c\u00e2mpurile de mai jos.",
"eu": "Zerbitzu batek kautotu zaitezen eskatzen du. Mesedez, zure erabiltzaile-izena eta pasahitza honako formulario honetan sartu itzazu."
},
"login_button": {
"no": "Logg inn",
@ -111,6 +120,7 @@
"pt": "Entrar",
"pl": "Login",
"cs": "P\u0159ihl\u00e1sit",
"eu": "Saioa hasi",
"tr": "Giri\u015f",
"lt": "Prisijungti",
"it": "Login",
@ -122,7 +132,9 @@
"zh": "\u767b\u5f55",
"ar": "\u062a\u0633\u062c\u064a\u0644 \u0627\u0644\u062f\u062e\u0648\u0644",
"id": "Login",
"sr": "Prijavi se"
"lv": "Piesl\u0113gties",
"sr": "Prijavi se",
"ro": "Autentificare"
},
"username": {
"no": "Brukernavn",
@ -143,6 +155,7 @@
"pt": "Nome de utilizador",
"pl": "Nazwa u\u017cytkownika",
"cs": "U\u017eivatel",
"eu": "Erabiltzaile-izena",
"tr": "Kullan\u0131c\u0131 ad\u0131",
"lt": "Prisijungimo vardas",
"it": "Nome utente",
@ -154,7 +167,9 @@
"zh": "\u7528\u6237\u540d",
"ar": "\u0627\u0633\u0645 \u0627\u0644\u0645\u0633\u062a\u062e\u062f\u0645",
"id": "Username",
"sr": "Korisni\u010dko ime"
"lv": "Lietot\u0101ja v\u0101rds",
"sr": "Korisni\u010dko ime",
"ro": "Nume de utilizator"
},
"organization": {
"no": "Organisasjon",
@ -167,7 +182,7 @@
"lb": "Organisatioun",
"sl": "Organizacija",
"da": "Organistationsnavn",
"se": "Organisa&#353;uvdna",
"se": "Organisa\u0161uvdna",
"hr": "Ustanova",
"hu": "Szervezet",
"fi": "Organisaatio",
@ -175,6 +190,7 @@
"pt": "Organiza\u00e7\u00e3o",
"pl": "Organizacja",
"cs": "Organizace",
"eu": "Erakundea",
"tr": "Organizasyon",
"lt": "Organizacija",
"it": "Organizzazione",
@ -186,7 +202,9 @@
"zh": "\u7ec4\u7ec7",
"ar": "\u0627\u0644\u062c\u0647\u0629 ",
"id": "Organisasi",
"sr": "Institucija"
"lv": "Organiz\u0101cija",
"sr": "Institucija",
"ro": "Institu\u021bie"
},
"password": {
"no": "Passord",
@ -199,7 +217,7 @@
"lb": "Passwuert",
"sl": "Geslo",
"da": "Kodeord",
"se": "Beassans&aacute;tni",
"se": "Beassans\u00e1tni",
"hr": "Zaporka",
"hu": "Jelsz\u00f3",
"fi": "Salasana",
@ -207,6 +225,7 @@
"pt": "Senha",
"pl": "Has\u0142o",
"cs": "Heslo",
"eu": "Pasahitza",
"tr": "\u015eifre",
"lt": "Slapta\u017eodis",
"it": "Password",
@ -218,7 +237,9 @@
"zh": "\u5bc6\u7801",
"ar": "\u0643\u0644\u0645\u0629 \u0627\u0644\u0633\u0631",
"id": "Password",
"sr": "Lozinka"
"lv": "Parole",
"sr": "Lozinka",
"ro": "Parola"
},
"help_header": {
"no": "Hjelp! Jeg har glemt passordet mitt.",
@ -238,6 +259,7 @@
"pt": "N\u00e3o me lembro da minha senha",
"pl": "Pomocy! Nie pami\u0119tam has\u0142a.",
"cs": "Chci pomoci. Zapomn\u011bl jsem heslo.",
"eu": "Lagundu! Ez dut nire pasahitza gogoratzen.",
"tr": "Yard\u0131m! \u015eifremi hat\u0131rlam\u0131yorum.",
"lt": "Pagalbos! Nepamenu savo slapta\u017eod\u017eio.",
"it": "Aiuto! Non ricordo la mia password.",
@ -249,7 +271,9 @@
"zh": "\u5e2e\u52a9\uff01\u6211\u5fd8\u8bb0\u6211\u7684\u5bc6\u7801\u4e86\uff01",
"ar": "\u0633\u0627\u0639\u062f\u0646\u064a! \u0644\u0627 \u0627\u0630\u0643\u0631 \u0643\u0644\u0645\u0629 \u0627\u0644\u0633\u0631",
"id": "Tolong! Saya tidak ingat password saya",
"sr": "Upomo\u0107! Zaboravio\/la sam svoju lozinku."
"lv": "Pal\u012bdziet! Es neatceros paroli.",
"sr": "Upomo\u0107! Zaboravio\/la sam svoju lozinku.",
"ro": "Nu mai \u0219tiu parola."
},
"help_text": {
"no": "Synd! - Uten riktig brukernavn og passord kan du ikke autentisere deg. Det kan v\u00e6re noen som kan hjelpe deg. Fors\u00f8k \u00e5 kontakt brukerst\u00f8tte ved din vertsorganisasjon.",
@ -257,7 +281,7 @@
"sv": "Tyv\u00e4rr kan du inte logga in i tj\u00e4nsten om du inte har ditt anv\u00e4ndarnamn och ditt l\u00f6senord. Ta kontakt med din organisations support eller helpdesk f\u00f6r att f\u00e5 hj\u00e4lp.",
"es": "&iexcl;Muy mal! - Sin su nombre de usuario y su clave de acceso usted no se puede identificar y acceder al servicio. A lo mejor hay alguien que puede ayudarle. &iexcl;P&oacute;ngase en contacto con el centro de ayuda de su universidad!",
"fr": "Pas de chance! Sans votre identifiant et votre mot de passe vous ne pouvez pas vous authentifier et acc\u00e9der au service. Il y a peut-\u00eatre quelqu'un pour vous aider. Contactez le help desk de votre universit\u00e9!",
"de": "Pech! - Ohne Nutzername und Passwort k\u00f6nnen sie sich nicht authentifizieren und somit den Dienst nicht nutzen. M\u00f6glicherweise kann ihnen jemand helfen, kontaktieren sie dazu den Helpdesk ihrer Einrichtung.",
"de": "Pech! - Ohne Nutzername und Passwort k\u00f6nnen Sie sich nicht authentifizieren und somit den Dienst nicht nutzen. M\u00f6glicherweise kann ihnen jemand helfen, kontaktieren Sie dazu den Helpdesk ihrer Einrichtung.",
"nl": "Vette pech! - Zonder je gebruikersnaam en wachtwoord kun je je niet authenticeren en dus niet gebruikmaken van deze dienst.",
"lb": "Pesch gehaat! - Ouni aeren Benotzernumm an d'Passwuert k\u00ebnn der aerch net authentifiz\u00e9iren an op den Service zougraiffen.",
"sl": "\u017dal se brez uporabni\u0161kega imena in gesla ne morete prijaviti in uporabljati storitev.",
@ -280,7 +304,10 @@
"zh": "\u592a\u7cdf\u7cd5\u4e86\uff01-\u6ca1\u6709\u4f60\u7684\u7528\u6237\u540d\u548c\u5bc6\u7801\u4f60\u5c06\u4e0d\u80fd\u8bbf\u95ee\u8be5\u670d\u52a1\uff0c\u4e5f\u8bb8\u6709\u4eba\u80fd\u591f\u5e2e\u52a9\u4f60\uff0c\u8bf7\u54a8\u8be2\u4f60\u6240\u5728\u5927\u5b66\u7684\u670d\u52a1\u53f0",
"ar": "\u0644\u0633\u0648\u0621 \u0627\u0644\u062d\u0638 \u0644\u0627 \u064a\u0645\u0643\u0646\u0646\u0627 \u0627\u0644\u062a\u0648\u062b\u0642 \u0645\u0646 \u0647\u0648\u064a\u062a\u0643 \u0628\u062f\u0648\u0646 \u0627\u0633\u0645 \u0627\u0644\u0645\u0633\u062a\u062e\u062f\u0645 \u0648 \u0643\u0644\u0645\u0629 \u0627\u0644\u0633\u0631 \u0648\u0628\u0627\u0644\u062a\u0627\u0644\u064a \u0644\u0627 \u064a\u0645\u0643\u0646\u0643 \u0627\u0633\u062a\u062e\u062f\u0627\u0645 \u0627\u0644\u062e\u062f\u0645\u0629. \u0644\u0644\u0645\u0633\u0627\u0639\u062f\u0629 \u0627\u062a\u0635\u0644 \u0628\u0627\u0644\u0645\u0648\u0638\u0641 \u0627\u0644\u0645\u0633\u0624\u0648\u0644 \u0628\u0635\u0641\u062d\u0629 \u0627\u0644\u0645\u0633\u0627\u0639\u062f\u0629 \u0628\u062c\u0627\u0645\u0639\u062a\u0643",
"id": "Sayang sekali! - Tanpa username dan password Anda tidak dapat melakukan autentifikasi agar dapat mengakses layanan. Mungkin ada seseorang yang dapat menolong Anda. Hubungi help desk pada universitas Anda.",
"sr": "\u0160teta! - Bez ispravnog korisni\u010dkog imena i lozinke ne mo\u017eete pristupiti servisu. Da biste saznali va\u0161e korisni\u010dko ime i lozinku obratite se va\u0161oj mati\u010dnoj instituciji."
"lv": "Bez lietot\u0101ja v\u0101rda un paroles J\u016bs nevarat autentific\u0113ties un nevarat izmantot servisu. Iesp\u0113jams, ir k\u0101ds, kas var Jums pal\u012bdz\u0113t. Vaic\u0101jiet savas universit\u0101tes pal\u012bdz\u012bbas dienestam.",
"sr": "\u0160teta! - Bez ispravnog korisni\u010dkog imena i lozinke ne mo\u017eete pristupiti servisu. Da biste saznali va\u0161e korisni\u010dko ime i lozinku obratite se va\u0161oj mati\u010dnoj instituciji.",
"ro": "Din p\u0103cate f\u0103r\u0103 nume de utilizator \u0219i parol\u0103 nu v\u0103 pute\u021bi autentifica pentru accesul la acest serviciu. Contacta\u021bi echipa de suport tehnic de la universitatea dumneavoastr\u0103.",
"eu": "Zeinen txarto! - Zure erabiltziale-izena eta pasahitza gabe ezin zara identifikatu ezta zerbitzuan sartu ere. Agian bada norbait lagun diezazukeena. Jar zaitez harremanetan erakundeko laguntza zentroarekin!"
},
"error_nopassword": {
"no": "Du kontaktet loginsiden, men passordet ble ikke sendt med. Fors\u00f8k igjen.",
@ -311,7 +338,10 @@
"zh": "\u4f60\u786e\u5b9e\u53d1\u9001\u4e86\u4e00\u4e9b\u4fe1\u606f\u7ed9\u767b\u5f55\u9875\u9762\uff0c\u4f46\u7531\u4e8e\u67d0\u4e9b\u539f\u56e0\uff0c\u4f60\u6ca1\u6709\u53d1\u9001\u5bc6\u7801\uff0c\u8bf7\u518d\u8bd5\u4e00\u6b21",
"ar": "\u0644\u0642\u062f \u0642\u0645\u062a \u0628\u0625\u0631\u0633\u0627\u0644 \u0645\u0639\u0644\u0648\u0645\u0627\u062a \u0644\u0635\u0641\u062d\u0629 \u0627\u0644\u062f\u062e\u0648\u0644 \u0644\u0643\u0646 \u0643\u0644\u0645\u0629 \u0627\u0644\u0633\u0631 \u063a\u064a\u0631 \u0645\u0631\u0641\u0642\u0629. \u0631\u062c\u0627\u0621\u0627\u064b \u0627\u0639\u062f \u0627\u0644\u0645\u062d\u0627\u0648\u0644\u0629",
"id": "Anda mengirimkan sesuatu ke halaman login, tetapi karena suatu alasan tertentu password tidak terkirimkan, Silahkan coba lagi.",
"sr": "Iz nekog razloga autentifikacionom servisu nije prosle\u0111ena va\u0161a lozinka. Molimo poku\u0161ajte ponovo."
"lv": "Kaut k\u0101du iemeslu d\u0113\u013c parole nav nos\u016bt\u012bta. L\u016bdzu m\u0113\u0123iniet v\u0113lreiz.",
"sr": "Iz nekog razloga autentifikacionom servisu nije prosle\u0111ena va\u0161a lozinka. Molimo poku\u0161ajte ponovo.",
"ro": "A\u021bi trimis informa\u021bii c\u0103tre pagina de autentificare dar din motive necunoscute parola nu a fost trimis\u0103. V\u0103 rug\u0103m s\u0103 \u00eencerca\u021bi din nou.",
"eu": "Sarrera orrira zerbait bidali duzu baina, arrazoiren bategatik, pasahitza ez da bidali.Saia zaitez berriro, mesedez."
},
"error_wrongpassword": {
"no": "Feil brukernavn eller passord.",
@ -324,7 +354,7 @@
"lb": "Falschen Benotzernumm oder Passwuert",
"sl": "Napa\u010dno uporabni\u0161ko ime ali geslo!",
"da": "Forkert brugernavn eller kodeord",
"se": "Boastu geavahusnamma, beassans&aacute;tni dehe organisa&#353;uvdna.",
"se": "Boastu geavahusnamma, beassans\u00e1tni dehe organisa\u0161uvdna.",
"hr": "Neispravna korisni\u010dka oznaka ili zaporka.",
"hu": "Hib\u00e1s felhaszn\u00e1l\u00f3i n\u00e9v vagy jelsz\u00f3!",
"fi": "V\u00e4\u00e4r\u00e4 tunnus tai salasana.",
@ -332,6 +362,7 @@
"pt": "Nome de utilizador ou senha incorrecta.",
"pl": "Nieprawid\u0142owa nazwa u\u017cytkownika lub has\u0142o.",
"cs": "Nekorektn\u00ed jmeno nebo heslo.",
"eu": "Erabiltzaile-izena edo pasahitza okerra",
"tr": "Kullan\u0131c\u0131 ad\u0131 ve\/veya \u015fifre yanl\u0131\u015f.",
"lt": "Neteisingas prisijungimo vardas arba slapta\u017eodis.",
"it": "Nome utente o password errati.",
@ -343,7 +374,9 @@
"zh": "\u9519\u8bef\u7684\u7528\u6237\u540d\u6216\u8005\u5bc6\u7801",
"ar": " \u0627\u0633\u0645 \u0645\u0633\u062a\u062e\u062f\u0645 \u0627\u0648 \u0643\u0644\u0645\u0629 \u0633\u0631 \u062e\u0637\u0627",
"id": "Username atau password salah",
"sr": "Neispravno korisni\u010dko ime ili lozinka."
"lv": "Nekorekts lietot\u0101ja v\u0101rds vai parole.",
"sr": "Neispravno korisni\u010dko ime ili lozinka.",
"ro": "Nume de utilizator incorect sau parola incorect\u0103."
},
"contact_info": {
"no": "Kontaktinformasjon:",
@ -362,6 +395,7 @@
"pt": "Contactos:",
"pl": "Informacje kontaktowe:",
"cs": "Kontaktn\u00ed informace",
"eu": "Harremanetarako informazioa:",
"tr": "\u0130leti\u015fim bilgileri:",
"lt": "Kontaktai:",
"it": "Informazioni di contatto:",
@ -373,7 +407,9 @@
"zh": "\u8054\u7cfb\u65b9\u5f0f",
"ar": "\u0628\u064a\u0627\u0646\u0627\u062a \u0627\u0644\u0627\u062a\u0635\u0627\u0644",
"id": "Informasi Kontak",
"sr": "Kontakt podaci:"
"lv": "Kontaktinform\u0101cija",
"sr": "Kontakt podaci:",
"ro": "Informa\u021bii de contact:"
},
"select_home_org": {
"no": "Velg vertsorganisasjon",
@ -381,7 +417,7 @@
"sv": "V\u00e4lj vilken organisation du kommer ifr\u00e5n",
"es": "Seleccione su organizaci\u00f3n origen",
"fr": "Choisissez votre fournisseur.",
"de": "W\u00e4hlen sie die Einrichtung, von der sie ihre Zugangsdaten beziehen",
"de": "W\u00e4hlen sie die Einrichtung, von der Sie ihre Zugangsdaten beziehen",
"nl": "Kies je organisatie",
"sl": "Izberite va\u0161o doma\u010do organizacijo",
"da": "V\u00e6lg din hjemmeinstitution",
@ -403,7 +439,10 @@
"zh": "\u9009\u62e9\u4f60\u7684\u7ec4\u7ec7",
"ar": "\u0627\u062e\u062a\u0627\u0631 \u062c\u0647\u062a\u0643 \u0627\u0644\u0627\u0645",
"id": "Pilih Basis Organisasi Anda",
"sr": "Izaberite va\u0161u mati\u010dnu instituciju"
"lv": "Izv\u0113lieties organiz\u0101ciju",
"sr": "Izaberite va\u0161u mati\u010dnu instituciju",
"ro": "Alege\u021bi institu\u021bia de origine",
"eu": "Hautatu zure jatorrizko erakundea"
},
"change_home_org_title": {
"no": "Endre din vertsorganisasjon",
@ -411,7 +450,7 @@
"sv": "\u00c4ndra vilken organisation du kommer ifr\u00e5n",
"es": "Cambiar su organizaci\u00f3n origen",
"fr": "Changez votre fournisseur",
"de": "Eine andere Einrichtung, von der sie Zugangsdaten erhalten, ausw\u00e4hlen",
"de": "Eine andere Einrichtung, von der Sie Zugangsdaten erhalten, ausw\u00e4hlen",
"nl": "Verander je organisatie",
"sl": "Izberite va\u0161o doma\u010do organizacijo.",
"da": "Skift hjemmeinstitution",
@ -433,7 +472,10 @@
"zh": "\u6539\u53d8\u4f60\u7684\u5bb6\u5ead\u7ec4\u7ec7",
"ar": "\u063a\u064a\u0631\u0627\u0644\u062c\u0647\u0629 \u0627\u0644\u0627\u0645",
"id": "Ubah basis organisasi anda",
"sr": "Promenite izbor za va\u0161u mati\u010dnu instituciju"
"lv": "Main\u012bt organiz\u0101ciju",
"sr": "Promenite izbor za va\u0161u mati\u010dnu instituciju",
"ro": "Modifica\u021bi institu\u021bia de origine",
"eu": "Zure jatorrizko erakundea aldatu"
},
"change_home_org_text": {
"no": "Du har valgt <b>%HOMEORG%<\/b> som din vertsorganisasjon. Dersom dette er feil kan du velge en annen.",
@ -463,7 +505,10 @@
"zh": "\u4f60\u9009\u62e9\u4e86<b>%HOMEORG%<\/b>\u4f5c\u4e3a\u4f60\u7684\u5bb6\u5ead\u7ec4\u7ec7\u3002\u5982\u679c\u9519\u4e86\u8bf7\u9009\u62e9\u5176\u4ed6\u7684",
"ar": "\u0644\u0642\u062f \u0642\u0645\u062a \u0628\u0627\u062e\u062a\u064a\u0627\u0631 <b>%HOMEORG%<\/b> \u0643\u062c\u0647\u062a\u0643 \u0627\u0644\u0627\u0645. \u0627\u0646 \u0643\u0627\u0646 \u0647\u0630\u0627 \u0627\u0644\u0627\u062e\u062a\u064a\u0627\u0631 \u063a\u064a\u0631 \u0635\u062d\u064a\u062d \u064a\u0645\u0643\u0646\u0643 \u062a\u063a\u064a\u064a\u0631\u0647",
"id": "Anda telah memilih <b>%HOMEORG%<\/b> sebagai basis organisasi anda. Jika ini salah anda dapat memilih yang lain.",
"sr": "Odabrali ste <b>%HOMEORG%<\/b> kao va\u0161u mati\u010dnu instituciju. Ako to nije ta\u010dno mo\u017eete odabrati drugu instituciju."
"lv": "J\u016bs izv\u0113l\u0113j\u0101ties <b>%HOMEORG%<\/b>. ja tas nav pareizi, izv\u0113lieties citu.",
"sr": "Odabrali ste <b>%HOMEORG%<\/b> kao va\u0161u mati\u010dnu instituciju. Ako to nije ta\u010dno mo\u017eete odabrati drugu instituciju.",
"ro": "A\u021bi ales ca institu\u021bie de origine<b>%HOMEORG%<\/b>. Dac\u0103 nu este corect v\u0103 rug\u0103m s\u0103 alege\u021bi alt\u0103 institu\u021bie.",
"eu": "<b>%HOMEORG%<\/b> hautatu duzu zure jatorrizko erakunde bezala. Informazio hau okerra bada beste bat hautatu dezakezu."
},
"change_home_org_button": {
"no": "Velg vertsorganisasjon",
@ -493,7 +538,10 @@
"zh": "\u9009\u62e9\u4f60\u7684\u5bb6\u5ead\u7ec4\u7ec7",
"ar": "\u0627\u062e\u062a\u0627\u0631 \u062c\u0647\u062a\u0643 \u0627\u0644\u0627\u0645",
"id": "Pilih basis organisasi",
"sr": "Izaberite mati\u010dnu instituciju"
"lv": "Izv\u0113l\u0113ties organiz\u0101ciju",
"sr": "Izaberite mati\u010dnu instituciju",
"ro": "Alege\u021bi institu\u021bia de origine",
"eu": "Jatorrizko erakundea hautatu"
},
"help_desk_link": {
"no": "Hjemmesiden til brukerst\u00f8tte",
@ -513,7 +561,7 @@
"pl": "Strona domowa pomocy technicznej (Helpdesk)",
"cs": "Help desk",
"tr": "Yard\u0131m anasayfas\u0131",
"lt": "Vartotoj\u0173 aptarnavimo puslapis",
"lt": "Naudotoj\u0173 aptarnavimo puslapis",
"it": "Homepage del servizio di assistenza",
"ja": "\u30d8\u30eb\u30d7\u30c7\u30b9\u30af\u30da\u30fc\u30b8",
"zh-tw": "\u5354\u52a9\u9801\u9762",
@ -523,7 +571,10 @@
"zh": "\u670d\u52a1\u53f0\u7684\u4e3b\u9875",
"ar": "\u0635\u0641\u062d\u0629 \u0627\u0644\u0645\u0633\u0627\u0639\u062f\u0629",
"id": "Homepage Help desk",
"sr": "Stranice slu\u017ebe za podr\u0161ku korisnicima"
"lv": "Pal\u012bdz\u012bbas dienesta interneta lapa",
"sr": "Stranice slu\u017ebe za podr\u0161ku korisnicima",
"ro": "Pagina echipei de suport tehnic",
"eu": "Laguntza teknikoaren orria "
},
"help_desk_email": {
"no": "Send e-post til brukerst\u00f8tte",
@ -543,7 +594,7 @@
"pl": "wy\u015blij e-mail do helpdesku",
"cs": "Email helpdesku zasl\u00e1n.",
"tr": "Yard\u0131m'a e-posta g\u00f6nderin",
"lt": "Si\u0173sti el. lai\u0161k\u0105 vartotoj\u0173 aptarnavimo specialistams",
"lt": "Si\u0173sti el. lai\u0161k\u0105 naudotoj\u0173 aptarnavimo specialistams",
"it": "Invia una mail al servizio di assistenza",
"ja": "\u30d8\u30eb\u30d7\u30c7\u30b9\u30af\u306b\u30e1\u30fc\u30eb\u3059\u308b",
"zh-tw": "\u50b3\u9001 e-mail \u5c0b\u6c42\u5354\u52a9",
@ -553,7 +604,10 @@
"zh": "\u53d1\u9001Email\u7ed9\u670d\u52a1\u53f0",
"ar": "\u0627\u0631\u0633\u0644 \u0625\u064a\u0645\u064a\u0644 \u0644\u0635\u0641\u062d\u0629 \u0627\u0644\u0645\u0633\u0627\u0639\u062f\u0629",
"id": "Kirim e-mail ke help dek",
"sr": "Po\u0161alji e-mail slu\u017ebi za podr\u0161ku korisnicima"
"lv": "S\u016bt\u012bt e-pastu pal\u012bdz\u012bbas dienestam",
"sr": "Po\u0161alji e-mail slu\u017ebi za podr\u0161ku korisnicima",
"ro": "Trimite\u021bi un mesaj la echipa de suport tehnic",
"eu": "Bidali posta laguntza teknikoari"
},
"next": {
"no": "Fortsett",
@ -583,6 +637,9 @@
"zh": "\u4e0b\u4e00\u6b65",
"ar": "\u0627\u0644\u062a\u0627\u0644\u064a",
"id": "Selanjutnya",
"sr": "Dalje"
"lv": "T\u0101l\u0101k",
"sr": "Dalje",
"ro": "Urm\u0103torul pas",
"eu": "Hurrengoa"
}
}

