From 1bc0b7dbbddbdc2e2a0cc5be9b00ee645ca8400d Mon Sep 17 00:00:00 2001 From: Floris Fokkinga <80269262+FlorisFokkinga@users.noreply.github.com> Date: Mon, 7 Oct 2024 17:04:56 +0200 Subject: [PATCH 01/31] terminology login -> log in (verb) service -> application --- application/configs/attributes.json | 6 +- languages/messages.en.php | 91 ++++++++++--------- languages/messages.nl.php | 82 ++++++++--------- languages/messages.pt.php | 2 +- .../AttributeManipulationException.feature | 4 +- .../Features/SpProxy.feature | 4 +- .../Fixtures/FunctionalTestingPdpClient.php | 4 +- .../skeune/wayf/wayf.general.spec.js | 4 +- .../skeune/wayf/wayf.keyboard.spec.js | 6 +- .../skeune/wayf/wayf.mouse.spec.js | 2 +- .../resources/config/attributes-fixture.json | 6 +- .../Pdp/Dto/ResponseTest.php | 4 +- .../Pdp/PolicyDecisionTest.php | 4 +- .../Pdp/fixture/response_deny.json | 4 +- theme/base/javascripts/wayf/mouseBehaviour.js | 2 +- .../WAYF/idp/idpSubmitButton.html.twig | 2 +- theme/skeune/translations/messages.en.php | 16 ++-- theme/skeune/translations/messages.nl.php | 14 +-- theme/skeune/translations/messages.pt.php | 16 ++-- 19 files changed, 137 insertions(+), 136 deletions(-) diff --git a/application/configs/attributes.json b/application/configs/attributes.json index f1dfb4cf08..4797ef986b 100644 --- a/application/configs/attributes.json +++ b/application/configs/attributes.json @@ -69,7 +69,7 @@ "urn:mace:dir:attribute-def:eduPersonEntitlement": { "Description": { "en": "entitlement which decides upon your authorization within the application", - "nl": "rechtaanduiding; URI (URL of URN) dat een recht op iets aangeeft; wordt bepaald door een contract tussen dienstaanbieder en instelling" + "nl": "rechtaanduiding; URI (URL of URN) dat een recht op iets aangeeft; wordt bepaald door een contract tussen applicatieaanbieder en instelling" }, "Name": { "en": "Entitlement", @@ -411,8 +411,8 @@ }, "urn:nl.surfconext.licenseInfo": { "Description": { - "en": "License information for the current service", - "nl": "Licentieinformatie voor de huidige dienst" + "en": "License information for the current application", + "nl": "Licentieinformatie voor de huidige applicatie" }, "Name": { "en": "License information", diff --git a/languages/messages.en.php b/languages/messages.en.php index 89e37678f7..eb9479df43 100644 --- a/languages/messages.en.php +++ b/languages/messages.en.php @@ -38,8 +38,8 @@ 'wayf_title' => 'Log in with', 'value' => 'Value', 'post_data' => 'POST Data', - 'processing' => 'Connecting to the service', - 'processing_waiting' => 'Waiting for a response from the service.', + 'processing' => 'Connecting to the application', + 'processing_waiting' => 'Waiting for a response from the application.', 'processing_long' => 'Please be patient, it may take a while...', 'go_back' => '<< Go back', 'note' => 'Note', @@ -74,7 +74,7 @@ 'no_idp_results' => 'Your search did not return any results.', 'no_idp_results_request_access' => 'Can\'t find your %organisationNoun%?  Request access or try tweaking your search.', 'more_idp_results' => '%arg1% results not shown. Refine your search to show more specific results.', - 'return_to_sp' => 'Return to Service Provider', + 'return_to_sp' => 'Return to application provider', // Help page 'help' => 'Help', @@ -94,16 +94,16 @@ 'cookies_removal_confirm' => 'Your cookies have been removed.', // Footer - 'service_by' => 'This is a service connected through', + 'service_by' => 'This is an application connected through', 'serviceprovider_link_text' => '%suiteName%', 'serviceprovider_link_target' => 'https://openconext.org/', 'terms_of_service_link_text' => 'Terms of Service', 'terms_of_service_link_target' => '#', // Form - 'request_access_instructions_head' => 'Unfortunately, you do not have access to the service you are looking for. What can you do?', - 'request_access_instructions_text' => 'If you want to access this service, please fill out the form below. - We will then forward your request to the person responsible for the services + 'request_access_instructions_head' => 'Unfortunately, you do not have access to the application you are looking for. What can you do?', + 'request_access_instructions_text' => 'If you want to access this application, please fill out the form below. + We will then forward your request to the person responsible for the applications portfolio management at your %organisationNoun%.', 'name' => 'Name', 'name_error' => 'Enter your name', @@ -118,20 +118,20 @@ 'close' => 'Close', 'required' => 'Required', 'send_confirm' => 'Your request has been sent', - 'send_confirm_desc' => 'Your request has been forwarded to your %organisationNoun%. Further settlement and decisions on the availability of this service will be taken by the ICT staff of your %organisationNoun%.', + 'send_confirm_desc' => 'Your request has been forwarded to your %organisationNoun%. Further settlement and decisions on the availability of this application will be taken by the ICT staff of your %organisationNoun%.', // Consent 'consent_attributes_screenreader' => 'about %orgName%', 'consent_attributes_show_more' => 'Show more information', 'consent_attributes_show_less' => 'Show less information', - 'consent_no_attributes_text' => 'This service requires no information from your %organisationNoun%.', + 'consent_no_attributes_text' => 'This application requires no information from your %organisationNoun%.', 'consent_buttons_ok_informational' => 'Proceed to %sp%', 'consent_buttons_nok' => 'No, I do not agree', 'consent_buttons_nok_informational' => 'Cancel', - 'consent_explanation_title' => 'Pay attention when using this service', + 'consent_explanation_title' => 'Pay attention when using this application', 'consent_name_id_label' => 'Identifier', 'consent_name_id_support_link' => 'Explanation', - 'consent_name_id_value_tooltip' => 'The identifier for this service is generated by %arg1% en differs amongst each service you use through %arg1%. The service can therefore recognise you as the same user when you return, but services cannot recognise you amongst each other as the same user.', + 'consent_name_id_value_tooltip' => 'The identifier for this application is generated by %arg1% en differs amongst each application you use through %arg1%. The application can therefore recognise you as the same user when you return, but applications cannot recognise you amongst each other as the same user.', 'consent_slidein_details_email' => 'Email', 'consent_slidein_details_phone' => 'Phone', 'consent_slidein_text_contact' => 'If you have any questions about this page, please contact the service desk of your %organisationNoun%. %suiteName% has the following contact information:', @@ -154,7 +154,7 @@ 'error_help-desk-link-text' => 'Service desk', 'error_help-desk-link-text-short' => 'Service desk', 'error_return-sp-link-text' => 'Return to %spName%', - 'error_return-sp-link-text-short' => 'Return to service', + 'error_return-sp-link-text-short' => 'Return to application', 'error_404' => '404 - Page not found', 'error_404_desc' => 'This page has not been found.', @@ -163,18 +163,18 @@ 'error_help_desc' => '', 'error_no_idps' => 'Error - No %organisationNounPlural% found', 'error_no_idps_desc' => 'Logging into %spName% is not possible via %suiteName%. %spName% is not connected to any %organisationNounPlural%.', - 'error_no_idps_desc_no_sp_name' => 'Logging into this service is not possible via %suiteName%. The service is not connected to any %organisationNounPlural%.', + 'error_no_idps_desc_no_sp_name' => 'Logging into this application is not possible via %suiteName%. The application is not connected to any %organisationNounPlural%.', 'error_session_lost' => 'Error - your session was lost', - 'error_session_lost_desc' => 'To continue to the service an active session is required. However, your session expired. Perhaps you waited too long with logging in? Please go back to the service and try again. If that doesn\'t work, close your browser first and then try again.', + 'error_session_lost_desc' => 'To continue to the application an active session is required. However, your session expired. Perhaps you waited too long with logging in? Please go back to the application and try again. If that doesn\'t work, close your browser first and then try again.', 'error_session_not_started' => 'Error - No session found', - 'error_session_not_started_desc' => 'To continue to the service an active session is required. However, no session was found. Your browser must accept cookies. Alternatively, the link you used to get to the service might be wrong. Please go back to the service and try again. If that doesn\'t work, try a different browser.', - 'error_unsolicited_response' => 'Error - Sign-in could not be completed', - 'error_unsolicited_response_desc' => 'Your sign-in could not be completed because the login request was initiated in a way that is not supported. You were sent directly to this application by your identity provider (e.g. via a bookmark, portal tile, or saved link) without first starting a login from this application. This is not supported. Please start again from the service you were trying to access and log in from there.', + 'error_unsolicited_response' => 'Error - Login could not be completed', + 'error_unsolicited_response_desc' => 'Your login could not be completed because the login request was initiated in a way that is not supported. You were sent directly to this application by your identity provider (e.g. via a bookmark, portal tile, or saved link) without first starting a login from this application. This is not supported. Please start again from the application you were trying to access and log in from there.', + 'error_session_not_started_desc' => 'To continue to the application an active session is required. However, no session was found. Your browser must accept cookies. Alternatively, the link you used to get to the application might be wrong. Please go back to the application and try again. If that doesn\'t work, try a different browser.', 'error_authorization_policy_violation' => 'Error - Access denied', - 'error_authorization_policy_violation_desc' => 'You cannot use %spName% because %idpName% limits access to it (the "Service Provider") with an authorization policy. Please contact the service desk of %idpName% if you think you should be allowed access to %spName%.', - 'error_authorization_policy_violation_desc_no_idp_name' => 'You cannot use %spName% because your %organisationNoun% limits access to it (the "Service Provider") with an authorization policy. Please contact the service desk of your %organisationNoun% if you think you should be allowed access to %spName%.', - 'error_authorization_policy_violation_desc_no_sp_name' => 'You cannot use this service because %idpName% limits access to it (the "Service Provider") with an authorization policy. Please contact the service desk of %idpName% if you think you should be allowed access to this service.', - 'error_authorization_policy_violation_desc_no_name' => 'You cannot use this service because your %organisationNoun% limits access to this service (the "Service Provider") with an authorization policy. Please contact the helpdesk of your %organisationNoun% if you think you should be allowed access to this service.', + 'error_authorization_policy_violation_desc' => 'You cannot use %spName% because %idpName% limits access to it (the application provider) with an authorization policy. Please contact the service desk of %idpName% if you think you should be allowed access to %spName%.', + 'error_authorization_policy_violation_desc_no_idp_name' => 'You cannot use %spName% because your %organisationNoun% limits access with an authorization policy. Please contact the service desk of your %organisationNoun% if you think you should be allowed access to %spName%.', + 'error_authorization_policy_violation_desc_no_sp_name' => 'You cannot use this application because %idpName% limits access with an authorization policy. Please contact the service desk of %idpName% if you think you should be allowed access to this application.', + 'error_authorization_policy_violation_desc_no_name' => 'You cannot use this application because your %organisationNoun% limits access with an authorization policy. Please contact the helpdesk of your %organisationNoun% if you think you should be allowed access to this application.', 'error_authorization_policy_violation_info' => 'Message from %idpName%: ', 'error_authorization_policy_violation_info_no_idp_name' => 'Message from your %organisationNoun%: ', 'error_unable_to_receive_message' => 'Error - No message received', @@ -186,17 +186,17 @@ 'error_unsupported_signature_method' => 'Error - Signature method is not supported', 'error_unsupported_signature_method_desc' => 'The signature method %arg1% is not supported, please upgrade to RSA-SHA256 (http://www.w3.org/2001/04/xmldsig-more#rsa-sha256).', 'error_unknown_keyid' => 'Error - unknown key id', - 'error_unknown_keyid_desc' => 'The requested key-ID is not known to %suiteName%. Perhaps the service provider is using outdated metadata or has a configuration error.', + 'error_unknown_keyid_desc' => 'The requested key-ID is not known to %suiteName%. Perhaps the application provider is using outdated metadata or has a configuration error.', 'error_unknown_preselected_idp' => 'Error - %spName% not accessible through your %organisationNoun%', - 'error_unknown_preselected_idp_no_sp_name' => 'Error - Service not accessible through your %organisationNoun%', - 'error_unknown_preselected_idp_desc' => 'The %organisationNoun% that you want to use to login to %spName% did not activate access to it. This means you are unable to use %spName% through %suiteName%. Please contact the service desk of your %organisationNoun% to request access. State it is about %spName% and why you need access.', - 'error_unknown_preselected_idp_desc_no_sp_name' => 'The %organisationNoun% that you want to use to login to this service did not activate access to this service. This means you are unable to use this service through %suiteName%. Please contact the helpdesk of your %organisationNoun% to request access to this service. State what service it is about (the "SP") and why you need access.', + 'error_unknown_preselected_idp_no_sp_name' => 'Error - Application not accessible through your %organisationNoun%', + 'error_unknown_preselected_idp_desc' => 'The %organisationNoun% that you want to use to log in to %spName% did not activate access to it. This means you are unable to use %spName% through %suiteName%. Please contact the service desk of your %organisationNoun% to request access. State it is about %spName% and why you need access.', + 'error_unknown_preselected_idp_desc_no_sp_name' => 'The %organisationNoun% that you want to use to log in to this application did not activate access to this application. This means you are unable to use this application through %suiteName%. Please contact the helpdesk of your %organisationNoun% to request access to this application. State what application it is about and why you need access.', 'error_unknown_service_provider' => 'Error - %spName% unknown', - 'error_unknown_service_provider_no_sp_name' => 'Error - Unknown service', + 'error_unknown_service_provider_no_sp_name' => 'Error - Unknown application', 'error_unknown_service_provider_desc' => 'You are trying to log in to %spName%, but this is unknown to %suiteName%. Possibly %idpName% has never enabled access to %spName%. If you would like to use it, please contact the service desk of %idpName%.', - 'error_unknown_service_provider_desc_no_sp_name' => 'The service you are trying to log in to is unknown to %suiteName%. Possibly %idpName% has never enabled access to this service. If you would like to use this service, please contact the helpdesk of %idpName%.', + 'error_unknown_service_provider_desc_no_sp_name' => 'The application you are trying to log in to is unknown to %suiteName%. Possibly %idpName% has never enabled access to this application. If you would like to use this application, please contact the helpdesk of %idpName%.', 'error_unknown_service_provider_desc_no_idp_name' => 'You are trying to log in to %spName%. Possibly your %organisationNoun% has never enabled access to %spName%. If you would like to use it, please contact the helpdesk of your %organisationNoun%.', - 'error_unknown_service_provider_desc_no_names' => 'The service you are trying to log in to is unknown to %suiteName%. Possibly your %organisationNoun% has never enabled access to this service. If you would like to use this service, please contact the helpdesk of your %organisationNoun%.', + 'error_unknown_service_provider_desc_no_names' => 'The application you are trying to log in to is unknown to %suiteName%. Possibly your %organisationNoun% has never enabled access to this application. If you would like to use this application, please contact the helpdesk of your %organisationNoun%.', 'error_unsupported_acs_location_scheme' => 'Error - Unsupported URI scheme in ACS location', @@ -208,20 +208,20 @@ 'error_unknown_signing_key_desc' => 'The signing key used is not known to %suiteName%. This is possibly a configuration error.', 'error_generic' => 'Error - An error occurred', 'error_generic_desc' => 'Logging in has failed and we don\'t know exactly why. Please try again first by going back to %spName% and logging in again. If this doesn\'t work, please contact the service desk of %idpName%.', - 'error_generic_desc_no_sp_name' => 'Logging in has failed and we don\'t know exactly why. Please try again first by going back to the service and logging in again. If this doesn\'t work, please contact the service desk of %idpName%.', + 'error_generic_desc_no_sp_name' => 'Logging in has failed and we don\'t know exactly why. Please try again first by going back to the application and logging in again. If this doesn\'t work, please contact the service desk of %idpName%.', 'error_generic_desc_no_idp_name' => 'Logging in has failed and we don\'t know exactly why. Please try again first by going back to %spName% and logging in again. If this doesn\'t work, please contact the service desk of your %organisationNoun%.', - 'error_generic_desc_no_names' => 'Logging in has failed and we don\'t know exactly why. Please try again first by going back to the service and logging in again. If this doesn\'t work, please contact the service desk of your %organisationNoun%.', + 'error_generic_desc_no_names' => 'Logging in has failed and we don\'t know exactly why. Please try again first by going back to the application and logging in again. If this doesn\'t work, please contact the service desk of your %organisationNoun%.', 'error_missing_required_fields' => 'Error - Missing required fields', 'error_missing_required_fields_desc'=> '%idpName% does not provide the mandatory information or it has an invalid format. Therefore, you can not use %spName%. Please contact the service desk of %idpName% and tell them one or more of the the following required attributes are not being set correctly for %suiteName%:', 'error_missing_required_fields_desc_no_idp_name'=> 'Your %organisationNoun% does not provide the mandatory information. Therefore, you can not use %spName%. Please contact your %organisationNoun% and tell them one or more of the the following required attribute(s) are missing within %suiteName%:', - 'error_missing_required_fields_desc_no_sp_name'=> '%idpName% does not provide the mandatory information. Therefore, you can not use this service. Please contact the service desk of %idpName% and tell them one or more of the the following required attribute(s) are missing within %suiteName%:', + 'error_missing_required_fields_desc_no_sp_name'=> '%idpName% does not provide the mandatory information. Therefore, you can not use this application. Please contact the service desk of %idpName% and tell them one or more of the the following required attribute(s) are missing within %suiteName%:', 'error_missing_required_fields_desc_no_name'=> ' -Your %organisationNoun% does not provide the mandatory information. Therefore, you can not use this service. Please contact your %organisationNoun% and tell them one or more of the the following required attribute(s) are missing within %suiteName%:', +Your %organisationNoun% does not provide the mandatory information. Therefore, you can not use this application. Please contact your %organisationNoun% and tell them one or more of the the following required attribute(s) are missing within %suiteName%:', 'error_invalid_attribute_value' => 'Error - Attribute value not allowed', 'error_invalid_attribute_value_desc' => '%idpName% sends a value for attribute %attributeName% ("%attributeValue%") which is not allowed for this %organisationNoun%. Therefore you cannot log in. Only %idpName% can resolve this. Please contact the service desk of %idpName% to fix this problem.', 'error_invalid_attribute_value_desc_no_idp_name' => 'Your %organisationNoun% sends a value for attribute %attributeName% ("%attributeValue%") which is not allowed for this %organisationNoun%. Therefore you cannot log in. Only your %organisationNoun% can resolve this. Please contact the service desk of your own %organisationNoun% to fix this problem.', 'error_received_error_status_code' => 'Error - Identity Provider error', - 'error_received_error_status_code_desc'=> 'Your %organisationNoun% has denied you access to this service. You will have to contact your own (IT-)service desk to see if this can be fixed.', + 'error_received_error_status_code_desc'=> 'Your %organisationNoun% has denied you access to this application. You will have to contact your service desk to see if this can be fixed.', 'error_received_invalid_response' => 'Error - Invalid %idpName% SAML response', 'error_received_invalid_response_no_idp_name' => 'Error - Invalid %organisationNoun% SAML response', 'error_received_invalid_signed_response'=> 'Error - Invalid signature on %idpName% response', @@ -229,17 +229,17 @@ 'error_stuck_in_authentication_loop' => 'Error - You got stuck in a black hole', 'error_stuck_in_authentication_loop_desc' => 'You\'ve successfully authenticated at %idpName% but %spName% sends you back again to %suiteName%. Because you are already logged in, %suiteName% then sends you back to %spName%, which results in an infinite black hole. Likely, this is caused by an error at %spName%.', 'error_stuck_in_authentication_loop_desc_no_idp_name' => 'You\'ve successfully authenticated at your %organisationNoun% but %spName% sends you back again to %suiteName%. Because you are already logged in, %suiteName% then sends you back to %spName%, which results in an infinite black hole. Likely, this is caused by an error at %spName%.', - 'error_stuck_in_authentication_loop_desc_no_sp_name' => 'You\'ve successfully authenticated at %idpName% but the service you are trying to access sends you back again to %suiteName%. Because you are already logged in, %suiteName% then sends you back to the service, which results in an infinite black hole. Likely, this is caused by an error at the Service Provider.', - 'error_stuck_in_authentication_loop_desc_no_name' => 'You\'ve successfully authenticated at your %organisationNoun% but the service you are trying to access sends you back again to %suiteName%. Because you are already logged in, %suiteName% then sends you back to the service, which results in an infinite black hole. Likely, this is caused by an error at the Service Provider.', - 'error_authentication_limit_exceeded' => 'Error - too many authentications in progress', + 'error_stuck_in_authentication_loop_desc_no_sp_name' => 'You\'ve successfully authenticated at %idpName% but the application you are trying to access sends you back again to %suiteName%. Because you are already logged in, %suiteName% then sends you back to the application, which results in an infinite black hole. Likely, this is caused by an error at the application side.', + 'error_stuck_in_authentication_loop_desc_no_name' => 'You\'ve successfully authenticated at your %organisationNoun% but the application you are trying to access sends you back again to %suiteName%. Because you are already logged in, %suiteName% then sends you back to the application, which results in an infinite black hole. Likely, this is caused by an error at the application side.', + 'error_authentication_limit_exceeded' => 'Error - Too many authentications in progress', 'error_authentication_limit_exceeded_desc' => 'Too many authentications in progress', 'error_no_authentication_request_received' => 'Error - No authentication request received.', 'error_authn_context_class_ref_blacklisted' => 'Error - AuthnContextClassRef value is not allowed', - 'error_authn_context_class_ref_blacklisted_desc' => 'You cannot login because %idpName% sent a value for AuthnContextClassRef that is not allowed. Please contact the service desk of %idpName% to solve this.', - 'error_authn_context_class_ref_blacklisted_desc_no_idp_name' => 'You cannot login because your %organisationNoun% sent a value for AuthnContextClassRef that is not allowed. Please contact the service desk of your %organisationNoun% to solve this.', + 'error_authn_context_class_ref_blacklisted_desc' => 'You cannot log in because %idpName% sent a value for AuthnContextClassRef that is not allowed. Please contact the service desk of %idpName% to solve this.', + 'error_authn_context_class_ref_blacklisted_desc_no_idp_name' => 'You cannot log in because your %organisationNoun% sent a value for AuthnContextClassRef that is not allowed. Please contact the service desk of your %organisationNoun% to solve this.', 'error_invalid_mfa_authn_context_class_ref' => 'Error - Multi factor authentication failed', - 'error_invalid_mfa_authn_context_class_ref_desc' => '%idpName% requires multi-factor authentication for this service. However, your second factor could not be validated. Please contact the service desk of %idpName% to solve this.', - 'error_invalid_mfa_authn_context_class_ref_desc_no_idp_name' => 'Your %organisationNoun% requires multi-factor authentication for this service. However, your second factor could not be validated. Please contact the service desk of your %organisationNoun% to solve this.', + 'error_invalid_mfa_authn_context_class_ref_desc' => '%idpName% requires multi-factor authentication for this application. However, your second factor could not be validated. Please contact the service desk of %idpName% to solve this.', + 'error_invalid_mfa_authn_context_class_ref_desc_no_idp_name' => 'Your %organisationNoun% requires multi-factor authentication for this application. However, your second factor could not be validated. Please contact the service desk of your %organisationNoun% to solve this.', /** * %1 AttributeName * %2 Options @@ -260,19 +260,20 @@ 'error_attribute_validator_allowed' => '\'%arg3%\' is not an allowed value for this attribute', 'allowed_scopes' => 'Allowed scopes', - 'error_unknown_requesterid_in_authnrequest' => 'Error - Unknown service', - 'error_unknown_requesterid_in_authnrequest_desc' => 'Your requested service couldn\'t be found.', + 'error_unknown_requesterid_in_authnrequest' => 'Error - Unknown application', + 'error_unknown_requesterid_in_authnrequest_desc' => 'Your requested application couldn\'t be found.', 'error_clock_issue_title' => 'Error - The Assertion is not yet valid or has expired', 'error_clock_issue_desc' => 'This is likely because the difference in time between %idpName% and %suiteName% it too large. Please verify that the time on the %organisationNoun% is correct.', 'error_clock_issue_desc_no_idp_name' => 'This is likely because the difference in time between %organisationNoun% and %suiteName% it too large. Please verify that the time on the IdP is correct.', 'error_stepup_callout_unknown' => 'Error - Unknown strong authentication failure', - 'error_stepup_callout_unknown_desc' => 'Logging in with strong authentication has failed and we don\'t know exactly why. Please try again first by going back to the service and logging in again. If this doesn\'t work, please contact the service desk of your %organisationNoun%.', + 'error_stepup_callout_unknown_desc' => 'Logging in with strong authentication has failed. Please try again first by going back to the application and logging in again. If this doesn\'t work, please contact the service desk of your %organisationNoun%.', + 'error_stepup_callout_unknown_title' => 'Error - Unknown strong authentication failure', 'error_stepup_callout_unmet_loa_title' => 'Error - No suitable token found', - 'error_stepup_callout_unmet_loa_desc' => 'To continue to this service, a registered token with a certain level of assurance is required. Currently, you either haven\'t registered a token at all, or the level of assurance of the token you did register is too low. See the link below for more information about the registration process.', + 'error_stepup_callout_unmet_loa_desc' => 'To continue to this application, a registered token with a certain level of assurance is required. Currently, you either haven\'t registered a token at all, or the level of assurance of the token you did register is too low. See the link below for more information about the registration process.', 'error_stepup_callout_unmet_loa_link_text' => 'Read more about the registration process.', 'error_stepup_callout_unmet_loa_link_target' => 'https://support.surfconext.nl/stepup-noauthncontext-en', 'error_stepup_callout_user_cancelled' => 'Error - Logging in cancelled', - 'error_stepup_callout_user_cancelled_desc' => 'You have aborted the login process. Go back to the service if you want to try again.', + 'error_stepup_callout_user_cancelled_desc' => 'You have aborted the login process. Go back to the application if you want to try again.', 'error_metadata_entity_id_not_found' => 'Metadata can not be generated', 'error_metadata_entity_id_not_found_desc' => 'The following error occurred: %message%', 'attributes_validation_succeeded' => 'Authentication success', diff --git a/languages/messages.nl.php b/languages/messages.nl.php index fead1e5847..4977ac650d 100644 --- a/languages/messages.nl.php +++ b/languages/messages.nl.php @@ -38,8 +38,8 @@ 'wayf_title' => 'Log in met', 'value' => 'Waarde', 'post_data' => 'POST Data', - 'processing' => 'Verbinden met de dienst', - 'processing_waiting' => 'Wachten op een reactie van de dienst.', + 'processing' => 'Verbinden met de applicatie', + 'processing_waiting' => 'Wachten op een reactie van de applicatie.', 'processing_long' => 'Wees a.u.b. geduldig, het kan even duren...', 'go_back' => '<< Ga terug', 'note' => 'Mededeling', @@ -74,7 +74,7 @@ 'no_idp_results' => 'Je zoekterm heeft geen resultaten opgeleverd.', 'no_idp_results_request_access' => 'Kun je je %organisationNoun% niet vinden?  Vraag toegang aan of pas je zoekopdracht aan.', 'more_idp_results' => '%arg1% resultaten worden niet getoond. Verfijn je zoekopdracht voor specifiekere resultaten.', - 'return_to_sp' => 'Keer terug naar Service Provider', + 'return_to_sp' => 'Keer terug naar applicatieaanbieder', // Help page 'help_header' => 'Help', @@ -93,15 +93,15 @@ 'cookies_removal_confirm' => 'Uw cookies zijn verwijderd.', // Footer - 'service_by' => 'Deze dienst is verbonden via', + 'service_by' => 'Deze applicatie is verbonden via', 'serviceprovider_link_text' => '%suiteName%', 'serviceprovider_link_target' => 'https://openconext.org/', 'terms_of_service_link_text' => 'Gebruiksvoorwaarden', 'terms_of_service_link_target' => '#', // Request Access Form - 'request_access_instructions_head' => 'Helaas, je hebt geen toegang tot de dienst die je zoekt. Wat nu?', - 'request_access_instructions_text' => 'Wil je toch graag toegang tot deze dienst, vul dan het onderstaande formulier in. + 'request_access_instructions_head' => 'Helaas, je hebt geen toegang tot de applicatie die je zoekt. Wat nu?', + 'request_access_instructions_text' => 'Wil je toch graag toegang tot deze applicatie, vul dan het onderstaande formulier in. Wij sturen je verzoek door naar de juiste persoon binnen jouw %organisationNoun%.', 'name' => 'Naam', 'name_error' => 'Vul je naam in', @@ -116,20 +116,20 @@ 'close' => 'Sluiten', 'required' => 'Verplicht', 'send_confirm' => 'Je verzoek is verzonden', - 'send_confirm_desc' => 'Je verzoek is doorgestuurd naar de juiste persoon binnen jouw %organisationNoun%. Het is aan deze persoon om actie te ondernemen op basis van jouw verzoek. Het kan zijn dat er nog afspraken gemaakt moeten worden tussen jouw %organisationNoun% en de dienstaanbieder.', + 'send_confirm_desc' => 'Je verzoek is doorgestuurd naar de juiste persoon binnen jouw %organisationNoun%. Het is aan deze persoon om actie te ondernemen op basis van jouw verzoek. Het kan zijn dat er nog afspraken gemaakt moeten worden tussen jouw %organisationNoun% en de applicatieaanbieder.', // Consent page 'consent_attributes_screenreader' => 'over %orgName%', 'consent_attributes_show_more' => 'Toon alle gegevens', 'consent_attributes_show_less' => 'Toon minder gegevens', - 'consent_no_attributes_text' => 'Voor deze dienst zijn geen gegevens van jouw %organisationNoun% nodig.', + 'consent_no_attributes_text' => 'Voor deze applicatie zijn geen gegevens van jouw %organisationNoun% nodig.', 'consent_buttons_ok_informational' => 'Doorgaan naar %sp%', 'consent_buttons_nok' => 'Nee, ik ga niet akkoord', 'consent_buttons_nok_informational' => 'Annuleren', - 'consent_explanation_title' => 'Let op bij het gebruik van deze dienst', + 'consent_explanation_title' => 'Let op bij het gebruik van deze applicatie', 'consent_name_id_label' => 'Identifier', 'consent_name_id_support_link' => 'Uitleg', - 'consent_name_id_value_tooltip' => 'De identifier voor deze dienst wordt door %arg1% zelf gegenereerd en verschilt per dienst je via %arg1% gebruikt. De dienst kan jou dus wel herkennen als dezelfde gebruiker als je opnieuw inlogt, maar diensten kunnen onderling niet zien dat het om dezelfde gebruiker gaat.', + 'consent_name_id_value_tooltip' => 'De identifier voor deze applicatie wordt door %arg1% zelf gegenereerd en verschilt per applicatie je via %arg1% gebruikt. De applicatie kan jou dus wel herkennen als dezelfde gebruiker als je opnieuw inlogt, maar applicaties kunnen onderling niet zien dat het om dezelfde gebruiker gaat.', 'consent_slidein_details_email' => 'Email', 'consent_slidein_details_phone' => 'Telefoon', 'consent_slidein_text_contact' => 'Neem voor vragen hierover contact op met de helpdesk van je %organisationNoun%. De volgende gegevens zijn bij %suiteName% bekend:', @@ -154,7 +154,7 @@ 'error_help-desk-link-text' => 'Helpdesk', 'error_help-desk-link-text-short' => 'Helpdesk', 'error_return-sp-link-text' => 'Terug naar %spName%', - 'error_return-sp-link-text-short' => 'Terug naar dienst', + 'error_return-sp-link-text-short' => 'Terug naar applicatie', 'error_404' => '404 - Pagina niet gevonden', 'error_404_desc' => 'De pagina is niet gevonden.', @@ -163,18 +163,18 @@ 'error_help_desc' => '', 'error_no_idps' => 'Error - Geen %organisationNounPlural% gevonden', 'error_no_idps_desc' => 'Inloggen op %spName% via %suiteName% is onmogelijk. %spName% is niet gekoppeld met een %organisationNoun%.', - 'error_no_idps_desc_no_sp_name' => 'Inloggen op de dienst via %suiteName% is onmogelijk. De dienst is niet gekoppeld met een %organisationNoun%.', + 'error_no_idps_desc_no_sp_name' => 'Inloggen op de applicatie via %suiteName% is onmogelijk. De applicatie is niet gekoppeld met een %organisationNoun%.', 'error_session_lost' => 'Fout - Sessie is verloren gegaan', - 'error_session_lost_desc' => 'Om verder te gaan naar de dienst heb je een actieve sessie nodig, maar deze is verlopen. Heb je misschien te lang gewacht met inloggen? Ga terug naar de dienst en probeer het nog een keer. Als dat niet werkt, sluit je browser af en probeer nogmaals opnieuw in te loggen.', + 'error_session_lost_desc' => 'Om verder te gaan naar de applicatie heb je een actieve sessie nodig, maar deze is verlopen. Heb je misschien te lang gewacht met inloggen? Ga terug naar de applicatie en probeer het nog een keer. Als dat niet werkt, sluit je browser af en probeer nogmaals opnieuw in te loggen.', 'error_session_not_started' => 'Fout - Geen sessie gevonden', - 'error_session_not_started_desc' => 'Om verder te gaan naar de dienst heb je een actieve sessie nodig, maar we kunnen deze niet vinden. Je browser moet cookies ondersteunen. Ook kan de link die je hebt gebruikt om bij de dienst te komen, verkeerd zijn. Ga terug naar de dienst en probeer het opnieuw. Als dat niet werkt, probeer een andere browser.', - 'error_unsolicited_response' => 'Fout - Inloggen kon niet worden voltooid', - 'error_unsolicited_response_desc' => 'Je inlogpoging kon niet worden voltooid omdat het inlogverzoek op een niet-ondersteunde manier is gestart. Je bent rechtstreeks naar deze toepassing gestuurd door je identiteitsprovider (bijv. via een bladwijzer, portaltegel of opgeslagen link) zonder eerst een login te starten vanuit de dienst zelf. Dit wordt niet ondersteund. Begin opnieuw vanuit de dienst die je wilt gebruiken en log in via die weg.', + 'error_session_not_started_desc' => 'Om verder te gaan naar de applicatie heb je een actieve sessie nodig, maar we kunnen deze niet vinden. Je browser moet cookies ondersteunen. Ook kan de link die je hebt gebruikt om bij de applicatie te komen, verkeerd zijn. Ga terug naar de applicatie en probeer het opnieuw. Als dat niet werkt, probeer een andere browser.', + 'error_unsolicited_response' => 'Fout - Inloggen niet gelukt', + 'error_unsolicited_response_desc' => 'Inloggen is niet gelukt, omdat het een niet-ondersteunde manier is gestart. Je bent rechtstreeks naar deze applicatie gestuurd door je identiteitsverstrekker (bijvoorbeeld via een bladwijzer, portaaltegel of opgeslagen koppeling), in plaats van in te loggen vanuit de applicatie. Dit wordt niet ondersteund. Begin opnieuw vanuit de applicatie die je wil gebruiken en log in via die weg.', 'error_authorization_policy_violation' => 'Fout - Geen toegang', 'error_authorization_policy_violation_desc' => 'Neem contact op met de helpdesk van %idpName% als je toegang tot %spName% wilt. Vermeld daarbij dat je probeerde in te loggen op %spName% en dat je werd tegengehouden door een autorisatieregel van %suiteName%, geconfigureerd door %idpName%.', 'error_authorization_policy_violation_desc_no_idp_name' => 'Neem contact op met de helpdesk van je eigen %organisationNoun% als je toegang tot %spName% wilt. Vermeld daarbij dat je probeerde in te loggen op %spName% en dat je werd tegengehouden door een autorisatieregel van %suiteName%, geconfigureerd door jouw eigen %organisationNoun%.', - 'error_authorization_policy_violation_desc_no_sp_name' => 'Neem contact op met de helpdesk van %idpName% als je toegang tot deze dienst wilt. Vermeld daarbij op welke dienst je probeerde in te loggen en dat je werd tegengehouden door een autorisatieregel van %suiteName%, geconfigureerd door %idpName%.', - 'error_authorization_policy_violation_desc_no_name' => 'Neem contact op met de helpdesk van je eigen %organisationNoun% als je toegang tot deze dienst wilt. Vermeld daarbij op welke dienst je probeerde in te loggen en dat je werd tegengehouden door een autorisatieregel van %suiteName%, geconfigureerd door jouw eigen %organisationNoun%.', + 'error_authorization_policy_violation_desc_no_sp_name' => 'Neem contact op met de helpdesk van %idpName% als je toegang tot deze applicatie wilt. Vermeld daarbij op welke applicatie je probeerde in te loggen en dat je werd tegengehouden door een autorisatieregel van %suiteName%, geconfigureerd door %idpName%.', + 'error_authorization_policy_violation_desc_no_name' => 'Neem contact op met de helpdesk van je eigen %organisationNoun% als je toegang tot deze applicatie wilt. Vermeld daarbij op welke applicatie je probeerde in te loggen en dat je werd tegengehouden door een autorisatieregel van %suiteName%, geconfigureerd door jouw eigen %organisationNoun%.', 'error_authorization_policy_violation_info' => 'Bericht van %idpName%: ', 'error_authorization_policy_violation_info_no_idp_name' => 'Bericht van je %organisationNoun%: ', 'error_unable_to_receive_message' => 'Fout - Geen bericht ontvangen', @@ -188,15 +188,15 @@ 'error_unknown_keyid' => 'Fout - onbekend key-ID', 'error_unknown_keyid_desc' => 'De gevraagde key-ID is niet bekend bij %suiteName%. Wellicht gebruikt de service provider achterhaalde metadata of is er sprake van een andere configuratiefout.', 'error_unknown_preselected_idp' => 'Fout - %spName% niet toegankelijk via %organisationNoun%', - 'error_unknown_preselected_idp_no_sp_name' => 'Fout - Dienst niet toegankelijk via %organisationNoun%', - 'error_unknown_preselected_idp_desc' => 'De %organisationNoun% waarmee je wilt inloggen heeft toegang tot %spName% niet geactiveerd. Dat betekent dat jij geen gebruik kunt maken van deze dienst via %suiteName%. Neem contact op met de helpdesk van jouw %organisationNoun% als je toegang wilt krijgen tot %spName%. Geef daarbij aan dat het om %spName% gaat en waarom je toegang wilt.', - 'error_unknown_preselected_idp_desc_no_sp_name' => 'De %organisationNoun% waarmee je wilt inloggen heeft toegang tot deze dienst niet geactiveerd. Dat betekent dat jij geen gebruik kunt maken van deze dienst via %suiteName%. Neem contact op met de helpdesk van jouw %organisationNoun% als je toegang wilt krijgen tot deze dienst. Geef daarbij aan om welke dienst het gaat (de "SP") en waarom je toegang wilt.', + 'error_unknown_preselected_idp_no_sp_name' => 'Fout - Applicatie niet toegankelijk via %organisationNoun%', + 'error_unknown_preselected_idp_desc' => 'De %organisationNoun% waarmee je wilt inloggen heeft toegang tot %spName% niet geactiveerd. Dat betekent dat jij geen gebruik kunt maken van deze applicatie via %suiteName%. Neem contact op met de helpdesk van jouw %organisationNoun% als je toegang wilt krijgen tot %spName%. Geef daarbij aan dat het om %spName% gaat en waarom je toegang wilt.', + 'error_unknown_preselected_idp_desc_no_sp_name' => 'De %organisationNoun% waarmee je wilt inloggen heeft toegang tot deze applicatie niet geactiveerd. Dat betekent dat jij geen gebruik kunt maken van deze applicatie via %suiteName%. Neem contact op met de helpdesk van jouw %organisationNoun% als je toegang wilt krijgen tot deze applicatie. Geef daarbij aan om welke applicatie het gaat (de "SP") en waarom je toegang wilt.', 'error_unknown_service_provider' => 'Error - %spName% onbekend', - 'error_unknown_service_provider_no_sp_name' => 'Error - Onbekende dienst', - 'error_unknown_service_provider_desc' => '%spName% is onbekend bij %suiteName%. Wellicht heeft %idpName% toegang tot deze dienst niet geactiveerd. Wil je gebruik maken van %spName%, wend je dan tot de helpdesk van %idpName%.', - 'error_unknown_service_provider_desc_no_sp_name' => 'De verzochte Service Provider is onbekend bij %suiteName%. Wellicht heeft %idpName% toegang tot deze dienst niet geactiveerd. Wil je gebruik maken van deze dienst, wend je dan tot de helpdesk van %idpName%.', - 'error_unknown_service_provider_desc_no_idp_name' => '%spName% is onbekend bij %suiteName%. Wellicht heeft je %organisationNoun% toegang tot deze dienst niet geactiveerd. Wil je gebruik maken van %spName%, wend je dan tot de helpdesk van je %organisationNoun%.', - 'error_unknown_service_provider_desc_no_names' => 'De verzochte Service Provider is onbekend bij %suiteName%. Wellicht heeft je %organisationNoun% toegang tot deze dienst niet geactiveerd. Wil je gebruik maken van deze dienst, wend je dan tot de helpdesk van je %organisationNoun%.', + 'error_unknown_service_provider_no_sp_name' => 'Error - Onbekende applicatie', + 'error_unknown_service_provider_desc' => '%spName% is onbekend bij %suiteName%. Wellicht heeft %idpName% toegang tot deze applicatie niet geactiveerd. Wil je gebruik maken van %spName%, wend je dan tot de helpdesk van %idpName%.', + 'error_unknown_service_provider_desc_no_sp_name' => 'De verzochte Service Provider is onbekend bij %suiteName%. Wellicht heeft %idpName% toegang tot deze applicatie niet geactiveerd. Wil je gebruik maken van deze applicatie, wend je dan tot de helpdesk van %idpName%.', + 'error_unknown_service_provider_desc_no_idp_name' => '%spName% is onbekend bij %suiteName%. Wellicht heeft je %organisationNoun% toegang tot deze applicatie niet geactiveerd. Wil je gebruik maken van %spName%, wend je dan tot de helpdesk van je %organisationNoun%.', + 'error_unknown_service_provider_desc_no_names' => 'De verzochte Service Provider is onbekend bij %suiteName%. Wellicht heeft je %organisationNoun% toegang tot deze applicatie niet geactiveerd. Wil je gebruik maken van deze applicatie, wend je dan tot de helpdesk van je %organisationNoun%.', 'error_unsupported_acs_location_scheme' => 'Fout - URI scheme van de ACS locatie wordt niet ondersteund', 'error_unknown_identity_provider' => 'Error - %idpName% onbekend', 'error_unknown_identity_provider_no_idp_name' => 'Error - Onbekende %organisationNoun%', @@ -206,9 +206,9 @@ 'error_unknown_signing_key_desc' => 'De gebruikte signing key is niet bekend bij %suiteName%. Dit komt waarschijnlijk door een configuratiefout.', 'error_generic' => 'Fout - Generieke foutmelding', 'error_generic_desc' => 'Inloggen is niet gelukt en we weten niet precies waarom. Probeer het eerst eens opnieuw door terug te gaan naar %spName% en opnieuw in te loggen. Lukt dit niet, neem dan contact op met de helpdesk van %idpName%.', - 'error_generic_desc_no_sp_name' => 'Inloggen is niet gelukt en we weten niet precies waarom. Probeer het eerst eens opnieuw door terug te gaan naar de dienst en opnieuw in te loggen. Lukt dit niet, neem dan contact op met de helpdesk van %idpName%.', + 'error_generic_desc_no_sp_name' => 'Inloggen is niet gelukt en we weten niet precies waarom. Probeer het eerst eens opnieuw door terug te gaan naar de applicatie en opnieuw in te loggen. Lukt dit niet, neem dan contact op met de helpdesk van %idpName%.', 'error_generic_desc_no_idp_name' => 'Inloggen is niet gelukt en we weten niet precies waarom. Probeer het eerst eens opnieuw door terug te gaan naar %spName% en opnieuw in te loggen. Lukt dit niet, neem dan contact op met de helpdesk van je %organisationNoun%.', - 'error_generic_desc_no_names' => 'Inloggen is niet gelukt en we weten niet precies waarom. Probeer het eerst eens opnieuw door terug te gaan naar de dienst en opnieuw in te loggen. Lukt dit niet, neem dan contact op met de helpdesk van je %organisationNoun%.', + 'error_generic_desc_no_names' => 'Inloggen is niet gelukt en we weten niet precies waarom. Probeer het eerst eens opnieuw door terug te gaan naar de applicatie en opnieuw in te loggen. Lukt dit niet, neem dan contact op met de helpdesk van je %organisationNoun%.', 'error_missing_required_fields' => 'Error - Verplichte velden ontbreken', 'error_missing_required_fields_desc'=> '%idpName% geeft niet de benodigde informatie vrij. Daarom kun je %spName% niet gebruiken. Neem alstublieft contact op met de helpdesk van %idpName%. Geef hierbij de onderstaande informatie door. Omdat %idpName% niet de juiste attributen aan %suiteName% doorgeeft, of in het onjuiste formaat, is het inloggen mislukt. De volgende attributen zijn vereist om succesvol in te loggen op het %suiteName% platform:', 'error_missing_required_fields_desc_no_idp_name'=> 'Jouw %organisationNoun% geeft niet de benodigde informatie vrij. Daarom kun je %spName% niet gebruiken. Neem alstublieft contact op met de helpdesk van jouw %organisationNoun%. Geef hierbij de onderstaande informatie door. Omdat je %organisationNoun% niet de juiste attributen aan %suiteName% doorgeeft is het inloggen mislukt. De volgende attributen zijn vereist om succesvol in te loggen op het %suiteName% platform:', @@ -218,7 +218,7 @@ 'error_invalid_attribute_value_desc' => '%idpName% geeft een waarde door in het attribuut %attributeName% ("%attributeValue%") die niet is toegestaan voor deze %organisationNoun%. Inloggen is daarom niet mogelijk. Alleen %idpName% kan dit oplossen. Neem dus contact op met de helpdesk van %idpName%.', 'error_invalid_attribute_value_desc_no_idp_name' => 'Je %organisationNoun% geeft een waarde door in het attribuut %attributeName% ("%attributeValue%") die niet is toegestaan voor deze %organisationNoun%. Inloggen is daarom niet mogelijk. Alleen jouw %organisationNoun% kan dit oplossen. Neem dus contact op met de helpdesk van je eigen %organisationNoun%.', 'error_received_error_status_code' => 'Error - Fout bij Identity Provider', - 'error_received_error_status_code_desc'=> 'Je %organisationNoun% heeft je de toegang geweigerd tot deze dienst. Je zult dus contact moeten opnemen met de (IT-)helpdesk van je eigen %organisationNoun% om te kijken of dit verholpen kan worden.', + 'error_received_error_status_code_desc'=> 'Je %organisationNoun% heeft je de toegang geweigerd tot deze applicatie. Je zult dus contact moeten opnemen met de (IT-)helpdesk van je eigen %organisationNoun% om te kijken of dit verholpen kan worden.', 'error_received_invalid_response' => 'Fout - Ongeldig SAML-bericht van %idpName%', 'error_received_invalid_response_no_idp_name' => 'Fout - Ongeldig SAML-bericht van %organisationNoun%', 'error_received_invalid_signed_response' => 'Fout - Ongeldige handtekening op antwoord van %idpName%', @@ -226,17 +226,17 @@ 'error_stuck_in_authentication_loop' => 'Fout - Je zit vast in een zwart gat', 'error_stuck_in_authentication_loop_desc' => 'Je bent succesvol ingelogd bij %idpName% maar %spName% stuurt je weer terug naar %suiteName%. Omdat je succesvol bent ingelogd, stuurt %suiteName% je weer naar %spName%, wat resulteert in een oneindig zwart gat. Dit komt waarschijnlijk door een foutje aan de kant van %spName%.', 'error_stuck_in_authentication_loop_desc_no_idp_name' => 'Je bent succesvol ingelogd bij je %organisationNoun% maar %spName% stuurt je weer terug naar %suiteName%. Omdat je succesvol bent ingelogd, stuurt %suiteName% je weer naar %spName%, wat resulteert in een oneindig zwart gat. Dit komt waarschijnlijk door een foutje aan de kant van %spName%.', - 'error_stuck_in_authentication_loop_desc_no_sp_name' => 'Je bent succesvol ingelogd bij %idpName% maar de dienst waar je naartoe wilt stuurt je weer terug naar %suiteName%. Omdat je succesvol bent ingelogd, stuurt %suiteName% je weer naar de dienst, wat resulteert in een oneindig zwart gat. Dit komt waarschijnlijk door een foutje aan de kant van de dienst.', - 'error_stuck_in_authentication_loop_desc_no_name' => 'Je bent succesvol ingelogd bij je %organisationNoun% maar de dienst waar je naartoe wilt stuurt je weer terug naar %suiteName%. Omdat je succesvol bent ingelogd, stuurt %suiteName% je weer naar de dienst, wat resulteert in een oneindig zwart gat. Dit komt waarschijnlijk door een foutje aan de kant van de dienst.', - 'error_authentication_limit_exceeded' => 'Fout - teveel onafgeronde authenticaties tegelijkertijd.', - 'error_authentication_limit_exceeded_desc' => 'Teveel onafgeronde authenticaties tegelijkertijd.', + 'error_stuck_in_authentication_loop_desc_no_sp_name' => 'Je bent succesvol ingelogd bij %idpName% maar de applicatie waar je naartoe wilt stuurt je weer terug naar %suiteName%. Omdat je succesvol bent ingelogd, stuurt %suiteName% je weer naar de applicatie, wat resulteert in een oneindig zwart gat. Dit komt waarschijnlijk door een foutje aan de kant van de applicatie.', + 'error_stuck_in_authentication_loop_desc_no_name' => 'Je bent succesvol ingelogd bij je %organisationNoun% maar de applicatie waar je naartoe wilt stuurt je weer terug naar %suiteName%. Omdat je succesvol bent ingelogd, stuurt %suiteName% je weer naar de applicatie, wat resulteert in een oneindig zwart gat. Dit komt waarschijnlijk door een foutje aan de kant van de applicatie.', + 'error_authentication_limit_exceeded' => 'Fout - Te veel gelijktijdige onafgeronde authenticaties.', + 'error_authentication_limit_exceeded_desc' => 'Te veel gelijktijdige onafgeronde authenticaties.', 'error_no_authentication_request_received' => 'Fout - Geen authenticatie-aanvraag ontvangen.', 'error_authn_context_class_ref_blacklisted' => 'Fout - Waarde van AuthnContextClassRef is niet toegestaan', 'error_authn_context_class_ref_blacklisted_desc' => 'Je kunt niet inloggen omdat %idpName% een waarde stuurde voor AuthnContextClassRef die niet is toegestaan. Neem contact op met de helpdesk van %idpName% om dit op te lossen.', 'error_authn_context_class_ref_blacklisted_desc_no_idp_name' => 'Je kunt niet inloggen omdat je %organisationNoun% een waarde stuurde voor AuthnContextClassRef die niet is toegestaan. Neem contact op met de helpdesk van je %organisationNoun% om dit op te lossen.', 'error_invalid_mfa_authn_context_class_ref' => 'Fout - Multi-factor authenticatie mislukt', - 'error_invalid_mfa_authn_context_class_ref_desc' => '%idpName% vereist multi-factor authenticatie voor deze dienst. Je tweede factor kon echter niet gevalideerd worden. Neem contact op met de helpdesk van %idpName% om dit op te lossen.', - 'error_invalid_mfa_authn_context_class_ref_desc_no_idp_name' => 'Jouw %organisationNoun% vereist multi-factor authenticatie voor deze dienst. Je tweede factor kon echter niet gevalideerd worden. Neem contact op met de helpdesk van je %organisationNoun% om dit op te lossen.', + 'error_invalid_mfa_authn_context_class_ref_desc' => '%idpName% vereist multi-factor authenticatie voor deze applicatie. Je tweede factor kon echter niet gevalideerd worden. Neem contact op met de helpdesk van %idpName% om dit op te lossen.', + 'error_invalid_mfa_authn_context_class_ref_desc_no_idp_name' => 'Jouw %organisationNoun% vereist multi-factor authenticatie voor deze applicatie. Je tweede factor kon echter niet gevalideerd worden. Neem contact op met de helpdesk van je %organisationNoun% om dit op te lossen.', /** * %1 AttributeName @@ -258,19 +258,19 @@ 'error_attribute_validator_allowed' => '\'%arg3%\' is geen toegestane waarde voor dit attribuut', 'allowed_scopes' => 'Toegestane scopes', - 'error_unknown_requesterid_in_authnrequest' => 'Error - Deze dienst is niet geregistreerd bij %suiteName%.', - 'error_unknown_requesterid_in_authnrequest_desc' => 'Deze dienst is niet bekend.', + 'error_unknown_requesterid_in_authnrequest' => 'Error - Deze applicatie is niet geregistreerd bij %suiteName%.', + 'error_unknown_requesterid_in_authnrequest_desc' => 'Deze applicatie is niet bekend.', 'error_clock_issue_title' => 'Fout - De Assertion is nog niet geldig of is verlopen', 'error_clock_issue_desc' => 'Dit komt waarschijnlijk doordat de tijd tussen %idpName% en %suiteName% te ver uiteen loopt. Controleer de tijd op de %organisationNoun%.', 'error_clock_issue_desc_no_idp_name' => 'Dit komt waarschijnlijk doordat de tijd tussen de %organisationNoun% en %suiteName% te ver uiteen loopt. Controleer de tijd op de IdP.', - 'error_stepup_callout_unknown' => 'Fout - Onbekend sterke authenticatie probleem', - 'error_stepup_callout_unknown_desc' => 'Inloggen met sterke authenticatie is niet gelukt en we weten niet precies waarom. Probeer het eerst eens opnieuw door terug te gaan naar de dienst en opnieuw in te loggen. Lukt dit niet, neem dan contact op met de helpdesk van je %organisationNoun%.', + 'error_stepup_callout_unknown' => 'Fout - Onbekend probleem met de sterke authenticatie', + 'error_stepup_callout_unknown_desc' => 'Inloggen met sterke authenticatie is niet gelukt. Probeer het opnieuw door terug te gaan naar de applicatie en opnieuw in te loggen. Lukt dit niet, neem dan contact op met de helpdesk van je %organisationNoun%.', 'error_stepup_callout_unmet_loa_title' => 'Fout - Geen geschikt token gevonden', - 'error_stepup_callout_unmet_loa_desc' => 'Om toegang te krijgen tot deze dienst heb je een geregistreerd token nodig met een bepaald zekerheidsniveau. Je hebt nu ofwel geen token geregistreerd, of het zekerheidsniveau van het token dat je hebt geregistreerd is te laag. Volg de link hieronder voor meer informatie over het registratieproces.', + 'error_stepup_callout_unmet_loa_desc' => 'Om toegang te krijgen tot deze applicatie heb je een geregistreerd token nodig met een bepaald zekerheidsniveau. Je hebt nu ofwel geen token geregistreerd, of het zekerheidsniveau van het token dat je hebt geregistreerd is te laag. Volg de link hieronder voor meer informatie over het registratieproces.', 'error_stepup_callout_unmet_loa_link_text' => 'Lees meer over het registratieproces.', 'error_stepup_callout_unmet_loa_link_target' => 'https://support.surfconext.nl/stepup-noauthncontext-nl', 'error_stepup_callout_user_cancelled' => 'Fout - Inloggen afgebroken', - 'error_stepup_callout_user_cancelled_desc' => 'Je hebt het inloggen afgebroken. Ga terug naar de dienst als je het opnieuw wilt proberen.', + 'error_stepup_callout_user_cancelled_desc' => 'Je hebt het inloggen afgebroken. Ga terug naar de applicatie als je het opnieuw wilt proberen.', 'error_metadata_entity_id_not_found' => 'Metadata kan niet gegenereerd worden', 'error_metadata_entity_id_not_found_desc' => 'De volgende fout is opgetreden: %message%', 'attributes_validation_succeeded' => 'Authenticatie geslaagd', diff --git a/languages/messages.pt.php b/languages/messages.pt.php index 94527836cd..3f98a4d5ae 100644 --- a/languages/messages.pt.php +++ b/languages/messages.pt.php @@ -160,7 +160,7 @@ 'error_help_desc' => '', 'error_no_idps' => 'Erro - Não foi encontrado nenhum Fornecedor de Identidade', 'error_no_idps_desc' => 'O %spName% a que pretende ligar-se não está acessível através da %organisationNounPlural%.', - 'error_no_idps_desc_no_sp_name' => 'O serviço ("Service Provider") a que pretende ligar-se não está acessível através da %organisationNounPlural%.', + 'error_no_idps_desc_no_sp_name' => 'O serviço a que pretende ligar-se não está acessível através da %organisationNounPlural%.', 'error_session_lost' => 'Erro - a sua sessão foi perdida', 'error_session_lost_desc' => '

