|
1
|
|
|
<?php |
|
2
|
|
|
/* |
|
3
|
|
|
* ****************************************************************************** |
|
4
|
|
|
* Copyright 2011-2017 DANTE Ltd. and GÉANT on behalf of the GN3, GN3+, GN4-1 |
|
5
|
|
|
* and GN4-2 consortia |
|
6
|
|
|
* |
|
7
|
|
|
* License: see the web/copyright.php file in the file structure |
|
8
|
|
|
* ****************************************************************************** |
|
9
|
|
|
*/ |
|
10
|
|
|
|
|
11
|
|
|
/** |
|
12
|
|
|
* This page is used to edit a RADIUS profile by its administrator. |
|
13
|
|
|
* |
|
14
|
|
|
* @author Stefan Winter <[email protected]> |
|
15
|
|
|
*/ |
|
16
|
|
|
|
|
17
|
|
|
?> |
|
18
|
|
|
<?php |
|
19
|
|
|
require_once(dirname(dirname(dirname(__FILE__))) . "/config/_config.php"); |
|
20
|
|
|
|
|
21
|
|
|
$deco = new \web\lib\admin\PageDecoration(); |
|
22
|
|
|
$validator = new \web\lib\common\InputValidation(); |
|
23
|
|
|
$uiElements = new web\lib\admin\UIElements(); |
|
24
|
|
|
|
|
25
|
|
|
echo $deco->defaultPagePrelude(sprintf(_("%s: IdP Enrollment Wizard (Step 3)"), CONFIG['APPEARANCE']['productname'])); |
|
|
|
|
|
|
26
|
|
|
?> |
|
27
|
|
|
<script src="js/XHR.js" type="text/javascript"></script> |
|
28
|
|
|
<script src="js/option_expand.js" type="text/javascript"></script> |
|
29
|
|
|
<!-- JQuery --> |
|
30
|
|
|
<script type="text/javascript" src="../external/jquery/jquery.js"></script> |
|
31
|
|
|
<script type="text/javascript" src="../external/jquery/jquery-migrate.js"></script> |
|
32
|
|
|
<script type="text/javascript" src="../external/jquery/jquery-ui.js"></script> |
|
33
|
|
|
<!-- EAP sorting code --> |
|
34
|
|
|
<style> |
|
35
|
|
|
li.eap1 {list-style-type: none;} |
|
36
|
|
|
ol.eapmethods { list-style-position: inside; margin: 0; padding: 0px; padding-top: 20px; padding-bottom: 0px; width: 20em; } |
|
37
|
|
|
ol.eapmethods li{ |
|
38
|
|
|
background: #CCF; |
|
39
|
|
|
border-left-style: inset; |
|
40
|
|
|
border-left-width: 1px; |
|
41
|
|
|
border-left-color: #8BBACB; |
|
42
|
|
|
border-top-style: inset; |
|
43
|
|
|
border-top-width: 1px; |
|
44
|
|
|
border-top-color: #8BBACB; |
|
45
|
|
|
border-right-style: outset; |
|
46
|
|
|
border-right-width: 2px; |
|
47
|
|
|
border-right-color: #043D52; |
|
48
|
|
|
border-bottom-style: outset; |
|
49
|
|
|
border-bottom-width: 2px; |
|
50
|
|
|
border-bottom-color: #043D52; |
|
51
|
|
|
border-radius: 6px; |
|
52
|
|
|
box-shadow: 4px 4px 4px #888888; |
|
53
|
|
|
background-image:url('../resources/images/icons/strzalka5.png'); |
|
54
|
|
|
background-repeat:no-repeat; |
|
55
|
|
|
background-position:95% 50%; |
|
56
|
|
|
margin: 2px 0px 2px 0px; |
|
57
|
|
|
padding: 3px; |
|
58
|
|
|
padding-left: 1em; |
|
59
|
|
|
padding-right: 0px; |
|
60
|
|
|
} |
|
61
|
|
|
|
|
62
|
|
|
table.eaptable td { |
|
63
|
|
|
background:#F0F0F0; |
|
64
|
|
|
} |
|
65
|
|
|
|
|
66
|
|
|
table.eaptable th { |
|
67
|
|
|
background:#F0F0F0; |
|
68
|
|
|
} |
|
69
|
|
|
|
|
70
|
|
|
#eap_bottom_row td { |
|
71
|
|
|
border-top-color: #888; |
|
72
|
|
|
border-top-style: solid; |
|
73
|
|
|
border-top-width: 2px; |
|
74
|
|
|
} |
|
75
|
|
|
|
|
76
|
|
|
#eap_bottom_row th { |
|
77
|
|
|
border-top-color: #888; |
|
78
|
|
|
border-top-style: solid; |
|
79
|
|
|
border-top-width: 2px; |
|
80
|
|
|
} |
|
81
|
|
|
|
|
82
