diff --git a/info.textgrid.middleware.tgauth.webauth/secure/TextGrid-WebAuth.php b/info.textgrid.middleware.tgauth.webauth/secure/TextGrid-WebAuth.php
index 921989cf879f46abc5a36933c2bbb515c3894861..e71429acdfb4e722e0188c05ef32f127798063f6 100644
--- a/info.textgrid.middleware.tgauth.webauth/secure/TextGrid-WebAuth.php
+++ b/info.textgrid.middleware.tgauth.webauth/secure/TextGrid-WebAuth.php
@@ -30,6 +30,17 @@ $sessionCreatorUid = $xpath->query("/c:conf/c:authz[@instance='${authZinstance}'
$sessionCreatorPw = $xpath->query("/c:conf/c:authz[@instance='${authZinstance}']/c:sessioncreator/c:password")->item(0)->nodeValue;
$setnamessecret = $xpath->query("/c:conf/c:authz[@instance='${authZinstance}']/c:setnamessecret")->item(0)->nodeValue;
+$slcSupportEnabling = $xpath->query("/c:conf/c:authz[@instance='${authZinstance}']/c:SLCsupport/@enable");
+if ($slcSupportEnabling->length > 0 && $slcSupportEnabling->item(0)->nodeValue === 'true') {
+ $slcMode = TRUE;
+ $slcEntitlementAttributeName = $xpath->query("/c:conf/c:authz[@instance='${authZinstance}']/c:SLCsupport/c:entitlementAttr/@name")->item(0)->nodeValue;
+ $slcEntitlementAttributeValue = $xpath->query("/c:conf/c:authz[@instance='${authZinstance}']/c:SLCsupport/c:entitlementAttr")->item(0)->nodeValue;
+ $slcPortalDelegationURL = $xpath->query("/c:conf/c:authz[@instance='${authZinstance}']/c:SLCsupport/c:portalDelegationURL")->item(0)->nodeValue;
+ $slcNoDelegationURL = $xpath->query("/c:conf/c:authz[@instance='${authZinstance}']/c:SLCsupport/c:noDelegationURL")->item(0)->nodeValue;
+} else {
+ $slcMode = FALSE;
+}
+
// the session creation status will collect all messages
// during the course of authentication
$scstatus = "";
@@ -295,12 +306,21 @@ echo "</div>";
setNameInRBAC();
+if ($slcMode) {
+ $isSLCScompatible = scanEntitlements();
+ if ($isSLCScompatible) {
+ showCertificateButtons();
+ } else {
+ showCertificateInfoButton();
+ }
+}
+
+
echo "\n</body>\n</html>";
exit;
/////////////////////// Functions ///////////////////////////////////////
-
function format_error ($heading, $detail) {
global $remote_user, $scstatus, $newSid, $rbacbase, $identity_provider, $identified_user;
@@ -392,6 +412,49 @@ function escapeForDN ($string)
return preg_replace('/[";+<>,\\\]/', "X", $string);
}
+function scanEntitlements () {
+ global $slcEntitlementAttributeName, $slcEntitlementAttributeValue;
+
+ if (isset($_SERVER[$slcEntitlementAttributeName])) {
+ $entitlements = $_SERVER[$slcEntitlementAttributeName];
+ $arrEntitlements = explode( ";", $entitlements);
+ foreach ($arrEntitlements as $ent) {
+ if ($ent === $slcEntitlementAttributeValue) {
+ return TRUE;
+ }
+ }
+ }
+ return FALSE;
+}
+
+
+function showCertificateInfoButton () {
+ global $slcNoDelegationURL, $remote_user, $newSid;
+
+ echo "<br/><br/>Your account does not include certificate support.";
+ echo "<form method=\"get\" action=\"${slcNoDelegationURL}\">\n";
+ echo "<input type=\"hidden\" name=\"ePPNplusSID\" value=\"" . $remote_user . "|" .$newSid . "\" />\n";
+ echo "<input type=\"submit\" value=\"Work without Certificate\"/>\n";
+ echo "</form>\n";
+}
+
+function showCertificateButtons () {
+ global $slcPortalDelegationURL, $slcNoDelegationURL, $remote_user, $newSid;
+
+ echo "<form method=\"get\" action=\"${slcPortalDelegationURL}\">\n";
+ echo "<input type=\"hidden\" name=\"ePPNplusSID\" value=\"" . $remote_user . "|" .$newSid . "\">\n";
+ echo "<input type=\"hidden\" name=\"rbacbase\" value=\"" . $rbacbase . "\">\n";
+ echo "<input type=\"submit\" value=\"Request Certificate\">\n";
+ echo "</form>\n\n";
+
+ echo "<form method=\"get\" action=\"${slcNoDelegationURL}\">\n";
+ echo "<input type=\"hidden\" name=\"ePPNplusSID\" value=\"" . $remote_user . "|" .$newSid . "\" />\n";
+ echo "<input type=\"submit\" value=\"Use Existing Certificate\"/>\n";
+ echo "</form>\n";
+}
+
+
+
function setNameInRBAC ()
{