diff --git a/.gitmodules b/.gitmodules new file mode 100644 index 0000000..7825c08 --- /dev/null +++ b/.gitmodules @@ -0,0 +1,15 @@ +[submodule "docker/jitsi/src"] + path = docker/jitsi/src + url = https://github.com/jitsi/docker-jitsi-meet.git +[submodule "docker/onlyoffice/src"] + path = docker/onlyoffice/src + url = https://github.com/aleho/onlyoffice-ce-docker-license.git +[submodule "docker/wordpress/src"] + path = docker/wordpress/src + url = https://github.com/nezhar/wordpress-docker-compose.git +[submodule "docker/moodle/src"] + path = docker/moodle/src + url = https://github.com/erseco/alpine-moodle.git +[submodule "docker/moodle/rootfs-php7"] + path = docker/moodle/rootfs-php7 + url = https://github.com/erseco/alpine-php7-webserver.git diff --git a/CREDITS.md b/CREDITS.md new file mode 100644 index 0000000..04ed756 --- /dev/null +++ b/CREDITS.md @@ -0,0 +1,30 @@ +[submodule "docker/nextcloud/src"] + path = docker/nextcloud/src + url = https://github.com/ONLYOFFICE/docker-onlyoffice-nextcloud + branch = master +[submodule "docker/jitsi/src"] + path = docker/jitsi/src + url = https://github.com/jitsi/docker-jitsi-meet.git + branch = master +[submodule "docker/cryptpad/src"] + path = docker/cryptpad/src + url = https://github.com/xwiki-labs/cryptpad-docker.git + branch = master +[submodule "docker/alpha-bbb/src"] + path = docker/alpha-bbb/src + url = https://github.com/bigbluebutton/docker.git +[submodule "docker/bbb/src"] + path = docker/bbb/src + url = https://github.com/alangecker/bigbluebutton-docker.git +[submodule "docker/onlyoffice_build/build_tools"] + path = docker/onlyoffice_build/build_tools + url = https://github.com/ONLYOFFICE/build_tools.git +[submodule "docker/onlyoffice/src"] + path = docker/onlyoffice/src + url = https://github.com/aleho/onlyoffice-ce-docker-license.git +[submodule "docker/wordpress/src"] + path = docker/wordpress/src + url = https://github.com/nezhar/wordpress-docker-compose.git +[submodule "docker/etherpad/src"] + path = docker/etherpad/src + url = https://github.com/Jamesits/docker-etherpad-lite diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..e41bb87 --- /dev/null +++ b/Makefile @@ -0,0 +1,82 @@ +#!make +include main.conf +export $(shell sed 's/=.*//' main.conf) + +VERSION := 0.0.1-rc0 +export VERSION + +BUILD_ROOT_PATH=$(shell pwd) + +#all: tidy gen test build docker +#.PHONY: all + +all: moodle nextcloud + cp main.conf .env + echo "BUILD_ROOT_PATH=$(BUILD_ROOT_PATH)" >> .env + cp .env docker/postgresql + cp .env docker/mariadb + cp .env docker/moodle + cp .env docker/nextcloud + cp .env docker/wordpress + docker-compose -f docker/moodle/moodle.yml \ + -f docker/nextcloud/nextcloud.yml \ + -f docker/wordpress/wordpress.yml \ + -f docker/redis/redis.yml \ + -f docker/postgresql/postgresql.yml \ + -f docker/mariadb/mariadb.yml \ + -f docker/network.yml \ + config > docker-compose.yml + +environment: + cp main.conf .env + echo "BUILD_ROOT_PATH=$(BUILD_ROOT_PATH)" >> .env + cp .env docker/postgresql +# cp .env docker/ +# . ./.env + +moodle: environment + cp .env docker/moodle + docker-compose -f docker/moodle/moodle.yml \ + -f docker/postgresql/postgresql.yml \ + -f docker/network.yml \ + config > docker-compose.moodle.yml + +nextcloud: environment + cp .env docker/nextcloud + cp .env docker/redis + docker-compose -f docker/nextcloud/nextcloud.yml \ + -f docker/postgresql/postgresql.yml \ + -f docker/redis/redis.yml \ + -f docker/network.yml \ + config > docker-compose.nextcloud.yml + +wordpress: environment + cp .env docker/wordpress + docker-compose -f docker/wordpress/wordpress.yml \ + -f docker/mariadb/mariadb.yml \ + -f docker/network.yml \ + config > docker-compose.wordpress.yml + +init-dbs: environment + MOODLE="\set AUTOCOMMIT on\n; \ + CREATE USER $(MOODLE_POSTGRES_USER) SUPERUSER PASSWORD '$(MOODLE_POSTGRES_PASSWORD)'; \ + CREATE DATABASE moodle; \ + GRANT ALL PRIVILEGES ON DATABASE moodle TO $(MOODLE_POSTGRES_USER);" + docker-compose exec isard-apps-postgresql psql -v ON_ERROR_STOP=1 \ + --username $(POSTGRES_USER) <<-EOSQL $(MOODLE) EOSQL + +remove-moodle-db: environment + docker-compose exec isard-apps-postgresql psql -v ON_ERROR_STOP=1 \ + --username $(POSTGRES_USER) -c "\set AUTOCOMMIT on\n; \ + DROP DATABASE moodle;" + +reset-nextcloud: environment + docker-compose stop isard-apps-nextcloud-nginx isard-apps-nextcloud-app + rm -rf /opt/isard-office/nextcloud + docker-compose exec isard-apps-postgresql psql -v ON_ERROR_STOP=1 \ + --username $(POSTGRES_USER) -c "\set AUTOCOMMIT on\n; \ + DROP DATABASE nextcloud; \ + CREATE USER $(NEXTCLOUD_POSTGRES_USER) SUPERUSER PASSWORD '$(NEXTCLOUD_POSTGRES_PASSWORD)'; \ + CREATE DATABASE nextcloud; \ + GRANT ALL PRIVILEGES ON DATABASE nextcloud TO $(NEXTCLOUD_POSTGRES_USER);" + docker-compose up -d isard-apps-nextcloud-nginx isard-apps-nextcloud-app \ No newline at end of file diff --git a/SAML_README.md b/SAML_README.md new file mode 100644 index 0000000..2592add --- /dev/null +++ b/SAML_README.md @@ -0,0 +1,249 @@ +# KEYCLOAK + +## Create sample users + +1. https://sso. + +# Moodle + +1. Activate SAML2 plugin +2. Regenerate SP certificate: https://moodle./auth/saml2/regenerate.php +3. Download SAML2 Service Provider xml: https://moodle./auth/saml2/sp/metadata.php +4. Import this SP in keycloak IDP: https://sso./auth/admin/master/console/#/create/client/poc +5. Add builtin email, givenname and surname field mappers (https://sso./auth/admin/master/console/#/realms/poc/clients/b7781aac-5aa5-441a-8af5-aca7cc0a1daf/mappers) +6. Copy keycloak SAML IDP xml data (https://sso./auth/realms/poc/protocol/saml/descriptor) to moodle (IdP metadata xml OR public xml URL: https://moodle./admin/settings.php?section=authsettingsaml2). Note that you should copy it from a text editor, not the content from the browser view! + +## Configuration + +- Auto create users: Yes +- Role Mapping: Configure the same roles you created in keycloak for users (administratos, course creators and managers) +- Mapping idP: username +- Data mapping: (with this fields moodle will skip user profile fill as this three are the only required) + - Name: givenName + - Surname(s): sn + - Email: email +- Dual login: No + - This will redirect moodle login automatically to keycloak login. To access as local moodle admin add to url: /login/index.php?saml=off + +At keycloak side create a basic user property 'username' for this client mappers. + +## Fields returned from keycloak + +Authed! + +array(3) { + ["sn"]=> + array(1) { + [0]=> + string(5) "admin" + } + ["givenName"]=> + array(1) { + [0]=> + string(5) "admin" + } + ["Role"]=> + array(6) { + [0]=> + string(20) "manage-account-links" + [1]=> + string(12) "view-profile" + [2]=> + string(6) "admins" + [3]=> + string(14) "offline_access"https://github.com/bigbluebutton/bigbluebutton/issues/9406 + [4]=> + string(17) "uma_authorization" + [5]=> + string(14) "manage-account" + } +} +IdP: https://sso./auth/realms/poc + +Groups could be added by adding the correct mapping in keycloak moodle client? + +## SAML2 Plugin development environment + +All this have to be done as the image doesn't let html external folder mounted as volume (image doesn't use root) + +1. Start isard-apps-moodle docker with default config. Wait for moodle to be ready. +2. Enter docker and copy html to external folder: + 1. docker exec -ti isard-apps-moodle /bin/sh + 2. cd /var/www/html + 3. mkdir /var/www/moodledata/html + 4. cp -R . /var/www/moodledata/html + +Now you open two terminals: + +- docker exec -ti isard-apps-moodle /bin/sh +- docker logs isard-apps-moodle --follow + +You can edit saml2 plugin from host (/opt/isard-office/moodle/data/html/auth/saml2) and copy it to the current html folder: + +- /var/www/html/auth/saml2 $ cp -R /var/www/moodledata/html/auth/saml2/* . + +When you finish developing get the new plugin code into a zip and in the correct src folder: + +- cd ${DATA_FOLDER}/moodle/data/html/auth/ && zip -r /isard-office/docker/moodle/plugins/auth_saml2.zip saml2 + +## SAML2 Plugin src + +The modified source files are: + +- auth.php (lines 570 to 595, sync_roles call added) +- locallib.php (function sync_roles) + +Also the common plugin setup fields and lang strings: + +- settings.php (lines 314 to 333) +- lang/en/auth_saml2.php (lines 24 to 29) + + + +# NEXTCLOUD + +TODO: Does not map email nor friendlyname (display name). Also not tested to add quota field in keycloak and map it to nextcloud. + +(guide: https://janikvonrotz.ch/2020/04/21/configure-saml-authentication-for-nextcloud-with-keycloack/) + +1. Get keycloak realm RSA Certificate (not public key): https://sso./auth/admin/master/console/#/realms/poc/keys +2. Generate Nextcloud SP keys: openssl req -nodes -new -x509 -keyout private.key -out public.cert +3. Install saml plugin. Select integrated configuration at first config page. +4. Configure at: https://nextcloud./settings/admin/saml + 1. General + 1. Attribute to map de UID to.: username + 2. Optioinal display name...: anything + 2. Service Provider Data + 1. x509: public.key (generated before) + 2. Private key: private.key (generated before) + 3. Identity Provider Data + 1. Identifier of the IdP: https://sso./auth/realms/poc + 2. URL target of the IdP: https://sso./auth/realms/poc/protocol/saml + 3. URL Location of the IdP SLO request: https://sso./auth/realms/poc/protocol/saml + 4. Public X.509 certificate: (The RSA Certificate from keycloak at step 1). + 4. Attribute mapping + 1. email: email + 2. user groups: Role + 5. Security Settings (check only this) + 1. Signatures and encryption offered + 1. AuthnRequest + 2. logoutRequest + 3. logoutResponse + 2. Signatures and encryption required + 1. Response + 2. Assertion [Metadata of the SP will offer this info] + +Now click at Download metadata XML and upload to Keycloak new client. + +1. Add Client + 1. Client SAML Endpoint: https://sso./auth/realms/poc +2. Mappers [[ ONLY USERNAME and ROLES WORKING. Nextcloud doesn't get email]] + 1. Name: `username` + Mapper Type: *User Property* + Property: `username` + Friendly Name: `username` + SAML Attribute Name: `username` + SAML Attribute NameFormat: *Basic* + 2. Add builtins:Name: `email` + Mapper Type: *User Property* + Property: `email` + Friendly Name: `email` + SAML Attribute Name: `email` + SAML Attribute NameFormat: *Basic* + 3. Name: `roles` + Mapper Type: *Role List* + Role attribute name: `Roles` + Friendly Name: `Roles` + SAML Attribute NameFormat: *Basic* + Single Role Attribute: *On* + +[Not needed?] +This is in left menú Client Scopes + +In addition the *Single Role Attribute* option needs to be enabled in a different section. Navigate to *Configure > Client scopes > role_list > Mappers > role_list* and toggle the *Single Role Attribute* to *On*. + +https://sso./auth/admin/master/console/#/realms/poc/client-scopes/4d5db543-f636-44d4-b250-c7fa902ab454/mappers/83dff066-9ecc-4785-8a56-b83373f1c9d2 + + + +https://nextcloud./login?direct=1 + +## Debug + +Edit /opt/isard-office/nextcloud/html/config/config.php + + true, + +# Big Blue Button + +TODO: + +- Audio fails with docker in iptables=false and managed by firewalld in masquerade mode. This is due to coturn that doesn't like being behind nat. +- Firewalld + BBB: As BBB will 'take' the host interface we should: + - Remove /etc/docker/daemon.json the iptables: false + - firewall-cmd --zone=public --remove-interface=docker0 --permanent + - firewall-cmd --zone=docker --add-interface=docker0 --permanent + - Now the docker applies iptables as per container. Note that we don't have control over this from now on. +- Scalelite +- Script creation of base debian with virt-install and then replicate BBBs (partially done) + +## WORDPRESS +Client Id in keycloak has to be 'php-saml' if not set at wordpress saml plugin. + +1. Install OneLogin SAML plugin +2. STATUS + 1. Enable +3. IDENTITY PROVIDER SETTINGS + 1. iDp ENTITY ID: Anything you want + 1. SSO Service Url: https://sso.digitaldemocratic.net/auth/realms/poc/protocol/saml + 2. SLO Service Url: https://sso.digitaldemocratic.net/auth/realms/poc/protocol/saml + 3. X.509 Certificate: Copy the Certificate (not the Public key) from the keycloak realm (https://sso.digitaldemocratic.net/auth/admin/master/console/#/realms/poc/keys) without the begin/end lines in the cert. +4. OPTIONS + 1. Create user if not exists + 2. Update user data + 3. Force SAML login (wait till the plugin is working. We need a way to login as admin again!) + 4. Single Log Out + 5. Match Wordpress account by: username ??? +5. ATTRIBUTE MAPPING + 1. Username: username + 2. Email: email + 4. First Name: givenName + 5. Last Name: sn + 6. Role: Role +6. ROLE MAPPING + 1. Administrator: admins + 2. Editor: managers + 3. Author: coursecreators + ... + 4. Multiple role values...: true +7. CUSTOMIZE ACTIONS AND LINKS + 1. Stay in WordPress after SLO +8. ADVANCED SETTINGS + 1. Sign AuthnRequest + 2. Sign LogoutRequest + 3. Sign LogoutResponse + 4. Service Provider X.509 Certificate & Service Provider Private Key: Generate both and paste it without the begin/end lines: + openssl req -nodes -new -x509 -keyout private.key -out public.cert + +9. Download Service Provider metadata from top and add it to keycloak +10. Keycloak client mappers: + 1. Name: `username` + Mapper Type: *User Property* + Property: `username` + Friendly Name: `username` + SAML Attribute Name: `username` + SAML Attribute NameFormat: *Basic* + 2. Add builtins:Name: `email` + Mapper Type: *User Property* + Property: `email` + Friendly Name: `email` + SAML Attribute Name: `email` + SAML Attribute NameFormat: *Basic* + 3. Name: `roles` + Mapper Type: *Role List* + Role attribute name: `Roles` + Friendly Name: `Roles` + SAML Attribute NameFormat: *Basic* + Single Role Attribute: *On* \ No newline at end of file diff --git a/UPGRADE_BACKUPS.md b/UPGRADE_BACKUPS.md new file mode 100644 index 0000000..2f977e4 --- /dev/null +++ b/UPGRADE_BACKUPS.md @@ -0,0 +1,15 @@ +How To Upgrade bbb-docker +Backup + +if you use greenlight, create a database backup first + +docker exec -t docker_postgres_1 pg_dumpall -c -U postgres > /root/greenlight_`date +%d-%m-%Y"_"%H_%M_%S`.sql + +Upgrading + +# upgrade! +./scripts/upgrade + +# restart updated services +./scripts/compose up -d + diff --git a/backups/automated.yml b/backups/automated.yml new file mode 100644 index 0000000..03d5061 --- /dev/null +++ b/backups/automated.yml @@ -0,0 +1,21 @@ + pgbackups: + container_name: Backup + image: prodrigestivill/postgres-backup-local + restart: always + volumes: + - ./backup:/backups + links: + - db:db + depends_on: + - db + environment: + - POSTGRES_HOST=db + - POSTGRES_DB=${DB_NAME} + - POSTGRES_USER=${DB_USER} + - POSTGRES_PASSWORD=${DB_PASSWORD} + - POSTGRES_EXTRA_OPTS=-Z9 --schema=public --blobs + - SCHEDULE=@every 0h30m00s + - BACKUP_KEEP_DAYS=7 + - BACKUP_KEEP_WEEKS=4 + - BACKUP_KEEP_MONTHS=6 + - HEALTHCHECK_PORT=81 diff --git a/backups/dump_database.sh b/backups/dump_database.sh new file mode 100644 index 0000000..ea9372a --- /dev/null +++ b/backups/dump_database.sh @@ -0,0 +1,2 @@ +#docker exec -t isard-apps-postgresql pg_dumpall -c -U admin > dump_`date +%d-%m-%Y"_"%H_%M_%S`.sql +docker exec -t isard-apps-postgresql pg_dumpall -c -U admin | gzip > ./dump_$(date +"%Y-%m-%d_%H_%M_%S").gz diff --git a/backups/reset_nextcloud.sh b/backups/reset_nextcloud.sh new file mode 100644 index 0000000..427543f --- /dev/null +++ b/backups/reset_nextcloud.sh @@ -0,0 +1,10 @@ +cp ../.env . +source .env +docker-compose stop isard-apps-nextcloud-app +docker rm isard-apps-nextcloud-app +rm -rf /opt/isard-office/nextcloud + +echo "DROP DATABASE nextcloud;" | docker exec -i isard-apps-postgresql psql -U admin +docker-compose up -d isard-apps-nextcloud-app +docker-compose restart isard-apps-nextcloud-nginx +docker logs isard-apps-nextcloud-app --follow diff --git a/backups/reset_wordpress.sh b/backups/reset_wordpress.sh new file mode 100644 index 0000000..77327ca --- /dev/null +++ b/backups/reset_wordpress.sh @@ -0,0 +1,9 @@ +cp ../.env . +source .env +docker-compose stop isard-apps-wordpress +docker rm isard-apps-wordpress +rm -rf /opt/isard-office/wordpress +echo "DROP DATABASE wordpress;" | docker exec -i isard-apps-postgresql psql -U admin +docker-compose up -d isard-apps-wordpress +docker-compose restart isard-apps-wordress-cli +docker logs isard-apps-wordpress --follow diff --git a/backups/restore_database.sh b/backups/restore_database.sh new file mode 100644 index 0000000..4002fe1 --- /dev/null +++ b/backups/restore_database.sh @@ -0,0 +1 @@ +gunzip < $1 | docker exec -i isard-apps-postgresql psql -U admin -d $2 diff --git a/config/nextcloud/nextcloud_config_20210308.json b/config/nextcloud/nextcloud_config_20210308.json new file mode 100644 index 0000000..3e2583e --- /dev/null +++ b/config/nextcloud/nextcloud_config_20210308.json @@ -0,0 +1,356 @@ +{ + "system": { + "memcache.local": "\\OC\\Memcache\\APCu", + "apps_paths": [ + { + "path": "\/var\/www\/html\/apps", + "url": "\/apps", + "writable": false + }, + { + "path": "\/var\/www\/html\/custom_apps", + "url": "\/custom_apps", + "writable": true + } + ], + "memcache.distributed": "\\OC\\Memcache\\Redis", + "memcache.locking": "\\OC\\Memcache\\Redis", + "redis": { + "host": "***REMOVED SENSITIVE VALUE***", + "password": "***REMOVED SENSITIVE VALUE***", + "port": 6379 + }, + "instanceid": "***REMOVED SENSITIVE VALUE***", + "passwordsalt": "***REMOVED SENSITIVE VALUE***", + "secret": "***REMOVED SENSITIVE VALUE***", + "trusted_domains": [ + "nextcloud.pilotescola.digital" + ], + "datadirectory": "***REMOVED SENSITIVE VALUE***", + "dbtype": "pgsql", + "version": "21.0.0.18", + "overwrite.cli.url": "http:\/\/nextcloud.pilotescola.digital", + "dbname": "***REMOVED SENSITIVE VALUE***", + "dbhost": "***REMOVED SENSITIVE VALUE***", + "dbport": "", + "dbtableprefix": "oc_", + "dbuser": "***REMOVED SENSITIVE VALUE***", + "dbpassword": "***REMOVED SENSITIVE VALUE***", + "installed": true, + "social_login_auto_redirect": { + "true": "" + } + }, + "apps": { + "accessibility": { + "installed_version": "1.7.0", + "types": "", + "enabled": "yes" + }, + "activity": { + "installed_version": "2.14.3", + "types": "filesystem", + "enabled": "yes" + }, + "backgroundjob": { + "lastjob": "4" + }, + "cloud_federation_api": { + "installed_version": "1.4.0", + "types": "filesystem", + "enabled": "yes" + }, + "comments": { + "installed_version": "1.11.0", + "types": "logging", + "enabled": "yes" + }, + "contactsinteraction": { + "installed_version": "1.2.0", + "types": "dav", + "enabled": "yes" + }, + "core": { + "installedat": "1615010342.9981", + "lastupdatedat": "1615010343.0019", + "vendor": "nextcloud", + "public_files": "files_sharing\/public.php", + "public_webdav": "dav\/appinfo\/v1\/publicwebdav.php", + "oc.integritycheck.checker": "[]", + "theming.variables": "f3a92c4470217703115df3cc11d2f273", + "backgroundjobs_mode": "cron", + "lastcron": "1615011723" + }, + "dashboard": { + "installed_version": "7.1.0", + "types": "", + "enabled": "yes" + }, + "dav": { + "installed_version": "1.17.1", + "types": "filesystem", + "enabled": "yes" + }, + "external": { + "installed_version": "3.8.1", + "types": "", + "sites": "***REMOVED SENSITIVE VALUE***", + "max_site": "1", + "enabled": "no" + }, + "federatedfilesharing": { + "installed_version": "1.11.0", + "types": "", + "enabled": "yes" + }, + "federation": { + "installed_version": "1.11.0", + "types": "authentication", + "enabled": "yes" + }, + "files": { + "installed_version": "1.16.0", + "types": "filesystem", + "enabled": "yes" + }, + "files_pdfviewer": { + "installed_version": "2.1.0", + "types": "", + "enabled": "yes" + }, + "files_rightclick": { + "installed_version": "1.0.0", + "types": "", + "enabled": "yes" + }, + "files_sharing": { + "installed_version": "1.13.1", + "types": "filesystem", + "enabled": "yes" + }, + "files_trashbin": { + "installed_version": "1.11.0", + "types": "filesystem,dav", + "enabled": "yes" + }, + "files_versions": { + "installed_version": "1.14.0", + "types": "filesystem,dav", + "enabled": "yes" + }, + "files_videoplayer": { + "installed_version": "1.10.0", + "types": "", + "enabled": "yes" + }, + "firstrunwizard": { + "installed_version": "2.10.0", + "types": "logging", + "enabled": "yes" + }, + "hidesidebars": { + "installed_version": "1.1.0", + "types": "", + "enabled": "yes" + }, + "logreader": { + "installed_version": "2.6.0", + "types": "", + "enabled": "yes" + }, + "lookup_server_connector": { + "installed_version": "1.9.0", + "types": "authentication", + "enabled": "yes" + }, + "mail": { + "installed_version": "1.9.1", + "types": "", + "enabled": "yes" + }, + "nextcloud_announcements": { + "installed_version": "1.10.0", + "types": "logging", + "enabled": "yes" + }, + "notifications": { + "installed_version": "2.9.0", + "types": "logging", + "enabled": "yes" + }, + "oauth2": { + "installed_version": "1.9.0", + "types": "authentication", + "enabled": "yes" + }, + "oidc_login": { + "installed_version": "1.7.1", + "types": "", + "enabled": "no" + }, + "password_policy": { + "installed_version": "1.11.0", + "types": "authentication", + "enabled": "yes" + }, + "photos": { + "installed_version": "1.3.0", + "types": "", + "enabled": "yes" + }, + "privacy": { + "installed_version": "1.5.0", + "types": "", + "enabled": "yes" + }, + "provisioning_api": { + "installed_version": "1.11.0", + "types": "prevent_group_restriction", + "enabled": "yes" + }, + "recommendations": { + "installed_version": "1.0.0", + "types": "", + "enabled": "yes" + }, + "serverinfo": { + "installed_version": "1.11.0", + "types": "", + "enabled": "yes" + }, + "settings": { + "installed_version": "1.3.0", + "types": "", + "enabled": "yes" + }, + "sharebymail": { + "installed_version": "1.11.0", + "types": "filesystem", + "enabled": "yes" + }, + "side_menu": { + "installed_version": "1.23.1", + "types": "", + "enabled": "yes", + "cache-categories": "[{\"id\":\"customization\",\"translations\":{\"km\":{\"name\":\"Customization\",\"description\":\"Themes, layout and UX change apps\"},\"kn\":{\"name\":\"Customization\",\"description\":\"Themes, layout and UX change apps\"},\"ko\":{\"name\":\"\\uc0ac\\uc6a9\\uc790 \\uc815\\uc758\",\"description\":\"\\ud14c\\ub9c8, \\ub808\\uc774\\uc544\\uc6c3, UX\\ub97c \\ubcc0\\uacbd\\ud558\\ub294 \\uc571\"},\"lb\":{\"name\":\"Customization\",\"description\":\"Themes, layout and UX change apps\"},\"lt\":{\"name\":\"Tinkinimas\",\"description\":\"Apipavidalinimai, i\\u0161d\\u0117stymas ir naudotojo patyrimo keitimo program\\u0117l\\u0117s\"},\"lv\":{\"name\":\"Customization\",\"description\":\"Themes, layout and UX change apps\"},\"mk\":{\"name\":\"Customization\",\"description\":\"Themes, layout and UX change apps\"},\"ml\":{\"name\":\"Customization\",\"description\":\"Themes, layout and UX change apps\"},\"mn\":{\"name\":\"Customization\",\"description\":\"Themes, layout and UX change apps\"},\"mr\":{\"name\":\"Customization\",\"description\":\"Themes, layout and UX change apps\"},\"my\":{\"name\":\"Customization\",\"description\":\"Themes, layout and UX change apps\"},\"nb\":{\"name\":\"Tilpasning\",\"description\":\"Apper for \\u00e5 endre tema, utseende og brukeropplevelse\"},\"ne\":{\"name\":\"Customization\",\"description\":\"Themes, layout and UX change apps\"},\"nl\":{\"name\":\"Maatwerk\",\"description\":\"Thema's, layout en UX aanpassingsapps\"},\"nn\":{\"name\":\"Customization\",\"description\":\"Themes, layout and UX change apps\"},\"os\":{\"name\":\"Customization\",\"description\":\"Themes, layout and UX change apps\"},\"pa\":{\"name\":\"Customization\",\"description\":\"Themes, layout and UX change apps\"},\"pl\":{\"name\":\"Dostosowywanie\",\"description\":\"Style, wygl\\u0105d i zmniany UX\"},\"pt\":{\"name\":\"Personalizar\",\"description\":\"Temas, disposi\\u00e7\\u00e3o e aplica\\u00e7\\u00f5es de altera\\u00e7\\u00e3o de UX\"},\"pt-br\":{\"name\":\"Personaliza\\u00e7\\u00e3o\",\"description\":\"Aplicativos para mudar Temas, layout e UX \"},\"ro\":{\"name\":\"Customization\",\"description\":\"Themes, layout and UX change apps\"},\"ru\":{\"name\":\"\\u041d\\u0430\\u0441\\u0442\\u0440\\u043e\\u0439\\u043a\\u0430\",\"description\":\"\\u0422\\u0435\\u043c\\u044b, \\u0440\\u0430\\u0441\\u043a\\u043b\\u0430\\u0434\\u043a\\u0438 \\u0438 \\u043f\\u0440\\u0438\\u043b\\u043e\\u0436\\u0435\\u043d\\u0438\\u044f \\u0434\\u043b\\u044f \\u0438\\u0437\\u043c\\u0435\\u043d\\u0435\\u043d\\u0438\\u044f \\u0438\\u043d\\u0442\\u0435\\u0440\\u0444\\u0435\\u0439\\u0441\\u0430\"},\"sk\":{\"name\":\"Prisp\\u00f4sobenie\",\"description\":\"T\\u00e9my, rozlo\\u017eenia a zmeny UX aplik\\u00e1ci\\u00ed\"},\"sl\":{\"name\":\"Prilagajanje sistema\",\"description\":\"Teme, razporeditve in spremembe vmesnika\"},\"sq\":{\"name\":\"P\\u00ebrshtatje\",\"description\":\"Temat, pamja dhe Nd\\u00ebrfaqja e P\\u00ebrdoruesit ndryshojn\\u00eb aplikacionet\"},\"sr\":{\"name\":\"\\u041f\\u0440\\u0438\\u043b\\u0430\\u0433\\u043e\\u0452\\u0430\\u0432\\u0430\\u045a\\u0435\",\"description\":\"\\u0422\\u0435\\u043c\\u0435, \\u0440\\u0430\\u0441\\u043f\\u043e\\u0440\\u0435\\u0434 \\u0435\\u043b\\u0435\\u043c\\u0435\\u043d\\u0430\\u0442\\u0430 \\u0438 \\u0430\\u043f\\u043b\\u0438\\u043a\\u0430\\u0446\\u0438\\u0458\\u0435 \\u043a\\u043e\\u0458\\u0435 \\u043c\\u0435\\u045a\\u0430\\u0458\\u0443 \\u043a\\u043e\\u0440\\u0438\\u0441\\u043d\\u0438\\u0447\\u043a\\u0438 \\u0438\\u043d\\u0442\\u0435\\u0440\\u0444\\u0435\\u0458\\u0441\"},\"sr-latn\":{\"name\":\"\\u041f\\u0440\\u0438\\u043b\\u0430\\u0433\\u043e\\u0452\\u0430\\u0432\\u0430\\u045a\\u0435\",\"description\":\"\\u0422\\u0435\\u043c\\u0435, \\u0440\\u0430\\u0441\\u043f\\u043e\\u0440\\u0435\\u0434 \\u0435\\u043b\\u0435\\u043c\\u0435\\u043d\\u0430\\u0442\\u0430 \\u0438 \\u0430\\u043f\\u043b\\u0438\\u043a\\u0430\\u0446\\u0438\\u0458\\u0435 \\u043a\\u043e\\u0458\\u0435 \\u043c\\u0435\\u045a\\u0430\\u0458\\u0443 \\u043a\\u043e\\u0440\\u0438\\u0441\\u043d\\u0438\\u0447\\u043a\\u0438 \\u0438\\u043d\\u0442\\u0435\\u0440\\u0444\\u0435\\u0458\\u0441\"},\"gd\":{\"name\":\"Customization\",\"description\":\"Themes, layout and UX change apps\"},\"af\":{\"name\":\"Customization\",\"description\":\"Themes, layout and UX change apps\"},\"ar\":{\"name\":\"Customization\",\"description\":\"Themes, layout and UX change apps\"},\"ast\":{\"name\":\"Customization\",\"description\":\"Themes, layout and UX change apps\"},\"az\":{\"name\":\"Customization\",\"description\":\"Themes, layout and UX change apps\"},\"bg\":{\"name\":\"Customization\",\"description\":\"Themes, layout and UX change apps\"},\"be\":{\"name\":\"Customization\",\"description\":\"Themes, layout and UX change apps\"},\"bn\":{\"name\":\"Customization\",\"description\":\"Themes, layout and UX change apps\"},\"br\":{\"name\":\"Customization\",\"description\":\"Themes, layout and UX change apps\"},\"bs\":{\"name\":\"Customization\",\"description\":\"Themes, layout and UX change apps\"},\"ca\":{\"name\":\"Personalitzaci\\u00f3\",\"description\":\"Temes, disposici\\u00f3 i apps de canvi d\\u2019UX\"},\"cs\":{\"name\":\"P\\u0159izp\\u016fsoben\\u00ed\",\"description\":\"Motivy vzhledu, sch\\u00e9mata rozvr\\u017een\\u00ed a aplikace m\\u011bn\\u00edc\\u00ed dojem z pou\\u017e\\u00edv\\u00e1n\\u00ed u\\u017eivatelsk\\u00e9ho rozhran\\u00ed\"},\"cy\":{\"name\":\"Customization\",\"description\":\"Themes, layout and UX change apps\"},\"da\":{\"name\":\"Tilpasning\",\"description\":\"Apps til at \\u00e6ndre temaer, layout og UX\"},\"de\":{\"name\":\"Anpassung\",\"description\":\"Apps zur \\u00c4nderung von Design, Layout und Benutzererfahrung\"},\"dsb\":{\"name\":\"Customization\",\"description\":\"Themes, layout and UX change apps\"},\"el\":{\"name\":\"\\u03a0\\u03c1\\u03bf\\u03c3\\u03b1\\u03c1\\u03bc\\u03bf\\u03b3\\u03ae\",\"description\":\"\\u0395\\u03c6\\u03b1\\u03c1\\u03bc\\u03bf\\u03b3\\u03ad\\u03c2 \\u03b1\\u03bb\\u03bb\\u03b1\\u03b3\\u03ae\\u03c2 \\u03b8\\u03ad\\u03bc\\u03b1\\u03c4\\u03bf\\u03c2, \\u03b4\\u03b9\\u03ac\\u03c4\\u03b1\\u03be\\u03b7\\u03c2 \\u03ba\\u03b1\\u03b9 UX\"},\"eo\":{\"name\":\"Adaptado\",\"description\":\"Etosoj, aspekto kaj fasonado\"},\"es\":{\"name\":\"Personalizaci\\u00f3n\",\"description\":\"Apps de temas, apariencia y cambio de interfaz\"},\"es-ar\":{\"name\":\"Personalizaci\\u00f3n\",\"description\":\"Los temas, la disposici\\u00f3n y UX cambian las aplicaciones\"},\"es-co\":{\"name\":\"Personalizaci\\u00f3n\",\"description\":\"Los temas, la disposici\\u00f3n y UX cambian las aplicaciones\"},\"es-mx\":{\"name\":\"Personalizaci\\u00f3n\",\"description\":\"Los temas, la disposici\\u00f3n y UX cambian las aplicaciones\"},\"es-ni\":{\"name\":\"Personalizaci\\u00f3n\",\"description\":\"Los temas, la disposici\\u00f3n y UX cambian las aplicaciones\"},\"es-ve\":{\"name\":\"Personalizaci\\u00f3n\",\"description\":\"Apps de temas, apariencia y cambio de interfaz\"},\"et\":{\"name\":\"Customization\",\"description\":\"Themes, layout and UX change apps\"},\"eu\":{\"name\":\"Pertsonalizazioa\",\"description\":\"Gaiak, diseinua eta UX aldaketentzako app-ak\"},\"fa\":{\"name\":\"\\u0633\\u0641\\u0627\\u0631\\u0634\\u06cc \\u0633\\u0627\\u0632\\u06cc\",\"description\":\"\\u0628\\u0631\\u0646\\u0627\\u0645\\u0647 \\u0647\\u0627 \\u060c \\u0637\\u0631\\u062d \\u0628\\u0646\\u062f\\u06cc \\u0648 \\u0628\\u0631\\u0646\\u0627\\u0645\\u0647 \\u0647\\u0627\\u06cc \\u062a\\u063a\\u06cc\\u06cc\\u0631 UX\"},\"en\":{\"name\":\"Customization\",\"description\":\"Themes, layout and UX change apps\"},\"it\":{\"name\":\"Personalizzazione\",\"description\":\"Applicazioni di temi, modifiche della disposizione e UX\"},\"ja\":{\"name\":\"\\u30ab\\u30b9\\u30bf\\u30de\\u30a4\\u30ba\",\"description\":\"\\u30a2\\u30d7\\u30ea\\u306e\\u30c6\\u30fc\\u30de\\u3001\\u30ec\\u30a4\\u30a2\\u30a6\\u30c8\\u3001UX\\u5909\\u66f4\"},\"ka\":{\"name\":\"\\u10de\\u10d4\\u10e0\\u10e1\\u10dd\\u10dc\\u10d0\\u10da\\u10d8\\u10d6\\u10d0\\u10ea\\u10d8\\u10d0\",\"description\":\"\\u10d5\\u10d8\\u10d6\\u10e3\\u10d0\\u10da\\u10e3\\u10e0\\u10d8 \\u10d7\\u10d4\\u10db\\u10d4\\u10d1\\u10d8, \\u10db\\u10d0\\u10d9\\u10d4\\u10e2\\u10d8 \\u10d3\\u10d0 UX \\u10ea\\u10d5\\u10da\\u10d8\\u10da\\u10d4\\u10d1\\u10d8\\u10e1 \\u10d0\\u10de\\u10da\\u10d8\\u10d9\\u10d0\\u10ea\\u10d8\\u10d4\\u10d1\\u10d8\"},\"sv\":{\"name\":\"Anpassa\",\"description\":\"Tema, layout och UX-\\u00e4ndringsappar\"},\"sw\":{\"name\":\"Customization\",\"description\":\"Themes, layout and UX change apps\"},\"ta\":{\"name\":\"Customization\",\"description\":\"Themes, layout and UX change apps\"},\"te\":{\"name\":\"Customization\",\"description\":\"Themes, layout and UX change apps\"},\"th\":{\"name\":\"Customization\",\"description\":\"Themes, layout and UX change apps\"},\"tr\":{\"name\":\"Uyarlama\",\"description\":\"Temalar, g\\u00f6r\\u00fcn\\u00fcm ve kullan\\u0131c\\u0131 aray\\u00fcz\\u00fcn\\u00fc de\\u011fi\\u015ftiren uygulamalar\"},\"tt\":{\"name\":\"Customization\",\"description\":\"Themes, layout and UX change apps\"},\"udm\":{\"name\":\"Customization\",\"description\":\"Themes, layout and UX change apps\"},\"uk\":{\"name\":\"Customization\",\"description\":\"Themes, layout and UX change apps\"},\"ur\":{\"name\":\"Customization\",\"description\":\"Themes, layout and UX change apps\"},\"vi\":{\"name\":\"C\\u00e1 nh\\u00e2n h\\u00f3a\",\"description\":\"C\\u00e1c \\u1ee9ng d\\u1ee5ng Ch\\u1ee7 \\u0111\\u1ec1, b\\u1ed1 c\\u1ee5c v\\u00e0 thay \\u0111\\u1ed5i tr\\u1ea3i nghi\\u1ec7m ng\\u01b0\\u1eddi d\\u00f9ng\"},\"zh-hans\":{\"name\":\"Customization\",\"description\":\"Themes, layout and UX change apps\"},\"zh-hant\":{\"name\":\"Customization\",\"description\":\"Themes, layout and UX change apps\"},\"kab\":{\"name\":\"Customization\",\"description\":\"Themes, layout and UX change apps\"},\"kk\":{\"name\":\"Customization\",\"description\":\"Themes, layout and UX change apps\"},\"fi\":{\"name\":\"Mukautus\",\"description\":\"Teemat, asettelu ja k\\u00e4ytt\\u00e4j\\u00e4kokemusta muuttavat sovellukset\"},\"fr\":{\"name\":\"Personnalisation\",\"description\":\"Th\\u00e8mes et applications modifiant le style et l'exp\\u00e9rience utilisateur\"},\"fy\":{\"name\":\"Customization\",\"description\":\"Themes, layout and UX change apps\"},\"ga\":{\"name\":\"Customization\",\"description\":\"Themes, layout and UX change apps\"},\"gl\":{\"name\":\"Personalizaci\\u00f3n\",\"description\":\"Aplicaci\\u00f3ns de temas, aparencia e cambio de interface\"},\"he\":{\"name\":\"\\u05d4\\u05ea\\u05d0\\u05de\\u05d4 \\u05d0\\u05d9\\u05e9\\u05d9\\u05ea\",\"description\":\"\\u05d9\\u05d9\\u05e9\\u05d5\\u05de\\u05d5\\u05e0\\u05d9 \\u05e2\\u05e8\\u05db\\u05d5\\u05ea \\u05e2\\u05d9\\u05e6\\u05d5\\u05d1, \\u05e4\\u05e8\\u05d9\\u05e1\\u05d4 \\u05d5\\u05e9\\u05d9\\u05e0\\u05d5\\u05d9\\u05d9 \\u05d7\\u05d5\\u05d5\\u05d9\\u05d9\\u05ea \\u05de\\u05e9\\u05ea\\u05de\\u05e9\"},\"hi\":{\"name\":\"Customization\",\"description\":\"Themes, layout and UX change apps\"},\"hr\":{\"name\":\"Prilago\\u0111avanje\",\"description\":\"Aplikacije za teme, izgled i promjene UX-a\"},\"hsb\":{\"name\":\"Customization\",\"description\":\"Themes, layout and UX change apps\"},\"hu\":{\"name\":\"Testreszab\\u00e1s\",\"description\":\"T\\u00e9m\\u00e1k, elrendez\\u00e9sek \\u00e9s felhaszn\\u00e1l\\u00f3i fel\\u00fcletet m\\u00f3dos\\u00edt\\u00f3 alkalmaz\\u00e1sok\"},\"hy\":{\"name\":\"Customization\",\"description\":\"Themes, layout and UX change apps\"},\"ia\":{\"name\":\"Customization\",\"description\":\"Themes, layout and UX change apps\"},\"id\":{\"name\":\"Customization\",\"description\":\"Themes, layout and UX change apps\"},\"io\":{\"name\":\"Customization\",\"description\":\"Themes, layout and UX change apps\"},\"is\":{\"name\":\"S\\u00e9rsn\\u00ed\\u00f0ing\",\"description\":\"\\u00deemu, framsetning og breytingar \\u00e1 vi\\u00f0m\\u00f3ti\"}}},{\"id\":\"dashboard\",\"translations\":{\"km\":{\"name\":\"Dashboard\",\"description\":\"Apps including Nextcloud Dashboard widgets\"},\"kn\":{\"name\":\"Dashboard\",\"description\":\"Apps including Nextcloud Dashboard widgets\"},\"ko\":{\"name\":\"\\ub300\\uc2dc\\ubcf4\\ub4dc\",\"description\":\"Apps including Nextcloud Dashboard widgets\"},\"lb\":{\"name\":\"Dashboard\",\"description\":\"Apps including Nextcloud Dashboard widgets\"},\"lt\":{\"name\":\"Skydelis\",\"description\":\"Apps including Nextcloud Dashboard widgets\"},\"lv\":{\"name\":\"Dashboard\",\"description\":\"Apps including Nextcloud Dashboard widgets\"},\"mk\":{\"name\":\"Dashboard\",\"description\":\"Apps including Nextcloud Dashboard widgets\"},\"ml\":{\"name\":\"Dashboard\",\"description\":\"Apps including Nextcloud Dashboard widgets\"},\"mn\":{\"name\":\"Dashboard\",\"description\":\"Apps including Nextcloud Dashboard widgets\"},\"my\":{\"name\":\"Dashboard\",\"description\":\"Apps including Nextcloud Dashboard widgets\"},\"nb\":{\"name\":\"Instrumentpanel\",\"description\":\"Apps including Nextcloud Dashboard widgets\"},\"mr\":{\"name\":\"Dashboard\",\"description\":\"Apps including Nextcloud Dashboard widgets\"},\"ne\":{\"name\":\"Dashboard\",\"description\":\"Apps including Nextcloud Dashboard widgets\"},\"nl\":{\"name\":\"Dashboard\",\"description\":\"Apps inclusief Nextcloud Dashboard-widgets\"},\"nn\":{\"name\":\"Dashboard\",\"description\":\"Apps including Nextcloud Dashboard widgets\"},\"os\":{\"name\":\"Dashboard\",\"description\":\"Apps including Nextcloud Dashboard widgets\"},\"pa\":{\"name\":\"Dashboard\",\"description\":\"Apps including Nextcloud Dashboard widgets\"},\"pl\":{\"name\":\"Tablica\",\"description\":\"Aplikacje, w tym wid\\u017cety Nextcloud Dashboard\"},\"pt\":{\"name\":\"Painel de controlo\",\"description\":\"Apps including Nextcloud Dashboard widgets\"},\"pt-br\":{\"name\":\"Painel\",\"description\":\"Aplicativos incluindo widgets do Nextcloud Dashboard\"},\"ro\":{\"name\":\"Dashboard\",\"description\":\"Apps including Nextcloud Dashboard widgets\"},\"ru\":{\"name\":\"\\u041f\\u0430\\u043d\\u0435\\u043b\\u044c \\u0443\\u043f\\u0440\\u0430\\u0432\\u043b\\u0435\\u043d\\u0438\\u044f\",\"description\":\"Apps including Nextcloud Dashboard widgets\"},\"sk\":{\"name\":\"Informa\\u010dn\\u00fd panel\",\"description\":\"Aplik\\u00e1cie vr\\u00e1tane ovl\\u00e1dac\\u00edch prvkov pre Nextcloud\"},\"sq\":{\"name\":\"Tabel\\u00eb\",\"description\":\"Apps including Nextcloud Dashboard widgets\"},\"sl\":{\"name\":\"Nadzorna plo\\u0161\\u010da\",\"description\":\"Apps including Nextcloud Dashboard widgets\"},\"sr\":{\"name\":\"\\u041a\\u043e\\u043d\\u0442\\u0440\\u043e\\u043b\\u043d\\u0430 \\u0442\\u0430\\u0431\\u043b\\u0430\",\"description\":\"\\u0410\\u043f\\u043b\\u0438\\u043a\\u0430\\u0446\\u0438\\u0458\\u0435 \\u043a\\u043e\\u0458\\u0435 \\u0443\\u043a\\u0459\\u0443\\u0447\\u0443\\u0458\\u0443 \\u0441\\u043f\\u0440\\u0430\\u0432\\u0438\\u0446\\u0435 \\u043d\\u0430 \\u043a\\u043e\\u043d\\u0442\\u0440\\u043e\\u043b\\u043d\\u043e\\u0458 \\u0442\\u0430\\u0431\\u043b\\u0438\"},\"gd\":{\"name\":\"Dashboard\",\"description\":\"Apps including Nextcloud Dashboard widgets\"},\"af\":{\"name\":\"Dashboard\",\"description\":\"Apps including Nextcloud Dashboard widgets\"},\"ar\":{\"name\":\"Dashboard\",\"description\":\"Apps including Nextcloud Dashboard widgets\"},\"ast\":{\"name\":\"Dashboard\",\"description\":\"Apps including Nextcloud Dashboard widgets\"},\"az\":{\"name\":\"Dashboard\",\"description\":\"Apps including Nextcloud Dashboard widgets\"},\"bg\":{\"name\":\"Dashboard\",\"description\":\"Apps including Nextcloud Dashboard widgets\"},\"be\":{\"name\":\"Dashboard\",\"description\":\"Apps including Nextcloud Dashboard widgets\"},\"bn\":{\"name\":\"Dashboard\",\"description\":\"Apps including Nextcloud Dashboard widgets\"},\"br\":{\"name\":\"Dashboard\",\"description\":\"Apps including Nextcloud Dashboard widgets\"},\"bs\":{\"name\":\"Dashboard\",\"description\":\"Apps including Nextcloud Dashboard widgets\"},\"ca\":{\"name\":\"Panell de control\",\"description\":\"Apps including Nextcloud Dashboard widgets\"},\"cs\":{\"name\":\"N\\u00e1st\\u011bnka\",\"description\":\"Aplikace v\\u010detn\\u011b ovl\\u00e1dac\\u00edch prvk\\u016f pro Nextcloud P\\u0159ehled\"},\"cy\":{\"name\":\"Dashboard\",\"description\":\"Apps including Nextcloud Dashboard widgets\"},\"da\":{\"name\":\"Dashboard\",\"description\":\"Apps including Nextcloud Dashboard widgets\"},\"de\":{\"name\":\"Dashboard\",\"description\":\"Apps einschlie\\u00dflich Nextcloud Dashboard-Widgets\"},\"dsb\":{\"name\":\"Dashboard\",\"description\":\"Apps including Nextcloud Dashboard widgets\"},\"el\":{\"name\":\"\\u03a0\\u03af\\u03bd\\u03b1\\u03ba\\u03b1\\u03c2 \\u03b5\\u03bb\\u03ad\\u03b3\\u03c7\\u03bf\\u03c5\",\"description\":\"\\u0395\\u03c6\\u03b1\\u03c1\\u03bc\\u03bf\\u03b3\\u03ad\\u03c2 \\u03c0\\u03bf\\u03c5 \\u03c0\\u03b5\\u03c1\\u03b9\\u03bb\\u03b1\\u03bc\\u03b2\\u03ac\\u03bd\\u03bf\\u03c5\\u03bd \\u03b3\\u03c1\\u03b1\\u03c6\\u03b9\\u03ba\\u03ac \\u03c3\\u03c4\\u03bf\\u03b9\\u03c7\\u03b5\\u03af\\u03b1 \\u03b3\\u03b9\\u03b1 \\u03c4\\u03bf\\u03bd \\u03c0\\u03af\\u03bd\\u03b1\\u03ba\\u03b1 \\u03b5\\u03bb\\u03ad\\u03b3\\u03c7\\u03bf\\u03c5 \\u03c4\\u03bf\\u03c5 Nextcloud\"},\"eo\":{\"name\":\"Regpanelo\",\"description\":\"Apps including Nextcloud Dashboard widgets\"},\"es\":{\"name\":\"Dashboard\",\"description\":\"Apps que incluyen widgets para Nextcloud Dashboard\"},\"es-ar\":{\"name\":\"Dashboard\",\"description\":\"Apps que incluyen widgets para Nextcloud Dashboard\"},\"sr-latn\":{\"name\":\"\\u041a\\u043e\\u043d\\u0442\\u0440\\u043e\\u043b\\u043d\\u0430 \\u0442\\u0430\\u0431\\u043b\\u0430\",\"description\":\"\\u0410\\u043f\\u043b\\u0438\\u043a\\u0430\\u0446\\u0438\\u0458\\u0435 \\u043a\\u043e\\u0458\\u0435 \\u0443\\u043a\\u0459\\u0443\\u0447\\u0443\\u0458\\u0443 \\u0441\\u043f\\u0440\\u0430\\u0432\\u0438\\u0446\\u0435 \\u043d\\u0430 \\u043a\\u043e\\u043d\\u0442\\u0440\\u043e\\u043b\\u043d\\u043e\\u0458 \\u0442\\u0430\\u0431\\u043b\\u0438\"},\"es-co\":{\"name\":\"Tablero de control\",\"description\":\"Apps que incluyen widgets para Nextcloud Dashboard\"},\"es-mx\":{\"name\":\"Tablero de control\",\"description\":\"Apps que incluyen widgets para Nextcloud Dashboard\"},\"es-ni\":{\"name\":\"Tablero de control\",\"description\":\"Apps que incluyen widgets para Nextcloud Dashboard\"},\"es-ve\":{\"name\":\"Dashboard\",\"description\":\"Apps que incluyen widgets para Nextcloud Dashboard\"},\"et\":{\"name\":\"Dashboard\",\"description\":\"Apps including Nextcloud Dashboard widgets\"},\"eu\":{\"name\":\"Mahaia\",\"description\":\"Nextclouden aginte-panel widgetak dauzkaten aplikazioak\"},\"fa\":{\"name\":\"\\u062f\\u0627\\u0634\\u0628\\u0648\\u0631\\u062f\",\"description\":\"Apps including Nextcloud Dashboard widgets\"},\"it\":{\"name\":\"Cruscotto\",\"description\":\"Applicazioni che includono i widget del cruscotto di Nextcloud\"},\"en\":{\"name\":\"Dashboard\",\"description\":\"Apps including Nextcloud Dashboard widgets\"},\"is\":{\"name\":\"Stj\\u00f3rnbor\\u00f0\",\"description\":\"Apps including Nextcloud Dashboard widgets\"},\"ja\":{\"name\":\"\\u30c0\\u30c3\\u30b7\\u30e5\\u30dc\\u30fc\\u30c9\",\"description\":\"Apps including Nextcloud Dashboard widgets\"},\"ka\":{\"name\":\"\\u10db\\u10d7\\u10d0\\u10d5\\u10d0\\u10e0\\u10d8 \\u10d3\\u10d0\\u10e4\\u10d0\",\"description\":\"Apps including Nextcloud Dashboard widgets\"},\"sv\":{\"name\":\"Dashboard\",\"description\":\"Apps including Nextcloud Dashboard widgets\"},\"sw\":{\"name\":\"Dashboard\",\"description\":\"Apps including Nextcloud Dashboard widgets\"},\"ta\":{\"name\":\"Dashboard\",\"description\":\"Apps including Nextcloud Dashboard widgets\"},\"te\":{\"name\":\"Dashboard\",\"description\":\"Apps including Nextcloud Dashboard widgets\"},\"th\":{\"name\":\"Dashboard\",\"description\":\"Apps including Nextcloud Dashboard widgets\"},\"tr\":{\"name\":\"Pano\",\"description\":\"Nextcloud pano bile\\u015fenleri bulunan uygulamalar\"},\"tt\":{\"name\":\"Dashboard\",\"description\":\"Apps including Nextcloud Dashboard widgets\"},\"udm\":{\"name\":\"Dashboard\",\"description\":\"Apps including Nextcloud Dashboard widgets\"},\"uk\":{\"name\":\"Dashboard\",\"description\":\"Apps including Nextcloud Dashboard widgets\"},\"ur\":{\"name\":\"Dashboard\",\"description\":\"Apps including Nextcloud Dashboard widgets\"},\"vi\":{\"name\":\"B\\u1ea3ng th\\u00f4ng tin\",\"description\":\"Apps including Nextcloud Dashboard widgets\"},\"zh-hans\":{\"name\":\"Dashboard\",\"description\":\"Apps including Nextcloud Dashboard widgets\"},\"zh-hant\":{\"name\":\"Dashboard\",\"description\":\"Apps including Nextcloud Dashboard widgets\"},\"kab\":{\"name\":\"Dashboard\",\"description\":\"Apps including Nextcloud Dashboard widgets\"},\"kk\":{\"name\":\"Dashboard\",\"description\":\"Apps including Nextcloud Dashboard widgets\"},\"fi\":{\"name\":\"Kojetaulu\",\"description\":\"Apps including Nextcloud Dashboard widgets\"},\"fr\":{\"name\":\"Tableau de bord\",\"description\":\"Applications qui incluent un widget de tableau de bord\"},\"fy\":{\"name\":\"Dashboard\",\"description\":\"Apps including Nextcloud Dashboard widgets\"},\"ga\":{\"name\":\"Dashboard\",\"description\":\"Apps including Nextcloud Dashboard widgets\"},\"gl\":{\"name\":\"Taboleiro\",\"description\":\"Aplicaci\\u00f3ns que incl\\u00faen trebellos do Taboleiro do Nextcloud\"},\"he\":{\"name\":\"\\u05dc\\u05d5\\u05d7 \\u05d1\\u05e7\\u05e8\\u05d4\",\"description\":\"Apps including Nextcloud Dashboard widgets\"},\"hi\":{\"name\":\"Dashboard\",\"description\":\"Apps including Nextcloud Dashboard widgets\"},\"hr\":{\"name\":\"Nadzorna plo\\u010da\",\"description\":\"Apps including Nextcloud Dashboard widgets\"},\"hsb\":{\"name\":\"Dashboard\",\"description\":\"Apps including Nextcloud Dashboard widgets\"},\"hu\":{\"name\":\"Ir\\u00e1ny\\u00edt\\u00f3pult\",\"description\":\"Apps including Nextcloud Dashboard widgets\"},\"hy\":{\"name\":\"Dashboard\",\"description\":\"Apps including Nextcloud Dashboard widgets\"},\"ia\":{\"name\":\"Dashboard\",\"description\":\"Apps including Nextcloud Dashboard widgets\"},\"id\":{\"name\":\"Dashboard\",\"description\":\"Apps including Nextcloud Dashboard widgets\"},\"io\":{\"name\":\"Dashboard\",\"description\":\"Apps including Nextcloud Dashboard widgets\"}}},{\"id\":\"files\",\"translations\":{\"km\":{\"name\":\"Files\",\"description\":\"File management and Files app extension apps\"},\"kn\":{\"name\":\"Files\",\"description\":\"File management and Files app extension apps\"},\"ko\":{\"name\":\"\\ud30c\\uc77c\",\"description\":\"\\ud30c\\uc77c \\uad00\\ub9ac \\ubc0f \\ud30c\\uc77c \\uc571\\uc758 \\ud655\\uc7a5 \\uae30\\ub2a5\"},\"lb\":{\"name\":\"Files\",\"description\":\"File management and Files app extension apps\"},\"lt\":{\"name\":\"Failai\",\"description\":\"Fail\\u0173 tvarkymo ir fail\\u0173 program\\u0173 pl\\u0117tini\\u0173 programos\"},\"lv\":{\"name\":\"Files\",\"description\":\"File management and Files app extension apps\"},\"mk\":{\"name\":\"Files\",\"description\":\"File management and Files app extension apps\"},\"ml\":{\"name\":\"Files\",\"description\":\"File management and Files app extension apps\"},\"mn\":{\"name\":\"Files\",\"description\":\"File management and Files app extension apps\"},\"mr\":{\"name\":\"Files\",\"description\":\"File management and Files app extension apps\"},\"my\":{\"name\":\"Files\",\"description\":\"File management and Files app extension apps\"},\"nb\":{\"name\":\"Filer\",\"description\":\"App for filh\\u00e5ndtering og utvidelser til Filer\"},\"ne\":{\"name\":\"Files\",\"description\":\"File management and Files app extension apps\"},\"nl\":{\"name\":\"Bestanden\",\"description\":\"Bestandsbeheer en uitbreidingen van bestand apps\"},\"nn\":{\"name\":\"Files\",\"description\":\"File management and Files app extension apps\"},\"os\":{\"name\":\"Files\",\"description\":\"File management and Files app extension apps\"},\"pa\":{\"name\":\"Files\",\"description\":\"File management and Files app extension apps\"},\"pl\":{\"name\":\"Pliki\",\"description\":\"Zarz\\u0105dzanie plikami i rozszerzeniami plik\\u00f3w\"},\"pt\":{\"name\":\"Ficheiros\",\"description\":\"Gest\\u00e3o de ficheiros e aplica\\u00e7\\u00f5es de extens\\u00e3o \\u00e0 aplica\\u00e7\\u00e3o Ficheiros\"},\"pt-br\":{\"name\":\"Arquivos\",\"description\":\"Gerenciamento de arquivos e extens\\u00e3o de aplicativo\"},\"ro\":{\"name\":\"Files\",\"description\":\"File management and Files app extension apps\"},\"ru\":{\"name\":\"\\u0424\\u0430\\u0439\\u043b\\u044b\",\"description\":\"\\u0420\\u0430\\u0441\\u0448\\u0438\\u0440\\u0435\\u043d\\u0438\\u0435: \\u0444\\u0430\\u0439\\u043b\\u044b \\u0438 \\u0443\\u043f\\u0440\\u0430\\u0432\\u043b\\u0435\\u043d\\u0438\\u0435 \\u0444\\u0430\\u0439\\u043b\\u0430\\u043c\\u0438\"},\"sk\":{\"name\":\"S\\u00fabory\",\"description\":\"Spr\\u00e1va s\\u00faborov a aplik\\u00e1cia S\\u00fabory na roz\\u0161\\u00edrenie aplik\\u00e1ci\\u00ed\"},\"sq\":{\"name\":\"Skedar\\u00eb\",\"description\":\"Aplikacion i menaxhimit t\\u00eb skedarit dhe skedar\\u00ebve p\\u00ebr zgjerim t\\u00eb aplikacioneve\"},\"sl\":{\"name\":\"Datoteke\",\"description\":\"Upravljanje z datotekami in raz\\u0161iritvami\"},\"sr\":{\"name\":\"\\u0424\\u0430\\u0458\\u043b\\u043e\\u0432\\u0438\",\"description\":\"\\u0423\\u043f\\u0440\\u0430\\u0432\\u0459\\u0430\\u045a\\u0435 \\u0444\\u0430\\u0458\\u043b\\u043e\\u0432\\u0438\\u043c\\u0430 \\u0438 \\u0430\\u043f\\u043b\\u0438\\u043a\\u0430\\u0446\\u0438\\u0458\\u0435 \\u043a\\u043e\\u0458\\u0435 \\u043f\\u0440\\u043e\\u0448\\u0438\\u0440\\u0443\\u0458\\u0443 \\u043e\\u0441\\u043d\\u043e\\u0432\\u043d\\u0443 \\u0430\\u043f\\u043b\\u0438\\u043a\\u0430\\u0446\\u0438\\u0458\\u0443 \\u0424\\u0430\\u0458\\u043b\\u043e\\u0432\\u0430\"},\"gd\":{\"name\":\"Files\",\"description\":\"File management and Files app extension apps\"},\"af\":{\"name\":\"Files\",\"description\":\"File management and Files app extension apps\"},\"ar\":{\"name\":\"Files\",\"description\":\"File management and Files app extension apps\"},\"ast\":{\"name\":\"Files\",\"description\":\"File management and Files app extension apps\"},\"az\":{\"name\":\"Files\",\"description\":\"File management and Files app extension apps\"},\"bg\":{\"name\":\"Files\",\"description\":\"File management and Files app extension apps\"},\"be\":{\"name\":\"Files\",\"description\":\"File management and Files app extension apps\"},\"bn\":{\"name\":\"Files\",\"description\":\"File management and Files app extension apps\"},\"br\":{\"name\":\"Files\",\"description\":\"File management and Files app extension apps\"},\"bs\":{\"name\":\"Files\",\"description\":\"File management and Files app extension apps\"},\"ca\":{\"name\":\"Fitxers\",\"description\":\"Apps de gesti\\u00f3 de fitxers i fitxers d\\u2019extensi\\u00f3 d\\u2019apps\"},\"cs\":{\"name\":\"Soubory\",\"description\":\"Aplikace roz\\u0161i\\u0159uj\\u00edc\\u00ed spr\\u00e1vu soubor\\u016f a aplikaci Soubory\"},\"cy\":{\"name\":\"Files\",\"description\":\"File management and Files app extension apps\"},\"da\":{\"name\":\"Filer\",\"description\":\"Filh\\u00e5ndtering og Files app udvidelses apps\"},\"de\":{\"name\":\"Dateien\",\"description\":\"Dateimanagement sowie Erweiterungs-Apps f\\u00fcr die Dateien-App\"},\"dsb\":{\"name\":\"Files\",\"description\":\"File management and Files app extension apps\"},\"el\":{\"name\":\"\\u0391\\u03c1\\u03c7\\u03b5\\u03af\\u03b1\",\"description\":\"\\u0394\\u03b9\\u03b1\\u03c7\\u03b5\\u03af\\u03c1\\u03b9\\u03c3\\u03b7 \\u03b1\\u03c1\\u03c7\\u03b5\\u03af\\u03c9\\u03bd \\u03ba\\u03b1\\u03b9 \\u03b5\\u03c0\\u03ad\\u03ba\\u03c4\\u03b1\\u03c3\\u03b7 \\u03b5\\u03c6\\u03b1\\u03c1\\u03bc\\u03bf\\u03b3\\u03ae\\u03c2 \\u0391\\u03c1\\u03c7\\u03b5\\u03af\\u03b1 \\u03b3\\u03b9\\u03b1 \\u03b5\\u03c6\\u03b1\\u03c1\\u03bc\\u03bf\\u03b3\\u03ad\\u03c2\"},\"eo\":{\"name\":\"Dosieroj\",\"description\":\"Dosieradministrado kaj kromprogramoj por la aplika\\u0135o \\u201eDosieroj\\u201c\"},\"es\":{\"name\":\"Archivos\",\"description\":\"Apps de manejo de archivos y de extensi\\u00f3n de la app Archivos\"},\"es-ar\":{\"name\":\"Archivos\",\"description\":\"Aplicaciones de Administraci\\u00f3n de archivos y extensi\\u00f3n a la aplicaci\\u00f3n de Archivos\"},\"es-co\":{\"name\":\"Archivos\",\"description\":\"Aplicaciones de Administraci\\u00f3n de archivos y extensi\\u00f3n a la aplicaci\\u00f3n de Archivos\"},\"es-mx\":{\"name\":\"Archivos\",\"description\":\"Aplicaciones de Administraci\\u00f3n de archivos y extensi\\u00f3n a la aplicaci\\u00f3n de Archivos\"},\"es-ni\":{\"name\":\"Archivos\",\"description\":\"Aplicaciones de Administraci\\u00f3n de archivos y extensi\\u00f3n a la aplicaci\\u00f3n de Archivos\"},\"es-ve\":{\"name\":\"Archivos\",\"description\":\"Apps de manejo de archivos y de extensi\\u00f3n de la app Archivos\"},\"et\":{\"name\":\"Files\",\"description\":\"File management and Files app extension apps\"},\"eu\":{\"name\":\"Fitxategiak\",\"description\":\"Fitxategien kudeaketa eta Fitxategi app-aren luzapen app-ak\"},\"fa\":{\"name\":\"\\u0641\\u0627\\u06cc\\u0644\",\"description\":\"\\u0628\\u0631\\u0646\\u0627\\u0645\\u0647 \\u0647\\u0627\\u06cc \\u0645\\u062f\\u06cc\\u0631\\u06cc\\u062a \\u0628\\u0631\\u0646\\u0627\\u0645\\u0647 \\u0645\\u062f\\u06cc\\u0631\\u06cc\\u062a \\u0641\\u0627\\u06cc\\u0644\\u0647\\u0627 \\u0648 \\u067e\\u0631\\u0648\\u0646\\u062f\\u0647 \\u0647\\u0627\"},\"it\":{\"name\":\"File\",\"description\":\"Applicazioni di gestione dei file ed estensione dell'applicazione File\"},\"en\":{\"name\":\"Files\",\"description\":\"File management and Files app extension apps\"},\"is\":{\"name\":\"Skr\\u00e1r\",\"description\":\"Skr\\u00e1astj\\u00f3rnun og forrit til me\\u00f0h\\u00f6ndlunar skr\\u00e1aendinga\"},\"ja\":{\"name\":\"\\u30d5\\u30a1\\u30a4\\u30eb\",\"description\":\"\\u30d5\\u30a1\\u30a4\\u30eb\\u7ba1\\u7406\\u3068\\u30d5\\u30a1\\u30a4\\u30eb\\u30a2\\u30d7\\u30ea\\u62e1\\u5f35\\u30a2\\u30d7\\u30ea\"},\"ka\":{\"name\":\"\\u10e4\\u10d0\\u10d8\\u10da\\u10d4\\u10d1\\u10d8\",\"description\":\"\\u10e4\\u10d0\\u10d8\\u10da\\u10d4\\u10d1\\u10d8\\u10e1 \\u10db\\u10d4\\u10dc\\u10d4\\u10ef\\u10db\\u10d4\\u10dc\\u10e2\\u10d8 \\u10d3\\u10d0 \\u10e4\\u10d0\\u10d8\\u10da\\u10d4\\u10d1\\u10d8\\u10e1 \\u10d0\\u10de\\u10da\\u10d8\\u10d9\\u10d0\\u10ea\\u10d8\\u10d8\\u10e1 \\u10d2\\u10d0\\u10e4\\u10d0\\u10e0\\u10d7\\u10dd\\u10d4\\u10d1\\u10d4\\u10d1\\u10d8\\u10e1 \\u10d0\\u10de\\u10da\\u10d8\\u10d9\\u10d0\\u10ea\\u10d8\\u10d4\\u10d1\\u10d8\"},\"sr-latn\":{\"name\":\"\\u0424\\u0430\\u0458\\u043b\\u043e\\u0432\\u0438\",\"description\":\"\\u0423\\u043f\\u0440\\u0430\\u0432\\u0459\\u0430\\u045a\\u0435 \\u0444\\u0430\\u0458\\u043b\\u043e\\u0432\\u0438\\u043c\\u0430 \\u0438 \\u0430\\u043f\\u043b\\u0438\\u043a\\u0430\\u0446\\u0438\\u0458\\u0435 \\u043a\\u043e\\u0458\\u0435 \\u043f\\u0440\\u043e\\u0448\\u0438\\u0440\\u0443\\u0458\\u0443 \\u043e\\u0441\\u043d\\u043e\\u0432\\u043d\\u0443 \\u0430\\u043f\\u043b\\u0438\\u043a\\u0430\\u0446\\u0438\\u0458\\u0443 \\u0424\\u0430\\u0458\\u043b\\u043e\\u0432\\u0430\"},\"sv\":{\"name\":\"Filer\",\"description\":\"Filhantering och Filers till\\u00e4ggsappar\"},\"sw\":{\"name\":\"Files\",\"description\":\"File management and Files app extension apps\"},\"ta\":{\"name\":\"Files\",\"description\":\"File management and Files app extension apps\"},\"te\":{\"name\":\"Files\",\"description\":\"File management and Files app extension apps\"},\"th\":{\"name\":\"Files\",\"description\":\"File management and Files app extension apps\"},\"tr\":{\"name\":\"Dosyalar\",\"description\":\"Dosya y\\u00f6netimi ve Dosya uygulamas\\u0131 eklentileri\"},\"tt\":{\"name\":\"Files\",\"description\":\"File management and Files app extension apps\"},\"udm\":{\"name\":\"Files\",\"description\":\"File management and Files app extension apps\"},\"uk\":{\"name\":\"Files\",\"description\":\"File management and Files app extension apps\"},\"ur\":{\"name\":\"Files\",\"description\":\"File management and Files app extension apps\"},\"vi\":{\"name\":\"T\\u1ec7p tin\",\"description\":\"Qu\\u1ea3n l\\u00fd t\\u1ec7p v\\u00e0 c\\u00e1c \\u1ee9ng d\\u1ee5ng m\\u1edf r\\u1ed9ng cho \\u1ee9ng d\\u1ee5ng T\\u1eadp tin\"},\"zh-hans\":{\"name\":\"Files\",\"description\":\"File management and Files app extension apps\"},\"zh-hant\":{\"name\":\"Files\",\"description\":\"File management and Files app extension apps\"},\"kab\":{\"name\":\"Files\",\"description\":\"File management and Files app extension apps\"},\"kk\":{\"name\":\"Files\",\"description\":\"File management and Files app extension apps\"},\"fi\":{\"name\":\"Tiedostot\",\"description\":\"Tiedostojenhallintasovellukset ja Tiedostot-sovelluksen lis\\u00e4osat\"},\"fr\":{\"name\":\"Fichiers\",\"description\":\"Applications de gestion de fichiers et extensions de l'application Fichiers\"},\"fy\":{\"name\":\"Files\",\"description\":\"File management and Files app extension apps\"},\"ga\":{\"name\":\"Files\",\"description\":\"File management and Files app extension apps\"},\"gl\":{\"name\":\"Ficheiros\",\"description\":\"Aplicaci\\u00f3ns de extensi\\u00f3n da xesti\\u00f3n de ficheiros e da aplicaci\\u00f3n Ficheiros\"},\"he\":{\"name\":\"\\u05e7\\u05d1\\u05e6\\u05d9\\u05dd\",\"description\":\"\\u05d9\\u05d9\\u05e9\\u05d5\\u05de\\u05d5\\u05e0\\u05d9 \\u05e0\\u05d9\\u05d4\\u05d5\\u05dc \\u05e7\\u05d1\\u05e6\\u05d9\\u05dd \\u05d5\\u05d4\\u05e8\\u05d7\\u05d1\\u05d5\\u05ea \\u05d9\\u05d9\\u05e9\\u05d5\\u05de\\u05d5\\u05e0\\u05d9 \\u05e7\\u05d1\\u05e6\\u05d9\\u05dd\"},\"hi\":{\"name\":\"Files\",\"description\":\"File management and Files app extension apps\"},\"hr\":{\"name\":\"Datoteke\",\"description\":\"Aplikacije za upravljanje datotekama i pro\\u0161irenjima za aplikaciju Datoteke\"},\"hsb\":{\"name\":\"Files\",\"description\":\"File management and Files app extension apps\"},\"hu\":{\"name\":\"F\\u00e1jlok\",\"description\":\"F\\u00e1jlkezel\\u0151 \\u00e9s kieg\\u00e9sz\\u00edt\\u0151 alkalmaz\\u00e1sok\"},\"hy\":{\"name\":\"Files\",\"description\":\"File management and Files app extension apps\"},\"ia\":{\"name\":\"Files\",\"description\":\"File management and Files app extension apps\"},\"id\":{\"name\":\"Files\",\"description\":\"File management and Files app extension apps\"},\"io\":{\"name\":\"Files\",\"description\":\"File management and Files app extension apps\"}}},{\"id\":\"games\",\"translations\":{\"km\":{\"name\":\"Games\",\"description\":\"Games run in your Nextcloud\"},\"kn\":{\"name\":\"Games\",\"description\":\"Games run in your Nextcloud\"},\"ko\":{\"name\":\"\\uac8c\\uc784\",\"description\":\"\\ub0b4 Nextcloud\\uc5d0\\uc11c \\uc2e4\\ud589\\ud558\\ub294 \\uac8c\\uc784\"},\"lb\":{\"name\":\"Games\",\"description\":\"Games run in your Nextcloud\"},\"lt\":{\"name\":\"\\u017daidimai\",\"description\":\"\\u017daidimai J\\u016bs\\u0173 Nextcloud\"},\"lv\":{\"name\":\"Games\",\"description\":\"Games run in your Nextcloud\"},\"mk\":{\"name\":\"Games\",\"description\":\"Games run in your Nextcloud\"},\"ml\":{\"name\":\"Games\",\"description\":\"Games run in your Nextcloud\"},\"mn\":{\"name\":\"Games\",\"description\":\"Games run in your Nextcloud\"},\"mr\":{\"name\":\"Games\",\"description\":\"Games run in your Nextcloud\"},\"my\":{\"name\":\"Games\",\"description\":\"Games run in your Nextcloud\"},\"nb\":{\"name\":\"Spill\",\"description\":\"Spillbare spill i din Nextcloud\"},\"ne\":{\"name\":\"Games\",\"description\":\"Games run in your Nextcloud\"},\"nl\":{\"name\":\"Spelen\",\"description\":\"Spellen draaiend in je Nextcloud\"},\"nn\":{\"name\":\"Games\",\"description\":\"Games run in your Nextcloud\"},\"os\":{\"name\":\"Games\",\"description\":\"Games run in your Nextcloud\"},\"pa\":{\"name\":\"Games\",\"description\":\"Games run in your Nextcloud\"},\"pl\":{\"name\":\"Gry\",\"description\":\"Gry dla Nextcloud\"},\"pt\":{\"name\":\"Jogos\",\"description\":\"Jogos executados na sua Nextcloud\"},\"pt-br\":{\"name\":\"Jogos\",\"description\":\"Os jogos rodam em seu Nextcloud\"},\"ro\":{\"name\":\"Games\",\"description\":\"Games run in your Nextcloud\"},\"ru\":{\"name\":\"\\u0418\\u0433\\u0440\\u044b\",\"description\":\"\\u0412 Nextcloud \\u0437\\u0430\\u043f\\u0443\\u0441\\u043a\\u0430\\u044e\\u0442\\u0441\\u044f \\u0438\\u0433\\u0440\\u044b\"},\"sk\":{\"name\":\"Hry\",\"description\":\"Hry be\\u017eia vo va\\u0161om Nextcloude\"},\"sq\":{\"name\":\"Loj\\u00ebra\",\"description\":\"Lojer\\u00ebt n\\u00eb Nextcloud-in tuaj\"},\"sr\":{\"name\":\"\\u0418\\u0433\\u0440\\u0438\\u0446\\u0435\",\"description\":\"\\u0418\\u0433\\u0440\\u0438\\u0446\\u0435 \\u043a\\u043e\\u0458\\u0435 \\u0441\\u0435 \\u043f\\u043e\\u043a\\u0440\\u0435\\u045b\\u0443 \\u0438\\u0437 \\u041d\\u0435\\u043a\\u0441\\u0442\\u043a\\u043b\\u0430\\u0443\\u0434\\u0430\"},\"sl\":{\"name\":\"Igre\",\"description\":\"Igre, ki se izvajajo v oblaku Nextcloud\"},\"gd\":{\"name\":\"Games\",\"description\":\"Games run in your Nextcloud\"},\"af\":{\"name\":\"Games\",\"description\":\"Games run in your Nextcloud\"},\"ar\":{\"name\":\"Games\",\"description\":\"Games run in your Nextcloud\"},\"ast\":{\"name\":\"Games\",\"description\":\"Games run in your Nextcloud\"},\"az\":{\"name\":\"Games\",\"description\":\"Games run in your Nextcloud\"},\"bg\":{\"name\":\"Games\",\"description\":\"Games run in your Nextcloud\"},\"be\":{\"name\":\"Games\",\"description\":\"Games run in your Nextcloud\"},\"bn\":{\"name\":\"Games\",\"description\":\"Games run in your Nextcloud\"},\"br\":{\"name\":\"Games\",\"description\":\"Games run in your Nextcloud\"},\"bs\":{\"name\":\"Games\",\"description\":\"Games run in your Nextcloud\"},\"ca\":{\"name\":\"Jocs\",\"description\":\"Jocs que s'executaran en el vostre Nextcloud\"},\"cs\":{\"name\":\"Hry\",\"description\":\"Hry spustiteln\\u00e9 v r\\u00e1mci Nextcloud\"},\"cy\":{\"name\":\"Games\",\"description\":\"Games run in your Nextcloud\"},\"da\":{\"name\":\"Spil\",\"description\":\"Spil der k\\u00f8res i din Nextcloud\"},\"de\":{\"name\":\"Spiele\",\"description\":\"Spiele f\\u00fcr Deine Nextcloud\"},\"dsb\":{\"name\":\"Games\",\"description\":\"Games run in your Nextcloud\"},\"el\":{\"name\":\"\\u03a0\\u03b1\\u03b9\\u03c7\\u03bd\\u03af\\u03b4\\u03b9\\u03b1\",\"description\":\"\\u03a0\\u03b1\\u03b9\\u03c7\\u03bd\\u03af\\u03b4\\u03b9\\u03b1 \\u03c0\\u03bf\\u03c5 \\u03c4\\u03c1\\u03ad\\u03c7\\u03bf\\u03c5\\u03bd \\u03c3\\u03c4\\u03bf Nextcloud \\u03c3\\u03b1\\u03c2\"},\"eo\":{\"name\":\"Ludoj\",\"description\":\"Ludoj ene de via Nextcloud\"},\"es\":{\"name\":\"Juegos\",\"description\":\"Juegos que funcionan en tu Nextcloud\"},\"es-ar\":{\"name\":\"Juegos\",\"description\":\"Los juegos se ejecutan en tu Nextcloud\"},\"es-co\":{\"name\":\"Juegos\",\"description\":\"Juegos que corren en tu Nextcloud\"},\"es-mx\":{\"name\":\"Juegos\",\"description\":\"Juegos que corren en tu Nextcloud\"},\"es-ni\":{\"name\":\"Juegos\",\"description\":\"Juegos que corren en tu Nextcloud\"},\"es-ve\":{\"name\":\"Juegos\",\"description\":\"Juegos que funcionan en tu Nextcloud\"},\"et\":{\"name\":\"Games\",\"description\":\"Games run in your Nextcloud\"},\"eu\":{\"name\":\"Jokuak\",\"description\":\"Zure Nextcloudean exekuta daitezkeen jokuak\"},\"it\":{\"name\":\"Giochi\",\"description\":\"Giochi da far girare nel tuo Nextcloud\"},\"en\":{\"name\":\"Games\",\"description\":\"Games run in your Nextcloud\"},\"is\":{\"name\":\"Leikir\",\"description\":\"Leikir keyr\\u00f0ir \\u00ed \\u00fe\\u00ednu eigin Nextcloud\"},\"ja\":{\"name\":\"\\u30b2\\u30fc\\u30e0\",\"description\":\"Nextcloud\\u3067\\u52d5\\u304f\\u30b2\\u30fc\\u30e0\"},\"ka\":{\"name\":\"\\u10d7\\u10d0\\u10db\\u10d0\\u10e8\\u10d4\\u10d1\\u10d8\",\"description\":\"\\u10d7\\u10d0\\u10db\\u10d0\\u10e8\\u10d4\\u10d1\\u10d8, \\u10e0\\u10dd\\u10db\\u10da\\u10d4\\u10d1\\u10d8\\u10ea \\u10db\\u10e3\\u10e8\\u10d0\\u10dd\\u10d1\\u10d4\\u10dc \\u10d7\\u10e5\\u10d5\\u10d4\\u10dc\\u10e1 Nextcloud-\\u10e8\\u10d8\"},\"sr-latn\":{\"name\":\"\\u0418\\u0433\\u0440\\u0438\\u0446\\u0435\",\"description\":\"\\u0418\\u0433\\u0440\\u0438\\u0446\\u0435 \\u043a\\u043e\\u0458\\u0435 \\u0441\\u0435 \\u043f\\u043e\\u043a\\u0440\\u0435\\u045b\\u0443 \\u0438\\u0437 \\u041d\\u0435\\u043a\\u0441\\u0442\\u043a\\u043b\\u0430\\u0443\\u0434\\u0430\"},\"sv\":{\"name\":\"Spel\",\"description\":\"Spel k\\u00f6r i ditt Nextcloud\"},\"sw\":{\"name\":\"Games\",\"description\":\"Games run in your Nextcloud\"},\"ta\":{\"name\":\"Games\",\"description\":\"Games run in your Nextcloud\"},\"te\":{\"name\":\"Games\",\"description\":\"Games run in your Nextcloud\"},\"th\":{\"name\":\"Games\",\"description\":\"Games run in your Nextcloud\"},\"tr\":{\"name\":\"Oyunlar\",\"description\":\"Nextcloud hesab\\u0131n\\u0131zda \\u00e7al\\u0131\\u015fan oyunlar\"},\"tt\":{\"name\":\"Games\",\"description\":\"Games run in your Nextcloud\"},\"udm\":{\"name\":\"Games\",\"description\":\"Games run in your Nextcloud\"},\"uk\":{\"name\":\"Games\",\"description\":\"Games run in your Nextcloud\"},\"ur\":{\"name\":\"Games\",\"description\":\"Games run in your Nextcloud\"},\"vi\":{\"name\":\"Tr\\u00f2 ch\\u01a1i\",\"description\":\"C\\u00e1c tr\\u00f2 ch\\u01a1i ch\\u1ea1y tr\\u00ean Nextcloud c\\u1ee7a b\\u1ea1n\"},\"zh-hans\":{\"name\":\"Games\",\"description\":\"Games run in your Nextcloud\"},\"zh-hant\":{\"name\":\"Games\",\"description\":\"Games run in your Nextcloud\"},\"kab\":{\"name\":\"Games\",\"description\":\"Games run in your Nextcloud\"},\"kk\":{\"name\":\"Games\",\"description\":\"Games run in your Nextcloud\"},\"fa\":{\"name\":\"\\u0628\\u0627\\u0632\\u06cc \\u0647\\u0627\",\"description\":\"\\u0628\\u0627\\u0632\\u06cc \\u0647\\u0627 \\u062f\\u0631 \\u0646\\u06a9\\u0633\\u062a \\u06a9\\u0644\\u0648\\u062f \\u0634\\u0645\\u0627 \\u0627\\u062c\\u0631\\u0627 \\u0645\\u06cc \\u0634\\u0648\\u0646\\u062f\"},\"fi\":{\"name\":\"Pelit\",\"description\":\"Pelit suoritetaan Nextcloudissasi\"},\"fr\":{\"name\":\"Jeux\",\"description\":\"Les jeux fonctionnant dans votre Nextcloud\"},\"fy\":{\"name\":\"Games\",\"description\":\"Games run in your Nextcloud\"},\"ga\":{\"name\":\"Games\",\"description\":\"Games run in your Nextcloud\"},\"gl\":{\"name\":\"Xogos\",\"description\":\"Xogos funcionando no seu Nextcloud\"},\"he\":{\"name\":\"\\u05de\\u05e9\\u05d7\\u05e7\\u05d9\\u05dd\",\"description\":\"\\u05de\\u05e9\\u05d7\\u05e7\\u05d9\\u05dd \\u05e9\\u05e4\\u05d5\\u05e2\\u05dc\\u05d9\\u05dd \\u05d1\\u05beNextcloud \\u05e9\\u05dc\\u05da\"},\"hi\":{\"name\":\"Games\",\"description\":\"Games run in your Nextcloud\"},\"hr\":{\"name\":\"Igre\",\"description\":\"Igre koje se izvode u va\\u0161em Nextcloudu\"},\"hsb\":{\"name\":\"Games\",\"description\":\"Games run in your Nextcloud\"},\"hu\":{\"name\":\"J\\u00e1t\\u00e9kok\",\"description\":\"J\\u00e1t\\u00e9kok a Nextcloudj\\u00e1ban\"},\"hy\":{\"name\":\"Games\",\"description\":\"Games run in your Nextcloud\"},\"ia\":{\"name\":\"Games\",\"description\":\"Games run in your Nextcloud\"},\"id\":{\"name\":\"Games\",\"description\":\"Games run in your Nextcloud\"},\"io\":{\"name\":\"Games\",\"description\":\"Games run in your Nextcloud\"}}},{\"id\":\"integration\",\"translations\":{\"km\":{\"name\":\"Integration\",\"description\":\"Apps that connect Nextcloud with other services and platforms\"},\"kn\":{\"name\":\"Integration\",\"description\":\"Apps that connect Nextcloud with other services and platforms\"},\"ko\":{\"name\":\"\\ud1b5\\ud569\",\"description\":\"Nextcloud\\uc640 \\ub2e4\\ub978 \\uc11c\\ube44\\uc2a4 \\ubc0f \\ud50c\\ub7ab\\ud3fc\\uc744 \\ud1b5\\ud569\\ud558\\ub294 \\uc571\"},\"lb\":{\"name\":\"Integration\",\"description\":\"Apps that connect Nextcloud with other services and platforms\"},\"lt\":{\"name\":\"Integracija\",\"description\":\"Programos, jungian\\u010dios Nextcloud su kitomis paslaugomis ir platformomis\"},\"lv\":{\"name\":\"Integration\",\"description\":\"Apps that connect Nextcloud with other services and platforms\"},\"mk\":{\"name\":\"Integration\",\"description\":\"Apps that connect Nextcloud with other services and platforms\"},\"ml\":{\"name\":\"Integration\",\"description\":\"Apps that connect Nextcloud with other services and platforms\"},\"mn\":{\"name\":\"Integration\",\"description\":\"Apps that connect Nextcloud with other services and platforms\"},\"mr\":{\"name\":\"Integration\",\"description\":\"Apps that connect Nextcloud with other services and platforms\"},\"my\":{\"name\":\"Integration\",\"description\":\"Apps that connect Nextcloud with other services and platforms\"},\"nb\":{\"name\":\"Integrasjon\",\"description\":\"Apper som kobler Nextcloud med andre tjenester og plattformer\"},\"ne\":{\"name\":\"Integration\",\"description\":\"Apps that connect Nextcloud with other services and platforms\"},\"nl\":{\"name\":\"Integratie\",\"description\":\"Apps die Nextcloud verbinden met andere services en platformen\"},\"nn\":{\"name\":\"Integration\",\"description\":\"Apps that connect Nextcloud with other services and platforms\"},\"os\":{\"name\":\"Integration\",\"description\":\"Apps that connect Nextcloud with other services and platforms\"},\"pa\":{\"name\":\"Integration\",\"description\":\"Apps that connect Nextcloud with other services and platforms\"},\"pl\":{\"name\":\"Integracja\",\"description\":\"Po\\u0142\\u0105czenie Nextcloud z innymi us\\u0142ugami i platformami\"},\"pt\":{\"name\":\"Integra\\u00e7\\u00e3o\",\"description\":\"Aplica\\u00e7\\u00f5es que ligam a sua Nextcloud a outros servi\\u00e7os e plataformas\"},\"pt-br\":{\"name\":\"Integra\\u00e7\\u00e3o\",\"description\":\"Aplicativos que conectam ao Nextcloud com outros servi\\u00e7os e plataformas\"},\"ro\":{\"name\":\"Integration\",\"description\":\"Apps that connect Nextcloud with other services and platforms\"},\"ru\":{\"name\":\"\\u0418\\u043d\\u0442\\u0435\\u0433\\u0440\\u0430\\u0446\\u0438\\u044f\",\"description\":\"\\u041f\\u0440\\u0438\\u043b\\u043e\\u0436\\u0435\\u043d\\u0438\\u044f, \\u0441\\u043e\\u0435\\u0434\\u0438\\u043d\\u044f\\u044e\\u0449\\u0438\\u0435 Nextcloud \\u0441 \\u0434\\u0440\\u0443\\u0433\\u0438\\u043c\\u0438 \\u0441\\u043b\\u0443\\u0436\\u0431\\u0430\\u043c\\u0438 \\u0438 \\u043f\\u043b\\u0430\\u0442\\u0444\\u043e\\u0440\\u043c\\u0430\\u043c\\u0438\"},\"sk\":{\"name\":\"Integr\\u00e1cia\",\"description\":\"Apky, ktor\\u00e9 prep\\u00e1jaj\\u00fa Nextcloud s in\\u00fdmi slu\\u017ebami a platformami\"},\"sq\":{\"name\":\"Integrimi\",\"description\":\"Aplikacionet q\\u00eb lidhen me Nextcloud me an\\u00ebn e sh\\u00ebrbimeve dhe platformave t\\u00eb tjera\"},\"sr\":{\"name\":\"\\u0418\\u043d\\u0442\\u0435\\u0433\\u0440\\u0430\\u0446\\u0438\\u0458\\u0430\",\"description\":\"\\u0410\\u043f\\u043b\\u0438\\u043a\\u0430\\u0446\\u0438\\u0458\\u0435 \\u043a\\u043e\\u0458\\u0435 \\u043f\\u043e\\u0432\\u0435\\u0437\\u0443\\u0458\\u0443 \\u041d\\u0435\\u043a\\u0441\\u0442\\u043a\\u043b\\u0430\\u0443\\u0434 \\u0441\\u0430 \\u0434\\u0440\\u0443\\u0433\\u0438\\u043c \\u0441\\u0435\\u0440\\u0432\\u0438\\u0441\\u0438\\u043c\\u0430 \\u0438 \\u043f\\u043b\\u0430\\u0442\\u0444\\u043e\\u0440\\u043c\\u0430\\u043c\\u0430\"},\"sl\":{\"name\":\"Sodelovanje in delo\",\"description\":\"Programi, ki povezujejo Nextcloud z drugimi storitvami in okolji\"},\"gd\":{\"name\":\"Integration\",\"description\":\"Apps that connect Nextcloud with other services and platforms\"},\"af\":{\"name\":\"Integration\",\"description\":\"Apps that connect Nextcloud with other services and platforms\"},\"ar\":{\"name\":\"Integration\",\"description\":\"Apps that connect Nextcloud with other services and platforms\"},\"ast\":{\"name\":\"Integration\",\"description\":\"Apps that connect Nextcloud with other services and platforms\"},\"az\":{\"name\":\"Integration\",\"description\":\"Apps that connect Nextcloud with other services and platforms\"},\"bg\":{\"name\":\"Integration\",\"description\":\"Apps that connect Nextcloud with other services and platforms\"},\"be\":{\"name\":\"Integration\",\"description\":\"Apps that connect Nextcloud with other services and platforms\"},\"bn\":{\"name\":\"Integration\",\"description\":\"Apps that connect Nextcloud with other services and platforms\"},\"br\":{\"name\":\"Integration\",\"description\":\"Apps that connect Nextcloud with other services and platforms\"},\"bs\":{\"name\":\"Integration\",\"description\":\"Apps that connect Nextcloud with other services and platforms\"},\"ca\":{\"name\":\"Integraci\\u00f3\",\"description\":\"Aplicacions que es connecten a Nextcloud amb altres serveis i plataformes\"},\"cs\":{\"name\":\"Propojen\\u00ed\",\"description\":\"Aplikace kter\\u00e9 NextCloud propojuj\\u00ed s dal\\u0161\\u00edmi slu\\u017ebami a platformami\"},\"cy\":{\"name\":\"Integration\",\"description\":\"Apps that connect Nextcloud with other services and platforms\"},\"da\":{\"name\":\"Integration\",\"description\":\"Apps der forbinder Nextcloud med andre services og platforme\"},\"de\":{\"name\":\"Einbindung\",\"description\":\"Apps die Nextcloud mit anderen Diensten und Plattformen verbinden\"},\"dsb\":{\"name\":\"Integration\",\"description\":\"Apps that connect Nextcloud with other services and platforms\"},\"el\":{\"name\":\"\\u0395\\u03bd\\u03c3\\u03c9\\u03bc\\u03ac\\u03c4\\u03c9\\u03c3\\u03b7\",\"description\":\"\\u0395\\u03c6\\u03b1\\u03c1\\u03bc\\u03bf\\u03b3\\u03ad\\u03c2 \\u03c0\\u03bf\\u03c5 \\u03c3\\u03c5\\u03bd\\u03b4\\u03ad\\u03bf\\u03c5\\u03bd \\u03c4\\u03bf Nextcloud \\u03bc\\u03b5 \\u03ac\\u03bb\\u03bb\\u03b5\\u03c2 \\u03c5\\u03c0\\u03b7\\u03c1\\u03b5\\u03c3\\u03af\\u03b5\\u03c2 \\u03ba\\u03b1\\u03b9 \\u03c0\\u03bb\\u03b1\\u03c4\\u03c6\\u03cc\\u03c1\\u03bc\\u03b5\\u03c2\"},\"eo\":{\"name\":\"Integrigo\",\"description\":\"Aplika\\u0135oj, kiuj interligas Nextcloud-on kun aliaj servoj kaj platformoj\"},\"es\":{\"name\":\"Integraci\\u00f3n\",\"description\":\"Apps que conectan Nextcloud con otros servicios y plataformas\"},\"es-ar\":{\"name\":\"Integraci\\u00f3n\",\"description\":\"Aplicaciones que conectan a Nextcloud con otros servicios y plataformas\"},\"es-co\":{\"name\":\"Integraci\\u00f3n\",\"description\":\"Aplicaciones que conectan a Nextcloud con otros servicios y plataformas\"},\"es-mx\":{\"name\":\"Integraci\\u00f3n\",\"description\":\"Aplicaciones que conectan a Nextcloud con otros servicios y plataformas\"},\"es-ni\":{\"name\":\"Integraci\\u00f3n\",\"description\":\"Aplicaciones que conectan a Nextcloud con otros servicios y plataformas\"},\"es-ve\":{\"name\":\"Integraci\\u00f3n\",\"description\":\"Apps que conectan Nextcloud con otros servicios y plataformas\"},\"et\":{\"name\":\"Integration\",\"description\":\"Apps that connect Nextcloud with other services and platforms\"},\"eu\":{\"name\":\"Integrazioa\",\"description\":\"Nextcloud beste zerbitzu eta plataformekin konektatzeko app-ak\"},\"it\":{\"name\":\"Integrazione\",\"description\":\"Applicazioni che collegano Nextcloud con altri servizi e piattaforme\"},\"en\":{\"name\":\"Integration\",\"description\":\"Apps that connect Nextcloud with other services and platforms\"},\"is\":{\"name\":\"Sam\\u00fe\\u00e6tting\",\"description\":\"Forrit sem tengja Nextcloud vi\\u00f0 a\\u00f0rar \\u00fej\\u00f3nustur og kerfi\"},\"ja\":{\"name\":\"\\u9023\\u643a\",\"description\":\"NextCloud\\u3068\\u4ed6\\u306e\\u30b5\\u30fc\\u30d3\\u30b9\\u3084\\u30d7\\u30e9\\u30c3\\u30c8\\u30d5\\u30a9\\u30fc\\u30e0\\u3092\\u63a5\\u7d9a\\u3059\\u308b\\u30a2\\u30d7\\u30ea\\u30b1\\u30fc\\u30b7\\u30e7\\u30f3\"},\"ka\":{\"name\":\"\\u10d8\\u10dc\\u10e2\\u10d4\\u10d2\\u10e0\\u10d0\\u10ea\\u10d8\\u10d0\",\"description\":\"\\u10d0\\u10de\\u10da\\u10d8\\u10d9\\u10d0\\u10ea\\u10d8\\u10d4\\u10d1\\u10d8 \\u10e0\\u10dd\\u10db\\u10da\\u10d4\\u10d1\\u10d8\\u10ea \\u10d0\\u10d9\\u10d0\\u10d5\\u10e8\\u10d8\\u10e0\\u10d4\\u10d1\\u10d4\\u10dc Nextcloud-\\u10e1 \\u10e1\\u10ee\\u10d5\\u10d0 \\u10e1\\u10d4\\u10e0\\u10d5\\u10d8\\u10e1\\u10d4\\u10d1\\u10e1\\u10d0 \\u10d3\\u10d0 \\u10de\\u10da\\u10d0\\u10e2\\u10e4\\u10dd\\u10e0\\u10db\\u10d4\\u10d1\\u10d7\\u10d0\\u10dc \"},\"sr-latn\":{\"name\":\"\\u0418\\u043d\\u0442\\u0435\\u0433\\u0440\\u0430\\u0446\\u0438\\u0458\\u0430\",\"description\":\"\\u0410\\u043f\\u043b\\u0438\\u043a\\u0430\\u0446\\u0438\\u0458\\u0435 \\u043a\\u043e\\u0458\\u0435 \\u043f\\u043e\\u0432\\u0435\\u0437\\u0443\\u0458\\u0443 \\u041d\\u0435\\u043a\\u0441\\u0442\\u043a\\u043b\\u0430\\u0443\\u0434 \\u0441\\u0430 \\u0434\\u0440\\u0443\\u0433\\u0438\\u043c \\u0441\\u0435\\u0440\\u0432\\u0438\\u0441\\u0438\\u043c\\u0430 \\u0438 \\u043f\\u043b\\u0430\\u0442\\u0444\\u043e\\u0440\\u043c\\u0430\\u043c\\u0430\"},\"sv\":{\"name\":\"Integration\",\"description\":\"Appar som ansluter Nextcloud med andra tj\\u00e4nster och plattformar\"},\"sw\":{\"name\":\"Integration\",\"description\":\"Apps that connect Nextcloud with other services and platforms\"},\"ta\":{\"name\":\"Integration\",\"description\":\"Apps that connect Nextcloud with other services and platforms\"},\"te\":{\"name\":\"Integration\",\"description\":\"Apps that connect Nextcloud with other services and platforms\"},\"th\":{\"name\":\"Integration\",\"description\":\"Apps that connect Nextcloud with other services and platforms\"},\"tr\":{\"name\":\"B\\u00fct\\u00fcnle\\u015ftirme\",\"description\":\"Nextcloud ile di\\u011fer hizmet ve platformlar\\u0131 b\\u00fct\\u00fcnle\\u015ftiren uygulamalar\"},\"tt\":{\"name\":\"Integration\",\"description\":\"Apps that connect Nextcloud with other services and platforms\"},\"udm\":{\"name\":\"Integration\",\"description\":\"Apps that connect Nextcloud with other services and platforms\"},\"uk\":{\"name\":\"Integration\",\"description\":\"Apps that connect Nextcloud with other services and platforms\"},\"ur\":{\"name\":\"Integration\",\"description\":\"Apps that connect Nextcloud with other services and platforms\"},\"vi\":{\"name\":\"T\\u00edch h\\u1ee3p\",\"description\":\"C\\u00e1c \\u1ee9ng d\\u1ee5ng k\\u1ebft n\\u1ed1i Nextcloud v\\u1edbi c\\u00e1c d\\u1ecbch v\\u1ee5 v\\u00e0 n\\u1ec1n t\\u1ea3ng kh\\u00e1c\"},\"zh-hans\":{\"name\":\"Integration\",\"description\":\"Apps that connect Nextcloud with other services and platforms\"},\"zh-hant\":{\"name\":\"Integration\",\"description\":\"Apps that connect Nextcloud with other services and platforms\"},\"kab\":{\"name\":\"Integration\",\"description\":\"Apps that connect Nextcloud with other services and platforms\"},\"kk\":{\"name\":\"Integration\",\"description\":\"Apps that connect Nextcloud with other services and platforms\"},\"fa\":{\"name\":\"\\u0627\\u062f\\u063a\\u0627\\u0645\",\"description\":\"\\u0628\\u0631\\u0646\\u0627\\u0645\\u0647 \\u0647\\u0627\\u06cc\\u06cc \\u06a9\\u0647 \\u0646\\u06a9\\u0633\\u062a \\u06a9\\u0644\\u0648\\u062f \\u0631\\u0627 \\u0628\\u0627 \\u0633\\u0627\\u06cc\\u0631 \\u0633\\u0631\\u0648\\u06cc\\u0633 \\u0647\\u0627 \\u0648 \\u0633\\u06cc\\u0633\\u062a\\u0645 \\u0639\\u0627\\u0645\\u0644 \\u0647\\u0627 \\u0645\\u062a\\u0635\\u0644 \\u0645\\u06cc \\u06a9\\u0646\\u062f\"},\"fi\":{\"name\":\"Integraatio\",\"description\":\"Sovellukset, jotka yhdist\\u00e4v\\u00e4t Nextcloudin muihin palveluihin ja sovellusalustoihin\"},\"fr\":{\"name\":\"Int\\u00e9gration\",\"description\":\"Applications qui connectent Nextcloud avec d'autres services et plateformes\"},\"fy\":{\"name\":\"Integration\",\"description\":\"Apps that connect Nextcloud with other services and platforms\"},\"ga\":{\"name\":\"Integration\",\"description\":\"Apps that connect Nextcloud with other services and platforms\"},\"gl\":{\"name\":\"Integraci\\u00f3n\",\"description\":\"Aplicaci\\u00f3ns que conectan o Nextcloud con outros servizos e plataformas\"},\"he\":{\"name\":\"\\u05e9\\u05d9\\u05dc\\u05d5\\u05d1\",\"description\":\"\\u05d9\\u05d9\\u05e9\\u05d5\\u05de\\u05d5\\u05e0\\u05d9\\u05dd \\u05e9\\u05de\\u05d7\\u05d1\\u05e8\\u05d9\\u05dd \\u05d0\\u05ea Nextcloud \\u05e2\\u05dd \\u05e9\\u05d9\\u05e8\\u05d5\\u05ea\\u05d9\\u05dd \\u05d5\\u05e4\\u05dc\\u05d8\\u05e4\\u05d5\\u05e8\\u05de\\u05d5\\u05ea \\u05d0\\u05d7\\u05e8\\u05d9\\u05dd\"},\"hi\":{\"name\":\"Integration\",\"description\":\"Apps that connect Nextcloud with other services and platforms\"},\"hr\":{\"name\":\"Integracija\",\"description\":\"Aplikacije koje povezuju Nextcloud s drugim uslugama i platformama\"},\"hsb\":{\"name\":\"Integration\",\"description\":\"Apps that connect Nextcloud with other services and platforms\"},\"hu\":{\"name\":\"Integr\\u00e1ci\\u00f3\",\"description\":\"Alkalmaz\\u00e1sok, melyek a Nextcloudot m\\u00e1s szolg\\u00e1ltat\\u00e1sokhoz \\u00e9s platformokhoz kapcsolj\\u00e1k\"},\"hy\":{\"name\":\"Integration\",\"description\":\"Apps that connect Nextcloud with other services and platforms\"},\"ia\":{\"name\":\"Integration\",\"description\":\"Apps that connect Nextcloud with other services and platforms\"},\"id\":{\"name\":\"Integration\",\"description\":\"Apps that connect Nextcloud with other services and platforms\"},\"io\":{\"name\":\"Integration\",\"description\":\"Apps that connect Nextcloud with other services and platforms\"}}},{\"id\":\"monitoring\",\"translations\":{\"km\":{\"name\":\"Monitoring\",\"description\":\"Data statistics, system diagnostics and activity apps\"},\"kn\":{\"name\":\"Monitoring\",\"description\":\"Data statistics, system diagnostics and activity apps\"},\"ko\":{\"name\":\"\\ubaa8\\ub2c8\\ud130\\ub9c1\",\"description\":\"\\ub370\\uc774\\ud130 \\ud1b5\\uacc4, \\uc2dc\\uc2a4\\ud15c \\uc9c4\\ub2e8 \\ubc0f \\ud65c\\ub3d9 \\uad00\\ub9ac \\uc571\"},\"lb\":{\"name\":\"Monitoring\",\"description\":\"Data statistics, system diagnostics and activity apps\"},\"lt\":{\"name\":\"Steb\\u0117sena\",\"description\":\"Duomen\\u0173 statistikos, sistemos diagnostikos ir veiklos programos\"},\"lv\":{\"name\":\"Monitoring\",\"description\":\"Data statistics, system diagnostics and activity apps\"},\"mk\":{\"name\":\"Monitoring\",\"description\":\"Data statistics, system diagnostics and activity apps\"},\"ml\":{\"name\":\"Monitoring\",\"description\":\"Data statistics, system diagnostics and activity apps\"},\"mn\":{\"name\":\"Monitoring\",\"description\":\"Data statistics, system diagnostics and activity apps\"},\"my\":{\"name\":\"Monitoring\",\"description\":\"Data statistics, system diagnostics and activity apps\"},\"mr\":{\"name\":\"Monitoring\",\"description\":\"Data statistics, system diagnostics and activity apps\"},\"nb\":{\"name\":\"Overv\\u00e5king\",\"description\":\"Apper for statistikk, systemdiagnose og aktivitet\"},\"ne\":{\"name\":\"Monitoring\",\"description\":\"Data statistics, system diagnostics and activity apps\"},\"nl\":{\"name\":\"Monitoren\",\"description\":\"Gegevensstatistiek, systeem diagnose en activiteit apps\"},\"nn\":{\"name\":\"Monitoring\",\"description\":\"Data statistics, system diagnostics and activity apps\"},\"os\":{\"name\":\"Monitoring\",\"description\":\"Data statistics, system diagnostics and activity apps\"},\"pa\":{\"name\":\"Monitoring\",\"description\":\"Data statistics, system diagnostics and activity apps\"},\"pl\":{\"name\":\"Monitorowanie\",\"description\":\"Statystyki, diagnostyka i aktywno\\u015bci\"},\"pt\":{\"name\":\"Monitoriza\\u00e7\\u00e3o\",\"description\":\"Estat\\u00edsticas de dados, diagn\\u00f3sticos de sistema e aplica\\u00e7\\u00f5es de actividade \"},\"pt-br\":{\"name\":\"Monitoramento\",\"description\":\"Estat\\u00edsticas de dados, diagn\\u00f3sticos de sistema e atividades de aplicativos\"},\"ro\":{\"name\":\"Monitoring\",\"description\":\"Data statistics, system diagnostics and activity apps\"},\"ru\":{\"name\":\"\\u041c\\u043e\\u043d\\u0438\\u0442\\u043e\\u0440\\u0438\\u043d\\u0433\",\"description\":\"\\u0421\\u0442\\u0430\\u0442\\u0438\\u0441\\u0442\\u0438\\u043a\\u0430 \\u0434\\u0430\\u043d\\u043d\\u044b\\u0445, \\u0434\\u0438\\u0430\\u0433\\u043d\\u043e\\u0441\\u0442\\u0438\\u043a\\u0430 \\u0441\\u0438\\u0441\\u0442\\u0435\\u043c\\u044b \\u0438 \\u0430\\u043a\\u0442\\u0438\\u0432\\u043d\\u043e\\u0441\\u0442\\u044c \\u043f\\u0440\\u0438\\u043b\\u043e\\u0436\\u0435\\u043d\\u0438\\u0439\"},\"sk\":{\"name\":\"Monitoring\",\"description\":\"\\u0160tatistika d\\u00e1t, diagnostika syst\\u00e9mu a aktivity aplik\\u00e1ci\\u00ed\"},\"sr\":{\"name\":\"\\u041d\\u0430\\u0434\\u0433\\u043b\\u0435\\u0434\\u0430\\u045a\\u0435\",\"description\":\"\\u0421\\u0442\\u0430\\u0442\\u0438\\u0441\\u0442\\u0438\\u043a\\u0435 \\u043e \\u043f\\u043e\\u0434\\u0430\\u0446\\u0438\\u043c\\u0430, \\u0434\\u0438\\u0458\\u0430\\u0433\\u043d\\u043e\\u0441\\u0442\\u0438\\u043a\\u0430 \\u0441\\u0438\\u0441\\u0442\\u0435\\u043c\\u0430 \\u0438 \\u0430\\u043f\\u043b\\u0438\\u043a\\u0430\\u0446\\u0438\\u0458\\u0435 \\u0430\\u043a\\u0442\\u0438\\u0432\\u043d\\u043e\\u0441\\u0442\\u0438\"},\"sl\":{\"name\":\"Nadzor in delovanje\",\"description\":\"Statistika podatkov, sistemska diagnostika in programi za spremljanje dejavnosti\"},\"sq\":{\"name\":\"V\\u00ebzhgim\",\"description\":\"Statistikat e t\\u00eb dh\\u00ebnave, diagnostikimi i sistemit dhe aplikacionet e aktivitetit\"},\"gd\":{\"name\":\"Monitoring\",\"description\":\"Data statistics, system diagnostics and activity apps\"},\"af\":{\"name\":\"Monitoring\",\"description\":\"Data statistics, system diagnostics and activity apps\"},\"ar\":{\"name\":\"Monitoring\",\"description\":\"Data statistics, system diagnostics and activity apps\"},\"ast\":{\"name\":\"Monitoring\",\"description\":\"Data statistics, system diagnostics and activity apps\"},\"az\":{\"name\":\"Monitoring\",\"description\":\"Data statistics, system diagnostics and activity apps\"},\"bg\":{\"name\":\"Monitoring\",\"description\":\"Data statistics, system diagnostics and activity apps\"},\"be\":{\"name\":\"Monitoring\",\"description\":\"Data statistics, system diagnostics and activity apps\"},\"bn\":{\"name\":\"Monitoring\",\"description\":\"Data statistics, system diagnostics and activity apps\"},\"br\":{\"name\":\"Monitoring\",\"description\":\"Data statistics, system diagnostics and activity apps\"},\"bs\":{\"name\":\"Monitoring\",\"description\":\"Data statistics, system diagnostics and activity apps\"},\"ca\":{\"name\":\"Seguiment\",\"description\":\"Apps sobre dades estad\\u00edstiques, diagnosis de sistema i activitat\"},\"cs\":{\"name\":\"Dohled\",\"description\":\"Datov\\u00e9 statistiky, diagnostiky syst\\u00e9mu a aktivity aplikac\\u00ed\"},\"cy\":{\"name\":\"Monitoring\",\"description\":\"Data statistics, system diagnostics and activity apps\"},\"da\":{\"name\":\"Monitorering\",\"description\":\"Datastatistik, systemdiagnoser og -aktivitets apps\"},\"de\":{\"name\":\"\\u00dcberwachung\",\"description\":\"Datenstatistiken-, Systemdiagnose- und Aktivit\\u00e4ten-Apps\"},\"dsb\":{\"name\":\"Monitoring\",\"description\":\"Data statistics, system diagnostics and activity apps\"},\"el\":{\"name\":\"\\u03a0\\u03b1\\u03c1\\u03b1\\u03ba\\u03bf\\u03bb\\u03bf\\u03cd\\u03b8\\u03b7\\u03c3\\u03b7\",\"description\":\"\\u03a3\\u03c4\\u03b1\\u03c4\\u03b9\\u03c3\\u03c4\\u03b9\\u03ba\\u03ac \\u03b4\\u03b5\\u03b4\\u03bf\\u03bc\\u03ad\\u03bd\\u03c9\\u03bd, \\u03b4\\u03b9\\u03b1\\u03b3\\u03bd\\u03c9\\u03c3\\u03c4\\u03b9\\u03ba\\u03ac \\u03c3\\u03c5\\u03c3\\u03c4\\u03ae\\u03bc\\u03b1\\u03c4\\u03bf\\u03c2 \\u03ba\\u03b1\\u03b9 \\u03b4\\u03c1\\u03b1\\u03c3\\u03c4\\u03b7\\u03c1\\u03b9\\u03cc\\u03c4\\u03b7\\u03c4\\u03b1 \\u03b5\\u03c6\\u03b1\\u03c1\\u03bc\\u03bf\\u03b3\\u03ce\\u03bd\"},\"eo\":{\"name\":\"Observado\",\"description\":\"Statistiko, sistema diagnozo kaj aktiva\\u0135oj\"},\"es\":{\"name\":\"Monitorizaci\\u00f3n\",\"description\":\"Apps de estad\\u00edsticas, diagn\\u00f3sticos del sistema y actividad\"},\"es-ar\":{\"name\":\"Monitoreo\",\"description\":\"Aplicaciones de estad\\u00edstica de datos, diagn\\u00f3stico del sistema y actividad\"},\"es-co\":{\"name\":\"Monitoreo\",\"description\":\"Aplicaciones de estad\\u00edstica de datos, diagn\\u00f3stico del sistema y actividad\"},\"es-mx\":{\"name\":\"Monitoreo\",\"description\":\"Aplicaciones de estad\\u00edstica de datos, diagn\\u00f3stico del sistema y actividad\"},\"es-ni\":{\"name\":\"Monitoreo\",\"description\":\"Aplicaciones de estad\\u00edstica de datos, diagn\\u00f3stico del sistema y actividad\"},\"es-ve\":{\"name\":\"Monitorizaci\\u00f3n\",\"description\":\"Apps de estad\\u00edsticas, diagn\\u00f3sticos del sistema y actividad\"},\"et\":{\"name\":\"Monitoring\",\"description\":\"Data statistics, system diagnostics and activity apps\"},\"eu\":{\"name\":\"Monitorizazioa\",\"description\":\"Datu estatiktikak, sistema diagnostikoa eta jarduera app-ak\"},\"it\":{\"name\":\"Monitoraggio\",\"description\":\"Applicazioni di statistiche, diagnostica di sistema e attivit\\u00e0\"},\"en\":{\"name\":\"Monitoring\",\"description\":\"Data statistics, system diagnostics and activity apps\"},\"is\":{\"name\":\"V\\u00f6ktun\",\"description\":\"T\\u00f6lfr\\u00e6\\u00f0i gagna, greining kerfis og virkniforrit\"},\"ja\":{\"name\":\"\\u30e2\\u30cb\\u30bf\\u30ea\\u30f3\\u30b0\",\"description\":\"\\u30c7\\u30fc\\u30bf\\u7d71\\u8a08\\u3001\\u30b7\\u30b9\\u30c6\\u30e0\\u8a3a\\u65ad\\u304a\\u3088\\u3073\\u30a2\\u30af\\u30c6\\u30a3\\u30d3\\u30c6\\u30a3\\u30a2\\u30d7\\u30ea\\u30b1\\u30fc\\u30b7\\u30e7\\u30f3\"},\"ka\":{\"name\":\"\\u10db\\u10d8\\u10dc\\u10d8\\u10e2\\u10dd\\u10e0\\u10d8\\u10dc\\u10d2\\u10d8\",\"description\":\"\\u10db\\u10dd\\u10dc\\u10d0\\u10ea\\u10d4\\u10db\\u10d7\\u10d0 \\u10e1\\u10e2\\u10d0\\u10e2\\u10d8\\u10e1\\u10e2\\u10d8\\u10d9\\u10d0, \\u10e1\\u10d8\\u10e1\\u10e2\\u10d4\\u10db\\u10d8\\u10e1 \\u10d3\\u10d8\\u10d0\\u10d2\\u10dc\\u10dd\\u10d6\\u10d8 \\u10d3\\u10d0 \\u10d0\\u10e5\\u10e2\\u10d8\\u10d5\\u10dd\\u10d1\\u10d8\\u10e1 \\u10d0\\u10de\\u10da\\u10d8\\u10d9\\u10d0\\u10ea\\u10d8\\u10d4\\u10d1\\u10d8\"},\"sr-latn\":{\"name\":\"\\u041d\\u0430\\u0434\\u0433\\u043b\\u0435\\u0434\\u0430\\u045a\\u0435\",\"description\":\"\\u0421\\u0442\\u0430\\u0442\\u0438\\u0441\\u0442\\u0438\\u043a\\u0435 \\u043e \\u043f\\u043e\\u0434\\u0430\\u0446\\u0438\\u043c\\u0430, \\u0434\\u0438\\u0458\\u0430\\u0433\\u043d\\u043e\\u0441\\u0442\\u0438\\u043a\\u0430 \\u0441\\u0438\\u0441\\u0442\\u0435\\u043c\\u0430 \\u0438 \\u0430\\u043f\\u043b\\u0438\\u043a\\u0430\\u0446\\u0438\\u0458\\u0435 \\u0430\\u043a\\u0442\\u0438\\u0432\\u043d\\u043e\\u0441\\u0442\\u0438\"},\"sv\":{\"name\":\"\\u00d6vervakning\",\"description\":\"Datastatistik, systemdiagnostik och aktivitetsappar\"},\"sw\":{\"name\":\"Monitoring\",\"description\":\"Data statistics, system diagnostics and activity apps\"},\"ta\":{\"name\":\"Monitoring\",\"description\":\"Data statistics, system diagnostics and activity apps\"},\"te\":{\"name\":\"Monitoring\",\"description\":\"Data statistics, system diagnostics and activity apps\"},\"th\":{\"name\":\"Monitoring\",\"description\":\"Data statistics, system diagnostics and activity apps\"},\"tr\":{\"name\":\"\\u0130zleme\",\"description\":\"Veri istatistikleri, sistem tan\\u0131lama ve i\\u015flem uygulamalar\\u0131\"},\"tt\":{\"name\":\"Monitoring\",\"description\":\"Data statistics, system diagnostics and activity apps\"},\"udm\":{\"name\":\"Monitoring\",\"description\":\"Data statistics, system diagnostics and activity apps\"},\"uk\":{\"name\":\"Monitoring\",\"description\":\"Data statistics, system diagnostics and activity apps\"},\"ur\":{\"name\":\"Monitoring\",\"description\":\"Data statistics, system diagnostics and activity apps\"},\"vi\":{\"name\":\"Gi\\u00e1m s\\u00e1t\",\"description\":\"C\\u00e1c th\\u1ed1ng k\\u00ea d\\u1eef li\\u1ec7u, c\\u00e1c chu\\u1ea9n \\u0111o\\u00e1n h\\u1ec7 th\\u1ed1ng v\\u00e0 ho\\u1ea1t \\u0111\\u1ed9ng c\\u1ee7a c\\u00e1c \\u1ee9ng d\\u1ee5ng\"},\"zh-hans\":{\"name\":\"Monitoring\",\"description\":\"Data statistics, system diagnostics and activity apps\"},\"zh-hant\":{\"name\":\"Monitoring\",\"description\":\"Data statistics, system diagnostics and activity apps\"},\"kab\":{\"name\":\"Monitoring\",\"description\":\"Data statistics, system diagnostics and activity apps\"},\"kk\":{\"name\":\"Monitoring\",\"description\":\"Data statistics, system diagnostics and activity apps\"},\"fa\":{\"name\":\"\\u0646\\u0638\\u0627\\u0631\\u062a \\u0628\\u0631\",\"description\":\"\\u0622\\u0645\\u0627\\u0631 \\u062f\\u0627\\u062f\\u0647 \\u0647\\u0627 \\u060c \\u062a\\u0634\\u062e\\u06cc\\u0635 \\u0633\\u06cc\\u0633\\u062a\\u0645 \\u0648 \\u0628\\u0631\\u0646\\u0627\\u0645\\u0647 \\u0647\\u0627\\u06cc \\u0641\\u0639\\u0627\\u0644\\u06cc\\u062a\"},\"fi\":{\"name\":\"Monitorointi\",\"description\":\"Data tilastot, j\\u00e4rjestelm\\u00e4diagnostiikka ja aktiviteettisovellukset\"},\"fr\":{\"name\":\"Supervision\",\"description\":\"Applications de statistiques sur les donn\\u00e9es, de diagnostics syst\\u00e8mes et d'activit\\u00e9.