-
Notifications
You must be signed in to change notification settings - Fork 0
/
ChangeLog
1361 lines (1361 loc) · 131 KB
/
ChangeLog
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
3cccbd3 2024-04-13 Use service-lib v2.3.1
c9de552 2024-04-12 Update ChangeLog
12ebd0d 2024-04-12 Use service-lib v2.3.0
a4e5ffa 2024-04-12 CIL-1967 Fix issues found during WCAG accessibility assessment
1e9d2a3 2024-04-08 Rename config to DYNAMODB_PHPSESSIONS_*
6ec9752 2024-04-06 Fix typo in comment
d4d5118 2024-04-05 CIL-1963 Use DynamoDB for PHP sessions
926e842 2024-03-21 CIL-1950 Add LDaCA logo png locally
4686199 2024-03-21 Update ChangeLog
cff76ba 2024-03-21 Use service-lib v2.2.1
cd4fd02 2024-03-19 CIL-1917/1949/1950 New AAF logo
e5912f4 2024-01-23 CIL-1917 Add image for CADRE skin
05662f3 2024-01-05 Use service-lib v2.2.0
62a0dc7 2024-01-05 Update LICENSE for 2024
2fb77f2 2023-11-13 Update ChangeLog
1594ebd 2023-11-13 CIL-1812 Allow session vars NOT to be output
9aad1d3 2023-11-10 CIL-1883 New skin for RENCI
6745506 2023-10-30 Bug fix
7d43b36 2023-10-30 Use service-lib v2.1.1
723ed39 2023-10-30 Update ChangeLog
00752f0 2023-10-30 CIL-1812 Prevent open directs
a4ad818 2023-08-29 CIL-554 OAuth 1.0a support is retired
dee32f2 2023-08-29 CIL-554 OAuth 1.0a support is retired
4254473 2023-08-03 Update ChangeLog for v2.1.0 release
d558283 2023-07-27 CIL-1806 Consume uidNumber from UIUC IdP
c817586 2023-07-21 CIL-1800 Fix broken Microsoft OAuth2 logins
b467af1 2023-07-18 Use service-lib 2.0.0 release
02f0d75 2023-07-17 Update ChangeLog
2a2c343 2023-07-17 PHP support up to v8.1
f1e3f9e 2023-06-12 CIL-1769 Enable use of read-only database endpoint.
65e7344 2023-06-12 CIL-1751 Allow multiple Metadata XML source files.
341d478 2023-06-12 Remove outdated idplist.php utility
d3468bb 2023-05-31 CIL-1738 Assert support for eduPersonAssurance
32493a5 2023-05-11 Require at least PHP 7
b572e42 2023-04-18 CIL-1713 Separate PHP DB code from PHP sessions code
93e3795 2023-04-11 CIL-1632 Add comment about "showhidden=0" to UNset it.
0a0d2ac 2023-04-09 CIL-1632 For hidden IdPs, allow "showhidden" parameter.
b4a7cb5 2023-04-04 CIL-1626 Redirect to OIDC client on common errors.
39e4f9e 2023-04-04 Update idpquery for 'Personalized' IdPs
cb1df60 2023-04-01 Update comment
0241c0f 2023-03-31 CIL-1685 Comment-Add link to eduGAIN Participants list
31466e4 2023-03-31 CIL-1685 Restrict IdPs based on Registration Authorities
187e8f2 2023-03-27 Update ChangeLog
255e304 2023-03-24 CIL-1674 STATUS_EPTID_MISMATCH can be WARNING or ERROR.
87bf414 2023-03-22 Remove outdated comments
6923f3c 2023-03-10 CIL-1342 Use custom_error_uri instead of error_uri
e4b07a0 2023-03-01 /testidp is not skinnable
60fd8ca 2023-02-28 CIL-1643 Allow extra HTML/JavaScript to be added
a18ff6d 2023-02-14 Bug fix
e3cf4fe 2023-02-09 CIL-1632 - Skin option for "Hidden" IdPs.
cf03e61 2023-01-31 CIL-1613 Add logo for FABRIC skin
69851f5 2023-01-12 CIL-1602 Change http:// to https:// where possible
1d621c5 2023-01-06 CIL-1595 Show 'preferred' IdP at top of list
89dcee3 2022-11-10 Fix typo
1540b6a 2022-11-09 Icon was missing white background
0aa890c 2022-11-09 Add SVG version of CILogon Logo.
cb5227b 2022-11-09 CIL-1559 Fix cilogon.org/example returning HTTP 500
354613b 2022-10-18 Revert last commit
98b28c2 2022-10-18 CIL-1533 Add trailing slash to .well-known 'authorize' endpoint
edcbe0f 2022-10-14 Fix typo
b30a41a 2022-10-14 CIL-1515 Add skin option <maxrecentidps>
9c863cd 2022-10-14 CIL-1515 Recent IdPs at the top should not appear again.
ffb5017 2022-10-08 Bug fixes.
17baf04 2022-10-07 Add tooltip for sso_idp_array
5ea4826 2022-10-07 CIL-1523 Update BioCommons skin
f378daf 2022-10-07 Rewrite code for ACCESS SSO. Add skin options for front page.
9070766 2022-10-05 CIL-1510 Allow admin_id for bypass/skin arrays
e52f9d0 2022-09-23 CIL-1416 Output 'hide' to hidden form input for next page load
f164cd9 2022-08-31 CIL-1369 Don't query the COmanage database
da35938 2022-08-31 CIL-1416 Allow hiding sections on cilogon.org/me
77c5cdc 2022-08-30 CIL-1369 SSO for ACCESS clients
12e4244 2022-08-23 CIL-1311 Change OAuth2 IdP entityIDs
5c31e0c 2022-08-22 Add logo for ACCESS
5c6a394 2022-08-18 CIL-1342 Redirect to error uri on QDL error.
0fde4d0 2022-08-18 CIL-1342 Redirect to error uri on QDL error.
6d1f48a 2022-08-11 CIL-1377 Upgrade to PHP 8.1.
9be52e7 2022-08-08 Try prefer-stable:true to allow dev packages
ea3bc7f 2022-08-08 Change minimum-stability from dev to stable
08f681c 2022-07-20 CIL-1342 Redirect to custom error uri on QDL error.
c3cca7a 2022-07-07 CIL-1331 Also log input parameters to dbService() function.
7d312bf 2022-07-07 CIL-1331 Log response from setTransactionState
7d1a1b6 2022-07-07 PHP 7.4 is supported
2062835 2022-06-10 CIL-1311 Update OAuth2 URLs (for Google in database).
c4c46b4 2022-05-13 Add missing claims_supported: affiliation, entitlement, itrustuin
590e966 2022-05-13 CIL-1285 Add eduPersonOrcid to claims_supported
f974f93 2022-05-12 CIL-1285 Assert eduPersonOrcid for ORCID logins
23b3092 2022-04-18 Update ChangeLog
a91d794 2022-04-12 CIL-1247 and CIL-1252 - Fix OIDC redirect problems
c7136fb 2022-04-12 Fix minor typos
729b758 2022-03-01 CIL-1194 Fix logic in statusEmbed
d35e428 2022-03-01 CIL-1194 Add StatusPage.io embedded popup frame
0fd46b6 2022-02-24 .well-known/openid-configuration should use DEFAULT_HOSTNAME
a6dd6f0 2022-02-23 Move several endpoints' code to library functions.
2f10673 2022-02-21 Use 'curl' to download InCommon metadata file.
712321b 2022-02-18 CIL-1187 Handle Authn error response from setTransactionState
07a8749 2022-02-18 Use register_shutdown_funtion to delete tmpdir
36b25ca 2022-02-14 'match' is a reserved keyword in PHP 8
f2fc8b3 2022-02-10 CIL-1171 Optionally set domain name
bd300ba 2022-01-11 Add missing comma.
185802f 2022-01-11 CACC-391 Migrate polos to myproxy1/2/dev.
22ce5b9 2021-11-04 CIL-1118 Update 'New IdP Automatically Added' email to include deleted IdPs.
65c80cc 2021-10-28 CIL-1116 Attempt to get Microsoft Azure Active Directory IdP working.
69d2ca8 2021-10-20 Do not show 'system admins have been notified' when no email alert was sent.
bf54b76 2021-10-20 CIL-1098 Don't send email alerts for failed to create OIDC transactions.
9e304c1 2021-10-20 CIL-1098 Filter out more client-initiated email alerts.
22c037a 2021-10-20 CIL-1098 For client-initiated errors, use json_encode when logging arrays.
242caf5 2021-10-20 CIL-1098 Update log messages for client-initiated errors.
086c0bb 2021-10-19 CIL-1098 Don't send email for client-initiated errors.
c3972e3 2021-10-15 CIL-646 Advertise revocation_endpoint in well-known endpoint.
adab346 2021-10-15 CIL-1108 Advertise code_challenge_methods_supported in the .well-known endpoint.
0daa1c0 2021-10-14 Remove lcobucci/jwt dependency from the top level.
3f88dbc 2021-10-14 Add lcobucci/jwt dependency back to main service repo.
23c2fb4 2021-10-14 Remove spurious comma.
27d9336 2021-10-14 Remove lcobucci/jwt dependency.
2eb9c43 2021-10-14 Update PHP libraries to latest versions.
2202091 2021-10-14 Update PHP dependencies to latest versions.
88dcbe3 2021-10-07 CIL-738 Add introspection endpoint to openid-configuration.
80ff2e3 2021-10-04 CIL-1032 Block IdPs with name of 'idp' or 'IdP Proxy'.
21d666d 2021-10-01 CIL-554 Retire support for OAuth 1.0a
65550fd 2021-09-23 Fix token-exchange value
dd1eed3 2021-09-23 Change grant_type:token_exchange to grant-type:token-exchange
5c17f7c 2021-09-20 Define HOSTNAME_FOOTER to print out local hostname below page footer.
f8d2ce1 2021-09-16 Remove 'token' as supported response type.
3aacd93 2021-09-10 CIL-1080 1080 Hide problematic IdPs from 'Select an Identity Provider' list.
01ee0ec 2021-09-02 Bug fix.
62c52cb 2021-08-31 Add support for new CentOS 7 polos (j/k/l).
35f020f 2021-08-27 CIL-1068 Add config option for custom favicon. First use case is LIGO.
d70b3fb 2021-08-10 Comment out 3 *_ARRAYs since they are now stored in the 'ciloa2.bypass' database table.
a5c5ea1 2021-08-10 Update SQL to create 'bypass' table.
d8551a4 2021-08-07 CIL-1052 Allow config.php ARRAYs to be stored in the database. For the ALLOW_BYPASS_ARRAY, change from an indexed array to an associative array since we need the client_id/redirect_uri to be in the 'keys' of the array rather than the 'values'.
b432349 2021-07-30 Make thumbs up/down column a bit wider.
fab09de 2021-07-29 Use thumbs up/down icons for approve/deny user_code.
a26a2b7 2021-07-29 Check for 'qrencode' to print out QR code of VERIFICATION_URI_COMPETE.
7c0de10 2021-07-28 Check for jq v1.6 only if jq is installed.
546c4cf 2021-07-28 'jq' version 1.6 is needed for 'bash64d'.
f9b9560 2021-07-26 CIL-1045 Add OAuth1 retirement banner.
dae67ae 2021-07-25 Regex RE is no longer needed.
62ca147 2021-07-25 Add check for Google which requires non-empty 'scope' parameter (since no scopes are associated with the Google client).
a9c16d7 2021-07-25 Initial check-in of deviceflow.sh test script.
941f897 2021-07-25 Add error_description (if available) to the basic error messages.
6041e33 2021-07-25 Remove end-of-line whitespace.
16d1379 2021-07-25 Add response_types_supported and grant_types_supported to match OA4MP.
6d9f971 2021-07-25 Enable auto-focus for user code text input.
7d6bf81 2021-07-24 Call userCodeApproved only if no errors previously.
f678417 2021-07-23 Add missing closing curly bracket.
a4b4e46 2021-07-23 Move error string calculations to a function.
4d268fb 2021-07-23 Fix typo.
11061c2 2021-07-23 Fix error message output.
627ee72 2021-07-22 CIL-1044 Force XSEDE IdP for "XSEDE Registry TEST" client.
3657a98 2021-07-14 Tweak generic error text.
5628fc2 2021-07-14 Tweak generic error string format.
eae60d4 2021-07-14 When no button is clicked, call verifyUserCodeParam to scan for query parameters such as idphint.
da3bdb4 2021-07-14 Call code which can auto redirect based on ALLOW_BYPASS_ARRAY and idphint.
ae7bc7b 2021-07-14 Tweak user_code error message.
5be696c 2021-07-14 Reformat user_code error output.
7e7155e 2021-07-14 Attempt to save query parameters selected_idp, idphint, and initialidp across page loads.
a042d51 2021-07-14 Fix formatting of error box.
ec51cec 2021-07-14 Call setTransactionState only when if user logged on, not when user clicked 'Cancel' to deny the device user_code.
d36c144 2021-07-14 Tweak error output for device code flow.
1652faf 2021-07-14 Add device_authorization_endpoint and scope=offline_access.
0774b58 2021-07-13 CIL-935 Device flow. Associate authenticated user's user_uid with the transaction with setTransactionState.
470f15c 2021-07-10 Fix typo.