Esta ação requer uma sessão ativa, no entanto, não conseguimos encontrar a sessão. Está a aguardar há muito tempo? Feche o browser e tente novamente, ou tente um browser diferente.

', 'error_session_not_started' => 'Erro - a sua sessão não foi encontrada', diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeManipulationException.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeManipulationException.feature index 375b3e98cc..422e535fd5 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeManipulationException.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeManipulationException.feature @@ -18,9 +18,9 @@ Feature: $e = new EngineBlock_Attributes_Manipulator_CustomException("AM_ERROR Authorization Incorrect _ Affilliation Incorrect", EngineBlock_Attributes_Manipulator_CustomException::CODE_NOTICE); $e->setFeedbackTitle(array("nl" => "Autorisatie Incorrect", "en" => "Authorization Incorrect")); $e->setFeedbackDescription(array( - "en" => 'This user does not have access to desired service. ' . + "en" => 'This user does not have access to desired application. ' . 'Contact the system administrator.', - "nl" => 'Deze gebruikersnaam heeft geen toegang tot de gewenste dienst. ' . + "nl" => 'Deze gebruikersnaam heeft geen toegang tot de gewenste applicatie. ' . 'Neem contact op met de systeem beheerder. ' )); throw $e; diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/SpProxy.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/SpProxy.feature index 98c3b2ec32..5daa6afa78 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/SpProxy.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/SpProxy.feature @@ -92,7 +92,7 @@ Feature: And SP "Step Up" is a trusted proxy And SP "Step Up" signs its requests When I log in at "Step Up" - Then I should see "Select an account to login to Loa SP" + Then I should see "Select an account to log in to Loa SP" And I select "AlwaysAuth" on the WAYF And I pass through EngineBlock And I pass through the IdP @@ -261,7 +261,7 @@ Feature: # Bug report: https://www.pivotaltracker.com/story/show/164069793 Then I should not see "Error - No organisations found" # The WAYF should be visible - And I should see "Select an account to login to" + And I should see "Select an account to log in to" Scenario: Trusted proxy not signing requests results in an error Given SP "Step Up" is authenticating for SP "Loa SP" diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Fixtures/FunctionalTestingPdpClient.php b/src/OpenConext/EngineBlockFunctionalTestingBundle/Fixtures/FunctionalTestingPdpClient.php index 43e9cc868b..092384c2b4 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Fixtures/FunctionalTestingPdpClient.php +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Fixtures/FunctionalTestingPdpClient.php @@ -75,10 +75,10 @@ public function requestDecisionFor(Request $request) : PolicyDecision $englishDenyMessage = new AttributeAssignment(); $englishDenyMessage->attributeId = 'DenyMessage:en'; - $englishDenyMessage->value = sprintf('Students of %s do not have access to this resource', $idp); + $englishDenyMessage->value = sprintf('Students of %s do not have access to this application', $idp); $dutchDenyMessage = new AttributeAssignment(); $dutchDenyMessage->attributeId = 'DenyMessage:nl'; - $dutchDenyMessage->value = sprintf('Studenten van %s hebben geen toegang tot deze dienst', $idp); + $dutchDenyMessage->value = sprintf('Studenten van %s hebben geen toegang tot deze applicatie', $idp); $idpOnlyMessage = new AttributeAssignment(); $idpOnlyMessage->attributeId = 'IdPOnly'; $idpOnlyMessage->value = true; diff --git a/tests/e2e/cypress/integration/skeune/wayf/wayf.general.spec.js b/tests/e2e/cypress/integration/skeune/wayf/wayf.general.spec.js index 76632774a2..8963da034c 100644 --- a/tests/e2e/cypress/integration/skeune/wayf/wayf.general.spec.js +++ b/tests/e2e/cypress/integration/skeune/wayf/wayf.general.spec.js @@ -163,7 +163,7 @@ context('WAYF behaviour not tied to mouse / keyboard navigation', () => { cy.get(idpTitle) .should('have.length', 6) .eq(2) - .should('have.text', 'Login with Connected IdP 3 en'); + .should('have.text', 'Log in with Connected IdP 3 en'); }); it('Check if the search field is present', () => { @@ -191,7 +191,7 @@ context('WAYF behaviour not tied to mouse / keyboard navigation', () => { describe('Should show the remember my choice option', () => { it('Ensure some elements are on the page', () => { cy.visit('https://engine.dev.openconext.local/functional-testing/wayf?connectedIdps=5&rememberChoiceFeature=true'); - cy.onPage('Select an account to login'); + cy.onPage('Select an account to log in'); cy.onPage('Remember my choice'); }); diff --git a/tests/e2e/cypress/integration/skeune/wayf/wayf.keyboard.spec.js b/tests/e2e/cypress/integration/skeune/wayf/wayf.keyboard.spec.js index f86e9eed6d..b26910b88d 100644 --- a/tests/e2e/cypress/integration/skeune/wayf/wayf.keyboard.spec.js +++ b/tests/e2e/cypress/integration/skeune/wayf/wayf.keyboard.spec.js @@ -28,7 +28,7 @@ import {firstRemainingIdp, firstSelectedIdpDeleteDisable, selectedIdpDataIndex1} */ context('WAYF when using the keyboard', () => { describe('Test logging in', () => { - it('Should login when selecting an idp', () => { + it('Should log in when selecting an idp', () => { cy.visit('https://engine.dev.openconext.local/functional-testing/wayf'); cy.get(remainingIdpSelector) .eq(1) @@ -40,7 +40,7 @@ context('WAYF when using the keyboard', () => { cy.visit('https://engine.dev.openconext.local/functional-testing/wayf'); }); - it('Should login to first IdP when hitting enter', () => { + it('Should log in to first IdP when hitting enter', () => { cy.visit('https://engine.dev.openconext.local/functional-testing/wayf'); cy.get(searchFieldSelector) .type('{enter}'); @@ -49,7 +49,7 @@ context('WAYF when using the keyboard', () => { }); }); - it('Should login to topmost IdP when hitting enter', () => { + it('Should log in to topmost IdP when hitting enter', () => { cy.visit('https://engine.dev.openconext.local/functional-testing/wayf'); cy.get(searchFieldSelector) .type('2') diff --git a/tests/e2e/cypress/integration/skeune/wayf/wayf.mouse.spec.js b/tests/e2e/cypress/integration/skeune/wayf/wayf.mouse.spec.js index 0df782c1d0..8f7ecfd574 100644 --- a/tests/e2e/cypress/integration/skeune/wayf/wayf.mouse.spec.js +++ b/tests/e2e/cypress/integration/skeune/wayf/wayf.mouse.spec.js @@ -6,7 +6,7 @@ import {firstRemainingIdp, firstSelectedIdpDeleteDisable, selectedIdpDataIndex1} */ context('WAYF when using the mouse', () => { describe('Test logging in', () => { - it('Should login when selecting an idp', () => { + it('Should log in when selecting an idp', () => { cy.visit('https://engine.dev.openconext.local/functional-testing/wayf'); cy.get(remainingIdpSelector) .eq(1) diff --git a/tests/resources/config/attributes-fixture.json b/tests/resources/config/attributes-fixture.json index 5fefba0d64..ee1d4efc77 100644 --- a/tests/resources/config/attributes-fixture.json +++ b/tests/resources/config/attributes-fixture.json @@ -62,7 +62,7 @@ "urn:mace:dir:attribute-def:eduPersonEntitlement": { "Description": { "en": "entitlement which decides upon your authorization within the application", - "nl": "rechtaanduiding; URI (URL of URN) dat een recht op iets aangeeft; wordt bepaald door een contract tussen dienstaanbieder en instelling" + "nl": "rechtaanduiding; URI (URL of URN) dat een recht op iets aangeeft; wordt bepaald door een contract tussen applicatieaanbieder en instelling" }, "Name": { "en": "Entitlement", @@ -343,8 +343,8 @@ }, "urn:nl.surfconext.licenseInfo": { "Description": { - "en": "License information for the current service", - "nl": "Licentieinformatie voor de huidige dienst" + "en": "License information for the current application", + "nl": "Licentieinformatie voor de huidige applicatie" }, "Name": { "en": "License information", diff --git a/tests/unit/OpenConext/EngineBlockBundle/Pdp/Dto/ResponseTest.php b/tests/unit/OpenConext/EngineBlockBundle/Pdp/Dto/ResponseTest.php index 4652b9c8f0..5743ecba86 100644 --- a/tests/unit/OpenConext/EngineBlockBundle/Pdp/Dto/ResponseTest.php +++ b/tests/unit/OpenConext/EngineBlockBundle/Pdp/Dto/ResponseTest.php @@ -163,12 +163,12 @@ private static function buildDenyResponse() $attributeAssignmentEn = new AttributeAssignment(); $attributeAssignmentEn->category = 'urn:oasis:names:tc:xacml:3.0:attribute-category:resource'; $attributeAssignmentEn->attributeId = 'DenyMessage:en'; - $attributeAssignmentEn->value = 'Students do not have access to this resource'; + $attributeAssignmentEn->value = 'Students do not have access to this application'; $attributeAssignmentEn->dataType = 'http://www.w3.org/2001/XMLSchema#string'; $attributeAssignmentNl = new AttributeAssignment(); $attributeAssignmentNl->category = 'urn:oasis:names:tc:xacml:3.0:attribute-category:resource'; $attributeAssignmentNl->attributeId = 'DenyMessage:nl'; - $attributeAssignmentNl->value = 'Studenten hebben geen toegang tot deze dienst'; + $attributeAssignmentNl->value = 'Studenten hebben geen toegang tot deze applicatie'; $attributeAssignmentNl->dataType = 'http://www.w3.org/2001/XMLSchema#string'; $associatedAdvice->attributeAssignments = [$attributeAssignmentEn, $attributeAssignmentNl]; $associatedAdvice->id = 'urn:surfconext:xacml:policy:id:openconext_pdp_test_deny_policy_xml'; diff --git a/tests/unit/OpenConext/EngineBlockBundle/Pdp/PolicyDecisionTest.php b/tests/unit/OpenConext/EngineBlockBundle/Pdp/PolicyDecisionTest.php index dcfa30554c..48336fdbdb 100644 --- a/tests/unit/OpenConext/EngineBlockBundle/Pdp/PolicyDecisionTest.php +++ b/tests/unit/OpenConext/EngineBlockBundle/Pdp/PolicyDecisionTest.php @@ -61,8 +61,8 @@ public function a_deny_policys_localized_messages_are_parsed_correctly() $decision = PolicyDecision::fromResponse($response); - $expectedDenyMessageEn = 'Students do not have access to this resource'; - $expectedDenyMessageNl = 'Studenten hebben geen toegang tot deze dienst'; + $expectedDenyMessageEn = 'Students do not have access to this application'; + $expectedDenyMessageNl = 'Studenten hebben geen toegang tot deze applicatie'; $denyMessageEn = $decision->getLocalizedDenyMessage('en'); $denyMessageNl = $decision->getLocalizedDenyMessage('nl'); diff --git a/tests/unit/OpenConext/EngineBlockBundle/Pdp/fixture/response_deny.json b/tests/unit/OpenConext/EngineBlockBundle/Pdp/fixture/response_deny.json index 5d8f442f45..6f92100fbe 100644 --- a/tests/unit/OpenConext/EngineBlockBundle/Pdp/fixture/response_deny.json +++ b/tests/unit/OpenConext/EngineBlockBundle/Pdp/fixture/response_deny.json @@ -17,12 +17,12 @@ "AttributeAssignment" : [ { "Category" : "urn:oasis:names:tc:xacml:3.0:attribute-category:resource", "AttributeId" : "DenyMessage:en", - "Value" : "Students do not have access to this resource", + "Value" : "Students do not have access to this application", "DataType" : "http://www.w3.org/2001/XMLSchema#string" }, { "Category" : "urn:oasis:names:tc:xacml:3.0:attribute-category:resource", "AttributeId" : "DenyMessage:nl", - "Value" : "Studenten hebben geen toegang tot deze dienst", + "Value" : "Studenten hebben geen toegang tot deze applicatie", "DataType" : "http://www.w3.org/2001/XMLSchema#string" } ], "Id" : "urn:surfconext:xacml:policy:id:openconext_pdp_test_deny_policy_xml" diff --git a/theme/base/javascripts/wayf/mouseBehaviour.js b/theme/base/javascripts/wayf/mouseBehaviour.js index 0b05d21747..fdefb8fe05 100644 --- a/theme/base/javascripts/wayf/mouseBehaviour.js +++ b/theme/base/javascripts/wayf/mouseBehaviour.js @@ -15,7 +15,7 @@ import {checkHover} from './idpFocus/checkHover'; import {isVisibleElement} from '../utility/isVisibleElement'; export const mouseBehaviour = () => { - // allow chosing an idp to login + // allow choosing an idp to log in const idpLists = document .querySelectorAll(idpListSelector); idpLists.forEach(list => { diff --git a/theme/base/templates/modules/Authentication/View/Proxy/Partials/WAYF/idp/idpSubmitButton.html.twig b/theme/base/templates/modules/Authentication/View/Proxy/Partials/WAYF/idp/idpSubmitButton.html.twig index 730d43eeb1..3245f59a6c 100644 --- a/theme/base/templates/modules/Authentication/View/Proxy/Partials/WAYF/idp/idpSubmitButton.html.twig +++ b/theme/base/templates/modules/Authentication/View/Proxy/Partials/WAYF/idp/idpSubmitButton.html.twig @@ -3,5 +3,5 @@ type="submit" {% if hidden is defined %}tabindex="-1"{% endif %} > - Login + Log in diff --git a/theme/skeune/translations/messages.en.php b/theme/skeune/translations/messages.en.php index 39f4ae13d6..4461412d6d 100644 --- a/theme/skeune/translations/messages.en.php +++ b/theme/skeune/translations/messages.en.php @@ -38,7 +38,7 @@ 'wayf_noscript_warning_end' => 'You can, off course, still log in.', 'wayf_delete_account_screenreader' => 'Delete %idpTitle% from your accounts', 'wayf_deleted_account_screenreader' => ' was deleted from your accounts', - 'wayf_remaining_idps_title_screenreader' => 'Login with an account from the list below', + 'wayf_remaining_idps_title_screenreader' => 'Log in with an account from the list below', 'wayf_select_account_screenreader' => 'Select an account from the list below', 'wayf_search_placeholder' => 'Search...', 'wayf_search_screenreader' => 'Search for an %organisationNoun%', @@ -48,7 +48,7 @@ 'wayf_add_account' => 'Use another account', 'wayf_no_access' => 'Sorry, no access for this account', 'wayf_no_access_account_screenreader' => 'No access with this account', - 'wayf_no_access_helpdesk' => 'If you want, you can request access to this service. We will send the request to the helpdesk of your %orgNoun%.', + 'wayf_no_access_helpdesk' => 'If you want, you can request access to this application. We will send the request to the helpdesk of your %orgNoun%.', 'wayf_no_access_helpdesk_not_connected' => "Go back to the previous page and click '%buttonText%'.", 'wayf_noaccess_title_screenreader' => 'Request access for this account', 'wayf_noaccess_name' => 'Your name', @@ -60,7 +60,7 @@ 'wayf_defaultIdp_start' => 'If your %organisation_noun% is not listed,', 'wayf_defaultIdp_linkText' => '%defaultIdpName% is available as an alternative.', 'wayf_remaining_idps_search_label' => 'Or search for a Dutch institution from the list', - 'wayf_idp_title_screenreader' => 'Login with ', + 'wayf_idp_title_screenreader' => 'Log in with ', 'wayf_idp_title_noaccess_screenreader' => 'No access with', // Consent @@ -69,7 +69,7 @@ 'consent_privacy_header' => '%target% will receive', 'consent_attributes_correction_text' => 'Something incorrect?', 'consent_ok' => 'Yes, I agree', - 'consent_identifier_explanation' => 'The identifier for this service is generated by %suite_name% en differs amongst each service you use through %suite_name%. The service can therefore recognise you as the same user when you return, but services cannot recognise you amongst each other as the same user.', + 'consent_identifier_explanation' => 'The identifier for this application is generated by %suite_name% en differs amongst each application you use through %suite_name%. The application can therefore recognise you as the same user when you return, but applications cannot recognise you amongst each other as the same user.', 'consent_provided_by' => 'provided by', 'consent_tooltip_screenreader' => 'Why do we need your %attr_name%?', 'consent_nojs' => 'Some features on this page require JavaScript to work with the keyboard. If you wish to use a keyboard, please enable JavaScript in your browser.', @@ -77,10 +77,10 @@ 'consent_disclaimer_privacy_read' => 'read their', 'consent_disclaimer_privacy_policy' => 'privacy policy', 'consent_disclaimer_secure' => 'is being used by your %orgNoun% to securely send your information to %spName% (read more about', - 'consent_reject_text_skeune_header' => "You don't want to share your data with the service", - 'consent_reject_text_skeune_body' => "The service you're logging into requires your data to function properly. If you prefer not to share your data, you cannot use this service. By closing your browser or just this tab you prevent your information from being shared with the service. If you change your mind later, please login to the service again and this screen will reappear.", - 'consent_nok_title' => "You don't want to share your data with the service", - 'consent_nok_text' => "The service you're logging into requires your data to function properly. If you prefer not to share your data, you cannot use this service. By closing your browser or just this tab you prevent your information from being shared with the service. If you change your mind later, please login to the service again and this screen will reappear.", + 'consent_reject_text_skeune_header' => "You don't want to share your data with the application", + 'consent_reject_text_skeune_body' => "The application you're logging into requires your data to function properly. If you prefer not to share your data, you cannot use this application. By closing your browser or just this tab you prevent your information from being shared with the application. If you change your mind later, please log in to the application again and this screen will reappear.", + 'consent_nok_title' => "You don't want to share your data with the application", + 'consent_nok_text' => "The application you're logging into requires your data to function properly. If you prefer not to share your data, you cannot use this application. By closing your browser or just this tab you prevent your information from being shared with the application. If you change your mind later, please log in to the application again and this screen will reappear.", 'consent_groupmembership_show_more' => 'Show more', 'consent_groupmembership_show_less' => 'Show less', 'consent_warning_allowed_html' => '
', diff --git a/theme/skeune/translations/messages.nl.php b/theme/skeune/translations/messages.nl.php index f76f9940e1..b0f29ae84f 100644 --- a/theme/skeune/translations/messages.nl.php +++ b/theme/skeune/translations/messages.nl.php @@ -37,7 +37,7 @@ 'wayf_noscript_warning_end' => 'Vanzelfsprekend kun je wel gewoon inloggen.', 'wayf_delete_account_screenreader' => 'Verwijder %idpTitle% uit je accounts', 'wayf_deleted_account_screenreader' => ' werd verwijderd uit uw accounts', - 'wayf_remaining_idps_title_screenreader' => 'Login met een account uit de onderstaande lijst', + 'wayf_remaining_idps_title_screenreader' => 'Log in met een account uit de onderstaande lijst', 'wayf_select_account_screenreader' => 'Selecteer een account uit de onderstaande lijst', 'wayf_search_placeholder' => 'Zoeken...', 'wayf_search_screenreader' => 'Zoek naar een %organisationNoun%', @@ -47,7 +47,7 @@ 'wayf_add_account' => 'Gebruik een ander account', 'wayf_no_access' => 'Sorry, geen toegang met dit account', 'wayf_no_access_account_screenreader' => 'Geen toegang met dit account', - 'wayf_no_access_helpdesk' => 'Je kunt toegang vragen tot deze dienst. We sturen deze aanvraag door naar de helpdesk van je %orgNoun%.', + 'wayf_no_access_helpdesk' => 'Je kunt toegang vragen tot deze applicatie. We sturen deze aanvraag door naar de helpdesk van je %orgNoun%.', 'wayf_no_access_helpdesk_not_connected' => "Ga terug naar de vorige pagina en klik op '%buttonText%'.", 'wayf_noaccess_title_screenreader' => 'Vraag toegang aan voor dit account', 'wayf_noaccess_name' => 'Je naam', @@ -68,7 +68,7 @@ 'consent_privacy_header' => '%target% ontvangt', 'consent_attributes_correction_text' => 'Foutieve informatie?', 'consent_ok' => 'Ja, ik geef toestemming', - 'consent_identifier_explanation' => 'De identifier voor deze dienst wordt gegenereerd door %suite_name% en is verschillend voor elke dienst waar je gebruik van maakt via %suite_name%. De dienst kan je aan de hand van deze identifier herkennen als dezelfde gebruiker zodra je later terugkeert bij de dienst. Diensten onderling kunnen jou echter niet herkennen als dezelfde gebruiker wanneer zij gegevens uitwisselen.', + 'consent_identifier_explanation' => 'De identifier voor deze applicatie wordt gegenereerd door %suite_name% en is verschillend voor elke applicatie waar je gebruik van maakt via %suite_name%. De applicatie kan je aan de hand van deze identifier herkennen als dezelfde gebruiker zodra je later terugkeert bij de applicatie. Applicaties onderling kunnen jou echter niet herkennen als dezelfde gebruiker wanneer zij gegevens uitwisselen.', 'consent_provided_by' => 'geleverd door', 'consent_tooltip_screenreader' => 'Waarom hebben we jouw %attr_name% nodig?', 'consent_nojs' => 'Sommige functionaliteiten op deze pagina vereisen JavaScript, zoals bedienen met je toetsenbord. Schakel JavaScript in in je browser indien je deze functionaliteiten wenst te gebruiken.', @@ -76,10 +76,10 @@ 'consent_disclaimer_privacy_read' => 'lees hun', 'consent_disclaimer_privacy_policy' => 'privacybeleid', 'consent_disclaimer_secure' => 'wordt gebruikt door je %orgNoun% om informatie op een veilige manier te versturen naar %spName% (lees meer over', - 'consent_reject_text_skeune_header' => 'Je wilt geen gegevens delen met deze dienst', - 'consent_reject_text_skeune_body' => 'De dienst waar je bij wilt inloggen heeft deze gegevens nodig om te kunnen functioneren. Indien je verkiest om je data niet te delen, kan je de dienst niet gebruiken. Door je browser of door deze tab te sluiten verhinder je dat je informatie gedeeld wordt. Mocht je later van gedachten veranderen, dan kun je opnieuw inloggen bij deze dienst en krijgt je dit scherm opnieuw te zien.', - 'consent_nok_title' => "Je wilt geen gegevens delen met deze dienst", - 'consent_nok_text' => "De dienst waarop je wilt inloggen heeft deze gegevens nodig om te kunnen functioneren. Indien je verkiest om je gegevens niet te delen, kan je de dienst niet gebruiken. Door je browser of door deze tab te sluiten verhinder je dat je informatie gedeeld wordt. Mocht je later van gedachten veranderen, dan kan je opnieuw inloggen bij deze dienst en krijg je dit scherm opnieuw te zien.", + 'consent_reject_text_skeune_header' => 'Je wilt geen gegevens delen met deze applicatie', + 'consent_reject_text_skeune_body' => 'De applicatie waar je bij wilt inloggen heeft deze gegevens nodig om te kunnen functioneren. Indien je verkiest om je data niet te delen, kan je de applicatie niet gebruiken. Door je browser of door deze tab te sluiten verhinder je dat je informatie gedeeld wordt. Mocht je later van gedachten veranderen, dan kun je opnieuw inloggen bij deze applicatie en krijgt je dit scherm opnieuw te zien.', + 'consent_nok_title' => "Je wilt geen gegevens delen met deze applicatie", + 'consent_nok_text' => "De applicatie waarop je wilt inloggen heeft deze gegevens nodig om te kunnen functioneren. Indien je verkiest om je gegevens niet te delen, kan je de applicatie niet gebruiken. Door je browser of door deze tab te sluiten verhinder je dat je informatie gedeeld wordt. Mocht je later van gedachten veranderen, dan kan je opnieuw inloggen bij deze applicatie en krijg je dit scherm opnieuw te zien.", 'consent_groupmembership_show_more' => 'Toon meer', 'consent_groupmembership_show_less' => 'Toon minder', 'consent_warning_allowed_html' => '
', diff --git a/theme/skeune/translations/messages.pt.php b/theme/skeune/translations/messages.pt.php index 60b21b8141..002b0eac6c 100644 --- a/theme/skeune/translations/messages.pt.php +++ b/theme/skeune/translations/messages.pt.php @@ -38,7 +38,7 @@ 'wayf_noscript_warning_end' => 'You can, off course, still log in.', 'wayf_delete_account_screenreader' => 'Delete %idpTitle% from your accounts', 'wayf_deleted_account_screenreader' => ' was deleted from your accounts', - 'wayf_remaining_idps_title_screenreader' => 'Login with an account from the list below', + 'wayf_remaining_idps_title_screenreader' => 'Log in with an account from the list below', 'wayf_select_account_screenreader' => 'Select an account from the list below', 'wayf_search_placeholder' => 'Search...', 'wayf_search_screenreader' => 'Search for an %organisationNoun%', @@ -48,7 +48,7 @@ 'wayf_add_account' => 'Use another account', 'wayf_no_access' => 'Sorry, no access for this account', 'wayf_no_access_account_screenreader' => 'No access with this account', - 'wayf_no_access_helpdesk' => 'If you want, you can request access to this service. We will send the request to the helpdesk of your %orgNoun%.', + 'wayf_no_access_helpdesk' => 'If you want, you can request access to this application. We will send the request to the helpdesk of your %orgNoun%.', 'wayf_no_access_helpdesk_not_connected' => "Go back to the previous page and click '%buttonText%'.", 'wayf_noaccess_title_screenreader' => 'Request access for this account', 'wayf_noaccess_name' => 'Your name', @@ -60,7 +60,7 @@ 'wayf_defaultIdp_start' => 'If your %organisation_noun% is not listed,', 'wayf_defaultIdp_linkText' => '%defaultIdpName% is available as an alternative.', 'wayf_remaining_idps_search_label' => 'Ou procure uma instituição neerlandesa na lista', - 'wayf_idp_title_screenreader' => 'Login with ', + 'wayf_idp_title_screenreader' => 'Log in with ', 'wayf_idp_title_noaccess_screenreader' => 'No access with', // Consent @@ -69,7 +69,7 @@ 'consent_privacy_header' => '%target% will receive', 'consent_attributes_correction_text' => 'Something incorrect?', 'consent_ok' => 'Yes, I agree', - 'consent_identifier_explanation' => 'The identifier for this service is generated by %suite_name% en differs amongst each service you use through %suite_name%. The service can therefore recognise you as the same user when you return, but services cannot recognise you amongst each other as the same user.', + 'consent_identifier_explanation' => 'The identifier for this application is generated by %suite_name% en differs amongst each application you use through %suite_name%. The application can therefore recognise you as the same user when you return, but applications cannot recognise you amongst each other as the same user.', 'consent_provided_by' => 'provided by', 'consent_tooltip_screenreader' => 'Why do we need your %attr_name%?', 'consent_nojs' => 'Tooltips / modals on this page need JS to work with the keyboard. If you use a keyboard, please enable JS if you wish to use this functionality.', @@ -77,10 +77,10 @@ 'consent_disclaimer_privacy_read' => 'read their', 'consent_disclaimer_privacy_policy' => 'privacy policy', 'consent_disclaimer_secure' => 'is being used by your %orgNoun% to securely send your information to %spName% (read more about', - 'consent_reject_text_skeune_header' => "You don't want to share your data with the service", - 'consent_reject_text_skeune_body' => "The service you're logging into requires your data to function properly. If you prefer not to share your data, you cannot use this service. By closing your browser or just this tab you prevent your information from being shared with the service. If you change your mind later, please login to the service again and this screen will reappear.", - 'consent_nok_title' => "You don't want to share your data with the service", - 'consent_nok_text' => "The service you're logging into requires your data to function properly. If you prefer not to share your data, you cannot use this service. By closing your browser or just this tab you prevent your information from being shared with the service. If you change your mind later, please login to the service again and this screen will reappear.", + 'consent_reject_text_skeune_header' => "You don't want to share your data with the application", + 'consent_reject_text_skeune_body' => "The application you're logging into requires your data to function properly. If you prefer not to share your data, you cannot use this application. By closing your browser or just this tab you prevent your information from being shared with the application. If you change your mind later, please log in to the application again and this screen will reappear.", + 'consent_nok_title' => "You don't want to share your data with the application", + 'consent_nok_text' => "The application you're logging into requires your data to function properly. If you prefer not to share your data, you cannot use this application. By closing your browser or just this tab you prevent your information from being shared with the application. If you change your mind later, please log in to the application again and this screen will reappear.", 'consent_groupmembership_show_more' => 'Show more', 'consent_groupmembership_show_less' => 'Show less', 'consent_warning_allowed_html' => '
', From 77f304e480953bf0c33373e0eca81abbba489f0e Mon Sep 17 00:00:00 2001 From: Floris Fokkinga <80269262+FlorisFokkinga@users.noreply.github.com> Date: Mon, 14 Oct 2024 07:59:40 +0200 Subject: [PATCH 02/31] login -> log in (verb) --- docs/trusted_proxy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/trusted_proxy.md b/docs/trusted_proxy.md index 8a432beb1d..8b4e095f63 100644 --- a/docs/trusted_proxy.md +++ b/docs/trusted_proxy.md @@ -56,7 +56,7 @@ Processing of the request: * Both the trusted proxy and the end-SP being proxied must be known to engineblock (= configured as SP entities in Manage) * Both the trusted proxy and the end-SP being proxied must have the same workflow state -* The ACL of both the trusted proxy and the end-SP are verified. Only IdPs are allowed access to both SPs are allowed to login +* The ACL of both the trusted proxy and the end-SP are verified. Only IdPs are allowed access to both SPs are allowed to log in * The ARPs of both the trusted proxy and the end-SP being proxied are applied. Only attributes and attribute values that are allowed by both ARP are included in the response * The attribute manipulations (AMs) of both the trusted proxy and the end-SP are run. The AMs of the trusted proxy are run first. * Stepup-invocation is done if configured for the end-SP. From 76b2cb028a8bc04df8832a584f152d1ac6fea210 Mon Sep 17 00:00:00 2001 From: Floris Fokkinga <80269262+FlorisFokkinga@users.noreply.github.com> Date: Mon, 2 Dec 2024 16:00:45 +0100 Subject: [PATCH 03/31] Missed login --- .../Authentication/View/Proxy/wayf.html.twig | 117 ++++++++++++++++++ 1 file changed, 117 insertions(+) create mode 100644 theme/openconext/templates/modules/Authentication/View/Proxy/wayf.html.twig diff --git a/theme/openconext/templates/modules/Authentication/View/Proxy/wayf.html.twig b/theme/openconext/templates/modules/Authentication/View/Proxy/wayf.html.twig new file mode 100644 index 0000000000..978c0ac712 --- /dev/null +++ b/theme/openconext/templates/modules/Authentication/View/Proxy/wayf.html.twig @@ -0,0 +1,117 @@ +{% extends '@themeLayouts/scripts/default.html.twig' %} + +{# Prepare the page title #} +{% set pageTitle = 'log_in_to'|trans %} + +{# Data object containing the formatted IdP's #} +{% set connectedIdps = connectedIdps(idpList, locale()) %} + +{% block title %}{{ parent() }} - {{ pageTitle }} {% endblock %} +{% block pageHeading %}{{ parent() }} - {{ pageTitle }}{% endblock %} + +{% block content %} + {% include '@theme/Authentication/View/Proxy/site-notice.html.twig' with { className: 'full-width' } %} + + + + +
+ + + + {% if rememberChoiceFeature %} +
+
+