|
|
|
#supported_eap { |
|
83
|
|
|
background: green; |
|
84
|
|
|
padding: 5px; |
|
85
|
|
|
} |
|
86
|
|
|
|
|
87
|
|
|
#unsupported_eap { |
|
88
|
|
|
background: red; |
|
89
|
|
|
padding: 5px; |
|
90
|
|
|
} |
|
91
|
|
|
|
|
92
|
|
|
</style> |
|
93
|
|
|
<script> |
|
94
|
|
|
$(function () { |
|
95
|
|
|
$("#sortable1, #sortable2").sortable({ |
|
96
|
|
|
connectWith: "ol.eapmethods", |
|
97
|
|
|
tolerance: 'pointer', |
|
98
|
|
|
out: function (event, ui) { |
|
99
|
|
|
ui.item.toggleClass("eap1"); |
|
100
|
|
|
}, |
|
101
|
|
|
stop: function (event, ui) { |
|
102
|
|
|
$(".eapm").removeAttr('value'); |
|
103
|
|
|
$(".eapmv").removeAttr('value'); |
|
104
|
|
|
$("#sortable1").children().each(function (index) { |
|
105
|
|
|
i = index + 1; |
|
106
|
|
|
v = $(this).html(); |
|
107
|
|
|
$("#EAP-" + v).val(v); |
|
108
|
|
|
$("#EAP-" + v + "-priority").val(i); |
|
109
|
|
|
}); |
|
110
|
|
|
} |
|
111
|
|
|
}).disableSelection(); |
|
112
|
|
|
}); |
|
113
|
|
|
</script> |
|
114
|
|
|
<!-- EAP sorting code end --> |
|
115
|
|
|
<?php |
|
116
|
|
|
// initialize inputs |
|
117
|
|
|
$my_inst = $validator->IdP($_GET['inst_id'], $_SESSION['user']); |
|
118
|
|
|
$anonLocal = "anonymous"; |
|
119
|
|
|
$useAnon = FALSE; |
|
120
|
|
|
$checkuserOuter = FALSE; |
|
121
|
|
|
$checkuserValue = "anonymous"; |
|
122
|
|
|
$verify = FALSE; |
|
123
|
|
|
$hint = FALSE; |
|
124
|
|
|
$realm = ""; |
|
125
|
|
|
$prefill_name = ""; |
|
126
|
|
|
$blacklisted = FALSE; |
|
127
|
|
|
|
|
128
|
|
|
if (isset($_GET['profile_id'])) { // oh! We should edit an existing profile, not create a new one! |
|
129
|
|
|
$wizardStyle = FALSE; |
|
130
|
|
|
$my_profile = $validator->Profile($_GET['profile_id'], $my_inst->identifier); |
|
131
|
|
|
if (!$my_profile instanceof \core\ProfileRADIUS) { |
|
132
|
|
|
throw new Exception("This page is only for editing RADIUS profiles!"); |
|
133
|
|
|
} |
|
134
|
|
|
|
|
135
|
|
|
$useAnon = $my_profile->getAttributes("internal:use_anon_outer"); |
|
136
|
|
|
if (count($useAnon) > 0) { |
|
137
|
|
|
$useAnon = $useAnon[0]['value']; |
|
138
|
|
|
$anonLocal = $my_profile->getAttributes("internal:anon_local_value")[0]['value']; |
|
139
|
|
|
} |
|
140
|
|
|
|
|
141
|
|
|
$checkuserOuter = $my_profile->getAttributes("internal:checkuser_outer"); |
|
142
|
|
|
if (count($checkuserOuter) > 0) { |
|
143
|
|
|
$checkuserOuter = $checkuserOuter[0]['value']; |
|
144
|
|
|
$checkuserValue = $my_profile->getAttributes("internal:checkuser_value")[0]['value']; |
|
145
|
|
|
} |
|
146
|
|
|
|
|
147
|
|
|
$verify = $my_profile->getAttributes("internal:verify_userinput_suffix")[0]['value']; |
|
148
|
|
|
$hint = $my_profile->getAttributes("internal:hint_userinput_suffix")[0]['value']; |
|
149
|
|
|
$realm = $my_profile->getAttributes("internal:realm")[0]['value']; |
|
150
|
|
|
|
|
151
|
|
|
$prefill_name = $my_profile->name; |
|
152
|
|
|
$prefill_methods = $my_profile->getEapMethodsinOrderOfPreference(); |
|
153
|
|
|
$profile_options = $my_profile->getAttributes(); |
|
154
|
|
|
// is there a general redirect? it is one which have device = 0 |
|
155
|
|
|
$blacklistedDevices = $my_profile->getAttributes("device-specific:redirect"); |
|
156
|
|
|
$blacklisted = FALSE; |
|
157
|
|
|
foreach ($blacklistedDevices as $oneDevice) { |
|
158
|
|
|