\"},\"fy\":{\"name\":\"Monitoring\",\"description\":\"Data statistics, system diagnostics and activity apps\"},\"ga\":{\"name\":\"Monitoring\",\"description\":\"Data statistics, system diagnostics and activity apps\"},\"gl\":{\"name\":\"Supervisando\",\"description\":\"Aplicaci\\u00f3ns de estat\\u00edstica de datos, diagn\\u00f3stico do sistema e actividade\"},\"he\":{\"name\":\"\\u05de\\u05e2\\u05e7\\u05d1\",\"description\":\"\\u05d9\\u05d9\\u05e9\\u05d5\\u05de\\u05d5\\u05e0\\u05d9\\u05dd \\u05dc\\u05e0\\u05d9\\u05ea\\u05d5\\u05d7 \\u05e1\\u05d8\\u05d8\\u05d9\\u05e1\\u05d8\\u05d9, \\u05d1\\u05d3\\u05d9\\u05e7\\u05ea \\u05d4\\u05de\\u05e2\\u05e8\\u05db\\u05ea \\u05d5\\u05e4\\u05e2\\u05d9\\u05dc\\u05d5\\u05d9\\u05d5\\u05ea\"},\"hi\":{\"name\":\"Monitoring\",\"description\":\"Data statistics, system diagnostics and activity apps\"},\"hr\":{\"name\":\"Pra\\u0107enje\",\"description\":\"Aplikacije za statistiku podataka, dijagnostiku sustava i aktivnosti\"},\"hsb\":{\"name\":\"Monitoring\",\"description\":\"Data statistics, system diagnostics and activity apps\"},\"hu\":{\"name\":\"Rendszerfel\\u00fcgyelet\",\"description\":\"Adatstatisztika, rendszerdiagnosztika \\u00e9s tev\\u00e9kenys\\u00e9gk\\u00f6vet\\u0151 alkalmaz\\u00e1sok\"},\"hy\":{\"name\":\"Monitoring\",\"description\":\"Data statistics, system diagnostics and activity apps\"},\"ia\":{\"name\":\"Monitoring\",\"description\":\"Data statistics, system diagnostics and activity apps\"},\"id\":{\"name\":\"Monitoring\",\"description\":\"Data statistics, system diagnostics and activity apps\"},\"io\":{\"name\":\"Monitoring\",\"description\":\"Data statistics, system diagnostics and activity apps\"}}},{\"id\":\"multimedia\",\"translations\":{\"kk\":{\"name\":\"Multimedia\",\"description\":\"Audio, video and picture apps\"},\"km\":{\"name\":\"Multimedia\",\"description\":\"Audio, video and picture apps\"},\"kn\":{\"name\":\"Multimedia\",\"description\":\"Audio, video and picture apps\"},\"ko\":{\"name\":\"\\uba40\\ud2f0\\ubbf8\\ub514\\uc5b4\",\"description\":\"\\uc624\\ub514\\uc624, \\ube44\\ub514\\uc624, \\uc0ac\\uc9c4 \\uc571\"},\"lb\":{\"name\":\"Multimedia\",\"description\":\"Audio, video and picture apps\"},\"lt\":{\"name\":\"Multimedija\",\"description\":\"Garso, vaizdo ir paveiksl\\u0117li\\u0173 program\\u0117l\\u0117s\"},\"lv\":{\"name\":\"Multimedia\",\"description\":\"Audio, video and picture apps\"},\"mk\":{\"name\":\"Multimedia\",\"description\":\"Audio, video and picture apps\"},\"ml\":{\"name\":\"Multimedia\",\"description\":\"Audio, video and picture apps\"},\"mn\":{\"name\":\"Multimedia\",\"description\":\"Audio, video and picture apps\"},\"mr\":{\"name\":\"Multimedia\",\"description\":\"Audio, video and picture apps\"},\"my\":{\"name\":\"Multimedia\",\"description\":\"Audio, video and picture apps\"},\"nb\":{\"name\":\"Multimedia\",\"description\":\"Apper for lyd, film og bilde\"},\"ne\":{\"name\":\"Multimedia\",\"description\":\"Audio, video and picture apps\"},\"nl\":{\"name\":\"Multimedia\",\"description\":\"Audio, video en afbeelding apps\"},\"nn\":{\"name\":\"Multimedia\",\"description\":\"Audio, video and picture apps\"},\"os\":{\"name\":\"Multimedia\",\"description\":\"Audio, video and picture apps\"},\"pa\":{\"name\":\"Multimedia\",\"description\":\"Audio, video and picture apps\"},\"pl\":{\"name\":\"Multimedia\",\"description\":\"Aplikacje graficzne, audio i wideo\"},\"pt\":{\"name\":\"Multim\\u00e9dia\",\"description\":\"Aplica\\u00e7\\u00f5es de \\u00c1udio, V\\u00eddeo e Imagens\"},\"pt-br\":{\"name\":\"Multim\\u00eddia\",\"description\":\"Aplicativos de \\u00e1udio, v\\u00eddeo e imagem\"},\"ro\":{\"name\":\"Multimedia\",\"description\":\"Audio, video and picture apps\"},\"ru\":{\"name\":\"\\u041c\\u0443\\u043b\\u044c\\u0442\\u0438\\u043c\\u0435\\u0434\\u0438\\u0430\",\"description\":\"\\u041f\\u0440\\u0438\\u043b\\u043e\\u0436\\u0435\\u043d\\u0438\\u0435 \\u0430\\u0443\\u0434\\u0438\\u043e, \\u0432\\u0438\\u0434\\u0435\\u043e \\u0438 \\u0438\\u0437\\u043e\\u0431\\u0440\\u0430\\u0436\\u0435\\u043d\\u0438\\u044f\"},\"sk\":{\"name\":\"Multim\\u00e9di\\u00e1\",\"description\":\"Aplik\\u00e1cie pre audio, video a obr\\u00e1zky\"},\"sl\":{\"name\":\"Ve\\u010dpredstavnost\",\"description\":\"Programi za zvok, video in slike\"},\"sq\":{\"name\":\"Multimedia\",\"description\":\"Aplikacione audio, video dhe fotosh\"},\"sr\":{\"name\":\"\\u041c\\u0443\\u043b\\u0442\\u0438\\u043c\\u0435\\u0434\\u0438\\u0458\\u0430\",\"description\":\"\\u0410\\u043f\\u043b\\u0438\\u043a\\u0430\\u0446\\u0438\\u0458\\u0435 \\u0437\\u0430 \\u0430\\u0443\\u0434\\u0438\\u043e, \\u0432\\u0438\\u0434\\u0435\\u043e \\u0438 \\u0441\\u043b\\u0438\\u043a\\u0435\"},\"gd\":{\"name\":\"Multimedia\",\"description\":\"Audio, video and picture apps\"},\"af\":{\"name\":\"Multimedia\",\"description\":\"Audio, video and picture apps\"},\"ar\":{\"name\":\"Multimedia\",\"description\":\"Audio, video and picture apps\"},\"ast\":{\"name\":\"Multimedia\",\"description\":\"Audio, video and picture apps\"},\"az\":{\"name\":\"Multimedia\",\"description\":\"Audio, video and picture apps\"},\"bg\":{\"name\":\"Multimedia\",\"description\":\"Audio, video and picture apps\"},\"be\":{\"name\":\"Multimedia\",\"description\":\"Audio, video and picture apps\"},\"bn\":{\"name\":\"Multimedia\",\"description\":\"Audio, video and picture apps\"},\"br\":{\"name\":\"Multimedia\",\"description\":\"Audio, video and picture apps\"},\"bs\":{\"name\":\"Multimedia\",\"description\":\"Audio, video and picture apps\"},\"ca\":{\"name\":\"Multim\\u00e8dia\",\"description\":\"Aplicacions d'\\u00e0udio, v\\u00eddeo i fotografies\"},\"cs\":{\"name\":\"Multim\\u00e9dia\",\"description\":\"Aplikace pro zvuk, video a obr\\u00e1zky\"},\"cy\":{\"name\":\"Multimedia\",\"description\":\"Audio, video and picture apps\"},\"da\":{\"name\":\"Multimedie\",\"description\":\"Lyd, billede og video apps\"},\"de\":{\"name\":\"Multimedia\",\"description\":\"Audio-, Video- und Bilder-Apps\"},\"dsb\":{\"name\":\"Multimedia\",\"description\":\"Audio, video and picture apps\"},\"el\":{\"name\":\"\\u03a0\\u03bf\\u03bb\\u03c5\\u03bc\\u03ad\\u03c3\\u03b1\",\"description\":\"\\u0395\\u03c6\\u03b1\\u03c1\\u03bc\\u03bf\\u03b3\\u03ad\\u03c2 \\u03ae\\u03c7\\u03bf\\u03c5, \\u03b2\\u03af\\u03bd\\u03c4\\u03b5\\u03bf \\u03ba\\u03b1\\u03b9 \\u03b5\\u03b9\\u03ba\\u03cc\\u03bd\\u03b1\\u03c2\"},\"eo\":{\"name\":\"A\\u016ddvida\\u0135oj\",\"description\":\"A\\u016dda\\u0135o, videa\\u0135o kaj bildoj\"},\"es\":{\"name\":\"Multimedia\",\"description\":\"Apps de sonido, video e im\\u00e1genes\"},\"es-ar\":{\"name\":\"Multimedia\",\"description\":\"Aplicaciones de audio, video e imagenes\"},\"es-co\":{\"name\":\"Multimedia\",\"description\":\"Aplicaciones de audio, video e im\\u00e1genes\"},\"es-mx\":{\"name\":\"Multimedia\",\"description\":\"Aplicaciones de audio, video e im\\u00e1genes\"},\"es-ni\":{\"name\":\"Multimedia\",\"description\":\"Aplicaciones de audio, video e im\\u00e1genes\"},\"es-ve\":{\"name\":\"Multimedia\",\"description\":\"Apps de sonido, video e im\\u00e1genes\"},\"et\":{\"name\":\"Multimedia\",\"description\":\"Audio, video and picture apps\"},\"eu\":{\"name\":\"Multimedia\",\"description\":\"Audio, bideo eta argazki app-ak\"},\"it\":{\"name\":\"Multimedia\",\"description\":\"Applicazioni per audio, video e immagini\"},\"en\":{\"name\":\"Multimedia\",\"description\":\"Audio, video and picture apps\"},\"is\":{\"name\":\"Margmi\\u00f0lun\",\"description\":\"Forrit fyrir hj\\u00f3\\u00f0, myndir og myndskei\\u00f0\"},\"ja\":{\"name\":\"\\u30de\\u30eb\\u30c1\\u30e1\\u30c7\\u30a3\\u30a2\",\"description\":\"\\u30aa\\u30fc\\u30c7\\u30a3\\u30aa\\u3001\\u30d3\\u30c7\\u30aa\\u3001\\u753b\\u50cf\\u30a2\\u30d7\\u30ea\"},\"ka\":{\"name\":\"\\u10db\\u10e3\\u10da\\u10e2\\u10d8\\u10db\\u10d4\\u10d3\\u10d8\\u10d0\",\"description\":\"\\u10d0\\u10e3\\u10d3\\u10d8\\u10dd, \\u10d5\\u10d8\\u10d3\\u10d4\\u10dd \\u10d3\\u10d0 \\u10e1\\u10e3\\u10e0\\u10d0\\u10d7\\u10d4\\u10d1\\u10d8\\u10e1 \\u10d0\\u10de\\u10da\\u10d8\\u10d9\\u10d0\\u10ea\\u10d8\\u10d4\\u10d1\\u10d8\"},\"sr-latn\":{\"name\":\"\\u041c\\u0443\\u043b\\u0442\\u0438\\u043c\\u0435\\u0434\\u0438\\u0458\\u0430\",\"description\":\"\\u0410\\u043f\\u043b\\u0438\\u043a\\u0430\\u0446\\u0438\\u0458\\u0435 \\u0437\\u0430 \\u0430\\u0443\\u0434\\u0438\\u043e, \\u0432\\u0438\\u0434\\u0435\\u043e \\u0438 \\u0441\\u043b\\u0438\\u043a\\u0435\"},\"sv\":{\"name\":\"Multimedia\",\"description\":\"Ljud, video, och bildappar\"},\"sw\":{\"name\":\"Multimedia\",\"description\":\"Audio, video and picture apps\"},\"ta\":{\"name\":\"Multimedia\",\"description\":\"Audio, video and picture apps\"},\"te\":{\"name\":\"Multimedia\",\"description\":\"Audio, video and picture apps\"},\"th\":{\"name\":\"Multimedia\",\"description\":\"Audio, video and picture apps\"},\"tr\":{\"name\":\"\\u00c7oklu Ortam\",\"description\":\"Ses, g\\u00f6r\\u00fcnt\\u00fc ve foto\\u011fraf uygulamalar\\u0131\"},\"tt\":{\"name\":\"Multimedia\",\"description\":\"Audio, video and picture apps\"},\"udm\":{\"name\":\"Multimedia\",\"description\":\"Audio, video and picture apps\"},\"uk\":{\"name\":\"Multimedia\",\"description\":\"Audio, video and picture apps\"},\"ur\":{\"name\":\"Multimedia\",\"description\":\"Audio, video and picture apps\"},\"vi\":{\"name\":\"Gi\\u1ea3i tr\\u00ed \\u0111a ph\\u01b0\\u01a1ng ti\\u1ec7n\",\"description\":\"\\u1ee8ng d\\u1ee5ng \\u00e2m thanh, video v\\u00e0 \\u1ea3nh\"},\"zh-hans\":{\"name\":\"Multimedia\",\"description\":\"Audio, video and picture apps\"},\"zh-hant\":{\"name\":\"Multimedia\",\"description\":\"Audio, video and picture apps\"},\"kab\":{\"name\":\"Multimedia\",\"description\":\"Audio, video and picture apps\"},\"fa\":{\"name\":\"\\u0686\\u0646\\u062f \\u0631\\u0633\\u0627\\u0646\\u0647 \\u0627\\u06cc\",\"description\":\"\\u0628\\u0631\\u0646\\u0627\\u0645\\u0647 \\u0647\\u0627\\u06cc \\u0635\\u0648\\u062a\\u06cc \\u060c \\u0648\\u06cc\\u062f\\u06cc\\u0648\\u06cc\\u06cc \\u0648 \\u062a\\u0635\\u0648\\u06cc\\u0631\\u06cc\"},\"fi\":{\"name\":\"Multimedia\",\"description\":\"\\u00c4\\u00e4ni-, video- ja kuvasovellukset\"},\"fr\":{\"name\":\"Multim\\u00e9dia\",\"description\":\"Applications audio, vid\\u00e9o et image\"},\"fy\":{\"name\":\"Multimedia\",\"description\":\"Audio, video and picture apps\"},\"ga\":{\"name\":\"Multimedia\",\"description\":\"Audio, video and picture apps\"},\"gl\":{\"name\":\"Multimedia\",\"description\":\"Aplicaci\\u00f3ns de son, v\\u00eddeo e imaxes\"},\"he\":{\"name\":\"\\u05de\\u05d5\\u05dc\\u05d8\\u05d9\\u05de\\u05d3\\u05d9\\u05d4\",\"description\":\"\\u05d9\\u05d9\\u05e9\\u05d5\\u05de\\u05d5\\u05e0\\u05d9 \\u05e9\\u05de\\u05e2, \\u05d5\\u05d9\\u05d3\\u05d0\\u05d5 \\u05d5\\u05ea\\u05de\\u05d5\\u05e0\\u05d5\\u05ea\"},\"hi\":{\"name\":\"Multimedia\",\"description\":\"Audio, video and picture apps\"},\"hr\":{\"name\":\"Multimedija\",\"description\":\"Audio, video i slikovne aplikacije\"},\"hsb\":{\"name\":\"Multimedia\",\"description\":\"Audio, video and picture apps\"},\"hu\":{\"name\":\"Multim\\u00e9dia\",\"description\":\"Hang-, vide\\u00f3- \\u00e9s k\\u00e9palkalmaz\\u00e1sok\"},\"hy\":{\"name\":\"Multimedia\",\"description\":\"Audio, video and picture apps\"},\"ia\":{\"name\":\"Multimedia\",\"description\":\"Audio, video and picture apps\"},\"id\":{\"name\":\"Multimedia\",\"description\":\"Audio, video and picture apps\"},\"io\":{\"name\":\"Multimedia\",\"description\":\"Audio, video and picture apps\"}}},{\"id\":\"office\",\"translations\":{\"kk\":{\"name\":\"Office & text\",\"description\":\"Office and text processing apps\"},\"km\":{\"name\":\"Office & text\",\"description\":\"Office and text processing apps\"},\"kn\":{\"name\":\"Office & text\",\"description\":\"Office and text processing apps\"},\"ko\":{\"name\":\"\\uc624\\ud53c\\uc2a4 \\ubc0f \\ud14d\\uc2a4\\ud2b8\",\"description\":\"\\uc624\\ud53c\\uc2a4 \\ubc0f \\ud14d\\uc2a4\\ud2b8 \\ucc98\\ub9ac \\uc571\"},\"lb\":{\"name\":\"Office & text\",\"description\":\"Office and text processing apps\"},\"lt\":{\"name\":\"Ra\\u0161tin\\u0117 ir tekstas\",\"description\":\"Ra\\u0161tin\\u0117s ir teksto apdorojimo program\\u0117l\\u0117s\"},\"lv\":{\"name\":\"Office & text\",\"description\":\"Office and text processing apps\"},\"mk\":{\"name\":\"Office & text\",\"description\":\"Office and text processing apps\"},\"ml\":{\"name\":\"Office & text\",\"description\":\"Office and text processing apps\"},\"mn\":{\"name\":\"Office & text\",\"description\":\"Office and text processing apps\"},\"mr\":{\"name\":\"Office & text\",\"description\":\"Office and text processing apps\"},\"my\":{\"name\":\"Office & text\",\"description\":\"Office and text processing apps\"},\"nb\":{\"name\":\"Kontorst\\u00f8tte og tekst\",\"description\":\"Apper for kontorst\\u00f8tte og tekstbehandling\"},\"ne\":{\"name\":\"Office & text\",\"description\":\"Office and text processing apps\"},\"nl\":{\"name\":\"Office & tekst\",\"description\":\"Office en tekstverwerkingsapps\"},\"nn\":{\"name\":\"Office & text\",\"description\":\"Office and text processing apps\"},\"os\":{\"name\":\"Office & text\",\"description\":\"Office and text processing apps\"},\"pa\":{\"name\":\"Office & text\",\"description\":\"Office and text processing apps\"},\"pl\":{\"name\":\"Biuro i tekst\",\"description\":\"Aplikacje biurowe i przetwarzania tekstu\"},\"pt\":{\"name\":\"Escrit\\u00f3rio & texto\",\"description\":\"Aplica\\u00e7\\u00f5es de escrit\\u00f3rio e processamento de texto\"},\"pt-br\":{\"name\":\"Escrit\\u00f3rio & texto\",\"description\":\"Aplicativos para processamento de Office e texto\"},\"ro\":{\"name\":\"Office & text\",\"description\":\"Office and text processing apps\"},\"ru\":{\"name\":\"\\u041e\\u0444\\u0438\\u0441 \\u0438 \\u0442\\u0435\\u043a\\u0441\\u0442\",\"description\":\"\\u041e\\u0444\\u0438\\u0441\\u043d\\u044b\\u0435 \\u043f\\u0440\\u0438\\u043b\\u043e\\u0436\\u0435\\u043d\\u0438\\u044f \\u0438 \\u043f\\u0440\\u0438\\u043b\\u043e\\u0436\\u0435\\u043d\\u0438\\u044f \\u0434\\u043b\\u044f \\u043e\\u0431\\u0440\\u0430\\u0431\\u043e\\u0442\\u043a\\u0438 \\u0442\\u0435\\u043a\\u0441\\u0442\\u0430\"},\"sk\":{\"name\":\"Kancel\\u00e1ria & text\",\"description\":\"Kancel\\u00e1rske a textov\\u00e9 aplik\\u00e1cie\"},\"sl\":{\"name\":\"Pisarni\\u0161ka orodja\",\"description\":\"Programi za pisarni\\u0161ke naloge\"},\"sq\":{\"name\":\"Zyre dhe tekst\",\"description\":\"Aplikacione p\\u00ebr zyra dhe procesimin e teksteve\"},\"sr\":{\"name\":\"\\u041a\\u0430\\u043d\\u0446\\u0435\\u043b\\u0430\\u0440\\u0438\\u0458\\u0430 \\u0438 \\u0442\\u0435\\u043a\\u0441\\u0442\",\"description\":\"\\u0410\\u043f\\u043b\\u0438\\u043a\\u0430\\u0446\\u0438\\u0458\\u0435 \\u0437\\u0430 \\u043e\\u0431\\u0440\\u0430\\u0434\\u0443 \\u0442\\u0435\\u043a\\u0441\\u0442\\u0430 \\u0438 \\u0440\\u0430\\u0434 \\u0443 \\u043a\\u0430\\u043d\\u0446\\u0435\\u043b\\u0430\\u0440\\u0438\\u0458\\u0438\"},\"gd\":{\"name\":\"Office & text\",\"description\":\"Office and text processing apps\"},\"af\":{\"name\":\"Office & text\",\"description\":\"Office and text processing apps\"},\"ar\":{\"name\":\"Office & text\",\"description\":\"Office and text processing apps\"},\"ast\":{\"name\":\"Office & text\",\"description\":\"Office and text processing apps\"},\"az\":{\"name\":\"Office & text\",\"description\":\"Office and text processing apps\"},\"bg\":{\"name\":\"Office & text\",\"description\":\"Office and text processing apps\"},\"be\":{\"name\":\"Office & text\",\"description\":\"Office and text processing apps\"},\"bn\":{\"name\":\"Office & text\",\"description\":\"Office and text processing apps\"},\"br\":{\"name\":\"Office & text\",\"description\":\"Office and text processing apps\"},\"bs\":{\"name\":\"Office & text\",\"description\":\"Office and text processing apps\"},\"ca\":{\"name\":\"Oficina i textos\",\"description\":\"Apps d\\u2019oficina i processament de textos\"},\"cs\":{\"name\":\"Kancel\\u00e1\\u0159 a text\",\"description\":\"Aplikace pro kancel\\u00e1\\u0159 a zpracov\\u00e1n\\u00ed textu\"},\"cy\":{\"name\":\"Office & text\",\"description\":\"Office and text processing apps\"},\"da\":{\"name\":\"Kontor & tekstbehandling\",\"description\":\"Apps til kontor og tekstbehandling\"},\"de\":{\"name\":\"B\\u00fcro & Text\",\"description\":\"B\\u00fcro- und Textverarbeitungs-Apps\"},\"dsb\":{\"name\":\"Office & text\",\"description\":\"Office and text processing apps\"},\"el\":{\"name\":\"\\u0393\\u03c1\\u03b1\\u03c6\\u03b5\\u03af\\u03bf & \\u03ba\\u03b5\\u03af\\u03bc\\u03b5\\u03bd\\u03bf\",\"description\":\"\\u0395\\u03c6\\u03b1\\u03c1\\u03bc\\u03bf\\u03b3\\u03ad\\u03c2 \\u03b3\\u03c1\\u03b1\\u03c6\\u03b5\\u03af\\u03bf\\u03c5 \\u03ba\\u03b1\\u03b9 \\u03b5\\u03c0\\u03b5\\u03be\\u03b5\\u03c1\\u03b3\\u03b1\\u03c3\\u03af\\u03b1\\u03c2 \\u03ba\\u03b5\\u03b9\\u03bc\\u03ad\\u03bd\\u03bf\\u03c5 \"},\"eo\":{\"name\":\"Oficejo kaj teksto\",\"description\":\"Oficeja programaro kaj tekstotraktado\"},\"es\":{\"name\":\"Oficina y texto\",\"description\":\"Apps de oficina y procesado de texto\"},\"es-ar\":{\"name\":\"Oficina & texto\",\"description\":\"Aplicaciones de procesamiento de texto y oficina\"},\"es-co\":{\"name\":\"Oficina & texto\",\"description\":\"Aplicaciones de procesamiento de texto y oficina\"},\"es-mx\":{\"name\":\"Oficina & texto\",\"description\":\"Aplicaciones de procesamiento de texto y oficina\"},\"es-ni\":{\"name\":\"Oficina & texto\",\"description\":\"Aplicaciones de procesamiento de texto y oficina\"},\"es-ve\":{\"name\":\"Oficina y texto\",\"description\":\"Apps de oficina y procesado de texto\"},\"et\":{\"name\":\"Office & text\",\"description\":\"Office and text processing apps\"},\"eu\":{\"name\":\"Bulegoa eta testua\",\"description\":\"Bulegoak eta testu prozesatzaileen app-ak\"},\"it\":{\"name\":\"Ufficio e testo\",\"description\":\"Applicazione per ufficio ed elaborazione di testi\"},\"en\":{\"name\":\"Office & text\",\"description\":\"Office and text processing apps\"},\"is\":{\"name\":\"Skrifstofuforrit og texti\",\"description\":\"Skrifstofuforrit og textavinnsluforrit\"},\"ja\":{\"name\":\"Office & \\u30c6\\u30ad\\u30b9\\u30c8\",\"description\":\"Office\\u3068\\u30c6\\u30ad\\u30b9\\u30c8\\u51e6\\u7406\\u30a2\\u30d7\\u30ea\\u30b1\\u30fc\\u30b7\\u30e7\\u30f3\"},\"sr-latn\":{\"name\":\"\\u041a\\u0430\\u043d\\u0446\\u0435\\u043b\\u0430\\u0440\\u0438\\u0458\\u0430 \\u0438 \\u0442\\u0435\\u043a\\u0441\\u0442\",\"description\":\"\\u0410\\u043f\\u043b\\u0438\\u043a\\u0430\\u0446\\u0438\\u0458\\u0435 \\u0437\\u0430 \\u043e\\u0431\\u0440\\u0430\\u0434\\u0443 \\u0442\\u0435\\u043a\\u0441\\u0442\\u0430 \\u0438 \\u0440\\u0430\\u0434 \\u0443 \\u043a\\u0430\\u043d\\u0446\\u0435\\u043b\\u0430\\u0440\\u0438\\u0458\\u0438\"},\"sv\":{\"name\":\"Kontor & text\",\"description\":\"Appar f\\u00f6r kontor och texthantering\"},\"sw\":{\"name\":\"Office & text\",\"description\":\"Office and text processing apps\"},\"ta\":{\"name\":\"Office & text\",\"description\":\"Office and text processing apps\"},\"te\":{\"name\":\"Office & text\",\"description\":\"Office and text processing apps\"},\"th\":{\"name\":\"Office & text\",\"description\":\"Office and text processing apps\"},\"tr\":{\"name\":\"Ofis ve Metin\",\"description\":\"Ofis ve metin i\\u015fleme uygulamalar\\u0131\"},\"tt\":{\"name\":\"Office & text\",\"description\":\"Office and text processing apps\"},\"udm\":{\"name\":\"Office & text\",\"description\":\"Office and text processing apps\"},\"uk\":{\"name\":\"Office & text\",\"description\":\"Office and text processing apps\"},\"ur\":{\"name\":\"Office & text\",\"description\":\"Office and text processing apps\"},\"vi\":{\"name\":\"V\\u0103n ph\\u00f2ng v\\u00e0 v\\u0103n b\\u1ea3n\",\"description\":\"\\u1ee8ng d\\u1ee5ng x\\u1eed l\\u00fd cho v\\u0103n ph\\u00f2ng v\\u00e0 v\\u0103n b\\u1ea3n\"},\"zh-hans\":{\"name\":\"Office & text\",\"description\":\"Office and text processing apps\"},\"zh-hant\":{\"name\":\"Office & text\",\"description\":\"Office and text processing apps\"},\"ka\":{\"name\":\"\\u10dd\\u10e4\\u10d8\\u10e1\\u10d8 \\u10d3\\u10d0 \\u10e2\\u10d4\\u10e5\\u10e1\\u10e2\\u10d8\",\"description\":\"\\u10dd\\u10e4\\u10d8\\u10e1\\u10d8 \\u10d3\\u10d0 \\u10e2\\u10d4\\u10e5\\u10e1\\u10e2\\u10d8\\u10e1 \\u10d3\\u10d0\\u10db\\u10e3\\u10e8\\u10d0\\u10d5\\u10d4\\u10d1\\u10d8\\u10e1 \\u10d0\\u10de\\u10da\\u10d8\\u10d9\\u10d0\\u10ea\\u10d8\\u10d4\\u10d1\\u10d8\"},\"kab\":{\"name\":\"Office & text\",\"description\":\"Office and text processing apps\"},\"fa\":{\"name\":\"\\u062f\\u0641\\u062a\\u0631 \\u0648 \\u0645\\u062a\\u0646\",\"description\":\"\\u0628\\u0631\\u0646\\u0627\\u0645\\u0647 \\u0647\\u0627\\u06cc \\u0627\\u062f\\u0627\\u0631\\u06cc \\u0648 \\u067e\\u0631\\u062f\\u0627\\u0632\\u0634 \\u0645\\u062a\\u0646\"},\"fi\":{\"name\":\"Toimisto & teksti\",\"description\":\"Toimisto- ja tekstink\\u00e4sittelysovellukset\"},\"fr\":{\"name\":\"Bureautique & texte\",\"description\":\"Applications de bureautique et de traitement de texte\"},\"fy\":{\"name\":\"Office & text\",\"description\":\"Office and text processing apps\"},\"ga\":{\"name\":\"Office & text\",\"description\":\"Office and text processing apps\"},\"gl\":{\"name\":\"Oficina e texto\",\"description\":\"Aplicaci\\u00f3ns de oficina e de procesamento de texto\"},\"he\":{\"name\":\"\\u05db\\u05dc\\u05d9\\u05dd \\u05de\\u05e9\\u05e8\\u05d3\\u05d9\\u05d9\\u05dd \\u05d5\\u05d8\\u05e7\\u05e1\\u05d8\",\"description\":\"\\u05d9\\u05d9\\u05e9\\u05d5\\u05de\\u05d5\\u05e0\\u05d9\\u05dd \\u05dc\\u05e2\\u05d9\\u05d1\\u05d5\\u05d3 \\u05d8\\u05e7\\u05e1\\u05d8 \\u05d5\\u05db\\u05dc\\u05d9\\u05dd \\u05de\\u05e9\\u05e8\\u05d3\\u05d9\\u05d9\\u05dd\"},\"hi\":{\"name\":\"Office & text\",\"description\":\"Office and text processing apps\"},\"hr\":{\"name\":\"Ured i tekst\",\"description\":\"Uredske aplikacije i aplikacije obradu teksta\"},\"hsb\":{\"name\":\"Office & text\",\"description\":\"Office and text processing apps\"},\"hu\":{\"name\":\"Iroda \\u00e9s sz\\u00f6veg\",\"description\":\"Irodai \\u00e9s sz\\u00f6vegfeldolgoz\\u00f3 alkalmaz\\u00e1sok\"},\"hy\":{\"name\":\"Office & text\",\"description\":\"Office and text processing apps\"},\"ia\":{\"name\":\"Office & text\",\"description\":\"Office and text processing apps\"},\"id\":{\"name\":\"Office & text\",\"description\":\"Office and text processing apps\"},\"io\":{\"name\":\"Office & text\",\"description\":\"Office and text processing apps\"}}},{\"id\":\"organization\",\"translations\":{\"kk\":{\"name\":\"Organization\",\"description\":\"Time management, Todo list and calendar apps\"},\"km\":{\"name\":\"Organization\",\"description\":\"Time management, Todo list and calendar apps\"},\"kn\":{\"name\":\"Organization\",\"description\":\"Time management, Todo list and calendar apps\"},\"ko\":{\"name\":\"\\uac1c\\uc778 \\uc815\\ubcf4 \\uad00\\ub9ac\",\"description\":\"\\uc2dc\\uac04 \\uad00\\ub9ac, \\ud560 \\uc77c, \\uce98\\ub9b0\\ub354 \\uc571\"},\"lb\":{\"name\":\"Organization\",\"description\":\"Time management, Todo list and calendar apps\"},\"lt\":{\"name\":\"Organizavimas\",\"description\":\"Laiko planavimo, darb\\u0173 s\\u0105ra\\u0161o ir kalendoriaus programos\"},\"lv\":{\"name\":\"Organization\",\"description\":\"Time management, Todo list and calendar apps\"},\"mk\":{\"name\":\"Organization\",\"description\":\"Time management, Todo list and calendar apps\"},\"ml\":{\"name\":\"Organization\",\"description\":\"Time management, Todo list and calendar apps\"},\"mn\":{\"name\":\"Organization\",\"description\":\"Time management, Todo list and calendar apps\"},\"my\":{\"name\":\"Organization\",\"description\":\"Time management, Todo list and calendar apps\"},\"mr\":{\"name\":\"Organization\",\"description\":\"Time management, Todo list and calendar apps\"},\"nb\":{\"name\":\"Organisering\",\"description\":\"Apper for tidsstyring, oppgaveliste og kalender\"},\"ne\":{\"name\":\"Organization\",\"description\":\"Time management, Todo list and calendar apps\"},\"nl\":{\"name\":\"Organisatie\",\"description\":\"Tijdmanagement, takenlijsten en agenda apps\"},\"nn\":{\"name\":\"Organization\",\"description\":\"Time management, Todo list and calendar apps\"},\"os\":{\"name\":\"Organization\",\"description\":\"Time management, Todo list and calendar apps\"},\"pa\":{\"name\":\"Organization\",\"description\":\"Time management, Todo list and calendar apps\"},\"pl\":{\"name\":\"Organizacja\",\"description\":\"Aplikacje do zarz\\u0105dzania czasem, listami zada\\u0144 i kalendarze\"},\"pt\":{\"name\":\"Organiza\\u00e7\\u00e3o\",\"description\":\"Aplica\\u00e7\\u00f5es de Gest\\u00e3o de tempo, lista de tarefas e calend\\u00e1rio\"},\"pt-br\":{\"name\":\"Organiza\\u00e7\\u00e3o\",\"description\":\"Aplicativos de gerenciamento de tempo, lista de tarefas e calend\\u00e1rios\"},\"ro\":{\"name\":\"Organization\",\"description\":\"Time management, Todo list and calendar apps\"},\"ru\":{\"name\":\"\\u041e\\u0440\\u0433\\u0430\\u043d\\u0438\\u0437\\u0430\\u0446\\u0438\\u044f\",\"description\":\"\\u041f\\u0440\\u0438\\u043b\\u043e\\u0436\\u0435\\u043d\\u0438\\u044f \\u043f\\u043e \\u0443\\u043f\\u0440\\u0430\\u0432\\u043b\\u0435\\u043d\\u0438\\u044e \\u0432\\u0440\\u0435\\u043c\\u0435\\u043d\\u0435\\u043c, \\u0441\\u043f\\u0438\\u0441\\u043e\\u043a \\u0437\\u0430\\u0434\\u0430\\u0447 \\u0438 \\u043a\\u0430\\u043b\\u0435\\u043d\\u0434\\u0430\\u0440\\u044c\"},\"sk\":{\"name\":\"Organiz\\u00e1cia\",\"description\":\"Aplik\\u00e1cie na organiz\\u00e1ciu \\u010dasu, spr\\u00e1vu \\u00faloh a kalend\\u00e1rov\"},\"sl\":{\"name\":\"Organizacija\",\"description\":\"Upravljanje s \\u010dasom, seznami nalog in koledarji\"},\"sq\":{\"name\":\"Organizate\",\"description\":\"Aplikacion per menaxhimin e kohes , listat per gjerat qe duhen bere dhe kalendar\"},\"sr\":{\"name\":\"\\u041e\\u0440\\u0433\\u0430\\u043d\\u0438\\u0437\\u0430\\u0446\\u0438\\u0458\\u0430\",\"description\":\"\\u0423\\u043f\\u0440\\u0430\\u0432\\u0459\\u0430\\u045a\\u0435 \\u0432\\u0440\\u0435\\u043c\\u0435\\u043d\\u043e\\u043c, TODO \\u043b\\u0438\\u0441\\u0442\\u0435 \\u0438 \\u0430\\u043f\\u043b\\u0438\\u043a\\u0430\\u0446\\u0438\\u0458\\u0435 \\u0441\\u0430 \\u043a\\u0430\\u043b\\u0435\\u043d\\u0434\\u0430\\u0440\\u0438\\u043c\\u0430\"},\"gd\":{\"name\":\"Organization\",\"description\":\"Time management, Todo list and calendar apps\"},\"af\":{\"name\":\"Organization\",\"description\":\"Time management, Todo list and calendar apps\"},\"ar\":{\"name\":\"Organization\",\"description\":\"Time management, Todo list and calendar apps\"},\"ast\":{\"name\":\"Organization\",\"description\":\"Time management, Todo list and calendar apps\"},\"az\":{\"name\":\"Organization\",\"description\":\"Time management, Todo list and calendar apps\"},\"bg\":{\"name\":\"Organization\",\"description\":\"Time management, Todo list and calendar apps\"},\"be\":{\"name\":\"Organization\",\"description\":\"Time management, Todo list and calendar apps\"},\"bn\":{\"name\":\"Organization\",\"description\":\"Time management, Todo list and calendar apps\"},\"br\":{\"name\":\"Organization\",\"description\":\"Time management, Todo list and calendar apps\"},\"bs\":{\"name\":\"Organization\",\"description\":\"Time management, Todo list and calendar apps\"},\"ca\":{\"name\":\"Organitzaci\\u00f3\",\"description\":\"Aplicacions de gesti\\u00f3 del temps, llista de tasques i calendari\"},\"cs\":{\"name\":\"Organizov\\u00e1n\\u00ed\",\"description\":\"Aplikace pro spr\\u00e1vu \\u010dasu, pl\\u00e1nov\\u00e1n\\u00ed a kalend\\u00e1\\u0159e\"},\"cy\":{\"name\":\"Organization\",\"description\":\"Time management, Todo list and calendar apps\"},\"da\":{\"name\":\"Organisering\",\"description\":\"Tidsstyring, todo list og kalender apps\"},\"de\":{\"name\":\"Organisation\",\"description\":\"Zeitmanagement-, Aufgabenlisten- und Kalender-Apps\"},\"dsb\":{\"name\":\"Organization\",\"description\":\"Time management, Todo list and calendar apps\"},\"el\":{\"name\":\"\\u039f\\u03c1\\u03b3\\u03b1\\u03bd\\u03b9\\u03c3\\u03bc\\u03cc\\u03c2\",\"description\":\"\\u0395\\u03c6\\u03b1\\u03c1\\u03bc\\u03bf\\u03b3\\u03ad\\u03c2 \\u03b4\\u03b9\\u03b1\\u03c7\\u03b5\\u03af\\u03c1\\u03b9\\u03c3\\u03b7\\u03c2 \\u03c7\\u03c1\\u03cc\\u03bd\\u03bf\\u03c5, \\u03bb\\u03b9\\u03c3\\u03c4\\u03ce\\u03bd \\u03b5\\u03ba\\u03ba\\u03c1\\u03b5\\u03bc\\u03bf\\u03c4\\u03ae\\u03c4\\u03c9\\u03bd \\u03ba\\u03b1\\u03b9 \\u03b7\\u03bc\\u03b5\\u03c1\\u03bf\\u03bb\\u03cc\\u03b3\\u03b9\\u03b1\"},\"eo\":{\"name\":\"Organiza\\u0135o\",\"description\":\"Tempadministrado, listo de farenda\\u0135oj kaj kalendaro\"},\"es\":{\"name\":\"Organizaci\\u00f3n\",\"description\":\"Apps de manejo del tiempo, listas de tareas y calendarios\"},\"es-ar\":{\"name\":\"Organizaci\\u00f3n\",\"description\":\"Aplicaciones de adminsitraci\\u00f3n del tiempo, lista de pendientes y calendario\"},\"es-co\":{\"name\":\"Organizaci\\u00f3n\",\"description\":\"Aplicaciones de adminsitraci\\u00f3n del tiempo, lista de pendientes y calendario\"},\"es-mx\":{\"name\":\"Organizaci\\u00f3n\",\"description\":\"Aplicaciones de adminsitraci\\u00f3n del tiempo, lista de pendientes y calendario\"},\"es-ni\":{\"name\":\"Organizaci\\u00f3n\",\"description\":\"Aplicaciones de adminsitraci\\u00f3n del tiempo, lista de pendientes y calendario\"},\"es-ve\":{\"name\":\"Organizaci\\u00f3n\",\"description\":\"Apps de manejo del tiempo, listas de tareas y calendarios\"},\"et\":{\"name\":\"Organization\",\"description\":\"Time management, Todo list and calendar apps\"},\"eu\":{\"name\":\"Antolakuntza\",\"description\":\"Denboraren kudeaketa, egitekoen zerrenda eta egutegi aplikazioak\"},\"it\":{\"name\":\"Organizzazione\",\"description\":\"Applicazioni di gestione del tempo, elenco delle cose da fare e calendario\"},\"en\":{\"name\":\"Organization\",\"description\":\"Time management, Todo list and calendar apps\"},\"is\":{\"name\":\"Stofnun\\\/Samt\\u00f6k\\\/F\\u00e9lag\",\"description\":\"T\\u00edmastj\\u00f3rnun, verkefnalistar og dagatalaforrit\"},\"ja\":{\"name\":\"\\u5171\\u540c\\u4f5c\\u696d\",\"description\":\"\\u6642\\u9593\\u7ba1\\u7406\\u3001Todo\\u30ea\\u30b9\\u30c8\\u3001\\u30ab\\u30ec\\u30f3\\u30c0\\u30fc\\u30a2\\u30d7\\u30ea\"},\"sr-latn\":{\"name\":\"\\u041e\\u0440\\u0433\\u0430\\u043d\\u0438\\u0437\\u0430\\u0446\\u0438\\u0458\\u0430\",\"description\":\"\\u0423\\u043f\\u0440\\u0430\\u0432\\u0459\\u0430\\u045a\\u0435 \\u0432\\u0440\\u0435\\u043c\\u0435\\u043d\\u043e\\u043c, TODO \\u043b\\u0438\\u0441\\u0442\\u0435 \\u0438 \\u0430\\u043f\\u043b\\u0438\\u043a\\u0430\\u0446\\u0438\\u0458\\u0435 \\u0441\\u0430 \\u043a\\u0430\\u043b\\u0435\\u043d\\u0434\\u0430\\u0440\\u0438\\u043c\\u0430\"},\"sv\":{\"name\":\"Organisering\",\"description\":\"Tidshantering, uppgifter och kalender appar\"},\"sw\":{\"name\":\"Organization\",\"description\":\"Time management, Todo list and calendar apps\"},\"ta\":{\"name\":\"Organization\",\"description\":\"Time management, Todo list and calendar apps\"},\"te\":{\"name\":\"Organization\",\"description\":\"Time management, Todo list and calendar apps\"},\"th\":{\"name\":\"Organization\",\"description\":\"Time management, Todo list and calendar apps\"},\"tr\":{\"name\":\"Kurulu\\u015f\",\"description\":\"Zaman y\\u00f6netimi,\\u00a0g\\u00f6rev listesi ve takvim uygulamalar\\u0131\"},\"tt\":{\"name\":\"Organization\",\"description\":\"Time management, Todo list and calendar apps\"},\"udm\":{\"name\":\"Organization\",\"description\":\"Time management, Todo list and calendar apps\"},\"uk\":{\"name\":\"Organization\",\"description\":\"Time management, Todo list and calendar apps\"},\"ur\":{\"name\":\"Organization\",\"description\":\"Time management, Todo list and calendar apps\"},\"vi\":{\"name\":\"T\\u1ed5 ch\\u1ee9c\",\"description\":\"\\u1ee8ng d\\u1ee5ng u\\u1ea3n l\\u00fd th\\u1eddi gian, danh s\\u00e1ch c\\u1ea7n l\\u00e0m v\\u00e0 l\\u1ecbch\"},\"zh-hans\":{\"name\":\"Organization\",\"description\":\"Time management, Todo list and calendar apps\"},\"zh-hant\":{\"name\":\"Organization\",\"description\":\"Time management, Todo list and calendar apps\"},\"ka\":{\"name\":\"\\u10dd\\u10e0\\u10d2\\u10d0\\u10dc\\u10d8\\u10d6\\u10d0\\u10ea\\u10d8\\u10d0\",\"description\":\"\\u10d3\\u10e0\\u10dd\\u10d8\\u10e1 \\u10db\\u10d4\\u10dc\\u10d4\\u10ef\\u10db\\u10d4\\u10dc\\u10e2\\u10d8, \\u10d3\\u10d0\\u10d5\\u10d0\\u10da\\u10d4\\u10d1\\u10d4\\u10d1\\u10d8\\u10e1 \\u10e1\\u10d8\\u10d0 \\u10d3\\u10d0 \\u10d9\\u10d0\\u10da\\u10d4\\u10dc\\u10d3\\u10e0\\u10d8\\u10e1 \\u10d0\\u10de\\u10da\\u10d8\\u10d9\\u10d0\\u10ea\\u10d8\\u10d4\\u10d1\\u10d8\"},\"kab\":{\"name\":\"Organization\",\"description\":\"Time management, Todo list and calendar apps\"},\"fa\":{\"name\":\"\\u0633\\u0627\\u0632\\u0645\\u0627\\u0646\",\"description\":\"\\u0645\\u062f\\u06cc\\u0631\\u06cc\\u062a \\u0632\\u0645\\u0627\\u0646 \\u060c \\u0644\\u06cc\\u0633\\u062a Todo \\u0648 \\u0628\\u0631\\u0646\\u0627\\u0645\\u0647 \\u0647\\u0627\\u06cc \\u062a\\u0642\\u0648\\u06cc\\u0645\"},\"fi\":{\"name\":\"Organisaatio\",\"description\":\"Ajanhallinta-, todo-lista- ja kalenterisovellukset\"},\"fr\":{\"name\":\"Organisation\",\"description\":\"Applications de gestion du temps, de listes de t\\u00e2ches et d'agendas\"},\"fy\":{\"name\":\"Organization\",\"description\":\"Time management, Todo list and calendar apps\"},\"ga\":{\"name\":\"Organization\",\"description\":\"Time management, Todo list and calendar apps\"},\"gl\":{\"name\":\"Organizaci\\u00f3n\",\"description\":\"Aplicaci\\u00f3ns de xesti\\u00f3n do tempo, listas de tarefas e calendarios\"},\"he\":{\"name\":\"\\u05d0\\u05e8\\u05d2\\u05d5\\u05df\",\"description\":\"\\u05d9\\u05d9\\u05e9\\u05d5\\u05de\\u05d5\\u05e0\\u05d9 \\u05e0\\u05d9\\u05d4\\u05d5\\u05dc \\u05d6\\u05de\\u05e0\\u05d9\\u05dd, \\u05e8\\u05e9\\u05d9\\u05de\\u05ea \\u05de\\u05d8\\u05dc\\u05d5\\u05ea \\u05d5\\u05dc\\u05d5\\u05d7 \\u05e9\\u05e0\\u05d4\"},\"hi\":{\"name\":\"Organization\",\"description\":\"Time management, Todo list and calendar apps\"},\"hr\":{\"name\":\"Organizacija\",\"description\":\"Aplikacije za upravljanje vremenom, zadacima i kalendarom\"},\"hsb\":{\"name\":\"Organization\",\"description\":\"Time management, Todo list and calendar apps\"},\"hu\":{\"name\":\"Szervezet\",\"description\":\"Id\\u0151beoszt\\u00e1s, teend\\u0151lista \\u00e9s napt\\u00e1r alkalmaz\\u00e1sok\"},\"hy\":{\"name\":\"Organization\",\"description\":\"Time management, Todo list and calendar apps\"},\"ia\":{\"name\":\"Organization\",\"description\":\"Time management, Todo list and calendar apps\"},\"id\":{\"name\":\"Organization\",\"description\":\"Time management, Todo list and calendar apps\"},\"io\":{\"name\":\"Organization\",\"description\":\"Time management, Todo list and calendar apps\"}}},{\"id\":\"search\",\"translations\":{\"kk\":{\"name\":\"\\u0406\\u0437\\u0434\\u0435\\u0443\",\"description\":\"Search related apps\"},\"km\":{\"name\":\"Search\",\"description\":\"Search related apps\"},\"kn\":{\"name\":\"Search\",\"description\":\"Search related apps\"},\"ko\":{\"name\":\"\\uac80\\uc0c9\",\"description\":\"\\uad00\\ub828\\ub41c \\uc571\\uc744 \\uac80\\uc0c9\\ud569\\ub2c8\\ub2e4\"},\"lb\":{\"name\":\"Search\",\"description\":\"Search related apps\"},\"lt\":{\"name\":\"Paie\\u0161ka\",\"description\":\"Ie\\u0161koti susijusi\\u0173 program\\u0117li\\u0173\"},\"lv\":{\"name\":\"Mekl\\u0113t\",\"description\":\"Search related apps\"},\"mk\":{\"name\":\"\\u041f\\u0440\\u0435\\u0431\\u0430\\u0440\\u0430\\u0458\",\"description\":\"Search related apps\"},\"ml\":{\"name\":\"\\u0d2a\\u0d30\\u0d24\\u0d41\\u0d15\",\"description\":\"Search related apps\"},\"mn\":{\"name\":\"\\u0425\\u0430\\u0439\\u043b\\u0442\",\"description\":\"Search related apps\"},\"mr\":{\"name\":\"Search\",\"description\":\"Search related apps\"},\"my\":{\"name\":\"\\u101b\\u103e\\u102c\\u1016\\u103d\\u1031\",\"description\":\"Search related apps\"},\"nb\":{\"name\":\"S\\u00f8k\",\"description\":\"S\\u00f8k etter relaterte apper\"},\"ne\":{\"name\":\"\\u0916\\u094b\\u091c\\u094d\\u0928\\u0941\\u0939\\u094b\\u0938\",\"description\":\"Search related apps\"},\"nl\":{\"name\":\"Zoek\",\"description\":\"Zoek gerelateerde apps\"},\"nn\":{\"name\":\"S\\u00f8k\",\"description\":\"Search related apps\"},\"os\":{\"name\":\"\\u0410\\u0433\\u0443\\u0440\\u044b\\u043d\",\"description\":\"Search related apps\"},\"pa\":{\"name\":\"\\u0a16\\u0a4b\\u0a1c\",\"description\":\"Search related apps\"},\"pl\":{\"name\":\"Wyszukiwanie\",\"description\":\"Wyszukaj powi\\u0105zane aplikacje\"},\"pt\":{\"name\":\"Pesquisar\",\"description\":\"Search related apps\"},\"pt-br\":{\"name\":\"Busca\",\"description\":\"Pesquisar aplicativos relacionados\"},\"ro\":{\"name\":\"C\\u0103utare\",\"description\":\"Search related apps\"},\"ru\":{\"name\":\"\\u041f\\u043e\\u0438\\u0441\\u043a\",\"description\":\"\\u041f\\u043e\\u0438\\u0441\\u043a \\u043f\\u043e\\u0434\\u0445\\u043e\\u0434\\u044f\\u0449\\u0438\\u0445 \\u043f\\u0440\\u0438\\u043b\\u043e\\u0436\\u0435\\u043d\\u0438\\u0439\"},\"sk\":{\"name\":\"H\\u013eada\\u0165\",\"description\":\"Vyh\\u013eada\\u0165 s\\u00favisiace aplik\\u00e1cie\"},\"sl\":{\"name\":\"Poi\\u0161\\u010di\",\"description\":\"Iskalniki in sorodni programi\"},\"sq\":{\"name\":\"K\\u00ebrko\",\"description\":\"K\\u00ebrko aplikacione t\\u00eb ngjashme\"},\"sr\":{\"name\":\"\\u041f\\u0440\\u0435\\u0442\\u0440\\u0430\\u0433\\u0430\",\"description\":\"\\u041f\\u0440\\u0435\\u0442\\u0440\\u0430\\u0436\\u0438 \\u0441\\u043b\\u0438\\u0447\\u043d\\u0435 \\u0430\\u043f\\u043b\\u0438\\u043a\\u0430\\u0446\\u0438\\u0458\\u0435\"},\"gd\":{\"name\":\"Lorg\",\"description\":\"Search related apps\"},\"af\":{\"name\":\"Soek\",\"description\":\"Search related apps\"},\"ar\":{\"name\":\"\\u0628\\u062d\\u062b\",\"description\":\"Search related apps\"},\"ast\":{\"name\":\"Search\",\"description\":\"Search related apps\"},\"az\":{\"name\":\"Axtar\",\"description\":\"Search related apps\"},\"bg\":{\"name\":\"\\u0422\\u044a\\u0440\\u0441\\u0435\\u043d\\u0435\",\"description\":\"Search related apps\"},\"be\":{\"name\":\"\\u0428\\u0443\\u043a\\u0430\\u0446\\u044c\",\"description\":\"Search related apps\"},\"bn\":{\"name\":\"\\u09b8\\u09be\\u09b0\\u09cd\\u099a\",\"description\":\"Search related apps\"},\"br\":{\"name\":\"Klask\",\"description\":\"Search related apps\"},\"bs\":{\"name\":\"Pretraga\",\"description\":\"Search related apps\"},\"ca\":{\"name\":\"Cerca\",\"description\":\"Cerca aplicacions relacionades\"},\"cs\":{\"name\":\"Hledat\",\"description\":\"Hledat souvisej\\u00edc\\u00ed aplikace\"},\"cy\":{\"name\":\"Chwilio\",\"description\":\"Search related apps\"},\"da\":{\"name\":\"S\\u00f8g\",\"description\":\"S\\u00f8gnings relaterede apps\"},\"de\":{\"name\":\"Suche\",\"description\":\"Verwandte Apps durchsuchen\"},\"dsb\":{\"name\":\"Pyta\\u015b\",\"description\":\"Search related apps\"},\"el\":{\"name\":\"\\u0391\\u03bd\\u03b1\\u03b6\\u03ae\\u03c4\\u03b7\\u03c3\\u03b7\",\"description\":\"\\u0391\\u03bd\\u03b1\\u03b6\\u03ae\\u03c4\\u03b7\\u03c3\\u03b7 \\u03c3\\u03c7\\u03b5\\u03c4\\u03b9\\u03ba\\u03ce\\u03bd \\u03b5\\u03c6\\u03b1\\u03c1\\u03bc\\u03bf\\u03b3\\u03ce\\u03bd\"},\"hsb\":{\"name\":\"Pyta\\u0107\",\"description\":\"Search related apps\"},\"eo\":{\"name\":\"Ser\\u0109i\",\"description\":\"Ser\\u0109i rilatajn aplika\\u0135ojn\"},\"es\":{\"name\":\"Buscar\",\"description\":\"Buscar apps relacionadas\"},\"es-ar\":{\"name\":\"Buscar\",\"description\":\"Buscar aplicaciones relacionadas\"},\"es-co\":{\"name\":\"Buscar\",\"description\":\"Buscar aplicaciones relacionadas\"},\"es-mx\":{\"name\":\"Buscar\",\"description\":\"Buscar aplicaciones relacionadas\"},\"es-ni\":{\"name\":\"Buscar\",\"description\":\"Buscar apps relacionadas\"},\"es-ve\":{\"name\":\"Buscar\",\"description\":\"Buscar apps relacionadas\"},\"et\":{\"name\":\"Otsing\",\"description\":\"Search related apps\"},\"eu\":{\"name\":\"Bilatu\",\"description\":\"Zerikusia duten aplikazioak bilatu\"},\"it\":{\"name\":\"Cerca\",\"description\":\"Cerca le applicazioni correlate\"},\"en\":{\"name\":\"Search\",\"description\":\"Search related apps\"},\"is\":{\"name\":\"Leita\",\"description\":\"Leita a\\u00f0 tengdum forritum\"},\"ja\":{\"name\":\"\\u691c\\u7d22\",\"description\":\"\\u95a2\\u9023\\u30a2\\u30d7\\u30ea\\u3092\\u691c\\u7d22\"},\"sr-latn\":{\"name\":\"\\u041f\\u0440\\u0435\\u0442\\u0440\\u0430\\u0433\\u0430\",\"description\":\"\\u041f\\u0440\\u0435\\u0442\\u0440\\u0430\\u0436\\u0438 \\u0441\\u043b\\u0438\\u0447\\u043d\\u0435 \\u0430\\u043f\\u043b\\u0438\\u043a\\u0430\\u0446\\u0438\\u0458\\u0435\"},\"sv\":{\"name\":\"S\\u00f6k\",\"description\":\"S\\u00f6k relaterade appar\"},\"sw\":{\"name\":\"Tafuta\",\"description\":\"Search related apps\"},\"ta\":{\"name\":\"Search\",\"description\":\"Search related apps\"},\"te\":{\"name\":\"\\u0c35\\u0c46\\u0c24\\u0c41\\u0c15\\u0c41\",\"description\":\"Search related apps\"},\"th\":{\"name\":\"\\u0e04\\u0e49\\u0e19\\u0e2b\\u0e32\",\"description\":\"Search related apps\"},\"tr\":{\"name\":\"Arama\",\"description\":\"\\u0130li\\u015fkili uygulamalarda arama\"},\"tt\":{\"name\":\"\\u042d\\u0437\\u043b\\u04d9\\u0440\\u0433\\u04d9\",\"description\":\"Search related apps\"},\"udm\":{\"name\":\"Search\",\"description\":\"Search related apps\"},\"uk\":{\"name\":\"\\u041f\\u043e\\u0448\\u0443\\u043a\",\"description\":\"Search related apps\"},\"ur\":{\"name\":\"\\u062a\\u0644\\u0627\\u0634 \\u06a9\\u0631\\u06cc\\u06ba\",\"description\":\"Search related apps\"},\"vi\":{\"name\":\"T\\u00ecm\",\"description\":\"T\\u00ecm ki\\u1ebfm c\\u00e1c \\u1ee9ng d\\u1ee5ng li\\u00ean quan\"},\"zh-hans\":{\"name\":\" \\u641c\\u7d22\",\"description\":\"Search related apps\"},\"zh-hant\":{\"name\":\"\\u641c\\u5c0b\",\"description\":\"Search related apps\"},\"ka\":{\"name\":\"\\u10eb\\u10d8\\u10d4\\u10d1\\u10d0\",\"description\":\"Search related apps\"},\"kab\":{\"name\":\"Anadi\",\"description\":\"Search related apps\"},\"fa\":{\"name\":\"\\u062c\\u0633\\u062a\\u062c\\u0648\",\"description\":\"\\u0628\\u0631\\u0646\\u0627\\u0645\\u0647 \\u0647\\u0627\\u06cc \\u0645\\u0631\\u062a\\u0628\\u0637 \\u0631\\u0627 \\u062c\\u0633\\u062a\\u062c\\u0648 \\u06a9\\u0646\\u06cc\\u062f\"},\"fi\":{\"name\":\"Etsi\",\"description\":\"Hakuun liittyv\\u00e4t sovellukset\"},\"fr\":{\"name\":\"Rechercher\",\"description\":\"Rechercher des applications similaires\"},\"fy\":{\"name\":\"Search\",\"description\":\"Search related apps\"},\"ga\":{\"name\":\"Cuardach\",\"description\":\"Search related apps\"},\"gl\":{\"name\":\"Buscar\",\"description\":\"Buscar aplicaci\\u00f3ns relacionadas\"},\"he\":{\"name\":\"\\u05d7\\u05d9\\u05e4\\u05d5\\u05e9\",\"description\":\"\\u05d7\\u05d9\\u05e4\\u05d5\\u05e9 \\u05d9\\u05d9\\u05e9\\u05d5\\u05de\\u05d5\\u05e0\\u05d9\\u05dd \\u05ea\\u05d5\\u05d0\\u05de\\u05d9\\u05dd\"},\"hi\":{\"name\":\"\\u0916\\u094b\\u091c\",\"description\":\"Search related apps\"},\"hr\":{\"name\":\"Tra\\u017ei\",\"description\":\"Pretra\\u017ei povezane aplikacije\"},\"hu\":{\"name\":\"Keres\\u00e9s\",\"description\":\"Hasonl\\u00f3 alkalmaz\\u00e1sok keres\\u00e9se\"},\"hy\":{\"name\":\"\\u0553\\u0576\\u057f\\u0580\\u0565\\u056c\",\"description\":\"Search related apps\"},\"ia\":{\"name\":\"Cercar\",\"description\":\"Search related apps\"},\"id\":{\"name\":\"Cari\",\"description\":\"Search related apps\"},\"io\":{\"name\":\"Serchar\",\"description\":\"Search related apps\"}}},{\"id\":\"security\",\"translations\":{\"kk\":{\"name\":\"Security\",\"description\":\"Apps that provide additional security mechanisms like authentication, authorization, encryption, etc.\"},\"km\":{\"name\":\"Security\",\"description\":\"Apps that provide additional security mechanisms like authentication, authorization, encryption, etc.\"},\"kn\":{\"name\":\"Security\",\"description\":\"Apps that provide additional security mechanisms like authentication, authorization, encryption, etc.\"},\"ko\":{\"name\":\"\\ubcf4\\uc548\",\"description\":\"\\uc778\\uc99d, \\uc554\\ud638\\ud654 \\ub4f1 \\ucd94\\uac00 \\ubcf4\\uc548 \\uae30\\ub2a5\\uc744 \\uc81c\\uacf5\\ud558\\ub294 \\uc571\"},\"lb\":{\"name\":\"Security\",\"description\":\"Apps that provide additional security mechanisms like authentication, authorization, encryption, etc.\"},\"lt\":{\"name\":\"Saugumas\",\"description\":\"Taikomosios programos, kurios atsakingos u\\u017e papildomus saugos mechanizmus tokius, kaip tapatyb\\u0117s nustatymas, autorizacija, \\u0161ifravimas ir pan.\"},\"lv\":{\"name\":\"Security\",\"description\":\"Apps that provide additional security mechanisms like authentication, authorization, encryption, etc.\"},\"mk\":{\"name\":\"Security\",\"description\":\"Apps that provide additional security mechanisms like authentication, authorization, encryption, etc.\"},\"ml\":{\"name\":\"Security\",\"description\":\"Apps that provide additional security mechanisms like authentication, authorization, encryption, etc.\"},\"mn\":{\"name\":\"Security\",\"description\":\"Apps that provide additional security mechanisms like authentication, authorization, encryption, etc.\"},\"mr\":{\"name\":\"Security\",\"description\":\"Apps that provide additional security mechanisms like authentication, authorization, encryption, etc.\"},\"my\":{\"name\":\"Security\",\"description\":\"Apps that provide additional security mechanisms like authentication, authorization, encryption, etc.\"},\"nb\":{\"name\":\"Sikkerhet\",\"description\":\"Apper som tilbyr ekstra sikkerhetsmekanismer som autentisering, identitetsbekreftelse, kryptering, osv.\"},\"ne\":{\"name\":\"Security\",\"description\":\"Apps that provide additional security mechanisms like authentication, authorization, encryption, etc.\"},\"nl\":{\"name\":\"Beveiliging\",\"description\":\"Apps die extra beveiligingsmechanismen bieden zoals authenticatie, autorisatie, encryptie, enz.\"},\"nn\":{\"name\":\"Security\",\"description\":\"Apps that provide additional security mechanisms like authentication, authorization, encryption, etc.\"},\"os\":{\"name\":\"Security\",\"description\":\"Apps that provide additional security mechanisms like authentication, authorization, encryption, etc.\"},\"pa\":{\"name\":\"Security\",\"description\":\"Apps that provide additional security mechanisms like authentication, authorization, encryption, etc.\"},\"pl\":{\"name\":\"Bezpiecze\\u0144stwo\",\"description\":\"Aplikacje zapewniaj\\u0105ce dodatkowe mechanizmy bezpiecze\\u0144stwa jak uwierzytelnianie, autoryzacja, szyfrowanie, itp.\"},\"pt\":{\"name\":\"Seguran\\u00e7a\",\"description\":\"Aplica\\u00e7\\u00f5es que oferecem mecanismos de seguran\\u00e7a adicional como autentica\\u00e7\\u00e3o, autoriza\\u00e7\\u00e3o, cifragem, etc.\"},\"pt-br\":{\"name\":\"Seguran\\u00e7a\",\"description\":\"Aplicativos que fornecem mecanismos de seguran\\u00e7a adicional como autentica\\u00e7\\u00e3o, autoriza\\u00e7\\u00e3o, criptografia, etc.\"},\"ro\":{\"name\":\"Security\",\"description\":\"Apps that provide additional security mechanisms like authentication, authorization, encryption, etc.\"},\"ru\":{\"name\":\"\\u0411\\u0435\\u0437\\u043e\\u043f\\u0430\\u0441\\u043d\\u043e\\u0441\\u0442\\u044c\",\"description\":\"\\u041f\\u0440\\u0438\\u043b\\u043e\\u0436\\u0435\\u043d\\u0438\\u044f, \\u043a\\u043e\\u0442\\u043e\\u0440\\u044b\\u0435 \\u043f\\u0440\\u0435\\u0434\\u043e\\u0441\\u0442\\u0430\\u0432\\u043b\\u044f\\u044e\\u0442 \\u0434\\u043e\\u043f\\u043e\\u043b\\u043d\\u0438\\u0442\\u0435\\u043b\\u044c\\u043d\\u044b\\u0435 \\u043c\\u0435\\u0445\\u0430\\u043d\\u0438\\u0437\\u043c\\u044b \\u0431\\u0435\\u0437\\u043e\\u043f\\u0430\\u0441\\u043d\\u043e\\u0441\\u0442\\u0438, \\u0442\\u0430\\u043a\\u0438\\u0435, \\u043a\\u0430\\u043a \\u0430\\u0443\\u0442\\u0435\\u043d\\u0442\\u0438\\u0444\\u0438\\u043a\\u0430\\u0446\\u0438\\u044f, \\u0430\\u0432\\u0442\\u043e\\u0440\\u0438\\u0437\\u0430\\u0446\\u0438\\u044f, \\u0448\\u0438\\u0444\\u0440\\u043e\\u0432\\u0430\\u043d\\u0438\\u0435 \\u0438\\u0442\\u0434.\"},\"sk\":{\"name\":\"Zabezpe\\u010denie\",\"description\":\"Aplik\\u00e1cie, ktor\\u00e9 poskytuj\\u00fa \\u010fal\\u0161ie bezpe\\u010dnostn\\u00e9 mechanizmy, ako je autentifik\\u00e1cia, autoriz\\u00e1cia, \\u0161ifrovanie at\\u010f.\"},\"sq\":{\"name\":\"Siguria\",\"description\":\"Aplikacione q\\u00eb ofrojn\\u00eb mekanizma shtes\\u00eb sigurie si autentikim, autorizim, enkriptim, etj.\"},\"sl\":{\"name\":\"Varnost\",\"description\":\"Programi za zagotavljanje varnosti delovanja, overjanje, \\u0161ifriranje in podobno.\"},\"sr\":{\"name\":\"\\u0411\\u0435\\u0437\\u0431\\u0435\\u0434\\u043d\\u043e\\u0441\\u0442\",\"description\":\"\\u0410\\u043f\\u043b\\u0438\\u043a\\u0430\\u0446\\u0438\\u0458\\u0435 \\u043a\\u043e\\u0458\\u0435 \\u043e\\u0431\\u0435\\u0437\\u0431\\u0435\\u0452\\u0443\\u0458\\u0443 \\u0434\\u043e\\u0434\\u0430\\u0442\\u043d\\u0435 \\u0431\\u0435\\u0437\\u0431\\u0435\\u0434\\u043e\\u043d\\u043e\\u0441\\u043d\\u0435 \\u043c\\u0435\\u0445\\u0430\\u043d\\u0438\\u0437\\u043c\\u0435, \\u043a\\u0430\\u043e \\u0448\\u0442\\u043e \\u0441\\u0443 \\u043f\\u0440\\u0438\\u0458\\u0430\\u0432\\u0459\\u0438\\u0432\\u0430\\u045a\\u0435, \\u043f\\u0440\\u043e\\u0432\\u0435\\u0440\\u0430 \\u0438\\u0434\\u0435\\u043d\\u0442\\u0438\\u0442\\u0435\\u0442\\u0430, \\u0448\\u0438\\u0444\\u0440\\u043e\\u0432\\u0430\\u045a\\u0435 \\u0438\\u0442\\u0434.\"},\"af\":{\"name\":\"Security\",\"description\":\"Apps that provide additional security mechanisms like authentication, authorization, encryption, etc.\"},\"ar\":{\"name\":\"Security\",\"description\":\"Apps that provide additional security mechanisms like authentication, authorization, encryption, etc.\"},\"ast\":{\"name\":\"Security\",\"description\":\"Apps that provide additional security mechanisms like authentication, authorization, encryption, etc.\"},\"az\":{\"name\":\"Security\",\"description\":\"Apps that provide additional security mechanisms like authentication, authorization, encryption, etc.\"},\"bg\":{\"name\":\"Security\",\"description\":\"Apps that provide additional security mechanisms like authentication, authorization, encryption, etc.\"},\"be\":{\"name\":\"Security\",\"description\":\"Apps that provide additional security mechanisms like authentication, authorization, encryption, etc.\"},\"bn\":{\"name\":\"Security\",\"description\":\"Apps that provide additional security mechanisms like authentication, authorization, encryption, etc.\"},\"br\":{\"name\":\"Security\",\"description\":\"Apps that provide additional security mechanisms like authentication, authorization, encryption, etc.\"},\"bs\":{\"name\":\"Security\",\"description\":\"Apps that provide additional security mechanisms like authentication, authorization, encryption, etc.\"},\"ca\":{\"name\":\"Seguretat\",\"description\":\"Aplicacions que proporcionen mecanismes addicionals de seguretat com l'autenticaci\\u00f3, autoritzaci\\u00f3, encriptaci\\u00f3, etc.\"},\"cs\":{\"name\":\"Zabezpe\\u010den\\u00ed\",\"description\":\"Aplikace, kter\\u00e9 poskytuj\\u00ed dal\\u0161\\u00ed bezpe\\u010dnostn\\u00ed mechanismy, jako je ov\\u011b\\u0159ov\\u00e1n\\u00ed, pov\\u011b\\u0159ov\\u00e1n\\u00ed, \\u0161ifrov\\u00e1n\\u00ed, atd.\"},\"cy\":{\"name\":\"Security\",\"description\":\"Apps that provide additional security mechanisms like authentication, authorization, encryption, etc.\"},\"da\":{\"name\":\"Sikkerhed\",\"description\":\"Apps der tilbyder yderligere sikkerhedsmekanismer s\\u00e5som autentifikation, bemyndigelse, kryptering osv.\"},\"de\":{\"name\":\"Sicherheit\",\"description\":\"Apps die zus\\u00e4tzliche Sicherheitsmechanismen bereitstellen, wie z.B. Authentifizierung, Autorisierung, Verschl\\u00fcsselung usw.\"},\"dsb\":{\"name\":\"Security\",\"description\":\"Apps that provide additional security mechanisms like authentication, authorization, encryption, etc.\"},\"el\":{\"name\":\"\\u0391\\u03c3\\u03c6\\u03ac\\u03bb\\u03b5\\u03b9\\u03b1\",\"description\":\"\\u0395\\u03c6\\u03b1\\u03c1\\u03bc\\u03bf\\u03b3\\u03ad\\u03c2 \\u03c0\\u03bf\\u03c5 \\u03c0\\u03b1\\u03c1\\u03ad\\u03c7\\u03bf\\u03c5\\u03bd \\u03c0\\u03c1\\u03cc\\u03c3\\u03b8\\u03b5\\u03c4\\u03bf\\u03c5\\u03c2 \\u03bc\\u03b7\\u03c7\\u03b1\\u03bd\\u03b9\\u03c3\\u03bc\\u03bf\\u03cd\\u03c2 \\u03b1\\u03c3\\u03c6\\u03b1\\u03bb\\u03b5\\u03af\\u03b1\\u03c2 \\u03cc\\u03c0\\u03c9\\u03c2 \\u03c0\\u03b9\\u03c3\\u03c4\\u03bf\\u03c0\\u03bf\\u03af\\u03b7\\u03c3\\u03b7, \\u03b5\\u03be\\u03bf\\u03c5\\u03c3\\u03b9\\u03bf\\u03b4\\u03cc\\u03c4\\u03b7\\u03c3\\u03b7, \\u03ba\\u03c1\\u03c5\\u03c0\\u03c4\\u03bf\\u03b3\\u03c1\\u03ac\\u03c6\\u03b7\\u03c3\\u03b7 \\u03ba.\\u03bb\\u03c0.\"},\"eo\":{\"name\":\"Sekurigo\",\"description\":\"Aplika\\u0135oj, kiuj aldonas plian sekurigan rimedaron, kiel a\\u016dtentigo, rajtigo, \\u0109ifrado, k.t.p.\"},\"es\":{\"name\":\"Seguridad\",\"description\":\"Apps que proporcionan mecanismos de seguridad adicionales, como autenticaci\\u00f3n, autorizaci\\u00f3n, cifrado, etc.\"},\"es-ar\":{\"name\":\"Seguridad\",\"description\":\"Aplicaciones que proporcionan mecanismos de seguridad adicionales como autenticaci\\u00f3n, autorizaci\\u00f3n, cifrado, etc.\"},\"es-co\":{\"name\":\"Seguridad\",\"description\":\"Aplicaciones que proporcionan mecanismos de seguridad adicionales como autenticaci\\u00f3n, autorizaci\\u00f3n, encripci\\u00f3n, etc.\"},\"es-mx\":{\"name\":\"Seguridad\",\"description\":\"Aplicaciones que proporcionan mecanismos de seguridad adicionales como autenticaci\\u00f3n, autorizaci\\u00f3n, encripci\\u00f3n, etc.\"},\"es-ni\":{\"name\":\"Seguridad\",\"description\":\"Aplicaciones que proporcionan mecanismos de seguridad adicionales como autenticaci\\u00f3n, autorizaci\\u00f3n, encripci\\u00f3n, etc.\"},\"es-ve\":{\"name\":\"Seguridad\",\"description\":\"Apps que proporcionan mecanismos de seguridad adicionales, como autenticaci\\u00f3n, autorizaci\\u00f3n, cifrado, etc.\"},\"et\":{\"name\":\"Security\",\"description\":\"Apps that provide additional security mechanisms like authentication, authorization, encryption, etc.\"},\"eu\":{\"name\":\"Segurtasuna\",\"description\":\"Segurtasun gehiago emateko app-ak, adibidez autentikazioa, autorizazioa, enkriptazioa eta abar.\"},\"it\":{\"name\":\"Sicurezza\",\"description\":\"Apps che forniscono meccanismi aggiuntivi di sicurezza come autenticazioni, autorizzazioni, crittografia, ecc.\"},\"en\":{\"name\":\"Security\",\"description\":\"Apps that provide additional security mechanisms like authentication, authorization, encryption, etc.\"},\"is\":{\"name\":\"\\u00d6ryggi\",\"description\":\"Forrit sem gefa stu\\u00f0ning vi\\u00f0 vi\\u00f0b\\u00f3tar\\u00f6ryggiseiginleika, eins og au\\u00f0kenningu, heimilda\\u00fej\\u00f3nustur, dulritun o.s.frv.\"},\"ja\":{\"name\":\"\\u30bb\\u30ad\\u30e5\\u30ea\\u30c6\\u30a3\",\"description\":\"\\u30a2\\u30d7\\u30ea\\u306f\\u3001\\u8a8d\\u8a3c\\u3001\\u627f\\u8a8d\\u3001\\u6697\\u53f7\\u5316\\u306a\\u3069\\u306b\\u3088\\u308a\\u8ffd\\u52a0\\u306e\\u30bb\\u30ad\\u30e5\\u30ea\\u30c6\\u30a3\\u5bfe\\u7b56\\u304c\\u63d0\\u4f9b\\u3055\\u308c\\u307e\\u3059\\u3002\"},\"sr-latn\":{\"name\":\"\\u0411\\u0435\\u0437\\u0431\\u0435\\u0434\\u043d\\u043e\\u0441\\u0442\",\"description\":\"\\u0410\\u043f\\u043b\\u0438\\u043a\\u0430\\u0446\\u0438\\u0458\\u0435 \\u043a\\u043e\\u0458\\u0435 \\u043e\\u0431\\u0435\\u0437\\u0431\\u0435\\u0452\\u0443\\u0458\\u0443 \\u0434\\u043e\\u0434\\u0430\\u0442\\u043d\\u0435 \\u0431\\u0435\\u0437\\u0431\\u0435\\u0434\\u043e\\u043d\\u043e\\u0441\\u043d\\u0435 \\u043c\\u0435\\u0445\\u0430\\u043d\\u0438\\u0437\\u043c\\u0435, \\u043a\\u0430\\u043e \\u0448\\u0442\\u043e \\u0441\\u0443 \\u043f\\u0440\\u0438\\u0458\\u0430\\u0432\\u0459\\u0438\\u0432\\u0430\\u045a\\u0435, \\u043f\\u0440\\u043e\\u0432\\u0435\\u0440\\u0430 \\u0438\\u0434\\u0435\\u043d\\u0442\\u0438\\u0442\\u0435\\u0442\\u0430, \\u0448\\u0438\\u0444\\u0440\\u043e\\u0432\\u0430\\u045a\\u0435 \\u0438\\u0442\\u0434.\"},\"sv\":{\"name\":\"S\\u00e4kerhet\",\"description\":\"Appar som erbjuder ytterligare s\\u00e4kerhetsmekanismer som autentisering, tillst\\u00e5nd, kryptering, etc.\"},\"sw\":{\"name\":\"Security\",\"description\":\"Apps that provide additional security mechanisms like authentication, authorization, encryption, etc.\"},\"ta\":{\"name\":\"Security\",\"description\":\"Apps that provide additional security mechanisms like authentication, authorization, encryption, etc.\"},\"te\":{\"name\":\"Security\",\"description\":\"Apps that provide additional security mechanisms like authentication, authorization, encryption, etc.\"},\"th\":{\"name\":\"Security\",\"description\":\"Apps that provide additional security mechanisms like authentication, authorization, encryption, etc.\"},\"tr\":{\"name\":\"G\\u00fcvenlik\",\"description\":\"Kimlik do\\u011frulama, \\u015fifreleme vb ek g\\u00fcvenlik mekanizmalar\\u0131 sa\\u011flayan uygulamalar.\"},\"tt\":{\"name\":\"Security\",\"description\":\"Apps that provide additional security mechanisms like authentication, authorization, encryption, etc.\"},\"udm\":{\"name\":\"Security\",\"description\":\"Apps that provide additional security mechanisms like authentication, authorization, encryption, etc.\"},\"uk\":{\"name\":\"Security\",\"description\":\"Apps that provide additional security mechanisms like authentication, authorization, encryption, etc.\"},\"ur\":{\"name\":\"Security\",\"description\":\"Apps that provide additional security mechanisms like authentication, authorization, encryption, etc.\"},\"vi\":{\"name\":\"B\\u1ea3o m\\u1eadt\",\"description\":\"\\u1ee8ng d\\u1ee5ng cung c\\u1ea5p th\\u00eam c\\u00e1ch th\\u1ee9c b\\u1ea3o m\\u1eadt nh\\u01b0 m\\u00e3 h\\u00f3a, x\\u00e1c minh, cho ph\\u00e9p, vv.\"},\"zh-hans\":{\"name\":\"Security\",\"description\":\"Apps that provide additional security mechanisms like authentication, authorization, encryption, etc.\"},\"zh-hant\":{\"name\":\"Security\",\"description\":\"Apps that provide additional security mechanisms like authentication, authorization, encryption, etc.\"},\"ka\":{\"name\":\"\\u10e3\\u10e1\\u10d0\\u10e4\\u10e0\\u10d7\\u10ee\\u10dd\\u10d4\\u10d1\\u10d0\",\"description\":\"\\u10d0\\u10de\\u10da\\u10d8\\u10d9\\u10d0\\u10ea\\u10d8\\u10d4\\u10d1\\u10d8 \\u10e0\\u10dd\\u10db\\u10da\\u10d4\\u10d1\\u10d8\\u10ea \\u10e3\\u10d6\\u10e0\\u10e3\\u10dc\\u10d5\\u10d4\\u10da\\u10e7\\u10dd\\u10e4\\u10d4\\u10dc \\u10d3\\u10d0\\u10db\\u10d0\\u10e2\\u10d4\\u10d1\\u10d8\\u10d7 \\u10e3\\u10e1\\u10d0\\u10e4\\u10e0\\u10d7\\u10ee\\u10dd\\u10d4\\u10d1\\u10d8\\u10e1 \\u10db\\u10d4\\u10e5\\u10d0\\u10dc\\u10d8\\u10d6\\u10db\\u10d4\\u10d1\\u10e1, \\u10d8\\u10e1\\u10d4\\u10d7\\u10d4\\u10d1\\u10e1 \\u10e0\\u10dd\\u10d2\\u10dd\\u10e0\\u10d4\\u10d1\\u10d8\\u10ea\\u10d0\\u10d0 \\u10d0\\u10d5\\u10e2\\u10dd\\u10e0\\u10d8\\u10d6\\u10d0\\u10ea\\u10d8\\u10d0, \\u10d0\\u10e3\\u10e2\\u10d4\\u10dc\\u10e2\\u10d8\\u10e4\\u10d8\\u10d9\\u10d0\\u10ea\\u10d8\\u10d0, \\u10d9\\u10dd\\u10d3\\u10d8\\u10e0\\u10d4\\u10d1\\u10d0, \\u10d0.\\u10e8.\"},\"kab\":{\"name\":\"Security\",\"description\":\"Apps that provide additional security mechanisms like authentication, authorization, encryption, etc.\"},\"fa\":{\"name\":\"\\u0627\\u0645\\u0646\\u06cc\\u062a\",\"description\":\"\\u0628\\u0631\\u0646\\u0627\\u0645\\u0647 \\u0647\\u0627\\u06cc\\u06cc \\u06a9\\u0647 \\u0645\\u06a9\\u0627\\u0646\\u06cc\\u0632\\u0645 \\u0647\\u0627\\u06cc \\u0627\\u0645\\u0646\\u06cc\\u062a\\u06cc \\u0627\\u0636\\u0627\\u0641\\u06cc \\u0645\\u0627\\u0646\\u0646\\u062f \\u062a\\u0623\\u06cc\\u06cc\\u062f \\u0627\\u0639\\u062a\\u0628\\u0627\\u0631 \\u060c \\u0645\\u062c\\u0648\\u0632 \\u060c \\u0631\\u0645\\u0632\\u06af\\u0630\\u0627\\u0631\\u06cc \\u0648 \\u063a\\u06cc\\u0631\\u0647 \\u0631\\u0627 \\u0627\\u0631\\u0627\\u0626\\u0647 \\u0645\\u06cc \\u062f\\u0647\\u0646\\u062f.\"},\"fi\":{\"name\":\"Tietoturva\",\"description\":\"Sovellukset, jotka tarjoavat lis\\u00e4suojausmekanismeja, kuten todennusta, valtuutusta, salausta jne.\"},\"fr\":{\"name\":\"S\\u00e9curit\\u00e9\",\"description\":\"Des applications qui fournissent des m\\u00e9canismes de s\\u00e9curit\\u00e9 suppl\\u00e9mentaires comme l'authentification, les autorisation, le chiffrement, etc.\"},\"fy\":{\"name\":\"Security\",\"description\":\"Apps that provide additional security mechanisms like authentication, authorization, encryption, etc.\"},\"ga\":{\"name\":\"Security\",\"description\":\"Apps that provide additional security mechanisms like authentication, authorization, encryption, etc.\"},\"gd\":{\"name\":\"Security\",\"description\":\"Apps that provide additional security mechanisms like authentication, authorization, encryption, etc.\"},\"gl\":{\"name\":\"Seguridade\",\"description\":\"Aplicaci\\u00f3ns que fornecen mecanismos de seguridade adicionais, como autenticaci\\u00f3n, autorizaci\\u00f3n, cifrado, etc.\"},\"he\":{\"name\":\"\\u05d0\\u05d1\\u05d8\\u05d7\\u05d4\",\"description\":\"\\u05d9\\u05d9\\u05e9\\u05d5\\u05de\\u05d5\\u05e0\\u05d9\\u05dd \\u05e9\\u05de\\u05e1\\u05e4\\u05e7\\u05d9\\u05dd \\u05de\\u05e0\\u05d2\\u05e0\\u05d5\\u05e0\\u05d9 \\u05d0\\u05d1\\u05d8\\u05d7\\u05d4 \\u05e0\\u05d5\\u05e1\\u05e4\\u05d9\\u05dd \\u05db\\u05d2\\u05d5\\u05df \\u05d0\\u05d9\\u05de\\u05d5\\u05ea, \\u05d0\\u05d9\\u05e9\\u05d5\\u05e8, \\u05d4\\u05e6\\u05e4\\u05e0\\u05d4 \\u05d5\\u05e2\\u05d5\\u05d3.\"},\"hi\":{\"name\":\"Security\",\"description\":\"Apps that provide additional security mechanisms like authentication, authorization, encryption, etc.\"},\"hr\":{\"name\":\"Sigurnost\",\"description\":\"Aplikacije koje pru\\u017eaju dodatne sigurnosne mehanizme poput provjere autenti\\u010dnosti, autorizacije, \\u0161ifriranja itd.\"},\"hsb\":{\"name\":\"Security\",\"description\":\"Apps that provide additional security mechanisms like authentication, authorization, encryption, etc.\"},\"hu\":{\"name\":\"Biztons\\u00e1g\",\"description\":\"Alkalmaz\\u00e1sok, melyek tov\\u00e1bbi biztons\\u00e1gi mechanizmusokat biztos\\u00edtanak az hiteles\\u00edt\\u00e9shez, enged\\u00e9lyez\\u00e9shez, titkos\\u00edt\\u00e1shoz, stb.\"},\"hy\":{\"name\":\"Security\",\"description\":\"Apps that provide additional security mechanisms like authentication, authorization, encryption, etc.\"},\"ia\":{\"name\":\"Security\",\"description\":\"Apps that provide additional security mechanisms like authentication, authorization, encryption, etc.\"},\"id\":{\"name\":\"Security\",\"description\":\"Apps that provide additional security mechanisms like authentication, authorization, encryption, etc.\"},\"io\":{\"name\":\"Security\",\"description\":\"Apps that provide additional security mechanisms like authentication, authorization, encryption, etc.\"}}},{\"id\":\"social\",\"translations\":{\"kk\":{\"name\":\"Social & communication\",\"description\":\"Messaging, contact management and social media apps\"},\"km\":{\"name\":\"Social & communication\",\"description\":\"Messaging, contact management and social media apps\"},\"kn\":{\"name\":\"Social & communication\",\"description\":\"Messaging, contact management and social media apps\"},\"ko\":{\"name\":\"\\uc18c\\uc15c \\ubc0f \\ud1b5\\uc2e0\",\"description\":\"\\uba54\\uc2dc\\uc9d5, \\uc5f0\\ub77d\\ucc98 \\uad00\\ub9ac, \\uc18c\\uc15c \\ubbf8\\ub514\\uc5b4 \\uc571\"},\"lb\":{\"name\":\"Social & communication\",\"description\":\"Messaging, contact management and social media apps\"},\"lt\":{\"name\":\"Socialiniai reikalai ir bendravimas\",\"description\":\"Prane\\u0161im\\u0173, adresat\\u0173 valdymo ir socialin\\u0117s \\u017einiasklaidos taikomosios programos\"},\"lv\":{\"name\":\"Social & communication\",\"description\":\"Messaging, contact management and social media apps\"},\"mk\":{\"name\":\"Social & communication\",\"description\":\"Messaging, contact management and social media apps\"},\"ml\":{\"name\":\"Social & communication\",\"description\":\"Messaging, contact management and social media apps\"},\"mn\":{\"name\":\"Social & communication\",\"description\":\"Messaging, contact management and social media apps\"},\"mr\":{\"name\":\"Social & communication\",\"description\":\"Messaging, contact management and social media apps\"},\"my\":{\"name\":\"Social & communication\",\"description\":\"Messaging, contact management and social media apps\"},\"nb\":{\"name\":\"Sosialt og kommunikasjon\",\"description\":\"Apper for meldinger, kontakth\\u00e5ndtering og sosiale medier\"},\"ne\":{\"name\":\"Social & communication\",\"description\":\"Messaging, contact management and social media apps\"},\"nl\":{\"name\":\"Sociaal & communicatie\",\"description\":\"Messaging, contactbeheer en social media apps\"},\"nn\":{\"name\":\"Social & communication\",\"description\":\"Messaging, contact management and social media apps\"},\"os\":{\"name\":\"Social & communication\",\"description\":\"Messaging, contact management and social media apps\"},\"pa\":{\"name\":\"Social & communication\",\"description\":\"Messaging, contact management and social media apps\"},\"pl\":{\"name\":\"Spo\\u0142eczno\\u015b\\u0107 i komunikacja\",\"description\":\"Aplikacje do komunikacji, zarz\\u0105dzania kontaktami i dla medi\\u00f3w spo\\u0142eczno\\u015bciowych\"},\"pt\":{\"name\":\"Social & comunica\\u00e7\\u00e3o\",\"description\":\"Aplica\\u00e7\\u00e3o para troca de mensagens, gest\\u00e3o de contactos e redes sociais\"},\"pt-br\":{\"name\":\"Social & comunica\\u00e7\\u00e3o\",\"description\":\"Aplicativos de mensagem, gerenciamento de contatos e m\\u00eddias sociais\"},\"ro\":{\"name\":\"Social & communication\",\"description\":\"Messaging, contact management and social media apps\"},\"ru\":{\"name\":\"\\u0421\\u043e\\u0446\\u0438\\u0430\\u043b\\u044c\\u043d\\u043e\\u0435 \\u0438 \\u0441\\u0432\\u044f\\u0437\\u044c\",\"description\":\"\\u041e\\u0431\\u0449\\u0435\\u043d\\u0438\\u0435, \\u0443\\u043f\\u0440\\u0430\\u0432\\u043b\\u0435\\u043d\\u0438\\u0435 \\u043a\\u043e\\u043d\\u0442\\u0430\\u043a\\u0442\\u0430\\u043c\\u0438 \\u0438 \\u0441\\u043e\\u0446\\u0438\\u0430\\u043b\\u044c\\u043d\\u043e\\u0435 \\u043c\\u0435\\u0434\\u0438\\u0430-\\u043f\\u0440\\u0438\\u043b\\u043e\\u0436\\u0435\\u043d\\u0438\\u0435\"},\"sk\":{\"name\":\"Soci\\u00e1lne siete a komunik\\u00e1cia\",\"description\":\"Aplik\\u00e1cie pre v\\u00fdmenu spr\\u00e1v, spr\\u00e1vu kontaktov a soci\\u00e1lne siete\"},\"sq\":{\"name\":\"Social & komunikim\",\"description\":\"Te shkruheni , kontaktoni menaxhimin dhe aplikacionet e mediave sociale\"},\"sl\":{\"name\":\"Dru\\u017ebene dejavnosti\",\"description\":\"Sporo\\u010danje, upravljanje stikov in dru\\u017ebena omre\\u017eja\"},\"sr\":{\"name\":\"\\u0414\\u0440\\u0443\\u0448\\u0442\\u0432\\u0435\\u043d\\u0435 \\u043c\\u0440\\u0435\\u0436\\u0435 & \\u043a\\u043e\\u043c\\u0443\\u043d\\u0438\\u043a\\u0430\\u0446\\u0438\\u0458\\u0430\",\"description\":\"\\u040b\\u0430\\u0441\\u043a\\u0430\\u045a\\u0435, \\u0443\\u043f\\u0440\\u0430\\u0432\\u0459\\u0430\\u045a\\u0435 \\u043a\\u043e\\u043d\\u0442\\u0430\\u043a\\u0442\\u0438\\u043c\\u0430 \\u0438 \\u0430\\u043f\\u043b\\u0438\\u043a\\u0430\\u0446\\u0438\\u0458\\u0435 \\u0434\\u0440\\u0443\\u0448\\u0442\\u0432\\u0435\\u043d\\u0438\\u0445 \\u043c\\u0440\\u0435\\u0436\\u0430\"},\"ga\":{\"name\":\"Social & communication\",\"description\":\"Messaging, contact management and social media apps\"},\"af\":{\"name\":\"Social & communication\",\"description\":\"Messaging, contact management and social media apps\"},\"ar\":{\"name\":\"Social & communication\",\"description\":\"Messaging, contact management and social media apps\"},\"ast\":{\"name\":\"Social & communication\",\"description\":\"Messaging, contact management and social media apps\"},\"az\":{\"name\":\"Social & communication\",\"description\":\"Messaging, contact management and social media apps\"},\"bg\":{\"name\":\"Social & communication\",\"description\":\"Messaging, contact management and social media apps\"},\"be\":{\"name\":\"Social & communication\",\"description\":\"Messaging, contact management and social media apps\"},\"bn\":{\"name\":\"Social & communication\",\"description\":\"Messaging, contact management and social media apps\"},\"br\":{\"name\":\"Social & communication\",\"description\":\"Messaging, contact management and social media apps\"},\"bs\":{\"name\":\"Social & communication\",\"description\":\"Messaging, contact management and social media apps\"},\"ca\":{\"name\":\"Social i comunicacions\",\"description\":\"Aplicacions de missatgeria, gesti\\u00f3 de contactes i mitjans de comunicaci\\u00f3 social\"},\"cs\":{\"name\":\"Soci\\u00e1ln\\u00ed s\\u00edt\\u011b a komunikace\",\"description\":\"Aplikace pro zas\\u00edl\\u00e1n\\u00ed zpr\\u00e1v, spr\\u00e1vu kontakt\\u016f a soci\\u00e1ln\\u00ed s\\u00edt\\u011b\"},\"cy\":{\"name\":\"Social & communication\",\"description\":\"Messaging, contact management and social media apps\"},\"da\":{\"name\":\"Socialt & kommunikation\",\"description\":\"Apps til beskeder, kontakter og sociale medier\"},\"de\":{\"name\":\"Kommunikation\",\"description\":\"Nachrichten-, Kontaktverwaltungs- und Social-Media-Apps\"},\"dsb\":{\"name\":\"Social & communication\",\"description\":\"Messaging, contact management and social media apps\"},\"el\":{\"name\":\"\\u039a\\u03bf\\u03b9\\u03bd\\u03c9\\u03bd\\u03b9\\u03ba\\u03ac \\u03ba\\u03b1\\u03b9 \\u03b5\\u03c0\\u03b9\\u03ba\\u03bf\\u03b9\\u03bd\\u03c9\\u03bd\\u03af\\u03b1\",\"description\":\"\\u0395\\u03c6\\u03b1\\u03c1\\u03bc\\u03bf\\u03b3\\u03ad\\u03c2 \\u03b5\\u03c0\\u03b9\\u03ba\\u03bf\\u03b9\\u03bd\\u03c9\\u03bd\\u03af\\u03b1\\u03c2, \\u03b4\\u03b9\\u03b1\\u03c7\\u03b5\\u03af\\u03c1\\u03b9\\u03c3\\u03b7\\u03c2 \\u03b5\\u03c0\\u03b1\\u03c6\\u03ce\\u03bd \\u03ba\\u03b1\\u03b9 \\u03bc\\u03ad\\u03c3\\u03c9\\u03bd \\u03ba\\u03bf\\u03b9\\u03bd\\u03c9\\u03bd\\u03b9\\u03ba\\u03ae\\u03c2 \\u03b4\\u03b9\\u03ba\\u03c4\\u03cd\\u03c9\\u03c3\\u03b7\\u03c2\"},\"eo\":{\"name\":\"Sociaj kaj komunikaj iloj\",\"description\":\"Mesa\\u011dado, kontaktmastrumado kaj sociaj komunikiloj\"},\"es\":{\"name\":\"Social y comunicaci\\u00f3n\",\"description\":\"Apps de mensajer\\u00eda, manejo de contactos y medios sociales\"},\"es-ar\":{\"name\":\"Social & comunicaci\\u00f3n\",\"description\":\"Aplicaciones de mensajer\\u00eda, administraci\\u00f3n de contactos y medios sociales\"},\"es-co\":{\"name\":\"Social & comunicaci\\u00f3n\",\"description\":\"Aplicaciones de mensajer\\u00eda, administraci\\u00f3n de contactos y medios sociales\"},\"es-mx\":{\"name\":\"Social & comunicaci\\u00f3n\",\"description\":\"Aplicaciones de mensajer\\u00eda, administraci\\u00f3n de contactos y medios sociales\"},\"es-ni\":{\"name\":\"Social & comunicaci\\u00f3n\",\"description\":\"Aplicaciones de mensajer\\u00eda, administraci\\u00f3n de contactos y medios sociales\"},\"es-ve\":{\"name\":\"Social y comunicaci\\u00f3n\",\"description\":\"Apps de mensajer\\u00eda, manejo de contactos y medios sociales\"},\"et\":{\"name\":\"Social & communication\",\"description\":\"Messaging, contact management and social media apps\"},\"eu\":{\"name\":\"Soziala eta komunikazioa\",\"description\":\"Mezularitza, kontaktuen kudeaketa eta sare sozialen app-ak\"},\"en\":{\"name\":\"Social & communication\",\"description\":\"Messaging, contact management and social media apps\"},\"is\":{\"name\":\"Samskipti og samf\\u00e9lagsmi\\u00f0lar\",\"description\":\"Samskipti, ums\\u00fdsla tengili\\u00f0a og samf\\u00e9lagsmi\\u00f0laforrit\"},\"it\":{\"name\":\"Sociale e comunicazione\",\"description\":\"Applicazioni di messaggistica, gestione dei contatti e reti sociali\"},\"ja\":{\"name\":\"\\u30bd\\u30fc\\u30b7\\u30e3\\u30eb\\u30fb\\u30b3\\u30df\\u30e5\\u30cb\\u30b1\\u30fc\\u30b7\\u30e7\\u30f3\",\"description\":\"\\u30e1\\u30c3\\u30bb\\u30fc\\u30b8\\u30f3\\u30b0\\u3001\\u9023\\u7d61\\u5148\\u7ba1\\u7406\\u3001\\u30bd\\u30fc\\u30b7\\u30e3\\u30eb\\u30e1\\u30c7\\u30a3\\u30a2\\u30a2\\u30d7\\u30ea\"},\"sr-latn\":{\"name\":\"\\u0414\\u0440\\u0443\\u0448\\u0442\\u0432\\u0435\\u043d\\u0435 \\u043c\\u0440\\u0435\\u0436\\u0435 & \\u043a\\u043e\\u043c\\u0443\\u043d\\u0438\\u043a\\u0430\\u0446\\u0438\\u0458\\u0430\",\"description\":\"\\u040b\\u0430\\u0441\\u043a\\u0430\\u045a\\u0435, \\u0443\\u043f\\u0440\\u0430\\u0432\\u0459\\u0430\\u045a\\u0435 \\u043a\\u043e\\u043d\\u0442\\u0430\\u043a\\u0442\\u0438\\u043c\\u0430 \\u0438 \\u0430\\u043f\\u043b\\u0438\\u043a\\u0430\\u0446\\u0438\\u0458\\u0435 \\u0434\\u0440\\u0443\\u0448\\u0442\\u0432\\u0435\\u043d\\u0438\\u0445 \\u043c\\u0440\\u0435\\u0436\\u0430\"},\"sv\":{\"name\":\"Socialt & kommunikation\",\"description\":\"Meddelande, kontaktadministration och social media appar\"},\"sw\":{\"name\":\"Social & communication\",\"description\":\"Messaging, contact management and social media apps\"},\"ta\":{\"name\":\"Social & communication\",\"description\":\"Messaging, contact management and social media apps\"},\"te\":{\"name\":\"Social & communication\",\"description\":\"Messaging, contact management and social media apps\"},\"th\":{\"name\":\"Social & communication\",\"description\":\"Messaging, contact management and social media apps\"},\"tr\":{\"name\":\"Sosyal A\\u011f ve \\u0130leti\\u015fim\",\"description\":\"\\u0130leti\\u015fim, ki\\u015fi y\\u00f6netimi ve sosyal a\\u011f uygulamalar\\u0131\"},\"tt\":{\"name\":\"Social & communication\",\"description\":\"Messaging, contact management and social media apps\"},\"udm\":{\"name\":\"Social & communication\",\"description\":\"Messaging, contact management and social media apps\"},\"uk\":{\"name\":\"Social & communication\",\"description\":\"Messaging, contact management and social media apps\"},\"ur\":{\"name\":\"Social & communication\",\"description\":\"Messaging, contact management and social media apps\"},\"vi\":{\"name\":\"X\\u00e3 h\\u1ed9i v\\u00e0 c\\u00e1ch th\\u1ee9c trao \\u0111\\u1ed5i\",\"description\":\"\\u1ee8ng d\\u1ee5ng nh\\u1eafn tin, qu\\u1ea3n l\\u00fd li\\u00ean h\\u1ec7 v\\u00e0 m\\u1ea1ng x\\u00e3 h\\u1ed9i\"},\"zh-hans\":{\"name\":\"Social & communication\",\"description\":\"Messaging, contact management and social media apps\"},\"zh-hant\":{\"name\":\"Social & communication\",\"description\":\"Messaging, contact management and social media apps\"},\"ka\":{\"name\":\"\\u10e1\\u10dd\\u10ea\\u10d0\\u10da\\u10e3\\u10e0\\u10d8 \\u10d3\\u10d0 \\u10d9\\u10dd\\u10db\\u10e3\\u10dc\\u10d8\\u10d9\\u10d0\\u10ea\\u10d8\\u10d0\",\"description\":\"\\u10db\\u10d8\\u10db\\u10dd\\u10ec\\u10d4\\u10e0\\u10d0, \\u10d9\\u10dd\\u10dc\\u10e2\\u10d0\\u10e5\\u10e2\\u10d4\\u10d1\\u10d8\\u10e1 \\u10db\\u10d4\\u10dc\\u10d4\\u10ef\\u10db\\u10d4\\u10dc\\u10e2\\u10d8 \\u10d3\\u10d0 \\u10e1\\u10dd\\u10ea\\u10d8\\u10d0\\u10da\\u10e3\\u10e0\\u10d8 \\u10db\\u10d4\\u10d3\\u10d8\\u10d8\\u10e1 \\u10d0\\u10de\\u10da\\u10d8\\u10d9\\u10d0\\u10ea\\u10d8\\u10d4\\u10d1\\u10d8\"},\"kab\":{\"name\":\"Social & communication\",\"description\":\"Messaging, contact management and social media apps\"},\"fa\":{\"name\":\"\\u0627\\u0631\\u062a\\u0628\\u0627\\u0637 \\u0627\\u062c\\u062a\\u0645\\u0627\\u0639\\u06cc\",\"description\":\"\\u0628\\u0631\\u0646\\u0627\\u0645\\u0647 \\u0647\\u0627\\u06cc \\u067e\\u06cc\\u0627\\u0645 \\u0631\\u0633\\u0627\\u0646\\u06cc \\u060c \\u0645\\u062f\\u06cc\\u0631\\u06cc\\u062a \\u062a\\u0645\\u0627\\u0633 \\u0648 \\u0631\\u0633\\u0627\\u0646\\u0647 \\u0647\\u0627\\u06cc \\u0627\\u062c\\u062a\\u0645\\u0627\\u0639\\u06cc\"},\"fi\":{\"name\":\"Sosiaaliset & kommunikaatio\",\"description\":\"Viestittely-, yhteystietojenhallinta- ja sosiaalisen median sovellukset\"},\"fr\":{\"name\":\"Social & communication\",\"description\":\"Applications de messagerie, de gestion de contacts et de r\\u00e9seaux sociaux\"},\"fy\":{\"name\":\"Social & communication\",\"description\":\"Messaging, contact management and social media apps\"},\"gd\":{\"name\":\"Social & communication\",\"description\":\"Messaging, contact management and social media apps\"},\"gl\":{\"name\":\"Social e comunicaci\\u00f3n\",\"description\":\"Aplicaci\\u00f3ns de mensaxer\\u00eda, xesti\\u00f3n de contactos e medios sociais\"},\"he\":{\"name\":\"\\u05d7\\u05d1\\u05e8\\u05ea\\u05d9 \\u05d5\\u05ea\\u05e7\\u05e9\\u05d5\\u05e8\\u05ea\",\"description\":\"\\u05d9\\u05d9\\u05e9\\u05d5\\u05de\\u05d5\\u05e0\\u05d9 \\u05d4\\u05ea\\u05db\\u05ea\\u05d1\\u05d5\\u05ea, \\u05e0\\u05d9\\u05d4\\u05d5\\u05dc \\u05d0\\u05e0\\u05e9\\u05d9 \\u05e7\\u05e9\\u05e8 \\u05d5\\u05e8\\u05e9\\u05ea\\u05d5\\u05ea \\u05d7\\u05d1\\u05e8\\u05ea\\u05d9\\u05d5\\u05ea\"},\"hi\":{\"name\":\"Social & communication\",\"description\":\"Messaging, contact management and social media apps\"},\"hr\":{\"name\":\"Dru\\u0161tvene i komunikacijske aplikacije\",\"description\":\"Aplikacije za razmjenu poruka, upravljanje kontaktima i dru\\u0161tveni mediji\"},\"hsb\":{\"name\":\"Social & communication\",\"description\":\"Messaging, contact management and social media apps\"},\"hu\":{\"name\":\"K\\u00f6z\\u00f6ss\\u00e9g \\u00e9s kommunik\\u00e1ci\\u00f3\",\"description\":\"\\u00dczenetk\\u00fcld\\u0151, kapcsolatkezel\\u0151 \\u00e9s k\\u00f6z\\u00f6ss\\u00e9gi m\\u00e9dia alkalmaz\\u00e1sok\"},\"hy\":{\"name\":\"Social & communication\",\"description\":\"Messaging, contact management and social media apps\"},\"ia\":{\"name\":\"Social & communication\",\"description\":\"Messaging, contact management and social media apps\"},\"id\":{\"name\":\"Social & communication\",\"description\":\"Messaging, contact management and social media apps\"},\"io\":{\"name\":\"Social & communication\",\"description\":\"Messaging, contact management and social media apps\"}}},{\"id\":\"tools\",\"translations\":{\"en\":{\"name\":\"Tools\",\"description\":\"Everything else\"},\"kk\":{\"name\":\"Tools\",\"description\":\"Everything else\"},\"km\":{\"name\":\"Tools\",\"description\":\"Everything else\"},\"kn\":{\"name\":\"Tools\",\"description\":\"Everything else\"},\"ko\":{\"name\":\"\\ub3c4\\uad6c\",\"description\":\"\\ub2e4\\ub978 \\ubaa8\\ub4e0 \\uac83\"},\"lb\":{\"name\":\"Tools\",\"description\":\"Everything else\"},\"lt\":{\"name\":\"\\u012erankiai\",\"description\":\"Visa kita\"},\"lv\":{\"name\":\"Tools\",\"description\":\"Everything else\"},\"mk\":{\"name\":\"Tools\",\"description\":\"Everything else\"},\"ml\":{\"name\":\"Tools\",\"description\":\"Everything else\"},\"mn\":{\"name\":\"Tools\",\"description\":\"Everything else\"},\"mr\":{\"name\":\"Tools\",\"description\":\"Everything else\"},\"my\":{\"name\":\"Tools\",\"description\":\"Everything else\"},\"nb\":{\"name\":\"Verkt\\u00f8y\",\"description\":\"Alt annet\"},\"ne\":{\"name\":\"Tools\",\"description\":\"Everything else\"},\"nl\":{\"name\":\"Tools\",\"description\":\"De rest\"},\"nn\":{\"name\":\"Tools\",\"description\":\"Everything else\"},\"os\":{\"name\":\"Tools\",\"description\":\"Everything else\"},\"pa\":{\"name\":\"Tools\",\"description\":\"Everything else\"},\"pl\":{\"name\":\"Narz\\u0119dzia\",\"description\":\"Wszystko inne\"},\"pt\":{\"name\":\"Ferramentas\",\"description\":\"Tudo o resto\"},\"pt-br\":{\"name\":\"Ferramentas\",\"description\":\"Tudo mais\"},\"ro\":{\"name\":\"Tools\",\"description\":\"Everything else\"},\"ru\":{\"name\":\"\\u041f\\u0440\\u0438\\u043b\\u043e\\u0436\\u0435\\u043d\\u0438\\u044f\",\"description\":\"\\u0427\\u0442\\u043e-\\u0442\\u043e \\u0435\\u0449\\u0435\"},\"sk\":{\"name\":\"N\\u00e1stroje\",\"description\":\"V\\u0161etko ostatn\\u00e9\"},\"sq\":{\"name\":\"Mjete\",\"description\":\"\\u00c7do gj\\u00eb tjet\\u00ebr\"},\"sl\":{\"name\":\"Orodja\",\"description\":\"Razli\\u010dna orodja za razli\\u010dne dejavnosti\"},\"sr\":{\"name\":\"\\u0410\\u043b\\u0430\\u0442\\u0438\",\"description\":\"\\u0421\\u0432\\u0435 \\u043e\\u0441\\u0442\\u0430\\u043b\\u043e\"},\"ga\":{\"name\":\"Tools\",\"description\":\"Everything else\"},\"af\":{\"name\":\"Tools\",\"description\":\"Everything else\"},\"ar\":{\"name\":\"Tools\",\"description\":\"Everything else\"},\"ast\":{\"name\":\"Tools\",\"description\":\"Everything else\"},\"az\":{\"name\":\"Tools\",\"description\":\"Everything else\"},\"bg\":{\"name\":\"Tools\",\"description\":\"Everything else\"},\"be\":{\"name\":\"Tools\",\"description\":\"Everything else\"},\"bn\":{\"name\":\"Tools\",\"description\":\"Everything else\"},\"br\":{\"name\":\"Tools\",\"description\":\"Everything else\"},\"bs\":{\"name\":\"Tools\",\"description\":\"Everything else\"},\"ca\":{\"name\":\"Eines\",\"description\":\"Tota la resta\"},\"cs\":{\"name\":\"N\\u00e1stroje\",\"description\":\"V\\u0161e ostatn\\u00ed\"},\"cy\":{\"name\":\"Tools\",\"description\":\"Everything else\"},\"da\":{\"name\":\"V\\u00e6rkt\\u00f8jer\",\"description\":\"Alt andet\"},\"de\":{\"name\":\"Werkzeuge\",\"description\":\"Alles Andere\"},\"dsb\":{\"name\":\"Tools\",\"description\":\"Everything else\"},\"el\":{\"name\":\"\\u0395\\u03c1\\u03b3\\u03b1\\u03bb\\u03b5\\u03af\\u03b1\",\"description\":\"\\u039f\\u03c4\\u03b9\\u03b4\\u03ae\\u03c0\\u03bf\\u03c4\\u03b5 \\u03ac\\u03bb\\u03bb\\u03bf\"},\"eo\":{\"name\":\"Iloj\",\"description\":\"\\u0108io cetera\"},\"es\":{\"name\":\"Herramientas\",\"description\":\"Todo lo dem\\u00e1s\"},\"es-ar\":{\"name\":\"Herramientas\",\"description\":\"Todo lo dem\\u00e1s\"},\"es-co\":{\"name\":\"Herramientas\",\"description\":\"Todo lo dem\\u00e1s\"},\"es-mx\":{\"name\":\"Herramientas\",\"description\":\"Todo lo dem\\u00e1s\"},\"es-ni\":{\"name\":\"Herramientas\",\"description\":\"Todo lo dem\\u00e1s\"},\"es-ve\":{\"name\":\"Herramientas\",\"description\":\"Todo lo dem\\u00e1s\"},\"et\":{\"name\":\"Tools\",\"description\":\"Everything else\"},\"eu\":{\"name\":\"Tresnak\",\"description\":\"Beste guztia\"},\"is\":{\"name\":\"Verkf\\u00e6ri\",\"description\":\"Allt anna\\u00f0\"},\"it\":{\"name\":\"Strumenti\",\"description\":\"Tutto il resto\"},\"ja\":{\"name\":\"\\u30c4\\u30fc\\u30eb\",\"description\":\"\\u305d\\u306e\\u4ed6\\u3059\\u3079\\u3066\"},\"sr-latn\":{\"name\":\"\\u0410\\u043b\\u0430\\u0442\\u0438\",\"description\":\"\\u0421\\u0432\\u0435 \\u043e\\u0441\\u0442\\u0430\\u043b\\u043e\"},\"sv\":{\"name\":\"Verktyg\",\"description\":\"Allting annat\"},\"sw\":{\"name\":\"Tools\",\"description\":\"Everything else\"},\"ta\":{\"name\":\"Tools\",\"description\":\"Everything else\"},\"te\":{\"name\":\"Tools\",\"description\":\"Everything else\"},\"th\":{\"name\":\"Tools\",\"description\":\"Everything else\"},\"tr\":{\"name\":\"Ara\\u00e7lar\",\"description\":\"Di\\u011fer uygulamalar\"},\"tt\":{\"name\":\"Tools\",\"description\":\"Everything else\"},\"udm\":{\"name\":\"Tools\",\"description\":\"Everything else\"},\"uk\":{\"name\":\"Tools\",\"description\":\"Everything else\"},\"ur\":{\"name\":\"Tools\",\"description\":\"Everything else\"},\"vi\":{\"name\":\"C\\u00f4ng c\\u1ee5\",\"description\":\"M\\u1ecdi th\\u1ee9 kh\\u00e1c\"},\"zh-hans\":{\"name\":\"Tools\",\"description\":\"Everything else\"},\"zh-hant\":{\"name\":\"Tools\",\"description\":\"Everything else\"},\"ka\":{\"name\":\"\\u10ee\\u10d4\\u10da\\u10e1\\u10d0\\u10ec\\u10e7\\u10dd\\u10d4\\u10d1\\u10d8\",\"description\":\"\\u10d3\\u10d0\\u10dc\\u10d0\\u10e0\\u10e9\\u10d4\\u10dc\\u10d8 \\u10e1\\u10ee\\u10d5\\u10d0\"},\"kab\":{\"name\":\"Tools\",\"description\":\"Everything else\"},\"fa\":{\"name\":\"\\u0627\\u0628\\u0632\\u0627\\u0631\\u0647\\u0627\",\"description\":\"\\u0647\\u0645\\u0647 \\u0686\\u06cc\\u0632 \\u062f\\u06cc\\u06af\\u0631\"},\"fi\":{\"name\":\"Ty\\u00f6kalut\",\"description\":\"Kaikki muu\"},\"fr\":{\"name\":\"Outils\",\"description\":\"Tout le reste\"},\"fy\":{\"name\":\"Tools\",\"description\":\"Everything else\"},\"gd\":{\"name\":\"Tools\",\"description\":\"Everything else\"},\"gl\":{\"name\":\"Ferramentas\",\"description\":\"Todo o demais\"},\"he\":{\"name\":\"\\u05db\\u05dc\\u05d9\\u05dd\",\"description\":\"\\u05db\\u05dc \\u05d4\\u05e9\\u05d0\\u05e8\"},\"hi\":{\"name\":\"Tools\",\"description\":\"Everything else\"},\"hr\":{\"name\":\"Alati\",\"description\":\"Sve ostalo\"},\"hsb\":{\"name\":\"Tools\",\"description\":\"Everything else\"},\"hu\":{\"name\":\"Eszk\\u00f6z\\u00f6k\",\"description\":\"Minden m\\u00e1s\"},\"hy\":{\"name\":\"Tools\",\"description\":\"Everything else\"},\"ia\":{\"name\":\"Tools\",\"description\":\"Everything else\"},\"id\":{\"name\":\"Tools\",\"description\":\"Everything else\"},\"io\":{\"name\":\"Tools\",\"description\":\"Everything else\"}}},{\"id\":\"workflow\",\"translations\":{\"kk\":{\"name\":\"Flow\",\"description\":\"Apps for Nextcloud Flow\"},\"km\":{\"name\":\"Flow\",\"description\":\"Apps for Nextcloud Flow\"},\"kn\":{\"name\":\"Flow\",\"description\":\"Apps for Nextcloud Flow\"},\"ko\":{\"name\":\"\\ud750\\ub984\",\"description\":\"Apps for Nextcloud Flow\"},\"lb\":{\"name\":\"Flow\",\"description\":\"Apps for Nextcloud Flow\"},\"lt\":{\"name\":\"Eiga\",\"description\":\"Apps for Nextcloud Flow\"},\"lv\":{\"name\":\"Flow\",\"description\":\"Apps for Nextcloud Flow\"},\"mk\":{\"name\":\"Flow\",\"description\":\"Apps for Nextcloud Flow\"},\"ml\":{\"name\":\"Flow\",\"description\":\"Apps for Nextcloud Flow\"},\"mn\":{\"name\":\"Flow\",\"description\":\"Apps for Nextcloud Flow\"},\"mr\":{\"name\":\"Flow\",\"description\":\"Apps for Nextcloud Flow\"},\"my\":{\"name\":\"Flow\",\"description\":\"Apps for Nextcloud Flow\"},\"nb\":{\"name\":\"Flyt\",\"description\":\"Apps for Nextcloud Flow\"},\"ne\":{\"name\":\"Flow\",\"description\":\"Apps for Nextcloud Flow\"},\"nl\":{\"name\":\"Flow\",\"description\":\"Apps voor Nextcloud Flow\"},\"nn\":{\"name\":\"Flow\",\"description\":\"Apps for Nextcloud Flow\"},\"os\":{\"name\":\"Flow\",\"description\":\"Apps for Nextcloud Flow\"},\"pa\":{\"name\":\"Flow\",\"description\":\"Apps for Nextcloud Flow\"},\"pl\":{\"name\":\"Przep\\u0142yw\",\"description\":\"Aplikacje dla Nextcloud Flow\"},\"pt\":{\"name\":\"Flow\",\"description\":\"Apps for Nextcloud Flow\"},\"pt-br\":{\"name\":\"Fluxo\",\"description\":\"Aplicativos para Nextcloud Fluxo\"},\"ro\":{\"name\":\"Flow\",\"description\":\"Apps for Nextcloud Flow\"},\"ru\":{\"name\":\"\\u041e\\u0431\\u0440\\u0430\\u0431\\u043e\\u0442\\u043a\\u0430 \\u0444\\u0430\\u0439\\u043b\\u043e\\u0432\",\"description\":\"\\u041f\\u0440\\u0438\\u043b\\u043e\\u0436\\u0435\\u043d\\u0438\\u044f \\u0434\\u043b\\u044f Nextcloud Flow\"},\"sk\":{\"name\":\"Flow (tok)\",\"description\":\"Aplik\\u00e1cie pre Nextcloud Flow (tok)\"},\"sq\":{\"name\":\"Flow\",\"description\":\"Apps for Nextcloud Flow\"},\"sl\":{\"name\":\"Kora\\u010dnik (Flow)\",\"description\":\"Programi za Nextcloud Flow\"},\"sr\":{\"name\":\"\\u0422\\u043e\\u043a\",\"description\":\"\\u0410\\u043f\\u043b\\u0438\\u043a\\u0430\\u0446\\u0438\\u0458\\u0435 \\u0437\\u0430 \\u041d\\u0435\\u043a\\u0441\\u0442\\u043a\\u043b\\u0430\\u0443\\u0434 Flow\"},\"ga\":{\"name\":\"Flow\",\"description\":\"Apps for Nextcloud Flow\"},\"af\":{\"name\":\"Flow\",\"description\":\"Apps for Nextcloud Flow\"},\"ar\":{\"name\":\"Flow\",\"description\":\"Apps for Nextcloud Flow\"},\"ast\":{\"name\":\"Flow\",\"description\":\"Apps for Nextcloud Flow\"},\"az\":{\"name\":\"Flow\",\"description\":\"Apps for Nextcloud Flow\"},\"bg\":{\"name\":\"Flow\",\"description\":\"Apps for Nextcloud Flow\"},\"be\":{\"name\":\"Flow\",\"description\":\"Apps for Nextcloud Flow\"},\"bn\":{\"name\":\"Flow\",\"description\":\"Apps for Nextcloud Flow\"},\"br\":{\"name\":\"Flow\",\"description\":\"Apps for Nextcloud Flow\"},\"bs\":{\"name\":\"Flow\",\"description\":\"Apps for Nextcloud Flow\"},\"ca\":{\"name\":\"Flux\",\"description\":\"Aplicacions per Nextcloud Flow\"},\"cs\":{\"name\":\"Flow (tok)\",\"description\":\"Aplikace pro Nextcloud Flow\"},\"cy\":{\"name\":\"Flow\",\"description\":\"Apps for Nextcloud Flow\"},\"da\":{\"name\":\"Flow\",\"description\":\"Apps for Nextcloud Flow\"},\"de\":{\"name\":\"Flow\",\"description\":\"Apps f\\u00fcr Nextcloud Flow\"},\"dsb\":{\"name\":\"Flow\",\"description\":\"Apps for Nextcloud Flow\"},\"el\":{\"name\":\"\\u03a1\\u03bf\\u03ae\",\"description\":\"\\u0395\\u03c6\\u03b1\\u03c1\\u03bc\\u03bf\\u03b3\\u03ad\\u03c2 \\u03b3\\u03b9\\u03b1 \\u03c4\\u03b7 \\u03a1\\u03bf\\u03ae \\u03c4\\u03bf\\u03c5 Nextcloud\"},\"eo\":{\"name\":\"Flow\",\"description\":\"Apps for Nextcloud Flow\"},\"es\":{\"name\":\"Flujo\",\"description\":\"Apps para Nextcloud Flow\"},\"es-ar\":{\"name\":\"Flujo\",\"description\":\"Apps para Nextcloud Flow\"},\"es-co\":{\"name\":\"Flujo\",\"description\":\"Apps para Nextcloud Flow\"},\"es-mx\":{\"name\":\"Flujo\",\"description\":\"Apps para Nextcloud Flow\"},\"es-ni\":{\"name\":\"Flujo\",\"description\":\"Apps para Nextcloud Flow\"},\"es-ve\":{\"name\":\"Flujo\",\"description\":\"Apps para Nextcloud Flow\"},\"et\":{\"name\":\"Flow\",\"description\":\"Apps for Nextcloud Flow\"},\"eu\":{\"name\":\"Fluxua\",\"description\":\"Nextcloud Flow-rako aplikazioak\"},\"en\":{\"name\":\"Flow\",\"description\":\"Apps for Nextcloud Flow\"},\"is\":{\"name\":\"Flow\",\"description\":\"Apps for Nextcloud Flow\"},\"it\":{\"name\":\"Flow\",\"description\":\"Applicazioni per Nextcloud Flow\"},\"ja\":{\"name\":\"Flow\",\"description\":\"Nextcloud Flow\\u306e\\u30a2\\u30d7\\u30ea\"},\"sr-latn\":{\"name\":\"\\u0422\\u043e\\u043a\",\"description\":\"\\u0410\\u043f\\u043b\\u0438\\u043a\\u0430\\u0446\\u0438\\u0458\\u0435 \\u0437\\u0430 \\u041d\\u0435\\u043a\\u0441\\u0442\\u043a\\u043b\\u0430\\u0443\\u0434 Flow\"},\"sv\":{\"name\":\"Flow\",\"description\":\"Appar f\\u00f6r Nextcloud Flow\"},\"sw\":{\"name\":\"Flow\",\"description\":\"Apps for Nextcloud Flow\"},\"ta\":{\"name\":\"Flow\",\"description\":\"Apps for Nextcloud Flow\"},\"te\":{\"name\":\"Flow\",\"description\":\"Apps for Nextcloud Flow\"},\"th\":{\"name\":\"Flow\",\"description\":\"Apps for Nextcloud Flow\"},\"tr\":{\"name\":\"Ak\\u0131\\u015f\",\"description\":\"Nextcloud Ak\\u0131\\u015f Uygulamalar\\u0131\"},\"tt\":{\"name\":\"Flow\",\"description\":\"Apps for Nextcloud Flow\"},\"udm\":{\"name\":\"Flow\",\"description\":\"Apps for Nextcloud Flow\"},\"uk\":{\"name\":\"Flow\",\"description\":\"Apps for Nextcloud Flow\"},\"ur\":{\"name\":\"Flow\",\"description\":\"Apps for Nextcloud Flow\"},\"vi\":{\"name\":\"Flow\",\"description\":\"\\u1ee8ng d\\u1ee5ng cho Flow\"},\"zh-hans\":{\"name\":\"Flow\",\"description\":\"Apps for Nextcloud Flow\"},\"zh-hant\":{\"name\":\"Flow\",\"description\":\"Apps for Nextcloud Flow\"},\"ka\":{\"name\":\"Flow\",\"description\":\"Apps for Nextcloud Flow\"},\"kab\":{\"name\":\"Flow\",\"description\":\"Apps for Nextcloud Flow\"},\"fa\":{\"name\":\"\\u062c\\u0631\\u06cc\\u0627\\u0646\",\"description\":\"\\u0628\\u0631\\u0646\\u0627\\u0645\\u0647 \\u0647\\u0627\\u06cc\\u06cc \\u0628\\u0631\\u0627\\u06cc \\u062c\\u0631\\u06cc\\u0627\\u0646 \\u0646\\u06a9\\u0633\\u062a \\u06a9\\u0644\\u0648\\u062f\"},\"fi\":{\"name\":\"Flow\",\"description\":\"Sovellukset Nextcloud Flow:lle\"},\"fr\":{\"name\":\"Flux\",\"description\":\"Application pour le flux Nextcloud \"},\"fy\":{\"name\":\"Flow\",\"description\":\"Apps for Nextcloud Flow\"},\"gd\":{\"name\":\"Flow\",\"description\":\"Apps for Nextcloud Flow\"},\"gl\":{\"name\":\"Fluxo\",\"description\":\"Aplicaci\\u00f3ns para o Fluxo de Nextcloud\"},\"he\":{\"name\":\"\\u05e8\\u05e6\\u05e3\",\"description\":\"Apps for Nextcloud Flow\"},\"hi\":{\"name\":\"Flow\",\"description\":\"Apps for Nextcloud Flow\"},\"hr\":{\"name\":\"Flow\",\"description\":\"Aplikacije za Nextcloud Flow\"},\"hsb\":{\"name\":\"Flow\",\"description\":\"Apps for Nextcloud Flow\"},\"hu\":{\"name\":\"Flow\",\"description\":\"Alkalmaz\\u00e1sok a Nextcloud Flowhoz\"},\"hy\":{\"name\":\"Flow\",\"description\":\"Apps for Nextcloud Flow\"},\"ia\":{\"name\":\"Flow\",\"description\":\"Apps for Nextcloud Flow\"},\"id\":{\"name\":\"Flow\",\"description\":\"Apps for Nextcloud Flow\"},\"io\":{\"name\":\"Flow\",\"description\":\"Apps for Nextcloud Flow\"}}}]", + "background-color": "#333333", + "background-color-to": "#333333", + "current-app-background-color": "#444444", + "text-color": "#ffffff", + "loader-color": "#0e75ac", + "icon-invert-filter": "0", + "icon-opacity": "100", + "opener": "side-menu-opener", + "dark-mode-background-color": "#333333", + "dark-mode-background-color-to": "#333333", + "dark-mode-current-app-background-color": "#444444", + "dark-mode-text-color": "#ffffff", + "dark-mode-loader-color": "#cccccc", + "dark-mode-icon-invert-filter": "0", + "dark-mode-icon-opacity": "100", + "dark-mode-opener": "side-menu-opener", + "opener-position": "before", + "opener-hover": "0", + "display-logo": "1", + "use-avatar": "0", + "add-logo-link": "1", + "big-menu-hidden-apps": "[]", + "show-settings": "0", + "size-icon": "normal", + "size-text": "normal", + "target-blank-apps": "[]", + "loader-enabled": "1", + "top-menu-apps": "[]", + "categories-order-type": "default", + "undefined": "", + "categories-order": "[\"other\",\"search\",\"tools\",\"external_links\",\"files\",\"workflow\",\"integration\",\"games\",\"multimedia\",\"office\",\"organization\",\"dashboard\",\"customization\",\"monitoring\",\"security\",\"social\"]", + "default-enabled": "1", + "force": "0", + "cache": "1", + "opener-only": "1", + "hide-when-no-apps": "1", + "big-menu": "0", + "always-displayed": "1" + }, + "sociallogin": { + "installed_version": "4.3.0", + "types": "", + "enabled": "yes", + "disable_registration": "", + "create_disabled_users": "", + "allow_login_connect": "", + "no_prune_user_groups": "", + "restrict_users_wo_mapped_groups": "", + "disable_notify_admins": "", + "hide_default_login": "", + "oauth_providers": "{\"google\":{\"appid\":\"\",\"secret\":\"\",\"defaultGroup\":\"\",\"auth_params\":{\"hd\":\"\"}},\"amazon\":{\"appid\":\"\",\"secret\":\"\",\"defaultGroup\":\"\"},\"facebook\":{\"appid\":\"\",\"secret\":\"\",\"defaultGroup\":\"\"},\"twitter\":{\"appid\":\"\",\"secret\":\"\",\"defaultGroup\":\"\"},\"GitHub\":{\"appid\":\"\",\"secret\":\"\",\"defaultGroup\":\"\",\"orgs\":\"\"},\"discord\":{\"appid\":\"\",\"secret\":\"\",\"defaultGroup\":\"\"},\"QQ\":{\"appid\":\"\",\"secret\":\"\",\"defaultGroup\":\"\"},\"slack\":{\"appid\":\"\",\"secret\":\"\",\"defaultGroup\":\"\"},\"telegram\":{\"appid\":\"\",\"secret\":\"\",\"defaultGroup\":\"\"}}", + "prevent_create_email_exists": "1", + "update_profile_on_login": "1", + "auto_create_groups": "1", + "custom_providers": "{\"custom_oidc\":[{\"name\":\"pilotescola\",\"title\":\"Pilot Escola\",\"authorizeUrl\":\"https:\\\/\\\/hydra.pilotescola.digital\\\/oauth2\\\/auth\",\"tokenUrl\":\"https:\\\/\\\/hydra.pilotescola.digital\\\/oauth2\\\/token\",\"userInfoUrl\":\"https:\\\/\\\/hydra.pilotescola.digital\\\/userinfo\",\"logoutUrl\":\"https:\\\/\\\/login.pilotescola.digital\\\/auth\\\/logout\",\"clientId\":\"nextcloud\",\"clientSecret\":\"Sup3rS3cr3t\",\"scope\":\"openid profile offline email\",\"groupsClaim\":\"\",\"style\":\"\",\"defaultGroup\":\"\"}]}" + }, + "support": { + "installed_version": "1.4.0", + "types": "session", + "enabled": "yes" + }, + "survey_client": { + "installed_version": "1.9.0", + "types": "", + "enabled": "yes" + }, + "systemtags": { + "installed_version": "1.11.0", + "types": "logging", + "enabled": "yes" + }, + "text": { + "installed_version": "3.2.0", + "types": "dav", + "enabled": "yes" + }, + "theming": { + "installed_version": "1.12.0", + "types": "logging", + "enabled": "yes", + "logoheaderMime": "image\/png", + "name": "Pilot Escola", + "url": "***REMOVED SENSITIVE VALUE***", + "slogan": "***REMOVED SENSITIVE VALUE***", + "color": "#FFFFFF", + "cachebuster": "9", + "logoMime": "image\/png", + "faviconMime": "image\/png" + }, + "twofactor_backupcodes": { + "installed_version": "1.10.0", + "types": "", + "enabled": "yes" + }, + "updatenotification": { + "installed_version": "1.11.0", + "types": "", + "enabled": "yes" + }, + "user_status": { + "installed_version": "1.1.1", + "types": "", + "enabled": "yes" + }, + "viewer": { + "installed_version": "1.5.0", + "types": "", + "enabled": "yes" + }, + "weather_status": { + "installed_version": "1.1.0", + "types": "", + "enabled": "yes" + }, + "workflowengine": { + "installed_version": "2.3.0", + "types": "filesystem", + "enabled": "yes" + } + } +} diff --git a/config/nextcloud/run.sh b/config/nextcloud/run.sh new file mode 100644 index 0000000..cf87af0 --- /dev/null +++ b/config/nextcloud/run.sh @@ -0,0 +1,14 @@ +# Dump whole config +#docker exec -ti nextcloud-app /bin/sh -c "su - www-data -s /bin/sh -c 'PHP_MEMORY_LIMIT=512M php /var/www/html/occ config:list'" > nextcloud_config_20210308.json + +# Install Social Login plugin +#su - www-data -s /bin/sh -c 'PHP_MEMORY_LIMIT=512M php /var/www/html/occ app:install sociallogin' + +# Redirect to mokey on login +#su - www-data -s /bin/sh -c 'PHP_MEMORY_LIMIT=512M php /var/www/html/occ config:system:set social_login_auto_redirect true' + +# Dump Social Login config +#su - www-data -s /bin/sh -c 'PHP_MEMORY_LIMIT=512M php /var/www/html/occ config:list sociallogin' + +# Import json with social login config +#su - www-data -s /bin/sh -c 'PHP_MEMORY_LIMIT=512M php /var/www/html/occ config:import sociallogin.json' diff --git a/docker/_tests/onlyoffice_build/README.md b/docker/_tests/onlyoffice_build/README.md new file mode 100644 index 0000000..d552b88 --- /dev/null +++ b/docker/_tests/onlyoffice_build/README.md @@ -0,0 +1,5 @@ +It should be copied inside build_tools.sh and build it. +The submodule needs recursive git submodule but don't know if it is correct. + +We should modify image scripts to get rid of users limits (https://autoize.com/building-onlyoffice-document-server-from-source/) +We should create an onlyoffice docker-compose that starts with those compiled files. diff --git a/docker/_tests/onlyoffice_build/build_onlyoffice.yml b/docker/_tests/onlyoffice_build/build_onlyoffice.yml new file mode 100644 index 0000000..81f152c --- /dev/null +++ b/docker/_tests/onlyoffice_build/build_onlyoffice.yml @@ -0,0 +1,10 @@ +version: '3.7' +services: + onlyoffice-build: + build: + context: . + dockerfile: Dockerfile + container_name: onlyoffice-build + restart: "no" + volumes: + - ./out:/build_tools/out \ No newline at end of file diff --git a/docker/_tests/reference-nextcloud-with-office/document-server/Dockerfile b/docker/_tests/reference-nextcloud-with-office/document-server/Dockerfile new file mode 100644 index 0000000..936c858 --- /dev/null +++ b/docker/_tests/reference-nextcloud-with-office/document-server/Dockerfile @@ -0,0 +1,84 @@ +FROM ubuntu:16.04 + +RUN apt update +RUN apt-get install -yq curl apt-transport-https ca-certificates +RUN curl -sL https://deb.nodesource.com/setup_10.x | bash - + +RUN apt-get install -y nodejs +RUN npm install -g npm +RUN npm install -g grunt-cli + +RUN apt-get install --force-yes -yq \ +wget \ +build-essential \ +libcurl4-gnutls-dev \ +libglib2.0-dev \ +libgdk-pixbuf2.0-dev \ +libgtkglext1-dev \ +libatk1.0-dev \ +libcairo2-dev \ +libxml2-dev \ +libxss-dev \ +libgconf2-dev \ +default-jre \ +qt5-qmake \ +qt5-default \ +p7zip-full \ +git \ +subversion +#libicu-dev + +RUN mkdir /build && cd /build +WORKDIR /build +RUN wget https://github.com/unicode-org/icu/archive/release-58-3.tar.gz +RUN tar xvzf release-58-3.tar.gz +RUN cd icu-release-58-3/icu4c/source +WORKDIR /build/icu-release-58-3/icu4c/source +RUN ./configure +RUN make +RUN make install +WORKDIR / +RUN rm -rf build + +RUN git clone --recursive https://github.com/ONLYOFFICE/DocumentServer.git +WORKDIR DocumentServer + +## server/Common/sources/constants.js +# exports.LICENSE_CONNECTIONS = 20; +# exports.LICENSE_CONNECTIONS = 99999; +RUN cd core/Common/3dParty && ./make.sh +#RUN cd DocumentServer/core/Common/3dParty +#./make.sh +RUN echo "XXXXXXXXXXXXXXXXXXXXXXXX" +WORKDIR /DocumentServer/core +RUN make +RUN cd ../sdkjs && make +RUN cd ../server && make + +RUN apt-get install adduser redis-server rabbitmq-server nodejs libstdc++6 libcurl3 libxml2 libboost-regex-dev zlib1g fonts-dejavu fonts-liberation ttf-mscorefonts-installer fonts-crosextra-carlito fonts-takao-gothic fonts-opensymbol libxss1 libcairo2 xvfb libxtst6 libgconf2-4 libasound2 + +RUN for font in \ +lohit-assamese \ +lohit-bengali \ +lohit-devanagari \ +lohit-gujarati \ +lohit-kannada \ +lohit-malayalam \ +lohit-oriya \ +lohit-punjabi \ +lohit-tamil \ +lohit-tamil-classical \ +lohit-telugu \ +nanum \ +noto \ +opensans \ +padauk \ +samyak \ +samyak-fonts \ +tibetan-machine \ +ttf-khmeros-core \ +ubuntu-font-family \ +wqy-zenhei; \ +do rm -rf build/core-fonts/${font}; done + +RUN cd ../server && sudo make install diff --git a/docker/bbb/scalelite/env.sample b/docker/bbb/scalelite/env.sample new file mode 100644 index 0000000..16effa7 --- /dev/null +++ b/docker/bbb/scalelite/env.sample @@ -0,0 +1,12 @@ +URL_HOST=scalelite.domain +SECRET_KEY_BASE=SEE_MANUAL + +LOADBALANCER_SECRET=THE_SECRET_YOU_WANT_TO_USE_FOR_SCALELITE_BBB_API +DATABASE_URL=postgresql://postgres:INSERT_DB_PASSWORD_HERE@db:5432 +REDIS_URL=redis://redis:6379 + +NGINX_SSL=true +#SCALELITE_NGINX_EXTRA_OPTS=--mount type=bind,source=/etc/letsencrypt,target=/etc/nginx/ssl,readonly + +SCALELITE_TAG=v1 +SCALELITE_RECORDING_DIR=/mnt/scalelite-recordings diff --git a/docker/bbb/scalelite/scalelite.yml b/docker/bbb/scalelite/scalelite.yml new file mode 100644 index 0000000..6ea4032 --- /dev/null +++ b/docker/bbb/scalelite/scalelite.yml @@ -0,0 +1,75 @@ +version: '3' + +services: + greenlight: + entrypoint: [bin/start] + image: greenlight-local:release-v2 + container_name: greenlight-v2 + env_file: /etc/default/greenlight + restart: unless-stopped + volumes: + - /var/log/greenlight:/usr/src/app/log + - /opt/greenlight/storage:/usr/src/app/storage + depends_on: + - db + db: + image: postgres:9.5 + restart: unless-stopped + volumes: + - /opt/postgres:/var/lib/postgresql/data + environment: + - POSTGRES_DB=postgres + - POSTGRES_USER=postgres + - POSTGRES_PASSWORD=very_secret + redis: + image: redis:latest + command: redis-server --appendonly yes + restart: unless-stopped + volumes: + - /opt/redis:/data + scalelite-api: + image: blindsidenetwks/scalelite:${SCALELITE_TAG}-api + container_name: scalelite-api + restart: unless-stopped + env_file: /etc/default/scalelite + volumes: + - ${SCALELITE_RECORDING_DIR}:/var/bigbluebutton + depends_on: + - db + - redis + scalelite-nginx: + image: blindsidenetwks/scalelite:${SCALELITE_TAG}-nginx + restart: unless-stopped + container_name: scalelite-nginx + env_file: /etc/default/scalelite + depends_on: + - scalelite-api + - db + - redis + volumes: + - ${SCALELITE_RECORDING_DIR}/published:/var/bigbluebutton/published + - /etc/ssl:/etc/nginx/ssl:ro + - /opt/greenlight/greenlight.nginx:/etc/bigbluebutton/nginx/greenlight.nginx + ports: + - "80:80" + - "443:443" + scalelite-poller: + image: blindsidenetwks/scalelite:${SCALELITE_TAG}-poller + container_name: scalelite-poller + restart: unless-stopped + env_file: /etc/default/scalelite + depends_on: + - scalelite-api + - db + - redis + scalelite-recording-importer: + image: blindsidenetwks/scalelite:${SCALELITE_TAG}-recording-importer + container_name: scalelite-recording-importer + restart: unless-stopped + env_file: /etc/default/scalelite + volumes: + - ${SCALELITE_RECORDING_DIR}:/var/bigbluebutton + depends_on: + - scalelite-api + - db + - redis diff --git a/docker/etherpad/Dockerfile b/docker/etherpad/Dockerfile new file mode 100755 index 0000000..28c2f50 --- /dev/null +++ b/docker/etherpad/Dockerfile @@ -0,0 +1,34 @@ +FROM node:lts +MAINTAINER James Swineson + +ENV ETHERPAD_VERSION 1.8.13 + +ENV NODE_ENV production + +RUN apt-get update && \ + apt-get upgrade -y && \ + apt-get install -y curl unzip mysql-client supervisor gzip git python libssl-dev pkg-config build-essential && \ + rm -r /var/lib/apt/lists/* + +WORKDIR /opt/ + +RUN curl -SL \ + https://github.com/ether/etherpad-lite/archive/${ETHERPAD_VERSION}.zip \ + > etherpad.zip && unzip etherpad && rm etherpad.zip && \ + mv etherpad-lite-${ETHERPAD_VERSION} etherpad-lite + +WORKDIR etherpad-lite + +RUN bin/installDeps.sh \ + && rm settings.json +COPY entrypoint.sh /entrypoint.sh + +RUN sed -i 's/^node/exec\ node/' bin/run.sh + +VOLUME /opt/etherpad-lite/var +RUN ln -s var/settings.json settings.json +ADD supervisor.conf /etc/supervisor/supervisor.conf + +EXPOSE 9001 +ENTRYPOINT ["/entrypoint.sh"] +CMD ["supervisord", "-c", "/etc/supervisor/supervisor.conf", "-n"] diff --git a/docker/etherpad/entrypoint.sh b/docker/etherpad/entrypoint.sh new file mode 100755 index 0000000..38e487b --- /dev/null +++ b/docker/etherpad/entrypoint.sh @@ -0,0 +1,99 @@ +#!