{{ 'idps_with_access'|trans|capitalize }}

+
+ + +
+
+ {% else %} +
+
+

{{ 'idps_with_access'|trans|capitalize }}

+
+ {% endif %} + + + +
+
+ + + +
+ {% if showRequestAccess %} + + {% endif %} +
+
+ +{% endblock %} From 3084ef0339c8d741f4d1ba409c84a839282b9a4d Mon Sep 17 00:00:00 2001 From: Floris Fokkinga <80269262+FlorisFokkinga@users.noreply.github.com> Date: Mon, 2 Dec 2024 16:21:58 +0100 Subject: [PATCH 04/31] minor improvements --- languages/messages.en.php | 2 +- languages/messages.nl.php | 6 +++--- theme/skeune/translations/messages.nl.php | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/languages/messages.en.php b/languages/messages.en.php index eb9479df43..9ae5f83bf5 100644 --- a/languages/messages.en.php +++ b/languages/messages.en.php @@ -43,7 +43,7 @@ 'processing_long' => 'Please be patient, it may take a while...', 'go_back' => '<< Go back', 'note' => 'Note', - 'note_no_script' => 'Since your browser does not support JavaScript, you must press the button below to proceed.', + 'note_no_script' => 'Your browser does not support JavaScript, please use the button below to proceed.', 'unknown_organization_name' => 'Unknown', 'site_notice' => '

There is nothing wrong with your television set. Do not attempt to adjust the picture. We are controlling transmission. If we wish to make it louder, we will bring up the volume. If we wish to make it softer, we will tune it to a whisper. We will control the horizontal. We will control the vertical. We can roll the image, make it flutter. We can change the focus to a soft blur, or sharpen it to crystal clarity.

For the next hour, sit quietly and we will control all that you see and hear. We repeat: There is nothing wrong with your television set. You are about to participate in a great adventure. You are about to experience the awe and mystery which reaches from the inner mind to... The Outer Limits.

', diff --git a/languages/messages.nl.php b/languages/messages.nl.php index 4977ac650d..8a5b97a779 100644 --- a/languages/messages.nl.php +++ b/languages/messages.nl.php @@ -43,7 +43,7 @@ 'processing_long' => 'Wees a.u.b. geduldig, het kan even duren...', 'go_back' => '<< Ga terug', 'note' => 'Mededeling', - 'note_no_script' => 'Jouw browser ondersteunt geen JavaScript. Je moet op de onderstaande knop drukken om door te gaan.', + 'note_no_script' => 'Jouw browser ondersteunt geen JavaScript. Gebruik de onderstaande knop om door te gaan.', 'unknown_organization_name' => 'Onbekend', 'site_notice' => '

Hallo, mijnheer De Uil
Waar breng je ons naar toe
Naar Fabeltjesland

Eh, ja, naar Fabeltjesland

En lees je ons dan voor
Uit de Fabeltjeskrant

Ja, ja, uit de Fabeltjeskrant
Want daarin staat precies vermeld
Hoe het met de dieren is gesteld

Echt waar? Echt waar
Echt waar mijnheer De Uil.