if ($oneDevice['device'] == NULL) { |
|
159
|
|
|
$blacklistedArray = $oneDevice['value']; |
|
160
|
|
|
$blacklisted = $blacklistedArray['content']; |
|
161
|
|
|
} |
|
162
|
|
|
} |
|
163
|
|
|
} else { |
|
164
|
|
|
$wizardStyle = TRUE; |
|
165
|
|
|
$my_profile = NULL; |
|
166
|
|
|
$prefill_methods = []; |
|
167
|
|
|
$profile_options = []; |
|
168
|
|
|
} |
|
169
|
|
|
?> |
|
170
|
|
|
</head> |
|
171
|
|
|
<body> |
|
172
|
|
|
<?php |
|
173
|
|
|
echo $deco->productheader("ADMIN-IDP"); |
|
174
|
|
|
?> |
|
175
|
|
|
<h1> |
|
176
|
|
|
<?php |
|
177
|
|
|
if ($wizardStyle) { |
|
178
|
|
|
echo _("Step 3: Defining a user group profile"); |
|
179
|
|
|
} else { |
|
180
|
|
|
printf(_("Edit profile '%s' ..."), $prefill_name); |
|
181
|
|
|
} |
|
182
|
|
|
?> |
|
183
|
|
|
</h1> |
|
184
|
|
|
<?php |
|
185
|
|
|
echo $uiElements->instLevelInfoBoxes($my_inst); |
|
186
|
|
|
|
|
187
|
|
|
echo "<form enctype='multipart/form-data' action='edit_profile_result.php?inst_id=$my_inst->identifier" . ($my_profile !== NULL ? "&profile_id=" . $my_profile->identifier : "") . "' method='post' accept-charset='UTF-8'> |
|
188
|
|
|
<input type='hidden' name='MAX_FILE_SIZE' value='" . CONFIG['MAX_UPLOAD_SIZE'] . "'>"; |
|
189
|
|
|
$optionDisplay = new \web\lib\admin\OptionDisplay($profile_options, "Profile"); |
|
190
|
|
|
?> |
|
191
|
|
|
<fieldset class="option_container"> |
|
192
|
|
|
<legend> |
|
193
|
|
|
<strong><?php echo _("General Profile properties"); ?></strong> |
|
194
|
|
|
</legend> |
|
195
|
|
|
<?php |
|
196
|
|
|
if ($wizardStyle) { |
|
197
|
|
|
echo "<p>" . _("We will now define a profile for your user group(s). You can add as many profiles as you like by choosing the appropriate button on the end of the page. After we are done, the wizard is finished and you will be taken to the main IdP administration page.") . "</p>"; |
|
198
|
|
|
} |
|
199
|
|
|
?> |
|
200
|
|
|
<h3><?php echo _("Profile Name and RADIUS realm"); ?></h3> |
|
201
|
|
|
<?php |
|
202
|
|
|
if ($wizardStyle) { |
|
203
|
|
|
echo "<p>" . _("First of all we need a name for the profile. This will be displayed to end users, so you may want to choose a descriptive name like 'Professors', 'Students of the Faculty of Bioscience', etc.") . "</p>"; |
|
204
|
|
|
echo "<p>" . _("Optionally, you can provide a longer descriptive text about who this profile is for. If you specify it, it will be displayed on the download page after the user has selected the profile name in the list.") . "</p>"; |
|
205
|
|
|
echo "<p>" . _("You can also tell us your RADIUS realm. "); |
|
206
|
|
|
if (CONFIG['FUNCTIONALITY_LOCATIONS']['DIAGNOSTICS'] !== NULL) { |
|
207
|
|
|
printf(_("This is useful if you want to use the sanity check module later, which tests reachability of your realm in the %s infrastructure. "), CONFIG_CONFASSISTANT['CONSORTIUM']['display_name']); |
|
|
|
|
|
|
208
|
|
|
} |
|
209
|
|
|
echo _("It is required to enter the realm name if you want to support anonymous outer identities (see below).") . "</p>"; |
|
210
|
|
|
} |
|
211
|
|
|
|
|
212
|
|
|
echo $optionDisplay->prefilledOptionTable("profile"); |
|
213
|
|
|
?> |
|
214
|
|
|
<button type='button' class='newoption' onclick='getXML("profile")'><?php echo _("Add new option"); ?></button> |
|
215
|
|
|
<table> |
|
216
|
|
|
<?php |
|
217
|
|
|
?> |
|
218
|
|
|