View File

@ -16,6 +16,7 @@
"pt": "Sa\u00edda efectuada com sucesso",
"pl": "Wylogowano",
"cs": "Odhl\u00e1\u0161en",
"eu": "Saioa itxita.",
"tr": "\u00c7\u0131kt\u0131n\u0131z",
"it": "Disconnesso",
"lt": "Atsijungta",
@ -25,15 +26,18 @@
"he": "\u05d4\u05ea\u05e0\u05ea\u05e7\u05d5\u05ea \u05de\u05d4\u05de\u05e2\u05e8\u05db\u05ea",
"zh": "\u9000\u51fa",
"ar": "\u062e\u0631\u0648\u062c",
"lv": "Atsl\u0113dzies",
"id": "Log out",
"sr": "Odjavljeni ste"
"sr": "Odjavljeni ste",
"ro": "Ie\u0219ire din sistem (deautentificare)",
"ru": "\u0423\u0441\u043f\u0435\u0448\u043d\u044b\u0439 \u0432\u044b\u0445\u043e\u0434"
},
"logged_out_text": {
"no": "Du er n\u00e5 utlogget.",
"nn": "Du har blitt logga ut. Takk for at du brukte denne tenesta.",
"sv": "Du har blivit uloggad. Tack f\u00f6r att du anv\u00e4nde denna tj\u00e4nst.",
"es": "Ha sido desconectado. Gracias por usar este servicio.",
"fr": "Vous avez \u00e9t\u00e9 d\u00e9connect\u00e9. Merci d'utiliser ce service.",
"fr": "Vous avez \u00e9t\u00e9 d\u00e9connect\u00e9. Merci d'avoir utilis\u00e9 ce service.",
"de": "Sie wurden abgemeldet. Danke, dass Sie diesen Dienst verwendet haben.",
"nl": "U bent uitgelogd. Dank u voor het gebruiken van deze dienst.",
"sl": "Odjava je bila uspe\u0161na. Hvala, ker uporabljate to storitev.",
@ -45,6 +49,7 @@
"pt": "Sa\u00edda efectuada com sucesso. Obrigado por ter usado este servi\u00e7o.",
"pl": "Zosta\u0142e\u015b wylogowany. Dzi\u0119kuj\u0119 za skorzystanie z serwisu.",
"cs": "Jste odhl\u00e1\u0161en. D\u011bkujeme za pou\u017eit\u00ed t\u00e9to slu\u017eby.",
"eu": "Saioa itxi da.",
"tr": "\u00c7\u0131kt\u0131n\u0131z",
"it": "Sei stato disconnesso",
"lt": "J\u016bs buvote atjungtas nuo sistemos.",
@ -54,8 +59,11 @@
"he": "\u05d4\u05ea\u05e0\u05ea\u05e7\u05ea \u05de\u05df \u05d4\u05de\u05e2\u05e8\u05db\u05ea",
"zh": "\u4f60\u5df2\u7ecf\u9000\u51fa\u4e86",
"ar": "\u0644\u0642\u062f\u062e\u0631\u0648\u062c \u0644\u0642\u062f \u0642\u0645\u062a \u0628\u0627\u0644\u062e\u0631\u0648\u062c",
"lv": "J\u016bs esat izg\u0101jis no sist\u0113mas.",
"id": "Anda telah log out.",
"sr": "Uspe\u0161no ste se odjavili."
"sr": "Uspe\u0161no ste se odjavili.",
"ro": "A\u021bi fost deautentificat",
"ru": "\u0412\u044b \u0443\u0441\u043f\u0435\u0448\u043d\u043e \u0432\u044b\u0448\u043b\u0438 \u0438\u0437 \u0441\u0438\u0441\u0442\u0435\u043c\u044b"
},
"default_link_text": {
"no": "G\u00e5 tilbake til simpleSAMLphp installasjonen sin startside.",
@ -83,8 +91,12 @@
"he": "\u05d7\u05d6\u05d5\u05e8 \u05dc\u05d3\u05e3 \u05d4\u05d4\u05ea\u05e7\u05e0\u05d4 \u05e9\u05dc simpleSAMLphp",
"zh": "\u8fd4\u56desimpleSAMLphp\u5b89\u88c5\u9875\u9762",
"ar": "\u0639\u062f \u0644\u0635\u0641\u062d\u0629 \u0625\u0646\u0632\u0627\u0644 simpleSAMLphp",
"lv": "Iet atpaka\u013c uz simpleSAMLphp instal\u0101cijas lapu",
"id": "Kembali ke halaman instalasi simpleSAMLphp",
"sr": "Natrag na po\u010detnu stranicu simpleSAMLphp instalacije"
"sr": "Natrag na po\u010detnu stranicu simpleSAMLphp instalacije",
"ro": "Merge\u021bi \u00eenapoi la pagina de instalare a simpleSAMLphp",
"ru": "\u0412\u0435\u0440\u043d\u0443\u0442\u044c\u0441\u044f \u043d\u0430 \u0441\u0442\u0440\u0430\u043d\u0438\u0446\u0443 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0438 simpleSAMLphp",
"eu": "Itzuli simpleSAMLphp instalazio orrira "
},
"hold": {
"no": "P\u00e5 vent",
@ -112,8 +124,12 @@
"pt-br": "Aguardando",
"zh": "\u4fdd\u6301",
"ar": "\u0628\u0627\u0644\u0627\u0646\u062a\u0638\u0627\u0631 ",
"lv": "Aptur\u0113ts",
"id": "Ditahan",
"sr": "Na \u010dekanju"
"sr": "Na \u010dekanju",
"ro": "\u00cen a\u0219teptare",
"ru": "\u0412 \u0441\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0438 \u043e\u0436\u0438\u0434\u0430\u043d\u0438\u044f",
"eu": "Itxaroten"
},
"completed": {
"no": "Fullf\u00f8rt",
@ -141,8 +157,12 @@
"pt-br": "Completado",
"zh": "\u5b8c\u6210",
"ar": "\u0627\u0643\u062a\u0645\u0644",
"lv": "Pabeigts",
"id": "Selesai",
"sr": "Zavr\u0161eno"
"sr": "Zavr\u0161eno",
"ro": "Terminat",
"ru": "\u0412\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u043e",
"eu": "Amaitua"
},
"progress": {
"no": "Logger ut...",
@ -160,6 +180,7 @@
"pt": "A sair...",
"pl": "Wylogowywanie...",
"cs": "Odhla\u0161uji...",
"eu": "Saioa ixten...",
"tr": "\u00c7\u0131k\u0131yor",
"lt": "Atjungiama...",
"it": "Disconnessione...",
@ -170,8 +191,11 @@
"pt-br": "Saindo do servi\u00e7o...",
"zh": "\u6b63\u5728\u9000\u51fa",
"ar": "\u062a\u0633\u062c\u064a\u0644 \u0627\u0644\u062e\u0631\u0648\u062c",
"lv": "Atsl\u0113g\u0161an\u0101s...",
"id": "Log out...",
"sr": "Odjava u toku..."
"sr": "Odjava u toku...",
"ro": "Deautentificare ...",
"ru": "\u0412\u044b\u0445\u043e\u0434 \u0438\u0437 \u0441\u0438\u0441\u0442\u0435\u043c\u044b..."
},
"failed": {
"no": "Utlogging feilet",
@ -199,8 +223,12 @@
"pt-br": "Falha ao sair do servi\u00e7o",
"zh": "\u9000\u51fa\u5931\u8d25",
"ar": "\u062a\u0633\u062c\u064a\u0644 \u062e\u0631\u0648\u062c \u0641\u0627\u0634\u0644",
"lv": "Atsl\u0113g\u0161an\u0101s neizdev\u0101s",
"id": "Log out gagal",
"sr": "Odjava nije uspela"
"sr": "Odjava nije uspela",
"ro": "Deautentificarea a e\u0219uat",
"ru": "\u0412\u044b\u0445\u043e\u0434 \u0437\u0430\u0432\u0435\u0440\u0448\u0435\u043d \u043d\u0435\u0443\u0434\u0430\u0447\u043d\u043e",
"eu": "Saioa ixteko prozesuak huts egin du"
},
"return": {
"no": "Tilbake til tjenesten",
@ -218,6 +246,7 @@
"pt": "Regressar ao servi\u00e7o",
"pl": "Powr\u00f3t do serwisu",
"cs": "Zp\u00e1tky na slu\u017ebu",
"eu": "Itzuli zerbitzura",
"tr": "Servise geri d\u00f6n",
"lt": "Gr\u012f\u017eti \u012f paslaug\u0105",
"it": "Ritornare al servizio",
@ -228,8 +257,11 @@
"pt-br": "Retornar ao servi\u00e7o",
"zh": "\u8fd4\u56de\u81f3\u670d\u52a1",
"ar": "\u0639\u062f \u0644\u0644\u062e\u062f\u0645\u0629",
"lv": "Atgriezties pie servisa",
"id": "Kembali ke layanan",
"sr": "Povratak u aplikaciju"
"sr": "Povratak u aplikaciju",
"ro": "\u00centoarcere la serviciu",
"ru": "\u0412\u0435\u0440\u043d\u0443\u0442\u044c\u0441\u044f \u043a \u0441\u043b\u0443\u0436\u0431\u0435"
},
"success": {
"no": "Du har n&aring; logget ut fra alle tjenestene listet ovenfor.",
@ -257,8 +289,12 @@
"pt-br": "Voc\u00ea saiu com sucesso de todos os servi\u00e7os listados acima.",
"zh": "\u4f60\u6210\u529f\u7684\u9000\u51fa\u4e86\u4e0a\u9762\u5217\u8868\u4e2d\u7684\u670d\u52a1",
"ar": "\u062a\u0633\u062c\u064a\u0644 \u062e\u0631\u0648\u062c \u0646\u0627\u062c\u062d \u0645\u0646 \u062c\u0645\u064a\u0639 \u0627\u0644\u062e\u062f\u0645\u0627\u062a \u0623\u0639\u0644\u0627\u0647 ",
"lv": "J\u016bs esat sekm\u012bgi atsl\u0113dzies un augst\u0101k uzskait\u012btajiem servisiem.",
"id": "Anda telah berhasil log out dari semua layanan yang tercantuh diatas.",
"sr": "Uspe\u0161no ste se odjavili iz svih gore navedenih servisa."
"sr": "Uspe\u0161no ste se odjavili iz svih gore navedenih servisa.",
"ro": "A\u021bi fost deautentificat de la toate serviciile enumerate mai sus.",
"ru": "\u0412\u044b \u0443\u0441\u043f\u0435\u0448\u043d\u043e \u0432\u044b\u0448\u043b\u0438 \u0438\u0437 \u0432\u0441\u0435\u0445 \u0441\u043b\u0443\u0436\u0431 \u043f\u0435\u0440\u0435\u0447\u0438\u0441\u043b\u0435\u043d\u043d\u044b\u0445 \u0432\u044b\u0448\u0435.",
"eu": "Hemen adierazten den zerrendako zerbitzu guztietako saioak zuzen itxi dira"
},
"loggedoutfrom": {
"no": "Du er n\u00e5 logget ut fra %SP%.",
@ -286,8 +322,12 @@
"pt-br": "Voc\u00ea est\u00e1 saiu com sucesso de %SP%.",
"zh": "\u4f60\u5df2\u6210\u529f\u4ece%SP%\u9000\u51fa",
"ar": "\u0644\u0642\u062f \u062e\u0631\u062c\u062a \u0628\u0646\u062c\u0627\u062d \u0645\u0646 %SP%",
"lv": "J\u016bs esat sekm\u012bgi atsl\u0113dzies no %SP%.",
"id": "Sekarang anda telah sukses log out dari %SP%.",
"sr": "Uspe\u0161no ste odjavljeni iz %SP%."
"sr": "Uspe\u0161no ste odjavljeni iz %SP%.",
"ro": "A\u021bi fost deautentificat din %SP%.",
"ru": "\u0412\u044b \u0443\u0441\u043f\u0435\u0448\u043d\u043e \u0432\u044b\u0448\u043b\u0438 \u0438\u0437 \u0441\u043b\u0443\u0436\u0431\u044b %SP%.",
"eu": "%SP% saioa zuzen itxi da."
},
"also_from": {
"no": "Du er ogs\u00e5 logget inn p\u00e5 disse tjenestene:",
@ -315,8 +355,12 @@
"pt-br": "Voc\u00ea tamb\u00e9m est\u00e1 logado nestes servi\u00e7os:",
"zh": "\u4f60\u540c\u65f6\u767b\u5f55\u8fd9\u4ee5\u4e0b\u8fd9\u4e9b\u670d\u52a1",
"ar": "\u0644\u0642\u062f \u0642\u0645\u062a \u0628\u062a\u0633\u062c\u064a\u0644 \u0627\u0644\u062f\u062e\u0648\u0644 \u0644\u0644\u062e\u062f\u0645\u0627\u062a ",
"lv": "J\u016bs esat piesl\u0113dzies ar\u012b pie \u0161iem servisiem:",
"id": "Anda juga telah log out dari layanan berikut: ",
"sr": "Tako\u0111e ste prijavljeni u slede\u0107im servisima:"
"sr": "Tako\u0111e ste prijavljeni u slede\u0107im servisima:",
"ro": "Sunte\u021bi autentificat \u0219i la urm\u0103toarele servicii:",
"ru": "\u0412\u044b \u0442\u0430\u043a\u0436\u0435 \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0435\u043d\u044b \u043a \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u043c \u0441\u043b\u0443\u0436\u0431\u0430\u043c:",
"eu": "Zerbitzu hauetan ere kautotuta zaude:"
},
"logout_all_question": {
"no": "Vil du logge ut fra alle tjenestene ovenfor?",
@ -332,6 +376,7 @@
"pt": "Deseja sair de todos os servi\u00e7os listados em cima?",
"pl": "Czy chcesz zosta\u0107 wylogowany z powy\u017cszych serwis\u00f3w?",
"cs": "Chcete se odhl\u00e1sit ze v\u0161ech t\u011bchto slu\u017eeb?",
"eu": "Goian agertzen diren zerbitzu guztietako saioak itxi nahi al dituzu?",
"tr": "Yukar\u0131daki t\u00fcm servislerden \u00e7\u0131kmak istiyor musunuz?",
"it": "Vuoi disconnetterti da tutti i servizi qui sopra riportati?",
"fi": "Haluatko uloskirjautua edell\u00e4mainituista palveluista?",
@ -344,8 +389,11 @@
"pt-br": "Voc\u00ea quer sair de todos os servi\u00e7os acima?",
"zh": "\u4f60\u60f3\u540c\u65f6\u4ece\u4e0a\u9762\u7684\u8fd9\u4e9b\u670d\u52a1\u4e2d\u9000\u51fa\u5417\uff1f",
"ar": "\u0647\u0644 \u062a\u0631\u063a\u0628 \u0628\u062a\u0633\u062c\u064a\u0644 \u0627\u0644\u062e\u0631\u0648\u062c \u0645\u0646 \u062c\u0645\u064a\u0639 \u0627\u0644\u062e\u062f\u0645\u0627\u062a \u0623\u0639\u0644\u0627\u061f",
"lv": "Vai v\u0113laties atsl\u0113gties no visiem uzskait\u012btajiem servisiem?",
"id": "Apakah anda ingin logout dari semua layanan diatas ?",
"sr": "\u017delite li se odjaviti iz svih gore navedenih servisa?"
"sr": "\u017delite li se odjaviti iz svih gore navedenih servisa?",
"ro": "Dori\u021bi s\u0103 v\u0103 deautentifica\u021bi de la toate serviciile de mai sus ?",
"ru": "\u0412\u044b \u0445\u043e\u0442\u0438\u0442\u0435 \u0432\u044b\u0439\u0442\u0438 \u0438\u0437 \u0432\u0441\u0435\u0445 \u0441\u043b\u0443\u0436\u0431, \u043f\u0435\u0440\u0435\u0447\u0438\u0441\u043b\u0435\u043d\u043d\u044b\u0445 \u0432\u044b\u0448\u0435?"
},
"logout_all": {
"no": "Ja, alle tjenestene over",
@ -362,6 +410,7 @@
"pt": "Sim, todos os servi\u00e7os",
"pl": "Tak, wszystkie serwisy",
"cs": "Ano, v\u0161echny slu\u017eby",
"eu": "Bai, zerbitzu guztiak",
"tr": "Evet, t\u00fcm servisler.",
"it": "Si, da tutti i servizi",
"hr": "Da, iz svih servisa",
@ -373,14 +422,17 @@
"pt-br": "Sim, todos os servi\u00e7os",
"zh": "\u662f\u7684\uff0c\u6240\u6709\u7684\u670d\u52a1",
"ar": "\u0646\u0639\u0645 \u0645\u0646 \u062c\u0645\u064a\u0639 \u0627\u0644\u062e\u062f\u0645\u0627\u062a",
"lv": "J\u0101, no visiem",
"id": "Ya, semua layanan",
"sr": "Da, iz svih servisa"
"sr": "Da, iz svih servisa",
"ro": "Da, toate serviciile",
"ru": "\u0414\u0430, \u0434\u043b\u044f \u0432\u0441\u0435\u0445 \u0441\u043b\u0443\u0436\u0431"
},
"logout_only": {
"no": "Nei, bare %SP%",
"nn": "Nei, logg berre ut fr\u00e5 %SP%",
"sv": "Nej, endast %SP%",
"es": "No, s\u00f3lo %SPS",
"es": "No, s\u00f3lo %SP%",
"fr": "Non, seulement de %SP%",
"de": "Nein, nur %SP%",
"nl": "Nee, alleen %SP%",
@ -391,6 +443,7 @@
"pt": "N\u00e3o, apenas %SP%",
"pl": "Nie, tylko %SP%",
"cs": "Ne, jen %SP%",
"eu": "Ez, %SP% bakarrik",
"tr": "Hay\u0131r, sadece %SP%",
"it": "No, solo da %SP%",
"hr": "Ne, samo iz %SP%",
@ -402,8 +455,11 @@
"pt-br": "N\u00e3o, apenas de %SP%",
"zh": "\u4e0d\uff0c\u4ec5%SP%",
"ar": "\u0644\u0627 \u0645\u0646 %SP% \u0641\u0642\u0637",
"lv": "N\u0113, tikai %SP%",
"id": "Tidak, hanya %SP%",
"sr": "Ne, samo iz %SP%"
"sr": "Ne, samo iz %SP%",
"ro": "Nu, doar %SP%",
"ru": "\u041d\u0435\u0442, \u0442\u043e\u043b\u044c\u043a\u043e \u0434\u043b\u044f \u0441\u043b\u0443\u0436\u0431\u044b %SP%"
},
"incapablesps": {
"no": "En eller flere av tjenestene du er logget inn p\u00e5 <i>st\u00f8tter ikke logout<\/i>. Lukk nettleseren, dersom du \u00f8nsker \u00e5 logge ut fra disse tjenestene.",
@ -431,8 +487,12 @@
"pt-br": "Um ou mais dos servi\u00e7os que voc\u00ea est\u00e1 conectado <i>n\u00e3o suportam logout.<\/i> Para garantir que todas as suas sess\u00f5es ser\u00e3o fechadas, incentivamos voc\u00ea a <i>fechar seu navegador<\/i>.",
"zh": "\u4e00\u4e2a\u6216\u591a\u4e2a\u4f60\u5df2\u767b\u5f55\u7684\u670d\u52a1<i>\u4e0d\u652f\u6301\u9000\u51fa<\/i>\uff0c\u8bf7\u786e\u8ba4\u4f60\u6240\u6709sessions\u5df2\u5173\u95ed\uff0c\u6211\u4eec\u9f13\u52b1\u4f60 <i>\u5173\u95ed\u6d4f\u89c8\u5668<\/i>",
"ar": "\u0648\u0627\u062d\u062f\u0629 \u0627\u0648 \u0627\u0643\u062b\u0631 \u0645\u0646 \u0627\u0644\u062e\u062f\u0645\u0627\u062a \u0627\u0644\u062a\u064a \u0642\u0645\u062a \u0628\u062a\u0633\u062c\u064a\u0644 \u062f\u062e\u0648\u0644\u0643 \u0628\u0647\u0627 \u0644\u0627 \u062a\u062f\u0639\u0645 \u062a\u0633\u062c\u064a\u0644 \u0627\u0644\u062e\u0631\u0648\u062c. \u0644\u0644\u062a\u0623\u0643\u062f \u0645\u0646 \u0627\u0646 \u062c\u0645\u064a\u0639 \u0635\u0641\u062d\u0627\u062a\u0643 \u0642\u062f \u062a\u0645 \u0625\u063a\u0644\u0627\u0642\u0647\u0627 \u0642\u0645 \u0628\u0625\u063a\u0644\u0627\u0642 \u0645\u062a\u0635\u0641\u062d\u0643",
"lv": "Viens vai vair\u0101ki J\u016bsu izmantotie servisi <i>neatbalsta atsl\u0113g\u0161anos<\/i>. Lai aizv\u0113rtu visas sesijas, <i>aizveriet savu interneta p\u0101rl\u016bku<\/i>.",
"id": "Satu atau beberapa layanan yang anda telah login <i>tidak mendukung logout<\/i>.Untuk meyakinkan semua session anda ditutup, anda disarankan untuk <i>menutup web browser anda<\/i>.",
"sr": "Jedan ili vi\u0161e servisa na koje ste prijavljeni <i>ne podr\u017eava odjavljivanje<\/i>. Da biste bili sigurni da su sve va\u0161e sesije zavr\u0161ene, preporu\u010dujemo da <i>zatvorite web pretra\u017eiva\u010d<\/i>."
"sr": "Jedan ili vi\u0161e servisa na koje ste prijavljeni <i>ne podr\u017eava odjavljivanje<\/i>. Da biste bili sigurni da su sve va\u0161e sesije zavr\u0161ene, preporu\u010dujemo da <i>zatvorite web pretra\u017eiva\u010d<\/i>.",
"ro": "Unul sau mai multe servicii \u00een care sunte\u021bi autentificat <i>nu suport\u0103 deautentificare<\/i>. Pentru a fi sigur c\u0103 toate sesiunile sunt \u00eenchise, v\u0103 rug\u0103m s\u0103 \u00eenchide\u021bi <i>browser-ul<\/i>.",
"ru": "\u041d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0441\u043b\u0443\u0436\u0431\u044b, \u043a \u043a\u043e\u0442\u043e\u0440\u044b\u043c \u0432\u044b \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0435\u043d\u044b, <i>\u043d\u0435 \u043f\u043e\u0434\u0434\u0435\u0436\u0438\u0432\u0430\u044e\u0442 \u0432\u044b\u0445\u043e\u0434 \u0438\u0437 \u0441\u0438\u0441\u0442\u0435\u043c\u044b<\/i>. \u0414\u043b\u044f \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0437\u0430\u043a\u0440\u044b\u0442\u0438\u044f \u0432\u0441\u0435\u0445 \u0441\u0435\u0441\u0441\u0438\u0439, <i>\u0437\u0430\u043a\u0440\u043e\u0439\u0442\u0435 \u0432\u0430\u0448 \u0431\u0440\u0430\u0443\u0437\u0435\u0440<\/i>.",
"eu": "Kautotuta zauden zerbitzu bat edo batzuk <i>ez dute uzten saioa ixten<\/i>. Zure saio guztiak ixten direla ziurtatzeko, <i>zure nabigatzaileko leiho guztiak ixtea<\/i> gomendatzen da."
},
"no": {
"no": "Nei",
@ -449,6 +509,7 @@
"pt": "N\u00e3o",
"pl": "Nie",
"cs": "Ne",
"eu": "Ez",
"tr": "Hay\u0131r",
"it": "No",
"hr": "Ne",
@ -460,8 +521,11 @@
"pt-br": "N\u00e3o",
"zh": "\u4e0d",
"ar": "\u0644\u0627",
"lv": "N\u0113",
"id": "Tidak",
"sr": "Ne"
"sr": "Ne",
"ro": "Nu",
"ru": "\u041d\u0435\u0442"
},
"logging_out_from": {
"sl": "Odjava iz naslednjih storitev:",
@ -486,8 +550,13 @@
"pt-br": "Saindo dos seguintes servi\u00e7os:",
"zh": "\u4ece\u4e0b\u5217\u670d\u52a1\u4e2d\u9000\u51fa",
"ar": "\u062a\u0633\u062c\u064a\u0644 \u062e\u0631\u0648\u062c \u0645\u0646 \u0627\u0644\u062e\u062f\u0645\u0627\u062a \u0623\u062f\u0646\u0627\u0647 ",
"lv": "Atsl\u0113g\u0161an\u0101s no \u0161iem servisiem:",
"id": "Log out dari layanan-layanan berikut:",
"sr": "Odjavljujete se iz slede\u0107ih servisa"
"sr": "Odjavljujete se iz slede\u0107ih servisa",
"cs": "Odhl\u00e1\u0161en\u00ed z n\u00e1sleduj\u00edc\u00edch slu\u017eeb:",
"ro": "Deautentificare din urm\u0103toarele servicii:",
"ru": "\u0412\u044b\u0445\u043e\u0434 \u0438\u0437 \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0445 \u0441\u043b\u0443\u0436\u0431:",
"eu": "Honako zerbitzu hauen saioak itxi:"
},
"failedsps": {
"sl": "Odjava z ene ali ve\u010d storitev ni uspela. Odjavo dokon\u010dajte tako, da <i>zaprete spletni brskalnik<\/i>.",
@ -511,7 +580,12 @@
"pt-br": "Incapaz de sair de um ou mais servi\u00e7os. Para garantir que todas as suas sess\u00f5es ser\u00e3o fechadas, incentivamos voc\u00ea a <i>fechar seu navegador<\/i>.",
"zh": "\u65e0\u6cd5\u4ece\u4e00\u4e2a\u6216\u8005\u591a\u4e2a\u670d\u52a1\u4e2d\u9000\u51fa\uff0c\u8bf7\u786e\u8ba4\u4f60\u6240\u6709sessions\u5df2\u5173\u95ed\uff0c\u6211\u4eec\u9f13\u52b1\u4f60 <i>\u5173\u95ed\u6d4f\u89c8\u5668<\/i>",
"ar": "\u0644\u0645 \u0627\u0633\u062a\u0637\u0639 \u062a\u0633\u062c\u064a\u0644 \u0627\u0644\u062e\u0631\u0648\u062c \u0645\u0646 \u0648\u0627\u062d\u062f\u0629 \u0627\u0648 \u0627\u0643\u062b\u0631 \u0645\u0646 \u0627\u0644\u062e\u062f\u0645\u0627\u062a. \u0644\u0644\u062a\u0623\u0643\u062f \u0645\u0646 \u0627\u0646 \u062c\u0645\u064a\u0639 \u0635\u0641\u062d\u0627\u062a\u0643 \u0642\u062f \u0623\u063a\u0644\u0642\u062a \u0642\u0645 \u0628\u0625\u063a\u0644\u0627\u0642 \u0645\u062a\u0635\u0641\u062d\u0643",
"lv": "Nav iesp\u0113jams atsl\u0113gties no viena vai vair\u0101kiem servisiem. Lai aizv\u0113rtu visas sesijas, <i>aizveriet savu interneta p\u0101rl\u016bku<\/i>.",
"id": "Tidak dapat log out dari satu atau beberapa layanan. Untuk memastikan semua session anda ditutup, anda disaranakan untuk <i>menutup web browser anda<\/i>.",
"sr": "Odjavljivanje iz jednog ili vi\u0161e servisa nije uspelo. Da biste bili sigurni da su sve va\u0161e sesija zavr\u0161ene, preporu\u010dujemo da <i>zatvorite web pretra\u017eiva\u010d<\/i>."
"sr": "Odjavljivanje iz jednog ili vi\u0161e servisa nije uspelo. Da biste bili sigurni da su sve va\u0161e sesija zavr\u0161ene, preporu\u010dujemo da <i>zatvorite web pretra\u017eiva\u010d<\/i>.",
"cs": "Odhl\u00e1\u0161en\u00ed z jedn\u00e9 nebo z v\u00edce slu\u017eeb se nezda\u0159ilo. Aby bylo zaji\u0161t\u011bno, \u017ee v\u0161echny va\u0161e relace budou uzav\u0159eny, doporu\u010dujeme <i>ukon\u010dit v\u00e1\u0161 webov\u00fd prohl\u00ed\u017ee\u010d<\/i>.",
"ro": "Nu a fost posibil\u0103 deautentificarea pentru unul sau mai multe servicii. Pentru a fi sigur c\u0103 toate sesiunile sunt \u00eenchise, v\u0103 rug\u0103m s\u0103 \u00eenchide\u021bi <i>browser-ul<\/i>.",
"ru": "\u041d\u0435\u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e \u0432\u044b\u0439\u0442\u0438 \u0438\u0437 \u043d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u0441\u043b\u0443\u0436\u0431. \u0414\u043b\u044f \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0437\u0430\u043a\u0440\u044b\u0442\u0438\u044f \u0432\u0441\u0435\u0445 \u0441\u0435\u0441\u0441\u0438\u0439, <i>\u0437\u0430\u043a\u0440\u043e\u0439\u0442\u0435 \u0432\u0430\u0448 \u0431\u0440\u0430\u0443\u0437\u0435\u0440<\/i>. ",
"eu": "Ezinezkoa da zerbitzu bat edo batzuen saioak ixtea. Zure saio guztiak itxi direla ziurtatzeko, <i>zure web nabigatzailea ixtea<\/i> gomendatzen da. "
}
}

View File

@ -16,6 +16,7 @@
"pt": "Exemplo de demonstra\u00e7\u00e3o do SP SAML 2.0",
"pl": "Przyk\u0142adowe Demo SAML 2.0 SP",
"cs": "SAML 2.0 SP Demo",
"eu": "SAML 2.0 SP Adibidea",
"tr": "SAML 2.0 SP Demo \u00d6rne\u011fi",
"it": "Demo di SAML 2.0 SP",
"lt": "SAML 2.0 SP Demonstracin\u0117s versijos Pavyzdys",
@ -25,8 +26,11 @@
"he": "\u05d4\u05d3\u05d2\u05de\u05ea \u05d3\u05d5\u05d2\u05de\u05d4 \u05dc\u05e1\"\u05e9 \u05de\u05e1\u05d5\u05d2 SAML 2.0",
"zh": "SAML 2.0 SP\u6f14\u793a\u6848\u4f8b",
"ar": "\u0627\u0633\u062a\u0639\u0631\u0627\u0636 \u0645\u062b\u0627\u0644 \u0644 SAML 2.0 SP",
"lv": "SAML 2.0 SP demonstr\u0101cijas piem\u0113rs",
"id": "Contoh Demo SAML 2.0 SP",
"sr": "SAML 2.0 SP Demo Primer"
"sr": "SAML 2.0 SP Demo Primer",
"ro": "Exemplu demonstrativ de furnizor de servicii SAML 2.0",
"ru": "\u0414\u0435\u043c\u043e \u043f\u0440\u0438\u043c\u0435\u0440 \u0441\u0435\u0440\u0432\u0438\u0441 \u043f\u0440\u043e\u0432\u0430\u0439\u0434\u0435\u0440\u0430 SAML 2.0 SP"
},
"header_shib": {
"no": "Shibboleth Demo",
@ -45,6 +49,7 @@
"pt": "Exemplo de demonstra\u00e7\u00e3o do SP Shibboleth 1.3",
"pl": "Demo Shibboleth",
"cs": "Shibboleth demo",
"eu": "Shibboleth Adibidea",
"tr": "Shibboleth demo",
"it": "Demo di Shibboleth",
"lt": "Shibboleth demonstracin\u0117 versija",
@ -54,8 +59,11 @@
"he": "\u05d4\u05d3\u05d2\u05de\u05d4 \u05dc- Shibboleth",
"zh": "Shibboleth\u6f14\u793a",
"ar": "\u0627\u0633\u062a\u0639\u0631\u0627\u0636 Shibboleth",
"lv": "Shibboleth demo",
"id": "Demo Shibboleth",
"sr": "Shibboleth Demo"
"sr": "Shibboleth Demo",
"ro": "Demo Shibboleth",
"ru": "Shibboleth \u0434\u0435\u043c\u043e"
},
"header_wsfed": {
"no": "WS-Fed SP Demo Eksempel",
@ -74,6 +82,7 @@
"pt": "Exemplo de demonstra\u00e7\u00e3o do SP WS-Fed",
"pl": "Przyk\u0142adowe Demo WS-Fed SP",
"cs": "WS-Fed SP Demo",
"eu": "WS-Fed SP Adibidea",
"tr": "WS-Fed SP Demo \u00d6rne\u011fi",
"it": "Demo di WS-Fed SP",
"lt": "WS-Fed SP Demonstracin\u0117s versijos Pavyzdys",
@ -83,8 +92,11 @@
"he": "\u05d4\u05d3\u05d2\u05de\u05ea \u05d3\u05d5\u05d2\u05de\u05d4 \u05dc\u05e1\"\u05e9 \u05de\u05e1\u05d5\u05d2 WS-Fed",
"zh": "WS-Fed SP \u6f14\u793a\u6848\u4f8b",
"ar": "\u0627\u0633\u062a\u0639\u0631\u0627\u0636 \u0645\u062b\u0627\u0644 \u0644 WS-Fed",
"lv": "WS-Fed SP demonstr\u0101cijas piem\u0113rs",
"id": "Contoh Demo WS-Fed SP",
"sr": "WS-Fed SP Demo Primer"
"sr": "WS-Fed SP Demo Primer",
"ro": "Exemplu demonstrativ de WS-Fed",
"ru": "\u0414\u0435\u043c\u043e \u043f\u0440\u0438\u043c\u0435\u0440 \u0441\u0435\u0440\u0432\u0438\u0441 \u043f\u0440\u043e\u0432\u0430\u0439\u0434\u0435\u0440\u0430 WS-Fed SP"
},
"header_diagnostics": {
"no": "SimpleSAMLphp diagnostikk",
@ -103,6 +115,7 @@
"pt": "Diagn\u00f3sticos do simpleSAMLphp",
"pl": "Diagnostyka SimpleSAMLphp",
"cs": "SimpleSAMLphp diagnostika",
"eu": "simpleSAMLphp Diagnostikoa",
"tr": "SimpleSAMLphp Kontroller",
"it": "Diagnostici di SimpleSAMLphp",
"lt": "SimpleSAMLphp Diagnostika",
@ -112,8 +125,11 @@
"he": "\u05d0\u05d9\u05d1\u05d7\u05d5\u05df SimpleSAMLphp",
"zh": "SimpleSAMLphp \u8bca\u65ad",
"ar": "\u062a\u0634\u062e\u064a\u0635 SimpleSAMLphp",
"lv": "SimpleSAMLphp diagnostika",
"id": "Diagnostik SimpleSAMLphp",
"sr": "SimpleSAMLphp Dijagnostika"
"sr": "SimpleSAMLphp Dijagnostika",
"ro": "Diagnostic simpleSAMLphp",
"ru": "\u0414\u0438\u0430\u0433\u043d\u043e\u0441\u0442\u0438\u043a\u0430 SimpleSAMLphp"
},
"some_error_occurred": {
"no": "En feil har oppst\u00e5tt",
@ -132,6 +148,7 @@
"pt": "Ocorreu um erro",
"pl": "Wystapi\u0142 jaki\u015b b\u0142\u0105d",
"cs": "Nalezena chyba",
"eu": "Errore bat jazo da",
"tr": "Hata olu\u015ftu",
"it": "Si \u00e8 verificato un errore",
"lt": "\u012evyko tam tikra klaida",
@ -141,8 +158,11 @@
"he": "\u05d4\u05ea\u05e8\u05d7\u05e9\u05d4 \u05e9\u05d2\u05d9\u05d0\u05d4",
"zh": "\u67d0\u4e9b\u9519\u8bef\u53d1\u751f\u4e86",
"ar": "\u0644\u0642\u062f \u062d\u062f\u062b \u062e\u0637\u0627 \u0645\u0627",
"lv": "Notikusi k\u013c\u016bda",
"id": "Beberapa error telah terjadi",
"sr": "Desila se gre\u0161ka"
"sr": "Desila se gre\u0161ka",
"ro": "A ap\u0103rut o eroare",
"ru": "\u041f\u0440\u043e\u0438\u0437\u043e\u0448\u043b\u0430 \u043e\u0448\u0438\u0431\u043a\u0430"
},
"intro": {
"no": "Hei, dette er en statusside p\u00e5 simpleSAMLphp. Her kan du se om sesjonen din er timet ut, hvor lenge det er til den timer ut og attributter som er knyttet til din sesjon.",
@ -170,8 +190,12 @@
"he": "\u05e9\u05dc\u05d5\u05dd, \u05d6\u05d4\u05d5 \u05d3\u05e3 \u05d4\u05de\u05e6\u05d1 \u05e9\u05dc simpleSAMLphp. \u05db\u05d0\u05df \u05d0\u05e4\u05e9\u05e8 \u05dc\u05e8\u05d0\u05d5\u05ea \u05d0\u05dd \u05d4\u05e9\u05d9\u05d7\u05d4 \u05d4\u05d5\u05e4\u05e1\u05e7\u05d4, \u05db\u05de\u05d4 \u05d6\u05de\u05df \u05d4\u05d9\u05d0 \u05ea\u05de\u05e9\u05d9\u05da \u05e2\u05d3 \u05dc\u05d4\u05e4\u05e1\u05e7\u05ea\u05d4 \u05d5\u05db\u05dc \u05d4\u05ea\u05db\u05d5\u05e0\u05d5\u05ea \u05d4\u05de\u05e6\u05d5\u05e8\u05e4\u05d5\u05ea \u05dc\u05e9\u05d9\u05d7\u05d4.",
"zh": "\u55e8\uff0c\u8fd9\u662fsimpleSAMLphp\u72b6\u6001\u9875\u3002\u8fd9\u91cc\u4f60\u53ef\u4ee5\u770b\u5230\uff0c\u5982\u679c\u60a8\u7684\u4f1a\u8bdd\u8d85\u65f6\uff0c\u5b83\u6301\u7eed\u591a\u4e45\uff0c\u76f4\u5230\u8d85\u65f6\u548c\u8fde\u63a5\u5230\u60a8\u7684\u4f1a\u8bdd\u7684\u6240\u6709\u5c5e\u6027\u3002",
"ar": "\u0645\u0631\u062d\u0628\u0627\u064b \u0628\u0643\u0645 \u0641\u064a \u0635\u0641\u062d\u0629 \u062d\u0627\u0644\u0629 SimpleSAMLphp. \u064a\u0645\u0643\u0646\u0643 \u0647\u0646\u0627 \u0645\u0631\u0627\u0642\u0628\u0629 \u0648\u0642\u062a \u0627\u0646\u062a\u0647\u0627\u0621 \u062c\u0644\u0633\u062a\u0643\u060c \u0641\u062a\u0631\u0629 \u0627\u0633\u062a\u0645\u0631\u0627\u0631\u0647\u0627\u060c \u0645\u062a\u064a \u0633\u062a\u0646\u062a\u0647\u064a \u0648 \u062c\u0645\u064a\u0639 \u0627\u0644\u0633\u0645\u0627\u062a \u0627\u0644\u0645\u0631\u062a\u0628\u0637\u0629 \u0628\u0627\u0644\u062c\u0644\u0633\u0629",
"lv": "\u0160\u012b ir SimpleSAMLphp statusa lapa. Te J\u016bs varat redz\u0113t vai J\u016bsu sesija ir p\u0101rtraukta, cik ilgi t\u0101 bijusi akt\u012bva un visus ar to saist\u012btos atrib\u016btus.",
"id": "Hai, ini adalah halaman status dari simpleSAMLphp. Disini anda dapat melihat jika session anda telah time out, berapa lama ia berlaku sampai time out dan semua attribut yang menempel pada session anda.",
"sr": "Ovo je stranica s prikazom aktuelnog stanja va\u0161e sesije. Na ovoj stranici mo\u017eete videti je li vam je istekla sesija, koliko \u0107e jo\u0161 dugo va\u0161a sesija trajati i sve atribute koji su vezani uz va\u0161u sesiju."
"sr": "Ovo je stranica s prikazom aktuelnog stanja va\u0161e sesije. Na ovoj stranici mo\u017eete videti je li vam je istekla sesija, koliko \u0107e jo\u0161 dugo va\u0161a sesija trajati i sve atribute koji su vezani uz va\u0161u sesiju.",
"ro": "Aceasta este pagina de stare pentru simpleSAMLphp. Aici pute\u021bi verifica dac\u0103 sesiunea dumneavoastr\u0103 a expirat, c\u00e2t timp mai este p\u00e2n\u0103 la expirarea sesiunii precum \u0219i toate atributele ata\u0219ate sesiunii dumneavoastr\u0103.",
"ru": "\u042d\u0442\u043e \u0441\u0442\u0440\u0430\u043d\u0438\u0446\u0430 \u0441\u043e \u0441\u0442\u0430\u0442\u0443\u0441\u043e\u043c SimpleSAMLphp. \u041c\u043e\u0436\u043d\u043e \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u0442\u044c \u0441\u043b\u0443\u0447\u0430\u0438 \u043e\u043a\u043e\u043d\u0447\u0430\u043d\u0438\u044f \u0441\u0435\u0441\u0441\u0438\u0438, \u043f\u0440\u043e\u0434\u043e\u043b\u0436\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0441\u0442\u044c \u0441\u0435\u0441\u0441\u0438\u0438 \u0434\u043e \u0438\u0441\u0442\u0435\u0447\u0435\u043d\u0438\u044f \u0441\u0440\u043e\u043a\u0430 \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f \u0438 \u0432\u0441\u0435 \u0430\u0442\u0440\u0438\u0431\u0443\u0442\u044b \u0432 \u0434\u0430\u043d\u043d\u043e\u0439 \u0441\u0435\u0441\u0441\u0438\u0438.",
"eu": "Kaixo, hau simpleSAMLphp-ren egoera orria da. Hemendik ikus dezakezu zure saioa iraungi den, zenbat denbora geratzen den hau gerta dadin eta zure saioan dauden atributu guztiak."
},
"validfor": {
"no": "Din sesjon er gyldig i %SECONDS% sekunder fra n\u00e5.",
@ -199,8 +223,12 @@
"he": "\u05d4\u05e9\u05d9\u05d7\u05d4 \u05e9\u05dc\u05da \u05d1\u05e8\u05ea-\u05ea\u05d5\u05e7\u05e3 \u05dc\u05e2\u05d5\u05d3 %SECONDS% \u05e9\u05e0\u05d9\u05d5\u05ea \u05de\u05e2\u05db\u05e9\u05d9\u05d5.",
"zh": "\u4f60\u7684\u4f1a\u8bdd\u5728%SECONDS%\u79d2\u5185\u6709\u6548",
"ar": "\u0633\u062a\u0633\u062a\u0645\u0631 \u062c\u0644\u0633\u062a\u0643 \u0644\u066a\u0639\u062f\u062f \u062b\u0648\u0627\u0646\u064a\u066a \u062b\u0627\u0646\u064a\u0629 \u062a\u0628\u062f\u0623 \u0627\u0644\u0627\u0646",
"lv": "Sesija ir der\u012bga %SECONDS% sekundes no \u0161\u012b br\u012b\u017ea.",
"id": "Session anda valid untuk %SECONDS% detik dari sekarang.",
"sr": "Va\u0161a sesija \u0107e biti validna jo\u0161 %SECONDS% sekundi."
"sr": "Va\u0161a sesija \u0107e biti validna jo\u0161 %SECONDS% sekundi.",
"ro": "Sesiunea dumneavoastr\u0103 mai este valid\u0103 \u00eenc\u0103 %SECONDS%.",
"ru": "\u0412\u0430\u0448\u0430 \u0441\u0435\u0441\u0441\u0438\u044f \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0442\u0435\u043b\u044c\u043d\u0430 \u0432 \u0442\u0435\u0447\u0435\u043d\u0438\u0435 \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0445 %SECONDS% \u0441\u0435\u043a\u0443\u043d\u0434.",
"eu": "Zure saioa %SECONDS% segundoz izango da baliagarri."
},
"sessionsize": {
"no": "Sesjons st\u00f8rrelse: %SIZE%",
@ -219,6 +247,7 @@
"pt": "Tamanho da sess\u00e3o: %SIZE%",
"pl": "Rozmiar sesji: %SIZE%",
"cs": "Velikost sezeni: %SIZE%",
"eu": "Saioaren tamaina: %SIZE%",
"tr": "Oturum b\u00fcy\u00fckl\u00fc\u011f\u00fc: %SIZE%",
"it": "Dimensione della session: %SIZE%",
"lt": "Sesijos trukm\u0117: %SIZE%",
@ -229,8 +258,10 @@
"ru": "\u0420\u0430\u0437\u043c\u0435\u0440 \u0441\u0435\u0441\u0441\u0438\u0438: %SIZE%",
"zh": "Session \u5927\u5c0f: %SIZE%",
"ar": "\u062d\u062c\u0645 \u0627\u0644\u062c\u0644\u0633\u0629 \u066a\u062d\u062c\u0645\u066a",
"lv": "Sesijas izm\u0113rs: %SIZE%",
"id": "Ukuran session: %SIZE%",
"sr": "Veli\u010dina sesije: %SIZE%"
"sr": "Veli\u010dina sesije: %SIZE%",
"ro": "Dimensiunea sesiunii: %SIZE%"
},
"attributes_header": {
"no": "Dine attributter",
@ -249,6 +280,7 @@
"pt": "Os seus atributos",
"pl": "Twoje atrybuty",
"cs": "Va\u0161e atributy",
"eu": "Atributuak",
"tr": "Bilgileriniz",
"it": "I tuoi attributi",
"lt": "J\u016bs\u0173 atributai",
@ -259,8 +291,10 @@
"ru": "\u0412\u0430\u0448\u0438 \u0430\u0442\u0440\u0438\u0431\u0443\u0442\u044b",
"zh": "\u4f60\u7684\u5c5e\u6027",
"ar": "\u0627\u0644\u0633\u0645\u0627\u062a",
"lv": "Atrib\u016bti",
"id": "Attribut Anda",
"sr": "Va\u0161i atributi"
"sr": "Va\u0161i atributi",
"ro": "Atributele dumneavoastr\u0103"
},
"logout": {
"no": "Logg ut",
@ -279,6 +313,7 @@
"pt": "Sair",
"pl": "Wyloguj",
"cs": "Odhl\u00e1\u0161en\u00ed",
"eu": "Irten",
"tr": "\u00c7\u0131k\u0131\u015f",
"it": "Disconnessione",
"lt": "Atsijungti",
@ -289,7 +324,9 @@
"ru": "\u0412\u044b\u0439\u0442\u0438",
"zh": "\u9000\u51fa",
"ar": "\u062a\u0633\u062c\u064a\u0644 \u0627\u0644\u062e\u0631\u0648\u062c",
"lv": "Atsl\u0113gties",
"id": "Logout",
"sr": "Odjava"
"sr": "Odjava",
"ro": "Deautentificare"
}
}

View File

@ -2,13 +2,13 @@ Updated: December 19th, 2007
All you need to know to install and configure simpleSAMLphp is available at:
http://simplesamlphp.org/docs/
https://simplesamlphp.org/docs/
simpleSAMLphp homepage:
http://rnd.feide.no/simplesamlphp
https://simplesamlphp.org/
simpleSAMLphp mailinglist (for support):
http://rnd.feide.no/content/simplesamlphp-users-mailinglist
https://simplesamlphp.org/lists
To contact the author team:

View File

@ -2,18 +2,20 @@ SimpleSAMLphp Documentation
===========================
* [Installing simpleSAMLphp](simplesamlphp-install)
* [Upgrade notes for version 1.13](simplesamlphp-upgrade-notes-1.13)
* [Upgrade notes for version 1.12](simplesamlphp-upgrade-notes-1.12)
* [Upgrade notes for version 1.11](simplesamlphp-upgrade-notes-1.11)
* [Upgrade notes for version 1.10](simplesamlphp-upgrade-notes-1.10)
* [Upgrade notes for version 1.9](simplesamlphp-upgrade-notes-1.9)
* [Upgrade notes for version 1.8](simplesamlphp-upgrade-notes-1.8)
* [Upgrade notes for version 1.7](simplesamlphp-upgrade-notes-1.7)
* [Upgrade notes for version 1.6](simplesamlphp-upgrade-notes-1.6)
* [Upgrade notes for version 1.5](simplesamlphp-upgrade-notes-1.5)
* [Installation from Subversion](simplesamlphp-subversion)
* [Installation from the repository](simplesamlphp-install-repo)
* [Changelog](simplesamlphp-changelog)
* [Using simpleSAMLphp as a SAML Service Provider](simplesamlphp-sp)
* [Hosted SP Configuration Reference](./saml:sp)
* [IdP remote reference](simplesamlphp-reference-idp-remote)
* [Connecting SimpleSAMLphp as a SP to UK Access Federation or InCommon](simplesamlphp-ukaccess)
* [Upgrading - migration to use the SAML authentication source](simplesamlphp-sp-migration)
* [Configuring HTTP-Artifact](./simplesamlphp-artifact-sp)
* [Using scoping](./simplesamlphp-scoping)

View File

@ -7,7 +7,6 @@ simpleSAMLphp Advanced Features
http://daringfireball.net/projects/markdown/syntax
-->
* Version: `$Id: simplesamlphp-advancedfeatures.txt 2943 2011-10-11 08:18:53Z olavmrk $`
<!-- {{TOC}} -->
@ -171,6 +170,56 @@ There is also an additional fallback for the private key and the certificate. If
Session checking function
-------------------------
Optional session checking function, called on session init and loading, defined with 'session.check_function' in config.php.
Example code for the function with GeoIP country check:
public static function checkSession($session, $init = FALSE) {
$data_type = 'example:check_session';
$data_key = 'remote_addr';
$remote_addr = NULL;
if (!empty($_SERVER['REMOTE_ADDR'])) {
$remote_addr = (string)$_SERVER['REMOTE_ADDR'];
}
if ($init) {
$session->setData($data_type, $data_key, $remote_addr, SimpleSAML_Session::DATA_TIMEOUT_SESSION_END);
return;
}
if (!function_exists('geoip_country_code_by_name')) {
SimpleSAML_Logger::warning('geoip php module required.');
return TRUE;
}
$stored_remote_addr = $session->getData($data_type, $data_key);
if ($stored_remote_addr === NULL) {
SimpleSAML_Logger::warning('Stored data not found.');
return FALSE;
}
$country_a = geoip_country_code_by_name($remote_addr);
$country_b = geoip_country_code_by_name($stored_remote_addr);
if ($country_a === $country_b) {
if ($stored_remote_addr !== $remote_addr) {
$session->setData($data_type, $data_key, $remote_addr, SimpleSAML_Session::DATA_TIMEOUT_SESSION_END);
}
return TRUE;
}
return FALSE;
}
Support
-------
@ -181,7 +230,7 @@ you are welcome to join! The forums are open for you to ask
questions, contribute answers other further questions, request
improvements or contribute with code or plugins of your own.
- [simpleSAMLphp homepage (at Feide RnD)](http://rnd.feide.no/simplesamlphp)
- [simpleSAMLphp homepage](https://simplesamlphp.org)
- [List of all available simpleSAMLphp documentation](http://simplesamlphp.org/docs/)
- [Join the simpleSAMLphp user's mailing list](http://rnd.feide.no/content/simplesamlphp-users-mailinglist)
- [Visit and contribute to the simpleSAMLphp wiki](https://ow.feide.no/simplesamlphp:start)

