diff --git a/.editorconfig b/.editorconfig index a9556338f..091cb37ed 100644 --- a/.editorconfig +++ b/.editorconfig @@ -13,3 +13,6 @@ max_line_length = 180 [*.py] indent_size = 4 + +[*.{php,php.j2}] +indent_size = 4 diff --git a/roles/diyidp/defaults/main.yml b/roles/diyidp/defaults/main.yml index f2e8ca303..b32071843 100644 --- a/roles/diyidp/defaults/main.yml +++ b/roles/diyidp/defaults/main.yml @@ -1,18 +1,22 @@ --- diyidp_domain: "diyidp.{{ base_domain }}" diyidp_cert: "diyidp.crt" -diyidp: +diyidp_db: db_host: "{{ mariadb_host }}" - db_name: diyidp - db_user: diyidprw + db_name: "diyidp" + db_user: "diyidprw" db_password: "{{ mysql_passwords.diyidp }}" secretsalt: "{{ diyidp_secret_salt }} " admin_password: "{{ diyidp_secret }}" -diyidp_secret_salt: secretsecret -diyidp_secret: secret +diyidp_theme: "theme_diyidp:diyidp" +diyidp_secret_salt: "diyidp_secretsecret" +diyidp_secret: "diyidp_secret" diyidp_remotesp: - name: "{{ instance_name }} SP metadata" metadataurl: "https://engine.{{ base_domain }}/authentication/sp/metadata" acslocation: "https://engine.{{ base_domain }}/authentication/sp/consume-assertion" diyidp_docker_networks: - name: "loadbalancer" + +# set this to add extra users to the default. See vars/main.yml +diyidp_users_extra: [] diff --git a/roles/diyidp/files/diyidp.sql b/roles/diyidp/files/diyidp.sql deleted file mode 100644 index d1fe10522..000000000 --- a/roles/diyidp/files/diyidp.sql +++ /dev/null @@ -1,62 +0,0 @@ --- MySQL dump 10.16 Distrib 10.1.28-MariaDB, for Linux (x86_64) --- --- Host: localhost Database: diyidp --- ------------------------------------------------------ --- Server version 10.1.28-MariaDB - -/*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */; -/*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */; -/*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */; -/*!40101 SET NAMES utf8 */; -/*!40103 SET @OLD_TIME_ZONE=@@TIME_ZONE */; -/*!40103 SET TIME_ZONE='+00:00' */; -/*!40014 SET @OLD_UNIQUE_CHECKS=@@UNIQUE_CHECKS, UNIQUE_CHECKS=0 */; -/*!40014 SET @OLD_FOREIGN_KEY_CHECKS=@@FOREIGN_KEY_CHECKS, FOREIGN_KEY_CHECKS=0 */; -/*!40101 SET @OLD_SQL_MODE=@@SQL_MODE, SQL_MODE='NO_AUTO_VALUE_ON_ZERO' */; -/*!40111 SET @OLD_SQL_NOTES=@@SQL_NOTES, SQL_NOTES=0 */; - --- --- Table structure for table `users` --- - -DROP TABLE IF EXISTS `users`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE `users` ( - `uid` varchar(128) DEFAULT NULL, - `cn` varchar(128) DEFAULT NULL, - `givenName` varchar(128) DEFAULT NULL, - `sn` varchar(128) DEFAULT NULL, - `mail` varchar(128) DEFAULT NULL, - `displayName` varchar(128) DEFAULT NULL, - `schacHomeOrganization` varchar(128) DEFAULT NULL, - `password` varchar(128) DEFAULT NULL, - `username` varchar(128) DEFAULT NULL, - `eduPersonEntitlement` varchar(128) DEFAULT NULL, - `eduPersonAffiliation` varchar(128) DEFAULT NULL, - `isMemberOf` varchar(128) DEFAULT NULL, - `schacPersonalUniqueCode` varchar(256) DEFAULT NULL, - `eduPersonScopedAffiliation` varchar(256) DEFAULT NULL -) ENGINE=MyISAM DEFAULT CHARSET=utf8; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Dumping data for table `users` --- - -LOCK TABLES `users` WRITE; -/*!40000 ALTER TABLE `users` DISABLE KEYS */; -INSERT INTO `users` VALUES ('student1','Student One','Student','One','student1@diy.surfconext.nl','Student One','diy.surfconext.nl','student1','student1',NULL,'member','urn:collab:org:surf.nl','urn:schac:personalUniqueCode:nl:local:diy.surfconext.nl:studentid:123456','member@cs.diy.surfconext.nl'),('FyHah7$J','Student Two','Student','Two','s1869831907@example.org','Student Two','diy.surfconext.nl','student2','student2',NULL,'member','urn:collab:org:surf.nl','urn:schac:personalUniqueCode:nl:local:diy.surfconext.nl:studentid:223456','member@cs.diy.surfconext.nl'),('student3',NULL,NULL,'Three','student3@diy.surfconext.nl','Student Three','diy.surfconext.nl','student3','student3',NULL,'member','urn:collab:org:surf.nl','urn:schac:personalUniqueCode:nl:local:diy.surfconext.nl:studentid:323456','member@physics2.diy.surfconext.nl'),('viggo7','Christian Godfried Viggo Lind','Godfried','Viggo','Godfried.Viggo@unidenmark-example.dk','Godfried Viggo','unidenmark-example.dk','student4','student4',NULL,'student','urn:collab:org:surf.nl','urn:schac:personalUniqueCode:nl:local:unidenmark-example.dk:studentid:323456',NULL),('U3342109','髙橋 大輔','Daisuke','Takahashi','U3342109@exchange-example.edu','Daisuke Takahashi','exchange-example.edu','student5','student5',NULL,'member','urn:collab:org:exchange-university.org','urn:schac:personalUniqueCode:nl:local:exchange-example.edu:studentid:s123456','member@phys.exchange-example.edu'),('U6789003','Phùng Thị Lệ Tư','Phùng Thị','Lệ Tư','U6789003@exchange-example.edu','Phùng Thị Lệ Tư','home-university-example.org','student6','student6',NULL,'member','urn:collab:org:surf.nl','urn:schac:personalUniqueCode:nl:local:uniamsterdam-example.nl:studentid:123456','member@phys.home-university-example.org'),('jsanden','Jaantje van der Sanden','Jaantje','van der Sanden','jsanden@uniamsterdam-example.nl','Jaantje van der Sanden','uniamsterdam-example.nl','student7','student7','urn:x-surfnet:surf.nl:surfdrive-example:quota:50','member','urn:collab:org:surf.nl','urn:schac:personalUniqueCode:nl:local:uniamsterdam-example.nl:studentid:123456','member@acounting.uniamsterdam-example.nl'),('s445599','Alessandra Gómez Llarnas','Alessandra','Gómez Llarnas','s445599@universitatmadrid-example.es','Alessandra Gómez Llarnas','universitatmadrid-example','student8','student8',NULL,'member','urn:collab:org:surf.nl','urn:schac:personalUniqueCode:nl:local:universitatmadrid-example:studentid:123456','member@acounting.test.cs.universitatmadrid-example'),('abriseno','Augustus Padrón Briseño','August','Briseño','A.Briseno@universitatmadrid-example.es','August Briseño','universitatmadrid-example.es','student9','student9',NULL,'member','urn:collab:org:surf.nl','urn:schac:personalUniqueCode:nl:local:universitatmadrid-example:studentid:S123456','member@students.universitatmadrid-example.es'),('s134567','邵靜宜','Shao','Jingy','s134567@pkuni.edu-example.cn','Shao Jingy','pkuni.edu-example.cn','student10','student10',NULL,'member','urn:collab:org:surf.nl','urn:schac:personalUniqueCode:nl:local:pkuni.edu-example.cn:studentid:s10513456','member@students.2010.pkuni.edu-example.cn'),('U9088123','Roman Švejda','Roman','Švejda','U9088123@uni.poznantech-example.pl','Roman Švejda','uni.poznantech-example.pl','student11','student11',NULL,'member','urn:collab:org:surf.nl','urn:schac:personalUniqueCode:nl:local:uni.poznantech-example.pl:studentid:S123456','member@cs.uni.poznantech-example.pl'),('U7128109','Anna Rybínová','Anna','Rybínová','U7128109@uni.poznantech-example.pl','Anna Rybínová','uni.poznantech-example.pl','student12','student12',NULL,'member','urn:collab:org:surf.nl','urn:schac:personalUniqueCode:nl:local:uni.poznantech-example.pl:studentid:S124456','member@cs.uni.poznantech-example.pl'),('p0987743','Li Qin Ch\'ien','Li Qin','Ch\'ien','p0987743@pkuni.edu-example.cn','Li Qin Ch\'ien','pkuni.edu-example.cn','student13','student13',NULL,'member','urn:collab:org:surf.nl','urn:schac:personalUniqueCode:nl:local:pkuni.edu-example.cn:studentid:1124456','member@math.pkuni.edu-example.cn'),('student14','Martin Nikolaus Jørgensen','Martin','Jørgensen','jorgensen07@stockholmuni-example.se','Martin N. Jørgensen','stockholmuni-example.se','student14','student14',NULL,'member','urn:collab:org:sunet-example.se','urn:schac:personalUniqueCode:nl:local:stockholmuni-example.se:studentid:123456','member@math.stockholmuni-example.se'),('student15','Sander Johan Kjær','Sander','Kjær','kjaer11@stockholmuni-example.se','Sander J. Kjær','stockholmuni-example.se','student15','student15',NULL,'member','urn:collab:org:sunet-example.se','urn:schac:personalUniqueCode:nl:local:stockholmuni-example.se:studentid:223456','member@stockholmuni-example.se'),('student16','Erôss Neci','Erôss','Neci','eross.neci@kuni.edu-example.tr','Erôss Neci','kuni.edu-example.tr','student16','student16',NULL,'member','urn:collab:org:surf.nl','urn:schac:personalUniqueCode:nl:local:kuni.edu-example.tr:studentid:123456','member@ac.kuni.edu-example.tr'),('student17','Kocsis Szescõ','Kocsis','Szescõ','kocsis.szesco@kuni.edu-example.tr','Kocsis Szescõ','kuni.edu-example.tr','student17','student17',NULL,'member','urn:collab:org:surf.nl','urn:schac:personalUniqueCode:nl:local:kuni.edu-example.tr:studentid:s123456','member@ac.kuni.edu-example.tr'),('student18','Marjanca Muršić','Marjanca','Muršić','Marjanca.Mursic@kuni.edu-example.tr','Marjanca Muršić','kuni.edu-example.tr','student18','student18',NULL,'member','urn:collab:org:surf.nl','urn:schac:personalUniqueCode:nl:local:kuni.edu-example.tr:studentid:s123456','member@ac.kuni.edu-example.tr'),('student19','Petra Penttilä','Petra','Penttilä','ppenttila@university-example.org','Petra Penttilä','university-example.org','student19','student19',NULL,'member','urn:collab:org:surf.nl','urn:schac:personalUniqueCode:nl:local:unidenmark-example.dk:studentid:123456','member@test.university-example.org'),('student20','Jóney Ingólfsdóttir','Jóney','Ingólfsdóttir','Joney.Ingolfsdottir@unidenmark-example.dk','Jóney Ingólfsdóttir','unidenmark-example.dk','student20','student20',NULL,'member','urn:collab:org:surf.nl','urn:schac:personalUniqueCode:nl:local:unidenmark-example.dk:studentid:s20513456','member@employee.unidenmark-example.dk'),('jstiglitz','Joseph Eugene Stiglitz','Joseph','Stiglitz','J.E.Stiglitz@harvard-example.edu','Joseph Stiglitz','harvard-example.edu','teacher1','teacher1',NULL,'member','urn:collab:org:surf.nl','urn:schac:personalUniqueCode:nl:local:harvard-example.edu:employeeid:123456','member@cs.harvard-example.edu'),('pkrugman','Prof. Paul