<tr> |
|
219
|
|
|
|
|
220
|
|
|
<td> |
|
221
|
|
|
<label for="realm"> |
|
222
|
|
|
<?php echo _("Realm:"); ?> |
|
223
|
|
|
</label> |
|
224
|
|
|
</td> |
|
225
|
|
|
<td> |
|
226
|
|
|
<?php echo "<input id='realm' name='realm' value='$realm' onkeyup=' |
|
227
|
|
|
if (this.value.length > 0) |
|
228
|
|
|
{ this.form.elements[\"anon_support\"].removeAttribute(\"disabled\"); |
|
229
|
|
|
document.getElementById(\"anon_support_label\").removeAttribute(\"style\"); |
|
230
|
|
|
|
|
231
|
|
|
this.form.elements[\"checkuser_support\"].removeAttribute(\"disabled\"); |
|
232
|
|
|
document.getElementById(\"checkuser_label\").removeAttribute(\"style\"); |
|
233
|
|
|
|
|
234
|
|
|
document.getElementById(\"verify_label\").removeAttribute(\"style\"); |
|
235
|
|
|
document.getElementById(\"hint_label\").removeAttribute(\"style\"); |
|
236
|
|
|
|
|
237
|
|
|
} else |
|
238
|
|
|
{ this.form.elements[\"anon_support\"].checked = false; |
|
239
|
|
|
this.form.elements[\"anon_support\"].setAttribute(\"disabled\", \"disabled\"); |
|
240
|
|
|
this.form.elements[\"anon_local\"].setAttribute(\"disabled\", \"disabled\"); |
|
241
|
|
|
document.getElementById(\"anon_support_label\").setAttribute(\"style\", \"color:#999999\"); |
|
242
|
|
|
|
|
243
|
|
|
this.form.elements[\"checkuser_support\"].checked = false; |
|
244
|
|
|
this.form.elements[\"checkuser_support\"].setAttribute(\"disabled\", \"disabled\"); |
|
245
|
|
|
this.form.elements[\"checkuser_local\"].setAttribute(\"disabled\", \"disabled\"); |
|
246
|
|
|
document.getElementById(\"checkuser_label\").setAttribute(\"style\", \"color:#999999\"); |
|
247
|
|
|
|
|
248
|
|
|
this.form.elements[\"hint_support\"].checked = false; |
|
249
|
|
|
this.form.elements[\"hint_support\"].setAttribute(\"disabled\", \"disabled\"); |
|
250
|
|
|
|
|
251
|
|
|
document.getElementById(\"hint_label\").setAttribute(\"style\", \"color:#999999\"); |
|
252
|
|
|
};'/>"; ?> |
|
253
|
|
|
|
|
254
|
|
|
</td> |
|
255
|
|
|
|
|
256
|
|
|
</tr> |
|
257
|
|
|
|
|
258
|
|
|
</table> |
|
259
|
|
|
<h3><?php echo _("Realm Options"); ?></h3> |
|
260
|
|
|
|
|
261
|
|
|
<?php |
|
262
|
|
|
if ($wizardStyle) { |
|
263
|
|
|
echo "<p>" . sprintf(_("Some installers support a feature called 'Anonymous outer identity'. If you don't know what this is, please read <a href='%s'>this article</a>."), "https://confluence.terena.org/display/H2eduroam/eap-types") . "</p>"; |
|
264
|
|
|
echo "<p>" . _("On some platforms, the installers can suggest username endings and/or verify the user input to contain the realm suffix.") . "</p>"; |
|
265
|
|
|
echo "<p>" . _("The realm check feature needs to know an outer ID which actually gets a chance to authenticate. If your RADIUS server lets only select usernames pass, it is useful to supply the inforamtion which of those (outer ID) username we can use for testing.") . "</p>"; |
|
266
|
|
|
} |
|
267
|
|
|
?> |
|
268
|
|
|
<p> |
|
269
|
|
|
|
|
270
|
|
|
|
|
271
|
|
|
<!-- UI table to align elements--> |
|
272
|
|
|
<table> |
|
273
|
|
|
<tr> |
|
274
|
|
|
<!-- checkbox for "verify--> |
|
275
|
|
|
<td> |
|
276
|
|
|
<span id='verify_label'> |
|
277
|
|
|
<?php echo _("Verify user input to contain realm suffix:"); ?> |
|
278
|
|
|
</span> |
|
279
|
|
|
</td> |
|
280
|
|
|
<td> |
|
281
|
|
|
<input type='checkbox' <?php |
|