/bin/bash +#set -e + +#: ${MYSQL_PORT_3306_TCP_ADDR:=mysql} + +#if [ -z "$MYSQL_PORT_3306_TCP_ADDR" ]; then +# echo >&2 'error: missing MYSQL_PORT_3306_TCP environment variable' +# echo >&2 ' Did you forget to --link some_mysql_container:mysql ?' +# exit 1 +#fi + +# if we're linked to MySQL, and we're using the root user, and our linked +# container has a default "root" password set up and passed through... :) +: ${ETHERPAD_DB_USER:=root} +if [ "$ETHERPAD_DB_USER" = 'root' ]; then + : ${ETHERPAD_DB_PASSWORD:=$MYSQL_ENV_MYSQL_ROOT_PASSWORD} +fi +: ${ETHERPAD_DB_NAME:=etherpad} + +ETHERPAD_DB_NAME=$( echo $ETHERPAD_DB_NAME | sed 's/\./_/g' ) + +if [ -z "$ETHERPAD_DB_PASSWORD" ]; then + echo >&2 'error: missing required ETHERPAD_DB_PASSWORD environment variable' + echo >&2 ' Did you forget to -e ETHERPAD_DB_PASSWORD=... ?' + echo >&2 + echo >&2 ' (Also of interest might be ETHERPAD_DB_USER and ETHERPAD_DB_NAME.)' + exit 1 +fi + +: ${ETHERPAD_TITLE:=Etherpad} +: ${ETHERPAD_PORT:=9001} + +cat settings.json +if [ ! -f settings.json ]; then + + # cat <<- EOF > settings.json + # { + # "title": "${ETHERPAD_TITLE}", + # "ip": "0.0.0.0", + # "port": ${ETHERPAD_PORT}, + # "maxAge": "${ETHERPAD_MAXAGE:-3600}", + # "minify": true, + # "dbType" : "mysql", + # "dbSettings" : { + # "user" : "${ETHERPAD_DB_USER}", + # "host" : "${MYSQL_PORT_3306_TCP_ADDR}", + # "password": "${ETHERPAD_DB_PASSWORD}", + # "database": "${ETHERPAD_DB_NAME}" + # }, + # EOF + + cat <<- EOF > settings.json + { + "title": "${ETHERPAD_TITLE}", + "ip": "0.0.0.0", + "port": ${ETHERPAD_PORT}, + "maxAge": "${ETHERPAD_MAXAGE:-3600}", + "minify": true, + "dbType": "postgres", + "dbSettings": { + "user": "etherpad", + "host": "${ETHERPAD_DB_HOST}", + "port": 5432, + "password": "${ETHERPAD_DB_PASSWORD}", + "database": "${ETHERPAD_DB_NAME}", + "charset": "utf8mb4" + }, + EOF + + if [ $ETHERPAD_ADMIN_PASSWORD ]; then + + : ${ETHERPAD_ADMIN_USER:=admin} + + cat <<- EOF >> settings.json + "users": { + "${ETHERPAD_ADMIN_USER}": { + "password": "${ETHERPAD_ADMIN_PASSWORD}", + "is_admin": true + } + }, + EOF + fi + + cat <<- EOF >> settings.json + } + EOF +fi + +cat settings.json +echo "Installing plugins..." +if [ $ETHERPAD_PLUGINS ]; then + IFS=',' read -r -a PLUGIN_LIST <<< "$ETHERPAD_PLUGINS" + for PLUGIN in "${PLUGIN_LIST[@]}" + do + npm install ${PLUGIN} + done +fi + +exec "$@" diff --git a/docker/etherpad/etherpad.yml b/docker/etherpad/etherpad.yml new file mode 100644 index 0000000..f6fb0ff --- /dev/null +++ b/docker/etherpad/etherpad.yml @@ -0,0 +1,39 @@ +version: '3' + +services: + etherpad: + build: + context: ${BUILD_ROOT_PATH}/docker/etherpad + dockerfile: Dockerfile + container_name: etherpad + restart: on-failure:10 +# ports: +# - 9001:9001 +# env_file: etherpad.env + security_opt: + - no-new-privileges:true + healthcheck: + test: ["CMD", "curl", "-f", "http://localhost:9001"] + interval: 1m30s + timeout: 10s + retries: 3 + environment: + ETHERPAD_TITLE: Title + ETHERPAD_PORT: 9001 + ETHERPAD_ADMIN_PASSWORD: ${ADMIN_PWD} + ETHERPAD_ADMIN_USER: ${ADMIN_USER} + ETHERPAD_PLUGIN: ep_adminpads,ep_headings2 + ETHERPAD_MAXAGE: 3600 + ETHERPAD_DB_USER: etherpad + ETHERPAD_DB_PASSWORD: 3th3rpad + ETHERPAD_API_KEY: your-api-key + ETHERPAD_DB_NAME: etherpad + ETHERPAD_DB_HOST: office-postgres + networks: + - isard_net + +# depends_on: +# - db + +#volumes: +# db: diff --git a/docker/etherpad/supervisor.conf b/docker/etherpad/supervisor.conf new file mode 100755 index 0000000..f83ac2d --- /dev/null +++ b/docker/etherpad/supervisor.conf @@ -0,0 +1,22 @@ +[supervisord] +nodaemon=true + +[unix_http_server] +file=/var/run//supervisor.sock +chmod=0700 + +[rpcinterface:supervisor] +supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface + +[supervisorctl] +serverurl=unix:///var/run//supervisor.sock + +[program:etherpad] +directory=/opt/etherpad-lite/bin +command=/opt/etherpad-lite/bin/run.sh --root +user=root +autostart=true +autorestart=true +stdout_logfile=/dev/fd/1 +stdout_logfile_maxbytes=0 +redirect_stderr=true \ No newline at end of file diff --git a/docker/haproxy/Dockerfile b/docker/haproxy/Dockerfile new file mode 100644 index 0000000..816ebc9 --- /dev/null +++ b/docker/haproxy/Dockerfile @@ -0,0 +1,15 @@ +FROM haproxy:alpine as production +RUN apk add openssl certbot py-pip +RUN pip install pip install certbot-plugin-gandi + + +ADD letsencrypt.sh / +ADD letsencrypt-check.sh / +ADD deploy-hook.sh /etc/letsencrypt/renewal-hooks/deploy/ +COPY auto-generate-certs.sh /usr/local/bin/ +COPY docker-entrypoint.sh /usr/local/bin/ +COPY auto-generate-certs.sh / +RUN rm /docker-entrypoint.sh +RUN ln -s /usr/local/bin/docker-entrypoint.sh / +RUN chmod 775 docker-entrypoint.sh +ADD haproxy.conf /usr/local/etc/haproxy/haproxy.cfg diff --git a/docker/haproxy/_common/auto-generate-certs.sh b/docker/haproxy/_common/auto-generate-certs.sh new file mode 100755 index 0000000..055a7fb --- /dev/null +++ b/docker/haproxy/_common/auto-generate-certs.sh @@ -0,0 +1,32 @@ +cd /certs + +# Self signed cert generic data +C=CA +L=Barcelona +O=localdomain +CN_CA=$O +CN_HOST=*.$O +OU=$O + +echo '#### Creating 2048-bit RSA key:' +openssl genrsa -out ca-key.pem 2048 + +echo '#### Using the key to create a self-signed certificate to your CA:' +openssl req -new -x509 -days 9999 -key ca-key.pem -out ca-cert.pem -sha256 \ + -subj "/C=$C/L=$L/O=$O/CN=$CN_CA" + +echo '#### Creating server certificate:' +openssl genrsa -out server-key.pem 2048 + +echo '#### Creating a certificate signing request for the server:' +openssl req -new -key server-key.pem -sha256 -out server-key.csr \ + -subj "/CN=$CN_HOST" + +echo '#### Creating server certificate:' +RND=$(( ( RANDOM % 1000 ) + 1 )) +openssl x509 -req -days 9999 -in server-key.csr -CA ca-cert.pem -CAkey ca-key.pem \ + -set_serial $RND -sha256 -out server-cert.pem + +echo '#### Concatenate certs for haprox' +cat server-cert.pem server-key.pem > chain.pem +chmod 440 * diff --git a/docker/haproxy/_common/haproxy-docker-entrypoint.sh b/docker/haproxy/_common/haproxy-docker-entrypoint.sh new file mode 100644 index 0000000..8d55012 --- /dev/null +++ b/docker/haproxy/_common/haproxy-docker-entrypoint.sh @@ -0,0 +1,23 @@ +#!/bin/sh +set -e + +prepare.sh + +if [ ! -f /certs/chain.pem ]; then + auto-generate-certs.sh +fi + +# first arg is `-f` or `--some-option` +if [ "${1#-}" != "$1" ]; then + set -- haproxy "$@" +fi + +if [ "$1" = 'haproxy' ]; then + shift # "haproxy" + # if the user wants "haproxy", let's add a couple useful flags + # -W -- "master-worker mode" (similar to the old "haproxy-systemd-wrapper"; allows for reload via "SIGUSR2") + # -db -- disables background mode + set -- haproxy -W -db "$@" +fi + +exec "$@" diff --git a/docker/haproxy/_common/letsencrypt-hook-deploy-concatenante.sh b/docker/haproxy/_common/letsencrypt-hook-deploy-concatenante.sh new file mode 100755 index 0000000..b7bbf91 --- /dev/null +++ b/docker/haproxy/_common/letsencrypt-hook-deploy-concatenante.sh @@ -0,0 +1,4 @@ +#!/bin/sh +cat $RENEWED_LINEAGE/fullchain.pem $RENEWED_LINEAGE/privkey.pem > /certs/chain.pem + +kill -SIGUSR2 1 diff --git a/docker/haproxy/_common/letsencrypt-renew-cron.sh b/docker/haproxy/_common/letsencrypt-renew-cron.sh new file mode 100755 index 0000000..7a839f2 --- /dev/null +++ b/docker/haproxy/_common/letsencrypt-renew-cron.sh @@ -0,0 +1,2 @@ +#!/bin/sh +certbot renew --cert-name $LETSENCRYPT_DOMAIN diff --git a/docker/haproxy/_common/letsencrypt.sh b/docker/haproxy/_common/letsencrypt.sh new file mode 100755 index 0000000..f7bfb36 --- /dev/null +++ b/docker/haproxy/_common/letsencrypt.sh @@ -0,0 +1,18 @@ +#!/bin/sh +if [ -f /letsencrypt-hook-deploy-concatenante.sh ] +then + mkdir -p /etc/letsencrypt/renewal-hooks/deploy/ + mv /letsencrypt-hook-deploy-concatenante.sh /etc/letsencrypt/renewal-hooks/deploy/concatenate.sh +fi + +if [ -n "$LETSENCRYPT_DOMAIN" -a -n "$LETSENCRYPT_EMAIL" ] +then + LETSENCRYPT_DOMAIN="$LETSENCRYPT_DOMAIN" crond + if [ ! -f /certs/chain.pem ] + then + if certbot certonly --standalone -d "$LETSENCRYPT_DOMAIN" -m "$LETSENCRYPT_EMAIL" -n --agree-tos + then + RENEWED_LINEAGE="/etc/letsencrypt/live/$LETSENCRYPT_DOMAIN" /etc/letsencrypt/renewal-hooks/deploy/concatenate.sh + fi + fi +fi diff --git a/docker/haproxy/auto-generate-certs.sh b/docker/haproxy/auto-generate-certs.sh new file mode 100755 index 0000000..4f0e6a7 --- /dev/null +++ b/docker/haproxy/auto-generate-certs.sh @@ -0,0 +1,36 @@ +mkdir /certs +cd /certs + +# Self signed cert generic data +C=CA +L=Barcelona +O=localdomain +CN_CA=$O +CN_HOST=*.$O +OU=$O + +echo '#### Creating 2048-bit RSA key:' +openssl genrsa -out ca-key.pem 2048 + +echo '#### Using the key to create a self-signed certificate to your CA:' +openssl req -new -x509 -days 9999 -key ca-key.pem -out ca-cert.pem -sha256 \ + -subj "/C=$C/L=$L/O=$O/CN=$CN_CA" + +echo '#### Creating server certificate:' +openssl genrsa -out server-key.pem 2048 + +echo '#### Creating a certificate signing request for the server:' +openssl req -new -key server-key.pem -sha256 -out server-key.csr \ + -subj "/CN=$CN_HOST" + +echo '#### Creating server certificate:' +RND=$(( ( RANDOM % 1000 ) + 1 )) +openssl x509 -req -days 9999 -in server-key.csr -CA ca-cert.pem -CAkey ca-key.pem \ + -set_serial $RND -sha256 -out server-cert.pem + + +chmod 440 * + +echo '#### Concatenate certs for haprox' +cat server-cert.pem server-key.pem > /certs/chain.pem +cd / diff --git a/docker/haproxy/deploy-hook.sh b/docker/haproxy/deploy-hook.sh new file mode 100755 index 0000000..30b157a --- /dev/null +++ b/docker/haproxy/deploy-hook.sh @@ -0,0 +1,8 @@ +#!/bin/sh +echo "Domain(s) $LETSENCRYPT_DNS renewed. Restarting haproxy..." + cat /etc/letsencrypt/live/$LETSENCRYPT_DNS/fullchain.pem /etc/letsencrypt/live/$LETSENCRYPT_DNS/privkey.pem > /certs/chain.pem + chmod 440 /certs/chain.pem + mkdir -p /certs/letsencrypt/$LETSENCRYPT_DNS + cp /etc/letsencrypt/live/$LETSENCRYPT_DNS/* /certs/letsencrypt/$LETSENCRYPT_DNS/ + +kill -SIGUSR2 1 diff --git a/docker/haproxy/docker-entrypoint.sh b/docker/haproxy/docker-entrypoint.sh new file mode 100644 index 0000000..4b209d6 --- /dev/null +++ b/docker/haproxy/docker-entrypoint.sh @@ -0,0 +1,27 @@ +#!/bin/sh +set -e + +# Set debug path password +PASSWD=$(python3 -c 'import os,crypt,getpass; print(crypt.crypt(os.environ["ADMIN_PWD"], crypt.mksalt(crypt.METHOD_SHA512)))') +sed -i "/^ user admin password/c\ user admin password $ADMIN_PWD" /usr/local/etc/haproxy/haproxy.cfg + +#/bin/sh /letsencrypt.sh + +if [ ! -e "/certs/chain.pem" ]; then + auto-generate-certs.sh +fi + +# first arg is `-f` or `--some-option` +if [ "${1#-}" != "$1" ]; then + set -- haproxy "$@" +fi + +if [ "$1" = 'haproxy' ]; then + shift # "haproxy" + # if the user wants "haproxy", let's add a couple useful flags + # -W -- "master-worker mode" (similar to the old "haproxy-systemd-wrapper"; allows for reload via "SIGUSR2") + # -db -- disables background mode + set -- haproxy -W -db "$@" +fi + +exec "$@" diff --git a/docker/haproxy/haproxy.conf b/docker/haproxy/haproxy.conf new file mode 100644 index 0000000..7b73eb0 --- /dev/null +++ b/docker/haproxy/haproxy.conf @@ -0,0 +1,82 @@ +resolvers mydns + nameserver dns1 127.0.0.11:53 + +global +# debug + daemon + log 127.0.0.1 local0 + tune.ssl.default-dh-param 2048 + + defaults + mode http + timeout connect 25s + timeout client 25s + timeout client-fin 25s + timeout server 25s + timeout tunnel 7200s + option http-server-close + option httpclose + log global + option httplog + backlog 4096 + maxconn 2000 + option tcpka + +frontend website + mode http + bind :80 + redirect scheme https if !{ ssl_fc } + bind :443 ssl crt /certs/chain.pem + + acl is_nextcloud hdr_beg(host) nextcloud. + acl is_moodle hdr_beg(host) moodle. + acl is_jitsi hdr_beg(host) jitsi. + + use_backend be_nextcloud if is_nextcloud + use_backend be_moodle if is_moodle + use_backend be_jitsi if is_jitsi + + default_backend be_moodle + +backend be_moodle + mode http + acl existing-x-forwarded-host req.hdr(X-Forwarded-Host) -m found + acl existing-x-forwarded-proto req.hdr(X-Forwarded-Proto) -m found + http-request add-header X-Forwarded-Host %[req.hdr(Host)] unless existing-x-forwarded-host + http-request add-header X-Forwarded-Proto https unless existing-x-forwarded-proto + server moodle moodle:8080 check port 8080 inter 5s rise 2 fall 10 resolvers mydns init-addr none + +backend be_nextcloud + mode http + acl existing-x-forwarded-host req.hdr(X-Forwarded-Host) -m found + acl existing-x-forwarded-proto req.hdr(X-Forwarded-Proto) -m found + http-request add-header X-Forwarded-Host %[req.hdr(Host)] unless existing-x-forwarded-host + http-request add-header X-Forwarded-Proto https unless existing-x-forwarded-proto + server nextcloud nextcloud:80 check port 80 inter 5s rise 2 fall 10 resolvers mydns init-addr none + +backend be_jitsi + mode http + acl existing-x-forwarded-host req.hdr(X-Forwarded-Host) -m found + acl existing-x-forwarded-proto req.hdr(X-Forwarded-Proto) -m found + http-request add-header X-Forwarded-Host %[req.hdr(Host)] unless existing-x-forwarded-host + http-request add-header X-Forwarded-Proto https unless existing-x-forwarded-proto + server jitsi jitsi:80 check port 80 inter 5s rise 2 fall 10 resolvers mydns init-addr none + + listen stats + bind 0.0.0.0:8888 + mode http + stats enable + option httplog + stats show-legends + stats uri /haproxy + stats realm Haproxy\ Statistics + stats refresh 5s + #stats auth staging:pep1n1ll0 + #acl authorized http_auth(AuthUsers) + #stats http-request auth unless authorized + timeout connect 5000ms + timeout client 50000ms + timeout server 50000ms + +userlist AuthUsers + user admin password $6$grgQMVfwI0XSGAQl$2usaQC9LVXXXYHtSkGUf74CIGsiH8fi/K.V6DuKSq0twPkmFGP2vL/b//Ulp2I4xBEZ3eYDhUbwBPK8jpmsbo. diff --git a/docker/haproxy/haproxy.yml b/docker/haproxy/haproxy.yml new file mode 100644 index 0000000..1b1e5c9 --- /dev/null +++ b/docker/haproxy/haproxy.yml @@ -0,0 +1,21 @@ +--- +version: '3.7' +services: + isard-apps-haproxy: + build: + context: ${BUILD_ROOT_PATH}/docker/haproxy + dockerfile: Dockerfile + target: production + container_name: isard-apps-haproxy + restart: unless-stopped + environment: + - POSTGRES_PASSWORD=${POSTGRES_PASSWORD} + volumes: + - ${DATA_FOLDER}/haproxy/certs:/certs:rw + networks: + - isard_net + ports: + - published: 80 + target: 80 + - published: 443 + target: 443 diff --git a/docker/haproxy/letsencrypt-check.sh b/docker/haproxy/letsencrypt-check.sh new file mode 100755 index 0000000..84e3f6b --- /dev/null +++ b/docker/haproxy/letsencrypt-check.sh @@ -0,0 +1,7 @@ +#!/bin/sh +trap exit TERM +while : +do + sleep 12h + certbot renew --http-01-port 8888 +done diff --git a/docker/haproxy/letsencrypt.sh b/docker/haproxy/letsencrypt.sh new file mode 100755 index 0000000..717447b --- /dev/null +++ b/docker/haproxy/letsencrypt.sh @@ -0,0 +1,15 @@ +RENEW=0 +if [[ ! -f /certs/chain.pem && ! -z "$LETSENCRYPT_EMAIL" && ! -z "$LETSENCRYPT_DNS" ]]; then + /usr/bin/certbot certonly --standalone -d "$LETSENCRYPT_DNS" -m "$LETSENCRYPT_EMAIL" -n --agree-tos + if [[ $? == 0 ]] ; then + cat /etc/letsencrypt/live/$LETSENCRYPT_DNS/fullchain.pem /etc/letsencrypt/live/$LETSENCRYPT_DNS/privkey.pem > /certs/chain.pem + chmod 440 /certs/chain.pem + mkdir -p /certs/letsencrypt/$LETSENCRYPT_DNS + cp /etc/letsencrypt/live/$LETSENCRYPT_DNS/* /certs/letsencrypt/$LETSENCRYPT_DNS/ + RENEW=1 + fi +fi + +if [ $RENEW == 1 ]; then + /bin/sh -c '/letsencrypt-check.sh' & +fi diff --git a/docker/haproxy/prepare.sh b/docker/haproxy/prepare.sh new file mode 100755 index 0000000..1b10204 --- /dev/null +++ b/docker/haproxy/prepare.sh @@ -0,0 +1,7 @@ +#!/bin/sh +# Set debug path password +PASSWD=$(python3 -c 'import os,crypt,getpass; print(crypt.crypt(os.environ["WEBAPP_ADMIN_PWD"], crypt.mksalt(crypt.METHOD_SHA512)))') +sed -i "/^ user admin password/c\ user admin password $ADMIN_PWD" /usr/local/etc/haproxy/haproxy.cfg + +#LETSENCRYPT_DOMAIN="$WEBAPP_LETSENCRYPT_DNS" LETSENCRYPT_EMAIL="$WEBAPP_LETSENCRYPT_EMAIL" +letsencrypt.sh diff --git a/docker/jitsi/jitsi.yml b/docker/jitsi/jitsi.yml new file mode 100644 index 0000000..2eab7bd --- /dev/null +++ b/docker/jitsi/jitsi.yml @@ -0,0 +1,258 @@ +version: '3' + +services: + # Frontend + jitsi: + container_name: jitsi + image: jitsi/web:latest + restart: ${RESTART_POLICY} +# ports: +# - '${HTTP_PORT}:80' +# - '${HTTPS_PORT}:443' + volumes: + - ${CONFIG}/web:/config:Z + - ${CONFIG}/transcripts:/usr/share/jitsi-meet/transcripts:Z + environment: + - ENABLE_LETSENCRYPT + - ENABLE_HTTP_REDIRECT + - ENABLE_HSTS + - ENABLE_XMPP_WEBSOCKET + - DISABLE_HTTPS + - LETSENCRYPT_DOMAIN + - LETSENCRYPT_EMAIL + - LETSENCRYPT_USE_STAGING + - PUBLIC_URL + - TZ + - AMPLITUDE_ID + - ANALYTICS_SCRIPT_URLS + - ANALYTICS_WHITELISTED_EVENTS + - BRIDGE_CHANNEL + - CALLSTATS_CUSTOM_SCRIPT_URL + - CALLSTATS_ID + - CALLSTATS_SECRET + - CHROME_EXTENSION_BANNER_JSON + - CONFCODE_URL + - CONFIG_EXTERNAL_CONNECT + - DEPLOYMENTINFO_ENVIRONMENT + - DEPLOYMENTINFO_ENVIRONMENT_TYPE + - DEPLOYMENTINFO_USERREGION + - DIALIN_NUMBERS_URL + - DIALOUT_AUTH_URL + - DIALOUT_CODES_URL + - DROPBOX_APPKEY + - DROPBOX_REDIRECT_URI + - DYNAMIC_BRANDING_URL + - ENABLE_AUDIO_PROCESSING + - ENABLE_AUTH + - ENABLE_CALENDAR + - ENABLE_FILE_RECORDING_SERVICE + - ENABLE_FILE_RECORDING_SERVICE_SHARING + - ENABLE_GUESTS + - ENABLE_IPV6 + - ENABLE_LIPSYNC + - ENABLE_NO_AUDIO_DETECTION + - ENABLE_P2P + - ENABLE_PREJOIN_PAGE + - ENABLE_WELCOME_PAGE + - ENABLE_CLOSE_PAGE + - ENABLE_RECORDING + - ENABLE_REMB + - ENABLE_REQUIRE_DISPLAY_NAME + - ENABLE_SIMULCAST + - ENABLE_STATS_ID + - ENABLE_STEREO + - ENABLE_SUBDOMAINS + - ENABLE_TALK_WHILE_MUTED + - ENABLE_TCC + - ENABLE_TRANSCRIPTIONS + - ETHERPAD_PUBLIC_URL + - ETHERPAD_URL_BASE + - GOOGLE_ANALYTICS_ID + - GOOGLE_API_APP_CLIENT_ID + - INVITE_SERVICE_URL + - JICOFO_AUTH_USER + - MATOMO_ENDPOINT + - MATOMO_SITE_ID + - MICROSOFT_API_APP_CLIENT_ID + - NGINX_RESOLVER + - NGINX_WORKER_PROCESSES + - NGINX_WORKER_CONNECTIONS + - PEOPLE_SEARCH_URL + - RESOLUTION + - RESOLUTION_MIN + - RESOLUTION_WIDTH + - RESOLUTION_WIDTH_MIN + - START_AUDIO_ONLY + - START_AUDIO_MUTED + - DISABLE_AUDIO_LEVELS + - ENABLE_NOISY_MIC_DETECTION + - START_BITRATE + - DESKTOP_SHARING_FRAMERATE_MIN + - DESKTOP_SHARING_FRAMERATE_MAX + - START_VIDEO_MUTED + - TESTING_CAP_SCREENSHARE_BITRATE + - TESTING_OCTO_PROBABILITY + - XMPP_AUTH_DOMAIN + - XMPP_BOSH_URL_BASE + - XMPP_DOMAIN + - XMPP_GUEST_DOMAIN + - XMPP_MUC_DOMAIN + - XMPP_RECORDER_DOMAIN + - TOKEN_AUTH_URL + networks: + isard_net: + aliases: + - ${XMPP_DOMAIN} + + # XMPP server + prosody: + image: jitsi/prosody:latest + restart: ${RESTART_POLICY} + expose: + - '5222' + - '5347' + - '5280' + volumes: + - ${CONFIG}/prosody/config:/config:Z + - ${CONFIG}/prosody/prosody-plugins-custom:/prosody-plugins-custom:Z + environment: + - AUTH_TYPE + - ENABLE_AUTH + - ENABLE_GUESTS + - ENABLE_LOBBY + - ENABLE_XMPP_WEBSOCKET + - GLOBAL_MODULES + - GLOBAL_CONFIG + - LDAP_URL + - LDAP_BASE + - LDAP_BINDDN + - LDAP_BINDPW + - LDAP_FILTER + - LDAP_AUTH_METHOD + - LDAP_VERSION + - LDAP_USE_TLS + - LDAP_TLS_CIPHERS + - LDAP_TLS_CHECK_PEER + - LDAP_TLS_CACERT_FILE + - LDAP_TLS_CACERT_DIR + - LDAP_START_TLS + - XMPP_DOMAIN + - XMPP_AUTH_DOMAIN + - XMPP_GUEST_DOMAIN + - XMPP_MUC_DOMAIN + - XMPP_INTERNAL_MUC_DOMAIN + - XMPP_MODULES + - XMPP_MUC_MODULES + - XMPP_INTERNAL_MUC_MODULES + - XMPP_RECORDER_DOMAIN + - XMPP_CROSS_DOMAIN + - JICOFO_COMPONENT_SECRET + - JICOFO_AUTH_USER + - JICOFO_AUTH_PASSWORD + - JVB_AUTH_USER + - JVB_AUTH_PASSWORD + - JIGASI_XMPP_USER + - JIGASI_XMPP_PASSWORD + - JIBRI_XMPP_USER + - JIBRI_XMPP_PASSWORD + - JIBRI_RECORDER_USER + - JIBRI_RECORDER_PASSWORD + - JWT_APP_ID + - JWT_APP_SECRET + - JWT_ACCEPTED_ISSUERS + - JWT_ACCEPTED_AUDIENCES + - JWT_ASAP_KEYSERVER + - JWT_ALLOW_EMPTY + - JWT_AUTH_TYPE + - JWT_TOKEN_AUTH_MODULE + - LOG_LEVEL + - PUBLIC_URL + - TZ + networks: + isard_net: + aliases: + - ${XMPP_SERVER} + + # Focus component + jicofo: + image: jitsi/jicofo:latest + restart: ${RESTART_POLICY} + volumes: + - ${CONFIG}/jicofo:/config:Z + environment: + - AUTH_TYPE + - BRIDGE_AVG_PARTICIPANT_STRESS + - BRIDGE_STRESS_THRESHOLD + - ENABLE_AUTH + - ENABLE_AUTO_OWNER + - ENABLE_CODEC_VP8 + - ENABLE_CODEC_VP9 + - ENABLE_CODEC_H264 + - ENABLE_RECORDING + - ENABLE_SCTP + - JICOFO_COMPONENT_SECRET + - JICOFO_AUTH_USER + - JICOFO_AUTH_PASSWORD + - JICOFO_ENABLE_BRIDGE_HEALTH_CHECKS + - JICOFO_CONF_INITIAL_PARTICIPANT_WAIT_TIMEOUT + - JICOFO_CONF_SINGLE_PARTICIPANT_TIMEOUT + - JICOFO_ENABLE_HEALTH_CHECKS + - JICOFO_SHORT_ID + - JICOFO_RESERVATION_ENABLED + - JICOFO_RESERVATION_REST_BASE_URL + - JIBRI_BREWERY_MUC + - JIBRI_REQUEST_RETRIES + - JIBRI_PENDING_TIMEOUT + - JIGASI_BREWERY_MUC + - JIGASI_SIP_URI + - JVB_BREWERY_MUC + - MAX_BRIDGE_PARTICIPANTS + - OCTO_BRIDGE_SELECTION_STRATEGY + - TZ + - XMPP_DOMAIN + - XMPP_AUTH_DOMAIN + - XMPP_INTERNAL_MUC_DOMAIN + - XMPP_MUC_DOMAIN + - XMPP_SERVER + depends_on: + - prosody + networks: + isard_net: + + # Video bridge + jvb: + image: jitsi/jvb:latest + restart: ${RESTART_POLICY} + ports: + - '${JVB_PORT}:${JVB_PORT}/udp' + - '${JVB_TCP_PORT}:${JVB_TCP_PORT}' + volumes: + - ${CONFIG}/jvb:/config:Z + environment: + - DOCKER_HOST_ADDRESS + - XMPP_AUTH_DOMAIN + - XMPP_INTERNAL_MUC_DOMAIN + - XMPP_SERVER + - JVB_AUTH_USER + - JVB_AUTH_PASSWORD + - JVB_BREWERY_MUC + - JVB_PORT + - JVB_TCP_HARVESTER_DISABLED + - JVB_TCP_PORT + - JVB_TCP_MAPPED_PORT + - JVB_STUN_SERVERS + - JVB_ENABLE_APIS + - JVB_WS_DOMAIN + - JVB_WS_SERVER_ID + - PUBLIC_URL + - TZ + depends_on: + - prosody + networks: + isard_net: + aliases: + - jvb.meet.jitsi + +networks: + isard_net: + name: isard_net \ No newline at end of file diff --git a/docker/jitsi/src b/docker/jitsi/src new file mode 160000 index 0000000..1fa5048 --- /dev/null +++ b/docker/jitsi/src @@ -0,0 +1 @@ +Subproject commit 1fa5048510059323678a25c5e52f4c7bad3b5099 diff --git a/docker/mariadb/docker-entrypoint-initdb.d/wordpress.sql b/docker/mariadb/docker-entrypoint-initdb.d/wordpress.sql new file mode 100755 index 0000000..08b0aef --- /dev/null +++ b/docker/mariadb/docker-entrypoint-initdb.d/wordpress.sql @@ -0,0 +1,4 @@ +CREATE DATABASE wordpress; +CREATE USER wordpress@localhost IDENTIFIED BY 'W0rdpr3ss'; +GRANT ALL PRIVILEGES ON wordpress.* TO wordpress@localhost; +FLUSH PRIVILEGES; \ No newline at end of file diff --git a/docker/mariadb/mariadb.yml b/docker/mariadb/mariadb.yml new file mode 100644 index 0000000..199dfb9 --- /dev/null +++ b/docker/mariadb/mariadb.yml @@ -0,0 +1,23 @@ +version: '3.7' +services: + isard-apps-mariadb: + image: mariadb:latest + container_name: isard-apps-mariadb +# ports: +# - ${IP}:3306:3306 # change ip if required + command: [ + '--default_authentication_plugin=mysql_native_password', + '--character-set-server=utf8mb4', + '--collation-server=utf8mb4_unicode_ci' + ] + volumes: + #- ${BUILD_ROOT_PATH}/docker/mariadb/docker-entrypoint-initdb.d:/docker-entrypoint-initdb.d + - ${DATA_FOLDER}/mariadb:/var/lib/mysql + environment: + #MYSQL_DATABASE: wordpress + MYSQL_ROOT_PASSWORD: ${MARIADB_PASSWORD} + MYSQL_DATABASE: wordpress + MYSQL_USER: wordpress + MYSQL_PASSWORD: W0rdpr3ss + networks: + - isard_net \ No newline at end of file diff --git a/docker/moodle/Dockerfile b/docker/moodle/Dockerfile new file mode 100644 index 0000000..e55638d --- /dev/null +++ b/docker/moodle/Dockerfile @@ -0,0 +1,145 @@ +FROM php:7-fpm-alpine + +RUN docker-php-source extract && \ + apk --no-cache add \ + php7 \ + php7-fpm \ + php7-opcache \ + php7-pecl-apcu \ + php7-mysqli \ + php7-pgsql \ + php7-json \ + php7-openssl \ + php7-curl \ + php7-zlib \ + php7-soap \ + php7-xml \ + php7-fileinfo \ + php7-phar \ + php7-intl \ + php7-dom \ + php7-xmlreader \ + php7-ctype \ + php7-session \ + php7-iconv \ + php7-tokenizer \ + php7-xmlrpc \ + php7-zip \ + php7-simplexml \ + php7-mbstring \ + php7-gd \ + nginx \ + runit \ + curl \ + # php7-pdo \ + # php7-pdo_pgsql \ + # php7-pdo_mysql \ + # php7-pdo_sqlite \ + # php7-bz2 \ + && docker-php-source delete + +RUN mv "$PHP_INI_DIR/php.ini-production" "$PHP_INI_DIR/php.ini" + + +# Add application +WORKDIR /var/www/html + +# Expose the port nginx is reachable on +EXPOSE 8080 + +# Let runit start nginx & php-fpm +CMD [ "/bin/docker-entrypoint.sh" ] + +# Configure a healthcheck to validate that everything is up&running +HEALTHCHECK --timeout=10s CMD curl --silent --fail http://127.0.0.1:8080/fpm-ping + +ENV client_max_body_size=2M \ + clear_env=no \ + allow_url_fopen=On \ + allow_url_include=Off \ + display_errors=Off \ + file_uploads=On \ + max_execution_time=0 \ + max_input_time=-1 \ + max_input_vars=1000 \ + memory_limit=128M \ + post_max_size=8M \ + upload_max_filesize=2M \ + zlib.output_compression=On + +ARG ARCH= +#FROM ${ARCH}erseco/alpine-php7-webserver AS base +FROM base-php7 +LABEL maintainer="Ernesto Serrano " + +#USER root +COPY rootfs / +#COPY 02-configure-moodle.sh docker-entrypoint-init.d/02-configure-moodle.sh +#COPY --chown=nobody rootfs/ / + +# crond needs root, so install dcron and cap package and set the capabilities +# on dcron binary https://github.com/inter169/systs/blob/master/alpine/crond/README.md +RUN apk add --no-cache dcron libcap && \ +# chown nobody:nobody /usr/sbin/crond && \ + setcap cap_setgid=ep /usr/sbin/crond + +#USER nobody + +# Change MOODLE_38_STABLE for new versions +ENV MOODLE_URL=https://github.com/moodle/moodle/archive/MOODLE_310_STABLE.tar.gz \ + LANG=en_US.UTF-8 \ + LANGUAGE=en_US:en \ + SITE_URL=http://localhost \ + DB_TYPE=pgsql \ + DB_HOST=postgres \ + DB_PORT=5432 \ + DB_NAME=moodle \ + DB_USER=moodle \ + DB_PASS=moodle \ + DB_PREFIX=mdl_ \ + SSLPROXY=false \ + MOODLE_EMAIL=user@example.com \ + MOODLE_LANGUAGE=en \ + MOODLE_SITENAME=New-Site \ + MOODLE_USERNAME=moodleuser \ + MOODLE_PASSWORD=PLEASE_CHANGEME \ + SMTP_HOST=smtp.gmail.com \ + SMTP_PORT=587 \ + SMTP_USER=your_email@gmail.com \ + SMTP_PASSWORD=your_password \ + SMTP_PROTOCOL=tls \ + MOODLE_MAIL_NOREPLY_ADDRESS=noreply@localhost \ + MOODLE_MAIL_PREFIX=[moodle] \ + client_max_body_size=50M \ + post_max_size=50M \ + upload_max_filesize=50M \ + max_input_vars=1000 + +#USER nobody + +#RUN curl --location $MOODLE_URL | tar xz --strip-components=1 -C /var/www/html/ + +#FROM erseco/alpine-moodle + + +#FROM base +#USER root +#RUN chmod a+rwx -R /var/www/html +#USER nobody + +#RUN curl --location https://moodle.org/plugins/download.php/23298/auth_oidc_moodle310_2020110900.zip > auth_oidc.zip +#RUN unzip auth_oidc.zip -d /var/www/html/auth/ +#RUN rm auth_oidc.zip + +#RUN curl --location https://moodle.org/plugins/download.php/23360/mod_jitsi_moodle310_2021020300.zip > jitsi.zip +#RUN unzip jitsi.zip -d /var/www/html/mod/ +#RUN rm jitsi.zip + +#RUN curl --location https://moodle.org/plugins/download.php/23294/mod_bigbluebuttonbn_moodle310_2019101004.zip > bbb.zip +#RUN unzip bbb.zip -d /var/www/html/mod/ +#RUN rm bbb.zip + +#ADD plugins/auth_saml2.zip /var/www/html/ + #RUN curl --location https://moodle.org/plugins/download.php/20505/auth_saml2_moodle37_2019110701.zip > auth_saml2.zip +#RUN unzip auth_saml2.zip -d /var/www/html/auth/ +#RUN rm auth_saml2.zip diff --git a/docker/moodle/Dockerfile.build b/docker/moodle/Dockerfile.build new file mode 100644 index 0000000..e54fc6f --- /dev/null +++ b/docker/moodle/Dockerfile.build @@ -0,0 +1,143 @@ +ARG ARCH= +FROM ${ARCH}alpine:3.13 as php-fpm + +LABEL Maintainer="Ernesto Serrano " \ + Description="Lightweight container with Nginx & PHP-FPM based on Alpine Linux." + +# Install packages +RUN apk --no-cache add \ + php7 \ + php7-fpm \ + php7-opcache \ + php7-pecl-apcu \ + php7-mysqli \ + php7-pgsql \ + php7-json \ + php7-openssl \ + php7-curl \ + php7-zlib \ + php7-soap \ + php7-xml \ + php7-fileinfo \ + php7-phar \ + php7-intl \ + php7-dom \ + php7-xmlreader \ + php7-ctype \ + php7-session \ + php7-iconv \ + php7-tokenizer \ + php7-xmlrpc \ + php7-zip \ + php7-simplexml \ + php7-mbstring \ + php7-gd \ + nginx \ + runit \ + curl \ + # php7-pdo \ + # php7-pdo_pgsql \ + # php7-pdo_mysql \ + # php7-pdo_sqlite \ + # php7-bz2 \ +# Bring in gettext so we can get `envsubst`, then throw +# the rest away. To do this, we need to install `gettext` +# then move `envsubst` out of the way so `gettext` can +# be deleted completely, then move `envsubst` back. + && apk add --no-cache --virtual .gettext gettext \ + && mv /usr/bin/envsubst /tmp/ \ + && runDeps="$( \ + scanelf --needed --nobanner /tmp/envsubst \ + | awk '{ gsub(/,/, "\nso:", $2); print "so:" $2 }' \ + | sort -u \ + | xargs -r apk info --installed \ + | sort -u \ + )" \ + && apk add --no-cache $runDeps \ + && apk del .gettext \ + && mv /tmp/envsubst /usr/local/bin/ \ +# Remove alpine cache + && rm -rf /var/cache/apk/* \ +# Remove default server definition + && rm /etc/nginx/conf.d/default.conf +# Make sure files/folders needed by the processes are accessable when they run under the nobody user +# && chown -R nobody.nobody /run \ +# && chown -R nobody.nobody /var/lib/nginx \ +# && chown -R nobody.nobody /var/log/nginx + +# Add configuration files +#COPY --chown=nobody rootfs/ / +COPY rootfs-php7/rootfs/ / + +# Switch to use a non-root user from here on +#USER nobody + +# Add application +WORKDIR /var/www/html + +# Expose the port nginx is reachable on +EXPOSE 8080 + +# Let runit start nginx & php-fpm +CMD [ "/bin/docker-entrypoint.sh" ] + +# Configure a healthcheck to validate that everything is up&running +HEALTHCHECK --timeout=10s CMD curl --silent --fail http://127.0.0.1:8080/fpm-ping + +ENV client_max_body_size=2M \ + clear_env=no \ + allow_url_fopen=On \ + allow_url_include=Off \ + display_errors=Off \ + file_uploads=On \ + max_execution_time=0 \ + max_input_time=-1 \ + max_input_vars=1000 \ + memory_limit=128M \ + post_max_size=8M \ + upload_max_filesize=2M \ + zlib.output_compression=On + + +FROM php-fpm as moodle +COPY rootfs/ / + +# crond needs root, so install dcron and cap package and set the capabilities +# on dcron binary https://github.com/inter169/systs/blob/master/alpine/crond/README.md +RUN apk add --no-cache dcron libcap && \ + chown nobody:nobody /usr/sbin/crond && \ + setcap cap_setgid=ep /usr/sbin/crond + +# Change MOODLE_38_STABLE for new versions +ENV MOODLE_URL=https://github.com/moodle/moodle/archive/MOODLE_310_STABLE.tar.gz \ + LANG=en_US.UTF-8 \ + LANGUAGE=en_US:en \ + SITE_URL=http://localhost \ + DB_TYPE=pgsql \ + DB_HOST=postgres \ + DB_PORT=5432 \ + DB_NAME=moodle \ + DB_USER=moodle \ + DB_PASS=moodle \ + DB_PREFIX=mdl_ \ + SSLPROXY=false \ + MOODLE_EMAIL=user@example.com \ + MOODLE_LANGUAGE=en \ + MOODLE_SITENAME=New-Site \ + MOODLE_USERNAME=moodleuser \ + MOODLE_PASSWORD=PLEASE_CHANGEME \ + SMTP_HOST=smtp.gmail.com \ + SMTP_PORT=587 \ + SMTP_USER=your_email@gmail.com \ + SMTP_PASSWORD=your_password \ + SMTP_PROTOCOL=tls \ + MOODLE_MAIL_NOREPLY_ADDRESS=noreply@localhost \ + MOODLE_MAIL_PREFIX=[moodle] \ + client_max_body_size=50M \ + post_max_size=50M \ + upload_max_filesize=50M \ + max_input_vars=1000 + +FROM moodle as production + +COPY plugins.sh / diff --git a/docker/moodle/Dockerfile.erseco b/docker/moodle/Dockerfile.erseco new file mode 100644 index 0000000..dd660ee --- /dev/null +++ b/docker/moodle/Dockerfile.erseco @@ -0,0 +1,175 @@ +ARG ARCH= +FROM ${ARCH}alpine:3.13 as base-php7 + +LABEL Maintainer="Ernesto Serrano " \ + Description="Lightweight container with Nginx & PHP-FPM based on Alpine Linux." + +# Install packages +RUN apk --no-cache add \ + php7 \ + php7-fpm \ + php7-opcache \ + php7-pecl-apcu \ + php7-mysqli \ + php7-pgsql \ + php7-json \ + php7-openssl \ + php7-curl \ + php7-zlib \ + php7-soap \ + php7-xml \ + php7-fileinfo \ + php7-phar \ + php7-intl \ + php7-dom \ + php7-xmlreader \ + php7-ctype \ + php7-session \ + php7-iconv \ + php7-tokenizer \ + php7-xmlrpc \ + php7-zip \ + php7-simplexml \ + php7-mbstring \ + php7-gd \ + nginx \ + runit \ + curl \ + # php7-pdo \ + # php7-pdo_pgsql \ + # php7-pdo_mysql \ + # php7-pdo_sqlite \ + # php7-bz2 \ +# Bring in gettext so we can get `envsubst`, then throw +# the rest away. To do this, we need to install `gettext` +# then move `envsubst` out of the way so `gettext` can +# be deleted completely, then move `envsubst` back. + && apk add --no-cache --virtual .gettext gettext \ + && mv /usr/bin/envsubst /tmp/ \ + && runDeps="$( \ + scanelf --needed --nobanner /tmp/envsubst \ + | awk '{ gsub(/,/, "\nso:", $2); print "so:" $2 }' \ + | sort -u \ + | xargs -r apk info --installed \ + | sort -u \ + )" \ + && apk add --no-cache $runDeps \ + && apk del .gettext \ + && mv /tmp/envsubst /usr/local/bin/ \ +# Remove alpine cache + && rm -rf /var/cache/apk/* \ +# Remove default server definition + && rm /etc/nginx/conf.d/default.conf +# Make sure files/folders needed by the processes are accessable when they run under the nobody user +# && chown -R nobody.nobody /run \ +# && chown -R nobody.nobody /var/lib/nginx \ +# && chown -R nobody.nobody /var/log/nginx + +# Add configuration files +#COPY --chown=nobody rootfs/ / +COPY rootfs-php7/rootfs/ / +# Switch to use a non-root user from here on +#USER nobody + +# Add application +WORKDIR /var/www/html + +# Expose the port nginx is reachable on +EXPOSE 8080 + +# Let runit start nginx & php-fpm +CMD [ "/bin/docker-entrypoint.sh" ] + +# Configure a healthcheck to validate that everything is up&running +HEALTHCHECK --timeout=10s CMD curl --silent --fail http://127.0.0.1:8080/fpm-ping + +ENV client_max_body_size=2M \ + clear_env=no \ + allow_url_fopen=On \ + allow_url_include=Off \ + display_errors=Off \ + file_uploads=On \ + max_execution_time=0 \ + max_input_time=-1 \ + max_input_vars=1000 \ + memory_limit=128M \ + post_max_size=8M \ + upload_max_filesize=2M \ + zlib.output_compression=On + +ARG ARCH= +#FROM ${ARCH}erseco/alpine-php7-webserver AS base +FROM base-php7 +LABEL maintainer="Ernesto Serrano " + +#USER root +COPY rootfs / +#COPY 02-configure-moodle.sh docker-entrypoint-init.d/02-configure-moodle.sh +#COPY --chown=nobody rootfs/ / + +# crond needs root, so install dcron and cap package and set the capabilities +# on dcron binary https://github.com/inter169/systs/blob/master/alpine/crond/README.md +RUN apk add --no-cache dcron libcap && \ +# chown nobody:nobody /usr/sbin/crond && \ + setcap cap_setgid=ep /usr/sbin/crond + +#USER nobody + +# Change MOODLE_38_STABLE for new versions +ENV MOODLE_URL=https://github.com/moodle/moodle/archive/MOODLE_310_STABLE.tar.gz \ + LANG=en_US.UTF-8 \ + LANGUAGE=en_US:en \ + SITE_URL=http://localhost \ + DB_TYPE=pgsql \ + DB_HOST=postgres \ + DB_PORT=5432 \ + DB_NAME=moodle \ + DB_USER=moodle \ + DB_PASS=moodle \ + DB_PREFIX=mdl_ \ + SSLPROXY=false \ + MOODLE_EMAIL=user@example.com \ + MOODLE_LANGUAGE=en \ + MOODLE_SITENAME=New-Site \ + MOODLE_USERNAME=moodleuser \ + MOODLE_PASSWORD=PLEASE_CHANGEME \ + SMTP_HOST=smtp.gmail.com \ + SMTP_PORT=587 \ + SMTP_USER=your_email@gmail.com \ + SMTP_PASSWORD=your_password \ + SMTP_PROTOCOL=tls \ + MOODLE_MAIL_NOREPLY_ADDRESS=noreply@localhost \ + MOODLE_MAIL_PREFIX=[moodle] \ + client_max_body_size=50M \ + post_max_size=50M \ + upload_max_filesize=50M \ + max_input_vars=1000 + +#USER nobody + +#RUN curl --location $MOODLE_URL | tar xz --strip-components=1 -C /var/www/html/ + +#FROM erseco/alpine-moodle + + +#FROM base +#USER root +#RUN chmod a+rwx -R /var/www/html +#USER nobody + +#RUN curl --location https://moodle.org/plugins/download.php/23298/auth_oidc_moodle310_2020110900.zip > auth_oidc.zip +#RUN unzip auth_oidc.zip -d /var/www/html/auth/ +#RUN rm auth_oidc.zip + +#RUN curl --location https://moodle.org/plugins/download.php/23360/mod_jitsi_moodle310_2021020300.zip > jitsi.zip +#RUN unzip jitsi.zip -d /var/www/html/mod/ +#RUN rm jitsi.zip + +#RUN curl --location https://moodle.org/plugins/download.php/23294/mod_bigbluebuttonbn_moodle310_2019101004.zip > bbb.zip +#RUN unzip bbb.zip -d /var/www/html/mod/ +#RUN rm bbb.zip + +#ADD plugins/auth_saml2.zip /var/www/html/ + #RUN curl --location https://moodle.org/plugins/download.php/20505/auth_saml2_moodle37_2019110701.zip > auth_saml2.zip +#RUN unzip auth_saml2.zip -d /var/www/html/auth/ +#RUN rm auth_saml2.zip diff --git a/docker/moodle/Dockerfile.test b/docker/moodle/Dockerfile.test new file mode 100644 index 0000000..2d3a410 --- /dev/null +++ b/docker/moodle/Dockerfile.test @@ -0,0 +1,33 @@ +FROM erseco/alpine-moodle + +#USER root +#RUN chown nobody:nobody /var/www/html +#RUN chmod a+rwx -R /var/www/html +#USER nobody +# USER root +# #RUN mkdir /var/www/html +# RUN chown -R nobody:nobody /var/www/html +# #RUN mkdir /var/www/moodledata +# RUN chown -R nobody:nobody /var/www/moodledata +# USER nobody +# COPY rootfs/docker-entrypoint-init.d/02-configure-moodle.sh /docker-entrypoint-init.d/02-configure-moodle.sh +# COPY rootfs/isinstalled.php / +# COPY plugins.sh / +# USER root +RUN curl --location https://moodle.org/plugins/download.php/23298/auth_oidc_moodle310_2020110900.zip > auth_oidc.zip +RUN unzip auth_oidc.zip -d /var/www/html/auth/ +RUN rm auth_oidc.zip + +RUN curl --location https://moodle.org/plugins/download.php/23360/mod_jitsi_moodle310_2021020300.zip > jitsi.zip +RUN unzip jitsi.zip -d /var/www/html/mod/ +RUN rm jitsi.zip + +RUN curl --location https://moodle.org/plugins/download.php/23294/mod_bigbluebuttonbn_moodle310_2019101004.zip > bbb.zip +RUN unzip bbb.zip -d /var/www/html/mod/ +RUN rm bbb.zip + +#ADD plugins/auth_saml2.zip /var/www/html/ +RUN curl --location https://github.com/isard-vdi/moodle-auth_saml2/archive/refs/heads/role_map.zip > auth_saml2.zip +RUN unzip auth_saml2.zip -d /var/www/html/auth/ +RUN mv /var/www/html/auth/moodle-auth_saml2-role_map /var/www/html/auth/saml2 +RUN rm auth_saml2.zip diff --git a/docker/moodle/TODO.md b/docker/moodle/TODO.md new file mode 100644 index 0000000..7ba84d5 --- /dev/null +++ b/docker/moodle/TODO.md @@ -0,0 +1,5 @@ +# Moodle + +- BigBlueButton: Auto-configure first time +- Jitsi: Auto-configure first time +- Saml2 Connect: Activate & auto-configure first time diff --git a/docker/moodle/moodle.yml b/docker/moodle/moodle.yml new file mode 100644 index 0000000..01f4ea4 --- /dev/null +++ b/docker/moodle/moodle.yml @@ -0,0 +1,46 @@ +version: '3.7' +services: + isard-apps-moodle: + #image: erseco/alpine-moodle + build: + context: ${BUILD_ROOT_PATH}/docker/moodle + dockerfile: Dockerfile.test + container_name: isard-apps-moodle + restart: unless-stopped + volumes: + - /etc/localtime:/etc/localtime:ro + #- ${DATA_FOLDER}/moodle:/var/www:rw + #- ${DATA_FOLDER}/moodle/data:/var/www/moodledata:rw + #- ${DATA_FOLDER}/moodle/html:/var/www/html:rw + - moodledata:/var/www/moodledata + depends_on: + - isard-apps-postgresql + environment: + - LANG=${LANG} + - LANGUAGE:${LANGUAGE} + - SITE_URL=https://moodle.${DOMAIN} + - DB_TYPE=pgsql + - DB_HOST=isard-apps-postgresql + - DB_PORT=5432 + - DB_NAME=moodle + - DB_USER=${MOODLE_POSTGRES_USER} + - DB_PASS=${MOODLE_POSTGRES_PASSWORD} + - DB_PREFIX=mdl_ + - SSLPROXY=true + - MOODLE_EMAIL=${MOODLE_EMAIL} + - MOODLE_LANGUAGE=es + - MOODLE_SITENAME=isard-office + - MOODLE_USERNAME=${MOODLE_ADMIN_USER} + - MOODLE_PASSWORD=${MOODLE_ADMIN_PASSWORD} + - SMTP_HOST=${SMTP_HOST} + - SMTP_PORT=${SMTP_PORT} + - SMTP_USER=${SMTP_USER} + - SMTP_PASSWORD=${SMTP_PASSWORD} + - SMTP_PROTOCOL=${SMTP_PROTOCOL} + - MOODLE_MAIL_NOREPLY_ADDRESS=${MOODLE_MAIL_NOREPLY_ADDRESS} + - MOODLE_MAIL_PREFIX=${MOODLE_MAIL_PREFIX} + networks: + - isard_net + +volumes: + moodledata: null diff --git a/docker/moodle/plugins.sh b/docker/moodle/plugins.sh new file mode 100644 index 0000000..cb3ec10 --- /dev/null +++ b/docker/moodle/plugins.sh @@ -0,0 +1,12 @@ +git clone https://github.com/isard-vdi/moodle-auth_saml2.git /var/www/html/auth/saml2 +#curl --location https://moodle.org/plugins/download.php/23298/auth_oidc_moodle310_2020110900.zip > auth_oidc.zip +#unzip auth_oidc.zip -d /var/www/html/auth/ +#rm auth_oidc.zip + +curl --location https://moodle.org/plugins/download.php/23360/mod_jitsi_moodle310_2021020300.zip > jitsi.zip +unzip jitsi.zip -d /var/www/html/mod/ +rm jitsi.zip + +curl --location https://moodle.org/plugins/download.php/23294/mod_bigbluebuttonbn_moodle310_2019101004.zip > bbb.zip +unzip bbb.zip -d /var/www/html/mod/ +rm bbb.zip \ No newline at end of file diff --git a/docker/moodle/plugins/auth_saml2.zip b/docker/moodle/plugins/auth_saml2.zip new file mode 100644 index 0000000..33574c4 Binary files /dev/null and b/docker/moodle/plugins/auth_saml2.zip differ diff --git a/docker/moodle/plugins/auth_saml2_v0.1.zip b/docker/moodle/plugins/auth_saml2_v0.1.zip new file mode 100644 index 0000000..e59eb11 Binary files /dev/null and b/docker/moodle/plugins/auth_saml2_v0.1.zip differ diff --git a/docker/moodle/rootfs-php7 b/docker/moodle/rootfs-php7 new file mode 160000 index 0000000..3f1758d --- /dev/null +++ b/docker/moodle/rootfs-php7 @@ -0,0 +1 @@ +Subproject commit 3f1758d9e20f7a1d6c08530871b8e325d6cbd5b8 diff --git a/docker/moodle/rootfs/docker-entrypoint-init.d/02-configure-moodle.sh b/docker/moodle/rootfs/docker-entrypoint-init.d/02-configure-moodle.sh new file mode 100755 index 0000000..5e1bb75 --- /dev/null +++ b/docker/moodle/rootfs/docker-entrypoint-init.d/02-configure-moodle.sh @@ -0,0 +1,103 @@ +#!/bin/sh +# +# Moodle configuration script +# +set -eo pipefail + +# Check that the database is available +echo "Waiting for $DB_HOST:$DB_PORT to be ready" +while ! nc -w 1 $DB_HOST $DB_PORT; do + # Show some progress + echo -n '.'; + sleep 1; +done +echo "$database is ready" +# Give it another 3 seconds. +sleep 3; + + +# Check if the config.php file exists +if [ ! -f /var/www/html/config.php ]; then + echo "Downloading moodle src..." + curl --location $MOODLE_URL | tar xz --strip-components=1 -C /var/www/html/ + cp /isinstalled.php /var/www/html/admin/cli/ + sh /plugins.sh + chown -R nobody:root /var/www/html + + echo "Generating config.php file..." + ENV_VAR='var' php -d max_input_vars=1000 /var/www/html/admin/cli/install.php \ + --lang=$MOODLE_LANGUAGE \ + --wwwroot=$SITE_URL \ + --dataroot=/var/www/moodledata/ \ + --dbtype=$DB_TYPE \ + --dbhost=$DB_HOST \ + --dbname=$DB_NAME \ + --dbuser=$DB_USER \ + --dbpass=$DB_PASS \ + --dbport=$DB_PORT \ + --prefix=$DB_PREFIX \ + --fullname=Dockerized_Moodle \ + --shortname=moodle \ + --adminuser=$MOODLE_USERNAME \ + --adminpass=$MOODLE_PASSWORD \ + --adminemail=$MOODLE_EMAIL \ + --non-interactive \ + --agree-license \ + --skip-database + + if [ "$SSLPROXY" = 'true' ]; then + sed -i '/require_once/i $CFG->sslproxy=true;' /var/www/html/config.php + fi + +fi + +# Check if the database is already installed +if php -d max_input_vars=1000 /var/www/html/admin/cli/isinstalled.php ; then + + echo "Installing database..." + php -d max_input_vars=1000 /var/www/html/admin/cli/install_database.php \ + --lang=$MOODLE_LANGUAGE \ + --adminuser=$MOODLE_USERNAME \ + --adminpass=$MOODLE_PASSWORD \ + --adminemail=$MOODLE_EMAIL \ + --fullname=Dockerized_Moodle \ + --shortname=moodle \ + --agree-license + + echo "Configuring settings..." + # php -d max_input_vars=1000 /var/www/html/admin/cli/cfg.php --name=slasharguments --set=0 + php -d max_input_vars=1000 /var/www/html/admin/cli/cfg.php --name=pathtophp --set=/usr/bin/php + php -d max_input_vars=1000 /var/www/html/admin/cli/cfg.php --name=pathtodu --set=/usr/bin/du + # php -d max_input_vars=1000 /var/www/html/admin/cli/cfg.php --name=aspellpath --set=/usr/bin/aspell + # php -d max_input_vars=1000 /var/www/html/admin/cli/cfg.php --name=pathtodot --set=/usr/bin/dot + # php -d max_input_vars=1000 /var/www/html/admin/cli/cfg.php --name=pathtogs --set=/usr/bin/gs + # php -d max_input_vars=1000 /var/www/html/admin/cli/cfg.php --name=pathtopython --set=/usr/bin/python3 + php -d max_input_vars=1000 /var/www/html/admin/cli/cfg.php --name=enableblogs --set=0 + + + php -d max_input_vars=1000 /var/www/html/admin/cli/cfg.php --name=smtphosts --set=$SMTP_HOST:$SMTP_PORT + php -d max_input_vars=1000 /var/www/html/admin/cli/cfg.php --name=smtpuser --set=$SMTP_USER + php -d max_input_vars=1000 /var/www/html/admin/cli/cfg.php --name=smtppass --set=$SMTP_PASSWORD + php -d max_input_vars=1000 /var/www/html/admin/cli/cfg.php --name=smtpsecure --set=$SMTP_PROTOCOL + php -d max_input_vars=1000 /var/www/html/admin/cli/cfg.php --name=noreplyaddress --set=$MOODLE_MAIL_NOREPLY_ADDRESS + php -d max_input_vars=1000 /var/www/html/admin/cli/cfg.php --name=emailsubjectprefix --set=$MOODLE_MAIL_PREFIX + +else + echo "Upgrading moodle..." + php -d max_input_vars=1000 /var/www/html/admin/cli/maintenance.php --enable + php -d max_input_vars=1000 /var/www/html/admin/cli/upgrade.php --non-interactive --allow-unstable + php -d max_input_vars=1000 /var/www/html/admin/cli/maintenance.php --disable +fi + + + + + + + + + + + + + diff --git a/docker/moodle/rootfs/etc/crontabs/nobody b/docker/moodle/rootfs/etc/crontabs/nobody new file mode 100644 index 0000000..d138b15 --- /dev/null +++ b/docker/moodle/rootfs/etc/crontabs/nobody @@ -0,0 +1,2 @@ + +* * * * * /usr/bin/php /var/www/html/admin/cli/cron.php > /dev/null \ No newline at end of file diff --git a/docker/moodle/rootfs/etc/service/cron/run b/docker/moodle/rootfs/etc/service/cron/run new file mode 100755 index 0000000..ddcdc4b --- /dev/null +++ b/docker/moodle/rootfs/etc/service/cron/run @@ -0,0 +1,5 @@ +#!/bin/sh + +# pipe stderr to stdout and run cron +exec 2>&1 +exec /usr/sbin/crond -f diff --git a/docker/moodle/rootfs/isinstalled.php b/docker/moodle/rootfs/isinstalled.php new file mode 100644 index 0000000..7dea62b --- /dev/null +++ b/docker/moodle/rootfs/isinstalled.php @@ -0,0 +1,13 @@ +get_tables() ) { + // If tables exists, a previous instalation is found, so exit with error + exit(2); +} \ No newline at end of file diff --git a/docker/moodle/sample.env b/docker/moodle/sample.env new file mode 100644 index 0000000..decda22 --- /dev/null +++ b/docker/moodle/sample.env @@ -0,0 +1,23 @@ +LANG=en_US.UTF-8 +LANGUAGE=en_US:en +SITE_URL=http://localhost +DB_TYPE=pgsql +DB_HOST=postgres +DB_PORT=5432 +DB_NAME=moodle +DB_USER=moodle +DB_PASS=moodle +DB_PREFIX=mdl_ +SSLPROXY=false +MOODLE_EMAIL=user@example.com +MOODLE_LANGUAGE=en +MOODLE_SITENAME=New-Site +MOODLE_USERNAME=moodleuser +MOODLE_PASSWORD=PLEASE_CHANGEME +SMTP_HOST=smtp.gmail.com +SMTP_PORT=587 +SMTP_USER=your_email@gmail.com +SMTP_PASSWORD=your_password \ +SMTP_PROTOCOL=tls +MOODLE_MAIL_NOREPLY_ADDRESS=noreply@localhost +MOODLE_MAIL_PREFIX=[moodle] diff --git a/docker/moodle/src b/docker/moodle/src new file mode 160000 index 0000000..53d1631 --- /dev/null +++ b/docker/moodle/src @@ -0,0 +1 @@ +Subproject commit 53d1631d2fc355d9bd3d8e466ffd176e31de115c diff --git a/docker/network.yml b/docker/network.yml new file mode 100644 index 0000000..f2d0b57 --- /dev/null +++ b/docker/network.yml @@ -0,0 +1,4 @@ +version: '3.7' +networks: + isard_net: + name: isard_net diff --git a/docker/nextcloud/Dockerfile b/docker/nextcloud/Dockerfile new file mode 100644 index 0000000..befdc18 --- /dev/null +++ b/docker/nextcloud/Dockerfile @@ -0,0 +1,51 @@ +FROM nextcloud:fpm-alpine + +RUN set -ex; \ + \ + apk add --no-cache \ + ffmpeg \ + imagemagick \ + procps \ + samba-client \ + supervisor \ +# libreoffice \ + ; + +RUN set -ex; \ + \ + apk add --no-cache --virtual .build-deps \ + $PHPIZE_DEPS \ + imap-dev \ + krb5-dev \ + openssl-dev \ + samba-dev \ + bzip2-dev \ + ; \ + \ + docker-php-ext-configure imap --with-kerberos --with-imap-ssl; \ + docker-php-ext-install \ + bz2 \ + imap \ + ; \ + pecl install smbclient; \ + docker-php-ext-enable smbclient; \ + \ + runDeps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive /usr/local/lib/php/extensions \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + )"; \ + apk add --virtual .nextcloud-phpext-rundeps $runDeps; \ + apk del .build-deps + +RUN mkdir -p \ + /var/log/supervisord \ + /var/run/supervisord \ +; + +COPY supervisord.conf / + +ENV NEXTCLOUD_UPDATE=1 + +CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"] \ No newline at end of file diff --git a/docker/nextcloud/custom_apps/ownpad/.gitignore b/docker/nextcloud/custom_apps/ownpad/.gitignore new file mode 100755 index 0000000..b25c15b --- /dev/null +++ b/docker/nextcloud/custom_apps/ownpad/.gitignore @@ -0,0 +1 @@ +*~ diff --git a/docker/nextcloud/custom_apps/ownpad/3rdparty/autoload.php b/docker/nextcloud/custom_apps/ownpad/3rdparty/autoload.php new file mode 100755 index 0000000..c945b21 --- /dev/null +++ b/docker/nextcloud/custom_apps/ownpad/3rdparty/autoload.php @@ -0,0 +1,7 @@ + + * Jordi Boggiano + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Composer\Autoload; + +/** + * ClassLoader implements a PSR-0, PSR-4 and classmap class loader. + * + * $loader = new \Composer\Autoload\ClassLoader(); + * + * // register classes with namespaces + * $loader->add('Symfony\Component', __DIR__.'/component'); + * $loader->add('Symfony', __DIR__.'/framework'); + * + * // activate the autoloader + * $loader->register(); + * + * // to enable searching the include path (eg. for PEAR packages) + * $loader->setUseIncludePath(true); + * + * In this example, if you try to use a class in the Symfony\Component + * namespace or one of its children (Symfony\Component\Console for instance), + * the autoloader will first look for the class under the component/ + * directory, and it will then fallback to the framework/ directory if not + * found before giving up. + * + * This class is loosely based on the Symfony UniversalClassLoader. + * + * @author Fabien Potencier + * @author Jordi Boggiano + * @see http://www.php-fig.org/psr/psr-0/ + * @see http://www.php-fig.org/psr/psr-4/ + */ +class ClassLoader +{ + // PSR-4 + private $prefixLengthsPsr4 = array(); + private $prefixDirsPsr4 = array(); + private $fallbackDirsPsr4 = array(); + + // PSR-0 + private $prefixesPsr0 = array(); + private $fallbackDirsPsr0 = array(); + + private $useIncludePath = false; + private $classMap = array(); + + private $classMapAuthoritative = false; + + public function getPrefixes() + { + if (!empty($this->prefixesPsr0)) { + return call_user_func_array('array_merge', $this->prefixesPsr0); + } + + return array(); + } + + public function getPrefixesPsr4() + { + return $this->prefixDirsPsr4; + } + + public function getFallbackDirs() + { + return $this->fallbackDirsPsr0; + } + + public function getFallbackDirsPsr4() + { + return $this->fallbackDirsPsr4; + } + + public function getClassMap() + { + return $this->classMap; + } + + /** + * @param array $classMap Class to filename map + */ + public function addClassMap(array $classMap) + { + if ($this->classMap) { + $this->classMap = array_merge($this->classMap, $classMap); + } else { + $this->classMap = $classMap; + } + } + + /** + * Registers a set of PSR-0 directories for a given prefix, either + * appending or prepending to the ones previously set for this prefix. + * + * @param string $prefix The prefix + * @param array|string $paths The PSR-0 root directories + * @param bool $prepend Whether to prepend the directories + */ + public function add($prefix, $paths, $prepend = false) + { + if (!$prefix) { + if ($prepend) { + $this->fallbackDirsPsr0 = array_merge( + (array) $paths, + $this->fallbackDirsPsr0 + ); + } else { + $this->fallbackDirsPsr0 = array_merge( + $this->fallbackDirsPsr0, + (array) $paths + ); + } + + return; + } + + $first = $prefix[0]; + if (!isset($this->prefixesPsr0[$first][$prefix])) { + $this->prefixesPsr0[$first][$prefix] = (array) $paths; + + return; + } + if ($prepend) { + $this->prefixesPsr0[$first][$prefix] = array_merge( + (array) $paths, + $this->prefixesPsr0[$first][$prefix] + ); + } else { + $this->prefixesPsr0[$first][$prefix] = array_merge( + $this->prefixesPsr0[$first][$prefix], + (array) $paths + ); + } + } + + /** + * Registers a set of PSR-4 directories for a given namespace, either + * appending or prepending to the ones previously set for this namespace. + * + * @param string $prefix The prefix/namespace, with trailing '\\' + * @param array|string $paths The PSR-4 base directories + * @param bool $prepend Whether to prepend the directories + * + * @throws \InvalidArgumentException + */ + public function addPsr4($prefix, $paths, $prepend = false) + { + if (!$prefix) { + // Register directories for the root namespace. + if ($prepend) { + $this->fallbackDirsPsr4 = array_merge( + (array) $paths, + $this->fallbackDirsPsr4 + ); + } else { + $this->fallbackDirsPsr4 = array_merge( + $this->fallbackDirsPsr4, + (array) $paths + ); + } + } elseif (!isset($this->prefixDirsPsr4[$prefix])) { + // Register directories for a new namespace. + $length = strlen($prefix); + if ('\\' !== $prefix[$length - 1]) { + throw new \InvalidArgumentException("A non-empty PSR-4 prefix must end with a namespace separator."); + } + $this->prefixLengthsPsr4[$prefix[0]][$prefix] = $length; + $this->prefixDirsPsr4[$prefix] = (array) $paths; + } elseif ($prepend) { + // Prepend directories for an already registered namespace. + $this->prefixDirsPsr4[$prefix] = array_merge( + (array) $paths, + $this->prefixDirsPsr4[$prefix] + ); + } else { + // Append directories for an already registered namespace. + $this->prefixDirsPsr4[$prefix] = array_merge( + $this->prefixDirsPsr4[$prefix], + (array) $paths + ); + } + } + + /** + * Registers a set of PSR-0 directories for a given prefix, + * replacing any others previously set for this prefix. + * + * @param string $prefix The prefix + * @param array|string $paths The PSR-0 base directories + */ + public function set($prefix, $paths) + { + if (!$prefix) { + $this->fallbackDirsPsr0 = (array) $paths; + } else { + $this->prefixesPsr0[$prefix[0]][$prefix] = (array) $paths; + } + } + + /** + * Registers a set of PSR-4 directories for a given namespace, + * replacing any others previously set for this namespace. + * + * @param string $prefix The prefix/namespace, with trailing '\\' + * @param array|string $paths The PSR-4 base directories + * + * @throws \InvalidArgumentException + */ + public function setPsr4($prefix, $paths) + { + if (!$prefix) { + $this->fallbackDirsPsr4 = (array) $paths; + } else { + $length = strlen($prefix); + if ('\\' !== $prefix[$length - 1]) { + throw new \InvalidArgumentException("A non-empty PSR-4 prefix must end with a namespace separator."); + } + $this->prefixLengthsPsr4[$prefix[0]][$prefix] = $length; + $this->prefixDirsPsr4[$prefix] = (array) $paths; + } + } + + /** + * Turns on searching the include path for class files. + * + * @param bool $useIncludePath + */ + public function setUseIncludePath($useIncludePath) + { + $this->useIncludePath = $useIncludePath; + } + + /** + * Can be used to check if the autoloader uses the include path to check + * for classes. + * + * @return bool + */ + public function getUseIncludePath() + { + return $this->useIncludePath; + } + + /** + * Turns off searching the prefix and fallback directories for classes + * that have not been registered with the class map. + * + * @param bool $classMapAuthoritative + */ + public function setClassMapAuthoritative($classMapAuthoritative) + { + $this->classMapAuthoritative = $classMapAuthoritative; + } + + /** + * Should class lookup fail if not found in the current class map? + * + * @return bool + */ + public function isClassMapAuthoritative() + { + return $this->classMapAuthoritative; + } + + /** + * Registers this instance as an autoloader. + * + * @param bool $prepend Whether to prepend the autoloader or not + */ + public function register($prepend = false) + { + spl_autoload_register(array($this, 'loadClass'), true, $prepend); + } + + /** + * Unregisters this instance as an autoloader. + */ + public function unregister() + { + spl_autoload_unregister(array($this, 'loadClass')); + } + + /** + * Loads the given class or interface. + * + * @param string $class The name of the class + * @return bool|null True if loaded, null otherwise + */ + public function loadClass($class) + { + if ($file = $this->findFile($class)) { + includeFile($file); + + return true; + } + } + + /** + * Finds the path to the file where the class is defined. + * + * @param string $class The name of the class + * + * @return string|false The path if found, false otherwise + */ + public function findFile($class) + { + // work around for PHP 5.3.0 - 5.3.2 https://bugs.php.net/50731 + if ('\\' == $class[0]) { + $class = substr($class, 1); + } + + // class map lookup + if (isset($this->classMap[$class])) { + return $this->classMap[$class]; + } + if ($this->classMapAuthoritative) { + return false; + } + + $file = $this->findFileWithExtension($class, '.php'); + + // Search for Hack files if we are running on HHVM + if ($file === null && defined('HHVM_VERSION')) { + $file = $this->findFileWithExtension($class, '.hh'); + } + + if ($file === null) { + // Remember that this class does not exist. + return $this->classMap[$class] = false; + } + + return $file; + } + + private function findFileWithExtension($class, $ext) + { + // PSR-4 lookup + $logicalPathPsr4 = strtr($class, '\\', DIRECTORY_SEPARATOR) . $ext; + + $first = $class[0]; + if (isset($this->prefixLengthsPsr4[$first])) { + foreach ($this->prefixLengthsPsr4[$first] as $prefix => $length) { + if (0 === strpos($class, $prefix)) { + foreach ($this->prefixDirsPsr4[$prefix] as $dir) { + if (file_exists($file = $dir . DIRECTORY_SEPARATOR . substr($logicalPathPsr4, $length))) { + return $file; + } + } + } + } + } + + // PSR-4 fallback dirs + foreach ($this->fallbackDirsPsr4 as $dir) { + if (file_exists($file = $dir . DIRECTORY_SEPARATOR . $logicalPathPsr4)) { + return $file; + } + } + + // PSR-0 lookup + if (false !== $pos = strrpos($class, '\\')) { + // namespaced class name + $logicalPathPsr0 = substr($logicalPathPsr4, 0, $pos + 1) + . strtr(substr($logicalPathPsr4, $pos + 1), '_', DIRECTORY_SEPARATOR); + } else { + // PEAR-like class name + $logicalPathPsr0 = strtr($class, '_', DIRECTORY_SEPARATOR) . $ext; + } + + if (isset($this->prefixesPsr0[$first])) { + foreach ($this->prefixesPsr0[$first] as $prefix => $dirs) { + if (0 === strpos($class, $prefix)) { + foreach ($dirs as $dir) { + if (file_exists($file = $dir . DIRECTORY_SEPARATOR . $logicalPathPsr0)) { + return $file; + } + } + } + } + } + + // PSR-0 fallback dirs + foreach ($this->fallbackDirsPsr0 as $dir) { + if (file_exists($file = $dir . DIRECTORY_SEPARATOR . $logicalPathPsr0)) { + return $file; + } + } + + // PSR-0 include paths. + if ($this->useIncludePath && $file = stream_resolve_include_path($logicalPathPsr0)) { + return $file; + } + } +} + +/** + * Scope isolated include. + * + * Prevents access to $this/self from included files. + */ +function includeFile($file) +{ + include $file; +} diff --git a/docker/nextcloud/custom_apps/ownpad/3rdparty/composer/LICENSE b/docker/nextcloud/custom_apps/ownpad/3rdparty/composer/LICENSE new file mode 100755 index 0000000..1a28124 --- /dev/null +++ b/docker/nextcloud/custom_apps/ownpad/3rdparty/composer/LICENSE @@ -0,0 +1,21 @@ + +Copyright (c) 2016 Nils Adermann, Jordi Boggiano + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is furnished +to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +THE SOFTWARE. + diff --git a/docker/nextcloud/custom_apps/ownpad/3rdparty/composer/autoload_classmap.php b/docker/nextcloud/custom_apps/ownpad/3rdparty/composer/autoload_classmap.php new file mode 100755 index 0000000..766857c --- /dev/null +++ b/docker/nextcloud/custom_apps/ownpad/3rdparty/composer/autoload_classmap.php @@ -0,0 +1,10 @@ + $vendorDir . '/tomnomnom/etherpad-lite-client/EtherpadLite/Client.php', +); diff --git a/docker/nextcloud/custom_apps/ownpad/3rdparty/composer/autoload_namespaces.php b/docker/nextcloud/custom_apps/ownpad/3rdparty/composer/autoload_namespaces.php new file mode 100755 index 0000000..71c9e91 --- /dev/null +++ b/docker/nextcloud/custom_apps/ownpad/3rdparty/composer/autoload_namespaces.php @@ -0,0 +1,9 @@ + array($vendorDir . '/tomnomnom/etherpad-lite-client/EtherpadLite'), +); diff --git a/docker/nextcloud/custom_apps/ownpad/3rdparty/composer/autoload_real.php b/docker/nextcloud/custom_apps/ownpad/3rdparty/composer/autoload_real.php new file mode 100755 index 0000000..18a62db --- /dev/null +++ b/docker/nextcloud/custom_apps/ownpad/3rdparty/composer/autoload_real.php @@ -0,0 +1,43 @@ += 50600 && !defined('HHVM_VERSION'); + if ($useStaticLoader) { + require_once __DIR__ . '/autoload_static.php'; + + call_user_func(\Composer\Autoload\ComposerStaticInit14889e338c101f45bb4a1ad143015514::getInitializer($loader)); + } else { + $classMap = require __DIR__ . '/autoload_classmap.php'; + if ($classMap) { + $loader->addClassMap($classMap); + } + } + + $loader->setClassMapAuthoritative(true); + $loader->register(true); + + return $loader; + } +} diff --git a/docker/nextcloud/custom_apps/ownpad/3rdparty/composer/autoload_static.php b/docker/nextcloud/custom_apps/ownpad/3rdparty/composer/autoload_static.php new file mode 100755 index 0000000..27015b4 --- /dev/null +++ b/docker/nextcloud/custom_apps/ownpad/3rdparty/composer/autoload_static.php @@ -0,0 +1,36 @@ + + array ( + 'EtherpadLite\\' => 13, + ), + ); + + public static $prefixDirsPsr4 = array ( + 'EtherpadLite\\' => + array ( + 0 => __DIR__ . '/..' . '/tomnomnom/etherpad-lite-client/EtherpadLite', + ), + ); + + public static $classMap = array ( + 'EtherpadLite\\Client' => __DIR__ . '/..' . '/tomnomnom/etherpad-lite-client/EtherpadLite/Client.php', + ); + + public static function getInitializer(ClassLoader $loader) + { + return \Closure::bind(function () use ($loader) { + $loader->prefixLengthsPsr4 = ComposerStaticInit14889e338c101f45bb4a1ad143015514::$prefixLengthsPsr4; + $loader->prefixDirsPsr4 = ComposerStaticInit14889e338c101f45bb4a1ad143015514::$prefixDirsPsr4; + $loader->classMap = ComposerStaticInit14889e338c101f45bb4a1ad143015514::$classMap; + + }, null, ClassLoader::class); + } +} diff --git a/docker/nextcloud/custom_apps/ownpad/3rdparty/composer/installed.json b/docker/nextcloud/custom_apps/ownpad/3rdparty/composer/installed.json new file mode 100755 index 0000000..afd1ef5 --- /dev/null +++ b/docker/nextcloud/custom_apps/ownpad/3rdparty/composer/installed.json @@ -0,0 +1,35 @@ +[ + { + "name": "tomnomnom/etherpad-lite-client", + "version": "0.1.2", + "version_normalized": "0.1.2.0", + "source": { + "type": "git", + "url": "https://github.com/TomNomNom/etherpad-lite-client.git", + "reference": "932ac4903d7982038d5d04c03f8f9c809a5356bd" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/TomNomNom/etherpad-lite-client/zipball/932ac4903d7982038d5d04c03f8f9c809a5356bd", + "reference": "932ac4903d7982038d5d04c03f8f9c809a5356bd", + "shasum": "" + }, + "require-dev": { + "phpunit/phpunit": "3.7.*" + }, + "time": "2016-02-09 14:27:44", + "type": "library", + "installation-source": "dist", + "autoload": { + "psr-4": { + "EtherpadLite\\": "EtherpadLite/" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "Apache" + ], + "description": "Etherpad Lite client for PHP", + "homepage": "https://github.com/TomNomNom/etherpad-lite-client/" + } +] diff --git a/docker/nextcloud/custom_apps/ownpad/3rdparty/tomnomnom/etherpad-lite-client/.gitignore b/docker/nextcloud/custom_apps/ownpad/3rdparty/tomnomnom/etherpad-lite-client/.gitignore new file mode 100755 index 0000000..d262307 --- /dev/null +++ b/docker/nextcloud/custom_apps/ownpad/3rdparty/tomnomnom/etherpad-lite-client/.gitignore @@ -0,0 +1,4 @@ +*.swp +vendor +composer.lock + diff --git a/docker/nextcloud/custom_apps/ownpad/3rdparty/tomnomnom/etherpad-lite-client/CHANGELOG b/docker/nextcloud/custom_apps/ownpad/3rdparty/tomnomnom/etherpad-lite-client/CHANGELOG new file mode 100755 index 0000000..f2bb948 --- /dev/null +++ b/docker/nextcloud/custom_apps/ownpad/3rdparty/tomnomnom/etherpad-lite-client/CHANGELOG @@ -0,0 +1,17 @@ +Tag: api-v1 +* All v1 methods implemented. +* Start of changelog. + +Tag: api-v1.1 (2012-11-17) +* Added v1.1 methods: + - listAllGroups + - getAuthorName + - padUsers + - sendClientsMessage + +Tag: api-v.1.2.11 (2015-03-22) +* Autogeneration of client methods +* Test Suite + +2015-10-07: +* Converts boolean arguments to strings diff --git a/docker/nextcloud/custom_apps/ownpad/3rdparty/tomnomnom/etherpad-lite-client/EtherpadLite/Client.php b/docker/nextcloud/custom_apps/ownpad/3rdparty/tomnomnom/etherpad-lite-client/EtherpadLite/Client.php new file mode 100755 index 0000000..a0a64e9 --- /dev/null +++ b/docker/nextcloud/custom_apps/ownpad/3rdparty/tomnomnom/etherpad-lite-client/EtherpadLite/Client.php @@ -0,0 +1,575 @@ +apiKey = $apiKey; + + if (isset($baseUrl)){ + $this->baseUrl = $baseUrl; + } + if (!filter_var($this->baseUrl, FILTER_VALIDATE_URL)){ + throw new \InvalidArgumentException("[{$this->baseUrl}] is not a valid URL"); + } + } + + protected function get($function, array $arguments = array()){ + return $this->call($function, $arguments, 'GET'); + } + + protected function post($function, array $arguments = array()){ + return $this->call($function, $arguments, 'POST'); + } + + protected function convertBools($candidate){ + if (is_bool($candidate)){ + return $candidate? "true" : "false"; + } + return $candidate; + } + + protected function call($function, array $arguments = array(), $method = 'GET'){ + $arguments['apikey'] = $this->apiKey; + $arguments = array_map(array($this, 'convertBools'), $arguments); + $arguments = http_build_query($arguments, '', '&'); + $url = $this->baseUrl."/".self::API_VERSION."/".$function; + if ($method !== 'POST'){ + $url .= "?".$arguments; + } + // use curl of it's available + if (function_exists('curl_init')){ + $c = curl_init($url); + curl_setopt($c, CURLOPT_RETURNTRANSFER, true); + curl_setopt($c, CURLOPT_TIMEOUT, 20); + if ($method === 'POST'){ + curl_setopt($c, CURLOPT_POST, true); + curl_setopt($c, CURLOPT_POSTFIELDS, $arguments); + } + $result = curl_exec($c); + curl_close($c); + // fallback to plain php + } else { + $params = array('http' => array('method' => $method, 'ignore_errors' => true, 'header' => 'Content-Type:application/x-www-form-urlencoded')); + if ($method === 'POST'){ + $params['http']['content'] = $arguments; + } + $context = stream_context_create($params); + $fp = fopen($url, 'rb', false, $context); + $result = $fp ? stream_get_contents($fp) : null; + } + + if(!$result){ + throw new \UnexpectedValueException("Empty or No Response from the server"); + } + + $result = json_decode($result); + if ($result === null){ + throw new \UnexpectedValueException("JSON response could not be decoded"); + } + return $this->handleResult($result); + } + + protected function handleResult($result){ + if (!isset($result->code)){ + throw new \RuntimeException("API response has no code"); + } + if (!isset($result->message)){ + throw new \RuntimeException("API response has no message"); + } + if (!isset($result->data)){ + $result->data = null; + } + + switch ($result->code){ + case self::CODE_OK: + return $result->data; + case self::CODE_INVALID_PARAMETERS: + case self::CODE_INVALID_API_KEY: + throw new \InvalidArgumentException($result->message); + case self::CODE_INTERNAL_ERROR: + throw new \RuntimeException($result->message); + case self::CODE_INVALID_FUNCTION: + throw new \BadFunctionCallException($result->message); + default: + throw new \RuntimeException("An unexpected error occurred whilst handling the response"); + } + } + + // createGroup + public function createGroup(){ + $params = array(); + + + return $this->post("createGroup", $params); + } + + // createGroupIfNotExistsFor + public function createGroupIfNotExistsFor($groupMapper){ + $params = array(); + + $params['groupMapper'] = $groupMapper; + + return $this->post("createGroupIfNotExistsFor", $params); + } + + // deleteGroup + public function deleteGroup($groupID){ + $params = array(); + + $params['groupID'] = $groupID; + + return $this->post("deleteGroup", $params); + } + + // listPads + public function listPads($groupID){ + $params = array(); + + $params['groupID'] = $groupID; + + return $this->get("listPads", $params); + } + + // listAllPads + public function listAllPads(){ + $params = array(); + + + return $this->get("listAllPads", $params); + } + + // createDiffHTML + public function createDiffHTML($padID, $startRev, $endRev){ + $params = array(); + + $params['padID'] = $padID; + $params['startRev'] = $startRev; + $params['endRev'] = $endRev; + + return $this->post("createDiffHTML", $params); + } + + // createPad + public function createPad($padID, $text = null){ + $params = array(); + + $params['padID'] = $padID; + if (isset($text)){ + $params['text'] = $text; + } + + return $this->post("createPad", $params); + } + + // createGroupPad + public function createGroupPad($groupID, $padName, $text = null){ + $params = array(); + + $params['groupID'] = $groupID; + $params['padName'] = $padName; + if (isset($text)){ + $params['text'] = $text; + } + + return $this->post("createGroupPad", $params); + } + + // createAuthor + public function createAuthor($name = null){ + $params = array(); + + if (isset($name)){ + $params['name'] = $name; + } + + return $this->post("createAuthor", $params); + } + + // createAuthorIfNotExistsFor + public function createAuthorIfNotExistsFor($authorMapper, $name = null){ + $params = array(); + + $params['authorMapper'] = $authorMapper; + if (isset($name)){ + $params['name'] = $name; + } + + return $this->post("createAuthorIfNotExistsFor", $params); + } + + // listPadsOfAuthor + public function listPadsOfAuthor($authorID){ + $params = array(); + + $params['authorID'] = $authorID; + + return $this->get("listPadsOfAuthor", $params); + } + + // createSession + public function createSession($groupID, $authorID, $validUntil){ + $params = array(); + + $params['groupID'] = $groupID; + $params['authorID'] = $authorID; + $params['validUntil'] = $validUntil; + + return $this->post("createSession", $params); + } + + // deleteSession + public function deleteSession($sessionID){ + $params = array(); + + $params['sessionID'] = $sessionID; + + return $this->post("deleteSession", $params); + } + + // getSessionInfo + public function getSessionInfo($sessionID){ + $params = array(); + + $params['sessionID'] = $sessionID; + + return $this->get("getSessionInfo", $params); + } + + // listSessionsOfGroup + public function listSessionsOfGroup($groupID){ + $params = array(); + + $params['groupID'] = $groupID; + + return $this->get("listSessionsOfGroup", $params); + } + + // listSessionsOfAuthor + public function listSessionsOfAuthor($authorID){ + $params = array(); + + $params['authorID'] = $authorID; + + return $this->get("listSessionsOfAuthor", $params); + } + + // getText + public function getText($padID, $rev = null){ + $params = array(); + + $params['padID'] = $padID; + if (isset($rev)){ + $params['rev'] = $rev; + } + + return $this->get("getText", $params); + } + + // setText + public function setText($padID, $text){ + $params = array(); + + $params['padID'] = $padID; + $params['text'] = $text; + + return $this->post("setText", $params); + } + + // getHTML + public function getHTML($padID, $rev = null){ + $params = array(); + + $params['padID'] = $padID; + if (isset($rev)){ + $params['rev'] = $rev; + } + + return $this->get("getHTML", $params); + } + + // setHTML + public function setHTML($padID, $html){ + $params = array(); + + $params['padID'] = $padID; + $params['html'] = $html; + + return $this->post("setHTML", $params); + } + + // getAttributePool + public function getAttributePool($padID){ + $params = array(); + + $params['padID'] = $padID; + + return $this->get("getAttributePool", $params); + } + + // getRevisionsCount + public function getRevisionsCount($padID){ + $params = array(); + + $params['padID'] = $padID; + + return $this->get("getRevisionsCount", $params); + } + + // getSavedRevisionsCount + public function getSavedRevisionsCount($padID){ + $params = array(); + + $params['padID'] = $padID; + + return $this->get("getSavedRevisionsCount", $params); + } + + // listSavedRevisions + public function listSavedRevisions($padID){ + $params = array(); + + $params['padID'] = $padID; + + return $this->get("listSavedRevisions", $params); + } + + // saveRevision + public function saveRevision($padID, $rev){ + $params = array(); + + $params['padID'] = $padID; + $params['rev'] = $rev; + + return $this->post("saveRevision", $params); + } + + // getRevisionChangeset + public function getRevisionChangeset($padID, $rev = null){ + $params = array(); + + $params['padID'] = $padID; + if (isset($rev)){ + $params['rev'] = $rev; + } + + return $this->get("getRevisionChangeset", $params); + } + + // getLastEdited + public function getLastEdited($padID){ + $params = array(); + + $params['padID'] = $padID; + + return $this->get("getLastEdited", $params); + } + + // deletePad + public function deletePad($padID){ + $params = array(); + + $params['padID'] = $padID; + + return $this->post("deletePad", $params); + } + + // copyPad + public function copyPad($sourceID, $destinationID, $force = null){ + $params = array(); + + $params['sourceID'] = $sourceID; + $params['destinationID'] = $destinationID; + if (isset($force)){ + $params['force'] = $force; + } + + return $this->post("copyPad", $params); + } + + // movePad + public function movePad($sourceID, $destinationID, $force = null){ + $params = array(); + + $params['sourceID'] = $sourceID; + $params['destinationID'] = $destinationID; + if (isset($force)){ + $params['force'] = $force; + } + + return $this->post("movePad", $params); + } + + // getReadOnlyID + public function getReadOnlyID($padID){ + $params = array(); + + $params['padID'] = $padID; + + return $this->get("getReadOnlyID", $params); + } + + // getPadID + public function getPadID($roID){ + $params = array(); + + $params['roID'] = $roID; + + return $this->get("getPadID", $params); + } + + // setPublicStatus + public function setPublicStatus($padID, $publicStatus){ + $params = array(); + + $params['padID'] = $padID; + $params['publicStatus'] = $publicStatus; + + return $this->post("setPublicStatus", $params); + } + + // getPublicStatus + public function getPublicStatus($padID){ + $params = array(); + + $params['padID'] = $padID; + + return $this->get("getPublicStatus", $params); + } + + // setPassword + public function setPassword($padID, $password){ + $params = array(); + + $params['padID'] = $padID; + $params['password'] = $password; + + return $this->post("setPassword", $params); + } + + // isPasswordProtected + public function isPasswordProtected($padID){ + $params = array(); + + $params['padID'] = $padID; + + return $this->get("isPasswordProtected", $params); + } + + // listAuthorsOfPad + public function listAuthorsOfPad($padID){ + $params = array(); + + $params['padID'] = $padID; + + return $this->get("listAuthorsOfPad", $params); + } + + // padUsersCount + public function padUsersCount($padID){ + $params = array(); + + $params['padID'] = $padID; + + return $this->get("padUsersCount", $params); + } + + // getAuthorName + public function getAuthorName($authorID){ + $params = array(); + + $params['authorID'] = $authorID; + + return $this->get("getAuthorName", $params); + } + + // padUsers + public function padUsers($padID){ + $params = array(); + + $params['padID'] = $padID; + + return $this->get("padUsers", $params); + } + + // sendClientsMessage + public function sendClientsMessage($padID, $msg){ + $params = array(); + + $params['padID'] = $padID; + $params['msg'] = $msg; + + return $this->post("sendClientsMessage", $params); + } + + // listAllGroups + public function listAllGroups(){ + $params = array(); + + + return $this->get("listAllGroups", $params); + } + + // checkToken + public function checkToken(){ + $params = array(); + + + return $this->post("checkToken", $params); + } + + // getChatHistory + public function getChatHistory($padID, $start = null, $end = null){ + $params = array(); + + $params['padID'] = $padID; + if (isset($start)){ + $params['start'] = $start; + } + if (isset($end)){ + $params['end'] = $end; + } + + return $this->get("getChatHistory", $params); + } + + // getChatHead + public function getChatHead($padID){ + $params = array(); + + $params['padID'] = $padID; + + return $this->get("getChatHead", $params); + } + + // restoreRevision + public function restoreRevision($padID, $rev){ + $params = array(); + + $params['padID'] = $padID; + $params['rev'] = $rev; + + return $this->post("restoreRevision", $params); + } + + +} + diff --git a/docker/nextcloud/custom_apps/ownpad/3rdparty/tomnomnom/etherpad-lite-client/Makefile b/docker/nextcloud/custom_apps/ownpad/3rdparty/tomnomnom/etherpad-lite-client/Makefile new file mode 100755 index 0000000..e54d953 --- /dev/null +++ b/docker/nextcloud/custom_apps/ownpad/3rdparty/tomnomnom/etherpad-lite-client/Makefile @@ -0,0 +1,10 @@ +test: + ./vendor/bin/phpunit --colors --verbose + +dev-deps: + composer install --dev + +client: + php ./tools/generate.php > ./EtherpadLite/Client.php + +.PHONY: all test clean diff --git a/docker/nextcloud/custom_apps/ownpad/3rdparty/tomnomnom/etherpad-lite-client/README.md b/docker/nextcloud/custom_apps/ownpad/3rdparty/tomnomnom/etherpad-lite-client/README.md new file mode 100755 index 0000000..c563336 --- /dev/null +++ b/docker/nextcloud/custom_apps/ownpad/3rdparty/tomnomnom/etherpad-lite-client/README.md @@ -0,0 +1,45 @@ +# PHP Etherpad Lite Client +This PHP Etherpad Lite class allows you to easily interact with Etherpad Lite API with PHP. +Etherpad Lite is a collaborative editor provided by the Etherpad Foundation (http://etherpad.org) + +## Basic Usage + +Install from packagist: + +``` +composer require tomnomnom/etherpad-lite-client +``` + +A legacy `etherpad-lite-client.php` file is included for people who are unwilling/unable to switch to the new +namespaced version, but it is deprecated and will be removed in future versions. + +```php +getRevisionsCount('testPad'); +$revisionCount = $revisionCount->revisions; +echo "Pad has $revisionCount revisions"; +``` + +# Running The Tests +The full-stack tests can be run by running `make test`. + +The test suite makes the following assumptions: + +* A copy of Etherpad is running at http://localhost:9001 +* The data in the running instance of Etherpad can be destroyed +* The APIKey for the running instance is 'dcf118bfc58cc69cdf3ae870071f97149924f5f5a9a4a552fd2921b40830aaae' +* PHPUnit has been installed with [Composer](https://getcomposer.org/) (run `make dev-deps`) + +A Dockerfile is provided in `tools/testcontainer` to ease setup of a test instance. + +# License + +Apache License + +# Other Stuff + +The Etherpad Foundation also provides a jQuery plugin for Etherpad Lite. +This can be found at http://etherpad.org/2011/08/14/etherpad-lite-jquery-plugin/ + diff --git a/docker/nextcloud/custom_apps/ownpad/3rdparty/tomnomnom/etherpad-lite-client/api-spec.json b/docker/nextcloud/custom_apps/ownpad/3rdparty/tomnomnom/etherpad-lite-client/api-spec.json new file mode 100755 index 0000000..6de5ebe --- /dev/null +++ b/docker/nextcloud/custom_apps/ownpad/3rdparty/tomnomnom/etherpad-lite-client/api-spec.json @@ -0,0 +1,51 @@ +{ + "version": "1.2.11", + "methods": + { "createGroup" : [] + , "createGroupIfNotExistsFor" : ["groupMapper"] + , "deleteGroup" : ["groupID"] + , "listPads" : ["groupID"] + , "listAllPads" : [] + , "createDiffHTML" : ["padID", "startRev", "endRev"] + , "createPad" : ["padID", "[text]"] + , "createGroupPad" : ["groupID", "padName", "[text]"] + , "createAuthor" : ["[name]"] + , "createAuthorIfNotExistsFor": ["authorMapper" , "[name]"] + , "listPadsOfAuthor" : ["authorID"] + , "createSession" : ["groupID", "authorID", "validUntil"] + , "deleteSession" : ["sessionID"] + , "getSessionInfo" : ["sessionID"] + , "listSessionsOfGroup" : ["groupID"] + , "listSessionsOfAuthor" : ["authorID"] + , "getText" : ["padID", "[rev]"] + , "setText" : ["padID", "text"] + , "getHTML" : ["padID", "[rev]"] + , "setHTML" : ["padID", "html"] + , "getAttributePool" : ["padID"] + , "getRevisionsCount" : ["padID"] + , "getSavedRevisionsCount" : ["padID"] + , "listSavedRevisions" : ["padID"] + , "saveRevision" : ["padID", "rev"] + , "getRevisionChangeset" : ["padID", "[rev]"] + , "getLastEdited" : ["padID"] + , "deletePad" : ["padID"] + , "copyPad" : ["sourceID", "destinationID", "[force]"] + , "movePad" : ["sourceID", "destinationID", "[force]"] + , "getReadOnlyID" : ["padID"] + , "getPadID" : ["roID"] + , "setPublicStatus" : ["padID", "publicStatus"] + , "getPublicStatus" : ["padID"] + , "setPassword" : ["padID", "password"] + , "isPasswordProtected" : ["padID"] + , "listAuthorsOfPad" : ["padID"] + , "padUsersCount" : ["padID"] + , "getAuthorName" : ["authorID"] + , "padUsers" : ["padID"] + , "sendClientsMessage" : ["padID", "msg"] + , "listAllGroups" : [] + , "checkToken" : [] + , "getChatHistory" : ["padID", "[start]", "[end]"] + , "getChatHead" : ["padID"] + , "restoreRevision" : ["padID", "rev"] + } +} diff --git a/docker/nextcloud/custom_apps/ownpad/3rdparty/tomnomnom/etherpad-lite-client/composer.json b/docker/nextcloud/custom_apps/ownpad/3rdparty/tomnomnom/etherpad-lite-client/composer.json new file mode 100755 index 0000000..5a5a983 --- /dev/null +++ b/docker/nextcloud/custom_apps/ownpad/3rdparty/tomnomnom/etherpad-lite-client/composer.json @@ -0,0 +1,13 @@ +{ + "name": "tomnomnom/etherpad-lite-client", + "description": "Etherpad Lite client for PHP", + "homepage": "https://github.com/TomNomNom/etherpad-lite-client/", + "license": "Apache", + + "require-dev": { + "phpunit/phpunit": "3.7.*" + }, + "autoload": { + "psr-4": {"EtherpadLite\\": "EtherpadLite/"} + } +} diff --git a/docker/nextcloud/custom_apps/ownpad/3rdparty/tomnomnom/etherpad-lite-client/etherpad-lite-client.php b/docker/nextcloud/custom_apps/ownpad/3rdparty/tomnomnom/etherpad-lite-client/etherpad-lite-client.php new file mode 100755 index 0000000..d5fcf89 --- /dev/null +++ b/docker/nextcloud/custom_apps/ownpad/3rdparty/tomnomnom/etherpad-lite-client/etherpad-lite-client.php @@ -0,0 +1,573 @@ +apiKey = $apiKey; + + if (isset($baseUrl)){ + $this->baseUrl = $baseUrl; + } + if (!filter_var($this->baseUrl, FILTER_VALIDATE_URL)){ + throw new InvalidArgumentException("[{$this->baseUrl}] is not a valid URL"); + } + } + + protected function get($function, array $arguments = array()){ + return $this->call($function, $arguments, 'GET'); + } + + protected function post($function, array $arguments = array()){ + return $this->call($function, $arguments, 'POST'); + } + + protected function convertBools($candidate){ + if (is_bool($candidate)){ + return $candidate? "true" : "false"; + } + return $candidate; + } + + protected function call($function, array $arguments = array(), $method = 'GET'){ + $arguments['apikey'] = $this->apiKey; + $arguments = array_map(array($this, 'convertBools'), $arguments); + $arguments = http_build_query($arguments, '', '&'); + $url = $this->baseUrl."/".self::API_VERSION."/".$function; + if ($method !== 'POST'){ + $url .= "?".$arguments; + } + // use curl of it's available + if (function_exists('curl_init')){ + $c = curl_init($url); + curl_setopt($c, CURLOPT_RETURNTRANSFER, true); + curl_setopt($c, CURLOPT_TIMEOUT, 20); + if ($method === 'POST'){ + curl_setopt($c, CURLOPT_POST, true); + curl_setopt($c, CURLOPT_POSTFIELDS, $arguments); + } + $result = curl_exec($c); + curl_close($c); + // fallback to plain php + } else { + $params = array('http' => array('method' => $method, 'ignore_errors' => true, 'header' => 'Content-Type:application/x-www-form-urlencoded')); + if ($method === 'POST'){ + $params['http']['content'] = $arguments; + } + $context = stream_context_create($params); + $fp = fopen($url, 'rb', false, $context); + $result = $fp ? stream_get_contents($fp) : null; + } + + if(!