1ad2049 2021-07-07 CIL-1028 Make 'mgrstest' client use NCSA IdP.
77a6e79 2021-06-24 CIL-1017 Create new 'flywheel' skin without any IdP restrictions.
a6b2f03 2021-06-23 Remove deleted flywheel client_id.
cb51d97 2021-06-16 Allow "Custos Portal" to bypass logon page.
9a8e969 2021-06-15 CIL-1003 Capture GitHub 'login' as 'preferred_username' claim.
810a0e5 2021-06-07 CIL-995 Add images for new 'cybergisx' skin. (CSS is stored in database.)
78ccb9b 2021-06-03 CIL-994 Force "NCSA Metrics Grafana" client to use NCSA IdP.
d9fc8a8 2021-05-13 CIL-979 Speed up display of "Select an Identity Provider" page by loading the list of IdPs with an Ajax 'GET' after the page has rendered.
3b681ab 2021-05-13 CIL-978 Check for 'idphint' query parameter for the /idplist endpoint.
6c5673b 2021-05-06 Redirect OIDC client 'XSEDE Registry' (client_id='cilogon:/client_id/7126656af0c274e97e17f3d968faba5e') to the XSEDE IdP, bypassing CILogon.
e1a3428 2021-05-04 CIL-975 Generalize handling of AssertionConsumerServiceURL rewriting for ADFS IdPs (like Syngenta and NSF).
256fe76 2021-04-27 CIL-951 Add MYPROXY_SERVER_DN_MAP for MyProxy hostnames which do not match the configured MyProxy CA server name.
c8ba5fe 2021-04-27 Add sanity checks to verify 'defines' exist in config.php.
a0a37d1 2021-04-27 Remove PGSQL_* defines from config.secrets.example.php since we don't use PostgreSQL anymore.
cb26844 2021-04-26 CIL-959 Put NSF.gov AD-IdP AMR handling code in IdpList.php instead.
f1c68d0 2021-04-26 CIL-959 Add support for SAML attribute 'AMR' (authnmethodsreferences) asserted by NSF.gov's new AD-based IdP.
32b5955 2021-04-12 Use the renamed 'main' branch of service-lib instead of 'master'.
df4ceb9 2021-03-29 CIL-946 Force 'googlegithub' skin for MistEE client (client_id='cilogon:/client_id/7736935ccc1dfc779013a4206ca405ea').
49adad4 2021-03-19 CIL-943 Add login2.ligo.org to list of ECP-enabled IdPs.
8ab4eaa 2021-03-18 Add DEFAULT_LOGNAME for writing logs to file.
daa4562 2021-03-11 Missed one XSEDE USAGE location.
09100b4 2021-03-11 CIL-938 Write XSEDE USAGE messages to CVS files in a configurable directory.
b314263 2021-03-11 Formatting to make phpcs happy.
b55da10 2021-03-10 Add DEFAULT_LOGTYPE to enable logging to console. Change email addresses to be fully defined (rather than using DEFAULT_HOSTNAME).
022f2d6 2021-03-09 Ignore error from array_intersect_key().
b341ab6 2021-03-09 Update database connection to use configured database and host.
4ac8657 2021-03-09 Put a green checkbox or red times on the code verification page.
5a90311 2021-03-09 If device request did not include scope, assume same scope as registered client.
cdb642a 2021-03-08 CIL-935 Initial implementation of user-facing Device Authorization Grant flow to enter user code and select IdP.
b3d7a10 2021-03-08 Remove 'stage' PHP session variable which was previously used in conjunction with the 'Show/Hide Help' button.
5f9e290 2021-03-08 Add a JavaScript function to convert input field to uppercase.
ad7cf96 2021-03-08 Move printOIDCConsent to Util.php.
42abcbd 2021-03-04 Update dynamic client registration endpoint in /.well-known/openid-configuration.
daae54b 2021-03-04 Add .well-known/acme-challenge directory for Let's Encrypt.
9633a0d 2021-02-25 Put MyProxy client credential in config.php.
0b50bb7 2021-02-25 For /updateidplist/ , add a semaphore check to prevent multiple concurrent processes.
553e0b3 2021-02-09 As requested by Rob Guthridge, force NIH skin for OCCPR Author Management System.
fbf714f 2021-01-20 CIL-909 Also check error_description when returned error code is STATUS_CREATE_TRANSACTION_FAILED.
ba454cd 2021-01-20 CIL-909 Use the error_description returned by OA4MP only for generic error codes such as STATUS_INTERNAL_ERROR.
126dc19 2021-01-07 CIL-899 Move ORCID 'amr' code from 'service' repo to 'oauth2-orcid' repo.
93f60af 2020-12-10 IL-895 Config option for PHP session file store directory.
108baa7 2020-11-16 Force 'mgrs' client to use NCSA IdP.
0d5c5a2 2020-11-10 Remove pear/DB repo from composer.json
bb2ce9a 2020-11-06 CIL-865 CIL-866 Ignore .last_checked file generated by new web endpoints
f855ebc 2020-11-06 Make iforge Open OnDemand use NCSA IdP.
2841eaa 2020-11-05 If comment out EMAIL_IDP_UPDATES, don't send 'New IdPs Added' email.
73fe93b 2020-11-05 Add newlines to output HTML messages for wget/curl stdout.
fd66ba8 2020-11-05 CIL-866 Put idp-update email address in top-level config.php
b90c1ad 2020-11-05 CIL-866 Add new web endpoint /updateidplist/ to update idplist.json and idplist.xml
3a1c513 2020-11-05 Add parens for math op.
cc4d65a 2020-11-05 Delete vim temp file.
67482cd 2020-11-05 Fix comment in /idplist/ endpoint.
3dd24a9 2020-11-05 CIL-865 Fix 'Please wait X seconds' output message.
d65e5c3 2020-11-05 CIL-865 Add '/cleancerts/' endpoint to remove old PKCS12 certificates.
a51e1cd 2020-11-02 CIL-864 Add config option for PKCS12 directory.
005ffe3 2020-11-02 CIL-864 Add config option for PKCS12 directory.
cb934d3 2020-10-29 Force "CPTAC Author Directory" client to use NIH skin.
29e5aec 2020-10-28 Add KAGRA to list of ECP-enabled IdPs.
e5d1cea 2020-10-12 Use NCSA IdP for ipam.ncsa.illinois.edu
f07a424 2020-10-09 Add new skin 'osn' for Jim Culbert at MGHPCC.
808360b 2020-10-05 Force OIDC client "NCSA Internal (Savannah)" to use NCSA IdP.
d4d5d3e 2020-10-05 Force NIH skin for Analysis Management Portal (Production), requested by Paul Khouri Saba.
70e8e65 2020-10-01 Add MESS skin for OneID demo.
5262a64 2020-09-28 CIL-831 More detailed OIDC error messages.
5967cbe 2020-09-28 CIL-831 Return more detailed OIDC error messages from PHP code.
88dd7ea 2020-09-28 CIL-832 Make 'NCSA GitLab' OIDC client use NCSA IdP
e752256 2020-09-17 CIL-809 Force 'biocommons' skin for biocommons.org.au callback URIs.
33aa03d 2020-09-17 CIL-809 Add 'biocommons' skin for Australian BioCommons.
8f83ed9 2020-09-02 Move composer require lcobucci/jwt to top-level CILogon service since it is not used by CILogon service-lib.
0a9f536 2020-09-02 CIL-799 Get AMR (AuthnMethodRef) from ORCID id_token.
c0f7fd1 2020-08-26 On the '/me' page, add <br/> in portalparams output.
e8bd2af 2020-08-24 CIL-793 For the OAuth 1.0a flow, check for missing first_name or last_name. If so, use display_name to split on space like we used to.
10f060b 2020-08-17 CIL-782 force skin for XSEDE Registry TEST and DEV
aa54f65 2020-08-10 CIL-730 https://idp.login.iu.edu/idp/shibboleth has been readded to InCommon metadata as "zTest - Indiana University", so remove it from the global "redlit" list.
858192a 2020-08-07 Update README.md
1fcbd93 2020-08-07 CIL-779 Display only registered scopes in the OIDC consent box.
b437783 2020-08-07 CIL-780 Prevent Google for https://jupyterhub.nautilus.optiputer.net .
17852fa 2020-08-05 CIL-728 Update Privacy Policy link.
fdb2e51 2020-07-30 Add new script dbtoskin which reads skin configs from the database and writes them to the filesystem.
0854393 2020-07-30 Add more help text to skintodb script.
6375500 2020-07-23 Remove two old IdPs from the globally 'redlit' array since they are no longer in InCommon metadata.
71b222a 2020-07-23 Per Rob Kooper, make SIMPL client redirect to Syngenta IdP, bypassing CILogon 'Select an Identity Provider' page.
e56bddb 2020-07-22 For <footertext>, HTML entities like '<' must be escaped as < .
c4a9e5a 2020-07-22 CIL-742 Change whitelisted/blacklisted to greenlit/redlit.
4086889 2020-07-22 CIL-763 Add query parameter 'initialidp' to set default IdP.
78e7868 2020-07-22 CIL-767 Add skin option for customized footer HTML.
016585f 2020-06-29 Allow bypass for flywheel when using idp_hint.
3661413 2020-06-18 Allow test.galaxyproject.org to bypass CILogon when usind idphint.
9e45221 2020-06-12 Per Jeff Gaynor, add "client_secret_basic" as an option under "token_endpoint_auth_methods_supported".
7c38c8a 2020-06-11 CIL-730 Globally blacklist new "Indiana University Login" IdP.
0da7470 2020-06-11 CIL-731 Globally blacklist "Institute of Technology Sligo" IdP.
cf90aaa 2020-06-08 Update regex for flywheel to limit to dev|prod.
700b3f6 2020-06-05 Remove spaces at end of lines.
3ffca4c 2020-06-05 Force the 'flywheel' skin for clients matching https://flywheel*.auth0.com/* .
7b66e94 2020-06-02 Update comment to reference Bootstrap CSS v4.5.
568de81 2020-05-27 CIL-712 Add skin config option to display text in an informational banner at the top of the page.
a22f15a 2020-05-20 CIL-711 Force Jim Basney's demo client to use SCiMMA skin.
ab0929b 2020-05-15 Add "grant_types_supported" and "service_documentation" entries to OIDC Discovery endpoint.
cfbf8a5 2020-05-15 'token_id' is now an asserted claim.
bc63eec 2020-05-11 Allow CILogon bypass for another Custos client.
72569fb 2020-05-01 Remove dependency on PEAR Config which was used to read GridShibCA configuration.
5d5c3d6 2020-04-26 Show the 'Delete ALL' button on the '/me' page when at least one of the 'Delete Brower Cookies' button or 'Delete Session Variables' button is shown (rather than when both are shown).
959925c 2020-04-26 CIL-690 Since skins are now stored in the database, remove them from the filesystem.
7a24c15 2020-04-25 Fix regex for myproxy.getcert scope.
b4efa78 2020-04-25 Add missing 'Util::' to getGetVar().
7ae14e8 2020-04-25 Add missing closing paren.
0db328f 2020-04-25 CIL-624 Add config option DISABLE_X509 to prevent downloading of certificates.
0dd51b7 2020-04-25 Loop through skin directories in alphabetical order.
4ef43d0 2020-04-25 Clean up skins by deleting blank lines from CSS and removing the <idplistsize> option which is no longer used.
00d122c 2020-04-25 CIL-690 Create script to move skins on filesystem into a new 'skins' database table.
14cc76a 2020-04-24 Fix typo in comment block.
bc254a0 2020-04-24 CIL-690 Make all skin directories lower case for easier searches.
10e0aa3 2020-04-24 CIL-690 As part of the move of skins from filesystem to database, move all skin images to the top level web '/images/' directory.
25b0e2d 2020-04-22 CIL-680 Custom IdP list for classtranscribe.
b1d324f 2020-04-21 Add two more Custos clients to the bypass array.
01421ec 2020-04-17 Allow IdP bypass for Galaxy OIDC client.
17dd6a4 2020-04-14 CIL-687 Create skin for flywheel.io.
e0a1ee2 2020-04-14 List more supported OIDC claims.
212ef03 2020-04-10 For CloudBank skin, make UCSD the default.
2daf760 2020-04-10 Blacklist Google for CloudBank skin.
7650abd 2020-04-07 Update ChangeLog.
ad9ccc6 2020-04-06 For testidp endpoint, check for the bare minimum of user attributes.
fab1f02 2020-04-06 For testidp endpoint, check for the bare minimum of user attributes.
720d6c5 2020-04-02 CIL-677 Add closing search delimiter.
804a9c5 2020-04-02 CIL-677 Force SCiMMA skin for https://.*\.scimma\.org/.*
9802725 2020-04-02 CIL-677 Force SCiMMA skin for https://.*\.scimma\.org/.*
2f51ed1 2020-03-31 Rename a couple of functions to make get/set pair.
488e216 2020-03-27 CIL-540 Remove the adduser.php util since nobody uses it and it's a pain to maintain.
04958f3 2020-03-27 CIL-540 Rename PHP session variables for user attributes to match those used by the dbService?action=getUser webapp. Also (re)set these session attributes after calling the dbService so the PHP session matches what is in the database.
4bd14ce 2020-03-26 Force two more ICPC clients to use the NIH skin.
91f5288 2020-03-25 Remove reference to two_factor from showuser.php.