', @@ -187,8 +187,8 @@ 'error_unsupported_signature_method_desc' => 'De ondertekeningsmethode %arg1% wordt niet ondersteund, upgrade naar RSA-SHA256 (http://www.w3.org/2001/04/xmldsig-more#rsa-sha256).', 'error_unknown_keyid' => 'Fout - onbekend key-ID', 'error_unknown_keyid_desc' => 'De gevraagde key-ID is niet bekend bij %suiteName%. Wellicht gebruikt de service provider achterhaalde metadata of is er sprake van een andere configuratiefout.', - 'error_unknown_preselected_idp' => 'Fout - %spName% niet toegankelijk via %organisationNoun%', - 'error_unknown_preselected_idp_no_sp_name' => 'Fout - Applicatie niet toegankelijk via %organisationNoun%', + 'error_unknown_preselected_idp' => 'Fout - %spName% niet toegankelijk via je %organisationNoun%', + 'error_unknown_preselected_idp_no_sp_name' => 'Fout - Applicatie niet toegankelijk via je %organisationNoun%', 'error_unknown_preselected_idp_desc' => 'De %organisationNoun% waarmee je wilt inloggen heeft toegang tot %spName% niet geactiveerd. Dat betekent dat jij geen gebruik kunt maken van deze applicatie via %suiteName%. Neem contact op met de helpdesk van jouw %organisationNoun% als je toegang wilt krijgen tot %spName%. Geef daarbij aan dat het om %spName% gaat en waarom je toegang wilt.', 'error_unknown_preselected_idp_desc_no_sp_name' => 'De %organisationNoun% waarmee je wilt inloggen heeft toegang tot deze applicatie niet geactiveerd. Dat betekent dat jij geen gebruik kunt maken van deze applicatie via %suiteName%. Neem contact op met de helpdesk van jouw %organisationNoun% als je toegang wilt krijgen tot deze applicatie. Geef daarbij aan om welke applicatie het gaat (de "SP") en waarom je toegang wilt.', 'error_unknown_service_provider' => 'Error - %spName% onbekend', diff --git a/theme/skeune/translations/messages.nl.php b/theme/skeune/translations/messages.nl.php index b0f29ae84f..36e22a64bb 100644 --- a/theme/skeune/translations/messages.nl.php +++ b/theme/skeune/translations/messages.nl.php @@ -23,7 +23,7 @@ 'footer_navigation_screenreader' => 'Footer navigatie', // Forms - 'form_general_error' => 'Er ging iets fout tijdens het insturen van het formulier. Dit kan een probleem zijn met je internetverbinding of iets anders. Controleer je invoer en probeer het later opnieuw. Mocht het probleem zich blijven voordoen, neem dan contact op met je servicedesk.', + 'form_general_error' => 'Er ging iets fout tijdens het insturen van het formulier. Dit kan een probleem zijn met je internetverbinding of iets anders. Controleer je invoer en probeer het later opnieuw. Mocht het probleem zich blijven voordoen, neem dan contact op met je helpdesk.', 'form_error_name' => 'Je naam moet minstens twee tekens lang zijn', 'form_error_email' => 'Dit is geen geldig e-mailadres', From e7befe2eda0ba24f9612051e5c93bfacf32168bb Mon Sep 17 00:00:00 2001 From: Floris Fokkinga <80269262+FlorisFokkinga@users.noreply.github.com> Date: Mon, 7 Oct 2024 17:04:56 +0200 Subject: [PATCH 05/31] terminology login -> log in (verb) service -> application --- UPGRADING.md | 2 +- theme/skeune/translations/messages.en.php | 2 +- theme/skeune/translations/messages.pt.php | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/UPGRADING.md b/UPGRADING.md index 6561ea398f..cdd2b35009 100644 --- a/UPGRADING.md +++ b/UPGRADING.md @@ -312,7 +312,7 @@ Therefore you should push the data from Manage after you have updated the codeba Be aware that you need to be logged in into manage to push the data after updating the codebase and database schema. In order to let this work you need to do the following: -1. Login into manage +1. Log in to manage 1. Update codebase 1. Run migrations 1. Push metadata diff --git a/theme/skeune/translations/messages.en.php b/theme/skeune/translations/messages.en.php index 4461412d6d..c42a06ce0b 100644 --- a/theme/skeune/translations/messages.en.php +++ b/theme/skeune/translations/messages.en.php @@ -19,7 +19,7 @@ 'language_switcher' => 'Language switcher', // FOOTER - 'log_in_to' => 'Select an account to login to %arg1%', + 'log_in_to' => 'Select an account to log in to %arg1%', 'helpLink' => 'https://support.surfconext.nl/wayf-en', 'footer_navigation_screenreader' => 'Footer navigation', diff --git a/theme/skeune/translations/messages.pt.php b/theme/skeune/translations/messages.pt.php index 002b0eac6c..f4b4753135 100644 --- a/theme/skeune/translations/messages.pt.php +++ b/theme/skeune/translations/messages.pt.php @@ -19,7 +19,7 @@ 'language_switcher' => 'Language switcher', // FOOTER - 'log_in_to' => 'Select an %organisationNoun% to login to %arg1%', + 'log_in_to' => 'Select an %organisationNoun% to log in to %arg1%', 'helpLink' => 'https://support.surfconext.nl/wayf-en', 'footer_navigation_screenreader' => 'Footer navigation', From 935298b014a900edd5d17cd12aee56df69c5e2e4 Mon Sep 17 00:00:00 2001 From: Floris Fokkinga <80269262+FlorisFokkinga@users.noreply.github.com> Date: Wed, 4 Dec 2024 16:29:45 +0100 Subject: [PATCH 06/31] Update languages/messages.en.php Co-authored-by: Thijs Kinkhorst --- languages/messages.en.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/languages/messages.en.php b/languages/messages.en.php index 9ae5f83bf5..c135581de3 100644 --- a/languages/messages.en.php +++ b/languages/messages.en.php @@ -74,7 +74,7 @@ 'no_idp_results' => 'Your search did not return any results.', 'no_idp_results_request_access' => 'Can\'t find your %organisationNoun%?  Request access or try tweaking your search.', 'more_idp_results' => '%arg1% results not shown. Refine your search to show more specific results.', - 'return_to_sp' => 'Return to application provider', + 'return_to_sp' => 'Return to application', // Help page 'help' => 'Help', From c3435843c9adabadd88b7332d6388acfd908b76f Mon Sep 17 00:00:00 2001 From: Floris Fokkinga <80269262+FlorisFokkinga@users.noreply.github.com> Date: Wed, 4 Dec 2024 16:32:33 +0100 Subject: [PATCH 07/31] Update languages/messages.en.php Co-authored-by: Thijs Kinkhorst --- languages/messages.en.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/languages/messages.en.php b/languages/messages.en.php index c135581de3..471fd49075 100644 --- a/languages/messages.en.php +++ b/languages/messages.en.php @@ -171,7 +171,7 @@ 'error_unsolicited_response_desc' => 'Your login could not be completed because the login request was initiated in a way that is not supported. You were sent directly to this application by your identity provider (e.g. via a bookmark, portal tile, or saved link) without first starting a login from this application. This is not supported. Please start again from the application you were trying to access and log in from there.', 'error_session_not_started_desc' => 'To continue to the application an active session is required. However, no session was found. Your browser must accept cookies. Alternatively, the link you used to get to the application might be wrong. Please go back to the application and try again. If that doesn\'t work, try a different browser.', 'error_authorization_policy_violation' => 'Error - Access denied', - 'error_authorization_policy_violation_desc' => 'You cannot use %spName% because %idpName% limits access to it (the application provider) with an authorization policy. Please contact the service desk of %idpName% if you think you should be allowed access to %spName%.', + 'error_authorization_policy_violation_desc' => 'You cannot use application %spName% because %idpName% limits access to it with an authorization policy. Please contact the service desk of %idpName% if you think you should be allowed access to %spName%.', 'error_authorization_policy_violation_desc_no_idp_name' => 'You cannot use %spName% because your %organisationNoun% limits access with an authorization policy. Please contact the service desk of your %organisationNoun% if you think you should be allowed access to %spName%.', 'error_authorization_policy_violation_desc_no_sp_name' => 'You cannot use this application because %idpName% limits access with an authorization policy. Please contact the service desk of %idpName% if you think you should be allowed access to this application.', 'error_authorization_policy_violation_desc_no_name' => 'You cannot use this application because your %organisationNoun% limits access with an authorization policy. Please contact the helpdesk of your %organisationNoun% if you think you should be allowed access to this application.', From 697697eca93e0800ca26ee95b34766810dbf7db6 Mon Sep 17 00:00:00 2001 From: Floris Fokkinga <80269262+FlorisFokkinga@users.noreply.github.com> Date: Wed, 4 Dec 2024 16:32:47 +0100 Subject: [PATCH 08/31] Update languages/messages.en.php Co-authored-by: Thijs Kinkhorst --- languages/messages.en.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/languages/messages.en.php b/languages/messages.en.php index 471fd49075..ec4954282f 100644 --- a/languages/messages.en.php +++ b/languages/messages.en.php @@ -186,7 +186,7 @@ 'error_unsupported_signature_method' => 'Error - Signature method is not supported', 'error_unsupported_signature_method_desc' => 'The signature method %arg1% is not supported, please upgrade to RSA-SHA256 (http://www.w3.org/2001/04/xmldsig-more#rsa-sha256).', 'error_unknown_keyid' => 'Error - unknown key id', - 'error_unknown_keyid_desc' => 'The requested key-ID is not known to %suiteName%. Perhaps the application provider is using outdated metadata or has a configuration error.', + 'error_unknown_keyid_desc' => 'The requested key-ID is not known to %suiteName%. Perhaps the application is using outdated metadata or has a configuration error.', 'error_unknown_preselected_idp' => 'Error - %spName% not accessible through your %organisationNoun%', 'error_unknown_preselected_idp_no_sp_name' => 'Error - Application not accessible through your %organisationNoun%', 'error_unknown_preselected_idp_desc' => 'The %organisationNoun% that you want to use to log in to %spName% did not activate access to it. This means you are unable to use %spName% through %suiteName%. Please contact the service desk of your %organisationNoun% to request access. State it is about %spName% and why you need access.', From f6f5443b4c03daf782dfd1d24f71ede021872430 Mon Sep 17 00:00:00 2001 From: Floris Fokkinga <80269262+FlorisFokkinga@users.noreply.github.com> Date: Wed, 4 Dec 2024 16:44:12 +0100 Subject: [PATCH 09/31] (IT-)helpdesk -> helpdesk --- languages/messages.nl.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/languages/messages.nl.php b/languages/messages.nl.php index 8a5b97a779..92ec09603b 100644 --- a/languages/messages.nl.php +++ b/languages/messages.nl.php @@ -218,7 +218,7 @@ 'error_invalid_attribute_value_desc' => '%idpName% geeft een waarde door in het attribuut %attributeName% ("%attributeValue%") die niet is toegestaan voor deze %organisationNoun%. Inloggen is daarom niet mogelijk. Alleen %idpName% kan dit oplossen. Neem dus contact op met de helpdesk van %idpName%.', 'error_invalid_attribute_value_desc_no_idp_name' => 'Je %organisationNoun% geeft een waarde door in het attribuut %attributeName% ("%attributeValue%") die niet is toegestaan voor deze %organisationNoun%. Inloggen is daarom niet mogelijk. Alleen jouw %organisationNoun% kan dit oplossen. Neem dus contact op met de helpdesk van je eigen %organisationNoun%.', 'error_received_error_status_code' => 'Error - Fout bij Identity Provider', - 'error_received_error_status_code_desc'=> 'Je %organisationNoun% heeft je de toegang geweigerd tot deze applicatie. Je zult dus contact moeten opnemen met de (IT-)helpdesk van je eigen %organisationNoun% om te kijken of dit verholpen kan worden.', + 'error_received_error_status_code_desc'=> 'Je %organisationNoun% heeft je de toegang geweigerd tot deze applicatie. Neem contact op met de helpdesk van je eigen %organisationNoun% om te kijken of dit verholpen kan worden.', 'error_received_invalid_response' => 'Fout - Ongeldig SAML-bericht van %idpName%', 'error_received_invalid_response_no_idp_name' => 'Fout - Ongeldig SAML-bericht van %organisationNoun%', 'error_received_invalid_signed_response' => 'Fout - Ongeldige handtekening op antwoord van %idpName%', From b38d435a2d5e95c12d7c5276aa8008849bcff1d7 Mon Sep 17 00:00:00 2001 From: Floris Fokkinga <80269262+FlorisFokkinga@users.noreply.github.com> Date: Wed, 4 Dec 2024 16:42:38 +0100 Subject: [PATCH 10/31] Update languages/messages.nl.php Co-authored-by: Thijs Kinkhorst --- languages/messages.nl.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/languages/messages.nl.php b/languages/messages.nl.php index 92ec09603b..311dbf22c0 100644 --- a/languages/messages.nl.php +++ b/languages/messages.nl.php @@ -74,7 +74,7 @@ 'no_idp_results' => 'Je zoekterm heeft geen resultaten opgeleverd.', 'no_idp_results_request_access' => 'Kun je je %organisationNoun% niet vinden?  Vraag toegang aan of pas je zoekopdracht aan.', 'more_idp_results' => '%arg1% resultaten worden niet getoond. Verfijn je zoekopdracht voor specifiekere resultaten.', - 'return_to_sp' => 'Keer terug naar applicatieaanbieder', + 'return_to_sp' => 'Keer terug naar applicatie', // Help page 'help_header' => 'Help', From 76521ee9c9c0c27a8d79c854c46b22703f6bfb07 Mon Sep 17 00:00:00 2001 From: Floris Fokkinga <80269262+FlorisFokkinga@users.noreply.github.com> Date: Wed, 4 Dec 2024 16:43:31 +0100 Subject: [PATCH 11/31] Update languages/messages.nl.php Co-authored-by: Thijs Kinkhorst --- languages/messages.nl.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/languages/messages.nl.php b/languages/messages.nl.php index 311dbf22c0..42256b3241 100644 --- a/languages/messages.nl.php +++ b/languages/messages.nl.php @@ -190,7 +190,7 @@ 'error_unknown_preselected_idp' => 'Fout - %spName% niet toegankelijk via je %organisationNoun%', 'error_unknown_preselected_idp_no_sp_name' => 'Fout - Applicatie niet toegankelijk via je %organisationNoun%', 'error_unknown_preselected_idp_desc' => 'De %organisationNoun% waarmee je wilt inloggen heeft toegang tot %spName% niet geactiveerd. Dat betekent dat jij geen gebruik kunt maken van deze applicatie via %suiteName%. Neem contact op met de helpdesk van jouw %organisationNoun% als je toegang wilt krijgen tot %spName%. Geef daarbij aan dat het om %spName% gaat en waarom je toegang wilt.', - 'error_unknown_preselected_idp_desc_no_sp_name' => 'De %organisationNoun% waarmee je wilt inloggen heeft toegang tot deze applicatie niet geactiveerd. Dat betekent dat jij geen gebruik kunt maken van deze applicatie via %suiteName%. Neem contact op met de helpdesk van jouw %organisationNoun% als je toegang wilt krijgen tot deze applicatie. Geef daarbij aan om welke applicatie het gaat (de "SP") en waarom je toegang wilt.', + 'error_unknown_preselected_idp_desc_no_sp_name' => 'De %organisationNoun% waarmee je wilt inloggen heeft toegang tot deze applicatie niet geactiveerd. Dat betekent dat jij geen gebruik kunt maken van deze applicatie via %suiteName%. Neem contact op met de helpdesk van jouw %organisationNoun% als je toegang wilt krijgen tot deze applicatie. Geef daarbij aan om welke applicatie het gaat en waarom je toegang wilt.', 'error_unknown_service_provider' => 'Error - %spName% onbekend', 'error_unknown_service_provider_no_sp_name' => 'Error - Onbekende applicatie', 'error_unknown_service_provider_desc' => '%spName% is onbekend bij %suiteName%. Wellicht heeft %idpName% toegang tot deze applicatie niet geactiveerd. Wil je gebruik maken van %spName%, wend je dan tot de helpdesk van %idpName%.', From 16999be336b9ae89220da042438bbaa223c347c3 Mon Sep 17 00:00:00 2001 From: Floris Fokkinga <80269262+FlorisFokkinga@users.noreply.github.com> Date: Wed, 4 Dec 2024 16:51:57 +0100 Subject: [PATCH 12/31] fix test --- .../e2e/cypress/integration/skeune/index/index.general.spec.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/e2e/cypress/integration/skeune/index/index.general.spec.js b/tests/e2e/cypress/integration/skeune/index/index.general.spec.js index ae42394625..4bb0bdb8f9 100644 --- a/tests/e2e/cypress/integration/skeune/index/index.general.spec.js +++ b/tests/e2e/cypress/integration/skeune/index/index.general.spec.js @@ -9,7 +9,7 @@ context('Index on Skeune theme', () => { it('Renders the index page and has all relevant data', () => { cy.beVisible(indexPageHeader).should('have.text', 'IdP Certificate and Metadata'); cy.contains('SP Certificate and Metadata').should('be.visible'); - cy.contains('This is a service connected through').should('be.visible'); + cy.contains('This is an application connected through').should('be.visible'); cy.contains('Terms of Service').should('be.visible'); }); From 0c3b943c9771a5a1daa74d0aac2e83093b954040 Mon Sep 17 00:00:00 2001 From: Floris Fokkinga <80269262+FlorisFokkinga@users.noreply.github.com> Date: Wed, 4 Dec 2024 17:01:59 +0100 Subject: [PATCH 13/31] fix more tests --- .../consent/consent.material.spec.js | 51 +++++++++++++++++++ 1 file changed, 51 insertions(+) create mode 100644 tests/e2e/cypress/integration/openconext/consent/consent.material.spec.js diff --git a/tests/e2e/cypress/integration/openconext/consent/consent.material.spec.js b/tests/e2e/cypress/integration/openconext/consent/consent.material.spec.js new file mode 100644 index 0000000000..7fc7b5b954 --- /dev/null +++ b/tests/e2e/cypress/integration/openconext/consent/consent.material.spec.js @@ -0,0 +1,51 @@ +context('Consent on Material theme', () => { + + beforeEach(() => { + cy.visit('https://engine.vm.openconext.org/functional-testing/consent'); + }); + + it('gives openconext information', () => { + cy.get('a.help[data-slidein="about"]') + .click() + .get('section h1') + .should('be.visible') + .and('contain.text', 'Logging in through OpenConext'); + + cy.get('div.about a.close') + .click(); + }); + + it('shows information on how to report incorrect data', () => { + cy.get('a.small') + .click() + .get('section h1') + .should('be.visible') + .and('contain.text', 'Is the data shown incorrect?'); + + cy.get('div.correction-idp a.close') + .click(); + }); + + it('can show additional attributes', () => { + cy.get('span.show-more') + .click() + .get('td[data-identifier="urn:mace:dir:attribute-def:isMemberOf"]') + .should('be.visible') + .and('contain.text', 'Member of organization'); + }); + + it('can decline consent', () => { + cy.get('div.slidein.reject') + .should('be.hidden'); + + cy.get('a#decline-terms') + .click() + .get('section h1') + .should('be.visible') + .and('contain.text', 'You don\'t want to share your data with the application'); + + cy.get('div.slidein.reject') + .should('be.visible'); + }); + +}); From fbc841fd4dbba3220a4e4c165b8d08e79440c889 Mon Sep 17 00:00:00 2001 From: Floris Fokkinga <80269262+FlorisFokkinga@users.noreply.github.com> Date: Thu, 5 Dec 2024 08:22:59 +0100 Subject: [PATCH 14/31] fix tests --- .../e2e/cypress/integration/skeune/wayf/wayf.general.spec.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/e2e/cypress/integration/skeune/wayf/wayf.general.spec.js b/tests/e2e/cypress/integration/skeune/wayf/wayf.general.spec.js index 8963da034c..4240df5969 100644 --- a/tests/e2e/cypress/integration/skeune/wayf/wayf.general.spec.js +++ b/tests/e2e/cypress/integration/skeune/wayf/wayf.general.spec.js @@ -20,7 +20,7 @@ context('WAYF behaviour not tied to mouse / keyboard navigation', () => { cy.visit('https://engine.dev.openconext.local/functional-testing/wayf'); cy.notOnPage('Identity providers without access').should('not.exist'); cy.notOnPage('Remember my choice'); - cy.notOnPage('Return to service provider'); + cy.notOnPage('Return to application'); }); it('Should show ten connected IdPs', () => { @@ -198,7 +198,7 @@ context('WAYF behaviour not tied to mouse / keyboard navigation', () => { it('Ensure some elements are NOT on the page', () => { cy.visit('https://engine.dev.openconext.local/functional-testing/wayf?connectedIdps=5&rememberChoiceFeature=true'); cy.notOnPage('Identity providers without access'); - cy.notOnPage('Return to service provideraccess'); + cy.notOnPage('Return to applicationaccess'); }); }); From e0edbaa5f9edd8dc376bfd19a6e53fda057ae8a0 Mon Sep 17 00:00:00 2001 From: Floris Fokkinga <80269262+FlorisFokkinga@users.noreply.github.com> Date: Thu, 5 Dec 2024 08:29:34 +0100 Subject: [PATCH 15/31] fix test, missed translation --- languages/messages.nl.php | 6 +++--- .../RedirectToFeedbackPageExceptionListener.php | 2 +- .../Features/ClearErrorMessages.feature | 4 ++-- .../Features/SpProxy.feature | 6 +++--- 4 files changed, 9 insertions(+), 9 deletions(-) diff --git a/languages/messages.nl.php b/languages/messages.nl.php index 42256b3241..683fdee95b 100644 --- a/languages/messages.nl.php +++ b/languages/messages.nl.php @@ -186,7 +186,7 @@ 'error_unsupported_signature_method' => 'Fout - Ondertekeningsmethode wordt niet ondersteund', 'error_unsupported_signature_method_desc' => 'De ondertekeningsmethode %arg1% wordt niet ondersteund, upgrade naar RSA-SHA256 (http://www.w3.org/2001/04/xmldsig-more#rsa-sha256).', 'error_unknown_keyid' => 'Fout - onbekend key-ID', - 'error_unknown_keyid_desc' => 'De gevraagde key-ID is niet bekend bij %suiteName%. Wellicht gebruikt de service provider achterhaalde metadata of is er sprake van een andere configuratiefout.', + 'error_unknown_keyid_desc' => 'De gevraagde key-ID is niet bekend bij %suiteName%. Wellicht gebruikt de applicatie achterhaalde metadata of is er sprake van een andere configuratiefout.', 'error_unknown_preselected_idp' => 'Fout - %spName% niet toegankelijk via je %organisationNoun%', 'error_unknown_preselected_idp_no_sp_name' => 'Fout - Applicatie niet toegankelijk via je %organisationNoun%', 'error_unknown_preselected_idp_desc' => 'De %organisationNoun% waarmee je wilt inloggen heeft toegang tot %spName% niet geactiveerd. Dat betekent dat jij geen gebruik kunt maken van deze applicatie via %suiteName%. Neem contact op met de helpdesk van jouw %organisationNoun% als je toegang wilt krijgen tot %spName%. Geef daarbij aan dat het om %spName% gaat en waarom je toegang wilt.', @@ -194,9 +194,9 @@ 'error_unknown_service_provider' => 'Error - %spName% onbekend', 'error_unknown_service_provider_no_sp_name' => 'Error - Onbekende applicatie', 'error_unknown_service_provider_desc' => '%spName% is onbekend bij %suiteName%. Wellicht heeft %idpName% toegang tot deze applicatie niet geactiveerd. Wil je gebruik maken van %spName%, wend je dan tot de helpdesk van %idpName%.', - 'error_unknown_service_provider_desc_no_sp_name' => 'De verzochte Service Provider is onbekend bij %suiteName%. Wellicht heeft %idpName% toegang tot deze applicatie niet geactiveerd. Wil je gebruik maken van deze applicatie, wend je dan tot de helpdesk van %idpName%.', + 'error_unknown_service_provider_desc_no_sp_name' => 'De verzochte applicatie is onbekend bij %suiteName%. Wellicht heeft %idpName% toegang tot deze applicatie niet geactiveerd. Wil je gebruik maken van deze applicatie, wend je dan tot de helpdesk van %idpName%.', 'error_unknown_service_provider_desc_no_idp_name' => '%spName% is onbekend bij %suiteName%. Wellicht heeft je %organisationNoun% toegang tot deze applicatie niet geactiveerd. Wil je gebruik maken van %spName%, wend je dan tot de helpdesk van je %organisationNoun%.', - 'error_unknown_service_provider_desc_no_names' => 'De verzochte Service Provider is onbekend bij %suiteName%. Wellicht heeft je %organisationNoun% toegang tot deze applicatie niet geactiveerd. Wil je gebruik maken van deze applicatie, wend je dan tot de helpdesk van je %organisationNoun%.', + 'error_unknown_service_provider_desc_no_names' => 'De verzochte applicatie is onbekend bij %suiteName%. Wellicht heeft je %organisationNoun% toegang tot deze applicatie niet geactiveerd. Wil je gebruik maken van deze applicatie, wend je dan tot de helpdesk van je %organisationNoun%.', 'error_unsupported_acs_location_scheme' => 'Fout - URI scheme van de ACS locatie wordt niet ondersteund', 'error_unknown_identity_provider' => 'Error - %idpName% onbekend', 'error_unknown_identity_provider_no_idp_name' => 'Error - Onbekende %organisationNoun%', diff --git a/src/OpenConext/EngineBlockBundle/EventListener/RedirectToFeedbackPageExceptionListener.php b/src/OpenConext/EngineBlockBundle/EventListener/RedirectToFeedbackPageExceptionListener.php index a1b8a7192a..43d26f3f06 100644 --- a/src/OpenConext/EngineBlockBundle/EventListener/RedirectToFeedbackPageExceptionListener.php +++ b/src/OpenConext/EngineBlockBundle/EventListener/RedirectToFeedbackPageExceptionListener.php @@ -163,7 +163,7 @@ public function onKernelException(ExceptionEvent $event) $message = 'Unable to verify message'; $redirectToRoute = 'authentication_feedback_verification_failed'; } elseif ($exception instanceof EngineBlock_Exception_UnknownServiceProvider) { - $message = 'Unknown Service Provider'; + $message = 'Unknown application Provider'; $redirectToRoute = 'authentication_feedback_unknown_service_provider'; $redirectParams = [ diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/ClearErrorMessages.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/ClearErrorMessages.feature index dd6f21a4cb..ffba73f09d 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/ClearErrorMessages.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/ClearErrorMessages.feature @@ -125,7 +125,7 @@ Feature: Scenario: I want to log on but this Service Provider is not yet registered at OpenConext When I log in at "Unregistered SP" - Then I should see "Error - Unknown service" + Then I should see "Error - Unknown application" And I should see "UR ID:" And I should see "IP:" And I should see "EC:" @@ -153,7 +153,7 @@ Feature: And SP "Trusted SP" requires a RequesterId And SP "Trusted SP" is authenticating and uses RequesterID "" When I log in at "Trusted SP" - Then I should see "Error - Unknown service" + Then I should see "Error - Unknown application" And I should see "UR ID:" And I should see "IP:" And I should see "EC:" diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/SpProxy.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/SpProxy.feature index 5daa6afa78..602b447f7b 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/SpProxy.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/SpProxy.feature @@ -222,7 +222,7 @@ Feature: And SP "Step Up" does not require consent And SP "Step Up" uses the Unspecified NameID format When I log in at "Step Up" - Then I should see "Error - Unknown service" + Then I should see "Error - Unknown application" And I should see "Proxy SP:" Scenario: User logs in via misconfigured trusted proxy and sees error @@ -230,14 +230,14 @@ Feature: And SP "Step Up" is a trusted proxy And SP "Step Up" signs its requests When I log in at "Step Up" - Then I should see "Error - Unknown service" + Then I should see "Error - Unknown application" Scenario: User logs in via trusted proxy which requests unknown SP and sees error Given SP "Step Up" is authenticating for SP "Unregistered SP" And SP "Step Up" is a trusted proxy And SP "Step Up" signs its requests When I log in at "Step Up" - Then I should see "Error - Unknown service" + Then I should see "Error - Unknown application" And I should see "UR ID:" And I should see "EC:" And I should see "SP:" From bbaf8232d405b11ed1bc521c12c25e694b9ba8e5 Mon Sep 17 00:00:00 2001 From: Floris Fokkinga <80269262+FlorisFokkinga@users.noreply.github.com> Date: Thu, 5 Dec 2024 09:14:01 +0100 Subject: [PATCH 16/31] bulk fix tests --- .../Command/DumpServiceRegistryCommand.php | 2 +- .../Features/AcsTinkering.feature | 8 +++--- .../Features/AttributeAggregation.feature | 2 +- .../Features/AttributeManipulation.feature | 26 +++++++++---------- .../AttributeManipulationException.feature | 8 +++--- ...nWithAllManipulationsBeforeConsent.feature | 20 +++++++------- .../Features/AttributeReleasePolicy.feature | 26 +++++++++---------- ...yWithAllManipulationsBeforeConsent.feature | 12 ++++----- .../Features/AuthenticationLoop.feature | 3 +-- .../Features/Bindings.feature | 2 +- .../Features/ClearErrorMessages.feature | 20 +++++++------- .../Features/Consent.feature | 16 ++++++------ .../Features/Context/MockSpContext.php | 4 +-- .../DisplayUnconnectedIdpsWayf.feature | 2 +- .../Features/EduPersonTargetedId.feature | 10 +++---- .../Features/Encryption.feature | 2 +- .../Features/FeedbackFooters.feature | 2 +- .../Features/InternalCollabPersonId.feature | 4 +-- .../Features/IsPassive.feature | 2 +- .../Features/LocaleSelection.feature | 2 +- .../Features/Logout.feature | 2 +- .../Features/Metadata.feature | 4 +-- .../Features/MfaAuthnContextClassRef.feature | 4 +-- .../Features/MultipleSingleSignOn.feature | 5 ++-- .../Features/NameIdFormat.feature | 2 +- .../Features/PolicyEnforcement.feature | 6 ++--- .../SignatureBypassVulnerability.feature | 2 +- .../Features/SingleSignOn.feature | 4 +-- .../Features/SingleSignOnWithScoping.feature | 6 ++--- .../Features/SpProxy.feature | 12 ++++----- .../Features/StatusCodes.feature | 2 +- .../Features/Stepup.feature | 6 ++--- .../Features/StepupKeyRollover.feature | 6 ++--- .../Features/UnsolicitedSingleSignOn.feature | 2 +- .../UnsolicitedSingleSignOnDisabled.feature | 2 +- 35 files changed, 119 insertions(+), 119 deletions(-) diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Command/DumpServiceRegistryCommand.php b/src/OpenConext/EngineBlockFunctionalTestingBundle/Command/DumpServiceRegistryCommand.php index c332bdbfa4..78f9a08ac0 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Command/DumpServiceRegistryCommand.php +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Command/DumpServiceRegistryCommand.php @@ -26,7 +26,7 @@ use Symfony\Component\Console\Output\OutputInterface; /** - * Dump the contents of the (fake) Service Registry + * Dump the contents of the (fake) application Registry */ #[AsCommand(name: 'engineblock:dump:sr', description: 'Find all sessions from log output on STDIN or for a given file', aliases: ['dump:sr'])] class DumpServiceRegistryCommand extends Command diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AcsTinkering.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AcsTinkering.feature index a79e39ad2b..6d077a534e 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AcsTinkering.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AcsTinkering.feature @@ -8,10 +8,10 @@ Feature: And no registered SPs And no registered Idps And an Identity Provider named "AlwaysAuth" - And a Service Provider named "Malicious SP" - And a Service Provider named "Malconfigured SP" - And SP "Malicious SP" is set with ACS location "javascript:alert('Hello world')" - And SP "Malconfigured SP" is set with ACS location "sp.example.com" + And an application named "Malicious SP" + And an application named "Malconfigured SP" + And SP "Malicious SP" is set with acs location "javascript:alert('Hello world')" + And SP "Malconfigured SP" is set with acs location "sp.example.com" Scenario: The Malicious SP AuthnRequest is denied by EngineBlock Given I log in at "Malicious SP" diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeAggregation.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeAggregation.feature index 3c5ad6aad0..e3d255dc1b 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeAggregation.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeAggregation.feature @@ -8,7 +8,7 @@ Feature: And no registered SPs And no registered Idps And an Identity Provider named "IDP-AA" - And a Service Provider named "SP-AA" + And an application named "SP-AA" And SP "SP-AA" requires attribute aggregation And feature "eb.run_all_manipulations_prior_to_consent" is disabled diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeManipulation.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeManipulation.feature index 5d352b8065..86e79f2f00 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeManipulation.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeManipulation.feature @@ -9,13 +9,13 @@ Feature: And no registered Idps And an Identity Provider named "Dummy-IdP" And an Identity Provider named "IdP-with-Attribute-Manipulations" - And a Service Provider named "Dummy-SP" - And a Service Provider named "SP-with-Attribute-Manipulations" - And a Service Provider named "Stepup Gateway" - And a Service Provider named "Stepup SelfService" + And an application named "Dummy-SP" + And an application named "SP-with-Attribute-Manipulations" + And an application named "Stepup Gateway" + And an application named "Stepup SelfService" And feature "eb.run_all_manipulations_prior_to_consent" is disabled - Scenario: The Service Provider can have an attribute added + Scenario: The application can have an attribute added Given SP "SP-with-Attribute-Manipulations" has the following Attribute Manipulation: """ $attributes['nl:surf:test:something'] = array("arbitrary-value"); @@ -31,7 +31,7 @@ Feature: Then the url should match "functional-testing/SP-with-Attribute-Manipulations/acs" And the response should match xpath '/samlp:Response/saml:Assertion/saml:AttributeStatement/saml:Attribute[@Name="nl:surf:test:something"]/saml:AttributeValue[text()="arbitrary-value"]' - Scenario: The Service Provider can have the attributes manipulated + Scenario: The application can have the attributes manipulated Given SP "SP-with-Attribute-Manipulations" has the following Attribute Manipulation: """ $attributes['urn:mace:dir:attribute-def:uid'] = array("the-manipulated-value"); @@ -46,7 +46,7 @@ Feature: Then the url should match "functional-testing/SP-with-Attribute-Manipulations/acs" And the response should match xpath '/samlp:Response/saml:Assertion/saml:AttributeStatement/saml:Attribute[@Name="urn:mace:dir:attribute-def:uid"]/saml:AttributeValue[text()="the-manipulated-value"]' - Scenario: The Service Provider can have the SubjectID manipulated + Scenario: The application can have the SubjectID manipulated Given SP "SP-with-Attribute-Manipulations" has the following Attribute Manipulation: """ $subjectId = 'arthur.dent@domain.test'; @@ -63,7 +63,7 @@ Feature: And the response should match xpath '/samlp:Response/saml:Assertion/saml:AttributeStatement/saml:Attribute[@Name="urn:mace:dir:attribute-def:eduPersonTargetedID"]/saml:AttributeValue/saml:NameID[@Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" and text()="arthur.dent@domain.test"]' And the response should match xpath '/samlp:Response/saml:Assertion/saml:Subject/saml:NameID[@Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" and text()="arthur.dent@domain.test"]' - Scenario: The Service Provider cannot have the SubjectID manipulated if using a NameID format other than unspecified + Scenario: The application cannot have the SubjectID manipulated if using a NameID format other than unspecified Given SP "SP-with-Attribute-Manipulations" has the following Attribute Manipulation: """ $subjectId = "arthur.dent@domain.test"; @@ -82,7 +82,7 @@ Feature: And the response should not match xpath '/samlp:Response/saml:Assertion/saml:Subject/saml:NameID[@Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" and text()="arthur.dent@domain.test"]' And the response should match xpath '/samlp:Response/saml:Assertion/saml:Subject/saml:NameID[@Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"]' - Scenario: The Service Provider cannot have the Subject NameID manipulated by setting the IntendedNameId in the reponse as it is overwritten by the subjectId + Scenario: The application cannot have the Subject NameID manipulated by setting the IntendedNameId in the reponse as it is overwritten by the subjectId Given SP "SP-with-Attribute-Manipulations" has the following Attribute Manipulation: """ $response['__']['IntendedNameId'] = 'NOOT'; @@ -103,7 +103,7 @@ Feature: And the response should not match xpath '/samlp:Response/saml:Assertion/saml:Subject/saml:NameID[@Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" and text()="NOOT"]' And the response should match xpath '/samlp:Response/saml:Assertion/saml:Subject/saml:NameID[@Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" and text()="AAP"]' - Scenario: The Service Provider can replace the NameID by setting the CustomNameID with an array representation of the NameID + Scenario: The application can replace the NameID by setting the CustomNameID with an array representation of the NameID Given SP "SP-with-Attribute-Manipulations" has the following Attribute Manipulation: """ $response['__']['CustomNameId'] = array('Format' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient', 'Value' => 'NOOT'); @@ -136,7 +136,7 @@ Feature: And the response should match xpath '/samlp:Response/saml:Assertion/saml:AuthnStatement/saml:AuthnContext/saml:AuthnContextClassRef[text()="http://bakkerijaalders.nl/mfa-done"]' # See: https://www.pivotaltracker.com/story/show/159760842 - Scenario: The Service Provider can replace the NameID by setting the CustomNameID with an object representation of the NameID + Scenario: The application can replace the NameID by setting the CustomNameID with an object representation of the NameID Given SP "SP-with-Attribute-Manipulations" has the following Attribute Manipulation: """ $nameId = new \SAML2\XML\saml\NameID(); @@ -156,7 +156,7 @@ Feature: And the response should match xpath '/samlp:Response/saml:Assertion/saml:AttributeStatement/saml:Attribute[@Name="urn:mace:dir:attribute-def:eduPersonTargetedID"]/saml:AttributeValue/saml:NameID[@Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient" and text()="MIES"]' And the response should match xpath '/samlp:Response/saml:Assertion/saml:Subject/saml:NameID[@Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient" and text()="MIES"]' - Scenario: The Service Provider cannot have the SubjectID manipulated by manipulating the responseObj using the unspecified NameID Format + Scenario: The application cannot have the SubjectID manipulated by manipulating the responseObj using the unspecified NameID Format Given SP "SP-with-Attribute-Manipulations" has the following Attribute Manipulation: """ $responseObj->setCollabPersonId('NOOT'); @@ -175,7 +175,7 @@ Feature: And the response should not match xpath '/samlp:Response/saml:Assertion/saml:Subject/saml:NameID[@Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" and text()="NOOT"]' And the response should match xpath '/samlp:Response/saml:Assertion/saml:Subject/saml:NameID[@Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"]' - Scenario: The Service Provider cannot have the SubjectID manipulated by manipulating the responseObj when using a NameID Format other than unspecified + Scenario: The application cannot have the SubjectID manipulated by manipulating the responseObj when using a NameID Format other than unspecified Given SP "SP-with-Attribute-Manipulations" has the following Attribute Manipulation: """ $responseObj->setCollabPersonId('NOOT'); diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeManipulationException.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeManipulationException.feature index 422e535fd5..737ee18c5a 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeManipulationException.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeManipulationException.feature @@ -9,10 +9,10 @@ Feature: And no registered Idps And an Identity Provider named "Dummy-IdP" And an Identity Provider named "IdP-with-Attribute-Manipulations" - And a Service Provider named "Dummy-SP" - And a Service Provider named "SP-with-Attribute-Manipulations" + And an application named "Dummy-SP" + And an application named "SP-with-Attribute-Manipulations" - Scenario: The Service Provider can have an attribute added + Scenario: The application can have an attribute added Given SP "SP-with-Attribute-Manipulations" has the following Attribute Manipulation: """ $e = new EngineBlock_Attributes_Manipulator_CustomException("AM_ERROR Authorization Incorrect _ Affilliation Incorrect", EngineBlock_Attributes_Manipulator_CustomException::CODE_NOTICE); @@ -31,7 +31,7 @@ throw $e; And I pass through the IdP And I give my consent Then I should see "Authorization Incorrect" - And I should see "This user does not have access to desired service. Contact the system administrator." + And I should see "This user does not have access to desired application. Contact the system administrator." And I should see "UR ID:" And I should see "IP:" And I should see "EC:" diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeManipulationWithAllManipulationsBeforeConsent.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeManipulationWithAllManipulationsBeforeConsent.feature index 886aee98f6..2be3f96d19 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeManipulationWithAllManipulationsBeforeConsent.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeManipulationWithAllManipulationsBeforeConsent.feature @@ -9,11 +9,11 @@ Feature: And no registered Idps And an Identity Provider named "Dummy-IdP" And an Identity Provider named "IdP-with-Attribute-Manipulations" - And a Service Provider named "Dummy-SP" - And a Service Provider named "SP-with-Attribute-Manipulations" + And an application named "Dummy-SP" + And an application named "SP-with-Attribute-Manipulations" And feature "eb.run_all_manipulations_prior_to_consent" is enabled - Scenario: The Service Provider can have an attribute added + Scenario: The application can have an attribute added Given SP "SP-with-Attribute-Manipulations" has the following Attribute Manipulation: """ $attributes['nl:surf:test:something'] = array("arbitrary-value"); @@ -29,7 +29,7 @@ Feature: Then the url should match "functional-testing/SP-with-Attribute-Manipulations/acs" And the response should match xpath '/samlp:Response/saml:Assertion/saml:AttributeStatement/saml:Attribute[@Name="nl:surf:test:something"]/saml:AttributeValue[text()="arbitrary-value"]' - Scenario: The Service Provider can have the attributes manipulated + Scenario: The application can have the attributes manipulated Given SP "SP-with-Attribute-Manipulations" has the following Attribute Manipulation: """ $attributes['urn:mace:dir:attribute-def:uid'] = array("the-manipulated-value"); @@ -44,7 +44,7 @@ Feature: Then the url should match "functional-testing/SP-with-Attribute-Manipulations/acs" And the response should match xpath '/samlp:Response/saml:Assertion/saml:AttributeStatement/saml:Attribute[@Name="urn:mace:dir:attribute-def:uid"]/saml:AttributeValue[text()="the-manipulated-value"]' - Scenario: The Service Provider can have the SubjectID manipulated + Scenario: The application can have the SubjectID manipulated Given SP "SP-with-Attribute-Manipulations" has the following Attribute Manipulation: """ $subjectId = 'arthur.dent@domain.test'; @@ -61,7 +61,7 @@ Feature: And the response should match xpath '/samlp:Response/saml:Assertion/saml:AttributeStatement/saml:Attribute[@Name="urn:mace:dir:attribute-def:eduPersonTargetedID"]/saml:AttributeValue/saml:NameID[@Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" and text()="arthur.dent@domain.test"]' And the response should match xpath '/samlp:Response/saml:Assertion/saml:Subject/saml:NameID[@Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" and text()="arthur.dent@domain.test"]' - Scenario: The Service Provider cannot have the SubjectID manipulated if using a NameID format other than unspecified + Scenario: The application cannot have the SubjectID manipulated if using a NameID format other than unspecified Given SP "SP-with-Attribute-Manipulations" has the following Attribute Manipulation: """ $subjectId = "arthur.dent@domain.test"; @@ -80,7 +80,7 @@ Feature: And the response should not match xpath '/samlp:Response/saml:Assertion/saml:Subject/saml:NameID[@Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" and text()="arthur.dent@domain.test"]' And the response should match xpath '/samlp:Response/saml:Assertion/saml:Subject/saml:NameID[@Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"]' - Scenario: The Service Provider cannot have the Subject NameID manipulated by setting the IntendedNameId in the reponse as it is overwritten by the subjectId + Scenario: The application cannot have the Subject NameID manipulated by setting the IntendedNameId in the reponse as it is overwritten by the subjectId Given SP "SP-with-Attribute-Manipulations" has the following Attribute Manipulation: """ $response['__']['IntendedNameId'] = 'NOOT'; @@ -101,7 +101,7 @@ Feature: And the response should not match xpath '/samlp:Response/saml:Assertion/saml:Subject/saml:NameID[@Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" and text()="NOOT"]' And the response should match xpath '/samlp:Response/saml:Assertion/saml:Subject/saml:NameID[@Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" and text()="AAP"]' - Scenario: The Service Provider can replace the NameID by setting the CustomNameID with an array representation of the NameID + Scenario: The application can replace the NameID by setting the CustomNameID with an array representation of the NameID Given SP "SP-with-Attribute-Manipulations" has the following Attribute Manipulation: """ $response['__']['CustomNameId'] = array('Format' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient', 'Value' => 'NOOT'); @@ -118,7 +118,7 @@ Feature: And the response should match xpath '/samlp:Response/saml:Assertion/saml:AttributeStatement/saml:Attribute[@Name="urn:mace:dir:attribute-def:eduPersonTargetedID"]/saml:AttributeValue/saml:NameID[@Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient" and text()="NOOT"]' And the response should match xpath '/samlp:Response/saml:Assertion/saml:Subject/saml:NameID[@Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient" and text()="NOOT"]' - Scenario: The Service Provider cannot have the SubjectID manipulated by manipulating the responseObj using the unspecified NameID Format + Scenario: The application cannot have the SubjectID manipulated by manipulating the responseObj using the unspecified NameID Format Given SP "SP-with-Attribute-Manipulations" has the following Attribute Manipulation: """ $responseObj->setCollabPersonId('NOOT'); @@ -137,7 +137,7 @@ Feature: And the response should not match xpath '/samlp:Response/saml:Assertion/saml:Subject/saml:NameID[@Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" and text()="NOOT"]' And the response should match xpath '/samlp:Response/saml:Assertion/saml:Subject/saml:NameID[@Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"]' - Scenario: The Service Provider cannot have the SubjectID manipulated by manipulating the responseObj when using a NameID Format other than unspecified + Scenario: The application cannot have the SubjectID manipulated by manipulating the responseObj when using a NameID Format other than unspecified Given SP "SP-with-Attribute-Manipulations" has the following Attribute Manipulation: """ $responseObj->setCollabPersonId('NOOT'); diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeReleasePolicy.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeReleasePolicy.feature index 8bfe708664..5b244c9dc2 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeReleasePolicy.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeReleasePolicy.feature @@ -8,19 +8,19 @@ Feature: And no registered SPs And no registered Idps And an Identity Provider named "TestIdp" - And a Service Provider named "No ARP" - And a Service Provider named "Empty ARP" - And a Service Provider named "Wildcard ARP" - And a Service Provider named "Wrong Value ARP" - And a Service Provider named "Right Value ARP" - And a Service Provider named "Specific Value ARP" - And a Service Provider named "Two value ARP" - And a Service Provider named "Trusted Proxy" - And a Service Provider named "Stepup Gateway" - And a Service Provider named "Stepup SelfService" - And a Service Provider named "Release As" - And a Service Provider named "Use as NameID" - And a Service Provider named "Use as NameID and Release As" + And an application named "No ARP" + And an application named "Empty ARP" + And an application named "Wildcard ARP" + And an application named "Wrong Value ARP" + And an application named "Right Value ARP" + And an application named "Specific Value ARP" + And an application named "Two value ARP" + And an application named "Trusted Proxy" + And an application named "Stepup Gateway" + And an application named "Stepup SelfService" + And an application named "Release As" + And an application named "Use as NameID" + And an application named "Use as NameID and Release As" And SP "Empty ARP" allows no attributes And SP "Wildcard ARP" allows an attribute named "urn:mace:dir:attribute-def:uid" And SP "Wrong Value ARP" allows an attribute named "urn:mace:terena.org:attribute-def:schacHomeOrganization" with value "example.edu" diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeReleasePolicyWithAllManipulationsBeforeConsent.