$result){ + throw new UnexpectedValueException("Empty or No Response from the server"); + } + + $result = json_decode($result); + if ($result === null){ + throw new UnexpectedValueException("JSON response could not be decoded"); + } + return $this->handleResult($result); + } + + protected function handleResult($result){ + if (!isset($result->code)){ + throw new RuntimeException("API response has no code"); + } + if (!isset($result->message)){ + throw new RuntimeException("API response has no message"); + } + if (!isset($result->data)){ + $result->data = null; + } + + switch ($result->code){ + case self::CODE_OK: + return $result->data; + case self::CODE_INVALID_PARAMETERS: + case self::CODE_INVALID_API_KEY: + throw new InvalidArgumentException($result->message); + case self::CODE_INTERNAL_ERROR: + throw new RuntimeException($result->message); + case self::CODE_INVALID_FUNCTION: + throw new BadFunctionCallException($result->message); + default: + throw new RuntimeException("An unexpected error occurred whilst handling the response"); + } + } + + // createGroup + public function createGroup(){ + $params = array(); + + + return $this->post("createGroup", $params); + } + + // createGroupIfNotExistsFor + public function createGroupIfNotExistsFor($groupMapper){ + $params = array(); + + $params['groupMapper'] = $groupMapper; + + return $this->post("createGroupIfNotExistsFor", $params); + } + + // deleteGroup + public function deleteGroup($groupID){ + $params = array(); + + $params['groupID'] = $groupID; + + return $this->post("deleteGroup", $params); + } + + // listPads + public function listPads($groupID){ + $params = array(); + + $params['groupID'] = $groupID; + + return $this->get("listPads", $params); + } + + // listAllPads + public function listAllPads(){ + $params = array(); + + + return $this->get("listAllPads", $params); + } + + // createDiffHTML + public function createDiffHTML($padID, $startRev, $endRev){ + $params = array(); + + $params['padID'] = $padID; + $params['startRev'] = $startRev; + $params['endRev'] = $endRev; + + return $this->post("createDiffHTML", $params); + } + + // createPad + public function createPad($padID, $text = null){ + $params = array(); + + $params['padID'] = $padID; + if (isset($text)){ + $params['text'] = $text; + } + + return $this->post("createPad", $params); + } + + // createGroupPad + public function createGroupPad($groupID, $padName, $text = null){ + $params = array(); + + $params['groupID'] = $groupID; + $params['padName'] = $padName; + if (isset($text)){ + $params['text'] = $text; + } + + return $this->post("createGroupPad", $params); + } + + // createAuthor + public function createAuthor($name = null){ + $params = array(); + + if (isset($name)){ + $params['name'] = $name; + } + + return $this->post("createAuthor", $params); + } + + // createAuthorIfNotExistsFor + public function createAuthorIfNotExistsFor($authorMapper, $name = null){ + $params = array(); + + $params['authorMapper'] = $authorMapper; + if (isset($name)){ + $params['name'] = $name; + } + + return $this->post("createAuthorIfNotExistsFor", $params); + } + + // listPadsOfAuthor + public function listPadsOfAuthor($authorID){ + $params = array(); + + $params['authorID'] = $authorID; + + return $this->get("listPadsOfAuthor", $params); + } + + // createSession + public function createSession($groupID, $authorID, $validUntil){ + $params = array(); + + $params['groupID'] = $groupID; + $params['authorID'] = $authorID; + $params['validUntil'] = $validUntil; + + return $this->post("createSession", $params); + } + + // deleteSession + public function deleteSession($sessionID){ + $params = array(); + + $params['sessionID'] = $sessionID; + + return $this->post("deleteSession", $params); + } + + // getSessionInfo + public function getSessionInfo($sessionID){ + $params = array(); + + $params['sessionID'] = $sessionID; + + return $this->get("getSessionInfo", $params); + } + + // listSessionsOfGroup + public function listSessionsOfGroup($groupID){ + $params = array(); + + $params['groupID'] = $groupID; + + return $this->get("listSessionsOfGroup", $params); + } + + // listSessionsOfAuthor + public function listSessionsOfAuthor($authorID){ + $params = array(); + + $params['authorID'] = $authorID; + + return $this->get("listSessionsOfAuthor", $params); + } + + // getText + public function getText($padID, $rev = null){ + $params = array(); + + $params['padID'] = $padID; + if (isset($rev)){ + $params['rev'] = $rev; + } + + return $this->get("getText", $params); + } + + // setText + public function setText($padID, $text){ + $params = array(); + + $params['padID'] = $padID; + $params['text'] = $text; + + return $this->post("setText", $params); + } + + // getHTML + public function getHTML($padID, $rev = null){ + $params = array(); + + $params['padID'] = $padID; + if (isset($rev)){ + $params['rev'] = $rev; + } + + return $this->get("getHTML", $params); + } + + // setHTML + public function setHTML($padID, $html){ + $params = array(); + + $params['padID'] = $padID; + $params['html'] = $html; + + return $this->post("setHTML", $params); + } + + // getAttributePool + public function getAttributePool($padID){ + $params = array(); + + $params['padID'] = $padID; + + return $this->get("getAttributePool", $params); + } + + // getRevisionsCount + public function getRevisionsCount($padID){ + $params = array(); + + $params['padID'] = $padID; + + return $this->get("getRevisionsCount", $params); + } + + // getSavedRevisionsCount + public function getSavedRevisionsCount($padID){ + $params = array(); + + $params['padID'] = $padID; + + return $this->get("getSavedRevisionsCount", $params); + } + + // listSavedRevisions + public function listSavedRevisions($padID){ + $params = array(); + + $params['padID'] = $padID; + + return $this->get("listSavedRevisions", $params); + } + + // saveRevision + public function saveRevision($padID, $rev){ + $params = array(); + + $params['padID'] = $padID; + $params['rev'] = $rev; + + return $this->post("saveRevision", $params); + } + + // getRevisionChangeset + public function getRevisionChangeset($padID, $rev = null){ + $params = array(); + + $params['padID'] = $padID; + if (isset($rev)){ + $params['rev'] = $rev; + } + + return $this->get("getRevisionChangeset", $params); + } + + // getLastEdited + public function getLastEdited($padID){ + $params = array(); + + $params['padID'] = $padID; + + return $this->get("getLastEdited", $params); + } + + // deletePad + public function deletePad($padID){ + $params = array(); + + $params['padID'] = $padID; + + return $this->post("deletePad", $params); + } + + // copyPad + public function copyPad($sourceID, $destinationID, $force = null){ + $params = array(); + + $params['sourceID'] = $sourceID; + $params['destinationID'] = $destinationID; + if (isset($force)){ + $params['force'] = $force; + } + + return $this->post("copyPad", $params); + } + + // movePad + public function movePad($sourceID, $destinationID, $force = null){ + $params = array(); + + $params['sourceID'] = $sourceID; + $params['destinationID'] = $destinationID; + if (isset($force)){ + $params['force'] = $force; + } + + return $this->post("movePad", $params); + } + + // getReadOnlyID + public function getReadOnlyID($padID){ + $params = array(); + + $params['padID'] = $padID; + + return $this->get("getReadOnlyID", $params); + } + + // getPadID + public function getPadID($roID){ + $params = array(); + + $params['roID'] = $roID; + + return $this->get("getPadID", $params); + } + + // setPublicStatus + public function setPublicStatus($padID, $publicStatus){ + $params = array(); + + $params['padID'] = $padID; + $params['publicStatus'] = $publicStatus; + + return $this->post("setPublicStatus", $params); + } + + // getPublicStatus + public function getPublicStatus($padID){ + $params = array(); + + $params['padID'] = $padID; + + return $this->get("getPublicStatus", $params); + } + + // setPassword + public function setPassword($padID, $password){ + $params = array(); + + $params['padID'] = $padID; + $params['password'] = $password; + + return $this->post("setPassword", $params); + } + + // isPasswordProtected + public function isPasswordProtected($padID){ + $params = array(); + + $params['padID'] = $padID; + + return $this->get("isPasswordProtected", $params); + } + + // listAuthorsOfPad + public function listAuthorsOfPad($padID){ + $params = array(); + + $params['padID'] = $padID; + + return $this->get("listAuthorsOfPad", $params); + } + + // padUsersCount + public function padUsersCount($padID){ + $params = array(); + + $params['padID'] = $padID; + + return $this->get("padUsersCount", $params); + } + + // getAuthorName + public function getAuthorName($authorID){ + $params = array(); + + $params['authorID'] = $authorID; + + return $this->get("getAuthorName", $params); + } + + // padUsers + public function padUsers($padID){ + $params = array(); + + $params['padID'] = $padID; + + return $this->get("padUsers", $params); + } + + // sendClientsMessage + public function sendClientsMessage($padID, $msg){ + $params = array(); + + $params['padID'] = $padID; + $params['msg'] = $msg; + + return $this->post("sendClientsMessage", $params); + } + + // listAllGroups + public function listAllGroups(){ + $params = array(); + + + return $this->get("listAllGroups", $params); + } + + // checkToken + public function checkToken(){ + $params = array(); + + + return $this->post("checkToken", $params); + } + + // getChatHistory + public function getChatHistory($padID, $start = null, $end = null){ + $params = array(); + + $params['padID'] = $padID; + if (isset($start)){ + $params['start'] = $start; + } + if (isset($end)){ + $params['end'] = $end; + } + + return $this->get("getChatHistory", $params); + } + + // getChatHead + public function getChatHead($padID){ + $params = array(); + + $params['padID'] = $padID; + + return $this->get("getChatHead", $params); + } + + // restoreRevision + public function restoreRevision($padID, $rev){ + $params = array(); + + $params['padID'] = $padID; + $params['rev'] = $rev; + + return $this->post("restoreRevision", $params); + } + + +} + diff --git a/docker/nextcloud/custom_apps/ownpad/3rdparty/tomnomnom/etherpad-lite-client/phpunit.xml b/docker/nextcloud/custom_apps/ownpad/3rdparty/tomnomnom/etherpad-lite-client/phpunit.xml new file mode 100755 index 0000000..0ecc99d --- /dev/null +++ b/docker/nextcloud/custom_apps/ownpad/3rdparty/tomnomnom/etherpad-lite-client/phpunit.xml @@ -0,0 +1,7 @@ + + + + test/FullStack + + + diff --git a/docker/nextcloud/custom_apps/ownpad/3rdparty/tomnomnom/etherpad-lite-client/test/FullStack/AuthorTest.php b/docker/nextcloud/custom_apps/ownpad/3rdparty/tomnomnom/etherpad-lite-client/test/FullStack/AuthorTest.php new file mode 100755 index 0000000..ce16d79 --- /dev/null +++ b/docker/nextcloud/custom_apps/ownpad/3rdparty/tomnomnom/etherpad-lite-client/test/FullStack/AuthorTest.php @@ -0,0 +1,20 @@ +newClient(); + + $a = $client->createAuthor('Bob'); + $this->assertTrue(is_string($a->authorID)); + + $n = $client->getAuthorName($a->authorID); + $this->assertEquals("Bob", $n); + } + +} diff --git a/docker/nextcloud/custom_apps/ownpad/3rdparty/tomnomnom/etherpad-lite-client/test/FullStack/GroupsTest.php b/docker/nextcloud/custom_apps/ownpad/3rdparty/tomnomnom/etherpad-lite-client/test/FullStack/GroupsTest.php new file mode 100755 index 0000000..f64b878 --- /dev/null +++ b/docker/nextcloud/custom_apps/ownpad/3rdparty/tomnomnom/etherpad-lite-client/test/FullStack/GroupsTest.php @@ -0,0 +1,45 @@ +newClient(); + + // Create a group + $group = $client->createGroup(); + $this->assertTrue(is_string($group->groupID)); + + // Delete it + $r = $client->deleteGroup($group->groupID); + $this->assertNull($r); + + // Try to delete it again + try { + $client->deleteGroup($group->groupID); + $this->fail("deleteGroup should fail if group does not exist"); + } catch (\InvalidArgumentException $e){ + $this->assertTrue(true); // Just to keep the counter up ;) + } + } + + public function testListGroups(){ + $client = $this->newClient(); + + // Create a couple of groups + $one = $client->createGroup(); + $two = $client->createGroup(); + + $groups = $client->listAllGroups(); + $this->assertContains($one->groupID, $groups->groupIDs); + $this->assertContains($two->groupID, $groups->groupIDs); + + // Clean up + $client->deleteGroup($one->groupID); + $client->deleteGroup($two->groupID); + } +} diff --git a/docker/nextcloud/custom_apps/ownpad/3rdparty/tomnomnom/etherpad-lite-client/test/FullStack/PadTest.php b/docker/nextcloud/custom_apps/ownpad/3rdparty/tomnomnom/etherpad-lite-client/test/FullStack/PadTest.php new file mode 100755 index 0000000..0b9390e --- /dev/null +++ b/docker/nextcloud/custom_apps/ownpad/3rdparty/tomnomnom/etherpad-lite-client/test/FullStack/PadTest.php @@ -0,0 +1,32 @@ +newClient(); + + $group = $client->createGroup(); + $this->assertTrue(is_string($group->groupID)); + + $pad = $client->createGroupPad($group->groupID, "PadName", "Default Text"); + $this->assertTrue(is_string($pad->padID)); + + $text = $client->getText($pad->padID); + $this->assertEquals("Default Text", trim($text->text)); + + $set = $client->setText($pad->padID, "The new text"); + $this->assertNull($set); + + $text = $client->getText($pad->padID); + $this->assertEquals("The new text", trim($text->text)); + + $del = $client->deletePad($pad->padID); + $this->assertNull($del); + } + +} diff --git a/docker/nextcloud/custom_apps/ownpad/3rdparty/tomnomnom/etherpad-lite-client/tools/generate.php b/docker/nextcloud/custom_apps/ownpad/3rdparty/tomnomnom/etherpad-lite-client/tools/generate.php new file mode 100755 index 0000000..f1cb84e --- /dev/null +++ b/docker/nextcloud/custom_apps/ownpad/3rdparty/tomnomnom/etherpad-lite-client/tools/generate.php @@ -0,0 +1,45 @@ +methods as $name => $args){ + + // Slightly hacky, but should cover all bases + $httpMethod = "post"; + if (hasPrefix($name, "get") || + hasPrefix($name, "list") || + hasPrefix($name, "pad") || + hasPrefix($name, "is")){ + $httpMethod = "get"; + } + + $methods[] = array( + "name" => $name, + "args" => $args, + "httpMethod" => $httpMethod, + ); +} + +echo " $spec->version, + "methods" => $methods, +)); + +function render($template, $data){ + extract($data); + include($template); +} + +function hasPrefix($candidate, $prefix){ + if (strpos($candidate, $prefix) === 0){ + return true; + } + return false; +} diff --git a/docker/nextcloud/custom_apps/ownpad/3rdparty/tomnomnom/etherpad-lite-client/tools/templates/client.php b/docker/nextcloud/custom_apps/ownpad/3rdparty/tomnomnom/etherpad-lite-client/tools/templates/client.php new file mode 100755 index 0000000..8509106 --- /dev/null +++ b/docker/nextcloud/custom_apps/ownpad/3rdparty/tomnomnom/etherpad-lite-client/tools/templates/client.php @@ -0,0 +1,123 @@ +// The following code is automatically generated by ./tools/generate.php +// please edit the files in ./tools/templates/ instead of editing this +// file directly. + +namespace EtherpadLite; + +class Client { + + const API_VERSION = ''; + + const CODE_OK = 0; + const CODE_INVALID_PARAMETERS = 1; + const CODE_INTERNAL_ERROR = 2; + const CODE_INVALID_FUNCTION = 3; + const CODE_INVALID_API_KEY = 4; + + protected $apiKey = ""; + protected $baseUrl = "http://localhost:9001/api"; + + public function __construct($apiKey, $baseUrl = null){ + if (strlen($apiKey) < 1){ + throw new \InvalidArgumentException("[{$apiKey}] is not a valid API key"); + } + $this->apiKey = $apiKey; + + if (isset($baseUrl)){ + $this->baseUrl = $baseUrl; + } + if (!filter_var($this->baseUrl, FILTER_VALIDATE_URL)){ + throw new \InvalidArgumentException("[{$this->baseUrl}] is not a valid URL"); + } + } + + protected function get($function, array $arguments = array()){ + return $this->call($function, $arguments, 'GET'); + } + + protected function post($function, array $arguments = array()){ + return $this->call($function, $arguments, 'POST'); + } + + protected function convertBools($candidate){ + if (is_bool($candidate)){ + return $candidate? "true" : "false"; + } + return $candidate; + } + + protected function call($function, array $arguments = array(), $method = 'GET'){ + $arguments['apikey'] = $this->apiKey; + $arguments = array_map(array($this, 'convertBools'), $arguments); + $arguments = http_build_query($arguments, '', '&'); + $url = $this->baseUrl."/".self::API_VERSION."/".$function; + if ($method !== 'POST'){ + $url .= "?".$arguments; + } + // use curl of it's available + if (function_exists('curl_init')){ + $c = curl_init($url); + curl_setopt($c, CURLOPT_RETURNTRANSFER, true); + curl_setopt($c, CURLOPT_TIMEOUT, 20); + if ($method === 'POST'){ + curl_setopt($c, CURLOPT_POST, true); + curl_setopt($c, CURLOPT_POSTFIELDS, $arguments); + } + $result = curl_exec($c); + curl_close($c); + // fallback to plain php + } else { + $params = array('http' => array('method' => $method, 'ignore_errors' => true, 'header' => 'Content-Type:application/x-www-form-urlencoded')); + if ($method === 'POST'){ + $params['http']['content'] = $arguments; + } + $context = stream_context_create($params); + $fp = fopen($url, 'rb', false, $context); + $result = $fp ? stream_get_contents($fp) : null; + } + + if(!$result){ + throw new \UnexpectedValueException("Empty or No Response from the server"); + } + + $result = json_decode($result); + if ($result === null){ + throw new \UnexpectedValueException("JSON response could not be decoded"); + } + return $this->handleResult($result); + } + + protected function handleResult($result){ + if (!isset($result->code)){ + throw new \RuntimeException("API response has no code"); + } + if (!isset($result->message)){ + throw new \RuntimeException("API response has no message"); + } + if (!isset($result->data)){ + $result->data = null; + } + + switch ($result->code){ + case self::CODE_OK: + return $result->data; + case self::CODE_INVALID_PARAMETERS: + case self::CODE_INVALID_API_KEY: + throw new \InvalidArgumentException($result->message); + case self::CODE_INTERNAL_ERROR: + throw new \RuntimeException($result->message); + case self::CODE_INVALID_FUNCTION: + throw new \BadFunctionCallException($result->message); + default: + throw new \RuntimeException("An unexpected error occurred whilst handling the response"); + } + } + + + +} + diff --git a/docker/nextcloud/custom_apps/ownpad/3rdparty/tomnomnom/etherpad-lite-client/tools/templates/method.php b/docker/nextcloud/custom_apps/ownpad/3rdparty/tomnomnom/etherpad-lite-client/tools/templates/method.php new file mode 100755 index 0000000..0daab15 --- /dev/null +++ b/docker/nextcloud/custom_apps/ownpad/3rdparty/tomnomnom/etherpad-lite-client/tools/templates/method.php @@ -0,0 +1,31 @@ +{$httpMethod}(\"{$name}\", \$params);\n"; +echo " }\n\n"; +?> diff --git a/docker/nextcloud/custom_apps/ownpad/3rdparty/tomnomnom/etherpad-lite-client/tools/testcontainer/APIKEY.txt b/docker/nextcloud/custom_apps/ownpad/3rdparty/tomnomnom/etherpad-lite-client/tools/testcontainer/APIKEY.txt new file mode 100755 index 0000000..3700da9 --- /dev/null +++ b/docker/nextcloud/custom_apps/ownpad/3rdparty/tomnomnom/etherpad-lite-client/tools/testcontainer/APIKEY.txt @@ -0,0 +1 @@ +dcf118bfc58cc69cdf3ae870071f97149924f5f5a9a4a552fd2921b40830aaae diff --git a/docker/nextcloud/custom_apps/ownpad/3rdparty/tomnomnom/etherpad-lite-client/tools/testcontainer/Dockerfile b/docker/nextcloud/custom_apps/ownpad/3rdparty/tomnomnom/etherpad-lite-client/tools/testcontainer/Dockerfile new file mode 100755 index 0000000..96dc005 --- /dev/null +++ b/docker/nextcloud/custom_apps/ownpad/3rdparty/tomnomnom/etherpad-lite-client/tools/testcontainer/Dockerfile @@ -0,0 +1,13 @@ +FROM ubuntu + +RUN apt-get update +RUN apt-get install -y gzip git curl python libssl-dev pkg-config build-essential +RUN apt-get install -y nodejs npm +RUN ln -s /usr/bin/nodejs /usr/bin/node +RUN git clone git://github.com/ether/etherpad-lite.git + +COPY APIKEY.txt /etherpad-lite/ + +EXPOSE 9001 + +ENTRYPOINT ["/etherpad-lite/bin/run.sh", "--root"] diff --git a/docker/nextcloud/custom_apps/ownpad/3rdparty/tomnomnom/etherpad-lite-client/tools/testcontainer/run-container.sh b/docker/nextcloud/custom_apps/ownpad/3rdparty/tomnomnom/etherpad-lite-client/tools/testcontainer/run-container.sh new file mode 100755 index 0000000..97325e2 --- /dev/null +++ b/docker/nextcloud/custom_apps/ownpad/3rdparty/tomnomnom/etherpad-lite-client/tools/testcontainer/run-container.sh @@ -0,0 +1,2 @@ +#!/bin/sh +sudo docker run --detach --publish=9001:9001 $1 diff --git a/docker/nextcloud/custom_apps/ownpad/CHANGELOG.md b/docker/nextcloud/custom_apps/ownpad/CHANGELOG.md new file mode 100755 index 0000000..4bead49 --- /dev/null +++ b/docker/nextcloud/custom_apps/ownpad/CHANGELOG.md @@ -0,0 +1,117 @@ +Ownpad (0.6.16): +* **Fix**: Add Nextcloud 21 compatibility. + +Ownpad (0.6.15): +* **Fix**: Add Nextcloud 19 compatibility (no changes; thanks @sim6). + +Ownpad (0.6.14): +* **Fix**: Add Nextcloud 17 & 18 compatibility (no changes) + +Ownpad (0.6.13): +* **Fix**: Add Nextcloud 16 compatibility (no changes) + +Ownpad (0.6.12): +* **Fix**: fix regexp used to enable protected pads by removing trailing slash from EPL hostname. + +Ownpad (0.6.11): +* **Fix**: fix public pad creation if Etherpad API is not used. + +Ownpad (0.6.10): +* **Enhancement**: ownpad should work fine with Nextcloud 15. + +Ownpad (0.6.9): +* **Enhancement**: use API to create unprotected pads (thanks @m0urs). +* **Fix**: remove deprecated method `getMediumStrengthGenerator` (thanks @rullzer). +* **Fix**: only use lower case in pad and calc names to prevent an issue with Ethercalc (thanks @dtygel) +* **Fix**: update `README.md` to make more explicit that this app is no more than doing links to Etherpad/Ethercalc. + +Ownpad (0.6.8): +* **Fix**: update previous fix to let Ownpad be also compatible with NC 13. + +Ownpad (0.6.7): +* **Enhancement**: remove deprecated code calls and let Ownpad be compatible with Nextcloud 14. + +Ownpad (0.6.6): +* **Enhancement**: add option to disable non-protected 'public' pads. +* **Enhancement**: use proper icons of etherpad-lite and ethercalc. + +Ownpad (0.6.5): +* **Bugfix**: fix UI with Nextcloud 13 (thanks @frissdiegurke). +* **Enhancement**: enhance settings page. + +Ownpad (0.6.4): +* **Bugfix**: fix protected pads (thanks @frissdiegurke). +* **Enhancement**: replace ownCloud by Nextcloud. + +Ownpad (0.6.3): +* **Enhancement**: move application to the `office` section on Nextcloud app store. +* **Bugfix**: update message displayed when pad/calc URL doesn’t match configuration. +* **Bugfix**: when applying migration, don’t forget to check version… + +Ownpad (0.6.2): +* **Enhancement**: make app compatible with Nextcloud 13 (and drop ownCloud support). +* **Enhancement**: finish code refactoring (`app.php` moved to `Application` class). +* **Bugfix**: don’t forget to load JavaScript code on the settings page. + +Ownpad (0.6.1): +* **Enhancement**: move internal logic to a new OwnpadService class. +* **Bugfix**: fix regression introduced in previous version (bb3f3199c44d35b21a45d1ae6dd5524853f401cf). + +Ownpad (0.6.0): +* **Enhancement**: support for Etherpad API (experimental, incomplete and probably not totally secure) which allows to create private pads. +* **Enhancement**: refactor app to use AppFramework. +* **Bugfix**: remove deprecated code (thanks @MorrisJobke!). + +Ownpad (0.5.10) +* **Bugfix**: fix HTML code in template settings (thanks to KTim21). +* **Bugfix**: change Etherpad/Ethercalc instances hints on the configuration page. +* **Bugfix**: fix “multisheet support” for Ethercalc. +* **Bugfix**: fix Ethercalc URL validation. +* **Bugfix**: fix HTML code in the `noviewer.php` template. + +Ownpad (0.5.9) +* **Enhancement**: check for valid URL in pads/calcs to prevent bad redirections (thanks to Stephan Wiefling). +* **Enhancement**: make Ownpad compatible with Nextcloud 12. +* **Enhancement**: update documentation. + +Ownpad (0.5.8) +* **Enhancement**: enable multisheet support for new Ethercalc. +* **Enhancement**: update Content-Security-Policy rules. + +Ownpad (0.5.6) +* **Enhancement**: make Ownpad compatible with Nextcloud 11. +* **Bugfix**: don’t call for Ownpad configuration on public pages (fixes page reload on public pages) + +Ownpad (0.5.4) +* **Bugfix**: fix info.xml format for Nextcloud appstore. + +Ownpad (0.5.3) +* **Enhancement**: add icon for Etherpad in the “+” menu. +* **Enhancement**: some minor code enhacements. +* **Bugfix**: fix upgrade code (issue was introduced in 6560a6adf1b5027dfb70c0df6eff527f4d2304f2). + +Ownpad (0.5.2) +* **Enhancement**: don’t display pad/calc if no URL is configured for Ownpad. +* **Enhancement**: some minor changes (typo, etc.) +* **Enhancement**: minor changes to the configuration page. + +Ownpad (0.5.1) +* **Bugfix**: disable Ownpad’s mimetypes registration at application level, to prevent breaking all other mimetypes. This requires to manually add mimetypes to ownCloud’s configuration (see README.md). + +Ownpad (0.5.0) +* **Bugfix**: fix portability to ownCloud 9. + +Ownpad (0.4.0) +* **Enhancement**: port code to ownCloud 9 + +Ownpad (0.3.0) +**Bugfix**: Add Content-Security-Policy rules in order to allow the pad/calc iframe to be opened (required by ownCloud 8.1). +**Bugfix**: Fix the way URL are encoded to make Etherpad happy. +**Bugfix**: Fix the pad’s viewer size + +Ownpad (0.2.0) +* **Enhancement**: New pads/calcs are now handled by a specific AJAX script (`ajax/newpad.php`) that manage the file content. +* **Enhancement**: Autosave items in configuration page, and add a confirmation message (inspired by the `news` app). + +Ownpad (0.1.0) +* First release diff --git a/docker/nextcloud/custom_apps/ownpad/COPYING b/docker/nextcloud/custom_apps/ownpad/COPYING new file mode 100755 index 0000000..dba13ed --- /dev/null +++ b/docker/nextcloud/custom_apps/ownpad/COPYING @@ -0,0 +1,661 @@ + GNU AFFERO GENERAL PUBLIC LICENSE + Version 3, 19 November 2007 + + Copyright (C) 2007 Free Software Foundation, Inc. + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + + Preamble + + The GNU Affero General Public License is a free, copyleft license for +software and other kinds of works, specifically designed to ensure +cooperation with the community in the case of network server software. + + The licenses for most software and other practical works are designed +to take away your freedom to share and change the works. By contrast, +our General Public Licenses are intended to guarantee your freedom to +share and change all versions of a program--to make sure it remains free +software for all its users. + + When we speak of free software, we are referring to freedom, not +price. Our General Public Licenses are designed to make sure that you +have the freedom to distribute copies of free software (and charge for +them if you wish), that you receive source code or can get it if you +want it, that you can change the software or use pieces of it in new +free programs, and that you know you can do these things. + + Developers that use our General Public Licenses protect your rights +with two steps: (1) assert copyright on the software, and (2) offer +you this License which gives you legal permission to copy, distribute +and/or modify the software. + + A secondary benefit of defending all users' freedom is that +improvements made in alternate versions of the program, if they +receive widespread use, become available for other developers to +incorporate. Many developers of free software are heartened and +encouraged by the resulting cooperation. However, in the case of +software used on network servers, this result may fail to come about. +The GNU General Public License permits making a modified version and +letting the public access it on a server without ever releasing its +source code to the public. + + The GNU Affero General Public License is designed specifically to +ensure that, in such cases, the modified source code becomes available +to the community. It requires the operator of a network server to +provide the source code of the modified version running there to the +users of that server. Therefore, public use of a modified version, on +a publicly accessible server, gives the public access to the source +code of the modified version. + + An older license, called the Affero General Public License and +published by Affero, was designed to accomplish similar goals. This is +a different license, not a version of the Affero GPL, but Affero has +released a new version of the Affero GPL which permits relicensing under +this license. + + The precise terms and conditions for copying, distribution and +modification follow. + + TERMS AND CONDITIONS + + 0. Definitions. + + "This License" refers to version 3 of the GNU Affero General Public License. + + "Copyright" also means copyright-like laws that apply to other kinds of +works, such as semiconductor masks. + + "The Program" refers to any copyrightable work licensed under this +License. Each licensee is addressed as "you". "Licensees" and +"recipients" may be individuals or organizations. + + To "modify" a work means to copy from or adapt all or part of the work +in a fashion requiring copyright permission, other than the making of an +exact copy. The resulting work is called a "modified version" of the +earlier work or a work "based on" the earlier work. + + A "covered work" means either the unmodified Program or a work based +on the Program. + + To "propagate" a work means to do anything with it that, without +permission, would make you directly or secondarily liable for +infringement under applicable copyright law, except executing it on a +computer or modifying a private copy. Propagation includes copying, +distribution (with or without modification), making available to the +public, and in some countries other activities as well. + + To "convey" a work means any kind of propagation that enables other +parties to make or receive copies. Mere interaction with a user through +a computer network, with no transfer of a copy, is not conveying. + + An interactive user interface displays "Appropriate Legal Notices" +to the extent that it includes a convenient and prominently visible +feature that (1) displays an appropriate copyright notice, and (2) +tells the user that there is no warranty for the work (except to the +extent that warranties are provided), that licensees may convey the +work under this License, and how to view a copy of this License. If +the interface presents a list of user commands or options, such as a +menu, a prominent item in the list meets this criterion. + + 1. Source Code. + + The "source code" for a work means the preferred form of the work +for making modifications to it. "Object code" means any non-source +form of a work. + + A "Standard Interface" means an interface that either is an official +standard defined by a recognized standards body, or, in the case of +interfaces specified for a particular programming language, one that +is widely used among developers working in that language. + + The "System Libraries" of an executable work include anything, other +than the work as a whole, that (a) is included in the normal form of +packaging a Major Component, but which is not part of that Major +Component, and (b) serves only to enable use of the work with that +Major Component, or to implement a Standard Interface for which an +implementation is available to the public in source code form. A +"Major Component", in this context, means a major essential component +(kernel, window system, and so on) of the specific operating system +(if any) on which the executable work runs, or a compiler used to +produce the work, or an object code interpreter used to run it. + + The "Corresponding Source" for a work in object code form means all +the source code needed to generate, install, and (for an executable +work) run the object code and to modify the work, including scripts to +control those activities. However, it does not include the work's +System Libraries, or general-purpose tools or generally available free +programs which are used unmodified in performing those activities but +which are not part of the work. For example, Corresponding Source +includes interface definition files associated with source files for +the work, and the source code for shared libraries and dynamically +linked subprograms that the work is specifically designed to require, +such as by intimate data communication or control flow between those +subprograms and other parts of the work. + + The Corresponding Source need not include anything that users +can regenerate automatically from other parts of the Corresponding +Source. + + The Corresponding Source for a work in source code form is that +same work. + + 2. Basic Permissions. + + All rights granted under this License are granted for the term of +copyright on the Program, and are irrevocable provided the stated +conditions are met. This License explicitly affirms your unlimited +permission to run the unmodified Program. The output from running a +covered work is covered by this License only if the output, given its +content, constitutes a covered work. This License acknowledges your +rights of fair use or other equivalent, as provided by copyright law. + + You may make, run and propagate covered works that you do not +convey, without conditions so long as your license otherwise remains +in force. You may convey covered works to others for the sole purpose +of having them make modifications exclusively for you, or provide you +with facilities for running those works, provided that you comply with +the terms of this License in conveying all material for which you do +not control copyright. Those thus making or running the covered works +for you must do so exclusively on your behalf, under your direction +and control, on terms that prohibit them from making any copies of +your copyrighted material outside their relationship with you. + + Conveying under any other circumstances is permitted solely under +the conditions stated below. Sublicensing is not allowed; section 10 +makes it unnecessary. + + 3. Protecting Users' Legal Rights From Anti-Circumvention Law. + + No covered work shall be deemed part of an effective technological +measure under any applicable law fulfilling obligations under article +11 of the WIPO copyright treaty adopted on 20 December 1996, or +similar laws prohibiting or restricting circumvention of such +measures. + + When you convey a covered work, you waive any legal power to forbid +circumvention of technological measures to the extent such circumvention +is effected by exercising rights under this License with respect to +the covered work, and you disclaim any intention to limit operation or +modification of the work as a means of enforcing, against the work's +users, your or third parties' legal rights to forbid circumvention of +technological measures. + + 4. Conveying Verbatim Copies. + + You may convey verbatim copies of the Program's source code as you +receive it, in any medium, provided that you conspicuously and +appropriately publish on each copy an appropriate copyright notice; +keep intact all notices stating that this License and any +non-permissive terms added in accord with section 7 apply to the code; +keep intact all notices of the absence of any warranty; and give all +recipients a copy of this License along with the Program. + + You may charge any price or no price for each copy that you convey, +and you may offer support or warranty protection for a fee. + + 5. Conveying Modified Source Versions. + + You may convey a work based on the Program, or the modifications to +produce it from the Program, in the form of source code under the +terms of section 4, provided that you also meet all of these conditions: + + a) The work must carry prominent notices stating that you modified + it, and giving a relevant date. + + b) The work must carry prominent notices stating that it is + released under this License and any conditions added under section + 7. This requirement modifies the requirement in section 4 to + "keep intact all notices". + + c) You must license the entire work, as a whole, under this + License to anyone who comes into possession of a copy. This + License will therefore apply, along with any applicable section 7 + additional terms, to the whole of the work, and all its parts, + regardless of how they are packaged. This License gives no + permission to license the work in any other way, but it does not + invalidate such permission if you have separately received it. + + d) If the work has interactive user interfaces, each must display + Appropriate Legal Notices; however, if the Program has interactive + interfaces that do not display Appropriate Legal Notices, your + work need not make them do so. + + A compilation of a covered work with other separate and independent +works, which are not by their nature extensions of the covered work, +and which are not combined with it such as to form a larger program, +in or on a volume of a storage or distribution medium, is called an +"aggregate" if the compilation and its resulting copyright are not +used to limit the access or legal rights of the compilation's users +beyond what the individual works permit. Inclusion of a covered work +in an aggregate does not cause this License to apply to the other +parts of the aggregate. + + 6. Conveying Non-Source Forms. + + You may convey a covered work in object code form under the terms +of sections 4 and 5, provided that you also convey the +machine-readable Corresponding Source under the terms of this License, +in one of these ways: + + a) Convey the object code in, or embodied in, a physical product + (including a physical distribution medium), accompanied by the + Corresponding Source fixed on a durable physical medium + customarily used for software interchange. + + b) Convey the object code in, or embodied in, a physical product + (including a physical distribution medium), accompanied by a + written offer, valid for at least three years and valid for as + long as you offer spare parts or customer support for that product + model, to give anyone who possesses the object code either (1) a + copy of the Corresponding Source for all the software in the + product that is covered by this License, on a durable physical + medium customarily used for software interchange, for a price no + more than your reasonable cost of physically performing this + conveying of source, or (2) access to copy the + Corresponding Source from a network server at no charge. + + c) Convey individual copies of the object code with a copy of the + written offer to provide the Corresponding Source. This + alternative is allowed only occasionally and noncommercially, and + only if you received the object code with such an offer, in accord + with subsection 6b. + + d) Convey the object code by offering access from a designated + place (gratis or for a charge), and offer equivalent access to the + Corresponding Source in the same way through the same place at no + further charge. You need not require recipients to copy the + Corresponding Source along with the object code. If the place to + copy the object code is a network server, the Corresponding Source + may be on a different server (operated by you or a third party) + that supports equivalent copying facilities, provided you maintain + clear directions next to the object code saying where to find the + Corresponding Source. Regardless of what server hosts the + Corresponding Source, you remain obligated to ensure that it is + available for as long as needed to satisfy these requirements. + + e) Convey the object code using peer-to-peer transmission, provided + you inform other peers where the object code and Corresponding + Source of the work are being offered to the general public at no + charge under subsection 6d. + + A separable portion of the object code, whose source code is excluded +from the Corresponding Source as a System Library, need not be +included in conveying the object code work. + + A "User Product" is either (1) a "consumer product", which means any +tangible personal property which is normally used for personal, family, +or household purposes, or (2) anything designed or sold for incorporation +into a dwelling. In determining whether a product is a consumer product, +doubtful cases shall be resolved in favor of coverage. For a particular +product received by a particular user, "normally used" refers to a +typical or common use of that class of product, regardless of the status +of the particular user or of the way in which the particular user +actually uses, or expects or is expected to use, the product. A product +is a consumer product regardless of whether the product has substantial +commercial, industrial or non-consumer uses, unless such uses represent +the only significant mode of use of the product. + + "Installation Information" for a User Product means any methods, +procedures, authorization keys, or other information required to install +and execute modified versions of a covered work in that User Product from +a modified version of its Corresponding Source. The information must +suffice to ensure that the continued functioning of the modified object +code is in no case prevented or interfered with solely because +modification has been made. + + If you convey an object code work under this section in, or with, or +specifically for use in, a User Product, and the conveying occurs as +part of a transaction in which the right of possession and use of the +User Product is transferred to the recipient in perpetuity or for a +fixed term (regardless of how the transaction is characterized), the +Corresponding Source conveyed under this section must be accompanied +by the Installation Information. But this requirement does not apply +if neither you nor any third party retains the ability to install +modified object code on the User Product (for example, the work has +been installed in ROM). + + The requirement to provide Installation Information does not include a +requirement to continue to provide support service, warranty, or updates +for a work that has been modified or installed by the recipient, or for +the User Product in which it has been modified or installed. Access to a +network may be denied when the modification itself materially and +adversely affects the operation of the network or violates the rules and +protocols for communication across the network. + + Corresponding Source conveyed, and Installation Information provided, +in accord with this section must be in a format that is publicly +documented (and with an implementation available to the public in +source code form), and must require no special password or key for +unpacking, reading or copying. + + 7. Additional Terms. + + "Additional permissions" are terms that supplement the terms of this +License by making exceptions from one or more of its conditions. +Additional permissions that are applicable to the entire Program shall +be treated as though they were included in this License, to the extent +that they are valid under applicable law. If additional permissions +apply only to part of the Program, that part may be used separately +under those permissions, but the entire Program remains governed by +this License without regard to the additional permissions. + + When you convey a copy of a covered work, you may at your option +remove any additional permissions from that copy, or from any part of +it. (Additional permissions may be written to require their own +removal in certain cases when you modify the work.) You may place +additional permissions on material, added by you to a covered work, +for which you have or can give appropriate copyright permission. + + Notwithstanding any other provision of this License, for material you +add to a covered work, you may (if authorized by the copyright holders of +that material) supplement the terms of this License with terms: + + a) Disclaiming warranty or limiting liability differently from the + terms of sections 15 and 16 of this License; or + + b) Requiring preservation of specified reasonable legal notices or + author attributions in that material or in the Appropriate Legal + Notices displayed by works containing it; or + + c) Prohibiting misrepresentation of the origin of that material, or + requiring that modified versions of such material be marked in + reasonable ways as different from the original version; or + + d) Limiting the use for publicity purposes of names of licensors or + authors of the material; or + + e) Declining to grant rights under trademark law for use of some + trade names, trademarks, or service marks; or + + f) Requiring indemnification of licensors and authors of that + material by anyone who conveys the material (or modified versions of + it) with contractual assumptions of liability to the recipient, for + any liability that these contractual assumptions directly impose on + those licensors and authors. + + All other non-permissive additional terms are considered "further +restrictions" within the meaning of section 10. If the Program as you +received it, or any part of it, contains a notice stating that it is +governed by this License along with a term that is a further +restriction, you may remove that term. If a license document contains +a further restriction but permits relicensing or conveying under this +License, you may add to a covered work material governed by the terms +of that license document, provided that the further restriction does +not survive such relicensing or conveying. + + If you add terms to a covered work in accord with this section, you +must place, in the relevant source files, a statement of the +additional terms that apply to those files, or a notice indicating +where to find the applicable terms. + + Additional terms, permissive or non-permissive, may be stated in the +form of a separately written license, or stated as exceptions; +the above requirements apply either way. + + 8. Termination. + + You may not propagate or modify a covered work except as expressly +provided under this License. Any attempt otherwise to propagate or +modify it is void, and will automatically terminate your rights under +this License (including any patent licenses granted under the third +paragraph of section 11). + + However, if you cease all violation of this License, then your +license from a particular copyright holder is reinstated (a) +provisionally, unless and until the copyright holder explicitly and +finally terminates your license, and (b) permanently, if the copyright +holder fails to notify you of the violation by some reasonable means +prior to 60 days after the cessation. + + Moreover, your license from a particular copyright holder is +reinstated permanently if the copyright holder notifies you of the +violation by some reasonable means, this is the first time you have +received notice of violation of this License (for any work) from that +copyright holder, and you cure the violation prior to 30 days after +your receipt of the notice. + + Termination of your rights under this section does not terminate the +licenses of parties who have received copies or rights from you under +this License. If your rights have been terminated and not permanently +reinstated, you do not qualify to receive new licenses for the same +material under section 10. + + 9. Acceptance Not Required for Having Copies. + + You are not required to accept this License in order to receive or +run a copy of the Program. Ancillary propagation of a covered work +occurring solely as a consequence of using peer-to-peer transmission +to receive a copy likewise does not require acceptance. However, +nothing other than this License grants you permission to propagate or +modify any covered work. These actions infringe copyright if you do +not accept this License. Therefore, by modifying or propagating a +covered work, you indicate your acceptance of this License to do so. + + 10. Automatic Licensing of Downstream Recipients. + + Each time you convey a covered work, the recipient automatically +receives a license from the original licensors, to run, modify and +propagate that work, subject to this License. You are not responsible +for enforcing compliance by third parties with this License. + + An "entity transaction" is a transaction transferring control of an +organization, or substantially all assets of one, or subdividing an +organization, or merging organizations. If propagation of a covered +work results from an entity transaction, each party to that +transaction who receives a copy of the work also receives whatever +licenses to the work the party's predecessor in interest had or could +give under the previous paragraph, plus a right to possession of the +Corresponding Source of the work from the predecessor in interest, if +the predecessor has it or can get it with reasonable efforts. + + You may not impose any further restrictions on the exercise of the +rights granted or affirmed under this License. For example, you may +not impose a license fee, royalty, or other charge for exercise of +rights granted under this License, and you may not initiate litigation +(including a cross-claim or counterclaim in a lawsuit) alleging that +any patent claim is infringed by making, using, selling, offering for +sale, or importing the Program or any portion of it. + + 11. Patents. + + A "contributor" is a copyright holder who authorizes use under this +License of the Program or a work on which the Program is based. The +work thus licensed is called the contributor's "contributor version". + + A contributor's "essential patent claims" are all patent claims +owned or controlled by the contributor, whether already acquired or +hereafter acquired, that would be infringed by some manner, permitted +by this License, of making, using, or selling its contributor version, +but do not include claims that would be infringed only as a +consequence of further modification of the contributor version. For +purposes of this definition, "control" includes the right to grant +patent sublicenses in a manner consistent with the requirements of +this License. + + Each contributor grants you a non-exclusive, worldwide, royalty-free +patent license under the contributor's essential patent claims, to +make, use, sell, offer for sale, import and otherwise run, modify and +propagate the contents of its contributor version. + + In the following three paragraphs, a "patent license" is any express +agreement or commitment, however denominated, not to enforce a patent +(such as an express permission to practice a patent or covenant not to +sue for patent infringement). To "grant" such a patent license to a +party means to make such an agreement or commitment not to enforce a +patent against the party. + + If you convey a covered work, knowingly relying on a patent license, +and the Corresponding Source of the work is not available for anyone +to copy, free of charge and under the terms of this License, through a +publicly available network server or other readily accessible means, +then you must either (1) cause the Corresponding Source to be so +available, or (2) arrange to deprive yourself of the benefit of the +patent license for this particular work, or (3) arrange, in a manner +consistent with the requirements of this License, to extend the patent +license to downstream recipients. "Knowingly relying" means you have +actual knowledge that, but for the patent license, your conveying the +covered work in a country, or your recipient's use of the covered work +in a country, would infringe one or more identifiable patents in that +country that you have reason to believe are valid. + + If, pursuant to or in connection with a single transaction or +arrangement, you convey, or propagate by procuring conveyance of, a +covered work, and grant a patent license to some of the parties +receiving the covered work authorizing them to use, propagate, modify +or convey a specific copy of the covered work, then the patent license +you grant is automatically extended to all recipients of the covered +work and works based on it. + + A patent license is "discriminatory" if it does not include within +the scope of its coverage, prohibits the exercise of, or is +conditioned on the non-exercise of one or more of the rights that are +specifically granted under this License. You may not convey a covered +work if you are a party to an arrangement with a third party that is +in the business of distributing software, under which you make payment +to the third party based on the extent of your activity of conveying +the work, and under which the third party grants, to any of the +parties who would receive the covered work from you, a discriminatory +patent license (a) in connection with copies of the covered work +conveyed by you (or copies made from those copies), or (b) primarily +for and in connection with specific products or compilations that +contain the covered work, unless you entered into that arrangement, +or that patent license was granted, prior to 28 March 2007. + + Nothing in this License shall be construed as excluding or limiting +any implied license or other defenses to infringement that may +otherwise be available to you under applicable patent law. + + 12. No Surrender of Others' Freedom. + + If conditions are imposed on you (whether by court order, agreement or +otherwise) that contradict the conditions of this License, they do not +excuse you from the conditions of this License. If you cannot convey a +covered work so as to satisfy simultaneously your obligations under this +License and any other pertinent obligations, then as a consequence you may +not convey it at all. For example, if you agree to terms that obligate you +to collect a royalty for further conveying from those to whom you convey +the Program, the only way you could satisfy both those terms and this +License would be to refrain entirely from conveying the Program. + + 13. Remote Network Interaction; Use with the GNU General Public License. + + Notwithstanding any other provision of this License, if you modify the +Program, your modified version must prominently offer all users +interacting with it remotely through a computer network (if your version +supports such interaction) an opportunity to receive the Corresponding +Source of your version by providing access to the Corresponding Source +from a network server at no charge, through some standard or customary +means of facilitating copying of software. This Corresponding Source +shall include the Corresponding Source for any work covered by version 3 +of the GNU General Public License that is incorporated pursuant to the +following paragraph. + + Notwithstanding any other provision of this License, you have +permission to link or combine any covered work with a work licensed +under version 3 of the GNU General Public License into a single +combined work, and to convey the resulting work. The terms of this +License will continue to apply to the part which is the covered work, +but the work with which it is combined will remain governed by version +3 of the GNU General Public License. + + 14. Revised Versions of this License. + + The Free Software Foundation may publish revised and/or new versions of +the GNU Affero General Public License from time to time. Such new versions +will be similar in spirit to the present version, but may differ in detail to +address new problems or concerns. + + Each version is given a distinguishing version number. If the +Program specifies that a certain numbered version of the GNU Affero General +Public License "or any later version" applies to it, you have the +option of following the terms and conditions either of that numbered +version or of any later version published by the Free Software +Foundation. If the Program does not specify a version number of the +GNU Affero General Public License, you may choose any version ever published +by the Free Software Foundation. + + If the Program specifies that a proxy can decide which future +versions of the GNU Affero General Public License can be used, that proxy's +public statement of acceptance of a version permanently authorizes you +to choose that version for the Program. + + Later license versions may give you additional or different +permissions. However, no additional obligations are imposed on any +author or copyright holder as a result of your choosing to follow a +later version. + + 15. Disclaimer of Warranty. + + THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY +APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT +HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY +OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, +THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM +IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF +ALL NECESSARY SERVICING, REPAIR OR CORRECTION. + + 16. Limitation of Liability. + + IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING +WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS +THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY +GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE +USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF +DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD +PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), +EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF +SUCH DAMAGES. + + 17. Interpretation of Sections 15 and 16. + + If the disclaimer of warranty and limitation of liability provided +above cannot be given local legal effect according to their terms, +reviewing courts shall apply local law that most closely approximates +an absolute waiver of all civil liability in connection with the +Program, unless a warranty or assumption of liability accompanies a +copy of the Program in return for a fee. + + END OF TERMS AND CONDITIONS + + How to Apply These Terms to Your New Programs + + If you develop a new program, and you want it to be of the greatest +possible use to the public, the best way to achieve this is to make it +free software which everyone can redistribute and change under these terms. + + To do so, attach the following notices to the program. It is safest +to attach them to the start of each source file to most effectively +state the exclusion of warranty; and each file should have at least +the "copyright" line and a pointer to where the full notice is found. + + + Copyright (C) + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU Affero General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU Affero General Public License for more details. + + You should have received a copy of the GNU Affero General Public License + along with this program. If not, see . + +Also add information on how to contact you by electronic and paper mail. + + If your software can interact with users remotely through a computer +network, you should also make sure that it provides a way for users to +get its source. For example, if your program is a web application, its +interface could display a "Source" link that leads users to an archive +of the code. There are many ways you could offer source, and different +solutions will be better for different programs; see section 13 for the +specific requirements. + + You should also get your employer (if you work as a programmer) or school, +if any, to sign a "copyright disclaimer" for the program, if necessary. +For more information on this, and how to apply and follow the GNU AGPL, see +. diff --git a/docker/nextcloud/custom_apps/ownpad/README.md b/docker/nextcloud/custom_apps/ownpad/README.md new file mode 100755 index 0000000..bcd7c09 --- /dev/null +++ b/docker/nextcloud/custom_apps/ownpad/README.md @@ -0,0 +1,90 @@ +# Ownpad — Etherpad and Ethercalc _links_ in Nextcloud + +Ownpad is a Nextcloud application that allows to create and open +Etherpad and Ethercalc documents. This application requires to have +access to an instance of Etherpad and/or Ethercalc to work properly. + +Note that the documents are only stored with your Etherpad/Ethercalc +service provider; no copy is kept on Nextcloud. As documents are +created this way Nextcloud is not responsible for the documents +security, e.g. anyone with access to the Etherpad/Ethercalc service +can access your documents. + +## Configuration + +In order to make Ownpad work, go to the configuration panel (Settings / +Admininstration / Additional Settings) and fill in the necessary data +within the “Ownpad (collaborative documents)” section. + +**Set a Etherpad Host:** +To be able to process the document, you must configure a Host. [Find more public providers at the Etherpad-Lite wiki](https://github.com/ether/etherpad-lite/wiki/Sites-that-run-Etherpad-Lite) + +*Example:* +* Etherpad Host https://etherpad.wikimedia.org/ +* Ethercalc Host https://ethercalc.org/ + +Note that most browsers will only display the content if both Nextcloud and Etherpad/Ethercalc are served via HTTPS. + +Afterwards, the “pad” and/or “calc” items will be available in the “+” +menu from the “File” app. + +## Mimetype detection + +Unfortunately, apps can’t declare new mimetypes on the fly. To make +Ownpad work properly, you need to add two new mimetypes in the +`mimetypemapping.json` file (at Nextcloud level). + +To proceed, just copy `/resources/config/mimetypemapping.dist.json` to +`/config/mimetypemapping.json` (in the `config/` folder at Nextcloud’s +root directory; the file should be stored next to the `config.php` +file). + +For the [snap-distribution of Nextcloud](https://github.com/nextcloud/nextcloud-snap) the template file can be found under `/snap/nextcloud/current/htdocs/resources/config/mimetypemapping.dist.json` and the active config-folder by default is `/var/snap/nextcloud/current/nextcloud/config/`. + +Afterwards add the two following lines just after the “_comment” +lines. + + "pad": ["application/x-ownpad"], + "calc": ["application/x-ownpad"], + +If all other mimetypes are not working properly, just run the +following command: + + sudo -u www-data php occ files:scan --all + +For the snap-distribution that is + + sudo nextcloud.occ files:scan --all + +## Create access restricted pads + +Ownpad supports communication with the Etherpad API for access +restriction (so called *protected pads*). This support is considered +**experimental** due to work in progress; some features are still +missing. See the [TODO.md](TODO.md) for details. + +Protected pads need to be accessed via Nextcloud in order to gain access +privileges. + +In order for this to work, you’ll need to enter your Etherpad API key +within the Ownpad settings. You can find your API key in the +`APIKEY.txt` file of your Etherpad instance. + +In addition you’ll need to host your Etherpad and Nextcloud instances +under the same domain. For example, you can host your Etherpad in +`pad.example.org` and your Nextcloud in `cloud.example.org`. For this +example, you’ll have to set the cookie domain to `example.org` within +the Ownpad settings. + +If you want to create *truly* private pads, you have to dedicate an +Etherpad instance for Nextcloud **running both with HTTPS**. You will then configure Etherpad to +restrict pad access via sessions and pad creation via the API. +For this, you have to adjust your Etherpad configuration file +(`settings.json`) as following: + + "requireSession" : true, + "editOnly" : true, + +## License + +The code is licensed under the AGPLv3 which can be found as the file [COPYING](COPYING) in the source code repository. diff --git a/docker/nextcloud/custom_apps/ownpad/TODO.md b/docker/nextcloud/custom_apps/ownpad/TODO.md new file mode 100755 index 0000000..d054f48 --- /dev/null +++ b/docker/nextcloud/custom_apps/ownpad/TODO.md @@ -0,0 +1,27 @@ +# Todo list + +- [x] Add basic support for Etherpad API (create & open pads). +- [ ] Check rights before opening the file (mainly, respect rights if + share doesn’t allow modifications). +- [ ] Make configuration more user-friendly (maybe, automatically find + the most correct cookie domain to use). Maybe also add a new + configuration item to mark that Etherpad API is usable (after + test). +- [ ] Try to find a way to work-around the cookie issue (that may + require to develop a tiny plugin for Etherpad that would allow + to set the cookie for us). This + [plugin](https://www.npmjs.com/package/ep_auth_session) exists, + we could add an option to support it. +- [ ] Handle errors and exceptions. +- [ ] Handle session timeouts (we ask for 3600 seconds session to + Etherpad, but we are using a session cookie). +- [ ] Handle ACL revocation (add some kind of hook on ACL changes, and + re-validate / check all sessions for that specific pad(s)) +- [ ] Manage multiple ownCloud instances for Etherpad (when calling + `createAuthorIfNotExistsFor`). +- [ ] Manage multiple sessions for Etherpad (you can add multiple + sessions to the `sessionID` cookie by separating them by + commas). +- [ ] Cleanup `sessionID` cookie after logout (a bit tricky, requires + to save the current `sessionID` somewhere and remove it after + user logs out). diff --git a/docker/nextcloud/custom_apps/ownpad/appinfo/app.php b/docker/nextcloud/custom_apps/ownpad/appinfo/app.php new file mode 100755 index 0000000..aba6ff3 --- /dev/null +++ b/docker/nextcloud/custom_apps/ownpad/appinfo/app.php @@ -0,0 +1,17 @@ + + * @copyright Olivier Tétard , 2017 + */ + +namespace OCA\Ownpad\AppInfo; + +require_once __DIR__ . '/../3rdparty/autoload.php'; + +$app = new Application(); +$app->registerHooks(); diff --git a/docker/nextcloud/custom_apps/ownpad/appinfo/info.xml b/docker/nextcloud/custom_apps/ownpad/appinfo/info.xml new file mode 100755 index 0000000..e245218 --- /dev/null +++ b/docker/nextcloud/custom_apps/ownpad/appinfo/info.xml @@ -0,0 +1,39 @@ + + + ownpad + Ownpad + + Create and open Etherpad and Ethercalc documents. + + + Ownpad is a Nextcloud application that allows to create and open + Etherpad and Ethercalc documents. + + This application requires to have access to an instance of + Etherpad and/or Ethercalc to work properly. + + 0.6.16 + agpl + Olivier Tétard + + https://github.com/otetard/ownpad/blob/master/README.md#mimetype-detection + + office + https://github.com/otetard/ownpad/issues + https://github.com/otetard/ownpad + https://raw.githubusercontent.com/otetard/ownpad/master/screenshots/1.png + + + + + + OCA\Ownpad\Migration\MigrateSettings + OCA\Ownpad\Migration\ConfigPublicEnable + + + + OCA\Ownpad\Settings\AdminSettings + + 174679 + diff --git a/docker/nextcloud/custom_apps/ownpad/appinfo/routes.php b/docker/nextcloud/custom_apps/ownpad/appinfo/routes.php new file mode 100755 index 0000000..f18b77d --- /dev/null +++ b/docker/nextcloud/custom_apps/ownpad/appinfo/routes.php @@ -0,0 +1,22 @@ + + * @copyright Olivier Tétard , 2017 + */ + +namespace OCA\Ownpad\Appinfo; + +/** @var $this \OC\Route\Router */ + +$this->create('ownpad_newpad', 'ajax/newpad.php')->actionInclude('ownpad/ajax/newpad.php'); + +return ['routes' => [ + ['name' => 'display#showPad', 'url' => '/', 'verb' => 'GET'], + ['name' => 'ajax#getconfig', 'url' => '/ajax/v1.0/getconfig', 'verb' => 'GET'], + ['name' => 'ajax#newpad', 'url' => '/ajax/v1.0/newpad', 'verb' => 'POST'], +]]; diff --git a/docker/nextcloud/custom_apps/ownpad/css/ownpad.css b/docker/nextcloud/custom_apps/ownpad/css/ownpad.css new file mode 100755 index 0000000..eeafe32 --- /dev/null +++ b/docker/nextcloud/custom_apps/ownpad/css/ownpad.css @@ -0,0 +1,54 @@ +/** + * Nextcloud - Ownpad + * + * This file is licensed under the Affero General Public License + * version 3 or later. See the COPYING file. + * + * @author Olivier Tétard + * @copyright Olivier Tétard , 2017 + */ + +#ownpad_bar { + background: #333; + color: #999; + min-height: 25px; + padding: 6px 6px 6px 10px; +} +#ownpad_bar span { + opacity: 0; + transition: all 1s ease; + -o-transition: all 1s ease; + -moz-transition: all 1s ease; + -webkit-transition: all 1s ease; +} +#ownpad_bar:hover span { + opacity: 1; +} +#ownpad_bar a,#ownpad_bar strong { + color: #CCC; +} +#ownpad_close { + display: inline-block; + padding: 0 10px; + height: 20px; + background: #900; + color: #F5F5F5; + border-radius: 3px; + border: #C00 1px solid; + font-weight: 900; + float: right; +} +#ownpad_close:hover { + background: #C00; + color: #FFF; + border: #F00 1px solid; +} + +.icon-filetype-etherpad { + background-image: url("../img/etherpad-lite.ico"); + background-size: 16px; +} +.icon-filetype-ethercalc { + background-image: url("../img/ethercalc.ico"); + background-size: 16px; +} diff --git a/docker/nextcloud/custom_apps/ownpad/css/settings.css b/docker/nextcloud/custom_apps/ownpad/css/settings.css new file mode 100755 index 0000000..2ceb540 --- /dev/null +++ b/docker/nextcloud/custom_apps/ownpad/css/settings.css @@ -0,0 +1,30 @@ +/** + * Nextcloud - Ownpad + * + * This file is licensed under the Affero General Public License + * version 3 or later. See the COPYING file. + * + * @author Olivier Tétard + * @copyright Olivier Tétard , 2017 + */ + +#ownpad-saved-message { + margin: 15px 0; + display: none; +} + +#ownpad .indent { + padding-left: 28px; +} + +#ownpad .double-indent { + padding-left: 56px; +} + +input#ownpad_etherpad_host, +input#ownpad_ethercalc_host, +input#ownpad_etherpad_apikey, +input#ownpad_etherpad_cookie_domain +{ + width: 300px; +} diff --git a/docker/nextcloud/custom_apps/ownpad/img/LICENSE_ethercalc.txt b/docker/nextcloud/custom_apps/ownpad/img/LICENSE_ethercalc.txt new file mode 100755 index 0000000..b928145 --- /dev/null +++ b/docker/nextcloud/custom_apps/ownpad/img/LICENSE_ethercalc.txt @@ -0,0 +1,911 @@ +Files: ethercalc.ico + +SOCIALCALC LICENSE.txt FILE: + +========================================= + ABOUT THIS FILE +========================================= + +This file includes copies of the Common Public Attribution License (CPAL) and +the Artistic License 2.0. + +This product consists of components licensed under different licenses. +Check the contents of each file for a statement of the license for that file. +Files without license information are licensed under the Artistic License 2.0. + +====================================================== + COMMON PUBLIC ATTRIBUTION LICENSE VERSION 1.0 (CPAL) +====================================================== + +Common Public Attribution License Version 1.0 (CPAL) + +1. "Definitions" + +1.0.1 "Commercial Use" means distribution or otherwise making the Covered Code +available to a third party. + +1.1 "Contributor" means each entity that creates or contributes to the creation +of Modifications. + +1.2 "Contributor Version" means the combination of the Original Code, prior +Modifications used by a Contributor, and the Modifications made by that particular +Contributor. + +1.3 "Covered Code" means the Original Code or Modifications or the combination of +the Original Code and Modifications, in each case including portions thereof. + +1.4 "Electronic Distribution Mechanism" means a mechanism generally accepted in +the software development community for the electronic transfer of data. + +1.5 "Executable" means Covered Code in any form other than Source Code. + +1.6 "Initial Developer" means the individual or entity identified as the Initial +Developer in the Source Code notice required by Exhibit A. + +1.7 "Larger Work" means a work which combines Covered Code or portions thereof with +code not governed by the terms of this License. + +1.8 "License" means this document. + +1.8.1 "Licensable" means having the right to grant, to the maximum extent possible, +whether at the time of the initial grant or subsequently acquired, any and all of +the rights conveyed herein. + +1.9 "Modifications" means any addition to or deletion from the substance or structure +of either the Original Code or any previous Modifications. When Covered Code is +released as a series of files, a Modification is: + +A. Any addition to or deletion from the contents of a file containing Original Code +or previous Modifications. + +B. Any new file that contains any part of the Original Code or previous Modifications. + +1.10 "Original Code" means Source Code of computer software code which is described in +the Source Code notice required by Exhibit A as Original Code, and which, at the time +of its release under this License is not already Covered Code governed by this License. + +1.10.1 "Patent Claims" means any patent claim(s), now owned or hereafter acquired, +including without limitation, method, process, and apparatus claims, in any patent +Licensable by grantor. + +1.11 "Source Code" means the preferred form of the Covered Code for making modifications +to it, including all modules it contains, plus any associated interface definition files, +scripts used to control compilation and installation of an Executable, or source code +differential comparisons against either the Original Code or another well known, +available Covered Code of the Contributor’s choice. The Source Code can be in a compressed +or archival form, provided the appropriate decompression or de-archiving software is +widely available for no charge. + +1.12 "You" (or "Your") means an individual or a legal entity exercising rights under, and +complying with all of the terms of, this License or a future version of this License +issued under Section 6.1. For legal entities, "You" includes any entity which controls, +is controlled by, or is under common control with You. For purposes of this definition, +"control" means (a) the power, direct or indirect, to cause the direction or management +of such entity, whether by contract or otherwise, or (b) ownership of more than fifty +percent (50%) of the outstanding shares or beneficial ownership of such entity. + +2. Source Code License. + +2.1 The Initial Developer Grant. + +The Initial Developer hereby grants You a world-wide, royalty-free, non-exclusive +license, subject to third party intellectual property claims: + +(a) under intellectual property rights (other than patent or trademark) Licensable by +Initial Developer to use, reproduce, modify, display, perform, sublicense and distribute +the Original Code (or portions thereof) with or without Modifications, and/or as part +of a Larger Work; and + +(b) under Patents Claims infringed by the making, using or selling of Original Code, to +make, have made, use, practice, sell, and offer for sale, and/or otherwise dispose of +the Original Code (or portions thereof). + +(c) the licenses granted in this Section 2.1(a) and (b) are effective on the date +Initial Developer first distributes Original Code under the terms of this License. + +(d) Notwithstanding Section 2.1(b) above, no patent license is granted: 1) for code +that You delete from the Original Code; 2) separate from the Original Code; or 3) for +infringements caused by: i) the modification of the Original Code or ii) the combination +of the Original Code with other software or devices. + +2.2 Contributor Grant. + +Subject to third party intellectual property claims, each Contributor hereby grants You +a world-wide, royalty-free, non-exclusive license + +(a) under intellectual property rights (other than patent or trademark) Licensable by +Contributor, to use, reproduce, modify, display, perform, sublicense and distribute +the Modifications created by such Contributor (or portions thereof) either on an +unmodified basis, with other Modifications, as Covered Code and/or as part of a Larger +Work; and + +(b) under Patent Claims infringed by the making, using, or selling of Modifications +made by that Contributor either alone and/or in combination with its Contributor +Version (or portions of such combination), to make, use, sell, offer for sale, have +made, and/or otherwise dispose of: 1) Modifications made by that Contributor (or +portions thereof); and 2) the combination of Modifications made by that Contributor +with its Contributor Version (or portions of such combination). + +(c) the licenses granted in Sections 2.2(a) and 2.2(b) are effective on the date +Contributor first makes Commercial Use of the Covered Code. + +(d) Notwithstanding Section 2.2(b) above, no patent license is granted: 1) for any code +that Contributor has deleted from the Contributor Version; 2) separate from the +Contributor Version; 3) for infringements caused by: i) third party modifications of +Contributor Version or ii) the combination of Modifications made by that Contributor +with other software (except as part of the Contributor Version) or other devices; or +4) under Patent Claims infringed by Covered Code in the absence of Modifications made +by that Contributor. + +3. Distribution Obligations. + +3.1 Application of License. + +The Modifications which You create or to which You contribute are governed by the terms +of this License, including without limitation Section 2.2. The Source Code version of +Covered Code may be distributed only under the terms of this License or a future version +of this License released under Section 6.1, and You must include a copy of this License +with every copy of the Source Code You distribute. You may not offer or impose any terms +on any Source Code version that alters or restricts the applicable version of this License +or the recipients’ rights hereunder. However, You may include an additional document +offering the additional rights described in Section 3.5. + +3.2 Availability of Source Code. + +Any Modification which You create or to which You contribute must be made available in +Source Code form under the terms of this License either on the same media as an Executable +version or via an accepted Electronic Distribution Mechanism to anyone to whom you made +an Executable version available; and if made available via Electronic Distribution +Mechanism, must remain available for at least twelve (12) months after the date it +initially became available, or at least six (6) months after a subsequent version of that +particular Modification has been made available to such recipients. You are responsible +for ensuring that the Source Code version remains available even if the Electronic +Distribution Mechanism is maintained by a third party. + +3.3 Description of Modifications. + +You must cause all Covered Code to which You contribute to contain a file documenting the +changes You made to create that Covered Code and the date of any change. You must include +a prominent statement that the Modification is derived, directly or indirectly, from +Original Code provided by the Initial Developer and including the name of the Initial +Developer in (a) the Source Code, and (b) in any notice in an Executable version or +related documentation in which You describe the origin or ownership of the Covered Code. + +3.4 Intellectual Property Matters + +(a) Third Party Claims. + +If Contributor has knowledge that a license under a third party’s intellectual property +rights is required to exercise the rights granted by such Contributor under Sections 2.1 +or 2.2, Contributor must include a text file with the Source Code distribution titled "LEGAL" +which describes the claim and the party making the claim in sufficient detail that a +recipient will know whom to contact. If Contributor obtains such knowledge after the +Modification is made available as described in Section 3.2, Contributor shall promptly +modify the LEGAL file in all copies Contributor makes available thereafter and shall take +other steps (such as notifying appropriate mailing lists or newsgroups) reasonably +calculated to inform those who received the Covered Code that new knowledge has been obtained. + +(b) Contributor APIs. + +If Contributor’s Modifications include an application programming interface and Contributor +has knowledge of patent licenses which are reasonably necessary to implement that API, +Contributor must also include this information in the LEGAL file. + +(c) Representations. + +Contributor represents that, except as disclosed pursuant to Section 3.4(a) above, Contributor +believes that Contributor’s Modifications are Contributor’s original creation(s) and/or +Contributor has sufficient rights to grant the rights conveyed by this License. + +3.5 Required Notices. + +You must duplicate the notice in Exhibit A in each file of the Source Code. If it is not +possible to put such notice in a particular Source Code file due to its structure, then +You must include such notice in a location (such as a relevant directory) where a user +would be likely to look for such a notice. If You created one or more Modification(s) +You may add your name as a Contributor to the notice described in Exhibit A. You must +also duplicate this License in any documentation for the Source Code where You describe +recipients’ rights or ownership rights relating to Covered Code. You may choose to offer, +and to charge a fee for, warranty, support, indemnity or liability obligations to one or +more recipients of Covered Code. However, You may do so only on Your own behalf, and not +on behalf of the Initial Developer or any Contributor. You must make it absolutely clear +than any such warranty, support, indemnity or liability obligation is offered by You alone, +and You hereby agree to indemnify the Initial Developer and every Contributor for any +liability incurred by the Initial Developer or such Contributor as a result of warranty, +support, indemnity or liability terms You offer. + +3.6 Distribution of Executable Versions. + +You may distribute Covered Code in Executable form only if the requirements of Section +3.1-3.5 have been met for that Covered Code, and if You include a notice stating that the +Source Code version of the Covered Code is available under the terms of this License, +including a description of how and where You have fulfilled the obligations of Section +3.2. The notice must be conspicuously included in any notice in an Executable version, +related documentation or collateral in which You describe recipients’ rights relating to +the Covered Code. You may distribute the Executable version of Covered Code or ownership +rights under a license of Your choice, which may contain terms different from this License, +provided that You are in compliance with the terms of this License and that the license for +the Executable version does not attempt to limit or alter the recipient’s rights in the +Source Code version from the rights set forth in this License. If You distribute the +Executable version under a different license You must make it absolutely clear that any +terms which differ from this License are offered by You alone, not by the Initial Developer, +Original Developer or any Contributor. You hereby agree to indemnify the Initial Developer, +Original Developer and every Contributor for any liability incurred by the Initial Developer, +Original Developer or such Contributor as a result of any such terms You offer. + +3.7 Larger Works. + +You may create a Larger Work by combining Covered Code with other code not governed by the +terms of this License and distribute the Larger Work as a single product. In such a case, You +must make sure the requirements of this License are fulfilled for the Covered Code. + +4. Inability to Comply Due to Statute or Regulation. + +If it is impossible for You to comply with any of the terms of this License with respect to +some or all of the Covered Code due to statute, judicial order, or regulation then You must: +(a) comply with the terms of this License to the maximum extent possible; and (b) describe the +limitations and the code they affect. Such description must be included in the LEGAL file +described in Section 3.4 and must be included with all distributions of the Source Code. +Except to the extent prohibited by statute or regulation, such description must be +sufficiently detailed for a recipient of ordinary skill to be able to understand it. + +5. Application of this License. + +This License applies to code to which the Initial Developer has attached the notice in Exhibit +A and to related Covered Code. + +6. Versions of the License. + +6.1 New Versions. + +Socialtext, Inc. ("Socialtext") may publish revised and/or new versions of the License from +time to time. Each version will be given a distinguishing version number. + +6.2 Effect of New Versions. + +Once Covered Code has been published under a particular version of the License, You may always +continue to use it under the terms of that version. You may also choose to use such Covered +Code under the terms of any subsequent version of the License published by Socialtext. No one +other than Socialtext has the right to modify the terms applicable to Covered Code created +under this License. + +6.3 Derivative Works. + +If You create or use a modified version of this License (which you may only do in order to +apply it to code which is not already Covered Code governed by this License), You must (a) +rename Your license so that the phrases "Socialtext", "CPAL" or any confusingly similar phrase +do not appear in your license (except to note that your license differs from this License) and +(b) otherwise make it clear that Your version of the license contains terms which differ from +the CPAL. (Filling in the name of the Initial Developer, Original Developer, Original Code or +Contributor in the notice described in Exhibit A shall not of themselves be deemed to be +modifications of this License.) + +7. DISCLAIMER OF WARRANTY. + +COVERED CODE IS PROVIDED UNDER THIS LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTY OF ANY KIND, +EITHER EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, WARRANTIES THAT THE COVERED CODE IS +FREE OF DEFECTS, MERCHANTABLE, FIT FOR A PARTICULAR PURPOSE OR NON-INFRINGING. THE ENTIRE RISK +AS TO THE QUALITY AND PERFORMANCE OF THE COVERED CODE IS WITH YOU. SHOULD ANY COVERED CODE PROVE +DEFECTIVE IN ANY RESPECT, YOU (NOT THE INITIAL DEVELOPER, ORIGINAL DEVELOPER OR ANY OTHER +CONTRIBUTOR) ASSUME THE COST OF ANY NECESSARY SERVICING, REPAIR OR CORRECTION. THIS DISCLAIMER +OF WARRANTY CONSTITUTES AN ESSENTIAL PART OF THIS LICENSE. NO USE OF ANY COVERED CODE IS +AUTHORIZED HEREUNDER EXCEPT UNDER THIS DISCLAIMER. + +8. TERMINATION. + +8.1 This License and the rights granted hereunder will terminate automatically if You fail to +comply with terms herein and fail to cure such breach within 30 days of becoming aware of the +breach. All sublicenses to the Covered Code which are properly granted shall survive any +termination of this License. Provisions which, by their nature, must remain in effect beyond +the termination of this License shall survive. + +8.2 If You initiate litigation by asserting a patent infringement claim (excluding declatory +judgment actions) against Initial Developer, Original Developer or a Contributor (the Initial +Developer, Original Developer or Contributor against whom You file such action is referred to +as "Participant") alleging that: + +(a) such Participant’s Contributor Version directly or indirectly infringes any patent, then +any and all rights granted by such Participant to You under Sections 2.1 and/or 2.2 of this +License shall, upon 60 days notice from Participant terminate prospectively, unless if within +60 days after receipt of notice You either: (i) agree in writing to pay Participant a mutually +agreeable reasonable royalty for Your past and future use of Modifications made by such +Participant, or (ii) withdraw Your litigation claim with respect to the Contributor Version +against such Participant. If within 60 days of notice, a reasonable royalty and payment +arrangement are not mutually agreed upon in writing by the parties or the litigation claim is +not withdrawn, the rights granted by Participant to You under Sections 2.1 and/or 2.2 +automatically terminate at the expiration of the 60 day notice period specified above. + +(b) any software, hardware, or device, other than such Participant’s Contributor Version, +directly or indirectly infringes any patent, then any rights granted to You by such Participant +under Sections 2.1(b) and 2.2(b) are revoked effective as of the date You first made, used, +sold, distributed, or had made, Modifications made by that Participant. + +8.3 If You assert a patent infringement claim against Participant alleging that such +Participant’s Contributor Version directly or indirectly infringes any patent where such claim +is resolved (such as by license or settlement) prior to the initiation of patent infringement +litigation, then the reasonable value of the licenses granted by such Participant under Sections +2.1 or 2.2 shall be taken into account in determining the amount or value of any payment or +license. + +8.4 In the event of termination under Sections 8.1 or 8.2 above, all end user license agreements +(excluding distributors and resellers) which have been validly granted by You or any distributor +hereunder prior to termination shall survive termination. + +9. LIMITATION OF LIABILITY. + +UNDER NO CIRCUMSTANCES AND UNDER NO LEGAL THEORY, WHETHER TORT (INCLUDING NEGLIGENCE), CONTRACT, +OR OTHERWISE, SHALL YOU, THE INITIAL DEVELOPER, ORIGINAL DEVELOPER, ANY OTHER CONTRIBUTOR, OR +ANY DISTRIBUTOR OF COVERED CODE, OR ANY SUPPLIER OF ANY OF SUCH PARTIES, BE LIABLE TO ANY PERSON +FOR ANY INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES OF ANY CHARACTER INCLUDING, +WITHOUT LIMITATION, DAMAGES FOR LOSS OF GOODWILL, WORK STOPPAGE, COMPUTER FAILURE OR MALFUNCTION, +OR ANY AND ALL OTHER COMMERCIAL DAMAGES OR LOSSES, EVEN IF SUCH PARTY SHALL HAVE BEEN INFORMED OF +THE POSSIBILITY OF SUCH DAMAGES. THIS LIMITATION OF LIABILITY SHALL NOT APPLY TO LIABILITY FOR +DEATH OR PERSONAL INJURY RESULTING FROM SUCH PARTY’S NEGLIGENCE TO THE EXTENT APPLICABLE LAW +PROHIBITS SUCH LIMITATION. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR LIMITATION OF +INCIDENTAL OR CONSEQUENTIAL DAMAGES, SO THIS EXCLUSION AND LIMITATION MAY NOT APPLY TO YOU. + +10. U.S. GOVERNMENT END USERS. + +The Covered Code is a "commercial item," as that term is defined in 48 C.F.R. 2.101 (Oct. 1995), +consisting of "commercial computer software" and "commercial computer software documentation," as +such terms are used in 48 C.F.R. 12.212 (Sept. 1995). Consistent with 48 C.F.R. 12.212 and 48 +C.F.R. 227.7202-1 through 227.7202-4 (June 1995), all U.S. Government End Users acquire Covered +Code with only those rights set forth herein. + +11. MISCELLANEOUS. + +This License represents the complete agreement concerning subject matter hereof. If any provision +of this License is held to be unenforceable, such provision shall be reformed only to the extent +necessary to make it enforceable. This License shall be governed by California law provisions +(except to the extent applicable law, if any, provides otherwise), excluding its conflict-of-law +provisions. With respect to disputes in which at least one party is a citizen of, or an entity +chartered or registered to do business in the United States of America, any litigation relating to +this License shall be subject to the jurisdiction of the Federal Courts of the Northern District +of California, with venue lying in Santa Clara County, California, with the losing party +responsible for costs, including without limitation, court costs and reasonable attorneys’ fees +and expenses. The application of the United Nations Convention on Contracts for the International +Sale of Goods is expressly excluded. Any law or regulation which provides that the language of a +contract shall be construed against the drafter shall not apply to this License. + +12. RESPONSIBILITY FOR CLAIMS. + +As between Initial Developer, Original Developer and the Contributors, each party is responsible +for claims and damages arising, directly or indirectly, out of its utilization of rights under +this License and You agree to work with Initial Developer, Original Developer and Contributors to +distribute such responsibility on an equitable basis. Nothing herein is intended or shall be +deemed to constitute any admission of liability. + +13. MULTIPLE-LICENSED CODE. + +Initial Developer may designate portions of the Covered Code as Multiple-Licensed. +Multiple-Licensed means that the Initial Developer permits you to utilize portions of the Covered +Code under Your choice of the CPAL or the alternative licenses, if any, specified by the Initial +Developer in the file described in Exhibit A. + +14. ADDITIONAL TERM: ATTRIBUTION + +(a) As a modest attribution to the organizer of the development of the Original Code ("Original +Developer"), in the hope that its promotional value may help justify the time, money and effort +invested in writing the Original Code, the Original Developer may include in Exhibit B +("Attribution Information") a requirement that each time an Executable and Source Code or a Larger +Work is launched or initially run (which includes initiating a session), a prominent display of +the Original Developer’s Attribution Information (as defined below) must occur on the graphic user +interface employed by the end user to access such Covered Code (which may include display on a +splash screen), if any. The size of the graphic image should be consistent with the size of the +other elements of the Attribution Information. If the access by the end user to the Executable and +Source Code does not create a graphic user interface for access to the Covered Code, this +obligation shall not apply. If the Original Code displays such Attribution Information in a +particular form (such as in the form of a splash screen, notice at login, an "about" display, or +dedicated attribution area on user interface screens), continued use of such form for that +Attribution Information is one way of meeting this requirement for notice. + +(b) Attribution information may only include a copyright notice, a brief phrase, graphic image and +a URL ("Attribution Information") and is subject to the Attribution Limits as defined below. For +these purposes, prominent shall mean display for sufficient duration to give reasonable notice to +the user of the identity of the Original Developer and that if You include Attribution Information +or similar information for other parties, You must ensure that the Attribution Information for the +Original Developer shall be no less prominent than such Attribution Information or similar +information for the other party. For greater certainty, the Original Developer may choose to +specify in Exhibit B below that the above attribution requirement only applies to an Executable +and Source Code resulting from the Original Code or any Modification, but not a Larger Work. The +intent is to provide for reasonably modest attribution, therefore the Original Developer cannot +require that You display, at any time, more than the following information as Attribution +Information: (a) a copyright notice including the name of the Original Developer; (b) a word or +one phrase (not exceeding 10 words); (c) one graphic image provided by the Original Developer; and +(d) a URL (collectively, the "Attribution Limits"). + +(c) If Exhibit B does not include any Attribution Information, then there are no requirements for +You to display any Attribution Information of the Original Developer. + +(d) You acknowledge that all trademarks, service marks and/or trade names contained within the +Attribution Information distributed with the Covered Code are the exclusive property of their +owners and may only be used with the permission of their owners, or under circumstances otherwise +permitted by law or as expressly set out in this License. + +15. ADDITIONAL TERM: NETWORK USE. +The term "External Deployment" means the use, distribution, or communication of the Original Code +or Modifications in any way such that the Original Code or Modifications may be used by anyone +other than You, whether those works are distributed or communicated to those persons or made +available as an application intended for use over a network. As an express condition for the grants +of license hereunder, You must treat any External Deployment by You of the Original Code or +Modifications as a distribution under section 3.1 and make Source Code available under Section 3.2. + +EXHIBIT A. Common Public Attribution License Version 1.0. + +"The contents of this file are subject to the Common Public Attribution License Version 1.0 (the +"License"); you may not use this file except in compliance with the License. You may obtain a copy +of the License at _____________. The License is based on the Mozilla Public License Version 1.1 but +Sections 14 and 15 have been added to cover use of software over a computer network and provide for +limited attribution for the Original Developer. In addition, Exhibit A has been modified to be +consistent with Exhibit B. + +Software distributed under the License is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY +KIND, either express or implied. See the License for the specific language governing rights and +limitations under the License. + +The Original Code is______________________. + +The Original Developer is not the Initial Developer and is __________. If left blank, the Original +Developer is the Initial Developer. + +The Initial Developer of the Original Code is ____________. All portions of the code written by +___________ are Copyright (c) _____. All Rights Reserved. + +Contributor ______________________. + +Alternatively, the contents of this file may be used under the terms of the _____ license (the +[___] License), in which case the provisions of [______] License are applicable instead of those +above. + +If you wish to allow use of your version of this file only under the terms of the [____] License +and not to allow others to use your version of this file under the CPAL, indicate your decision by +deleting the provisions above and replace them with the notice and other provisions required by +the [___] License. If you do not delete the provisions above, a recipient may use your version of +this file under either the CPAL or the [___] License." + +[NOTE: The text of this Exhibit A may differ slightly from the text of the notices in the Source +Code files of the Original Code. You should use the text of this Exhibit A rather than the text +found in the Original Code Source Code for Your Modifications.] + +EXHIBIT B. Attribution Information + +When the TableEditor is producing and/or controlling the display the Graphic Image must be +displayed on the screen visible to the user in a manner comparable to that in the +Original Code. The Attribution Phrase must be displayed as a "tooltip" or "hover-text" for +that image. The image must be linked to the Attribution URL so as to access that page +when clicked. If the user interface includes a prominent "about" display which includes +factual prominent attribution in a form similar to that in the "about" display included +with the Original Code, including Socialtext copyright notices and URLs, then the image +need not be linked to the Attribution URL but the "tool-tip" is still required. + +Attribution Copyright Notice: + + Copyright (C) 2009 Socialtext, Inc. + All Rights Reserved. + +Attribution Phrase (not exceeding 10 words): SocialCalc + +Attribution URL: http://www.socialcalc.org + +Graphic Image: The contents of the sc-logo.gif file in the Original Code or +a suitable replacement from http://www.socialcalc.org/licenses specified as +being for SocialCalc. + +Display of Attribution Information is required in Larger Works which are defined +in the CPAL as a work which combines Covered Code or portions thereof with code +not governed by the terms of the CPAL. + + +========================================= + THE ARTISTIC LICENSE 2.0 +========================================= + + The Artistic License 2.0 + + Copyright (c) 2000-2006, The Perl Foundation. + + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + +Preamble + +This license establishes the terms under which a given free software +Package may be copied, modified, distributed, and/or redistributed. +The intent is that the Copyright Holder maintains some artistic +control over the development of that Package while still keeping the +Package available as open source and free software. + +You are always permitted to make arrangements wholly outside of this +license directly with the Copyright Holder of a given Package. If the +terms of this license do not permit the full use that you propose to +make of the Package, you should contact the Copyright Holder and seek +a different licensing arrangement. + +Definitions + + "Copyright Holder" means the individual(s) or organization(s) + named in the copyright notice for the entire Package. + + "Contributor" means any party that has contributed code or other + material to the Package, in accordance with the Copyright Holder's + procedures. + + "You" and "your" means any person who would like to copy, + distribute, or modify the Package. + + "Package" means the collection of files distributed by the + Copyright Holder, and derivatives of that collection and/or of + those files. A given Package may consist of either the Standard + Version, or a Modified Version. + + "Distribute" means providing a copy of the Package or making it + accessible to anyone else, or in the case of a company or + organization, to others outside of your company or organization. + + "Distributor Fee" means any fee that you charge for Distributing + this Package or providing support for this Package to another + party. It does not mean licensing fees. + + "Standard Version" refers to the Package if it has not been + modified, or has been modified only in ways explicitly requested + by the Copyright Holder. + + "Modified Version" means the Package, if it has been changed, and + such changes were not explicitly requested by the Copyright + Holder. + + "Original License" means this Artistic License as Distributed with + the Standard Version of the Package, in its current version or as + it may be modified by The Perl Foundation in the future. + + "Source" form means the source code, documentation source, and + configuration files for the Package. + + "Compiled" form means the compiled bytecode, object code, binary, + or any other form resulting from mechanical transformation or + translation of the Source form. + + +Permission for Use and Modification Without Distribution + +(1) You are permitted to use the Standard Version and create and use +Modified Versions for any purpose without restriction, provided that +you do not Distribute the Modified Version. + + +Permissions for Redistribution of the Standard Version + +(2) You may Distribute verbatim copies of the Source form of the +Standard Version of this Package in any medium without restriction, +either gratis or for a Distributor Fee, provided that you duplicate +all of the original copyright notices and associated disclaimers. At +your discretion, such verbatim copies may or may not include a +Compiled form of the Package. + +(3) You may apply any bug fixes, portability changes, and other +modifications made available from the Copyright Holder. The resulting +Package will still be considered the Standard Version, and as such +will be subject to the Original License. + + +Distribution of Modified Versions of the Package as Source + +(4) You may Distribute your Modified Version as Source (either gratis +or for a Distributor Fee, and with or without a Compiled form of the +Modified Version) provided that you clearly document how it differs +from the Standard Version, including, but not limited to, documenting +any non-standard features, executables, or modules, and provided that +you do at least ONE of the following: + + (a) make the Modified Version available to the Copyright Holder + of the Standard Version, under the Original License, so that the + Copyright Holder may include your modifications in the Standard + Version. + + (b) ensure that installation of your Modified Version does not + prevent the user installing or running the Standard Version. In + addition, the Modified Version must bear a name that is different + from the name of the Standard Version. + + (c) allow anyone who receives a copy of the Modified Version to + make the Source form of the Modified Version available to others + under + + (i) the Original License or + + (ii) a license that permits the licensee to freely copy, + modify and redistribute the Modified Version using the same + licensing terms that apply to the copy that the licensee + received, and requires that the Source form of the Modified + Version, and of any works derived from it, be made freely + available in that license fees are prohibited but Distributor + Fees are allowed. + + +Distribution of Compiled Forms of the Standard Version +or Modified Versions without the Source + +(5) You may Distribute Compiled forms of the Standard Version without +the Source, provided that you include complete instructions on how to +get the Source of the Standard Version. Such instructions must be +valid at the time of your distribution. If these instructions, at any +time while you are carrying out such distribution, become invalid, you +must provide new instructions on demand or cease further distribution. +If you provide valid instructions or cease distribution within thirty +days after you become aware that the instructions are invalid, then +you do not forfeit any of your rights under this license. + +(6) You may Distribute a Modified Version in Compiled form without +the Source, provided that you comply with Section 4 with respect to +the Source of the Modified Version. + + +Aggregating or Linking the Package + +(7) You may aggregate the Package (either the Standard Version or +Modified Version) with other packages and Distribute the resulting +aggregation provided that you do not charge a licensing fee for the +Package. Distributor Fees are permitted, and licensing fees for other +components in the aggregation are permitted. The terms of this license +apply to the use and Distribution of the Standard or Modified Versions +as included in the aggregation. + +(8) You are permitted to link Modified and Standard Versions with +other works, to embed the Package in a larger work of your own, or to +build stand-alone binary or bytecode versions of applications that +include the Package, and Distribute the result without restriction, +provided the result does not expose a direct interface to the Package. + + +Items That are Not Considered Part of a Modified Version + +(9) Works (including, but not limited to, modules and scripts) that +merely extend or make use of the Package, do not, by themselves, cause +the Package to be a Modified Version. In addition, such works are not +considered parts of the Package itself, and are not subject to the +terms of this license. + + +General Provisions + +(10) Any use, modification, and distribution of the Standard or +Modified Versions is governed by this Artistic License. By using, +modifying or distributing the Package, you accept this license. Do not +use, modify, or distribute the Package, if you do not accept this +license. + +(11) If your Modified Version has been derived from a Modified +Version made by someone other than you, you are nevertheless required +to ensure that your Modified Version complies with the requirements of +this license. + +(12) This license does not grant you the right to use any trademark, +service mark, tradename, or logo of the Copyright Holder. + +(13) This license includes the non-exclusive, worldwide, +free-of-charge patent license to make, have made, use, offer to sell, +sell, import and otherwise transfer the Package with respect to any +patent claims licensable by the Copyright Holder that are necessarily +infringed by the Package. If you institute patent litigation +(including a cross-claim or counterclaim) against any party alleging +that the Package constitutes direct or contributory patent +infringement, then this Artistic License to you shall terminate on the +date that such litigation is filed. + +(14) Disclaimer of Warranty: +THE PACKAGE IS PROVIDED BY THE COPYRIGHT HOLDER AND CONTRIBUTORS "AS +IS" AND WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES. THE IMPLIED +WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR +NON-INFRINGEMENT ARE DISCLAIMED TO THE EXTENT PERMITTED BY YOUR LOCAL +LAW. UNLESS REQUIRED BY LAW, NO COPYRIGHT HOLDER OR CONTRIBUTOR WILL +BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, OR CONSEQUENTIAL +DAMAGES ARISING IN ANY WAY OUT OF THE USE OF THE PACKAGE, EVEN IF +ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +[End of LICENSE.txt] + +Includes third-party code from etherpad-lite licensed under the Apache license. + +Apache license + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright 2013 THE ETHERPAD FOUNDATION + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/docker/nextcloud/custom_apps/ownpad/img/LICENSE_etherpad-lite.txt b/docker/nextcloud/custom_apps/ownpad/img/LICENSE_etherpad-lite.txt new file mode 100755 index 0000000..0718bd2 --- /dev/null +++ b/docker/nextcloud/custom_apps/ownpad/img/LICENSE_etherpad-lite.txt @@ -0,0 +1,203 @@ +Files: etherpad-lite.ico + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright 2013 THE ETHERPAD FOUNDATION + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/docker/nextcloud/custom_apps/ownpad/img/ethercalc.ico b/docker/nextcloud/custom_apps/ownpad/img/ethercalc.ico new file mode 100755 index 0000000..7a97397 Binary files /dev/null and b/docker/nextcloud/custom_apps/ownpad/img/ethercalc.ico differ diff --git a/docker/nextcloud/custom_apps/ownpad/img/etherpad-lite.ico b/docker/nextcloud/custom_apps/ownpad/img/etherpad-lite.ico new file mode 100755 index 0000000..938e955 Binary files /dev/null and b/docker/nextcloud/custom_apps/ownpad/img/etherpad-lite.ico differ diff --git a/docker/nextcloud/custom_apps/ownpad/js/ownpad.js b/docker/nextcloud/custom_apps/ownpad/js/ownpad.js new file mode 100755 index 0000000..5b5d25c --- /dev/null +++ b/docker/nextcloud/custom_apps/ownpad/js/ownpad.js @@ -0,0 +1,182 @@ +/** + * Nextcloud - Ownpad + * + * This file is licensed under the Affero General Public License + * version 3 or later. See the COPYING file. + * + * @author Olivier Tétard + * @copyright Olivier Tétard , 2017 + */ + +(function(OCA) { + OCA.FilesOwnpad = { + attach: function(fileList) { + this._extendFileActions(fileList.fileActions); + }, + + hide: function() { + $('#ownpad').remove(); + FileList.setViewerMode(false); + + // replace the controls with our own + $('#app-content #controls').removeClass('hidden'); + }, + + show: function(fileName, dirName) { + var self = this; + var $iframe; + + var viewer = OC.generateUrl('/apps/ownpad/?file={file}&dir={dir}', {file: fileName, dir: dirName}); + + $iframe = $(' + + diff --git a/docker/nextcloud/custom_apps/user_saml/3rdparty/composer.json b/docker/nextcloud/custom_apps/user_saml/3rdparty/composer.json new file mode 100644 index 0000000..8735f1f --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/3rdparty/composer.json @@ -0,0 +1,10 @@ +{ + "config": { + "optimize-autoloader": true, + "classmap-authoritative": true + }, + "require": { + "onelogin/php-saml": "^3.0", + "firebase/php-jwt": "^4.0" + } +} diff --git a/docker/nextcloud/custom_apps/user_saml/3rdparty/composer.lock b/docker/nextcloud/custom_apps/user_saml/3rdparty/composer.lock new file mode 100644 index 0000000..64e9ef9 --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/3rdparty/composer.lock @@ -0,0 +1,150 @@ +{ + "_readme": [ + "This file locks the dependencies of your project to a known state", + "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", + "This file is @generated automatically" + ], + "content-hash": "f3e661f8388070704bd9b01b48752bf0", + "packages": [ + { + "name": "firebase/php-jwt", + "version": "v4.0.0", + "source": { + "type": "git", + "url": "https://github.com/firebase/php-jwt.git", + "reference": "dccf163dc8ed7ed6a00afc06c51ee5186a428d35" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/firebase/php-jwt/zipball/dccf163dc8ed7ed6a00afc06c51ee5186a428d35", + "reference": "dccf163dc8ed7ed6a00afc06c51ee5186a428d35", + "shasum": "" + }, + "require": { + "php": ">=5.3.0" + }, + "type": "library", + "autoload": { + "psr-4": { + "Firebase\\JWT\\": "src" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "BSD-3-Clause" + ], + "authors": [ + { + "name": "Neuman Vong", + "email": "neuman+pear@twilio.com", + "role": "Developer" + }, + { + "name": "Anant Narayanan", + "email": "anant@php.net", + "role": "Developer" + } + ], + "description": "A simple library to encode and decode JSON Web Tokens (JWT) in PHP. Should conform to the current spec.", + "homepage": "https://github.com/firebase/php-jwt", + "time": "2016-07-18T04:51:16+00:00" + }, + { + "name": "onelogin/php-saml", + "version": "3.4.1", + "source": { + "type": "git", + "url": "https://github.com/onelogin/php-saml.git", + "reference": "5fbf3486704ac9835b68184023ab54862c95f213" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/onelogin/php-saml/zipball/5fbf3486704ac9835b68184023ab54862c95f213", + "reference": "5fbf3486704ac9835b68184023ab54862c95f213", + "shasum": "" + }, + "require": { + "php": ">=5.4", + "robrichards/xmlseclibs": ">=3.0.4" + }, + "require-dev": { + "pdepend/pdepend": "^2.5.0", + "php-coveralls/php-coveralls": "^1.0.2 || ^2.0", + "phploc/phploc": "^2.1 || ^3.0 || ^4.0", + "phpunit/phpunit": "^4.8.35 || ^5.7 || ^6.5 || ^7.1", + "sebastian/phpcpd": "^2.0 || ^3.0 || ^4.0", + "squizlabs/php_codesniffer": "^3.1.1" + }, + "suggest": { + "ext-curl": "Install curl lib to be able to use the IdPMetadataParser for parsing remote XMLs", + "ext-gettext": "Install gettext and php5-gettext libs to handle translations", + "ext-openssl": "Install openssl lib in order to handle with x509 certs (require to support sign and encryption)" + }, + "type": "library", + "autoload": { + "psr-4": { + "OneLogin\\": "src/" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "description": "OneLogin PHP SAML Toolkit", + "homepage": "https://developers.onelogin.com/saml/php", + "keywords": [ + "SAML2", + "onelogin", + "saml" + ], + "time": "2019-11-25T17:30:07+00:00" + }, + { + "name": "robrichards/xmlseclibs", + "version": "3.1.1", + "source": { + "type": "git", + "url": "https://github.com/robrichards/xmlseclibs.git", + "reference": "f8f19e58f26cdb42c54b214ff8a820760292f8df" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/robrichards/xmlseclibs/zipball/f8f19e58f26cdb42c54b214ff8a820760292f8df", + "reference": "f8f19e58f26cdb42c54b214ff8a820760292f8df", + "shasum": "" + }, + "require": { + "ext-openssl": "*", + "php": ">= 5.4" + }, + "type": "library", + "autoload": { + "psr-4": { + "RobRichards\\XMLSecLibs\\": "src" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "BSD-3-Clause" + ], + "description": "A PHP library for XML Security", + "homepage": "https://github.com/robrichards/xmlseclibs", + "keywords": [ + "security", + "signature", + "xml", + "xmldsig" + ], + "time": "2020-09-05T13:00:25+00:00" + } + ], + "packages-dev": [], + "aliases": [], + "minimum-stability": "stable", + "stability-flags": [], + "prefer-stable": false, + "prefer-lowest": false, + "platform": [], + "platform-dev": [], + "plugin-api-version": "1.1.0" +} diff --git a/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/autoload.php b/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/autoload.php new file mode 100644 index 0000000..0c178cd --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/autoload.php @@ -0,0 +1,7 @@ + + * Jordi Boggiano + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Composer\Autoload; + +/** + * ClassLoader implements a PSR-0, PSR-4 and classmap class loader. + * + * $loader = new \Composer\Autoload\ClassLoader(); + * + * // register classes with namespaces + * $loader->add('Symfony\Component', __DIR__.'/component'); + * $loader->add('Symfony', __DIR__.'/framework'); + * + * // activate the autoloader + * $loader->register(); + * + * // to enable searching the include path (eg. for PEAR packages) + * $loader->setUseIncludePath(true); + * + * In this example, if you try to use a class in the Symfony\Component + * namespace or one of its children (Symfony\Component\Console for instance), + * the autoloader will first look for the class under the component/ + * directory, and it will then fallback to the framework/ directory if not + * found before giving up. + * + * This class is loosely based on the Symfony UniversalClassLoader. + * + * @author Fabien Potencier + * @author Jordi Boggiano + * @see https://www.php-fig.org/psr/psr-0/ + * @see https://www.php-fig.org/psr/psr-4/ + */ +class ClassLoader +{ + private $vendorDir; + + // PSR-4 + private $prefixLengthsPsr4 = array(); + private $prefixDirsPsr4 = array(); + private $fallbackDirsPsr4 = array(); + + // PSR-0 + private $prefixesPsr0 = array(); + private $fallbackDirsPsr0 = array(); + + private $useIncludePath = false; + private $classMap = array(); + private $classMapAuthoritative = false; + private $missingClasses = array(); + private $apcuPrefix; + + private static $registeredLoaders = array(); + + public function __construct($vendorDir = null) + { + $this->vendorDir = $vendorDir; + } + + public function getPrefixes() + { + if (!empty($this->prefixesPsr0)) { + return call_user_func_array('array_merge', array_values($this->prefixesPsr0)); + } + + return array(); + } + + public function getPrefixesPsr4() + { + return $this->prefixDirsPsr4; + } + + public function getFallbackDirs() + { + return $this->fallbackDirsPsr0; + } + + public function getFallbackDirsPsr4() + { + return $this->fallbackDirsPsr4; + } + + public function getClassMap() + { + return $this->classMap; + } + + /** + * @param array $classMap Class to filename map + */ + public function addClassMap(array $classMap) + { + if ($this->classMap) { + $this->classMap = array_merge($this->classMap, $classMap); + } else { + $this->classMap = $classMap; + } + } + + /** + * Registers a set of PSR-0 directories for a given prefix, either + * appending or prepending to the ones previously set for this prefix. + * + * @param string $prefix The prefix + * @param array|string $paths The PSR-0 root directories + * @param bool $prepend Whether to prepend the directories + */ + public function add($prefix, $paths, $prepend = false) + { + if (!$prefix) { + if ($prepend) { + $this->fallbackDirsPsr0 = array_merge( + (array) $paths, + $this->fallbackDirsPsr0 + ); + } else { + $this->fallbackDirsPsr0 = array_merge( + $this->fallbackDirsPsr0, + (array) $paths + ); + } + + return; + } + + $first = $prefix[0]; + if (!isset($this->prefixesPsr0[$first][$prefix])) { + $this->prefixesPsr0[$first][$prefix] = (array) $paths; + + return; + } + if ($prepend) { + $this->prefixesPsr0[$first][$prefix] = array_merge( + (array) $paths, + $this->prefixesPsr0[$first][$prefix] + ); + } else { + $this->prefixesPsr0[$first][$prefix] = array_merge( + $this->prefixesPsr0[$first][$prefix], + (array) $paths + ); + } + } + + /** + * Registers a set of PSR-4 directories for a given namespace, either + * appending or prepending to the ones previously set for this namespace. + * + * @param string $prefix The prefix/namespace, with trailing '\\' + * @param array|string $paths The PSR-4 base directories + * @param bool $prepend Whether to prepend the directories + * + * @throws \InvalidArgumentException + */ + public function addPsr4($prefix, $paths, $prepend = false) + { + if (!$prefix) { + // Register directories for the root namespace. + if ($prepend) { + $this->fallbackDirsPsr4 = array_merge( + (array) $paths, + $this->fallbackDirsPsr4 + ); + } else { + $this->fallbackDirsPsr4 = array_merge( + $this->fallbackDirsPsr4, + (array) $paths + ); + } + } elseif (!isset($this->prefixDirsPsr4[$prefix])) { + // Register directories for a new namespace. + $length = strlen($prefix); + if ('\\' !== $prefix[$length - 1]) { + throw new \InvalidArgumentException("A non-empty PSR-4 prefix must end with a namespace separator."); + } + $this->prefixLengthsPsr4[$prefix[0]][$prefix] = $length; + $this->prefixDirsPsr4[$prefix] = (array) $paths; + } elseif ($prepend) { + // Prepend directories for an already registered namespace. + $this->prefixDirsPsr4[$prefix] = array_merge( + (array) $paths, + $this->prefixDirsPsr4[$prefix] + ); + } else { + // Append directories for an already registered namespace. + $this->prefixDirsPsr4[$prefix] = array_merge( + $this->prefixDirsPsr4[$prefix], + (array) $paths + ); + } + } + + /** + * Registers a set of PSR-0 directories for a given prefix, + * replacing any others previously set for this prefix. + * + * @param string $prefix The prefix + * @param array|string $paths The PSR-0 base directories + */ + public function set($prefix, $paths) + { + if (!$prefix) { + $this->fallbackDirsPsr0 = (array) $paths; + } else { + $this->prefixesPsr0[$prefix[0]][$prefix] = (array) $paths; + } + } + + /** + * Registers a set of PSR-4 directories for a given namespace, + * replacing any others previously set for this namespace. + * + * @param string $prefix The prefix/namespace, with trailing '\\' + * @param array|string $paths The PSR-4 base directories + * + * @throws \InvalidArgumentException + */ + public function setPsr4($prefix, $paths) + { + if (!$prefix) { + $this->fallbackDirsPsr4 = (array) $paths; + } else { + $length = strlen($prefix); + if ('\\' !== $prefix[$length - 1]) { + throw new \InvalidArgumentException("A non-empty PSR-4 prefix must end with a namespace separator."); + } + $this->prefixLengthsPsr4[$prefix[0]][$prefix] = $length; + $this->prefixDirsPsr4[$prefix] = (array) $paths; + } + } + + /** + * Turns on searching the include path for class files. + * + * @param bool $useIncludePath + */ + public function setUseIncludePath($useIncludePath) + { + $this->useIncludePath = $useIncludePath; + } + + /** + * Can be used to check if the autoloader uses the include path to check + * for classes. + * + * @return bool + */ + public function getUseIncludePath() + { + return $this->useIncludePath; + } + + /** + * Turns off searching the prefix and fallback directories for classes + * that have not been registered with the class map. + * + * @param bool $classMapAuthoritative + */ + public function setClassMapAuthoritative($classMapAuthoritative) + { + $this->classMapAuthoritative = $classMapAuthoritative; + } + + /** + * Should class lookup fail if not found in the current class map? + * + * @return bool + */ + public function isClassMapAuthoritative() + { + return $this->classMapAuthoritative; + } + + /** + * APCu prefix to use to cache found/not-found classes, if the extension is enabled. + * + * @param string|null $apcuPrefix + */ + public function setApcuPrefix($apcuPrefix) + { + $this->apcuPrefix = function_exists('apcu_fetch') && filter_var(ini_get('apc.enabled'), FILTER_VALIDATE_BOOLEAN) ? $apcuPrefix : null; + } + + /** + * The APCu prefix in use, or null if APCu caching is not enabled. + * + * @return string|null + */ + public function getApcuPrefix() + { + return $this->apcuPrefix; + } + + /** + * Registers this instance as an autoloader. + * + * @param bool $prepend Whether to prepend the autoloader or not + */ + public function register($prepend = false) + { + spl_autoload_register(array($this, 'loadClass'), true, $prepend); + + if (null === $this->vendorDir) { + //no-op + } elseif ($prepend) { + self::$registeredLoaders = array($this->vendorDir => $this) + self::$registeredLoaders; + } else { + unset(self::$registeredLoaders[$this->vendorDir]); + self::$registeredLoaders[$this->vendorDir] = $this; + } + } + + /** + * Unregisters this instance as an autoloader. + */ + public function unregister() + { + spl_autoload_unregister(array($this, 'loadClass')); + + if (null !== $this->vendorDir) { + unset(self::$registeredLoaders[$this->vendorDir]); + } + } + + /** + * Loads the given class or interface. + * + * @param string $class The name of the class + * @return bool|null True if loaded, null otherwise + */ + public function loadClass($class) + { + if ($file = $this->findFile($class)) { + includeFile($file); + + return true; + } + } + + /** + * Finds the path to the file where the class is defined. + * + * @param string $class The name of the class + * + * @return string|false The path if found, false otherwise + */ + public function findFile($class) + { + // class map lookup + if (isset($this->classMap[$class])) { + return $this->classMap[$class]; + } + if ($this->classMapAuthoritative || isset($this->missingClasses[$class])) { + return false; + } + if (null !== $this->apcuPrefix) { + $file = apcu_fetch($this->apcuPrefix.$class, $hit); + if ($hit) { + return $file; + } + } + + $file = $this->findFileWithExtension($class, '.php'); + + // Search for Hack files if we are running on HHVM + if (false === $file && defined('HHVM_VERSION')) { + $file = $this->findFileWithExtension($class, '.hh'); + } + + if (null !== $this->apcuPrefix) { + apcu_add($this->apcuPrefix.$class, $file); + } + + if (false === $file) { + // Remember that this class does not exist. + $this->missingClasses[$class] = true; + } + + return $file; + } + + /** + * Returns the currently registered loaders indexed by their corresponding vendor directories. + * + * @return self[] + */ + public static function getRegisteredLoaders() + { + return self::$registeredLoaders; + } + + private function findFileWithExtension($class, $ext) + { + // PSR-4 lookup + $logicalPathPsr4 = strtr($class, '\\', DIRECTORY_SEPARATOR) . $ext; + + $first = $class[0]; + if (isset($this->prefixLengthsPsr4[$first])) { + $subPath = $class; + while (false !== $lastPos = strrpos($subPath, '\\')) { + $subPath = substr($subPath, 0, $lastPos); + $search = $subPath . '\\'; + if (isset($this->prefixDirsPsr4[$search])) { + $pathEnd = DIRECTORY_SEPARATOR . substr($logicalPathPsr4, $lastPos + 1); + foreach ($this->prefixDirsPsr4[$search] as $dir) { + if (file_exists($file = $dir . $pathEnd)) { + return $file; + } + } + } + } + } + + // PSR-4 fallback dirs + foreach ($this->fallbackDirsPsr4 as $dir) { + if (file_exists($file = $dir . DIRECTORY_SEPARATOR . $logicalPathPsr4)) { + return $file; + } + } + + // PSR-0 lookup + if (false !== $pos = strrpos($class, '\\')) { + // namespaced class name + $logicalPathPsr0 = substr($logicalPathPsr4, 0, $pos + 1) + . strtr(substr($logicalPathPsr4, $pos + 1), '_', DIRECTORY_SEPARATOR); + } else { + // PEAR-like class name + $logicalPathPsr0 = strtr($class, '_', DIRECTORY_SEPARATOR) . $ext; + } + + if (isset($this->prefixesPsr0[$first])) { + foreach ($this->prefixesPsr0[$first] as $prefix => $dirs) { + if (0 === strpos($class, $prefix)) { + foreach ($dirs as $dir) { + if (file_exists($file = $dir . DIRECTORY_SEPARATOR . $logicalPathPsr0)) { + return $file; + } + } + } + } + } + + // PSR-0 fallback dirs + foreach ($this->fallbackDirsPsr0 as $dir) { + if (file_exists($file = $dir . DIRECTORY_SEPARATOR . $logicalPathPsr0)) { + return $file; + } + } + + // PSR-0 include paths. + if ($this->useIncludePath && $file = stream_resolve_include_path($logicalPathPsr0)) { + return $file; + } + + return false; + } +} + +/** + * Scope isolated include. + * + * Prevents access to $this/self from included files. + */ +function includeFile($file) +{ + include $file; +} diff --git a/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/composer/InstalledVersions.php b/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/composer/InstalledVersions.php new file mode 100644 index 0000000..edbb92a --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/composer/InstalledVersions.php @@ -0,0 +1,311 @@ + + array ( + 'pretty_version' => 'dev-master', + 'version' => 'dev-master', + 'aliases' => + array ( + ), + 'reference' => '4e74fb44d08ff9e669c4a44db697badf8bdf2996', + 'name' => '__root__', + ), + 'versions' => + array ( + '__root__' => + array ( + 'pretty_version' => 'dev-master', + 'version' => 'dev-master', + 'aliases' => + array ( + ), + 'reference' => '4e74fb44d08ff9e669c4a44db697badf8bdf2996', + ), + 'firebase/php-jwt' => + array ( + 'pretty_version' => 'v4.0.0', + 'version' => '4.0.0.0', + 'aliases' => + array ( + ), + 'reference' => 'dccf163dc8ed7ed6a00afc06c51ee5186a428d35', + ), + 'onelogin/php-saml' => + array ( + 'pretty_version' => '3.4.1', + 'version' => '3.4.1.0', + 'aliases' => + array ( + ), + 'reference' => '5fbf3486704ac9835b68184023ab54862c95f213', + ), + 'robrichards/xmlseclibs' => + array ( + 'pretty_version' => '3.1.1', + 'version' => '3.1.1.0', + 'aliases' => + array ( + ), + 'reference' => 'f8f19e58f26cdb42c54b214ff8a820760292f8df', + ), + ), +); +private static $canGetVendors; +private static $installedByVendor = array(); + + + + + + + +public static function getInstalledPackages() +{ +$packages = array(); +foreach (self::getInstalled() as $installed) { +$packages[] = array_keys($installed['versions']); +} + + +if (1 === \count($packages)) { +return $packages[0]; +} + +return array_keys(array_flip(\call_user_func_array('array_merge', $packages))); +} + + + + + + + + + +public static function isInstalled($packageName) +{ +foreach (self::getInstalled() as $installed) { +if (isset($installed['versions'][$packageName])) { +return true; +} +} + +return false; +} + + + + + + + + + + + + + + +public static function satisfies(VersionParser $parser, $packageName, $constraint) +{ +$constraint = $parser->parseConstraints($constraint); +$provided = $parser->parseConstraints(self::getVersionRanges($packageName)); + +return $provided->matches($constraint); +} + + + + + + + + + + +public static function getVersionRanges($packageName) +{ +foreach (self::getInstalled() as $installed) { +if (!isset($installed['versions'][$packageName])) { +continue; +} + +$ranges = array(); +if (isset($installed['versions'][$packageName]['pretty_version'])) { +$ranges[] = $installed['versions'][$packageName]['pretty_version']; +} +if (array_key_exists('aliases', $installed['versions'][$packageName])) { +$ranges = array_merge($ranges, $installed['versions'][$packageName]['aliases']); +} +if (array_key_exists('replaced', $installed['versions'][$packageName])) { +$ranges = array_merge($ranges, $installed['versions'][$packageName]['replaced']); +} +if (array_key_exists('provided', $installed['versions'][$packageName])) { +$ranges = array_merge($ranges, $installed['versions'][$packageName]['provided']); +} + +return implode(' || ', $ranges); +} + +throw new \OutOfBoundsException('Package "' . $packageName . '" is not installed'); +} + + + + + +public static function getVersion($packageName) +{ +foreach (self::getInstalled() as $installed) { +if (!isset($installed['versions'][$packageName])) { +continue; +} + +if (!isset($installed['versions'][$packageName]['version'])) { +return null; +} + +return $installed['versions'][$packageName]['version']; +} + +throw new \OutOfBoundsException('Package "' . $packageName . '" is not installed'); +} + + + + + +public static function getPrettyVersion($packageName) +{ +foreach (self::getInstalled() as $installed) { +if (!isset($installed['versions'][$packageName])) { +continue; +} + +if (!isset($installed['versions'][$packageName]['pretty_version'])) { +return null; +} + +return $installed['versions'][$packageName]['pretty_version']; +} + +throw new \OutOfBoundsException('Package "' . $packageName . '" is not installed'); +} + + + + + +public static function getReference($packageName) +{ +foreach (self::getInstalled() as $installed) { +if (!isset($installed['versions'][$packageName])) { +continue; +} + +if (!isset($installed['versions'][$packageName]['reference'])) { +return null; +} + +return $installed['versions'][$packageName]['reference']; +} + +throw new \OutOfBoundsException('Package "' . $packageName . '" is not installed'); +} + + + + + +public static function getRootPackage() +{ +$installed = self::getInstalled(); + +return $installed[0]['root']; +} + + + + + + + +public static function getRawData() +{ +return self::$installed; +} + + + + + + + + + + + + + + + + + + + +public static function reload($data) +{ +self::$installed = $data; +self::$installedByVendor = array(); +} + + + + +private static function getInstalled() +{ +if (null === self::$canGetVendors) { +self::$canGetVendors = method_exists('Composer\Autoload\ClassLoader', 'getRegisteredLoaders'); +} + +$installed = array(); + +if (self::$canGetVendors) { + +foreach (ClassLoader::getRegisteredLoaders() as $vendorDir => $loader) { +if (isset(self::$installedByVendor[$vendorDir])) { +$installed[] = self::$installedByVendor[$vendorDir]; +} elseif (is_file($vendorDir.'/composer/installed.php')) { +$installed[] = self::$installedByVendor[$vendorDir] = require $vendorDir.'/composer/installed.php'; +} +} +} + +$installed[] = self::$installed; + +return $installed; +} +} diff --git a/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/composer/LICENSE b/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/composer/LICENSE new file mode 100644 index 0000000..f27399a --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/composer/LICENSE @@ -0,0 +1,21 @@ + +Copyright (c) Nils Adermann, Jordi Boggiano + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is furnished +to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +THE SOFTWARE. + diff --git a/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/composer/autoload_classmap.php b/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/composer/autoload_classmap.php new file mode 100644 index 0000000..e6d43fb --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/composer/autoload_classmap.php @@ -0,0 +1,30 @@ + $vendorDir . '/composer/InstalledVersions.php', + 'Firebase\\JWT\\BeforeValidException' => $vendorDir . '/firebase/php-jwt/src/BeforeValidException.php', + 'Firebase\\JWT\\ExpiredException' => $vendorDir . '/firebase/php-jwt/src/ExpiredException.php', + 'Firebase\\JWT\\JWT' => $vendorDir . '/firebase/php-jwt/src/JWT.php', + 'Firebase\\JWT\\SignatureInvalidException' => $vendorDir . '/firebase/php-jwt/src/SignatureInvalidException.php', + 'OneLogin\\Saml2\\Auth' => $vendorDir . '/onelogin/php-saml/src/Saml2/Auth.php', + 'OneLogin\\Saml2\\AuthnRequest' => $vendorDir . '/onelogin/php-saml/src/Saml2/AuthnRequest.php', + 'OneLogin\\Saml2\\Constants' => $vendorDir . '/onelogin/php-saml/src/Saml2/Constants.php', + 'OneLogin\\Saml2\\Error' => $vendorDir . '/onelogin/php-saml/src/Saml2/Error.php', + 'OneLogin\\Saml2\\IdPMetadataParser' => $vendorDir . '/onelogin/php-saml/src/Saml2/IdPMetadataParser.php', + 'OneLogin\\Saml2\\LogoutRequest' => $vendorDir . '/onelogin/php-saml/src/Saml2/LogoutRequest.php', + 'OneLogin\\Saml2\\LogoutResponse' => $vendorDir . '/onelogin/php-saml/src/Saml2/LogoutResponse.php', + 'OneLogin\\Saml2\\Metadata' => $vendorDir . '/onelogin/php-saml/src/Saml2/Metadata.php', + 'OneLogin\\Saml2\\Response' => $vendorDir . '/onelogin/php-saml/src/Saml2/Response.php', + 'OneLogin\\Saml2\\Settings' => $vendorDir . '/onelogin/php-saml/src/Saml2/Settings.php', + 'OneLogin\\Saml2\\Utils' => $vendorDir . '/onelogin/php-saml/src/Saml2/Utils.php', + 'OneLogin\\Saml2\\ValidationError' => $vendorDir . '/onelogin/php-saml/src/Saml2/ValidationError.php', + 'RobRichards\\XMLSecLibs\\Utils\\XPath' => $vendorDir . '/robrichards/xmlseclibs/src/Utils/XPath.php', + 'RobRichards\\XMLSecLibs\\XMLSecEnc' => $vendorDir . '/robrichards/xmlseclibs/src/XMLSecEnc.php', + 'RobRichards\\XMLSecLibs\\XMLSecurityDSig' => $vendorDir . '/robrichards/xmlseclibs/src/XMLSecurityDSig.php', + 'RobRichards\\XMLSecLibs\\XMLSecurityKey' => $vendorDir . '/robrichards/xmlseclibs/src/XMLSecurityKey.php', +); diff --git a/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/composer/autoload_namespaces.php b/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/composer/autoload_namespaces.php new file mode 100644 index 0000000..b7fc012 --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/composer/autoload_namespaces.php @@ -0,0 +1,9 @@ + array($vendorDir . '/robrichards/xmlseclibs/src'), + 'OneLogin\\' => array($vendorDir . '/onelogin/php-saml/src'), + 'Firebase\\JWT\\' => array($vendorDir . '/firebase/php-jwt/src'), +); diff --git a/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/composer/autoload_real.php b/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/composer/autoload_real.php new file mode 100644 index 0000000..b3c3f98 --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/composer/autoload_real.php @@ -0,0 +1,48 @@ += 50600 && !defined('HHVM_VERSION') && (!function_exists('zend_loader_file_encoded') || !zend_loader_file_encoded()); + if ($useStaticLoader) { + require __DIR__ . '/autoload_static.php'; + + call_user_func(\Composer\Autoload\ComposerStaticInitcc75f134f7630c1ee3a8e4d7c86f3bcc::getInitializer($loader)); + } else { + $classMap = require __DIR__ . '/autoload_classmap.php'; + if ($classMap) { + $loader->addClassMap($classMap); + } + } + + $loader->setClassMapAuthoritative(true); + $loader->register(true); + + return $loader; + } +} diff --git a/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/composer/autoload_static.php b/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/composer/autoload_static.php new file mode 100644 index 0000000..052f28c --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/composer/autoload_static.php @@ -0,0 +1,72 @@ + + array ( + 'RobRichards\\XMLSecLibs\\' => 23, + ), + 'O' => + array ( + 'OneLogin\\' => 9, + ), + 'F' => + array ( + 'Firebase\\JWT\\' => 13, + ), + ); + + public static $prefixDirsPsr4 = array ( + 'RobRichards\\XMLSecLibs\\' => + array ( + 0 => __DIR__ . '/..' . '/robrichards/xmlseclibs/src', + ), + 'OneLogin\\' => + array ( + 0 => __DIR__ . '/..' . '/onelogin/php-saml/src', + ), + 'Firebase\\JWT\\' => + array ( + 0 => __DIR__ . '/..' . '/firebase/php-jwt/src', + ), + ); + + public static $classMap = array ( + 'Composer\\InstalledVersions' => __DIR__ . '/..' . '/composer/InstalledVersions.php', + 'Firebase\\JWT\\BeforeValidException' => __DIR__ . '/..' . '/firebase/php-jwt/src/BeforeValidException.php', + 'Firebase\\JWT\\ExpiredException' => __DIR__ . '/..' . '/firebase/php-jwt/src/ExpiredException.php', + 'Firebase\\JWT\\JWT' => __DIR__ . '/..' . '/firebase/php-jwt/src/JWT.php', + 'Firebase\\JWT\\SignatureInvalidException' => __DIR__ . '/..' . '/firebase/php-jwt/src/SignatureInvalidException.php', + 'OneLogin\\Saml2\\Auth' => __DIR__ . '/..' . '/onelogin/php-saml/src/Saml2/Auth.php', + 'OneLogin\\Saml2\\AuthnRequest' => __DIR__ . '/..' . '/onelogin/php-saml/src/Saml2/AuthnRequest.php', + 'OneLogin\\Saml2\\Constants' => __DIR__ . '/..' . '/onelogin/php-saml/src/Saml2/Constants.php', + 'OneLogin\\Saml2\\Error' => __DIR__ . '/..' . '/onelogin/php-saml/src/Saml2/Error.php', + 'OneLogin\\Saml2\\IdPMetadataParser' => __DIR__ . '/..' . '/onelogin/php-saml/src/Saml2/IdPMetadataParser.php', + 'OneLogin\\Saml2\\LogoutRequest' => __DIR__ . '/..' . '/onelogin/php-saml/src/Saml2/LogoutRequest.php', + 'OneLogin\\Saml2\\LogoutResponse' => __DIR__ . '/..' . '/onelogin/php-saml/src/Saml2/LogoutResponse.php', + 'OneLogin\\Saml2\\Metadata' => __DIR__ . '/..' . '/onelogin/php-saml/src/Saml2/Metadata.php', + 'OneLogin\\Saml2\\Response' => __DIR__ . '/..' . '/onelogin/php-saml/src/Saml2/Response.php', + 'OneLogin\\Saml2\\Settings' => __DIR__ . '/..' . '/onelogin/php-saml/src/Saml2/Settings.php', + 'OneLogin\\Saml2\\Utils' => __DIR__ . '/..' . '/onelogin/php-saml/src/Saml2/Utils.php', + 'OneLogin\\Saml2\\ValidationError' => __DIR__ . '/..' . '/onelogin/php-saml/src/Saml2/ValidationError.php', + 'RobRichards\\XMLSecLibs\\Utils\\XPath' => __DIR__ . '/..' . '/robrichards/xmlseclibs/src/Utils/XPath.php', + 'RobRichards\\XMLSecLibs\\XMLSecEnc' => __DIR__ . '/..' . '/robrichards/xmlseclibs/src/XMLSecEnc.php', + 'RobRichards\\XMLSecLibs\\XMLSecurityDSig' => __DIR__ . '/..' . '/robrichards/xmlseclibs/src/XMLSecurityDSig.php', + 'RobRichards\\XMLSecLibs\\XMLSecurityKey' => __DIR__ . '/..' . '/robrichards/xmlseclibs/src/XMLSecurityKey.php', + ); + + public static function getInitializer(ClassLoader $loader) + { + return \Closure::bind(function () use ($loader) { + $loader->prefixLengthsPsr4 = ComposerStaticInitcc75f134f7630c1ee3a8e4d7c86f3bcc::$prefixLengthsPsr4; + $loader->prefixDirsPsr4 = ComposerStaticInitcc75f134f7630c1ee3a8e4d7c86f3bcc::$prefixDirsPsr4; + $loader->classMap = ComposerStaticInitcc75f134f7630c1ee3a8e4d7c86f3bcc::$classMap; + + }, null, ClassLoader::class); + } +} diff --git a/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/composer/installed.json b/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/composer/installed.json new file mode 100644 index 0000000..cad26cc --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/composer/installed.json @@ -0,0 +1,146 @@ +{ + "packages": [ + { + "name": "firebase/php-jwt", + "version": "v4.0.0", + "version_normalized": "4.0.0.0", + "source": { + "type": "git", + "url": "https://github.com/firebase/php-jwt.git", + "reference": "dccf163dc8ed7ed6a00afc06c51ee5186a428d35" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/firebase/php-jwt/zipball/dccf163dc8ed7ed6a00afc06c51ee5186a428d35", + "reference": "dccf163dc8ed7ed6a00afc06c51ee5186a428d35", + "shasum": "" + }, + "require": { + "php": ">=5.3.0" + }, + "time": "2016-07-18T04:51:16+00:00", + "type": "library", + "installation-source": "dist", + "autoload": { + "psr-4": { + "Firebase\\JWT\\": "src" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "BSD-3-Clause" + ], + "authors": [ + { + "name": "Neuman Vong", + "email": "neuman+pear@twilio.com", + "role": "Developer" + }, + { + "name": "Anant Narayanan", + "email": "anant@php.net", + "role": "Developer" + } + ], + "description": "A simple library to encode and decode JSON Web Tokens (JWT) in PHP. Should conform to the current spec.", + "homepage": "https://github.com/firebase/php-jwt", + "install-path": "../firebase/php-jwt" + }, + { + "name": "onelogin/php-saml", + "version": "3.4.1", + "version_normalized": "3.4.1.0", + "source": { + "type": "git", + "url": "https://github.com/onelogin/php-saml.git", + "reference": "5fbf3486704ac9835b68184023ab54862c95f213" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/onelogin/php-saml/zipball/5fbf3486704ac9835b68184023ab54862c95f213", + "reference": "5fbf3486704ac9835b68184023ab54862c95f213", + "shasum": "" + }, + "require": { + "php": ">=5.4", + "robrichards/xmlseclibs": ">=3.0.4" + }, + "require-dev": { + "pdepend/pdepend": "^2.5.0", + "php-coveralls/php-coveralls": "^1.0.2 || ^2.0", + "phploc/phploc": "^2.1 || ^3.0 || ^4.0", + "phpunit/phpunit": "^4.8.35 || ^5.7 || ^6.5 || ^7.1", + "sebastian/phpcpd": "^2.0 || ^3.0 || ^4.0", + "squizlabs/php_codesniffer": "^3.1.1" + }, + "suggest": { + "ext-curl": "Install curl lib to be able to use the IdPMetadataParser for parsing remote XMLs", + "ext-gettext": "Install gettext and php5-gettext libs to handle translations", + "ext-openssl": "Install openssl lib in order to handle with x509 certs (require to support sign and encryption)" + }, + "time": "2019-11-25T17:30:07+00:00", + "type": "library", + "installation-source": "dist", + "autoload": { + "psr-4": { + "OneLogin\\": "src/" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "description": "OneLogin PHP SAML Toolkit", + "homepage": "https://developers.onelogin.com/saml/php", + "keywords": [ + "SAML2", + "onelogin", + "saml" + ], + "install-path": "../onelogin/php-saml" + }, + { + "name": "robrichards/xmlseclibs", + "version": "3.1.1", + "version_normalized": "3.1.1.0", + "source": { + "type": "git", + "url": "https://github.com/robrichards/xmlseclibs.git", + "reference": "f8f19e58f26cdb42c54b214ff8a820760292f8df" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/robrichards/xmlseclibs/zipball/f8f19e58f26cdb42c54b214ff8a820760292f8df", + "reference": "f8f19e58f26cdb42c54b214ff8a820760292f8df", + "shasum": "" + }, + "require": { + "ext-openssl": "*", + "php": ">= 5.4" + }, + "time": "2020-09-05T13:00:25+00:00", + "type": "library", + "installation-source": "dist", + "autoload": { + "psr-4": { + "RobRichards\\XMLSecLibs\\": "src" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "BSD-3-Clause" + ], + "description": "A PHP library for XML Security", + "homepage": "https://github.com/robrichards/xmlseclibs", + "keywords": [ + "security", + "signature", + "xml", + "xmldsig" + ], + "install-path": "../robrichards/xmlseclibs" + } + ], + "dev": false, + "dev-package-names": [] +} diff --git a/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/composer/installed.php b/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/composer/installed.php new file mode 100644 index 0000000..c1929b8 --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/composer/installed.php @@ -0,0 +1,51 @@ + + array ( + 'pretty_version' => 'dev-master', + 'version' => 'dev-master', + 'aliases' => + array ( + ), + 'reference' => '4e74fb44d08ff9e669c4a44db697badf8bdf2996', + 'name' => '__root__', + ), + 'versions' => + array ( + '__root__' => + array ( + 'pretty_version' => 'dev-master', + 'version' => 'dev-master', + 'aliases' => + array ( + ), + 'reference' => '4e74fb44d08ff9e669c4a44db697badf8bdf2996', + ), + 'firebase/php-jwt' => + array ( + 'pretty_version' => 'v4.0.0', + 'version' => '4.0.0.0', + 'aliases' => + array ( + ), + 'reference' => 'dccf163dc8ed7ed6a00afc06c51ee5186a428d35', + ), + 'onelogin/php-saml' => + array ( + 'pretty_version' => '3.4.1', + 'version' => '3.4.1.0', + 'aliases' => + array ( + ), + 'reference' => '5fbf3486704ac9835b68184023ab54862c95f213', + ), + 'robrichards/xmlseclibs' => + array ( + 'pretty_version' => '3.1.1', + 'version' => '3.1.1.0', + 'aliases' => + array ( + ), + 'reference' => 'f8f19e58f26cdb42c54b214ff8a820760292f8df', + ), + ), +); diff --git a/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/composer/platform_check.php b/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/composer/platform_check.php new file mode 100644 index 0000000..590554b --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/composer/platform_check.php @@ -0,0 +1,26 @@ += 50400)) { + $issues[] = 'Your Composer dependencies require a PHP version ">= 5.4.0". You are running ' . PHP_VERSION . '.'; +} + +if ($issues) { + if (!headers_sent()) { + header('HTTP/1.1 500 Internal Server Error'); + } + if (!ini_get('display_errors')) { + if (PHP_SAPI === 'cli' || PHP_SAPI === 'phpdbg') { + fwrite(STDERR, 'Composer detected issues in your platform:' . PHP_EOL.PHP_EOL . implode(PHP_EOL, $issues) . PHP_EOL.PHP_EOL); + } elseif (!headers_sent()) { + echo 'Composer detected issues in your platform:' . PHP_EOL.PHP_EOL . str_replace('You are running '.PHP_VERSION.'.', '', implode(PHP_EOL, $issues)) . PHP_EOL.PHP_EOL; + } + } + trigger_error( + 'Composer detected issues in your platform: ' . implode(' ', $issues), + E_USER_ERROR + ); +} diff --git a/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/firebase/php-jwt/LICENSE b/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/firebase/php-jwt/LICENSE new file mode 100644 index 0000000..cb0c49b --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/firebase/php-jwt/LICENSE @@ -0,0 +1,30 @@ +Copyright (c) 2011, Neuman Vong + +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + + * Redistributions in binary form must reproduce the above + copyright notice, this list of conditions and the following + disclaimer in the documentation and/or other materials provided + with the distribution. + + * Neither the name of Neuman Vong nor the names of other + contributors may be used to endorse or promote products derived + from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff --git a/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/firebase/php-jwt/README.md b/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/firebase/php-jwt/README.md new file mode 100644 index 0000000..d4589b1 --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/firebase/php-jwt/README.md @@ -0,0 +1,119 @@ +[![Build Status](https://travis-ci.org/firebase/php-jwt.png?branch=master)](https://travis-ci.org/firebase/php-jwt) +[![Latest Stable Version](https://poser.pugx.org/firebase/php-jwt/v/stable)](https://packagist.org/packages/firebase/php-jwt) +[![Total Downloads](https://poser.pugx.org/firebase/php-jwt/downloads)](https://packagist.org/packages/firebase/php-jwt) +[![License](https://poser.pugx.org/firebase/php-jwt/license)](https://packagist.org/packages/firebase/php-jwt) + +PHP-JWT +======= +A simple library to encode and decode JSON Web Tokens (JWT) in PHP, conforming to [RFC 7519](https://tools.ietf.org/html/rfc7519). + +Installation +------------ + +Use composer to manage your dependencies and download PHP-JWT: + +```bash +composer require firebase/php-jwt +``` + +Example +------- +```php + "http://example.org", + "aud" => "http://example.com", + "iat" => 1356999524, + "nbf" => 1357000000 +); + +/** + * IMPORTANT: + * You must specify supported algorithms for your application. See + * https://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-40 + * for a list of spec-compliant algorithms. + */ +$jwt = JWT::encode($token, $key); +$decoded = JWT::decode($jwt, $key, array('HS256')); + +print_r($decoded); + +/* + NOTE: This will now be an object instead of an associative array. To get + an associative array, you will need to cast it as such: +*/ + +$decoded_array = (array) $decoded; + +/** + * You can add a leeway to account for when there is a clock skew times between + * the signing and verifying servers. It is recommended that this leeway should + * not be bigger than a few minutes. + * + * Source: http://self-issued.info/docs/draft-ietf-oauth-json-web-token.html#nbfDef + */ +JWT::$leeway = 60; // $leeway in seconds +$decoded = JWT::decode($jwt, $key, array('HS256')); + +?> +``` + +Changelog +--------- + +#### 4.0.0 / 2016-07-17 +- Add support for late static binding. See [#88](https://github.com/firebase/php-jwt/pull/88) for details. Thanks to [@chappy84](https://github.com/chappy84)! +- Use static `$timestamp` instead of `time()` to improve unit testing. See [#93](https://github.com/firebase/php-jwt/pull/93) for details. Thanks to [@josephmcdermott](https://github.com/josephmcdermott)! +- Fixes to exceptions classes. See [#81](https://github.com/firebase/php-jwt/pull/81) for details. Thanks to [@Maks3w](https://github.com/Maks3w)! +- Fixes to PHPDoc. See [#76](https://github.com/firebase/php-jwt/pull/76) for details. Thanks to [@akeeman](https://github.com/akeeman)! + +#### 3.0.0 / 2015-07-22 +- Minimum PHP version updated from `5.2.0` to `5.3.0`. +- Add `\Firebase\JWT` namespace. See +[#59](https://github.com/firebase/php-jwt/pull/59) for details. Thanks to +[@Dashron](https://github.com/Dashron)! +- Require a non-empty key to decode and verify a JWT. See +[#60](https://github.com/firebase/php-jwt/pull/60) for details. Thanks to +[@sjones608](https://github.com/sjones608)! +- Cleaner documentation blocks in the code. See +[#62](https://github.com/firebase/php-jwt/pull/62) for details. Thanks to +[@johanderuijter](https://github.com/johanderuijter)! + +#### 2.2.0 / 2015-06-22 +- Add support for adding custom, optional JWT headers to `JWT::encode()`. See +[#53](https://github.com/firebase/php-jwt/pull/53/files) for details. Thanks to +[@mcocaro](https://github.com/mcocaro)! + +#### 2.1.0 / 2015-05-20 +- Add support for adding a leeway to `JWT:decode()` that accounts for clock skew +between signing and verifying entities. Thanks to [@lcabral](https://github.com/lcabral)! +- Add support for passing an object implementing the `ArrayAccess` interface for +`$keys` argument in `JWT::decode()`. Thanks to [@aztech-dev](https://github.com/aztech-dev)! + +#### 2.0.0 / 2015-04-01 +- **Note**: It is strongly recommended that you update to > v2.0.0 to address + known security vulnerabilities in prior versions when both symmetric and + asymmetric keys are used together. +- Update signature for `JWT::decode(...)` to require an array of supported + algorithms to use when verifying token signatures. + + +Tests +----- +Run the tests using phpunit: + +```bash +$ pear install PHPUnit +$ phpunit --configuration phpunit.xml.dist +PHPUnit 3.7.10 by Sebastian Bergmann. +..... +Time: 0 seconds, Memory: 2.50Mb +OK (5 tests, 5 assertions) +``` + +License +------- +[3-Clause BSD](http://opensource.org/licenses/BSD-3-Clause). diff --git a/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/firebase/php-jwt/composer.json b/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/firebase/php-jwt/composer.json new file mode 100644 index 0000000..1a5e93b --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/firebase/php-jwt/composer.json @@ -0,0 +1,27 @@ +{ + "name": "firebase/php-jwt", + "description": "A simple library to encode and decode JSON Web Tokens (JWT) in PHP. Should conform to the current spec.", + "homepage": "https://github.com/firebase/php-jwt", + "authors": [ + { + "name": "Neuman Vong", + "email": "neuman+pear@twilio.com", + "role": "Developer" + }, + { + "name": "Anant Narayanan", + "email": "anant@php.net", + "role": "Developer" + } + ], + "license": "BSD-3-Clause", + "require": { + "php": ">=5.3.0" + }, + "autoload": { + "psr-4": { + "Firebase\\JWT\\": "src" + } + }, + "minimum-stability": "dev" +} diff --git a/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/firebase/php-jwt/composer.lock b/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/firebase/php-jwt/composer.lock new file mode 100644 index 0000000..5518ae4 --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/firebase/php-jwt/composer.lock @@ -0,0 +1,19 @@ +{ + "_readme": [ + "This file locks the dependencies of your project to a known state", + "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file", + "This file is @generated automatically" + ], + "hash": "60a5df5d283a7ae9000173248eba8909", + "packages": [], + "packages-dev": [], + "aliases": [], + "minimum-stability": "dev", + "stability-flags": [], + "prefer-stable": false, + "prefer-lowest": false, + "platform": { + "php": ">=5.2.0" + }, + "platform-dev": [] +} diff --git a/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/firebase/php-jwt/package.xml b/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/firebase/php-jwt/package.xml new file mode 100644 index 0000000..a95b056 --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/firebase/php-jwt/package.xml @@ -0,0 +1,77 @@ + + + JWT + pear.php.net + A JWT encoder/decoder. + A JWT encoder/decoder library for PHP. + + Neuman Vong + lcfrs + neuman+pear@twilio.com + yes + + + Firebase Operations + firebase + operations@firebase.com + yes + + 2015-07-22 + + 3.0.0 + 3.0.0 + + + beta + beta + + BSD 3-Clause License + +Initial release with basic support for JWT encoding, decoding and signature verification. + + + + + + + + + + + + + 5.1 + + + 1.7.0 + + + json + + + hash + + + + + + + + 0.1.0 + 0.1.0 + + + beta + beta + + 2015-04-01 + BSD 3-Clause License + +Initial release with basic support for JWT encoding, decoding and signature verification. + + + + diff --git a/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/firebase/php-jwt/src/BeforeValidException.php b/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/firebase/php-jwt/src/BeforeValidException.php new file mode 100644 index 0000000..a6ee2f7 --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/firebase/php-jwt/src/BeforeValidException.php @@ -0,0 +1,7 @@ + + * @author Anant Narayanan + * @license http://opensource.org/licenses/BSD-3-Clause 3-clause BSD + * @link https://github.com/firebase/php-jwt + */ +class JWT +{ + + /** + * When checking nbf, iat or expiration times, + * we want to provide some extra leeway time to + * account for clock skew. + */ + public static $leeway = 0; + + /** + * Allow the current timestamp to be specified. + * Useful for fixing a value within unit testing. + * + * Will default to PHP time() value if null. + */ + public static $timestamp = null; + + public static $supported_algs = array( + 'HS256' => array('hash_hmac', 'SHA256'), + 'HS512' => array('hash_hmac', 'SHA512'), + 'HS384' => array('hash_hmac', 'SHA384'), + 'RS256' => array('openssl', 'SHA256'), + ); + + /** + * Decodes a JWT string into a PHP object. + * + * @param string $jwt The JWT + * @param string|array $key The key, or map of keys. + * If the algorithm used is asymmetric, this is the public key + * @param array $allowed_algs List of supported verification algorithms + * Supported algorithms are 'HS256', 'HS384', 'HS512' and 'RS256' + * + * @return object The JWT's payload as a PHP object + * + * @throws UnexpectedValueException Provided JWT was invalid + * @throws SignatureInvalidException Provided JWT was invalid because the signature verification failed + * @throws BeforeValidException Provided JWT is trying to be used before it's eligible as defined by 'nbf' + * @throws BeforeValidException Provided JWT is trying to be used before it's been created as defined by 'iat' + * @throws ExpiredException Provided JWT has since expired, as defined by the 'exp' claim + * + * @uses jsonDecode + * @uses urlsafeB64Decode + */ + public static function decode($jwt, $key, $allowed_algs = array()) + { + $timestamp = is_null(static::$timestamp) ? time() : static::$timestamp; + + if (empty($key)) { + throw new InvalidArgumentException('Key may not be empty'); + } + if (!is_array($allowed_algs)) { + throw new InvalidArgumentException('Algorithm not allowed'); + } + $tks = explode('.', $jwt); + if (count($tks) != 3) { + throw new UnexpectedValueException('Wrong number of segments'); + } + list($headb64, $bodyb64, $cryptob64) = $tks; + if (null === ($header = static::jsonDecode(static::urlsafeB64Decode($headb64)))) { + throw new UnexpectedValueException('Invalid header encoding'); + } + if (null === $payload = static::jsonDecode(static::urlsafeB64Decode($bodyb64))) { + throw new UnexpectedValueException('Invalid claims encoding'); + } + $sig = static::urlsafeB64Decode($cryptob64); + + if (empty($header->alg)) { + throw new UnexpectedValueException('Empty algorithm'); + } + if (empty(static::$supported_algs[$header->alg])) { + throw new UnexpectedValueException('Algorithm not supported'); + } + if (!in_array($header->alg, $allowed_algs)) { + throw new UnexpectedValueException('Algorithm not allowed'); + } + if (is_array($key) || $key instanceof \ArrayAccess) { + if (isset($header->kid)) { + $key = $key[$header->kid]; + } else { + throw new UnexpectedValueException('"kid" empty, unable to lookup correct key'); + } + } + + // Check the signature + if (!static::verify("$headb64.$bodyb64", $sig, $key, $header->alg)) { + throw new SignatureInvalidException('Signature verification failed'); + } + + // Check if the nbf if it is defined. This is the time that the + // token can actually be used. If it's not yet that time, abort. + if (isset($payload->nbf) && $payload->nbf > ($timestamp + static::$leeway)) { + throw new BeforeValidException( + 'Cannot handle token prior to ' . date(DateTime::ISO8601, $payload->nbf) + ); + } + + // Check that this token has been created before 'now'. This prevents + // using tokens that have been created for later use (and haven't + // correctly used the nbf claim). + if (isset($payload->iat) && $payload->iat > ($timestamp + static::$leeway)) { + throw new BeforeValidException( + 'Cannot handle token prior to ' . date(DateTime::ISO8601, $payload->iat) + ); + } + + // Check if this token has expired. + if (isset($payload->exp) && ($timestamp - static::$leeway) >= $payload->exp) { + throw new ExpiredException('Expired token'); + } + + return $payload; + } + + /** + * Converts and signs a PHP object or array into a JWT string. + * + * @param object|array $payload PHP object or array + * @param string $key The secret key. + * If the algorithm used is asymmetric, this is the private key + * @param string $alg The signing algorithm. + * Supported algorithms are 'HS256', 'HS384', 'HS512' and 'RS256' + * @param mixed $keyId + * @param array $head An array with header elements to attach + * + * @return string A signed JWT + * + * @uses jsonEncode + * @uses urlsafeB64Encode + */ + public static function encode($payload, $key, $alg = 'HS256', $keyId = null, $head = null) + { + $header = array('typ' => 'JWT', 'alg' => $alg); + if ($keyId !== null) { + $header['kid'] = $keyId; + } + if ( isset($head) && is_array($head) ) { + $header = array_merge($head, $header); + } + $segments = array(); + $segments[] = static::urlsafeB64Encode(static::jsonEncode($header)); + $segments[] = static::urlsafeB64Encode(static::jsonEncode($payload)); + $signing_input = implode('.', $segments); + + $signature = static::sign($signing_input, $key, $alg); + $segments[] = static::urlsafeB64Encode($signature); + + return implode('.', $segments); + } + + /** + * Sign a string with a given key and algorithm. + * + * @param string $msg The message to sign + * @param string|resource $key The secret key + * @param string $alg The signing algorithm. + * Supported algorithms are 'HS256', 'HS384', 'HS512' and 'RS256' + * + * @return string An encrypted message + * + * @throws DomainException Unsupported algorithm was specified + */ + public static function sign($msg, $key, $alg = 'HS256') + { + if (empty(static::$supported_algs[$alg])) { + throw new DomainException('Algorithm not supported'); + } + list($function, $algorithm) = static::$supported_algs[$alg]; + switch($function) { + case 'hash_hmac': + return hash_hmac($algorithm, $msg, $key, true); + case 'openssl': + $signature = ''; + $success = openssl_sign($msg, $signature, $key, $algorithm); + if (!$success) { + throw new DomainException("OpenSSL unable to sign data"); + } else { + return $signature; + } + } + } + + /** + * Verify a signature with the message, key and method. Not all methods + * are symmetric, so we must have a separate verify and sign method. + * + * @param string $msg The original message (header and body) + * @param string $signature The original signature + * @param string|resource $key For HS*, a string key works. for RS*, must be a resource of an openssl public key + * @param string $alg The algorithm + * + * @return bool + * + * @throws DomainException Invalid Algorithm or OpenSSL failure + */ + private static function verify($msg, $signature, $key, $alg) + { + if (empty(static::$supported_algs[$alg])) { + throw new DomainException('Algorithm not supported'); + } + + list($function, $algorithm) = static::$supported_algs[$alg]; + switch($function) { + case 'openssl': + $success = openssl_verify($msg, $signature, $key, $algorithm); + if (!$success) { + throw new DomainException("OpenSSL unable to verify data: " . openssl_error_string()); + } else { + return $signature; + } + case 'hash_hmac': + default: + $hash = hash_hmac($algorithm, $msg, $key, true); + if (function_exists('hash_equals')) { + return hash_equals($signature, $hash); + } + $len = min(static::safeStrlen($signature), static::safeStrlen($hash)); + + $status = 0; + for ($i = 0; $i < $len; $i++) { + $status |= (ord($signature[$i]) ^ ord($hash[$i])); + } + $status |= (static::safeStrlen($signature) ^ static::safeStrlen($hash)); + + return ($status === 0); + } + } + + /** + * Decode a JSON string into a PHP object. + * + * @param string $input JSON string + * + * @return object Object representation of JSON string + * + * @throws DomainException Provided string was invalid JSON + */ + public static function jsonDecode($input) + { + if (version_compare(PHP_VERSION, '5.4.0', '>=') && !(defined('JSON_C_VERSION') && PHP_INT_SIZE > 4)) { + /** In PHP >=5.4.0, json_decode() accepts an options parameter, that allows you + * to specify that large ints (like Steam Transaction IDs) should be treated as + * strings, rather than the PHP default behaviour of converting them to floats. + */ + $obj = json_decode($input, false, 512, JSON_BIGINT_AS_STRING); + } else { + /** Not all servers will support that, however, so for older versions we must + * manually detect large ints in the JSON string and quote them (thus converting + *them to strings) before decoding, hence the preg_replace() call. + */ + $max_int_length = strlen((string) PHP_INT_MAX) - 1; + $json_without_bigints = preg_replace('/:\s*(-?\d{'.$max_int_length.',})/', ': "$1"', $input); + $obj = json_decode($json_without_bigints); + } + + if (function_exists('json_last_error') && $errno = json_last_error()) { + static::handleJsonError($errno); + } elseif ($obj === null && $input !== 'null') { + throw new DomainException('Null result with non-null input'); + } + return $obj; + } + + /** + * Encode a PHP object into a JSON string. + * + * @param object|array $input A PHP object or array + * + * @return string JSON representation of the PHP object or array + * + * @throws DomainException Provided object could not be encoded to valid JSON + */ + public static function jsonEncode($input) + { + $json = json_encode($input); + if (function_exists('json_last_error') && $errno = json_last_error()) { + static::handleJsonError($errno); + } elseif ($json === 'null' && $input !== null) { + throw new DomainException('Null result with non-null input'); + } + return $json; + } + + /** + * Decode a string with URL-safe Base64. + * + * @param string $input A Base64 encoded string + * + * @return string A decoded string + */ + public static function urlsafeB64Decode($input) + { + $remainder = strlen($input) % 4; + if ($remainder) { + $padlen = 4 - $remainder; + $input .= str_repeat('=', $padlen); + } + return base64_decode(strtr($input, '-_', '+/')); + } + + /** + * Encode a string with URL-safe Base64. + * + * @param string $input The string you want encoded + * + * @return string The base64 encode of what you passed in + */ + public static function urlsafeB64Encode($input) + { + return str_replace('=', '', strtr(base64_encode($input), '+/', '-_')); + } + + /** + * Helper method to create a JSON error. + * + * @param int $errno An error number from json_last_error() + * + * @return void + */ + private static function handleJsonError($errno) + { + $messages = array( + JSON_ERROR_DEPTH => 'Maximum stack depth exceeded', + JSON_ERROR_CTRL_CHAR => 'Unexpected control character found', + JSON_ERROR_SYNTAX => 'Syntax error, malformed JSON' + ); + throw new DomainException( + isset($messages[$errno]) + ? $messages[$errno] + : 'Unknown JSON error: ' . $errno + ); + } + + /** + * Get the number of bytes in cryptographic strings. + * + * @param string + * + * @return int + */ + private static function safeStrlen($str) + { + if (function_exists('mb_strlen')) { + return mb_strlen($str, '8bit'); + } + return strlen($str); + } +} diff --git a/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/firebase/php-jwt/src/SignatureInvalidException.php b/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/firebase/php-jwt/src/SignatureInvalidException.php new file mode 100644 index 0000000..27332b2 --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/firebase/php-jwt/src/SignatureInvalidException.php @@ -0,0 +1,7 @@ +redirectTo instead of just call it. +* Split the setting check methods. Now 1 method for IdP settings and other for SP settings. +* Let the setting object to avoid the IdP setting check. required if we want to publish SP SAML Metadata when the IdP data is still not provided. + +v.2.5.0 +------- +* Do accesible the ID of the object Logout Request (id attribute). +* Add note about the fact that PHP 5.3 is unssuported. +* Add fingerprint algorithm support. +* Add dependences to composer. + +v.2.4.0 +------- +* Fix wrong element order in generated metadata. +* Added SLO with nameID and SessionIndex in demo1. +* Improve isHTTPS method in order to support HTTP_X_FORWARDED_PORT. +* Set optional the XMLvalidation (enable/disable it with wantXMLValidation security setting). + +v.2.3.0 +------- +* Resolve namespace problem. Some IdPs uses saml2p:Response and saml2:Assertion instead of samlp:Response saml:Assertion. +* Improve test and documentation. +* Improve ADFS compatibility. +* Remove unnecessary XSDs files. +* Make available the reason for the saml message invalidation. +* Adding ability to set idp cert once the Setting object initialized. +* Fix status info issue. +* Reject SAML Response if not signed and strict = false. +* Support NameId and SessionIndex in LogoutRequest. +* Add ForceAuh and IsPassive support. + +v.2.2.0 +------- +* Fix bug with Encrypted nameID on LogoutRequest. +* Fixed usability bug. SP will inform about AuthFail status after process a Response. +* Added SessionIndex support on LogoutRequest, and know is accesible from the Auth class. +* LogoutRequest and LogoutResponse classes now accept non deflated xml. +* Improved the XML metadata/ Decrypted Assertion output. (prettyprint). +* Fix bug in formatPrivateKey method, the key could be not RSA. +* Explicit warning message for signed element problem. +* Decrypt method improved. +* Support more algorithm at the SigAlg in the Signed LogoutRequests and LogoutResponses +* AuthNRequest now stores ID (it can be retrieved later). +* Fixed a typo on the 'NameIdPolicy' attribute that appeared at the README and settings_example file. + + +v.2.1.0 +------- + +* The isValid method of the Logout Request is now non-static. (affects processSLO method of Auth.php). +* Logout Request constructor now accepts encoded logout requests. +* Now after validate a message, if fails a method getError of the object will return the cause. +* Fix typos. +* Added extra parameters option to login and logout methods. +* Improve Test (new test, use the new getError method for testing). +* Bugfix namespace problem when getting Attributes. + + +v.2.0.0 +------- + +* New PHP SAML Toolkit (SLO, Sign, Encryptation). + + +v.1.0.0 +------- + +* Old PHP SAML Toolkit. diff --git a/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/onelogin/php-saml/LICENSE b/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/onelogin/php-saml/LICENSE new file mode 100644 index 0000000..dbbca9c --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/onelogin/php-saml/LICENSE @@ -0,0 +1,23 @@ +Copyright (c) 2010-2016 OneLogin, Inc. + +Permission is hereby granted, free of charge, to any person +obtaining a copy of this software and associated documentation +files (the "Software"), to deal in the Software without +restriction, including without limitation the rights to use, +copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the +Software is furnished to do so, subject to the following +conditions: + +The above copyright notice and this permission notice shall be +included in all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, +EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES +OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND +NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT +HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, +WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING +FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR +OTHER DEALINGS IN THE SOFTWARE. + diff --git a/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/onelogin/php-saml/README.md b/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/onelogin/php-saml/README.md new file mode 100644 index 0000000..7ad8b48 --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/onelogin/php-saml/README.md @@ -0,0 +1,1539 @@ +# OneLogin's SAML PHP Toolkit Compatible with PHP 5.X & 7.X + +[![Build Status](https://api.travis-ci.org/onelogin/php-saml.png?branch=master)](http://travis-ci.org/onelogin/php-saml) [![Coverage Status](https://coveralls.io/repos/onelogin/php-saml/badge.png)](https://coveralls.io/r/onelogin/php-saml) [![License](https://poser.pugx.org/onelogin/php-saml/license.png)](https://packagist.org/packages/onelogin/php-saml) + +Add SAML support to your PHP software using this library. +Forget those complicated libraries and use this open source library provided +and supported by OneLogin Inc. + + +Warning +------- + +Version 3.4.0 introduces the 'rejectUnsolicitedResponsesWithInResponseTo' setting parameter, by default disabled, that will allow invalidate unsolicited SAMLResponse. This version as well will reject SAMLResponse if requestId was provided to the validator but the SAMLResponse does not contain a InResponseTo attribute. And an additional setting parameter 'destinationStrictlyMatches', by default disabled, that will force that the Destination URL should strictly match to the address that process the SAMLResponse. + +Version 3.3.1 updates xmlseclibs to 3.0.4 (CVE-2019-3465), but php-saml was not directly affected since it implements additional checks that prevent to exploit that vulnerability. + +Version 3.3.0 sets strict mode active by default + +Update php-saml to 3.1.0, this version includes a security patch related to XEE attacks. + +This version is compatible with PHP 7.X and does not include xmlseclibs (you will need to install it via composer, dependency described in composer.json) + +Security Guidelines +------------------- + +If you believe you have discovered a security vulnerability in this toolkit, please report it at https://www.onelogin.com/security with a description. We follow responsible disclosure guidelines, and will work with you to quickly find a resolution. + + +Why add SAML support to my software? +------------------------------------ + +SAML is an XML-based standard for web browser single sign-on and is defined by +the OASIS Security Services Technical Committee. The standard has been around +since 2002, but lately it is becoming popular due its advantages: + + * **Usability** - One-click access from portals or intranets, deep linking, + password elimination and automatically renewing sessions make life + easier for the user. + * **Security** - Based on strong digital signatures for authentication and + integrity, SAML is a secure single sign-on protocol that the largest + and most security conscious enterprises in the world rely on. + * **Speed** - SAML is fast. One browser redirect is all it takes to securely + sign a user into an application. + * **Phishing Prevention** - If you don’t have a password for an app, you + can’t be tricked into entering it on a fake login page. + * **IT Friendly** - SAML simplifies life for IT because it centralizes + authentication, provides greater visibility and makes directory + integration easier. + * **Opportunity** - B2B cloud vendor should support SAML to facilitate the + integration of their product. + + +General description +------------------- + +OneLogin's SAML PHP toolkit let you build a SP (Service Provider) over +your PHP application and connect it to any IdP (Identity Provider). + +Supports: + + * SSO and SLO (SP-Initiated and IdP-Initiated). + * Assertion and nameId encryption. + * Assertion signature. + * Message signature: AuthNRequest, LogoutRequest, LogoutResponses. + * Enable an Assertion Consumer Service endpoint. + * Enable a Single Logout Service endpoint. + * Publish the SP metadata (which can be signed). + +Key features: + + * **saml2int** - Implements the SAML 2.0 Web Browser SSO Profile. + * **Session-less** - Forget those common conflicts between the SP and + the final app, the toolkit delegate session in the final app. + * **Easy to use** - Programmer will be allowed to code high-level and + low-level programming, 2 easy to use APIs are available. + * **Tested** - Thoroughly tested. + * **Popular** - OneLogin's customers use it. Many PHP SAML plugins uses it. + +Integrate your PHP toolkit at OneLogin using this guide: [https://developers.onelogin.com/page/saml-toolkit-for-php](https://developers.onelogin.com/page/saml-toolkit-for-php) + +Installation +------------ + +### Dependencies ### + + * `php >= 5.4` and some core extensions like `php-xml`, `php-date`, `php-zlib`. + * `openssl`. Install the openssl library. It handles x509 certificates. + * `gettext`. Install that library and its php driver. It handles translations. + * `curl`. Install that library and its php driver if you plan to use the IdP Metadata parser. + +### Code ### + +#### Option 1. clone the repository from github #### + +git clone git@github.com:onelogin/php-saml.git + +Then pull the 3.X.X branch/tag + +#### Option 2. Download from github #### + +The toolkit is hosted on github. You can download it from: + + * https://github.com/onelogin/php-saml/releases + +Search for 3.X.X releases + +Copy the core of the library inside the php application. (each application has its +structure so take your time to locate the PHP SAML toolkit in the best place). +See the "Guide to add SAML support to my app" to know how. + +Take in mind that the compressed file only contains the main files. +If you plan to play with the demos, use the Option 1. + +#### Option 3. Composer #### + +The toolkit supports [composer](https://getcomposer.org/). You can find the `onelogin/php-saml` package at https://packagist.org/packages/onelogin/php-saml + +In order to import the saml toolkit to your current php project, execute +``` +composer require onelogin/php-saml +``` + +Remember to select the 3.X.X branch + +After installation has completed you will find at the `vendor/` folder a new folder named `onelogin` and inside the `php-saml`. Make sure you are including the autoloader provided by composer. It can be found at `vendor/autoload.php`. + +**Important** In this option, the x509 certs must be stored at `vendor/onelogin/php-saml/certs` +and settings file stored at `vendor/onelogin/php-saml`. + +Your settings are at risk of being deleted when updating packages using `composer update` or similar commands. So it is **highly** recommended that instead of using settings files, you pass the settings as an array directly to the constructor (explained later in this document). If you do not use this approach your settings are at risk of being deleted when updating packages using `composer update` or similar commands. + +Compatibility +------------- + +This 3.X.X supports PHP 7.X. but can be used with PHP >=5.4 as well (5.6.24+ recommended for security reasons). + +Namespaces +---------- + +If you are using the library with a framework like Symfony that contains +namespaces, remember that calls to the class must be done by adding a backslash (`\`) to the +start, for example to use the static method getSelfURLNoQuery use: + + \OneLogin\Saml2\Utils::getSelfURLNoQuery() + + +Security warning +---------------- + +In production, the `strict` parameter **MUST** be set as `"true"` and the +`signatureAlgorithm` and `digestAlgorithm` under `security` must be set to +something other than SHA1 (see https://shattered.io/ ). Otherwise your +environment is not secure and will be exposed to attacks. + +In production also we highly recommended to register on the settings the IdP certificate instead of using the fingerprint method. The fingerprint, is a hash, so at the end is open to a collision attack that can end on a signature validation bypass. Other SAML toolkits deprecated that mechanism, we maintain it for compatibility and also to be used on test environment. + +Getting started +--------------- + +### Knowing the toolkit ### + +The new OneLogin SAML Toolkit contains different folders (`certs`, `endpoints`, +`lib`, `demo`, etc.) and some files. + +Let's start describing the folders: + +#### `certs/` #### + +SAML requires a x509 cert to sign and encrypt elements like `NameID`, `Message`, +`Assertion`, `Metadata`. + +If our environment requires sign or encrypt support, this folder may contain +the x509 cert and the private key that the SP will use: + + * `sp.crt` - The public cert of the SP + * `sp.key` - The private key of the SP + +Or also we can provide those data in the setting file at the `$settings['sp']['x509cert']` +and the `$settings['sp']['privateKey']`. + +Sometimes we could need a signature on the metadata published by the SP, in +this case we could use the x509 cert previously mentioned or use a new x.509 +cert: `metadata.crt` and `metadata.key`. + +Use `sp_new.crt` if you are in a key rollover process and you want to +publish that x509 certificate on Service Provider metadata. + +#### `src/` #### + +This folder contains the heart of the toolkit, the libraries: + + * `Saml2` folder contains the new version of the classes and methods that + are described in a later section. + + +#### `doc/` #### + +This folder contains the API documentation of the toolkit. + + +#### `endpoints/` #### + +The toolkit has three endpoints: + + * `metadata.php` - Where the metadata of the SP is published. + * `acs.php` - Assertion Consumer Service. Processes the SAML Responses. + * `sls.php` - Single Logout Service. Processes Logout Requests and Logout + Responses. + +You can use the files provided by the toolkit or create your own endpoints +files when adding SAML support to your applications. Take in mind that those +endpoints files uses the setting file of the toolkit's base folder. + + +#### `locale/` #### + +Locale folder contains some translations: `en_US` and `es_ES` as a proof of concept. +Currently there are no translations but we will eventually localize the messages +and support multiple languages. + + +#### Other important files #### + +* `settings_example.php` - A template to be used in order to create a + settings.php file which contains the basic configuration info of the toolkit. +* `advanced_settings_example.php` - A template to be used in order to create a + advanced_settings.php file which contains extra configuration info related to + the security, the contact person, and the organization associated to the SP. +* `_toolkit_loader.php` - This file load the toolkit libraries (The SAML2 lib). + + +#### Miscellaneous #### + +* `tests/` - Contains the unit test of the toolkit. +* `demo1/` - Contains an example of a simple PHP app with SAML support. + Read the `Readme.txt` inside for more info. +* `demo2/` - Contains another example. + + +### How it works ### + +#### Settings #### + +First of all we need to configure the toolkit. The SP's info, the IdP's info, +and in some cases, configure advanced security issues like signatures and +encryption. + +There are two ways to provide the settings information: + + * Use a `settings.php` file that we should locate at the base folder of the + toolkit. + * Use an array with the setting data and provide it directly to the + constructor of the class. + + +There is a template file, `settings_example.php`, so you can make a copy of this +file, rename and edit it. + +```php + true, + + // Enable debug mode (to print errors). + 'debug' => false, + + // Set a BaseURL to be used instead of try to guess + // the BaseURL of the view that process the SAML Message. + // Ex http://sp.example.com/ + // http://example.com/sp/ + 'baseurl' => null, + + // Service Provider Data that we are deploying. + 'sp' => array( + // Identifier of the SP entity (must be a URI) + 'entityId' => '', + // Specifies info about where and how the message MUST be + // returned to the requester, in this case our SP. + 'assertionConsumerService' => array( + // URL Location where the from the IdP will be returned + 'url' => '', + // SAML protocol binding to be used when returning the + // message. OneLogin Toolkit supports this endpoint for the + // HTTP-POST binding only. + 'binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST', + ), + // If you need to specify requested attributes, set a + // attributeConsumingService. nameFormat, attributeValue and + // friendlyName can be omitted + "attributeConsumingService"=> array( + "serviceName" => "SP test", + "serviceDescription" => "Test Service", + "requestedAttributes" => array( + array( + "name" => "", + "isRequired" => false, + "nameFormat" => "", + "friendlyName" => "", + "attributeValue" => array() + ) + ) + ), + // Specifies info about where and how the message MUST be + // returned to the requester, in this case our SP. + 'singleLogoutService' => array( + // URL Location where the from the IdP will be returned + 'url' => '', + // SAML protocol binding to be used when returning the + // message. OneLogin Toolkit supports the HTTP-Redirect binding + // only for this endpoint. + 'binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect', + ), + // Specifies the constraints on the name identifier to be used to + // represent the requested subject. + // Take a look on lib/Saml2/Constants.php to see the NameIdFormat supported. + 'NameIDFormat' => 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress', + // Usually x509cert and privateKey of the SP are provided by files placed at + // the certs folder. But we can also provide them with the following parameters + 'x509cert' => '', + 'privateKey' => '', + + /* + * Key rollover + * If you plan to update the SP x509cert and privateKey + * you can define here the new x509cert and it will be + * published on the SP metadata so Identity Providers can + * read them and get ready for rollover. + */ + // 'x509certNew' => '', + ), + + // Identity Provider Data that we want connected with our SP. + 'idp' => array( + // Identifier of the IdP entity (must be a URI) + 'entityId' => '', + // SSO endpoint info of the IdP. (Authentication Request protocol) + 'singleSignOnService' => array( + // URL Target of the IdP where the Authentication Request Message + // will be sent. + 'url' => '', + // SAML protocol binding to be used when returning the + // message. OneLogin Toolkit supports the HTTP-Redirect binding + // only for this endpoint. + 'binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect', + ), + // SLO endpoint info of the IdP. + 'singleLogoutService' => array( + // URL Location of the IdP where SLO Request will be sent. + 'url' => '', + // URL location of the IdP where SLO Response will be sent (ResponseLocation) + // if not set, url for the SLO Request will be used + 'responseUrl' => '', + // SAML protocol binding to be used when returning the + // message. OneLogin Toolkit supports the HTTP-Redirect binding + // only for this endpoint. + 'binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect', + ), + // Public x509 certificate of the IdP + 'x509cert' => '', + /* + * Instead of use the whole x509cert you can use a fingerprint in order to + * validate a SAMLResponse, but we don't recommend to use that + * method on production since is exploitable by a collision attack. + * (openssl x509 -noout -fingerprint -in "idp.crt" to generate it, + * or add for example the -sha256 , -sha384 or -sha512 parameter) + * + * If a fingerprint is provided, then the certFingerprintAlgorithm is required in order to + * let the toolkit know which algorithm was used. Possible values: sha1, sha256, sha384 or sha512 + * 'sha1' is the default value. + * + * Notice that if you want to validate any SAML Message sent by the HTTP-Redirect binding, you + * will need to provide the whole x509cert. + */ + // 'certFingerprint' => '', + // 'certFingerprintAlgorithm' => 'sha1', + + /* In some scenarios the IdP uses different certificates for + * signing/encryption, or is under key rollover phase and + * more than one certificate is published on IdP metadata. + * In order to handle that the toolkit offers that parameter. + * (when used, 'x509cert' and 'certFingerprint' values are + * ignored). + */ + // 'x509certMulti' => array( + // 'signing' => array( + // 0 => '', + // ), + // 'encryption' => array( + // 0 => '', + // ) + // ), + ), +); +``` +In addition to the required settings data (IdP, SP), there is extra +information that could be defined. In the same way that a template exists +for the basic info, there is a template for that advanced info located +at the base folder of the toolkit and named `advanced_settings_example.php` +that you can copy and rename it as `advanced_settings.php` + +```php + array( + 'requests' => true, + 'responses' => true + ), + // Security settings + 'security' => array( + + /** signatures and encryptions offered */ + + // Indicates that the nameID of the sent by this SP + // will be encrypted. + 'nameIdEncrypted' => false, + + // Indicates whether the messages sent by this SP + // will be signed. [Metadata of the SP will offer this info] + 'authnRequestsSigned' => false, + + // Indicates whether the messages sent by this SP + // will be signed. + 'logoutRequestSigned' => false, + + // Indicates whether the messages sent by this SP + // will be signed. + 'logoutResponseSigned' => false, + + /* Sign the Metadata + False || True (use sp certs) || array ( + 'keyFileName' => 'metadata.key', + 'certFileName' => 'metadata.crt' + ) + || array ( + 'x509cert' => '', + 'privateKey' => '' + ) + */ + 'signMetadata' => false, + + /** signatures and encryptions required **/ + + // Indicates a requirement for the , + // and elements received by this SP to be signed. + 'wantMessagesSigned' => false, + + // Indicates a requirement for the elements received by + // this SP to be encrypted. + 'wantAssertionsEncrypted' => false, + + // Indicates a requirement for the elements received by + // this SP to be signed. [Metadata of the SP will offer this info] + 'wantAssertionsSigned' => false, + + // Indicates a requirement for the NameID element on the SAMLResponse + // received by this SP to be present. + 'wantNameId' => true, + + // Indicates a requirement for the NameID received by + // this SP to be encrypted. + 'wantNameIdEncrypted' => false, + + // Authentication context. + // Set to false and no AuthContext will be sent in the AuthNRequest. + // Set true or don't present this parameter and you will get an AuthContext 'exact' 'urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport'. + // Set an array with the possible auth context values: array('urn:oasis:names:tc:SAML:2.0:ac:classes:Password', 'urn:oasis:names:tc:SAML:2.0:ac:classes:X509'). + 'requestedAuthnContext' => true, + + // Indicates if the SP will validate all received xmls. + // (In order to validate the xml, 'strict' and 'wantXMLValidation' must be true). + 'wantXMLValidation' => true, + + // If true, SAMLResponses with an empty value at its Destination + // attribute will not be rejected for this fact. + 'relaxDestinationValidation' => false, + + // If true, Destination URL should strictly match to the address to + // which the response has been sent. + // Notice that if 'relaxDestinationValidation' is true an empty Destintation + // will be accepted. + 'destinationStrictlyMatches' => false, + + // If true, SAMLResponses with an InResponseTo value will be rejectd if not + // AuthNRequest ID provided to the validation method. + 'rejectUnsolicitedResponsesWithInResponseTo' => false, + + // Algorithm that the toolkit will use on signing process. Options: + // 'http://www.w3.org/2000/09/xmldsig#rsa-sha1' + // 'http://www.w3.org/2000/09/xmldsig#dsa-sha1' + // 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256' + // 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha384' + // 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha512' + // Notice that rsa-sha1 is a deprecated algorithm and should not be used + 'signatureAlgorithm' => 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256', + + // Algorithm that the toolkit will use on digest process. Options: + // 'http://www.w3.org/2000/09/xmldsig#sha1' + // 'http://www.w3.org/2001/04/xmlenc#sha256' + // 'http://www.w3.org/2001/04/xmldsig-more#sha384' + // 'http://www.w3.org/2001/04/xmlenc#sha512' + // Notice that sha1 is a deprecated algorithm and should not be used + 'digestAlgorithm' => 'http://www.w3.org/2001/04/xmlenc#sha256', + + // ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses + // uppercase. Turn it True for ADFS compatibility on signature verification + 'lowercaseUrlencoding' => false, + ), + + // Contact information template, it is recommended to supply a + // technical and support contacts. + 'contactPerson' => array( + 'technical' => array( + 'givenName' => '', + 'emailAddress' => '' + ), + 'support' => array( + 'givenName' => '', + 'emailAddress' => '' + ), + ), + + // Organization information template, the info in en_US lang is + // recomended, add more if required. + 'organization' => array( + 'en-US' => array( + 'name' => '', + 'displayname' => '', + 'url' => '' + ), + ), +); +``` + +The compression settings allow you to instruct whether or not the IdP can accept +data that has been compressed using [gzip](gzip) ('requests' and 'responses'). +But if we provide a `$deflate` boolean parameter to the `getRequest` or `getResponse` method it will have priority over the compression settings. + +In the security section, you can set the way that the SP will handle the messages +and assertions. Contact the admin of the IdP and ask him what the IdP expects, +and decide what validations will handle the SP and what requirements the SP will have +and communicate them to the IdP's admin too. + +Once we know what kind of data could be configured, let's talk about the way +settings are handled within the toolkit. + +The settings files described (`settings.php` and `advanced_settings.php`) are loaded +by the toolkit if no other array with settings info is provided in the constructor of the toolkit. Let's see some examples. + +```php +// Initializes toolkit with settings.php & advanced_settings files. +$auth = new OneLogin\Saml2\Auth(); +//or +$settings = new OneLogin\Saml2\Settings(); + +// Initializes toolkit with the array provided. +$auth = new OneLogin\Saml2\Auth($settingsInfo); +//or +$settings = new OneLogin\Saml2\Settings($settingsInfo); +``` + +You can declare the `$settingsInfo` in the file that contains the constructor +execution or locate them in any file and load the file in order to get the +array available as we see in the following example: + +```php +login(); // Method that sent the AuthNRequest +``` + +The `AuthNRequest` will be sent signed or unsigned based on the security info +of the `advanced_settings.php` (`'authnRequestsSigned'`). + + +The IdP will then return the SAML Response to the user's client. The client is then forwarded to the Attribute Consumer Service of the SP with this information. If we do not set a `'url'` param in the login method and we are using the default ACS provided by the toolkit (`endpoints/acs.php`), then the ACS endpoint will redirect the user to the file that launched the SSO request. + +We can set a `'returnTo'` url to change the workflow and redirect the user to the other PHP file. + +```php +$newTargetUrl = 'http://example.com/consume2.php'; +$auth = new OneLogin\Saml2\Auth(); +$auth->login($newTargetUrl); +``` + +The login method can receive other six optional parameters: + +* `$parameters` - An array of parameters that will be added to the `GET` in the HTTP-Redirect. +* `$forceAuthn` - When true the `AuthNRequest` will set the `ForceAuthn='true'` +* `$isPassive` - When true the `AuthNRequest` will set the `Ispassive='true'` +* `$strict` - True if we want to stay (returns the url string) False to redirect +* `$setNameIdPolicy` - When true the AuthNRequest will set a nameIdPolicy element. +* `$nameIdValueReq` - Indicates to the IdP the subject that should be authenticated. + +If a match on the future SAMLResponse ID and the AuthNRequest ID to be sent is required, that AuthNRequest ID must to be extracted and saved. + +```php +$ssoBuiltUrl = $auth->login(null, array(), false, false, true); +$_SESSION['AuthNRequestID'] = $auth->getLastRequestID(); +header('Pragma: no-cache'); +header('Cache-Control: no-cache, must-revalidate'); +header('Location: ' . $ssoBuiltUrl); +exit(); +``` + +#### The SP Endpoints #### + +Related to the SP there are three important views: The metadata view, the ACS view and the SLS view. The toolkit +provides examples of those views in the endpoints directory. + +##### SP Metadata `endpoints/metadata.php` ##### + +This code will provide the XML metadata file of our SP, based on the info that we provided in the settings files. + +```php +getSettings(); + $metadata = $settings->getSPMetadata(); + $errors = $settings->validateMetadata($metadata); + if (empty($errors)) { + header('Content-Type: text/xml'); + echo $metadata; + } else { + throw new OneLogin\Saml2\Error( + 'Invalid SP metadata: '.implode(', ', $errors), + OneLogin\Saml2\Error::METADATA_SP_INVALID + ); + } +} catch (Exception $e) { + echo $e->getMessage(); +} +``` +The `getSPMetadata` will return the metadata signed or not based +on the security info of the `advanced_settings.php` (`'signMetadata'`). + +Before the XML metadata is exposed, a check takes place to ensure +that the info to be provided is valid. + +Instead of use the Auth object, you can directly use + +```php +$settings = new OneLogin\Saml2\Settings($settingsInfo, true); +``` +to get the settings object and with the true parameter we will avoid the IdP Settings validation. + + +##### Attribute Consumer Service(ACS) `endpoints/acs.php` ##### + +This code handles the SAML response that the IdP forwards to the SP through the user's client. + +```php +processResponse($requestID); +unset($_SESSION['AuthNRequestID']); + +$errors = $auth->getErrors(); + +if (!empty($errors)) { + echo '