142095f 2020-03-25 Allow idphint bypass for 'Birmingham BEAR: Advanced Research Computing'.
c7fb8b2 2020-03-20 CIL-672 Define help@/alerts@cilogon.org in top-level config.php file.
87a7e8a 2020-02-07 CIL-540 Stop splitting display name into first/last name when first/last name is not present.
ab4c862 2020-03-19 CIL-649 Make subject_id and pairwise_id distinct parameters to the dbService rather than part of attr_json.
ad6c0ca 2020-02-07 CIL-540 Stop splitting display name into first/last name when first/last name is not present.
0128f2e 2020-03-13 BUG - Move ending </div> tag into previous if..then block.
8378ddf 2020-02-07 CIL-540 Stop splitting display name into first/last name when first/last name is not present.
786a1ae 2020-03-10 Make bhr-test.internal.ncsa.edu use NCSA IdP by default.
af69e5e 2020-02-07 CIL-540 Stop splitting display name into first/last name when first/last name is not present.
7680975 2020-03-05 CIL-670 Force Flywheel OIDC client to use 'oauthonly' skin.
949b72f 2020-03-05 CIL-670 Create new skin 'oauthonly' for social IdPs.
0782f4a 2020-02-07 CIL-540 Stop splitting display name into first/last name when first/last name is not present.
9ea5655 2020-02-28 CIL-669 Configure "Comet Test Gateway" to force XSEDE IdP.
0b95006 2020-02-07 CIL-540 Stop splitting display name into first/last name when first/last name is not present.
69b27d3 2020-02-28 CIL-668 Add skin for cloudbank.
9719991 2020-02-07 CIL-540 Stop splitting display name into first/last name when first/last name is not present.
8d8f328 2020-02-28 CIL-667 Blacklist "Institute of Technology Sligo" in gwastro skin.
63ab2e8 2020-02-07 CIL-540 Stop splitting display name into first/last name when first/last name is not present.
2e0c34a 2020-02-24 CIL-664 Prevent "Institute of Technology Sligo" IdP from appearing with the LIGO skin.
5cc776f 2020-02-07 CIL-540 Stop splitting display name into first/last name when first/last name is not present.
6ba592a 2020-02-14 CIL-661 Create skin for SCiMMA
f0c05a6 2020-02-13 CIL-658 Break out of loop after finding 'scope' parameter.
41f7db9 2020-02-13 CIL-658 Handle double-encoded sapces in 'scope' parameter.
6e7f2f6 2020-02-11 Allow John Hopkins Galaxy OIDC client to bypass CILogon page.
2b33fd6 2020-02-09 Change 'fprint' to 'fwrite'.
6a0fb0d 2020-02-09 Change 'fprint' to 'fwrite'.
5d5f50c 2020-02-07 CIL-540 Stop splitting display name into first/last name when first/last name is not present.
24290f3 2020-02-06 CIL-655 Display actual LOA (assurance) instead of InCommon "silver".
51adf2f 2020-02-04 defined() requires quoted string.
b514557 2020-02-03 Rob Kooper wanted a specific client_id to use the 'sprout' skin rather than specifying the redirect_uris in the skin configuration.
6f2d910 2020-01-29 CIL-649 Add support for subject-id and pairwise-id SAML attributes.
caf07b3 2020-01-28 CIL-650 Limit Satori Portal to use MIT IdP only
c17fee5 2020-01-28 CIL-651 Use NIH skin for several CSSI clients.
3340995 2020-01-24 Update 'force skin' for fairdata to use client_id rather than redirect_uri.
abeb4e0 2020-01-07 Add skin option to always expand the "Create Password-Protected Certificate" collapsible card. Update DataONE skin to use the new option.
9fdd8bf 2020-01-07 Don't underline <a> links inside a button.
b5c69a6 2020-01-06 CIL-636 Remove Globus and OSG files from cilogon-ca-certificates.tar.gz.
92a7895 2020-01-06 CIL-636 Replace macros with actual values in cilogon-{basic,openid,silver}.info files.
f239fe5 2019-12-13 As requested by Hari Mailvaganam <hari.mailvaganam@ubc.ca>, add University of British Columbia to ecpidps.txt .
3a0846a 2019-12-09 CIL-175, CIL-615, CIL-616, CIL-620 - Bootstrap CSS redesign (MAJOR UPDATE). Use bootstrap-select for "Select an Identity Provider" dropdown. Show cert DN, user attributes, IdP attributes on X509 page. Remove "Show Help" button.
1a0f387 2019-12-09 CIL-632 Allow arbitrary scopes (i.e., other than 'openid', 'email', 'profile', etc.) to be shown in the OIDC 'consent' block on /authorize/ to support SciTokens in the future.
e0022aa 2019-12-09 Make 'sprouttest' skin files symlinks to 'sprout' files.
65f9790 2019-12-09 Bamboo project completed in 2012. Remove corresponding 'bamboo' skin.
b8d3791 2019-12-09 CIL-577 - Since GridShib CA is retired, no need for the 'jws' skin.
46b9c35 2019-12-02 Add space for PSR-12 compliance.
878d68a 2019-12-02 CIL-629 Remove "Request Silver" checkbox on "Select an IdP" page.
da90a4c 2019-11-26 Fix help text for "password|P" option.
a29dfdf 2019-11-25 Fix bugs as suggested by scrutinizer-ci.com .
00c2408 2019-11-25 CIL-410 For /testidp/ use 'standard' flow when getting user attributes.
ce7ac93 2019-11-22 Move unset 'storeattributes' to a different function.
ee73786 2019-11-22 Need to set value for storeattributes session var.
be3fd2b 2019-11-22 Remove unused code.
b41a6b5 2019-11-22 Remove unused code.
23b4a38 2019-11-22 CIL-618 Read OIDC client info from database rather than using '/dbService?action=getClient'.
b37becf 2019-11-21 CIL-624 Fix typo - $disabled should be $pkcs12disabled.
2424cad 2019-11-21 CIL-624 if MYPROXY_LOGON binary is not configured, show error message that downloading certificates is disabled.
fe373dc 2019-11-21 Remove spaces at end of line.
d8f226b 2019-11-21 CIL-410 Refactor /testidp/ to use standard 'getuser' flow for both SAML and OAuth2 IdPs.
2b88151 2019-11-21 Move getCertInfo() to Content.php.
d2b1470 2019-11-20 Revert "Change strlen() to empty() where appropriate."
d6c0da4 2019-11-20 Move $disableligoalerts config to DISABLE_LIGO_ALERTS in top-level config.php.
e6aa0cb 2019-11-20 Change strlen() to empty() where appropriate.
5ecb17a 2019-11-20 CIL-613 Replace 'allowbypass' skin with ALLOW_BYPASS_ARRAY in config.php.
0859a28 2019-11-20 CIL-625 Move hostname mapping to config.php .
4a76074 2019-11-20 Update cilogon.xml to match InCommon Metadata.
b3502c5 2019-11-20 Remove unnecessary require statements.
6531ca6 2019-11-19 Add extra '/../' for directory includes.
96c1cae 2019-11-19 Fix constant names in command line utilities.
768ba8e 2019-11-19 CIL-611 and CIL-622 - Move various config options/files to 'define()' statements in top-level config.php and config.secrets.php.
f1982d6 2019-11-19 CIL-577 GridShib-CA is gone, so no need for deployJava.js.
3dd348d 2019-11-19 Remove creation of symlink to Duo JavaScript.
eaa09a8 2019-11-19 CIL-614 Remove CILogon 2FA capability (i.e., local Google Authenticator / Duo).
8eeafe5 2019-11-18 CIL-621 Move "function" definitions out of top-level index.php files for PSR12 compliance (https://www.php-fig.org/psr/psr-12/).
5a053ec 2019-11-18 CIL-626 Allow browser 'reload page' on "Get New Certificate" page.
01b6168 2019-11-18 Need to delete one line from Javascript.
2a88ca7 2019-11-18 CIL-577 Retire CILogon GridShibCA. Remove no-longer-needed PHP code pertaining to GridShib CA.
6936598 2019-11-13 Add libraries needed by adduser.php script.
7ba6687 2019-11-07 CIL-610 Create new skin 'allowbypass' which will allow specific client_ids to pass "idphint"/"selected_idp" to bypass the "Select an Identity Provider" screen.
0ff2746 2019-11-07 CIL-610 Create new skin 'allowbypass' which will allow specific client_ids to pass "idphint"/"selected_idp" to bypass the "Select an Identity Provider" screen.
5321f7f 2019-10-01 CIL-577 Also remove 'gsca' configurations from skins.
e4a22e9 2019-10-01 CIL-577 When removing GridShibCA, also need to remove "Get New Activation Code" (tokenactionbox) since that relies on GridShibCA.
9a12c63 2019-10-01 CIL-577 Quick-and-dirty removal of GridShibCA. This was done by updating skins to no longer show the "certactionbox" and removing the gridshib-ca directory containing the GridShibCA.jar. Still need to go through the PHP code and remove all references to GridShibCA.
58032ff 2019-09-19 Add Cardiff University to ECP IdP list.
dd7c180 2019-09-17 CIL-598 Add skin config option for IdPs registered by InCommon.
3beb5ae 2019-09-17 Make code compliant with PSR-12 (https://www.php-fig.org/psr/psr-12/).
7a11d61 2019-08-28 CIL-577 Set DataONE skin PKCS lifetime to 18 hours.
b056e2c 2019-08-27 CIL-590 Output error message for eduGAIN IdP restriction.
c911082 2019-08-26 CIL-593 Disable Download Certificate (JWS) on 2019-10-01.
d520d6d 2019-08-21 Remove spurious comma.
c8ab134 2019-08-20 Remove 'token' and 'id_token' from reponse_types_supported in /.well-known/openid-configuration .
11d0a1d 2019-08-20 CIL-590 Forgot to get $shibarray first.
f75b37c 2019-08-20 CIL-590 Check for eduGAIN IdPs without REFEDS R&S and SIRTFI attempting to get certs via ECP.
f777422 2019-08-19 CIL-589 Add response_modes_supported to /.well-known/openid-configuration .
e4501f8 2019-08-19 Redirect https://iam.scigap.org/auth/realms/pfec-hydro/broker/cilogon/endpoint to the IU IdP (urn:mace:incommon:iu.edu).
2f59737 2019-07-24 CIL-587 Create new skin which has ORCID set as <initialidp>. Use this skin for NEON in forceskin.txt.
871b36f 2019-07-18 Match all gray colors.
c0fc3a8 2019-07-18 CIL-580 Add University of Illinois skin 'illinois'.
309883d 2019-07-02 CIL-575 Better handling of OAuth2 createTransaction errors.
454fc03 2019-06-25 As requested by Robert Guthridge <robert.guthridge@nih.gov>, force the 'NIH' skin for client cilogon:/client_id/620b5873fda93e285ea48ad5b09568d2 .
d4df6dd 2019-06-10 Force cilogon:/client_id/112d2f5ffcb986660e0e57e7bcf72a4e to use NIH skin.
853cd99 2019-06-06 Force 'TOP Staging' and 'TOP Production' to use NIH skin.
ef7647b 2019-05-29 Update favicon.ico to be 48x48 to adhere to Google guidelines (https://support.google.com/webmasters/answer/9290858).
24227a6 2019-05-22 IL-568 Add iTrustUIN claim for Rokwire client.
1460581 2019-05-03 CIL-467 Eliminate 'init' endpoint. Use 'dbService?action=createTransation' instead.
12599d1 2019-04-26 Add new ECP IdPs.
5b2e8ec 2019-04-26 CIL-410 In preparation for overhauling /testidp endpoint, allow for saving user attributes to PHP session or to database.
db325f4 2019-04-10 CIL-555 Create '/logout' endpoint to clear CILogon user session.
9b2aa57 2019-04-01 Add SDSU to bypass.txt for iam.scigap.org.
a2e780c 2019-03-22 CIL-555 If query string "nooutput" is given, return 204.
d5948b7 2019-03-22 Remove end-of-line space.
9213acf 2019-03-22 CIL-555 Allow for "Delete..." buttons to be virtually clicked by passing submit="Delete..." query parameter.
92b34d4 2019-03-19 For travis testing, don't test /vendor/ directory.
b43def6 2019-03-19 For parallel-lint, use current directory rather than 'src'.
a53abb1 2019-03-19 Add --dev switch for composer.
1f00111 2019-03-19 For travis, add parallel-lint to composer.json.
8f67cd7 2019-03-19 PHP supported versions are 7.1, 7.2, and 7.3.
33ab1cd 2019-03-19 For travis, test PHP 7.1, 7.2, and 7.3.
a8837bc 2019-03-19 For Anney Che's OIDC client, set the skin to 'NIH'.
d079618 2019-03-05 CIL-549 Better error message when user clicks 'Deny' at ORCID. Use the OIDC 'error_description' message if available rather than 'missing code'.
0f666c9 2019-02-21 Add IdP Duo 2FA support to ecp.pl. User can now specify a Duo 2FA method (auto, push, call, or CODE) if the user's IdP account is configured to require Duo. Thanks to Paul B. Henson <henson@cpp.edu> for figuring out how this works and for the code contribution.
dda855e 2019-02-18 Add Univ of South Dakota to bypass.txt for iamdev.scigap.org.
96bdc5a 2019-02-18 Add UNC-CH to list of ECP-enabled IdPs.