Robin Krugman','Paul','Krugman','P.R.Krugman@harvard-example.edu','Paul Krugman','harvard-example.edu','teacher2','teacher2',NULL,'member','urn:collab:org:surf.nl','urn:schac:personalUniqueCode:nl:local:harvard-example.edu:employeeid:s123456','member@harvard-example.edu'),('bbernanke','Ben Shalom Bernanke','Ben','Bernanke','B.S.Bernanke@yale-uni-example.edu','Ben Bernanke','yale-uni-example.edu','teacher3','teacher3',NULL,'member','urn:collab:org:surf.nl','urn:schac:personalUniqueCode:nl:local:yale-uni-example.edu:employeeid:123456','member@biology.yale-uni-example.edu'),('agreenspan','Alan Greenspan','Alan','Greenspan','A.Greenspan@yale-uni-example.edu','Alan Greenspan','yale-uni-example.edu','teacher4','teacher4',NULL,'member','urn:collab:org:surf.nl','urn:schac:personalUniqueCode:nl:local:yale-uni-example.edu:employeeid:s123456','member@biology.yale-uni-example.edu'),('am_ampere','André-Marie Ampère','André-Marie','Ampère','am_ampere@electrical-uni-example.edu','André-Marie Ampère','electrical-uni-example.edu','teacher5','teacher5',NULL,'member','urn:collab:org:surf.nl','urn:schac:personalUniqueCode:nl:local:electrical-uni-example.edu:employeeid:s123456','member@social.electrical-uni-example.edu'),('w_rontgen','Wilhelm Conrad Röntgen','Wilhelm','Röntgen','w_rontgen@electrical-uni-example.edu','Wilhelm Röntgen','electrical-uni-example.edu','teacher6','teacher6',NULL,'employee','urn:collab:org:surf.nl','urn:schac:personalUniqueCode:nl:local:electrical-uni-example.edu:employeeid:123456','employee@social.electrical-uni-example.edu'),('m_faraday','Michael Faraday FRS','Michael','Faraday','m_faraday@electrical-uni-example.edu','Michael Faraday','electrical-uni-example.edu','teacher7','teacher7',NULL,'member','urn:collab:org:surf.nl','urn:schac:personalUniqueCode:nl:local:electrical-uni-example.edu:employeeid:213456','member@cs.electrical-uni-example.edu'),('n_tesla','Nikola Tesla','Nikola','Tesla','n_tesla@electrical-uni-example.edu','Nikola Tesla','electrical-uni-example.edu','teacher8','teacher8',NULL,'member','urn:collab:org:surf.nl','urn:schac:personalUniqueCode:nl:local:electrical-uni-example.edu:employeeid:e813456','member@accounting.electrical-uni-example.edu'),('teacher9','William Henry Gates III','Bill','Gates','bill.gates@stanford-example.edu','Bill Gates','stanford-example.edu','teacher9','teacher9',NULL,'member','urn:collab:org:surf.nl','urn:schac:personalUniqueCode:nl:local:stanford-example.edu:employeeid:e913456','member@ca.stanford-example.edu'),('teacher10','Steven Paul Jobs','Steve','Jobs','steve.jobs@stanford-example.edu','Steve Jobs','stanford-example.edu','teacher10','teacher10',NULL,'member','urn:collab:org:surf.nl','urn:schac:personalUniqueCode:nl:local:stanford-example.edu:employeeid:1013456','member@ca.stanford-example.edu'),('jweeler','Joseph Weeler','Joseph','Weeler','Joseph+Weeler@university-example.org','Joseph Weeler','university-example.org','staff1','staff1',NULL,'member','urn:collab:org:surf.nl','urn:schac:personalUniqueCode:nl:local:university-example.org:memberid:m123456','member@accounting.university-example.org'),('awest','Anthony West','Anthony','West','Anthony_West@university-example.org','Anthony West','university-example.org','staff2','staff2',NULL,'member','urn:collab:org:surf.nl','urn:schac:personalUniqueCode:nl:local:university-example.org:memberid:m213456','member@student.university-example.org'),('oburton','Oscar Burton','Oscar','Burton','Osc@r__Burton@university-example.org','Oscar Burton','university-example.org','staff3','staff3',NULL,'employee','urn:collab:org:surf.nl','urn:schac:personalUniqueCode:nl:local:university-example.org:memberid:m313456','employee@physics'),('belfort','Jordan Ross Belfort','Jordan','Belfort','Jordan.Belfort@harvard-example.edu','Jordan R. Belfort','harvard-example.edu','professor1','professor1',NULL,'member','urn:collab:org:surf.nl','urn:schac:personalUniqueCode:nl:local:harvard-example.edu:employeeid:e1523456','member@cs.harvard-example.edu'),('wynn','Steve Alen Wynn','Steve','Wynn','steve.Wynn@las.vegas.com','Steve Wynn','harvard-example.edu','professor2','professor2',NULL,'member','urn:collab:org:surf.nl','urn:schac:personalUniqueCode:nl:local:harvard-example.edu:employeeid:e2523456','member@cs.harvard-example.edu'),('isaac','Sir Isaac Newton','Isaac','Newton','isaacnewton@university-example.org','Isaac Newton','university-example.org','professor3','professor3',NULL,'member','urn:collab:org:surf.nl','urn:schac:personalUniqueCode:nl:local:harvard-example.edu:employeeid:e3523456','member@phys.university-example.org'),('g_ohm','Prof. Dr. Georg Simon Ohm','Georg','Ohm','georg.ohm@university-example.org','Georg Ohm','university-example.org','professor4','professor4',NULL,'member','urn:collab:org:surf.nl','urn:schac:personalUniqueCode:nl:local:harvard-example.edu:employeeid:e5523456','member@phys.university-example.org'),('jrockefeller','John Davison Rockefeller','John Davison','Rockefeller','John.D.Rockefeller@university-example.org','John D. Rockefeller','university-example.org','professor5','professor5',NULL,'member','urn:collab:org:surf.nl','urn:schac:personalUniqueCode:nl:local:university-example.org:employeeid:e513456','member@cool.university-example.org'),('s134567','Shao Jingyi','Shao','Jingy','shaojingy@gmail-example.com','Shao Jingy','pkuni.edu-example.cn','student10','student10',NULL,'student','urn:collab:org:surf.nl','urn:schac:personalUniqueCode:nl:local:pkuni.edu-example.cn:studentid:s10513456','student@95.pkuni.edu-example.cn'),('belfort','Jordan Ross Belfort','Jordan','Belfort','jordan@harvard-example.edu','Jordan R. Belfort','harvard-example.edu','professor1','professor1',NULL,'employee','urn:collab:org:surf.nl','urn:schac:personalUniqueCode:nl:local:harvard-example.edu:employeeid:e1523456','employee@acc.harvard-example.edu'),('belfort','Jordan Ross Belfort','Jordan','Belfort','Jordan.Belfort@harvard-example.edu','Jordan R. Belfort','harvard-example.edu','professor1','professor1','urn:mace:dir:entitlement:common-lib-terms-example','faculty','urn:collab:org:surf.nl','urn:schac:personalUniqueCode:nl:local:harvard-example.edu:employeeid:e1523456','faculty@cs.harvard-example.edu'),('U6789003','Phùng Thị Lệ Tư','Phùng Thị','Lệ Tư','LeTu02@home-university-example.org','Phùng Thị Lệ Tư','home-university-example.org','student6','student6','urn:mace:dir:entitlement:common-lib-terms-example','employee','urn:collab:org:surf.nl','urn:schac:personalUniqueCode:nl:local:uniamsterdam-example.nl:studentid:123456','employee@cs.home-university-example.org'),('U3342109','Daisuke Takahashi','Daisuke','Takahashi','U3342109@exchange-example.edu','Daisuke Takahashi','exchange-example.edu','student5','student5',NULL,'student','urn:collab:org:home-university.org','urn:schac:personalUniqueCode:nl:local:exchange-example.edu:studentid:s123456','student@cs.exchange-example.edu'),('U6789003','Phùng Thị Lệ Tư','Phùng Thị','Lệ Tư','LeTu02@home-university-example.org','Phùng Thị Lệ Tư','home-university-example.org','student6','student6',NULL,'student','urn:collab:org:surf.nl','urn:schac:personalUniqueCode:nl:local:uniamsterdam-example.nl:studentid:123456','student@saml.home-university-example.org'),('U6789003','Phùng Thị Lệ Tư','Phùng Thị','Lệ Tư','LeTu02@home-university-example.org','Phùng Thị Lệ Tư','home-university-example.org','student6','student6','urn:mace:terena.org:tcs:personal-user-example','staff','urn:collab:org:surf.nl','urn:schac:personalUniqueCode:nl:local:uniamsterdam-example.nl:studentid:123456','staff@oidc.home-university-example.org'),('jrockefeller','John Davison Rockefeller','John Davison','Rockefeller','John.D.Rockefeller@university-example.org','John D. Rockefeller','university-example.org','professor5','professor5',NULL,'employee','urn:collab:org:surf.nl','urn:schac:personalUniqueCode:nl:local:university-example.org:employeeid:e513456','employee@cs.university-example.org'),('wynn','Steve Alen Wynn','Steve','Wynn','Steve.Wynn@example-casino.com','Steve Wynn','harvard-example.edu','professor2','professor2',NULL,'employee','urn:collab:org:surf.nl','urn:schac:personalUniqueCode:nl:local:harvard-example.edu:employeeid:e2523456','employee@cs.harvard-example.edu'),('wynn','Steve Alen Wynn','Steve','Wynn','S.Wynn@harvard-example.edu','Steve Wynn','harvard-example.edu','professor2','professor2','urn:mace:dir:entitlement:common-lib-terms-example','faculty','urn:collab:org:surf.nl','urn:schac:personalUniqueCode:nl:local:harvard-example.edu:employeeid:e2523456','faculty@cs.harvard-example.edu'),('isaac','Sir Isaac Newton','Isaac','Newton','newton@university-example.org','Isaac Newton','university-example.org','professor3','professor3',NULL,'employee','urn:collab:org:surf.nl','urn:schac:personalUniqueCode:nl:local:harvard-example.edu:employeeid:e3523456','employee@cs.university-example.org'),('isaac','Sir Isaac Newton','Isaac','Newton','isaacnewton@university-example.org','Isaac Newton','university-example.org','professor3','professor3','urn:mace:dir:entitlement:common-lib-terms-example','faculty','urn:collab:org:surf.nl','urn:schac:personalUniqueCode:nl:local:harvard-example.edu:employeeid:e3523456','faculty@cs.university-example.org'),('student21','Pietje Puk','Pietje','Puk','Pietje.puk@exmplebilbioharderwijk.nl','Pietje Puk','exmplebilbioharderwijk.nl','student21','student21','','','','0',NULL),('pkrugman','Prof. Paul Robin Krugman','Paul','Krugman','Paul.Krugman@harvard-example.edu','Paul Krugman','harvard-example.edu','teacher2','teacher2',NULL,'employee','urn:collab:org:surf.nl','urn:schac:personalUniqueCode:nl:local:harvard-example.edu:employeeid:s123456','employee@acc.harvard-example.edu'),('g_ohm','Prof. Dr. Georg