' . implode(', ', $errors) . '

'; + exit(); +} + +if (!$auth->isAuthenticated()) { + echo "

Not authenticated

"; + exit(); +} + +$_SESSION['samlUserdata'] = $auth->getAttributes(); +$_SESSION['samlNameId'] = $auth->getNameId(); +$_SESSION['samlNameIdFormat'] = $auth->getNameIdFormat(); +$_SESSION['samlNameidNameQualifier'] = $auth->getNameIdNameQualifier(); +$_SESSION['samlNameidSPNameQualifier'] = $auth->getNameIdSPNameQualifier(); +$_SESSION['samlSessionIndex'] = $auth->getSessionIndex(); + +if (isset($_POST['RelayState']) && OneLogin\Saml2\Utils::getSelfURL() != $_POST['RelayState']) { + $auth->redirectTo($_POST['RelayState']); +} + +$attributes = $_SESSION['samlUserdata']; +$nameId = $_SESSION['samlNameId']; + +echo '

Identified user: '. htmlentities($nameId) .'

'; + +if (!empty($attributes)) { + echo '

' . _('User attributes:') . '

'; + echo ''; + foreach ($attributes as $attributeName => $attributeValues) { + echo ''; + } + echo '
' . _('Name') . '' . _('Values') . '
' . htmlentities($attributeName) . '
    '; + foreach ($attributeValues as $attributeValue) { + echo '
  • ' . htmlentities($attributeValue) . '
    • '; + } + echo '
'; +} else { + echo _('No attributes found.'); +} +``` + +The SAML response is processed and then checked that there are no errors. +It also verifies that the user is authenticated and stored the userdata in session. + +At that point there are two possible alternatives: + + 1. If no `RelayState` is provided, we could show the user data in this view + or however we wanted. + + 2. If `RelayState` is provided, a redirection takes place. + +Notice that we saved the user data in the session before the redirection to +have the user data available at the `RelayState` view. + + +###### The `getAttributes` method ###### + +In order to retrieve attributes we can use: + +```php +$attributes = $auth->getAttributes(); +``` + +With this method we get all the user data provided by the IdP in the Assertion +of the SAML Response. + +If we execute ```print_r($attributes)``` we could get: + +```php +Array +( + [cn] => Array + ( + [0] => John + ) + [sn] => Array + ( + [0] => Doe + ) + [mail] => Array + ( + [0] => john.doe@example.com + ) + [groups] => Array + ( + [0] => users + [1] => members + ) +) +``` + +Each attribute name can be used as an index into `$attributes` to obtain the value. Every attribute value +is an array - a single-valued attribute is an array of a single element. + + +The following code is equivalent: + +```php +$attributes = $auth->getAttributes(); +print_r($attributes['cn']); +``` + +```php +print_r($auth->getAttribute('cn')); +``` + + +Before trying to get an attribute, check that the user is +authenticated. If the user isn't authenticated or if there were +no attributes in the SAML assertion, an empty array will be +returned. For example, if we call to `getAttributes` before a +`$auth->processResponse`, the `getAttributes()` will return an +empty array. + + +##### Single Logout Service (SLS) `endpoints/sls.php` ##### + +This code handles the Logout Request and the Logout Responses. + +```php +processSLO(false, $requestID); + +$errors = $auth->getErrors(); + +if (empty($errors)) { + echo 'Sucessfully logged out'; +} else { + echo implode(', ', $errors); +} +``` + +If the SLS endpoints receives a Logout Response, the response is +validated and the session could be closed + + + +```php +// part of the processSLO method + +$logoutResponse = new OneLogin\Saml2\LogoutResponse($this->_settings, $_GET['SAMLResponse']); +if (!$logoutResponse->isValid($requestId)) { + $this->_errors[] = 'invalid_logout_response'; +} else if ($logoutResponse->getStatus() !== OneLogin\Saml2\Constants::STATUS_SUCCESS) { + $this->_errors[] = 'logout_not_success'; +} else { + if (!$keepLocalSession) { + OneLogin\Saml2\Utils::deleteLocalSession(); + } +} +``` + +If the SLS endpoints receives an Logout Request, the request is validated, +the session is closed and a Logout Response is sent to the SLS endpoint of +the IdP. + +```php +// part of the processSLO method + +$decoded = base64_decode($_GET['SAMLRequest']); +$request = gzinflate($decoded); +if (!OneLogin\Saml2\LogoutRequest::isValid($this->_settings, $request)) { + $this->_errors[] = 'invalid_logout_request'; +} else { + if (!$keepLocalSession) { + OneLogin\Saml2\Utils::deleteLocalSession(); + } + + $inResponseTo = $request->id; + $responseBuilder = new OneLogin\Saml2\LogoutResponse($this->_settings); + $responseBuilder->build($inResponseTo); + $logoutResponse = $responseBuilder->getResponse(); + + $parameters = array('SAMLResponse' => $logoutResponse); + if (isset($_GET['RelayState'])) { + $parameters['RelayState'] = $_GET['RelayState']; + } + + $security = $this->_settings->getSecurityData(); + if (isset($security['logoutResponseSigned']) && $security['logoutResponseSigned']) { + $signature = $this->buildResponseSignature($logoutResponse, $parameters['RelayState'], $security['signatureAlgorithm']); + $parameters['SigAlg'] = $security['signatureAlgorithm']; + $parameters['Signature'] = $signature; + } + + $this->redirectTo($this->getSLOurl(), $parameters); +} +``` + +If you aren't using the default PHP session, or otherwise need a manual +way to destroy the session, you can pass a callback method to the +`processSLO` method as the fourth parameter + +```php +$keepLocalSession = False; +$callback = function () { + // Destroy user session +}; + +$auth->processSLO($keepLocalSession, null, false, $callback); +``` + + +If we don't want that `processSLO` to destroy the session, pass a true +parameter to the `processSLO` method + +```php +$keepLocalSession = True; +$auth->processSLO($keepLocalSession); +``` + +#### Initiate SLO #### + +In order to send a Logout Request to the IdP: + +```php +logout(); // Method that sent the Logout Request. +``` + +Also there are eight optional parameters that can be set: +* `$returnTo` - The target URL the user should be returned to after logout. +* `$parameters` - Extra parameters to be added to the GET. +* `$name_id` - That will be used to build the LogoutRequest. If `name_id` parameter is not set and the auth object processed a +SAML Response with a `NameId`, then this `NameId` will be used. +* `$session_index` - SessionIndex that identifies the session of the user. +* `$stay` - True if we want to stay (returns the url string) False to redirect. +* `$nameIdFormat` - The NameID Format will be set in the LogoutRequest. +* `$nameIdNameQualifier` - The NameID NameQualifier will be set in the LogoutRequest. +* `$nameIdSPNameQualifier` - The NameID SP NameQualifier will be set in the LogoutRequest. + +The Logout Request will be sent signed or unsigned based on the security +info of the `advanced_settings.php` (`'logoutRequestSigned'`). + +The IdP will return the Logout Response through the user's client to the +Single Logout Service of the SP. +If we do not set a `'url'` param in the logout method and are using the +default SLS provided by the toolkit (`endpoints/sls.php`), then the SLS +endpoint will redirect the user to the file that launched the SLO request. + +We can set an `'returnTo'` url to change the workflow and redirect the user +to other php file. + +```php +$newTargetUrl = 'http://example.com/loggedOut.php'; +$auth = new OneLogin\Saml2\Auth(); +$auth->logout($newTargetUrl); +``` +A more complex logout with all the parameters: +``` +$auth = new OneLogin\Saml2\Auth(); +$returnTo = null; +$parameters = array(); +$nameId = null; +$sessionIndex = null; +$nameIdFormat = null; +$nameIdNameQualifier = null; +$nameIdSPNameQualifier = null; + +if (isset($_SESSION['samlNameId'])) { + $nameId = $_SESSION['samlNameId']; +} +if (isset($_SESSION['samlSessionIndex'])) { + $sessionIndex = $_SESSION['samlSessionIndex']; +} +if (isset($_SESSION['samlNameIdFormat'])) { + $nameIdFormat = $_SESSION['samlNameIdFormat']; +} +if (isset($_SESSION['samlNameIdNameQualifier'])) { + $nameIdNameQualifier = $_SESSION['samlNameIdNameQualifier']; +} +if (isset($_SESSION['samlNameIdSPNameQualifier'])) { + $nameIdSPNameQualifier = $_SESSION['samlNameIdSPNameQualifier']; +} +$auth->logout($returnTo, $parameters, $nameId, $sessionIndex, false, $nameIdFormat, $nameIdNameQualifier, $nameIdSPNameQualifier); +``` + +If a match on the future LogoutResponse ID and the LogoutRequest ID to be sent is required, that LogoutRequest ID must to be extracted and stored. + +```php +$sloBuiltUrl = $auth->logout(null, $parameters, $nameId, $sessionIndex, true); +$_SESSION['LogoutRequestID'] = $auth->getLastRequestID(); +header('Pragma: no-cache'); +header('Cache-Control: no-cache, must-revalidate'); +header('Location: ' . $sloBuiltUrl); +exit(); +``` + +#### Example of a view that initiates the SSO request and handles the response (is the acs target) #### + +We can code a unique file that initiates the SSO process, handle the response, get the attributes, initiate +the SLO and processes the logout response. + +Note: Review the `demo1` folder that contains that use case; in a later section we +explain the demo1 use case further in detail. + +```php +login(); +} else if (isset($_GET['sso2'])) { // Another SSO action + $returnTo = $spBaseUrl.'/demo1/attrs.php'; // but set a custom RelayState URL + $auth->login($returnTo); +} else if (isset($_GET['slo'])) { // SLO action. Will sent a Logout Request to IdP + $auth->logout(); +} else if (isset($_GET['acs'])) { // Assertion Consumer Service + $auth->processResponse(); // Process the Response of the IdP, get the + // attributes and put then at + // $_SESSION['samlUserdata'] + + $errors = $auth->getErrors(); // This method receives an array with the errors + // that could took place during the process + + if (!empty($errors)) { + echo '

' . implode(', ', $errors) . '

'; + } + // This check if the response was + if (!$auth->isAuthenticated()) { // sucessfully validated and the user + echo '

Not authenticated

'; // data retrieved or not + exit(); + } + + $_SESSION['samlUserdata'] = $auth->getAttributes(); // Retrieves user data + if (isset($_POST['RelayState']) && OneLogin\Saml2\Utils::getSelfURL() != $_POST['RelayState']) { + $auth->redirectTo($_POST['RelayState']); // Redirect if there is a + } // relayState set +} else if (isset($_GET['sls'])) { // Single Logout Service + $auth->processSLO(); // Process the Logout Request & Logout Response + $errors = $auth->getErrors(); // Retrieves possible validation errors + if (empty($errors)) { + echo '

Sucessfully logged out

'; + } else { + echo '

' . implode(', ', $errors) . '

'; + } +} + +if (isset($_SESSION['samlUserdata'])) { // If there is user data we print it. + if (!empty($_SESSION['samlUserdata'])) { + $attributes = $_SESSION['samlUserdata']; + echo 'You have the following attributes:
'; + echo ''; + foreach ($attributes as $attributeName => $attributeValues) { + echo ''; + } + echo '
NameValues
' . htmlentities($attributeName) . '
    '; + foreach ($attributeValues as $attributeValue) { + echo '
  • ' . htmlentities($attributeValue) . '
    • '; + } + echo '
'; + } else { // If there is not user data, we notify + echo "

You don't have any attribute

"; + } + + echo '

Logout

'; // Print some links with possible +} else { // actions + echo '

Login

'; + echo '