46a1bf7 2019-02-14 CIL-536 For NIH skin, let <idplistsize> determine height of IdP listing.
9de37d3 2019-02-13 CIL-537 Allow client_id to force skin or bypass IdP selection screen.
e170802 2019-02-13 CIL-536 Create new skin for NIH.
31b9530 2019-02-01 CIL-533 Allow ORCID for all gw-astronomy sites.
2b3be6d 2019-01-25 CIL-533 Add new gwastroorcid skin for testing ORCID with registry-dev and registry-test.
c41c754 2019-01-16 CIL-533 For gw-astronomy, blacklist GitHub and ORCID.
825e1e5 2019-01-16 CIL-533 For gw-astronomy, blacklist GitHub and ORCID
5305cbb 2019-01-10 CIL-532 Add eduPersonEntitlement.
6295099 2019-01-09 CIL-530 Add skin for gw-astronomy named "gwastro".
7c4eef0 2018-12-04 CIL-527 - Add available claims "affiliation" and "cert_subject_dn".
cf9460b 2018-12-03 Update ChangeLog.
b6ee895 2018-12-03 Update License date to 2018 and replace template name with CILogon.
e9429e2 2018-11-06 IL-526 Use SHA256withRSA instead of MD5withRSA for pkcs10SigAlgName so that GridShibCA can connect to openssl-1.0.1e-57.el6.
fec2568 2018-10-26 CIL-524 Force LSST skin for https://identity.lsst.org OIDC client.
a7b6530 2018-10-12 Add https://simpl-dev.ncsa.illinois.edu/clowder/authenticate/cilogon to force use of sprouttest skin.
fb2a0e5 2018-09-17 CIL-507 Output special log messages for XSEDE log analysis.
c66d4a7 2018-09-17 Fix typo in comment.
6bb817d 2018-09-07 Add underline to metadata browser URL. Remove text related to 'Add IdP' button which no longer exists.
b8d37c4 2018-09-07 Merge branches 'master', 'master', 'master', 'master', 'master', 'master', 'master' and 'master' of github.com:cilogon/service
414cca4 2018-09-07 CIL-416 Show a few extra warnings on the testidp page.
76ee4a3 2018-09-06 Duplicate 'sprouttest' skin as 'sprout' for eventual rename since Syngenta IdP is now using production cilogon.org.
6414e1b 2018-09-04 Also show Display Name for newly added IdPs.
1501760 2018-08-27 Set simpl.ncsa.illionis.edu to use sprouttest skin for Rob Kooper.
4f896c4 2018-08-27 Add more portals for Justin Azoff to force use of NCSA IdP.
e936e8e 2018-08-27 Merge branches 'master', 'master', 'master' and 'master' of github.com:cilogon/service
a6f0510 2018-08-24 Fix PSR2-related errors.
526412d 2018-08-24 CIL-377 The service-lib code was updated to use mdui:DisplayName in the IdP listing. This new entry is available in the /idplist/ web endpoint, but still storted by OrganizationDisplayName (for SWAMP).
974eafa 2018-08-16 For Justin Azoff's dev client, always use NCSA IdP.
ae38b55 2018-06-22 Also remove "GitHub via eduTEAMS Identity Hub.
2a6be7d 2018-06-22 Blacklist OAuth IdPs for https://fairdata.sdsc.edu .
0a5e114 2018-06-12 Add another sprout url to forceskin.txt.
2af26eb 2018-06-04 CIL-465 Show "Remember this selection" checkbox again.
dff4eb6 2018-05-23 Rob Kooper added a new callback url to the sprout client, so make it use the sprouttest skin.
24731d7 2018-05-23 CIL-471 Show contact email addresses even when no contact name given.
14b4313 2018-04-05 Remove duplicate line.
affadf2 2018-04-05 CIL-466 Make sprout.ncsa.illinios.edu use the sprout skin rather than the NCSA IdP.
19969da 2018-04-05 CIL-466 Make sprout.ncsa.illinois.edu use the sprouttest skin rather than forcing the NCSA IdP.
801f8d6 2018-04-03 CIL-465 Tweaks to the sprouttest skin.
783b1f6 2018-03-27 CIL-462 Save 'acr' (Authentication Context Class Ref) SAML attribute in the PHP session for later use.
4a907cb 2018-02-23 Also remove diacritics from the input search term.
25cd9f8 2018-02-22 Use https://stackoverflow.com/a/37511463 to remove diacritics when searching for an international IdP.
e2d0632 2018-02-15 CIL-458 Remove ProtectNetwork from ECP IdP list.
98b1f6d 2018-02-02 CIL-456 Allow users from agri-clowder.ncsa.illinois.edu to select either NCSA IdP or Syngenta's Azure AD login.
2425d76 2018-01-25 CIL-450 Get Shibboleth member / group attributes.
45bf2b7 2018-01-25 Remove extra linefeeds.
e8f5417 2018-01-10 CIL-431 Create 'bypass.txt' file for campus gateways. This new text file has <callback_uri, idp_entityid> keypairs which indicate gateways that should always use a specific IdP for logging on.
40c4cad 2018-01-10 Remove commented-out line.
3cee8aa 2017-10-30 Use PHP Coveralls v.1.0.2.
6833ef5 2017-10-30 Try to make Travis-CI work with encrypted GITHUB_TOKEN.
036790d 2017-10-25 CIL-418 Update - Add agri-clowder.ncsa.illinois.edu to ncsabypass skin.
ee2adcd 2017-10-24 Should define $errstr before using it.
c3531c0 2017-10-24 CIL-416 - New 'warn' icon for testidp page.
d142f43 2017-10-24 CIL-423 Better end-user error output for OIDC errors with a javax.servlet.ServletException error message.
277f1b8 2017-10-11 Remove unnecessary symlinks to images.
8e2e64b 2017-10-11 CIL-419 , CIL-373 - Skins 'ncsaonly' and 'xsedeonly' display just a sinle IdP to the user on the CILogon OAuth Consent screen. Skins 'ncsabypass' and 'xsedebypass' skip the CILogon OAuth Consent screen for specified portals.
3fc8696 2017-10-10 CIL-418 Set skin=ncsaonly for sprout.ncsa.illinois.edu.
ef8a438 2017-08-22 Forgot closing brace.
e94c6e9 2017-08-22 Add dev.cilogon.org (polod) config for /well-known/openid-configuration.
de8a218 2017-08-04 CIL-407 - If the registered redirect_uri contains a question mark '?' and there is an error, the OIDC authz endpoint appends another question mark rather than an ampersand '&'. Check for this condition an replace all but the first question mark with an ampersand so parse_url() works as expected.
972e350 2017-07-21 When searching for matching IdPs, also check the entityIds for aliases like 'ncsa'.
e75062e 2017-07-21 Change NCSA header background from blue to white.
6a8906d 2017-07-20 CIL-403 Force clowder portal to use NCSA skin.
5fa37c4 2017-07-20 CIL-403 - Add NCSA skin to show 10 IdPs in the list.
1ee9d35 2017-06-16 CIL-401 Now that the blacklist.txt file is consulted when creating the idplist.xml file, add a note to run /etc/cron.hourly/idplist.cron after updating blacklist.txt.
860fbd7 2017-06-16 The idplist.php script needs to include Util.php since the Util class is used in the IdpList class.
c866016 2017-06-12 CIL-397 Allow ORCID for SWAMP skin.
f637fb5 2017-06-09 Set list size of redivis to 3 since only 3 IdPs listed right now.
aff72db 2017-06-09 CIL-394 Create new skin for redivis.com and force use by its OAuth2 portal callback url.
c658ea6 2017-05-25 For those skins which blacklisted Google and GitHub, also blacklist ORCID.
867479c 2017-04-14 CIL-372 - For 'xsede' skin, set <initialidp> to XSEDE.
27c6843 2017-04-14 CIL-373 - Create 'xsedeonly' skin which always automatically uses the XSEDE IdP.
1e721d8 2017-04-05 Add require-dev section for Travis CI testing.
1e6db3e 2017-04-05 Remove hhvm testing.
90fca26 2017-04-05 Try to get Travis CI to build.
8e0f5fa 2017-04-04 Update files to pass PSR2 check (ignoring SideEffects).
21f0f15 2017-04-03 Ignore pkcs12 directory.
093ea82 2017-04-03 Change include path to .../vendor/cilogon/service-lib/...
fdd5da1 2017-04-03 Ignore /include/idplist.{json,xml} files.
28ba83c 2017-04-03 Remove .cvsignore files.
f96ca0d 2017-04-03 Ignore dynamically created symlinks.
edbf411 2017-04-03 Don't delete symlinks.
e68c02d 2017-04-03 Do 'git clone https://' for read-only checkout.
2e50341 2017-04-03 Update ChangeLog using 'git log'.
75b3388 2017-04-03 Run install commands as root.
ea64bec 2017-04-03 Make /var/www/html owned by root.
06736e4 2017-04-03 Update install instructions to run 'sh README.txt'.
5468308 2017-04-03 Since git supports symlinks, no need to create in the README.txt script.
5d230cf 2017-03-31 Make index.php files symlinks to index-site.php files.
f6c71e7 2017-03-31 Move 'include/*.php' to service-lib repo in preparation for transition from SourceForce.net cvs to GitHub.com git.
c0f6f7d 2017-03-20 Add composer.* files to install third party libraries.
fb564d4 2017-03-15 Add XSEDE (and remove UIUC Test) to ECP IdP list.
f36afbf 2017-03-13 Command line PHP scripts cannot do autoload, so must specify include directories manually.
eabc470 2017-03-13 Since composer will run as root, don't allow scripts or plugins.
7ecc272 2017-03-13 Run 'composer install' to pull in external libraries.
9b1f4f9 2017-03-13 Update ChangeLog.
f712111 2017-03-13 * PHP code refactor for PSR-2 (Coding Style) and PSR-4 (Autoloader) compliance. * All external libraries are installed with PHP Composer. * Comments reformatted to be compatible with PHPDoc. * CIL-366 Use PHP League's OAuth2 library for Google. * Added GitHub logon support. * CIL-289 Better single sign on hanlding for OAuth flows. * CIL-254 Secondary LIGO IdP users now appear as login.ligo.org users. * CIL-360 Handle OAuth2 'response_mode'.
8f01fcc 2017-03-13 Force Help button to have a line break, via CSS.
cb36b2d 2017-03-09 Change openid-configuration from static file to php script. Need to update Apache ssl.conf with rewrite rule.
538e1b6 2017-02-20 CIL-367 - Prefer <mdui:DisplayName> over <OrganizationDisplayName> for the list of Identity Providers.
93ad694 2017-02-16 Update PHP QR Code library to latest version.
e84664c 2017-01-25 CIL-339 - Add STATUS_EPTID_MISMATCH error code.
50938a1 2017-01-06 Check if OIDC state paramter is set before using it.
15d7d0e 2017-01-04 openssl + PHP 5.6 gives warning message "unable to write 'random state'" in log files unless .rnd file is writeable by apache.
54ad283 2017-01-03 Remove leading/trailing spaces/tabs/etc. from metadata keys/values.
cb3bdf5 2016-12-05 CIL-357 - Add Marshal University to list of ECP IdPs.
637e6e5 2016-11-24 Move $disabledmsg after check for PKCS12 $disabled.
add6b26 2016-11-22 Add ChangeLog generated by cvs2cl .
e9f506e 2016-11-22 CIL-353 - Inspired by LIGO use-case, add config option to disable downloading of PKCS12 certicates. Instead, print out message that PKCS12 certs are not available for download. Allow configuration to set message displayed to user. Also, for LIGO skin, increase lifetime of certificates to 11.5 days (276 hours).
1fe6255 2016-10-27 The correct thing to do for OAuth 1.0a/2.0 error response is to make the <form> use the 'get' method as described in the OIDC spec.
f3da941 2016-10-26 The correct thing to do for OAuth 1.0a/2.0 error response is to make the <form> use the 'get' method as described in the OIDC spec.
fa5f3db 2016-10-26 For mod_auth_openidc, the error response parameters need to be POSTed (i.e., in a <form>).
2bd3784 2016-10-25 'exit()' after 302 redirects.
84d430f 2016-10-25 Use English version of OrganizationDisplayName rather than the first one found in metadata.
31af004 2016-10-19 Ignore idplist.json from CVS.
563f0f3 2016-09-30 CIL-289 - ePPN is being unset which is causing problems for GridGTP. So revert to non Web SSO environment until we figure out which session variables can be unset and which cannot.
e263387 2016-09-30 CIL-346 - Add script to query idplist.xml for a list of IdPs which match a certain set of attributes.
2c5cdd9 2016-09-30 CIL-345 - Since all IdPs are now whitelisted by default, we no longer need the https://cilogon.org/requestidp/ endpoint. Change /requestidp/ references to "send email to help@cilogon.org".
c47cf6a 2016-09-30 Apply new code signing certificate to GridShibCA.jar, expires Sep 30, 2019.
b0f7a96 2016-09-19 Remove temporary hack for United ID.
5178286 2016-09-19 Make /include/ subdir writable by apache for idplist creation.
b8e714a 2016-09-19 CIL-338 - Major change of idplist format from DOM to array. This results in a 10x speed increase of display of WAYF.
1e54b63 2016-09-19 Since all IdPs are now whitelisted, /testidp/ no longer needs functionality to add IdPs to the whitelist.