Simon Ohm','Georg','Ohm','georg.ohm@university-example.org','Georg Ohm','university-example.org','professor4','professor4',NULL,'employee','urn:collab:org:surf.nl','urn:schac:personalUniqueCode:nl:local:harvard-example.edu:employeeid:e5523456','employee@acc.university-example.org'),('g_ohm','Prof. Dr. Georg Simon Ohm','Georg','Ohm','georg.ohm@university-example.org','Georg Ohm','university-example.org','professor4','professor4','urn:mace:dir:entitlement:common-lib-terms-example','faculty','urn:collab:org:surf.nl','urn:schac:personalUniqueCode:nl:local:harvard-example.edu:employeeid:e5523456','faculty@acc.university-example.org'),('jrockefeller','John Davison Rockefeller','John Davison','Rockefeller','John.D.Rockefeller@university-example.org','John D. Rockefeller','university-example.org','professor5','professor5','urn:mace:dir:entitlement:common-lib-terms-example','faculty','urn:collab:org:surf.nl','urn:schac:personalUniqueCode:nl:local:university-example.org:employeeid:e513456','faculty@acc.university-example.org'),('jstiglitz','Joseph Eugene Stiglitz','Joseph','Stiglitz','Joseph.Stiglitz@harvard-example.edu','Joseph Stiglitz','harvard-example.edu','teacher1','teacher1',NULL,'employee','urn:collab:org:surf.nl','urn:schac:personalUniqueCode:nl:local:harvard-example.edu:employeeid:123456','employee@acc.harvard-example.edu'),('jstiglitz','Joseph Eugene Stiglitz','Joseph','Stiglitz','jstiglitz@harvard-example.edu','Joseph Stiglitz','harvard-example.edu','teacher1','teacher1','urn:mace:incommon.org:reg:education-example','faculty','urn:collab:org:surf.nl','urn:schac:personalUniqueCode:nl:local:harvard-example.edu:employeeid:123456','faculty@cs.acc.harvard-example.edu'),('pkrugman','Prof. Paul Robin Krugman','Paul','Krugman','pkrugman@harvard-example.edu','Paul Krugman','harvard-example.edu','teacher2','teacher2',NULL,'faculty','urn:collab:org:surf.nl','urn:schac:personalUniqueCode:nl:local:harvard-example.edu:employeeid:s123456',NULL),('bbernanke','Ben Shalom Bernanke','Ben','Bernanke','Ben.Bernanke@yale-uni-example.edu','Ben Bernanke','yale-uni-example.edu','teacher3','teacher3',NULL,'employee','urn:collab:org:surf.nl','urn:schac:personalUniqueCode:nl:local:yale-uni-example.edu:employeeid:123456','employee@123.yale-uni-example.edu'),('bbernanke','Ben Shalom Bernanke','Ben','Bernanke','bbernanke@yale-uni-example.edu','Ben Bernanke','yale-uni-example.edu','teacher3','teacher3',NULL,'faculty','urn:collab:org:co-example.org ','urn:schac:personalUniqueCode:nl:local:yale-uni-example.edu:employeeid:123456','faculty@123.yale-uni-example.edu'),('agreenspan','Alan Greenspan','Alan','Greenspan','Alan.Greenspan@yale-uni-example.edu','Alan Greenspan','yale-uni-example.edu','teacher4','teacher4',NULL,'employee','urn:collab:org:surf.nl','urn:schac:personalUniqueCode:nl:local:yale-uni-example.edu:employeeid:s123456','employee@123.yale-uni-example.edu'),('agreenspan','Alan Greenspan','Alan','Greenspan','agreenspan@yale-uni-example.edu','Alan Greenspan','yale-uni-example.edu','teacher4','teacher4',NULL,'faculty','urn:collab:org:co-example.org ','urn:schac:personalUniqueCode:nl:local:yale-uni-example.edu:employeeid:s123456','faculty@123.yale-uni-example.edu'),('am_ampere','André-Marie Ampère','André-Marie','Ampère','am_ampere@electrical-uni-example.edu','André-Marie Ampère','electrical-uni-example.edu','teacher5','teacher5',NULL,'employee','urn:collab:org:surf.nl','urn:schac:personalUniqueCode:nl:local:electrical-uni-example.edu:employeeid:s123456','employee@fs.electrical-uni-example.edu'),('am_ampere','André-Marie Ampère','André-Marie','Ampère','am_ampere@electrical-uni-example.edu','André-Marie Ampère','electrical-uni-example.edu','teacher5','teacher5',NULL,'faculty','urn:collab:org:surf.nl','urn:schac:personalUniqueCode:nl:local:electrical-uni-example.edu:employeeid:s123456','faculty@fs.electrical-uni-example.edu'),('w_rontgen','Wilhelm Conrad Röntgen','Wilhelm','Röntgen','w_rontgen@electrical-uni-example.edu','Wilhelm Röntgen','electrical-uni-example.edu','teacher6','teacher6',NULL,'faculty','urn:collab:org:surf.nl','urn:schac:personalUniqueCode:nl:local:electrical-uni-example.edu:employeeid:123456','faculty@fs.electrical-uni-example.edu'),('w_rontgen','Wilhelm Conrad Röntgen','Wilhelm','Röntgen','w_rontgen@electrical-uni-example.edu','Wilhelm Röntgen','electrical-uni-example.edu','teacher6','teacher6',NULL,'member','urn:collab:org:surf.nl','urn:schac:personalUniqueCode:nl:local:electrical-uni-example.edu:employeeid:123456','member@fs.electrical-uni-example.edu'),('m_faraday','Michael Faraday FRS','Michael','Faraday','m_faraday@electrical-uni-example.edu','Michael Faraday','electrical-uni-example.edu','teacher7','teacher7',NULL,'employee','urn:collab:org:surf.nl','urn:schac:personalUniqueCode:nl:local:electrical-uni-example.edu:employeeid:213456','employee@fs.electrical-uni-example.edu'),('m_faraday','Michael Faraday FRS','Michael','Faraday','m_faraday@electrical-uni-example.edu','Michael Faraday','electrical-uni-example.edu','teacher7','teacher7',NULL,'faculty','urn:collab:org:surf.nl','urn:schac:personalUniqueCode:nl:local:electrical-uni-example.edu:employeeid:213456','faculty@cs.electrical-uni-example.edu'),('n_tesla','Nikola Tesla','Nikola','Tesla','n_tesla@electrical-uni-example.edu','Nikola Tesla','electrical-uni-example.edu','teacher8','teacher8',NULL,'employee','urn:collab:org:surf.nl','urn:schac:personalUniqueCode:nl:local:electrical-uni-example.edu:employeeid:e813456','employee@cs.electrical-uni-example.edu'),('n_tesla','Nikola Tesla','Nikola','Tesla','n_tesla@electrical-uni-example.edu','Nikola Tesla','electrical-uni-example.edu','teacher8','teacher8',NULL,'faculty','urn:collab:org:surf.nl','urn:schac:personalUniqueCode:nl:local:electrical-uni-example.edu:employeeid:e813456','faculty@acc.electrical-uni-example.edu'),('teacher9','William Henry Gates III','Bill','Gates','bill.gates@stanford-example.edu','Bill Gates','stanford-example.edu','teacher9','teacher9',NULL,'employee','urn:collab:org:surf.nl','urn:schac:personalUniqueCode:nl:local:stanford-example.edu:employeeid:e913456','employee@acc.stanford-example.edu'),('teacher9','William Henry Gates III','Bill','Gates','bill.gates@stanford-example.edu','Bill Gates','stanford-example.edu','teacher9','teacher9','urn:mace:terena.org:tcs:personal-user-example','faculty','urn:collab:org:surf.nl','urn:schac:personalUniqueCode:nl:local:stanford-example.edu:employeeid:e913456','faculty@acc.stanford-example.edu'),('teacher10','Steven Paul Jobs','Steve','Jobs','steve.jobs@stanford-example.edu','Steve Jobs','stanford-example.edu','teacher10','teacher10',NULL,'employee','urn:collab:org:surf.nl','urn:schac:personalUniqueCode:nl:local:stanford-example.edu:employeeid:1013456','employee@student.95.stanford-example.edu'),('teacher10','Steven Paul Jobs','Steve','Jobs','steve.jobs@stanford-example.edu','Steve Jobs','stanford-example.edu','teacher10','teacher10','urn:mace:terena.org:tcs:personal-user-example','faculty','urn:collab:org:surf.nl','urn:schac:personalUniqueCode:nl:local:stanford-example.edu:employeeid:1013456','faculty@cs.stanford-example.edu'),('abriseno','Augustus Padrón Briseño','August','Briseño','A.Briseno@universitatmadrid-example.es','August Briseño','universitatmadrid-example.es','student9','student9',NULL,'student','urn:collab:org:surf.nl','urn:schac:personalUniqueCode:nl:local:universitatmadrid-example:studentid:S123456','student@cs.universitatmadrid-example.es'),('awest','Anthony West','Anthony','West','Anthony_West@university-example.org','Anthony West','university-example.org','staff2','staff2',NULL,'employee','urn:collab:org:surf.nl','urn:schac:personalUniqueCode:nl:local:university-example.org:memberid:m213456','employee@cs.university-example.org'),('student1','Student One','Student','One','student1@diy.surfconext.nl','Student One','diy.surfconext.nl','student1','student1',NULL,'student','urn:collab:org:surf.nl','urn:schac:personalUniqueCode:nl:local:diy.surfconext.nl:studentid:123456','student@as.diy.surfconext.nl'),('student16','Erôss Neci','Erôss','Neci','eross.neci@kuni.edu-example.tr','Erôss Neci','kuni.edu-example.tr','student16','student16',NULL,'student','urn:collab:org:surf.nl','urn:schac:personalUniqueCode:nl:local:kuni.edu-example.tr:studentid:123456','student@as.kuni.edu-example.tr'),('student14','Martin Nikolaus Jørgensen','Martin','Jørgensen','jorgensen07@stockholmuni-example.se','Martin N. Jørgensen','stockholmuni-example.se','student14','student14',NULL,'student','urn:collab:org:sunet-example.se','urn:schac:personalUniqueCode:nl:local:stockholmuni-example.se:studentid:123456','student@uni.stockholmuni-example.se'),('student17','Kocsis Szescõ','Kocsis','Szescõ','kocsis.szesco@kuni.edu-example.tr','Kocsis Szescõ','kuni.edu-example.tr','student17','student17',NULL,'student','urn:collab:org:surf.nl','urn:schac:personalUniqueCode:nl:local:kuni.edu-example.tr:studentid:s123456','student@employee.kuni.edu-example.tr'),('jweeler','Joseph Weeler','Joseph','Weeler','Joseph+Weeler@university-example.org','Joseph Weeler','university-example.org','staff1','staff1',NULL,'employee','urn:collab:org:surf.nl','urn:schac:personalUniqueCode:nl:local:university-example.org:memberid:m123456','employee@test.university-example.org'),('jweeler','Joseph Weeler','Joseph','Weeler','Joseph+Weeler@university-example.org','Joseph Weeler','university-example.org','staff1','staff1',NULL,'staff','urn:collab:org:surf.nl','urn:schac:personalUniqueCode:nl:local:university-example.org:memberid:m123456','staff@cs.university-example.org'),('oburton','Oscar Burton','Oscar','Burton','Osc@r__Burton@university-example.org','Oscar