Skip to content
Snippets Groups Projects
Select Git revision
  • main default protected
1 result
Compare
Hahn Axel (hahn)'s avatar
add footer
Hahn Axel (hahn) authored
5c7a7594
History
Hahn Axel (hahn)'s avatar 5c7a7594
History
Name Last commit Last update
classes
docs/images
.gitignore
Readme.md
config.php.dist
functions.js
inc_functions.php
inc_mode_boxes.php
inc_mode_wayf.php
index.php
login_aai.css
Readme.md

AAI Login page

A login page for multiple AAI organisations.

⚠️ Work in progress!

Description

We have projects with multiple organisations in different countries. We used the WAYF script in the login page so far.

When editing login pages in Ilias 9 then javascript is now filtered out while saving. That's why we couldn't embed our current WAYF script anymore. This is a standalone login page that offers a list of organisations and can be customized.

Login screen with mode "boxes"

Requirements

  • PHP 8.2
  • PHP web aaplication with mod_shibboleth

Installation

  • In the webroot create a subfolder "login_aai".
  • Set a Link for Login to /login_aai/ where needed
  • Copy config.php.dist to config.php and make your changes.

Configuration

First an example configuration:

<?php
return [

    'title' => 'AAI Login',

    // -- enable one of it:
    'mode' => 'boxes',
    // 'mode' => 'wayf',

    // -- maintenance hint or other message on top
    // 'text-info' => '+++ Hinweis +++ Hinweis +++ Hinweis +++ Hinweis +++',

    // -- text before and after
    'text-before' => '<p>Studierende und Dozenten nutzen in der Regel das nachfolgende "Anmelden":</p>',
    'text-after' => '<br><br><h2>Anmeldung ohne AAI</h2>
        <p>
            Klicken Sie auf: <br />
            <a href="/login.php" onclick="">Gast-Zugang</a>
        </p>',

    // -- positive list of IDPs
    'idps' => [
        "https://aai-idp.unibe.ch/idp/shibboleth",
        "https://aai.insel.ch/idp/shibboleth",
        "https://aai-logon.vho-switchaai.ch/idp/shibboleth",
        "https://aai-logon.unibas.ch/idp/shibboleth",
    ],

    // -- return URL
    'return-url' => '/shib_login.php'

];
Key Type Description
title string Title of the login page; used for title tag and h1 header
mode string Selection mode; one of
-"wayf" Selection with WAYF script from Switch or
- "boxes" Boxes with images incl. filter field
text-info string When not empty: show a warning banner with its text on top eg. for maintenance messages
text-before-wayf string Text to show before wayf select box (for mode = "wayf" only)
text-after-logins string Fisnishing text after
idps array List of enabled idps to whitelist; it will filtered by enabled organisatzions by shibboleth
return-url string Return url to your application afer logging in on then organization url
- '/shib_login.php' is for Ilias LMS

Devlopment hints

  • Requirements: local installation of php; you can use its internal webservice
  • Extract files in a local folder or use git clone
  • start php -S localhost:9000 and open http://localhost:9000 in your webbrowser
  • Get the files of the discofeed from a production machine running shibboleth and store it as discofeed cache file:
    curl https://example.com/Shibboleth.sso/DiscoFeed > discofeed.json
  • After reachin cache TTL you can repeat the curl command or touch discofeed.json