1380093 2016-09-19 Do full string match for popup help text.
546220d 2016-09-19 CIL-289 - Separate out the user session vars into their own "unset" method so that OIDC/OAuth transactions do not "log off" the user for a better Web SSO user experience.
cb3ad2f 2016-09-19 Add check for if IdP is eduGAIN and current session could be used to get a certificate. If so, unset user session vars to prevent getcert.
5fe1dc2 2016-09-19 New script convertidplist.php to convert xml to json and vice versa.
9663c9b 2016-09-19 idplist.php script no longer uses database whitelist, and can generate both idplist.xml and idplist.json.
f1d2d99 2016-09-19 No need for randsidps.php script since idplist no longer relies on database whitelist.
0555105 2016-09-19 Do not unset user session vars when returning from OAuth/OIDC transaction.
2975b7b 2016-09-19 Make /include/ subdir writable by apache for idplist creation.
b4d7679 2016-09-15 CIL-337 - Blacklist mdanderson.org .
3f3f9e6 2016-09-14 Make /var/www/html/pkcs12 subdirectories non-world-readable.
bf9813b 2016-09-14 When testing for eduGAIN, make sure IdP isn't Google. Duh.
c7fb99a 2016-09-14 Move unsetAllUserSessionVars() inside the brackets rather than the if block.
f1465ee 2016-09-14 Only unset user session variables when printing out error page.
ca2f0cb 2016-09-14 CIL-327 additional - If the IdP is an eduGAIN IdP without REFEDS R&S and SIRTFI, and the user could get an X509 cert (i.e., OIDC scope contains edu.uiuc.ncsa.myproxy.getcert, or a non-OIDC transaction such as PKCS12, JWS, or OAuth 1.0a), print out the error page regardless if the IdP actually released all required attributes.
fccfa6b 2016-09-14 Add method $idplist->getOrganizationName().
cccc4e8 2016-09-13 Uppercase 'T'ype.
c613076 2016-09-13 Returned idplist should be Content-type application/json.
53f4fb9 2016-09-12 When whitelisting IdPs, send 50 at a time to prevent problems with the URL query paramter being too long for the httpd server.
3ee09f6 2016-09-12 Since $idplist is global, need to require it.
ee56fb3 2016-09-12 CIL-327 - Add all IdPs to whitelist. Also includes the following changes: * Update attribute release error page to be more helpful. * Scan for more InCommon metadata attributes for local idplist.xml file. * Show new InCommon attributes in testidp page. * Send 'us_idp' to dbservice endpoint for '/C=US'. * Initialize $idplist in util.php and use with 'global'.
9eccab6 2016-08-23 Add $disableligoalerts boolean to allow temporary suspension of LIGO email alerts to 'alerts@cilogon.org'.
7201dd2 2016-08-19 Blacklist the old (legacy) University of Pittsburgh IdP.
be3102e 2016-08-11 Undo premature commit of untested code.
9305b21 2016-08-11 Add configuration file for OIDC Discovery.
9005998 2016-08-04 CIL-235 - Remove /C=US from basic signing_policy.
372645c 2016-08-02 Initial stab at CSS for the SWAMP skin.
3a51f58 2016-08-02 Add local copy of SWAMP logo for skin.
907bcd6 2016-07-25 Don't log messages from monit/nagios hosts.
ce1e1ea 2016-07-22 Revert to previous version: Send error alerts for LIGO missing attribute errors to alerts@cilogon.org, per Jim Basney.
dba596e 2016-07-22 Prevent error messages from being logged for missing shibarray elements.
3d24be4 2016-07-20 Prevent error messages from being logged for missing shibarray elements.
a9be6bb 2016-07-20 Prevent error messages from being logged for missing shibarray elements.
d1a279c 2016-07-20 Fix typo.
105e331 2016-07-20 Fix typo.
e964395 2016-07-20 Fix typo of extra close paren.
33423ea 2016-07-19 For LIGO logon problems, send "missing parameters" email ONLY to LIGO, but all other logon problems to alerts@cilogon.org AND LIGO.
2442cd2 2016-07-19 Minor code reformat.
c37cbe6 2016-07-19 When writing missing attributes error to syslog, ALSO output any important missing user session variables.
90b7681 2016-07-19 Add extra message if missing emailaddr and affiliation contains 'student@'.
4480be5 2016-07-19 Remove special handling of {tfleury,jbasney}@illinois.edu.
8b3c831 2016-07-19 Fixes CIL-298 and CIL-313. Revamp "missing attributes" error page to give more information to the end user to allow him to contact the identity provider. Also return to OIDC/OAuth1.0a error url if available. Print error message to log rather than sending email alert. Add check in logwatch script to show IdPs with attribute release problems.
6ab74fe 2016-07-19 Add NCSA to list of ECP-enabled IdPs.
ce407ea 2016-07-14 Add more debugging output. Also check for "Success" response from IdP.
6480c60 2016-06-28 CIL-308 Allow the CILogon OIDC consent page to be skipped when <forceinitialidp> is configured in the skin and "selected_idp" is passed as a URL query parameter for OIDC clients, i.e., "selected_idp" acts as the skin's <initialidp>.
e00d44f 2016-05-26 Add SWAMP skin to blacklist Google, which will be added on the SWAMP side if configured for Google OAuth 2.0.
4158af4 2016-05-25 Performance tweak: get the full list of R&S IdPs first rather than searching through the DOM each time.
200a0b5 2016-05-24 Add new endpoint '/idplist/' which returns JSON formatted list of whitelisted IdPs.
b45f3ed 2016-05-24 Move fix for CIL-174 from printWAYF() to getComopositeIdPList().
38b5bff 2016-05-24 Specify class for static object util::$timeit.
b4ad0d4 2016-03-08 Fix CIL-275 - Change error message for missing Shibboleth attributes to include links to (1) /secure/testidp/ to see which attributes are missing and (2) the InCommon Federated Error Handling Services to allow user to contact IdP admins (if info is available).
53ba9c2 2016-01-06 Replace '+' with spaces in error message returned by OIDC server.
cb19bf1 2015-12-16 Need to call isset() on array entries.
ac91526 2015-12-14 Make the domain the same for cookies set by JavaScript.
2e5329e 2015-12-14 Another place for the getPortalOrNormalCookeVar convenience function.
252b796 2015-12-12 Add space after comma for better flow when printing debug info.
b7a4739 2015-12-12 Forgot opening curly brace for 'else' clause.
e684cc4 2015-12-12 Add safety bailout case which should never be reached, but just in case so we don't have an infinite while loop.
fcfa743 2015-12-12 With the new longer keys for the portalcookie array, it might be possible for a user to get enough entries to encroach on the 4K cookie size limit. To alleviate this, add a timestamp to when the entry was last updated, and delete older entries when the size of the array grows too large.
e4990c6 2015-12-12 CIL-253 - Easy encryption of portalcookie using built-in PHP openssl_encrypt and openssl_decrypt with AES-128-CBC algorithm.
b3df668 2015-12-12 Create new function getConfigVar() to read values from the cilogon.ini file.
d1e108f 2015-12-11 Stop passing selected_idp as a parameter. Instead, get it from the PHP session $clientparams (if available). Also, since scope is now part of the 'key' into the portalcookie, no need to check if it has changed to force user re-consent.
945340c 2015-12-11 For the OIDC case, the index into the portalcookie is now a tuple: (client_id,redirect_uri,scope,selected_idp), where selected_idp is optional.
3927b98 2015-12-11 Stop passing selected_idp as a parameter. Instead, get it from the PHP session $clientparams (if available).
19aefd1 2015-12-11 Added convenience function getPortalOrNormalCookieVar for those occasions when we want to get a single cookie value from either the portal cookie or from the 'normal' cookie.
46af4cf 2015-12-11 CIL-251 - Output OIDC server error message to end user.
55628cb 2015-12-10 CIL-245 - Save cookies on a per-portal basis so that OAuth 1.0a (delegate) and OIDC (authorize) can have their own selected idp and "Remember this selection" cookie values. Rework the portalcookie.php class to be simpler and auto-detect the callback/redirect uri for the portal. CIL-244 - Also save "scope" to the portal cookie for OIDC case to force user to re-consent if portal changes scope.
66c8d66 2015-12-10 Fix typo. 'OU' in $shibarray is uppercase.
c5a47ae 2015-12-10 When setting cookie, also set $_COOKIE array so PHP code picks up the new value immediately. Also, simplify deleting cookie by setting time to 1 (= Jan 1, 1970).
bba794b 2015-12-10 Fix PHP-logged error. Need to check if selected_idp array key exists before using it.
1fdcfd0 2015-12-10 CIL-250 - Add two ECP-enabled IdPs for Fermi National Accelerator Laboratory (one is Kerberos-enabled).
7da7091 2015-12-02 When Lauren changed the CSS for the DataONE skins, she changed the behavior from JWS to PKCS12. Now reverted.
cf66059 2015-12-02 Create symlinks for all DataONE skin directories.
db3b274 2015-12-02 Update DataONE skin using new logo.png and CSS provided by Lauren Walker <walker@nceas.ucsb.edu>.
a839d89 2015-12-02 Update PHP comman line utilities to include new display_name, affiliation, and ou attributes.
bac24ea 2015-12-02 Dump 'pretty print' text of status result.
6cbba88 2015-11-14 When selected_idp is not the remembered IdP, uncheck the "Remember this selection" checkbox.
8b4593c 2015-11-13 Two fixes: (1) Pass cilogon_info to the setTransactionState() method. (2) If selected_idp is passed to the authorize endpoint, allow it to override the "Remember this selection" checkbox when the saved IdP is different.
db9ce07 2015-11-11 Fix typo in comment.
9cbd667 2015-11-11 CIL-211 - Add support for "affiliation", "display_name", and "ou" in PHP code.
815634e 2015-10-27 <forceauthn> is not supported by UTK's IdP. Remove it.
238e3d9 2015-10-27 Add <forceauthn> to NICS skin.
89cd99b 2015-10-08 Fix CIL-232 - Add new DataONE skins for testing environments. Need to update myproxy-extapps on warm/cool/tepid to use the new skins.
a383d2f 2015-10-08 Fix CIL-205 again - Change email to 'cilogon-alerts@ligo.org'.
f578076 2015-10-08 Fixes CIL-233 - Don't clear session variables when Show/Hide Help button is clicked.
cac9aec 2015-09-28 For upcoming transition to database being stored on separate server, make hostspec a configurable connection option.
a50b893 2015-09-22 For the OIDC case, reduce the amount of text shown to the user regarding the attributes released to the client. Also center the text block.
bc0bf65 2015-09-22 Allow an OIDC client to select an IdP via a "selected_idp" URL query parameter. If that IdP is whitelisted, show only that IdP in the selection list.
6a370c5 2015-09-22 Change the "CILogon Service" banner to "CILogon".
74b747c 2015-09-22 Change NICS pattern match to allow for http or https, as well as specified port number
4ad66f2 2015-09-21 OIDC bugfix: If redirect_uri contains a '?', append '&' instead of '?' for additional query string parameters. Interface tweaks: Display OIDC consent information in an expandable <div>. Show requested scope items in an unordered list.
cd67761 2015-09-21 Add LOA parameter to setTransactionState so OA4MP OIDC can fetch the certifcate from the correct MyProxy server.
e35ef63 2015-09-17 Remove unnecessary wildcard match.
148d8c2 2015-09-17 NICS skin now forces Univ of Tenn as the IdP, skipping the initial "Select an Identity Provider" screen.
f2a5806 2015-09-11 Once again, move statement out of the loop.
5c63ce5 2015-09-11 Clean up code by using regex variable.
af899de 2015-09-11 Move sort out of the loop.
0fa2d38 2015-09-11 Fixes CIL-174 - Inconsistent Univ of Calif IdP names. Implemented fix suggested by Keith Hazelton. Replace commas and hyphens with comma.
d763268 2015-09-10 CIL-89 - Initial PHP-frontend support for OIDC. Note that this code will be modified when CIL-212 (revert protocol for OIDC 'init' servlet) is implemented.
bd4e8c1 2015-09-09 CIL-205 update - Change 'rt-auth@ligo.org' to 'auth@ligo.org'.
291063f 2015-08-12 Fixes CIL-205 - Send LIGO-related IdP login issues to rt-auth@ligo.org.
9918bc4 2015-08-07 Fixes CIL-203 - Notify partners on IdP added to CILogon.
8bbf3da 2015-08-07 Fixes CIL-202 - Add ProtectNetwork to SeeMe's idpblacklist.
25b1fcb 2015-08-03 Fixes CIL-199 - Change purduegateway skin <forcelifetime> to 240.
1879d2c 2015-07-15 Remove NCSA from portal list (for testing).
c5ac5bc 2015-07-15 Make changes to NICS skin as per Tabitha Samuel.
aeacfbb 2015-06-25 Forgot to increment version number.
6e12057 2015-06-25 Use GetOptionsFromString to correctly tokenize command line options from the /etc/ecp-mapfile (in the event of quoted strings, for example). Also make sure all non-successful exit statements exit with "1" (when listing IdPs or showing help text, for example).
1c151f1 2015-06-24 Added '--pam' option to ecp.pl script to allow for ECP authentication using pam_exec.