View File

@ -7,21 +7,20 @@ Authentication Processing Filters in SimpleSAMLphp
http://daringfireball.net/projects/markdown/syntax
-->
* Version: `$Id: simplesamlphp-authproc.txt 3031 2012-02-13 12:50:35Z olavmrk $`
<!-- {{TOC}} -->
In SimpleSAMLphp, there is an API where you can *do stuff* at the IdP after authentication is complete, and just before you are sent back to the SP. The same API is available on the SP, after you have received a successfull Authentication Response from the IdP and before you are sent back to the SP application.
In SimpleSAMLphp, there is an API where you can *do stuff* at the IdP after authentication is complete, and just before you are sent back to the SP. The same API is available on the SP, after you have received a successful Authentication Response from the IdP and before you are sent back to the SP application.
Authentication processing filters postprocesses authentication information received from authentication sources. It is possible to use this for additional authentication checks, requesting the users consent before delivering attributes to the user, modifying the users attributes, and other things which should be performed before returning the user to the service provider he came from.
Authentication processing filters postprocess authentication information received from authentication sources. It is possible to use this for additional authentication checks, requesting the user's consent before delivering attributes about the user, modifying the user's attributes, and other things which should be performed before returning the user to the service provider he came from.
Examples of neat things to do using Authentication Processing Filters:
* Filter out a subset of available attributes that are sent to a SP.
* Mofify the name of attributes
* Generate new attributes that are composed of others. In example eduPersonTargetedID.
* Ask the user for consent, before the user is sent back to a service
* Modify the name of attributes.
* Generate new attributes that are composed of others, for example eduPersonTargetedID.
* Ask the user for consent, before the user is sent back to a service.
* Implement basic Access Control on the IdP (not neccessarily a good idea), limiting access for some users to some SPs.
Be aware that Authentication Proccessing Filters do replace some of the preivous features in simpleSAMLphp, named:
@ -35,7 +34,7 @@ Later in this document, we will desribe in detail the alternative Authentication
How to configure Auth Proc Filters
----------------------------------
*Auth Proc Filters* can be set globally, or to be specific for only one SP or one IdP. That means there is three locations where you can configure *Auth Proc Filters*:
*Auth Proc Filters* can be set globally, or to be specific for only one SP or one IdP. That means there are five locations where you can configure *Auth Proc Filters*:
* Globally in `config.php`
* On the SP: Specific for only the SP in `authsources.php`
@ -65,15 +64,15 @@ This configuration will execute *Auth Proc Filters* one by one, with the priorit
The most important parameter of each item on the list is the *class* of the *Auth Proc Filter*. The syntax of the class is `modulename:classname`. As an example the class definition `core:AttributeLimit` will be expanded to look for the class `sspmod_core_Auth_Process_AttributeLimit`. The location of this class file *must* then be: `modules/core/lib/Auth/Process/AttributeLimit.php`.
You will see that a bunch of useful filters is included in the `core` module. In addition the `consent` module that is included in the simpleSAMLphp distribution implements a filter. Beyond that, you are encourage to create your own filters and share with the community. If you have created a cool *Auth Proc Filter* that do something useful, let us know, and we may share it from the [simpleSAMLphp web site][].
You will see that a bunch of useful filters is included in the `core` module. In addition the `consent` module that is included in the simpleSAMLphp distribution implements a filter. Beyond that, you are encouraged to create your own filters and share with the community. If you have created a cool *Auth Proc Filter* that does something useful, let us know, and we may share it on the [simpleSAMLphp web site][].
[simpleSAMLphp web site]: http://rnd.feide.no/simplesamlphp
[simpleSAMLphp web site]: http://simplesamlphp.org
When you know the class definition of a filter, and the priority, the simple way to configure the filter is:
20 => 'core:TargetedID',
This is analogue to:
This is analogous to:
20 => array(
'class' => 'core:TargetedID'
@ -91,9 +90,9 @@ Some *Auth Proc Filters* have optional or required *parameters*. To send paramet
### Filters in `config.php`
Global *Auth Proc Filters* is configured in the `config.php` file. You will see that the config template already includes an example configuration.
Global *Auth Proc Filters* are configured in the `config.php` file. You will see that the config template already includes an example configuration.
There is two config parameters:
There are two config parameters:
* `authproc.idp` and
* `authproc.sp`
@ -109,8 +108,8 @@ Filters can be added both in `hosted` and `remote` metadata. Here is an example
'__DYNAMIC:1__' => array(
'host' => '__DEFAULT_',
'privatekey' => 'server.pem',
'certificate' => 'server.crt',
'privatekey' => 'example.org.pem',
'certificate' => 'example.org.crt',
'auth' => 'feide',
'authproc' => array(
40 => 'core:AttributeRealm',
@ -132,7 +131,7 @@ The following filters are included in the simpleSAMLphp distribution:
- [`core:AttributeAlter`](./core:authproc_attributealter): Do search-and-replace on attributevalues.
- [`core:AttributeLimit`](./core:authproc_attributelimit): Limit the attributes in the response.
- [`core:AttributeMap`](./core:authproc_attributemap): Change the name of the attributes.
- [`core:AttributeRealm`](./core:authproc_attributerealm): Create a attribute with the realm of the user.
- [`core:AttributeRealm`](./core:authproc_attributerealm): Create an attribute with the realm of the user.
- [`core:GenerateGroups`](./core:authproc_generategroups): Generate a `group` attribute for the user.
- [`core:LanguageAdaptor`](./core:authproc_languageadaptor): Transfering language setting from IdP to SP.
- [`core:PHP`](./core:authproc_php): Modify attributes with custom PHP code.
@ -141,13 +140,15 @@ The following filters are included in the simpleSAMLphp distribution:
- [`core:StatisticsWithAttribute`](./core:authproc_statisticswithattribute): Create a statistics logentry.
- [`core:TargetedID`](./core:authproc_targetedid): Generate the `eduPersonTargetedID` attribute.
- [`core:WarnShortSSOInterval`](./core:authproc_warnshortssointerval): Give a warning if the user logs into the same SP twice within a few seconds.
- ['expirycheck:ExpiryDate`](./expirycheck:expirycheck): Block access to accounts that have expired.
- [`expirycheck:ExpiryDate`](./expirycheck:expirycheck): Block access to accounts that have expired.
- [`preprodwarning:Warning`](./preprodwarning:warning): Warn the user about accessing a test IdP.
- [`saml:AttributeNameID`](./saml:nameid): Generate custom NameID with the value of an attribute.
- [`saml:ExpectedAuthnContextClassRef`](./saml:authproc_expectedauthncontextclassref): Verify the user's authnentication context.
- [`saml:ExpectedAuthnContextClassRef`](./saml:authproc_expectedauthncontextclassref): Verify the user's authentication context.
- [`saml:NameIDAttribute`](./saml:nameidattribute): Create an attribute based on the NameID we receive from the IdP.
- [`saml:PersistentNameID`](./saml:nameid): Generate persistent NameID from an attribute.
- [`saml:PersistentNameID2TargetedID`](./saml:nameid): Store persistent NameID as eduPersonTargetedID.
- [`saml:TransientNameID`](./saml:nameid): Generate transient NameID.
- [`smartattributes:SmartID`](./smartattributes:smartattributes): Generate user ID attribute based on several attributes.
@ -156,7 +157,7 @@ Writing your own Auth Proc Filter
Look at the included *Auth Proc Filters* as examples. Copy the classes into your own module and start playing around.
Authentication processing filters are created by creating a class under `Auth/Process/` in a module. This class is expected to subclass `SimpleSAML_Auth_ProcessingFilter`. A filter must implement at lease one function - the `process(&$request)`-function. This function can access the `$request`-array add, delete and modify attributes, and can also do more advanced processing based on the SP/IdP metadata (which is also included in the `$request`-array). When this function returns, it is assumed that the filter has finished processing.
Authentication processing filters are created by creating a class under `Auth/Process/` in a module. This class is expected to subclass `SimpleSAML_Auth_ProcessingFilter`. A filter must implement at least one function - the `process(&$request)`-function. This function can access the `$request`-array to add, delete and modify attributes, and can also do more advanced processing based on the SP/IdP metadata (which is also included in the `$request`-array). When this function returns, it is assumed that the filter has finished processing.
If a filter for some reason needs to redirect the user, for example to show a web page, it should save the current request. Upon completion it should retrieve the request, update it with the changes it is going to make, and call `SimpleSAML_Auth_ProcessingChain::resumeProcessing`. This function will continue processing the next configured filter.

View File

@ -7,18 +7,17 @@ Automated Metadata Management
http://daringfireball.net/projects/markdown/syntax
-->
* Version: `$Id: simplesamlphp-automated_metadata.txt 3034 2012-02-16 07:30:11Z olavmrk $`
<!-- {{TOC}} -->
Introduction
------------
If you want to connect an Identity Provider, or a Service Provider to a **federation**, you need to setup metadata for the entries that you trust. In many federation, in particular federations based upon the Shibboleth software, it is normal to setup automated distributed metadata using the SAML 2.0 Metadata XML Format.
If you want to connect an Identity Provider, or a Service Provider to a **federation**, you need to setup metadata for the entries that you trust. In many federations, in particular federations based upon the Shibboleth software, it is normal to setup automated distribution of metadata using the SAML 2.0 Metadata XML Format.
Some central administration or authority, provides a URL with a SAML 2.0 document including metadata for all entities in the federation.
This document explains how to setup automated downloading and parsing of a metadata document on a specific URL.
The present document explains how to setup automated downloading and parsing of a metadata document on a specific URL.
@ -30,11 +29,11 @@ You need to enable the following modules:
1. cron
2. metarefresh
The cron module allows you to do tasks regularly, by setting up a cronjob that calls a hook in simpleSAMLphp.
The cron module allows you to do tasks regularly, by setting up a cron job that calls a hook in simpleSAMLphp.
The metarefresh module will download and parse the metadata document and store it in cached local metadata files.
The metarefresh module will download and parse the metadata document and store it in metadata files cached locally.
You also need to copy the `config-templates` files from the two modules above, into the global `config/` directory.
First, you will need to copy the `config-templates` files of the two modules above into the global `config/` directory.
[root@simplesamlphp] cd /var/simplesamlphp
[root@simplesamlphp simplesamlphp] touch modules/cron/enable
@ -44,89 +43,17 @@ You also need to copy the `config-templates` files from the two modules above, i
Testing to parse the metadata document
--------------------------------------
Testing it manually
-------------------
We'll use the SWITCH AAI Test Federation as an example in this document. This federation provides metadata on this URL:
http://metadata.aai.switch.ch/metadata.aaitest.xml
I reccomend to first test on the command line to parse the metadata URL.
It is often useful to verify that the metadata sources we want to use can be parsed and verified by metarefresh, before actually
configuring it. We can do so in the command line, by invoking metarefresh with the URL of the metadata set we want to check. For
instance, if we want to configure the metadata of the SWITCH AAI Test Federation:
cd modules/metarefresh/bin
./metarefresh.php -s http://metadata.aai.switch.ch/metadata.aaitest.xml
We use the `-s` option to send output to console (for testing purposes). If the output makes sense, continue. If you get a lot of error messages, send an e-mail to the simpleSAMLphp list and ask for advice.
Below is the documentation provided by Nuno Gonçalves <nuno@fccn.pt>
Configuring the cron module
---------------------------
At `/var/simplesamlphp/config`
[root@simplesamlphp-teste config]# vi module_cron.php
edit:
$config = array (
       'key' => 'kb10fu2sao',
       'allowed_tags' => array('daily', 'hourly', 'frequent'),
       'debug_message' => TRUE,
       'sendemail' => TRUE,
);
Then: With your browser go to => https://simplesamlphp_machine/simplesaml/module.php/cron/croninfo.php
And copy the cron's sugestion:
-------------------------------------------------------------------------------------------------------------------
Cron is a way to run things regularly on unix systems.
Here is a suggestion for a crontab file:
# Run cron [daily]
02 0 * * * curl --silent "https://simplesamlphp-teste.fccn.pt/simplesaml/module.php/cron/cron.php?key=kb10fu2sao&tag=daily" > /dev/null 2>&1
# Run cron [hourly]
01 * * * * curl --silent "https://simplesamlphp-teste.fccn.pt/simplesaml/module.php/cron/cron.php?key=kb10fu2sao&tag=hourly" > /dev/null 2>&1
# Run cron [frequent]
XXXXXXXXXX curl --silent "https://simplesamlphp-teste.fccn.pt/simplesaml/module.php/cron/cron.php?key=kb10fu2sao&tag=frequent" > /dev/null 2>&1
Click here to run the cron jobs:
Run cron [daily]
Run cron [hourly]
Run cron [frequent]
-------------------------------------------------------------------------------------------------------------------
Add to CRON with
[root@simplesamlphp config]# crontab -e
Errors
------
Problem with sanitycheck module
When executing [Run cron [daily]] ==> an error shows up
Cause : module sanitycheck  ==> It is active by default (`/var/simplesamlphp/modules/sanitycheck/default-enable`)
* When executing Cron daily It will search all active modules and it executes the hook_cron.php for each one of them in :
`/var/simplesamlphp/modules/<nome_modulo>/hooks/hooks_cron.php`
Meanwhile it is waiting that each module conf file exists in the folder: `/var/simplesamlphp/config/config-<nome_modulo>.php`
It should exist one for the sanitycheck module => `config-sanitycheck.php` but it wasn't there and therefore the error showed up.
Giving an error at this modules it aborted execution for the next active modules.
The `-s` option sends the output to the console (for testing purposes). If the output makes sense, continue. If you get a lot of error messages, try to read them and fix the problems that might be causing them. If you are having problems and you can't figure out the cause, you can always send an e-mail to the simpleSAMLphp mailing list and ask for advice.
@ -134,53 +61,62 @@ Configuring the metarefresh module
----------------------------------
At `/var/simplesamlphp/config/`
Now we are going to proceed to configure the metarefresh module. First, edit the appropriate configuration file:
[root@simplesamlphp config]# vi config-metarefresh.php
[root@simplesamlphp simplesamlphp]# vi config/config-metarefresh.php
edit:
Here's an example of a possible configuration for both the Kalmar Federation and UK Access Management Federation:
$config = array( 'sets' => array(
'kalmar' => array(
'cron' => array('hourly'),
'sources' => array(
array(
'src' => 'https://kalmar.feide.no/simplesaml/module.php/aggregator/?id=kalmarcentral&mimetype=text/plain&exclude=norway',
'validateFingerprint' => '591d4b4670463eeda91fcc816dc0af2a092aa801',
'template' => array(
'tags' => array('kalmar'),
'authproc' => array(
51 => array('class' => 'core:AttributeMap', 'oid2name'),
$config = array(
'sets' => array(
'kalmar' => array(
'cron' => array('hourly'),
'sources' => array(
array(
'src' => 'https://kalmar.feide.no/simplesaml/module.php/aggregator/?id=kalmarcentral&mimetype=text/plain&exclude=norway',
'validateFingerprint' => '591d4b4670463eeda91fcc816dc0af2a092aa801',
'template' => array(
'tags' => array('kalmar'),
'authproc' => array(
51 => array('class' => 'core:AttributeMap', 'oid2name'),
),
),
),
),
'expireAfter' => 60*60*24*4, // Maximum 4 days cache time.
'outputDir' => 'metadata/metarefresh-kalmar/',
'outputFormat' => 'flatfile',
),
'expireAfter' => 60*60*24*4, // Maximum 4 days cache time.
'outputDir' => 'metadata/federation/',
/*
* Which output format the metadata should be saved as.
* Can be 'flatfile' or 'serialize'. 'flatfile' is the default.
*/
'outputFormat' => 'flatfile',
),
));
TEMPLATE FILE : /var/simplesamlphp/modules/metarefresh/config-templates/config-metarefresh.php
'uk' => array(
'cron' => array('hourly'),
'sources' => array(
array(
'src' => 'http://metadata.ukfederation.org.uk/ukfederation-metadata.xml',
'validateFingerprint' => 'D0:E8:40:25:F0:B1:2A:CC:74:22:ED:C3:87:04:BC:29:BB:7B:9A:40',
),
),
'expireAfter' => 60*60*24*4, // Maximum 4 days cache time.
'outputDir' => 'metadata/metarefresh-ukaccess/',
'outputFormat' => 'serialize',
),
)
);
The configuration consists of one or more metadata sets. Each metadata
set has its own configuration. The following options are available:
The configuration consists of one or more metadata sets. Each metadata set has its own configuration, representing a metadata set of sources.
Some federations will provide you with detailed instructions on how to configure metarefresh to fetch their metadata automatically, like,
for instance, [the InCommon federation in the US](https://spaces.internet2.edu/x/eYHFAg). Whenever a federation provides you with specific
instructions to configure metarefresh, be sure to use them from the authoritative source.
The metarefresh module supports the following configuration options:
`cron`
: Which of the cron tags will refresh this metadata set.
: Which cron tags will refresh this metadata set.
`sources`
: An array of metadata sources which will be included in this
metadata set. The contents of this option will be described in more
detail later.
: An array of metadata sources that will be included in this
metadata set. The contents of this option will be described later in more detail.
`expireAfter`
: The maximum number of seconds a metadata entry will be valid.
@ -204,28 +140,76 @@ Each metadata source has the following options:
on the metadata.
`template`
: This is an array which will be combined with the fetched metadata to
: This is an array which will be combined with the metadata fetched to
generate the final metadata array.
After you have configured the metadata source, you need to give the
web-server write access to the output directory. Depending on the
platform, this may be done by a command similar to:
After you have configured the metadata sources, you need to give the
web-server write access to the output directories. Following the previous example:
chown www-data /var/simplesamlphp/metadata/metadata-federation/
chown www-data /var/simplesamlphp/metadata/metarefresh-kalmar/
chown www-data /var/simplesamlphp/metadata/metarefresh-ukaccess/
Then configure your simpleSAMLphp installation to use the generated metadata:
In config.php:
Now you can configure simpleSAMLphp to use the metadata fetched by metarefresh. Edit the main
config.php file, and modify the `metadata.sources` directive accordingly:
'metadata.sources' => array(
array('type' => 'flatfile'),
array('type' => 'flatfile', 'directory' => 'metadata/federation'),
array('type' => 'flatfile', 'directory' => 'metadata/metarefresh-kalmar'),
array('type' => 'serialize', 'directory' => 'metadata/metarefresh-ukaccess'),
),
Remember that the `type` parameter here must match the `outputFormat` in the configuration of the module.
Metadata cacheDuration
----------------------
SAML metadata may supply a cacheDuration attribute which indicates the maxium time to cache metadata. Because this module is run from cron, it cannot influence how often it is run and enfore this attribute by itself. Take care that you run metarefresh from cron at least as often as the shortest cacheDuration in your metadata sources.
Configuring the cron module
---------------------------
Once we have configured metarefresh, we can edit the configuration file for the cron module:
[root@simplesamlphp simplesamlphp]# vi config/module_cron.php
The configuration should look similar to this:
$config = array (
       'key' => 'RANDOM_KEY',
       'allowed_tags' => array('daily', 'hourly', 'frequent'),
       'debug_message' => TRUE,
       'sendemail' => TRUE,
);
Bear in mind that the key is used as a security feature, to restrict access to your cron. Therefore, you need to make sure that the string here is a random key available to no one but you. Additionally, make sure that you include here the appropriate tags that you previously told metarefresh
to use in the `cron` directive.
Next, use your web browser to go to `https://YOUR_SERVER/simplesaml/module.php/cron/croninfo.php`. Make sure to properly set your server's address, as well as use HTTP or HTTPS accordingly, and also to specify the correct path to the root of your simpleSAMLphp installation.
Now, copy the cron configuration suggested:
# Run cron [daily]
02 0 * * * curl --silent "https://YOUR_SERVER/simplesaml/module.php/cron/cron.php?key=RANDOM_KEY&tag=daily" > /dev/null 2>&1
# Run cron [hourly]
01 * * * * curl --silent "https://YOUR_SERVER/simplesaml/module.php/cron/cron.php?key=RANDOM_KEY&tag=hourly" > /dev/null 2>&1
Finally, add it to your crontab by going back to the terminal, and editing with:
[root@simplesamlphp config]# crontab -e
This will open up your favourite editor. If an editor different than the one you use normally appears, exit, and configure the `EDITOR` variable
to tell the command line which editor it should use:
[root@simplesamlphp config]# export EDITOR=emacs
If you want to force the metadata to be refreshed manually, you can do so by going back to the cron page in the web interface. Then, just follow
the appropriate links to execute the cron jobs you want. The page will take a while loading, and eventually show a blank page. It is so because
the commands are intended to be run from cron, and therefore they produce no output. If this operation seems to run fine, navigate to the **SimpleSAMLphp Front page** **Federation**. Here you will see a list of all the Identity Providers trusted. They will be listed with information about the maximum duration of their cached version, such as *(expires in 96.0 hours)*.
Metadata duration
-----------------
SAML metadata may supply a `cacheDuration` attribute which indicates the maximum time to keep metadata cached. Because this module is run from cron, it cannot decide how often it is run and enforce this duration on its own. Make sure to run metarefresh from cron at least as often as the shortest `cacheDuration` in your metadata sources.

View File

@ -6,6 +6,292 @@ simpleSAMLphp changelog
This document lists the changes between versions of simpleSAMLphp.
See the upgrade notes for specific information about upgrading.
## Version 1.13.2
Released 2014-11-04
* Solved performance issues when processing large metadata sets.
* Fix an issue in the web interface when only one language is enabled.
## Version 1.13.1
Released 2014-10-27
* Solved an issue with empty fields in metadata to cause SimpleSAMLphp to fail with a translation error. Issues #97 and #114.
* Added Basque language to the list of known languages. Issue #117.
* Optimized the execution of redirections by removing an additional, unnecessary function call.
* Solved an issue that caused SimpleSAMLphp to fail when the RelayState parameter was empty or missing on an IdP-initiated authentication. Issues #99 and # 104.
* Fixed a certificate check for SubjectConfirmations with Holder of Key methods.
## Version 1.13
Released 2014-09-25.
* Added the 'remember me' option to the default login page.
* Improved error reporting.
* Added a new 'logging.format' option to control the formatting of the logs.
* Added support for the 'objectguid' binary attribute in LDAP modules.
* Added support for custom search and private attributes read credentials in all LDAP modules.
* Added support for the WantAuthnRequestsSigned option in generated SAML metadata.
* Tracking identifiers are no longer generated based on MD5.
* Several functions, classes and interfaces marked as deprecated.
* Bug fixes and documentation enhancements.
* Updated translations.
* New language: Basque.
### `adfs`
* Honour the 'wreply' parameter when redirecting.
### `aggregator`
* Fixed an issue when regenerating metadata from certain metadata sources.
### `aselect`
* Bug fixes.
### `discopower`
* Bug fix.
### `expirycheck`
* Translations are now possible for this module.
### `metarefresh`
* Use cached metadata if something goes wrong when refreshing feeds.
### `oauth`
* Bug fix.
### `openidProvider`
* Fix for compatibility with versions of PHP greater or equal to 5.4.
### `saml`
* Make it possible to add friendly names to attributes in SP metadata.
* The RSA_1.5 (RSA with PKCS#1 v1.5 padding) encryption algorithm is now blacklisted by default for security reasons.
* Stop checking the 'IDPList' parameter in IdPs.
* Solved an issue that allowed bypassing authentication status checks when presenting an 'IDPList' parameter.
* The 'Destination' attribute is now always sent in logout responses issued by an SP.
### `sqlauth`
* Updated documentation to remove bad practice with regard to password storage.
## Version 1.12
Released 2014-03-24.
* Removed example authproc filters from configuration template.
* Stopped using the 'target-densitydpi' option removed from WebKit.
* The SimpleSAML_Utilities::generateRandomBytesMTrand() function is now deprecated.
* Removed code for compatibility with PHP versions older than 5.3.
* Removed the old interface of SimpleSAML_Session.
* Fixed a memory leak in SimpleSAML_Session regarding serialization and unserialization.
* Support for RegistrationInfo (MDRPI) elements in the metadata of identity and service providers.
* Renamed SimpleSAML_Utilities::parseSAML2Time() function to xsDateTimeToTimestamp().
* New SimpleSAML_Utilities::redirectTrustedURL() and redirectUntrustedURL() functions.
* Deprecated the SimpleSAML_Utilities::redirect() function.
* Improved Russian translation.
* Added Czech translation.
* New 'errorreporting' option to enable or disable error reporting feature.
* Example certificate removed.
* New SimpleSAML_Configuration::getEndpointPrioritizedByBinding() function.
* PHP 5.3 or newer required.
* Started using Composer as dependency manager.
* Detached the basic SAML2 library and moved to a standalone library in github.
* Added support for exporting shibmd:Scope metadata with regular expressions.
* Remember me option in the IdP.
* New SimpleSAML_Utilities::setCookie wrapper.
* Custom HTTP codes on error.
* Added Romanian translation.
* Bug fixes and documentation enhancements.
### `adfs`
* Support for exporting metadata.
### `aggregator`
* Support for RegistrationInfo (MDRPI) elements in the metadata.
* Fix for HTTP header injection vulnerability.
* Fix for directory traversal vulnerability.
### `aggregator2`
* Support for RegistrationInfo (MDRPI) elements in the metadata.
### `aselect`
* License changed to LGPL 2.1.
### `authfacebook`
* Updated extlibinc to 3.2.2.
### `authtwitter`
* Added 'force_login' configuration option.
### `cdc`
* Bugfix related to request validation.
### `core`
* The AttributeAlter filter no longer throws an exception if the attribute was not found.
* Support for removal of values in the AttributeAlter filter, with '%remove' flag.
* Support for empty strings and NULL values as a replacement in the AttributeAlter filter.
* Bugfixes in the AttributeAlter filter.
* Support for NULL attribute values.
* Support for limiting values and not only attributes in the AttributeLimit filter.
* Log a message when a user authenticates successfully.
* Added %duplicate flag to AttributeMap, to leave original names in place when using map file.
* Fix infinite loop when overwriting attributes with AttributeMap.
### `discopower`
* Bugfix for incorrect handling of the 'idpdisco.extDiscoveryStorage' option.
### `ldap`
* Support for configuring the duplicate attribute handling policy in AttributeAddFromLDAP, 'attribute.policy' option.
* Support for binary attributes in the AttributeAddFromLDAP filter.
* Support for multiple attributes in the AttributeAddFromLDAP filter.
### `metarefresh`
* Support for specifying permissions of the resulting files.
### `negotiate`
* Added support for "attributes"-parameter.
### `oauth`
* Bugfix related to authorize URL building.
### `openidProvider`
* Support for SReg and AX requests.
### `saml`
* Send 'isPassive' in passive discovery requests.
* Support for generating NameIDFormat in service providers with NameIDPolicy set.
* Support for AttributeConsumingService and AssertionConsumingServiceIndex.
* Support for the HTTP-POST binding in WebSSO profile.
* Fix for entity ID validation problems when using the IDPList configuration option.
### `smartattributes`
* New 'add_candidate' option to allow the user to decide whether to prepend or not the candidate attribute name to the resulting value.
### `statistics`
* Bugfix in statistics aggregator.
## Version 1.11
Released 2013-06-05.
* Support for RSA_SHA256, RSA_SHA384 and RSA_SHA512 in HTTP Redirect binding.
* Support for RegistrationInfo element in SAML 2.0 metadata.
* Support for AuthnRequestsSigned and WantAssertionsSigned when generating metadata.
* Third party OpenID library updated with a bugfix.
* Added the Name attribute to EntitiesDescriptor.
* Removed deprecated option 'session.requestcache' from config-template.
* Workaround for SSL SNI extension not being correctly set.
* New language cookie and parameter config options.
* Add 'module.enable' configuration option for enabling/disabling modules.
* Check for existence of memcache extension.
* Initial support for limiting redirects to trusted hosts.
* Demo example now shows both friendly and canonical name of the attributes.
* Other minor fixes for bugs and typos.
* Several translations updated.
* Added Latvian translation.
### `authorize`
* Added a logout link to the 403 error page.
### `authtwitter`
* Updated API endpoint for version 1.1.
* Fix for oauth_verifier parameter.
### `authX509`
* ldapusercert validation made optional.
### `consent`
* Added support for SQLite databases.
### `core`
* Fix error propagation in UserPass(Org)Base authentication sources.
* MCrypt module marked as required.
### `discopower`
* Get the name of an IdP from mdui:DisplayName.
### `expirycheck`
* PHP 5.4 compatibility fixes.
### `InfoCard`
* PHP 5.4 compatibility fixes.
### `ldap`
* Added an option to disable following referrals.
### `metarefresh`
* Improved help message.
### `oauth`
* PHP 5.4 compatibility fixes.
### `saml`
* Verify that the issuer of an AuthnResponse is the same entity ID we sent a request to.
* Added separate option to enable Holder of Key support on SP.
* Fix for HoK profile metadata.
* New filter for storing persistent NameID in eduPersonTargetedID attribute.
* Support for UIInfo elements.
* Bugfix for SAML SP metadata signing.
* Ignore default technical contact.
* Support for MDUI elements in SP metadata.
* Support for more contact types in SP metadata.
* New information in statistics with the time it took for a login to happen.
### `sanitycheck`
* Configuration file made optional.
### `smartattributes`
* New filter: smartattributes:SmartID.
* New filter: smartattributes:SmartName.
### `smartnameattribute`
* Deprecated.
### `wsfed`
* Support for SLO in WS-Fed.
## Version 1.10
Released 2012-09-25.
@ -58,7 +344,7 @@ Released 2012-06-13.
* Warnings about URL length limits from Suhosin PHP extension.
* New base class for errors from authentication sources.
* Support for overriding URL generation when behind a reverse proxy.
* New lanugages: Russian, Estonian, Hebrew, Chinese, Indonesian
* New languages: Russian, Estonian, Hebrew, Chinese, Indonesian
* Add getAuthSource()-function to SimpleSAML_Auth_Simple.
* Add reauthenticate()-function to SimpleSAML_Auth_Source. (Is called when the IdP receives a new authentication request.)
* iframe logout: Make it possible to skip the "question-page" for code on the IdP.

View File

@ -7,7 +7,6 @@ Exception and error handling in simpleSAMLphp
http://daringfireball.net/projects/markdown/syntax
-->
* Version: `$Id$`
<!-- {{TOC}} -->

View File

@ -7,7 +7,6 @@ SimpleSAMLphp Features
http://daringfireball.net/projects/markdown/syntax
-->
* Version: `$Id`
<!-- {{TOC}} -->
@ -71,7 +70,7 @@ An example of a usability problem, is when you are editing a wiki, and are about
## Dynamic SAML
SimpleSAMLphp has experimental support for dynamically downloading the metadata of an Service Provider or Identity Provider when receiving a new incomming message where the entityId is unknown. Dynamic SAML requires the EntityID to be an URL pointing to the metadata of the entity.
SimpleSAMLphp has experimental support for dynamically downloading the metadata of an Service Provider or Identity Provider when receiving a new incomming message where the entityId is unknown. Dynamic SAML requires the EntityID to be a URL pointing to the metadata of the entity.

View File

@ -7,7 +7,6 @@ Setting up a simpleSAMLphp SAML 2.0 IdP to use with Google Apps for Education
http://daringfireball.net/projects/markdown/syntax
-->
* Version: `$Id: simplesamlphp-googleapps.txt 2835 2011-05-11 06:11:51Z olavmrk $`
<!-- {{TOC}} -->
@ -19,7 +18,7 @@ This document is part of the simpleSAMLphp documentation suite.
* [List of all simpleSAMLphp documentation](http://simplesamlphp.org/docs)
* [Latest news about simpleSAMLphp](http://rnd.feide.no/taxonomy/term/4). (Also conatins an RSS feed)
* [simpleSAMLphp homepage](http://rnd.feide.no/simplesamlphp)
* [simpleSAMLphp homepage](https://simplesamlphp.org)
## Introduction
@ -163,7 +162,7 @@ In the (`saml20-sp-remote.php`) file we will configure an entry for Google Apps
*/
'google.com' => array(
'AssertionConsumerService' => 'https://www.google.com/a/g.feide.no/acs',
'NameIDFormat' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:email',
'NameIDFormat' => 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress',
'simplesaml.nameidattribute' => 'uid',
'simplesaml.attributes' => false
);
@ -211,7 +210,7 @@ You must also configure the IdP initiated Single LogOut endpoint of your server.
again, using the host name of your IdP server.
The Sign-out page or change password url can be static pages on your server.
The Sign-out page or change password URL can be static pages on your server.
The network mask determines which IP addresses will be asked for SSO login. IP addresses not matching this mask will be presented with the normal Google Apps login page. I think you can leave this field empty to enable authentication for all URLs.
@ -242,7 +241,7 @@ Support
If you need help to make this work, or want to discuss simpleSAMLphp with other users of the software, you are fortunate: Around simpleSAMLphp there is a great Open source community, and you are welcome to join! The forums are open for you to ask questions, contribute answers other further questions, request improvements or contribute with code or plugins of your own.
- [simpleSAMLphp homepage (at Feide RnD)](http://rnd.feide.no/simplesamlphp)
- [simpleSAMLphp homepage](https://simplesamlphp.org)
- [List of all available simpleSAMLphp documentation](http://simplesamlphp.org/docs/)
- [Join the simpleSAMLphp user's mailing list](http://rnd.feide.no/content/simplesamlphp-users-mailinglist)
- [Visit and contribute to the simpleSAMLphp wiki](https://ow.feide.no/simplesamlphp:start)

View File

@ -27,12 +27,14 @@ environment variable `SSL_CLIENT_CERT` of the webserver.
Enable HoK on SP
----------------
Which binding/profile the Identity Provider (IdP) should use when sending authentication responses to the SP is controlled by the `ProtocolBinding` option in the SP configuration.
To make your SP request that the response from the IdP is send using the HoK SSO Profile, this option must be set accordingly:
To enable support for the HoK SSO Profile in the SP, the `saml20.hok.assertion` option must be set to TRUE in the SP configuration.
This option can also be enabled in the `saml20-idp-remote` metadata file, but in that case the endpoint will not be added to the SP metadata.
You must also send authentication requests specifying the Holder-of-Key profile to the IdP. This is controlled by the `ProtocolBinding` option in the SP configuration.
'hok-sp' => array(
'saml:SP',
'ProtocolBinding' => 'urn:oasis:names:tc:SAML:2.0:profiles:holder-of-key:SSO:browser',
'saml20.hok.assertion' => TRUE,
'ProtocolBinding' => 'urn:oasis:names:tc:SAML:2.0:profiles:holder-of-key:SSO:browser',
),
When this is done, you can add the metadata of your SP to the IdP and test the authentication.

View File

@ -7,7 +7,6 @@ SimpleSAMLphp Identity Provider Advanced Topics
http://daringfireball.net/projects/markdown/syntax
-->
* Version: `$Id: simplesamlphp-idp-more.txt 2884 2011-08-09 06:25:34Z olavmrk $`
<!-- {{TOC}} -->
@ -22,29 +21,27 @@ If you have read about the AJAX iFrame Single Log-Out approach at Andreas' blog
Attribute Release Consent
-------------------------
The attribute release consent is documented in a separate document.
* [Documentation on the consent module](./consent:consent)
The attribute release consent is documented in a [separate document](./consent:consent).
Support for bookmarking the login page
--------------------------------------
Most SAML software crash fatally when users bookmarks the login page and returns later when the cached session information is lost. This is natural as the login page happens in the middle of a SAML transaction, and the SAML software needs some references to the request in order to be able to produce the SAML Response.
Most SAML software crash fatally when users bookmark the login page and return later on when the cached session information is lost. This is natural as the login page happens in the middle of a SAML transaction, and the SAML software needs some references to the original request in order to be able to produce the SAML Response.
SimpleSAMLphp has implemented a graceful fallback to tackle this situation. When simpleSAMLphp is not able to lookup a session in the login process, it fall-backs to the *IdP-first flow*, described in next section, where the reference to the request is not needed.
SimpleSAMLphp has implemented a graceful fallback to tackle this situation. When simpleSAMLphp is not able to lookup a session during the login process, it falls back to the *IdP-first flow*, described in the next section, where the reference to the request is not needed.
What happens in the IdP-first flow is that an *SAML unsolicited response* is sent back to the SP. An *unsolicited response* is a SAML Response with no reference to a SAML Request (no `InReplyTo` field).
What happens in the IdP-first flow is that a *SAML unsolicited response* is sent directly to the SP. An *unsolicited response* is a SAML Response with no reference to a SAML Request (no `InReplyTo` field).
When an SimpleSAMLphp IdP fall-back to IdP-first flow, the `RelayState` parameter sent from the SP in the SAML request is also lost. The RelayState information contain a reference key for the SP to lookup where to send the user after successfull authentication. The SimpleSAMLphp Service Provider supports configuring a static URL to redirect the user after a unsolicited response is received. See more information about the `RelayState` parameter in the next section: *IdP-first flow*.
When a SimpleSAMLphp IdP falls back to IdP-first flow, the `RelayState` parameter sent by the SP in the SAML request is also lost. The RelayState information contain a reference key for the SP to lookup where to send the user after successfull authentication. The SimpleSAMLphp Service Provider supports configuring a static URL to redirect the user after a unsolicited response is received. See more information about the `RelayState` parameter in the next section: *IdP-first flow*.
IdP-first flow
--------------
If you do not want to start the SSO flow at the SP, you may use the IdP-first setup. To do this, redirect the user to the SSOService endpoint on the IdP with one parameter `spentityid` that match the SP EntityId that the user should be logged into.
If you do not want to start the SSO flow at the SP, you may use the IdP-first setup. To do this, redirect the user to the SSOService endpoint on the IdP with a `spentityid` parameter that matches the SP EntityID that the user should be authenticated for.
Here is an example of such an url:
Here is an example of such a URL:
https://idp.example.org/simplesaml/saml2/idp/SSOService.php?spentityid=urn:mace:feide.no:someservice
@ -75,7 +72,7 @@ The parameters are as follows:
`target`
: The target parameter the SP should receive with the authentication response.
This is often the page the user should be sent to after authentication.
This parameter is optional for the IdP, but must be specified if the SP you are targeting is running simpleSAMLphp SP.
This parameter is optional for the IdP, but must be specified if the SP you are targeting is running simpleSAMLphp.
: *Note*: This parameter must be sent as `target` (with lowercase letters) when starting the authentication, while it is sent as `TARGET` (with uppercase letters) in the authentication response.
@ -87,4 +84,4 @@ IdP-initiated logout can be initiated by visiting the URL:
https://idp.example.org/simplesaml/saml2/idp/SingleLogoutService.php?ReturnTo=<URL to return to after logout>
It will send a logout request to each SP, and afterwards return the user to the URL specified in the `ReturnTo` parameter.
It will send a logout request to each SP, and afterwards return the user to the URL specified in the `ReturnTo` parameter. Bear in mind that IdPs might disallow redirecting to URLs other than those of their own for security reasons, so in order to get the redirection to work, it might be necessary to ask the IdP to whitelist the URL we are planning to redirect to.