Login and access to attrs.php page

'; +} +``` + +#### URL-guessing methods #### + +php-saml toolkit uses a bunch of methods in OneLogin\Saml2\Utils that try to guess the URL where the SAML messages are processed. + +* `getSelfHost` Returns the current host. +* `getSelfPort` Return the port number used for the request +* `isHTTPS` Checks if the protocol is https or http. +* `getSelfURLhost` Returns the protocol + the current host + the port (if different than common ports). +* `getSelfURL` Returns the URL of the current host + current view + query. +* `getSelfURLNoQuery` Returns the URL of the current host + current view. +* `getSelfRoutedURLNoQuery` Returns the routed URL of the current host + current view. + +getSelfURLNoQuery and getSelfRoutedURLNoQuery are used to calculate the currentURL in order to validate SAML elements like Destination or Recipient. + +When the PHP application is behind a proxy or a load balancer we can execute `setProxyVars(true)` and `setSelfPort` and `isHTTPS` will take care of the `$_SERVER["HTTP_X_FORWARDED_PORT"]` and `$_SERVER['HTTP_X_FORWARDED_PROTO']` vars (otherwise they are ignored). + +Also a developer can use `setSelfProtocol`, `setSelfHost`, `setSelfPort` and `getBaseURLPath` to define a specific value to be returned by `isHTTPS`, `getSelfHost`, `getSelfPort` and `getBaseURLPath`. And define a `setBasePath` to be used on the `getSelfURL` and `getSelfRoutedURLNoQuery` to replace the data extracted from `$_SERVER["REQUEST_URI"]`. + +At the settings the developer will be able to set a `'baseurl'` parameter that automatically will use `setBaseURL` to set values for `setSelfProtocol`, `setSelfHost`, `setSelfPort` and `setBaseURLPath`. + + +### Working behind load balancer ### + +Is possible that asserting request URL and Destination attribute of SAML response fails when working behind load balancer with SSL offload. + +You should be able to workaround this by configuring your server so that it is aware of the proxy and returns the original url when requested. + +Or by using the method described on the previous section. + + +### SP Key rollover ### + +If you plan to update the SP x509cert and privateKey you can define the new x509cert as `$settings['sp']['x509certNew']` and it will be +published on the SP metadata so Identity Providers can read them and get ready for rollover. + + +### IdP with multiple certificates ### + +In some scenarios the IdP uses different certificates for +signing/encryption, or is under key rollover phase and more than one certificate is published on IdP metadata. + +In order to handle that the toolkit offers the `$settings['idp']['x509certMulti']` parameter. + +When that parameter is used, `'x509cert'` and `'certFingerprint'` values will be ignored by the toolkit. + +The `x509certMulti` is an array with 2 keys: +- `signing`. An array of certs that will be used to validate IdP signature +- `encryption` An array with one unique cert that will be used to encrypt data to be sent to the IdP + + +### Replay attacks ### + +In order to avoid replay attacks, you can store the ID of the SAML messages already processed, to avoid processing them twice. Since the Messages expires and will be invalidated due that fact, you don't need to store those IDs longer than the time frame that you currently accepting. + +Get the ID of the last processed message/assertion with the `getLastMessageId`/`getLastAssertionId` methods of the Auth object. + + +### Main classes and methods ### + +Described below are the main classes and methods that can be invoked. + +#### Saml2 library #### + +Lets describe now the classes and methods of the SAML2 library. + +##### OneLogin\Saml2\Auth - Auth.php ##### + +Main class of OneLogin PHP Toolkit + + * `Auth` - Initializes the SP SAML instance + * `login` - Initiates the SSO process. + * `logout` - Initiates the SLO process. + * `processResponse` - Process the SAML Response sent by the IdP. + * `processSLO` - Process the SAML Logout Response / Logout Request sent by the + IdP. + * `redirectTo` - Redirects the user to the url past by parameter or to the url + that we defined in our SSO Request. + * `isAuthenticated` - Checks if the user is authenticated or not. + * `getAttributes` - Returns the set of SAML attributes. + * `getAttribute` - Returns the requested SAML attribute + * `getNameId` - Returns the nameID + * `getNameIdFormat` - Gets the NameID Format provided by the SAML response from the IdP. + * `getNameIdNameQualifier` - Gets the NameID NameQualifier provided from the SAML Response String. + * `getNameIdNameSPQualifier` - Gets the NameID SP NameQualifier provided from the SAML Response String. + * `getSessionIndex` - Gets the SessionIndex from the AuthnStatement. + * `getErrors` - Returns if there were any error + * `getSSOurl` - Gets the SSO url. + * `getSLOurl` - Gets the SLO url. + * `getLastRequestID` - The ID of the last Request SAML message generated. + * `buildRequestSignature` - Generates the Signature for a SAML Request + * `buildResponseSignature` - Generates the Signature for a SAML Response + * `getSettings` - Returns the settings info + * `setStrict` - Set the strict mode active/disable + * `getLastRequestID` - Gets the ID of the last AuthNRequest or LogoutRequest generated by the Service Provider. + * `getLastRequestXML` - Returns the most recently-constructed/processed XML SAML request (AuthNRequest, LogoutRequest) + * `getLastResponseXML` - Returns the most recently-constructed/processed XML SAML response (SAMLResponse, LogoutResponse). If the SAMLResponse had an encrypted assertion, decrypts it. + + +##### OneLogin\Saml2\AuthnRequest - `AuthnRequest.php` ##### + +SAML 2 Authentication Request class + + * `AuthnRequest` - Constructs the `AuthnRequest` object. + * `getRequest` - Returns deflated, base64 encoded, unsigned `AuthnRequest`. + * `getId` - Returns the `AuthNRequest` ID. + * `getXML` - Returns the XML that will be sent as part of the request. + +##### OneLogin\Saml2\Response - `Response.php` ##### + +SAML 2 Authentication Response class + + * `Response` - Constructs the SAML Response object. + * `isValid` - Determines if the SAML Response is valid using the certificate. + * `checkStatus` - Checks if the Status is success. + * `getAudiences` - Gets the audiences. + * `getIssuers` - Gets the Issuers (from Response and Assertion) + * `getNameIdData` - Gets the NameID Data provided by the SAML response from the + IdP. + * `getNameId` - Gets the NameID provided by the SAML response from the IdP. + * `getNameIdFormat` - Gets the NameID Format provided by the SAML response from the IdP. + * `getNameIdNameQualifier` - Gets the NameID NameQualifier provided from the SAML Response String. + * `getNameIdNameSPQualifier` - Gets the NameID SP NameQualifier provided from the SAML Response String. + * `getSessionNotOnOrAfter` - Gets the SessionNotOnOrAfter from the + AuthnStatement + * `getSessionIndex` - Gets the SessionIndex from the AuthnStatement. + * `getAttributes` - Gets the Attributes from the AttributeStatement element. + * `validateNumAssertions` - Verifies that the document only contains a single + Assertion (encrypted or not). + * `validateTimestamps` - Verifies that the document is still valid according + Conditions Element. + * `getError` - After executing a validation process, if it fails, this method returns the cause + * `getXMLDocument` - Returns the SAML Response document (If contains an encrypted assertion, decrypts it) + +##### OneLogin\Saml2\LogoutRequest - `LogoutRequest.php` ##### + +SAML 2 Logout Request class + + * `LogoutRequest` - Constructs the Logout Request object. + * `getRequest` - Returns the Logout Request defated, base64encoded, unsigned + * `getID` - Returns the ID of the Logout Request. (If you have the object you can access to the id attribute) + * `getNameIdData` - Gets the NameID Data of the the Logout Request. + * `getNameId` - Gets the NameID of the Logout Request. + * `getIssuer` - Gets the Issuer of the Logout Request. + * `getSessionIndexes` - Gets the SessionIndexes from the Logout Request. + * `isValid` - Checks if the Logout Request received is valid. + * `getError` - After executing a validation process, if it fails, this method returns the cause + * `getXML` - Returns the XML that will be sent as part of the request or that was received at the SP. + +##### OneLogin\Saml2\LogoutResponse - `LogoutResponse.php` ##### + +SAML 2 Logout Response class + + * `LogoutResponse` - Constructs a Logout Response object + (Initialize params from settings and if provided load the Logout Response) + * `getIssuer` - Gets the Issuer of the Logout Response. + * `getStatus` - Gets the Status of the Logout Response. + * `isValid` - Determines if the SAML LogoutResponse is valid + * `build` - Generates a Logout Response object. + * `getResponse` - Returns a Logout Response object. + * `getError` - After executing a validation process, if it fails, this method returns the cause. + * `getXML` - Returns the XML that will be sent as part of the response or that was received at the SP. + +##### OneLogin\Saml2\Settings - `Settings.php` ##### + +Configuration of the OneLogin PHP Toolkit + + * `Settings` - Initializes the settings: Sets the paths of + the different folders and Loads settings info from settings file or + array/object provided + * `checkSettings` - Checks the settings info. + * `getBasePath` - Returns base path. + * `getCertPath` - Returns cert path. + * `getLibPath` - Returns lib path. + * `getExtLibPath` - Returns external lib path. + * `getSchemasPath` - Returns schema path. + * `checkSPCerts` - Checks if the x509 certs of the SP exists and are valid. + * `getSPkey` - Returns the x509 private key of the SP. + * `getSPcert` - Returns the x509 public cert of the SP. + * `getSPcertNew` - Returns the future x509 public cert of the SP. + * `getIdPData` - Gets the IdP data. + * `getSPData`Gets the SP data. + * `getSecurityData` - Gets security data. + * `getContacts` - Gets contact data. + * `getOrganization` - Gets organization data. + * `getSPMetadata` - Gets the SP metadata. The XML representation. + * `validateMetadata` - Validates an XML SP Metadata. + * `formatIdPCert` - Formats the IdP cert. + * `formatSPCert` - Formats the SP cert. + * `formatSPCertNew` - Formats the SP cert new. + * `formatSPKey` - Formats the SP private key. + * `getErrors` - Returns an array with the errors, the array is empty when + the settings is ok. + * `getLastErrorReason` - Returns the reason of the last error + * `getBaseURL` - Returns the baseurl set on the settings if any. + * `setBaseURL` - Set a baseurl value + * `setStrict` - Activates or deactivates the strict mode. + * `isStrict` - Returns if the 'strict' mode is active. + * `isDebugActive` - Returns if the debug is active. + +##### OneLogin\Saml2\Metadata - `Metadata.php` ##### + +A class that contains functionality related to the metadata of the SP + +* `builder` - Generates the metadata of the SP based on the settings. +* `signmetadata` - Signs the metadata with the key/cert provided +* `addX509KeyDescriptors` - Adds the x509 descriptors (sign/encriptation) to + the metadata + +##### OneLogin\Saml2\Utils - `Utils.php` ##### + +Auxiliary class that contains several methods + + * `validateXML` - This function attempts to validate an XML string against + the specified schema. + * `formatCert` - Returns a x509 cert (adding header & footer if required). + * `formatPrivateKey` - returns a RSA private key (adding header & footer if required). + * `redirect` - Executes a redirection to the provided url (or return the + target url). + * `isHTTPS` - Checks if https or http. + * `getSelfHost` - Returns the current host. + * `getSelfURLhost` - Returns the protocol + the current host + the port + (if different than common ports). + * `getSelfURLNoQuery` - Returns the URL of the current host + current view. + * `getSelfURL` - Returns the URL of the current host + current view + query. + * `generateUniqueID` - Generates a unique string (used for example as ID + for assertions). + * `parseTime2SAML` - Converts a UNIX timestamp to SAML2 timestamp on the + form `yyyy-mm-ddThh:mm:ss(\.s+)?Z`. + * `parseSAML2Time` - Converts a SAML2 timestamp on the form + `yyyy-mm-ddThh:mm:ss(\.s+)?Z` to a UNIX timestamp. The sub-second part is + ignored. + * `parseDuration` - Interprets a ISO8601 duration value relative to a given + timestamp. + * `getExpireTime` - Compares two dates and returns the earliest. + * `query` - Extracts nodes from the DOMDocument. + * `isSessionStarted` - Checks if the session is started or not. + * `deleteLocalSession` - Deletes the local session. + * `calculateX509Fingerprint` - Calculates the fingerprint of a x509cert. + * `formatFingerPrint` - Formats a fingerprint. + * `generateNameId` - Generates a `nameID`. + * `getStatus` - Gets Status from a Response. + * `decryptElement` - Decrypts an encrypted element. + * `castKey` - Converts a `XMLSecurityKey` to the correct algorithm. + * `addSign` - Adds signature key and senders certificate to an element + (Message or Assertion). + * `validateSign` - Validates a signature (Message or Assertion). + +##### OneLogin\Saml2\IdPMetadataParser - `IdPMetadataParser.php` ##### + +Auxiliary class that contains several methods to retrieve and process IdP metadata + + * `parseRemoteXML` - Get IdP Metadata Info from URL. + * `parseFileXML` - Get IdP Metadata Info from File. + * `parseXML` - Get IdP Metadata Info from XML. + * `injectIntoSettings` - Inject metadata info into php-saml settings array. + + +For more info, look at the source code; each method is documented and details +about what it does and how to use it are provided. Make sure to also check the doc folder where +HTML documentation about the classes and methods is provided for SAML and +SAML2. + + +Demos included in the toolkit +----------------------------- + +The toolkit includes three demo apps to teach how use the toolkit, take a look on it. + +Demos require that SP and IdP are well configured before test it. + +## Demo1 ## + +### SP setup ### + +The Onelogin's PHP Toolkit allows you to provide the settings info in two ways: + + * Use a `settings.php` file that we should locate at the base folder of the + toolkit. + * Use an array with the setting data. + +In this demo we provide the data in the second way, using a setting array named +`$settingsInfo`. This array users the `settings_example.php` included as a template +to create the `settings.php` settings and store it in the `demo1/` folder. +Configure the SP part and later review the metadata of the IdP and complete the IdP info. + +If you check the code of the index.php file you will see that the `settings.php` +file is loaded in order to get the `$settingsInfo` var to be used in order to initialize +the `Setting` class. + +Notice that in this demo, the `setting.php` file that could be defined at the base +folder of the toolkit is ignored and the libs are loaded using the +`_toolkit_loader.php` located at the base folder of the toolkit. + + +### IdP setup ### + +Once the SP is configured, the metadata of the SP is published at the +`metadata.php` file. Configure the IdP based on that information. + + +### How it works ### + + 1. First time you access to `index.php` view, you can select to login and return + to the same view or login and be redirected to the `attrs.php` view. + + 2. When you click: + + 2.1 in the first link, we access to (`index.php?sso`) an `AuthNRequest` + is sent to the IdP, we authenticate at the IdP and then a Response is sent + through the user's client to the SP, specifically the Assertion Consumer Service view: `index.php?acs`. + Notice that a `RelayState` parameter is set to the url that initiated the + process, the `index.php` view. + + 2.2 in the second link we access to (`attrs.php`) have the same process + described at 2.1 with the difference that as `RelayState` is set the `attrs.php`. + + 3. The SAML Response is processed in the ACS (`index.php?acs`), if the Response + is not valid, the process stops here and a message is shown. Otherwise we + are redirected to the RelayState view. a) `index.php` or b) `attrs.php`. + + 4. We are logged in the app and the user attributes are showed. + At this point, we can test the single log out functionality. + + 5. The single log out functionality could be tested by two ways. + + 5.1 SLO Initiated by SP. Click on the "logout" link at the SP, after that a + Logout Request is sent to the IdP, the session at the IdP is closed and + replies through the client to the SP with a Logout Response (sent to the + Single Logout Service endpoint). The SLS endpoint (`index.php?sls`) of the SP + process the Logout Response and if is valid, close the user session of the + local app. Notice that the SLO Workflow starts and ends at the SP. + + 5.2 SLO Initiated by IdP. In this case, the action takes place on the IdP + side, the logout process is initiated at the idP, sends a Logout + Request to the SP (SLS endpoint, `index.php?sls`). The SLS endpoint of the SP + process the Logout Request and if is valid, close the session of the user + at the local app and send a Logout Response to the IdP (to the SLS endpoint + of the IdP). The IdP receives the Logout Response, process it and close the + session at of the IdP. Notice that the SLO Workflow starts and ends at the IdP. + +Notice that all the SAML Requests and Responses are handled by a unique file, +the `index.php` file and how `GET` parameters are used to know the action that +must be done. + + +## Demo2 ## + +### SP setup ### + +The Onelogin's PHP Toolkit allows you to provide the settings info in two ways: + + * Use a `settings.php` file that we should locate at the base folder of the + toolkit. + * Use an array with the setting data. + +The first is the case of the demo2 app. The `setting.php` file and the +`setting_extended.php` file should be defined at the base folder of the toolkit. +Review the `setting_example.php` and the `advanced_settings_example.php` to +learn how to build them. + +In this case as Attribute Consume Service and Single Logout Service we are going to +use the files located in the endpoint folder (`acs.php` and `sls.php`). + + +### IdP setup ### + +Once the SP is configured, the metadata of the SP is published at the +`metadata.php` file. Based on that info, configure the IdP. + + +### How it works ### + +At demo1, we saw how all the SAML Request and Responses were handler at an +unique file, the `index.php` file. This demo1 uses high-level programming. + +At demo2, we have several views: `index.php`, `sso.php`, `slo.php`, `consume.php` +and `metadata.php`. As we said, we will use the endpoints that are defined +in the toolkit (`acs.php`, `sls.php` of the endpoints folder). This demo2 uses +low-level programming. + +Notice that the SSO action can be initiated at `index.php` or `sso.php`. + +The SAML workflow that take place is similar that the workflow defined in the +demo1, only changes the targets. + + 1. When you access `index.php` or `sso.php` for the first time, an `AuthNRequest` is + sent to the IdP automatically, (as `RelayState` is sent the origin url). + We authenticate at the IdP and then a `Response` is sent to the SP, to the + ACS endpoint, in this case `acs.php` of the endpoints folder. + + 2. The SAML Response is processed in the ACS, if the `Response` is not valid, + the process stops here and a message is shown. Otherwise we are redirected + to the `RelayState` view (`sso.php` or `index.php`). The `sso.php` detects if the + user is logged and redirects to `index.php`, so we will be in the + `index.php` at the end. + + 3. We are logged into the app and the user attributes (if any) are shown. + At this point, we can test the single log out functionality. + + 4. The single log out functionality could be tested by two ways. + + 4.1 SLO Initiated by SP. Click on the "logout" link at the SP, after that + we are redirected to the `slo.php` view and there a Logout Request is sent + to the IdP, the session at the IdP is closed and replies to the SP a + Logout Response (sent to the Single Logout Service endpoint). In this case + The SLS endpoint of the SP process the Logout Response and if is + valid, close the user session of the local app. Notice that the SLO + Workflow starts and ends at the SP. + + 4.2 SLO Initiated by IdP. In this case, the action takes place on the IdP + side, the logout process is initiated at the idP, sends a Logout + Request to the SP (SLS endpoint `sls.php` of the endpoint folder). + The SLS endpoint of the SP process the Logout Request and if is valid, + close the session of the user at the local app and sends a Logout Response + to the IdP (to the SLS endpoint of the IdP).The IdP receives the Logout + Response, process it and close the session at of the IdP. Notice that the + SLO Workflow starts and ends at the IdP. + diff --git a/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/onelogin/php-saml/_toolkit_loader.php b/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/onelogin/php-saml/_toolkit_loader.php new file mode 100644 index 0000000..c4649d7 --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/onelogin/php-saml/_toolkit_loader.php @@ -0,0 +1,34 @@ + array( + 'requests' => true, + 'responses' => true + ), + + // Security settings + 'security' => array( + + /** signatures and encryptions offered */ + + // Indicates that the nameID of the sent by this SP + // will be encrypted. + 'nameIdEncrypted' => false, + + // Indicates whether the messages sent by this SP + // will be signed. [The Metadata of the SP will offer this info] + 'authnRequestsSigned' => false, + + // Indicates whether the messages sent by this SP + // will be signed. + 'logoutRequestSigned' => false, + + // Indicates whether the messages sent by this SP + // will be signed. + 'logoutResponseSigned' => false, + + /* Sign the Metadata + False || True (use sp certs) || array ( + 'keyFileName' => 'metadata.key', + 'certFileName' => 'metadata.crt' + ) + || array ( + 'x509cert' => '', + 'privateKey' => '' + ) + */ + 'signMetadata' => false, + + + /** signatures and encryptions required **/ + + // Indicates a requirement for the , and + // elements received by this SP to be signed. + 'wantMessagesSigned' => false, + + // Indicates a requirement for the elements received by + // this SP to be encrypted. + 'wantAssertionsEncrypted' => false, + + // Indicates a requirement for the elements received by + // this SP to be signed. [The Metadata of the SP will offer this info] + 'wantAssertionsSigned' => false, + + // Indicates a requirement for the NameID element on the SAMLResponse received + // by this SP to be present. + 'wantNameId' => true, + + // Indicates a requirement for the NameID received by + // this SP to be encrypted. + 'wantNameIdEncrypted' => false, + + // Authentication context. + // Set to false and no AuthContext will be sent in the AuthNRequest, + // Set true or don't present this parameter and you will get an AuthContext 'exact' 'urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport' + // Set an array with the possible auth context values: array('urn:oasis:names:tc:SAML:2.0:ac:classes:Password', 'urn:oasis:names:tc:SAML:2.0:ac:classes:X509'), + 'requestedAuthnContext' => false, + + // Allows the authn comparison parameter to be set, defaults to 'exact' if + // the setting is not present. + 'requestedAuthnContextComparison' => 'exact', + + // Indicates if the SP will validate all received xmls. + // (In order to validate the xml, 'strict' and 'wantXMLValidation' must be true). + 'wantXMLValidation' => true, + + // If true, SAMLResponses with an empty value at its Destination + // attribute will not be rejected for this fact. + 'relaxDestinationValidation' => false, + + // If true, Destination URL should strictly match to the address to + // which the response has been sent. + // Notice that if 'relaxDestinationValidation' is true an empty Destintation + // will be accepted. + 'destinationStrictlyMatches' => false, + + // If true, SAMLResponses with an InResponseTo value will be rejectd if not + // AuthNRequest ID provided to the validation method. + 'rejectUnsolicitedResponsesWithInResponseTo' => false, + + // Algorithm that the toolkit will use on signing process. Options: + // 'http://www.w3.org/2000/09/xmldsig#rsa-sha1' + // 'http://www.w3.org/2000/09/xmldsig#dsa-sha1' + // 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256' + // 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha384' + // 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha512' + // Notice that rsa-sha1 is a deprecated algorithm and should not be used + 'signatureAlgorithm' => 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256', + + // Algorithm that the toolkit will use on digest process. Options: + // 'http://www.w3.org/2000/09/xmldsig#sha1' + // 'http://www.w3.org/2001/04/xmlenc#sha256' + // 'http://www.w3.org/2001/04/xmldsig-more#sha384' + // 'http://www.w3.org/2001/04/xmlenc#sha512' + // Notice that sha1 is a deprecated algorithm and should not be used + 'digestAlgorithm' => 'http://www.w3.org/2001/04/xmlenc#sha256', + + // ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses + // uppercase. Turn it True for ADFS compatibility on signature verification + 'lowercaseUrlencoding' => false, + ), + + // Contact information template, it is recommended to suply a technical and support contacts + 'contactPerson' => array( + 'technical' => array( + 'givenName' => '', + 'emailAddress' => '' + ), + 'support' => array( + 'givenName' => '', + 'emailAddress' => '' + ), + ), + + // Organization information template, the info in en_US lang is recomended, add more if required + 'organization' => array( + 'en-US' => array( + 'name' => '', + 'displayname' => '', + 'url' => '' + ), + ), +); + + +/* Interoperable SAML 2.0 Web Browser SSO Profile [saml2int] http://saml2int.org/profile/current + + 'authnRequestsSigned' => false, // SP SHOULD NOT sign the , + // MUST NOT assume that the IdP validates the sign + 'wantAssertionsSigned' => true, + 'wantAssertionsEncrypted' => true, // MUST be enabled if SSL/HTTPs is disabled + 'wantNameIdEncrypted' => false, +*/ diff --git a/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/onelogin/php-saml/composer.json b/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/onelogin/php-saml/composer.json new file mode 100644 index 0000000..2cae8af --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/onelogin/php-saml/composer.json @@ -0,0 +1,34 @@ +{ + "name": "onelogin/php-saml", + "description": "OneLogin PHP SAML Toolkit", + "license": "MIT", + "homepage": "https://developers.onelogin.com/saml/php", + "keywords": ["saml", "saml2", "onelogin"], + "autoload": { + "psr-4": { + "OneLogin\\": "src/" + } + }, + "support": { + "email": "sixto.garcia@onelogin.com", + "issues": "https://github.com/onelogin/php-saml/issues", + "source": "https://github.com/onelogin/php-saml/" + }, + "require": { + "php": ">=5.4", + "robrichards/xmlseclibs": ">=3.0.4" + }, + "require-dev": { + "php-coveralls/php-coveralls": "^1.0.2 || ^2.0", + "phpunit/phpunit": "^4.8.35 || ^5.7 || ^6.5 || ^7.1", + "sebastian/phpcpd": "^2.0 || ^3.0 || ^4.0", + "phploc/phploc": "^2.1 || ^3.0 || ^4.0", + "pdepend/pdepend": "^2.5.0", + "squizlabs/php_codesniffer": "^3.1.1" + }, + "suggest": { + "ext-openssl": "Install openssl lib in order to handle with x509 certs (require to support sign and encryption)", + "ext-curl": "Install curl lib to be able to use the IdPMetadataParser for parsing remote XMLs", + "ext-gettext": "Install gettext and php5-gettext libs to handle translations" + } +} diff --git a/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/onelogin/php-saml/phpunit.xml b/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/onelogin/php-saml/phpunit.xml new file mode 100644 index 0000000..3629f27 --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/onelogin/php-saml/phpunit.xml @@ -0,0 +1,18 @@ + + + + ./tests/src + + + + + ./src + + + + + + + + + diff --git a/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/onelogin/php-saml/settings_example.php b/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/onelogin/php-saml/settings_example.php new file mode 100644 index 0000000..981a21a --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/onelogin/php-saml/settings_example.php @@ -0,0 +1,137 @@ + true, + + // Enable debug mode (to print errors) + 'debug' => false, + + // Set a BaseURL to be used instead of try to guess + // the BaseURL of the view that process the SAML Message. + // Ex. http://sp.example.com/ + // http://example.com/sp/ + 'baseurl' => null, + + // Service Provider Data that we are deploying + 'sp' => array( + // Identifier of the SP entity (must be a URI) + 'entityId' => '', + // Specifies info about where and how the message MUST be + // returned to the requester, in this case our SP. + 'assertionConsumerService' => array( + // URL Location where the from the IdP will be returned + 'url' => '', + // SAML protocol binding to be used when returning the + // message. Onelogin Toolkit supports for this endpoint the + // HTTP-POST binding only + 'binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST', + ), + // If you need to specify requested attributes, set a + // attributeConsumingService. nameFormat, attributeValue and + // friendlyName can be omitted. Otherwise remove this section. + "attributeConsumingService"=> array( + "serviceName" => "SP test", + "serviceDescription" => "Test Service", + "requestedAttributes" => array( + array( + "name" => "", + "isRequired" => false, + "nameFormat" => "", + "friendlyName" => "", + "attributeValue" => "" + ) + ) + ), + // Specifies info about where and how the message MUST be + // returned to the requester, in this case our SP. + 'singleLogoutService' => array( + // URL Location where the from the IdP will be returned + 'url' => '', + // SAML protocol binding to be used when returning the + // message. Onelogin Toolkit supports for this endpoint the + // HTTP-Redirect binding only + 'binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect', + ), + // Specifies constraints on the name identifier to be used to + // represent the requested subject. + // Take a look on lib/Saml2/Constants.php to see the NameIdFormat supported + 'NameIDFormat' => 'urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified', + + // Usually x509cert and privateKey of the SP are provided by files placed at + // the certs folder. But we can also provide them with the following parameters + 'x509cert' => '', + 'privateKey' => '', + + /* + * Key rollover + * If you plan to update the SP x509cert and privateKey + * you can define here the new x509cert and it will be + * published on the SP metadata so Identity Providers can + * read them and get ready for rollover. + */ + // 'x509certNew' => '', + ), + + // Identity Provider Data that we want connect with our SP + 'idp' => array( + // Identifier of the IdP entity (must be a URI) + 'entityId' => '', + // SSO endpoint info of the IdP. (Authentication Request protocol) + 'singleSignOnService' => array( + // URL Target of the IdP where the SP will send the Authentication Request Message + 'url' => '', + // SAML protocol binding to be used when returning the + // message. Onelogin Toolkit supports for this endpoint the + // HTTP-Redirect binding only + 'binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect', + ), + // SLO endpoint info of the IdP. + 'singleLogoutService' => array( + // URL Location of the IdP where the SP will send the SLO Request + 'url' => '', + // URL location of the IdP where the SP SLO Response will be sent (ResponseLocation) + // if not set, url for the SLO Request will be used + 'responseUrl' => '', + // SAML protocol binding to be used when returning the + // message. Onelogin Toolkit supports for this endpoint the + // HTTP-Redirect binding only + 'binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect', + ), + // Public x509 certificate of the IdP + 'x509cert' => '', + /* + * Instead of use the whole x509cert you can use a fingerprint in + * order to validate the SAMLResponse, but we don't recommend to use + * that method on production since is exploitable by a collision + * attack. + * (openssl x509 -noout -fingerprint -in "idp.crt" to generate it, + * or add for example the -sha256 , -sha384 or -sha512 parameter) + * + * If a fingerprint is provided, then the certFingerprintAlgorithm is required in order to + * let the toolkit know which Algorithm was used. Possible values: sha1, sha256, sha384 or sha512 + * 'sha1' is the default value. + */ + // 'certFingerprint' => '', + // 'certFingerprintAlgorithm' => 'sha1', + + /* In some scenarios the IdP uses different certificates for + * signing/encryption, or is under key rollover phase and more + * than one certificate is published on IdP metadata. + * In order to handle that the toolkit offers that parameter. + * (when used, 'x509cert' and 'certFingerprint' values are + * ignored). + */ + // 'x509certMulti' => array( + // 'signing' => array( + // 0 => '', + // ), + // 'encryption' => array( + // 0 => '', + // ) + // ), + ), +); diff --git a/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/Auth.php b/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/Auth.php new file mode 100644 index 0000000..5f603a1 --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/Auth.php @@ -0,0 +1,826 @@ + + * @license MIT https://github.com/onelogin/php-saml/blob/master/LICENSE + * @link https://github.com/onelogin/php-saml + */ + +namespace OneLogin\Saml2; + +use RobRichards\XMLSecLibs\XMLSecurityKey; + +use Exception; + +/** + * Main class of OneLogin's PHP Toolkit + */ +class Auth +{ + /** + * Settings data. + * + * @var Settings + */ + private $_settings; + + /** + * User attributes data. + * + * @var array + */ + private $_attributes = array(); + + /** + * User attributes data with FriendlyName index. + * + * @var array + */ + private $_attributesWithFriendlyName = array(); + + /** + * NameID + * + * @var string + */ + private $_nameid; + + /** + * NameID Format + * + * @var string + */ + private $_nameidFormat; + + /** + * NameID NameQualifier + * + * @var string + */ + private $_nameidNameQualifier; + + /** + * NameID SP NameQualifier + * + * @var string + */ + private $_nameidSPNameQualifier; + + /** + * If user is authenticated. + * + * @var bool + */ + private $_authenticated = false; + + + /** + * SessionIndex. When the user is logged, this stored it + * from the AuthnStatement of the SAML Response + * + * @var string + */ + private $_sessionIndex; + + /** + * SessionNotOnOrAfter. When the user is logged, this stored it + * from the AuthnStatement of the SAML Response + * + * @var int|null + */ + private $_sessionExpiration; + + /** + * The ID of the last message processed + * + * @var string + */ + private $_lastMessageId; + + /** + * The ID of the last assertion processed + * + * @var string + */ + private $_lastAssertionId; + + /** + * The NotOnOrAfter value of the valid SubjectConfirmationData + * node (if any) of the last assertion processed + * + * @var int + */ + private $_lastAssertionNotOnOrAfter; + + /** + * If any error. + * + * @var array + */ + private $_errors = array(); + + /** + * Last error object. + * + * @var Error|null + */ + private $_lastErrorException; + + /** + * Last error. + * + * @var string|null + */ + private $_lastError; + + /** + * Last AuthNRequest ID or LogoutRequest ID generated by this Service Provider + * + * @var string + */ + private $_lastRequestID; + + /** + * The most recently-constructed/processed XML SAML request + * (AuthNRequest, LogoutRequest) + * + * @var string + */ + private $_lastRequest; + + /** + * The most recently-constructed/processed XML SAML response + * (SAMLResponse, LogoutResponse). If the SAMLResponse was + * encrypted, by default tries to return the decrypted XML + * + * @var string|\DomDocument|null + */ + private $_lastResponse; + + /** + * Initializes the SP SAML instance. + * + * @param array|null $settings Setting data + * + * @throws Exception + * @throws Error + */ + public function __construct(array $settings = null) + { + $this->_settings = new Settings($settings); + } + + /** + * Returns the settings info + * + * @return Settings The settings data. + */ + public function getSettings() + { + return $this->_settings; + } + + /** + * Set the strict mode active/disable + * + * @param bool $value Strict parameter + * + * @throws Error + */ + public function setStrict($value) + { + if (!is_bool($value)) { + throw new Error( + 'Invalid value passed to setStrict()', + Error::SETTINGS_INVALID_SYNTAX + ); + } + + $this->_settings->setStrict($value); + } + + /** + * Set schemas path + * + * @param string $path + * @return $this + */ + public function setSchemasPath($path) + { + $this->_paths['schemas'] = $path; + } + + /** + * Process the SAML Response sent by the IdP. + * + * @param string|null $requestId The ID of the AuthNRequest sent by this SP to the IdP + * + * @throws Error + * @throws ValidationError + */ + public function processResponse($requestId = null) + { + $this->_errors = array(); + $this->_lastError = $this->_lastErrorException = null; + if (isset($_POST['SAMLResponse'])) { + // AuthnResponse -- HTTP_POST Binding + $response = new Response($this->_settings, $_POST['SAMLResponse']); + $this->_lastResponse = $response->getXMLDocument(); + + if ($response->isValid($requestId)) { + $this->_attributes = $response->getAttributes(); + $this->_attributesWithFriendlyName = $response->getAttributesWithFriendlyName(); + $this->_nameid = $response->getNameId(); + $this->_nameidFormat = $response->getNameIdFormat(); + $this->_nameidNameQualifier = $response->getNameIdNameQualifier(); + $this->_nameidSPNameQualifier = $response->getNameIdSPNameQualifier(); + $this->_authenticated = true; + $this->_sessionIndex = $response->getSessionIndex(); + $this->_sessionExpiration = $response->getSessionNotOnOrAfter(); + $this->_lastMessageId = $response->getId(); + $this->_lastAssertionId = $response->getAssertionId(); + $this->_lastAssertionNotOnOrAfter = $response->getAssertionNotOnOrAfter(); + } else { + $this->_errors[] = 'invalid_response'; + $this->_lastErrorException = $response->getErrorException(); + $this->_lastError = $response->getError(); + } + } else { + $this->_errors[] = 'invalid_binding'; + throw new Error( + 'SAML Response not found, Only supported HTTP_POST Binding', + Error::SAML_RESPONSE_NOT_FOUND + ); + } + } + + /** + * Process the SAML Logout Response / Logout Request sent by the IdP. + * + * @param bool $keepLocalSession When false will destroy the local session, otherwise will keep it + * @param string|null $requestId The ID of the LogoutRequest sent by this SP to the IdP + * @param bool $retrieveParametersFromServer True if we want to use parameters from $_SERVER to validate the signature + * @param callable $cbDeleteSession Callback to be executed to delete session + * @param bool $stay True if we want to stay (returns the url string) False to redirect + * + * @return string|null + * + * @throws Error + */ + public function processSLO($keepLocalSession = false, $requestId = null, $retrieveParametersFromServer = false, $cbDeleteSession = null, $stay = false) + { + $this->_errors = array(); + $this->_lastError = $this->_lastErrorException = null; + if (isset($_GET['SAMLResponse'])) { + $logoutResponse = new LogoutResponse($this->_settings, $_GET['SAMLResponse']); + $this->_lastResponse = $logoutResponse->getXML(); + if (!$logoutResponse->isValid($requestId, $retrieveParametersFromServer)) { + $this->_errors[] = 'invalid_logout_response'; + $this->_lastErrorException = $logoutResponse->getErrorException(); + $this->_lastError = $logoutResponse->getError(); + + } else if ($logoutResponse->getStatus() !== Constants::STATUS_SUCCESS) { + $this->_errors[] = 'logout_not_success'; + } else { + $this->_lastMessageId = $logoutResponse->id; + if (!$keepLocalSession) { + if ($cbDeleteSession === null) { + Utils::deleteLocalSession(); + } else { + call_user_func($cbDeleteSession); + } + } + } + } else if (isset($_GET['SAMLRequest'])) { + $logoutRequest = new LogoutRequest($this->_settings, $_GET['SAMLRequest']); + $this->_lastRequest = $logoutRequest->getXML(); + if (!$logoutRequest->isValid($retrieveParametersFromServer)) { + $this->_errors[] = 'invalid_logout_request'; + $this->_lastErrorException = $logoutRequest->getErrorException(); + $this->_lastError = $logoutRequest->getError(); + } else { + if (!$keepLocalSession) { + if ($cbDeleteSession === null) { + Utils::deleteLocalSession(); + } else { + call_user_func($cbDeleteSession); + } + } + $inResponseTo = $logoutRequest->id; + $this->_lastMessageId = $logoutRequest->id; + $responseBuilder = new LogoutResponse($this->_settings); + $responseBuilder->build($inResponseTo); + $this->_lastResponse = $responseBuilder->getXML(); + + $logoutResponse = $responseBuilder->getResponse(); + + $parameters = array('SAMLResponse' => $logoutResponse); + if (isset($_GET['RelayState'])) { + $parameters['RelayState'] = $_GET['RelayState']; + } + + $security = $this->_settings->getSecurityData(); + if (isset($security['logoutResponseSigned']) && $security['logoutResponseSigned']) { + $signature = $this->buildResponseSignature($logoutResponse, isset($parameters['RelayState'])? $parameters['RelayState']: null, $security['signatureAlgorithm']); + $parameters['SigAlg'] = $security['signatureAlgorithm']; + $parameters['Signature'] = $signature; + } + + return $this->redirectTo($this->getSLOResponseUrl(), $parameters, $stay); + } + } else { + $this->_errors[] = 'invalid_binding'; + throw new Error( + 'SAML LogoutRequest/LogoutResponse not found. Only supported HTTP_REDIRECT Binding', + Error::SAML_LOGOUTMESSAGE_NOT_FOUND + ); + } + } + + /** + * Redirects the user to the url past by parameter + * or to the url that we defined in our SSO Request. + * + * @param string $url The target URL to redirect the user. + * @param array $parameters Extra parameters to be passed as part of the url + * @param bool $stay True if we want to stay (returns the url string) False to redirect + * + * @return string|null + */ + public function redirectTo($url = '', array $parameters = array(), $stay = false) + { + assert(is_string($url)); + + if (empty($url) && isset($_REQUEST['RelayState'])) { + $url = $_REQUEST['RelayState']; + } + + return Utils::redirect($url, $parameters, $stay); + } + + /** + * Checks if the user is authenticated or not. + * + * @return bool True if the user is authenticated + */ + public function isAuthenticated() + { + return $this->_authenticated; + } + + /** + * Returns the set of SAML attributes. + * + * @return array Attributes of the user. + */ + public function getAttributes() + { + return $this->_attributes; + } + + + /** + * Returns the set of SAML attributes indexed by FriendlyName + * + * @return array Attributes of the user. + */ + public function getAttributesWithFriendlyName() + { + return $this->_attributesWithFriendlyName; + } + + /** + * Returns the nameID + * + * @return string The nameID of the assertion + */ + public function getNameId() + { + return $this->_nameid; + } + + /** + * Returns the nameID Format + * + * @return string The nameID Format of the assertion + */ + public function getNameIdFormat() + { + return $this->_nameidFormat; + } + + /** + * Returns the nameID NameQualifier + * + * @return string The nameID NameQualifier of the assertion + */ + public function getNameIdNameQualifier() + { + return $this->_nameidNameQualifier; + } + + /** + * Returns the nameID SP NameQualifier + * + * @return string The nameID SP NameQualifier of the assertion + */ + public function getNameIdSPNameQualifier() + { + return $this->_nameidSPNameQualifier; + } + + /** + * Returns the SessionIndex + * + * @return string|null The SessionIndex of the assertion + */ + public function getSessionIndex() + { + return $this->_sessionIndex; + } + + /** + * Returns the SessionNotOnOrAfter + * + * @return int|null The SessionNotOnOrAfter of the assertion + */ + public function getSessionExpiration() + { + return $this->_sessionExpiration; + } + + /** + * Returns if there were any error + * + * @return array Errors + */ + public function getErrors() + { + return $this->_errors; + } + + /** + * Returns the reason for the last error + * + * @return string|null Error reason + */ + public function getLastErrorReason() + { + return $this->_lastError; + } + + + /** + * Returns the last error + * + * @return Exception|null Error + */ + public function getLastErrorException() + { + return $this->_lastErrorException; + } + + /** + * Returns the requested SAML attribute + * + * @param string $name The requested attribute of the user. + * + * @return array|null Requested SAML attribute ($name). + */ + public function getAttribute($name) + { + assert(is_string($name)); + + $value = null; + if (isset($this->_attributes[$name])) { + return $this->_attributes[$name]; + } + return $value; + } + + /** + * Returns the requested SAML attribute indexed by FriendlyName + * + * @param string $friendlyName The requested attribute of the user. + * + * @return array|null Requested SAML attribute ($friendlyName). + */ + public function getAttributeWithFriendlyName($friendlyName) + { + assert(is_string($friendlyName)); + $value = null; + if (isset($this->_attributesWithFriendlyName[$friendlyName])) { + return $this->_attributesWithFriendlyName[$friendlyName]; + } + return $value; + } + + /** + * Initiates the SSO process. + * + * @param string|null $returnTo The target URL the user should be returned to after login. + * @param array $parameters Extra parameters to be added to the GET + * @param bool $forceAuthn When true the AuthNRequest will set the ForceAuthn='true' + * @param bool $isPassive When true the AuthNRequest will set the Ispassive='true' + * @param bool $stay True if we want to stay (returns the url string) False to redirect + * @param bool $setNameIdPolicy When true the AuthNRequest will set a nameIdPolicy element + * @param string $nameIdValueReq Indicates to the IdP the subject that should be authenticated + * + * @return string|null If $stay is True, it return a string with the SLO URL + LogoutRequest + parameters + * + * @throws Error + */ + public function login($returnTo = null, array $parameters = array(), $forceAuthn = false, $isPassive = false, $stay = false, $setNameIdPolicy = true, $nameIdValueReq = null) + { + $authnRequest = $this->buildAuthnRequest($this->_settings, $forceAuthn, $isPassive, $setNameIdPolicy, $nameIdValueReq); + + $this->_lastRequest = $authnRequest->getXML(); + $this->_lastRequestID = $authnRequest->getId(); + + $samlRequest = $authnRequest->getRequest(); + $parameters['SAMLRequest'] = $samlRequest; + + if (!empty($returnTo)) { + $parameters['RelayState'] = $returnTo; + } else { + $parameters['RelayState'] = Utils::getSelfRoutedURLNoQuery(); + } + + $security = $this->_settings->getSecurityData(); + if (isset($security['authnRequestsSigned']) && $security['authnRequestsSigned']) { + $signature = $this->buildRequestSignature($samlRequest, $parameters['RelayState'], $security['signatureAlgorithm']); + $parameters['SigAlg'] = $security['signatureAlgorithm']; + $parameters['Signature'] = $signature; + } + return $this->redirectTo($this->getSSOurl(), $parameters, $stay); + } + + /** + * Initiates the SLO process. + * + * @param string|null $returnTo The target URL the user should be returned to after logout. + * @param array $parameters Extra parameters to be added to the GET + * @param string|null $nameId The NameID that will be set in the LogoutRequest. + * @param string|null $sessionIndex The SessionIndex (taken from the SAML Response in the SSO process). + * @param bool $stay True if we want to stay (returns the url string) False to redirect + * @param string|null $nameIdFormat The NameID Format will be set in the LogoutRequest. + * @param string|null $nameIdNameQualifier The NameID NameQualifier will be set in the LogoutRequest. + * + * @return string|null If $stay is True, it return a string with the SLO URL + LogoutRequest + parameters + * + * @throws Error + */ + public function logout($returnTo = null, array $parameters = array(), $nameId = null, $sessionIndex = null, $stay = false, $nameIdFormat = null, $nameIdNameQualifier = null, $nameIdSPNameQualifier = null) + { + $sloUrl = $this->getSLOurl(); + if (empty($sloUrl)) { + throw new Error( + 'The IdP does not support Single Log Out', + Error::SAML_SINGLE_LOGOUT_NOT_SUPPORTED + ); + } + + if (empty($nameId) && !empty($this->_nameid)) { + $nameId = $this->_nameid; + } + if (empty($nameIdFormat) && !empty($this->_nameidFormat)) { + $nameIdFormat = $this->_nameidFormat; + } + + $logoutRequest = new LogoutRequest($this->_settings, null, $nameId, $sessionIndex, $nameIdFormat, $nameIdNameQualifier, $nameIdSPNameQualifier); + + $this->_lastRequest = $logoutRequest->getXML(); + $this->_lastRequestID = $logoutRequest->id; + + $samlRequest = $logoutRequest->getRequest(); + + $parameters['SAMLRequest'] = $samlRequest; + if (!empty($returnTo)) { + $parameters['RelayState'] = $returnTo; + } else { + $parameters['RelayState'] = Utils::getSelfRoutedURLNoQuery(); + } + + $security = $this->_settings->getSecurityData(); + if (isset($security['logoutRequestSigned']) && $security['logoutRequestSigned']) { + $signature = $this->buildRequestSignature($samlRequest, $parameters['RelayState'], $security['signatureAlgorithm']); + $parameters['SigAlg'] = $security['signatureAlgorithm']; + $parameters['Signature'] = $signature; + } + + return $this->redirectTo($sloUrl, $parameters, $stay); + } + + /** + * Gets the SSO url. + * + * @return string The url of the Single Sign On Service + */ + public function getSSOurl() + { + $idpData = $this->_settings->getIdPData(); + return $idpData['singleSignOnService']['url']; + } + + /** + * Gets the SLO url. + * + * @return string|null The url of the Single Logout Service + */ + public function getSLOurl() + { + $url = null; + $idpData = $this->_settings->getIdPData(); + if (isset($idpData['singleLogoutService']) && isset($idpData['singleLogoutService']['url'])) { + $url = $idpData['singleLogoutService']['url']; + } + return $url; + } + + /** + * Gets the SLO response url. + * + * @return string|null The response url of the Single Logout Service + */ + public function getSLOResponseUrl() + { + $idpData = $this->_settings->getIdPData(); + if (isset($idpData['singleLogoutService']) && isset($idpData['singleLogoutService']['responseUrl'])) { + return $idpData['singleLogoutService']['responseUrl']; + } + return $this->getSLOurl(); + } + + /** + * Gets the ID of the last AuthNRequest or LogoutRequest generated by the Service Provider. + * + * @return string The ID of the Request SAML message. + */ + public function getLastRequestID() + { + return $this->_lastRequestID; + } + + /** + * Creates an AuthnRequest + * + * @param Settings $settings Setting data + * @param bool $forceAuthn When true the AuthNRequest will set the ForceAuthn='true' + * @param bool $isPassive When true the AuthNRequest will set the Ispassive='true' + * @param bool $setNameIdPolicy When true the AuthNRequest will set a nameIdPolicy element + * @param string $nameIdValueReq Indicates to the IdP the subject that should be authenticated + * + * @return AuthnRequest The AuthnRequest object + */ + public function buildAuthnRequest($settings, $forceAuthn, $isPassive, $setNameIdPolicy, $nameIdValueReq = null) + { + return new AuthnRequest($settings, $forceAuthn, $isPassive, $setNameIdPolicy, $nameIdValueReq); + } + + /** + * Generates the Signature for a SAML Request + * + * @param string $samlRequest The SAML Request + * @param string $relayState The RelayState + * @param string $signAlgorithm Signature algorithm method + * + * @return string A base64 encoded signature + * + * @throws Exception + * @throws Error + */ + public function buildRequestSignature($samlRequest, $relayState, $signAlgorithm = XMLSecurityKey::RSA_SHA256) + { + return $this->buildMessageSignature($samlRequest, $relayState, $signAlgorithm, "SAMLRequest"); + } + + /** + * Generates the Signature for a SAML Response + * + * @param string $samlResponse The SAML Response + * @param string $relayState The RelayState + * @param string $signAlgorithm Signature algorithm method + * + * @return string A base64 encoded signature + * + * @throws Exception + * @throws Error + */ + public function buildResponseSignature($samlResponse, $relayState, $signAlgorithm = XMLSecurityKey::RSA_SHA256) + { + return $this->buildMessageSignature($samlResponse, $relayState, $signAlgorithm, "SAMLResponse"); + } + + /** + * Generates the Signature for a SAML Message + * + * @param string $samlMessage The SAML Message + * @param string $relayState The RelayState + * @param string $signAlgorithm Signature algorithm method + * @param string $type "SAMLRequest" or "SAMLResponse" + * + * @return string A base64 encoded signature + * + * @throws Exception + * @throws Error + */ + private function buildMessageSignature($samlMessage, $relayState, $signAlgorithm = XMLSecurityKey::RSA_SHA256, $type = "SAMLRequest") + { + $key = $this->_settings->getSPkey(); + if (empty($key)) { + if ($type == "SAMLRequest") { + $errorMsg = "Trying to sign the SAML Request but can't load the SP private key"; + } else { + $errorMsg = "Trying to sign the SAML Response but can't load the SP private key"; + } + + throw new Error($errorMsg, Error::PRIVATE_KEY_NOT_FOUND); + } + + $objKey = new XMLSecurityKey($signAlgorithm, array('type' => 'private')); + $objKey->loadKey($key, false); + + $security = $this->_settings->getSecurityData(); + if ($security['lowercaseUrlencoding']) { + $msg = $type.'='.rawurlencode($samlMessage); + if (isset($relayState)) { + $msg .= '&RelayState='.rawurlencode($relayState); + } + $msg .= '&SigAlg=' . rawurlencode($signAlgorithm); + } else { + $msg = $type.'='.urlencode($samlMessage); + if (isset($relayState)) { + $msg .= '&RelayState='.urlencode($relayState); + } + $msg .= '&SigAlg=' . urlencode($signAlgorithm); + } + $signature = $objKey->signData($msg); + return base64_encode($signature); + } + + /** + * @return string The ID of the last message processed + */ + public function getLastMessageId() + { + return $this->_lastMessageId; + } + + /** + * @return string The ID of the last assertion processed + */ + public function getLastAssertionId() + { + return $this->_lastAssertionId; + } + + /** + * @return int The NotOnOrAfter value of the valid + * SubjectConfirmationData node (if any) + * of the last assertion processed + */ + public function getLastAssertionNotOnOrAfter() + { + return $this->_lastAssertionNotOnOrAfter; + } + + /** + * Returns the most recently-constructed/processed + * XML SAML request (AuthNRequest, LogoutRequest) + * + * @return string|null The Request XML + */ + public function getLastRequestXML() + { + return $this->_lastRequest; + } + + /** + * Returns the most recently-constructed/processed + * XML SAML response (SAMLResponse, LogoutResponse). + * If the SAMLResponse was encrypted, by default tries + * to return the decrypted XML. + * + * @return string|null The Response XML + */ + public function getLastResponseXML() + { + $response = null; + if (isset($this->_lastResponse)) { + if (is_string($this->_lastResponse)) { + $response = $this->_lastResponse; + } else { + $response = $this->_lastResponse->saveXML(); + } + } + + return $response; + } +} diff --git a/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/AuthnRequest.php b/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/AuthnRequest.php new file mode 100644 index 0000000..a1311f7 --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/AuthnRequest.php @@ -0,0 +1,214 @@ + + * @license MIT https://github.com/onelogin/php-saml/blob/master/LICENSE + * @link https://github.com/onelogin/php-saml + */ + +namespace OneLogin\Saml2; + +/** + * SAML 2 Authentication Request + */ +class AuthnRequest +{ + /** + * Object that represents the setting info + * + * @var Settings + */ + protected $_settings; + + /** + * SAML AuthNRequest string + * + * @var string + */ + private $_authnRequest; + + /** + * SAML AuthNRequest ID. + * + * @var string + */ + private $_id; + + /** + * Constructs the AuthnRequest object. + * + * @param Settings $settings SAML Toolkit Settings + * @param bool $forceAuthn When true the AuthNReuqest will set the ForceAuthn='true' + * @param bool $isPassive When true the AuthNReuqest will set the Ispassive='true' + * @param bool $setNameIdPolicy When true the AuthNReuqest will set a nameIdPolicy + * @param string $nameIdValueReq Indicates to the IdP the subject that should be authenticated + */ + public function __construct(\OneLogin\Saml2\Settings $settings, $forceAuthn = false, $isPassive = false, $setNameIdPolicy = true, $nameIdValueReq = null) + { + $this->_settings = $settings; + + $spData = $this->_settings->getSPData(); + $idpData = $this->_settings->getIdPData(); + $security = $this->_settings->getSecurityData(); + + $id = Utils::generateUniqueID(); + $issueInstant = Utils::parseTime2SAML(time()); + + $subjectStr = ""; + if (isset($nameIdValueReq)) { + $subjectStr = << + {$nameIdValueReq} + + +SUBJECT; + } + + $nameIdPolicyStr = ''; + if ($setNameIdPolicy) { + $nameIDPolicyFormat = $spData['NameIDFormat']; + if (isset($security['wantNameIdEncrypted']) && $security['wantNameIdEncrypted']) { + $nameIDPolicyFormat = Constants::NAMEID_ENCRYPTED; + } + + $nameIdPolicyStr = << +NAMEIDPOLICY; + } + + + $providerNameStr = ''; + $organizationData = $settings->getOrganization(); + if (!empty($organizationData)) { + $langs = array_keys($organizationData); + if (in_array('en-US', $langs)) { + $lang = 'en-US'; + } else { + $lang = $langs[0]; + } + if (isset($organizationData[$lang]['displayname']) && !empty($organizationData[$lang]['displayname'])) { + $providerNameStr = << + urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport + +REQUESTEDAUTHN; + } else { + $requestedAuthnStr .= " \n"; + foreach ($security['requestedAuthnContext'] as $contextValue) { + $requestedAuthnStr .= " ".$contextValue."\n"; + } + $requestedAuthnStr .= ' '; + } + } + + $spEntityId = htmlspecialchars($spData['entityId'], ENT_QUOTES); + $acsUrl = htmlspecialchars($spData['assertionConsumerService']['url'], ENT_QUOTES); + $request = << + {$spEntityId}{$subjectStr}{$nameIdPolicyStr}{$requestedAuthnStr} + +AUTHNREQUEST; + + $this->_id = $id; + $this->_authnRequest = $request; + } + + /** + * Returns deflated, base64 encoded, unsigned AuthnRequest. + * + * @param bool|null $deflate Whether or not we should 'gzdeflate' the request body before we return it. + * + * @return string + */ + public function getRequest($deflate = null) + { + $subject = $this->_authnRequest; + + if (is_null($deflate)) { + $deflate = $this->_settings->shouldCompressRequests(); + } + + if ($deflate) { + $subject = gzdeflate($this->_authnRequest); + } + + $base64Request = base64_encode($subject); + return $base64Request; + } + + /** + * Returns the AuthNRequest ID. + * + * @return string + */ + public function getId() + { + return $this->_id; + } + + /** + * Returns the XML that will be sent as part of the request + * + * @return string + */ + public function getXML() + { + return $this->_authnRequest; + } +} diff --git a/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/Constants.php b/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/Constants.php new file mode 100644 index 0000000..21261fb --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/Constants.php @@ -0,0 +1,84 @@ + + * @license MIT https://github.com/onelogin/php-saml/blob/master/LICENSE + * @link https://github.com/onelogin/php-saml + */ + +namespace OneLogin\Saml2; + +/** + * Constants of OneLogin PHP Toolkit + * + * Defines all required constants + */ +class Constants +{ + // Value added to the current time in time condition validations + const ALLOWED_CLOCK_DRIFT = 180; // 3 min in seconds + + // NameID Formats + const NAMEID_EMAIL_ADDRESS = 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress'; + const NAMEID_X509_SUBJECT_NAME = 'urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName'; + const NAMEID_WINDOWS_DOMAIN_QUALIFIED_NAME = 'urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName'; + const NAMEID_UNSPECIFIED = 'urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified'; + const NAMEID_KERBEROS = 'urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos'; + const NAMEID_ENTITY = 'urn:oasis:names:tc:SAML:2.0:nameid-format:entity'; + const NAMEID_TRANSIENT = 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient'; + const NAMEID_PERSISTENT = 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent'; + const NAMEID_ENCRYPTED = 'urn:oasis:names:tc:SAML:2.0:nameid-format:encrypted'; + + // Attribute Name Formats + const ATTRNAME_FORMAT_UNSPECIFIED = 'urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified'; + const ATTRNAME_FORMAT_URI = 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri'; + const ATTRNAME_FORMAT_BASIC = 'urn:oasis:names:tc:SAML:2.0:attrname-format:basic'; + + // Namespaces + const NS_SAML = 'urn:oasis:names:tc:SAML:2.0:assertion'; + const NS_SAMLP = 'urn:oasis:names:tc:SAML:2.0:protocol'; + const NS_SOAP = 'http://schemas.xmlsoap.org/soap/envelope/'; + const NS_MD = 'urn:oasis:names:tc:SAML:2.0:metadata'; + const NS_XS = 'http://www.w3.org/2001/XMLSchema'; + const NS_XSI = 'http://www.w3.org/2001/XMLSchema-instance'; + const NS_XENC = 'http://www.w3.org/2001/04/xmlenc#'; + const NS_DS = 'http://www.w3.org/2000/09/xmldsig#'; + + // Bindings + const BINDING_HTTP_POST = 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST'; + const BINDING_HTTP_REDIRECT = 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect'; + const BINDING_HTTP_ARTIFACT = 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact'; + const BINDING_SOAP = 'urn:oasis:names:tc:SAML:2.0:bindings:SOAP'; + const BINDING_DEFLATE = 'urn:oasis:names:tc:SAML:2.0:bindings:URL-Encoding:DEFLATE'; + + // Auth Context Class + const AC_UNSPECIFIED = 'urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified'; + const AC_PASSWORD = 'urn:oasis:names:tc:SAML:2.0:ac:classes:Password'; + const AC_PASSWORD_PROTECTED = 'urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport'; + const AC_X509 = 'urn:oasis:names:tc:SAML:2.0:ac:classes:X509'; + const AC_SMARTCARD = 'urn:oasis:names:tc:SAML:2.0:ac:classes:Smartcard'; + const AC_KERBEROS = 'urn:oasis:names:tc:SAML:2.0:ac:classes:Kerberos'; + const AC_WINDOWS = 'urn:federation:authentication:windows'; + const AC_TLS = 'urn:oasis:names:tc:SAML:2.0:ac:classes:TLSClient'; + + // Subject Confirmation + const CM_BEARER = 'urn:oasis:names:tc:SAML:2.0:cm:bearer'; + const CM_HOLDER_KEY = 'urn:oasis:names:tc:SAML:2.0:cm:holder-of-key'; + const CM_SENDER_VOUCHES = 'urn:oasis:names:tc:SAML:2.0:cm:sender-vouches'; + + // Status Codes + const STATUS_SUCCESS = 'urn:oasis:names:tc:SAML:2.0:status:Success'; + const STATUS_REQUESTER = 'urn:oasis:names:tc:SAML:2.0:status:Requester'; + const STATUS_RESPONDER = 'urn:oasis:names:tc:SAML:2.0:status:Responder'; + const STATUS_VERSION_MISMATCH = 'urn:oasis:names:tc:SAML:2.0:status:VersionMismatch'; + const STATUS_NO_PASSIVE = 'urn:oasis:names:tc:SAML:2.0:status:NoPassive'; + const STATUS_PARTIAL_LOGOUT = 'urn:oasis:names:tc:SAML:2.0:status:PartialLogout'; + const STATUS_PROXY_COUNT_EXCEEDED = 'urn:oasis:names:tc:SAML:2.0:status:ProxyCountExceeded'; +} diff --git a/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/Error.php b/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/Error.php new file mode 100644 index 0000000..211acf4 --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/Error.php @@ -0,0 +1,66 @@ + + * @license MIT https://github.com/onelogin/php-saml/blob/master/LICENSE + * @link https://github.com/onelogin/php-saml + */ + +namespace OneLogin\Saml2; + +use Exception; + +/** + * Error class of OneLogin PHP Toolkit + * + * Defines the Error class + */ +class Error extends Exception +{ + // Errors + const SETTINGS_FILE_NOT_FOUND = 0; + const SETTINGS_INVALID_SYNTAX = 1; + const SETTINGS_INVALID = 2; + const METADATA_SP_INVALID = 3; + const SP_CERTS_NOT_FOUND = 4; + // SP_CERTS_NOT_FOUND is deprecated, use CERT_NOT_FOUND instead + const CERT_NOT_FOUND = 4; + const REDIRECT_INVALID_URL = 5; + const PUBLIC_CERT_FILE_NOT_FOUND = 6; + const PRIVATE_KEY_FILE_NOT_FOUND = 7; + const SAML_RESPONSE_NOT_FOUND = 8; + const SAML_LOGOUTMESSAGE_NOT_FOUND = 9; + const SAML_LOGOUTREQUEST_INVALID = 10; + const SAML_LOGOUTRESPONSE_INVALID = 11; + const SAML_SINGLE_LOGOUT_NOT_SUPPORTED = 12; + const PRIVATE_KEY_NOT_FOUND = 13; + const UNSUPPORTED_SETTINGS_OBJECT = 14; + + /** + * Constructor + * + * @param string $msg Describes the error. + * @param int $code The code error (defined in the error class). + * @param array|null $args Arguments used in the message that describes the error. + */ + public function __construct($msg, $code = 0, $args = array()) + { + assert(is_string($msg)); + assert(is_int($code)); + + if (!isset($args)) { + $args = array(); + } + $params = array_merge(array($msg), $args); + $message = call_user_func_array('sprintf', $params); + + parent::__construct($message, $code); + } +} diff --git a/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/IdPMetadataParser.php b/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/IdPMetadataParser.php new file mode 100644 index 0000000..947d654 --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/IdPMetadataParser.php @@ -0,0 +1,243 @@ + + * @license MIT https://github.com/onelogin/php-saml/blob/master/LICENSE + * @link https://github.com/onelogin/php-saml + */ + +namespace OneLogin\Saml2; + +use DOMDocument; +use Exception; + +/** + * IdP Metadata Parser of OneLogin PHP Toolkit + */ +class IdPMetadataParser +{ + /** + * Get IdP Metadata Info from URL + * + * @param string $url URL where the IdP metadata is published + * @param string $entityId Entity Id of the desired IdP, if no + * entity Id is provided and the XML + * metadata contains more than one + * IDPSSODescriptor, the first is returned + * @param string $desiredNameIdFormat If available on IdP metadata, use that nameIdFormat + * @param string $desiredSSOBinding Parse specific binding SSO endpoint + * @param string $desiredSLOBinding Parse specific binding SLO endpoint + * + * @return array metadata info in php-saml settings format + */ + public static function parseRemoteXML($url, $entityId = null, $desiredNameIdFormat = null, $desiredSSOBinding = Constants::BINDING_HTTP_REDIRECT, $desiredSLOBinding = Constants::BINDING_HTTP_REDIRECT) + { + $metadataInfo = array(); + + try { + $ch = curl_init($url); + curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "GET"); + curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); + curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); + curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0); + curl_setopt($ch, CURLOPT_FAILONERROR, 1); + + $xml = curl_exec($ch); + if ($xml !== false) { + $metadataInfo = self::parseXML($xml, $entityId, $desiredNameIdFormat, $desiredSSOBinding, $desiredSLOBinding); + } else { + throw new Exception(curl_error($ch), curl_errno($ch)); + } + } catch (Exception $e) { + throw new Exception('Error on parseRemoteXML. '.$e->getMessage()); + } + return $metadataInfo; + } + + /** + * Get IdP Metadata Info from File + * + * @param string $filepath File path + * @param string $entityId Entity Id of the desired IdP, if no + * entity Id is provided and the XML + * metadata contains more than one + * IDPSSODescriptor, the first is returned + * @param string $desiredNameIdFormat If available on IdP metadata, use that nameIdFormat + * @param string $desiredSSOBinding Parse specific binding SSO endpoint + * @param string $desiredSLOBinding Parse specific binding SLO endpoint + * + * @return array metadata info in php-saml settings format + */ + public static function parseFileXML($filepath, $entityId = null, $desiredNameIdFormat = null, $desiredSSOBinding = Constants::BINDING_HTTP_REDIRECT, $desiredSLOBinding = Constants::BINDING_HTTP_REDIRECT) + { + $metadataInfo = array(); + + try { + if (file_exists($filepath)) { + $data = file_get_contents($filepath); + $metadataInfo = self::parseXML($data, $entityId, $desiredNameIdFormat, $desiredSSOBinding, $desiredSLOBinding); + } + } catch (Exception $e) { + throw new Exception('Error on parseFileXML. '.$e->getMessage()); + } + return $metadataInfo; + } + + /** + * Get IdP Metadata Info from URL + * + * @param string $xml XML that contains IdP metadata + * @param string $entityId Entity Id of the desired IdP, if no + * entity Id is provided and the XML + * metadata contains more than one + * IDPSSODescriptor, the first is returned + * @param string $desiredNameIdFormat If available on IdP metadata, use that nameIdFormat + * @param string $desiredSSOBinding Parse specific binding SSO endpoint + * @param string $desiredSLOBinding Parse specific binding SLO endpoint + * + * @return array metadata info in php-saml settings format + * + * @throws Exception + */ + public static function parseXML($xml, $entityId = null, $desiredNameIdFormat = null, $desiredSSOBinding = Constants::BINDING_HTTP_REDIRECT, $desiredSLOBinding = Constants::BINDING_HTTP_REDIRECT) + { + $metadataInfo = array(); + + $dom = new DOMDocument(); + $dom->preserveWhiteSpace = false; + $dom->formatOutput = true; + try { + $dom = Utils::loadXML($dom, $xml); + if (!$dom) { + throw new Exception('Error parsing metadata'); + } + + $customIdPStr = ''; + if (!empty($entityId)) { + $customIdPStr = '[@entityID="' . $entityId . '"]'; + } + $idpDescryptorXPath = '//md:EntityDescriptor' . $customIdPStr . '/md:IDPSSODescriptor'; + + $idpDescriptorNodes = Utils::query($dom, $idpDescryptorXPath); + + if (isset($idpDescriptorNodes) && $idpDescriptorNodes->length > 0) { + $metadataInfo['idp'] = array(); + + $idpDescriptor = $idpDescriptorNodes->item(0); + + if (empty($entityId) && $idpDescriptor->parentNode->hasAttribute('entityID')) { + $entityId = $idpDescriptor->parentNode->getAttribute('entityID'); + } + + if (!empty($entityId)) { + $metadataInfo['idp']['entityId'] = $entityId; + } + + $ssoNodes = Utils::query($dom, './md:SingleSignOnService[@Binding="'.$desiredSSOBinding.'"]', $idpDescriptor); + if ($ssoNodes->length < 1) { + $ssoNodes = Utils::query($dom, './md:SingleSignOnService', $idpDescriptor); + } + if ($ssoNodes->length > 0) { + $metadataInfo['idp']['singleSignOnService'] = array( + 'url' => $ssoNodes->item(0)->getAttribute('Location'), + 'binding' => $ssoNodes->item(0)->getAttribute('Binding') + ); + } + + $sloNodes = Utils::query($dom, './md:SingleLogoutService[@Binding="'.$desiredSLOBinding.'"]', $idpDescriptor); + if ($sloNodes->length < 1) { + $sloNodes = Utils::query($dom, './md:SingleLogoutService', $idpDescriptor); + } + if ($sloNodes->length > 0) { + $metadataInfo['idp']['singleLogoutService'] = array( + 'url' => $sloNodes->item(0)->getAttribute('Location'), + 'binding' => $sloNodes->item(0)->getAttribute('Binding') + ); + + if ($sloNodes->item(0)->hasAttribute('ResponseLocation')) { + $metadataInfo['idp']['singleLogoutService']['responseUrl'] = $sloNodes->item(0)->getAttribute('ResponseLocation'); + } + } + + $keyDescriptorCertSigningNodes = Utils::query($dom, './md:KeyDescriptor[not(contains(@use, "encryption"))]/ds:KeyInfo/ds:X509Data/ds:X509Certificate', $idpDescriptor); + + $keyDescriptorCertEncryptionNodes = Utils::query($dom, './md:KeyDescriptor[not(contains(@use, "signing"))]/ds:KeyInfo/ds:X509Data/ds:X509Certificate', $idpDescriptor); + + if (!empty($keyDescriptorCertSigningNodes) || !empty($keyDescriptorCertEncryptionNodes)) { + $metadataInfo['idp']['x509certMulti'] = array(); + if (!empty($keyDescriptorCertSigningNodes)) { + $idpInfo['x509certMulti']['signing'] = array(); + foreach ($keyDescriptorCertSigningNodes as $keyDescriptorCertSigningNode) { + $metadataInfo['idp']['x509certMulti']['signing'][] = Utils::formatCert($keyDescriptorCertSigningNode->nodeValue, false); + } + } + if (!empty($keyDescriptorCertEncryptionNodes)) { + $idpInfo['x509certMulti']['encryption'] = array(); + foreach ($keyDescriptorCertEncryptionNodes as $keyDescriptorCertEncryptionNode) { + $metadataInfo['idp']['x509certMulti']['encryption'][] = Utils::formatCert($keyDescriptorCertEncryptionNode->nodeValue, false); + } + } + + $idpCertdata = $metadataInfo['idp']['x509certMulti']; + if ((count($idpCertdata) == 1 and + ((isset($idpCertdata['signing']) and count($idpCertdata['signing']) == 1) or (isset($idpCertdata['encryption']) and count($idpCertdata['encryption']) == 1))) or + ((isset($idpCertdata['signing']) && count($idpCertdata['signing']) == 1) && isset($idpCertdata['encryption']) && count($idpCertdata['encryption']) == 1 && strcmp($idpCertdata['signing'][0], $idpCertdata['encryption'][0]) == 0)) { + if (isset($metadataInfo['idp']['x509certMulti']['signing'][0])) { + $metadataInfo['idp']['x509cert'] = $metadataInfo['idp']['x509certMulti']['signing'][0]; + } else { + $metadataInfo['idp']['x509cert'] = $metadataInfo['idp']['x509certMulti']['encryption'][0]; + } + unset($metadataInfo['idp']['x509certMulti']); + } + } + + $nameIdFormatNodes = Utils::query($dom, './md:NameIDFormat', $idpDescriptor); + if ($nameIdFormatNodes->length > 0) { + $metadataInfo['sp']['NameIDFormat'] = $nameIdFormatNodes->item(0)->nodeValue; + if (!empty($desiredNameIdFormat)) { + foreach ($nameIdFormatNodes as $nameIdFormatNode) { + if (strcmp($nameIdFormatNode->nodeValue, $desiredNameIdFormat) == 0) { + $metadataInfo['sp']['NameIDFormat'] = $nameIdFormatNode->nodeValue; + break; + } + } + } + } + } + } catch (Exception $e) { + throw new Exception('Error parsing metadata. '.$e->getMessage()); + } + + return $metadataInfo; + } + + /** + * Inject metadata info into php-saml settings array + * + * @param array $settings php-saml settings array + * @param array $metadataInfo array metadata info + * + * @return array settings + */ + public static function injectIntoSettings($settings, $metadataInfo) + { + if (isset($metadataInfo['idp']) && isset($settings['idp'])) { + if (isset($metadataInfo['idp']['x509certMulti']) && !empty($metadataInfo['idp']['x509certMulti']) && isset($settings['idp']['x509cert'])) { + unset($settings['idp']['x509cert']); + } + + if (isset($metadataInfo['idp']['x509cert']) && !empty($metadataInfo['idp']['x509cert']) && isset($settings['idp']['x509certMulti'])) { + unset($settings['idp']['x509certMulti']); + } + } + + return array_replace_recursive($settings, $metadataInfo); + } +} diff --git a/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/LogoutRequest.php b/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/LogoutRequest.php new file mode 100644 index 0000000..d540c22 --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/LogoutRequest.php @@ -0,0 +1,492 @@ + + * @license MIT https://github.com/onelogin/php-saml/blob/master/LICENSE + * @link https://github.com/onelogin/php-saml + */ + +namespace OneLogin\Saml2; + +use RobRichards\XMLSecLibs\XMLSecurityKey; + +use DOMDocument; +use Exception; + +/** + * SAML 2 Logout Request + */ +class LogoutRequest +{ + /** + * Contains the ID of the Logout Request + * + * @var string + */ + public $id; + + /** + * Object that represents the setting info + * + * @var Settings + */ + protected $_settings; + + /** + * SAML Logout Request + * + * @var string + */ + protected $_logoutRequest; + + /** + * After execute a validation process, this var contains the cause + * + * @var Exception + */ + private $_error; + + /** + * Constructs the Logout Request object. + * + * @param Settings $settings Settings + * @param string|null $request A UUEncoded Logout Request. + * @param string|null $nameId The NameID that will be set in the LogoutRequest. + * @param string|null $sessionIndex The SessionIndex (taken from the SAML Response in the SSO process). + * @param string|null $nameIdFormat The NameID Format will be set in the LogoutRequest. + * @param string|null $nameIdNameQualifier The NameID NameQualifier will be set in the LogoutRequest. + * @param string|null $nameIdSPNameQualifier The NameID SP NameQualifier will be set in the LogoutRequest. + */ + public function __construct(\OneLogin\Saml2\Settings $settings, $request = null, $nameId = null, $sessionIndex = null, $nameIdFormat = null, $nameIdNameQualifier = null, $nameIdSPNameQualifier = null) + { + $this->_settings = $settings; + + $baseURL = $this->_settings->getBaseURL(); + if (!empty($baseURL)) { + Utils::setBaseURL($baseURL); + } + + if (!isset($request) || empty($request)) { + $spData = $this->_settings->getSPData(); + $idpData = $this->_settings->getIdPData(); + $security = $this->_settings->getSecurityData(); + + $id = Utils::generateUniqueID(); + $this->id = $id; + + $issueInstant = Utils::parseTime2SAML(time()); + + $cert = null; + if (isset($security['nameIdEncrypted']) && $security['nameIdEncrypted']) { + $existsMultiX509Enc = isset($idpData['x509certMulti']) && isset($idpData['x509certMulti']['encryption']) && !empty($idpData['x509certMulti']['encryption']); + + if ($existsMultiX509Enc) { + $cert = $idpData['x509certMulti']['encryption'][0]; + } else { + $cert = $idpData['x509cert']; + } + } + + if (!empty($nameId)) { + if (empty($nameIdFormat) + && $spData['NameIDFormat'] != Constants::NAMEID_UNSPECIFIED) { + $nameIdFormat = $spData['NameIDFormat']; + } + } else { + $nameId = $idpData['entityId']; + $nameIdFormat = Constants::NAMEID_ENTITY; + } + + /* From saml-core-2.0-os 8.3.6, when the entity Format is used: + "The NameQualifier, SPNameQualifier, and SPProvidedID attributes MUST be omitted. + */ + if (!empty($nameIdFormat) && $nameIdFormat == Constants::NAMEID_ENTITY) { + $nameIdNameQualifier = null; + $nameIdSPNameQualifier = null; + } + + // NameID Format UNSPECIFIED omitted + if (!empty($nameIdFormat) && $nameIdFormat == Constants::NAMEID_UNSPECIFIED) { + $nameIdFormat = null; + } + + $nameIdObj = Utils::generateNameId( + $nameId, + $nameIdSPNameQualifier, + $nameIdFormat, + $cert, + $nameIdNameQualifier + ); + + $sessionIndexStr = isset($sessionIndex) ? "{$sessionIndex}" : ""; + + $spEntityId = htmlspecialchars($spData['entityId'], ENT_QUOTES); + $logoutRequest = << + {$spEntityId} + {$nameIdObj} + {$sessionIndexStr} + +LOGOUTREQUEST; + } else { + $decoded = base64_decode($request); + // We try to inflate + $inflated = @gzinflate($decoded); + if ($inflated != false) { + $logoutRequest = $inflated; + } else { + $logoutRequest = $decoded; + } + $this->id = static::getID($logoutRequest); + } + $this->_logoutRequest = $logoutRequest; + } + + /** + * Returns the Logout Request defated, base64encoded, unsigned + * + * @param bool|null $deflate Whether or not we should 'gzdeflate' the request body before we return it. + * + * @return string Deflated base64 encoded Logout Request + */ + public function getRequest($deflate = null) + { + $subject = $this->_logoutRequest; + + if (is_null($deflate)) { + $deflate = $this->_settings->shouldCompressRequests(); + } + + if ($deflate) { + $subject = gzdeflate($this->_logoutRequest); + } + + return base64_encode($subject); + } + + /** + * Returns the ID of the Logout Request. + * + * @param string|DOMDocument $request Logout Request Message + * + * @return string ID + * + * @throws Error + */ + public static function getID($request) + { + if ($request instanceof DOMDocument) { + $dom = $request; + } else { + $dom = new DOMDocument(); + $dom = Utils::loadXML($dom, $request); + } + + + if (false === $dom) { + throw new Error( + "LogoutRequest could not be processed", + Error::SAML_LOGOUTREQUEST_INVALID + ); + } + + $id = $dom->documentElement->getAttribute('ID'); + return $id; + } + + /** + * Gets the NameID Data of the the Logout Request. + * + * @param string|DOMDocument $request Logout Request Message + * @param string|null $key The SP key + * + * @return array Name ID Data (Value, Format, NameQualifier, SPNameQualifier) + * + * @throws Error + * @throws Exception + * @throws ValidationError + */ + public static function getNameIdData($request, $key = null) + { + if ($request instanceof DOMDocument) { + $dom = $request; + } else { + $dom = new DOMDocument(); + $dom = Utils::loadXML($dom, $request); + } + + $encryptedEntries = Utils::query($dom, '/samlp:LogoutRequest/saml:EncryptedID'); + + if ($encryptedEntries->length == 1) { + $encryptedDataNodes = $encryptedEntries->item(0)->getElementsByTagName('EncryptedData'); + $encryptedData = $encryptedDataNodes->item(0); + + if (empty($key)) { + throw new Error( + "Private Key is required in order to decrypt the NameID, check settings", + Error::PRIVATE_KEY_NOT_FOUND + ); + } + + $seckey = new XMLSecurityKey(XMLSecurityKey::RSA_1_5, array('type'=>'private')); + $seckey->loadKey($key); + + $nameId = Utils::decryptElement($encryptedData, $seckey); + + } else { + $entries = Utils::query($dom, '/samlp:LogoutRequest/saml:NameID'); + if ($entries->length == 1) { + $nameId = $entries->item(0); + } + } + + if (!isset($nameId)) { + throw new ValidationError( + "NameID not found in the Logout Request", + ValidationError::NO_NAMEID + ); + } + + $nameIdData = array(); + $nameIdData['Value'] = $nameId->nodeValue; + foreach (array('Format', 'SPNameQualifier', 'NameQualifier') as $attr) { + if ($nameId->hasAttribute($attr)) { + $nameIdData[$attr] = $nameId->getAttribute($attr); + } + } + + return $nameIdData; + } + + /** + * Gets the NameID of the Logout Request. + * + * @param string|DOMDocument $request Logout Request Message + * @param string|null $key The SP key + * + * @return string Name ID Value + * + * @throws Error + * @throws Exception + * @throws ValidationError + */ + public static function getNameId($request, $key = null) + { + $nameId = self::getNameIdData($request, $key); + return $nameId['Value']; + } + + /** + * Gets the Issuer of the Logout Request. + * + * @param string|DOMDocument $request Logout Request Message + * + * @return string|null $issuer The Issuer + * + * @throws Exception + */ + public static function getIssuer($request) + { + if ($request instanceof DOMDocument) { + $dom = $request; + } else { + $dom = new DOMDocument(); + $dom = Utils::loadXML($dom, $request); + } + + $issuer = null; + $issuerNodes = Utils::query($dom, '/samlp:LogoutRequest/saml:Issuer'); + if ($issuerNodes->length == 1) { + $issuer = $issuerNodes->item(0)->textContent; + } + return $issuer; + } + + /** + * Gets the SessionIndexes from the Logout Request. + * Notice: Our Constructor only support 1 SessionIndex but this parser + * extracts an array of all the SessionIndex found on a + * Logout Request, that could be many. + * + * @param string|DOMDocument $request Logout Request Message + * + * @return array The SessionIndex value + * + * @throws Exception + */ + public static function getSessionIndexes($request) + { + if ($request instanceof DOMDocument) { + $dom = $request; + } else { + $dom = new DOMDocument(); + $dom = Utils::loadXML($dom, $request); + } + + $sessionIndexes = array(); + $sessionIndexNodes = Utils::query($dom, '/samlp:LogoutRequest/samlp:SessionIndex'); + foreach ($sessionIndexNodes as $sessionIndexNode) { + $sessionIndexes[] = $sessionIndexNode->textContent; + } + return $sessionIndexes; + } + + /** + * Checks if the Logout Request recieved is valid. + * + * @param bool $retrieveParametersFromServer True if we want to use parameters from $_SERVER to validate the signature + * + * @return bool If the Logout Request is or not valid + * + * @throws Exception + * @throws ValidationError + */ + public function isValid($retrieveParametersFromServer = false) + { + $this->_error = null; + try { + $dom = new DOMDocument(); + $dom = Utils::loadXML($dom, $this->_logoutRequest); + + $idpData = $this->_settings->getIdPData(); + $idPEntityId = $idpData['entityId']; + + if ($this->_settings->isStrict()) { + $security = $this->_settings->getSecurityData(); + + if ($security['wantXMLValidation']) { + $res = Utils::validateXML($dom, 'saml-schema-protocol-2.0.xsd', $this->_settings->isDebugActive(), $this->_settings->getSchemasPath()); + if (!$res instanceof DOMDocument) { + throw new ValidationError( + "Invalid SAML Logout Request. Not match the saml-schema-protocol-2.0.xsd", + ValidationError::INVALID_XML_FORMAT + ); + } + } + + $currentURL = Utils::getSelfRoutedURLNoQuery(); + + // Check NotOnOrAfter + if ($dom->documentElement->hasAttribute('NotOnOrAfter')) { + $na = Utils::parseSAML2Time($dom->documentElement->getAttribute('NotOnOrAfter')); + if ($na <= time()) { + throw new ValidationError( + "Could not validate timestamp: expired. Check system clock.", + ValidationError::RESPONSE_EXPIRED + ); + } + } + + // Check destination + if ($dom->documentElement->hasAttribute('Destination')) { + $destination = $dom->documentElement->getAttribute('Destination'); + if (empty($destination)) { + if (!$security['relaxDestinationValidation']) { + throw new ValidationError( + "The LogoutRequest has an empty Destination value", + ValidationError::EMPTY_DESTINATION + ); + } + } else { + $urlComparisonLength = $security['destinationStrictlyMatches'] ? strlen($destination) : strlen($currentURL); + if (strncmp($destination, $currentURL, $urlComparisonLength) !== 0) { + $currentURLNoRouted = Utils::getSelfURLNoQuery(); + $urlComparisonLength = $security['destinationStrictlyMatches'] ? strlen($destination) : strlen($currentURLNoRouted); + if (strncmp($destination, $currentURLNoRouted, $urlComparisonLength) !== 0) { + throw new ValidationError( + "The LogoutRequest was received at $currentURL instead of $destination", + ValidationError::WRONG_DESTINATION + ); + } + } + } + } + + $nameId = static::getNameId($dom, $this->_settings->getSPkey()); + + // Check issuer + $issuer = static::getIssuer($dom); + if (!empty($issuer) && $issuer != $idPEntityId) { + throw new ValidationError( + "Invalid issuer in the Logout Request", + ValidationError::WRONG_ISSUER + ); + } + + if ($security['wantMessagesSigned'] && !isset($_GET['Signature'])) { + throw new ValidationError( + "The Message of the Logout Request is not signed and the SP require it", + ValidationError::NO_SIGNED_MESSAGE + ); + } + } + + if (isset($_GET['Signature'])) { + $signatureValid = Utils::validateBinarySign("SAMLRequest", $_GET, $idpData, $retrieveParametersFromServer); + if (!$signatureValid) { + throw new ValidationError( + "Signature validation failed. Logout Request rejected", + ValidationError::INVALID_SIGNATURE + ); + } + } + + return true; + } catch (Exception $e) { + $this->_error = $e; + $debug = $this->_settings->isDebugActive(); + if ($debug) { + echo htmlentities($this->_error->getMessage()); + } + return false; + } + } + + /** + * After execute a validation process, if fails this method returns the Exception of the cause + * + * @return Exception Cause + */ + public function getErrorException() + { + return $this->_error; + } + + /** + * After execute a validation process, if fails this method returns the cause + * + * @return null|string Error reason + */ + public function getError() + { + $errorMsg = null; + if (isset($this->_error)) { + $errorMsg = htmlentities($this->_error->getMessage()); + } + return $errorMsg; + } + + /** + * Returns the XML that will be sent as part of the request + * or that was received at the SP + * + * @return string + */ + public function getXML() + { + return $this->_logoutRequest; + } +} diff --git a/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/LogoutResponse.php b/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/LogoutResponse.php new file mode 100644 index 0000000..700feb0 --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/LogoutResponse.php @@ -0,0 +1,348 @@ + + * @license MIT https://github.com/onelogin/php-saml/blob/master/LICENSE + * @link https://github.com/onelogin/php-saml + */ + +namespace OneLogin\Saml2; + +use DOMDocument; +use DOMNodeList; +use Exception; + +/** + * SAML 2 Logout Response + */ +class LogoutResponse +{ + /** + * Contains the ID of the Logout Response + * + * @var string + */ + public $id; + + /** + * Object that represents the setting info + * + * @var Settings + */ + protected $_settings; + + /** + * The decoded, unprocessed XML response provided to the constructor. + * + * @var string|null + */ + protected $_logoutResponse; + + /** + * A DOMDocument class loaded from the SAML LogoutResponse. + * + * @var DOMDocument + */ + public $document; + + /** + * After execute a validation process, if it fails, this var contains the cause + * + * @var Exception|null + */ + private $_error; + + /** + * Constructs a Logout Response object (Initialize params from settings and if provided + * load the Logout Response. + * + * @param Settings $settings Settings. + * @param string|null $response An UUEncoded SAML Logout response from the IdP. + * + * @throws Error + * @throws Exception + */ + public function __construct(\OneLogin\Saml2\Settings $settings, $response = null) + { + $this->_settings = $settings; + + $baseURL = $this->_settings->getBaseURL(); + if (!empty($baseURL)) { + Utils::setBaseURL($baseURL); + } + + if ($response) { + $decoded = base64_decode($response); + $inflated = @gzinflate($decoded); + if ($inflated != false) { + $this->_logoutResponse = $inflated; + } else { + $this->_logoutResponse = $decoded; + } + $this->document = new DOMDocument(); + $this->document = Utils::loadXML($this->document, $this->_logoutResponse); + + if (false === $this->document) { + throw new Error( + "LogoutResponse could not be processed", + Error::SAML_LOGOUTRESPONSE_INVALID + ); + } + + if ($this->document->documentElement->hasAttribute('ID')) { + $this->id = $this->document->documentElement->getAttribute('ID'); + } + } + } + + /** + * Gets the Issuer of the Logout Response. + * + * @return string|null $issuer The Issuer + */ + public function getIssuer() + { + $issuer = null; + $issuerNodes = $this->_query('/samlp:LogoutResponse/saml:Issuer'); + if ($issuerNodes->length == 1) { + $issuer = $issuerNodes->item(0)->textContent; + } + return $issuer; + } + + /** + * Gets the Status of the Logout Response. + * + * @return string|null The Status + */ + public function getStatus() + { + $entries = $this->_query('/samlp:LogoutResponse/samlp:Status/samlp:StatusCode'); + if ($entries->length != 1) { + return null; + } + $status = $entries->item(0)->getAttribute('Value'); + return $status; + } + + /** + * Determines if the SAML LogoutResponse is valid + * + * @param string|null $requestId The ID of the LogoutRequest sent by this SP to the IdP + * @param bool $retrieveParametersFromServer True if we want to use parameters from $_SERVER to validate the signature + * + * @return bool Returns if the SAML LogoutResponse is or not valid + * + * @throws ValidationError + */ + public function isValid($requestId = null, $retrieveParametersFromServer = false) + { + $this->_error = null; + try { + $idpData = $this->_settings->getIdPData(); + $idPEntityId = $idpData['entityId']; + + if ($this->_settings->isStrict()) { + $security = $this->_settings->getSecurityData(); + + if ($security['wantXMLValidation']) { + $res = Utils::validateXML($this->document, 'saml-schema-protocol-2.0.xsd', $this->_settings->isDebugActive(), $this->_settings->getSchemasPath()); + if (!$res instanceof DOMDocument) { + throw new ValidationError( + "Invalid SAML Logout Response. Not match the saml-schema-protocol-2.0.xsd", + ValidationError::INVALID_XML_FORMAT + ); + } + } + + // Check if the InResponseTo of the Logout Response matchs the ID of the Logout Request (requestId) if provided + if (isset($requestId) && $this->document->documentElement->hasAttribute('InResponseTo')) { + $inResponseTo = $this->document->documentElement->getAttribute('InResponseTo'); + if ($requestId != $inResponseTo) { + throw new ValidationError( + "The InResponseTo of the Logout Response: $inResponseTo, does not match the ID of the Logout request sent by the SP: $requestId", + ValidationError::WRONG_INRESPONSETO + ); + } + } + + // Check issuer + $issuer = $this->getIssuer(); + if (!empty($issuer) && $issuer != $idPEntityId) { + throw new ValidationError( + "Invalid issuer in the Logout Response", + ValidationError::WRONG_ISSUER + ); + } + + $currentURL = Utils::getSelfRoutedURLNoQuery(); + + if ($this->document->documentElement->hasAttribute('Destination')) { + $destination = $this->document->documentElement->getAttribute('Destination'); + if (empty($destination)) { + if (!$security['relaxDestinationValidation']) { + throw new ValidationError( + "The LogoutResponse has an empty Destination value", + ValidationError::EMPTY_DESTINATION + ); + } + } else { + $urlComparisonLength = $security['destinationStrictlyMatches'] ? strlen($destination) : strlen($currentURL); + if (strncmp($destination, $currentURL, $urlComparisonLength) !== 0) { + $currentURLNoRouted = Utils::getSelfURLNoQuery(); + $urlComparisonLength = $security['destinationStrictlyMatches'] ? strlen($destination) : strlen($currentURLNoRouted); + if (strncmp($destination, $currentURLNoRouted, $urlComparisonLength) !== 0) { + throw new ValidationError( + "The LogoutResponse was received at $currentURL instead of $destination", + ValidationError::WRONG_DESTINATION + ); + } + } + } + } + + if ($security['wantMessagesSigned'] && !isset($_GET['Signature'])) { + throw new ValidationError( + "The Message of the Logout Response is not signed and the SP requires it", + ValidationError::NO_SIGNED_MESSAGE + ); + } + } + + if (isset($_GET['Signature'])) { + $signatureValid = Utils::validateBinarySign("SAMLResponse", $_GET, $idpData, $retrieveParametersFromServer); + if (!$signatureValid) { + throw new ValidationError( + "Signature validation failed. Logout Response rejected", + ValidationError::INVALID_SIGNATURE + ); + } + } + return true; + } catch (Exception $e) { + $this->_error = $e; + $debug = $this->_settings->isDebugActive(); + if ($debug) { + echo htmlentities($this->_error->getMessage()); + } + return false; + } + } + + /** + * Extracts a node from the DOMDocument (Logout Response Menssage) + * + * @param string $query Xpath Expression + * + * @return DOMNodeList The queried node + */ + private function _query($query) + { + return Utils::query($this->document, $query); + + } + + /** + * Generates a Logout Response object. + * + * @param string $inResponseTo InResponseTo value for the Logout Response. + */ + public function build($inResponseTo) + { + + $spData = $this->_settings->getSPData(); + $idpData = $this->_settings->getIdPData(); + + $this->id = Utils::generateUniqueID(); + $issueInstant = Utils::parseTime2SAML(time()); + + $spEntityId = htmlspecialchars($spData['entityId'], ENT_QUOTES); + $logoutResponse = << + {$spEntityId} + + + + +LOGOUTRESPONSE; + $this->_logoutResponse = $logoutResponse; + } + + /** + * Returns a Logout Response object. + * + * @param bool|null $deflate Whether or not we should 'gzdeflate' the response body before we return it. + * + * @return string Logout Response deflated and base64 encoded + */ + public function getResponse($deflate = null) + { + $logoutResponse = $this->_logoutResponse; + + if (is_null($deflate)) { + $deflate = $this->_settings->shouldCompressResponses(); + } + + if ($deflate) { + $logoutResponse = gzdeflate($this->_logoutResponse); + } + return base64_encode($logoutResponse); + } + + /** + * After execute a validation process, if fails this method returns the cause. + * + * @return Exception|null Cause + */ + public function getErrorException() + { + return $this->_error; + } + + /** + * After execute a validation process, if fails this method returns the cause + * + * @return null|string Error reason + */ + public function getError() + { + $errorMsg = null; + if (isset($this->_error)) { + $errorMsg = htmlentities($this->_error->getMessage()); + } + return $errorMsg; + } + + /** + * @return string the ID of the Response + */ + public function getId() + { + return $this->id; + } + + /** + * Returns the XML that will be sent as part of the response + * or that was received at the SP + * + * @return string|null + */ + public function getXML() + { + return $this->_logoutResponse; + } +} diff --git a/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/Metadata.php b/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/Metadata.php new file mode 100644 index 0000000..922ad60 --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/Metadata.php @@ -0,0 +1,267 @@ + + * @license MIT https://github.com/onelogin/php-saml/blob/master/LICENSE + * @link https://github.com/onelogin/php-saml + */ + +namespace OneLogin\Saml2; + +use RobRichards\XMLSecLibs\XMLSecurityKey; +use RobRichards\XMLSecLibs\XMLSecurityDSig; + +use DOMDocument; +use Exception; + +/** + * Metadata lib of OneLogin PHP Toolkit + */ +class Metadata +{ + const TIME_VALID = 172800; // 2 days + const TIME_CACHED = 604800; // 1 week + + /** + * Generates the metadata of the SP based on the settings + * + * @param array $sp The SP data + * @param bool|string $authnsign authnRequestsSigned attribute + * @param bool|string $wsign wantAssertionsSigned attribute + * @param int|null $validUntil Metadata's valid time + * @param int|null $cacheDuration Duration of the cache in seconds + * @param array $contacts Contacts info + * @param array $organization Organization ingo + * @param array $attributes + * + * @return string SAML Metadata XML + */ + public static function builder($sp, $authnsign = false, $wsign = false, $validUntil = null, $cacheDuration = null, $contacts = array(), $organization = array(), $attributes = array()) + { + + if (!isset($validUntil)) { + $validUntil = time() + self::TIME_VALID; + } + $validUntilTime = Utils::parseTime2SAML($validUntil); + + if (!isset($cacheDuration)) { + $cacheDuration = self::TIME_CACHED; + } + + $sls = ''; + + if (isset($sp['singleLogoutService'])) { + $slsUrl = htmlspecialchars($sp['singleLogoutService']['url'], ENT_QUOTES); + $sls = << + +SLS_TEMPLATE; + } + + if ($authnsign) { + $strAuthnsign = 'true'; + } else { + $strAuthnsign = 'false'; + } + + if ($wsign) { + $strWsign = 'true'; + } else { + $strWsign = 'false'; + } + + $strOrganization = ''; + + if (!empty($organization)) { + $organizationInfoNames = array(); + $organizationInfoDisplaynames = array(); + $organizationInfoUrls = array(); + foreach ($organization as $lang => $info) { + $organizationInfoNames[] = <<{$info['name']} +ORGANIZATION_NAME; + $organizationInfoDisplaynames[] = <<{$info['displayname']} +ORGANIZATION_DISPLAY; + $organizationInfoUrls[] = <<{$info['url']} +ORGANIZATION_URL; + } + $orgData = implode("\n", $organizationInfoNames)."