687a76a 2015-06-24 Added Penn State U and U of Tennessee to ecpidps.txt.
a8cd927 2015-06-04 The oauth2/init endpoint returns HTTP 200 upon success (unlike the oauth2/authorize endpoint which returns HTTP 302 upon success). So change HTTP 302 to HTTP 200.
14ae53b 2015-06-04 Move funtionality of checkForceSkin() into the $skin->init(). Do extra checks for forceskin before and after user has authenticated with an IdP or come from an oauth (portal) client. Clear the cilogon_skin session variable after "Log Off" so that we no longer have to manually set the skin to "default" or "none".
8f149bd 2015-06-04 When initializing the skin object, check the forceskin.txt file for a matching IdP entityID or portal callbackurl. Put functionality of checkForceSkin into init().
fcb94bc 2015-06-04 Allow for comments (lines starting with '#') in readArrayFromFile().
45de006 2015-06-04 Add comment block to forceskin.txt. Change from strict string equality to regex matching for URIs.
cd7d439 2015-06-04 Add comment block to blacklist.txt file.
d50b7e0 2015-06-04 For "Log Off", clear the cilogon_skin session variable and recheck for forced skin.
30b59d6 2015-06-04 Replace checkForceSkin with $skin->init(). Clear cilogon_skin session variable when returing to client (similar to "Log Off").
c6d1df5 2015-06-04 Unset the cilogon_skin session variable when returning to the client (similar to "Log Off").
b1bf603 2015-06-04 Replace checkForceSkin with $skin->init().
b3ab5df 2015-06-04 There is no provderId PHP session variable, so stop checking for it.
bffa6bf 2015-06-02 After verifying portal parameters, also check if the current portal should have a skin forced.
34075cc 2015-06-02 Add extra security check after successful user authn to make sure selected IdP was actually whitelisted. Also modify checkForceSkin() to skip checking GET or POST parameters.
ac5912e 2015-06-02 Make SeedMe dev portal use the SeedMe skin.
b397e74 2015-06-02 When checking for skin name, add parameter to skip checking GET or POST parameters for checkForceSkin().
00369e3 2015-06-01 Create new function getCompositeIdPList() which returns just the whitelisted IdPs, correctly sorted (i.e., not using natcasesort()). When user clicks "Log On" button, verify that selected IdP is whitelisted.
49dc326 2015-06-01 Don't use natcasesort since it ignores spaces.
e246967 2015-05-27 Added backup LIGO IdPs to forceskin.txt.
e04797c 2015-04-30 Blacklist the legacy Cal Poly Pomona IdP so new users select the newer IdP.
8eaf755 2015-04-30 Replace EmailAddressValidator with PHP built-in function filter_var().
4e62c3e 2015-04-30 Check for valid email address in testidp.
87eb304 2015-04-29 Forgot to change version number for ecp.pl scripts.
29c07cb 2015-04-29 With Shibboleth 3.x IdP software, ECP clients must specify the content type of the POST to be 'text/xml'.
2f89ff2 2015-04-24 Needed to blacklist Google IdP.
212c48d 2015-04-24 Fix https://jira.ncsa.illinois.edu/browse/CIL-145 . Create skin for SeedMe portal.
aa58af9 2015-04-24 Created skin for NICS/UTK. Still waiting for approval from Tabitha Samuel.
a66fbc6 2015-04-17 For upcoming InCommon-metadata.xml change of adding entities which were not registered by InCommon (e.g., eduGAIN), only allow IdPs with the RegistrationInfo extension of 'https://incommon.org'.
1be08ed 2015-04-15 Add new refeds 'research-and-scholarship' attribute for RandS entities.
e98112b 2015-03-26 Added double quotes to 'cond_subjects' line. Also updated certificates tarball with latest crl_url files (which include CDN links) and osg cert.
e4fc473 2015-03-26 Use the /oauth2/init endpoint as the OA4MP/OIDC Authorization Endpoint since it does all the work (and assumes the user has authenticated).
ee267c2 2015-03-25 Change /oauth2/authorized to /oauth2/authorize .
1646434 2015-03-03 Added Clemson University to list of ECP-enabled IdPs.
6c7ba6d 2015-03-02 Add cilogon-osg.* files. Update cilogon-*.crl_url and cilogon-*.info files to include new CDN URLs.
7cb168e 2015-03-02 Added University of Utah to list of ECP-enabled IdPs.
62add55 2015-02-18 Added .cvsignore for idplist.xml.
801e61e 2015-02-17 Add poloc to getMachineHostname().
aff6d5b 2015-02-13 Add command to create /var/www/virthosts/crl directory.
6471b88 2015-02-13 Add 'ln' commands for new /authorize/ directory.
b2f6e7f 2015-02-06 Changed cert lifetime for iub.globusonline.org from 12 to 240 as requested by Chathuri Kamalasini Wimalasena <cpelikan@iu.edu>.
0c1b413 2015-02-05 Simplify header() redirect string.
0463705 2015-02-05 header() redirect must be last thing, not first.
939d2ae 2015-02-04 Finished with the OIDC authorization endpoint code flow. Currently untested as it requires functionality from the new CILogon-specific OA4MP Oauth 2.0 service (in progress).
823f48c 2015-02-04 * authntime is now a required user session variable. * Change forceauthn from a function parameter to a session variable. * For the OIDC authorization code flow, always skip the New User page. * Check dbservice return values to ensure successful call(). Send error email alert upon failure.
c3eeb14 2015-02-04 Remove unused dbservice() object.
b8c4a74 2015-02-04 Send error alert email when getUser dbservice command fails to execute.
1309dd1 2015-02-04 Fixed typo in comment.
ae764a4 2015-02-02 Initial check-in of OIDC authorization endpoint code. Source copied from /delegate/index-site.php. Currently checks incoming OIDC client request. Still need to print out appropriate HTML for Select IdP and error messages.
fcbbc66 2015-01-29 Added error code returned by setTransactionState(). Changed error code name for getClient().
076d1b1 2015-01-29 When logging off, should also unset the ePPN, ePTID, openidID, and oidcID session variables.
beab52a 2015-01-29 Fixed typo in debug output.
6d679a2 2015-01-29 Added two new dbservice commands "getClient" and "setTransactionState" to support OIDC authorization endpoint. NOTE: Still need to add error STATUS_ values returned by setTransactionState.
4756fcc 2015-01-29 * Added support for authntime, the Unix timestamp for the user's most recent IdP authentication. * Added function parameter to force re-authentication when OIDC client passes in max_age parameter. * Added second myproxy2.cilogon.org server for myproxy-logon command.
7617f48 2015-01-29 Added undocumented MYPROXY_SOCKET_TIMEOUT=1 for shorter timeout when primary myproxy.cilogon.org server is offline.
2b05c01 2015-01-29 Added support for authntime, the Unix timestamp for the user's most recent IdP authentication.
5e73363 2015-01-29 Added second myproxy2.cilogon.org server for myproxy-logon command.
4c520e4 2015-01-23 Fixed typo.
f4f1162 2015-01-23 Removed unnecessary "require_once" statement since dbService functionality was moved to util.php.
76ab903 2015-01-23 Create test.cilogon.org specific version of ecp.pl so both ecp.pl and ecp-test.pl are available on any cilogon.org server.
ce28ed1 2014-12-12 Add text to clarify specifying ECP-enabled IdP endpoint URL.
6d7e9a1 2014-12-11 Remove "transitional" code for deleting non-domain-specific cookies which caused problems with Safari on polo3.
a03088e 2014-12-10 Add missing closing php tag.
8b86834 2014-11-03 Added sentence on IdP Selection Page: 'By proceeding you agree to share your name and email address with "Portal Name"'.
5a6c872 2014-09-30 Need to give apache write permission to the 'pkcs12' directory.
ff6eec1 2014-09-27 Add new intermediate certificates to work with the InCommon SHA-2 SSL certificate.
a5b1229 2014-09-25 Change default behavior for delegation (used by portals) to skip the "Certificate Lifetime" and "Certificate Details" pages.
4c87b5d 2014-09-19 For multi-valued SAML attributes, use only the first one by chopping off everything after the semicolon.
227e3a1 2014-09-12 Add "prompt=select_account" as per Google API docs at https://developers.google.com/accounts/docs/OAuth2Login#prompt to allow the user to select a Google account at login time.
91ae13c 2014-09-11 Add '@' for error suppression, just in case.
95a237a 2014-09-11 If email address is not in returned token, look for email address in the Google+ "me" object instead.
c220fae 2014-09-11 Updated Google logon error message to include email address as possible cause.
7fe6ced 2014-09-11 Re-adding pkcs12 files to try to fix weird cvs error.
7317641 2014-09-11 Removing pkcs12 directory to try to fix some weird cvs error.
9e87761 2014-09-05 Add staging <portal> URL to skin configuration.
11285d7 2014-09-04 Add 'issuer' label for Google Authenticator as described in https://code.google.com/p/google-authenticator/wiki/KeyUriFormat .
3096a19 2014-09-03 Create new skin for Purdue portal for GlobusOnline.
39f439b 2014-08-19 Note that password is empty.
f5a7961 2014-08-19 Added note about running idplist.cron to generate idplist.xml after initial checkout.
e22bfed 2014-08-19 Added info about 'cvs checkout' to allow for future 'cvs update' commands.
d1a6078 2014-08-15 Changed default ECP IdP from ProtectNetwork to UIUC.
c040c6c 2014-08-15 Removed commented-out debugging code.
7af579d 2014-08-15 MAJOR UPDATE - removed OpenID 2.0 support, added Google OIDC support. Also now send eppn/eptid/openid/oidc to datastore to allow for when Google stops sending OpenID 2.0 identifiers.
294032e 2014-08-08 Remove help text references to ProtectNetwork, Verisign, and PayPal. Also remove Verisign from list of available IdPs.
3aa8aae 2014-07-31 Rename the twofactor skin to 'tf' so as not to collide with the new OA4MP 'twofactor' endpoint.
3d9b26b 2014-07-09 Add banner text when user is logged in with ProtectNetwork to notify end of support for PN IdP Dec 2014.
a7aa472 2014-07-09 Verify that we correctly read in the list of whitelisted IdPs. Also, don't create the idplist.xml file by default, only if we read in whitelisted IdPs correctly.
d59adcb 2014-07-09 Fix link to route user to non-secure 'testidp' page to use CILogon IdP selection list.
c0846c0 2014-07-07 CILogon Basic is now accredited.
00c49d1 2014-06-30 Make UIUC the default IdP in the selection list.
795ec2b 2014-06-19 Make the background of the page the whole XSEDE background image.
6087d20 2014-06-19 Create new skin for XSEDE User Portal.
25aa51f 2014-06-18 For atomic action, save to a temporary file and then rename to final filename.
09b80cc 2014-06-18 Send Google OIDC Identifier to datastore if available. Currently ignored by datastore webapp.
ca6f46c 2014-06-18 Disable PayPal since OpenID no longer works.
0ea85b6 2014-06-18 Updated "outage" message.
03bed2e 2014-05-20 Add fozzie.nics.utk.edu to list of polo?.cilogon.org hostnames.
ae8e4bb 2014-05-20 Remove polo-staging, add polo3.
9cb6cfe 2014-04-30 Move getMachineHostname() from util.php to content.php since only content.php calls it. getMachineHostname() now uses an array to map local hostnames (e.g. polo1.ncsa.illinois.edu) to cilogon-specific URL hostnames (e.g. polo1.cilogon.org).
b98a57c 2014-04-28 Check for empty idpdom variable before writing it to file.
f1e4bfe 2014-04-28 No longer need to create symlink for gridshib-ca-2.0.1 since gridshib-ca is now the default directory.
2620e48 2014-04-28 To make things cleaner on the new polos rename /var/www/html/gridshib-ca-2.0.1 to /var/www/html/gridshib-ca (rather than using a symbolic link).
c806318 2014-04-25 The database.configuration file is no longer used.
1815e54 2014-04-24 Add README.txt which is also a script to create symlinks after fresh checkout/export from CVS.
0ed4d74 2014-04-24 Forgot to add a file to CVS.
c8e677a 2014-04-23 Update globusonline2 skin to match new globusonline skin.
9039b73 2014-04-23 Update CSS for submit button to match updated Globus.org CSS.
9a904c8 2014-04-22 Update GlobusOnline skin to match the new Globus branding.
7151ca4 2014-04-21 Remove unnecesssary '$log = new loggit()' entries since $log is initialized in content.php.
ec832cc 2014-04-21 Swap PostgreSQL & MySQL if...then blocks. Oops!
f123489 2014-04-21 Updated outage message date/time.
8f54937 2014-04-07 Don't rely on the OA4MP cilogon.xml file for database username/password. Instead read values from cilogon.ini.
9172ac3 2014-03-26 Add a global blacklist.txt file. Any entityIDs listed in this file will be globally blacklisted, i.e., removed from all skins' IdP selection lists.
d1b087a 2014-03-26 Send openid, eppn, and eptid to database web service. Extra parameters are simply ignored by the web service.
ee78caf 2014-03-11 Remove "SHA1" support in certificates since OSG no longer needs it.
ac143e4 2014-02-13 Make "deployjava" a skin config option so as not to check for installed version of Java unless explicitly told to do so. Update skins which use the JWS downloader to use the new "deployjava" config option. This fixes the issue where PKCS12 cert users see a notice about Java even though Java is not necessary for their use case.