282
|
|
|
echo ($verify != FALSE ? "checked" : "" ); |
|
283
|
|
|
?> name='verify_support' onclick=' |
|
284
|
|
|
if (this.form.elements["verify_support"].checked !== true || this.form.elements["realm"].value.length == 0) { |
|
285
|
|
|
this.form.elements["hint_support"].setAttribute("disabled", "disabled"); |
|
286
|
|
|
} else { |
|
287
|
|
|
this.form.elements["hint_support"].removeAttribute("disabled"); |
|
288
|
|
|
} |
|
289
|
|
|
;'/> |
|
290
|
|
|
<span id='hint_label' style='<?php echo ($realm == "" ? "color:#999999" : "" ); ?>'> |
|
291
|
|
|
<?php echo _("Prefill user input with realm suffix:"); ?> |
|
292
|
|
|
</span> |
|
293
|
|
|
<input type='checkbox' <?php echo ($verify == FALSE ? "disabled" : "" ); ?> name='hint_support' <?php echo ( $hint != FALSE ? "checked" : "" ); ?> /> |
|
294
|
|
|
</td> |
|
295
|
|
|
</tr> |
|
296
|
|
|
<tr> |
|
297
|
|
|
|
|
298
|
|
|
<!-- checkbox and input field for anonymity support, available only when realm is known--> |
|
299
|
|
|
<td> |
|
300
|
|
|
<span id='anon_support_label' style='<?php echo ($realm == "" ? "color:#999999" : "" ); ?>'> |
|
301
|
|
|
<?php echo _("Enable Anonymous Outer Identity:"); ?> |
|
302
|
|
|
</span> |
|
303
|
|
|
</td> |
|
304
|
|
|
<td> |
|
305
|
|
|
<input type='checkbox' <?php echo ($useAnon != FALSE ? "checked" : "" ) . ($realm == "" ? " disabled" : "" ); ?> name='anon_support' onclick=' |
|
306
|
|
|
if (this.form.elements["anon_support"].checked !== true) { |
|
307
|
|
|
this.form.elements["anon_local"].setAttribute("disabled", "disabled"); |
|
308
|
|
|
} else { |
|
309
|
|
|
this.form.elements["anon_local"].removeAttribute("disabled"); |
|
310
|
|
|
} |
|
311
|
|
|
;'/> |
|
312
|
|
|
<input type='text' <?php echo ($checkuserOuter == FALSE ? "disabled" : "" ); ?> name='anon_local' value='<?php echo $anonLocal; ?>'/> |
|
313
|
|
|
</td> |
|
314
|
|
|
</tr> |
|
315
|
|
|
<tr> |
|
316
|
|
|
|
|
317
|
|
|
<!-- checkbox and input field for check realm outer id, available only when realm is known--> |
|
318
|
|
|
<td> |
|
319
|
|
|
<span id='checkuser_label' style='<?php echo ($realm == "" ? "color:#999999" : "" ); ?>'> |
|
320
|
|
|
<?php echo _("Use special Outer Identity for realm checks:"); ?> |
|
321
|
|
|
</span> |
|
322
|
|
|
</td> |
|
323
|
|
|
<td> |
|
324
|
|
|
<input type='checkbox' <?php echo ($checkuserOuter != FALSE ? "checked" : "" ) . ($realm == "" ? " disabled" : "" ); ?> name='checkuser_support' onclick=' |
|
325
|
|
|
if (this.form.elements["checkuser_support"].checked !== true) { |
|
326
|
|
|
this.form.elements["checkuser_local"].setAttribute("disabled", "disabled"); |
|
327
|
|
|
} else { |
|
328
|
|
|
this.form.elements["checkuser_local"].removeAttribute("disabled"); |
|
329
|
|
|
} |
|
330
|
|
|
;'/> |
|
331
|
|
|
<input type='text' <?php echo ($checkuserOuter == FALSE ? "disabled" : "" ); ?> name='checkuser_local' value='<?php echo $checkuserValue; ?>'/> |
|
332
|
|
|
</td> |
|
333
|
|
|
</tr> |
|
334
|
|
|
</table> |
|
335
|
|
|
</p> |
|
336
|
|
|
|
|
337
|
|
|
<h3><?php echo _("Installer Download Location"); ?></h3> |
|
338
|
|
|
|
|
339
|
|
|
<?php |
|
340
|
|
|
if ($wizardStyle) { |
|
341
|
|
|