View File

@ -7,7 +7,6 @@ SimpleSAMLphp Identity Provider QuickStart
http://daringfireball.net/projects/markdown/syntax
-->
* Version: `$Id: simplesamlphp-idp.txt 3175 2012-09-25 09:21:35Z jaimepc@gmail.com $`
<!-- {{TOC}} -->
@ -122,6 +121,23 @@ This configuration creates two users - `student` and `employee`, with the passwo
The attributes will be returned by the IdP when the user logs on.
Creating a SSL self signed certificate
--------------------------------------
Here is an example of an `openssl`-command which can be used to generate a new private key key and the corresponding self-signed certificate.
This key and certificate can be used to sign SAML messages:
openssl req -newkey rsa:2048 -new -x509 -days 3652 -nodes -out example.org.crt -keyout example.org.pem
The certificate above will be valid for 10 years.
### Note ###
simpleSAMLphp will only work with RSA certificates. DSA certificates are not supported.
Configuring the IdP
-------------------
@ -142,8 +158,8 @@ This is a minimal configuration of a SAML 2.0 IdP:
* The private key and certificate to use when signing responses.
* These are stored in the cert-directory.
*/
'privatekey' => 'server.pem',
'certificate' => 'server.crt',
'privatekey' => 'example.org.pem',
'certificate' => 'example.org.crt',
/*
* The authentication source which should be used to authenticate the
@ -189,30 +205,6 @@ If you have the metadata of the remote SP as an XML file, you can use the built-
For more information about available options in the sp-remote metadata files, see the [SP remote reference](simplesamlphp-reference-sp-remote).
Creating a SSL self signed certificate
--------------------------------------
For test purposes, you can skip this section, and use the certificate included in the simpleSAMLphp distribution.
Here is an example of an `openssl`-command which can be used to generate a new private key key and the corresponding self-signed certificate.
This key and certificate can be used to sign SAML messages:
openssl req -newkey rsa:2048 -new -x509 -days 3652 -nodes -out example.org.crt -keyout example.org.pem
The certificate above will be valid for 10 years.
### Note ###
simpleSAMLphp will only work with RSA certificates. DSA certificates are not supported.
### Warning ###
The certificate that is included in the simpleSAMLphp distribution must **NEVER** be used in production, as the private key is also included in the package and can be downloaded by anyone.
Adding this IdP to other SPs
----------------------------
@ -237,7 +229,7 @@ Support
If you need help to make this work, or want to discuss simpleSAMLphp with other users of the software, you are fortunate: Around simpleSAMLphp there is a great Open source community, and you are welcome to join! The forums are open for you to ask questions, contribute answers other further questions, request improvements or contribute with code or plugins of your own.
- [simpleSAMLphp homepage (at Feide RnD)](http://rnd.feide.no/simplesamlphp)
- [simpleSAMLphp homepage](https://simplesamlphp.org)
- [List of all available simpleSAMLphp documentation](http://simplesamlphp.org/docs/)
- [Join the simpleSAMLphp user's mailing list](http://rnd.feide.no/content/simplesamlphp-users-mailinglist)
- [Visit and contribute to the simpleSAMLphp wiki](https://ow.feide.no/simplesamlphp:start)
@ -249,12 +241,12 @@ A. IdP-first setup
If you do not want to start the SSO flow at the SP, you may use the IdP-first setup. To do this, redirect the user to the SSOService endpoint on the IdP with one parameter `spentityid` that match the SP EntityId that the user should be logged into.
Here is an example of such an url:
Here is an example of such a URL:
https://idp.example.org/simplesaml/saml2/idp/SSOService.php?spentityid=sp.example.org
If the SP is a simpleSAMLphp SP, you must also specify a `RelayState` parameter for the SP.
This must be set to an URL the user should be redirected to after authentication.
This must be set to a URL the user should be redirected to after authentication.
The `RelayState` parameter can be specified in the [SP configuration](saml:sp), or it can be sent from the IdP.
To send the RelayState parameter from a simpleSAMLphp IdP, specify it in the query string to SSOService.php:

View File

@ -0,0 +1,58 @@
Installing SimpleSAMLphp from the repository
============================================
These are some notes about running SimpleSAMLphp from the repository.
Installing from github
----------------------
Go to the directory where you want to install SimpleSAMLphp:
cd /var
Then do a git clone:
git clone git@github.com:simplesamlphp/simplesamlphp.git simplesamlphp
Initialize configuration and metadata:
cd /var/simplesamlphp
cp -r config-templates/* config/
cp -r metadata-templates/* metadata/
Install the external dependencies with Composer (you can refer to [getcomposer.org](http://getcomposer.org/) to get detailed
instructions on how to install Composer itself):
php composer.phar install
Upgrading
---------
Go to the root directory of your simpleSAMLphp installation:
cd /var/simplesamlphp
Ask git to update to the latest version:
git fetch origin
git pull origin master
Install or upgrade the external dependencies with Composer ([get composer](http://getcomposer.org/)):
php composer.phar install
Migrating from Subversion
-------------------------
If you installed SimpleSAMLphp from subversion, and want to keep updated on the development, you will have to migrate
your installation to git. First, follow the steps to get a fresh install from github in a different directory. Skip the
steps regarding configuration and metadata initialization, and copy all the files you might have modified instead (not
only configuration and metadata, but also any custom modules or templates). Finally, proceed to install Composer and
install all the dependencies with it. You may want to add all your custom files to the '.gitignore' file.
If you really want to use subversion instead of git, or it is impossible for you to migrate (you cannot install git, for
example), you might want to do a fresh install like the one described here, but using github's subversion interface.
Refer to [github's documentation](https://help.github.com/articles/support-for-subversion-clients) for detailed
instructions on how to do that.

View File

@ -7,7 +7,6 @@ simpleSAMLphp Installation and Configuration
http://daringfireball.net/projects/markdown/syntax
-->
* Version: `$Id: simplesamlphp-install.txt 3075 2012-04-24 05:41:03Z olavmrk $`
<!-- {{TOC}} -->
@ -19,24 +18,23 @@ This document is part of the simpleSAMLphp documentation suite.
* [List of all simpleSAMLphp documentation](http://simplesamlphp.org/docs)
* [Latest news about simpleSAMLphp](http://rnd.feide.no/taxonomy/term/4). (Also conatins an RSS feed)
* [simpleSAMLphp homepage](http://rnd.feide.no/simplesamlphp)
* [simpleSAMLphp homepage](https://simplesamlphp.org)
Development version
--------------------
This document is about the latest stable version of simpleSAMLphp.
If you want to install the development version, look at the instructions for [installing simpleSAMLphp from Subversion](simplesamlphp-subversion).
If you want to install the development version, look at the instructions for [installing simpleSAMLphp from the repository](simplesamlphp-install-repo).
Prerequisites
-------------
* Some webserver capable of executing PHP scripts.
* PHP version >= 5.2.0.
* Suppoort for the following PHP extensions:
* Always required: `date`, `dom`, `hash`, `libxml`, `openssl`, `pcre`, `SPL`, `zlib`
* When encrypting assertions: `mcrypt`
* PHP version >= 5.3.0.
* Support for the following PHP extensions:
* Always required: `date`, `dom`, `hash`, `libxml`, `openssl`, `pcre`, `SPL`, `zlib`, `mcrypt`
* When authenticating against LDAP server: `ldap`
* When authenticating against RADIUS server: `radius`
* When saving session information to memcache-server: `memcache`
@ -50,8 +48,7 @@ What actual packages are required for the various extensions varies between diff
Download and install simpleSAMLphp
----------------------------------
The most recent relase of simpleSAMLphp is found at [code.google.com/p/simplesamlphp/](http://code.google.com/p/simplesamlphp/).
To obtain the latest stable version, download the archive file listed under Featured Dowloads.
The most recent relase of simpleSAMLphp is found at [https://simplesamlphp.org/download](https://simplesamlphp.org/download).
Go to the directory where you want to install simpleSAMLphp, and extract the archive file you just downloaded:
@ -190,7 +187,7 @@ to `disable`.
The simpleSAMLphp installation webpage
--------------------------------------
After installing simpleSAMLphp, you can access the homepage of your installation, which contains some information and a few links to the test services. The url of an installation can be e.g.:
After installing simpleSAMLphp, you can access the homepage of your installation, which contains some information and a few links to the test services. The URL of an installation can be e.g.:
https://service.example.org/simplesaml/
@ -233,7 +230,7 @@ Support
If you need help to make this work, or want to discuss simpleSAMLphp with other users of the software, you are fortunate: Around simpleSAMLphp there is a great Open source community, and you are welcome to join! The forums are open for you to ask questions, contribute answers other further questions, request improvements or contribute with code or plugins of your own.
- [simpleSAMLphp homepage (at Feide RnD)](http://rnd.feide.no/simplesamlphp)
- [simpleSAMLphp homepage](https://simplesamlphp.org)
- [List of all available simpleSAMLphp documentation](http://simplesamlphp.org/docs/)
- [Join the simpleSAMLphp user's mailing list](http://rnd.feide.no/content/simplesamlphp-users-mailinglist)
- [Visit and contribute to the simpleSAMLphp wiki](https://ow.feide.no/simplesamlphp:start)

View File

@ -7,7 +7,6 @@ simpleSAMLphp Maintenance
http://daringfireball.net/projects/markdown/syntax
-->
* Version: `$Id: simplesamlphp-maintenance.txt 3110 2012-05-31 08:25:14Z olavmrk $`
<!-- {{TOC}} -->
@ -18,7 +17,7 @@ This document is part of the simpleSAMLphp documentation suite.
* [List of all simpleSAMLphp documentation](http://simplesamlphp.org/docs)
* [Latest news about simpleSAMLphp](http://rnd.feide.no/taxonomy/term/4). (Also conatins an RSS feed)
* [simpleSAMLphp homepage](http://rnd.feide.no/simplesamlphp)
* [simpleSAMLphp homepage](https://simplesamlphp.org)
@ -205,7 +204,7 @@ Support
If you need help to make this work, or want to discuss simpleSAMLphp with other users of the software, you are fortunate: Around simpleSAMLphp there is a great Open source community, and you are welcome to join! The forums are open for you to ask questions, contribute answers other further questions, request improvements or contribute with code or plugins of your own.
- [simpleSAMLphp homepage (at Feide RnD)](http://rnd.feide.no/simplesamlphp)
- [simpleSAMLphp homepage (at Feide RnD)](https://simplesamlphp.org)
- [List of all available simpleSAMLphp documentation](http://simplesamlphp.org/docs/)
- [Join the simpleSAMLphp user's mailing list](http://rnd.feide.no/content/simplesamlphp-users-mailinglist)
- [Visit and contribute to the simpleSAMLphp wiki](https://ow.feide.no/simplesamlphp:start)

View File

@ -7,7 +7,6 @@ SAML V2.0 Metadata Extensions for Login and Discovery User Interface
http://daringfireball.net/projects/markdown/syntax
-->
* Version: `$Id:$`
* Author: Timothy Ace [tace@synacor.com](mailto:tace@synacor.com)
<!-- {{TOC}} -->
@ -79,8 +78,8 @@ If given the following configuration...
$metadata['https://www.example.com/saml/saml2/idp/metadata.php'] = array(
'host' => 'www.example.com',
'certificate' => 'server.crt',
'privatekey' => 'server.pem',
'certificate' => 'example.com.crt',
'privatekey' => 'example.com.pem',
'auth' => 'example-userpass',
'EntityAttributes' => array(

View File

@ -0,0 +1,112 @@
SAML V2.0 Metadata Extensions for Registration and Publication Information
=============================
<!--
This file is written in Markdown syntax.
For more information about how to use the Markdown syntax, read here:
http://daringfireball.net/projects/markdown/syntax
-->
* Author: Jaime Perez [jaime.perez@uninett.no](mailto:jaime.perez@uninett.no)
<!-- {{TOC}} -->
This is a reference for the SimpleSAMLphp implementation of the [SAML
V2.0 Metadata Extensions for Registration and Publication Information](http://docs.oasis-open.org/security/saml/Post2.0/saml-metadata-rpi/v1.0/saml-metadata-rpi-v1.0.html)
defined by OASIS.
This extension aims to provide information about the registrars and publishers of the metadata themselves, and it is therefore
available throught different endpoints and modules that provide metadata all along simpleSAMLphp. More specifically, this
extension can be used for:
- metadata published for a [hosted service provider](./saml:sp).
- metadata published for a [hosted identity provider](./simplesamlphp-reference-idp-hosted).
- metadata collected and published by means of the [`aggregator`](./aggregator:aggregator) or [`aggregator2`](./aggregator2:aggregator2) modules.
Currently, only the `<mdrpi:RegistrationInfo>` element is supported.
Depending on the metadata set you want to add this extension to, you will have to configure it on the corresponding
configuration file:
- `metadata/saml20-idp-hosted.php` for hosted identity providers.
- `config/authsources.php` for hosted service providers.
- `config/module_aggregator.php` for the `aggregator` module.
- `config/module_aggregator2.php` for the `aggregator2` module.
RegistrationInfo Items
----------------------
The configuration is the same for all the different files, and consists of a single directive called `RegistrationInfo`, which
**must** be an indexed array with the following options:
`authority`
: A string containing an identifier of the authority who has registered this metadata. This parameter is **mandatory**.
`instant`
: A string containing the instant when the entity or entities where registered by the authority. This parameter is
optional, and must be expressed in the UTC timezone with the *zulu* (`Z`) timezone identifier. If omitted, there will be no
`registrationInstant` in the resulting metadata, except in the `aggregator2` module, which will use the instant when the metadata
was generated.
`policies`
: An indexed array containing URLs pointing to the policy under which the entity or entities where registered. Each
index must be the language code corresponding to the language of the URL. This parameter is optional, and will be omitted in the
resulting metadata if not configured.
Examples
--------
Service Provider:
'default-sp' => array(
'saml:SP',
'entityID' => NULL,
...
'RegistrationInfo' => array(
'authority' => 'urn:mace:sp.example.org',
'instant' => '2008-01-17T11:28:03.577Z',
'policies' => array('en' => 'http://sp.example.org/policy', 'es' => 'http://sp.example.org/politica'),
),
),
Identity Provider:
$metadata['__DYNAMIC:1__'] = array(
'host' => '__DEFAULT__',
...
'RegistrationInfo' => array(
'authority' => 'urn:mace:idp.example.org',
'instant' => '2008-01-17T11:28:03.577Z',
),
);
`aggregator` module:
$config = array(
'aggregators' => array(
...
),
'maxDuration' => 60*60*24*5,
'reconstruct' => FALSE,
...
'RegistrationInfo' => array(
'authority' => 'urn:mace:example.federation',
'instant' => '2008-01-17T11:28:03Z',
'policies' => array('en' => 'http://example.org/federation_policy', 'es' => 'https://example.org/politica_federacion'),
),
);
`aggregator2` module:
$config = array(
'example.org' => array(
'sources' => array(
...
),
'RegistrationInfo' => array(
'authority' => 'urn:mace:example.federation',
'policies' => array('en' => 'http://example.org/federation_policy', 'es' => 'https://example.org/politica_federacion'),
),
),
);

View File

@ -7,17 +7,20 @@ SAML V2.0 Metadata Extensions for Login and Discovery User Interface
http://daringfireball.net/projects/markdown/syntax
-->
* Version: `$Id:$`
* Author: Timothy Ace [tace@synacor.com](mailto:tace@synacor.com)
<!-- {{TOC}} -->
This is a reference for the SimpleSAMLphp implemenation of the [SAML
This is a reference for the simpleSAMLphp implementation of the [SAML
V2.0 Metadata Extensions for Login and Discovery User Interface](http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-metadata-ui/v1.0/sstc-saml-metadata-ui-v1.0.pdf)
defined by OASIS.
The `metadata/saml20-idp-hosted.php` entries are used to define the
metadata extension items. An example of this is:
The metadata extensions are available to both IdP and SP usage of
simpleSAMLphp. For an IdP, the entries are placed in
`metadata/saml20-idp-hosted.php`, for an SP, they are put inside
the relevant entry in `authsources.php`.
An example for an IdP:
<?php
$metadata['entity-id-1'] = array(
@ -65,17 +68,40 @@ metadata extension items. An example of this is:
/* ... */
);
The OASIS specification primarily defines how an IdP can communicate
metadata related to IdP discovery. There are two different types of
And for an SP it could look like this:
<?php
$config = array(
'default-sp' => array(
'saml:SP',
'UIInfo' => array(
'DisplayName' => array(
'en' => 'English name',
'es' => 'Nombre en Español'
),
'Description' => array(
'en' => 'English description',
'es' => 'Descripción en Español
),
),
/* ... */
),
);
The OASIS specification primarily defines how an entity can communicate
metadata related to IdP or service discovery and identification. There
are two different types of
extensions defined. There are the `<mdui:UIInfo>`elements that define
how an IdP should be displayed and there are the `<mdui:DiscoHints>`
elements that define when an IdP should be choosen/displayed.
how an IdP or SP should be displayed and there are the `<mdui:DiscoHints>`
elements that define when an IdP should be chosen/displayed.
UIInfo Items
--------------
These elements are used for IdP discovery to determine what to display
about an IdP. These properties are all children of the `UIInfo` key.
These elements are used for IdP and SP discovery to determine what to display
about an IdP or SP. These properties are all children of the `UIInfo` key.
*Note*: Most elements are localized strings that specify the language
using the array key as the language-code:
@ -86,7 +112,7 @@ using the array key as the language-code:
),
`DisplayName`
: The localized list of names for this IdP
: The localized list of names for this entity
'DisplayName' => array(
'en' => 'English name',
@ -94,7 +120,7 @@ using the array key as the language-code:
),
`Description`
: The localized list of statements used to decribe this IdP
: The localized list of statements used to describe this entity
'Description' => array(
'en' => 'English description',
@ -102,7 +128,7 @@ using the array key as the language-code:
),
`InformationURL`
: A localized list of URLs where more information about the IdP is
: A localized list of URLs where more information about the entity is
located.
'InformationURL' => array(
@ -111,7 +137,7 @@ using the array key as the language-code:
),
`PrivacyStatementURL`
: A localized list of URLs where the IdP's privacy statement is
: A localized list of URLs where the entity's privacy statement is
located.
'PrivacyStatementURL' => array(
@ -120,7 +146,7 @@ using the array key as the language-code:
),
`Keywords`
: A localized list of keywords used to describe the IdP
: A localized list of keywords used to describe the entity
'Keywords' => array(
'en' => array('communication', 'federated session'),
@ -131,7 +157,7 @@ using the array key as the language-code:
being part of a Keyword.
`Logo`
: The logos used to represent the IdP
: The logos used to represent the entity
'Logo' => array(
array(
@ -148,12 +174,13 @@ using the array key as the language-code:
),
: An optional `lang` key containing a language-code is supported for
localized Logos.
localized logos.
DiscoHints Items
--------------
These elements are used for IdP discovery to determine when to choose or
These elements are only relevant when operating in the IdP role; they
assist IdP discovery to determine when to choose or
present an IdP. These properties are all children of the `DiscoHints`
key.
@ -184,8 +211,8 @@ If given the following configuration...
$metadata['https://www.example.com/saml/saml2/idp/metadata.php'] = array(
'host' => 'www.example.com',
'certificate' => 'server.crt',
'privatekey' => 'server.pem',
'certificate' => 'example.com.crt',
'privatekey' => 'example.com.pem',
'auth' => 'example-userpass',
'UIInfo' => array(

View File

@ -7,7 +7,6 @@ simpleSAMLphp modules
http://daringfireball.net/projects/markdown/syntax
-->
* Version: `$Id: simplesamlphp-modules.txt 2209 2010-03-08 12:41:15Z andreassolberg $`
<!-- {{TOC}} -->
@ -113,7 +112,7 @@ www
: To retrieve this URL, the
`SimpleSAML_Module::getModuleURL($resource)`-function can be used.
This function takes in a resource on the form `<module>/<file>`.
This function will then return an URL to the given file in the
This function will then return a URL to the given file in the
`www`-directory of `module`.
@ -140,8 +139,8 @@ To use this authentication source in a SAML 2.0 IdP, set the
'__DYNAMIC:1__' => array(
'host' => '__DEFAULT__',
'privatekey' => 'server.pem',
'certificate' => 'server.crt',
'privatekey' => 'example.org.pem',
'certificate' => 'example.org.crt',
'auth' => 'example-static',
),

View File

@ -81,7 +81,7 @@ Common options
: *Note*: If you specify this option, you must also specify the `OrganizationName` option.
`OrganizationURL`
: An URL the end user can access for more information about the organization.
: A URL the end user can access for more information about the organization.
: This option can be translated into multiple languages by specifying the value as an array of language-code to translated URL.
@ -108,6 +108,8 @@ Common options
`scope`
: An array with scopes for this IdP.
The scopes will be added to the generated XML metadata.
A scope can either be a domain name or a regular expression
matching a number of domains.
`userid.attribute`
: The attribute name of an attribute which uniquely identifies
@ -170,6 +172,12 @@ The following SAML 2.0 options are available:
: Note that this option can be set for each SP in the [SP-remote metadata](./simplesamlphp-reference-sp-remote).
: The RSA encryption algorithm with PKCS#1 v1.5 padding is blacklisted by default for security reasons. Any assertions
encrypted with this algorithm will therefore fail to decrypt. You can override this limitation by defining an empty
array in this option (or blacklisting any other algorithms not including that one). However, it is strongly
discouraged to do so. For your own safety, please include the string 'http://www.w3.org/2001/04/xmlenc#rsa-1_5' if
you make use of this option.
`https.certificate`
: The certificate used by the webserver when handling connections.
This certificate will be added to the generated metadata of the IdP,
@ -181,25 +189,34 @@ The following SAML 2.0 options are available:
: Note that this option can be set for each SP in the [SP-remote metadata](./simplesamlphp-reference-sp-remote).
`SingleSignOnService`
: Override the default URL for the SingleSignOnService for this
IdP. This is an absolute URL. The default value is
`<simpleSAMLphp-root>/saml2/idp/SSOService.php`
`NameIDFormat`
: The format of the NameID supported by this IdP. Defaults to the `transient` format if unspecified.
This parameter can be configured in multiple places, and the actual value used is fetched from metadata with
the following priority:
: Note that this only changes the values in the generated
metadata and in the messages sent to others. You must also
configure your webserver to deliver this URL to the correct PHP
page.
: 1. SP Remote Metadata
`SingleLogoutService`
: Override the default URL for the SingleLogoutService for this
IdP. This is an absolute URL. The default value is
`<simpleSAMLphp-root>/saml2/idp/SingleLogoutService.php`
2. IdP Hosted Metadata
: Note that this only changes the values in the generated
metadata and in the messages sent to others. You must also
configure your webserver to deliver this URL to the correct PHP
page.
: The three most commonly used values are:
: 1. `urn:oasis:names:tc:SAML:2.0:nameid-format:transient`
2. `urn:oasis:names:tc:SAML:2.0:nameid-format:persistent`
3. `urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress`
: The `transient` format will generate a new unique ID every time
the user logs in.
: To properly support the `persistent` and `emailAddress` formats,
you should configure [NameID generation filters](./saml:nameid)
on your IdP.
: Note that the value set here will be added to the metadata generated for this IdP,
in the `NameIDFormat` element.
`RegistrationInfo`
: Allows to specify information about the registrar of this SP. Please refer to the
[MDRPI extension](./simplesamlphp-metadata-extensions-rpi) document for further information.
`saml20.sendartifact`
: Set to `TRUE` to enable the IdP to send responses with the HTTP-Artifact binding.
@ -234,6 +251,58 @@ The following SAML 2.0 options are available:
any value in the SP-remote metadata overrides the one configured
in the IdP metadata.
`SingleSignOnService`
: Override the default URL for the SingleSignOnService for this
IdP. This is an absolute URL. The default value is
`<simpleSAMLphp-root>/saml2/idp/SSOService.php`
: Note that this only changes the values in the generated
metadata and in the messages sent to others. You must also
configure your webserver to deliver this URL to the correct PHP
page.
`SingleSignOnServiceBinding`
: List of SingleSignOnService bindings that the IdP will claim support for.
: Possible values:
* `urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect`
* `urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST`
: Defaults to HTTP-Redirect binding. Please note that the order
specified will be kept in the metadata, making the first binding
the default one.
`SingleLogoutService`
: Override the default URL for the SingleLogoutService for this
IdP. This is an absolute URL. The default value is
`<simpleSAMLphp-root>/saml2/idp/SingleLogoutService.php`
: Note that this only changes the values in the generated
metadata and in the messages sent to others. You must also
configure your webserver to deliver this URL to the correct PHP
page.
`SingleLogoutServiceBinding`
: List of SingleLogoutService bindings the IdP will claim support for.
: Possible values:
* `urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect`
* `urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST`
: Defaults to HTTP-Redirect binding. Please note that the order
specified will be kept in the metadata, making the first binding
the default one.
`signature.algorithm`
: The algorithm to use when signing any message generated by this identity provider. Defaults to RSA-SHA1.
: Possible values:
* `http://www.w3.org/2000/09/xmldsig#rsa-sha1`
*Note*: the use of SHA1 is **deprecated** and will be disallowed in the future.
* `http://www.w3.org/2001/04/xmldsig-more#rsa-sha256`
* `http://www.w3.org/2001/04/xmldsig-more#rsa-sha384`
* `http://www.w3.org/2001/04/xmldsig-more#rsa-sha512`
`validate.authnrequest`
: Whether we require signatures on authentication requests sent to this IdP.
@ -301,10 +370,11 @@ The following options for Shibboleth 1.3 IdP's are avaiblable:
Metadata extensions
-------------------
SimpleSAMLphp supports generating metadata with the MDUI and EntityAttributes metadata extensions.
SimpleSAMLphp supports generating metadata with the MDUI, MDRPI and EntityAttributes metadata extensions.
See the documentation for those extensions for more details:
* [MDUI extension](./simplesamlphp-metadata-extensions-ui)
* [MDRPI extension](./simplesamlphp-metadata-extensions-rpi)
* [EntityAttributes](./simplesamlphp-metadata-extensions-attributes)
@ -328,8 +398,8 @@ These are some examples of IdP metadata
'host' => '__DEFAULT__',
/* The private key and certificate used by this IdP. */
'certificate' => 'server.crt',
'privatekey' => 'server.pem',
'certificate' => 'example.org.crt',
'privatekey' => 'example.org.pem',
/*
* The authentication source for this IdP. Must be one

View File

@ -69,7 +69,7 @@ The following options are common between both the SAML 2.0 protocol and Shibbole
: *Note*: If you specify this option, you must also specify the `OrganizationName` option.
`OrganizationURL`
: An URL the end user can access for more information about the organization.
: A URL the end user can access for more information about the organization.
: This option can be translated into multiple languages by specifying the value as an array of language-code to translated URL.
@ -105,6 +105,12 @@ The following SAML 2.0 options are available:
entry in the IdP-remote metadata overrides the option in the
[SP configuration](./saml:sp).
: The RSA encryption algorithm with PKCS#1 v1.5 padding is blacklisted by default for security reasons. Any assertions
encrypted with this algorithm will therefore fail to decrypt. You can override this limitation by defining an empty
array in this option (or blacklisting any other algorithms not including that one). However, it is strongly
discouraged to do so. For your own safety, please include the string 'http://www.w3.org/2001/04/xmlenc#rsa-1_5' if
you make use of this option.
`nameid.encryption`
: Whether NameIDs sent to this IdP should be encrypted. The default
value is `FALSE`.
@ -113,15 +119,6 @@ The following SAML 2.0 options are available:
entry in the IdP-remote metadata overrides the option in the
[SP configuration](./saml:sp).
`saml2.relaxvalidation`
: Can be used to relax some parts of the validation of assertions received from this IdP. This is an array, and can include one or more of the following flags:
- `unknowncondition` - Disables errors when encountering unknown &lt;Condition> nodes.
- `nosubject` - Ignore missing &lt;Subject&gt; in &lt;Assertion&gt;.
- `noconditions` - Ignore missing &lt;Conditions&gt; in &lt;Assertion&gt;.
- `noauthnstatement` - Ignore missing &lt;AuthnStatement&gt; in &lt;Assertion&gt;.
- `noattributestatement` - Ignore missing &lt;AttributeStatement&gt; in &lt;Assertion&gt;.
`sign.authnrequest`
: Whether to sign authentication requests sent to this IdP.
@ -142,6 +139,18 @@ The following SAML 2.0 options are available:
`SingleLogoutServiceResponse`
: Endpoint URL for logout responses. Overrides the `SingleLogoutService`-option for responses.
`signature.algorithm`
: The algorithm to use when signing any message sent to this specific identity provider. Defaults to RSA-SHA1.
: Note that this option also exists in the SP configuration.
This value in the IdP remote metadata overrides the value in the SP configuration.
: Possible values:
* `http://www.w3.org/2000/09/xmldsig#rsa-sha1`
*Note*: the use of SHA1 is **deprecated** and will be disallowed in the future.
* `http://www.w3.org/2001/04/xmldsig-more#rsa-sha256`
* `http://www.w3.org/2001/04/xmldsig-more#rsa-sha384`
* `http://www.w3.org/2001/04/xmldsig-more#rsa-sha512`
`SPNameQualifier`
: This corresponds to the SPNameQualifier in the SAML 2.0 specification. It allows to give subjects a SP specific namespace. This option is rarely used, so if you don't need it, leave it out. When left out, simpleSAMLphp assumes the entityID of your SP as the SPNameQualifier.
@ -184,7 +193,7 @@ These options overrides the options set in `saml20-sp-hosted`.
**Example: Configuration for validating messages**
'redirect.validate' => TRUE,
'certificate' => 'server.crt',
'certificate' => 'example.org.crt',
Shibboleth 1.3 options
@ -226,7 +235,7 @@ Calculating the fingerprint of a certificate
If you have obtained a certificate file, and want to calculate the fingerprint of the file, you can use the `openssl` command:
$ openssl x509 -noout -fingerprint -in "server.crt"
$ openssl x509 -noout -fingerprint -in "example.org.crt"
SHA1 Fingerprint=AF:E7:1C:28:EF:74:0B:C8:74:25:BE:13:A2:26:3D:37:97:1D:A1:F9
In this case, the certFingerprint option should be set to `AF:E7:1C:28:EF:74:0B:C8:74:25:BE:13:A2:26:3D:37:97:1D:A1:F9`.

View File

@ -92,7 +92,7 @@ Common options
: *Note*: If you specify this option, you must also specify the `OrganizationName` option.
`OrganizationURL`
: An URL the end user can access for more information about the organization.
: A URL the end user can access for more information about the organization.
: This option can be translated into multiple languages by specifying the value as an array of language-code to translated URL.