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeReleasePolicyWithAllManipulationsBeforeConsent.feature index 0ea500c307..5838860c0f 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeReleasePolicyWithAllManipulationsBeforeConsent.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeReleasePolicyWithAllManipulationsBeforeConsent.feature @@ -8,12 +8,12 @@ Feature: And no registered SPs And no registered Idps And an Identity Provider named "TestIdp" - And a Service Provider named "No ARP" - And a Service Provider named "Empty ARP" - And a Service Provider named "Wildcard ARP" - And a Service Provider named "Wrong Value ARP" - And a Service Provider named "Right Value ARP" - And a Service Provider named "Two value ARP" + And an application named "No ARP" + And an application named "Empty ARP" + And an application named "Wildcard ARP" + And an application named "Wrong Value ARP" + And an application named "Right Value ARP" + And an application named "Two value ARP" And SP "Empty ARP" allows no attributes And SP "Wildcard ARP" allows an attribute named "urn:mace:dir:attribute-def:uid" And SP "Wrong Value ARP" allows an attribute named "urn:mace:terena.org:attribute-def:schacHomeOrganization" with value "example.edu" diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AuthenticationLoop.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AuthenticationLoop.feature index 7011eadc35..9dc45a6c39 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AuthenticationLoop.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AuthenticationLoop.feature @@ -9,8 +9,7 @@ Feature: And no registered SPs And no registered Idps And an Identity Provider named "Dummy Idp" - And a Service Provider named "Dummy SP 1" - And a Service Provider named "Dummy SP 2" + And an application named "Dummy SP" Scenario: an authentication loop is detected When I log in at "Dummy SP 1" diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Bindings.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Bindings.feature index 8c631c783d..c9b6077b40 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Bindings.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Bindings.feature @@ -8,7 +8,7 @@ Feature: And no registered SPs And no registered Idps And an Identity Provider named "Dummy Idp" - And a Service Provider named "Dummy SP" + And an application named "Dummy SP" Scenario: EngineBlock accepts AuthnRequests using HTTP-POST binding Given the SP uses the HTTP POST Binding diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/ClearErrorMessages.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/ClearErrorMessages.feature index ffba73f09d..624bb197d3 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/ClearErrorMessages.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/ClearErrorMessages.feature @@ -8,10 +8,10 @@ Feature: And no registered SPs And no registered Idps And an Identity Provider named "Dummy Idp" - And a Service Provider named "Dummy SP" - And a Service Provider named "Unconnected SP" - And a Service Provider named "Trusted SP" - And an unregistered Service Provider named "Unregistered SP" + And an application named "Dummy SP" + And an application named "Unconnected SP" + And an application named "Trusted SP" + And an unregistered application named "Unregistered SP" And SP "Unconnected SP" is not connected to IdP "Dummy Idp" Scenario: I log in at my Identity Provider, but something goes wrong and it returns an error response. @@ -105,7 +105,7 @@ Feature: And I should see "SP Name:" And I should see "IdP:" - Scenario: I want to log on, but this Service Provider may not access any Identity Providers + Scenario: I want to log on, but this application may not access any Identity Providers When I log in at "Unconnected SP" Then I should see "No organisations found" And I should see "UR ID:" @@ -115,7 +115,7 @@ Feature: And I should see "SP Name:" And I should not see "IdP:" - Scenario: I want to log on, but the proxied Service Provider may not access any Identity Providers + Scenario: I want to log on, but the proxied application may not access any Identity Providers Given SP "Trusted SP" is a trusted proxy And SP "Trusted SP" signs its requests And SP "Trusted SP" is authenticating for SP "Unconnected SP" @@ -123,7 +123,7 @@ Feature: Then I should see "Error - No organisations found" And I should see "Proxy SP:" - Scenario: I want to log on but this Service Provider is not yet registered at OpenConext + Scenario: I want to log on but this application is not yet registered at OpenConext When I log in at "Unregistered SP" Then I should see "Error - Unknown application" And I should see "UR ID:" @@ -198,7 +198,7 @@ Feature: Scenario: An SP sends a AuthnRequest transparently for an IdP that doesn't exist When I log in at SP "Dummy SP" which attempts to preselect nonexistent IdP "DoesNotExist" Then the url should match "/authentication/feedback/unknown-preselected-idp" - And I should see "Error - Service not accessible through your organisation" + And I should see "Error - Application not accessible through your organisation" And I should see "UR ID:" And I should see "IP:" And I should see "EC:" @@ -466,8 +466,8 @@ Feature: # Scenario: I try an unsolicited login (at EB) but mess up by not specifying a binding # Scenario: I try an unsolicited login (at EB) but mess up by not specifying an invalid index # -# Scenario: I don't give consent to release my attributes to a Service Provider +# Scenario: I don't give consent to release my attributes to an application # # Scenario: An attribute manipulation determines that a user may not continue # -# Scenario: I want to log in to a service but am not a member of the appropriate VO +# Scenario: I want to log in to an application but am not a member of the appropriate VO diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Consent.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Consent.feature index dea58abdab..32d7aacd33 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Consent.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Consent.feature @@ -7,8 +7,8 @@ Feature: Background: Given an EngineBlock instance on "dev.openconext.local" And an Identity Provider named "Dummy-IdP" - And a Service Provider named "Dummy-SP" - And a Service Provider named "Trusted Proxy" + And an application named "Dummy-SP" + And an application named "Trusted Proxy" And SP "Dummy-SP" allows the following attributes: | Name | Value | Source | Motivation | @@ -70,7 +70,7 @@ Feature: And I pass through the IdP Then the response should contain "Dummy-SP will receive" - Scenario: The user can read why the service provider requires an attribute + Scenario: The user can read why the application requires an attribute Given I log in at "Dummy-SP" And I pass through EngineBlock And I pass through the IdP @@ -100,14 +100,14 @@ Feature: And I log in at "Dummy-SP" And I pass through EngineBlock And I pass through the IdP - Then the response should contain "The identifier for this service is generated by" + Then the response should contain "The identifier for this application is generated by" Scenario: The user sees the identifier section when nameid is transient Given SP "Dummy-SP" uses the Transient NameID format And I log in at "Dummy-SP" And I pass through EngineBlock And I pass through the IdP - Then the response should not contain "The identifier for this service is generated by" + Then the response should not contain "The identifier for this application is generated by" Scenario: The user does not see the identifier section when nameid is unspecified Given SP "Dummy-SP" uses the Unspecified NameID format @@ -115,7 +115,7 @@ Feature: And I pass through EngineBlock And I pass through the IdP Then the response should contain "urn:collab:person:engine-test-stand.openconext.org:test" - Then the response should not contain "The identifier for this service is generated by" + Then the response should not contain "The identifier for this application is generated by" Scenario: The user is not asked for consent when the consent feature toggle is disabled Given feature "eb.feature_enable_consent" is disabled @@ -134,7 +134,7 @@ Feature: When I log in at "Trusted Proxy" And I pass through EngineBlock And I pass through the IdP - Then the response should contain "The identifier for this service is generated by" + Then the response should contain "The identifier for this application is generated by" Scenario: The user sees the identifier of the end-SP when a trusted proxy is involved, unspecified edition Given SP "Trusted Proxy" is authenticating for SP "Dummy-SP" @@ -146,4 +146,4 @@ Feature: And I pass through EngineBlock And I pass through the IdP Then the response should contain "urn:collab:person:engine-test-stand.openconext.org:test" - Then the response should not contain "The identifier for this service is generated by" + Then the response should not contain "The identifier for this application is generated by" diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Context/MockSpContext.php b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Context/MockSpContext.php index 2484dad482..a6c178725e 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Context/MockSpContext.php +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Context/MockSpContext.php @@ -122,7 +122,7 @@ public function iTriggerTheLoginEitherAtOrUnsolicitedAtEb($spName) } /** - * @Given /^a Service Provider named "([^"]*)"$/ + * @Given /^an application named "([^"]*)"$/ */ public function aServiceProviderNamedWithEntityid($name) { @@ -136,7 +136,7 @@ public function aServiceProviderNamedWithEntityid($name) } /** - * @Given /^an unregistered Service Provider named "([^"]*)"$/ + * @Given /^an unregistered application named "([^"]*)"$/ */ public function anUnregisteredServiceProviderNamed($name) { diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/DisplayUnconnectedIdpsWayf.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/DisplayUnconnectedIdpsWayf.feature index df3def8c90..a15bd684f4 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/DisplayUnconnectedIdpsWayf.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/DisplayUnconnectedIdpsWayf.feature @@ -7,7 +7,7 @@ Feature: Given an EngineBlock instance on "dev.openconext.local" And no registered SPs And no registered Idps - And a Service Provider named "SP" + And an application named "SP" And an Identity Provider named "Connected IdP1" And an Identity Provider named "Connected IdP2" And an Identity Provider named "Unconnected IdP1" diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/EduPersonTargetedId.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/EduPersonTargetedId.feature index 7d0f38f437..0810db464a 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/EduPersonTargetedId.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/EduPersonTargetedId.feature @@ -8,11 +8,11 @@ Feature: And no registered SPs And no registered Idps And an Identity Provider named "TestIdp" - And a Service Provider named "No ARP" - And a Service Provider named "Empty ARP" - And a Service Provider named "ARP without ePTI" - And a Service Provider named "ARP with ePTI" - And a Service Provider named "Step Up" + And an application named "No ARP" + And an application named "Empty ARP" + And an application named "ARP without ePTI" + And an application named "ARP with ePTI" + And an application named "Step Up" And SP "ARP with ePTI" uses the Unspecified NameID format And SP "Empty ARP" allows no attributes And SP "ARP without ePTI" allows an attribute named "urn:mace:dir:attribute-def:uid" diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Encryption.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Encryption.feature index 3ef9bad094..9194bc156d 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Encryption.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Encryption.feature @@ -8,7 +8,7 @@ Feature: And no registered SPs And no registered Idps And an Identity Provider named "Dummy Idp" - And a Service Provider named "Dummy SP" + And an application named "Dummy SP" Scenario: EngineBlock accepts RSA Encrypted Responses Given the SP uses the HTTP POST Binding diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/FeedbackFooters.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/FeedbackFooters.feature index aa06df815a..b95db1e989 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/FeedbackFooters.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/FeedbackFooters.feature @@ -8,7 +8,7 @@ Feature: And no registered SPs And no registered Idps And an Identity Provider named "Dummy Idp" - And a Service Provider named "Dummy SP" + And an application named "Dummy SP" Scenario: When a wiki link is configured in a translation the wiki link should be visible Given I have configured the following translations: diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/InternalCollabPersonId.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/InternalCollabPersonId.feature index bc7fb71327..9b3a4e3a6f 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/InternalCollabPersonId.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/InternalCollabPersonId.feature @@ -8,8 +8,8 @@ Feature: And no registered SPs And no registered Idps And an Identity Provider named "AlwaysAuth" - And a Service Provider named "Step Up TP" - And a Service Provider named "SelfService" + And an application named "Step Up TP" + And an application named "SelfService" Scenario: User logs in to SP, in that case the internalCollabPersonId should NOT be present Given SP "SelfService" signs its requests diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/IsPassive.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/IsPassive.feature index 2280e126ac..70a4275d5e 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/IsPassive.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/IsPassive.feature @@ -8,7 +8,7 @@ Feature: And no registered SPs And no registered Idps And an Identity Provider named "Dummy IdP" - And a Service Provider named "Dummy SP" + And an application named "Dummy SP" Scenario: A passive AuthnRequest is handled without issue Given SP "Dummy SP" is configured to generate a passive AuthnRequest diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/LocaleSelection.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/LocaleSelection.feature index d90cb8e8ef..3d47d671ab 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/LocaleSelection.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/LocaleSelection.feature @@ -8,7 +8,7 @@ Feature: Given an EngineBlock instance on "dev.openconext.local" And an Identity Provider named "First IdP" And an Identity Provider named "Second IdP" - And a Service Provider named "Test SP" + And an application named "Test SP" And my browser is configured to accept language "nl-NL" Scenario: a user makes their first visit and doesn't have a locale cookie diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Logout.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Logout.feature index 27ad08cbd0..0c288ab3ab 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Logout.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Logout.feature @@ -8,7 +8,7 @@ Feature: And no registered SPs And no registered Idps And an Identity Provider named "Dummy IdP" - And a Service Provider named "Dummy SP" + And an application named "Dummy SP" Scenario: A user can log out When I log in at "Dummy SP" diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Metadata.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Metadata.feature index 864cc43449..9e0249b647 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Metadata.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Metadata.feature @@ -123,7 +123,7 @@ Feature: Given an Identity Provider named "Connected-IdP" And an Identity Provider named "Second-Connected-IdP" And an Identity Provider named "Not-Connected-IdP" - And a Service Provider named "Test-SP" + And an application named "Test-SP" And SP "Test-SP" is not connected to IdP "Not-Connected-IdP" When I go to Engineblock URL "/authentication/proxy/idps-metadata?sp-entity-id=https://engine.dev.openconext.local/functional-testing/Test-SP/metadata" # Verify the two connected IdPs are present in the list @@ -205,7 +205,7 @@ Feature: Given an Identity Provider named "Connected-IdP" And an Identity Provider named "Second-Connected-IdP" And an Identity Provider named "Not-Connected-IdP" - And a Service Provider named "Test-SP" + And an application named "Test-SP" And SP "Test-SP" is not connected to IdP "Not-Connected-IdP" When I go to Engineblock URL "/authentication/proxy/idps-metadata/key:default?sp-entity-id=https://engine.dev.openconext.local/functional-testing/Test-SP/metadata" # Verify the two connected IdPs are present in the list diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/MfaAuthnContextClassRef.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/MfaAuthnContextClassRef.feature index d3896ff0ae..764e96f23d 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/MfaAuthnContextClassRef.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/MfaAuthnContextClassRef.feature @@ -8,8 +8,8 @@ Feature: And no registered SPs And no registered Idps And an Identity Provider named "SSO-IdP" - And a Service Provider named "SSO-SP" - And a Service Provider named "Trusted SP" + And an application named "SSO-SP" + And an application named "Trusted SP" Scenario: The configured authn method should be set as AuthnContextClassRef if configured with the IdP configuration mapping Given the IdP "SSO-IdP" is configured for MFA authn method "http://schemas.microsoft.com/claims/multipleauthn" for SP "SSO-SP" diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/MultipleSingleSignOn.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/MultipleSingleSignOn.feature index cfbcd2906b..dd15355228 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/MultipleSingleSignOn.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/MultipleSingleSignOn.feature @@ -9,8 +9,9 @@ Feature: And no registered SPs And no registered Idps And an Identity Provider named "SSO-IdP" - And a Service Provider named "SSO-SP" - And a Service Provider named "SSO-Two" + And an application named "SSO-SP" + And an application named "SSO-Two" + And I open 2 browser tabs identified by "Browser tab 1, Browser tab 2" Scenario: Two solicited authentication requests sequential When I open 2 browser tabs identified by "Browser tab 1, Browser tab 2" diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/NameIdFormat.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/NameIdFormat.feature index 60c6f3e98c..2f135c9b53 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/NameIdFormat.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/NameIdFormat.feature @@ -8,7 +8,7 @@ Feature: And no registered SPs And no registered Idps And an Identity Provider named "SSO-IdP" - And a Service Provider named "SSO-SP" + And an application named "SSO-SP" Scenario: EngineBlock should not update the Unspecified NameIdFormat when no ARP filters are applied Given SP "SSO-SP" uses the Unspecified NameID format diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/PolicyEnforcement.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/PolicyEnforcement.feature index abb0267b89..50d7cb929b 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/PolicyEnforcement.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/PolicyEnforcement.feature @@ -8,9 +8,9 @@ Feature: And no registered SPs And no registered Idps And an Identity Provider named "Dummy IdP" with logo "idp-logo.jpg" - And a Service Provider named "Dummy SP" - And a Service Provider named "Stepup Gateway" - And a Service Provider named "Stepup SelfService" + And an application named "Dummy SP" + And an application named "Stepup Gateway" + And an application named "Stepup SelfService" Scenario: Access is denied because of an IdP specific Deny policy a logo is shown Given SP "Dummy SP" requires a policy enforcement decision diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/SignatureBypassVulnerability.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/SignatureBypassVulnerability.feature index 8a5642c3ec..2756e3ef10 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/SignatureBypassVulnerability.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/SignatureBypassVulnerability.feature @@ -8,7 +8,7 @@ Feature: And no registered SPs And no registered Idps And an Identity Provider named "IdP" - And a Service Provider named "SP" + And an application named "SP" Scenario: Throw an exception if the assertion signature is tampered with When I log in at "SP" diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/SingleSignOn.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/SingleSignOn.feature index 770d871a23..667c460874 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/SingleSignOn.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/SingleSignOn.feature @@ -9,8 +9,8 @@ Feature: And no registered Idps And an Identity Provider named "SSO-IdP" And an Identity Provider named "SSO-Foobar" - And a Service Provider named "SSO-SP" - And a Service Provider named "SSO-Foobar" + And an application named "SSO-SP" + And an application named "SSO-Foobar" Scenario: IdPs are allowed to create NameIDs When I log in at "SSO-SP" diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/SingleSignOnWithScoping.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/SingleSignOnWithScoping.feature index 8d97b56cae..6661a13b7f 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/SingleSignOnWithScoping.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/SingleSignOnWithScoping.feature @@ -1,5 +1,5 @@ Feature: - In order for a service provider to pre-select one or more IDPs + In order for an application to pre-select one or more IDPs As EngineBlock I want to limit the available IDPs in the WAYF based on ACLs or elements in the AuthnRequest @@ -11,8 +11,8 @@ Feature: And an Identity Provider named "IDP2" And an Identity Provider named "IDP3" And an Identity Provider named "IDP4" - And a Service Provider named "SP" - And a Service Provider named "remoteSP" + And an application named "SP" + And an application named "remoteSP" Scenario: The WAYF shows only allowed IDPs Given SP "SP" is not connected to IdP "IDP2" diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/SpProxy.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/SpProxy.feature index 602b447f7b..bd457bfd7c 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/SpProxy.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/SpProxy.feature @@ -11,12 +11,12 @@ Feature: And an Identity Provider named "StepUpOnlyAuth" And an Identity Provider named "LoaOnlyAuth" And an Identity Provider named "CombinedAuth" - And a Service Provider named "Step Up" - And a Service Provider named "Loa SP" - And a Service Provider named "Far SP" - And a Service Provider named "Test SP" - And a Service Provider named "Second SP" - And an unregistered Service Provider named "Unregistered SP" + And an application named "Step Up" + And an application named "Loa SP" + And an application named "Far SP" + And an application named "Test SP" + And an application named "Second SP" + And an unregistered application named "Unregistered SP" And SP "Far SP" is not connected to IdP "CombinedAuth" And SP "Far SP" is not connected to IdP "LoaOnlyAuth" And SP "Far SP" is not connected to IdP "StepUpOnlyAuth" diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/StatusCodes.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/StatusCodes.feature index 155363d6c9..b7ddd75a7b 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/StatusCodes.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/StatusCodes.feature @@ -8,7 +8,7 @@ Feature: And no registered SPs And no registered Idps And an Identity Provider named "Dummy Idp" - And a Service Provider named "Dummy SP" + And an application named "Dummy SP" Scenario: Proxying exceeds the allowed ProxyCount in the AuthnRequest Given SP "Dummy SP" is configured to generate a AuthnRequest with a ProxyCount of 0 diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Stepup.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Stepup.feature index ccb8d42c1d..d27eae401a 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Stepup.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Stepup.feature @@ -8,10 +8,10 @@ Feature: And no registered SPs And no registered Idps And an Identity Provider named "SSO-IdP" - And a Service Provider named "SSO-SP" + And an application named "SSO-SP" And an Identity Provider named "Dummy-IdP" - And a Service Provider named "Dummy-SP" - And a Service Provider named "Proxy-SP" + And an application named "Dummy-SP" + And an application named "Proxy-SP" Scenario: Stepup authentication should be supported if set through SP configuration Given the SP "SSO-SP" requires Stepup LoA "http://dev.openconext.local/assurance/loa2" diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/StepupKeyRollover.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/StepupKeyRollover.feature index a2d476ea57..82b6b21240 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/StepupKeyRollover.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/StepupKeyRollover.feature @@ -10,10 +10,10 @@ Feature: And no registered SPs And no registered Idps And an Identity Provider named "SSO-IdP" - And a Service Provider named "SSO-SP" + And an application named "SSO-SP" And an Identity Provider named "Dummy-IdP" - And a Service Provider named "Dummy-SP" - And a Service Provider named "Proxy-SP" + And an application named "Dummy-SP" + And an application named "Proxy-SP" Scenario: When stepup.sfo.override_engine_entityid is not configured, stepup/metadata should show default EntityId Given feature "eb.stepup.sfo.override_engine_entityid" is disabled diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/UnsolicitedSingleSignOn.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/UnsolicitedSingleSignOn.feature index 986459f2ae..d3e58d0cd5 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/UnsolicitedSingleSignOn.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/UnsolicitedSingleSignOn.feature @@ -8,7 +8,7 @@ Feature: And no registered SPs And no registered Idps And an Identity Provider named "Dummy IdP" - And a Service Provider named "Dummy SP" + And an application named "Dummy SP" Scenario: An IdP can initiated a login When An IdP initiated Single Sign on for SP "Dummy SP" is triggered by IdP "Dummy IdP" diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/UnsolicitedSingleSignOnDisabled.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/UnsolicitedSingleSignOnDisabled.feature index 9695966898..e29feed875 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/UnsolicitedSingleSignOnDisabled.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/UnsolicitedSingleSignOnDisabled.feature @@ -9,7 +9,7 @@ Feature: And no registered SPs And no registered Idps And an Identity Provider named "Dummy IdP" - And a Service Provider named "Dummy SP" + And an application named "Dummy SP" # The feature flag: eb.feature_enable_idp_initiated_flow can disable unsolicited login # EB Shows a 404 page in that case as the entire HTTP route is blocked in that case From 52c94f5bf608437480638b1892193d643b85920c Mon Sep 17 00:00:00 2001 From: Floris Fokkinga <80269262+FlorisFokkinga@users.noreply.github.com> Date: Thu, 5 Dec 2024 09:33:42 +0100 Subject: [PATCH 17/31] fix test --- .../OpenConext/EngineBlockBundle/Pdp/PolicyDecisionTest.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/unit/OpenConext/EngineBlockBundle/Pdp/PolicyDecisionTest.php b/tests/unit/OpenConext/EngineBlockBundle/Pdp/PolicyDecisionTest.php index 48336fdbdb..5c0981ca86 100644 --- a/tests/unit/OpenConext/EngineBlockBundle/Pdp/PolicyDecisionTest.php +++ b/tests/unit/OpenConext/EngineBlockBundle/Pdp/PolicyDecisionTest.php @@ -80,7 +80,7 @@ public function a_deny_policys_localized_deny_message_correctly_falls_back_to_th $decision = PolicyDecision::fromResponse($response); - $expectedFallbackDenyMessage = 'Students do not have access to this resource'; + $expectedFallbackDenyMessage = 'Students do not have access to this application'; $fallbackDenyMessage = $decision->getLocalizedDenyMessage('de', 'en'); From 918fa5b492480199c32d6f5e0ca68a8bbcfd3cf9 Mon Sep 17 00:00:00 2001 From: Floris Fokkinga Date: Thu, 5 Dec 2024 14:23:22 +0100 Subject: [PATCH 18/31] Reverted change in log and test --- ...edirectToFeedbackPageExceptionListener.php | 2 +- .../Features/AcsTinkering.feature | 4 +-- .../Features/AttributeAggregation.feature | 2 +- .../Features/AttributeManipulation.feature | 8 +++--- .../AttributeManipulationException.feature | 4 +-- ...nWithAllManipulationsBeforeConsent.feature | 4 +-- .../Features/AttributeReleasePolicy.feature | 26 +++++++++---------- ...yWithAllManipulationsBeforeConsent.feature | 12 ++++----- .../Features/AuthenticationLoop.feature | 2 +- .../Features/Bindings.feature | 2 +- .../Features/ClearErrorMessages.feature | 6 ++--- .../Features/Consent.feature | 4 +-- .../DisplayUnconnectedIdpsWayf.feature | 2 +- .../Features/EduPersonTargetedId.feature | 10 +++---- .../Features/Encryption.feature | 2 +- .../Features/FeedbackFooters.feature | 2 +- .../Features/InternalCollabPersonId.feature | 4 +-- .../Features/IsPassive.feature | 2 +- .../Features/LocaleSelection.feature | 2 +- .../Features/Logout.feature | 2 +- .../Features/Metadata.feature | 4 +-- .../Features/MfaAuthnContextClassRef.feature | 4 +-- .../Features/MultipleSingleSignOn.feature | 4 +-- .../Features/NameIdFormat.feature | 2 +- .../Features/PolicyEnforcement.feature | 6 ++--- .../SignatureBypassVulnerability.feature | 2 +- .../Features/SingleSignOn.feature | 4 +-- .../Features/SingleSignOnWithScoping.feature | 4 +-- .../Features/SpProxy.feature | 10 +++---- .../Features/StatusCodes.feature | 2 +- .../Features/Stepup.feature | 6 ++--- .../Features/StepupKeyRollover.feature | 6 ++--- .../Features/UnsolicitedSingleSignOn.feature | 2 +- .../UnsolicitedSingleSignOnDisabled.feature | 2 +- 34 files changed, 80 insertions(+), 80 deletions(-) diff --git a/src/OpenConext/EngineBlockBundle/EventListener/RedirectToFeedbackPageExceptionListener.php b/src/OpenConext/EngineBlockBundle/EventListener/RedirectToFeedbackPageExceptionListener.php index 43d26f3f06..a1b8a7192a 100644 --- a/src/OpenConext/EngineBlockBundle/EventListener/RedirectToFeedbackPageExceptionListener.php +++ b/src/OpenConext/EngineBlockBundle/EventListener/RedirectToFeedbackPageExceptionListener.php @@ -163,7 +163,7 @@ public function onKernelException(ExceptionEvent $event) $message = 'Unable to verify message'; $redirectToRoute = 'authentication_feedback_verification_failed'; } elseif ($exception instanceof EngineBlock_Exception_UnknownServiceProvider) { - $message = 'Unknown application Provider'; + $message = 'Unknown Service Provider'; $redirectToRoute = 'authentication_feedback_unknown_service_provider'; $redirectParams = [ diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AcsTinkering.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AcsTinkering.feature index 6d077a534e..50d58ba522 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AcsTinkering.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AcsTinkering.feature @@ -8,8 +8,8 @@ Feature: And no registered SPs And no registered Idps And an Identity Provider named "AlwaysAuth" - And an application named "Malicious SP" - And an application named "Malconfigured SP" + And a Service Provider named "Malicious SP" + And a Service Provider named "Malconfigured SP" And SP "Malicious SP" is set with acs location "javascript:alert('Hello world')" And SP "Malconfigured SP" is set with acs location "sp.example.com" diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeAggregation.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeAggregation.feature index e3d255dc1b..3c5ad6aad0 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeAggregation.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeAggregation.feature @@ -8,7 +8,7 @@ Feature: And no registered SPs And no registered Idps And an Identity Provider named "IDP-AA" - And an application named "SP-AA" + And a Service Provider named "SP-AA" And SP "SP-AA" requires attribute aggregation And feature "eb.run_all_manipulations_prior_to_consent" is disabled diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeManipulation.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeManipulation.feature index 86e79f2f00..9fb07fa755 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeManipulation.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeManipulation.feature @@ -9,10 +9,10 @@ Feature: And no registered Idps And an Identity Provider named "Dummy-IdP" And an Identity Provider named "IdP-with-Attribute-Manipulations" - And an application named "Dummy-SP" - And an application named "SP-with-Attribute-Manipulations" - And an application named "Stepup Gateway" - And an application named "Stepup SelfService" + And a Service Provider named "Dummy-SP" + And a Service Provider named "SP-with-Attribute-Manipulations" + And a Service Provider named "Stepup Gateway" + And a Service Provider named "Stepup SelfService" And feature "eb.run_all_manipulations_prior_to_consent" is disabled Scenario: The application can have an attribute added diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeManipulationException.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeManipulationException.feature index 737ee18c5a..3935b7bafc 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeManipulationException.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeManipulationException.feature @@ -9,8 +9,8 @@ Feature: And no registered Idps And an Identity Provider named "Dummy-IdP" And an Identity Provider named "IdP-with-Attribute-Manipulations" - And an application named "Dummy-SP" - And an application named "SP-with-Attribute-Manipulations" + And a Service Provider named "Dummy-SP" + And a Service Provider named "SP-with-Attribute-Manipulations" Scenario: The application can have an attribute added Given SP "SP-with-Attribute-Manipulations" has the following Attribute Manipulation: diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeManipulationWithAllManipulationsBeforeConsent.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeManipulationWithAllManipulationsBeforeConsent.feature index 2be3f96d19..c1afab4f43 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeManipulationWithAllManipulationsBeforeConsent.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeManipulationWithAllManipulationsBeforeConsent.feature @@ -9,8 +9,8 @@ Feature: And no registered Idps And an Identity Provider named "Dummy-IdP" And an Identity Provider named "IdP-with-Attribute-Manipulations" - And an application named "Dummy-SP" - And an application named "SP-with-Attribute-Manipulations" + And a Service Provider named "Dummy-SP" + And a Service Provider named "SP-with-Attribute-Manipulations" And feature "eb.run_all_manipulations_prior_to_consent" is enabled Scenario: The application can have an attribute added diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeReleasePolicy.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeReleasePolicy.feature index 5b244c9dc2..8bfe708664 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeReleasePolicy.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeReleasePolicy.feature @@ -8,19 +8,19 @@ Feature: And no registered SPs And no registered Idps And an Identity Provider named "TestIdp" - And an application named "No ARP" - And an application named "Empty ARP" - And an application named "Wildcard ARP" - And an application named "Wrong Value ARP" - And an application named "Right Value ARP" - And an application named "Specific Value ARP" - And an application named "Two value ARP" - And an application named "Trusted Proxy" - And an application named "Stepup Gateway" - And an application named "Stepup SelfService" - And an application named "Release As" - And an application named "Use as NameID" - And an application named "Use as NameID and Release As" + And a Service Provider named "No ARP" + And a Service Provider named "Empty ARP" + And a Service Provider named "Wildcard ARP" + And a Service Provider named "Wrong Value ARP" + And a Service Provider named "Right Value ARP" + And a Service Provider named "Specific Value ARP" + And a Service Provider named "Two value ARP" + And a Service Provider named "Trusted Proxy" + And a Service Provider named "Stepup Gateway" + And a Service Provider named "Stepup SelfService" + And a Service Provider named "Release As" + And a Service Provider named "Use as NameID" + And a Service Provider named "Use as NameID and Release As" And SP "Empty ARP" allows no attributes And SP "Wildcard ARP" allows an attribute named "urn:mace:dir:attribute-def:uid" And SP "Wrong Value ARP" allows an attribute named "urn:mace:terena.org:attribute-def:schacHomeOrganization" with value "example.edu" diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeReleasePolicyWithAllManipulationsBeforeConsent.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeReleasePolicyWithAllManipulationsBeforeConsent.feature index 5838860c0f..0ea500c307 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeReleasePolicyWithAllManipulationsBeforeConsent.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeReleasePolicyWithAllManipulationsBeforeConsent.feature @@ -8,12 +8,12 @@ Feature: And no registered SPs And no registered Idps And an Identity Provider named "TestIdp" - And an application named "No ARP" - And an application named "Empty ARP" - And an application named "Wildcard ARP" - And an application named "Wrong Value ARP" - And an application named "Right Value ARP" - And an application named "Two value ARP" + And a Service Provider named "No ARP" + And a Service Provider named "Empty ARP" + And a Service Provider named "Wildcard ARP" + And a Service Provider named "Wrong Value ARP" + And a Service Provider named "Right Value ARP" + And a Service Provider named "Two value ARP" And SP "Empty ARP" allows no attributes And SP "Wildcard ARP" allows an attribute named "urn:mace:dir:attribute-def:uid" And SP "Wrong Value ARP" allows an attribute named "urn:mace:terena.org:attribute-def:schacHomeOrganization" with value "example.edu" diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AuthenticationLoop.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AuthenticationLoop.feature index 9dc45a6c39..48a21c356d 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AuthenticationLoop.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AuthenticationLoop.feature @@ -9,7 +9,7 @@ Feature: And no registered SPs And no registered Idps And an Identity Provider named "Dummy Idp" - And an application named "Dummy SP" + And a Service Provider named "Dummy SP" Scenario: an authentication loop is detected When I log in at "Dummy SP 1" diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Bindings.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Bindings.feature index c9b6077b40..8c631c783d 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Bindings.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Bindings.feature @@ -8,7 +8,7 @@ Feature: And no registered SPs And no registered Idps And an Identity Provider named "Dummy Idp" - And an application named "Dummy SP" + And a Service Provider named "Dummy SP" Scenario: EngineBlock accepts AuthnRequests using HTTP-POST binding Given the SP uses the HTTP POST Binding diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/ClearErrorMessages.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/ClearErrorMessages.feature index 624bb197d3..2ad7a51b9d 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/ClearErrorMessages.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/ClearErrorMessages.feature @@ -8,9 +8,9 @@ Feature: And no registered SPs And no registered Idps And an Identity Provider named "Dummy Idp" - And an application named "Dummy SP" - And an application named "Unconnected SP" - And an application named "Trusted SP" + And a Service Provider named "Dummy SP" + And a Service Provider named "Unconnected SP" + And a Service Provider named "Trusted SP" And an unregistered application named "Unregistered SP" And SP "Unconnected SP" is not connected to IdP "Dummy Idp" diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Consent.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Consent.feature index 32d7aacd33..fbd2984e44 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Consent.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Consent.feature @@ -7,8 +7,8 @@ Feature: Background: Given an EngineBlock instance on "dev.openconext.local" And an Identity Provider named "Dummy-IdP" - And an application named "Dummy-SP" - And an application named "Trusted Proxy" + And a Service Provider named "Dummy-SP" + And a Service Provider named "Trusted Proxy" And SP "Dummy-SP" allows the following attributes: | Name | Value | Source | Motivation | diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/DisplayUnconnectedIdpsWayf.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/DisplayUnconnectedIdpsWayf.feature index a15bd684f4..df3def8c90 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/DisplayUnconnectedIdpsWayf.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/DisplayUnconnectedIdpsWayf.feature @@ -7,7 +7,7 @@ Feature: Given an EngineBlock instance on "dev.openconext.local" And no registered SPs And no registered Idps - And an application named "SP" + And a Service Provider named "SP" And an Identity Provider named "Connected IdP1" And an Identity Provider named "Connected IdP2" And an Identity Provider named "Unconnected IdP1" diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/EduPersonTargetedId.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/EduPersonTargetedId.feature index 0810db464a..7d0f38f437 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/EduPersonTargetedId.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/EduPersonTargetedId.feature @@ -8,11 +8,11 @@ Feature: And no registered SPs And no registered Idps And an Identity Provider named "TestIdp" - And an application named "No ARP" - And an application named "Empty ARP" - And an application named "ARP without ePTI" - And an application named "ARP with ePTI" - And an application named "Step Up" + And a Service Provider named "No ARP" + And a Service Provider named "Empty ARP" + And a Service Provider named "ARP without ePTI" + And a Service Provider named "ARP with ePTI" + And a Service Provider named "Step Up" And SP "ARP with ePTI" uses the Unspecified NameID format And SP "Empty ARP" allows no attributes And SP "ARP without ePTI" allows an attribute named "urn:mace:dir:attribute-def:uid" diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Encryption.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Encryption.feature index 9194bc156d..3ef9bad094 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Encryption.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Encryption.feature @@ -8,7 +8,7 @@ Feature: And no registered SPs And no registered Idps And an Identity Provider named "Dummy Idp" - And an application named "Dummy SP" + And a Service Provider named "Dummy SP" Scenario: EngineBlock accepts RSA Encrypted Responses Given the SP uses the HTTP POST Binding diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/FeedbackFooters.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/FeedbackFooters.feature index b95db1e989..aa06df815a 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/FeedbackFooters.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/FeedbackFooters.feature @@ -8,7 +8,7 @@ Feature: And no registered SPs And no registered Idps And an Identity Provider named "Dummy Idp" - And an application named "Dummy SP" + And a Service Provider named "Dummy SP" Scenario: When a wiki link is configured in a translation the wiki link should be visible Given I have configured the following translations: diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/InternalCollabPersonId.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/InternalCollabPersonId.feature index 9b3a4e3a6f..bc7fb71327 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/InternalCollabPersonId.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/InternalCollabPersonId.feature @@ -8,8 +8,8 @@ Feature: And no registered SPs And no registered Idps And an Identity Provider named "AlwaysAuth" - And an application named "Step Up TP" - And an application named "SelfService" + And a Service Provider named "Step Up TP" + And a Service Provider named "SelfService" Scenario: User logs in to SP, in that case the internalCollabPersonId should NOT be present Given SP "SelfService" signs its requests diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/IsPassive.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/IsPassive.feature index 70a4275d5e..2280e126ac 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/IsPassive.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/IsPassive.feature @@ -8,7 +8,7 @@ Feature: And no registered SPs And no registered Idps And an Identity Provider named "Dummy IdP" - And an application named "Dummy SP" + And a Service Provider named "Dummy SP" Scenario: A passive AuthnRequest is handled without issue Given SP "Dummy SP" is configured to generate a passive AuthnRequest diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/LocaleSelection.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/LocaleSelection.feature index 3d47d671ab..d90cb8e8ef 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/LocaleSelection.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/LocaleSelection.feature @@ -8,7 +8,7 @@ Feature: Given an EngineBlock instance on "dev.openconext.local" And an Identity Provider named "First IdP" And an Identity Provider named "Second IdP" - And an application named "Test SP" + And a Service Provider named "Test SP" And my browser is configured to accept language "nl-NL" Scenario: a user makes their first visit and doesn't have a locale cookie diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Logout.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Logout.feature index 0c288ab3ab..27ad08cbd0 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Logout.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Logout.feature @@ -8,7 +8,7 @@ Feature: And no registered SPs And no registered Idps And an Identity Provider named "Dummy IdP" - And an application named "Dummy SP" + And a Service Provider named "Dummy SP" Scenario: A user can log out When I log in at "Dummy SP" diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Metadata.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Metadata.feature index 9e0249b647..864cc43449 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Metadata.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Metadata.feature @@ -123,7 +123,7 @@ Feature: Given an Identity Provider named "Connected-IdP" And an Identity Provider named "Second-Connected-IdP" And an Identity Provider named "Not-Connected-IdP" - And an application named "Test-SP" + And a Service Provider named "Test-SP" And SP "Test-SP" is not connected to IdP "Not-Connected-IdP" When I go to Engineblock URL "/authentication/proxy/idps-metadata?sp-entity-id=https://engine.dev.openconext.local/functional-testing/Test-SP/metadata" # Verify the two connected IdPs are present in the list @@ -205,7 +205,7 @@ Feature: Given an Identity Provider named "Connected-IdP" And an Identity Provider named "Second-Connected-IdP" And an Identity Provider named "Not-Connected-IdP" - And an application named "Test-SP" + And a Service Provider named "Test-SP" And SP "Test-SP" is not connected to IdP "Not-Connected-IdP" When I go to Engineblock URL "/authentication/proxy/idps-metadata/key:default?sp-entity-id=https://engine.dev.openconext.local/functional-testing/Test-SP/metadata" # Verify the two connected IdPs are present in the list diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/MfaAuthnContextClassRef.