echo "<p>" . _("The CAT has a download area for end users. There, they will, for example, learn about the support pointers you entered earlier. The CAT can also immediately offer the installers for the profile for download. If you don't want that, you can instead enter a web site location where you want your users to be redirected to. You, as the administrator, can still download the profiles to place them on that page (see the 'Compatibility Matrix' button on the dashboard).") . "</p>"; |
|
342
|
|
|
} |
|
343
|
|
|
?> |
|
344
|
|
|
<p> |
|
345
|
|
|
|
|
346
|
|
|
<?php |
|
347
|
|
|
echo "<span id='redirect_label' style='" . ($realm == "" ? "color:#999999" : "" ) . "'><label for='redirect'>" . _("Redirect end users to own web page:") . "</label></span> |
|
348
|
|
|
<input type='checkbox' name='redirect' id='redirect' " . ($blacklisted === FALSE ? "" : "checked " ) . "onclick=' |
|
349
|
|
|
if (this.form.elements[\"redirect\"].checked != true) { |
|
350
|
|
|
this.form.elements[\"redirect_target\"].setAttribute(\"disabled\", \"disabled\"); |
|
351
|
|
|
} else { |
|
352
|
|
|
this.form.elements[\"redirect_target\"].removeAttribute(\"disabled\"); |
|
353
|
|
|
};'/> |
|
354
|
|
|
<input type='text' name='redirect_target' " . ($blacklisted !== FALSE ? "value='$blacklisted'" : "disabled" ) . "/>"; |
|
355
|
|
|
?> |
|
356
|
|
|
</p> |
|
357
|
|
|
|
|
358
|
|
|
</fieldset> |
|
359
|
|
|
<fieldset class="option_container"> |
|
360
|
|
|
<legend><strong><?php echo _("Supported EAP types"); ?></strong></legend> |
|
361
|
|
|
<?php |
|
362
|
|
|
if ($wizardStyle) { |
|
363
|
|
|
echo "<p>" . _("Now, we need to know which EAP types your IdP supports. If you support multiple EAP types, you can assign every type a priority (1=highest). This tool will always generate an automatic installer for the EAP type with the highest priority; only if the user's device can't use that EAP type, we will use an EAP type further down in the list.") . "</p>"; |
|
364
|
|
|
} |
|
365
|
|
|
?> |
|
366
|
|
|
<?php |
|
367
|
|
|
|
|
368
|
|
|
/** |
|
369
|
|
|
* creates HTML code which lists the EAP types in their desired property order. |
|
370
|
|
|
* |
|
371
|
|
|
* @param string $eapType |
|
372
|
|
|
* @param bool $isenabled |
|
373
|
|
|
* @param int $priority |
|
374
|
|
|
*/ |
|
375
|
|
|
function priority(string $eapType, bool $isenabled, int $priority) { |
|
376
|
|
|
echo "<td><select id='$eapType-priority' name='$eapType-priority' " . (!$isenabled ? "disabled='disabled'" : "") . ">"; |
|
377
|
|
|
for ($a = 1; $a < 7; $a = $a + 1) { |
|
378
|
|
|
echo "<option id='$eapType-$a' value='$a' " . ( $isenabled && $a == $priority ? "selected" : "" ) . ">$a</option>"; |
|
379
|
|
|
} |
|
380
|
|
|
echo "</select></td>"; |
|
381
|
|
|
} |
|
382
|
|
|
|
|
383
|
|
|
/** |
|
384
|
|
|
* Displays HTML code which displays the EAP options inherited from IdP-wide config. |
|
385
|
|
|
* |
|
386
|
|
|
* Since CAT-next does not allow to set EAP properties IdP-wide any more, this is probably useless and can be deleted at some point. |
|
387
|
|
|
* |
|
388
|
|
|
* @param array $idpwideoptions |
|
389
|
|
|
* @param string $eapType |
|
390
|
|
|
* @param bool $isVisible |
|
391
|
|
|
*/ |
|
392
|
|
|
function inherited_options($idpwideoptions, $eapType, $isVisible) { |
|
393
|
|
|
echo "<td><div style='" . (!$isVisible ? "visibility:hidden" : "") . "' class='inheritedoptions' id='$eapType-inherited-global'>"; |
|
394
|
|
|
|
|
395
|
|
|
$eapoptions = []; |
|