View File

@ -82,7 +82,7 @@ and Shibboleth 1.3 protocol:
: *Note*: If you specify this option, you must also specify the `OrganizationName` option.
`OrganizationURL`
: An URL the end user can access for more information about the organization.
: A URL the end user can access for more information about the organization.
: This option can be translated into multiple languages by specifying the value as an array of language-code to translated URL.
@ -162,25 +162,31 @@ The following SAML 2.0 options are available:
entry in the SP-remote metadata overrides the option in the
[IdP-hosted metadata](./simplesamlphp-reference-idp-hosted).
: The RSA encryption algorithm with PKCS#1 v1.5 padding is blacklisted by default for security reasons. Any assertions
encrypted with this algorithm will therefore fail to decrypt. You can override this limitation by defining an empty
array in this option (or blacklisting any other algorithms not including that one). However, it is strongly
discouraged to do so. For your own safety, please include the string 'http://www.w3.org/2001/04/xmlenc#rsa-1_5' if
you make use of this option.
`ForceAuthn`
: Set this `TRUE` to force the user to reauthenticate when the IdP
receives authentication requests from this SP. The default is
`FALSE`.
`NameIDFormat`
: The `NameIDFormat` this SP should receive. There are three values
for NameIDFormat which is supported by simpleSAMLphp:
: The `NameIDFormat` this SP should receive. The three most commonly
used values are:
: 1. `urn:oasis:names:tc:SAML:2.0:nameid-format:transient`
2. `urn:oasis:names:tc:SAML:2.0:nameid-format:persistent`
3. `urn:oasis:names:tc:SAML:2.0:nameid-format:email`
3. `urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress`
: The `transient` format will generate a new unique ID every time
the SP logs in.
: The `persistent` and `email` formats will use the attribute
specified in the `simplesaml.nameidattribute`-option as the value
of the ID.
: To properly support the `persistent` and `emailAddress` formats,
you should configure [NameID generation filters](./saml:nameid)
on your IdP.
`nameid.encryption`
: Whether NameIDs sent to this SP should be encrypted. The default
@ -231,6 +237,18 @@ The following SAML 2.0 options are available:
: Note that this option also exists in the IdP-hosted metadata.
The value in the SP-remote metadata overrides the value in the IdP-hosted metadata.
`signature.algorithm`
: The algorithm to use when signing any message sent to this specific service provider. Defaults to RSA-SHA1.
: Note that this option also exists in the IdP-hosted metadata.
The value in the SP-remote metadata overrides the value in the IdP-hosted metadata.
: Possible values:
* `http://www.w3.org/2000/09/xmldsig#rsa-sha1`
*Note*: the use of SHA1 is **deprecated** and will be disallowed in the future.
* `http://www.w3.org/2001/04/xmldsig-more#rsa-sha256`
* `http://www.w3.org/2001/04/xmldsig-more#rsa-sha384`
* `http://www.w3.org/2001/04/xmldsig-more#rsa-sha512`
`simplesaml.nameidattribute`
: When the value of the `NameIDFormat`-option is set to either
`email` or `persistent`, this is the name of the attribute which
@ -327,7 +345,7 @@ These options overrides the options set in `saml20-idp-hosted`.
**Example: Configuration for validating messages**
'redirect.validate' => TRUE,
'certificate' => 'server.crt',
'certificate' => 'example.org.crt',
### Fields for scoping

View File

@ -7,7 +7,6 @@ Scoping
http://daringfireball.net/projects/markdown/syntax
-->
* Version: `$Id: simplesamlphp-scoping.txt 2651 2010-11-16 14:32:43Z olavmrk $`
<!-- {{TOC}} -->
@ -18,9 +17,9 @@ providers specified.
A common use is for a service provider in a hub-and-spoke architecture to
manage its own discovery service and being able to tell the hub/proxy-IdP which
(backend-end) identity provider to use. The standart discovery service in
(backend-end) identity provider to use. The standard discovery service in
SimpleSAMLphp will show the intersection of all the known IdPs and the IdPs
specified in the scoping element. If this intersection only contains on IdP,
specified in the scoping element. If this intersection only contains one IdP,
then the request is automatically forwarded to that IdP.
Scoping is a SAML 2.0 specific option.
@ -37,7 +36,7 @@ who ultimately authenticates the user. A count of zero permits no proxying. If
ProxyCount is unspecified the number of proxy indirections is not limited.
`IDPList`
: The list of trusted idps ie. the list of entityIDs for identity providers
: The list of trusted IdPs ie. the list of entityIDs for identity providers
that are relevant for a service provider in an authnRequest.
### Note ###
@ -67,11 +66,11 @@ RequesterID element
-------------------
To allow an identity provider to identify the original requester and the
proxying identity providers, SimpleSAMLphp addes the RequesterID element to
proxying identity providers, SimpleSAMLphp adds the RequesterID element to
the request and if necessary the scoping element even if explicit scoping is
not used.
The RequesterId elements are avaliable from the state array as an array, for
The RequesterId elements are available from the state array as an array, for
instance the authenticate method in an authentication source
$requesterIDs = $state['saml:RequesterID'];
@ -80,11 +79,11 @@ AuthenticatingAuthority element
-------------------------------
To allow a service provider to identify the authentication authorities that
were involved in the authentication of the user, SimpleSAMLphp addes the
were involved in the authentication of the user, SimpleSAMLphp adds the
AuthenticatingAuthority elements.
The list of authenticating authorities (the AuthenticatingAuthority element)
can be retrived as an array from the authentication data.
can be retrieved as an array from the authentication data.
# Get the authentication source.
$as = new SimpleSAML_Auth_Simple();
@ -97,7 +96,7 @@ Support
If you need help to make this work, or want to discuss simpleSAMLphp with other users of the software, you are fortunate: Around simpleSAMLphp there is a great Open source community, and you are welcome to join! The forums are open for you to ask questions, contribute answers other further questions, request improvements or contribute with code or plugins of your own.
- [simpleSAMLphp homepage (at Feide RnD)](http://rnd.feide.no/simplesamlphp)
- [simpleSAMLphp homepage](https://simplesamlphp.org)
- [List of all available simpleSAMLphp documentation](http://simplesamlphp.org/docs/)
- [Join the simpleSAMLphp user's mailing list](http://rnd.feide.no/content/simplesamlphp-users-mailinglist)
- [Visit and contribute to the simpleSAMLphp wiki](https://ow.feide.no/simplesamlphp:start)

View File

@ -86,7 +86,7 @@ The following global parameters are supported:
`ErrorURL` (`string`)
: An URL to a page which will receive errors that may occur during authentication.
: A URL to a page which will receive errors that may occur during authentication.
`KeepPost` (`bool`)
@ -217,7 +217,7 @@ See the [`saml:SP`](./saml:sp) reference for information about available SAML au
string getLoginURL(string $returnTo = NULL)
Retrieve an URL that can be used to start authentication.
Retrieve a URL that can be used to start authentication.
### Parameters
@ -246,7 +246,7 @@ The URL should be:
string getLogoutURL(string $returnTo = NULL)
Retrieve an URL that can be used to trigger logout.
Retrieve a URL that can be used to trigger logout.
### Parameters

View File

@ -155,7 +155,7 @@ This is a quick overview of the API:
Generally, if you have:
$config = SimpleSAML_Configuration::getInstance();
$session = SimpleSAML_Session::getInstance();
$session = SimpleSAML_Session::getSessionFromRequest();
you should replace it with this single line:
@ -209,6 +209,9 @@ If you want to return to a specific URL after logging out, you should include th
$as->logout('https://example.org/');
Please make sure the URL is trusted. If you obtain the URL from the user input, make sure it is trusted before
calling $as->logout(), by using the SimpleSAML_Utilities::checkURLAllowed() method.
#### Login link

View File

@ -7,7 +7,6 @@ SimpleSAMLphp Service Provider QuickStart
http://daringfireball.net/projects/markdown/syntax
-->
* Version: `$Id: simplesamlphp-sp.txt 2711 2011-01-12 14:25:46Z olavmrk $`
<!-- {{TOC}} -->
@ -130,11 +129,15 @@ The textfields for AssertionConsumerService and SingleLogoutService should conta
After checking your metadata, give your SP a proper name and description and click 'save'.
The procedure for managing trust in federations differ, but the common part is that you would need to provide the *SAML 2.0 metadata
of your SP*, and register that with the federation administration.
Test the SP
-----------------------------
After the metadata is is configured on the IdP, you should be able to test the configuration.
After the metadata is configured on the IdP, you should be able to test the configuration.
The installation page of simpleSAMLphp has a link to test authentication sources.
When you click the link, you should receive a list of authentication sources, including the one you have created for the SP.
@ -144,6 +147,11 @@ The test page should contain a list of your attributes:
![Screenshot of the status page after an user have succesfully authenticated](http://rnd.feide.no/files/screenshot-example.png)
For a better looking, more advanced Discovery Service with tabs and live search, you may want to use the `discopower` module
in simpleSAMLphp. Take a look at the following blog entry for more information:
* [Blog entry about the DiscoPower module](https://rnd.feide.no/content/improved-discovery-service-live-search)
Integrating authentication with your own application
----------------------------------------------------
@ -196,7 +204,7 @@ Support
If you need help to make this work, or want to discuss simpleSAMLphp with other users of the software, you are fortunate: Around simpleSAMLphp there is a great Open source community, and you are welcome to join! The forums are open for you to ask questions, contribute answers other further questions, request improvements or contribute with code or plugins of your own.
- [simpleSAMLphp homepage (at Feide RnD)](http://rnd.feide.no/simplesamlphp)
- [simpleSAMLphp homepage](https://simplesamlphp.org)
- [List of all available simpleSAMLphp documentation](http://simplesamlphp.org/docs/)
- [Join the simpleSAMLphp user's mailing list](http://rnd.feide.no/content/simplesamlphp-users-mailinglist)
- [Visit and contribute to the simpleSAMLphp wiki](https://ow.feide.no/simplesamlphp:start)

View File

@ -20,6 +20,10 @@ Initialize configuration and metadata:
cp -r config-templates/* config/
cp -r metadata-templates/* metadata/
Install the external dependencies with Composer (http://getcomposer.org/):
php composer.phar install
Upgrading
---------
@ -29,3 +33,6 @@ Go to the root directory of your simpleSAMLphp installation:
Ask subversion to update to the latest version:
svn update
Install the external dependencies with Composer (http://getcomposer.org/):
php composer.phar install

View File

@ -7,7 +7,6 @@ Theming the user interface in SimpleSAMLphp
http://daringfireball.net/projects/markdown/syntax
-->
* Version: `$Id: simplesamlphp-theming.txt 2206 2010-03-08 10:14:12Z andreassolberg $`
<!-- {{TOC}} -->

View File

@ -7,7 +7,6 @@ SimpleSAMLphp Translation Portal
http://daringfireball.net/projects/markdown/syntax
-->
* Version: `$Id: simplesamlphp-translation.txt 2206 2010-03-08 10:14:12Z andreassolberg $`
<!-- {{TOC}} -->

View File

@ -1,195 +0,0 @@
Connecting SimpleSAMLphp SP to UK Access Federation and InCommon
================================================================
<!--
This file is written in Markdown syntax.
For more information about how to use the Markdown syntax, read here:
http://daringfireball.net/projects/markdown/syntax
-->
* Version: `$Id: simplesamlphp-ukaccess.txt 3126 2012-06-28 08:39:33Z olavmrk $`
<!-- {{TOC}} -->
This guide will describe how to configure simpleSAMLphp as a service provider (SP) supporting SAML 1.1 (shib1.3) and SAML 2.0 connecting it to a federation such as **UK Access Federation** or **InCommon**.
You should previously have installed simpleSAMLphp as described in [the simpleSAMLphp installation instructions](simplesamlphp-install).
Configuring the SP
------------------
The SP is configured by an entry in `config/authsources.php`. If you copy the `authsources.php` configuration from `config-templates`, it contains a decent default setup.
Further details on configuring an SP:
* [Service Provider QuickStart](simplesamlphp-sp)
* [Configuration Reference](./saml:sp)
### Enabling a certificate for your Service Provider
UK Access Federation and InCommon probably requires that you enable a certificate for your SP. Other federations do not always require that you do.
If you enable a certificate for your Service Provider, it may be able to sign requests and response sent to the Identity Provider, as well as receiving encrypted responses.
Create a self-signed certificate in the `cert/` directory.
cd cert
openssl req -newkey rsa:2048 -new -x509 -days 3652 -nodes -out saml.crt -keyout saml.pem
Then edit your `authsources.php` entry, and add references to your certificate:
'default-sp' => array(
'saml:SP',
'privatekey' => 'saml.pem',
'certificate' => 'saml.crt',
),
Consuming Federation Metadata
-----------------------------
In order to enable the functionality to automatically download and parse metadata from a remote URL, enable the `metarefresh` and `cron` modules:
touch modules/metarefresh/enable
cp modules/metarefresh/config-templates/*.php config/
touch modules/cron/enable
cp modules/cron/config-templates/*.php config/
Create a directory to cache the downloaded federation metadata:
mkdir metadata/metarefresh-ukaccess
chmod go+rw metadata/metarefresh-ukaccess
The module `metarefresh` is responsible for getting metadata from a preconfigured URL, and then parse and validate it and cache it for use with the SAML SP module.
Edit the `config/config-metarefresh.php`:
<?php
$config = array(
'sets' => array(
'uk' => array(
'cron' => array('hourly'),
'sources' => array(
array(
'src' => 'http://metadata.ukfederation.org.uk/ukfederation-metadata.xml',
'validateFingerprint' => 'D0:E8:40:25:F0:B1:2A:CC:74:22:ED:C3:87:04:BC:29:BB:7B:9A:40',
),
),
'expireAfter' => 60*60*24*4, // Maximum 4 days cache time.
'outputDir' => 'metadata/metarefresh-ukaccess/',
'outputFormat' => 'serialize',
),
),
);
The example above is from **UK Access Federation**. If you instead would like to get metadata from **InCommon**, use the following URL and fingerprint:
'src' => 'http://wayf.incommonfederation.org/InCommon/InCommon-metadata.xml',
'validateFingerprint' => '74278f967cf1bfcaaa1b41afb6336448a2150eb4',
* [Updated information about access endpoints and trust anchors for InCommon](http://www.incommonfederation.org/metadata.html)
Notice that the configuration points the `outputDir` to the directory we created earlier. Now, we configure the SAML SP to use the cached `outputDir` as one of its metadata sources. Edit `config.php`:
'metadata.sources' => array(
array('type' => 'flatfile'),
array('type' => 'serialize', 'directory' => 'metadata/metarefresh-ukaccess'),
),
Now, go to the frontpage of your simpleSAMLphp installation, and:
1. **Configuration** **Cron module information page**.
2. You then would need to enter that admin password that you did set in `config.php` during installation.
3. **Run cron [hourly]**
Then the page should load for a while and show no errors, only a white page. (These URLs are meant to run from *cron*, hence no output). If this operation seems to run fine, navigate to the **SimpleSAMLphp Front page** **Federation**. Here you should see a list of all trusted Identity Providers. The Identity Providers that are downloaded are listed with information about the valid cache duration, such as *(expires in 96.0 hours)*.
For more details on how to configure automated metadata:
* [Automated Metadata Management](simplesamlphp-automated_metadata)
For information on how to configure *remote metadata* manually (possibly in combination with automated metadata as described here):
* [Service Provider QuickStart](simplesamlphp-sp)
Exchange metadata with the Federation
-------------------------------------
In order to connect your Service Provider to the IdPs of the federations, the IdPs will need to trust your Service Provider. The prodecure for managing trust in federations differ, but the common part is that you would need to prepare *SAML 2.0 metadata for your SP*, and register that with the federation administration.
SimpleSAMLphp will automatically suggest metadata for your SP. Go to the **SimpleSAMLphp Front page** **Federation**. Here you will see an entry with *SAML 2.0 SP Metadata*. If you follow the link **[ Show metadata ]**, you will see a page listing metadata for your entity. You may copy and paste the SAML 2.0 metadata document, or send a link to this page to the federation administration.
Test the SP
-----------
After the metadata is is configured on the IdP, you should be able to test your SP.
Go to the **SimpleSAMLphp Front Page** **Authentication** **Test configured authentication sources**. You will then see a list of authentication sources that you may test. Select the authentication source ID for your SAML 2.0 SP. If you have not modified the `authsources.php` template, the ID is `default-sp`. When you click that link you should see a discovery service list of all Identity Providers.
For a better looking more advanced Discovery Service with tabs and live search, you should use the `discopower` module in simpleSAMLphp that is part of the official simpleSAMLphp release.
* [Blog entry about the DiscoPower module](https://rnd.feide.no/content/improved-discovery-service-live-search)
* Dedicated documentation for DiscoPower module, TBD.
Integrating authentication with your own application
----------------------------------------------------
* [Service Provider QuickStart](simplesamlphp-sp)
Caveat
------
In federations like UK Access Federations different aspects of the SAML protocol is in use, and here follows some information about what should work with SimpleSAMLphp and what will not work.
SimpleSAMLphp SP supports *SAML 1.1*, compatible with Shibboleth 1.3:
* SimpleSAMLphp supports Shibboleth Binding for authentication request.
* SimpleSAMLphp does not support SAML 1.1 Attribute Queries, but it supports attribute push (embedded attributes in Response).
* SimpleSAMLphp supports SAML 1.1 Artifact Binding for Response.
SimpleSAMLphp SP supports *SAML 2.0*, compatible with Shibboleth 2.X:
* SimpleSAMLphp uses the SAML 2.0 HTTP-REDIRECT binding for authentication request.
* SimpleSAMLphp by default sends unsigned authentication request, may be enabled by configuring a certificate.
* SimpleSAMLphp supports the SAML 2.0 HTTP-POST binding for Response.
* SimpleSAMLphp does not support the SAML 2.0 Artifact binding for Response. Estimated to be available in SimpleSAMLphp 1.6.
* SimpleSAMLphp supports SAML 2.0 Attribute Queries, but these are not sent automatically during SSO.
* SimpleSAMLphp supports receiving and decrypting EncryptedAssertions.
* SimpleSAMLphp supports receiving and decrypting NameID, as enabled by default by Shibboleth 2.0 - 2.1.
* SimpleSAMLphp supports SAML 2.0 Single Logout Profile using HTTP-REDIRECT binding. Warning: not yet supported by Shibboleth 2.x IdP.
**Important about certificates**: SimpleSAMLphp as an SP requires that Identity Providers have embedded certificates in metadata. Most federations use emebedded certificates, and others are migrating to use embedded certificates. Some federations though are using PKI, relying on a list of trusted CAs and no embedded certificates in metadata - this setup is *not* supported by simpleSAMLphp.
Support
-------
If you need help to make this work, or want to discuss simpleSAMLphp with other users of the software, you are fortunate: Around simpleSAMLphp there is a great Open source community, and you are welcome to join! The forums are open for you to ask questions, contribute answers other further questions, request improvements or contribute with code or plugins of your own.
- [simpleSAMLphp homepage (at Feide RnD)](http://rnd.feide.no/simplesamlphp)
- [List of all available simpleSAMLphp documentation](http://simplesamlphp.org/docs/)
- [Join the simpleSAMLphp user's mailing list](http://rnd.feide.no/content/simplesamlphp-users-mailinglist)
- [Visit and contribute to the simpleSAMLphp wiki](https://ow.feide.no/simplesamlphp:start)
More information about the federations:
- [UK Access Federation](http://www.ukfederation.org.uk/)
- [InCommon](http://www.incommonfederation.org/)
If your questions are not related to simpleSAMLphp, but instead procedures on how to deal with a specific federation, visit the support channels specific for that federation.

View File

@ -0,0 +1,6 @@
Upgrade notes for simpleSAMLphp 1.11
====================================
* Support for the Holder-of-Key profile in the SAML 2.0 SP has been disabled by default.
To enable it, set `saml20.hok.assertion` to `TRUE` in `config/authsources.php`.

View File

@ -0,0 +1,4 @@
Upgrade notes for simpleSAMLphp 1.12
====================================
* PHP version 5.3 is now required.

View File

@ -0,0 +1,7 @@
Upgrade notes for simpleSAMLphp 1.13
====================================
* The RSA_1.5 (RSA with PKCS#1 v1.5 padding) algorithm is now longer allowed by default. This means messages received
that use this algorithm will fail to decrypt.
* Several functions, classes and interfaces are now deprecated. Please check your code if you are using the API.
* A workaround related to performance issues when processing large metadata sets was included in **1.13.2**. **This workaround is experimental and could have unexpected side effects**.

View File

@ -1,65 +0,0 @@
<?php
/**
* The Artifact is part of the SAML 2.0 IdP code, and it builds an artifact object.
* I am using strings, because I find them easier to work with.
* I want to use this, to be consistent with the other saml2_requests
*
* @author Danny Bollaert, UGent AS. <danny.bollaert@ugent.be>
* @package simpleSAMLphp
* @version $Id$
*/
class SAML2_ArtifactResolve extends SAML2_Request {
private $artifact;
public function __construct(DOMElement $xml = NULL) {
parent::__construct('ArtifactResolve', $xml);
if(!is_null($xml)){
$results = SAML2_Utils::xpQuery($xml, './saml_protocol:Artifact');
$this->artifact = $results[0]->textContent;
}
}
/**
* Retrieve the Artifact in this response.
*
* @return string artifact.
*/
public function getArtifact() {
return $this->artifact;
}
/**
* Set the artifact that should be included in this response.
*
* @param String The $artifact.
*/
public function setArtifact($artifact) {
assert('is_string($artifact)');
$this->artifact = $artifact;
}
/**
* Convert the response message to an XML element.
*
* @return DOMElement This response.
*/
public function toUnsignedXML() {
$root = parent::toUnsignedXML();
$artifactelement = $this->document->createElementNS(SAML2_Const::NS_SAMLP, 'Artifact', $this->artifact);
$root->appendChild($artifactelement);
return $root;
}
}

View File

@ -1,71 +0,0 @@
<?php
/**
* The SAML2_ArtifactResponse, is the response to the SAML2_ArtifactResolve.
*
* @author Danny Bollaert, UGent AS. <danny.bollaert@ugent.be>
* @package simpleSAMLphp
* @version $Id$
*/
class SAML2_ArtifactResponse extends SAML2_StatusResponse {
/**
* The DOMElement with the message the artifact refers
* to, or NULL if we don't refer to any artifact.
*
* @var DOMElement|NULL
*/
private $any;
public function __construct(DOMElement $xml = NULL) {
parent::__construct('ArtifactResponse', $xml);
if(!is_null($xml)){
$status = SAML2_Utils::xpQuery($xml, './saml_protocol:Status');
assert('!empty($status)'); /* Will have failed during StatusResponse parsing. */
$status = $status[0];
for ($any = $status->nextSibling; $any !== NULL; $any = $any->nextSibling) {
if ($any instanceof DOMElement) {
$this->any = $any;
break;
}
/* Ignore comments and text nodes. */
}
}
}
public function setAny(DOMElement $any = NULL) {
$this->any = $any;
}
public function getAny() {
return $this->any;
}
/**
* Convert the response message to an XML element.
*
* @return DOMElement This response.
*/
public function toUnsignedXML() {
$root = parent::toUnsignedXML();
if (isset($this->any)) {
$node = $root->ownerDocument->importNode($this->any, TRUE);
$root->appendChild($node);
}
return $root;
}
}

File diff suppressed because it is too large Load Diff

View File

@ -1,176 +0,0 @@
<?php
/**
* Class for SAML 2 attribute query messages.
*
* An attribute query asks for a set of attributes. The following
* rules apply:
*
* - If no attributes are present in the query, all attributes should be
* returned.
* - If any attributes are present, only those attributes which are present
* in the query should be returned.
* - If an attribute contains any attribute values, only the attribute values
* which match those in the query should be returned.
*
* @package simpleSAMLphp
* @version $Id$
*/
class SAML2_AttributeQuery extends SAML2_SubjectQuery {
/**
* The attributes, as an associative array.
*
* @var array
*/
private $attributes;
/**
* The NameFormat used on all attributes.
*
* If more than one NameFormat is used, this will contain
* the unspecified nameformat.
*
* @var string
*/
private $nameFormat;
/**
* Constructor for SAML 2 attribute query messages.
*
* @param DOMElement|NULL $xml The input message.
*/
public function __construct(DOMElement $xml = NULL) {
parent::__construct('AttributeQuery', $xml);
$this->attributes = array();
$this->nameFormat = SAML2_Const::NAMEFORMAT_UNSPECIFIED;
if ($xml === NULL) {
return;
}
$firstAttribute = TRUE;
$attributes = SAML2_Utils::xpQuery($xml, './saml_assertion:Attribute');
foreach ($attributes as $attribute) {
if (!$attribute->hasAttribute('Name')) {
throw new Exception('Missing name on <saml:Attribute> element.');
}
$name = $attribute->getAttribute('Name');
if ($attribute->hasAttribute('NameFormat')) {
$nameFormat = $attribute->getAttribute('NameFormat');
} else {
$nameFormat = SAML2_Const::NAMEFORMAT_UNSPECIFIED;
}
if ($firstAttribute) {
$this->nameFormat = $nameFormat;
$firstAttribute = FALSE;
} else {
if ($this->nameFormat !== $nameFormat) {
$this->nameFormat = SAML2_Const::NAMEFORMAT_UNSPECIFIED;
}
}
if (!array_key_exists($name, $this->attributes)) {
$this->attributes[$name] = array();
}
$values = SAML2_Utils::xpQuery($attribute, './saml_assertion:AttributeValue');
foreach ($values as $value) {
$this->attributes[$name][] = trim($value->textContent);
}
}
}
/**
* Retrieve all requested attributes.
*
* @return array All requested attributes, as an associative array.
*/
public function getAttributes() {
return $this->attributes;
}
/**
* Set all requested attributes.
*
* @param array $attributes All requested attributes, as an associative array.
*/
public function setAttributes(array $attributes) {
$this->attributes = $attributes;
}
/**
* Retrieve the NameFormat used on all attributes.
*
* If more than one NameFormat is used in the received attributes, this
* returns the unspecified NameFormat.
*
* @return string The NameFormat used on all attributes.
*/
public function getAttributeNameFormat() {
return $this->nameFormat;
}
/**
* Set the NameFormat used on all attributes.
*
* @param string $nameFormat The NameFormat used on all attributes.
*/
public function setAttributeNameFormat($nameFormat) {
assert('is_string($nameFormat)');
$this->nameFormat = $nameFormat;
}
/**
* Convert the attribute query message to an XML element.
*
* @return DOMElement This attribute query.
*/
public function toUnsignedXML() {
$root = parent::toUnsignedXML();
foreach ($this->attributes as $name => $values) {
$attribute = $root->ownerDocument->createElementNS(SAML2_Const::NS_SAML, 'saml:Attribute');
$root->appendChild($attribute);
$attribute->setAttribute('Name', $name);
if ($this->nameFormat !== SAML2_Const::NAMEFORMAT_UNSPECIFIED) {
$attribute->setAttribute('NameFormat', $this->nameFormat);
}
foreach ($values as $value) {
if (is_string($value)) {
$type = 'xs:string';
} elseif (is_int($value)) {
$type = 'xs:integer';
} else {
$type = NULL;
}
$attributeValue = SAML2_Utils::addString($attribute, SAML2_Const::NS_SAML, 'saml:AttributeValue', $value);
if ($type !== NULL) {
$attributeValue->setAttributeNS(SAML2_Const::NS_XSI, 'xsi:type', $type);
}
}
}
return $root;
}
}

View File

@ -1,494 +0,0 @@
<?php
/**
* Class for SAML 2 authentication request messages.
*
* @package simpleSAMLphp
* @version $Id$
*/
class SAML2_AuthnRequest extends SAML2_Request {
/**
* The options for what type of name identifier should be returned.
*
* @var array
*/
private $nameIdPolicy;
/**
* Whether the Identity Provider must authenticate the user again.
*
* @var bool
*/
private $forceAuthn;
/**
* Set to TRUE if this request is passive.
*
* @var bool.
*/
private $isPassive;
/**
* The list of providerIDs in this request's scoping element
*
* @var array
*/
private $IDPList = array();
/**
* The ProxyCount in this request's scoping element
*
* @var int
*/
private $ProxyCount = null;
/**
* The RequesterID list in this request's scoping element
*
* @var array
*/
private $RequesterID = array();
/**
* The URL of the asertion consumer service where the response should be delivered.
*
* @var string|NULL
*/
private $assertionConsumerServiceURL;
/**
* What binding should be used when sending the response.
*
* @var string|NULL
*/
private $protocolBinding;
/**
* The index of the AssertionConsumerService.
*
* @var int|NULL
*/
private $assertionConsumerServiceIndex;
/**
* What authentication context was requested.
*
* Array with the following elements.
* - AuthnContextClassRef (required)
* - Comparison (optinal)
*
* @var array
*/
private $requestedAuthnContext;
/**
* Request extensions.
*
* @var array
*/
private $extensions;
/**
* Constructor for SAML 2 authentication request messages.
*
* @param DOMElement|NULL $xml The input message.
*/
public function __construct(DOMElement $xml = NULL) {
parent::__construct('AuthnRequest', $xml);
$this->nameIdPolicy = array();
$this->forceAuthn = FALSE;
$this->isPassive = FALSE;
if ($xml === NULL) {
return;
}
$this->forceAuthn = SAML2_Utils::parseBoolean($xml, 'ForceAuthn', FALSE);
$this->isPassive = SAML2_Utils::parseBoolean($xml, 'IsPassive', FALSE);
if ($xml->hasAttribute('AssertionConsumerServiceURL')) {
$this->assertionConsumerServiceURL = $xml->getAttribute('AssertionConsumerServiceURL');
}
if ($xml->hasAttribute('ProtocolBinding')) {
$this->protocolBinding = $xml->getAttribute('ProtocolBinding');
}
if ($xml->hasAttribute('AssertionConsumerServiceIndex')) {
$this->assertionConsumerServiceIndex = (int)$xml->getAttribute('AssertionConsumerServiceIndex');
}
$nameIdPolicy = SAML2_Utils::xpQuery($xml, './saml_protocol:NameIDPolicy');
if (!empty($nameIdPolicy)) {
$nameIdPolicy = $nameIdPolicy[0];
if ($nameIdPolicy->hasAttribute('Format')) {
$this->nameIdPolicy['Format'] = $nameIdPolicy->getAttribute('Format');
}
if ($nameIdPolicy->hasAttribute('SPNameQualifier')) {
$this->nameIdPolicy['SPNameQualifier'] = $nameIdPolicy->getAttribute('SPNameQualifier');
}
if ($nameIdPolicy->hasAttribute('AllowCreate')) {
$this->nameIdPolicy['AllowCreate'] = SAML2_Utils::parseBoolean($nameIdPolicy, 'AllowCreate', FALSE);
}
}
$requestedAuthnContext = SAML2_Utils::xpQuery($xml, './saml_protocol:RequestedAuthnContext');
if (!empty($requestedAuthnContext)) {
$requestedAuthnContext = $requestedAuthnContext[0];
$rac = array(
'AuthnContextClassRef' => array(),
'Comparison' => 'exact',
);
$accr = SAML2_Utils::xpQuery($requestedAuthnContext, './saml_assertion:AuthnContextClassRef');
foreach ($accr as $i) {
$rac['AuthnContextClassRef'][] = trim($i->textContent);
}
if ($requestedAuthnContext->hasAttribute('Comparison')) {
$rac['Comparison'] = $requestedAuthnContext->getAttribute('Comparison');
}
$this->requestedAuthnContext = $rac;
}
$scoping = SAML2_Utils::xpQuery($xml, './saml_protocol:Scoping');
if (!empty($scoping)) {
$scoping =$scoping[0];
if ($scoping->hasAttribute('ProxyCount')) {
$this->ProxyCount = (int)$scoping->getAttribute('ProxyCount');
}
$idpEntries = SAML2_Utils::xpQuery($scoping, './saml_protocol:IDPList/saml_protocol:IDPEntry');
foreach($idpEntries as $idpEntry) {
if (!$idpEntry->hasAttribute('ProviderID')) {
throw new Exception("Could not get ProviderID from Scoping/IDPEntry element in AuthnRequest object");
}
$this->IDPList[] = $idpEntry->getAttribute('ProviderID');
}
$requesterIDs = SAML2_Utils::xpQuery($scoping, './saml_protocol:RequesterID');
foreach ($requesterIDs as $requesterID) {
$this->RequesterID[] = trim($requesterID->textContent);
}
}
$this->extensions = SAML2_XML_samlp_Extensions::getList($xml);
}
/**
* Retrieve the NameIdPolicy.
*
* @see SAML2_AuthnRequest::setNameIdPolicy()
* @return array The NameIdPolicy.
*/
public function getNameIdPolicy() {
return $this->nameIdPolicy;
}
/**
* Set the NameIDPolicy.
*
* This function accepts an array with the following options:
* - 'Format'
* - 'SPNameQualifier'
* - 'AllowCreate'
*
* @param array $nameIdPolicy The NameIDPolicy.
*/
public function setNameIdPolicy(array $nameIdPolicy) {
$this->nameIdPolicy = $nameIdPolicy;
}
/**
* Retrieve the value of the ForceAuthn attribute.
*
* @return bool The ForceAuthn attribute.
*/
public function getForceAuthn() {
return $this->forceAuthn;
}
/**
* Set the value of the ForceAuthn attribute.
*
* @param bool $forceAuthn The ForceAuthn attribute.
*/
public function setForceAuthn($forceAuthn) {
assert('is_bool($forceAuthn)');
$this->forceAuthn = $forceAuthn;
}
/**
* Retrieve the value of the IsPassive attribute.
*
* @return bool The IsPassive attribute.
*/
public function getIsPassive() {
return $this->isPassive;
}
/**
* Set the value of the IsPassive attribute.
*
* @param bool $isPassive The IsPassive attribute.
*/
public function setIsPassive($isPassive) {
assert('is_bool($isPassive)');
$this->isPassive = $isPassive;
}
/**
* This function sets the scoping for the request
* See Core 3.4.1.2 for the definition of scoping
* Currently we only support an IDPList of idpEntries
* and only the required ProviderID in an IDPEntry
* $providerIDs is an array of Entity Identifiers
*
*/
public function setIDPList($IDPList) {
assert('is_array($IDPList)');
$this->IDPList = $IDPList;
}
/**
* This function retrieves the list of providerIDs from this authentication request.
* Currently we only support a list of ipd ientity id's.
* @return The list of idpidentityids from the request
*/
public function getIDPList() {
return $this->IDPList;
}
public function setProxyCount($ProxyCount) {
assert('is_int($ProxyCount)');
$this->ProxyCount = $ProxyCount;
}
public function getProxyCount() {
return $this->ProxyCount;
}
public function setRequesterID(array $RequesterID) {
$this->RequesterID = $RequesterID;
}
public function getRequesterID() {
return $this->RequesterID;
}
/**
* Retrieve the value of the AssertionConsumerServiceURL attribute.
*
* @return string|NULL The AssertionConsumerServiceURL attribute.
*/
public function getAssertionConsumerServiceURL() {
return $this->assertionConsumerServiceURL;
}
/**
* Set the value of the AssertionConsumerServiceURL attribute.
*
* @param string|NULL $assertionConsumerServiceURL The AssertionConsumerServiceURL attribute.
*/
public function setAssertionConsumerServiceURL($assertionConsumerServiceURL) {
assert('is_string($assertionConsumerServiceURL) || is_null($assertionConsumerServiceURL)');
$this->assertionConsumerServiceURL = $assertionConsumerServiceURL;
}
/**
* Retrieve the value of the ProtocolBinding attribute.
*
* @return string|NULL The ProtocolBinding attribute.
*/
public function getProtocolBinding() {
return $this->protocolBinding;
}
/**
* Set the value of the ProtocolBinding attribute.
*
* @param string $protocolBinding The ProtocolBinding attribute.
*/
public function setProtocolBinding($protocolBinding) {
assert('is_string($protocolBinding) || is_null($protocolBinding)');
$this->protocolBinding = $protocolBinding;
}
/**
* Retrieve the value of the AssertionConsumerServiceIndex attribute.
*
* @return int|NULL The AssertionConsumerServiceIndex attribute.
*/
public function getAssertionConsumerServiceIndex() {
return $this->assertionConsumerServiceIndex;
}
/**
* Set the value of the AssertionConsumerServiceIndex attribute.
*
* @param string|NULL $assertionConsumerServiceIndex The AssertionConsumerServiceIndex attribute.
*/
public function setAssertionConsumerServiceIndex($assertionConsumerServiceIndex) {
assert('is_int($assertionConsumerServiceIndex) || is_null($assertionConsumerServiceIndex)');
$this->assertionConsumerServiceIndex = $assertionConsumerServiceIndex;
}
/**
* Retrieve the RequestedAuthnContext.
*
* @return array|NULL The RequestedAuthnContext.
*/
public function getRequestedAuthnContext() {
return $this->requestedAuthnContext;
}
/**
* Set the RequestedAuthnContext.
*
* @param array|NULL $requestedAuthnContext The RequestedAuthnContext.
*/
public function setRequestedAuthnContext($requestedAuthnContext) {
assert('is_array($requestedAuthnContext) || is_null($requestedAuthnContext)');
$this->requestedAuthnContext = $requestedAuthnContext;
}
/**
* Retrieve the Extensions.
*
* @return SAML2_XML_samlp_Extensions.
*/
public function getExtensions() {
return $this->extensions;
}
/**
* Set the Extensions.
*
* @param array|NULL $extensions The Extensions.
*/
public function setExtensions($extensions) {
assert('is_array($extensions) || is_null($extensions)');
$this->extensions = $extensions;
}
/**
* Convert this authentication request to an XML element.
*
* @return DOMElement This authentication request.
*/
public function toUnsignedXML() {
$root = parent::toUnsignedXML();
if ($this->forceAuthn) {
$root->setAttribute('ForceAuthn', 'true');
}
if ($this->isPassive) {
$root->setAttribute('IsPassive', 'true');
}
if ($this->assertionConsumerServiceURL !== NULL) {
$root->setAttribute('AssertionConsumerServiceURL', $this->assertionConsumerServiceURL);
}
if ($this->protocolBinding !== NULL) {
$root->setAttribute('ProtocolBinding', $this->protocolBinding);
}
if (!empty($this->nameIdPolicy)) {
$nameIdPolicy = $this->document->createElementNS(SAML2_Const::NS_SAMLP, 'NameIDPolicy');
if (array_key_exists('Format', $this->nameIdPolicy)) {
$nameIdPolicy->setAttribute('Format', $this->nameIdPolicy['Format']);
}
if (array_key_exists('SPNameQualifier', $this->nameIdPolicy)) {
$nameIdPolicy->setAttribute('SPNameQualifier', $this->nameIdPolicy['SPNameQualifier']);
}
if (array_key_exists('AllowCreate', $this->nameIdPolicy) && $this->nameIdPolicy['AllowCreate']) {
$nameIdPolicy->setAttribute('AllowCreate', 'true');
}
$root->appendChild($nameIdPolicy);
}
$rac = $this->requestedAuthnContext;
if (!empty($rac) && !empty($rac['AuthnContextClassRef'])) {
$e = $this->document->createElementNS(SAML2_Const::NS_SAMLP, 'RequestedAuthnContext');
$root->appendChild($e);
if (isset($rac['Comparison']) && $rac['Comparison'] !== 'exact') {
$e->setAttribute('Comparison', $rac['Comparison']);
}
foreach ($rac['AuthnContextClassRef'] as $accr) {
SAML2_Utils::addString($e, SAML2_Const::NS_SAML, 'AuthnContextClassRef', $accr);
}
}
if (!empty($this->extensions)) {
SAML2_XML_samlp_Extensions::addList($root, $this->extensions);
}
if ($this->ProxyCount !== null || count($this->IDPList) > 0 || count($this->RequesterID) > 0) {
$scoping = $this->document->createElementNS(SAML2_Const::NS_SAMLP, 'Scoping');
if ($this->ProxyCount !== null) {
$scoping->setAttribute('ProxyCount', $this->ProxyCount);
}
if (count($this->IDPList) > 0) {
$idplist = $this->document->createElementNS(SAML2_Const::NS_SAMLP, 'IDPList');
foreach ($this->IDPList as $provider) {
$idpEntry = $this->document->createElementNS(SAML2_Const::NS_SAMLP, 'IDPEntry');
$idpEntry->setAttribute('ProviderID', $provider);
$idplist->appendChild($idpEntry);
}
$scoping->appendChild($idplist);
$root->appendChild($scoping);
}
if (count($this->RequesterID) > 0) {
SAML2_Utils::addStrings($scoping, SAML2_Const::NS_SAMLP, 'RequesterID', FALSE, $this->RequesterID);
}
}
return $root;
}
}
?>

View File

@ -1,147 +0,0 @@
<?php
/**
* Base class for SAML 2 bindings.
*
* @package simpleSAMLphp
* @version $Id$
*/
abstract class SAML2_Binding {
/**
* The destination of messages.
*
* This can be NULL, in which case the destination in the message is used.
*/
protected $destination;
/**
* Retrieve a binding with the given URN.
*
* Will throw an exception if it is unable to locate the binding.
*
* @param string $urn The URN of the binding.
* @return SAML2_Binding The binding.
*/
public static function getBinding($urn) {
assert('is_string($urn)');
switch ($urn) {
case SAML2_Const::BINDING_HTTP_POST:
return new SAML2_HTTPPost();
case SAML2_Const::BINDING_HTTP_REDIRECT:
return new SAML2_HTTPRedirect();
case SAML2_Const::BINDING_HTTP_ARTIFACT:
return new SAML2_HTTPArtifact();
case SAML2_Const::BINDING_HOK_SSO:
return new SAML2_HTTPPost();
default:
throw new Exception('Unsupported binding: ' . var_export($urn, TRUE));
}
}
/**
* Guess the current binding.
*
* This function guesses the current binding and creates an instance
* of SAML2_Binding matching that binding.
*
* An exception will be thrown if it is unable to guess the binding.
*
* @return SAML2_Binding The binding.
*/
public static function getCurrentBinding() {
switch ($_SERVER['REQUEST_METHOD']) {
case 'GET':
if (array_key_exists('SAMLRequest', $_GET) || array_key_exists('SAMLResponse', $_GET)) {
return new SAML2_HTTPRedirect();
} elseif (array_key_exists('SAMLart', $_GET) ){
return new SAML2_HTTPArtifact();
}
break;
case 'POST':
if (isset($_SERVER['CONTENT_TYPE'])) {
$contentType = $_SERVER['CONTENT_TYPE'];
$contentType = explode(';', $contentType);
$contentType = $contentType[0]; /* Remove charset. */
} else {
$contentType = NULL;
}
if (array_key_exists('SAMLRequest', $_POST) || array_key_exists('SAMLResponse', $_POST)) {
return new SAML2_HTTPPost();
} elseif (array_key_exists('SAMLart', $_POST) ){
return new SAML2_HTTPArtifact();
} elseif ($contentType === 'text/xml') {
return new SAML2_SOAP();
}
break;
}
SimpleSAML_Logger::warning('Unable to find the SAML 2 binding used for this request.');
SimpleSAML_Logger::warning('Request method: ' . var_export($_SERVER['REQUEST_METHOD'], TRUE));
if (!empty($_GET)) {
SimpleSAML_Logger::warning("GET parameters: '" . implode("', '", array_map('addslashes', array_keys($_GET))) . "'");
}
if (!empty($_POST)) {
SimpleSAML_Logger::warning("POST parameters: '" . implode("', '", array_map('addslashes', array_keys($_POST))) . "'");
}
if (isset($_SERVER['CONTENT_TYPE'])) {
SimpleSAML_Logger::warning('Content-Type: ' . var_export($_SERVER['CONTENT_TYPE'], TRUE));
}
throw new Exception('Unable to find the current binding.');
}
/**
* Retrieve the destination of a message.
*
* @return string|NULL $destination The destination the message will be delivered to.
*/
public function getDestination() {
return $this->destination;
}
/**
* Override the destination of a message.
*
* Set to NULL to use the destination set in the message.
*
* @param string|NULL $destination The destination the message should be delivered to.
*/
public function setDestination($destination) {
assert('is_string($destination) || is_null($destination)');
$this->destination = $destination;
}
/**
* Send a SAML 2 message.
*
* This function will send a message using the specified binding.
* The message will be delivered to the destination set in the message.
*
* @param SAML2_Message $message The message which should be sent.
*/
abstract public function send(SAML2_Message $message);
/**
* Receive a SAML 2 message.
*
* This function will extract the message from the current request.
* An exception will be thrown if we are unable to process the message.
*
* @return SAML2_Message The received message.
*/
abstract public function receive();
}
?>