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/MfaAuthnContextClassRef.feature index 764e96f23d..d3896ff0ae 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/MfaAuthnContextClassRef.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/MfaAuthnContextClassRef.feature @@ -8,8 +8,8 @@ Feature: And no registered SPs And no registered Idps And an Identity Provider named "SSO-IdP" - And an application named "SSO-SP" - And an application named "Trusted SP" + And a Service Provider named "SSO-SP" + And a Service Provider named "Trusted SP" Scenario: The configured authn method should be set as AuthnContextClassRef if configured with the IdP configuration mapping Given the IdP "SSO-IdP" is configured for MFA authn method "http://schemas.microsoft.com/claims/multipleauthn" for SP "SSO-SP" diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/MultipleSingleSignOn.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/MultipleSingleSignOn.feature index dd15355228..be640ba9a7 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/MultipleSingleSignOn.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/MultipleSingleSignOn.feature @@ -9,8 +9,8 @@ Feature: And no registered SPs And no registered Idps And an Identity Provider named "SSO-IdP" - And an application named "SSO-SP" - And an application named "SSO-Two" + And a Service Provider named "SSO-SP" + And a Service Provider named "SSO-Two" And I open 2 browser tabs identified by "Browser tab 1, Browser tab 2" Scenario: Two solicited authentication requests sequential diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/NameIdFormat.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/NameIdFormat.feature index 2f135c9b53..60c6f3e98c 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/NameIdFormat.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/NameIdFormat.feature @@ -8,7 +8,7 @@ Feature: And no registered SPs And no registered Idps And an Identity Provider named "SSO-IdP" - And an application named "SSO-SP" + And a Service Provider named "SSO-SP" Scenario: EngineBlock should not update the Unspecified NameIdFormat when no ARP filters are applied Given SP "SSO-SP" uses the Unspecified NameID format diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/PolicyEnforcement.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/PolicyEnforcement.feature index 50d7cb929b..abb0267b89 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/PolicyEnforcement.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/PolicyEnforcement.feature @@ -8,9 +8,9 @@ Feature: And no registered SPs And no registered Idps And an Identity Provider named "Dummy IdP" with logo "idp-logo.jpg" - And an application named "Dummy SP" - And an application named "Stepup Gateway" - And an application named "Stepup SelfService" + And a Service Provider named "Dummy SP" + And a Service Provider named "Stepup Gateway" + And a Service Provider named "Stepup SelfService" Scenario: Access is denied because of an IdP specific Deny policy a logo is shown Given SP "Dummy SP" requires a policy enforcement decision diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/SignatureBypassVulnerability.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/SignatureBypassVulnerability.feature index 2756e3ef10..8a5642c3ec 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/SignatureBypassVulnerability.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/SignatureBypassVulnerability.feature @@ -8,7 +8,7 @@ Feature: And no registered SPs And no registered Idps And an Identity Provider named "IdP" - And an application named "SP" + And a Service Provider named "SP" Scenario: Throw an exception if the assertion signature is tampered with When I log in at "SP" diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/SingleSignOn.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/SingleSignOn.feature index 667c460874..770d871a23 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/SingleSignOn.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/SingleSignOn.feature @@ -9,8 +9,8 @@ Feature: And no registered Idps And an Identity Provider named "SSO-IdP" And an Identity Provider named "SSO-Foobar" - And an application named "SSO-SP" - And an application named "SSO-Foobar" + And a Service Provider named "SSO-SP" + And a Service Provider named "SSO-Foobar" Scenario: IdPs are allowed to create NameIDs When I log in at "SSO-SP" diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/SingleSignOnWithScoping.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/SingleSignOnWithScoping.feature index 6661a13b7f..8a5f15d9c9 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/SingleSignOnWithScoping.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/SingleSignOnWithScoping.feature @@ -11,8 +11,8 @@ Feature: And an Identity Provider named "IDP2" And an Identity Provider named "IDP3" And an Identity Provider named "IDP4" - And an application named "SP" - And an application named "remoteSP" + And a Service Provider named "SP" + And a Service Provider named "remoteSP" Scenario: The WAYF shows only allowed IDPs Given SP "SP" is not connected to IdP "IDP2" diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/SpProxy.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/SpProxy.feature index bd457bfd7c..59fd694f83 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/SpProxy.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/SpProxy.feature @@ -11,11 +11,11 @@ Feature: And an Identity Provider named "StepUpOnlyAuth" And an Identity Provider named "LoaOnlyAuth" And an Identity Provider named "CombinedAuth" - And an application named "Step Up" - And an application named "Loa SP" - And an application named "Far SP" - And an application named "Test SP" - And an application named "Second SP" + And a Service Provider named "Step Up" + And a Service Provider named "Loa SP" + And a Service Provider named "Far SP" + And a Service Provider named "Test SP" + And a Service Provider named "Second SP" And an unregistered application named "Unregistered SP" And SP "Far SP" is not connected to IdP "CombinedAuth" And SP "Far SP" is not connected to IdP "LoaOnlyAuth" diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/StatusCodes.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/StatusCodes.feature index b7ddd75a7b..155363d6c9 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/StatusCodes.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/StatusCodes.feature @@ -8,7 +8,7 @@ Feature: And no registered SPs And no registered Idps And an Identity Provider named "Dummy Idp" - And an application named "Dummy SP" + And a Service Provider named "Dummy SP" Scenario: Proxying exceeds the allowed ProxyCount in the AuthnRequest Given SP "Dummy SP" is configured to generate a AuthnRequest with a ProxyCount of 0 diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Stepup.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Stepup.feature index d27eae401a..ccb8d42c1d 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Stepup.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Stepup.feature @@ -8,10 +8,10 @@ Feature: And no registered SPs And no registered Idps And an Identity Provider named "SSO-IdP" - And an application named "SSO-SP" + And a Service Provider named "SSO-SP" And an Identity Provider named "Dummy-IdP" - And an application named "Dummy-SP" - And an application named "Proxy-SP" + And a Service Provider named "Dummy-SP" + And a Service Provider named "Proxy-SP" Scenario: Stepup authentication should be supported if set through SP configuration Given the SP "SSO-SP" requires Stepup LoA "http://dev.openconext.local/assurance/loa2" diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/StepupKeyRollover.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/StepupKeyRollover.feature index 82b6b21240..a2d476ea57 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/StepupKeyRollover.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/StepupKeyRollover.feature @@ -10,10 +10,10 @@ Feature: And no registered SPs And no registered Idps And an Identity Provider named "SSO-IdP" - And an application named "SSO-SP" + And a Service Provider named "SSO-SP" And an Identity Provider named "Dummy-IdP" - And an application named "Dummy-SP" - And an application named "Proxy-SP" + And a Service Provider named "Dummy-SP" + And a Service Provider named "Proxy-SP" Scenario: When stepup.sfo.override_engine_entityid is not configured, stepup/metadata should show default EntityId Given feature "eb.stepup.sfo.override_engine_entityid" is disabled diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/UnsolicitedSingleSignOn.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/UnsolicitedSingleSignOn.feature index d3e58d0cd5..986459f2ae 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/UnsolicitedSingleSignOn.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/UnsolicitedSingleSignOn.feature @@ -8,7 +8,7 @@ Feature: And no registered SPs And no registered Idps And an Identity Provider named "Dummy IdP" - And an application named "Dummy SP" + And a Service Provider named "Dummy SP" Scenario: An IdP can initiated a login When An IdP initiated Single Sign on for SP "Dummy SP" is triggered by IdP "Dummy IdP" diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/UnsolicitedSingleSignOnDisabled.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/UnsolicitedSingleSignOnDisabled.feature index e29feed875..9695966898 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/UnsolicitedSingleSignOnDisabled.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/UnsolicitedSingleSignOnDisabled.feature @@ -9,7 +9,7 @@ Feature: And no registered SPs And no registered Idps And an Identity Provider named "Dummy IdP" - And an application named "Dummy SP" + And a Service Provider named "Dummy SP" # The feature flag: eb.feature_enable_idp_initiated_flow can disable unsolicited login # EB Shows a 404 page in that case as the entire HTTP route is blocked in that case From 5b3e73ca61647405fd0cf3b335c15530ae7a7e60 Mon Sep 17 00:00:00 2001 From: Floris Fokkinga <80269262+FlorisFokkinga@users.noreply.github.com> Date: Mon, 7 Oct 2024 17:04:56 +0200 Subject: [PATCH 19/31] terminology login -> log in (verb) service -> application --- languages/messages.en.php | 2 +- languages/messages.nl.php | 12 ++++++------ 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/languages/messages.en.php b/languages/messages.en.php index ec4954282f..73b42323d5 100644 --- a/languages/messages.en.php +++ b/languages/messages.en.php @@ -272,7 +272,7 @@ 'error_stepup_callout_unmet_loa_desc' => 'To continue to this application, a registered token with a certain level of assurance is required. Currently, you either haven\'t registered a token at all, or the level of assurance of the token you did register is too low. See the link below for more information about the registration process.', 'error_stepup_callout_unmet_loa_link_text' => 'Read more about the registration process.', 'error_stepup_callout_unmet_loa_link_target' => 'https://support.surfconext.nl/stepup-noauthncontext-en', - 'error_stepup_callout_user_cancelled' => 'Error - Logging in cancelled', + 'error_stepup_callout_user_cancelled_title' => 'Error - Logging in cancelled', 'error_stepup_callout_user_cancelled_desc' => 'You have aborted the login process. Go back to the application if you want to try again.', 'error_metadata_entity_id_not_found' => 'Metadata can not be generated', 'error_metadata_entity_id_not_found_desc' => 'The following error occurred: %message%', diff --git a/languages/messages.nl.php b/languages/messages.nl.php index 683fdee95b..bfa5bac472 100644 --- a/languages/messages.nl.php +++ b/languages/messages.nl.php @@ -186,17 +186,17 @@ 'error_unsupported_signature_method' => 'Fout - Ondertekeningsmethode wordt niet ondersteund', 'error_unsupported_signature_method_desc' => 'De ondertekeningsmethode %arg1% wordt niet ondersteund, upgrade naar RSA-SHA256 (http://www.w3.org/2001/04/xmldsig-more#rsa-sha256).', 'error_unknown_keyid' => 'Fout - onbekend key-ID', - 'error_unknown_keyid_desc' => 'De gevraagde key-ID is niet bekend bij %suiteName%. Wellicht gebruikt de applicatie achterhaalde metadata of is er sprake van een andere configuratiefout.', - 'error_unknown_preselected_idp' => 'Fout - %spName% niet toegankelijk via je %organisationNoun%', - 'error_unknown_preselected_idp_no_sp_name' => 'Fout - Applicatie niet toegankelijk via je %organisationNoun%', + 'error_unknown_keyid_desc' => 'De gevraagde key-ID is niet bekend bij %suiteName%. Wellicht gebruikt de service provider achterhaalde metadata of is er sprake van een andere configuratiefout.', + 'error_unknown_preselected_idp' => 'Fout - %spName% niet toegankelijk via %organisationNoun%', + 'error_unknown_preselected_idp_no_sp_name' => 'Fout - Applicatie niet toegankelijk via %organisationNoun%', 'error_unknown_preselected_idp_desc' => 'De %organisationNoun% waarmee je wilt inloggen heeft toegang tot %spName% niet geactiveerd. Dat betekent dat jij geen gebruik kunt maken van deze applicatie via %suiteName%. Neem contact op met de helpdesk van jouw %organisationNoun% als je toegang wilt krijgen tot %spName%. Geef daarbij aan dat het om %spName% gaat en waarom je toegang wilt.', - 'error_unknown_preselected_idp_desc_no_sp_name' => 'De %organisationNoun% waarmee je wilt inloggen heeft toegang tot deze applicatie niet geactiveerd. Dat betekent dat jij geen gebruik kunt maken van deze applicatie via %suiteName%. Neem contact op met de helpdesk van jouw %organisationNoun% als je toegang wilt krijgen tot deze applicatie. Geef daarbij aan om welke applicatie het gaat en waarom je toegang wilt.', + 'error_unknown_preselected_idp_desc_no_sp_name' => 'De %organisationNoun% waarmee je wilt inloggen heeft toegang tot deze applicatie niet geactiveerd. Dat betekent dat jij geen gebruik kunt maken van deze applicatie via %suiteName%. Neem contact op met de helpdesk van jouw %organisationNoun% als je toegang wilt krijgen tot deze applicatie. Geef daarbij aan om welke applicatie het gaat (de "SP") en waarom je toegang wilt.', 'error_unknown_service_provider' => 'Error - %spName% onbekend', 'error_unknown_service_provider_no_sp_name' => 'Error - Onbekende applicatie', 'error_unknown_service_provider_desc' => '%spName% is onbekend bij %suiteName%. Wellicht heeft %idpName% toegang tot deze applicatie niet geactiveerd. Wil je gebruik maken van %spName%, wend je dan tot de helpdesk van %idpName%.', - 'error_unknown_service_provider_desc_no_sp_name' => 'De verzochte applicatie is onbekend bij %suiteName%. Wellicht heeft %idpName% toegang tot deze applicatie niet geactiveerd. Wil je gebruik maken van deze applicatie, wend je dan tot de helpdesk van %idpName%.', + 'error_unknown_service_provider_desc_no_sp_name' => 'De verzochte Service Provider is onbekend bij %suiteName%. Wellicht heeft %idpName% toegang tot deze applicatie niet geactiveerd. Wil je gebruik maken van deze applicatie, wend je dan tot de helpdesk van %idpName%.', 'error_unknown_service_provider_desc_no_idp_name' => '%spName% is onbekend bij %suiteName%. Wellicht heeft je %organisationNoun% toegang tot deze applicatie niet geactiveerd. Wil je gebruik maken van %spName%, wend je dan tot de helpdesk van je %organisationNoun%.', - 'error_unknown_service_provider_desc_no_names' => 'De verzochte applicatie is onbekend bij %suiteName%. Wellicht heeft je %organisationNoun% toegang tot deze applicatie niet geactiveerd. Wil je gebruik maken van deze applicatie, wend je dan tot de helpdesk van je %organisationNoun%.', + 'error_unknown_service_provider_desc_no_names' => 'De verzochte Service Provider is onbekend bij %suiteName%. Wellicht heeft je %organisationNoun% toegang tot deze applicatie niet geactiveerd. Wil je gebruik maken van deze applicatie, wend je dan tot de helpdesk van je %organisationNoun%.', 'error_unsupported_acs_location_scheme' => 'Fout - URI scheme van de ACS locatie wordt niet ondersteund', 'error_unknown_identity_provider' => 'Error - %idpName% onbekend', 'error_unknown_identity_provider_no_idp_name' => 'Error - Onbekende %organisationNoun%', From aa51de1d377d0142ec2aeb9072cf09f433086f8e Mon Sep 17 00:00:00 2001 From: Floris Fokkinga <80269262+FlorisFokkinga@users.noreply.github.com> Date: Mon, 2 Dec 2024 16:21:58 +0100 Subject: [PATCH 20/31] minor improvements --- languages/messages.nl.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/languages/messages.nl.php b/languages/messages.nl.php index bfa5bac472..311dbf22c0 100644 --- a/languages/messages.nl.php +++ b/languages/messages.nl.php @@ -187,8 +187,8 @@ 'error_unsupported_signature_method_desc' => 'De ondertekeningsmethode %arg1% wordt niet ondersteund, upgrade naar RSA-SHA256 (http://www.w3.org/2001/04/xmldsig-more#rsa-sha256).', 'error_unknown_keyid' => 'Fout - onbekend key-ID', 'error_unknown_keyid_desc' => 'De gevraagde key-ID is niet bekend bij %suiteName%. Wellicht gebruikt de service provider achterhaalde metadata of is er sprake van een andere configuratiefout.', - 'error_unknown_preselected_idp' => 'Fout - %spName% niet toegankelijk via %organisationNoun%', - 'error_unknown_preselected_idp_no_sp_name' => 'Fout - Applicatie niet toegankelijk via %organisationNoun%', + 'error_unknown_preselected_idp' => 'Fout - %spName% niet toegankelijk via je %organisationNoun%', + 'error_unknown_preselected_idp_no_sp_name' => 'Fout - Applicatie niet toegankelijk via je %organisationNoun%', 'error_unknown_preselected_idp_desc' => 'De %organisationNoun% waarmee je wilt inloggen heeft toegang tot %spName% niet geactiveerd. Dat betekent dat jij geen gebruik kunt maken van deze applicatie via %suiteName%. Neem contact op met de helpdesk van jouw %organisationNoun% als je toegang wilt krijgen tot %spName%. Geef daarbij aan dat het om %spName% gaat en waarom je toegang wilt.', 'error_unknown_preselected_idp_desc_no_sp_name' => 'De %organisationNoun% waarmee je wilt inloggen heeft toegang tot deze applicatie niet geactiveerd. Dat betekent dat jij geen gebruik kunt maken van deze applicatie via %suiteName%. Neem contact op met de helpdesk van jouw %organisationNoun% als je toegang wilt krijgen tot deze applicatie. Geef daarbij aan om welke applicatie het gaat (de "SP") en waarom je toegang wilt.', 'error_unknown_service_provider' => 'Error - %spName% onbekend', From b26d73c7dbbf28734e5eb1f0c82eb9325bc698dd Mon Sep 17 00:00:00 2001 From: Thijs Kinkhorst Date: Fri, 6 Dec 2024 09:54:59 +0100 Subject: [PATCH 21/31] terminology login -> log in (verb) service -> application --- languages/messages.nl.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/languages/messages.nl.php b/languages/messages.nl.php index 311dbf22c0..bfa5bac472 100644 --- a/languages/messages.nl.php +++ b/languages/messages.nl.php @@ -187,8 +187,8 @@ 'error_unsupported_signature_method_desc' => 'De ondertekeningsmethode %arg1% wordt niet ondersteund, upgrade naar RSA-SHA256 (http://www.w3.org/2001/04/xmldsig-more#rsa-sha256).', 'error_unknown_keyid' => 'Fout - onbekend key-ID', 'error_unknown_keyid_desc' => 'De gevraagde key-ID is niet bekend bij %suiteName%. Wellicht gebruikt de service provider achterhaalde metadata of is er sprake van een andere configuratiefout.', - 'error_unknown_preselected_idp' => 'Fout - %spName% niet toegankelijk via je %organisationNoun%', - 'error_unknown_preselected_idp_no_sp_name' => 'Fout - Applicatie niet toegankelijk via je %organisationNoun%', + 'error_unknown_preselected_idp' => 'Fout - %spName% niet toegankelijk via %organisationNoun%', + 'error_unknown_preselected_idp_no_sp_name' => 'Fout - Applicatie niet toegankelijk via %organisationNoun%', 'error_unknown_preselected_idp_desc' => 'De %organisationNoun% waarmee je wilt inloggen heeft toegang tot %spName% niet geactiveerd. Dat betekent dat jij geen gebruik kunt maken van deze applicatie via %suiteName%. Neem contact op met de helpdesk van jouw %organisationNoun% als je toegang wilt krijgen tot %spName%. Geef daarbij aan dat het om %spName% gaat en waarom je toegang wilt.', 'error_unknown_preselected_idp_desc_no_sp_name' => 'De %organisationNoun% waarmee je wilt inloggen heeft toegang tot deze applicatie niet geactiveerd. Dat betekent dat jij geen gebruik kunt maken van deze applicatie via %suiteName%. Neem contact op met de helpdesk van jouw %organisationNoun% als je toegang wilt krijgen tot deze applicatie. Geef daarbij aan om welke applicatie het gaat (de "SP") en waarom je toegang wilt.', 'error_unknown_service_provider' => 'Error - %spName% onbekend', From 28081aabf4b7dc0b925521bcd4d1b44b0ce29b34 Mon Sep 17 00:00:00 2001 From: Floris Fokkinga <80269262+FlorisFokkinga@users.noreply.github.com> Date: Mon, 2 Dec 2024 16:21:58 +0100 Subject: [PATCH 22/31] minor improvements --- languages/messages.nl.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/languages/messages.nl.php b/languages/messages.nl.php index bfa5bac472..311dbf22c0 100644 --- a/languages/messages.nl.php +++ b/languages/messages.nl.php @@ -187,8 +187,8 @@ 'error_unsupported_signature_method_desc' => 'De ondertekeningsmethode %arg1% wordt niet ondersteund, upgrade naar RSA-SHA256 (http://www.w3.org/2001/04/xmldsig-more#rsa-sha256).', 'error_unknown_keyid' => 'Fout - onbekend key-ID', 'error_unknown_keyid_desc' => 'De gevraagde key-ID is niet bekend bij %suiteName%. Wellicht gebruikt de service provider achterhaalde metadata of is er sprake van een andere configuratiefout.', - 'error_unknown_preselected_idp' => 'Fout - %spName% niet toegankelijk via %organisationNoun%', - 'error_unknown_preselected_idp_no_sp_name' => 'Fout - Applicatie niet toegankelijk via %organisationNoun%', + 'error_unknown_preselected_idp' => 'Fout - %spName% niet toegankelijk via je %organisationNoun%', + 'error_unknown_preselected_idp_no_sp_name' => 'Fout - Applicatie niet toegankelijk via je %organisationNoun%', 'error_unknown_preselected_idp_desc' => 'De %organisationNoun% waarmee je wilt inloggen heeft toegang tot %spName% niet geactiveerd. Dat betekent dat jij geen gebruik kunt maken van deze applicatie via %suiteName%. Neem contact op met de helpdesk van jouw %organisationNoun% als je toegang wilt krijgen tot %spName%. Geef daarbij aan dat het om %spName% gaat en waarom je toegang wilt.', 'error_unknown_preselected_idp_desc_no_sp_name' => 'De %organisationNoun% waarmee je wilt inloggen heeft toegang tot deze applicatie niet geactiveerd. Dat betekent dat jij geen gebruik kunt maken van deze applicatie via %suiteName%. Neem contact op met de helpdesk van jouw %organisationNoun% als je toegang wilt krijgen tot deze applicatie. Geef daarbij aan om welke applicatie het gaat (de "SP") en waarom je toegang wilt.', 'error_unknown_service_provider' => 'Error - %spName% onbekend', From e8a2614e815f6582b9293260fa5d80d959470041 Mon Sep 17 00:00:00 2001 From: Floris Fokkinga <80269262+FlorisFokkinga@users.noreply.github.com> Date: Wed, 4 Dec 2024 16:43:31 +0100 Subject: [PATCH 23/31] Update languages/messages.nl.php Co-authored-by: Thijs Kinkhorst --- languages/messages.nl.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/languages/messages.nl.php b/languages/messages.nl.php index 311dbf22c0..42256b3241 100644 --- a/languages/messages.nl.php +++ b/languages/messages.nl.php @@ -190,7 +190,7 @@ 'error_unknown_preselected_idp' => 'Fout - %spName% niet toegankelijk via je %organisationNoun%', 'error_unknown_preselected_idp_no_sp_name' => 'Fout - Applicatie niet toegankelijk via je %organisationNoun%', 'error_unknown_preselected_idp_desc' => 'De %organisationNoun% waarmee je wilt inloggen heeft toegang tot %spName% niet geactiveerd. Dat betekent dat jij geen gebruik kunt maken van deze applicatie via %suiteName%. Neem contact op met de helpdesk van jouw %organisationNoun% als je toegang wilt krijgen tot %spName%. Geef daarbij aan dat het om %spName% gaat en waarom je toegang wilt.', - 'error_unknown_preselected_idp_desc_no_sp_name' => 'De %organisationNoun% waarmee je wilt inloggen heeft toegang tot deze applicatie niet geactiveerd. Dat betekent dat jij geen gebruik kunt maken van deze applicatie via %suiteName%. Neem contact op met de helpdesk van jouw %organisationNoun% als je toegang wilt krijgen tot deze applicatie. Geef daarbij aan om welke applicatie het gaat (de "SP") en waarom je toegang wilt.', + 'error_unknown_preselected_idp_desc_no_sp_name' => 'De %organisationNoun% waarmee je wilt inloggen heeft toegang tot deze applicatie niet geactiveerd. Dat betekent dat jij geen gebruik kunt maken van deze applicatie via %suiteName%. Neem contact op met de helpdesk van jouw %organisationNoun% als je toegang wilt krijgen tot deze applicatie. Geef daarbij aan om welke applicatie het gaat en waarom je toegang wilt.', 'error_unknown_service_provider' => 'Error - %spName% onbekend', 'error_unknown_service_provider_no_sp_name' => 'Error - Onbekende applicatie', 'error_unknown_service_provider_desc' => '%spName% is onbekend bij %suiteName%. Wellicht heeft %idpName% toegang tot deze applicatie niet geactiveerd. Wil je gebruik maken van %spName%, wend je dan tot de helpdesk van %idpName%.', From 4fc34f0fa8778bcc84fe1773822f2c426203b26d Mon Sep 17 00:00:00 2001 From: Floris Fokkinga <80269262+FlorisFokkinga@users.noreply.github.com> Date: Thu, 5 Dec 2024 08:29:34 +0100 Subject: [PATCH 24/31] fix test, missed translation --- languages/messages.nl.php | 6 +++--- .../RedirectToFeedbackPageExceptionListener.php | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/languages/messages.nl.php b/languages/messages.nl.php index 42256b3241..683fdee95b 100644 --- a/languages/messages.nl.php +++ b/languages/messages.nl.php @@ -186,7 +186,7 @@ 'error_unsupported_signature_method' => 'Fout - Ondertekeningsmethode wordt niet ondersteund', 'error_unsupported_signature_method_desc' => 'De ondertekeningsmethode %arg1% wordt niet ondersteund, upgrade naar RSA-SHA256 (http://www.w3.org/2001/04/xmldsig-more#rsa-sha256).', 'error_unknown_keyid' => 'Fout - onbekend key-ID', - 'error_unknown_keyid_desc' => 'De gevraagde key-ID is niet bekend bij %suiteName%. Wellicht gebruikt de service provider achterhaalde metadata of is er sprake van een andere configuratiefout.', + 'error_unknown_keyid_desc' => 'De gevraagde key-ID is niet bekend bij %suiteName%. Wellicht gebruikt de applicatie achterhaalde metadata of is er sprake van een andere configuratiefout.', 'error_unknown_preselected_idp' => 'Fout - %spName% niet toegankelijk via je %organisationNoun%', 'error_unknown_preselected_idp_no_sp_name' => 'Fout - Applicatie niet toegankelijk via je %organisationNoun%', 'error_unknown_preselected_idp_desc' => 'De %organisationNoun% waarmee je wilt inloggen heeft toegang tot %spName% niet geactiveerd. Dat betekent dat jij geen gebruik kunt maken van deze applicatie via %suiteName%. Neem contact op met de helpdesk van jouw %organisationNoun% als je toegang wilt krijgen tot %spName%. Geef daarbij aan dat het om %spName% gaat en waarom je toegang wilt.', @@ -194,9 +194,9 @@ 'error_unknown_service_provider' => 'Error - %spName% onbekend', 'error_unknown_service_provider_no_sp_name' => 'Error - Onbekende applicatie', 'error_unknown_service_provider_desc' => '%spName% is onbekend bij %suiteName%. Wellicht heeft %idpName% toegang tot deze applicatie niet geactiveerd. Wil je gebruik maken van %spName%, wend je dan tot de helpdesk van %idpName%.', - 'error_unknown_service_provider_desc_no_sp_name' => 'De verzochte Service Provider is onbekend bij %suiteName%. Wellicht heeft %idpName% toegang tot deze applicatie niet geactiveerd. Wil je gebruik maken van deze applicatie, wend je dan tot de helpdesk van %idpName%.', + 'error_unknown_service_provider_desc_no_sp_name' => 'De verzochte applicatie is onbekend bij %suiteName%. Wellicht heeft %idpName% toegang tot deze applicatie niet geactiveerd. Wil je gebruik maken van deze applicatie, wend je dan tot de helpdesk van %idpName%.', 'error_unknown_service_provider_desc_no_idp_name' => '%spName% is onbekend bij %suiteName%. Wellicht heeft je %organisationNoun% toegang tot deze applicatie niet geactiveerd. Wil je gebruik maken van %spName%, wend je dan tot de helpdesk van je %organisationNoun%.', - 'error_unknown_service_provider_desc_no_names' => 'De verzochte Service Provider is onbekend bij %suiteName%. Wellicht heeft je %organisationNoun% toegang tot deze applicatie niet geactiveerd. Wil je gebruik maken van deze applicatie, wend je dan tot de helpdesk van je %organisationNoun%.', + 'error_unknown_service_provider_desc_no_names' => 'De verzochte applicatie is onbekend bij %suiteName%. Wellicht heeft je %organisationNoun% toegang tot deze applicatie niet geactiveerd. Wil je gebruik maken van deze applicatie, wend je dan tot de helpdesk van je %organisationNoun%.', 'error_unsupported_acs_location_scheme' => 'Fout - URI scheme van de ACS locatie wordt niet ondersteund', 'error_unknown_identity_provider' => 'Error - %idpName% onbekend', 'error_unknown_identity_provider_no_idp_name' => 'Error - Onbekende %organisationNoun%', diff --git a/src/OpenConext/EngineBlockBundle/EventListener/RedirectToFeedbackPageExceptionListener.php b/src/OpenConext/EngineBlockBundle/EventListener/RedirectToFeedbackPageExceptionListener.php index a1b8a7192a..43d26f3f06 100644 --- a/src/OpenConext/EngineBlockBundle/EventListener/RedirectToFeedbackPageExceptionListener.php +++ b/src/OpenConext/EngineBlockBundle/EventListener/RedirectToFeedbackPageExceptionListener.php @@ -163,7 +163,7 @@ public function onKernelException(ExceptionEvent $event) $message = 'Unable to verify message'; $redirectToRoute = 'authentication_feedback_verification_failed'; } elseif ($exception instanceof EngineBlock_Exception_UnknownServiceProvider) { - $message = 'Unknown Service Provider'; + $message = 'Unknown application Provider'; $redirectToRoute = 'authentication_feedback_unknown_service_provider'; $redirectParams = [ From cda1b851d7502f35e2e6acf17ad135579d04d552 Mon Sep 17 00:00:00 2001 From: Floris Fokkinga <80269262+FlorisFokkinga@users.noreply.github.com> Date: Thu, 5 Dec 2024 09:14:01 +0100 Subject: [PATCH 25/31] bulk fix tests --- .../Features/AcsTinkering.feature | 4 +-- .../Features/AttributeAggregation.feature | 2 +- .../Features/AttributeManipulation.feature | 8 +++--- .../AttributeManipulationException.feature | 4 +-- ...nWithAllManipulationsBeforeConsent.feature | 4 +-- .../Features/AttributeReleasePolicy.feature | 26 +++++++++---------- ...yWithAllManipulationsBeforeConsent.feature | 12 ++++----- .../Features/AuthenticationLoop.feature | 2 +- .../Features/Bindings.feature | 2 +- .../Features/ClearErrorMessages.feature | 6 ++--- .../Features/Consent.feature | 4 +-- .../DisplayUnconnectedIdpsWayf.feature | 2 +- .../Features/EduPersonTargetedId.feature | 10 +++---- .../Features/Encryption.feature | 2 +- .../Features/FeedbackFooters.feature | 2 +- .../Features/InternalCollabPersonId.feature | 4 +-- .../Features/IsPassive.feature | 2 +- .../Features/LocaleSelection.feature | 2 +- .../Features/Logout.feature | 2 +- .../Features/Metadata.feature | 4 +-- .../Features/MfaAuthnContextClassRef.feature | 4 +-- .../Features/MultipleSingleSignOn.feature | 4 +-- .../Features/NameIdFormat.feature | 2 +- .../Features/PolicyEnforcement.feature | 6 ++--- .../SignatureBypassVulnerability.feature | 2 +- .../Features/SingleSignOn.feature | 4 +-- .../Features/SingleSignOnWithScoping.feature | 4 +-- .../Features/SpProxy.feature | 10 +++---- .../Features/StatusCodes.feature | 2 +- .../Features/Stepup.feature | 6 ++--- .../Features/StepupKeyRollover.feature | 6 ++--- .../Features/UnsolicitedSingleSignOn.feature | 2 +- .../UnsolicitedSingleSignOnDisabled.feature | 2 +- 33 files changed, 79 insertions(+), 79 deletions(-) diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AcsTinkering.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AcsTinkering.feature index 50d58ba522..6d077a534e 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AcsTinkering.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AcsTinkering.feature @@ -8,8 +8,8 @@ Feature: And no registered SPs And no registered Idps And an Identity Provider named "AlwaysAuth" - And a Service Provider named "Malicious SP" - And a Service Provider named "Malconfigured SP" + And an application named "Malicious SP" + And an application named "Malconfigured SP" And SP "Malicious SP" is set with acs location "javascript:alert('Hello world')" And SP "Malconfigured SP" is set with acs location "sp.example.com" diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeAggregation.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeAggregation.feature index 3c5ad6aad0..e3d255dc1b 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeAggregation.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeAggregation.feature @@ -8,7 +8,7 @@ Feature: And no registered SPs And no registered Idps And an Identity Provider named "IDP-AA" - And a Service Provider named "SP-AA" + And an application named "SP-AA" And SP "SP-AA" requires attribute aggregation And feature "eb.run_all_manipulations_prior_to_consent" is disabled diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeManipulation.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeManipulation.feature index 9fb07fa755..86e79f2f00 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeManipulation.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeManipulation.feature @@ -9,10 +9,10 @@ Feature: And no registered Idps And an Identity Provider named "Dummy-IdP" And an Identity Provider named "IdP-with-Attribute-Manipulations" - And a Service Provider named "Dummy-SP" - And a Service Provider named "SP-with-Attribute-Manipulations" - And a Service Provider named "Stepup Gateway" - And a Service Provider named "Stepup SelfService" + And an application named "Dummy-SP" + And an application named "SP-with-Attribute-Manipulations" + And an application named "Stepup Gateway" + And an application named "Stepup SelfService" And feature "eb.run_all_manipulations_prior_to_consent" is disabled Scenario: The application can have an attribute added diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeManipulationException.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeManipulationException.feature index 3935b7bafc..737ee18c5a 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeManipulationException.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeManipulationException.feature @@ -9,8 +9,8 @@ Feature: And no registered Idps And an Identity Provider named "Dummy-IdP" And an Identity Provider named "IdP-with-Attribute-Manipulations" - And a Service Provider named "Dummy-SP" - And a Service Provider named "SP-with-Attribute-Manipulations" + And an application named "Dummy-SP" + And an application named "SP-with-Attribute-Manipulations" Scenario: The application can have an attribute added Given SP "SP-with-Attribute-Manipulations" has the following Attribute Manipulation: diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeManipulationWithAllManipulationsBeforeConsent.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeManipulationWithAllManipulationsBeforeConsent.feature index c1afab4f43..2be3f96d19 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeManipulationWithAllManipulationsBeforeConsent.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeManipulationWithAllManipulationsBeforeConsent.feature @@ -9,8 +9,8 @@ Feature: And no registered Idps And an Identity Provider named "Dummy-IdP" And an Identity Provider named "IdP-with-Attribute-Manipulations" - And a Service Provider named "Dummy-SP" - And a Service Provider named "SP-with-Attribute-Manipulations" + And an application named "Dummy-SP" + And an application named "SP-with-Attribute-Manipulations" And feature "eb.run_all_manipulations_prior_to_consent" is enabled Scenario: The application can have an attribute added diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeReleasePolicy.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeReleasePolicy.feature index 8bfe708664..5b244c9dc2 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeReleasePolicy.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeReleasePolicy.feature @@ -8,19 +8,19 @@ Feature: And no registered SPs And no registered Idps And an Identity Provider named "TestIdp" - And a Service Provider named "No ARP" - And a Service Provider named "Empty ARP" - And a Service Provider named "Wildcard ARP" - And a Service Provider named "Wrong Value ARP" - And a Service Provider named "Right Value ARP" - And a Service Provider named "Specific Value ARP" - And a Service Provider named "Two value ARP" - And a Service Provider named "Trusted Proxy" - And a Service Provider named "Stepup Gateway" - And a Service Provider named "Stepup SelfService" - And a Service Provider named "Release As" - And a Service Provider named "Use as NameID" - And a Service Provider named "Use as NameID and Release As" + And an application named "No ARP" + And an application named "Empty ARP" + And an application named "Wildcard ARP" + And an application named "Wrong Value ARP" + And an application named "Right Value ARP" + And an application named "Specific Value ARP" + And an application named "Two value ARP" + And an application named "Trusted Proxy" + And an application named "Stepup Gateway" + And an application named "Stepup SelfService" + And an application named "Release As" + And an application named "Use as NameID" + And an application named "Use as NameID and Release As" And SP "Empty ARP" allows no attributes And SP "Wildcard ARP" allows an attribute named "urn:mace:dir:attribute-def:uid" And SP "Wrong Value ARP" allows an attribute named "urn:mace:terena.org:attribute-def:schacHomeOrganization" with value "example.edu" diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeReleasePolicyWithAllManipulationsBeforeConsent.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeReleasePolicyWithAllManipulationsBeforeConsent.feature index 0ea500c307..5838860c0f 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeReleasePolicyWithAllManipulationsBeforeConsent.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeReleasePolicyWithAllManipulationsBeforeConsent.feature @@ -8,12 +8,12 @@ Feature: And no registered SPs And no registered Idps And an Identity Provider named "TestIdp" - And a Service Provider named "No ARP" - And a Service Provider named "Empty ARP" - And a Service Provider named "Wildcard ARP" - And a Service Provider named "Wrong Value ARP" - And a Service Provider named "Right Value ARP" - And a Service Provider named "Two value ARP" + And an application named "No ARP" + And an application named "Empty ARP" + And an application named "Wildcard ARP" + And an application named "Wrong Value ARP" + And an application named "Right Value ARP" + And an application named "Two value ARP" And SP "Empty ARP" allows no attributes And SP "Wildcard ARP" allows an attribute named "urn:mace:dir:attribute-def:uid" And SP "Wrong Value ARP" allows an attribute named "urn:mace:terena.org:attribute-def:schacHomeOrganization" with value "example.edu" diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AuthenticationLoop.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AuthenticationLoop.feature index 48a21c356d..9dc45a6c39 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AuthenticationLoop.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AuthenticationLoop.feature @@ -9,7 +9,7 @@ Feature: And no registered SPs And no registered Idps And an Identity Provider named "Dummy Idp" - And a Service Provider named "Dummy SP" + And an application named "Dummy SP" Scenario: an authentication loop is detected When I log in at "Dummy SP 1" diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Bindings.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Bindings.feature index 8c631c783d..c9b6077b40 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Bindings.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Bindings.feature @@ -8,7 +8,7 @@ Feature: And no registered SPs And no registered Idps And an Identity Provider named "Dummy Idp" - And a Service Provider named "Dummy SP" + And an application named "Dummy SP" Scenario: EngineBlock accepts AuthnRequests using HTTP-POST binding Given the SP uses the HTTP POST Binding diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/ClearErrorMessages.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/ClearErrorMessages.feature index 2ad7a51b9d..624bb197d3 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/ClearErrorMessages.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/ClearErrorMessages.feature @@ -8,9 +8,9 @@ Feature: And no registered SPs And no registered Idps And an Identity Provider named "Dummy Idp" - And a Service Provider named "Dummy SP" - And a Service Provider named "Unconnected SP" - And a Service Provider named "Trusted SP" + And an application named "Dummy SP" + And an application named "Unconnected SP" + And an application named "Trusted SP" And an unregistered application named "Unregistered SP" And SP "Unconnected SP" is not connected to IdP "Dummy Idp" diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Consent.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Consent.feature index fbd2984e44..32d7aacd33 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Consent.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Consent.feature @@ -7,8 +7,8 @@ Feature: Background: Given an EngineBlock instance on "dev.openconext.local" And an Identity Provider named "Dummy-IdP" - And a Service Provider named "Dummy-SP" - And a Service Provider named "Trusted Proxy" + And an application named "Dummy-SP" + And an application named "Trusted Proxy" And SP "Dummy-SP" allows the following attributes: | Name | Value | Source | Motivation | diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/DisplayUnconnectedIdpsWayf.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/DisplayUnconnectedIdpsWayf.feature index df3def8c90..a15bd684f4 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/DisplayUnconnectedIdpsWayf.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/DisplayUnconnectedIdpsWayf.feature @@ -7,7 +7,7 @@ Feature: Given an EngineBlock instance on "dev.openconext.local" And no registered SPs And no registered Idps - And a Service Provider named "SP" + And an application named "SP" And an Identity Provider named "Connected IdP1" And an Identity Provider named "Connected IdP2" And an Identity Provider named "Unconnected IdP1" diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/EduPersonTargetedId.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/EduPersonTargetedId.feature index 7d0f38f437..0810db464a 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/EduPersonTargetedId.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/EduPersonTargetedId.feature @@ -8,11 +8,11 @@ Feature: And no registered SPs And no registered Idps And an Identity Provider named "TestIdp" - And a Service Provider named "No ARP" - And a Service Provider named "Empty ARP" - And a Service Provider named "ARP without ePTI" - And a Service Provider named "ARP with ePTI" - And a Service Provider named "Step Up" + And an application named "No ARP" + And an application named "Empty ARP" + And an application named "ARP without ePTI" + And an application named "ARP with ePTI" + And an application named "Step Up" And SP "ARP with ePTI" uses the Unspecified NameID format And SP "Empty ARP" allows no attributes And SP "ARP without ePTI" allows an attribute named "urn:mace:dir:attribute-def:uid" diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Encryption.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Encryption.feature index 3ef9bad094..9194bc156d 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Encryption.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Encryption.feature @@ -8,7 +8,7 @@ Feature: And no registered SPs And no registered Idps And an Identity Provider named "Dummy Idp" - And a Service Provider named "Dummy SP" + And an application named "Dummy SP" Scenario: EngineBlock accepts RSA Encrypted Responses Given the SP uses the HTTP POST Binding diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/FeedbackFooters.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/FeedbackFooters.feature index aa06df815a..b95db1e989 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/FeedbackFooters.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/FeedbackFooters.feature @@ -8,7 +8,7 @@ Feature: And no registered SPs And no registered Idps And an Identity Provider named "Dummy Idp" - And a Service Provider named "Dummy SP" + And an application named "Dummy SP" Scenario: When a wiki link is configured in a translation the wiki link should be visible Given I have configured the following translations: diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/InternalCollabPersonId.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/InternalCollabPersonId.feature index bc7fb71327..9b3a4e3a6f 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/InternalCollabPersonId.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/InternalCollabPersonId.feature @@ -8,8 +8,8 @@ Feature: And no registered SPs And no registered Idps And an Identity Provider named "AlwaysAuth" - And a Service Provider named "Step Up TP" - And a Service Provider named "SelfService" + And an application named "Step Up TP" + And an application named "SelfService" Scenario: User logs in to SP, in that case the internalCollabPersonId should NOT be present Given SP "SelfService" signs its requests diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/IsPassive.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/IsPassive.feature index 2280e126ac..70a4275d5e 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/IsPassive.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/IsPassive.feature @@ -8,7 +8,7 @@ Feature: And no registered SPs And no registered Idps And an Identity Provider named "Dummy IdP" - And a Service Provider named "Dummy SP" + And an application named "Dummy SP" Scenario: A passive AuthnRequest is handled without issue Given SP "Dummy SP" is configured to generate a passive AuthnRequest diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/LocaleSelection.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/LocaleSelection.feature index d90cb8e8ef..3d47d671ab 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/LocaleSelection.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/LocaleSelection.feature @@ -8,7 +8,7 @@ Feature: Given an EngineBlock instance on "dev.openconext.local" And an Identity Provider named "First IdP" And an Identity Provider named "Second IdP" - And a Service Provider named "Test SP" + And an application named "Test SP" And my browser is configured to accept language "nl-NL" Scenario: a user makes their first visit and doesn't have a locale cookie diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Logout.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Logout.feature index 27ad08cbd0..0c288ab3ab 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Logout.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Logout.feature @@ -8,7 +8,7 @@ Feature: And no registered SPs And no registered Idps And an Identity Provider named "Dummy IdP" - And a Service Provider named "Dummy SP" + And an application named "Dummy SP" Scenario: A user can log out When I log in at "Dummy SP" diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Metadata.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Metadata.feature index 864cc43449..9e0249b647 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Metadata.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Metadata.feature @@ -123,7 +123,7 @@ Feature: Given an Identity Provider named "Connected-IdP" And an Identity Provider named "Second-Connected-IdP" And an Identity Provider named "Not-Connected-IdP" - And a Service Provider named "Test-SP" + And an application named "Test-SP" And SP "Test-SP" is not connected to IdP "Not-Connected-IdP" When I go to Engineblock URL "/authentication/proxy/idps-metadata?sp-entity-id=https://engine.dev.openconext.local/functional-testing/Test-SP/metadata" # Verify the two connected IdPs are present in the list @@ -205,7 +205,7 @@ Feature: Given an Identity Provider named "Connected-IdP" And an Identity Provider named "Second-Connected-IdP" And an Identity Provider named "Not-Connected-IdP" - And a Service Provider named "Test-SP" + And an application named "Test-SP" And SP "Test-SP" is not connected to IdP "Not-Connected-IdP" When I go to Engineblock URL "/authentication/proxy/idps-metadata/key:default?sp-entity-id=https://engine.dev.openconext.local/functional-testing/Test-SP/metadata" # Verify the two connected IdPs are present in the list diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/MfaAuthnContextClassRef.