396
|
|
|
|
|
397
|
|
|
foreach ($idpwideoptions as $option) { |
|
398
|
|
|
if ($option['level'] == "IdP" && preg_match('/^eap/', $option['name'])) { |
|
399
|
|
|
$eapoptions[] = $option['name']; |
|
400
|
|
|
} |
|
401
|
|
|
} |
|
402
|
|
|
|
|
403
|
|
|
$eapoptionsNames = array_count_values($eapoptions); |
|
404
|
|
|
|
|
405
|
|
|
if (count($eapoptionsNames) > 0) { |
|
406
|
|
|
echo "<strong>" . _("EAP options inherited from Global level:") . "</strong><br />"; |
|
407
|
|
|
foreach ($eapoptionsNames as $optionname => $count) { |
|
408
|
|
|
/// option count and enumeration |
|
409
|
|
|
/// Example: "(3x) Server Name" |
|
410
|
|
|
$uiElements = new web\lib\admin\UIElements(); |
|
411
|
|
|
printf(_("(%dx) %s") . "<br />", $count, $uiElements->displayName($optionname)); |
|
412
|
|
|
} |
|
413
|
|
|
} |
|
414
|
|
|
|
|
415
|
|
|
echo "</div></td>"; |
|
416
|
|
|
} |
|
417
|
|
|
|
|
418
|
|
|
$methods = \core\common\EAP::listKnownEAPTypes(); |
|
419
|
|
|
?> |
|
420
|
|
|
|
|
421
|
|
|
<?php |
|
422
|
|
|
// new EAP sorting code |
|
423
|
|
|
|
|
424
|
|
|
foreach ($methods as $a) { |
|
425
|
|
|
$display = $a->getPrintableRep(); |
|
426
|
|
|
$enabled = FALSE; |
|
427
|
|
|
foreach ($prefill_methods as $prio => $value) { |
|
428
|
|
|
if ($a->getPrintableRep() == $value->getPrintableRep()) { |
|
429
|
|
|
$enabled = TRUE; |
|
430
|
|
|
$countactive = $prio + 1; |
|
431
|
|
|
} |
|
432
|
|
|
} |
|
433
|
|
|
} |
|
434
|
|
|
?> |
|
435
|
|
|
<div> |
|
436
|
|
|
<table style="border:none"> |
|
437
|
|
|
<tr> |
|
438
|
|
|
<th style="vertical-align:top; padding:1em"> |
|
439
|
|
|
<?php echo _('Supported EAP types for this profile'); ?> |
|
440
|
|
|
</th> |
|
441
|
|
|
<td id="supported_eap"> |
|
442
|
|
|
<ol id="sortable1" class="eapmethods"> |
|
443
|
|
|
<?php |
|
444
|
|
|
$D = []; |
|
445
|
|
|
foreach ($prefill_methods as $prio => $value) { |
|
446
|
|
|
print '<li>' . $value->getPrintableRep() . "</li>\n"; |
|
447
|
|
|
$D[$value->getPrintableRep()] = $prio; |
|
448
|
|
|
} |
|
449
|
|
|
?> |
|
450
|
|
|
</ol> |
|
451
|
|
|
</td> |
|
452
|
|
|
<td rowspan=3 style="text-align:center; width:12em; padding:1em"> |
|
453
|
|
|
<?php echo _('Use "drag & drop" to mark an EAP method and move it to the supported (green) area. Prioritisation is done automatically, depending on where you "drop" the method.'); ?> |
|
454
|
|
|
</td> |
|
455
|
|
|
</tr> |
|
456
|
|
|
<tr id="eap_bottom_row"> |
|
457
|
|
|
<td colspan="2"> </td> |
|
458
|
|
|
</tr> |
|
459
|
|
|
<tr> |
|
460
|
|
|
<th style="vertical-align:top; padding:1em"> |
|
461
|
|
|
<?php echo _('Unsupported EAP types'); ?> |
|
462
|
|
|
</th> |
|
463
|
|
|
<td style="vertical-align:top" id="unsupported_eap"> |
|
464
|
|
|
<ol id="sortable2" class="eapmethods"> |
|
465
|
|
|
<?php |
|
466
|
|
|
foreach ($methods as $a) { |
|
467
|
|
|
if ($a == \core\common\EAP::EAPTYPE_SILVERBULLET) { |
|
468
|
|
|
continue; |
|
469
|
|
|
} |
|
470
|
|
|
$display = $a->getPrintableRep(); |
|
471
|
|
|
if (!isset($D[$a->getPrintableRep()])) { |
|
472
|
|
|
print '<li class="eap1">' . $a->getPrintableRep() . "</li>\n"; |
|
473
|
|
|
} |
|
474
|
|
|
} |
|
475
|
|
|
?> |
|
476
|
|
|
</ol> |
|
477
|
|
|
</td> |
|
478
|
|
|
</tr> |
|
479
|
|
|
</table> |
|
480
|
|
|
</div> |
|
481
|
|
|
<?php |
|
482
|
|
|
foreach ($methods as $a) { |