View File

@ -1,160 +0,0 @@
<?php
/**
* Various SAML 2 constants.
*
* @package simpleSAMLphp
* @version $Id$
*/
class SAML2_Const {
/**
* Password authentication context.
*/
const AC_PASSWORD = 'urn:oasis:names:tc:SAML:2.0:ac:classes:Password';
/**
* Unspecified authentication context.
*/
const AC_UNSPECIFIED = 'urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified';
/**
* The URN for the HTTP-POST binding.
*/
const BINDING_HTTP_POST = 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST';
/**
* The URN for the HTTP-Redirect binding.
*/
const BINDING_HTTP_REDIRECT = 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect';
/**
* The URN for the HTTP-ARTIFACT binding.
*/
const BINDING_HTTP_ARTIFACT = 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact';
/**
* The URN for the SOAP binding.
*/
const BINDING_SOAP = 'urn:oasis:names:tc:SAML:2.0:bindings:SOAP';
/**
* The URN for the Holder-of-Key Web Browser SSO Profile binding
*/
const BINDING_HOK_SSO = 'urn:oasis:names:tc:SAML:2.0:profiles:holder-of-key:SSO:browser';
/**
* Bearer subject confirmation method.
*/
const CM_BEARER = 'urn:oasis:names:tc:SAML:2.0:cm:bearer';
/**
* Holder-of-Key subject confirmation method.
*/
const CM_HOK = 'urn:oasis:names:tc:SAML:2.0:cm:holder-of-key';
/**
* The URN for the unspecified attribute NameFormat.
*/
const NAMEFORMAT_UNSPECIFIED = 'urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified';
/**
* Unspecified NameID format.
*/
const NAMEID_UNSPECIFIED = 'urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified';
/**
* Persistent NameID format.
*/
const NAMEID_PERSISTENT = 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent';
/**
* Transient NameID format.
*/
const NAMEID_TRANSIENT = 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient';
/**
* Encrypted NameID format.
*/
const NAMEID_ENCRYPTED = 'urn:oasis:names:tc:SAML:2.0:nameid-format:encrypted';
/**
* The namespace for the SOAP protocol.
*/
const NS_SOAP = 'http://schemas.xmlsoap.org/soap/envelope/';
/**
* The namespace for the SAML 2 protocol.
*/
const NS_SAMLP = 'urn:oasis:names:tc:SAML:2.0:protocol';
/**
* The namespace for the SAML 2 assertions.
*/
const NS_SAML = 'urn:oasis:names:tc:SAML:2.0:assertion';
/**
* The namespace for the SAML 2 metadata.
*/
const NS_MD = 'urn:oasis:names:tc:SAML:2.0:metadata';
/**
* The namespace fox XML schema.
*/
const NS_XS = 'http://www.w3.org/2001/XMLSchema';
/**
* The namespace for XML schema instance.
*/
const NS_XSI = 'http://www.w3.org/2001/XMLSchema-instance';
/**
* The namespace for the SAML 2 HoK Web Browser SSO Profile.
*/
const NS_HOK = 'urn:oasis:names:tc:SAML:2.0:profiles:holder-of-key:SSO:browser';
/**
* Top-level status code indicating successful processing of the request.
*/
const STATUS_SUCCESS = 'urn:oasis:names:tc:SAML:2.0:status:Success';
/**
* Top-level status code indicating that there was a problem with the request.
*/
const STATUS_REQUESTER = 'urn:oasis:names:tc:SAML:2.0:status:Requester';
/**
* Top-level status code indicating that there was a problem generating the response.
*/
const STATUS_RESPONDER = 'urn:oasis:names:tc:SAML:2.0:status:Responder';
/**
* Top-level status code indicating that the request was from an unsupported version of the SAML protocol.
*/
const STATUS_VERSION_MISMATCH = 'urn:oasis:names:tc:SAML:2.0:status:VersionMismatch';
/**
* Second-level status code for NoPassive errors.
*/
const STATUS_NO_PASSIVE = 'urn:oasis:names:tc:SAML:2.0:status:NoPassive';
/**
* Second-level status code for PartialLogout.
*/
const STATUS_PARTIAL_LOGOUT = 'urn:oasis:names:tc:SAML:2.0:status:PartialLogout';
/**
* Second-level status code for ProxyCountExceeded.
*/
const STATUS_PROXY_COUNT_EXCEEDED = 'urn:oasis:names:tc:SAML:2.0:status:ProxyCountExceeded';
}
?>

View File

@ -1,120 +0,0 @@
<?php
/**
* Class handling encrypted assertions.
*
* @package simpleSAMLphp
* @version $Id$
*/
class SAML2_EncryptedAssertion {
/**
* The current encrypted assertion.
*
* @var DOMElement
*/
private $encryptedData;
/**
* Constructor for SAML 2 encrypted assertions.
*
* @param DOMElement|NULL $xml The encrypted assertion XML element.
*/
public function __construct(DOMElement $xml = NULL) {
if ($xml === NULL) {
return;
}
$data = SAML2_Utils::xpQuery($xml, './xenc:EncryptedData');
if (count($data) === 0) {
throw new Exception('Missing encrypted data in <saml:EncryptedAssertion>.');
} elseif (count($data) > 1) {
throw new Exception('More than one encrypted data element in <saml:EncryptedAssertion>.');
}
$this->encryptedData = $data[0];
}
/**
* Set the assertion.
*
* @param SAML2_Assertion $assertion The assertion.
* @param XMLSecurityKey $key The key we should use to encrypt the assertion.
*/
public function setAssertion(SAML2_Assertion $assertion, XMLSecurityKey $key) {
$xml = $assertion->toXML();
SimpleSAML_Utilities::debugMessage($xml, 'encrypt');
$enc = new XMLSecEnc();
$enc->setNode($xml);
$enc->type = XMLSecEnc::Element;
switch ($key->type) {
case XMLSecurityKey::TRIPLEDES_CBC:
case XMLSecurityKey::AES128_CBC:
case XMLSecurityKey::AES192_CBC:
case XMLSecurityKey::AES256_CBC:
$symmetricKey = $key;
break;
case XMLSecurityKey::RSA_1_5:
case XMLSecurityKey::RSA_OAEP_MGF1P:
$symmetricKey = new XMLSecurityKey(XMLSecurityKey::AES128_CBC);
$symmetricKey->generateSessionKey();
$enc->encryptKey($key, $symmetricKey);
break;
default:
throw new Exception('Unknown key type for encryption: ' . $key->type);
}
$this->encryptedData = $enc->encryptNode($symmetricKey);
}
/**
* Retrieve the assertion.
*
* @param XMLSecurityKey $key The key we should use to decrypt the assertion.
* @param array $blacklist Blacklisted decryption algorithms.
* @return SAML2_Assertion The decrypted assertion.
*/
public function getAssertion(XMLSecurityKey $inputKey, array $blacklist = array()) {
$assertionXML = SAML2_Utils::decryptElement($this->encryptedData, $inputKey, $blacklist);
SimpleSAML_Utilities::debugMessage($assertionXML, 'decrypt');
return new SAML2_Assertion($assertionXML);
}
/**
* Convert this encrypted assertion to an XML element.
*
* @param DOMNode|NULL $parentElement The DOM node the assertion should be created in.
* @return DOMElement This encrypted assertion.
*/
public function toXML(DOMNode $parentElement = NULL) {
if ($parentElement === NULL) {
$document = new DOMDocument();
$parentElement = $document;
} else {
$document = $parentElement->ownerDocument;
}
$root = $document->createElementNS(SAML2_Const::NS_SAML, 'saml:' . 'EncryptedAssertion');
$parentElement->appendChild($root);
$root->appendChild($document->importNode($this->encryptedData, TRUE));
return $root;
}
}

View File

@ -1,155 +0,0 @@
<?php
/**
* Class which implements the HTTP-Redirect binding.
*
* @author Danny Bollaert, UGent AS. <danny.bollaert@ugent.be>
* @package simpleSAMLphp
* @version $Id$
*/
class SAML2_HTTPArtifact extends SAML2_Binding {
private $spMetadata;
/**
* Create the redirect URL for a message.
*
* @param SAML2_Message $message The message.
* @return string The URL the user should be redirected to in order to send a message.
*/
public function getRedirectURL(SAML2_Message $message) {
$store = SimpleSAML_Store::getInstance();
if ($store === FALSE) {
throw new Exception('Unable to send artifact without a datastore configured.');
}
$generatedId = pack('H*', ((string) SimpleSAML_Utilities::stringToHex(SimpleSAML_Utilities::generateRandomBytes(20))));
$artifact = base64_encode("\x00\x04\x00\x00" . sha1($message->getIssuer(), TRUE) . $generatedId) ;
$artifactData = $message->toUnsignedXML();
$artifactDataString = $artifactData->ownerDocument->saveXML($artifactData);
$store->set('artifact', $artifact, $artifactDataString, time() + 15*60);
$params = array(
'SAMLart' => $artifact,
);
$relayState = $message->getRelayState();
if ($relayState !== NULL) {
$params['RelayState'] = $relayState;
}
return SimpleSAML_Utilities::addURLparameter($message->getDestination(), $params);
}
/**
* Send a SAML 2 message using the HTTP-Redirect binding.
*
* Note: This function never returns.
*
* @param SAML2_Message $message The message we should send.
*/
public function send(SAML2_Message $message) {
$destination = $this->getRedirectURL($message);
SimpleSAML_Utilities::redirect($destination);
}
/**
* Receive a SAML 2 message sent using the HTTP-Artifact binding.
*
* Throws an exception if it is unable receive the message.
*
* @return SAML2_Message The received message.
*/
public function receive() {
if (array_key_exists('SAMLart', $_REQUEST)) {
$artifact = base64_decode($_REQUEST['SAMLart']);
$endpointIndex = bin2hex(substr($artifact,2,2));
$sourceId = bin2hex(substr($artifact,4,20));
}else{
throw new Execption('Missing SAMLArt parameter.');
}
$metadataHandler = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
$idpmetadata = $metadataHandler->getMetaDataConfigForSha1($sourceId, 'saml20-idp-remote');
if ($idpmetadata === NULL) {
throw new Exception('No metadata found for remote provider with SHA1 ID: ' . var_export($sourceId, TRUE));
}
$endpoint = NULL;
foreach ($idpmetadata->getEndpoints('ArtifactResolutionService') as $ep) {
if ($ep['index'] === hexdec($endpointIndex)) {
$endpoint = $ep;
break;
}
}
if ($endpoint === NULL) {
throw new Exception('No ArtifactResolutionService with the correct index.');
}
SimpleSAML_Logger::debug("ArtifactResolutionService endpoint being used is := " . $endpoint['Location']);
//Construct the ArtifactResolve Request
$ar = new SAML2_ArtifactResolve();
/* Set the request attributes */
$ar->setIssuer($this->spMetadata->getString('entityid'));
$ar->setArtifact($_REQUEST['SAMLart']);
$ar->setDestination($endpoint['Location']);
/* Sign the request */
sspmod_saml_Message::addSign($this->spMetadata, $idpmetadata, $ar); // Shoaib - moved from the SOAPClient.
$soap = new SAML2_SOAPClient();
// Send message through SoapClient
$artifactResponse = $soap->send($ar, $this->spMetadata);
if (!$artifactResponse->isSuccess()) {
throw new Exception('Received error from ArtifactResolutionService.');
}
$xml = $artifactResponse->getAny();
if ($xml === NULL) {
/* Empty ArtifactResponse - possibly because of Artifact replay? */
return NULL;
}
$samlresponse = SAML2_Message::fromXML($xml);
$samlresponse->addValidator(array(get_class($this), 'validateSignature'), $artifactResponse);
if (isset($_REQUEST['RelayState'])) {
$samlresponse->setRelayState($_REQUEST['RelayState']);
}
return $samlresponse;
}
public function setSPMetadata($sp){
$this->spMetadata = $sp;
}
/**
* A validator which returns TRUE if the ArtifactResponse was signed with the given key
*
* @return TRUE
*/
public static function validateSignature(SAML2_ArtifactResponse $message, XMLSecurityKey $key) {
return $message->validate($key);
}
}

View File

@ -1,87 +0,0 @@
<?php
/**
* Class which implements the HTTP-POST binding.
*
* @package simpleSAMLphp
* @version $Id$
*/
class SAML2_HTTPPost extends SAML2_Binding {
/**
* Send a SAML 2 message using the HTTP-POST binding.
*
* Note: This function never returns.
*
* @param SAML2_Message $message The message we should send.
*/
public function send(SAML2_Message $message) {
if ($this->destination === NULL) {
$destination = $message->getDestination();
} else {
$destination = $this->destination;
}
$relayState = $message->getRelayState();
$msgStr = $message->toSignedXML();
$msgStr = $msgStr->ownerDocument->saveXML($msgStr);
SimpleSAML_Utilities::debugMessage($msgStr, 'out');
$msgStr = base64_encode($msgStr);
if ($message instanceof SAML2_Request) {
$msgType = 'SAMLRequest';
} else {
$msgType = 'SAMLResponse';
}
$post = array();
$post[$msgType] = $msgStr;
if ($relayState !== NULL) {
$post['RelayState'] = $relayState;
}
SimpleSAML_Utilities::postRedirect($destination, $post);
}
/**
* Receive a SAML 2 message sent using the HTTP-POST binding.
*
* Throws an exception if it is unable receive the message.
*
* @return SAML2_Message The received message.
*/
public function receive() {
if (array_key_exists('SAMLRequest', $_POST)) {
$msg = $_POST['SAMLRequest'];
} elseif (array_key_exists('SAMLResponse', $_POST)) {
$msg = $_POST['SAMLResponse'];
} else {
throw new Exception('Missing SAMLRequest or SAMLResponse parameter.');
}
$msg = base64_decode($msg);
SimpleSAML_Utilities::debugMessage($msg, 'in');
$document = new DOMDocument();
$document->loadXML($msg);
$xml = $document->firstChild;
$msg = SAML2_Message::fromXML($xml);
if (array_key_exists('RelayState', $_POST)) {
$msg->setRelayState($_POST['RelayState']);
}
return $msg;
}
}
?>

View File

@ -1,235 +0,0 @@
<?php
/**
* Class which implements the HTTP-Redirect binding.
*
* @package simpleSAMLphp
* @version $Id$
*/
class SAML2_HTTPRedirect extends SAML2_Binding {
const DEFLATE = 'urn:oasis:names:tc:SAML:2.0:bindings:URL-Encoding:DEFLATE';
/**
* Create the redirect URL for a message.
*
* @param SAML2_Message $message The message.
* @return string The URL the user should be redirected to in order to send a message.
*/
public function getRedirectURL(SAML2_Message $message) {
if ($this->destination === NULL) {
$destination = $message->getDestination();
} else {
$destination = $this->destination;
}
$relayState = $message->getRelayState();
$key = $message->getSignatureKey();
$msgStr = $message->toUnsignedXML();
$msgStr = $msgStr->ownerDocument->saveXML($msgStr);
SimpleSAML_Utilities::debugMessage($msgStr, 'out');
$msgStr = gzdeflate($msgStr);
$msgStr = base64_encode($msgStr);
/* Build the query string. */
if ($message instanceof SAML2_Request) {
$msg = 'SAMLRequest=';
} else {
$msg = 'SAMLResponse=';
}
$msg .= urlencode($msgStr);
if ($relayState !== NULL) {
$msg .= '&RelayState=' . urlencode($relayState);
}
if ($key !== NULL) {
/* Add the signature. */
$msg .= '&SigAlg=' . urlencode(XMLSecurityKey::RSA_SHA1);
$signature = $key->signData($msg);
$msg .= '&Signature=' . urlencode(base64_encode($signature));
}
if (strpos($destination, '?') === FALSE) {
$destination .= '?' . $msg;
} else {
$destination .= '&' . $msg;
}
return $destination;
}
/**
* Send a SAML 2 message using the HTTP-Redirect binding.
*
* Note: This function never returns.
*
* @param SAML2_Message $message The message we should send.
*/
public function send(SAML2_Message $message) {
$destination = $this->getRedirectURL($message);
SimpleSAML_Logger::debug('Redirect to ' . strlen($destination) . ' byte URL: ' . $destination);
SimpleSAML_Utilities::redirect($destination);
}
/**
* Receive a SAML 2 message sent using the HTTP-Redirect binding.
*
* Throws an exception if it is unable receive the message.
*
* @return SAML2_Message The received message.
*/
public function receive() {
$data = self::parseQuery();
if (array_key_exists('SAMLRequest', $data)) {
$msg = $data['SAMLRequest'];
} elseif (array_key_exists('SAMLResponse', $data)) {
$msg = $data['SAMLResponse'];
} else {
throw new Exception('Missing SAMLRequest or SAMLResponse parameter.');
}
if (array_key_exists('SAMLEncoding', $data)) {
$encoding = $data['SAMLEncoding'];
} else {
$encoding = self::DEFLATE;
}
$msg = base64_decode($msg);
switch ($encoding) {
case self::DEFLATE:
$msg = gzinflate($msg);
break;
default:
throw new Exception('Unknown SAMLEncoding: ' . var_export($encoding, TRUE));
}
SimpleSAML_Utilities::debugMessage($msg, 'in');
$document = new DOMDocument();
$document->loadXML($msg);
$xml = $document->firstChild;
$msg = SAML2_Message::fromXML($xml);
if (array_key_exists('Signature', $data)) {
/* Save the signature validation data until we need it. */
$signatureValidationData = array(
'Signature' => $data['Signature'],
'Query' => $data['SignedQuery'],
);
}
if (array_key_exists('RelayState', $data)) {
$msg->setRelayState($data['RelayState']);
}
if (array_key_exists('Signature', $data)) {
if (!array_key_exists('SigAlg', $data)) {
throw new Exception('Missing signature algorithm.');
}
$signData = array(
'Signature' => $data['Signature'],
'SigAlg' => $data['SigAlg'],
'Query' => $data['SignedQuery'],
);
$msg->addValidator(array(get_class($this), 'validateSignature'), $signData);
}
return $msg;
}
/**
* Helper function to parse query data.
*
* This function returns the query string split into key=>value pairs.
* It also adds a new parameter, SignedQuery, which contains the data that is
* signed.
*
* @return string The query data that is signed.
*/
private static function parseQuery() {
/*
* Parse the query string. We need to do this ourself, so that we get access
* to the raw (urlencoded) values. This is required because different software
* can urlencode to different values.
*/
$data = array();
$relayState = '';
$sigAlg = '';
foreach (explode('&', $_SERVER['QUERY_STRING']) as $e) {
list($name, $value) = explode('=', $e, 2);
$name = urldecode($name);
$data[$name] = urldecode($value);
switch ($name) {
case 'SAMLRequest':
case 'SAMLResponse':
$sigQuery = $name . '=' . $value;
break;
case 'RelayState':
$relayState = '&RelayState=' . $value;
break;
case 'SigAlg':
$sigAlg = '&SigAlg=' . $value;
break;
}
}
$data['SignedQuery'] = $sigQuery . $relayState . $sigAlg;
return $data;
}
/**
* Validate the signature on a HTTP-Redirect message.
*
* Throws an exception if we are unable to validate the signature.
*
* @param array $data The data we need to validate the query string.
* @param XMLSecurityKey $key The key we should validate the query against.
*/
public static function validateSignature(array $data, XMLSecurityKey $key) {
assert('array_key_exists("Query", $data)');
assert('array_key_exists("SigAlg", $data)');
assert('array_key_exists("Signature", $data)');
$query = $data['Query'];
$sigAlg = $data['SigAlg'];
$signature = $data['Signature'];
$signature = base64_decode($signature);
switch ($sigAlg) {
case XMLSecurityKey::RSA_SHA1:
if ($key->type !== XMLSecurityKey::RSA_SHA1) {
throw new Exception('Invalid key type for validating signature on query string.');
}
if (!$key->verifySignature($query,$signature)) {
throw new Exception('Unable to validate signature on query string.');
}
break;
default:
throw new Exception('Unknown signature algorithm: ' . var_export($sigAlg, TRUE));
}
}
}
?>

View File

@ -1,282 +0,0 @@
<?php
/**
* Class for SAML 2 logout request messages.
*
* @package simpleSAMLphp
* @version $Id$
*/
class SAML2_LogoutRequest extends SAML2_Request {
/**
* The expiration time of this request.
*
* @var int|NULL
*/
private $notOnOrAfter;
/**
* The encrypted NameID in the request.
*
* If this is not NULL, the NameID needs decryption before it can be accessed.
*
* @var DOMElement|NULL
*/
private $encryptedNameId;
/**
* The name identifier of the session that should be terminated.
*
* @var array
*/
private $nameId;
/**
* The SessionIndexes of the sessions that should be terminated.
*
* @var array
*/
private $sessionIndexes;
/**
* Constructor for SAML 2 logout request messages.
*
* @param DOMElement|NULL $xml The input message.
*/
public function __construct(DOMElement $xml = NULL) {
parent::__construct('LogoutRequest', $xml);
$this->sessionIndexes = array();
if ($xml === NULL) {
return;
}
if ($xml->hasAttribute('NotOnOrAfter')) {
$this->notOnOrAfter = SimpleSAML_Utilities::parseSAML2Time($xml->getAttribute('NotOnOrAfter'));
}
$nameId = SAML2_Utils::xpQuery($xml, './saml_assertion:NameID | ./saml_assertion:EncryptedID/xenc:EncryptedData');
if (empty($nameId)) {
throw new Exception('Missing <saml:NameID> or <saml:EncryptedID> in <samlp:LogoutRequest>.');
} elseif (count($nameId) > 1) {
throw new Exception('More than one <saml:NameID> or <saml:EncryptedD> in <samlp:LogoutRequest>.');
}
$nameId = $nameId[0];
if ($nameId->localName === 'EncryptedData') {
/* The NameID element is encrypted. */
$this->encryptedNameId = $nameId;
} else {
$this->nameId = SAML2_Utils::parseNameId($nameId);
}
$sessionIndexes = SAML2_Utils::xpQuery($xml, './saml_protocol:SessionIndex');
foreach ($sessionIndexes as $sessionIndex) {
$this->sessionIndexes[] = trim($sessionIndex->textContent);
}
}
/**
* Retrieve the expiration time of this request.
*
* @return int|NULL The expiration time of this request.
*/
public function getNotOnOrAfter() {
return $this->notOnOrAfter;
}
/**
* Set the expiration time of this request.
*
* @param int|NULL $notOnOrAfter The expiration time of this request.
*/
public function setNotOnOrAfter($notOnOrAfter) {
assert('is_int($notOnOrAfter) || is_null($notOnOrAfter)');
$this->notOnOrAfter = $notOnOrAfter;
}
/**
* Check whether the NameId is encrypted.
*
* @return TRUE if the NameId is encrypted, FALSE if not.
*/
public function isNameIdEncrypted() {
if ($this->encryptedNameId !== NULL) {
return TRUE;
}
return FALSE;
}
/**
* Encrypt the NameID in the LogoutRequest.
*
* @param XMLSecurityKey $key The encryption key.
*/
public function encryptNameId(XMLSecurityKey $key) {
/* First create a XML representation of the NameID. */
$doc = new DOMDocument();
$root = $doc->createElement('root');
$doc->appendChild($root);
SAML2_Utils::addNameId($root, $this->nameId);
$nameId = $root->firstChild;
SimpleSAML_Utilities::debugMessage($nameId, 'encrypt');
/* Encrypt the NameID. */
$enc = new XMLSecEnc();
$enc->setNode($nameId);
$enc->type = XMLSecEnc::Element;
$symmetricKey = new XMLSecurityKey(XMLSecurityKey::AES128_CBC);
$symmetricKey->generateSessionKey();
$enc->encryptKey($key, $symmetricKey);
$this->encryptedNameId = $enc->encryptNode($symmetricKey);
$this->nameId = NULL;
}
/**
* Decrypt the NameID in the LogoutRequest.
*
* @param XMLSecurityKey $key The decryption key.
* @param array $blacklist Blacklisted decryption algorithms.
*/
public function decryptNameId(XMLSecurityKey $key, array $blacklist = array()) {
if ($this->encryptedNameId === NULL) {
/* No NameID to decrypt. */
return;
}
$nameId = SAML2_Utils::decryptElement($this->encryptedNameId, $key, $blacklist);
SimpleSAML_Utilities::debugMessage($nameId, 'decrypt');
$this->nameId = SAML2_Utils::parseNameId($nameId);
$this->encryptedNameId = NULL;
}
/**
* Retrieve the name identifier of the session that should be terminated.
*
* @return array The name identifier of the session that should be terminated.
*/
public function getNameId() {
if ($this->encryptedNameId !== NULL) {
throw new Exception('Attempted to retrieve encrypted NameID without decrypting it first.');
}
return $this->nameId;
}
/**
* Set the name identifier of the session that should be terminated.
*
* The name identifier must be in the format accepted by SAML2_message::buildNameId().
*
* @see SAML2_message::buildNameId()
* @param array $nameId The name identifier of the session that should be terminated.
*/
public function setNameId($nameId) {
assert('is_array($nameId)');
$this->nameId = $nameId;
}
/**
* Retrieve the SessionIndexes of the sessions that should be terminated.
*
* @return array The SessionIndexes, or an empty array if all sessions should be terminated.
*/
public function getSessionIndexes() {
return $this->sessionIndexes;
}
/**
* Set the SessionIndexes of the sessions that should be terminated.
*
* @param array $sessionIndexes The SessionIndexes, or an empty array if all sessions should be terminated.
*/
public function setSessionIndexes(array $sessionIndexes) {
$this->sessionIndexes = $sessionIndexes;
}
/**
* Retrieve the sesion index of the session that should be terminated.
*
* @return string|NULL The sesion index of the session that should be terminated.
*/
public function getSessionIndex() {
if (empty($this->sessionIndexes)) {
return NULL;
}
return $this->sessionIndexes[0];
}
/**
* Set the sesion index of the session that should be terminated.
*
* @param string|NULL $sessionIndex The sesion index of the session that should be terminated.
*/
public function setSessionIndex($sessionIndex) {
assert('is_string($sessionIndex) || is_null($sessionIndex)');
if (is_null($sessionIndex)) {
$this->sessionIndexes = array();
} else {
$this->sessionIndexes = array($sessionIndex);
}
}
/**
* Convert this logout request message to an XML element.
*
* @return DOMElement This logout request.
*/
public function toUnsignedXML() {
$root = parent::toUnsignedXML();
if ($this->notOnOrAfter !== NULL) {
$root->setAttribute('NotOnOrAfter', gmdate('Y-m-d\TH:i:s\Z', $this->notOnOrAfter));
}
if ($this->encryptedNameId === NULL) {
SAML2_Utils::addNameId($root, $this->nameId);
} else {
$eid = $root->ownerDocument->createElementNS(SAML2_Const::NS_SAML, 'saml:' . 'EncryptedID');
$root->appendChild($eid);
$eid->appendChild($root->ownerDocument->importNode($this->encryptedNameId, TRUE));
}
foreach ($this->sessionIndexes as $sessionIndex) {
SAML2_Utils::addString($root, SAML2_Const::NS_SAMLP, 'SessionIndex', $sessionIndex);
}
return $root;
}
}

View File

@ -1,25 +0,0 @@
<?php
/**
* Class for SAML 2 LogoutResponse messages.
*
* @package simpleSAMLphp
* @version $Id$
*/
class SAML2_LogoutResponse extends SAML2_StatusResponse {
/**
* Constructor for SAML 2 response messages.
*
* @param string $tagName The tag name of the root element.
* @param DOMElement|NULL $xml The input message.
*/
public function __construct(DOMElement $xml = NULL) {
parent::__construct('LogoutResponse', $xml);
/* No new fields added by LogoutResponse. */
}
}
?>

View File

@ -1,484 +0,0 @@
<?php
/**
* Base class for all SAML 2 messages.
*
* Implements what is common between the samlp:RequestAbstractType and
* samlp:StatusResponseType element types.
*
* @package simpleSAMLphp
* @version $Id$
*/
abstract class SAML2_Message implements SAML2_SignedElement {
/**
* The name of the root element of the DOM tree for the message.
*
* Used when creating a DOM tree from the message.
*
* @var string
*/
private $tagName;
/**
* The identifier of this message.
*
* @var string
*/
private $id;
/**
* The issue timestamp of this message, as an UNIX timestamp.
*
* @var int
*/
private $issueInstant;
/**
* The destination URL of this message if it is known.
*
* @var string|NULL
*/
private $destination;
/**
* The entity id of the issuer of this message, or NULL if unknown.
*
* @var string|NULL
*/
private $issuer;
/**
* The RelayState associated with this message.
*
* @var string|NULL
*/
private $relayState;
/**
* The DOMDocument we are currently building.
*
* This variable is used while generating XML from this message. It holds the
* DOMDocument of the XML we are generating.
*
* @var DOMDocument
*/
protected $document;
/**
* The private key we should use to sign the message.
*
* The private key can be NULL, in which case the message is sent unsigned.
*
* @var XMLSecurityKey|NULL
*/
private $signatureKey;
/**
* List of certificates that should be included in the message.
*
* @var array
*/
private $certificates;
/**
* Available methods for validating this message.
*
* @var array
*/
private $validators;
/**
* Initialize a message.
*
* This constructor takes an optional parameter with a DOMElement. If this
* parameter is given, the message will be initialized with data from that
* XML element.
*
* If no XML element is given, the message is initialized with suitable
* default values.
*
* @param string $tagName The tag name of the root element.
* @param DOMElement|NULL $xml The input message.
*/
protected function __construct($tagName, DOMElement $xml = NULL) {
assert('is_string($tagName)');
$this->tagName = $tagName;
$this->id = SimpleSAML_Utilities::generateID();
$this->issueInstant = time();
$this->certificates = array();
$this->validators = array();
if ($xml === NULL) {
return;
}
if (!$xml->hasAttribute('ID')) {
throw new Exception('Missing ID attribute on SAML message.');
}
$this->id = $xml->getAttribute('ID');
if ($xml->getAttribute('Version') !== '2.0') {
/* Currently a very strict check. */
throw new Exception('Unsupported version: ' . $xml->getAttribute('Version'));
}
$this->issueInstant = SimpleSAML_Utilities::parseSAML2Time($xml->getAttribute('IssueInstant'));
if ($xml->hasAttribute('Destination')) {
$this->destination = $xml->getAttribute('Destination');
}
$issuer = SAML2_Utils::xpQuery($xml, './saml_assertion:Issuer');
if (!empty($issuer)) {
$this->issuer = trim($issuer[0]->textContent);
}
/* Validate the signature element of the message. */
try {
$sig = SAML2_Utils::validateElement($xml);
if ($sig !== FALSE) {
$this->certificates = $sig['Certificates'];
$this->validators[] = array(
'Function' => array('SAML2_Utils', 'validateSignature'),
'Data' => $sig,
);
}
} catch (Exception $e) {
/* Ignore signature validation errors. */
}
}
/**
* Add a method for validating this message.
*
* This function is used by the HTTP-Redirect binding, to make it possible to
* check the signature against the one included in the query string.
*
* @param callback $function The function which should be called.
* @param mixed $data The data that should be included as the first parameter to the function.
*/
public function addValidator($function, $data) {
assert('is_callable($function)');
$this->validators[] = array(
'Function' => $function,
'Data' => $data,
);
}
/**
* Validate this message against a public key.
*
* TRUE is returned on success, FALSE is returned if we don't have any
* signature we can validate. An exception is thrown if the signature
* validation fails.
*
* @param XMLSecurityKey $key The key we should check against.
* @return boolean TRUE on success, FALSE when we don't have a signature.
*/
public function validate(XMLSecurityKey $key) {
if (count($this->validators) === 0) {
return FALSE;
}
$exceptions = array();
foreach ($this->validators as $validator) {
$function = $validator['Function'];
$data = $validator['Data'];
try {
call_user_func($function, $data, $key);
/* We were able to validate the message with this validator. */
return TRUE;
} catch (Exception $e) {
$exceptions[] = $e;
}
}
/* No validators were able to validate the message. */
throw $exceptions[0];
}
/**
* Retrieve the identifier of this message.
*
* @return string The identifier of this message.
*/
public function getId() {
return $this->id;
}
/**
* Set the identifier of this message.
*
* @param string $id The new identifier of this message.
*/
public function setId($id) {
assert('is_string($id)');
$this->id = $id;
}
/**
* Retrieve the issue timestamp of this message.
*
* @return int The issue timestamp of this message, as an UNIX timestamp.
*/
public function getIssueInstant() {
return $this->issueInstant;
}
/**
* Set the issue timestamp of this message.
*
* @param int $issueInstant The new issue timestamp of this message, as an UNIX timestamp.
*/
public function setIssueInstant($issueInstant) {
assert('is_int($issueInstant)');
$this->issueInstant = $issueInstant;
}
/**
* Retrieve the destination of this message.
*
* @return string|NULL The destination of this message, or NULL if no destination is given.
*/
public function getDestination() {
return $this->destination;
}
/**
* Set the destination of this message.
*
* @param string|NULL $destination The new destination of this message.
*/
public function setDestination($destination) {
assert('is_string($destination) || is_null($destination)');
$this->destination = $destination;
}
/**
* Retrieve the issuer if this message.
*
* @return string|NULL The issuer of this message, or NULL if no issuer is given.
*/
public function getIssuer() {
return $this->issuer;
}
/**
* Set the issuer of this message.
*
* @param string|NULL $issuer The new issuer of this message.
*/
public function setIssuer($issuer) {
assert('is_string($issuer) || is_null($issuer)');
$this->issuer = $issuer;
}
/**
* Retrieve the RelayState associated with this message.
*
* @return string|NULL The RelayState, or NULL if no RelayState is given.
*/
public function getRelayState() {
return $this->relayState;
}
/**
* Set the RelayState associated with this message.
*
* @param string|NULL $relayState The new RelayState.
*/
public function setRelayState($relayState) {
assert('is_string($relayState) || is_null($relayState)');
$this->relayState = $relayState;
}
/**
* Convert this message to an unsigned XML document.
*
* This method does not sign the resulting XML document.
*
* @return DOMElement The root element of the DOM tree.
*/
public function toUnsignedXML() {
$this->document = new DOMDocument();
$root = $this->document->createElementNS(SAML2_Const::NS_SAMLP, 'samlp:' . $this->tagName);
$this->document->appendChild($root);
/* Ugly hack to add another namespace declaration to the root element. */
$root->setAttributeNS(SAML2_Const::NS_SAML, 'saml:tmp', 'tmp');
$root->removeAttributeNS(SAML2_Const::NS_SAML, 'tmp');
$root->setAttribute('ID', $this->id);
$root->setAttribute('Version', '2.0');
$root->setAttribute('IssueInstant', gmdate('Y-m-d\TH:i:s\Z', $this->issueInstant));
if ($this->destination !== NULL) {
$root->setAttribute('Destination', $this->destination);
}
if ($this->issuer !== NULL) {
SAML2_Utils::addString($root, SAML2_Const::NS_SAML, 'saml:Issuer', $this->issuer);
}
return $root;
}
/**
* Convert this message to a signed XML document.
*
* This method sign the resulting XML document if the private key for
* the signature is set.
*
* @return DOMElement The root element of the DOM tree.
*/
public function toSignedXML() {
$root = $this->toUnsignedXML();
if ($this->signatureKey === NULL) {
/* We don't have a key to sign it with. */
return $root;
}
/* Find the position we should insert the signature node at. */
if ($this->issuer !== NULL) {
/*
* We have an issuer node. The signature node should come
* after the issuer node.
*/
$issuerNode = $root->firstChild;
$insertBefore = $issuerNode->nextSibling;
} else {
/* No issuer node - the signature element should be the first element. */
$insertBefore = $root->firstChild;
}
SAML2_Utils::insertSignature($this->signatureKey, $this->certificates, $root, $insertBefore);
return $root;
}
/**
* Retrieve the private key we should use to sign the message.
*
* @return XMLSecurityKey|NULL The key, or NULL if no key is specified.
*/
public function getSignatureKey() {
return $this->signatureKey;
}
/**
* Set the private key we should use to sign the message.
*
* If the key is NULL, the message will be sent unsigned.
*
* @param XMLSecurityKey|NULL $key
*/
public function setSignatureKey(XMLsecurityKey $signatureKey = NULL) {
$this->signatureKey = $signatureKey;
}
/**
* Set the certificates that should be included in the message.
*
* The certificates should be strings with the PEM encoded data.
*
* @param array $certificates An array of certificates.
*/
public function setCertificates(array $certificates) {
$this->certificates = $certificates;
}
/**
* Retrieve the certificates that are included in the message.
*
* @return array An array of certificates.
*/
public function getCertificates() {
return $this->certificates;
}
/**
* Convert an XML element into a message.
*
* @param DOMElement $xml The root XML element.
* @return SAML2_Message The message.
*/
public static function fromXML(DOMElement $xml) {
if ($xml->namespaceURI !== SAML2_Const::NS_SAMLP) {
throw new Exception('Unknown namespace of SAML message: ' . var_export($xml->namespaceURI, TRUE));
}
switch ($xml->localName) {
case 'AttributeQuery':
return new SAML2_AttributeQuery($xml);
case 'AuthnRequest':
return new SAML2_AuthnRequest($xml);
case 'LogoutResponse':
return new SAML2_LogoutResponse($xml);
case 'LogoutRequest':
return new SAML2_LogoutRequest($xml);
case 'Response':
return new SAML2_Response($xml);
case 'ArtifactResponse':
return new SAML2_ArtifactResponse($xml);
case 'ArtifactResolve':
return new SAML2_ArtifactResolve($xml);
default:
throw new Exception('Unknown SAML message: ' . var_export($xml->localName, TRUE));
}
}
}
?>