Burton','university-example.org','staff3','staff3',NULL,'member','urn:collab:org:surf.nl','urn:schac:personalUniqueCode:nl:local:university-example.org:memberid:m313456','member@cs.university-example.org'),('awest','Anthony West','Anthony','West','Anthony_West@university-example.org','Anthony West','university-example.org','staff2','staff2',NULL,'staff','urn:collab:org:surf.nl','urn:schac:personalUniqueCode:nl:local:university-example.org:memberid:m213456','staff@cs.university-example.org'),('oburton','Oscar Burton','Oscar','Burton','Osc@r__Burton@university-example.org','Oscar Burton','university-example.org','staff3','staff3',NULL,'staff','urn:collab:org:surf.nl','urn:schac:personalUniqueCode:nl:local:university-example.org:memberid:m313456','staff@cs.university-example.org'),('student1','Student One','Student','One','student1@diy.surfconext.nl','Student One','diy.surfconext.nl','student1','student1',NULL,'employee','urn:collab:org:surf.nl','urn:schac:personalUniqueCode:nl:local:diy.surfconext.nl:studentid:123456','employee@cs.diy.surfconext.nl'),('student1','Student One','Student','One','student1@diy.surfconext.nl','Student One','diy.surfconext.nl','student1','student1',NULL,'staff','urn:collab:org:surf.nl','urn:schac:personalUniqueCode:nl:local:diy.surfconext.nl:studentid:123456','staff@as.diy.surfconext.nl'),('FyHah7$J','Student Two','Student','Two','s1869831907@example.org','Student Two','diy.surfconext.nl','student2','student2',NULL,'student','urn:collab:org:surf.nl','urn:schac:personalUniqueCode:nl:local:diy.surfconext.nl:studentid:223456','student@cs.iy.surfconext.nl'),('student3',NULL,NULL,'Three','student3@diy.surfconext.nl','Student Three','diy.surfconext.nl','student3','student3',NULL,'student','urn:collab:org:surf.nl','urn:schac:personalUniqueCode:nl:local:diy.surfconext.nl:studentid:323456','student@cs.diy.surfconext.nl'),('jsanden','Jaantje van der Sanden','Jaantje','van der Sanden','jsanden@uniamsterdam-example.nl','Jaantje van der Sanden','uniamsterdam-example.nl','student7','student7','urn:mace:surf.nl:value:edulicense','student','urn:collab:org:surf.nl','urn:schac:personalUniqueCode:nl:local:uniamsterdam-example.nl:studentid:123456','student@cs.uniamsterdam-example.nl'),('s445599','Alessandra Gómez Llarnas','Alessandra','Gómez Llarnas','s445599@universitatmadrid-example.es','Alessandra Gómez Llarnas','universitatmadrid-example','student8','student8',NULL,'student','urn:collab:org:surf.nl','urn:schac:personalUniqueCode:nl:local:universitatmadrid-example:studentid:123456','student@cs.universitatmadrid-example'),('U9088123','Roman Švejda','Roman','Švejda','U9088123@uni.poznantech-example.pl','Roman Švejda','uni.poznantech-example.pl','student11','student11',NULL,'student','urn:collab:org:surf.nl','urn:schac:personalUniqueCode:nl:local:uni.poznantech-example.pl:studentid:S123456','student@cs.uni.poznantech-example.pl'),('U7128109','Anna Rybínová','Anna','Rybínová','U7128109@uni.poznantech-example.pl','Anna Rybínová','uni.poznantech-example.pl','student12','student12',NULL,'student','urn:collab:org:surf.nl','urn:schac:personalUniqueCode:nl:local:uni.poznantech-example.pl:studentid:S124456','student@cs.uni.poznantech-example.pl'),('p0987743','Li Qin Ch\'ien','Li Qin','Ch\'ien','p0987743@pkuni.edu-example.cn','Li Qin Ch\'ien','pkuni.edu-example.cn','student13','student13',NULL,'student','urn:collab:org:surf.nl','urn:schac:personalUniqueCode:nl:local:pkuni.edu-example.cn:studentid:1124456','student@pkuni.edu-example.cn'),('student15','Sander Johan Kjær','Sander','Kjær','kjaer11@stockholmuni-example.se','Sander J. Kjær','stockholmuni-example.se','student15','student15',NULL,'student','urn:collab:org:surf.nl','urn:schac:personalUniqueCode:nl:local:stockholmuni-example.se:studentid:223456','student@23.stockholmuni-example.se'),('student16','Erôss Neci','Erôss','Neci','eross.neci@kuni.edu-example.tr','Erôss Neci','kuni.edu-example.tr','student16','student16',NULL,'employee','urn:collab:org:surf.nl','urn:schac:personalUniqueCode:nl:local:kuni.edu-example.tr:studentid:123456','employee@2015.kuni.edu-example.tr'),('student16','Erôss Neci','Erôss','Neci','eross.neci@kuni.edu-example.tr','Erôss Neci','kuni.edu-example.tr','student16','student16','urn:mace:terena.org:tcs:personal-user-example','staff','urn:collab:org:co-example.org ','urn:schac:personalUniqueCode:nl:local:kuni.edu-example.tr:studentid:123456','staff@2015.kuni.edu-example.tr'),('student18','Marjanca Muršić','Marjanca','Muršić','Marjanca.Mursic@kuni.edu-example.tr','Marjanca Muršić','kuni.edu-example.tr','student18','student18',NULL,'student','urn:collab:org:surf.nl','urn:schac:personalUniqueCode:nl:local:kuni.edu-example.tr:studentid:s123456','student@1234.kuni.edu-example.tr'),('student19','Petra Penttilä','Petra','Penttilä','ppentila@hotmail-example.org','Petra Penttilä','university-example.org','student19','student19',NULL,'student','urn:collab:org:surf.nl','urn:schac:personalUniqueCode:nl:local:unidenmark-example.dk:studentid:123456','student@test.university-example.org'),('student20','Jóney Ingólfsdóttir','Jóney','Ingólfsdóttir','Joney.Ingolfsdottir@unidenmark-example.dk','Jóney Ingólfsdóttir','unidenmark-example.dk','student20','student20',NULL,'student','urn:collab:org:surf.nl','urn:schac:personalUniqueCode:nl:local:unidenmark-example.dk:studentid:s20513456',NULL); -/*!40000 ALTER TABLE `users` ENABLE KEYS */; -UNLOCK TABLES; -/*!40103 SET TIME_ZONE=@OLD_TIME_ZONE */; - -/*!40101 SET SQL_MODE=@OLD_SQL_MODE */; -/*!40014 SET FOREIGN_KEY_CHECKS=@OLD_FOREIGN_KEY_CHECKS */; -/*!40014 SET UNIQUE_CHECKS=@OLD_UNIQUE_CHECKS */; -/*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */; -/*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */; -/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */; -/*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */; - --- Dump completed on 2017-10-24 11:46:54 diff --git a/roles/diyidp/files/theme_diyidp/default-enable b/roles/diyidp/files/theme_diyidp/default-enable new file mode 100644 index 000000000..39cdd0ded --- /dev/null +++ b/roles/diyidp/files/theme_diyidp/default-enable @@ -0,0 +1 @@ +- diff --git a/roles/diyidp/files/theme_diyidp/public/assets/userclick.css b/roles/diyidp/files/theme_diyidp/public/assets/userclick.css new file mode 100644 index 000000000..f476beff4 --- /dev/null +++ b/roles/diyidp/files/theme_diyidp/public/assets/userclick.css @@ -0,0 +1,3 @@ +table { + text-color: red; +} diff --git a/roles/diyidp/files/theme_diyidp/themes/diyidp/exampleauth/userclick.twig b/roles/diyidp/files/theme_diyidp/themes/diyidp/exampleauth/userclick.twig new file mode 100644 index 000000000..1937bd555 --- /dev/null +++ b/roles/diyidp/files/theme_diyidp/themes/diyidp/exampleauth/userclick.twig @@ -0,0 +1,89 @@ +{% set pagetitle = 'Continue as persona' %} + +{% extends "@core/base.twig" %} + +{% block preload %} + + +{% endblock %} + +{% block content %} + +

Sandbox IdP

+

Please select one of the following test users to log in. Hoover over the user to see their attributes.

+ + {# Show list of users of attribtue table on hoover #} +
+ + {% for id, attributes in users %} + + + + + {%- endfor %} +
+ {{ attributes['username'][0] }} + + {{ attributes['displayName'][0] }} +
+ + {% for id, attributes in users %} + + {% for name, values in attributes %} + + + + + {%- endfor %} +
{{ name }} + {{ values | join('
') }} +{# + {% for v in values %} + {{ v }} + {% endfor %} +#} +
+ {%- endfor %} +
+ + {# create a list of all used attributes. We'll print them in columns #} + {# inital value make sure the ocmmon attributes are ordered correctly #} + {% set all_attributes = ['username', 'displayName', 'cn', 'sn', 'givenName', 'mail', 'uid', 'schacHomeOrganiztion'] %} + {% for user in users %} + {% for key, value in user %} + {% if key not in all_attributes %} + {% set all_attributes = all_attributes|merge([key]) %} + {% endif %} + {% endfor %} + {% endfor %} + + {# Show table of all users and all values #} +
+ + + + {% for a in all_attributes %} + + {% endfor %} + + + + {% for id, attributes in users %} + + {% for a in all_attributes %} + + {% endfor %} + + {% endfor %} + +
{{ a }}
+ {% if attributes[a] is defined %} + {{ attributes[a] | join(', ') }} + {% else %} + – + {% endif %} +
+
+ +{% endblock %} +{# vi:sw=4:ts=4:expanddtab #} diff --git a/roles/diyidp/handlers/main.yml b/roles/diyidp/handlers/main.yml index 1ef1d0ed4..6d88ed0f0 100644 --- a/roles/diyidp/handlers/main.yml +++ b/roles/diyidp/handlers/main.yml @@ -1,3 +1,10 @@ --- -- name: restart diyidp - command: docker restart diyidp +- name: "Restart diyidp" + community.docker.docker_container: + name: "diyidp" + state: "started" + restart: true + # avoid restarting it creates unexpected data loss according to docker_container_module notes + comparisons: + '*': "ignore" + when: "diyidp_container is success and diyidp_container is not change" diff --git a/roles/diyidp/tasks/main.yml b/roles/diyidp/tasks/main.yml index f4e90ff64..5ccb337a0 100644 --- a/roles/diyidp/tasks/main.yml +++ b/roles/diyidp/tasks/main.yml @@ -1,114 +1,133 @@ --- -- debug: - msg: "{{ diyidp }}" -- name: Create directories +- name: "Create directories" ansible.builtin.file: path: "/opt/openconext/diyidp/{{ item }}" - state: directory - owner: root - group: root + state: "directory" + owner: "root" + group: "root" mode: "0775" with_items: - - www - - metadata - - cert + - "cert" -- name: Put metadata certificate in place +- name: "Put metadata certificate in place" ansible.builtin.copy: src: "{{ inventory_dir }}/files/certs/{{ diyidp_cert }}" dest: "/opt/openconext/diyidp/cert/server.crt" - owner: root - group: root + owner: "root" + group: "root" mode: "0644" -- name: Put metadata key in place +- name: "Put metadata key