AAI Login page
A login page for multiple AAI organisations.
- PHP
- License: GNU GPL 3.0
- Source: https://git-repo.iml.unibe.ch/iml-open-source/login-aai
⚠️ Work in progress!
Description
We have projects with multiple organisations in different countries. We used the WAYF script in the login page so far.
When editing login pages in Ilias 9 then javascript is now filtered out while saving. That's why we couldn't embed our current WAYF script anymore. This is a standalone login page that offers a list of organisations and can be customized.
This reads the discofeed. By a given positive list of Idps it shows a list of identity providers to login on the visitors organisation.
Features
- Displays a list of allowed Identity providers
- The list is filtered during typing in the search field. When entering multiple words all keywords must match.
- The filter is stored in localstorage of the webbrowser. On reload or the next week the last filter will be activated.
- A set of filter buttons by TLD will be generated. It is shown when minimum 2 TLDs were found.
Requirements
- PHP 8.2
- PHP web aaplication with mod_shibboleth
Installation
- In the webroot create a subfolder "login_aai".
- Set a Link for Login to
/login_aai/where needed - Copy config.php.dist to config.php and make your changes.
Configuration
First an example configuration:
<?php
return [
'title' => 'AAI Login',
// -- language to fetch texts in discofeed
'lang' => 'de',
// -- enable one of it:
'mode' => 'boxes',
// 'mode' => 'wayf',
// -- maintenance hint or other message on top
// 'text-info' => '+++ Hinweis +++ Hinweis +++ Hinweis +++ Hinweis +++',
// -- text before and after
'text-before' => '<p>Studierende und Dozenten nutzen in der Regel das nachfolgende "Anmelden":</p>',
'text-after' => '<br><br><h2>Anmeldung ohne AAI</h2>
<p>
Klicken Sie auf: <br />
<a href="/login.php" onclick="">Gast-Zugang</a>
</p>',
// -- positive list of IDPs
'idps' => [
"https://aai-idp.unibe.ch/idp/shibboleth",
"https://aai.insel.ch/idp/shibboleth",
"https://aai-logon.vho-switchaai.ch/idp/shibboleth",
"https://aai-logon.unibas.ch/idp/shibboleth",
],
// -- return URL
'return-url' => '/shib_login.php'
// -- cache for discofeed
'cachefile' => 'discofeed.json',
'cachettl' => 60*60,
];| Key | Type | Description |
|---|---|---|
| title | string | Title of the login page; used for title tag and h1 header |
| lang | string | Language to detect texts in discofeed as 2 letter code; If the language is not found it takes the 1st text item |
| mode | string | Selection mode; one of - "wayf" Selection with WAYF script from Switch or- "boxes" Boxes with images incl. filter field |
| text-info | string | When not empty: show a warning banner with its text on top eg. for maintenance messages |
| text-before-wayf | string | Text to show before wayf select box (for mode = "wayf" only) |
| text-after-logins | string | Fisnishing text after |
| idps | array | List of enabled idps to whitelist; it will filtered by enabled organisatzions by shibboleth |
| return-url | string | Return url to your application afer logging in on then organization url - '/shib_login.php' is for Ilias LMS |
| cachefile | string | Releative path for cache file; default: discofeed.json |
| cachettl | integer | Caching time for cache file (discofeed.json ); default: 60 min |
Devlopment hints
- Requirements: local installation of php; you can use its internal webservice
- Extract files in a local folder or use git clone
- start
php -S localhost:9000and open http://localhost:9000 in your webbrowser - Get the files of the discofeed from a production machine running shibboleth and store it as discofeed cache file:
curl https://example.com/Shibboleth.sso/DiscoFeed > discofeed.json - After reachin cache TTL you can repeat the curl command or
touch discofeed.json