View File

@ -1,84 +0,0 @@
<?php
/**
* Class for SAML 2 Response messages.
*
* @package simpleSAMLphp
* @version $Id$
*/
class SAML2_Response extends SAML2_StatusResponse {
/**
* The assertions in this response.
*/
private $assertions;
/**
* Constructor for SAML 2 response messages.
*
* @param DOMElement|NULL $xml The input message.
*/
public function __construct(DOMElement $xml = NULL) {
parent::__construct('Response', $xml);
$this->assertions = array();
if ($xml === NULL) {
return;
}
for ($node = $xml->firstChild; $node !== NULL; $node = $node->nextSibling) {
if ($node->namespaceURI !== SAML2_Const::NS_SAML) {
continue;
}
if ($node->localName === 'Assertion') {
$this->assertions[] = new SAML2_Assertion($node);
} elseif($node->localName === 'EncryptedAssertion') {
$this->assertions[] = new SAML2_EncryptedAssertion($node);
}
}
}
/**
* Retrieve the assertions in this response.
*
* @return array Array of SAML2_Assertion and SAML2_EncryptedAssertion objects.
*/
public function getAssertions() {
return $this->assertions;
}
/**
* Set the assertions that should be included in this response.
*
* @param array The assertions.
*/
public function setAssertions(array $assertions) {
$this->assertions = $assertions;
}
/**
* Convert the response message to an XML element.
*
* @return DOMElement This response.
*/
public function toUnsignedXML() {
$root = parent::toUnsignedXML();
foreach ($this->assertions as $assertion) {
$node = $assertion->toXML($root);
}
return $root;
}
}
?>

View File

@ -1,57 +0,0 @@
<?php
/**
* Class which implements the SOAP binding.
*
* @package simpleSAMLphp
* @version $Id$
*/
class SAML2_SOAP extends SAML2_Binding {
/**
* Send a SAML 2 message using the SOAP binding.
*
* Note: This function never returns.
*
* @param SAML2_Message $message The message we should send.
*/
public function send(SAML2_Message $message) {
header('Content-Type: text/xml',true);
$outputFromIdp = '<?xml version="1.0" encoding="UTF-8"?>';
$outputFromIdp .= '<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">';
$outputFromIdp .= '<SOAP-ENV:Body>';
$xmlMessage = $message->toSignedXML();
SimpleSAML_Utilities::debugMessage($xmlMessage, 'out');
$tempOutputFromIdp = $xmlMessage->ownerDocument->saveXML($xmlMessage);
$outputFromIdp .= $tempOutputFromIdp;
$outputFromIdp .= '</SOAP-ENV:Body>';
$outputFromIdp .= '</SOAP-ENV:Envelope>';
print($outputFromIdp);
exit(0);
}
/**
* Receive a SAML 2 message sent using the HTTP-POST binding.
*
* Throws an exception if it is unable receive the message.
*
* @return SAML2_Message The received message.
*/
public function receive() {
$postText = file_get_contents('php://input');
if(empty($postText)){
throw new SimpleSAML_Error_BadRequest('Invalid message received to AssertionConsumerService endpoint.');
}
$document = new DOMDocument();
$document->loadXML($postText);
$xml = $document->firstChild;
SimpleSAML_Utilities::debugMessage($xml, 'in');
$results = SAML2_Utils::xpQuery($xml, '/soap-env:Envelope/soap-env:Body/*[1]');
return SAML2_Message::fromXML($results[0]);
}
}

View File

@ -1,223 +0,0 @@
<?php
/**
* Implementation of the SAML 2.0 SOAP binding.
*
* @author Shoaib Ali
* @package simpleSAMLphp
* @version $Id$
*/
class SAML2_SOAPClient {
const START_SOAP_ENVELOPE = '<soap-env:Envelope xmlns:soap-env="http://schemas.xmlsoap.org/soap/envelope/"><soap-env:Header/><soap-env:Body>';
const END_SOAP_ENVELOPE = '</soap-env:Body></soap-env:Envelope>';
/**
* This function sends the SOAP message to the service location and returns SOAP response
*
* @param SAML2_Message $m The request that should be sent.
* @param SimpleSAML_Configuration $srcMetadata The metadata of the issuer of the message.
* @param SimpleSAML_Configuration $dstMetadata The metadata of the destination of the message.
* @return SAML2_Message The response we received.
*/
public function send(SAML2_Message $msg, SimpleSAML_Configuration $srcMetadata, SimpleSAML_Configuration $dstMetadata = NULL) {
$issuer = $msg->getIssuer();
$ctxOpts = array(
'ssl' => array(
'capture_peer_cert' => TRUE,
),
);
// Determine if we are going to do a MutualSSL connection between the IdP and SP - Shoaib
if ($srcMetadata->hasValue('saml.SOAPClient.certificate')) {
$cert = $srcMetadata->getValue('saml.SOAPClient.certificate');
if ($cert !== FALSE) {
$ctxOpts['ssl']['local_cert'] = SimpleSAML_Utilities::resolveCert($srcMetadata->getString('saml.SOAPClient.certificate'));
if ($srcMetadata->hasValue('saml.SOAPClient.privatekey_pass')) {
$ctxOpts['ssl']['passphrase'] = $srcMetadata->getString('saml.SOAPClient.privatekey_pass');
}
}
} else {
/* Use the SP certificate and privatekey if it is configured. */
$privateKey = SimpleSAML_Utilities::loadPrivateKey($srcMetadata);
$publicKey = SimpleSAML_Utilities::loadPublicKey($srcMetadata);
if ($privateKey !== NULL && $publicKey !== NULL && isset($publicKey['PEM'])) {
$keyCertData = $privateKey['PEM'] . $publicKey['PEM'];
$file = SimpleSAML_Utilities::getTempDir() . '/' . sha1($keyCertData) . '.pem';
if (!file_exists($file)) {
SimpleSAML_Utilities::writeFile($file, $keyCertData);
}
$ctxOpts['ssl']['local_cert'] = $file;
if (isset($privateKey['password'])) {
$ctxOpts['ssl']['passphrase'] = $privateKey['password'];
}
}
}
// do peer certificate verification
if ($dstMetadata !== NULL) {
$peerPublicKeys = $dstMetadata->getPublicKeys('signing', TRUE);
$certData = '';
foreach ($peerPublicKeys as $key) {
if ($key['type'] !== 'X509Certificate') {
continue;
}
$certData .= "-----BEGIN CERTIFICATE-----\n" .
chunk_split($key['X509Certificate'], 64) .
"-----END CERTIFICATE-----\n";
}
$peerCertFile = SimpleSAML_Utilities::getTempDir() . '/' . sha1($certData) . '.pem';
if (!file_exists($peerCertFile)) {
SimpleSAML_Utilities::writeFile($peerCertFile, $certData);
}
// create ssl context
$ctxOpts['ssl']['verify_peer'] = TRUE;
$ctxOpts['ssl']['verify_depth'] = 1;
$ctxOpts['ssl']['cafile'] = $peerCertFile;
}
$context = stream_context_create($ctxOpts);
if ($context === NULL) {
throw new Exception('Unable to create SSL stream context');
}
$options = array(
'uri' => $issuer,
'location' => $msg->getDestination(),
'stream_context' => $context,
);
$x = new SoapClient(NULL, $options);
// Add soap-envelopes
$request = $msg->toSignedXML();
$request = self::START_SOAP_ENVELOPE . $request->ownerDocument->saveXML($request) . self::END_SOAP_ENVELOPE;
SimpleSAML_Utilities::debugMessage($request, 'out');
$action = 'http://www.oasis-open.org/committees/security';
$version = '1.1';
$destination = $msg->getDestination();
/* Perform SOAP Request over HTTP */
$soapresponsexml = $x->__doRequest($request, $destination, $action, $version);
if ($soapresponsexml === NULL || $soapresponsexml === "") {
throw new Exception('Empty SOAP response, check peer certificate.');
}
SimpleSAML_Utilities::debugMessage($soapresponsexml, 'in');
// Convert to SAML2_Message (DOMElement)
$dom = new DOMDocument();
if (!$dom->loadXML($soapresponsexml)) {
throw new Exception('Not a SOAP response.');
}
$soapfault = $this->getSOAPFault($dom);
if (isset($soapfault)) {
throw new Exception($soapfault);
}
//Extract the message from the response
$xml = $dom->firstChild; /* Soap Envelope */
$samlresponse = SAML2_Utils::xpQuery($dom->firstChild, '/soap-env:Envelope/soap-env:Body/*[1]');
$samlresponse = SAML2_Message::fromXML($samlresponse[0]);
/* Add validator to message which uses the SSL context. */
self::addSSLValidator($samlresponse, $context);
SimpleSAML_Logger::debug("Valid ArtifactResponse received from IdP");
return $samlresponse;
}
/**
* Add a signature validator based on a SSL context.
*
* @param SAML2_Message $msg The message we should add a validator to.
* @param resource $context The stream context.
*/
private static function addSSLValidator(SAML2_Message $msg, $context) {
$options = stream_context_get_options($context);
if (!isset($options['ssl']['peer_certificate'])) {
return;
}
//$out = '';
//openssl_x509_export($options['ssl']['peer_certificate'], $out);
$key = openssl_pkey_get_public($options['ssl']['peer_certificate']);
if ($key === FALSE) {
SimpleSAML_Logger::warning('Unable to get public key from peer certificate.');
return;
}
$keyInfo = openssl_pkey_get_details($key);
if ($keyInfo === FALSE) {
SimpleSAML_Logger::warning('Unable to get key details from public key.');
return;
}
if (!isset($keyInfo['key'])) {
SimpleSAML_Logger::warning('Missing key in public key details.');
return;
}
$msg->addValidator(array('SAML2_SOAPClient', 'validateSSL'), $keyInfo['key']);
}
/**
* Validate a SOAP message against the certificate on the SSL connection.
*
* @param string $data The public key that was used on the connection.
* @param XMLSecurityKey $key The key we should validate the certificate against.
*/
public static function validateSSL($data, XMLSecurityKey $key) {
assert('is_string($data)');
$keyInfo = openssl_pkey_get_details($key->key);
if ($keyInfo === FALSE) {
throw new Exception('Unable to get key details from XMLSecurityKey.');
}
if (!isset($keyInfo['key'])) {
throw new Exception('Missing key in public key details.');
}
if ($keyInfo['key'] !== $data) {
SimpleSAML_Logger::debug('Key on SSL connection did not match key we validated against.');
return FALSE;
}
SimpleSAML_Logger::debug('Message validated based on SSL certificate.');
}
/*
* Extracts the SOAP Fault from SOAP message
* @param $soapmessage Soap response needs to be type DOMDocument
* @return $soapfaultstring string|NULL
*/
private function getSOAPFault($soapmessage) {
$soapfault = SAML2_Utils::xpQuery($soapmessage->firstChild, '/soap-env:Envelope/soap-env:Body/soap-env:Fault');
if (empty($soapfault)) {
/* No fault. */
return NULL;
}
$soapfaultelement = $soapfault[0];
$soapfaultstring = "Unknown fault string found"; // There is a fault element but we havn't found out what the fault string is
// find out the fault string
$faultstringelement = SAML2_Utils::xpQuery($soapfaultelement, './soap-env:faultstring') ;
if (!empty($faultstringelement)) {
return $faultstringelement[0]->textContent;
}
return $soapfaultstring;
}
}

View File

@ -1,58 +0,0 @@
<?php
/**
* Interface to a SAML 2 element which may be signed.
*
* @package simpleSAMLphp
* @version $Id$
*/
interface SAML2_SignedElement {
/**
* Validate this element against a public key.
*
* If no signature is present, FALSE is returned. If a signature is present,
* but cannot be verified, an exception will be thrown.
*
* @param XMLSecurityKey $key The key we should check against.
* @return boolean TRUE if successful, FALSE if we don't have a signature that can be verified.
*/
public function validate(XMLSecurityKey $key);
/**
* Set the certificates that should be included in the element.
*
* The certificates should be strings with the PEM encoded data.
*
* @param array $certificates An array of certificates.
*/
public function setCertificates(array $certificates);
/**
* Retrieve the certificates that are included in the element (if any).
*
* @return array An array of certificates.
*/
public function getCertificates();
/**
* Retrieve the private key we should use to sign the element.
*
* @return XMLSecurityKey|NULL The key, or NULL if no key is specified.
*/
public function getSignatureKey();
/**
* Set the private key we should use to sign the element.
*
* If the key is NULL, the message will be sent unsigned.
*
* @param XMLSecurityKey|NULL $key
*/
public function setSignatureKey(XMLsecurityKey $signatureKey = NULL);
}

View File

@ -1,220 +0,0 @@
<?php
/**
* Helper class for processing signed elements.
*
* Can either be inherited from, or can be used by proxy.
*
* @package simpleSAMLphp
* @version $Id$
*/
class SAML2_SignedElementHelper implements SAML2_SignedElement {
/**
* The private key we should use to sign the message.
*
* The private key can be NULL, in which case the message is sent unsigned.
*
* @var XMLSecurityKey|NULL
*/
private $signatureKey;
/**
* List of certificates that should be included in the message.
*
* @var array
*/
private $certificates;
/**
* Available methods for validating this message.
*
* @var array
*/
private $validators;
/**
* Initialize the helper class.
*
* @param DOMElement|NULL $xml The XML element which may be signed.
*/
protected function __construct(DOMElement $xml = NULL) {
$this->certificates = array();
$this->validators = array();
if ($xml === NULL) {
return;
}
/* Validate the signature element of the message. */
try {
$sig = SAML2_Utils::validateElement($xml);
if ($sig !== FALSE) {
$this->certificates = $sig['Certificates'];
$this->validators[] = array(
'Function' => array('SAML2_Utils', 'validateSignature'),
'Data' => $sig,
);
}
} catch (Exception $e) {
/* Ignore signature validation errors. */
}
}
/**
* Add a method for validating this element.
*
* This function is used for custom validation extensions
*
* @param callback $function The function which should be called.
* @param mixed $data The data that should be included as the first parameter to the function.
*/
public function addValidator($function, $data) {
assert('is_callable($function)');
$this->validators[] = array(
'Function' => $function,
'Data' => $data,
);
}
/**
* Validate this element against a public key.
*
* TRUE is returned on success, FALSE is returned if we don't have any
* signature we can validate. An exception is thrown if the signature
* validation fails.
*
* @param XMLSecurityKey $key The key we should check against.
* @return boolean TRUE on success, FALSE when we don't have a signature.
*/
public function validate(XMLSecurityKey $key) {
if (count($this->validators) === 0) {
return FALSE;
}
$exceptions = array();
foreach ($this->validators as $validator) {
$function = $validator['Function'];
$data = $validator['Data'];
try {
call_user_func($function, $data, $key);
/* We were able to validate the message with this validator. */
return TRUE;
} catch (Exception $e) {
$exceptions[] = $e;
}
}
/* No validators were able to validate the message. */
throw $exceptions[0];
}
/**
* Retrieve the private key we should use to sign the message.
*
* @return XMLSecurityKey|NULL The key, or NULL if no key is specified.
*/
public function getSignatureKey() {
return $this->signatureKey;
}
/**
* Set the private key we should use to sign the message.
*
* If the key is NULL, the message will be sent unsigned.
*
* @param XMLSecurityKey|NULL $key
*/
public function setSignatureKey(XMLsecurityKey $signatureKey = NULL) {
$this->signatureKey = $signatureKey;
}
/**
* Set the certificates that should be included in the message.
*
* The certificates should be strings with the PEM encoded data.
*
* @param array $certificates An array of certificates.
*/
public function setCertificates(array $certificates) {
$this->certificates = $certificates;
}
/**
* Retrieve the certificates that are included in the message.
*
* @return array An array of certificates.
*/
public function getCertificates() {
return $this->certificates;
}
/**
* Retrieve certificates that sign this element.
*
* @return array Array with certificates.
*/
public function getValidatingCertificates() {
$ret = array();
foreach ($this->certificates as $cert) {
/* We have found a matching fingerprint. */
$pemCert = "-----BEGIN CERTIFICATE-----\n" .
chunk_split($cert, 64) .
"-----END CERTIFICATE-----\n";
/* Extract the public key from the certificate for validation. */
$key = new XMLSecurityKey(XMLSecurityKey::RSA_SHA1, array('type'=>'public'));
$key->loadKey($pemCert);
try {
/* Check the signature. */
if ($this->validate($key)) {
$ret[] = $cert;
}
} catch (Exception $e) {
/* This certificate does not sign this element. */
}
}
return $ret;
}
/**
* Sign the given XML element.
*
* @param DOMElement $root The element we should sign.
* @param DOMElement|NULL $insertBefore The element we should insert the signature node before.
*/
protected function signElement(DOMElement $root, DOMElement $insertBefore = NULL) {
if ($this->signatureKey === NULL) {
/* We cannot sign this element. */
return;
}
SAML2_Utils::insertSignature($this->signatureKey, $this->certificates, $root, $insertBefore);
return $root;
}
}

View File

@ -1,193 +0,0 @@
<?php
/**
* Base class for all SAML 2 response messages.
*
* Implements samlp:StatusResponseType. All of the elements in that type is
* stored in the SAML2_Message class, and this class is therefore more
* or less empty. It is included mainly to make it easy to separate requests from
* responses.
*
* The status code is represented as an array on the following form:
* array(
* 'Code' => '<top-level status code>',
* 'SubCode' => '<second-level status code>',
* 'Message' => '<status message>',
* )
*
* Only the 'Code' field is required. The others will be set to NULL if they
* aren't present.
*
* @package simpleSAMLphp
* @version $Id$
*/
abstract class SAML2_StatusResponse extends SAML2_Message {
/**
* The ID of the request this is a response to, or NULL if this is an unsolicited response.
*
* @var string|NULL
*/
private $inResponseTo;
/**
* The status code of the response.
*
* @var array
*/
private $status;
/**
* Constructor for SAML 2 response messages.
*
* @param string $tagName The tag name of the root element.
* @param DOMElement|NULL $xml The input message.
*/
protected function __construct($tagName, DOMElement $xml = NULL) {
parent::__construct($tagName, $xml);
$this->status = array(
'Code' => SAML2_Const::STATUS_SUCCESS,
'SubCode' => NULL,
'Message' => NULL,
);
if ($xml === NULL) {
return;
}
if ($xml->hasAttribute('InResponseTo')) {
$this->inResponseTo = $xml->getAttribute('InResponseTo');
}
$status = SAML2_Utils::xpQuery($xml, './saml_protocol:Status');
if (empty($status)) {
throw new Exception('Missing status code on response.');
}
$status = $status[0];
$statusCode = SAML2_Utils::xpQuery($status, './saml_protocol:StatusCode');
if (empty($statusCode)) {
throw new Exception('Missing status code in status element.');
}
$statusCode = $statusCode[0];
$this->status['Code'] = $statusCode->getAttribute('Value');
$subCode = SAML2_Utils::xpQuery($statusCode, './saml_protocol:StatusCode');
if (!empty($subCode)) {
$this->status['SubCode'] = $subCode[0]->getAttribute('Value');
}
$message = SAML2_Utils::xpQuery($status, './saml_protocol:StatusMessage');
if (!empty($message)) {
$this->status['Message'] = trim($message[0]->textContent);
}
}
/**
* Determine whether this is a successful response.
*
* @return boolean TRUE if the status code is success, FALSE if not.
*/
public function isSuccess() {
assert('array_key_exists("Code", $this->status)');
if ($this->status['Code'] === SAML2_Const::STATUS_SUCCESS) {
return TRUE;
}
return FALSE;
}
/**
* Retrieve the ID of the request this is a response to.
*
* @return string|NULL The ID of the request.
*/
public function getInResponseTo() {
return $this->inResponseTo;
}
/**
* Set the ID of the request this is a response to.
*
* @param string|NULL $inResponseTo The ID of the request.
*/
public function setInResponseTo($inResponseTo) {
assert('is_string($inResponseTo) || is_null($inResponseTo)');
$this->inResponseTo = $inResponseTo;
}
/**
* Retrieve the status code.
*
* @return array The status code.
*/
public function getStatus() {
return $this->status;
}
/**
* Set the status code.
*
* @param array $status The status code.
*/
public function setStatus(array $status) {
assert('array_key_exists("Code", $status)');
$this->status = $status;
if (!array_key_exists('SubCode', $status)) {
$this->status['SubCode'] = NULL;
}
if (!array_key_exists('Message', $status)) {
$this->status['Message'] = NULL;
}
}
/**
* Convert status response message to an XML element.
*
* @return DOMElement This status response.
*/
public function toUnsignedXML() {
$root = parent::toUnsignedXML();
if ($this->inResponseTo !== NULL) {
$root->setAttribute('InResponseTo', $this->inResponseTo);
}
$status = $this->document->createElementNS(SAML2_Const::NS_SAMLP, 'Status');
$root->appendChild($status);
$statusCode = $this->document->createElementNS(SAML2_Const::NS_SAMLP, 'StatusCode');
$statusCode->setAttribute('Value', $this->status['Code']);
$status->appendChild($statusCode);
if (!is_null($this->status['SubCode'])) {
$subStatusCode = $this->document->createElementNS(SAML2_Const::NS_SAMLP, 'StatusCode');
$subStatusCode->setAttribute('Value', $this->status['SubCode']);
$statusCode->appendChild($subStatusCode);
}
if (!is_null($this->status['Message'])) {
SAML2_Utils::addString($status, SAML2_Const::NS_SAMLP, 'StatusMessage', $this->status['Message']);
}
return $root;
}
}
?>

View File

@ -1,116 +0,0 @@
<?php
/**
* Base class for SAML 2 subject query messages.
*
* This base class can be used for various requests which ask for
* information about a particular subject.
*
* Note that this class currently only handles the simple case - where the
* subject doesn't contain any sort of subject confirmation requirements.
*
* @package simpleSAMLphp
* @version $Id$
*/
abstract class SAML2_SubjectQuery extends SAML2_Request {
/**
* The NameId of the subject in the query.
*
* @var array
*/
private $nameId;
/**
* Constructor for SAML 2 subject query messages.
*
* @param string $tagName The tag name of the root element.
* @param DOMElement|NULL $xml The input message.
*/
protected function __construct($tagName, DOMElement $xml = NULL) {
parent::__construct($tagName, $xml);
$nameId = array();
if ($xml === NULL) {
return;
}
$this->parseSubject($xml);
}
/**
* Parse subject in query.
*
* @param DOMElement $xml The SubjectQuery XML element.
*/
private function parseSubject(DOMElement $xml) {
$subject = SAML2_Utils::xpQuery($xml, './saml_assertion:Subject');
if (empty($subject)) {
/* No Subject node. */
throw new Exception('Missing subject in subject query.');
} elseif (count($subject) > 1) {
throw new Exception('More than one <saml:Subject> in <saml:Assertion>.');
}
$subject = $subject[0];
$nameId = SAML2_Utils::xpQuery($subject, './saml_assertion:NameID');
if (empty($nameId)) {
throw new Exception('Missing <saml:NameID> in <saml:Subject>.');
} elseif (count($nameId) > 1) {
throw new Exception('More than one <saml:NameID> in <saml:Subject>.');
}
$nameId = $nameId[0];
$this->nameId = SAML2_Utils::parseNameId($nameId);
}
/**
* Retrieve the NameId of the subject in the query.
*
* The returned NameId is in the format used by SAML2_Utils::addNameId().
*
* @see SAML2_Utils::addNameId()
* @return array|NULL The name identifier of the assertion.
*/
public function getNameId() {
return $this->nameId;
}
/**
* Set the NameId of the subject in the query.
*
* The NameId must be in the format accepted by SAML2_Utils::addNameId().
*
* @see SAML2_Utils::addNameId()
* @param array|NULL $nameId The name identifier of the assertion.
*/
public function setNameId($nameId) {
assert('is_array($nameId) || is_null($nameId)');
$this->nameId = $nameId;
}
/**
* Convert subject query message to an XML element.
*
* @return DOMElement This subject query.
*/
public function toUnsignedXML() {
$root = parent::toUnsignedXML();
$subject = $root->ownerDocument->createElementNS(SAML2_Const::NS_SAML, 'saml:Subject');
$root->appendChild($subject);
SAML2_Utils::addNameId($subject, $this->nameId);
return $root;
}
}

View File

@ -1,620 +0,0 @@
<?php
/**
* Helper functions for the SAML2 library.
*
* @package simpleSAMLphp
* @version $Id$
*/
class SAML2_Utils {
/**
* Check the Signature in a XML element.
*
* This function expects the XML element to contain a Signature-element
* which contains a reference to the XML-element. This is common for both
* messages and assertions.
*
* Note that this function only validates the element itself. It does not
* check this against any local keys.
*
* If no Signature-element is located, this function will return FALSE. All
* other validation errors result in an exception. On successful validation
* an array will be returned. This array contains the information required to
* check the signature against a public key.
*
* @param DOMElement $root The element which should be validated.
* @return array|FALSE An array with information about the Signature-element.
*/
public static function validateElement(DOMElement $root) {
/* Create an XML security object. */
$objXMLSecDSig = new XMLSecurityDSig();
/* Both SAML messages and SAML assertions use the 'ID' attribute. */
$objXMLSecDSig->idKeys[] = 'ID';
/* Locate the XMLDSig Signature element to be used. */
$signatureElement = self::xpQuery($root, './ds:Signature');
if (count($signatureElement) === 0) {
/* We don't have a signature element ot validate. */
return FALSE;
} elseif (count($signatureElement) > 1) {
throw new Exception('XMLSec: more than one signature element in root.');
}
$signatureElement = $signatureElement[0];
$objXMLSecDSig->sigNode = $signatureElement;
/* Canonicalize the XMLDSig SignedInfo element in the message. */
$objXMLSecDSig->canonicalizeSignedInfo();
/* Validate referenced xml nodes. */
if (!$objXMLSecDSig->validateReference()) {
throw new Exception('XMLsec: digest validation failed');
}
/* Check that $root is one of the signed nodes. */
$rootSigned = FALSE;
foreach ($objXMLSecDSig->getValidatedNodes() as $signedNode) {
if ($signedNode->isSameNode($root)) {
$rootSigned = TRUE;
break;
} elseif ($root->parentNode instanceof DOMDocument && $signedNode->isSameNode($root->ownerDocument)) {
/* $root is the root element of a signed document. */
$rootSigned = TRUE;
break;
}
}
if (!$rootSigned) {
throw new Exception('XMLSec: The root element is not signed.');
}
/* Now we extract all available X509 certificates in the signature element. */
$certificates = array();
foreach (self::xpQuery($signatureElement, './ds:KeyInfo/ds:X509Data/ds:X509Certificate') as $certNode) {
$certData = trim($certNode->textContent);
$certData = str_replace(array("\r", "\n", "\t", ' '), '', $certData);
$certificates[] = $certData;
}
$ret = array(
'Signature' => $objXMLSecDSig,
'Certificates' => $certificates,
);
return $ret;
}
/**
* Helper function to convert a XMLSecurityKey to the correct algorithm.
*
* @param XMLSecurityKey $key The key.
* @param string $algorithm The desired algorithm.
* @return XMLSecurityKey The new key.
*/
private static function castKey(XMLSecurityKey $key, $algorithm) {
assert('is_string($algorithm)');
$keyInfo = openssl_pkey_get_details($key->key);
if ($keyInfo === FALSE) {
throw new Exception('Unable to get key details from XMLSecurityKey.');
}
if (!isset($keyInfo['key'])) {
throw new Exception('Missing key in public key details.');
}
$newKey = new XMLSecurityKey($algorithm, array('type'=>'public'));
$newKey->loadKey($keyInfo['key']);
return $newKey;
}
/**
* Check a signature against a key.
*
* An exception is thrown if we are unable to validate the signature.
*
* @param array $info The information returned by the validateElement()-function.
* @param XMLSecurityKey $key The publickey that should validate the Signature object.
*/
public static function validateSignature(array $info, XMLSecurityKey $key) {
assert('array_key_exists("Signature", $info)');
$objXMLSecDSig = $info['Signature'];
$sigMethod = self::xpQuery($objXMLSecDSig->sigNode, './ds:SignedInfo/ds:SignatureMethod');
if (empty($sigMethod)) {
throw new Exception('Missing SignatureMethod element.');
}
$sigMethod = $sigMethod[0];
if (!$sigMethod->hasAttribute('Algorithm')) {
throw new Exception('Missing Algorithm-attribute on SignatureMethod element.');
}
$algo = $sigMethod->getAttribute('Algorithm');
if ($key->type === XMLSecurityKey::RSA_SHA1 && $algo === XMLSecurityKey::RSA_SHA256) {
$key = self::castKey($key, XMLSecurityKey::RSA_SHA256);
}
/* Check the signature. */
if (! $objXMLSecDSig->verify($key)) {
throw new Exception("Unable to validate Signature");
}
}
/**
* Do an XPath query on an XML node.
*
* @param DOMNode $node The XML node.
* @param string $query The query.
* @return array Array with matching DOM nodes.
*/
public static function xpQuery(DOMNode $node, $query) {
assert('is_string($query)');
static $xpCache = NULL;
if ($node instanceof DOMDocument) {
$doc = $node;
} else {
$doc = $node->ownerDocument;
}
if ($xpCache === NULL || !$xpCache->document->isSameNode($doc)) {
$xpCache = new DOMXPath($doc);
$xpCache->registerNamespace('soap-env', SAML2_Const::NS_SOAP);
$xpCache->registerNamespace('saml_protocol', SAML2_Const::NS_SAMLP);
$xpCache->registerNamespace('saml_assertion', SAML2_Const::NS_SAML);
$xpCache->registerNamespace('saml_metadata', SAML2_Const::NS_MD);
$xpCache->registerNamespace('ds', XMLSecurityDSig::XMLDSIGNS);
$xpCache->registerNamespace('xenc', XMLSecEnc::XMLENCNS);
}
$results = $xpCache->query($query, $node);
$ret = array();
for ($i = 0; $i < $results->length; $i++) {
$ret[$i] = $results->item($i);
}
return $ret;
}
/**
* Make an exact copy the specific DOMElement.
*
* @param DOMElement $element The element we should copy.
* @param DOMElement|NULL $parent The target parent element.
* @return DOMElement The copied element.
*/
public static function copyElement(DOMElement $element, DOMElement $parent = NULL) {
if ($parent === NULL) {
$document = new DOMDocument();
} else {
$document = $parent->ownerDocument;
}
$namespaces = array();
for ($e = $element; $e !== NULL; $e = $e->parentNode) {
foreach (SAML2_Utils::xpQuery($e, './namespace::*') as $ns) {
$prefix = $ns->localName;
if ($prefix === 'xml' || $prefix === 'xmlns') {
continue;
}
$uri = $ns->nodeValue;
if (!isset($namespaces[$prefix])) {
$namespaces[$prefix] = $uri;
}
}
}
$newElement = $document->importNode($element, TRUE);
if ($parent !== NULL) {
/* We need to append the child to the parent before we add the namespaces. */
$parent->appendChild($newElement);
}
foreach ($namespaces as $prefix => $uri) {
$newElement->setAttributeNS($uri, $prefix . ':__ns_workaround__', 'tmp');
$newElement->removeAttributeNS($uri, '__ns_workaround__');
}
return $newElement;
}
/**
* Parse a boolean attribute.
*
* @param DOMElement $node The element we should fetch the attribute from.
* @param string $attributeName The name of the attribute.
* @param mixed $default The value that should be returned if the attribute doesn't exist.
* @return bool|mixed The value of the attribute, or $default if the attribute doesn't exist.
*/
public static function parseBoolean(DOMElement $node, $attributeName, $default = NULL) {
assert('is_string($attributeName)');
if (!$node->hasAttribute($attributeName)) {
return $default;
}
$value = $node->getAttribute($attributeName);
switch (strtolower($value)) {
case '0':
case 'false':
return FALSE;
case '1':
case 'true':
return TRUE;
default:
throw new Exception('Invalid value of boolean attribute ' . var_export($attributeName, TRUE) . ': ' . var_export($value, TRUE));
}
}
/**
* Create a NameID element.
*
* The NameId array can have the following elements: 'Value', 'Format',
* 'NameQualifier, 'SPNameQualifier'
*
* Only the 'Value'-element is required.
*
* @param DOMElement $node The DOM node we should append the NameId to.
* @param array $nameId The name identifier.
*/
public static function addNameId(DOMElement $node, array $nameId) {
assert('array_key_exists("Value", $nameId)');
$xml = SAML2_Utils::addString($node, SAML2_Const::NS_SAML, 'saml:NameID', $nameId['Value']);
if (array_key_exists('NameQualifier', $nameId) && $nameId['NameQualifier'] !== NULL) {
$xml->setAttribute('NameQualifier', $nameId['NameQualifier']);
}
if (array_key_exists('SPNameQualifier', $nameId) && $nameId['SPNameQualifier'] !== NULL) {
$xml->setAttribute('SPNameQualifier', $nameId['SPNameQualifier']);
}
if (array_key_exists('Format', $nameId) && $nameId['Format'] !== NULL) {
$xml->setAttribute('Format', $nameId['Format']);
}
}
/**
* Parse a NameID element.
*
* @param DOMElement $xml The DOM element we should parse.
* @return array The parsed name identifier.
*/
public static function parseNameId(DOMElement $xml) {
$ret = array('Value' => trim($xml->textContent));
foreach (array('NameQualifier', 'SPNameQualifier', 'Format') as $attr) {
if ($xml->hasAttribute($attr)) {
$ret[$attr] = $xml->getAttribute($attr);
}
}
return $ret;
}
/**
* Insert a Signature-node.
*
* @param XMLSecurityKey $key The key we should use to sign the message.
* @param array $certificates The certificates we should add to the signature node.
* @param DOMElement $root The XML node we should sign.
* @param DomElement $insertBefore The XML element we should insert the signature element before.
*/
public static function insertSignature(XMLSecurityKey $key, array $certificates, DOMElement $root, DOMNode $insertBefore = NULL) {
$objXMLSecDSig = new XMLSecurityDSig();
$objXMLSecDSig->setCanonicalMethod(XMLSecurityDSig::EXC_C14N);
$objXMLSecDSig->addReferenceList(
array($root),
XMLSecurityDSig::SHA1,
array('http://www.w3.org/2000/09/xmldsig#enveloped-signature', XMLSecurityDSig::EXC_C14N),
array('id_name' => 'ID', 'overwrite' => FALSE)
);
$objXMLSecDSig->sign($key);
foreach ($certificates as $certificate) {
$objXMLSecDSig->add509Cert($certificate, TRUE);
}
$objXMLSecDSig->insertSignature($root, $insertBefore);
}
/**
* Decrypt an encrypted element.
*
* This is an internal helper function.
*
* @param DOMElement $encryptedData The encrypted data.
* @param XMLSecurityKey $inputKey The decryption key.
* @param array &$blacklist Blacklisted decryption algorithms.
* @return DOMElement The decrypted element.
*/
private static function _decryptElement(DOMElement $encryptedData, XMLSecurityKey $inputKey, array &$blacklist) {
$enc = new XMLSecEnc();
$enc->setNode($encryptedData);
$enc->type = $encryptedData->getAttribute("Type");
$symmetricKey = $enc->locateKey($encryptedData);
if (!$symmetricKey) {
throw new Exception('Could not locate key algorithm in encrypted data.');
}
$symmetricKeyInfo = $enc->locateKeyInfo($symmetricKey);
if (!$symmetricKeyInfo) {
throw new Exception('Could not locate <dsig:KeyInfo> for the encrypted key.');
}
$inputKeyAlgo = $inputKey->getAlgorith();
if ($symmetricKeyInfo->isEncrypted) {
$symKeyInfoAlgo = $symmetricKeyInfo->getAlgorith();
if (in_array($symKeyInfoAlgo, $blacklist, TRUE)) {
throw new Exception('Algorithm disabled: ' . var_export($symKeyInfoAlgo, TRUE));
}
if ($symKeyInfoAlgo === XMLSecurityKey::RSA_OAEP_MGF1P && $inputKeyAlgo === XMLSecurityKey::RSA_1_5) {
/*
* The RSA key formats are equal, so loading an RSA_1_5 key
* into an RSA_OAEP_MGF1P key can be done without problems.
* We therefore pretend that the input key is an
* RSA_OAEP_MGF1P key.
*/
$inputKeyAlgo = XMLSecurityKey::RSA_OAEP_MGF1P;
}
/* Make sure that the input key format is the same as the one used to encrypt the key. */
if ($inputKeyAlgo !== $symKeyInfoAlgo) {
throw new Exception('Algorithm mismatch between input key and key used to encrypt ' .
' the symmetric key for the message. Key was: ' .
var_export($inputKeyAlgo, TRUE) . '; message was: ' .
var_export($symKeyInfoAlgo, TRUE));
}
$encKey = $symmetricKeyInfo->encryptedCtx;
$symmetricKeyInfo->key = $inputKey->key;
$keySize = $symmetricKey->getSymmetricKeySize();
if ($keySize === NULL) {
/* To protect against "key oracle" attacks, we need to be able to create a
* symmetric key, and for that we need to know the key size.
*/
throw new Exception('Unknown key size for encryption algorithm: ' . var_export($symmetricKey->type, TRUE));
}
try {
$key = $encKey->decryptKey($symmetricKeyInfo);
if (strlen($key) != $keySize) {
throw new Exception('Unexpected key size (' . strlen($key) * 8 . 'bits) for encryption algorithm: ' .
var_export($symmetricKey->type, TRUE));
}
} catch (Exception $e) {
/* We failed to decrypt this key. Log it, and substitute a "random" key. */
SimpleSAML_Logger::error('Failed to decrypt symmetric key: ' . $e->getMessage());
/* Create a replacement key, so that it looks like we fail in the same way as if the key was correctly padded. */
/* We base the symmetric key on the encrypted key and private key, so that we always behave the
* same way for a given input key.
*/
$encryptedKey = $encKey->getCipherValue();
$pkey = openssl_pkey_get_details($symmetricKeyInfo->key);
$pkey = sha1(serialize($pkey), TRUE);
$key = sha1($encryptedKey . $pkey, TRUE);
/* Make sure that the key has the correct length. */
if (strlen($key) > $keySize) {
$key = substr($key, 0, $keySize);
} elseif (strlen($key) < $keySize) {
$key = str_pad($key, $keySize);
}
}
$symmetricKey->loadkey($key);
} else {
$symKeyAlgo = $symmetricKey->getAlgorith();
/* Make sure that the input key has the correct format. */
if ($inputKeyAlgo !== $symKeyAlgo) {
throw new Exception('Algorithm mismatch between input key and key in message. ' .
'Key was: ' . var_export($inputKeyAlgo, TRUE) . '; message was: ' .
var_export($symKeyAlgo, TRUE));
}
$symmetricKey = $inputKey;
}
$algorithm = $symmetricKey->getAlgorith();
if (in_array($algorithm, $blacklist, TRUE)) {
throw new Exception('Algorithm disabled: ' . var_export($algorithm, TRUE));
}
$decrypted = $enc->decryptNode($symmetricKey, FALSE);
/*
* This is a workaround for the case where only a subset of the XML
* tree was serialized for encryption. In that case, we may miss the
* namespaces needed to parse the XML.
*/
$xml = '<root xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">'.$decrypted.'</root>';
$newDoc = new DOMDocument();
if (!@$newDoc->loadXML($xml)) {
throw new Exception('Failed to parse decrypted XML. Maybe the wrong sharedkey was used?');
}
$decryptedElement = $newDoc->firstChild->firstChild;
if ($decryptedElement === NULL) {
throw new Exception('Missing encrypted element.');
}
if (!($decryptedElement instanceof DOMElement)) {
throw new Exception('Decrypted element was not actually a DOMElement.');
}
return $decryptedElement;
}
/**
* Decrypt an encrypted element.
*
* @param DOMElement $encryptedData The encrypted data.
* @param XMLSecurityKey $inputKey The decryption key.
* @param array $blacklist Blacklisted decryption algorithms.
* @return DOMElement The decrypted element.
*/
public static function decryptElement(DOMElement $encryptedData, XMLSecurityKey $inputKey, array $blacklist = array()) {
try {
return self::_decryptElement($encryptedData, $inputKey, $blacklist);
} catch (Exception $e) {
/*
* Something went wrong during decryption, but for security
* reasons we cannot tell the user what failed.
*/
SimpleSAML_Logger::error('Decryption failed: ' . $e->getMessage());
throw new Exception('Failed to decrypt XML element.');
}
}
/**
* Extract localized strings from a set of nodes.
*
* @param DOMElement $parent The element that contains the localized strings.
* @param string $namespaceURI The namespace URI the localized strings should have.
* @param string $localName The localName of the localized strings.
* @return array Localized strings.
*/
public static function extractLocalizedStrings(DOMElement $parent, $namespaceURI, $localName) {
assert('is_string($namespaceURI)');
assert('is_string($localName)');
$ret = array();
for ($node = $parent->firstChild; $node !== NULL; $node = $node->nextSibling) {
if ($node->namespaceURI !== $namespaceURI || $node->localName !== $localName) {
continue;
}
if ($node->hasAttribute('xml:lang')) {
$language = $node->getAttribute('xml:lang');
} else {
$language = 'en';
}
$ret[$language] = trim($node->textContent);
}
return $ret;
}
/**
* Extract strings from a set of nodes.
*
* @param DOMElement $parent The element that contains the localized strings.
* @param string $namespaceURI The namespace URI the string elements should have.
* @param string $localName The localName of the string elements.
* @return array The string values of the various nodes.
*/
public static function extractStrings(DOMElement $parent, $namespaceURI, $localName) {
assert('is_string($namespaceURI)');
assert('is_string($localName)');
$ret = array();
for ($node = $parent->firstChild; $node !== NULL; $node = $node->nextSibling) {
if ($node->namespaceURI !== $namespaceURI || $node->localName !== $localName) {
continue;
}
$ret[] = trim($node->textContent);
}
return $ret;
}
/**
* Append string element.
*
* @param DOMElement $parent The parent element we should append the new nodes to.
* @param string $namespace The namespace of the created element.
* @param string $name The name of the created element.
* @param string $value The value of the element.
* @return DOMElement The generated element.
*/
public static function addString(DOMElement $parent, $namespace, $name, $value) {
assert('is_string($namespace)');
assert('is_string($name)');
assert('is_string($value)');
$doc = $parent->ownerDocument;
$n = $doc->createElementNS($namespace, $name);
$n->appendChild($doc->createTextNode($value));
$parent->appendChild($n);
return $n;
}
/**
* Append string elements.
*
* @param DOMElement $parent The parent element we should append the new nodes to.
* @param string $namespace The namespace of the created elements
* @param string $name The name of the created elements
* @param bool $localized Whether the strings are localized, and should include the xml:lang attribute.
* @param array $values The values we should create the elements from.
*/
public static function addStrings(DOMElement $parent, $namespace, $name, $localized, array $values) {
assert('is_string($namespace)');
assert('is_string($name)');
assert('is_bool($localized)');
$doc = $parent->ownerDocument;
foreach ($values as $index => $value) {
$n = $doc->createElementNS($namespace, $name);
$n->appendChild($doc->createTextNode($value));
if ($localized) {
$n->setAttribute('xml:lang', $index);
}
$parent->appendChild($n);
}
}
/**
* Create a KeyDescriptor with the given certificate.
*
* @param string $x509Data The certificate, as a base64-encoded DER data.
* @return SAML2_XML_md_KeyDescriptor The keydescriptor.
*/
public static function createKeyDescriptor($x509Data) {
assert('is_string($x509Data)');
$x509Certificate = new SAML2_XML_ds_X509Certificate();
$x509Certificate->certificate = $x509Data;
$x509Data = new SAML2_XML_ds_X509Data();
$x509Data->data[] = $x509Certificate;
$keyInfo = new SAML2_XML_ds_KeyInfo();
$keyInfo->info[] = $x509Data;
$keyDescriptor = new SAML2_XML_md_KeyDescriptor();
$keyDescriptor->KeyInfo = $keyInfo;
return $keyDescriptor;
}
}