in place" ansible.builtin.copy: content: "{{ diyidp_private_key }}" dest: "/opt/openconext/diyidp/cert/server.key" - owner: root - group: root + owner: "root" + group: "root" mode: "0444" - notify: restart diyidp + notify: "Restart diyidp" -- name: Copy simplesamlphp configuration files +- name: "Copy simplesamlphp configuration files" ansible.builtin.template: src: "{{ item }}.j2" dest: "/opt/openconext/diyidp/{{ item }}" + owner: "root" + group: "root" mode: "0644" with_items: - - config-override.php - - authsources.php - notify: restart diyidp + - "config-override.php" + - "authsources.php" + - "saml20-idp-hosted.php" + - "saml20-sp-remote.php" + notify: "Restart diyidp" -- name: Copy simplesamlphp metadata files - ansible.builtin.template: - src: "{{ item }}.j2" - dest: "/opt/openconext/diyidp/metadata/{{ item }}" +- name: "Copy DIY IdP theme" + ansible.builtin.copy: + src: "theme_diyidp" + dest: "/opt/openconext/diyidp/" + owner: "root" + group: "root" mode: "0644" + directory_mode: "0755" + +- name: "Remove obsolete files" + ansible.builtin.file: + path: "/opt/openconext/diyidp/{{ item }}" + state: "absent" with_items: - - saml20-idp-hosted.php - - saml20-sp-remote.php - notify: restart diyidp + - "metadata" + - "www" -- name: Copy showusers php script - ansible.builtin.template: - src: "showusers.php.j2" - dest: "/opt/openconext/diyidp/www/showusers.php" - owner: root +- name: "Showusers" + ansible.builtin.copy: + dest: "/opt/openconext/diyidp/alive.php" + content: | + array( - // The default is to use core:AdminPassword, but it can be replaced with - // any authentication source. + // This is a authentication source which handles admin authentication. + 'admin' => array( + 'core:AdminPassword', + ), - 'core:AdminPassword', - ), - - - 'sql_user' => array( - 'core:loginpage_links' => [ - 'users' => ['href' => '/showusers.php', 'text' => 'List of available users'], - ], - 'sqlauth:SQL', - 'dsn' => 'mysql:host={{ diyidp.db_host}};port=3306;dbname={{ diyidp.db_name }}', - 'username' => '{{ diyidp.db_user}}', - 'password' => '{{ diyidp.db_password}}', - 'query' => "SELECT uid,givenName,sn,cn, mail,displayName,schacHomeOrganization, CONCAT(uid, '@', schacHomeOrganization) as eduPersonPrincipalName,eduPersonEntitlement,eduPersonAffiliation,isMemberOf,schacPersonalUniqueCode,eduPersonScopedAffiliation - FROM users WHERE username = :username AND password = :password", - ), + // be careful: diyidp_users has weird characters and quotes inside the strings, se we need to use a nowdoc to expand the variable + 'user_chooser' => [ 'exampleauth:UserClick', 'users' => json_decode(<<<'ENDJSON' +{{ (diyidp_users + diyidp_users_extra) | to_json }} +ENDJSON + , true), + ] ); diff --git a/roles/diyidp/templates/config-override.php.j2 b/roles/diyidp/templates/config-override.php.j2 index 41d4b3b76..c80114068 100644 --- a/roles/diyidp/templates/config-override.php.j2 +++ b/roles/diyidp/templates/config-override.php.j2 @@ -1,6 +1,6 @@ '__DEFAULT__', + 'host' => '__DEFAULT__', - /* X.509 key and certificate. Relative to the cert directory. */ - 'privatekey' => 'server.key', - 'certificate' => 'server.crt', + 'privatekey' => 'server.key', + 'certificate' => 'server.crt', - /* - * Authentication source to use. Must be one that is configured in - * 'config/authsources.php'. - */ - 'auth' => 'sql_user', + 'auth' => 'user_chooser', - /* - * WARNING: SHA-1 is disallowed starting January the 1st, 2014. - * - * Uncomment the following option to start using SHA-256 for your signatures. - * Currently, simpleSAMLphp defaults to SHA-1, which has been deprecated since - * 2011, and will be disallowed by NIST as of 2014. Please refer to the following - * document for more information: - * - * http://csrc.nist.gov/publications/nistpubs/800-131A/sp800-131A.pdf - * - * If you are uncertain about service providers supporting SHA-256 or other - * algorithms of the SHA-2 family, you can configure it individually in the - * SP-remote metadata set for those that support it. Once you are certain that - * all your configured SPs support SHA-2, you can safely remove the configuration - * options in the SP-remote metadata set and uncomment the following option. - * - * Please refer to the IdP hosted reference for more information. - */ - 'signature.algorithm' => 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256', + 'signature.algorithm' => 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256', - /* Uncomment the following to use the uri NameFormat on attributes. */ - 'attributes.NameFormat' => 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri', - 'authproc' => array( - // Convert LDAP names to oids. - 100 => array('class' => 'core:AttributeMap', 'name2oid'), - 200 => array('class' => 'core:AttributeMap', 'name2urn'), - 300 => array('class' => 'saml:PersistentNameID', 'identifyingAttribute' => 'urn:oid:1.3.6.1.4.1.5923.1.1.1.6' ), - ), + 'attributes.NameFormat' => 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri', + 'authproc' => array( + 100 => array('class' => 'core:AttributeMap', 'name2oid'), + 200 => array('class' => 'core:AttributeMap', 'name2urn'), + 300 => array( + 'class' => 'core:AttributeMap', + 'surfAutorisaties' => 'urn:mace:surf.nl:attribute-def:surf-autorisaties', + 'surfCRMId' => 'urn:mace:surf.nl:attribute-def:surf-crm-id' + ), + 900 => array('class' => 'saml:PersistentNameID', 'identifyingAttribute' => 'urn:oid:1.3.6.1.4.1.5923.1.1.1.6' ), + ), ); diff --git a/roles/diyidp/templates/saml20-sp-remote.php.j2 b/roles/diyidp/templates/saml20-sp-remote.php.j2 index eeb6f5b29..18254ca55 100644 --- a/roles/diyidp/templates/saml20-sp-remote.php.j2 +++ b/roles/diyidp/templates/saml20-sp-remote.php.j2 @@ -1,19 +1,14 @@ '{{ remotesp.acslocation }}', - 'IDPList' => array( 'sql_users', ), - 'NameIDFormat' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent', -); +$metadata['{{ remotesp.metadataurl }}'] = [ + 'AssertionConsumerService' => [[ + 'Location' => '{{ remotesp.acslocation }}', + 'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST' + ]], + 'IDPList' => [ 'user_chooser' ], + 'NameIDFormat' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent', +]; {% endfor %} diff --git a/roles/diyidp/templates/showusers.php.j2 b/roles/diyidp/templates/showusers.php.j2 deleted file mode 100644 index ad13e89b0..000000000 --- a/roles/diyidp/templates/showusers.php.j2 +++ /dev/null @@ -1,225 +0,0 @@ -setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); - - // Prepare and execute the query - $stmt = $pdo->prepare($qryString); - $stmt->execute(); - // Return the rows - $rows = []; - while ($r = $stmt->fetch(PDO::FETCH_ASSOC)) { - $rows[] = $r; - } - - return $rows; - - } - catch (PDOException $e) { - die("PDO Error: " . $e->getMessage()); - } -} - -/** - * Translate a result array into a HTML table - * - * @author Aidan Lister - * @version 1.3.2 - * @link http://aidanlister.com/2004/04/converting-arrays-to-human-readable-tables/ - * @param array $array The result (numericaly keyed, associative inner) array. - * @param bool $recursive Recursively generate tables for multi-dimensional arrays - * @param string $null String to output for blank cells - */ -function array2table($array, $recursive = false, $null = ' ', $bgcolor='#ccc;') -{ - // Sanity check - if (empty($array) || !is_array($array)) { - return false; - } - - if (!isset($array[0]) || !is_array($array[0])) { - $array = array($array); - } - - // Start the table - $table = "\n"; - - // The header - $table .= "\t"; - // Take the keys from the first row as the headings - foreach (array_keys($array[0]) as $heading) { - $table .= ''; - } - $table .= "\n"; - - // The body - $x=0; - foreach ($array as $row) { - $x++; - $bgcolor = ($x%2 == 0)? '#FFFFFF': '#E0E0E0'; - - $table .= "\t" ; - foreach ($row as $cell) { - $table .= ''; - } - - $table .= "\n"; - } - - $table .= '
' . $heading . '
'; - - // Cast objects - if (is_object($cell)) { $cell = (array) $cell; } - - if ($recursive === true && is_array($cell) && !empty($cell)) { - // Recursive mode - $table .= "\n" . array2table($cell, true, true) . "\n"; - } else { - $table .= (strlen($cell) > 0) ? - htmlspecialchars((string) $cell) : - $null; - } - - $table .= '
'; - return $table; -} - - $sqlString = "SELECT - username as 'username', - password as 'password', - diy.uid as 'urn:oid:0.9.2342.19200300.100.1.1 (uid)', - schacHomeOrganization as 'urn:oid:1.3.6.1.4.1.25178.1.2.9 (schacHomeOrganization)', - CONCAT(diy.uid, '@', schacHomeOrganization) as 'urn:oid:1.3.6.1.4.1.5923.1.1.1.6 (eduPersonPrincipalName)', - cn.cn as 'urn:oid:2.5.4.3 (cn)', - gn.givenName as 'urn:oid:2.5.4.42 (givenName)', - sn.sn as 'urn:oid:2.5.4.4 (sn)', - dn.displayName as 'urn:oid:2.16.840.1.113730.3.1.241 (displayName)', - mail.mail as 'urn:oid:0.9.2342.19200300.100.1.3 (mail)', - epa.eduPersonAffiliation as 'urn:oid:1.3.6.1.4.1.5923.1.1.1.1 (eduPersonAffiliation)', - epe.eduPersonEntitlement as 'urn:oid:1.3.6.1.4.1.5923.1.1.1.7 (eduPersonEntitlement)', - imo.isMemberOf as 'urn:oid:1.3.6.1.4.1.5923.1.5.1.1 (isMemberOf)', - spuc.schacPersonalUniqueCode as 'urn:oid:1.3.6.1.4.1.25178.1.2.14 (schacPersonalUniqueCode)', - epsa.eduPersonScopedAffiliation as 'urn:oid:1.3.6.1.4.1.5923.1.1.1.9 (eduPersonScopedAffiliation)' - - - FROM {{ diyidp.db_name }}.users diy - LEFT JOIN - ( SELECT uid, GROUP_CONCAT(cn SEPARATOR ', ') as cn from - ( SELECT uid, cn FROM {{ diyidp.db_name }}.users - GROUP BY uid, cn - ORDER BY UID - ) cn - GROUP BY uid - ) AS cn - ON diy.uid = cn.uid - - LEFT JOIN - ( SELECT uid, GROUP_CONCAT(eduPersonEntitlement SEPARATOR ', ') as eduPersonEntitlement from - ( SELECT uid, eduPersonEntitlement FROM {{ diyidp.db_name }}.users - WHERE