|
483
|
|
|
$display = $a->getPrintableRep(); |
|
484
|
|
|
$v = isset($D[$display]) ? $D[$display] : ''; |
|
485
|
|
|
print '<input type="hidden" class="eapm" name="' . $display . '" id="EAP-' . $display . '" value="' . $display . '">'; |
|
486
|
|
|
print '<input type="hidden" class="eapmv" name="' . $display . '-priority" id="EAP-' . $display . '-priority" value="' . $v . '">'; |
|
487
|
|
|
} |
|
488
|
|
|
?> |
|
489
|
|
|
<br style="clear:both;" /> |
|
490
|
|
|
</fieldset> |
|
491
|
|
|
<?php |
|
492
|
|
|
$idp_options = $my_inst->getAttributes(); |
|
493
|
|
|
|
|
494
|
|
|
$optionsAlreadySet = array_column($idp_options, "name"); |
|
495
|
|
|
|
|
496
|
|
|
$has_support_options = []; |
|
497
|
|
|
$has_media_options = []; |
|
498
|
|
|
$has_eap_options = []; |
|
499
|
|
|
$support_text = ""; |
|
500
|
|
|
$media_text = ""; |
|
501
|
|
|
$eap_text = ""; |
|
502
|
|
|
|
|
503
|
|
|
foreach ($optionsAlreadySet as $optionNames) { |
|
504
|
|
|
if (preg_match("/^support:/", $optionNames)) { |
|
505
|
|
|
$has_support_options[$optionNames] = "SET"; |
|
506
|
|
|
$support_text .= "<li><strong>" . $uiElements->displayName($optionNames) . "</strong></li>"; |
|
507
|
|
|
} |
|
508
|
|
|
if (preg_match("/^media:/", $optionNames)) { |
|
509
|
|
|
$has_media_options[$$optionNames] = "SET"; |
|
510
|
|
|
$media_text .= "<li><strong>" . $uiElements->displayName($optionNames) . "</strong></li>"; |
|
511
|
|
|
} |
|
512
|
|
|
} |
|
513
|
|
|
$fields = [ |
|
514
|
|
|
"support" => _("Helpdesk Details for this profile"), |
|
515
|
|
|
"eap" => _("EAP Details for this profile"), |
|
516
|
|
|
"media" => _("Media Properties for this profile")]; |
|
517
|
|
|
|
|
518
|
|
|
foreach ($fields as $name => $description) { |
|
519
|
|
|
echo "<fieldset class='option_container' id='" . $name . "_override'> |
|
520
|
|
|
<legend><strong>$description</strong></legend> |
|
521
|
|
|
<p>"; |
|
522
|
|
|
|
|
523
|
|
|
if (count(${"has_" . $name . "_options"}) > 0) { |
|
524
|
|
|
printf(ngettext("The option %s is already defined IdP-wide. If you set it here on profile level, this setting will override the IdP-wide one.", "The options %s are already defined IdP-wide. If you set them here on profile level, these settings will override the IdP-wide ones.", count(${"has_" . $name . "_options"})), "<ul>" . ${$name . "_text"} . "</ul>"); |
|
525
|
|
|
} |
|
526
|
|
|
|
|
527
|
|
|
echo "</p>"; |
|
528
|
|
|
echo $optionDisplay->prefilledOptionTable($name); |
|
529
|
|
|
echo "<button type='button' class='newoption' onclick='getXML(\"$name\")'>" . _("Add new option") . "</button>"; |
|
530
|
|
|
echo "</fieldset>"; |
|
531
|
|
|
} |
|
532
|
|
|
|
|
533
|
|
|
if ($wizardStyle) { |
|
534
|
|
|
echo "<p>" . _("When you are sure that everything is correct, please click on 'Save data' and you will be taken to your IdP Dashboard page.") . "</p>"; |
|
535
|
|
|
} |
|
536
|
|
|
echo "<p><button type='submit' name='submitbutton' value='" . web\lib\common\FormElements::BUTTON_SAVE . "'>" . _("Save data") . "</button><button type='button' class='delete' name='abortbutton' value='abort' onclick='javascript:window.location = \"overview_idp.php?inst_id=$my_inst->identifier\"'>" . _("Discard changes") . "</button></p></form>"; |
|
537
|
|
|
echo $deco->footer(); |
|
538
|
|
|
|
GEANT /
CAT
Loading history...