View File

@ -1,104 +0,0 @@
<?php
/**
* Serializable class used to hold an XML element.
*
* @package simpleSAMLphp
* @version $Id$
*/
class SAML2_XML_Chunk {
/**
* The localName of the element.
*
* @var string
*/
public $localName;
/**
* The namespaceURI of this element.
*
* @var string
*/
public $namespaceURI;
/**
* The DOMElement we contain.
*
* @var DOMElement
*/
private $xml;
/**
* The DOMElement as a text string. Used during serialization.
*
* @var string|NULL
*/
private $xmlString;
/**
* Create a XMLChunk from a copy of the given DOMElement.
*
* @param DOMElement $xml The element we should copy.
*/
public function __construct(DOMElement $xml) {
$this->localName = $xml->localName;
$this->namespaceURI = $xml->namespaceURI;
$this->xml = SAML2_Utils::copyElement($xml);
}
/**
* Get this DOMElement.
*
* @return DOMElement This element.
*/
public function getXML() {
assert('$this->xml instanceof DOMElement || is_string($this->xmlString)');
if ($this->xml === NULL) {
$doc = new DOMDocument();
$doc->loadXML($this->xmlString);
$this->xml = $doc->firstChild;
}
return $this->xml;
}
/**
* Append this XML element to a different XML element.
*
* @param DOMElement $parent The element we should append this element to.
* @return DOMElement The new element.
*/
public function toXML(DOMElement $parent) {
return SAML2_Utils::copyElement($this->getXML(), $parent);
}
/**
* Serialization handler.
*
* Converts the XML data to a string that can be serialized
*
* @return array List of properties that should be serialized.
*/
public function __sleep() {
assert('$this->xml instanceof DOMElement || is_string($this->xmlString)');
if ($this->xmlString === NULL) {
$this->xmlString = $this->xml->ownerDocument->saveXML($this->xml);
}
return array('xmlString', 'localName', 'namespaceURI');
}
}

View File

@ -1,94 +0,0 @@
<?php
/**
* Class representing a ds:KeyInfo element.
*
* @package simpleSAMLphp
* @version $Id$
*/
class SAML2_XML_ds_KeyInfo {
/**
* The Id attribute on this element.
*
* @var string|NULL
*/
public $Id = NULL;
/**
* The various key information elements.
*
* Array with various elements describing this key.
* Unknown elements will be represented by SAML2_XML_Chunk.
*
* @var array
*/
public $info = array();
/**
* Initialize a KeyInfo element.
*
* @param DOMElement|NULL $xml The XML element we should load.
*/
public function __construct(DOMElement $xml = NULL) {
if ($xml === NULL) {
return;
}
if ($xml->hasAttribute('Id')) {
$this->Id = $xml->getAttribute('Id');
}
for ($n = $xml->firstChild; $n !== NULL; $n = $n->nextSibling) {
if (!($n instanceof DOMElement)) {
continue;
}
if ($n->namespaceURI !== XMLSecurityDSig::XMLDSIGNS) {
$this->info[] = new SAML2_XML_Chunk($n);
continue;
}
switch ($n->localName) {
case 'KeyName':
$this->info[] = new SAML2_XML_ds_KeyName($n);
break;
case 'X509Data':
$this->info[] = new SAML2_XML_ds_X509Data($n);
break;
default:
$this->info[] = new SAML2_XML_Chunk($n);
break;
}
}
}
/**
* Convert this KeyInfo to XML.
*
* @param DOMElement $parent The element we should append this KeyInfo to.
*/
public function toXML(DOMElement $parent) {
assert('is_null($this->Id) || is_string($this->Id)');
assert('is_array($this->info)');
$doc = $parent->ownerDocument;
$e = $doc->createElementNS(XMLSecurityDSig::XMLDSIGNS, 'ds:KeyInfo');
$parent->appendChild($e);
if (isset($this->Id)) {
$e->setAttribute('Id', $this->Id);
}
foreach ($this->info as $n) {
$n->toXML($e);
}
return $e;
}
}

View File

@ -1,45 +0,0 @@
<?php
/**
* Class representing a ds:KeyName element.
*
* @package simpleSAMLphp
* @version $Id$
*/
class SAML2_XML_ds_KeyName {
/**
* The key name.
*
* @var string
*/
public $name;
/**
* Initialize a KeyName element.
*
* @param DOMElement|NULL $xml The XML element we should load.
*/
public function __construct(DOMElement $xml = NULL) {
if ($xml === NULL) {
return;
}
$this->name = $xml->textContent;
}
/**
* Convert this KeyName element to XML.
*
* @param DOMElement $parent The element we should append this KeyName element to.
*/
public function toXML(DOMElement $parent) {
assert('is_string($this->name)');
return SAML2_Utils::addString($parent, XMLSecurityDSig::XMLDSIGNS, 'ds:KeyName', $this->name);
}
}

View File

@ -1,45 +0,0 @@
<?php
/**
* Class representing a ds:X509Certificate element.
*
* @package simpleSAMLphp
* @version $Id$
*/
class SAML2_XML_ds_X509Certificate {
/**
* The base64-encoded certificate.
*
* @var string
*/
public $certificate;
/**
* Initialize an X509Certificate element.
*
* @param DOMElement|NULL $xml The XML element we should load.
*/
public function __construct(DOMElement $xml = NULL) {
if ($xml === NULL) {
return;
}
$this->certificate = $xml->textContent;
}
/**
* Convert this X509Certificate element to XML.
*
* @param DOMElement $parent The element we should append this X509Certificate element to.
*/
public function toXML(DOMElement $parent) {
assert('is_string($this->certificate)');
return SAML2_Utils::addString($parent, XMLSecurityDSig::XMLDSIGNS, 'ds:X509Certificate', $this->certificate);
}
}

View File

@ -1,74 +0,0 @@
<?php
/**
* Class representing a ds:X509Data element.
*
* @package simpleSAMLphp
* @version $Id$
*/
class SAML2_XML_ds_X509Data {
/**
* The various X509 data elements.
*
* Array with various elements describing this certificate.
* Unknown elements will be represented by SAML2_XML_Chunk.
*
* @var array
*/
public $data = array();
/**
* Initialize a X509Data.
*
* @param DOMElement|NULL $xml The XML element we should load.
*/
public function __construct(DOMElement $xml = NULL) {
if ($xml === NULL) {
return;
}
for ($n = $xml->firstChild; $n !== NULL; $n = $n->nextSibling) {
if (!($n instanceof DOMElement)) {
continue;
}
if ($n->namespaceURI !== XMLSecurityDSig::XMLDSIGNS) {
$this->data[] = new SAML2_XML_Chunk($n);
continue;
}
switch ($n->localName) {
case 'X509Certificate':
$this->data[] = new SAML2_XML_ds_X509Certificate($n);
break;
default:
$this->data[] = new SAML2_XML_Chunk($n);
break;
}
}
}
/**
* Convert this X509Data element to XML.
*
* @param DOMElement $parent The element we should append this X509Data element to.
*/
public function toXML(DOMElement $parent) {
assert('is_array($this->data)');
$doc = $parent->ownerDocument;
$e = $doc->createElementNS(XMLSecurityDSig::XMLDSIGNS, 'ds:X509Data');
$parent->appendChild($e);
foreach ($this->data as $n) {
$n->toXML($e);
}
return $e;
}
}

View File

@ -1,62 +0,0 @@
<?php
/**
* Class representing SAML 2 metadata AdditionalMetadataLocation element.
*
* @package simpleSAMLphp
* @version $Id$
*/
class SAML2_XML_md_AdditionalMetadataLocation {
/**
* The namespace of this metadata.
*
* @var string
*/
public $namespace;
/**
* The URI where the metadata is located.
*
* @var string
*/
public $location;
/**
* Initialize an AdditionalMetadataLocation element.
*
* @param DOMElement|NULL $xml The XML element we should load.
*/
public function __construct(DOMElement $xml = NULL) {
if ($xml === NULL) {
return;
}
if (!$xml->hasAttribute('namespace')) {
throw new Exception('Missing namespace attribute on AdditionalMetadataLocation element.');
}
$this->namespace = $xml->getAttribute('namespace');
$this->location = $xml->textContent;
}
/**
* Convert this AdditionalMetadataLocation to XML.
*
* @param DOMElement $parent The element we should append to.
* @return DOMElement This AdditionalMetadataLocation-element.
*/
public function toXML(DOMElement $parent) {
assert('is_string($this->namespace)');
assert('is_string($this->location)');
$e = SAML2_Utils::addString($parent, SAML2_Const::NS_MD, 'md:AdditionalMetadataLocation', $this->location);
$e->setAttribute('namespace', $this->namespace);
return $e;
}
}

View File

@ -1,162 +0,0 @@
<?php
/**
* Class representing SAML 2 AffiliationDescriptor element.
*
* @package simpleSAMLphp
* @version $Id$
*/
class SAML2_XML_md_AffiliationDescriptor extends SAML2_SignedElementHelper {
/**
* The affiliationOwnerID.
*
* @var string
*/
public $affiliationOwnerID;
/**
* The ID of this element.
*
* @var string|NULL
*/
public $ID;
/**
* How long this element is valid, as a unix timestamp.
*
* @var int|NULL
*/
public $validUntil;
/**
* The length of time this element can be cached, as string.
*
* @var string|NULL
*/
public $cacheDuration;
/**
* Extensions on this element.
*
* Array of extension elements.
*
* @var array
*/
public $Extensions = array();
/**
* The AffiliateMember(s).
*
* Array of entity ID strings.
*
* @var array
*/
public $AffiliateMember = array();
/**
* KeyDescriptor elements.
*
* Array of SAML2_XML_md_KeyDescriptor elements.
*
* @var array
*/
public $KeyDescriptor = array();
/**
* Initialize a AffiliationDescriptor.
*
* @param DOMElement|NULL $xml The XML element we should load.
*/
public function __construct(DOMElement $xml = NULL) {
parent::__construct($xml);
if ($xml === NULL) {
return;
}
if (!$xml->hasAttribute('affiliationOwnerID')) {
throw new Exception('Missing affiliationOwnerID on AffiliationDescriptor.');
}
$this->affiliationOwnerID = $xml->getAttribute('affiliationOwnerID');
if ($xml->hasAttribute('ID')) {
$this->ID = $xml->getAttribute('ID');
}
if ($xml->hasAttribute('validUntil')) {
$this->validUntil = SimpleSAML_Utilities::parseSAML2Time($xml->getAttribute('validUntil'));
}
if ($xml->hasAttribute('cacheDuration')) {
$this->cacheDuration = $xml->getAttribute('cacheDuration');
}
$this->Extensions = SAML2_XML_md_Extensions::getList($xml);
$this->AffiliateMember = SAML2_Utils::extractStrings($xml, SAML2_Const::NS_MD, 'AffiliateMember');
if (empty($this->AffiliateMember)) {
throw new Exception('Missing AffiliateMember in AffiliationDescriptor.');
}
foreach (SAML2_Utils::xpQuery($xml, './saml_metadata:KeyDescriptor') as $kd) {
$this->KeyDescriptor[] = new SAML2_XML_md_KeyDescriptor($kd);
}
}
/**
* Add this AffiliationDescriptor to an EntityDescriptor.
*
* @param DOMElement $parent The EntityDescriptor we should append this endpoint to.
* @param string $name The name of the element we should create.
*/
public function toXML(DOMElement $parent) {
assert('is_string($this->affiliationOwnerID)');
assert('is_null($this->ID) || is_string($this->ID)');
assert('is_null($this->validUntil) || is_int($this->validUntil)');
assert('is_null($this->cacheDuration) || is_string($this->cacheDuration)');
assert('is_array($this->Extensions)');
assert('is_array($this->AffiliateMember)');
assert('!empty($this->AffiliateMember)');
assert('is_array($this->KeyDescriptor)');
$e = $parent->ownerDocument->createElementNS(SAML2_Const::NS_MD, 'md:AffiliationDescriptor');
$parent->appendChild($e);
$e->setAttribute('affiliationOwnerID', $this->affiliationOwnerID);
if (isset($this->ID)) {
$e->setAttribute('ID', $this->ID);
}
if (isset($this->validUntil)) {
$e->setAttribute('validUntil', gmdate('Y-m-d\TH:i:s\Z', $this->validUntil));
}
if (isset($this->cacheDuration)) {
$e->setAttribute('cacheDuration', $this->cacheDuration);
}
SAML2_XML_md_Extensions::addList($e, $this->Extensions);
SAML2_Utils::addStrings($e, SAML2_Const::NS_MD, 'md:AffiliateMember', FALSE, $this->AffiliateMember);
foreach ($this->KeyDescriptor as $kd) {
$kd->toXML($e);
}
$this->signElement($e, $e->firstChild);
return $e;
}
}

View File

@ -1,128 +0,0 @@
<?php
/**
* Class representing SAML 2 metadata AttributeAuthorityDescriptor.
*
* @package simpleSAMLphp
* @version $Id$
*/
class SAML2_XML_md_AttributeAuthorityDescriptor extends SAML2_XML_md_RoleDescriptor {
/**
* List of AttributeService endpoints.
*
* Array with EndpointType objects.
*
* @var array
*/
public $AttributeService = array();
/**
* List of AssertionIDRequestService endpoints.
*
* Array with EndpointType objects.
*
* @var array
*/
public $AssertionIDRequestService = array();
/**
* List of supported NameID formats.
*
* Array of strings.
*
* @var array
*/
public $NameIDFormat = array();
/**
* List of supported attribute profiles.
*
* Array with strings.
*
* @var array
*/
public $AttributeProfile = array();
/**
* List of supported attributes.
*
* Array with SAML2_XML_saml_Attribute objects.
*
* @var array
*/
public $Attribute = array();
/**
* Initialize an IDPSSODescriptor.
*
* @param DOMElement|NULL $xml The XML element we should load.
*/
public function __construct(DOMElement $xml = NULL) {
parent::__construct('md:AttributeAuthorityDescriptor', $xml);
if ($xml === NULL) {
return;
}
foreach (SAML2_Utils::xpQuery($xml, './saml_metadata:AttributeService') as $ep) {
$this->AttributeService[] = new SAML2_XML_md_EndpointType($ep);
}
if (empty($this->AttributeService)) {
throw new Exception('Must have at least one AttributeService in AttributeAuthorityDescriptor.');
}
foreach (SAML2_Utils::xpQuery($xml, './saml_metadata:AssertionIDRequestService') as $ep) {
$this->AssertionIDRequestService[] = new SAML2_XML_md_EndpointType($airs);
}
$this->NameIDFormat = SAML2_Utils::extractStrings($xml, SAML2_Const::NS_MD, 'NameIDFormat');
$this->AttributeProfile = SAML2_Utils::extractStrings($xml, SAML2_Const::NS_MD, 'AttributeProfile');
foreach (SAML2_Utils::xpQuery($xml, './saml_assertion:Attribute') as $a) {
$this->Attribute[] = new SAML2_XML_saml_Attribute($a);
}
}
/**
* Add this AttributeAuthorityDescriptor to an EntityDescriptor.
*
* @param DOMElement $parent The EntityDescriptor we should append this IDPSSODescriptor to.
*/
public function toXML(DOMElement $parent) {
assert('is_array($this->AttributeService)');
assert('!empty($this->AttributeService)');
assert('is_array($this->AssertionIDRequestService)');
assert('is_array($this->NameIDFormat)');
assert('is_array($this->AttributeProfile)');
assert('is_array($this->Attribute)');
$e = parent::toXML($parent);
foreach ($this->AttributeService as $ep) {
$ep->toXML($e, 'md:AttributeService');
}
foreach ($this->AssertionIDRequestService as $ep) {
$ep->toXML($e, 'md:AssertionIDRequestService');
}
SAML2_Utils::addStrings($e, SAML2_Const::NS_MD, 'md:NameIDFormat', FALSE, $this->NameIDFormat);
SAML2_Utils::addStrings($e, SAML2_Const::NS_MD, 'md:AttributeProfile', FALSE, $this->AttributeProfile);
foreach ($this->Attribute as $a) {
$a->toXML($e);
}
return $e;
}
}

View File

@ -1,124 +0,0 @@
<?php
/**
* Class representing SAML 2 Metadata AttributeConsumingService element.
*
* @package simpleSAMLphp
* @version $Id$
*/
class SAML2_XML_md_AttributeConsumingService {
/**
* The index of this AttributeConsumingService.
*
* @var int
*/
public $index;
/**
* Whether this is the default AttributeConsumingService.
*
* @var bool|NULL
*/
public $isDefault = NULL;
/**
* The ServiceName of this AttributeConsumingService.
*
* This is an associative array with language => translation.
*
* @var array
*/
public $ServiceName = array();
/**
* The ServiceDescription of this AttributeConsumingService.
*
* This is an associative array with language => translation.
*
* @var array
*/
public $ServiceDescription = array();
/**
* The RequestedAttribute elements.
*
* This is an array of SAML_RequestedAttributeType elements.
*
* @var array
*/
public $RequestedAttribute = array();
/**
* Initialize / parse an AttributeConsumingService.
*
* @param DOMElement|NULL $xml The XML element we should load.
*/
public function __construct(DOMElement $xml = NULL) {
if ($xml === NULL) {
return;
}
if (!$xml->hasAttribute('index')) {
throw new Exception('Missing index on AttributeConsumingService.');
}
$this->index = (int)$xml->getAttribute('index');
$this->isDefault = SAML2_Utils::parseBoolean($xml, 'isDefault', NULL);
$this->ServiceName = SAML2_Utils::extractLocalizedStrings($xml, SAML2_Const::NS_MD, 'ServiceName');
if (empty($this->ServiceName)) {
throw new Exception('Missing ServiceName in AttributeConsumingService.');
}
$this->ServiceDescription = SAML2_Utils::extractLocalizedStrings($xml, SAML2_Const::NS_MD, 'ServiceDescription');
foreach (SAML2_Utils::xpQuery($xml, './saml_metadata:RequestedAttribute') as $ra) {
$this->RequestedAttribute[] = new SAML2_XML_md_RequestedAttribute($ra);
}
}
/**
* Convert to DOMElement.
*
* @param DOMElement $parent The element we should append this AttributeConsumingService to.
*/
public function toXML(DOMElement $parent) {
assert('is_int($this->index)');
assert('is_null($this->isDefault) || is_bool($this->isDefault)');
assert('is_array($this->ServiceName)');
assert('is_array($this->ServiceDescription)');
assert('is_array($this->RequestedAttribute)');
$doc = $parent->ownerDocument;
$e = $doc->createElementNS(SAML2_Const::NS_MD, 'md:AttributeConsumingService');
$parent->appendChild($e);
$e->setAttribute('index', (string)$this->index);
if ($this->isDefault === TRUE) {
$e->setAttribute('isDefault', 'true');
} elseif ($this->isDefault === FALSE) {
$e->setAttribute('isDefault', 'false');
}
SAML2_Utils::addStrings($e, SAML2_Const::NS_MD, 'md:ServiceName', TRUE, $this->ServiceName);
SAML2_Utils::addStrings($e, SAML2_Const::NS_MD, 'md:ServiceDescription', TRUE, $this->ServiceDescription);
foreach ($this->RequestedAttribute as $ra) {
$ra->toXML($e);
}
return $e;
}
}

View File

@ -1,94 +0,0 @@
<?php
/**
* Class representing SAML 2 metadata AuthnAuthorityDescriptor.
*
* @package simpleSAMLphp
* @version $Id$
*/
class SAML2_XML_md_AuthnAuthorityDescriptor extends SAML2_XML_md_RoleDescriptor {
/**
* List of AuthnQueryService endpoints.
*
* Array with EndpointType objects.
*
* @var array
*/
public $AuthnQueryService = array();
/**
* List of AssertionIDRequestService endpoints.
*
* Array with EndpointType objects.
*
* @var array
*/
public $AssertionIDRequestService = array();
/**
* List of supported NameID formats.
*
* Array of strings.
*
* @var array
*/
public $NameIDFormat = array();
/**
* Initialize an IDPSSODescriptor.
*
* @param DOMElement|NULL $xml The XML element we should load.
*/
public function __construct(DOMElement $xml = NULL) {
parent::__construct('md:AuthnAuthorityDescriptor', $xml);
if ($xml === NULL) {
return;
}
foreach (SAML2_Utils::xpQuery($xml, './saml_metadata:AuthnQueryService') as $ep) {
$this->AuthnQueryService[] = new SAML2_XML_md_EndpointType($ep);
}
if (empty($this->AuthnQueryService)) {
throw new Exception('Must have at least one AuthnQueryService in AuthnAuthorityDescriptor.');
}
foreach (SAML2_Utils::xpQuery($xml, './saml_metadata:AssertionIDRequestService') as $ep) {
$this->AssertionIDRequestService[] = new SAML2_XML_md_EndpointType($airs);
}
$this->NameIDFormat = SAML2_Utils::extractStrings($xml, SAML2_Const::NS_MD, 'NameIDFormat');
}
/**
* Add this IDPSSODescriptor to an EntityDescriptor.
*
* @param DOMElement $parent The EntityDescriptor we should append this AuthnAuthorityDescriptor to.
*/
public function toXML(DOMElement $parent) {
assert('is_array($this->AuthnQueryService)');
assert('!empty($this->AuthnQueryService)');
assert('is_array($this->AssertionIDRequestService)');
assert('is_array($this->NameIDFormat)');
$e = parent::toXML($parent);
foreach ($this->AuthnQueryService as $ep) {
$ep->toXML($e, 'md:AuthnQueryService');
}
foreach ($this->AssertionIDRequestService as $ep) {
$ep->toXML($e, 'md:AssertionIDRequestService');
}
SAML2_Utils::addStrings($e, SAML2_Const::NS_MD, 'md:NameIDFormat', FALSE, $this->NameIDFormat);
return $e;
}
}

View File

@ -1,182 +0,0 @@
<?php
/**
* Class representing SAML 2 ContactPerson.
*
* @package simpleSAMLphp
* @version $Id$
*/
class SAML2_XML_md_ContactPerson {
/**
* The contact type.
*
* @var string
*/
public $contactType;
/**
* Extensions on this element.
*
* Array of extension elements.
*
* @var array
*/
public $Extensions = array();
/**
* The Company of this contact.
*
* @var string
*/
public $Company = NULL;
/**
* The GivenName of this contact.
*
* @var string
*/
public $GivenName = NULL;
/**
* The SurName of this contact.
*
* @var string
*/
public $SurName = NULL;
/**
* The EmailAddresses of this contact.
*
* @var array
*/
public $EmailAddress = array();
/**
* The TelephoneNumbers of this contact.
*
* @var array
*/
public $TelephoneNumber = array();
/**
* Initialize a ContactPerson element.
*
* @param DOMElement|NULL $xml The XML element we should load.
*/
public function __construct(DOMElement $xml = NULL) {
if ($xml === NULL) {
return;
}
if (!$xml->hasAttribute('contactType')) {
throw new Exception('Missing contactType on ContactPerson.');
}
$this->contactType = $xml->getAttribute('contactType');
$this->Extensions = SAML2_XML_md_Extensions::getList($xml);
$this->Company = self::getStringElement($xml, 'Company');
$this->GivenName = self::getStringElement($xml, 'GivenName');
$this->SurName = self::getStringElement($xml, 'SurName');
$this->EmailAddress = self::getStringElements($xml, 'EmailAddress');
$this->TelephoneNumber = self::getStringElements($xml, 'TelephoneNumber');
}
/**
* Retrieve the value of a child DOMElements as an array of strings.
*
* @param DOMElement $parent The parent element.
* @param string $name The name of the child elements.
* @return array The value of the child elements.
*/
private static function getStringElements(DOMElement $parent, $name) {
assert('is_string($name)');
$e = SAML2_Utils::xpQuery($parent, './saml_metadata:' . $name);
$ret = array();
foreach ($e as $i) {
$ret[] = $i->textContent;
}
return $ret;
}
/**
* Retrieve the value of a child DOMElement as a string.
*
* @param DOMElement $parent The parent element.
* @param string $name The name of the child element.
* @return string|NULL The value of the child element.
*/
private static function getStringElement(DOMElement $parent, $name) {
assert('is_string($name)');
$e = self::getStringElements($parent, $name);
if (empty($e)) {
return NULL;
}
if (count($e) > 1) {
throw new Exception('More than one ' . $name . ' in ' . $parent->tagName);
}
return $e[0];
}
/**
* Convert this ContactPerson to XML.
*
* @param DOMElement $parent The element we should add this contact to.
* @return DOMElement The new ContactPerson-element.
*/
public function toXML(DOMElement $parent) {
assert('is_string($this->contactType)');
assert('is_array($this->Extensions)');
assert('is_null($this->Company) || is_string($this->Company)');
assert('is_null($this->GivenName) || is_string($this->GivenName)');
assert('is_null($this->SurName) || is_string($this->SurName)');
assert('is_array($this->EmailAddress)');
assert('is_array($this->TelephoneNumber)');
$doc = $parent->ownerDocument;
$e = $doc->createElementNS(SAML2_Const::NS_MD, 'md:ContactPerson');
$parent->appendChild($e);
$e->setAttribute('contactType', $this->contactType);
SAML2_XML_md_Extensions::addList($e, $this->Extensions);
if (isset($this->Company)) {
SAML2_Utils::addString($e, SAML2_Const::NS_MD, 'md:Company', $this->Company);
}
if (isset($this->GivenName)) {
SAML2_Utils::addString($e, SAML2_Const::NS_MD, 'md:GivenName', $this->GivenName);
}
if (isset($this->SurName)) {
SAML2_Utils::addString($e, SAML2_Const::NS_MD, 'md:SurName', $this->SurName);
}
if (!empty($this->EmailAddress)) {
SAML2_Utils::addStrings($e, SAML2_Const::NS_MD, 'md:EmailAddress', FALSE, $this->EmailAddress);
}
if (!empty($this->TelephoneNumber)) {
SAML2_Utils::addStrings($e, SAML2_Const::NS_MD, 'md:TelephoneNumber', FALSE, $this->TelephoneNumber);
}
return $e;
}
}

View File

@ -1,187 +0,0 @@
<?php
/**
* Class representing SAML 2 EndpointType.
*
* @package simpleSAMLphp
* @version $Id$
*/
class SAML2_XML_md_EndpointType {
/**
* The binding for this endpoint.
*
* @var string
*/
public $Binding;
/**
* The URI to this endpoint.
*
* @var string
*/
public $Location;
/**
* The URI where responses can be delivered.
*
* @var string|NULL
*/
public $ResponseLocation = NULL;
/**
* Extra (namespace qualified) attributes.
*
* @var array
*/
private $attributes = array();
/**
* Initialize an EndpointType.
*
* @param DOMElement|NULL $xml The XML element we should load.
*/
public function __construct(DOMElement $xml = NULL) {
if ($xml === NULL) {
return;
}
if (!$xml->hasAttribute('Binding')) {
throw new Exception('Missing Binding on ' . $xml->tagName);
}
$this->Binding = $xml->getAttribute('Binding');
if (!$xml->hasAttribute('Location')) {
throw new Exception('Missing Location on ' . $xml->tagName);
}
$this->Location = $xml->getAttribute('Location');
if ($xml->hasAttribute('ResponseLocation')) {
$this->ResponseLocation = $xml->getAttribute('ResponseLocation');
}
foreach ($xml->attributes as $a) {
if ($a->namespaceURI === NULL) {
continue; /* Not namespace-qualified -- skip. */
}
$fullName = '{' . $a->namespaceURI . '}' . $a->localName;
$this->attributes[$fullName] = array(
'qualifiedName' => $a->nodeName,
'namespaceURI' => $a->namespaceURI,
'value' => $a->value,
);
}
}
/**
* Check if a namespace-qualified attribute exists.
*
* @param string $namespaceURI The namespace URI.
* @param string $localName The local name.
* @return boolean TRUE if the attribute exists, FALSE if not.
*/
public function hasAttributeNS($namespaceURI, $localName) {
assert('is_string($namespaceURI)');
assert('is_string($localName)');
$fullName = '{' . $namespaceURI . '}' . $localName;
return isset($this->attributes[$fullName]);
}
/**
* Get a namespace-qualified attribute.
*
* @param string $namespaceURI The namespace URI.
* @param string $localName The local name.
* @return string The value of the attribute, or an empty string if the attribute does not exist.
*/
public function getAttributeNS($namespaceURI, $localName) {
assert('is_string($namespaceURI)');
assert('is_string($localName)');
$fullName = '{' . $namespaceURI . '}' . $localName;
if (!isset($this->attributes[$fullName])) {
return '';
}
return $this->attributes[$fullName]['value'];
}
/**
* Get a namespace-qualified attribute.
*
* @param string $namespaceURI The namespace URI.
* @param string $qualifiedName The local name.
* @param string $value The attribute value.
*/
public function setAttributeNS($namespaceURI, $qualifiedName, $value) {
assert('is_string($namespaceURI)');
assert('is_string($qualifiedName)');
$name = explode(':', $qualifiedName, 2);
if (count($name) < 2) {
throw new Exception('Not a qualified name.');
}
$localName = $name[1];
$fullName = '{' . $namespaceURI . '}' . $localName;
$this->attributes[$fullName] = array(
'qualifiedName' => $qualifiedName,
'namespaceURI' => $namespaceURI,
'value' => $value,
);
}
/**
* Remove a namespace-qualified attribute.
*
* @param string $namespaceURI The namespace URI.
* @param string $localName The local name.
*/
public function removeAttributeNS($namespaceURI, $localName) {
assert('is_string($namespaceURI)');
assert('is_string($localName)');
$fullName = '{' . $namespaceURI . '}' . $localName;
unset($this->attributes[$fullName]);
}
/**
* Add this endpoint to an XML element.
*
* @param DOMElement $parent The element we should append this endpoint to.
* @param string $name The name of the element we should create.
*/
public function toXML(DOMElement $parent, $name) {
assert('is_string($name)');
assert('is_string($this->Binding)');
assert('is_string($this->Location)');
assert('is_null($this->ResponseLocation) || is_string($this->ResponseLocation)');
$e = $parent->ownerDocument->createElementNS(SAML2_Const::NS_MD, $name);
$parent->appendChild($e);
$e->setAttribute('Binding', $this->Binding);
$e->setAttribute('Location', $this->Location);
if (isset($this->ResponseLocation)) {
$e->setAttribute('ResponseLocation', $this->ResponseLocation);
}
foreach ($this->attributes as $a) {
$e->setAttributeNS($a['namespaceURI'], $a['qualifiedName'], $a['value']);
}
return $e;
}
}

Some files were not shown because too many files have changed in this diff Show More