067d3aa 2014-02-13 Checking in latest version available from http://www.java.com/js/deployJava.js . See http://docs.oracle.com/javase/6/docs/technotes/guides/jweb/deployment_advice.html for more information.
1a62c58 2014-02-13 Removed extra div.certactionbox entry.
7cd6941 2014-02-04 Added new skin for UMich to set "University of Michigan" as the selected IdP, for use with GlobusOnline endpoints.
1f4a92d 2014-01-21 In csrf.php, change static (class) methods to instance methods. Add extra space for Show/Hide Help button since latest MSIE does not honor force line breaks in Submit buttons.
5c551bc 2014-01-21 Added entry for "Google+" (currently commented out) to use new Google OAuth 2.0 login method.
eba3cbd 2014-01-21 Added code to deal with new Google OAuth 2.0 login method. Currently only activated by uncommenting "Google+" in array in openid.php. Use old Google OpenID method until Google OAuth 2.0 is not quite so buggy.
d322e29 2014-01-21 Move getMachineHostname from content.php to util.php.
b4b14a5 2014-01-21 Rename redirectToGetUser() to redirectToGetShibUser().
240860e 2014-01-21 Look for InCommon-metadata.xml file in /var/cache/shibboleth/ instead of /etc/shibboleth/ .
1c28960 2014-01-21 Added section to handle new Google OAuth 2.0 login method in addition to old Google OpenID login method. Code is activated by uncommenting "Google+" array element in /var/www/html/include/openid.php.
0a21eac 2014-01-21 Now using InCommon code-signing certificate. Also set security elments in manifest. See http://docs.oracle.com/javase/tutorial/deployment/jar/secman.html for more information.
bb55c4d 2014-01-21 Change 'openiderror' to 'logonerror'.
4449714 2014-01-21 Removed non *.cilogon.org entries.
92deb6e 2013-11-22 Add missing case for handling Duo Login for "delegate" flow.
fd1d25c 2013-11-20 Add new "auto-login/auto-approve" skin for Duke users of the ci-connect.net portal (https://portal.duke.ci-connect.net/).
95d898b 2013-11-07 Added University of Michigan to list of ECP IdPs.
3dc21e5 2013-10-22 Add reverse DNS lookup to email alert.
c8e7504 2013-10-22 Remote extra space.
9fc0e65 2013-10-11 For the delegate case, show the "User Changed" page even if the skin has been configured to skip all of the "extra" pages.
e79dd53 2013-10-09 Found http://cilogon.org in "examples" page. Change to https://.
7ebca18 2013-10-04 Call setMyProxyInfo just before generating the certificate for the ECP case.
afe0978 2013-09-16 Remove Indiana University due to problems with their campus SSO / Shibboleth integration.
03cee35 2013-09-16 Change domain name from cites.illinois.edu to ncsa.illinois.edu due to moving servers across campus.
43f6367 2013-09-04 Added new skin for 'iugalaxy' (galaxy.indiana.edu).
4ccb970 2013-09-03 Use HOSTNAME rather than 'cilogon.org'.
9acabc8 2013-09-03 Remove old code that was commented out.
9cbc3ab 2013-09-03 Fix the main class comment block.
a7adb9e 2013-08-28 Updated service outage message.
83b31e5 2013-08-28 Added Indiana University to list of ECP IdPs.
7c2140a 2013-08-20 CURLOPT_SSL_VERIFYHOST=1 is no longer supported as of cURL 7.28.1. Now must be set to 0 or 2 (which is preferred and default).
19e4605 2013-08-20 Updated outage message for upcoming polo swap.
6919ae9 2013-08-20 Certain $_SERVER variables were Arrays which caused error messages in ssl_error_log. Catch them and simply output "Array" instead.
9e5cb9f 2013-08-15 Specify two hosts for the <portallist>.
15bab41 2013-08-15 Updated "system outage" message.
595e541 2013-08-15 Update domain names for polo2 and polo-staging due to move from CITES to NPCF.
14a5e97 2013-05-16 For OSG skin, use standard PKCS12 "Get New Certificate" box rather than GridShibCA JWS.
a988770 2013-04-18 Add new skin config option "usesha1" and new skin "sha1". This supplants the hack that was specific to the OSG skin. Now any skin can specify SHA-1 (instead of SHA-256) when getting a cert from the myproxy server.
1bf62e7 2013-04-17 When using LIGO skin, set default IdP to LIGO in the IdP selection list.
57e0838 2013-04-17 OSG now accepts ProtectNetwork, as stated by Mine Altunay.
0026e0c 2013-03-26 Add new config.xml for LIGO skin to set default AND max cert lifetimes to 72 hours. Also force use of LIGO skin when LIGO IdP selected.
3736bfe 2013-03-20 Add example for using '--proxyfile' in help text.
146f69e 2013-03-20 Remove unnecessary commented-out MacOS-specific code.
fafcd0d 2013-03-20 Added ability to output generated private key to STDOUT.
da50e6b 2013-03-20 Use 'openssl genrsa' to create the private key. Private key is written to temp file if '--proxyfile' option is specified. Unset the 'TMPDIR' environment variable for Mac.
5219145 2013-03-20 Add new command line option '--proxyfile' ('-1' for short) which writes the certificate and key to the Globus proxy file location (such as /tmp/x509up_u500), and automatically sets the '--get cert' option.
6cfdb0c 2013-03-19 Added some more comments.
b6085fe 2013-03-19 Bug fix for when the filename for the cert is the same as the filename for the key (generated on-the-fly). Now both cert and key can be written to the same file, cert before key.
e5ef1bb 2013-03-08 Simplify checking for <hideportalinfo>.
def2fb8 2013-03-08 If <allowforceinitialidp> is set, make sure the portal is in the <portallist> before force redirecting the user to the <initialidp>.
b2910a6 2013-03-08 Rename portalListed() to inPortalList(), and fix bug where no <portal>s in the <portallist> would incorrectly return true for inPortalList().
949e069 2013-03-08 Add new <portallistaction> option <allowforceinitialidp> which checks the <portallist> before redirecting the user to the <initialidp>.
4b0dd72 2013-03-08 Remove references to crl.doegrids.org due to upcoming retirement of doegrids.org.
cde06d2 2013-03-06 Fix issue with slashes in first/last name by using a lower-level function of the LDAP library and processing the subject DN element-by-element.
1e34a59 2013-03-06 Fix reformatting of subject DNs for RFC2253.
1d99a61 2013-03-05 Added new <forceinitialidp> option to completely bypass the Select IdP page. Also moved code from the main "switch" statements (for both the main CILogon site and the "delegate" CILogon site) into functions for code reuse.
5fbe115 2013-03-05 Added new config option <forceinitialidp> to immediately redirect to <initialidp>, bypassing the Select IdP page. Configured new skin for 'iugateway' using the various <force...> config options so that no CILogon pages are displayed to the user.
7daac2f 2013-03-05 Bamboo config.xml is not needed yet.
7cabe47 2013-02-20 Put htmlentities in a util function so as to force "UTF-8" encoding. Also use iconv() to convert UTF-8 to UTF-7 for first and last name.
5b9b060 2013-02-07 Attempt to catch ECP communication by checking for /secure/getcert/ and return error message rather than redirect. Also, added log messages for ECP success/failure.
4f6e47b 2013-02-07 When HTTP 400 returned, also output any message body.
4407d4e 2013-02-05 Remove unnecessary global statement.
fc8d9ed 2013-02-05 Log CSRF check failure.
74fdf4d 2013-02-05 Remove Scott citation.
dc01116 2013-01-16 Remove gray border lines as requested by Seman Said.
2bb5436 2013-01-10 Fixed font color for orange banner for OOI skin.
a575ec7 2013-01-09 Updated OOI skin to match new "dark" theme.
e1a2631 2013-01-03 Added UIUC to list of ECP-enabled IdPs.
38dc869 2012-12-11 Added two-factor support for ECP.
7c242cf 2012-12-07 Hide "Duo Security" method in "twofactor" skin (and default skin), but make available in "all" skin.
19f53cc 2012-12-06 Add comments in header block.
78478ab 2012-12-06 Major update. (1) Add two-factor authentication support. (2) Refactor util.php as a class with static methods.
5527031 2012-12-06 Add new classes for twofactor authentication support.
7d95256 2012-12-06 Omitted polo-staging.cilogon.org from the list.
1ef8a2b 2012-12-06 Add php script to scan idplist.xml file for IdPs tagged <RandS> and add them to the whitelist of IdPs in the database (if not yet added).
d89748e 2012-10-18 Change page footer to link to acknowledgements on a separate page (http://ca.cilogon.org/acknowledgements).
af09136 2012-10-08 Check IdP list for <silver>. If found, request silver from IdP.
722a8cc 2012-10-08 Deleted the $env variable delaration, but forgot to delete its usage. Generated warning message in PHP logs.
625d3e7 2012-09-28 Connect to https://ecp.cilogon.org/secure/getcert/ since ecp.cilogon.org is now in InCommon metadata. Successful test with ProtectNetwork.
8bd0c7f 2012-09-19 Additional error output when fetching list of IdPs.
48ab1a8 2012-09-18 Don't bother with silver for testidp.
47f5388 2012-09-18 Added University of Wisconsin-Madison to ECP list.
779c0d2 2012-09-14 Change ecp endpoint from /secure/getuser/ to /secure/getcert/ .
0e9c3f8 2012-09-14 Change handling of requesting silver assurance certification. User can still check "Request Silver" checkbox, but the checkbox is hidden by default. (It can be shown via CSS.) Also, now check local idplist.xml file for <Silver> tag (set by scanning InCommon Metadata). This extra functionality is currently implemented on test.cilogon.org only (i.e., the code is commented out on polo1/polo2.)
9f563c6 2012-09-14 Scan the InCommon MetaData for silver assurance certification and add tag to local idplist.xml file.
60f63a6 2012-09-14 Changed the display of the "Request Silver" checkbox to a CSS option, hidden by default.
f5a69c3 2012-09-14 Removed the "requestsilver" skin configuration option. Changed the display of the "Request Silver" checkbox to a CSS option, hidden by default.
6032730 2012-09-14 New files added for upcoming CILogon Globus CA.
b83b07e 2012-08-27 Make shib request to {polo1,polo2}.cilogon.org, but only for a subset of REMOTE_ADDRs.
14811c1 2012-08-27 Remove temporary hack for using patched version of MyProxy 5.5. No longer needed since installed RPM version of MyProxy is 5.6, which contains command line option for cert request.
5bd324d 2012-08-22 Simplify code handling cilogon.org -> {polo1|polo2}.cilogon.org URL redirection for Shibboleth.
cc64860 2012-08-22 Add polo1.cilogon.org and polo2.cilogon.org to XRDS file.
d32ac91 2012-08-18 Start requesting the ICAM LoA 1 PAPE policy since Google fixed the problem on July 19.
8ad12fe 2012-08-10 Revert to the standard "CILogon Service" graphic header.
262e043 2012-08-10 Update text for /testidp/.
f3b7b1f 2012-08-10 Initial check-in of testidp script which uses the CILogon Identity Provider Selector (rather than relying on InCommon WAYF).
ea29ac4 2012-08-10 Unset host-specific cookie when setting domain-specific cookie.
ee032e7 2012-08-10 Added getInCommonIdPs() function to return list of all InCommon IdPs.
c0d3a60 2012-08-10 Modified printWAYF so that it can alternatively list all InCommon IdPs (rather than just whitelisted IdPs).
5197280 2012-08-10 Add explanation text for certlifetime and certmultiplier.
64fa9a6 2012-08-10 Copy DataONE development skins to polo1 and polo2.
fce81fc 2012-08-10 Add new "CILogon" header (without the trailing "Service").
6f5782f 2012-08-09 Changed title text for 'idp'.
f5de055 2012-08-09 Move setcookie() calls to setCookieVar() function in util.php. Set a domain for cookies.
4f74924 2012-08-09 Removed unused 'authncontext' session variable.
bc5ad38 2012-08-09 Added 'toString' method to allow for text output of portalparams cookie.
8ecfee6 2012-08-09 Added new 'me' page to manage/delete browser cookies and session variables.
1a82c9e 2012-07-25 Fix opening bracket; move to same line as "function" for consistency.
1a917b5 2012-07-25 Read storage type for PHP sessions and OpenID state sessions from /var/www/config/cilogon.ini configuration file.
b36d756 2012-07-25 Add extra output on shib error to show that forceauthn was requested.
b0f4205 2012-07-24 Use is_null() function instead of comparing value to 'null'.
be0aa04 2012-07-24 Initial check-in of sessionmgr.php to save PHP session data to MySQL. This can be enabled by calling startPHPSession(true), or by changing the default value of $usemysql in that function.
c912736 2012-07-24 Call startPHPSession() in util.php so we can read session data from file or MySQL as necessary.
08d8c67 2012-07-19 Created new skin 'globusonline2' which is a duplicate of the 'globusonline' skin with the addition of <forceauthn> config option.
45dbf7e 2012-07-19 Removed <forceauthn> option from GlobusOnline skin.
a7c7e99 2012-07-12 Moved reading of the database config file to a new class dbprops.php. Recoded openid.php's getDBStorage() to use new dbprops class.
76d6db3 2012-07-11 Print more PHP session variables in email alerts.
63cef34 2012-07-11 Send Shibboleth errors to alerts@cilogon.org (rather than tfleury).