length(eduPersonEntitlement) <> 0 - GROUP BY uid, eduPersonEntitlement - ORDER BY UID - ) epe - GROUP BY uid - ) AS epe - ON diy.uid = epe.uid - - LEFT JOIN - ( SELECT uid, GROUP_CONCAT(displayName SEPARATOR ', ') as displayName from - ( SELECT uid, displayName FROM {{ diyidp.db_name }}.users - GROUP BY uid, displayName - ORDER BY UID - ) dn - GROUP BY uid - ) AS dn - ON diy.uid = dn.uid - - LEFT JOIN - ( SELECT uid, GROUP_CONCAT(sn SEPARATOR ', ') as sn from - ( SELECT uid, sn FROM {{ diyidp.db_name }}.users - GROUP BY uid, sn - ORDER BY UID - ) sn - GROUP BY uid - ) AS sn - ON diy.uid = sn.uid - - LEFT JOIN - ( SELECT uid, GROUP_CONCAT(givenName SEPARATOR ', ') as givenName from - ( SELECT uid, givenName FROM {{ diyidp.db_name }}.users - GROUP BY uid, givenName - ORDER BY UID - ) givenName - GROUP BY uid - ) AS gn - ON diy.uid = gn.uid - - LEFT JOIN - ( SELECT uid, GROUP_CONCAT(mail SEPARATOR ', ') as mail from - ( SELECT uid, mail FROM {{ diyidp.db_name }}.users - GROUP BY uid, mail - ORDER BY UID - ) mail - GROUP BY uid - ) AS mail - ON diy.uid = mail.uid - - LEFT JOIN - ( SELECT uid, GROUP_CONCAT(eduPersonAffiliation SEPARATOR ', ') as eduPersonAffiliation from - ( SELECT uid, eduPersonAffiliation FROM {{ diyidp.db_name }}.users - GROUP BY uid, eduPersonAffiliation - ORDER BY UID - ) eduPersonAffiliation - GROUP BY uid - ) AS epa - ON diy.uid = epa.uid - - LEFT JOIN - ( SELECT uid, GROUP_CONCAT(isMemberOf SEPARATOR ', ') as isMemberOf from - ( SELECT uid, isMemberOf FROM {{ diyidp.db_name }}.users - GROUP BY uid, isMemberOf - ORDER BY UID - ) isMemberOf - GROUP BY uid - ) AS imo - ON diy.uid = imo.uid - - LEFT JOIN - ( SELECT uid, GROUP_CONCAT(schacPersonalUniqueCode SEPARATOR ', ') as schacPersonalUniqueCode from - ( SELECT uid, schacPersonalUniqueCode FROM diyidp.users - GROUP BY uid, schacPersonalUniqueCode - ORDER BY UID - ) schacPersonalUniqueCode - GROUP BY uid - ) AS spuc - ON diy.uid = spuc.uid - - LEFT JOIN - ( SELECT uid, GROUP_CONCAT(eduPersonScopedAffiliation SEPARATOR ', ') as eduPersonScopedAffiliation from - ( SELECT uid, eduPersonScopedAffiliation FROM diyidp.users - GROUP BY uid, eduPersonScopedAffiliation - ORDER BY UID - ) eduPersonScopedAffiliation - GROUP BY uid - ) AS epsa - ON diy.uid = epsa.uid - - -GROUP BY diy.uid -ORDER BY LPAD(lower(username), 2,0), LPAD(lower(username), 10,0)"; - - // Run the query - $rows = doQuery($sqlString, $dbuser, $dbpass, $dbhost, $dbname); - - $htmlTable = array2table($rows); - print_r($htmlTable); diff --git a/roles/diyidp/vars/main.yml b/roles/diyidp/vars/main.yml new file mode 100644 index 000000000..b46faa259 --- /dev/null +++ b/roles/diyidp/vars/main.yml @@ -0,0 +1,557 @@ +--- +# defines all user that are available in the DIY-IdP +diyidp_users: + - + username: ["professor1"] + uid: ["belfort"] + schacHomeOrganization: ["harvard-example.edu"] + eduPersonPrincipalName: ["belfort@harvard-example.edu"] + cn: ["Jordan Ross Belfort"] + givenName: ["Jordan"] + sn: ["Belfort"] + displayName: ["Jordan R. Belfort"] + mail: ["Jordan.Belfort@harvard-example.edu", "jordan@harvard-example.edu"] + eduPersonAffiliation: ["employee", "faculty", "member"] + eduPersonEntitlement: ["urn:mace:dir:entitlement:common-lib-terms-example"] + isMemberOf: ["urn:collab:org:surf.nl"] + schacPersonalUniqueCode: ["urn:schac:personalUniqueCode:nl:local:harvard-example.edu:employeeid:e1523456"] + eduPersonScopedAffiliation: ["faculty@cs.harvard-example.edu", "employee@acc.harvard-example.edu", "member@cs.harvard-example.edu"] + - + username: ["professor2"] + uid: ["wynn"] + schacHomeOrganization: ["harvard-example.edu"] + eduPersonPrincipalName: ["wynn@harvard-example.edu"] + cn: ["Steve Alen Wynn"] + givenName: ["Steve"] + sn: ["Wynn"] + displayName: ["Steve Wynn"] + mail: ["steve.Wynn@las.vegas.com", "S.Wynn@harvard-example.edu", "Steve.Wynn@example-casino.com"] + eduPersonAffiliation: ["employee", "faculty", "member"] + eduPersonEntitlement: ["urn:mace:dir:entitlement:common-lib-terms-example"] + isMemberOf: ["urn:collab:org:surf.nl"] + schacPersonalUniqueCode: ["urn:schac:personalUniqueCode:nl:local:harvard-example.edu:employeeid:e2523456"] + eduPersonScopedAffiliation: ["employee@cs.harvard-example.edu", "member@cs.harvard-example.edu", "faculty@cs.harvard-example.edu"] + - + username: ["professor3"] + uid: ["isaac"] + schacHomeOrganization: ["university-example.org"] + eduPersonPrincipalName: ["isaac@university-example.org"] + cn: ["Sir Isaac Newton"] + givenName: ["Isaac"] + sn: ["Newton"] + displayName: ["Isaac Newton"] + mail: ["isaacnewton@university-example.org", "newton@university-example.org"] + eduPersonAffiliation: ["employee", "faculty", "member"] + eduPersonEntitlement: ["urn:mace:dir:entitlement:common-lib-terms-example"] + isMemberOf: ["urn:collab:org:surf.nl"] + schacPersonalUniqueCode: ["urn:schac:personalUniqueCode:nl:local:harvard-example.edu:employeeid:e3523456"] + eduPersonScopedAffiliation: ["employee@cs.university-example.org", "member@phys.university-example.org", "faculty@cs.university-example.org"] + - + username: ["professor4"] + uid: ["g_ohm"] + schacHomeOrganization: ["university-example.org"] + eduPersonPrincipalName: ["g_ohm@university-example.org"] + cn: ["Prof. Dr. Georg Simon Ohm"] + givenName: ["Georg"] + sn: ["Ohm"] + displayName: ["Georg Ohm"] + mail: ["georg.ohm@university-example.org"] + eduPersonAffiliation: ["member", "employee", "faculty"] + eduPersonEntitlement: ["urn:mace:dir:entitlement:common-lib-terms-example"] + isMemberOf: ["urn:collab:org:surf.nl"] + schacPersonalUniqueCode: ["urn:schac:personalUniqueCode:nl:local:harvard-example.edu:employeeid:e5523456"] + eduPersonScopedAffiliation: ["employee@acc.university-example.org", "member@phys.university-example.org", "faculty@acc.university-example.org"] + - + username: ["professor5"] + uid: ["jrockefeller"] + schacHomeOrganization: ["university-example.org"] + eduPersonPrincipalName: ["jrockefeller@university-example.org"] + cn: ["John Davison Rockefeller"] + givenName: ["John Davison"] + sn: ["Rockefeller"] + displayName: ["John D. Rockefeller"] + mail: ["John.D.Rockefeller@university-example.org"] + eduPersonAffiliation: ["employee", "faculty", "member"] + eduPersonEntitlement: ["urn:mace:dir:entitlement:common-lib-terms-example"] + isMemberOf: ["urn:collab:org:surf.nl"] + schacPersonalUniqueCode: ["urn:schac:personalUniqueCode:nl:local:university-example.org:employeeid:e513456"] + eduPersonScopedAffiliation: ["faculty@acc.university-example.org", "employee@cs.university-example.org", "member@cool.university-example.org"] + - + username: ["staff1"] + uid: ["jweeler"] + schacHomeOrganization: ["university-example.org"] + eduPersonPrincipalName: ["jweeler@university-example.org"] + cn: ["Joseph Weeler"] + givenName: ["Joseph"] + sn: ["Weeler"] + displayName: ["Joseph Weeler"] + mail: ["Joseph+Weeler@university-example.org"] + eduPersonAffiliation: ["employee", "member", "staff"] + isMemberOf: ["urn:collab:org:surf.nl"] + schacPersonalUniqueCode: ["urn:schac:personalUniqueCode:nl:local:university-example.org:memberid:m123456"] + eduPersonScopedAffiliation: ["member@accounting.university-example.org", "employee@test.university-example.org", "staff@cs.university-example.org"] + - + username: ["staff2"] + uid: ["awest"] + schacHomeOrganization: ["university-example.org"] + eduPersonPrincipalName: ["awest@university-example.org"] + cn: ["Anthony West"] + givenName: ["Anthony"] + sn: ["West"] + displayName: ["Anthony West"] + mail: ["Anthony_West@university-example.org"] + eduPersonAffiliation: ["employee", "member", "staff"] + isMemberOf: ["urn:collab:org:surf.nl"] + schacPersonalUniqueCode: ["urn:schac:personalUniqueCode:nl:local:university-example.org:memberid:m213456"] + eduPersonScopedAffiliation: ["member@student.university-example.org", "employee@cs.university-example.org", "staff@cs.university-example.org"] + - + username: ["staff3"] + uid: ["oburton"] + schacHomeOrganization: ["university-example.org"] + eduPersonPrincipalName: ["oburton@university-example.org"] + cn: ["Oscar Burton"] + givenName: ["Oscar"] + sn: ["Burton"] + displayName: ["Oscar Burton"] + mail: ["Osc@r__Burton@university-example.org"] + eduPersonAffiliation: ["employee", "member", "staff"] + isMemberOf: ["urn:collab:org:surf.nl"] + schacPersonalUniqueCode: ["urn:schac:personalUniqueCode:nl:local:university-example.org:memberid:m313456"] + eduPersonScopedAffiliation: ["member@cs.university-example.org", "employee@physics", "staff@cs.university-example.org"] + - + username: ["student1"] + uid: ["student1"] + schacHomeOrganization: ["diy.surfconext.nl"] + eduPersonPrincipalName: ["student1@diy.surfconext.nl"] + cn: ["Student One"] + givenName: ["Student"] + sn: ["One"] + displayName: ["Student One"] + mail: ["student1@diy.surfconext.nl"] + eduPersonAffiliation: ["employee", "member", "staff", "student"] + isMemberOf: ["urn:collab:org:surf.nl"] + schacPersonalUniqueCode: ["urn:schac:personalUniqueCode:nl:local:diy.surfconext.nl:studentid:123456"] + eduPersonScopedAffiliation: ["employee@cs.diy.surfconext.nl", "staff@as.diy.surfconext.nl", "member@cs.diy.surfconext.nl", "student@as.diy.surfconext.nl"] + - + username: ["student2"] + uid: ["FyHah7$J"] + schacHomeOrganization: ["DIY.surfconext.nl"] + eduPersonPrincipalName: ["FyHah7$J@DIY.surfconext.nl"] + cn: ["Student Two"] + givenName: ["Student"] + sn: ["Two"] + displayName: ["Student Two"] + mail: ["s1869831907@example.org"] + eduPersonAffiliation: ["member", "student"] + isMemberOf: ["urn:collab:org:surf.nl"] + schacPersonalUniqueCode: ["urn:schac:personalUniqueCode:nl:local:diy.surfconext.nl:studentid:223456"] + eduPersonScopedAffiliation: ["member@cs.diy.surfconext.nl", "student@cs.iy.surfconext.nl"] + - + username: ["student3"] + uid: ["student3"] + schacHomeOrganization: ["diy.surfconext.nl"] + eduPersonPrincipalName: ["student3@diy.surfconext.nl"] + sn: ["Three"] + displayName: ["Student Three"] + mail: ["student3@diy.surfconext.nl"] + eduPersonAffiliation: ["member", "student"] + isMemberOf: ["urn:collab:org:surf.nl"] + schacPersonalUniqueCode: ["urn:schac:personalUniqueCode:nl:local:diy.surfconext.nl:studentid:323456"] + eduPersonScopedAffiliation: ["member@physics2.diy.surfconext.nl", "student@cs.diy.surfconext.nl"] + - + username: ["student4"] + uid: ["viggo7"] + schacHomeOrganization: ["unidenmark-example.dk"] + eduPersonPrincipalName: ["viggo7@unidenmark-example.dk"] + cn: ["Christian Godfried Viggo Lind"] + givenName: ["Godfried"] + sn: ["Viggo"] + displayName: ["Godfried Viggo"] + mail: ["Godfried.Viggo@unidenmark-example.dk"] + eduPersonAffiliation: ["student"] + isMemberOf: ["urn:collab:org:surf.nl"] + schacPersonalUniqueCode: ["urn:schac:personalUniqueCode:nl:local:unidenmark-example.dk:studentid:323456"] + - + username: ["student5"] + uid: ["U3342109"] + schacHomeOrganization: ["exchange-example.edu"] + eduPersonPrincipalName: ["U3342109@exchange-example.edu"] + cn: ["Daisuke Takahashi", "髙橋 大輔"] + givenName: ["Daisuke"] + sn: ["Takahashi 髙橋 大輔"] + displayName: ["Daisuke Takahashi"] + mail: ["U3342109@exchange-example.edu"] + eduPersonAffiliation: ["member", "student"] + isMemberOf: ["urn:collab:org:exchange-university.org", "urn:collab:org:home-university.org"] + schacPersonalUniqueCode: ["urn:schac:personalUniqueCode:nl:local:exchange-example.edu:studentid:s123456"] + eduPersonScopedAffiliation: ["member@phys.exchange-example.edu", "student@cs.exchange-example.edu"] + - + username: ["student6"] + uid: ["U6789003"] + schacHomeOrganization: ["home-university-example.org"] + eduPersonPrincipalName: ["U6789003@home-university-example.org"] + cn: ["Phùng Thị Lệ Tư"] + givenName: ["Phùng Thị"] + sn: ["Lệ Tư"] + displayName: ["Phùng Thị Lệ Tư"] + mail: ["LeTu02@home-university-example.org", "U6789003@exchange-example.edu"] + eduPersonAffiliation: ["employee", "member", "staff", "student"] + eduPersonEntitlement: ["urn:mace:dir:entitlement:common-lib-terms-example", "urn:mace:terena.org:tcs:personal-user-example"] + isMemberOf: ["urn:collab:org:surf.nl"] + schacPersonalUniqueCode: ["urn:schac:personalUniqueCode:nl:local:uniamsterdam-example.nl:studentid:123456"] + eduPersonScopedAffiliation: ["member@phys.home-university-example.org", "student@saml.home-university-example.org", "employee@cs.home-university-example.org", "staff@oidc.home-university-example.org"] + - + username: ["student7"] + uid: ["jsanden"] + schacHomeOrganization: ["uniamsterdam-example.nl"] + eduPersonPrincipalName: ["jsanden@uniamsterdam-example.nl"] + cn: ["Jaantje van der Sanden"] + givenName: ["Jaantje"] + sn: ["van der Sanden"] + displayName: ["Jaantje van der Sanden"] + mail: ["jsanden@uniamsterdam-example.nl"] + eduPersonAffiliation: ["member", "student"] + eduPersonEntitlement: ["urn:mace:surf.nl:value:edulicense", "urn:x-surfnet:surf.nl:surfdrive-example:quota:50"] + isMemberOf: ["urn:collab:org:surf.nl"] + schacPersonalUniqueCode: ["urn:schac:personalUniqueCode:nl:local:uniamsterdam-example.nl:studentid:123456"] + eduPersonScopedAffiliation: ["member@acounting.uniamsterdam-example.nl", "student@cs.uniamsterdam-example.nl"] + - + username: ["student8"] + uid: ["s445599"] + schacHomeOrganization: ["universitatmadrid-example"] + eduPersonPrincipalName: ["s445599@universitatmadrid-example"] + cn: ["Alessandra Gómez Llarnas"] + givenName: ["Alessandra"] + sn: ["Gómez Llarnas"] + displayName: ["Alessandra Gómez Llarnas"] + mail: ["s445599@universitatmadrid-example.es"] + eduPersonAffiliation: ["student", "member"] + isMemberOf: ["urn:collab:org:surf.nl"] + schacPersonalUniqueCode: ["urn:schac:personalUniqueCode:nl:local:universitatmadrid-example:studentid:123456"] + eduPersonScopedAffiliation: ["student@cs.universitatmadrid-example", "member@acounting.test.cs.universitatmadrid-example"] + - + username: ["student9"] + uid: ["abriseno"] + schacHomeOrganization: ["universitatmadrid-example.es"] + eduPersonPrincipalName: ["abriseno@universitatmadrid-example.es"] + cn: ["Augustus Padrón Briseño"] + givenName: ["August"] + sn: ["Briseño"] + displayName: ["August Briseño"] + mail: ["A.Briseno@universitatmadrid-example.es"] + eduPersonAffiliation: ["member", "student"] + isMemberOf: ["urn:collab:org:surf.nl"] + schacPersonalUniqueCode: ["urn:schac:personalUniqueCode:nl:local:universitatmadrid-example:studentid:S123456"] + eduPersonScopedAffiliation: ["member@students.universitatmadrid-example.es", "student@cs.universitatmadrid-example.es"] + - + username: ["student10"] + uid: ["s134567"] + schacHomeOrganization: ["pkuni.edu-example.cn"] + eduPersonPrincipalName: ["s134567@pkuni.edu-example.cn"] + cn: ["Shao Jingyi", "邵靜宜"] + givenName: ["Shao"] + sn: ["Jingy"] + displayName: ["Shao Jingy"] + mail: ["s134567@pkuni.edu-example.cn", "shaojingy@gmail-example.com"] + eduPersonAffiliation: ["member", "student"] + isMemberOf: ["urn:collab:org:surf.nl"] + schacPersonalUniqueCode: ["urn:schac:personalUniqueCode:nl:local:pkuni.edu-example.cn:studentid:s10513456"] + eduPersonScopedAffiliation: ["student@95.pkuni.edu-example.cn", "member@students.2010.pkuni.edu-example.cn"] + - + username: ["student11"] + uid: ["U9088123"] + schacHomeOrganization: ["uni.poznantech-example.pl"] + eduPersonPrincipalName: ["U9088123@uni.poznantech-example.pl"] + cn: ["Roman Švejda"] + givenName: ["Roman"] + sn: ["Švejda"] + displayName: ["Roman Švejda"] + mail: ["U9088123@uni.poznantech-example.pl"] + eduPersonAffiliation: ["member", "student"] + isMemberOf: ["urn:collab:org:surf.nl"] + schacPersonalUniqueCode: ["urn:schac:personalUniqueCode:nl:local:uni.poznantech-example.pl:studentid:S123456"] + eduPersonScopedAffiliation: ["student@cs.uni.poznantech-example.pl", "member@cs.uni.poznantech-example.pl"] + - + username: ["student12"] + uid: ["U7128109"] + schacHomeOrganization: ["uni.poznantech-example.pl"] + eduPersonPrincipalName: ["U7128109@uni.poznantech-example.pl"] + cn: ["Anna Rybínová"] + givenName: ["Anna"] + sn: ["Rybínová"] + displayName: ["Anna Rybínová"] + mail: ["U7128109@uni.poznantech-example.pl"] + eduPersonAffiliation: ["member", "student"] + isMemberOf: ["urn:collab:org:surf.nl"] + schacPersonalUniqueCode: ["urn:schac:personalUniqueCode:nl:local:uni.poznantech-example.pl:studentid:S124456"] + eduPersonScopedAffiliation: ["student@cs.uni.poznantech-example.pl", "member@cs.uni.poznantech-example.pl"] + - + username: ["student13"] + uid: ["p0987743"] + schacHomeOrganization: ["pkuni.edu-example.cn"] + eduPersonPrincipalName: ["p0987743@pkuni.edu-example.cn"] + cn: ["Li Qin Ch'ien"] + givenName: ["Li Qin"] + sn: ["Ch'ien"] + displayName: ["Li Qin Ch'ien"] + mail: ["p0987743@pkuni.edu-example.cn"] + eduPersonAffiliation: ["member", "student"] + isMemberOf: ["urn:collab:org:surf.nl"] + schacPersonalUniqueCode: ["urn:schac:personalUniqueCode:nl:local:pkuni.edu-example.cn:studentid:1124456"] + eduPersonScopedAffiliation: ["member@math.pkuni.edu-example.cn", "student@pkuni.edu-example.cn"] + - + username: ["student14"] + uid: ["student14"] + schacHomeOrganization: ["stockholmuni-example.se"] + eduPersonPrincipalName: ["student14@stockholmuni-example.se"] + cn: ["Martin Nikolaus Jørgensen"] + givenName: ["Martin"] + sn: ["Jørgensen"] + displayName: ["Martin N. Jørgensen"] + mail: ["jorgensen07@stockholmuni-example.se"] + eduPersonAffiliation: ["member", "student"] + isMemberOf: ["urn:collab:org:sunet-example.se"] + schacPersonalUniqueCode: ["urn:schac:personalUniqueCode:nl:local:stockholmuni-example.se:studentid:123456"] + eduPersonScopedAffiliation: ["member@math.stockholmuni-example.se", "student@uni.stockholmuni-example.se"] + - + username: ["student15"] + uid: ["student15"] + schacHomeOrganization: ["stockholmuni-example.se"] + eduPersonPrincipalName: ["student15@stockholmuni-example.se"] + cn: ["Sander Johan Kjær"] + givenName: ["Sander"] + sn: ["Kjær"] + displayName: ["Sander J. Kjær"] + mail: ["kjaer11@stockholmuni-example.se"] + eduPersonAffiliation: ["member", "student"] + isMemberOf: ["urn:collab:org:sunet-example.se", "urn:collab:org:surf.nl"] + schacPersonalUniqueCode: ["urn:schac:personalUniqueCode:nl:local:stockholmuni-example.se:studentid:223456"] + eduPersonScopedAffiliation: ["member@stockholmuni-example.se", "student@23.stockholmuni-example.se"] + - + username: ["student16"] + uid: ["student16"] + schacHomeOrganization: ["kuni.edu-example.tr"] + eduPersonPrincipalName: ["student16@kuni.edu-example.tr"] + cn: ["Erôss Neci"] + givenName: ["Erôss"] + sn: ["Neci"] + displayName: ["Erôss Neci"] + mail: ["eross.neci@kuni.edu-example.tr", "neci.eross@kuni.edu-example.tr"] + eduPersonAffiliation: ["employee", "member", "staff", "student"] + eduPersonEntitlement: ["urn:mace:terena.org:tcs:personal-user-example"] + isMemberOf: ["urn:collab:org:co-example.org", "urn:collab:org:surf.nl"] + schacPersonalUniqueCode: ["urn:schac:personalUniqueCode:nl:local:kuni.edu-example.tr:studentid:123456"] + eduPersonScopedAffiliation: ["employee@2015.kuni.edu-example.tr", "staff@2015.kuni.edu-example.tr", "member@ac.kuni.edu-example.tr", "student@as.kuni.edu-example.tr"] + - + username: ["student17"] + uid: ["student17"] + schacHomeOrganization: ["kuni.edu-example.tr"] + eduPersonPrincipalName: ["student17@kuni.edu-example.tr"] + cn: ["Kocsis Szescõ"] + givenName: ["Kocsis"] + sn: ["Szescõ"] + displayName: ["Kocsis Szescõ"] + mail: ["kocsis.szesco@kuni.edu-example.tr"] + eduPersonAffiliation: ["member", "student"] + isMemberOf: ["urn:collab:org:surf.nl"] + schacPersonalUniqueCode: ["urn:schac:personalUniqueCode:nl:local:kuni.edu-example.tr:studentid:s123456"] + eduPersonScopedAffiliation: ["member@ac.kuni.edu-example.tr", "student@employee.kuni.edu-example.tr"] + - + username: ["student18"] + uid: ["student18"] + schacHomeOrganization: ["kuni.edu-example.tr"] + eduPersonPrincipalName: ["student18@kuni.edu-example.tr"] + cn: ["Marjanca Muršić"] + givenName: ["Marjanca"] + sn: ["Muršić"] + displayName: ["Marjanca Muršić"] + mail: ["Marjanca.Mursic@kuni.edu-example.tr"] + eduPersonAffiliation: ["member", "student"] + isMemberOf: ["urn:collab:org:surf.nl"] + schacPersonalUniqueCode: ["urn:schac:personalUniqueCode:nl:local:kuni.edu-example.tr:studentid:s123456"] + eduPersonScopedAffiliation: ["student@1234.kuni.edu-example.tr", "member@ac.kuni.edu-example.tr"] + - + username: ["student19"] + uid: ["student19"] + schacHomeOrganization: ["university-example.org"] + eduPersonPrincipalName: ["student19@university-example.org"] + cn: ["Petra Penttilä"] + givenName: ["Petra"] + sn: ["Penttilä"] + displayName: ["Petra Penttilä"] + mail: ["ppentila@hotmail-example.org", "ppenttila@university-example.org"] + eduPersonAffiliation: ["member", "student"] + isMemberOf: ["urn:collab:org:surf.nl"] + schacPersonalUniqueCode: ["urn:schac:personalUniqueCode:nl:local:unidenmark-example.dk:studentid:123456"] + eduPersonScopedAffiliation: ["student@test.university-example.org", "member@test.university-example.org"] + - + username: ["student20"] + uid: ["student20"] + schacHomeOrganization: ["unidenmark-example.dk"] + eduPersonPrincipalName: ["student20@unidenmark-example.dk"] + cn: ["Jóney Ingólfsdóttir"] + givenName: ["Jóney"] + sn: ["Ingólfsdóttir"] + displayName: ["Jóney Ingólfsdóttir"] + mail: ["Joney.Ingolfsdottir@unidenmark-example.dk"] + eduPersonAffiliation: ["member", "student"] + isMemberOf: ["urn:collab:org:surf.nl"] + schacPersonalUniqueCode: ["urn:schac:personalUniqueCode:nl:local:unidenmark-example.dk:studentid:s20513456"] + eduPersonScopedAffiliation: ["member@employee.unidenmark-example.dk"] + - + username: ["student21"] + uid: ["student21"] + schacHomeOrganization: ["exmplebilbioharderwijk.nl"] + eduPersonPrincipalName: ["student21@exmplebilbioharderwijk.nl"] + cn: ["Pietje Puk"] + givenName: ["Pietje"] + sn: ["Puk"] + displayName: ["Pietje Puk"] + mail: ["Pietje.puk@exmplebilbioharderwijk.nl"] + schacPersonalUniqueCode: ["0"] + - + username: ["teacher1"] + uid: ["jstiglitz"] + schacHomeOrganization: ["harvard-example.edu"] + eduPersonPrincipalName: ["jstiglitz@harvard-example.edu"] + cn: ["Joseph Eugene Stiglitz"] + givenName: ["Joseph"] + sn: ["Stiglitz"] + displayName: ["Joseph Stiglitz"] + mail: ["J.E.Stiglitz@harvard-example.edu", "Joseph.Stiglitz@harvard-example.edu", "jstiglitz@harvard-example.edu"] + eduPersonAffiliation: ["employee", "faculty", "member"] + eduPersonEntitlement: ["urn:mace:incommon.org:reg:education-example"] + isMemberOf: ["urn:collab:org:surf.nl"] + schacPersonalUniqueCode: ["urn:schac:personalUniqueCode:nl:local:harvard-example.edu:employeeid:123456"] + eduPersonScopedAffiliation: ["employee@acc.harvard-example.edu", "member@cs.harvard-example.edu", "faculty@cs.acc.harvard-example.edu"] + - + username: ["teacher2"] + uid: ["pkrugman"] + schacHomeOrganization: ["harvard-example.edu"] + eduPersonPrincipalName: ["pkrugman@harvard-example.edu"] + cn: ["Prof. Paul Robin Krugman"] + givenName: ["Paul"] + sn: ["Krugman"] + displayName: ["Paul Krugman"] + mail: ["P.R.Krugman@harvard-example.edu", "Paul.Krugman@harvard-example.edu", "pkrugman@harvard-example.edu"] + eduPersonAffiliation: ["employee", "faculty", "member"] + isMemberOf: ["urn:collab:org:surf.nl"] + schacPersonalUniqueCode: ["urn:schac:personalUniqueCode:nl:local:harvard-example.edu:employeeid:s123456"] + eduPersonScopedAffiliation: ["member@harvard-example.edu", "employee@acc.harvard-example.edu"] + - + username: ["teacher3"] + uid: ["bbernanke"] + schacHomeOrganization: ["yale-uni-example.edu"] + eduPersonPrincipalName: ["bbernanke@yale-uni-example.edu"] + cn: ["Ben Shalom Bernanke"] + givenName: ["Ben"] + sn: ["Bernanke"] + displayName: ["Ben Bernanke"] + mail: ["B.S.Bernanke@yale-uni-example.edu", "bbernanke@yale-uni-example.edu", "Ben.Bernanke@yale-uni-example.edu"] + eduPersonAffiliation: ["employee", "faculty", "member"] + isMemberOf: ["urn:collab:org:co-example.org", "urn:collab:org:surf.nl"] + schacPersonalUniqueCode: ["urn:schac:personalUniqueCode:nl:local:yale-uni-example.edu:employeeid:123456"] + eduPersonScopedAffiliation: ["employee@123.yale-uni-example.edu", "member@biology.yale-uni-example.edu", "faculty@123.yale-uni-example.edu"] + - + username: ["teacher4"] + uid: ["agreenspan"] + schacHomeOrganization: ["yale-uni-example.edu"] + eduPersonPrincipalName: ["agreenspan@yale-uni-example.edu"] + cn: ["Alan Greenspan"] + givenName: ["Alan"] + sn: ["Greenspan"] + displayName: ["Alan Greenspan"] + mail: ["A.Greenspan@yale-uni-example.edu", "agreenspan@yale-uni-example.edu", "Alan.Greenspan@yale-uni-example.edu"] + eduPersonAffiliation: ["employee", "faculty", "member"] + isMemberOf: ["urn:collab:org:co-example.org", "urn:collab:org:surf.nl"] + schacPersonalUniqueCode: ["urn:schac:personalUniqueCode:nl:local:yale-uni-example.edu:employeeid:s123456"] + eduPersonScopedAffiliation: ["employee@123.yale-uni-example.edu", "member@biology.yale-uni-example.edu", "faculty@123.yale-uni-example.edu"] + - + username: ["teacher5"] + uid: ["am_ampere"] + schacHomeOrganization: ["electrical-uni-example.edu"] + eduPersonPrincipalName: ["am_ampere@electrical-uni-example.edu"] + cn: ["André-Marie Ampère"] + givenName: ["André-Marie"] + sn: ["Ampère"] + displayName: ["André-Marie Ampère"] + mail: ["am_ampere@electrical-uni-example.edu"] + eduPersonAffiliation: ["employee", "faculty", "member"] + isMemberOf: ["urn:collab:org:surf.nl"] + schacPersonalUniqueCode: ["urn:schac:personalUniqueCode:nl:local:electrical-uni-example.edu:employeeid:s123456"] + eduPersonScopedAffiliation: ["employee@fs.electrical-uni-example.edu", "member@social.electrical-uni-example.edu", "faculty@fs.electrical-uni-example.edu"] + - + username: ["teacher6"] + uid: ["w_rontgen"] + schacHomeOrganization: ["electrical-uni-example.edu"] + eduPersonPrincipalName: ["w_rontgen@electrical-uni-example.edu"] + cn: ["Wilhelm Conrad Röntgen"] + givenName: ["Wilhelm"] + sn: ["Röntgen"] + displayName: ["Wilhelm Röntgen"] + mail: ["w_rontgen@electrical-uni-example.edu"] + eduPersonAffiliation: ["employee", "faculty", "member"] + isMemberOf: ["urn:collab:org:surf.nl"] + schacPersonalUniqueCode: ["urn:schac:personalUniqueCode:nl:local:electrical-uni-example.edu:employeeid:123456"] + eduPersonScopedAffiliation: ["faculty@fs.electrical-uni-example.edu", "employee@social.electrical-uni-example.edu", "member@fs.electrical-uni-example.edu"] + - + username: ["teacher7"] + uid: ["m_faraday"] + schacHomeOrganization: ["electrical-uni-example.edu"] + eduPersonPrincipalName: ["m_faraday@electrical-uni-example.edu"] + cn: ["Michael Faraday FRS"] + givenName: ["Michael"] + sn: ["Faraday"] + displayName: ["Michael Faraday"] + mail: ["m_faraday@electrical-uni-example.edu"] + eduPersonAffiliation: ["employee", "faculty", "member"] + isMemberOf: ["urn:collab:org:surf.nl"] + schacPersonalUniqueCode: ["urn:schac:personalUniqueCode:nl:local:electrical-uni-example.edu:employeeid:213456"] + eduPersonScopedAffiliation: ["faculty@cs.electrical-uni-example.edu", "employee@fs.electrical-uni-example.edu", "member@cs.electrical-uni-example.edu"] + - + username: ["teacher8"] + uid: ["n_tesla"] + schacHomeOrganization: ["electrical-uni-example.edu"] + eduPersonPrincipalName: ["n_tesla@electrical-uni-example.edu"] + cn: ["Nikola Tesla"] + givenName: ["Nikola"] + sn: ["Tesla"] + displayName: ["Nikola Tesla"] + mail: ["n_tesla@electrical-uni-example.edu"] + eduPersonAffiliation: ["employee", "faculty", "member"] + isMemberOf: ["urn:collab:org:surf.nl"] + schacPersonalUniqueCode: ["urn:schac:personalUniqueCode:nl:local:electrical-uni-example.edu:employeeid:e813456"] + eduPersonScopedAffiliation: ["employee@cs.electrical-uni-example.edu", "member@accounting.electrical-uni-example.edu", "faculty@acc.electrical-uni-example.edu"] + - + username: ["teacher9"] + uid: ["teacher9"] + schacHomeOrganization: ["stanford-example.edu"] + eduPersonPrincipalName: ["teacher9@stanford-example.edu"] + cn: ["William Henry Gates III"] + givenName: ["Bill"] + sn: ["Gates"] + displayName: ["Bill Gates"] + mail: ["bill.gates@stanford-example.edu"] + eduPersonAffiliation: ["employee", "faculty", "member"] + eduPersonEntitlement: ["urn:mace:terena.org:tcs:personal-user-example"] + isMemberOf: ["urn:collab:org:surf.nl"] + schacPersonalUniqueCode: ["urn:schac:personalUniqueCode:nl:local:stanford-example.edu:employeeid:e913456"] + eduPersonScopedAffiliation: ["faculty@acc.stanford-example.edu", "employee@acc.stanford-example.edu", "member@ca.stanford-example.edu"] + - + username: ["teacher10"] + uid: ["teacher10"] + schacHomeOrganization: ["stanford-example.edu"] + eduPersonPrincipalName: ["teacher10@stanford-example.edu"] + cn: ["Steven Paul Jobs"] + givenName: ["Steve"] + sn: ["Jobs"] + displayName: ["Steve Jobs"] + mail: ["steve.jobs@stanford-example.edu"] + eduPersonAffiliation: ["employee", "faculty", "member"] + eduPersonEntitlement: ["urn:mace:terena.org:tcs:personal-user-example"] + isMemberOf: ["urn:collab:org:surf.nl"] + schacPersonalUniqueCode: ["urn:schac:personalUniqueCode:nl:local:stanford-example.edu:employeeid:1013456"] + eduPersonScopedAffiliation: + - "employee@student.95.stanford-example.edu" + - "member@ca.stanford-example.edu" + - "faculty@cs.stanford-example.edu"