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/MfaAuthnContextClassRef.feature index d3896ff0ae..764e96f23d 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/MfaAuthnContextClassRef.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/MfaAuthnContextClassRef.feature @@ -8,8 +8,8 @@ Feature: And no registered SPs And no registered Idps And an Identity Provider named "SSO-IdP" - And a Service Provider named "SSO-SP" - And a Service Provider named "Trusted SP" + And an application named "SSO-SP" + And an application named "Trusted SP" Scenario: The configured authn method should be set as AuthnContextClassRef if configured with the IdP configuration mapping Given the IdP "SSO-IdP" is configured for MFA authn method "http://schemas.microsoft.com/claims/multipleauthn" for SP "SSO-SP" diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/MultipleSingleSignOn.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/MultipleSingleSignOn.feature index be640ba9a7..dd15355228 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/MultipleSingleSignOn.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/MultipleSingleSignOn.feature @@ -9,8 +9,8 @@ Feature: And no registered SPs And no registered Idps And an Identity Provider named "SSO-IdP" - And a Service Provider named "SSO-SP" - And a Service Provider named "SSO-Two" + And an application named "SSO-SP" + And an application named "SSO-Two" And I open 2 browser tabs identified by "Browser tab 1, Browser tab 2" Scenario: Two solicited authentication requests sequential diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/NameIdFormat.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/NameIdFormat.feature index 60c6f3e98c..2f135c9b53 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/NameIdFormat.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/NameIdFormat.feature @@ -8,7 +8,7 @@ Feature: And no registered SPs And no registered Idps And an Identity Provider named "SSO-IdP" - And a Service Provider named "SSO-SP" + And an application named "SSO-SP" Scenario: EngineBlock should not update the Unspecified NameIdFormat when no ARP filters are applied Given SP "SSO-SP" uses the Unspecified NameID format diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/PolicyEnforcement.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/PolicyEnforcement.feature index abb0267b89..50d7cb929b 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/PolicyEnforcement.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/PolicyEnforcement.feature @@ -8,9 +8,9 @@ Feature: And no registered SPs And no registered Idps And an Identity Provider named "Dummy IdP" with logo "idp-logo.jpg" - And a Service Provider named "Dummy SP" - And a Service Provider named "Stepup Gateway" - And a Service Provider named "Stepup SelfService" + And an application named "Dummy SP" + And an application named "Stepup Gateway" + And an application named "Stepup SelfService" Scenario: Access is denied because of an IdP specific Deny policy a logo is shown Given SP "Dummy SP" requires a policy enforcement decision diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/SignatureBypassVulnerability.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/SignatureBypassVulnerability.feature index 8a5642c3ec..2756e3ef10 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/SignatureBypassVulnerability.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/SignatureBypassVulnerability.feature @@ -8,7 +8,7 @@ Feature: And no registered SPs And no registered Idps And an Identity Provider named "IdP" - And a Service Provider named "SP" + And an application named "SP" Scenario: Throw an exception if the assertion signature is tampered with When I log in at "SP" diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/SingleSignOn.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/SingleSignOn.feature index 770d871a23..667c460874 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/SingleSignOn.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/SingleSignOn.feature @@ -9,8 +9,8 @@ Feature: And no registered Idps And an Identity Provider named "SSO-IdP" And an Identity Provider named "SSO-Foobar" - And a Service Provider named "SSO-SP" - And a Service Provider named "SSO-Foobar" + And an application named "SSO-SP" + And an application named "SSO-Foobar" Scenario: IdPs are allowed to create NameIDs When I log in at "SSO-SP" diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/SingleSignOnWithScoping.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/SingleSignOnWithScoping.feature index 8a5f15d9c9..6661a13b7f 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/SingleSignOnWithScoping.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/SingleSignOnWithScoping.feature @@ -11,8 +11,8 @@ Feature: And an Identity Provider named "IDP2" And an Identity Provider named "IDP3" And an Identity Provider named "IDP4" - And a Service Provider named "SP" - And a Service Provider named "remoteSP" + And an application named "SP" + And an application named "remoteSP" Scenario: The WAYF shows only allowed IDPs Given SP "SP" is not connected to IdP "IDP2" diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/SpProxy.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/SpProxy.feature index 59fd694f83..bd457bfd7c 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/SpProxy.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/SpProxy.feature @@ -11,11 +11,11 @@ Feature: And an Identity Provider named "StepUpOnlyAuth" And an Identity Provider named "LoaOnlyAuth" And an Identity Provider named "CombinedAuth" - And a Service Provider named "Step Up" - And a Service Provider named "Loa SP" - And a Service Provider named "Far SP" - And a Service Provider named "Test SP" - And a Service Provider named "Second SP" + And an application named "Step Up" + And an application named "Loa SP" + And an application named "Far SP" + And an application named "Test SP" + And an application named "Second SP" And an unregistered application named "Unregistered SP" And SP "Far SP" is not connected to IdP "CombinedAuth" And SP "Far SP" is not connected to IdP "LoaOnlyAuth" diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/StatusCodes.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/StatusCodes.feature index 155363d6c9..b7ddd75a7b 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/StatusCodes.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/StatusCodes.feature @@ -8,7 +8,7 @@ Feature: And no registered SPs And no registered Idps And an Identity Provider named "Dummy Idp" - And a Service Provider named "Dummy SP" + And an application named "Dummy SP" Scenario: Proxying exceeds the allowed ProxyCount in the AuthnRequest Given SP "Dummy SP" is configured to generate a AuthnRequest with a ProxyCount of 0 diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Stepup.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Stepup.feature index ccb8d42c1d..d27eae401a 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Stepup.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Stepup.feature @@ -8,10 +8,10 @@ Feature: And no registered SPs And no registered Idps And an Identity Provider named "SSO-IdP" - And a Service Provider named "SSO-SP" + And an application named "SSO-SP" And an Identity Provider named "Dummy-IdP" - And a Service Provider named "Dummy-SP" - And a Service Provider named "Proxy-SP" + And an application named "Dummy-SP" + And an application named "Proxy-SP" Scenario: Stepup authentication should be supported if set through SP configuration Given the SP "SSO-SP" requires Stepup LoA "http://dev.openconext.local/assurance/loa2" diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/StepupKeyRollover.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/StepupKeyRollover.feature index a2d476ea57..82b6b21240 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/StepupKeyRollover.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/StepupKeyRollover.feature @@ -10,10 +10,10 @@ Feature: And no registered SPs And no registered Idps And an Identity Provider named "SSO-IdP" - And a Service Provider named "SSO-SP" + And an application named "SSO-SP" And an Identity Provider named "Dummy-IdP" - And a Service Provider named "Dummy-SP" - And a Service Provider named "Proxy-SP" + And an application named "Dummy-SP" + And an application named "Proxy-SP" Scenario: When stepup.sfo.override_engine_entityid is not configured, stepup/metadata should show default EntityId Given feature "eb.stepup.sfo.override_engine_entityid" is disabled diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/UnsolicitedSingleSignOn.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/UnsolicitedSingleSignOn.feature index 986459f2ae..d3e58d0cd5 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/UnsolicitedSingleSignOn.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/UnsolicitedSingleSignOn.feature @@ -8,7 +8,7 @@ Feature: And no registered SPs And no registered Idps And an Identity Provider named "Dummy IdP" - And a Service Provider named "Dummy SP" + And an application named "Dummy SP" Scenario: An IdP can initiated a login When An IdP initiated Single Sign on for SP "Dummy SP" is triggered by IdP "Dummy IdP" diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/UnsolicitedSingleSignOnDisabled.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/UnsolicitedSingleSignOnDisabled.feature index 9695966898..e29feed875 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/UnsolicitedSingleSignOnDisabled.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/UnsolicitedSingleSignOnDisabled.feature @@ -9,7 +9,7 @@ Feature: And no registered SPs And no registered Idps And an Identity Provider named "Dummy IdP" - And a Service Provider named "Dummy SP" + And an application named "Dummy SP" # The feature flag: eb.feature_enable_idp_initiated_flow can disable unsolicited login # EB Shows a 404 page in that case as the entire HTTP route is blocked in that case From 6f0ee503f9ddaf64fdf150a57f63404bd3e732c9 Mon Sep 17 00:00:00 2001 From: Floris Fokkinga <80269262+FlorisFokkinga@users.noreply.github.com> Date: Thu, 5 Dec 2024 09:26:17 +0100 Subject: [PATCH 26/31] fix test --- .../Features/PolicyEnforcement.feature | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/PolicyEnforcement.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/PolicyEnforcement.feature index 50d7cb929b..dae0a57a6c 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/PolicyEnforcement.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/PolicyEnforcement.feature @@ -31,7 +31,7 @@ Feature: And I pass through the IdP And I should see "Error - Access denied" And I should see "Message from Dummy IdP:" - And I should see "Students of MyIdP do not have access to this resource" + And I should see "Students of MyIdP do not have access to this application" And the response should contain "idp-logo.jpg" Scenario: Access is denied because of a Deny policy From 58fccc7be280a0d74688a6308335c7acf06d07a5 Mon Sep 17 00:00:00 2001 From: Floris Fokkinga Date: Thu, 5 Dec 2024 14:23:22 +0100 Subject: [PATCH 27/31] Reverted change in log and test --- ...edirectToFeedbackPageExceptionListener.php | 2 +- .../Features/AcsTinkering.feature | 4 +-- .../Features/AttributeAggregation.feature | 2 +- .../Features/AttributeManipulation.feature | 8 +++--- .../AttributeManipulationException.feature | 4 +-- ...nWithAllManipulationsBeforeConsent.feature | 4 +-- .../Features/AttributeReleasePolicy.feature | 26 +++++++++---------- ...yWithAllManipulationsBeforeConsent.feature | 12 ++++----- .../Features/AuthenticationLoop.feature | 2 +- .../Features/Bindings.feature | 2 +- .../Features/ClearErrorMessages.feature | 6 ++--- .../Features/Consent.feature | 4 +-- .../DisplayUnconnectedIdpsWayf.feature | 2 +- .../Features/EduPersonTargetedId.feature | 10 +++---- .../Features/Encryption.feature | 2 +- .../Features/FeedbackFooters.feature | 2 +- .../Features/InternalCollabPersonId.feature | 4 +-- .../Features/IsPassive.feature | 2 +- .../Features/LocaleSelection.feature | 2 +- .../Features/Logout.feature | 2 +- .../Features/Metadata.feature | 4 +-- .../Features/MfaAuthnContextClassRef.feature | 4 +-- .../Features/MultipleSingleSignOn.feature | 4 +-- .../Features/NameIdFormat.feature | 2 +- .../Features/PolicyEnforcement.feature | 6 ++--- .../SignatureBypassVulnerability.feature | 2 +- .../Features/SingleSignOn.feature | 4 +-- .../Features/SingleSignOnWithScoping.feature | 4 +-- .../Features/SpProxy.feature | 10 +++---- .../Features/StatusCodes.feature | 2 +- .../Features/Stepup.feature | 6 ++--- .../Features/StepupKeyRollover.feature | 6 ++--- .../Features/UnsolicitedSingleSignOn.feature | 2 +- .../UnsolicitedSingleSignOnDisabled.feature | 2 +- 34 files changed, 80 insertions(+), 80 deletions(-) diff --git a/src/OpenConext/EngineBlockBundle/EventListener/RedirectToFeedbackPageExceptionListener.php b/src/OpenConext/EngineBlockBundle/EventListener/RedirectToFeedbackPageExceptionListener.php index 43d26f3f06..a1b8a7192a 100644 --- a/src/OpenConext/EngineBlockBundle/EventListener/RedirectToFeedbackPageExceptionListener.php +++ b/src/OpenConext/EngineBlockBundle/EventListener/RedirectToFeedbackPageExceptionListener.php @@ -163,7 +163,7 @@ public function onKernelException(ExceptionEvent $event) $message = 'Unable to verify message'; $redirectToRoute = 'authentication_feedback_verification_failed'; } elseif ($exception instanceof EngineBlock_Exception_UnknownServiceProvider) { - $message = 'Unknown application Provider'; + $message = 'Unknown Service Provider'; $redirectToRoute = 'authentication_feedback_unknown_service_provider'; $redirectParams = [ diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AcsTinkering.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AcsTinkering.feature index 6d077a534e..50d58ba522 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AcsTinkering.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AcsTinkering.feature @@ -8,8 +8,8 @@ Feature: And no registered SPs And no registered Idps And an Identity Provider named "AlwaysAuth" - And an application named "Malicious SP" - And an application named "Malconfigured SP" + And a Service Provider named "Malicious SP" + And a Service Provider named "Malconfigured SP" And SP "Malicious SP" is set with acs location "javascript:alert('Hello world')" And SP "Malconfigured SP" is set with acs location "sp.example.com" diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeAggregation.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeAggregation.feature index e3d255dc1b..3c5ad6aad0 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeAggregation.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeAggregation.feature @@ -8,7 +8,7 @@ Feature: And no registered SPs And no registered Idps And an Identity Provider named "IDP-AA" - And an application named "SP-AA" + And a Service Provider named "SP-AA" And SP "SP-AA" requires attribute aggregation And feature "eb.run_all_manipulations_prior_to_consent" is disabled diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeManipulation.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeManipulation.feature index 86e79f2f00..9fb07fa755 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeManipulation.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeManipulation.feature @@ -9,10 +9,10 @@ Feature: And no registered Idps And an Identity Provider named "Dummy-IdP" And an Identity Provider named "IdP-with-Attribute-Manipulations" - And an application named "Dummy-SP" - And an application named "SP-with-Attribute-Manipulations" - And an application named "Stepup Gateway" - And an application named "Stepup SelfService" + And a Service Provider named "Dummy-SP" + And a Service Provider named "SP-with-Attribute-Manipulations" + And a Service Provider named "Stepup Gateway" + And a Service Provider named "Stepup SelfService" And feature "eb.run_all_manipulations_prior_to_consent" is disabled Scenario: The application can have an attribute added diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeManipulationException.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeManipulationException.feature index 737ee18c5a..3935b7bafc 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeManipulationException.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeManipulationException.feature @@ -9,8 +9,8 @@ Feature: And no registered Idps And an Identity Provider named "Dummy-IdP" And an Identity Provider named "IdP-with-Attribute-Manipulations" - And an application named "Dummy-SP" - And an application named "SP-with-Attribute-Manipulations" + And a Service Provider named "Dummy-SP" + And a Service Provider named "SP-with-Attribute-Manipulations" Scenario: The application can have an attribute added Given SP "SP-with-Attribute-Manipulations" has the following Attribute Manipulation: diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeManipulationWithAllManipulationsBeforeConsent.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeManipulationWithAllManipulationsBeforeConsent.feature index 2be3f96d19..c1afab4f43 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeManipulationWithAllManipulationsBeforeConsent.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeManipulationWithAllManipulationsBeforeConsent.feature @@ -9,8 +9,8 @@ Feature: And no registered Idps And an Identity Provider named "Dummy-IdP" And an Identity Provider named "IdP-with-Attribute-Manipulations" - And an application named "Dummy-SP" - And an application named "SP-with-Attribute-Manipulations" + And a Service Provider named "Dummy-SP" + And a Service Provider named "SP-with-Attribute-Manipulations" And feature "eb.run_all_manipulations_prior_to_consent" is enabled Scenario: The application can have an attribute added diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeReleasePolicy.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeReleasePolicy.feature index 5b244c9dc2..8bfe708664 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeReleasePolicy.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeReleasePolicy.feature @@ -8,19 +8,19 @@ Feature: And no registered SPs And no registered Idps And an Identity Provider named "TestIdp" - And an application named "No ARP" - And an application named "Empty ARP" - And an application named "Wildcard ARP" - And an application named "Wrong Value ARP" - And an application named "Right Value ARP" - And an application named "Specific Value ARP" - And an application named "Two value ARP" - And an application named "Trusted Proxy" - And an application named "Stepup Gateway" - And an application named "Stepup SelfService" - And an application named "Release As" - And an application named "Use as NameID" - And an application named "Use as NameID and Release As" + And a Service Provider named "No ARP" + And a Service Provider named "Empty ARP" + And a Service Provider named "Wildcard ARP" + And a Service Provider named "Wrong Value ARP" + And a Service Provider named "Right Value ARP" + And a Service Provider named "Specific Value ARP" + And a Service Provider named "Two value ARP" + And a Service Provider named "Trusted Proxy" + And a Service Provider named "Stepup Gateway" + And a Service Provider named "Stepup SelfService" + And a Service Provider named "Release As" + And a Service Provider named "Use as NameID" + And a Service Provider named "Use as NameID and Release As" And SP "Empty ARP" allows no attributes And SP "Wildcard ARP" allows an attribute named "urn:mace:dir:attribute-def:uid" And SP "Wrong Value ARP" allows an attribute named "urn:mace:terena.org:attribute-def:schacHomeOrganization" with value "example.edu" diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeReleasePolicyWithAllManipulationsBeforeConsent.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeReleasePolicyWithAllManipulationsBeforeConsent.feature index 5838860c0f..0ea500c307 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeReleasePolicyWithAllManipulationsBeforeConsent.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeReleasePolicyWithAllManipulationsBeforeConsent.feature @@ -8,12 +8,12 @@ Feature: And no registered SPs And no registered Idps And an Identity Provider named "TestIdp" - And an application named "No ARP" - And an application named "Empty ARP" - And an application named "Wildcard ARP" - And an application named "Wrong Value ARP" - And an application named "Right Value ARP" - And an application named "Two value ARP" + And a Service Provider named "No ARP" + And a Service Provider named "Empty ARP" + And a Service Provider named "Wildcard ARP" + And a Service Provider named "Wrong Value ARP" + And a Service Provider named "Right Value ARP" + And a Service Provider named "Two value ARP" And SP "Empty ARP" allows no attributes And SP "Wildcard ARP" allows an attribute named "urn:mace:dir:attribute-def:uid" And SP "Wrong Value ARP" allows an attribute named "urn:mace:terena.org:attribute-def:schacHomeOrganization" with value "example.edu" diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AuthenticationLoop.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AuthenticationLoop.feature index 9dc45a6c39..48a21c356d 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AuthenticationLoop.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AuthenticationLoop.feature @@ -9,7 +9,7 @@ Feature: And no registered SPs And no registered Idps And an Identity Provider named "Dummy Idp" - And an application named "Dummy SP" + And a Service Provider named "Dummy SP" Scenario: an authentication loop is detected When I log in at "Dummy SP 1" diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Bindings.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Bindings.feature index c9b6077b40..8c631c783d 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Bindings.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Bindings.feature @@ -8,7 +8,7 @@ Feature: And no registered SPs And no registered Idps And an Identity Provider named "Dummy Idp" - And an application named "Dummy SP" + And a Service Provider named "Dummy SP" Scenario: EngineBlock accepts AuthnRequests using HTTP-POST binding Given the SP uses the HTTP POST Binding diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/ClearErrorMessages.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/ClearErrorMessages.feature index 624bb197d3..2ad7a51b9d 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/ClearErrorMessages.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/ClearErrorMessages.feature @@ -8,9 +8,9 @@ Feature: And no registered SPs And no registered Idps And an Identity Provider named "Dummy Idp" - And an application named "Dummy SP" - And an application named "Unconnected SP" - And an application named "Trusted SP" + And a Service Provider named "Dummy SP" + And a Service Provider named "Unconnected SP" + And a Service Provider named "Trusted SP" And an unregistered application named "Unregistered SP" And SP "Unconnected SP" is not connected to IdP "Dummy Idp" diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Consent.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Consent.feature index 32d7aacd33..fbd2984e44 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Consent.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Consent.feature @@ -7,8 +7,8 @@ Feature: Background: Given an EngineBlock instance on "dev.openconext.local" And an Identity Provider named "Dummy-IdP" - And an application named "Dummy-SP" - And an application named "Trusted Proxy" + And a Service Provider named "Dummy-SP" + And a Service Provider named "Trusted Proxy" And SP "Dummy-SP" allows the following attributes: | Name | Value | Source | Motivation | diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/DisplayUnconnectedIdpsWayf.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/DisplayUnconnectedIdpsWayf.feature index a15bd684f4..df3def8c90 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/DisplayUnconnectedIdpsWayf.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/DisplayUnconnectedIdpsWayf.feature @@ -7,7 +7,7 @@ Feature: Given an EngineBlock instance on "dev.openconext.local" And no registered SPs And no registered Idps - And an application named "SP" + And a Service Provider named "SP" And an Identity Provider named "Connected IdP1" And an Identity Provider named "Connected IdP2" And an Identity Provider named "Unconnected IdP1" diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/EduPersonTargetedId.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/EduPersonTargetedId.feature index 0810db464a..7d0f38f437 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/EduPersonTargetedId.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/EduPersonTargetedId.feature @@ -8,11 +8,11 @@ Feature: And no registered SPs And no registered Idps And an Identity Provider named "TestIdp" - And an application named "No ARP" - And an application named "Empty ARP" - And an application named "ARP without ePTI" - And an application named "ARP with ePTI" - And an application named "Step Up" + And a Service Provider named "No ARP" + And a Service Provider named "Empty ARP" + And a Service Provider named "ARP without ePTI" + And a Service Provider named "ARP with ePTI" + And a Service Provider named "Step Up" And SP "ARP with ePTI" uses the Unspecified NameID format And SP "Empty ARP" allows no attributes And SP "ARP without ePTI" allows an attribute named "urn:mace:dir:attribute-def:uid" diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Encryption.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Encryption.feature index 9194bc156d..3ef9bad094 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Encryption.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Encryption.feature @@ -8,7 +8,7 @@ Feature: And no registered SPs And no registered Idps And an Identity Provider named "Dummy Idp" - And an application named "Dummy SP" + And a Service Provider named "Dummy SP" Scenario: EngineBlock accepts RSA Encrypted Responses Given the SP uses the HTTP POST Binding diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/FeedbackFooters.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/FeedbackFooters.feature index b95db1e989..aa06df815a 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/FeedbackFooters.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/FeedbackFooters.feature @@ -8,7 +8,7 @@ Feature: And no registered SPs And no registered Idps And an Identity Provider named "Dummy Idp" - And an application named "Dummy SP" + And a Service Provider named "Dummy SP" Scenario: When a wiki link is configured in a translation the wiki link should be visible Given I have configured the following translations: diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/InternalCollabPersonId.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/InternalCollabPersonId.feature index 9b3a4e3a6f..bc7fb71327 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/InternalCollabPersonId.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/InternalCollabPersonId.feature @@ -8,8 +8,8 @@ Feature: And no registered SPs And no registered Idps And an Identity Provider named "AlwaysAuth" - And an application named "Step Up TP" - And an application named "SelfService" + And a Service Provider named "Step Up TP" + And a Service Provider named "SelfService" Scenario: User logs in to SP, in that case the internalCollabPersonId should NOT be present Given SP "SelfService" signs its requests diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/IsPassive.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/IsPassive.feature index 70a4275d5e..2280e126ac 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/IsPassive.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/IsPassive.feature @@ -8,7 +8,7 @@ Feature: And no registered SPs And no registered Idps And an Identity Provider named "Dummy IdP" - And an application named "Dummy SP" + And a Service Provider named "Dummy SP" Scenario: A passive AuthnRequest is handled without issue Given SP "Dummy SP" is configured to generate a passive AuthnRequest diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/LocaleSelection.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/LocaleSelection.feature index 3d47d671ab..d90cb8e8ef 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/LocaleSelection.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/LocaleSelection.feature @@ -8,7 +8,7 @@ Feature: Given an EngineBlock instance on "dev.openconext.local" And an Identity Provider named "First IdP" And an Identity Provider named "Second IdP" - And an application named "Test SP" + And a Service Provider named "Test SP" And my browser is configured to accept language "nl-NL" Scenario: a user makes their first visit and doesn't have a locale cookie diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Logout.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Logout.feature index 0c288ab3ab..27ad08cbd0 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Logout.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Logout.feature @@ -8,7 +8,7 @@ Feature: And no registered SPs And no registered Idps And an Identity Provider named "Dummy IdP" - And an application named "Dummy SP" + And a Service Provider named "Dummy SP" Scenario: A user can log out When I log in at "Dummy SP" diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Metadata.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Metadata.feature index 9e0249b647..864cc43449 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Metadata.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Metadata.feature @@ -123,7 +123,7 @@ Feature: Given an Identity Provider named "Connected-IdP" And an Identity Provider named "Second-Connected-IdP" And an Identity Provider named "Not-Connected-IdP" - And an application named "Test-SP" + And a Service Provider named "Test-SP" And SP "Test-SP" is not connected to IdP "Not-Connected-IdP" When I go to Engineblock URL "/authentication/proxy/idps-metadata?sp-entity-id=https://engine.dev.openconext.local/functional-testing/Test-SP/metadata" # Verify the two connected IdPs are present in the list @@ -205,7 +205,7 @@ Feature: Given an Identity Provider named "Connected-IdP" And an Identity Provider named "Second-Connected-IdP" And an Identity Provider named "Not-Connected-IdP" - And an application named "Test-SP" + And a Service Provider named "Test-SP" And SP "Test-SP" is not connected to IdP "Not-Connected-IdP" When I go to Engineblock URL "/authentication/proxy/idps-metadata/key:default?sp-entity-id=https://engine.dev.openconext.local/functional-testing/Test-SP/metadata" # Verify the two connected IdPs are present in the list diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/MfaAuthnContextClassRef.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/MfaAuthnContextClassRef.feature index 764e96f23d..d3896ff0ae 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/MfaAuthnContextClassRef.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/MfaAuthnContextClassRef.feature @@ -8,8 +8,8 @@ Feature: And no registered SPs And no registered Idps And an Identity Provider named "SSO-IdP" - And an application named "SSO-SP" - And an application named "Trusted SP" + And a Service Provider named "SSO-SP" + And a Service Provider named "Trusted SP" Scenario: The configured authn method should be set as AuthnContextClassRef if configured with the IdP configuration mapping Given the IdP "SSO-IdP" is configured for MFA authn method "http://schemas.microsoft.com/claims/multipleauthn" for SP "SSO-SP" diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/MultipleSingleSignOn.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/MultipleSingleSignOn.feature index dd15355228..be640ba9a7 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/MultipleSingleSignOn.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/MultipleSingleSignOn.feature @@ -9,8 +9,8 @@ Feature: And no registered SPs And no registered Idps And an Identity Provider named "SSO-IdP" - And an application named "SSO-SP" - And an application named "SSO-Two" + And a Service Provider named "SSO-SP" + And a Service Provider named "SSO-Two" And I open 2 browser tabs identified by "Browser tab 1, Browser tab 2" Scenario: Two solicited authentication requests sequential diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/NameIdFormat.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/NameIdFormat.feature index 2f135c9b53..60c6f3e98c 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/NameIdFormat.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/NameIdFormat.feature @@ -8,7 +8,7 @@ Feature: And no registered SPs And no registered Idps And an Identity Provider named "SSO-IdP" - And an application named "SSO-SP" + And a Service Provider named "SSO-SP" Scenario: EngineBlock should not update the Unspecified NameIdFormat when no ARP filters are applied Given SP "SSO-SP" uses the Unspecified NameID format diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/PolicyEnforcement.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/PolicyEnforcement.feature index dae0a57a6c..903fa5a4e2 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/PolicyEnforcement.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/PolicyEnforcement.feature @@ -8,9 +8,9 @@ Feature: And no registered SPs And no registered Idps And an Identity Provider named "Dummy IdP" with logo "idp-logo.jpg" - And an application named "Dummy SP" - And an application named "Stepup Gateway" - And an application named "Stepup SelfService" + And a Service Provider named "Dummy SP" + And a Service Provider named "Stepup Gateway" + And a Service Provider named "Stepup SelfService" Scenario: Access is denied because of an IdP specific Deny policy a logo is shown Given SP "Dummy SP" requires a policy enforcement decision diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/SignatureBypassVulnerability.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/SignatureBypassVulnerability.feature index 2756e3ef10..8a5642c3ec 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/SignatureBypassVulnerability.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/SignatureBypassVulnerability.feature @@ -8,7 +8,7 @@ Feature: And no registered SPs And no registered Idps And an Identity Provider named "IdP" - And an application named "SP" + And a Service Provider named "SP" Scenario: Throw an exception if the assertion signature is tampered with When I log in at "SP" diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/SingleSignOn.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/SingleSignOn.feature index 667c460874..770d871a23 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/SingleSignOn.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/SingleSignOn.feature @@ -9,8 +9,8 @@ Feature: And no registered Idps And an Identity Provider named "SSO-IdP" And an Identity Provider named "SSO-Foobar" - And an application named "SSO-SP" - And an application named "SSO-Foobar" + And a Service Provider named "SSO-SP" + And a Service Provider named "SSO-Foobar" Scenario: IdPs are allowed to create NameIDs When I log in at "SSO-SP" diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/SingleSignOnWithScoping.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/SingleSignOnWithScoping.feature index 6661a13b7f..8a5f15d9c9 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/SingleSignOnWithScoping.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/SingleSignOnWithScoping.feature @@ -11,8 +11,8 @@ Feature: And an Identity Provider named "IDP2" And an Identity Provider named "IDP3" And an Identity Provider named "IDP4" - And an application named "SP" - And an application named "remoteSP" + And a Service Provider named "SP" + And a Service Provider named "remoteSP" Scenario: The WAYF shows only allowed IDPs Given SP "SP" is not connected to IdP "IDP2" diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/SpProxy.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/SpProxy.feature index bd457bfd7c..59fd694f83 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/SpProxy.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/SpProxy.feature @@ -11,11 +11,11 @@ Feature: And an Identity Provider named "StepUpOnlyAuth" And an Identity Provider named "LoaOnlyAuth" And an Identity Provider named "CombinedAuth" - And an application named "Step Up" - And an application named "Loa SP" - And an application named "Far SP" - And an application named "Test SP" - And an application named "Second SP" + And a Service Provider named "Step Up" + And a Service Provider named "Loa SP" + And a Service Provider named "Far SP" + And a Service Provider named "Test SP" + And a Service Provider named "Second SP" And an unregistered application named "Unregistered SP" And SP "Far SP" is not connected to IdP "CombinedAuth" And SP "Far SP" is not connected to IdP "LoaOnlyAuth" diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/StatusCodes.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/StatusCodes.feature index b7ddd75a7b..155363d6c9 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/StatusCodes.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/StatusCodes.feature @@ -8,7 +8,7 @@ Feature: And no registered SPs And no registered Idps And an Identity Provider named "Dummy Idp" - And an application named "Dummy SP" + And a Service Provider named "Dummy SP" Scenario: Proxying exceeds the allowed ProxyCount in the AuthnRequest Given SP "Dummy SP" is configured to generate a AuthnRequest with a ProxyCount of 0 diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Stepup.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Stepup.feature index d27eae401a..ccb8d42c1d 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Stepup.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Stepup.feature @@ -8,10 +8,10 @@ Feature: And no registered SPs And no registered Idps And an Identity Provider named "SSO-IdP" - And an application named "SSO-SP" + And a Service Provider named "SSO-SP" And an Identity Provider named "Dummy-IdP" - And an application named "Dummy-SP" - And an application named "Proxy-SP" + And a Service Provider named "Dummy-SP" + And a Service Provider named "Proxy-SP" Scenario: Stepup authentication should be supported if set through SP configuration Given the SP "SSO-SP" requires Stepup LoA "http://dev.openconext.local/assurance/loa2" diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/StepupKeyRollover.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/StepupKeyRollover.feature index 82b6b21240..a2d476ea57 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/StepupKeyRollover.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/StepupKeyRollover.feature @@ -10,10 +10,10 @@ Feature: And no registered SPs And no registered Idps And an Identity Provider named "SSO-IdP" - And an application named "SSO-SP" + And a Service Provider named "SSO-SP" And an Identity Provider named "Dummy-IdP" - And an application named "Dummy-SP" - And an application named "Proxy-SP" + And a Service Provider named "Dummy-SP" + And a Service Provider named "Proxy-SP" Scenario: When stepup.sfo.override_engine_entityid is not configured, stepup/metadata should show default EntityId Given feature "eb.stepup.sfo.override_engine_entityid" is disabled diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/UnsolicitedSingleSignOn.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/UnsolicitedSingleSignOn.feature index d3e58d0cd5..986459f2ae 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/UnsolicitedSingleSignOn.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/UnsolicitedSingleSignOn.feature @@ -8,7 +8,7 @@ Feature: And no registered SPs And no registered Idps And an Identity Provider named "Dummy IdP" - And an application named "Dummy SP" + And a Service Provider named "Dummy SP" Scenario: An IdP can initiated a login When An IdP initiated Single Sign on for SP "Dummy SP" is triggered by IdP "Dummy IdP" diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/UnsolicitedSingleSignOnDisabled.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/UnsolicitedSingleSignOnDisabled.feature index e29feed875..9695966898 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/UnsolicitedSingleSignOnDisabled.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/UnsolicitedSingleSignOnDisabled.feature @@ -9,7 +9,7 @@ Feature: And no registered SPs And no registered Idps And an Identity Provider named "Dummy IdP" - And an application named "Dummy SP" + And a Service Provider named "Dummy SP" # The feature flag: eb.feature_enable_idp_initiated_flow can disable unsolicited login # EB Shows a 404 page in that case as the entire HTTP route is blocked in that case From 9abfaf0f3c87eb9b2579eb19506687afe9494257 Mon Sep 17 00:00:00 2001 From: Floris Fokkinga Date: Wed, 10 Jun 2026 09:46:09 +0200 Subject: [PATCH 28/31] Fixes after rebase --- languages/messages.en.php | 2 +- .../Features/AuthenticationLoop.feature | 3 +- .../consent/consent.material.spec.js | 51 -------- .../View/Feedback/generic-error.html.twig | 9 -- .../Authentication/View/Proxy/wayf.html.twig | 117 ------------------ 5 files changed, 3 insertions(+), 179 deletions(-) delete mode 100644 tests/e2e/cypress/integration/openconext/consent/consent.material.spec.js delete mode 100644 theme/openconext/templates/modules/Authentication/View/Feedback/generic-error.html.twig delete mode 100644 theme/openconext/templates/modules/Authentication/View/Proxy/wayf.html.twig diff --git a/languages/messages.en.php b/languages/messages.en.php index 73b42323d5..fd61e41357 100644 --- a/languages/messages.en.php +++ b/languages/messages.en.php @@ -167,9 +167,9 @@ 'error_session_lost' => 'Error - your session was lost', 'error_session_lost_desc' => 'To continue to the application an active session is required. However, your session expired. Perhaps you waited too long with logging in? Please go back to the application and try again. If that doesn\'t work, close your browser first and then try again.', 'error_session_not_started' => 'Error - No session found', + 'error_session_not_started_desc' => 'To continue to the application an active session is required. However, no session was found. Your browser must accept cookies. Alternatively, the link you used to get to the application might be wrong. Please go back to the application and try again. If that doesn\'t work, try a different browser.', 'error_unsolicited_response' => 'Error - Login could not be completed', 'error_unsolicited_response_desc' => 'Your login could not be completed because the login request was initiated in a way that is not supported. You were sent directly to this application by your identity provider (e.g. via a bookmark, portal tile, or saved link) without first starting a login from this application. This is not supported. Please start again from the application you were trying to access and log in from there.', - 'error_session_not_started_desc' => 'To continue to the application an active session is required. However, no session was found. Your browser must accept cookies. Alternatively, the link you used to get to the application might be wrong. Please go back to the application and try again. If that doesn\'t work, try a different browser.', 'error_authorization_policy_violation' => 'Error - Access denied', 'error_authorization_policy_violation_desc' => 'You cannot use application %spName% because %idpName% limits access to it with an authorization policy. Please contact the service desk of %idpName% if you think you should be allowed access to %spName%.', 'error_authorization_policy_violation_desc_no_idp_name' => 'You cannot use %spName% because your %organisationNoun% limits access with an authorization policy. Please contact the service desk of your %organisationNoun% if you think you should be allowed access to %spName%.', diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AuthenticationLoop.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AuthenticationLoop.feature index 48a21c356d..ca4874e886 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AuthenticationLoop.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AuthenticationLoop.feature @@ -9,7 +9,8 @@ Feature: And no registered SPs And no registered Idps And an Identity Provider named "Dummy Idp" - And a Service Provider named "Dummy SP" + And an application named "Dummy SP 1" + And an application named "Dummy SP 2" Scenario: an authentication loop is detected When I log in at "Dummy SP 1" diff --git a/tests/e2e/cypress/integration/openconext/consent/consent.material.spec.js b/tests/e2e/cypress/integration/openconext/consent/consent.material.spec.js deleted file mode 100644 index 7fc7b5b954..0000000000 --- a/tests/e2e/cypress/integration/openconext/consent/consent.material.spec.js +++ /dev/null @@ -1,51 +0,0 @@ -context('Consent on Material theme', () => { - - beforeEach(() => { - cy.visit('https://engine.vm.openconext.org/functional-testing/consent'); - }); - - it('gives openconext information', () => { - cy.get('a.help[data-slidein="about"]') - .click() - .get('section h1') - .should('be.visible') - .and('contain.text', 'Logging in through OpenConext'); - - cy.get('div.about a.close') - .click(); - }); - - it('shows information on how to report incorrect data', () => { - cy.get('a.small') - .click() - .get('section h1') - .should('be.visible') - .and('contain.text', 'Is the data shown incorrect?'); - - cy.get('div.correction-idp a.close') - .click(); - }); - - it('can show additional attributes', () => { - cy.get('span.show-more') - .click() - .get('td[data-identifier="urn:mace:dir:attribute-def:isMemberOf"]') - .should('be.visible') - .and('contain.text', 'Member of organization'); - }); - - it('can decline consent', () => { - cy.get('div.slidein.reject') - .should('be.hidden'); - - cy.get('a#decline-terms') - .click() - .get('section h1') - .should('be.visible') - .and('contain.text', 'You don\'t want to share your data with the application'); - - cy.get('div.slidein.reject') - .should('be.visible'); - }); - -}); diff --git a/theme/openconext/templates/modules/Authentication/View/Feedback/generic-error.html.twig b/theme/openconext/templates/modules/Authentication/View/Feedback/generic-error.html.twig deleted file mode 100644 index b5bcfe5b22..0000000000 --- a/theme/openconext/templates/modules/Authentication/View/Feedback/generic-error.html.twig +++ /dev/null @@ -1,9 +0,0 @@ -{% extends '@theme/Default/View/Error/error.html.twig' %} - -{% set _key = 'error_' ~ pageIdentifier|replace({'-': '_'}) %} -{% set pageTitle = (_key)|trans %} -{% block pageTitle %}{{ pageTitle }}{% endblock %} -{% block title %}{{ parent() }}{% endblock %} -{% block pageHeading %}{{ pageTitle }}{% endblock %} - -{% block errorMessage %}{{ (_key ~ '_desc')|trans }}{% endblock %} diff --git a/theme/openconext/templates/modules/Authentication/View/Proxy/wayf.html.twig b/theme/openconext/templates/modules/Authentication/View/Proxy/wayf.html.twig deleted file mode 100644 index 978c0ac712..0000000000 --- a/theme/openconext/templates/modules/Authentication/View/Proxy/wayf.html.twig +++ /dev/null @@ -1,117 +0,0 @@ -{% extends '@themeLayouts/scripts/default.html.twig' %} - -{# Prepare the page title #} -{% set pageTitle = 'log_in_to'|trans %} - -{# Data object containing the formatted IdP's #} -{% set connectedIdps = connectedIdps(idpList, locale()) %} - -{% block title %}{{ parent() }} - {{ pageTitle }} {% endblock %} -{% block pageHeading %}{{ parent() }} - {{ pageTitle }}{% endblock %} - -{% block content %} - {% include '@theme/Authentication/View/Proxy/site-notice.html.twig' with { className: 'full-width' } %} - - - - -
- - - - {% if rememberChoiceFeature %} -
-
-