406fa42 2012-07-11 Read database config info from new /var/www/config/cilogon.xml file. Use MySQL for PHP state info (instead of PostgreSQL).
b611465 2012-07-11 Commented out PAPE openid-trust-level1 extension due to Google no longer accepting it.
e249e00 2012-06-29 Update outage text to be the same on all polos.
e0ff75b 2012-06-29 Change dbservice to use the new (cilogon2) oauth webapp interface.
0397b57 2012-06-29 Fixed problem with Google not allowing polo1.cites.illionis.edu to authenticate by listing all hostnames in cilogon.xrds file.
4c3a2ff 2012-06-21 Ran JavaScript code through JSHint.
889c539 2012-06-15 Fixed missing closing quote.
6defc32 2012-06-15 When using the 'all' skin, display the 'Powered by' logo as a reminder that a skin is being used.
769e94f 2012-06-15 Set <forceauthn> option on the 'all' skin for demonstration purposes.
340285f 2012-06-14 Add <forceauthn> option for globusonline skin.
da2b48b 2012-06-14 Add code to handle <forceauthn> for OpenID IdPs by setting max_auth_age=0 in a PAPE extension.
f352ca7 2012-06-13 Add new skin config parameter <forceauthn> which makes a user reauthenticate at a Shibboleth IdP every time by sending "forceAuthn=true" when initiating the session. See https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPSessionCreationParameters for documentation.
45169a5 2012-06-01 If user has only a single name (first or last), copy that name into the other one. Needed for users with just a first or last name because the database requires non-empty first AND last names.
1c0d0db 2012-05-22 Wrap shibboleth errors in htmlentities to prevent script attacks.
0a8ccd9 2012-05-22 When an IdP sends multiple email addresses, they are concatenated together with a semicolon. This breaks the email address validator. So check for a semicolon and use only the first of multiple email addresses.
e288dab 2012-05-17 Always set the idpname so we can test for "Google" logins and print out error message if missing first/last names.
931a63e 2012-05-11 Add a few more htmlentities() calls. Also, check new user DNs for htmlentities. If found, send an email alert.
ff0294d 2012-05-11 Call htmlentities() on the DN so that weird characters are rendered correctly in browser.
0fd8fc9 2012-04-25 Similar to getopeniduser, if there is only a single name in displayName, copy first name into last name.
85c5c82 2012-04-25 When only displayName is released (i.e., neither of givenName or sn is released), split the displayName as first word = first name, all remaining words = last name.
92d22a6 2012-04-19 Stop accessing null data which causes "PHP Notice" messages in /var/log/httpd/ssl_error_log.
4cac306 2012-04-19 Updated outage banner text.
19b9c89 2012-04-04 Add HOSTNAME to email subject so we know which machine generated the message.
7e51dc6 2012-03-30 Change <idpwhitelist> to <idpblacklist>, and make cert lifetime 3 hours.
d7931de 2012-03-29 Remove extra comment block at top of file.
aea0dc4 2012-03-29 Jim suggested some additions to the config.xml file. They are currently commented out awaiting approval by Chris Jurado.
6c0ae0e 2012-03-29 Fix comment for <idpwhitelist> due to new idplist.xml file.
68e877e 2012-03-29 Removed a couple unnecessary lines.
85d472f 2012-03-29 Created new skin 'cvrg' for CardioVascular Research Grid (https://portal.cvrgrid.org).
065d295 2012-03-29 Fixed bug in testidp. Should call "isWhitelisted()" instead of "exists()".
d96ec7b 2012-03-29 Updated comments.
2b8941f 2012-03-29 Add space above "Powered By" logo to better align with "Project bamboo" logo.
7be89fd 2012-03-29 Created new skin 'bamboo' for http://www.projectbamboo.org/ . All entries in config.xml are currently commented out.
6964fe4 2012-03-26 Add ePPN, ePTID, and openidID as session variables so they can be passed to MyProxy. Also reorganize setting/unsetting of session variables so that get(shib)user and getopeniduser are more similar.
fb18458 2012-03-26 Updated BANNER outage message content.
9100a3a 2012-03-26 Add ePPN, ePTID, and openidID to the "info" parameter passed to MyProxy.
cab9ca2 2012-03-26 Added code to scan "tempcred" for "delegate2" to use new OA4MP servlet.
577b895 2012-03-26 Added code to handle Shibboleth SP errors when configured with a "redirectErrors" URL.
116d6d0 2012-03-16 Allow specifying a different "Powered By CILogon" icon via skin's config.xml file. Updated globusonline skin to use squater "Powered By" icon in upper-right corner.
34411a6 2012-03-09 Created new skin for globusonline.org.
f7f37cd 2012-03-06 Updated URLs for the OpenID IdPs to match include/openid.php URLs.
9dd2ac4 2012-03-06 Created config.xml file for globusonline.
6370a49 2012-03-06 Can now change the dbservice URL via a function call.
b40050c 2012-02-23 Make the default IdP a configurable constant.
1c8b4c1 2012-02-23 Forgot to increment the version number.
4de84cd 2012-02-23 Added a bit more debugging output.
2299ef8 2012-02-03 Fix bad formatting of <hr> tags.
bb7923c 2012-02-03 Remove extra space in error email.
736de80 2012-01-26 Allow setting destination for email alerts.
551c5d2 2012-01-26 Major rewrite of handling InCommon Metadata.
b06dd42 2012-01-23 Pull out the latest cilogon.org block from the InCommon-metadata.xml.
35f94a9 2012-01-17 Made the index-maint.php page a bit nicer looking.
cb62991 2011-12-16 Fix typo: should be $location instead of $responseurl.
6773733 2011-12-05 Had previously commented out Google from blacklist for testing purposes. The main cilogon.org site was not affected.
7a4a9b1 2011-12-05 Special hack for OSG to get SHA-1 signed certificates.
b401f41 2011-12-05 Add note to self to fix printing of session vars to log when we move to storing PHP session to database.
359fe93 2011-12-05 Remove non-used code to print out server vars.
0ad2acf 2011-12-05 Special hack for OSG to get SHA-1 signed certificates. Also remove non-used code to print out server vars.
2059c0a 2011-12-05 When I made the change to all https:// URLs for the OpenID providers, I neglected to update the blacklist for the eduroam skin.
d916d0e 2011-12-05 For the OSG skin, blacklist all OpenID IdPs and ProtectNetwork.
5858071 2011-11-15 Add missing 'php' to the opening '<?' tag. Required for PHP 5.3.x.
0356635 2011-10-28 Added configuration to DataONE skin to skip delegate confirmation pages.
6515d55 2011-10-26 Check for the skin's configured minlifetime and maxlifetime for the various credential fetching methods.
6b45afa 2011-10-26 Check if a particular IdP should be "forced" to use a specific skin. When fetching a certificate or PKCS12 credential via ECP, check for lifetime within minlifetime and maxlifetime.
1db10e4 2011-10-26 Read minlifetime and maxlifetime from skin. Added function to check if a particular IdP should be "forced" to use a specific skin.
32f708d 2011-10-26 Added support for MySQL. Untested.
90f0051 2011-10-26 Can now read default/site-wide config.xml from the root 'skin' directory.
204f10a 2011-10-26 Added placeholder for IdPs which should be "forced" to use a specific skin.
c611c68 2011-10-26 Also check for minlifetime now.
987b899 2011-10-26 Removed unneeded CSS for the no-longer displayed "Help Me Choose" button.
84bc2f6 2011-10-26 Added a placeholder for the site-wide configuration file.
a9e5f0a 2011-10-26 Added new entries for minlifetime and maxlifetime, for the various credential fetching methods.
730401c 2011-10-26 Added new initial skin for LIGO. Will require future tweaking.
c23c704 2011-09-29 Fixed typo.
61a9e56 2011-09-29 Added a new skin config option <dnformat> for DataONE. This allows the certificate subject DN to be displayed in RFC2253 format.
300f58f 2011-09-23 Print a more precise error message to user when an IdP does not provide full name and/or email address.
cb76fb2 2011-09-19 Modified OpenID Error message to include "help@cilogon.org".
890f700 2011-09-16 Transform the OpenId endpoint ONLY for the database query.
0b43c13 2011-09-16 Changed OpenId provider endpoints. Made them all "https" (instead of "http") and also changed "google.com" to "www.google.com" as per Google's latest documentation. Patched getopeniduser to map new OpenId provider endpoints to old (non-https) URLs, so no changes to database needed.
dde8ce0 2011-09-15 Made a few code changes as suggested by jslint.com.
eeef22a 2011-09-15 Set text focus to lifetime text input field on "allow or deny delegation" page.
7985fd9 2011-09-12 Added file for http://www.cilogon.org/globus-with-incommon-ca .
187c644 2011-09-09 Jim Basney updated status from experimental to accredited.
f457c7b 2011-09-06 Remove CILogon Test IdP (Boingo) from ECP IdP list. Also make ProtectNetwork the default choice in the ecp.pl script.
0f45b57 2011-09-02 Increase curl timeout to 35 seconds to allow for delegate servlet timeout of 30 seconds.
98272c2 2011-09-01 For Opera, additionally replace "\n" and "\r" with space (rather than just "\r\n").
8f4824b 2011-08-26 Make "Show/Hide Help" button flash every 10 seconds via an animated gif background.
f7aaed8 2011-08-26 Set access to the private key for user only.
5ea32cf 2011-08-26 Added note about "back" button.
892105b 2011-08-26 Rewrite the error email alerting code so that it is centralized. Also myproxy getcert errors now send an alert email.
60ddde7 2011-08-26 Rename LTERN to LTER Network.
4cd28db 2011-08-25 Added ProtectNetwork to the list of ECP-enabled IdPs.
c814e7f 2011-08-17 Changed the options for the <delegate> block in the skin's config.xml file. Now have <initial...> and <force...> parameters for lifetime and remember. The <initial..> options set the cookies for the portal, while the <force...> options override the portal cookies.
db2d306 2011-08-12 Add a little top/bottom padding to help button.
5d3dba9 2011-08-12 Make the help button background black, and make the font bigger.
4037892 2011-08-12 Send alert on curl error.
e79f4d0 2011-08-12 Forgot to add dbservice.php before! Specifying skin with the cilogon_skin is now case-insensitive. Send alert on curl error.
da4c85d 2011-08-11 Added University of Chicago to list of ECP IdPs.
694ef2f 2011-08-11 Add a new skin for UCSD.
96f2588 2011-08-11 Don't allow the 2 parameter case anymore since OpenID now also requires all 6 parameters when changing/adding a user in/to the database.
5dd4e1a 2011-08-11 Allow all IdPs for OSG skin.
8ec993a 2011-08-11 Removed "allowdiv" specific stuff since that class is no longer used.
2462df8 2011-08-11 When there is just one IdP in the list, don't show the "Search" box.
4f128ae 2011-08-09 Changed the destination email for errors back to help@cilogon.org.
c287bb2 2011-08-08 Move the log statement up.
b7ccb97 2011-08-02 Add University of Washington to the list of ECP-enabled IdPs.
38359d5 2011-08-02 Added 'LTERN IdP' to the list of ECP-enabled IdPs.
4578c28 2011-08-01 When a user hits getopeniduser or secure/getuser without the proper form varibles submitted, return the user to the correct "top level". This should be either https://cilogon.org/ or https://cilogon.org/delegate/ .
b3b7107 2011-07-29 Explicitly require Crypt::SSLeay for https:// support. Also now have --skipssl option to bypass SSL/https hostname checking.
b2424df 2011-07-29 Going to /secure/getuser/ or /getopeniduser/ without the correct form variables (say when the user hits the back button or navigates there directly) now redirects to the main page rather than showing a list of server and environment variables.
7cba244 2011-07-29 Move the no check SSL CA cert hack to the top of the script.
a76a755 2011-07-28 Removed POD-style comments from subroutines. Fixed $maxlifetime undefined warning. Set default output of PKCS12 to usercred.p12 instead of STDOUT.
e8b6da9 2011-07-28 Removed the LIGO test IdP from the list.
b6689b8 2011-07-26 Initial check-in of the Perl ECP client. Need to add more ECP-enabled IdPs to the ecpidps.txt file, and change the SP from test.cilogon.org to cilogon.org.
805ffb3 2011-07-25 Send "cilogon_info=..." to delegation/authorized servlet.
ce32079 2011-07-15 Change portallist to allow *.oceanobservatories.org instead of just ion.
0ed2e89 2011-07-13 When the skin is configured to skip the Certificate Lifetime page (for the 'delegate' case), the New User and User Changed pages should also be skipped.
7a434b4 2011-07-13 Append "?reason=cancel" to failure URL so portal can process the "Cancel" button (for OOI).
27b0171 2011-07-13 Updated OOI skin to move waves up to the top of the page (instead of in the main body of the page).
feba3bd 2011-07-11 Added OOI-requested enhancements and updated OOI skin.
bb39917 2011-07-08 Added code to handle new <portallist> config.xml option. Also renamed <whitelist> and <blacklist> to <idpwhitelist> and <idpblacklist>.
2cd1077 2011-07-08 Added hidden "Cancel" button on WAYF.
9115dd7 2011-07-08 Rename <whitelist> and <blacklist> to <idpwhitelist> and <idpblacklist>. Also output hidden "Cancel" button for the WAYF.