[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [TAS3ALL] Fwd: Re: ZXID GUI



It appears the online documentation was not entirely up to date. Here's improved
documentation (mainly extracted from zxidconf.h):

When whole page is generated, some templating information is taken
from the configuration.

IDP_SEL_TEMPL_FILE:: Path for Template for IdP Selecton Page. Default "idpsel.html".
    This file, which you can edit for customization, is used as template to
    render the IdP selection page on the SP side. If the file does not exist,
    the value of ZXID_IDP_SEL_TEMPL configuration option is used as template.
    By default idpsel.html uses idpsel.css as stylesheet. You can make many
    kinds of customization just by editing this stylesheet.

IDP_SEL_TEMPL:: Template for IdP Authentication Page that is used if the
    path does not work. This is really meant to be the last resort. The default
    value of this page is the compiled in template "ZXID SP SSO: Choose IdP".

IDP_LIST_METH:: Choose the method for rendeing IdP list.
    0 = popup menu, 1 = buttons,
    2 = branded image buttons (not implemented as of 20100922)

IDP_SEL_PAGE::  IdP Selector Page URL
   If the IDP_SEL_TEMPL_FILE or IDP_SEL_TEMPL, above, is not sufficient for
   your customization needs, you can provide URL to page of your own design.
   This page will receive as query string argument the relay state.
   0 (zero) disables.

You can set several rather technical configuration options by editing
the IdP selection template and adding (hidden) form fields. You may
want to hardwire these or allow user to set them

fc:: Create federation (AllowCreate flag)
fn:: Name ID format
    prstnt:: Persistent (pseudonym)
    trnsnt:: Transient, temporary pseudonym

Technical parameters that the site administrator
should decide and set. Usually hidden form fields in the template:

fq:: Affiliation ID (usually empty)
fy:: Consent obtained by SP for the federation or SSO
    empty:: No statement about consent
    urn:liberty:consent:obtained:: Has been obtained (unspecified way)
    urn:liberty:consent:obtained:prior:: Obtained prior to present
        transaction, e.g. user signed terms and conditions of service
    urn:liberty:consent:obtained:current:implicit:: Consent
        is implicit in the situation where user came to invoke service
    urn:liberty:consent:obtained:current:explicit:: Obtained explicitly
    urn:liberty:consent:unavailable:: Consent can not be obtained
    urn:liberty:consent:inapplicable:: Obtaining consent is not
        relevant for the SP or service.
fa:: Authentication Context (strength of authentication) needed by the SP
fm:: Matching rule for authentication strength (usually empty, IdP decides)
fp:: Forbid IdP from interacting with the user (IsPassive flag)
ff:: Request reauthentication of user (ForceAuthn flag)

Cheers,
--Sampo

David Chadwick <d.w.chadwick@xxxxxxxxxx> said:
> Hi All
> 
> here is George's answer to how the ZXID login page is generated. In 
> short, the SPs in the demonstrators can generate their own login pages 
> in HTML, and then post the result to ZXID, so that we do not need to use 
> the auto-generated page of ZXID.
> 
> This means that City Uni can design any login page they want to, and the 
> SP can then implement it
> 
> regards
> 
> David.
> 
> -------- Original Message --------
> Subject: Re: ZXID GUI
> Date: Tue, 07 Jun 2011 14:05:38 +0100
> From: George Inman <g.inman@xxxxxxxxxx>
> To: David Chadwick <d.w.chadwick@xxxxxxxxxx>
> 
> Hi David
> 
> You are right in assuming that the ZXID pages are HTML however some of
> them are auto generated probably at compilation time. Having looked at
> the limited information on the ZXID site I can see that there are
> multiple possible options for how the ZXID GUI pages are generated.
> 
> Firstly the most common usage would be to have ZXID auto generate the
> pages, the person configuring the server can then include style sheets
> etc in the configuration to allow limited branding of the page to take
> place as configuration options. The documentation states that this is
> the preferred and best supported method of generating GUI pages.
> 
> Secondly you can have the form (or the field for the form) containing
> the information later used to construct the request generated by ZXID
> and supply your own HTML for the page and lastly you can just supply
> your own page containing all the information required by ZXID to make
> the request.
> 
> Regards
> George
> 
> 
> On 07/06/2011 10:29, David Chadwick wrote:
> > Hi George
> >
> > do you know how the ZXID GUI is implemented. Is the GUI html pages? Is
> > it configurable? Is it easy to change the design?
> >
> > regards
> >
> > David