{{ 'idps_with_access'|trans|capitalize }}

-
- - -
-
- {% else %} -
-
-

{{ 'idps_with_access'|trans|capitalize }}

-
- {% endif %} - - - -
-
- - - -
- {% if showRequestAccess %} - - {% endif %} -
-
- -{% endblock %} From e4772e60ec7131244b43b4cd955af485600c2b6c Mon Sep 17 00:00:00 2001 From: Floris Fokkinga Date: Wed, 10 Jun 2026 09:50:43 +0200 Subject: [PATCH 29/31] fix test --- .../EventListener/RedirectToFeedbackPageExceptionListener.php | 2 +- .../EngineBlockBundle/Controller/FeedbackControllerTest.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/OpenConext/EngineBlockBundle/EventListener/RedirectToFeedbackPageExceptionListener.php b/src/OpenConext/EngineBlockBundle/EventListener/RedirectToFeedbackPageExceptionListener.php index a1b8a7192a..b8bc2daeb8 100644 --- a/src/OpenConext/EngineBlockBundle/EventListener/RedirectToFeedbackPageExceptionListener.php +++ b/src/OpenConext/EngineBlockBundle/EventListener/RedirectToFeedbackPageExceptionListener.php @@ -163,7 +163,7 @@ public function onKernelException(ExceptionEvent $event) $message = 'Unable to verify message'; $redirectToRoute = 'authentication_feedback_verification_failed'; } elseif ($exception instanceof EngineBlock_Exception_UnknownServiceProvider) { - $message = 'Unknown Service Provider'; + $message = 'Unknown application'; $redirectToRoute = 'authentication_feedback_unknown_service_provider'; $redirectParams = [ diff --git a/tests/functional/OpenConext/EngineBlockBundle/Controller/FeedbackControllerTest.php b/tests/functional/OpenConext/EngineBlockBundle/Controller/FeedbackControllerTest.php index 79aa32756e..587dd52683 100644 --- a/tests/functional/OpenConext/EngineBlockBundle/Controller/FeedbackControllerTest.php +++ b/tests/functional/OpenConext/EngineBlockBundle/Controller/FeedbackControllerTest.php @@ -62,7 +62,7 @@ public function unable_to_receive_message_returns_400_with_expected_content(): v #[Test] public function unknown_requesterid_in_authnrequest_returns_400_with_expected_content(): void { - $this->assertFeedbackPage('/authentication/feedback/unknown_requesterid_in_authnrequest', Response::HTTP_BAD_REQUEST, 'Unknown service'); + $this->assertFeedbackPage('/authentication/feedback/unknown_requesterid_in_authnrequest', Response::HTTP_BAD_REQUEST, 'Unknown application'); } #[Test] From 3875ab208437c3cc81525c31c0bd2df19e4d12fa Mon Sep 17 00:00:00 2001 From: Floris Fokkinga Date: Wed, 10 Jun 2026 09:53:41 +0200 Subject: [PATCH 30/31] fix more tests --- .../Features/AcsTinkering.feature | 4 +-- .../Features/AttributeAggregation.feature | 2 +- .../Features/AttributeManipulation.feature | 8 +++--- .../AttributeManipulationException.feature | 4 +-- ...nWithAllManipulationsBeforeConsent.feature | 4 +-- .../Features/AttributeReleasePolicy.feature | 26 +++++++++---------- ...yWithAllManipulationsBeforeConsent.feature | 12 ++++----- .../Features/AzureDomainHint.feature | 2 +- .../Features/Bindings.feature | 2 +- .../Features/ClearErrorMessages.feature | 6 ++--- .../Features/Consent.feature | 4 +-- .../Features/CorrelationId.feature | 2 +- .../Features/Discoveries.feature | 2 +- .../DisplayUnconnectedIdpsWayf.feature | 2 +- .../Features/EduPersonTargetedId.feature | 10 +++---- .../Features/Encryption.feature | 2 +- .../Features/FeedbackFooters.feature | 2 +- .../Features/InternalCollabPersonId.feature | 4 +-- .../Features/IsPassive.feature | 2 +- .../Features/LocaleSelection.feature | 2 +- .../Features/Logout.feature | 2 +- .../Features/Metadata.feature | 4 +-- .../Features/MfaAuthnContextClassRef.feature | 4 +-- .../Features/MultipleSingleSignOn.feature | 4 +-- .../Features/NameIdFormat.feature | 2 +- .../Features/PolicyEnforcement.feature | 6 ++--- .../Features/SbsFlowIntegration.feature | 6 ++--- .../Features/SessionIndex.feature | 2 +- .../SignatureBypassVulnerability.feature | 2 +- .../Features/SingleSignOn.feature | 4 +-- .../Features/SingleSignOnWithScoping.feature | 4 +-- .../Features/SpProxy.feature | 10 +++---- .../Features/StatusCodes.feature | 2 +- .../Features/Stepup.feature | 6 ++--- .../Features/StepupKeyRollover.feature | 6 ++--- .../Features/UnsolicitedSingleSignOn.feature | 2 +- .../UnsolicitedSingleSignOnDisabled.feature | 2 +- 37 files changed, 85 insertions(+), 85 deletions(-) diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AcsTinkering.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AcsTinkering.feature index 50d58ba522..6d077a534e 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AcsTinkering.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AcsTinkering.feature @@ -8,8 +8,8 @@ Feature: And no registered SPs And no registered Idps And an Identity Provider named "AlwaysAuth" - And a Service Provider named "Malicious SP" - And a Service Provider named "Malconfigured SP" + And an application named "Malicious SP" + And an application named "Malconfigured SP" And SP "Malicious SP" is set with acs location "javascript:alert('Hello world')" And SP "Malconfigured SP" is set with acs location "sp.example.com" diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeAggregation.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeAggregation.feature index 3c5ad6aad0..e3d255dc1b 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeAggregation.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeAggregation.feature @@ -8,7 +8,7 @@ Feature: And no registered SPs And no registered Idps And an Identity Provider named "IDP-AA" - And a Service Provider named "SP-AA" + And an application named "SP-AA" And SP "SP-AA" requires attribute aggregation And feature "eb.run_all_manipulations_prior_to_consent" is disabled diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeManipulation.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeManipulation.feature index 9fb07fa755..86e79f2f00 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeManipulation.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeManipulation.feature @@ -9,10 +9,10 @@ Feature: And no registered Idps And an Identity Provider named "Dummy-IdP" And an Identity Provider named "IdP-with-Attribute-Manipulations" - And a Service Provider named "Dummy-SP" - And a Service Provider named "SP-with-Attribute-Manipulations" - And a Service Provider named "Stepup Gateway" - And a Service Provider named "Stepup SelfService" + And an application named "Dummy-SP" + And an application named "SP-with-Attribute-Manipulations" + And an application named "Stepup Gateway" + And an application named "Stepup SelfService" And feature "eb.run_all_manipulations_prior_to_consent" is disabled Scenario: The application can have an attribute added diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeManipulationException.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeManipulationException.feature index 3935b7bafc..737ee18c5a 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeManipulationException.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeManipulationException.feature @@ -9,8 +9,8 @@ Feature: And no registered Idps And an Identity Provider named "Dummy-IdP" And an Identity Provider named "IdP-with-Attribute-Manipulations" - And a Service Provider named "Dummy-SP" - And a Service Provider named "SP-with-Attribute-Manipulations" + And an application named "Dummy-SP" + And an application named "SP-with-Attribute-Manipulations" Scenario: The application can have an attribute added Given SP "SP-with-Attribute-Manipulations" has the following Attribute Manipulation: diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeManipulationWithAllManipulationsBeforeConsent.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeManipulationWithAllManipulationsBeforeConsent.feature index c1afab4f43..2be3f96d19 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeManipulationWithAllManipulationsBeforeConsent.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeManipulationWithAllManipulationsBeforeConsent.feature @@ -9,8 +9,8 @@ Feature: And no registered Idps And an Identity Provider named "Dummy-IdP" And an Identity Provider named "IdP-with-Attribute-Manipulations" - And a Service Provider named "Dummy-SP" - And a Service Provider named "SP-with-Attribute-Manipulations" + And an application named "Dummy-SP" + And an application named "SP-with-Attribute-Manipulations" And feature "eb.run_all_manipulations_prior_to_consent" is enabled Scenario: The application can have an attribute added diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeReleasePolicy.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeReleasePolicy.feature index 8bfe708664..5b244c9dc2 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeReleasePolicy.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeReleasePolicy.feature @@ -8,19 +8,19 @@ Feature: And no registered SPs And no registered Idps And an Identity Provider named "TestIdp" - And a Service Provider named "No ARP" - And a Service Provider named "Empty ARP" - And a Service Provider named "Wildcard ARP" - And a Service Provider named "Wrong Value ARP" - And a Service Provider named "Right Value ARP" - And a Service Provider named "Specific Value ARP" - And a Service Provider named "Two value ARP" - And a Service Provider named "Trusted Proxy" - And a Service Provider named "Stepup Gateway" - And a Service Provider named "Stepup SelfService" - And a Service Provider named "Release As" - And a Service Provider named "Use as NameID" - And a Service Provider named "Use as NameID and Release As" + And an application named "No ARP" + And an application named "Empty ARP" + And an application named "Wildcard ARP" + And an application named "Wrong Value ARP" + And an application named "Right Value ARP" + And an application named "Specific Value ARP" + And an application named "Two value ARP" + And an application named "Trusted Proxy" + And an application named "Stepup Gateway" + And an application named "Stepup SelfService" + And an application named "Release As" + And an application named "Use as NameID" + And an application named "Use as NameID and Release As" And SP "Empty ARP" allows no attributes And SP "Wildcard ARP" allows an attribute named "urn:mace:dir:attribute-def:uid" And SP "Wrong Value ARP" allows an attribute named "urn:mace:terena.org:attribute-def:schacHomeOrganization" with value "example.edu" diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeReleasePolicyWithAllManipulationsBeforeConsent.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeReleasePolicyWithAllManipulationsBeforeConsent.feature index 0ea500c307..5838860c0f 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeReleasePolicyWithAllManipulationsBeforeConsent.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeReleasePolicyWithAllManipulationsBeforeConsent.feature @@ -8,12 +8,12 @@ Feature: And no registered SPs And no registered Idps And an Identity Provider named "TestIdp" - And a Service Provider named "No ARP" - And a Service Provider named "Empty ARP" - And a Service Provider named "Wildcard ARP" - And a Service Provider named "Wrong Value ARP" - And a Service Provider named "Right Value ARP" - And a Service Provider named "Two value ARP" + And an application named "No ARP" + And an application named "Empty ARP" + And an application named "Wildcard ARP" + And an application named "Wrong Value ARP" + And an application named "Right Value ARP" + And an application named "Two value ARP" And SP "Empty ARP" allows no attributes And SP "Wildcard ARP" allows an attribute named "urn:mace:dir:attribute-def:uid" And SP "Wrong Value ARP" allows an attribute named "urn:mace:terena.org:attribute-def:schacHomeOrganization" with value "example.edu" diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AzureDomainHint.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AzureDomainHint.feature index c46074f43f..de61b35e00 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AzureDomainHint.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AzureDomainHint.feature @@ -9,7 +9,7 @@ Feature: Azure / EntraID domain hint And no registered SPs And no registered Idps And an Identity Provider named "Azure IdP" - And a Service Provider named "Dummy SP" + And an application named "Dummy SP" Scenario: EngineBlock appends whr query parameter when coin:azure_domain_hint is configured Given IDP "Azure IdP" has Azure domain hint "hartingcollege.nl" diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Bindings.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Bindings.feature index 8c631c783d..c9b6077b40 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Bindings.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Bindings.feature @@ -8,7 +8,7 @@ Feature: And no registered SPs And no registered Idps And an Identity Provider named "Dummy Idp" - And a Service Provider named "Dummy SP" + And an application named "Dummy SP" Scenario: EngineBlock accepts AuthnRequests using HTTP-POST binding Given the SP uses the HTTP POST Binding diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/ClearErrorMessages.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/ClearErrorMessages.feature index 2ad7a51b9d..624bb197d3 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/ClearErrorMessages.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/ClearErrorMessages.feature @@ -8,9 +8,9 @@ Feature: And no registered SPs And no registered Idps And an Identity Provider named "Dummy Idp" - And a Service Provider named "Dummy SP" - And a Service Provider named "Unconnected SP" - And a Service Provider named "Trusted SP" + And an application named "Dummy SP" + And an application named "Unconnected SP" + And an application named "Trusted SP" And an unregistered application named "Unregistered SP" And SP "Unconnected SP" is not connected to IdP "Dummy Idp" diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Consent.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Consent.feature index fbd2984e44..32d7aacd33 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Consent.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Consent.feature @@ -7,8 +7,8 @@ Feature: Background: Given an EngineBlock instance on "dev.openconext.local" And an Identity Provider named "Dummy-IdP" - And a Service Provider named "Dummy-SP" - And a Service Provider named "Trusted Proxy" + And an application named "Dummy-SP" + And an application named "Trusted Proxy" And SP "Dummy-SP" allows the following attributes: | Name | Value | Source | Motivation | diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/CorrelationId.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/CorrelationId.feature index bd29a89b11..13d65dd258 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/CorrelationId.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/CorrelationId.feature @@ -7,7 +7,7 @@ Feature: Given an EngineBlock instance on "dev.openconext.local" And no registered SPs And no registered Idps - And a Service Provider named "CorrId-SP" + And an application named "CorrId-SP" Scenario: A user authenticating via the WAYF completes the full four-leg flow Given an Identity Provider named "CorrId-IdP-A" diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Discoveries.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Discoveries.feature index 35e4b7a9eb..3e05b5c052 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Discoveries.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Discoveries.feature @@ -7,7 +7,7 @@ Feature: Given an EngineBlock instance on "dev.openconext.local" And an Identity Provider named "Dummy-IdP" with discovery "Dummy Discovery" And an Identity Provider named "Second IdP to trigger wayf" - And a Service Provider named "Dummy-SP" + And an application named "Dummy-SP" And SP "Dummy-SP" allows the following attributes: | Name | Value | Source | Motivation | diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/DisplayUnconnectedIdpsWayf.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/DisplayUnconnectedIdpsWayf.feature index df3def8c90..a15bd684f4 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/DisplayUnconnectedIdpsWayf.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/DisplayUnconnectedIdpsWayf.feature @@ -7,7 +7,7 @@ Feature: Given an EngineBlock instance on "dev.openconext.local" And no registered SPs And no registered Idps - And a Service Provider named "SP" + And an application named "SP" And an Identity Provider named "Connected IdP1" And an Identity Provider named "Connected IdP2" And an Identity Provider named "Unconnected IdP1" diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/EduPersonTargetedId.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/EduPersonTargetedId.feature index 7d0f38f437..0810db464a 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/EduPersonTargetedId.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/EduPersonTargetedId.feature @@ -8,11 +8,11 @@ Feature: And no registered SPs And no registered Idps And an Identity Provider named "TestIdp" - And a Service Provider named "No ARP" - And a Service Provider named "Empty ARP" - And a Service Provider named "ARP without ePTI" - And a Service Provider named "ARP with ePTI" - And a Service Provider named "Step Up" + And an application named "No ARP" + And an application named "Empty ARP" + And an application named "ARP without ePTI" + And an application named "ARP with ePTI" + And an application named "Step Up" And SP "ARP with ePTI" uses the Unspecified NameID format And SP "Empty ARP" allows no attributes And SP "ARP without ePTI" allows an attribute named "urn:mace:dir:attribute-def:uid" diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Encryption.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Encryption.feature index 3ef9bad094..9194bc156d 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Encryption.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Encryption.feature @@ -8,7 +8,7 @@ Feature: And no registered SPs And no registered Idps And an Identity Provider named "Dummy Idp" - And a Service Provider named "Dummy SP" + And an application named "Dummy SP" Scenario: EngineBlock accepts RSA Encrypted Responses Given the SP uses the HTTP POST Binding diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/FeedbackFooters.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/FeedbackFooters.feature index aa06df815a..b95db1e989 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/FeedbackFooters.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/FeedbackFooters.feature @@ -8,7 +8,7 @@ Feature: And no registered SPs And no registered Idps And an Identity Provider named "Dummy Idp" - And a Service Provider named "Dummy SP" + And an application named "Dummy SP" Scenario: When a wiki link is configured in a translation the wiki link should be visible Given I have configured the following translations: diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/InternalCollabPersonId.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/InternalCollabPersonId.feature index bc7fb71327..9b3a4e3a6f 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/InternalCollabPersonId.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/InternalCollabPersonId.feature @@ -8,8 +8,8 @@ Feature: And no registered SPs And no registered Idps And an Identity Provider named "AlwaysAuth" - And a Service Provider named "Step Up TP" - And a Service Provider named "SelfService" + And an application named "Step Up TP" + And an application named "SelfService" Scenario: User logs in to SP, in that case the internalCollabPersonId should NOT be present Given SP "SelfService" signs its requests diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/IsPassive.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/IsPassive.feature index 2280e126ac..70a4275d5e 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/IsPassive.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/IsPassive.feature @@ -8,7 +8,7 @@ Feature: And no registered SPs And no registered Idps And an Identity Provider named "Dummy IdP" - And a Service Provider named "Dummy SP" + And an application named "Dummy SP" Scenario: A passive AuthnRequest is handled without issue Given SP "Dummy SP" is configured to generate a passive AuthnRequest diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/LocaleSelection.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/LocaleSelection.feature index d90cb8e8ef..3d47d671ab 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/LocaleSelection.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/LocaleSelection.feature @@ -8,7 +8,7 @@ Feature: Given an EngineBlock instance on "dev.openconext.local" And an Identity Provider named "First IdP" And an Identity Provider named "Second IdP" - And a Service Provider named "Test SP" + And an application named "Test SP" And my browser is configured to accept language "nl-NL" Scenario: a user makes their first visit and doesn't have a locale cookie diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Logout.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Logout.feature index 27ad08cbd0..0c288ab3ab 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Logout.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Logout.feature @@ -8,7 +8,7 @@ Feature: And no registered SPs And no registered Idps And an Identity Provider named "Dummy IdP" - And a Service Provider named "Dummy SP" + And an application named "Dummy SP" Scenario: A user can log out When I log in at "Dummy SP" diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Metadata.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Metadata.feature index 864cc43449..9e0249b647 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Metadata.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Metadata.feature @@ -123,7 +123,7 @@ Feature: Given an Identity Provider named "Connected-IdP" And an Identity Provider named "Second-Connected-IdP" And an Identity Provider named "Not-Connected-IdP" - And a Service Provider named "Test-SP" + And an application named "Test-SP" And SP "Test-SP" is not connected to IdP "Not-Connected-IdP" When I go to Engineblock URL "/authentication/proxy/idps-metadata?sp-entity-id=https://engine.dev.openconext.local/functional-testing/Test-SP/metadata" # Verify the two connected IdPs are present in the list @@ -205,7 +205,7 @@ Feature: Given an Identity Provider named "Connected-IdP" And an Identity Provider named "Second-Connected-IdP" And an Identity Provider named "Not-Connected-IdP" - And a Service Provider named "Test-SP" + And an application named "Test-SP" And SP "Test-SP" is not connected to IdP "Not-Connected-IdP" When I go to Engineblock URL "/authentication/proxy/idps-metadata/key:default?sp-entity-id=https://engine.dev.openconext.local/functional-testing/Test-SP/metadata" # Verify the two connected IdPs are present in the list diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/MfaAuthnContextClassRef.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/MfaAuthnContextClassRef.feature index d3896ff0ae..764e96f23d 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/MfaAuthnContextClassRef.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/MfaAuthnContextClassRef.feature @@ -8,8 +8,8 @@ Feature: And no registered SPs And no registered Idps And an Identity Provider named "SSO-IdP" - And a Service Provider named "SSO-SP" - And a Service Provider named "Trusted SP" + And an application named "SSO-SP" + And an application named "Trusted SP" Scenario: The configured authn method should be set as AuthnContextClassRef if configured with the IdP configuration mapping Given the IdP "SSO-IdP" is configured for MFA authn method "http://schemas.microsoft.com/claims/multipleauthn" for SP "SSO-SP" diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/MultipleSingleSignOn.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/MultipleSingleSignOn.feature index be640ba9a7..dd15355228 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/MultipleSingleSignOn.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/MultipleSingleSignOn.feature @@ -9,8 +9,8 @@ Feature: And no registered SPs And no registered Idps And an Identity Provider named "SSO-IdP" - And a Service Provider named "SSO-SP" - And a Service Provider named "SSO-Two" + And an application named "SSO-SP" + And an application named "SSO-Two" And I open 2 browser tabs identified by "Browser tab 1, Browser tab 2" Scenario: Two solicited authentication requests sequential diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/NameIdFormat.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/NameIdFormat.feature index 60c6f3e98c..2f135c9b53 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/NameIdFormat.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/NameIdFormat.feature @@ -8,7 +8,7 @@ Feature: And no registered SPs And no registered Idps And an Identity Provider named "SSO-IdP" - And a Service Provider named "SSO-SP" + And an application named "SSO-SP" Scenario: EngineBlock should not update the Unspecified NameIdFormat when no ARP filters are applied Given SP "SSO-SP" uses the Unspecified NameID format diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/PolicyEnforcement.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/PolicyEnforcement.feature index 903fa5a4e2..dae0a57a6c 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/PolicyEnforcement.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/PolicyEnforcement.feature @@ -8,9 +8,9 @@ Feature: And no registered SPs And no registered Idps And an Identity Provider named "Dummy IdP" with logo "idp-logo.jpg" - And a Service Provider named "Dummy SP" - And a Service Provider named "Stepup Gateway" - And a Service Provider named "Stepup SelfService" + And an application named "Dummy SP" + And an application named "Stepup Gateway" + And an application named "Stepup SelfService" Scenario: Access is denied because of an IdP specific Deny policy a logo is shown Given SP "Dummy SP" requires a policy enforcement decision diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/SbsFlowIntegration.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/SbsFlowIntegration.feature index 1e54654568..ed9e0fd562 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/SbsFlowIntegration.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/SbsFlowIntegration.feature @@ -8,7 +8,7 @@ Feature: And no registered SPs And no registered Idps And an Identity Provider named "SSO-IdP" - And a Service Provider named "SSO-SP" + And an application named "SSO-SP" Scenario: If the SBS authz check returns 'interrupt', the browser is redirected to SBS Given the SP "SSO-SP" requires SRAM collaboration @@ -149,8 +149,8 @@ Feature: Scenario: SBS 'authorized' flow works with trusted proxy Given an Identity Provider named "Trusted-IdP" - And a Service Provider named "Proxy-SP" - And a Service Provider named "End-SP" + And an application named "Proxy-SP" + And an application named "End-SP" And the SP "End-SP" requires SRAM collaboration And feature "eb.feature_enable_sram_interrupt" is enabled And the sbs server will trigger the "authorized" authz flow when called diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/SessionIndex.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/SessionIndex.feature index 4b3af8d3f7..a8b9defc99 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/SessionIndex.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/SessionIndex.feature @@ -8,7 +8,7 @@ Feature: And no registered SPs And no registered Idps And an Identity Provider named "IP" - And a Service Provider named "SP" + And an application named "SP" Scenario: User logs in to SP, in that case the session index should be the assertion id And SP "SP" does not require consent diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/SignatureBypassVulnerability.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/SignatureBypassVulnerability.feature index 8a5642c3ec..2756e3ef10 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/SignatureBypassVulnerability.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/SignatureBypassVulnerability.feature @@ -8,7 +8,7 @@ Feature: And no registered SPs And no registered Idps And an Identity Provider named "IdP" - And a Service Provider named "SP" + And an application named "SP" Scenario: Throw an exception if the assertion signature is tampered with When I log in at "SP" diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/SingleSignOn.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/SingleSignOn.feature index 770d871a23..667c460874 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/SingleSignOn.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/SingleSignOn.feature @@ -9,8 +9,8 @@ Feature: And no registered Idps And an Identity Provider named "SSO-IdP" And an Identity Provider named "SSO-Foobar" - And a Service Provider named "SSO-SP" - And a Service Provider named "SSO-Foobar" + And an application named "SSO-SP" + And an application named "SSO-Foobar" Scenario: IdPs are allowed to create NameIDs When I log in at "SSO-SP" diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/SingleSignOnWithScoping.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/SingleSignOnWithScoping.feature index 8a5f15d9c9..6661a13b7f 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/SingleSignOnWithScoping.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/SingleSignOnWithScoping.feature @@ -11,8 +11,8 @@ Feature: And an Identity Provider named "IDP2" And an Identity Provider named "IDP3" And an Identity Provider named "IDP4" - And a Service Provider named "SP" - And a Service Provider named "remoteSP" + And an application named "SP" + And an application named "remoteSP" Scenario: The WAYF shows only allowed IDPs Given SP "SP" is not connected to IdP "IDP2" diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/SpProxy.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/SpProxy.feature index 59fd694f83..bd457bfd7c 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/SpProxy.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/SpProxy.feature @@ -11,11 +11,11 @@ Feature: And an Identity Provider named "StepUpOnlyAuth" And an Identity Provider named "LoaOnlyAuth" And an Identity Provider named "CombinedAuth" - And a Service Provider named "Step Up" - And a Service Provider named "Loa SP" - And a Service Provider named "Far SP" - And a Service Provider named "Test SP" - And a Service Provider named "Second SP" + And an application named "Step Up" + And an application named "Loa SP" + And an application named "Far SP" + And an application named "Test SP" + And an application named "Second SP" And an unregistered application named "Unregistered SP" And SP "Far SP" is not connected to IdP "CombinedAuth" And SP "Far SP" is not connected to IdP "LoaOnlyAuth" diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/StatusCodes.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/StatusCodes.feature index 155363d6c9..b7ddd75a7b 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/StatusCodes.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/StatusCodes.feature @@ -8,7 +8,7 @@ Feature: And no registered SPs And no registered Idps And an Identity Provider named "Dummy Idp" - And a Service Provider named "Dummy SP" + And an application named "Dummy SP" Scenario: Proxying exceeds the allowed ProxyCount in the AuthnRequest Given SP "Dummy SP" is configured to generate a AuthnRequest with a ProxyCount of 0 diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Stepup.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Stepup.feature index ccb8d42c1d..d27eae401a 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Stepup.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Stepup.feature @@ -8,10 +8,10 @@ Feature: And no registered SPs And no registered Idps And an Identity Provider named "SSO-IdP" - And a Service Provider named "SSO-SP" + And an application named "SSO-SP" And an Identity Provider named "Dummy-IdP" - And a Service Provider named "Dummy-SP" - And a Service Provider named "Proxy-SP" + And an application named "Dummy-SP" + And an application named "Proxy-SP" Scenario: Stepup authentication should be supported if set through SP configuration Given the SP "SSO-SP" requires Stepup LoA "http://dev.openconext.local/assurance/loa2" diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/StepupKeyRollover.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/StepupKeyRollover.feature index a2d476ea57..82b6b21240 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/StepupKeyRollover.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/StepupKeyRollover.feature @@ -10,10 +10,10 @@ Feature: And no registered SPs And no registered Idps And an Identity Provider named "SSO-IdP" - And a Service Provider named "SSO-SP" + And an application named "SSO-SP" And an Identity Provider named "Dummy-IdP" - And a Service Provider named "Dummy-SP" - And a Service Provider named "Proxy-SP" + And an application named "Dummy-SP" + And an application named "Proxy-SP" Scenario: When stepup.sfo.override_engine_entityid is not configured, stepup/metadata should show default EntityId Given feature "eb.stepup.sfo.override_engine_entityid" is disabled diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/UnsolicitedSingleSignOn.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/UnsolicitedSingleSignOn.feature index 986459f2ae..d3e58d0cd5 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/UnsolicitedSingleSignOn.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/UnsolicitedSingleSignOn.feature @@ -8,7 +8,7 @@ Feature: And no registered SPs And no registered Idps And an Identity Provider named "Dummy IdP" - And a Service Provider named "Dummy SP" + And an application named "Dummy SP" Scenario: An IdP can initiated a login When An IdP initiated Single Sign on for SP "Dummy SP" is triggered by IdP "Dummy IdP" diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/UnsolicitedSingleSignOnDisabled.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/UnsolicitedSingleSignOnDisabled.feature index 9695966898..e29feed875 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/UnsolicitedSingleSignOnDisabled.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/UnsolicitedSingleSignOnDisabled.feature @@ -9,7 +9,7 @@ Feature: And no registered SPs And no registered Idps And an Identity Provider named "Dummy IdP" - And a Service Provider named "Dummy SP" + And an application named "Dummy SP" # The feature flag: eb.feature_enable_idp_initiated_flow can disable unsolicited login # EB Shows a 404 page in that case as the entire HTTP route is blocked in that case From 8e8f5a3d543a24e132927d907de11e40d6110f4c Mon Sep 17 00:00:00 2001 From: Floris Fokkinga Date: Wed, 10 Jun 2026 14:54:44 +0200 Subject: [PATCH 31/31] Revert "fix more tests" This reverts commit 3875ab208437c3cc81525c31c0bd2df19e4d12fa. --- .../Features/AcsTinkering.feature | 4 +-- .../Features/AttributeAggregation.feature | 2 +- .../Features/AttributeManipulation.feature | 8 +++--- .../AttributeManipulationException.feature | 4 +-- ...nWithAllManipulationsBeforeConsent.feature | 4 +-- .../Features/AttributeReleasePolicy.feature | 26 +++++++++---------- ...yWithAllManipulationsBeforeConsent.feature | 12 ++++----- .../Features/AzureDomainHint.feature | 2 +- .../Features/Bindings.feature | 2 +- .../Features/ClearErrorMessages.feature | 6 ++--- .../Features/Consent.feature | 4 +-- .../Features/CorrelationId.feature | 2 +- .../Features/Discoveries.feature | 2 +- .../DisplayUnconnectedIdpsWayf.feature | 2 +- .../Features/EduPersonTargetedId.feature | 10 +++---- .../Features/Encryption.feature | 2 +- .../Features/FeedbackFooters.feature | 2 +- .../Features/InternalCollabPersonId.feature | 4 +-- .../Features/IsPassive.feature | 2 +- .../Features/LocaleSelection.feature | 2 +- .../Features/Logout.feature | 2 +- .../Features/Metadata.feature | 4 +-- .../Features/MfaAuthnContextClassRef.feature | 4 +-- .../Features/MultipleSingleSignOn.feature | 4 +-- .../Features/NameIdFormat.feature | 2 +- .../Features/PolicyEnforcement.feature | 6 ++--- .../Features/SbsFlowIntegration.feature | 6 ++--- .../Features/SessionIndex.feature | 2 +- .../SignatureBypassVulnerability.feature | 2 +- .../Features/SingleSignOn.feature | 4 +-- .../Features/SingleSignOnWithScoping.feature | 4 +-- .../Features/SpProxy.feature | 10 +++---- .../Features/StatusCodes.feature | 2 +- .../Features/Stepup.feature | 6 ++--- .../Features/StepupKeyRollover.feature | 6 ++--- .../Features/UnsolicitedSingleSignOn.feature | 2 +- .../UnsolicitedSingleSignOnDisabled.feature | 2 +- 37 files changed, 85 insertions(+), 85 deletions(-) diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AcsTinkering.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AcsTinkering.feature index 6d077a534e..50d58ba522 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AcsTinkering.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AcsTinkering.feature @@ -8,8 +8,8 @@ Feature: And no registered SPs And no registered Idps And an Identity Provider named "AlwaysAuth" - And an application named "Malicious SP" - And an application named "Malconfigured SP" + And a Service Provider named "Malicious SP" + And a Service Provider named "Malconfigured SP" And SP "Malicious SP" is set with acs location "javascript:alert('Hello world')" And SP "Malconfigured SP" is set with acs location "sp.example.com" diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeAggregation.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeAggregation.feature index e3d255dc1b..3c5ad6aad0 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeAggregation.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeAggregation.feature @@ -8,7 +8,7 @@ Feature: And no registered SPs And no registered Idps And an Identity Provider named "IDP-AA" - And an application named "SP-AA" + And a Service Provider named "SP-AA" And SP "SP-AA" requires attribute aggregation And feature "eb.run_all_manipulations_prior_to_consent" is disabled diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeManipulation.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeManipulation.feature index 86e79f2f00..9fb07fa755 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeManipulation.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeManipulation.feature @@ -9,10 +9,10 @@ Feature: And no registered Idps And an Identity Provider named "Dummy-IdP" And an Identity Provider named "IdP-with-Attribute-Manipulations" - And an application named "Dummy-SP" - And an application named "SP-with-Attribute-Manipulations" - And an application named "Stepup Gateway" - And an application named "Stepup SelfService" + And a Service Provider named "Dummy-SP" + And a Service Provider named "SP-with-Attribute-Manipulations" + And a Service Provider named "Stepup Gateway" + And a Service Provider named "Stepup SelfService" And feature "eb.run_all_manipulations_prior_to_consent" is disabled Scenario: The application can have an attribute added diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeManipulationException.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeManipulationException.feature index 737ee18c5a..3935b7bafc 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeManipulationException.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeManipulationException.feature @@ -9,8 +9,8 @@ Feature: And no registered Idps And an Identity Provider named "Dummy-IdP" And an Identity Provider named "IdP-with-Attribute-Manipulations" - And an application named "Dummy-SP" - And an application named "SP-with-Attribute-Manipulations" + And a Service Provider named "Dummy-SP" + And a Service Provider named "SP-with-Attribute-Manipulations" Scenario: The application can have an attribute added Given SP "SP-with-Attribute-Manipulations" has the following Attribute Manipulation: diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeManipulationWithAllManipulationsBeforeConsent.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeManipulationWithAllManipulationsBeforeConsent.feature index 2be3f96d19..c1afab4f43 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeManipulationWithAllManipulationsBeforeConsent.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeManipulationWithAllManipulationsBeforeConsent.feature @@ -9,8 +9,8 @@ Feature: And no registered Idps And an Identity Provider named "Dummy-IdP" And an Identity Provider named "IdP-with-Attribute-Manipulations" - And an application named "Dummy-SP" - And an application named "SP-with-Attribute-Manipulations" + And a Service Provider named "Dummy-SP" + And a Service Provider named "SP-with-Attribute-Manipulations" And feature "eb.run_all_manipulations_prior_to_consent" is enabled Scenario: The application can have an attribute added diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeReleasePolicy.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeReleasePolicy.feature index 5b244c9dc2..8bfe708664 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeReleasePolicy.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeReleasePolicy.feature @@ -8,19 +8,19 @@ Feature: And no registered SPs And no registered Idps And an Identity Provider named "TestIdp" - And an application named "No ARP" - And an application named "Empty ARP" - And an application named "Wildcard ARP" - And an application named "Wrong Value ARP" - And an application named "Right Value ARP" - And an application named "Specific Value ARP" - And an application named "Two value ARP" - And an application named "Trusted Proxy" - And an application named "Stepup Gateway" - And an application named "Stepup SelfService" - And an application named "Release As" - And an application named "Use as NameID" - And an application named "Use as NameID and Release As" + And a Service Provider named "No ARP" + And a Service Provider named "Empty ARP" + And a Service Provider named "Wildcard ARP" + And a Service Provider named "Wrong Value ARP" + And a Service Provider named "Right Value ARP" + And a Service Provider named "Specific Value ARP" + And a Service Provider named "Two value ARP" + And a Service Provider named "Trusted Proxy" + And a Service Provider named "Stepup Gateway" + And a Service Provider named "Stepup SelfService" + And a Service Provider named "Release As" + And a Service Provider named "Use as NameID" + And a Service Provider named "Use as NameID and Release As" And SP "Empty ARP" allows no attributes And SP "Wildcard ARP" allows an attribute named "urn:mace:dir:attribute-def:uid" And SP "Wrong Value ARP" allows an attribute named "urn:mace:terena.org:attribute-def:schacHomeOrganization" with value "example.edu" diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeReleasePolicyWithAllManipulationsBeforeConsent.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeReleasePolicyWithAllManipulationsBeforeConsent.feature index 5838860c0f..0ea500c307 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeReleasePolicyWithAllManipulationsBeforeConsent.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeReleasePolicyWithAllManipulationsBeforeConsent.feature @@ -8,12 +8,12 @@ Feature: And no registered SPs And no registered Idps And an Identity Provider named "TestIdp" - And an application named "No ARP" - And an application named "Empty ARP" - And an application named "Wildcard ARP" - And an application named "Wrong Value ARP" - And an application named "Right Value ARP" - And an application named "Two value ARP" + And a Service Provider named "No ARP" + And a Service Provider named "Empty ARP" + And a Service Provider named "Wildcard ARP" + And a Service Provider named "Wrong Value ARP" + And a Service Provider named "Right Value ARP" + And a Service Provider named "Two value ARP" And SP "Empty ARP" allows no attributes And SP "Wildcard ARP" allows an attribute named "urn:mace:dir:attribute-def:uid" And SP "Wrong Value ARP" allows an attribute named "urn:mace:terena.org:attribute-def:schacHomeOrganization" with value "example.edu" diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AzureDomainHint.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AzureDomainHint.feature index de61b35e00..c46074f43f 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AzureDomainHint.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AzureDomainHint.feature @@ -9,7 +9,7 @@ Feature: Azure / EntraID domain hint And no registered SPs And no registered Idps And an Identity Provider named "Azure IdP" - And an application named "Dummy SP" + And a Service Provider named "Dummy SP" Scenario: EngineBlock appends whr query parameter when coin:azure_domain_hint is configured Given IDP "Azure IdP" has Azure domain hint "hartingcollege.nl" diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Bindings.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Bindings.feature index c9b6077b40..8c631c783d 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Bindings.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Bindings.feature @@ -8,7 +8,7 @@ Feature: And no registered SPs And no registered Idps And an Identity Provider named "Dummy Idp" - And an application named "Dummy SP" + And a Service Provider named "Dummy SP" Scenario: EngineBlock accepts AuthnRequests using HTTP-POST binding Given the SP uses the HTTP POST Binding diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/ClearErrorMessages.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/ClearErrorMessages.feature index 624bb197d3..2ad7a51b9d 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/ClearErrorMessages.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/ClearErrorMessages.feature @@ -8,9 +8,9 @@ Feature: And no registered SPs And no registered Idps And an Identity Provider named "Dummy Idp" - And an application named "Dummy SP" - And an application named "Unconnected SP" - And an application named "Trusted SP" + And a Service Provider named "Dummy SP" + And a Service Provider named "Unconnected SP" + And a Service Provider named "Trusted SP" And an unregistered application named "Unregistered SP" And SP "Unconnected SP" is not connected to IdP "Dummy Idp" diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Consent.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Consent.feature index 32d7aacd33..fbd2984e44 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Consent.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Consent.feature @@ -7,8 +7,8 @@ Feature: Background: Given an EngineBlock instance on "dev.openconext.local" And an Identity Provider named "Dummy-IdP" - And an application named "Dummy-SP" - And an application named "Trusted Proxy" + And a Service Provider named "Dummy-SP" + And a Service Provider named "Trusted Proxy" And SP "Dummy-SP" allows the following attributes: | Name | Value | Source | Motivation | diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/CorrelationId.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/CorrelationId.feature index 13d65dd258..bd29a89b11 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/CorrelationId.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/CorrelationId.feature @@ -7,7 +7,7 @@ Feature: Given an EngineBlock instance on "dev.openconext.local" And no registered SPs And no registered Idps - And an application named "CorrId-SP" + And a Service Provider named "CorrId-SP" Scenario: A user authenticating via the WAYF completes the full four-leg flow Given an Identity Provider named "CorrId-IdP-A" diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Discoveries.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Discoveries.feature index 3e05b5c052..35e4b7a9eb 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Discoveries.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Discoveries.feature @@ -7,7 +7,7 @@ Feature: Given an EngineBlock instance on "dev.openconext.local" And an Identity Provider named "Dummy-IdP" with discovery "Dummy Discovery" And an Identity Provider named "Second IdP to trigger wayf" - And an application named "Dummy-SP" + And a Service Provider named "Dummy-SP" And SP "Dummy-SP" allows the following attributes: | Name | Value | Source | Motivation | diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/DisplayUnconnectedIdpsWayf.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/DisplayUnconnectedIdpsWayf.feature index a15bd684f4..df3def8c90 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/DisplayUnconnectedIdpsWayf.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/DisplayUnconnectedIdpsWayf.feature @@ -7,7 +7,7 @@ Feature: Given an EngineBlock instance on "dev.openconext.local" And no registered SPs And no registered Idps - And an application named "SP" + And a Service Provider named "SP" And an Identity Provider named "Connected IdP1" And an Identity Provider named "Connected IdP2" And an Identity Provider named "Unconnected IdP1" diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/EduPersonTargetedId.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/EduPersonTargetedId.feature index 0810db464a..7d0f38f437 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/EduPersonTargetedId.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/EduPersonTargetedId.feature @@ -8,11 +8,11 @@ Feature: And no registered SPs And no registered Idps And an Identity Provider named "TestIdp" - And an application named "No ARP" - And an application named "Empty ARP" - And an application named "ARP without ePTI" - And an application named "ARP with ePTI" - And an application named "Step Up" + And a Service Provider named "No ARP" + And a Service Provider named "Empty ARP" + And a Service Provider named "ARP without ePTI" + And a Service Provider named "ARP with ePTI" + And a Service Provider named "Step Up" And SP "ARP with ePTI" uses the Unspecified NameID format And SP "Empty ARP" allows no attributes And SP "ARP without ePTI" allows an attribute named "urn:mace:dir:attribute-def:uid" diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Encryption.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Encryption.feature index 9194bc156d..3ef9bad094 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Encryption.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Encryption.feature @@ -8,7 +8,7 @@ Feature: And no registered SPs And no registered Idps And an Identity Provider named "Dummy Idp" - And an application named "Dummy SP" + And a Service Provider named "Dummy SP" Scenario: EngineBlock accepts RSA Encrypted Responses Given the SP uses the HTTP POST Binding diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/FeedbackFooters.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/FeedbackFooters.feature index b95db1e989..aa06df815a 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/FeedbackFooters.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/FeedbackFooters.feature @@ -8,7 +8,7 @@ Feature: And no registered SPs And no registered Idps And an Identity Provider named "Dummy Idp" - And an application named "Dummy SP" + And a Service Provider named "Dummy SP" Scenario: When a wiki link is configured in a translation the wiki link should be visible Given I have configured the following translations: diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/InternalCollabPersonId.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/InternalCollabPersonId.feature index 9b3a4e3a6f..bc7fb71327 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/InternalCollabPersonId.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/InternalCollabPersonId.feature @@ -8,8 +8,8 @@ Feature: And no registered SPs And no registered Idps And an Identity Provider named "AlwaysAuth" - And an application named "Step Up TP" - And an application named "SelfService" + And a Service Provider named "Step Up TP" + And a Service Provider named "SelfService" Scenario: User logs in to SP, in that case the internalCollabPersonId should NOT be present Given SP "SelfService" signs its requests diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/IsPassive.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/IsPassive.feature index 70a4275d5e..2280e126ac 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/IsPassive.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/IsPassive.feature @@ -8,7 +8,7 @@ Feature: And no registered SPs And no registered Idps And an Identity Provider named "Dummy IdP" - And an application named "Dummy SP" + And a Service Provider named "Dummy SP" Scenario: A passive AuthnRequest is handled without issue Given SP "Dummy SP" is configured to generate a passive AuthnRequest diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/LocaleSelection.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/LocaleSelection.feature index 3d47d671ab..d90cb8e8ef 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/LocaleSelection.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/LocaleSelection.feature @@ -8,7 +8,7 @@ Feature: Given an EngineBlock instance on "dev.openconext.local" And an Identity Provider named "First IdP" And an Identity Provider named "Second IdP" - And an application named "Test SP" + And a Service Provider named "Test SP" And my browser is configured to accept language "nl-NL" Scenario: a user makes their first visit and doesn't have a locale cookie diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Logout.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Logout.feature index 0c288ab3ab..27ad08cbd0 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Logout.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Logout.feature @@ -8,7 +8,7 @@ Feature: And no registered SPs And no registered Idps And an Identity Provider named "Dummy IdP" - And an application named "Dummy SP" + And a Service Provider named "Dummy SP" Scenario: A user can log out When I log in at "Dummy SP" diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Metadata.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Metadata.feature index 9e0249b647..864cc43449 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Metadata.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Metadata.feature @@ -123,7 +123,7 @@ Feature: Given an Identity Provider named "Connected-IdP" And an Identity Provider named "Second-Connected-IdP" And an Identity Provider named "Not-Connected-IdP" - And an application named "Test-SP" + And a Service Provider named "Test-SP" And SP "Test-SP" is not connected to IdP "Not-Connected-IdP" When I go to Engineblock URL "/authentication/proxy/idps-metadata?sp-entity-id=https://engine.dev.openconext.local/functional-testing/Test-SP/metadata" # Verify the two connected IdPs are present in the list @@ -205,7 +205,7 @@ Feature: Given an Identity Provider named "Connected-IdP" And an Identity Provider named "Second-Connected-IdP" And an Identity Provider named "Not-Connected-IdP" - And an application named "Test-SP" + And a Service Provider named "Test-SP" And SP "Test-SP" is not connected to IdP "Not-Connected-IdP" When I go to Engineblock URL "/authentication/proxy/idps-metadata/key:default?sp-entity-id=https://engine.dev.openconext.local/functional-testing/Test-SP/metadata" # Verify the two connected IdPs are present in the list diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/MfaAuthnContextClassRef.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/MfaAuthnContextClassRef.feature index 764e96f23d..d3896ff0ae 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/MfaAuthnContextClassRef.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/MfaAuthnContextClassRef.feature @@ -8,8 +8,8 @@ Feature: And no registered SPs And no registered Idps And an Identity Provider named "SSO-IdP" - And an application named "SSO-SP" - And an application named "Trusted SP" + And a Service Provider named "SSO-SP" + And a Service Provider named "Trusted SP" Scenario: The configured authn method should be set as AuthnContextClassRef if configured with the IdP configuration mapping Given the IdP "SSO-IdP" is configured for MFA authn method "http://schemas.microsoft.com/claims/multipleauthn" for SP "SSO-SP" diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/MultipleSingleSignOn.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/MultipleSingleSignOn.feature index dd15355228..be640ba9a7 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/MultipleSingleSignOn.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/MultipleSingleSignOn.feature @@ -9,8 +9,8 @@ Feature: And no registered SPs And no registered Idps And an Identity Provider named "SSO-IdP" - And an application named "SSO-SP" - And an application named "SSO-Two" + And a Service Provider named "SSO-SP" + And a Service Provider named "SSO-Two" And I open 2 browser tabs identified by "Browser tab 1, Browser tab 2" Scenario: Two solicited authentication requests sequential diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/NameIdFormat.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/NameIdFormat.feature index 2f135c9b53..60c6f3e98c 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/NameIdFormat.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/NameIdFormat.feature @@ -8,7 +8,7 @@ Feature: And no registered SPs And no registered Idps And an Identity Provider named "SSO-IdP" - And an application named "SSO-SP" + And a Service Provider named "SSO-SP" Scenario: EngineBlock should not update the Unspecified NameIdFormat when no ARP filters are applied Given SP "SSO-SP" uses the Unspecified NameID format diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/PolicyEnforcement.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/PolicyEnforcement.feature index dae0a57a6c..903fa5a4e2 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/PolicyEnforcement.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/PolicyEnforcement.feature @@ -8,9 +8,9 @@ Feature: And no registered SPs And no registered Idps And an Identity Provider named "Dummy IdP" with logo "idp-logo.jpg" - And an application named "Dummy SP" - And an application named "Stepup Gateway" - And an application named "Stepup SelfService" + And a Service Provider named "Dummy SP" + And a Service Provider named "Stepup Gateway" + And a Service Provider named "Stepup SelfService" Scenario: Access is denied because of an IdP specific Deny policy a logo is shown Given SP "Dummy SP" requires a policy enforcement decision diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/SbsFlowIntegration.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/SbsFlowIntegration.feature index ed9e0fd562..1e54654568 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/SbsFlowIntegration.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/SbsFlowIntegration.feature @@ -8,7 +8,7 @@ Feature: And no registered SPs And no registered Idps And an Identity Provider named "SSO-IdP" - And an application named "SSO-SP" + And a Service Provider named "SSO-SP" Scenario: If the SBS authz check returns 'interrupt', the browser is redirected to SBS Given the SP "SSO-SP" requires SRAM collaboration @@ -149,8 +149,8 @@ Feature: Scenario: SBS 'authorized' flow works with trusted proxy Given an Identity Provider named "Trusted-IdP" - And an application named "Proxy-SP" - And an application named "End-SP" + And a Service Provider named "Proxy-SP" + And a Service Provider named "End-SP" And the SP "End-SP" requires SRAM collaboration And feature "eb.feature_enable_sram_interrupt" is enabled And the sbs server will trigger the "authorized" authz flow when called diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/SessionIndex.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/SessionIndex.feature index a8b9defc99..4b3af8d3f7 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/SessionIndex.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/SessionIndex.feature @@ -8,7 +8,7 @@ Feature: And no registered SPs And no registered Idps And an Identity Provider named "IP" - And an application named "SP" + And a Service Provider named "SP" Scenario: User logs in to SP, in that case the session index should be the assertion id And SP "SP" does not require consent diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/SignatureBypassVulnerability.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/SignatureBypassVulnerability.feature index 2756e3ef10..8a5642c3ec 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/SignatureBypassVulnerability.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/SignatureBypassVulnerability.feature @@ -8,7 +8,7 @@ Feature: And no registered SPs And no registered Idps And an Identity Provider named "IdP" - And an application named "SP" + And a Service Provider named "SP" Scenario: Throw an exception if the assertion signature is tampered with When I log in at "SP" diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/SingleSignOn.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/SingleSignOn.feature index 667c460874..770d871a23 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/SingleSignOn.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/SingleSignOn.feature @@ -9,8 +9,8 @@ Feature: And no registered Idps And an Identity Provider named "SSO-IdP" And an Identity Provider named "SSO-Foobar" - And an application named "SSO-SP" - And an application named "SSO-Foobar" + And a Service Provider named "SSO-SP" + And a Service Provider named "SSO-Foobar" Scenario: IdPs are allowed to create NameIDs When I log in at "SSO-SP" diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/SingleSignOnWithScoping.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/SingleSignOnWithScoping.feature index 6661a13b7f..8a5f15d9c9 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/SingleSignOnWithScoping.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/SingleSignOnWithScoping.feature @@ -11,8 +11,8 @@ Feature: And an Identity Provider named "IDP2" And an Identity Provider named "IDP3" And an Identity Provider named "IDP4" - And an application named "SP" - And an application named "remoteSP" + And a Service Provider named "SP" + And a Service Provider named "remoteSP" Scenario: The WAYF shows only allowed IDPs Given SP "SP" is not connected to IdP "IDP2" diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/SpProxy.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/SpProxy.feature index bd457bfd7c..59fd694f83 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/SpProxy.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/SpProxy.feature @@ -11,11 +11,11 @@ Feature: And an Identity Provider named "StepUpOnlyAuth" And an Identity Provider named "LoaOnlyAuth" And an Identity Provider named "CombinedAuth" - And an application named "Step Up" - And an application named "Loa SP" - And an application named "Far SP" - And an application named "Test SP" - And an application named "Second SP" + And a Service Provider named "Step Up" + And a Service Provider named "Loa SP" + And a Service Provider named "Far SP" + And a Service Provider named "Test SP" + And a Service Provider named "Second SP" And an unregistered application named "Unregistered SP" And SP "Far SP" is not connected to IdP "CombinedAuth" And SP "Far SP" is not connected to IdP "LoaOnlyAuth" diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/StatusCodes.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/StatusCodes.feature index b7ddd75a7b..155363d6c9 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/StatusCodes.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/StatusCodes.feature @@ -8,7 +8,7 @@ Feature: And no registered SPs And no registered Idps And an Identity Provider named "Dummy Idp" - And an application named "Dummy SP" + And a Service Provider named "Dummy SP" Scenario: Proxying exceeds the allowed ProxyCount in the AuthnRequest Given SP "Dummy SP" is configured to generate a AuthnRequest with a ProxyCount of 0 diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Stepup.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Stepup.feature index d27eae401a..ccb8d42c1d 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Stepup.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Stepup.feature @@ -8,10 +8,10 @@ Feature: And no registered SPs And no registered Idps And an Identity Provider named "SSO-IdP" - And an application named "SSO-SP" + And a Service Provider named "SSO-SP" And an Identity Provider named "Dummy-IdP" - And an application named "Dummy-SP" - And an application named "Proxy-SP" + And a Service Provider named "Dummy-SP" + And a Service Provider named "Proxy-SP" Scenario: Stepup authentication should be supported if set through SP configuration Given the SP "SSO-SP" requires Stepup LoA "http://dev.openconext.local/assurance/loa2" diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/StepupKeyRollover.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/StepupKeyRollover.feature index 82b6b21240..a2d476ea57 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/StepupKeyRollover.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/StepupKeyRollover.feature @@ -10,10 +10,10 @@ Feature: And no registered SPs And no registered Idps And an Identity Provider named "SSO-IdP" - And an application named "SSO-SP" + And a Service Provider named "SSO-SP" And an Identity Provider named "Dummy-IdP" - And an application named "Dummy-SP" - And an application named "Proxy-SP" + And a Service Provider named "Dummy-SP" + And a Service Provider named "Proxy-SP" Scenario: When stepup.sfo.override_engine_entityid is not configured, stepup/metadata should show default EntityId Given feature "eb.stepup.sfo.override_engine_entityid" is disabled diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/UnsolicitedSingleSignOn.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/UnsolicitedSingleSignOn.feature index d3e58d0cd5..986459f2ae 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/UnsolicitedSingleSignOn.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/UnsolicitedSingleSignOn.feature @@ -8,7 +8,7 @@ Feature: And no registered SPs And no registered Idps And an Identity Provider named "Dummy IdP" - And an application named "Dummy SP" + And a Service Provider named "Dummy SP" Scenario: An IdP can initiated a login When An IdP initiated Single Sign on for SP "Dummy SP" is triggered by IdP "Dummy IdP" diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/UnsolicitedSingleSignOnDisabled.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/UnsolicitedSingleSignOnDisabled.feature index e29feed875..9695966898 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/UnsolicitedSingleSignOnDisabled.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/UnsolicitedSingleSignOnDisabled.feature @@ -9,7 +9,7 @@ Feature: And no registered SPs And no registered Idps And an Identity Provider named "Dummy IdP" - And an application named "Dummy SP" + And a Service Provider named "Dummy SP" # The feature flag: eb.feature_enable_idp_initiated_flow can disable unsolicited login # EB Shows a 404 page in that case as the entire HTTP route is blocked in that case