Merge pull request #249 from dBucik/consolidator_tool

feat: Consolidator tool

Author: Dominik František Bučík

lib/Disco.php

@@ -33,6 +33,8 @@ class Disco extends PowerIdPDisco
 
     public const MFA_PROFILE = 'https://refeds.org/profile/mfa';
 
+    public const URN_CESNET_PROXYIDP_LSIDPENTITYID = 'urn:cesnet:proxyidp:lsidpentityid:';
+
     // ROOT CONFIGURATION ENTRY
     public const WAYF = 'wayf_config';
 
@@ -170,6 +172,8 @@ class Disco extends PowerIdPDisco
 
     private $proxyIdpEntityId;
 
+    private $authId;
+
     public function __construct(array $metadataSets, $instance)
     {
         //LOAD CONFIG FOR MODULE PERUN, WHICH CONTAINS WAYF CONFIGURATION
@@ -190,6 +194,7 @@ public function __construct(array $metadataSets, $instance)
 
         if (isset($query[self::AUTH_ID])) {
             $id = explode(':', $query[self::AUTH_ID])[0];
+            $this->authId = $id;
             $state = State::loadState($id, self::SAML_SP_SSO, true);
 
             if (null !== $state) {
@@ -268,6 +273,26 @@ public function handleRequest()
                         );
                         HTTP::redirectTrustedURL($url);
                     }
+                    $acrStartSubstr = substr($value, 0, strlen(self::URN_CESNET_PROXYIDP_LSIDPENTITYID));
+                    if (self::URN_CESNET_PROXYIDP_LSIDPENTITYID === $acrStartSubstr) {
+                        $hintIdpEntityId = substr(
+                            $value,
+                            strlen(self::URN_CESNET_PROXYIDP_LSIDPENTITYID),
+                            strlen($value)
+                        );
+                        $state = State::loadState($this->authId, self::SAML_SP_SSO, true);
+                        $state['aarc_idp_hint'] = $hintIdpEntityId;
+                        $id = State::saveState($state, self::SAML_SP_SSO);
+
+                        Logger::info('Redirecting to LS AAI with hint to: ' . $hintIdpEntityId);
+                        $url = self::buildContinueUrl(
+                            $this->spEntityId,
+                            $this->returnURL,
+                            $this->returnIdParam,
+                            'https://proxy.aai.lifescience-ri.eu/proxy'
+                        );
+                        HTTP::redirectTrustedURL($url);
+                    }
                 }
             }
         }
@@ -490,7 +515,7 @@ public static function showTaggedIdPs(DiscoTemplate $t, Configuration $blockConf
         if (0 === $idpCount) {
             return $html;
         }
-        $html .= '<div class="row">' . PHP_EOL;
+        $html .= '<div class="col-12 row">' . PHP_EOL;
         $html .= self::addLoginOptionHint($t, $blockConfig);
 
         $counter = 0;
@@ -560,9 +585,9 @@ public static function showInlineSearch(
         $result .= '<div id="type-more" class="small text-muted">' . $t->t(
             '{perun:disco:search_start_hint}'
         ) . '</div>' . PHP_EOL;
-        $result .= '<div class="inlinesearch">' . PHP_EOL;
+        $result .= '<div class="inlinesearch col-12">' . PHP_EOL;
         $result .= '    <form id="idpselectform" action="?" method="get">' . PHP_EOL;
-        $result .= '        <input class="inlinesearch form-control input-lg" type="text" value=""
+        $result .= '        <input class="inlinesearch form-control-lg" type="text" value=""
             name="query" id="query" autofocus placeholder="'
             . $t->t($placeholderTranslateKey) . '"/>' . PHP_EOL;
         $result .= '    </form>';

templates/consolidator-tpl.php

@@ -0,0 +1,41 @@
+<?php
+
+declare(strict_types=1);
+
+/**
+ * Template of page, which showing status of used components.
+ */
+
+use SimpleSAML\Configuration;
+
+$config = Configuration::getInstance();
+$this->data['header'] = 'ELIXIR AAI account repair for Life Science Login';
+
+$this->includeAtTemplateBase('includes/header.php');
+
+$idpEntityId = $_GET['idpEntityId'];
+
+//Check if value is allowed
+if (!filter_var($idpEntityId, FILTER_VALIDATE_URL)) {
+    throw new Exception('ERROR');
+}
+
+$consolidatorUrl = 'https://perun.elixir-czech.cz/lsaai-ic/ic/?targetIdP=' . urlencode($idpEntityId);
+$acrParam = 'urn:cesnet:proxyidp:lsidpentityid:' . $idpEntityId;
+//$acrParam = 'urn:cesnet:proxyidp:idpentityid:' . $idpEntityId;
+$url = 'https://perun.elixir-czech.cz/Consolidator.sso/Login?target=' . urlencode(
+    $consolidatorUrl
+) . '&authnContextClassRef=' . urlencode($acrParam);
+
+echo '
+<div>
+    <p class="text-justify">You have been provided a special link, which will help us to prepare your account to be usable in the Life Science Login, to which your account will be migrated. You will now be asked to log in twice with your home organization. After that, your account should be ready to be used in Life Science Login.</p>
+    <p class="text-justify">If you do not wish to use your home organization for login, let us know using the address below. In case of running into any issues, do not hesitate to contact us at <a href="mailto:[email protected]">[email protected]</a>.</p>
+    <p>Proceed by clicking the button below.</p>
+    <a href="' . $url . '">
+        <div class="btn btn-primary btn-block">Continue</div>
+    </a>
+</div>
+';
+
+$this->includeAtTemplateBase('includes/footer.php');

www/consolidator.php

@@ -0,0 +1,11 @@
+<?php
+
+declare(strict_types=1);
+
+use SimpleSAML\Configuration;
+use SimpleSAML\XHTML\Template;
+
+$config = Configuration::getInstance();
+
+$t = new Template($config, 'perun:consolidator-tpl.php');
+$t->show();