override mdui:DisplayName in federation metadata?

classic Classic list List threaded Threaded
9 messages Options
Reply | Threaded
Open this post in threaded view
|

override mdui:DisplayName in federation metadata?

Paul B. Henson-2
Our idp login page currently shows the text "Login to <blah>" to users,
where <blah> comes from the mdui:DisplayName in the metadata. A service
owner wants to display a branded service name on this page rather than
the one submitted in the metadata by the vendor. Is there an easy way to
override just this attribute in local configuration? If not, I'm going
to suggest they have our web group do a kludge in the velocity template
to check for it there and swap it out before printing it.

Thanks...


--
Paul B. Henson  |  (909) 979-6361  |  http://www.cpp.edu/~henson/
Operating Systems and Network Analyst  |  [hidden email]
California State Polytechnic University  |  Pomona CA 91768
--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: override mdui:DisplayName in federation metadata?

Cantor, Scott E.
On 1/10/19, 1:14 AM, "users on behalf of Paul B. Henson" <[hidden email] on behalf of [hidden email]> wrote:

> Is there an easy way to override just this attribute in local configuration?

Nothing comes to mind. We don't have anything like a Scripted MetadataFilter to just do arbitrary one-off changes.

-- Scott


--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: override mdui:DisplayName in federation metadata?

Paul B. Henson-2
On Thu, Jan 10, 2019 at 02:01:39PM +0000, Cantor, Scott wrote:

> Nothing comes to mind. We don't have anything like a Scripted
> MetadataFilter to just do arbitrary one-off changes.

Ok, thanks for the info. I'll have them follow up with our web group to
tweak it in the velocity template then, should be easy enough.


--
Paul B. Henson  |  (909) 979-6361  |  http://www.cpp.edu/~henson/
Operating Systems and Network Analyst  |  [hidden email]
California State Polytechnic University  |  Pomona CA 91768
--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: override mdui:DisplayName in federation metadata?

IAM David Bantz
You're going to modify the basic IdP authN page to meet individual service owner's request for tweaking the name of the service?
What will you do when other service owners ask for other tweaks, different color scheme or extra links on the login page?
Seems like the road to Perdition. 


On Thu, Jan 10, 2019 at 10:18 AM Paul B. Henson <[hidden email]> wrote:
On Thu, Jan 10, 2019 at 02:01:39PM +0000, Cantor, Scott wrote:

> Nothing comes to mind. We don't have anything like a Scripted
> MetadataFilter to just do arbitrary one-off changes.

Ok, thanks for the info. I'll have them follow up with our web group to
tweak it in the velocity template then, should be easy enough.


--
Paul B. Henson  |  (909) 979-6361  |  http://www.cpp.edu/~henson/
Operating Systems and Network Analyst  |  [hidden email]
California State Polytechnic University  |  Pomona CA 91768
--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to [hidden email]

--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: override mdui:DisplayName in federation metadata?

Tom Scavo
On Thu, Jan 10, 2019 at 3:09 PM IAM David Bantz <[hidden email]> wrote:
>
> You're going to modify the basic IdP authN page to meet individual service owner's request for tweaking the name of the service?
> What will you do when other service owners ask for other tweaks, different color scheme or extra links on the login page?
> Seems like the road to Perdition.

:-)

Could set up an XSLT-based pipeline, I suppose.

Tom
--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: override mdui:DisplayName in federation metadata?

Paul B. Henson-2
In reply to this post by IAM David Bantz
On Thu, Jan 10, 2019 at 11:08:53AM -0900, IAM David Bantz wrote:
> You're going to modify the basic IdP authN page to meet individual service

I'm not ;), the idp login page is owned by our web development group.
All I gotta do is deploy it. How much effort they go to to cater to
individual requests is up to them, although I doubt if anything beyond a
simple service name like this will be up for discussion.


--
Paul B. Henson  |  (909) 979-6361  |  http://www.cpp.edu/~henson/
Operating Systems and Network Analyst  |  [hidden email]
California State Polytechnic University  |  Pomona CA 91768
--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: override mdui:DisplayName in federation metadata?

Cantor, Scott E.
> All I gotta do is deploy it. How much effort they go to to cater to
> individual requests is up to them, although I doubt if anything beyond a
> simple service name like this will be up for discussion.

I presumed from the question (federation metadata) that the problem is it's *not* the service owner asking for the name change at all, it's somebody responsible for use of the service who doesn't like what the actual service owner called it.

Arguably in your case it's better to leave it to the web group to change it (or not) and not rely on you to filter the metadata even if we had that feature, since then you'd get dragged into the conversation every time it came up.

If you were the one maintaining it, then a case might be made to have a filtering mechanism to centralize that change to one place separate from the template.

-- Scott


--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: override mdui:DisplayName in federation metadata?

M A Young
In reply to this post by Paul B. Henson-2
On Thu, 10 Jan 2019, Paul B. Henson wrote:

> On Thu, Jan 10, 2019 at 02:01:39PM +0000, Cantor, Scott wrote:
>
>> Nothing comes to mind. We don't have anything like a Scripted
>> MetadataFilter to just do arbitrary one-off changes.
>
> Ok, thanks for the info. I'll have them follow up with our web group to
> tweak it in the velocity template then, should be easy enough.

We did this sort of thing to change the look of our login page for certain
sites to our users, for example having different "get local help here"
messages for some sites.

So for example in views/login.vm we added the lines

## find entityID of Service Provider so we can customize some objects
#set ($SPentityId = $rpContext.getRelyingPartyId())

to the headers, and added after the line

#set ($serviceName = $rpUIContext.serviceName)

code like

#if ( $SPentityId == "a particular entity ID" )
   #set ($serviceName = "A custom service name")
#end

to set a more descriptive "Login to" message for that site.

  Michael Young
--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: override mdui:DisplayName in federation metadata?

Paul B. Henson-2
On Fri, Jan 11, 2019 at 07:24:09PM +0000, YOUNG, MICHAEL A. wrote:

> #if ( $SPentityId == "a particular entity ID" )
>    #set ($serviceName = "A custom service name")
> #end

That's kinda what I was thinking, although originally I was going to
check the existing service name rather than the entity id. Using the
entity id seems less fragile, thanks for the example.

--
Paul B. Henson  |  (909) 979-6361  |  http://www.cpp.edu/~henson/
Operating Systems and Network Analyst  |  [hidden email]
California State Polytechnic University  |  Pomona CA 91768
--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to [hidden email]