\n".implode("\n", $organizationInfoDisplaynames)."\n".implode("\n", $organizationInfoUrls); + $strOrganization = << +{$orgData} + +ORGANIZATIONSTR; + } + + $strContacts = ''; + if (!empty($contacts)) { + $contactsInfo = array(); + foreach ($contacts as $type => $info) { + $contactsInfo[] = << + {$info['givenName']} + {$info['emailAddress']} + +CONTACT; + } + $strContacts = "\n".implode("\n", $contactsInfo); + } + + $strAttributeConsumingService = ''; + if (isset($sp['attributeConsumingService'])) { + $attrCsDesc = ''; + if (isset($sp['attributeConsumingService']['serviceDescription'])) { + $attrCsDesc = sprintf( + ' %s' . PHP_EOL, + $sp['attributeConsumingService']['serviceDescription'] + ); + } + if (!isset($sp['attributeConsumingService']['serviceName'])) { + $sp['attributeConsumingService']['serviceName'] = 'Service'; + } + $requestedAttributeData = array(); + foreach ($sp['attributeConsumingService']['requestedAttributes'] as $attribute) { + $requestedAttributeStr = sprintf(' {$attrValue} +ATTRIBUTEVALUE; + } + $reqAttrAuxStr .= "\n "; + } + + $requestedAttributeData[] = $requestedAttributeStr . $reqAttrAuxStr; + } + + $requestedAttributeStr = implode(PHP_EOL, $requestedAttributeData); + $strAttributeConsumingService = << + {$sp['attributeConsumingService']['serviceName']} +{$attrCsDesc}{$requestedAttributeStr} + +METADATA_TEMPLATE; + } + + $spEntityId = htmlspecialchars($sp['entityId'], ENT_QUOTES); + $acsUrl = htmlspecialchars($sp['assertionConsumerService']['url'], ENT_QUOTES); + $metadata = << + + +{$sls} {$sp['NameIDFormat']} + + {$strAttributeConsumingService} + {$strOrganization}{$strContacts} + +METADATA_TEMPLATE; + return $metadata; + } + + /** + * Signs the metadata with the key/cert provided + * + * @param string $metadata SAML Metadata XML + * @param string $key x509 key + * @param string $cert x509 cert + * @param string $signAlgorithm Signature algorithm method + * @param string $digestAlgorithm Digest algorithm method + * + * @return string Signed Metadata + * + * @throws Exception + */ + public static function signMetadata($metadata, $key, $cert, $signAlgorithm = XMLSecurityKey::RSA_SHA256, $digestAlgorithm = XMLSecurityDSig::SHA256) + { + return Utils::addSign($metadata, $key, $cert, $signAlgorithm, $digestAlgorithm); + } + + /** + * Adds the x509 descriptors (sign/encryption) to the metadata + * The same cert will be used for sign/encrypt + * + * @param string $metadata SAML Metadata XML + * @param string $cert x509 cert + * @param bool $wantsEncrypted Whether to include the KeyDescriptor for encryption + * + * @return string Metadata with KeyDescriptors + * + * @throws Exception + */ + public static function addX509KeyDescriptors($metadata, $cert, $wantsEncrypted = true) + { + $xml = new DOMDocument(); + $xml->preserveWhiteSpace = false; + $xml->formatOutput = true; + try { + $xml = Utils::loadXML($xml, $metadata); + if (!$xml) { + throw new Exception('Error parsing metadata'); + } + } catch (Exception $e) { + throw new Exception('Error parsing metadata. '.$e->getMessage()); + } + + $formatedCert = Utils::formatCert($cert, false); + $x509Certificate = $xml->createElementNS(Constants::NS_DS, 'X509Certificate', $formatedCert); + + $keyData = $xml->createElementNS(Constants::NS_DS, 'ds:X509Data'); + $keyData->appendChild($x509Certificate); + + $keyInfo = $xml->createElementNS(Constants::NS_DS, 'ds:KeyInfo'); + $keyInfo->appendChild($keyData); + + $keyDescriptor = $xml->createElementNS(Constants::NS_MD, "md:KeyDescriptor"); + + $SPSSODescriptor = $xml->getElementsByTagName('SPSSODescriptor')->item(0); + $SPSSODescriptor->insertBefore($keyDescriptor->cloneNode(), $SPSSODescriptor->firstChild); + if ($wantsEncrypted === true) { + $SPSSODescriptor->insertBefore($keyDescriptor->cloneNode(), $SPSSODescriptor->firstChild); + } + + $signing = $xml->getElementsByTagName('KeyDescriptor')->item(0); + $signing->setAttribute('use', 'signing'); + $signing->appendChild($keyInfo); + + if ($wantsEncrypted === true) { + $encryption = $xml->getElementsByTagName('KeyDescriptor')->item(1); + $encryption->setAttribute('use', 'encryption'); + + $encryption->appendChild($keyInfo->cloneNode(true)); + } + + return $xml->saveXML(); + } +} diff --git a/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/Response.php b/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/Response.php new file mode 100644 index 0000000..b34297f --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/Response.php @@ -0,0 +1,1227 @@ + + * @license MIT https://github.com/onelogin/php-saml/blob/master/LICENSE + * @link https://github.com/onelogin/php-saml + */ + +namespace OneLogin\Saml2; + +use RobRichards\XMLSecLibs\XMLSecurityKey; +use RobRichards\XMLSecLibs\XMLSecEnc; + +use DOMDocument; +use DOMNodeList; +use DOMXPath; +use Exception; + +/** + * SAML 2 Authentication Response + */ +class Response +{ + /** + * Settings + * + * @var Settings + */ + protected $_settings; + + /** + * The decoded, unprocessed XML response provided to the constructor. + * + * @var string + */ + public $response; + + /** + * A DOMDocument class loaded from the SAML Response. + * + * @var DOMDocument + */ + public $document; + + /** + * A DOMDocument class loaded from the SAML Response (Decrypted). + * + * @var DOMDocument + */ + public $decryptedDocument; + + /** + * The response contains an encrypted assertion. + * + * @var bool + */ + public $encrypted = false; + + /** + * After validation, if it fail this var has the cause of the problem + * + * @var Exception|null + */ + private $_error; + + /** + * NotOnOrAfter value of a valid SubjectConfirmationData node + * + * @var int + */ + private $_validSCDNotOnOrAfter; + + /** + * Constructs the SAML Response object. + * + * @param Settings $settings Settings. + * @param string $response A UUEncoded SAML response from the IdP. + * + * @throws Exception + * @throws ValidationError + */ + public function __construct(\OneLogin\Saml2\Settings $settings, $response) + { + $this->_settings = $settings; + + $baseURL = $this->_settings->getBaseURL(); + if (!empty($baseURL)) { + Utils::setBaseURL($baseURL); + } + + $this->response = base64_decode($response); + + $this->document = new DOMDocument(); + $this->document = Utils::loadXML($this->document, $this->response); + if (!$this->document) { + throw new ValidationError( + "SAML Response could not be processed", + ValidationError::INVALID_XML_FORMAT + ); + } + + // Quick check for the presence of EncryptedAssertion + $encryptedAssertionNodes = $this->document->getElementsByTagName('EncryptedAssertion'); + if ($encryptedAssertionNodes->length !== 0) { + $this->decryptedDocument = clone $this->document; + $this->encrypted = true; + $this->decryptedDocument = $this->decryptAssertion($this->decryptedDocument); + } + } + + /** + * Determines if the SAML Response is valid using the certificate. + * + * @param string|null $requestId The ID of the AuthNRequest sent by this SP to the IdP + * + * @return bool Validate the document + * + * @throws Exception + * @throws ValidationError + */ + public function isValid($requestId = null) + { + $this->_error = null; + try { + // Check SAML version + if ($this->document->documentElement->getAttribute('Version') != '2.0') { + throw new ValidationError( + "Unsupported SAML version", + ValidationError::UNSUPPORTED_SAML_VERSION + ); + } + + if (!$this->document->documentElement->hasAttribute('ID')) { + throw new ValidationError( + "Missing ID attribute on SAML Response", + ValidationError::MISSING_ID + ); + } + + $this->checkStatus(); + + $singleAssertion = $this->validateNumAssertions(); + if (!$singleAssertion) { + throw new ValidationError( + "SAML Response must contain 1 assertion", + ValidationError::WRONG_NUMBER_OF_ASSERTIONS + ); + } + + $idpData = $this->_settings->getIdPData(); + $idPEntityId = $idpData['entityId']; + $spData = $this->_settings->getSPData(); + $spEntityId = $spData['entityId']; + + $signedElements = $this->processSignedElements(); + + $responseTag = '{'.Constants::NS_SAMLP.'}Response'; + $assertionTag = '{'.Constants::NS_SAML.'}Assertion'; + + $hasSignedResponse = in_array($responseTag, $signedElements); + $hasSignedAssertion = in_array($assertionTag, $signedElements); + + if ($this->_settings->isStrict()) { + $security = $this->_settings->getSecurityData(); + + if ($security['wantXMLValidation']) { + $errorXmlMsg = "Invalid SAML Response. Not match the saml-schema-protocol-2.0.xsd"; + $res = Utils::validateXML($this->document, 'saml-schema-protocol-2.0.xsd', $this->_settings->isDebugActive(), $this->_settings->getSchemasPath()); + if (!$res instanceof DOMDocument) { + throw new ValidationError( + $errorXmlMsg, + ValidationError::INVALID_XML_FORMAT + ); + } + + // If encrypted, check also the decrypted document + if ($this->encrypted) { + $res = Utils::validateXML($this->decryptedDocument, 'saml-schema-protocol-2.0.xsd', $this->_settings->isDebugActive(), $this->_settings->getSchemasPath()); + if (!$res instanceof DOMDocument) { + throw new ValidationError( + $errorXmlMsg, + ValidationError::INVALID_XML_FORMAT + ); + } + } + + } + + $currentURL = Utils::getSelfRoutedURLNoQuery(); + + $responseInResponseTo = null; + if ($this->document->documentElement->hasAttribute('InResponseTo')) { + $responseInResponseTo = $this->document->documentElement->getAttribute('InResponseTo'); + } + + if (!isset($requestId) && isset($responseInResponseTo) && $security['rejectUnsolicitedResponsesWithInResponseTo']) { + throw new ValidationError( + "The Response has an InResponseTo attribute: " . $responseInResponseTo . " while no InResponseTo was expected", + ValidationError::WRONG_INRESPONSETO + ); + } + + // Check if the InResponseTo of the Response matchs the ID of the AuthNRequest (requestId) if provided + if (isset($requestId) && $requestId != $responseInResponseTo) { + if ($responseInResponseTo == null) { + throw new ValidationError( + "No InResponseTo at the Response, but it was provided the requestId related to the AuthNRequest sent by the SP: $requestId", + ValidationError::WRONG_INRESPONSETO + ); + } else { + throw new ValidationError( + "The InResponseTo of the Response: $responseInResponseTo, does not match the ID of the AuthNRequest sent by the SP: $requestId", + ValidationError::WRONG_INRESPONSETO + ); + } + } + + if (!$this->encrypted && $security['wantAssertionsEncrypted']) { + throw new ValidationError( + "The assertion of the Response is not encrypted and the SP requires it", + ValidationError::NO_ENCRYPTED_ASSERTION + ); + } + + if ($security['wantNameIdEncrypted']) { + $encryptedIdNodes = $this->_queryAssertion('/saml:Subject/saml:EncryptedID/xenc:EncryptedData'); + if ($encryptedIdNodes->length != 1) { + throw new ValidationError( + "The NameID of the Response is not encrypted and the SP requires it", + ValidationError::NO_ENCRYPTED_NAMEID + ); + } + } + + // Validate Conditions element exists + if (!$this->checkOneCondition()) { + throw new ValidationError( + "The Assertion must include a Conditions element", + ValidationError::MISSING_CONDITIONS + ); + } + + // Validate Asserion timestamps + $this->validateTimestamps(); + + // Validate AuthnStatement element exists and is unique + if (!$this->checkOneAuthnStatement()) { + throw new ValidationError( + "The Assertion must include an AuthnStatement element", + ValidationError::WRONG_NUMBER_OF_AUTHSTATEMENTS + ); + } + + // EncryptedAttributes are not supported + $encryptedAttributeNodes = $this->_queryAssertion('/saml:AttributeStatement/saml:EncryptedAttribute'); + if ($encryptedAttributeNodes->length > 0) { + throw new ValidationError( + "There is an EncryptedAttribute in the Response and this SP not support them", + ValidationError::ENCRYPTED_ATTRIBUTES + ); + } + + // Check destination + if ($this->document->documentElement->hasAttribute('Destination')) { + $destination = trim($this->document->documentElement->getAttribute('Destination')); + if (empty($destination)) { + if (!$security['relaxDestinationValidation']) { + throw new ValidationError( + "The response has an empty Destination value", + ValidationError::EMPTY_DESTINATION + ); + } + } else { + $urlComparisonLength = $security['destinationStrictlyMatches'] ? strlen($destination) : strlen($currentURL); + if (strncmp($destination, $currentURL, $urlComparisonLength) !== 0) { + $currentURLNoRouted = Utils::getSelfURLNoQuery(); + $urlComparisonLength = $security['destinationStrictlyMatches'] ? strlen($destination) : strlen($currentURLNoRouted); + if (strncmp($destination, $currentURLNoRouted, $urlComparisonLength) !== 0) { + throw new ValidationError( + "The response was received at $currentURL instead of $destination", + ValidationError::WRONG_DESTINATION + ); + } + } + } + } + + // Check audience + $validAudiences = $this->getAudiences(); + if (!empty($validAudiences) && !in_array($spEntityId, $validAudiences, true)) { + throw new ValidationError( + sprintf( + "Invalid audience for this Response (expected '%s', got '%s')", + $spEntityId, + implode(',', $validAudiences) + ), + ValidationError::WRONG_AUDIENCE + ); + } + + // Check the issuers + $issuers = $this->getIssuers(); + foreach ($issuers as $issuer) { + $trimmedIssuer = trim($issuer); + if (empty($trimmedIssuer) || $trimmedIssuer !== $idPEntityId) { + throw new ValidationError( + "Invalid issuer in the Assertion/Response (expected '$idPEntityId', got '$trimmedIssuer')", + ValidationError::WRONG_ISSUER + ); + } + } + + // Check the session Expiration + $sessionExpiration = $this->getSessionNotOnOrAfter(); + if (!empty($sessionExpiration) && $sessionExpiration + Constants::ALLOWED_CLOCK_DRIFT <= time()) { + throw new ValidationError( + "The attributes have expired, based on the SessionNotOnOrAfter of the AttributeStatement of this Response", + ValidationError::SESSION_EXPIRED + ); + } + + // Check the SubjectConfirmation, at least one SubjectConfirmation must be valid + $anySubjectConfirmation = false; + $subjectConfirmationNodes = $this->_queryAssertion('/saml:Subject/saml:SubjectConfirmation'); + foreach ($subjectConfirmationNodes as $scn) { + if ($scn->hasAttribute('Method') && $scn->getAttribute('Method') != Constants::CM_BEARER) { + continue; + } + $subjectConfirmationDataNodes = $scn->getElementsByTagName('SubjectConfirmationData'); + if ($subjectConfirmationDataNodes->length == 0) { + continue; + } else { + $scnData = $subjectConfirmationDataNodes->item(0); + if ($scnData->hasAttribute('InResponseTo')) { + $inResponseTo = $scnData->getAttribute('InResponseTo'); + if (isset($responseInResponseTo) && $responseInResponseTo != $inResponseTo) { + continue; + } + } + if ($scnData->hasAttribute('Recipient')) { + $recipient = $scnData->getAttribute('Recipient'); + if (!empty($recipient) && strpos($recipient, $currentURL) === false) { + continue; + } + } + if ($scnData->hasAttribute('NotOnOrAfter')) { + $noa = Utils::parseSAML2Time($scnData->getAttribute('NotOnOrAfter')); + if ($noa + Constants::ALLOWED_CLOCK_DRIFT <= time()) { + continue; + } + } + if ($scnData->hasAttribute('NotBefore')) { + $nb = Utils::parseSAML2Time($scnData->getAttribute('NotBefore')); + if ($nb > time() + Constants::ALLOWED_CLOCK_DRIFT) { + continue; + } + } + + // Save NotOnOrAfter value + if ($scnData->hasAttribute('NotOnOrAfter')) { + $this->_validSCDNotOnOrAfter = $noa; + } + $anySubjectConfirmation = true; + break; + } + } + + if (!$anySubjectConfirmation) { + throw new ValidationError( + "A valid SubjectConfirmation was not found on this Response", + ValidationError::WRONG_SUBJECTCONFIRMATION + ); + } + + if ($security['wantAssertionsSigned'] && !$hasSignedAssertion) { + throw new ValidationError( + "The Assertion of the Response is not signed and the SP requires it", + ValidationError::NO_SIGNED_ASSERTION + ); + } + + if ($security['wantMessagesSigned'] && !$hasSignedResponse) { + throw new ValidationError( + "The Message of the Response is not signed and the SP requires it", + ValidationError::NO_SIGNED_MESSAGE + ); + } + } + + // Detect case not supported + if ($this->encrypted) { + $encryptedIDNodes = Utils::query($this->decryptedDocument, '/samlp:Response/saml:Assertion/saml:Subject/saml:EncryptedID'); + if ($encryptedIDNodes->length > 0) { + throw new ValidationError( + 'SAML Response that contains an encrypted Assertion with encrypted nameId is not supported.', + ValidationError::NOT_SUPPORTED + ); + } + } + + if (empty($signedElements) || (!$hasSignedResponse && !$hasSignedAssertion)) { + throw new ValidationError( + 'No Signature found. SAML Response rejected', + ValidationError::NO_SIGNATURE_FOUND + ); + } else { + $cert = $idpData['x509cert']; + $fingerprint = $idpData['certFingerprint']; + $fingerprintalg = $idpData['certFingerprintAlgorithm']; + + $multiCerts = null; + $existsMultiX509Sign = isset($idpData['x509certMulti']) && isset($idpData['x509certMulti']['signing']) && !empty($idpData['x509certMulti']['signing']); + + if ($existsMultiX509Sign) { + $multiCerts = $idpData['x509certMulti']['signing']; + } + + // If find a Signature on the Response, validates it checking the original response + if ($hasSignedResponse && !Utils::validateSign($this->document, $cert, $fingerprint, $fingerprintalg, Utils::RESPONSE_SIGNATURE_XPATH, $multiCerts)) { + throw new ValidationError( + "Signature validation failed. SAML Response rejected", + ValidationError::INVALID_SIGNATURE + ); + } + + // If find a Signature on the Assertion (decrypted assertion if was encrypted) + $documentToCheckAssertion = $this->encrypted ? $this->decryptedDocument : $this->document; + if ($hasSignedAssertion && !Utils::validateSign($documentToCheckAssertion, $cert, $fingerprint, $fingerprintalg, Utils::ASSERTION_SIGNATURE_XPATH, $multiCerts)) { + throw new ValidationError( + "Signature validation failed. SAML Response rejected", + ValidationError::INVALID_SIGNATURE + ); + } + } + return true; + } catch (Exception $e) { + $this->_error = $e; + $debug = $this->_settings->isDebugActive(); + if ($debug) { + echo htmlentities($e->getMessage()); + } + return false; + } + } + + /** + * @return string|null the ID of the Response + */ + public function getId() + { + $id = null; + if ($this->document->documentElement->hasAttribute('ID')) { + $id = $this->document->documentElement->getAttribute('ID'); + } + return $id; + } + + /** + * @return string|null the ID of the assertion in the Response + * + * @throws ValidationError + */ + public function getAssertionId() + { + if (!$this->validateNumAssertions()) { + throw new ValidationError("SAML Response must contain 1 Assertion.", ValidationError::WRONG_NUMBER_OF_ASSERTIONS); + } + $assertionNodes = $this->_queryAssertion(""); + $id = null; + if ($assertionNodes->length == 1 && $assertionNodes->item(0)->hasAttribute('ID')) { + $id = $assertionNodes->item(0)->getAttribute('ID'); + } + return $id; + } + + /** + * @return int the NotOnOrAfter value of the valid SubjectConfirmationData + * node if any + */ + public function getAssertionNotOnOrAfter() + { + return $this->_validSCDNotOnOrAfter; + } + + /** + * Checks if the Status is success + * + * @throws ValidationError If status is not success + */ + public function checkStatus() + { + $status = Utils::getStatus($this->document); + + if (isset($status['code']) && $status['code'] !== Constants::STATUS_SUCCESS) { + $explodedCode = explode(':', $status['code']); + $printableCode = array_pop($explodedCode); + + $statusExceptionMsg = 'The status code of the Response was not Success, was '.$printableCode; + if (!empty($status['msg'])) { + $statusExceptionMsg .= ' -> '.$status['msg']; + } + throw new ValidationError( + $statusExceptionMsg, + ValidationError::STATUS_CODE_IS_NOT_SUCCESS + ); + } + } + + /** + * Checks that the samlp:Response/saml:Assertion/saml:Conditions element exists and is unique. + * + * @return boolean true if the Conditions element exists and is unique + */ + public function checkOneCondition() + { + $entries = $this->_queryAssertion("/saml:Conditions"); + if ($entries->length == 1) { + return true; + } else { + return false; + } + } + + /** + * Checks that the samlp:Response/saml:Assertion/saml:AuthnStatement element exists and is unique. + * + * @return boolean true if the AuthnStatement element exists and is unique + */ + public function checkOneAuthnStatement() + { + $entries = $this->_queryAssertion("/saml:AuthnStatement"); + if ($entries->length == 1) { + return true; + } else { + return false; + } + } + + /** + * Gets the audiences. + * + * @return array @audience The valid audiences of the response + */ + public function getAudiences() + { + $audiences = array(); + + $entries = $this->_queryAssertion('/saml:Conditions/saml:AudienceRestriction/saml:Audience'); + foreach ($entries as $entry) { + $value = trim($entry->textContent); + if (!empty($value)) { + $audiences[] = $value; + } + } + + return array_unique($audiences); + } + + /** + * Gets the Issuers (from Response and Assertion). + * + * @return array @issuers The issuers of the assertion/response + * + * @throws ValidationError + */ + public function getIssuers() + { + $issuers = array(); + + $responseIssuer = Utils::query($this->document, '/samlp:Response/saml:Issuer'); + if ($responseIssuer->length > 0) { + if ($responseIssuer->length == 1) { + $issuers[] = $responseIssuer->item(0)->textContent; + } else { + throw new ValidationError( + "Issuer of the Response is multiple.", + ValidationError::ISSUER_MULTIPLE_IN_RESPONSE + ); + } + } + + $assertionIssuer = $this->_queryAssertion('/saml:Issuer'); + if ($assertionIssuer->length == 1) { + $issuers[] = $assertionIssuer->item(0)->textContent; + } else { + throw new ValidationError( + "Issuer of the Assertion not found or multiple.", + ValidationError::ISSUER_NOT_FOUND_IN_ASSERTION + ); + } + + return array_unique($issuers); + } + + /** + * Gets the NameID Data provided by the SAML response from the IdP. + * + * @return array Name ID Data (Value, Format, NameQualifier, SPNameQualifier) + * + * @throws ValidationError + */ + public function getNameIdData() + { + $encryptedIdDataEntries = $this->_queryAssertion('/saml:Subject/saml:EncryptedID/xenc:EncryptedData'); + + if ($encryptedIdDataEntries->length == 1) { + $encryptedData = $encryptedIdDataEntries->item(0); + + $key = $this->_settings->getSPkey(); + $seckey = new XMLSecurityKey(XMLSecurityKey::RSA_1_5, array('type'=>'private')); + $seckey->loadKey($key); + + $nameId = Utils::decryptElement($encryptedData, $seckey); + + } else { + $entries = $this->_queryAssertion('/saml:Subject/saml:NameID'); + if ($entries->length == 1) { + $nameId = $entries->item(0); + } + } + + $nameIdData = array(); + + if (!isset($nameId)) { + $security = $this->_settings->getSecurityData(); + if ($security['wantNameId']) { + throw new ValidationError( + "NameID not found in the assertion of the Response", + ValidationError::NO_NAMEID + ); + } + } else { + if ($this->_settings->isStrict() && empty($nameId->nodeValue)) { + throw new ValidationError( + "An empty NameID value found", + ValidationError::EMPTY_NAMEID + ); + } + $nameIdData['Value'] = $nameId->nodeValue; + + foreach (array('Format', 'SPNameQualifier', 'NameQualifier') as $attr) { + if ($nameId->hasAttribute($attr)) { + if ($this->_settings->isStrict() && $attr == 'SPNameQualifier') { + $spData = $this->_settings->getSPData(); + $spEntityId = $spData['entityId']; + if ($spEntityId != $nameId->getAttribute($attr)) { + throw new ValidationError( + "The SPNameQualifier value mistmatch the SP entityID value.", + ValidationError::SP_NAME_QUALIFIER_NAME_MISMATCH + ); + } + } + $nameIdData[$attr] = $nameId->getAttribute($attr); + } + } + } + + return $nameIdData; + } + + /** + * Gets the NameID provided by the SAML response from the IdP. + * + * @return string|null Name ID Value + * + * @throws ValidationError + */ + public function getNameId() + { + $nameIdvalue = null; + $nameIdData = $this->getNameIdData(); + if (!empty($nameIdData) && isset($nameIdData['Value'])) { + $nameIdvalue = $nameIdData['Value']; + } + return $nameIdvalue; + } + + /** + * Gets the NameID Format provided by the SAML response from the IdP. + * + * @return string|null Name ID Format + * + * @throws ValidationError + */ + public function getNameIdFormat() + { + $nameIdFormat = null; + $nameIdData = $this->getNameIdData(); + if (!empty($nameIdData) && isset($nameIdData['Format'])) { + $nameIdFormat = $nameIdData['Format']; + } + return $nameIdFormat; + } + + /** + * Gets the NameID NameQualifier provided by the SAML response from the IdP. + * + * @return string|null Name ID NameQualifier + * + * @throws ValidationError + */ + public function getNameIdNameQualifier() + { + $nameIdNameQualifier = null; + $nameIdData = $this->getNameIdData(); + if (!empty($nameIdData) && isset($nameIdData['NameQualifier'])) { + $nameIdNameQualifier = $nameIdData['NameQualifier']; + } + return $nameIdNameQualifier; + } + + /** + * Gets the NameID SP NameQualifier provided by the SAML response from the IdP. + * + * @return string|null NameID SP NameQualifier + * + * @throws ValidationError + */ + public function getNameIdSPNameQualifier() + { + $nameIdSPNameQualifier = null; + $nameIdData = $this->getNameIdData(); + if (!empty($nameIdData) && isset($nameIdData['SPNameQualifier'])) { + $nameIdSPNameQualifier = $nameIdData['SPNameQualifier']; + } + return $nameIdSPNameQualifier; + } + + /** + * Gets the SessionNotOnOrAfter from the AuthnStatement. + * Could be used to set the local session expiration + * + * @return int|null The SessionNotOnOrAfter value + * + * @throws Exception + */ + public function getSessionNotOnOrAfter() + { + $notOnOrAfter = null; + $entries = $this->_queryAssertion('/saml:AuthnStatement[@SessionNotOnOrAfter]'); + if ($entries->length !== 0) { + $notOnOrAfter = Utils::parseSAML2Time($entries->item(0)->getAttribute('SessionNotOnOrAfter')); + } + return $notOnOrAfter; + } + + /** + * Gets the SessionIndex from the AuthnStatement. + * Could be used to be stored in the local session in order + * to be used in a future Logout Request that the SP could + * send to the SP, to set what specific session must be deleted + * + * @return string|null The SessionIndex value + */ + public function getSessionIndex() + { + $sessionIndex = null; + $entries = $this->_queryAssertion('/saml:AuthnStatement[@SessionIndex]'); + if ($entries->length !== 0) { + $sessionIndex = $entries->item(0)->getAttribute('SessionIndex'); + } + return $sessionIndex; + } + + /** + * Gets the Attributes from the AttributeStatement element. + * + * @return array The attributes of the SAML Assertion + * + * @throws ValidationError + */ + public function getAttributes() + { + return $this->_getAttributesByKeyName('Name'); + } + + /** + * Gets the Attributes from the AttributeStatement element using their FriendlyName. + * + * @return array The attributes of the SAML Assertion + * + * @throws ValidationError + */ + public function getAttributesWithFriendlyName() + { + return $this->_getAttributesByKeyName('FriendlyName'); + } + + /** + * @param string $keyName + * + * @return array + * + * @throws ValidationError + */ + private function _getAttributesByKeyName($keyName = "Name") + { + $attributes = array(); + $entries = $this->_queryAssertion('/saml:AttributeStatement/saml:Attribute'); + /** @var $entry DOMNode */ + foreach ($entries as $entry) { + $attributeKeyNode = $entry->attributes->getNamedItem($keyName); + if ($attributeKeyNode === null) { + continue; + } + $attributeKeyName = $attributeKeyNode->nodeValue; + if (in_array($attributeKeyName, array_keys($attributes))) { + throw new ValidationError( + "Found an Attribute element with duplicated ".$keyName, + ValidationError::DUPLICATED_ATTRIBUTE_NAME_FOUND + ); + } + $attributeValues = array(); + foreach ($entry->childNodes as $childNode) { + $tagName = ($childNode->prefix ? $childNode->prefix.':' : '') . 'AttributeValue'; + if ($childNode->nodeType == XML_ELEMENT_NODE && $childNode->tagName === $tagName) { + $attributeValues[] = $childNode->nodeValue; + } + } + $attributes[$attributeKeyName] = $attributeValues; + } + return $attributes; + } + + /** + * Verifies that the document only contains a single Assertion (encrypted or not). + * + * @return bool TRUE if the document passes. + */ + public function validateNumAssertions() + { + $encryptedAssertionNodes = $this->document->getElementsByTagName('EncryptedAssertion'); + $assertionNodes = $this->document->getElementsByTagName('Assertion'); + + $valid = $assertionNodes->length + $encryptedAssertionNodes->length == 1; + + if ($this->encrypted) { + $assertionNodes = $this->decryptedDocument->getElementsByTagName('Assertion'); + $valid = $valid && $assertionNodes->length == 1; + } + + return $valid; + } + + /** + * Verifies the signature nodes: + * - Checks that are Response or Assertion + * - Check that IDs and reference URI are unique and consistent. + * + * @return array Signed element tags + * + * @throws ValidationError + */ + public function processSignedElements() + { + $signedElements = array(); + $verifiedSeis = array(); + $verifiedIds = array(); + + if ($this->encrypted) { + $signNodes = $this->decryptedDocument->getElementsByTagName('Signature'); + } else { + $signNodes = $this->document->getElementsByTagName('Signature'); + } + foreach ($signNodes as $signNode) { + $responseTag = '{'.Constants::NS_SAMLP.'}Response'; + $assertionTag = '{'.Constants::NS_SAML.'}Assertion'; + + $signedElement = '{'.$signNode->parentNode->namespaceURI.'}'.$signNode->parentNode->localName; + + if ($signedElement != $responseTag && $signedElement != $assertionTag) { + throw new ValidationError( + "Invalid Signature Element $signedElement SAML Response rejected", + ValidationError::WRONG_SIGNED_ELEMENT + ); + } + + // Check that reference URI matches the parent ID and no duplicate References or IDs + $idValue = $signNode->parentNode->getAttribute('ID'); + if (empty($idValue)) { + throw new ValidationError( + 'Signed Element must contain an ID. SAML Response rejected', + ValidationError::ID_NOT_FOUND_IN_SIGNED_ELEMENT + ); + } + + if (in_array($idValue, $verifiedIds)) { + throw new ValidationError( + 'Duplicated ID. SAML Response rejected', + ValidationError::DUPLICATED_ID_IN_SIGNED_ELEMENTS + ); + } + $verifiedIds[] = $idValue; + + $ref = $signNode->getElementsByTagName('Reference'); + if ($ref->length == 1) { + $ref = $ref->item(0); + $sei = $ref->getAttribute('URI'); + if (!empty($sei)) { + $sei = substr($sei, 1); + + if ($sei != $idValue) { + throw new ValidationError( + 'Found an invalid Signed Element. SAML Response rejected', + ValidationError::INVALID_SIGNED_ELEMENT + ); + } + + if (in_array($sei, $verifiedSeis)) { + throw new ValidationError( + 'Duplicated Reference URI. SAML Response rejected', + ValidationError::DUPLICATED_REFERENCE_IN_SIGNED_ELEMENTS + ); + } + $verifiedSeis[] = $sei; + } + } else { + throw new ValidationError( + 'Unexpected number of Reference nodes found for signature. SAML Response rejected.', + ValidationError::UNEXPECTED_REFERENCE + ); + } + $signedElements[] = $signedElement; + } + + // Check SignedElements + if (!empty($signedElements) && !$this->validateSignedElements($signedElements)) { + throw new ValidationError( + 'Found an unexpected Signature Element. SAML Response rejected', + ValidationError::UNEXPECTED_SIGNED_ELEMENTS + ); + } + return $signedElements; + } + + /** + * Verifies that the document is still valid according Conditions Element. + * + * @return bool + * + * @throws Exception + * @throws ValidationError + */ + public function validateTimestamps() + { + if ($this->encrypted) { + $document = $this->decryptedDocument; + } else { + $document = $this->document; + } + + $timestampNodes = $document->getElementsByTagName('Conditions'); + for ($i = 0; $i < $timestampNodes->length; $i++) { + $nbAttribute = $timestampNodes->item($i)->attributes->getNamedItem("NotBefore"); + $naAttribute = $timestampNodes->item($i)->attributes->getNamedItem("NotOnOrAfter"); + if ($nbAttribute && Utils::parseSAML2Time($nbAttribute->textContent) > time() + Constants::ALLOWED_CLOCK_DRIFT) { + throw new ValidationError( + 'Could not validate timestamp: not yet valid. Check system clock.', + ValidationError::ASSERTION_TOO_EARLY + ); + } + if ($naAttribute && Utils::parseSAML2Time($naAttribute->textContent) + Constants::ALLOWED_CLOCK_DRIFT <= time()) { + throw new ValidationError( + 'Could not validate timestamp: expired. Check system clock.', + ValidationError::ASSERTION_EXPIRED + ); + } + } + return true; + } + + /** + * Verifies that the document has the expected signed nodes. + * + * @param array $signedElements Signed elements + * + * @return bool + * + * @throws ValidationError + */ + public function validateSignedElements($signedElements) + { + if (count($signedElements) > 2) { + return false; + } + + $responseTag = '{'.Constants::NS_SAMLP.'}Response'; + $assertionTag = '{'.Constants::NS_SAML.'}Assertion'; + + $ocurrence = array_count_values($signedElements); + if ((in_array($responseTag, $signedElements) && $ocurrence[$responseTag] > 1) + || (in_array($assertionTag, $signedElements) && $ocurrence[$assertionTag] > 1) + || !in_array($responseTag, $signedElements) && !in_array($assertionTag, $signedElements) + ) { + return false; + } + + // Check that the signed elements found here, are the ones that will be verified + // by Utils->validateSign() + if (in_array($responseTag, $signedElements)) { + $expectedSignatureNodes = Utils::query($this->document, Utils::RESPONSE_SIGNATURE_XPATH); + if ($expectedSignatureNodes->length != 1) { + throw new ValidationError( + "Unexpected number of Response signatures found. SAML Response rejected.", + ValidationError::WRONG_NUMBER_OF_SIGNATURES_IN_RESPONSE + ); + } + } + + if (in_array($assertionTag, $signedElements)) { + $expectedSignatureNodes = $this->_query(Utils::ASSERTION_SIGNATURE_XPATH); + if ($expectedSignatureNodes->length != 1) { + throw new ValidationError( + "Unexpected number of Assertion signatures found. SAML Response rejected.", + ValidationError::WRONG_NUMBER_OF_SIGNATURES_IN_ASSERTION + ); + } + } + + return true; + } + + /** + * Extracts a node from the DOMDocument (Assertion). + * + * @param string $assertionXpath Xpath Expression + * + * @return DOMNodeList The queried node + */ + protected function _queryAssertion($assertionXpath) + { + if ($this->encrypted) { + $xpath = new DOMXPath($this->decryptedDocument); + } else { + $xpath = new DOMXPath($this->document); + } + + $xpath->registerNamespace('samlp', Constants::NS_SAMLP); + $xpath->registerNamespace('saml', Constants::NS_SAML); + $xpath->registerNamespace('ds', Constants::NS_DS); + $xpath->registerNamespace('xenc', Constants::NS_XENC); + + $assertionNode = '/samlp:Response/saml:Assertion'; + $signatureQuery = $assertionNode . '/ds:Signature/ds:SignedInfo/ds:Reference'; + $assertionReferenceNode = $xpath->query($signatureQuery)->item(0); + if (!$assertionReferenceNode) { + // is the response signed as a whole? + $signatureQuery = '/samlp:Response/ds:Signature/ds:SignedInfo/ds:Reference'; + $responseReferenceNode = $xpath->query($signatureQuery)->item(0); + if ($responseReferenceNode) { + $uri = $responseReferenceNode->attributes->getNamedItem('URI')->nodeValue; + if (empty($uri)) { + $id = $responseReferenceNode->parentNode->parentNode->parentNode->attributes->getNamedItem('ID')->nodeValue; + } else { + $id = substr($responseReferenceNode->attributes->getNamedItem('URI')->nodeValue, 1); + } + $nameQuery = "/samlp:Response[@ID='$id']/saml:Assertion" . $assertionXpath; + } else { + $nameQuery = "/samlp:Response/saml:Assertion" . $assertionXpath; + } + } else { + $uri = $assertionReferenceNode->attributes->getNamedItem('URI')->nodeValue; + if (empty($uri)) { + $id = $assertionReferenceNode->parentNode->parentNode->parentNode->attributes->getNamedItem('ID')->nodeValue; + } else { + $id = substr($assertionReferenceNode->attributes->getNamedItem('URI')->nodeValue, 1); + } + $nameQuery = $assertionNode."[@ID='$id']" . $assertionXpath; + } + + return $xpath->query($nameQuery); + } + + /** + * Extracts nodes that match the query from the DOMDocument (Response Menssage) + * + * @param string $query Xpath Expression + * + * @return DOMNodeList The queried nodes + */ + private function _query($query) + { + if ($this->encrypted) { + return Utils::query($this->decryptedDocument, $query); + } else { + return Utils::query($this->document, $query); + } + } + + /** + * Decrypts the Assertion (DOMDocument) + * + * @param \DomNode $dom DomDocument + * + * @return DOMDocument Decrypted Assertion + * + * @throws Exception + * @throws ValidationError + */ + protected function decryptAssertion(\DomNode $dom) + { + $pem = $this->_settings->getSPkey(); + + if (empty($pem)) { + throw new Error( + "No private key available, check settings", + Error::PRIVATE_KEY_NOT_FOUND + ); + } + + $objenc = new XMLSecEnc(); + $encData = $objenc->locateEncryptedData($dom); + if (!$encData) { + throw new ValidationError( + "Cannot locate encrypted assertion", + ValidationError::MISSING_ENCRYPTED_ELEMENT + ); + } + + $objenc->setNode($encData); + $objenc->type = $encData->getAttribute("Type"); + if (!$objKey = $objenc->locateKey()) { + throw new ValidationError( + "Unknown algorithm", + ValidationError::KEY_ALGORITHM_ERROR + ); + } + + $key = null; + if ($objKeyInfo = $objenc->locateKeyInfo($objKey)) { + if ($objKeyInfo->isEncrypted) { + $objencKey = $objKeyInfo->encryptedCtx; + $objKeyInfo->loadKey($pem, false, false); + $key = $objencKey->decryptKey($objKeyInfo); + } else { + // symmetric encryption key support + $objKeyInfo->loadKey($pem, false, false); + } + } + + if (empty($objKey->key)) { + $objKey->loadKey($key); + } + + $decryptedXML = $objenc->decryptNode($objKey, false); + $decrypted = new DOMDocument(); + $check = Utils::loadXML($decrypted, $decryptedXML); + if ($check === false) { + throw new Exception('Error: string from decrypted assertion could not be loaded into a XML document'); + } + if ($encData->parentNode instanceof DOMDocument) { + return $decrypted; + } else { + $decrypted = $decrypted->documentElement; + $encryptedAssertion = $encData->parentNode; + $container = $encryptedAssertion->parentNode; + + // Fix possible issue with saml namespace + if (!$decrypted->hasAttributeNS('http://www.w3.org/2000/xmlns/', 'xmlns:saml') + && !$decrypted->hasAttributeNS('http://www.w3.org/2000/xmlns/', 'xmlns:saml2') + && !$decrypted->hasAttributeNS('http://www.w3.org/2000/xmlns/', 'xmlns') + && !$container->hasAttributeNS('http://www.w3.org/2000/xmlns/', 'xmlns:saml') + && !$container->hasAttributeNS('http://www.w3.org/2000/xmlns/', 'xmlns:saml2') + ) { + if (strpos($encryptedAssertion->tagName, 'saml2:') !== false) { + $ns = 'xmlns:saml2'; + } else if (strpos($encryptedAssertion->tagName, 'saml:') !== false) { + $ns = 'xmlns:saml'; + } else { + $ns = 'xmlns'; + } + $decrypted->setAttributeNS('http://www.w3.org/2000/xmlns/', $ns, Constants::NS_SAML); + } + + Utils::treeCopyReplace($encryptedAssertion, $decrypted); + + // Rebuild the DOM will fix issues with namespaces as well + $dom = new DOMDocument(); + return Utils::loadXML($dom, $container->ownerDocument->saveXML()); + } + } + + /** + * After execute a validation process, if fails this method returns the cause + * + * @return Exception|null Cause + */ + public function getErrorException() + { + return $this->_error; + } + + /** + * After execute a validation process, if fails this method returns the cause + * + * @return null|string Error reason + */ + public function getError() + { + $errorMsg = null; + if (isset($this->_error)) { + $errorMsg = htmlentities($this->_error->getMessage()); + } + return $errorMsg; + } + + /** + * Returns the SAML Response document (If contains an encrypted assertion, decrypts it) + * + * @return DomDocument SAML Response + */ + public function getXMLDocument() + { + if ($this->encrypted) { + return $this->decryptedDocument; + } else { + return $this->document; + } + } +} diff --git a/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/Settings.php b/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/Settings.php new file mode 100644 index 0000000..3c953fc --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/Settings.php @@ -0,0 +1,1116 @@ + + * @license MIT https://github.com/onelogin/php-saml/blob/master/LICENSE + * @link https://github.com/onelogin/php-saml + */ + +namespace OneLogin\Saml2; + +use RobRichards\XMLSecLibs\XMLSecurityKey; +use RobRichards\XMLSecLibs\XMLSecurityDSig; + +use DOMDocument; +use Exception; + +/** + * Configuration of the OneLogin PHP Toolkit + */ +class Settings +{ + /** + * List of paths. + * + * @var array + */ + private $_paths = array(); + + /** + * @var string + */ + private $_baseurl; + + /** + * Strict. If active, PHP Toolkit will reject unsigned or unencrypted messages + * if it expects them signed or encrypted. If not, the messages will be accepted + * and some security issues will be also relaxed. + * + * @var bool + */ + private $_strict = true; + + /** + * Activate debug mode + * + * @var bool + */ + private $_debug = false; + + /** + * SP data. + * + * @var array + */ + private $_sp = array(); + + /** + * IdP data. + * + * @var array + */ + private $_idp = array(); + + /** + * Compression settings that determine + * whether gzip compression should be used. + * + * @var array + */ + private $_compress = array(); + + /** + * Security Info related to the SP. + * + * @var array + */ + private $_security = array(); + + /** + * Setting contacts. + * + * @var array + */ + private $_contacts = array(); + + /** + * Setting organization. + * + * @var array + */ + private $_organization = array(); + + /** + * Setting errors. + * + * @var array + */ + private $_errors = array(); + + /** + * Valitate SP data only flag + * + * @var bool + */ + private $_spValidationOnly = false; + + /** + * Initializes the settings: + * - Sets the paths of the different folders + * - Loads settings info from settings file or array/object provided + * + * @param array|null $settings SAML Toolkit Settings + * @param bool $spValidationOnly Validate or not the IdP data + * + * @throws Error If any settings parameter is invalid + * @throws Exception If Settings is incorrectly supplied + */ + public function __construct(array $settings = null, $spValidationOnly = false) + { + $this->_spValidationOnly = $spValidationOnly; + $this->_loadPaths(); + + if (!isset($settings)) { + if (!$this->_loadSettingsFromFile()) { + throw new Error( + 'Invalid file settings: %s', + Error::SETTINGS_INVALID, + array(implode(', ', $this->_errors)) + ); + } + $this->_addDefaultValues(); + } else { + if (!$this->_loadSettingsFromArray($settings)) { + throw new Error( + 'Invalid array settings: %s', + Error::SETTINGS_INVALID, + array(implode(', ', $this->_errors)) + ); + } + } + + $this->formatIdPCert(); + $this->formatSPCert(); + $this->formatSPKey(); + $this->formatSPCertNew(); + $this->formatIdPCertMulti(); + } + + /** + * Sets the paths of the different folders + * @suppress PhanUndeclaredConstant + */ + private function _loadPaths() + { + $basePath = dirname(dirname(__DIR__)) . '/'; + $this->_paths = array( + 'base' => $basePath, + 'config' => $basePath, + 'cert' => $basePath.'certs/', + 'lib' => $basePath.'src/Saml2/' + ); + + if (defined('ONELOGIN_CUSTOMPATH')) { + $this->_paths['config'] = ONELOGIN_CUSTOMPATH; + $this->_paths['cert'] = ONELOGIN_CUSTOMPATH . 'certs/'; + } + } + + /** + * Returns base path. + * + * @return string The base toolkit folder path + */ + public function getBasePath() + { + return $this->_paths['base']; + } + + /** + * Returns cert path. + * + * @return string The cert folder path + */ + public function getCertPath() + { + return $this->_paths['cert']; + } + + /** + * Returns config path. + * + * @return string The config folder path + */ + public function getConfigPath() + { + return $this->_paths['config']; + } + + /** + * Returns lib path. + * + * @return string The library folder path + */ + public function getLibPath() + { + return $this->_paths['lib']; + } + + /** + * Returns schema path. + * + * @return string The external library folder path + */ + public function getSchemasPath() + { + if (isset($this->_paths['schemas'])) { + return $this->_paths['schemas']; + } + return __DIR__ . '/schemas/'; + } + + /** + * Set schemas path + * + * @param string $path + * @return $this + */ + public function setSchemasPath($path) + { + $this->_paths['schemas'] = $path; + } + + /** + * Loads settings info from a settings Array + * + * @param array $settings SAML Toolkit Settings + * + * @return bool True if the settings info is valid + */ + private function _loadSettingsFromArray(array $settings) + { + if (isset($settings['sp'])) { + $this->_sp = $settings['sp']; + } + if (isset($settings['idp'])) { + $this->_idp = $settings['idp']; + } + + $errors = $this->checkSettings($settings); + if (empty($errors)) { + $this->_errors = array(); + + if (isset($settings['strict'])) { + $this->_strict = $settings['strict']; + } + if (isset($settings['debug'])) { + $this->_debug = $settings['debug']; + } + + if (isset($settings['baseurl'])) { + $this->_baseurl = $settings['baseurl']; + } + + if (isset($settings['compress'])) { + $this->_compress = $settings['compress']; + } + + if (isset($settings['security'])) { + $this->_security = $settings['security']; + } + + if (isset($settings['contactPerson'])) { + $this->_contacts = $settings['contactPerson']; + } + + if (isset($settings['organization'])) { + $this->_organization = $settings['organization']; + } + + $this->_addDefaultValues(); + return true; + } else { + $this->_errors = $errors; + return false; + } + } + + /** + * Loads settings info from the settings file + * + * @return bool True if the settings info is valid + * + * @throws Error + * + * @suppress PhanUndeclaredVariable + */ + private function _loadSettingsFromFile() + { + $filename = $this->getConfigPath().'settings.php'; + + if (!file_exists($filename)) { + throw new Error( + 'Settings file not found: %s', + Error::SETTINGS_FILE_NOT_FOUND, + array($filename) + ); + } + + /** @var array $settings */ + include $filename; + + // Add advance_settings if exists + $advancedFilename = $this->getConfigPath().'advanced_settings.php'; + + if (file_exists($advancedFilename)) { + /** @var array $advancedSettings */ + include $advancedFilename; + $settings = array_merge($settings, $advancedSettings); + } + + + return $this->_loadSettingsFromArray($settings); + } + + /** + * Add default values if the settings info is not complete + */ + private function _addDefaultValues() + { + if (!isset($this->_sp['assertionConsumerService']['binding'])) { + $this->_sp['assertionConsumerService']['binding'] = Constants::BINDING_HTTP_POST; + } + if (isset($this->_sp['singleLogoutService']) && !isset($this->_sp['singleLogoutService']['binding'])) { + $this->_sp['singleLogoutService']['binding'] = Constants::BINDING_HTTP_REDIRECT; + } + + if (!isset($this->_compress['requests'])) { + $this->_compress['requests'] = true; + } + + if (!isset($this->_compress['responses'])) { + $this->_compress['responses'] = true; + } + + // Related to nameID + if (!isset($this->_sp['NameIDFormat'])) { + $this->_sp['NameIDFormat'] = Constants::NAMEID_UNSPECIFIED; + } + if (!isset($this->_security['nameIdEncrypted'])) { + $this->_security['nameIdEncrypted'] = false; + } + if (!isset($this->_security['requestedAuthnContext'])) { + $this->_security['requestedAuthnContext'] = true; + } + + // sign provided + if (!isset($this->_security['authnRequestsSigned'])) { + $this->_security['authnRequestsSigned'] = false; + } + if (!isset($this->_security['logoutRequestSigned'])) { + $this->_security['logoutRequestSigned'] = false; + } + if (!isset($this->_security['logoutResponseSigned'])) { + $this->_security['logoutResponseSigned'] = false; + } + if (!isset($this->_security['signMetadata'])) { + $this->_security['signMetadata'] = false; + } + + // sign expected + if (!isset($this->_security['wantMessagesSigned'])) { + $this->_security['wantMessagesSigned'] = false; + } + if (!isset($this->_security['wantAssertionsSigned'])) { + $this->_security['wantAssertionsSigned'] = false; + } + + // NameID element expected + if (!isset($this->_security['wantNameId'])) { + $this->_security['wantNameId'] = true; + } + + // Relax Destination validation + if (!isset($this->_security['relaxDestinationValidation'])) { + $this->_security['relaxDestinationValidation'] = false; + } + + // Strict Destination match validation + if (!isset($this->_security['destinationStrictlyMatches'])) { + $this->_security['destinationStrictlyMatches'] = false; + } + + // InResponseTo + if (!isset($this->_security['rejectUnsolicitedResponsesWithInResponseTo'])) { + $this->_security['rejectUnsolicitedResponsesWithInResponseTo'] = false; + } + + // encrypt expected + if (!isset($this->_security['wantAssertionsEncrypted'])) { + $this->_security['wantAssertionsEncrypted'] = false; + } + if (!isset($this->_security['wantNameIdEncrypted'])) { + $this->_security['wantNameIdEncrypted'] = false; + } + + // XML validation + if (!isset($this->_security['wantXMLValidation'])) { + $this->_security['wantXMLValidation'] = true; + } + + // SignatureAlgorithm + if (!isset($this->_security['signatureAlgorithm'])) { + $this->_security['signatureAlgorithm'] = XMLSecurityKey::RSA_SHA256; + } + + // DigestAlgorithm + if (!isset($this->_security['digestAlgorithm'])) { + $this->_security['digestAlgorithm'] = XMLSecurityDSig::SHA256; + } + + if (!isset($this->_security['lowercaseUrlencoding'])) { + $this->_security['lowercaseUrlencoding'] = false; + } + + // Certificates / Private key /Fingerprint + if (!isset($this->_idp['x509cert'])) { + $this->_idp['x509cert'] = ''; + } + if (!isset($this->_idp['certFingerprint'])) { + $this->_idp['certFingerprint'] = ''; + } + if (!isset($this->_idp['certFingerprintAlgorithm'])) { + $this->_idp['certFingerprintAlgorithm'] = 'sha1'; + } + + if (!isset($this->_sp['x509cert'])) { + $this->_sp['x509cert'] = ''; + } + if (!isset($this->_sp['privateKey'])) { + $this->_sp['privateKey'] = ''; + } + } + + /** + * Checks the settings info. + * + * @param array $settings Array with settings data + * + * @return array $errors Errors found on the settings data + */ + public function checkSettings(array $settings) + { + if (empty($settings)) { + $errors = array('invalid_syntax'); + } else { + $errors = array(); + if (!$this->_spValidationOnly) { + $idpErrors = $this->checkIdPSettings($settings); + $errors = array_merge($idpErrors, $errors); + } + $spErrors = $this->checkSPSettings($settings); + $errors = array_merge($spErrors, $errors); + + $compressErrors = $this->checkCompressionSettings($settings); + $errors = array_merge($compressErrors, $errors); + } + + return $errors; + } + + /** + * Checks the compression settings info. + * + * @param array $settings Array with settings data + * + * @return array $errors Errors found on the settings data + */ + public function checkCompressionSettings($settings) + { + $errors = array(); + + if (isset($settings['compress'])) { + if (!is_array($settings['compress'])) { + $errors[] = "invalid_syntax"; + } else if (isset($settings['compress']['requests']) + && $settings['compress']['requests'] !== true + && $settings['compress']['requests'] !== false + ) { + $errors[] = "'compress'=>'requests' values must be true or false."; + } else if (isset($settings['compress']['responses']) + && $settings['compress']['responses'] !== true + && $settings['compress']['responses'] !== false + ) { + $errors[] = "'compress'=>'responses' values must be true or false."; + } + } + return $errors; + } + + /** + * Checks the IdP settings info. + * + * @param array $settings Array with settings data + * + * @return array $errors Errors found on the IdP settings data + */ + public function checkIdPSettings(array $settings) + { + if (empty($settings)) { + return array('invalid_syntax'); + } + + $errors = array(); + + if (!isset($settings['idp']) || empty($settings['idp'])) { + $errors[] = 'idp_not_found'; + } else { + $idp = $settings['idp']; + if (!isset($idp['entityId']) || empty($idp['entityId'])) { + $errors[] = 'idp_entityId_not_found'; + } + + if (!isset($idp['singleSignOnService']) + || !isset($idp['singleSignOnService']['url']) + || empty($idp['singleSignOnService']['url']) + ) { + $errors[] = 'idp_sso_not_found'; + } else if (!filter_var($idp['singleSignOnService']['url'], FILTER_VALIDATE_URL)) { + $errors[] = 'idp_sso_url_invalid'; + } + + if (isset($idp['singleLogoutService']) + && isset($idp['singleLogoutService']['url']) + && !empty($idp['singleLogoutService']['url']) + && !filter_var($idp['singleLogoutService']['url'], FILTER_VALIDATE_URL) + ) { + $errors[] = 'idp_slo_url_invalid'; + } + + if (isset($idp['singleLogoutService']) + && isset($idp['singleLogoutService']['responseUrl']) + && !empty($idp['singleLogoutService']['responseUrl']) + && !filter_var($idp['singleLogoutService']['responseUrl'], FILTER_VALIDATE_URL) + ) { + $errors[] = 'idp_slo_response_url_invalid'; + } + + if (isset($settings['security'])) { + $security = $settings['security']; + + $existsX509 = isset($idp['x509cert']) && !empty($idp['x509cert']); + $existsMultiX509Sign = isset($idp['x509certMulti']) && isset($idp['x509certMulti']['signing']) && !empty($idp['x509certMulti']['signing']); + $existsMultiX509Enc = isset($idp['x509certMulti']) && isset($idp['x509certMulti']['encryption']) && !empty($idp['x509certMulti']['encryption']); + + $existsFingerprint = isset($idp['certFingerprint']) && !empty($idp['certFingerprint']); + if (!($existsX509 || $existsFingerprint || $existsMultiX509Sign) + ) { + $errors[] = 'idp_cert_or_fingerprint_not_found_and_required'; + } + if ((isset($security['nameIdEncrypted']) && $security['nameIdEncrypted'] == true) + && !($existsX509 || $existsMultiX509Enc) + ) { + $errors[] = 'idp_cert_not_found_and_required'; + } + } + } + + return $errors; + } + + /** + * Checks the SP settings info. + * + * @param array $settings Array with settings data + * + * @return array $errors Errors found on the SP settings data + */ + public function checkSPSettings(array $settings) + { + if (empty($settings)) { + return array('invalid_syntax'); + } + + $errors = array(); + + if (!isset($settings['sp']) || empty($settings['sp'])) { + $errors[] = 'sp_not_found'; + } else { + $sp = $settings['sp']; + $security = array(); + if (isset($settings['security'])) { + $security = $settings['security']; + } + + if (!isset($sp['entityId']) || empty($sp['entityId'])) { + $errors[] = 'sp_entityId_not_found'; + } + + if (!isset($sp['assertionConsumerService']) + || !isset($sp['assertionConsumerService']['url']) + || empty($sp['assertionConsumerService']['url']) + ) { + $errors[] = 'sp_acs_not_found'; + } else if (!filter_var($sp['assertionConsumerService']['url'], FILTER_VALIDATE_URL)) { + $errors[] = 'sp_acs_url_invalid'; + } + + if (isset($sp['singleLogoutService']) + && isset($sp['singleLogoutService']['url']) + && !filter_var($sp['singleLogoutService']['url'], FILTER_VALIDATE_URL) + ) { + $errors[] = 'sp_sls_url_invalid'; + } + + if (isset($security['signMetadata']) && is_array($security['signMetadata'])) { + if ((!isset($security['signMetadata']['keyFileName']) + || !isset($security['signMetadata']['certFileName'])) && + (!isset($security['signMetadata']['privateKey']) + || !isset($security['signMetadata']['x509cert'])) + ) { + $errors[] = 'sp_signMetadata_invalid'; + } + } + + if (((isset($security['authnRequestsSigned']) && $security['authnRequestsSigned'] == true) + || (isset($security['logoutRequestSigned']) && $security['logoutRequestSigned'] == true) + || (isset($security['logoutResponseSigned']) && $security['logoutResponseSigned'] == true) + || (isset($security['wantAssertionsEncrypted']) && $security['wantAssertionsEncrypted'] == true) + || (isset($security['wantNameIdEncrypted']) && $security['wantNameIdEncrypted'] == true)) + && !$this->checkSPCerts() + ) { + $errors[] = 'sp_certs_not_found_and_required'; + } + } + + if (isset($settings['contactPerson'])) { + $types = array_keys($settings['contactPerson']); + $validTypes = array('technical', 'support', 'administrative', 'billing', 'other'); + foreach ($types as $type) { + if (!in_array($type, $validTypes)) { + $errors[] = 'contact_type_invalid'; + break; + } + } + + foreach ($settings['contactPerson'] as $type => $contact) { + if (!isset($contact['givenName']) || empty($contact['givenName']) + || !isset($contact['emailAddress']) || empty($contact['emailAddress']) + ) { + $errors[] = 'contact_not_enought_data'; + break; + } + } + } + + if (isset($settings['organization'])) { + foreach ($settings['organization'] as $organization) { + if (!isset($organization['name']) || empty($organization['name']) + || !isset($organization['displayname']) || empty($organization['displayname']) + || !isset($organization['url']) || empty($organization['url']) + ) { + $errors[] = 'organization_not_enought_data'; + break; + } + } + } + + return $errors; + } + + /** + * Checks if the x509 certs of the SP exists and are valid. + * + * @return bool + */ + public function checkSPCerts() + { + $key = $this->getSPkey(); + $cert = $this->getSPcert(); + return (!empty($key) && !empty($cert)); + } + + /** + * Returns the x509 private key of the SP. + * + * @return string SP private key + */ + public function getSPkey() + { + $key = null; + if (isset($this->_sp['privateKey']) && !empty($this->_sp['privateKey'])) { + $key = $this->_sp['privateKey']; + } else { + $keyFile = $this->_paths['cert'].'sp.key'; + + if (file_exists($keyFile)) { + $key = file_get_contents($keyFile); + } + } + return $key; + } + + /** + * Returns the x509 public cert of the SP. + * + * @return string SP public cert + */ + public function getSPcert() + { + $cert = null; + + if (isset($this->_sp['x509cert']) && !empty($this->_sp['x509cert'])) { + $cert = $this->_sp['x509cert']; + } else { + $certFile = $this->_paths['cert'].'sp.crt'; + + if (file_exists($certFile)) { + $cert = file_get_contents($certFile); + } + } + return $cert; + } + + /** + * Returns the x509 public of the SP that is + * planed to be used soon instead the other + * public cert + * + * @return string SP public cert New + */ + public function getSPcertNew() + { + $cert = null; + + if (isset($this->_sp['x509certNew']) && !empty($this->_sp['x509certNew'])) { + $cert = $this->_sp['x509certNew']; + } else { + $certFile = $this->_paths['cert'].'sp_new.crt'; + + if (file_exists($certFile)) { + $cert = file_get_contents($certFile); + } + } + return $cert; + } + + /** + * Gets the IdP data. + * + * @return array IdP info + */ + public function getIdPData() + { + return $this->_idp; + } + + /** + * Gets the SP data. + * + * @return array SP info + */ + public function getSPData() + { + return $this->_sp; + } + + /** + * Gets security data. + * + * @return array SP info + */ + public function getSecurityData() + { + return $this->_security; + } + + /** + * Gets contact data. + * + * @return array SP info + */ + public function getContacts() + { + return $this->_contacts; + } + + /** + * Gets organization data. + * + * @return array SP info + */ + public function getOrganization() + { + return $this->_organization; + } + + /** + * Should SAML requests be compressed? + * + * @return bool Yes/No as True/False + */ + public function shouldCompressRequests() + { + return $this->_compress['requests']; + } + + /** + * Should SAML responses be compressed? + * + * @return bool Yes/No as True/False + */ + public function shouldCompressResponses() + { + return $this->_compress['responses']; + } + + /** + * Gets the SP metadata. The XML representation. + * + * @param bool $alwaysPublishEncryptionCert When 'true', the returned + * metadata will always include an 'encryption' KeyDescriptor. Otherwise, + * the 'encryption' KeyDescriptor will only be included if + * $advancedSettings['security']['wantNameIdEncrypted'] or + * $advancedSettings['security']['wantAssertionsEncrypted'] are enabled. + * @param int|null $validUntil Metadata's valid time + * @param int|null $cacheDuration Duration of the cache in seconds + * + * @return string SP metadata (xml) + * @throws Exception + * @throws Error + */ + public function getSPMetadata($alwaysPublishEncryptionCert = false, $validUntil = null, $cacheDuration = null) + { + $metadata = Metadata::builder($this->_sp, $this->_security['authnRequestsSigned'], $this->_security['wantAssertionsSigned'], $validUntil, $cacheDuration, $this->getContacts(), $this->getOrganization()); + + $certNew = $this->getSPcertNew(); + if (!empty($certNew)) { + $metadata = Metadata::addX509KeyDescriptors( + $metadata, + $certNew, + $alwaysPublishEncryptionCert || $this->_security['wantNameIdEncrypted'] || $this->_security['wantAssertionsEncrypted'] + ); + } + + $cert = $this->getSPcert(); + if (!empty($cert)) { + $metadata = Metadata::addX509KeyDescriptors( + $metadata, + $cert, + $alwaysPublishEncryptionCert || $this->_security['wantNameIdEncrypted'] || $this->_security['wantAssertionsEncrypted'] + ); + } + + //Sign Metadata + if (isset($this->_security['signMetadata']) && $this->_security['signMetadata'] != false) { + if ($this->_security['signMetadata'] === true) { + $keyMetadata = $this->getSPkey(); + $certMetadata = $cert; + + if (!$keyMetadata) { + throw new Error( + 'SP Private key not found.', + Error::PRIVATE_KEY_FILE_NOT_FOUND + ); + } + + if (!$certMetadata) { + throw new Error( + 'SP Public cert not found.', + Error::PUBLIC_CERT_FILE_NOT_FOUND + ); + } + } else if (isset($this->_security['signMetadata']['keyFileName']) && + isset($this->_security['signMetadata']['certFileName'])) { + $keyFileName = $this->_security['signMetadata']['keyFileName']; + $certFileName = $this->_security['signMetadata']['certFileName']; + + $keyMetadataFile = $this->_paths['cert'].$keyFileName; + $certMetadataFile = $this->_paths['cert'].$certFileName; + + if (!file_exists($keyMetadataFile)) { + throw new Error( + 'SP Private key file not found: %s', + Error::PRIVATE_KEY_FILE_NOT_FOUND, + array($keyMetadataFile) + ); + } + + if (!file_exists($certMetadataFile)) { + throw new Error( + 'SP Public cert file not found: %s', + Error::PUBLIC_CERT_FILE_NOT_FOUND, + array($certMetadataFile) + ); + } + $keyMetadata = file_get_contents($keyMetadataFile); + $certMetadata = file_get_contents($certMetadataFile); + } else if (isset($this->_security['signMetadata']['privateKey']) && + isset($this->_security['signMetadata']['x509cert'])) { + $keyMetadata = Utils::formatPrivateKey($this->_security['signMetadata']['privateKey']); + $certMetadata = Utils::formatCert($this->_security['signMetadata']['x509cert']); + if (!$keyMetadata) { + throw new Error( + 'Private key not found.', + Error::PRIVATE_KEY_FILE_NOT_FOUND + ); + } + + if (!$certMetadata) { + throw new Error( + 'Public cert not found.', + Error::PUBLIC_CERT_FILE_NOT_FOUND + ); + } + } else { + throw new Error( + 'Invalid Setting: signMetadata value of the sp is not valid', + Error::SETTINGS_INVALID_SYNTAX + ); + + } + + $signatureAlgorithm = $this->_security['signatureAlgorithm']; + $digestAlgorithm = $this->_security['digestAlgorithm']; + $metadata = Metadata::signMetadata($metadata, $keyMetadata, $certMetadata, $signatureAlgorithm, $digestAlgorithm); + } + return $metadata; + } + + /** + * Validates an XML SP Metadata. + * + * @param string $xml Metadata's XML that will be validate + * + * @return array The list of found errors + * + * @throws Exception + */ + public function validateMetadata($xml) + { + assert(is_string($xml)); + + $errors = array(); + $res = Utils::validateXML($xml, 'saml-schema-metadata-2.0.xsd', $this->_debug, $this->getSchemasPath()); + if (!$res instanceof DOMDocument) { + $errors[] = $res; + } else { + $dom = $res; + $element = $dom->documentElement; + if ($element->tagName !== 'md:EntityDescriptor') { + $errors[] = 'noEntityDescriptor_xml'; + } else { + $validUntil = $cacheDuration = $expireTime = null; + + if ($element->hasAttribute('validUntil')) { + $validUntil = Utils::parseSAML2Time($element->getAttribute('validUntil')); + } + if ($element->hasAttribute('cacheDuration')) { + $cacheDuration = $element->getAttribute('cacheDuration'); + } + + $expireTime = Utils::getExpireTime($cacheDuration, $validUntil); + if (isset($expireTime) && time() > $expireTime) { + $errors[] = 'expired_xml'; + } + } + } + + // TODO: Support Metadata Sign Validation + + return $errors; + } + + /** + * Formats the IdP cert. + */ + public function formatIdPCert() + { + if (isset($this->_idp['x509cert'])) { + $this->_idp['x509cert'] = Utils::formatCert($this->_idp['x509cert']); + } + } + + /** + * Formats the Multple IdP certs. + */ + public function formatIdPCertMulti() + { + if (isset($this->_idp['x509certMulti'])) { + if (isset($this->_idp['x509certMulti']['signing'])) { + foreach ($this->_idp['x509certMulti']['signing'] as $i => $cert) { + $this->_idp['x509certMulti']['signing'][$i] = Utils::formatCert($cert); + } + } + if (isset($this->_idp['x509certMulti']['encryption'])) { + foreach ($this->_idp['x509certMulti']['encryption'] as $i => $cert) { + $this->_idp['x509certMulti']['encryption'][$i] = Utils::formatCert($cert); + } + } + } + } + + /** + * Formats the SP cert. + */ + public function formatSPCert() + { + if (isset($this->_sp['x509cert'])) { + $this->_sp['x509cert'] = Utils::formatCert($this->_sp['x509cert']); + } + } + + /** + * Formats the SP cert. + */ + public function formatSPCertNew() + { + if (isset($this->_sp['x509certNew'])) { + $this->_sp['x509certNew'] = Utils::formatCert($this->_sp['x509certNew']); + } + } + + /** + * Formats the SP private key. + */ + public function formatSPKey() + { + if (isset($this->_sp['privateKey'])) { + $this->_sp['privateKey'] = Utils::formatPrivateKey($this->_sp['privateKey']); + } + } + + /** + * Returns an array with the errors, the array is empty when the settings is ok. + * + * @return array Errors + */ + public function getErrors() + { + return $this->_errors; + } + + /** + * Activates or deactivates the strict mode. + * + * @param bool $value Strict parameter + * + * @throws Exception + */ + public function setStrict($value) + { + if (!is_bool($value)) { + throw new Exception('Invalid value passed to setStrict()'); + } + + $this->_strict = $value; + } + + /** + * Returns if the 'strict' mode is active. + * + * @return bool Strict parameter + */ + public function isStrict() + { + return $this->_strict; + } + + /** + * Returns if the debug is active. + * + * @return bool Debug parameter + */ + public function isDebugActive() + { + return $this->_debug; + } + + /** + * Set a baseurl value. + * + * @param string $baseurl Base URL. + */ + public function setBaseURL($baseurl) + { + $this->_baseurl = $baseurl; + } + + /** + * Returns the baseurl set on the settings if any. + * + * @return null|string The baseurl + */ + public function getBaseURL() + { + return $this->_baseurl; + } + + /** + * Sets the IdP certificate. + * + * @param string $cert IdP certificate + */ + public function setIdPCert($cert) + { + $this->_idp['x509cert'] = $cert; + $this->formatIdPCert(); + } +} diff --git a/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/Utils.php b/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/Utils.php new file mode 100644 index 0000000..50d3d41 --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/Utils.php @@ -0,0 +1,1564 @@ + + * @license MIT https://github.com/onelogin/php-saml/blob/master/LICENSE + * @link https://github.com/onelogin/php-saml + */ + +namespace OneLogin\Saml2; + +use RobRichards\XMLSecLibs\XMLSecurityKey; +use RobRichards\XMLSecLibs\XMLSecurityDSig; +use RobRichards\XMLSecLibs\XMLSecEnc; + +use DOMDocument; +use DOMElement; +use DOMNodeList; +use DomNode; +use DOMXPath; +use Exception; + +/** + * Utils of OneLogin PHP Toolkit + * + * Defines several often used methods + */ +class Utils +{ + const RESPONSE_SIGNATURE_XPATH = "/samlp:Response/ds:Signature"; + const ASSERTION_SIGNATURE_XPATH = "/samlp:Response/saml:Assertion/ds:Signature"; + + /** + * @var bool Control if the `Forwarded-For-*` headers are used + */ + private static $_proxyVars = false; + + /** + * @var string|null + */ + private static $_host; + + /** + * @var string|null + */ + private static $_protocol; + + /** + * @var string + */ + private static $_protocolRegex = '@^https?://@i'; + + /** + * @var int|null + */ + private static $_port; + + /** + * @var string|null + */ + private static $_baseurlpath; + + /** + * This function load an XML string in a save way. + * Prevent XEE/XXE Attacks + * + * @param DOMDocument $dom The document where load the xml. + * @param string $xml The XML string to be loaded. + * + * @return DOMDocument|false $dom The result of load the XML at the DOMDocument + * + * @throws Exception + */ + public static function loadXML(DOMDocument $dom, $xml) + { + assert($dom instanceof DOMDocument); + assert(is_string($xml)); + + $oldEntityLoader = libxml_disable_entity_loader(true); + + $res = $dom->loadXML($xml); + + libxml_disable_entity_loader($oldEntityLoader); + + foreach ($dom->childNodes as $child) { + if ($child->nodeType === XML_DOCUMENT_TYPE_NODE) { + throw new Exception( + 'Detected use of DOCTYPE/ENTITY in XML, disabled to prevent XXE/XEE attacks' + ); + } + } + + if (!$res) { + return false; + } else { + return $dom; + } + } + + /** + * This function attempts to validate an XML string against the specified schema. + * + * It will parse the string into a DOMDocument and validate this document against the schema. + * + * @param string|DOMDocument $xml The XML string or document which should be validated. + * @param string $schema The schema filename which should be used. + * @param bool $debug To disable/enable the debug mode + * @param string $schemaPath Change schema path + * + * @return string|DOMDocument $dom string that explains the problem or the DOMDocument + * + * @throws Exception + */ + public static function validateXML($xml, $schema, $debug = false, $schemaPath = null) + { + assert(is_string($xml) || $xml instanceof DOMDocument); + assert(is_string($schema)); + + libxml_clear_errors(); + libxml_use_internal_errors(true); + + if ($xml instanceof DOMDocument) { + $dom = $xml; + } else { + $dom = new DOMDocument; + $dom = self::loadXML($dom, $xml); + if (!$dom) { + return 'unloaded_xml'; + } + } + + if (isset($schemaPath)) { + $schemaFile = $schemaPath . $schema; + } else { + $schemaFile = __DIR__ . '/schemas/' . $schema; + } + + $oldEntityLoader = libxml_disable_entity_loader(false); + $res = $dom->schemaValidate($schemaFile); + libxml_disable_entity_loader($oldEntityLoader); + if (!$res) { + $xmlErrors = libxml_get_errors(); + syslog(LOG_INFO, 'Error validating the metadata: '.var_export($xmlErrors, true)); + + if ($debug) { + foreach ($xmlErrors as $error) { + echo htmlentities($error->message)."\n"; + } + } + return 'invalid_xml'; + } + + return $dom; + } + + /** + * Import a node tree into a target document + * Copy it before a reference node as a sibling + * and at the end of the copy remove + * the reference node in the target document + * As it were 'replacing' it + * Leaving nested default namespaces alone + * (Standard importNode with deep copy + * mangles nested default namespaces) + * + * The reference node must not be a DomDocument + * It CAN be the top element of a document + * Returns the copied node in the target document + * + * @param DomNode $targetNode + * @param DomNode $sourceNode + * @param bool $recurse + * @return DOMNode + * @throws Exception + */ + public static function treeCopyReplace(DomNode $targetNode, DomNode $sourceNode, $recurse = false) + { + if ($targetNode->parentNode === null) { + throw new Exception('Illegal argument targetNode. It has no parentNode.'); + } + $clonedNode = $targetNode->ownerDocument->importNode($sourceNode, false); + if ($recurse) { + $resultNode = $targetNode->appendChild($clonedNode); + } else { + $resultNode = $targetNode->parentNode->insertBefore($clonedNode, $targetNode); + } + if ($sourceNode->childNodes !== null) { + foreach ($sourceNode->childNodes as $child) { + self::treeCopyReplace($resultNode, $child, true); + } + } + if (!$recurse) { + $targetNode->parentNode->removeChild($targetNode); + } + return $resultNode; + } + + /** + * Returns a x509 cert (adding header & footer if required). + * + * @param string $cert A x509 unformated cert + * @param bool $heads True if we want to include head and footer + * + * @return string $x509 Formatted cert + */ + public static function formatCert($cert, $heads = true) + { + $x509cert = str_replace(array("\x0D", "\r", "\n"), "", $cert); + if (!empty($x509cert)) { + $x509cert = str_replace('-----BEGIN CERTIFICATE-----', "", $x509cert); + $x509cert = str_replace('-----END CERTIFICATE-----', "", $x509cert); + $x509cert = str_replace(' ', '', $x509cert); + + if ($heads) { + $x509cert = "-----BEGIN CERTIFICATE-----\n".chunk_split($x509cert, 64, "\n")."-----END CERTIFICATE-----\n"; + } + + } + return $x509cert; + } + + /** + * Returns a private key (adding header & footer if required). + * + * @param string $key A private key + * @param bool $heads True if we want to include head and footer + * + * @return string $rsaKey Formatted private key + */ + public static function formatPrivateKey($key, $heads = true) + { + $key = str_replace(array("\x0D", "\r", "\n"), "", $key); + if (!empty($key)) { + if (strpos($key, '-----BEGIN PRIVATE KEY-----') !== false) { + $key = Utils::getStringBetween($key, '-----BEGIN PRIVATE KEY-----', '-----END PRIVATE KEY-----'); + $key = str_replace(' ', '', $key); + + if ($heads) { + $key = "-----BEGIN PRIVATE KEY-----\n".chunk_split($key, 64, "\n")."-----END PRIVATE KEY-----\n"; + } + } else if (strpos($key, '-----BEGIN RSA PRIVATE KEY-----') !== false) { + $key = Utils::getStringBetween($key, '-----BEGIN RSA PRIVATE KEY-----', '-----END RSA PRIVATE KEY-----'); + $key = str_replace(' ', '', $key); + + if ($heads) { + $key = "-----BEGIN RSA PRIVATE KEY-----\n".chunk_split($key, 64, "\n")."-----END RSA PRIVATE KEY-----\n"; + } + } else { + $key = str_replace(' ', '', $key); + + if ($heads) { + $key = "-----BEGIN RSA PRIVATE KEY-----\n".chunk_split($key, 64, "\n")."-----END RSA PRIVATE KEY-----\n"; + } + } + } + return $key; + } + + /** + * Extracts a substring between 2 marks + * + * @param string $str The target string + * @param string $start The initial mark + * @param string $end The end mark + * + * @return string A substring or an empty string if is not able to find the marks + * or if there is no string between the marks + */ + public static function getStringBetween($str, $start, $end) + { + $str = ' ' . $str; + $ini = strpos($str, $start); + + if ($ini == 0) { + return ''; + } + + $ini += strlen($start); + $len = strpos($str, $end, $ini) - $ini; + return substr($str, $ini, $len); + } + + /** + * Executes a redirection to the provided url (or return the target url). + * + * @param string $url The target url + * @param array $parameters Extra parameters to be passed as part of the url + * @param bool $stay True if we want to stay (returns the url string) False to redirect + * + * @return string|null $url + * + * @throws Error + */ + public static function redirect($url, array $parameters = array(), $stay = false) + { + assert(is_string($url)); + + if (substr($url, 0, 1) === '/') { + $url = self::getSelfURLhost() . $url; + } + + /** + * Verify that the URL matches the regex for the protocol. + * By default this will check for http and https + */ + $wrongProtocol = !preg_match(self::$_protocolRegex, $url); + $url = filter_var($url, FILTER_VALIDATE_URL); + if ($wrongProtocol || empty($url)) { + throw new Error( + 'Redirect to invalid URL: ' . $url, + Error::REDIRECT_INVALID_URL + ); + } + + /* Add encoded parameters */ + if (strpos($url, '?') === false) { + $paramPrefix = '?'; + } else { + $paramPrefix = '&'; + } + + foreach ($parameters as $name => $value) { + if ($value === null) { + $param = urlencode($name); + } else if (is_array($value)) { + $param = ""; + foreach ($value as $val) { + $param .= urlencode($name) . "[]=" . urlencode($val). '&'; + } + if (!empty($param)) { + $param = substr($param, 0, -1); + } + } else { + $param = urlencode($name) . '=' . urlencode($value); + } + + if (!empty($param)) { + $url .= $paramPrefix . $param; + $paramPrefix = '&'; + } + } + + if ($stay) { + return $url; + } + + header('Pragma: no-cache'); + header('Cache-Control: no-cache, must-revalidate'); + header('Location: ' . $url); + exit(); + } + + /** + * @param $protocolRegex string + */ + public static function setProtocolRegex($protocolRegex) + { + if (!empty($protocolRegex)) { + self::$_protocolRegex = $protocolRegex; + } + } + + /** + * Set the Base URL value. + * + * @param string $baseurl The base url to be used when constructing URLs + */ + public static function setBaseURL($baseurl) + { + if (!empty($baseurl)) { + $baseurlpath = '/'; + $matches = array(); + if (preg_match('#^https?://([^/]*)/?(.*)#i', $baseurl, $matches)) { + if (strpos($baseurl, 'https://') === false) { + self::setSelfProtocol('http'); + $port = '80'; + } else { + self::setSelfProtocol('https'); + $port = '443'; + } + + $currentHost = $matches[1]; + if (false !== strpos($currentHost, ':')) { + list($currentHost, $possiblePort) = explode(':', $matches[1], 2); + if (is_numeric($possiblePort)) { + $port = $possiblePort; + } + } + + if (isset($matches[2]) && !empty($matches[2])) { + $baseurlpath = $matches[2]; + } + + self::setSelfHost($currentHost); + self::setSelfPort($port); + self::setBaseURLPath($baseurlpath); + } + } else { + self::$_host = null; + self::$_protocol = null; + self::$_port = null; + self::$_baseurlpath = null; + } + } + + /** + * @param bool $proxyVars Whether to use `X-Forwarded-*` headers to determine port/domain/protocol + */ + public static function setProxyVars($proxyVars) + { + self::$_proxyVars = (bool)$proxyVars; + } + + /** + * @return bool + */ + public static function getProxyVars() + { + return self::$_proxyVars; + } + + /** + * Returns the protocol + the current host + the port (if different than + * common ports). + * + * @return string The URL + */ + public static function getSelfURLhost() + { + $currenthost = self::getSelfHost(); + + $port = ''; + + if (self::isHTTPS()) { + $protocol = 'https'; + } else { + $protocol = 'http'; + } + + $portnumber = self::getSelfPort(); + + if (isset($portnumber) && ($portnumber != '80') && ($portnumber != '443')) { + $port = ':' . $portnumber; + } + + return $protocol."://" . $currenthost . $port; + } + + /** + * @param string $host The host to use when constructing URLs + */ + public static function setSelfHost($host) + { + self::$_host = $host; + } + + /** + * @param string $baseurlpath The baseurl path to use when constructing URLs + */ + public static function setBaseURLPath($baseurlpath) + { + if (empty($baseurlpath)) { + self::$_baseurlpath = null; + } else if ($baseurlpath == '/') { + self::$_baseurlpath = '/'; + } else { + self::$_baseurlpath = '/' . trim($baseurlpath, '/') . '/'; + } + } + + /** + * @return string The baseurlpath to be used when constructing URLs + */ + public static function getBaseURLPath() + { + return self::$_baseurlpath; + } + + /** + * @return string The raw host name + */ + protected static function getRawHost() + { + if (self::$_host) { + $currentHost = self::$_host; + } elseif (self::getProxyVars() && array_key_exists('HTTP_X_FORWARDED_HOST', $_SERVER)) { + $currentHost = $_SERVER['HTTP_X_FORWARDED_HOST']; + } elseif (array_key_exists('HTTP_HOST', $_SERVER)) { + $currentHost = $_SERVER['HTTP_HOST']; + } elseif (array_key_exists('SERVER_NAME', $_SERVER)) { + $currentHost = $_SERVER['SERVER_NAME']; + } else { + if (function_exists('gethostname')) { + $currentHost = gethostname(); + } else { + $currentHost = php_uname("n"); + } + } + return $currentHost; + } + + /** + * @param int $port The port number to use when constructing URLs + */ + public static function setSelfPort($port) + { + self::$_port = $port; + } + + /** + * @param string $protocol The protocol to identify as using, usually http or https + */ + public static function setSelfProtocol($protocol) + { + self::$_protocol = $protocol; + } + + /** + * @return string http|https + */ + public static function getSelfProtocol() + { + $protocol = 'http'; + if (self::$_protocol) { + $protocol = self::$_protocol; + } elseif (self::getSelfPort() == 443) { + $protocol = 'https'; + } elseif (self::getProxyVars() && isset($_SERVER['HTTP_X_FORWARDED_PROTO'])) { + $protocol = $_SERVER['HTTP_X_FORWARDED_PROTO']; + } elseif (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') { + $protocol = 'https'; + } + return $protocol; + } + + /** + * Returns the current host. + * + * @return string $currentHost The current host + */ + public static function getSelfHost() + { + $currentHost = self::getRawHost(); + + // strip the port + if (false !== strpos($currentHost, ':')) { + list($currentHost, $port) = explode(':', $currentHost, 2); + } + + return $currentHost; + } + + /** + * @return null|string The port number used for the request + */ + public static function getSelfPort() + { + $portnumber = null; + if (self::$_port) { + $portnumber = self::$_port; + } else if (self::getProxyVars() && isset($_SERVER["HTTP_X_FORWARDED_PORT"])) { + $portnumber = $_SERVER["HTTP_X_FORWARDED_PORT"]; + } else if (isset($_SERVER["SERVER_PORT"])) { + $portnumber = $_SERVER["SERVER_PORT"]; + } else { + $currentHost = self::getRawHost(); + + // strip the port + if (false !== strpos($currentHost, ':')) { + list($currentHost, $port) = explode(':', $currentHost, 2); + if (is_numeric($port)) { + $portnumber = $port; + } + } + } + return $portnumber; + } + + /** + * Checks if https or http. + * + * @return bool $isHttps False if https is not active + */ + public static function isHTTPS() + { + return self::getSelfProtocol() == 'https'; + } + + /** + * Returns the URL of the current host + current view. + * + * @return string + */ + public static function getSelfURLNoQuery() + { + $selfURLNoQuery = self::getSelfURLhost(); + + $infoWithBaseURLPath = self::buildWithBaseURLPath($_SERVER['SCRIPT_NAME']); + if (!empty($infoWithBaseURLPath)) { + $selfURLNoQuery .= $infoWithBaseURLPath; + } else { + $selfURLNoQuery .= $_SERVER['SCRIPT_NAME']; + } + + if (isset($_SERVER['PATH_INFO'])) { + $selfURLNoQuery .= $_SERVER['PATH_INFO']; + } + + return $selfURLNoQuery; + } + + /** + * Returns the routed URL of the current host + current view. + * + * @return string + */ + public static function getSelfRoutedURLNoQuery() + { + $selfURLhost = self::getSelfURLhost(); + $route = ''; + + if (!empty($_SERVER['REQUEST_URI'])) { + $route = $_SERVER['REQUEST_URI']; + if (!empty($_SERVER['QUERY_STRING'])) { + $route = self::strLreplace($_SERVER['QUERY_STRING'], '', $route); + if (substr($route, -1) == '?') { + $route = substr($route, 0, -1); + } + } + } + + $infoWithBaseURLPath = self::buildWithBaseURLPath($route); + if (!empty($infoWithBaseURLPath)) { + $route = $infoWithBaseURLPath; + } + + $selfRoutedURLNoQuery = $selfURLhost . $route; + + $pos = strpos($selfRoutedURLNoQuery, "?"); + if ($pos !== false) { + $selfRoutedURLNoQuery = substr($selfRoutedURLNoQuery, 0, $pos-1); + } + + return $selfRoutedURLNoQuery; + } + + public static function strLreplace($search, $replace, $subject) + { + $pos = strrpos($subject, $search); + + if ($pos !== false) { + $subject = substr_replace($subject, $replace, $pos, strlen($search)); + } + + return $subject; + } + + /** + * Returns the URL of the current host + current view + query. + * + * @return string + */ + public static function getSelfURL() + { + $selfURLhost = self::getSelfURLhost(); + + $requestURI = ''; + if (!empty($_SERVER['REQUEST_URI'])) { + $requestURI = $_SERVER['REQUEST_URI']; + $matches = array(); + if ($requestURI[0] !== '/' && preg_match('#^https?://[^/]*(/.*)#i', $requestURI, $matches)) { + $requestURI = $matches[1]; + } + } + + $infoWithBaseURLPath = self::buildWithBaseURLPath($requestURI); + if (!empty($infoWithBaseURLPath)) { + $requestURI = $infoWithBaseURLPath; + } + + return $selfURLhost . $requestURI; + } + + /** + * Returns the part of the URL with the BaseURLPath. + * + * @param string $info Contains path info + * + * @return string + */ + protected static function buildWithBaseURLPath($info) + { + $result = ''; + $baseURLPath = self::getBaseURLPath(); + if (!empty($baseURLPath)) { + $result = $baseURLPath; + if (!empty($info)) { + $path = explode('/', $info); + $extractedInfo = array_pop($path); + if (!empty($extractedInfo)) { + $result .= $extractedInfo; + } + } + } + return $result; + } + + /** + * Extract a query param - as it was sent - from $_SERVER[QUERY_STRING] + * + * @param string $name The param to-be extracted + * + * @return string + */ + public static function extractOriginalQueryParam($name) + { + $index = strpos($_SERVER['QUERY_STRING'], $name.'='); + $substring = substr($_SERVER['QUERY_STRING'], $index + strlen($name) + 1); + $end = strpos($substring, '&'); + return $end ? substr($substring, 0, strpos($substring, '&')) : $substring; + } + + /** + * Generates an unique string (used for example as ID for assertions). + * + * @return string A unique string + */ + public static function generateUniqueID() + { + return 'ONELOGIN_' . sha1(uniqid((string)mt_rand(), true)); + } + + /** + * Converts a UNIX timestamp to SAML2 timestamp on the form + * yyyy-mm-ddThh:mm:ss(\.s+)?Z. + * + * @param string|int $time The time we should convert (DateTime). + * + * @return string $timestamp SAML2 timestamp. + */ + public static function parseTime2SAML($time) + { + $date = new \DateTime("@$time", new \DateTimeZone('UTC')); + $timestamp = $date->format("Y-m-d\TH:i:s\Z"); + return $timestamp; + } + + /** + * Converts a SAML2 timestamp on the form yyyy-mm-ddThh:mm:ss(\.s+)?Z + * to a UNIX timestamp. The sub-second part is ignored. + * + * @param string $time The time we should convert (SAML Timestamp). + * + * @return int $timestamp Converted to a unix timestamp. + * + * @throws Exception + */ + public static function parseSAML2Time($time) + { + $matches = array(); + + /* We use a very strict regex to parse the timestamp. */ + $exp1 = '/^(\\d\\d\\d\\d)-(\\d\\d)-(\\d\\d)'; + $exp2 = 'T(\\d\\d):(\\d\\d):(\\d\\d)(?:\\.\\d+)?Z$/D'; + if (preg_match($exp1 . $exp2, $time, $matches) == 0) { + throw new Exception( + 'Invalid SAML2 timestamp passed to' . + ' parseSAML2Time: ' . $time + ); + } + + /* Extract the different components of the time from the + * matches in the regex. int cast will ignore leading zeroes + * in the string. + */ + $year = (int) $matches[1]; + $month = (int) $matches[2]; + $day = (int) $matches[3]; + $hour = (int) $matches[4]; + $minute = (int) $matches[5]; + $second = (int) $matches[6]; + + /* We use gmmktime because the timestamp will always be given + * in UTC. + */ + $ts = gmmktime($hour, $minute, $second, $month, $day, $year); + + return $ts; + } + + + /** + * Interprets a ISO8601 duration value relative to a given timestamp. + * + * @param string $duration The duration, as a string. + * @param int|null $timestamp The unix timestamp we should apply the + * duration to. Optional, default to the + * current time. + * + * @return int The new timestamp, after the duration is applied. + * + * @throws Exception + */ + public static function parseDuration($duration, $timestamp = null) + { + assert(is_string($duration)); + assert(is_null($timestamp) || is_int($timestamp)); + + $matches = array(); + + /* Parse the duration. We use a very strict pattern. */ + $durationRegEx = '#^(-?)P(?:(?:(?:(\\d+)Y)?(?:(\\d+)M)?(?:(\\d+)D)?(?:T(?:(\\d+)H)?(?:(\\d+)M)?(?:(\\d+)S)?)?)|(?:(\\d+)W))$#D'; + if (!preg_match($durationRegEx, $duration, $matches)) { + throw new Exception('Invalid ISO 8601 duration: ' . $duration); + } + + $durYears = (empty($matches[2]) ? 0 : (int)$matches[2]); + $durMonths = (empty($matches[3]) ? 0 : (int)$matches[3]); + $durDays = (empty($matches[4]) ? 0 : (int)$matches[4]); + $durHours = (empty($matches[5]) ? 0 : (int)$matches[5]); + $durMinutes = (empty($matches[6]) ? 0 : (int)$matches[6]); + $durSeconds = (empty($matches[7]) ? 0 : (int)$matches[7]); + $durWeeks = (empty($matches[8]) ? 0 : (int)$matches[8]); + + if (!empty($matches[1])) { + /* Negative */ + $durYears = -$durYears; + $durMonths = -$durMonths; + $durDays = -$durDays; + $durHours = -$durHours; + $durMinutes = -$durMinutes; + $durSeconds = -$durSeconds; + $durWeeks = -$durWeeks; + } + + if ($timestamp === null) { + $timestamp = time(); + } + + if ($durYears !== 0 || $durMonths !== 0) { + /* Special handling of months and years, since they aren't a specific interval, but + * instead depend on the current time. + */ + + /* We need the year and month from the timestamp. Unfortunately, PHP doesn't have the + * gmtime function. Instead we use the gmdate function, and split the result. + */ + $yearmonth = explode(':', gmdate('Y:n', $timestamp)); + $year = (int)$yearmonth[0]; + $month = (int)$yearmonth[1]; + + /* Remove the year and month from the timestamp. */ + $timestamp -= gmmktime(0, 0, 0, $month, 1, $year); + + /* Add years and months, and normalize the numbers afterwards. */ + $year += $durYears; + $month += $durMonths; + while ($month > 12) { + $year += 1; + $month -= 12; + } + while ($month < 1) { + $year -= 1; + $month += 12; + } + + /* Add year and month back into timestamp. */ + $timestamp += gmmktime(0, 0, 0, $month, 1, $year); + } + + /* Add the other elements. */ + $timestamp += $durWeeks * 7 * 24 * 60 * 60; + $timestamp += $durDays * 24 * 60 * 60; + $timestamp += $durHours * 60 * 60; + $timestamp += $durMinutes * 60; + $timestamp += $durSeconds; + + return $timestamp; + } + + /** + * Compares 2 dates and returns the earliest. + * + * @param string|null $cacheDuration The duration, as a string. + * @param string|int|null $validUntil The valid until date, as a string or as a timestamp + * + * @return int|null $expireTime The expiration time. + * + * @throws Exception + */ + public static function getExpireTime($cacheDuration = null, $validUntil = null) + { + $expireTime = null; + + if ($cacheDuration !== null) { + $expireTime = self::parseDuration($cacheDuration, time()); + } + + if ($validUntil !== null) { + if (is_int($validUntil)) { + $validUntilTime = $validUntil; + } else { + $validUntilTime = self::parseSAML2Time($validUntil); + } + if ($expireTime === null || $expireTime > $validUntilTime) { + $expireTime = $validUntilTime; + } + } + + return $expireTime; + } + + + /** + * Extracts nodes from the DOMDocument. + * + * @param DOMDocument $dom The DOMDocument + * @param string $query \Xpath Expression + * @param DOMElement|null $context Context Node (DOMElement) + * + * @return DOMNodeList The queried nodes + */ + public static function query(DOMDocument $dom, $query, DOMElement $context = null) + { + $xpath = new DOMXPath($dom); + $xpath->registerNamespace('samlp', Constants::NS_SAMLP); + $xpath->registerNamespace('saml', Constants::NS_SAML); + $xpath->registerNamespace('ds', Constants::NS_DS); + $xpath->registerNamespace('xenc', Constants::NS_XENC); + $xpath->registerNamespace('xsi', Constants::NS_XSI); + $xpath->registerNamespace('xs', Constants::NS_XS); + $xpath->registerNamespace('md', Constants::NS_MD); + + if (isset($context)) { + $res = $xpath->query($query, $context); + } else { + $res = $xpath->query($query); + } + return $res; + } + + /** + * Checks if the session is started or not. + * + * @return bool true if the sessíon is started + */ + public static function isSessionStarted() + { + if (PHP_VERSION_ID >= 50400) { + return session_status() === PHP_SESSION_ACTIVE ? true : false; + } else { + return session_id() === '' ? false : true; + } + } + + /** + * Deletes the local session. + */ + public static function deleteLocalSession() + { + + if (Utils::isSessionStarted()) { + session_destroy(); + } + + unset($_SESSION); + } + + /** + * Calculates the fingerprint of a x509cert. + * + * @param string $x509cert x509 cert formatted + * @param string $alg Algorithm to be used in order to calculate the fingerprint + * + * @return null|string Formatted fingerprint + */ + public static function calculateX509Fingerprint($x509cert, $alg = 'sha1') + { + assert(is_string($x509cert)); + + $arCert = explode("\n", $x509cert); + $data = ''; + $inData = false; + + foreach ($arCert as $curData) { + if (! $inData) { + if (strncmp($curData, '-----BEGIN CERTIFICATE', 22) == 0) { + $inData = true; + } elseif ((strncmp($curData, '-----BEGIN PUBLIC KEY', 21) == 0) || (strncmp($curData, '-----BEGIN RSA PRIVATE KEY', 26) == 0)) { + /* This isn't an X509 certificate. */ + return null; + } + } else { + if (strncmp($curData, '-----END CERTIFICATE', 20) == 0) { + break; + } + $data .= trim($curData); + } + } + + if (empty($data)) { + return null; + } + + $decodedData = base64_decode($data); + + switch ($alg) { + case 'sha512': + case 'sha384': + case 'sha256': + $fingerprint = hash($alg, $decodedData, false); + break; + case 'sha1': + default: + $fingerprint = strtolower(sha1($decodedData)); + break; + } + return $fingerprint; + } + + /** + * Formates a fingerprint. + * + * @param string $fingerprint fingerprint + * + * @return string Formatted fingerprint + */ + public static function formatFingerPrint($fingerprint) + { + $formatedFingerprint = str_replace(':', '', $fingerprint); + $formatedFingerprint = strtolower($formatedFingerprint); + return $formatedFingerprint; + } + + /** + * Generates a nameID. + * + * @param string $value fingerprint + * @param string $spnq SP Name Qualifier + * @param string|null $format SP Format + * @param string|null $cert IdP Public cert to encrypt the nameID + * @param string|null $nq IdP Name Qualifier + * + * @return string $nameIDElement DOMElement | XMLSec nameID + * + * @throws Exception + */ + public static function generateNameId($value, $spnq, $format = null, $cert = null, $nq = null) + { + + $doc = new DOMDocument(); + + $nameId = $doc->createElement('saml:NameID'); + if (isset($spnq)) { + $nameId->setAttribute('SPNameQualifier', $spnq); + } + if (isset($nq)) { + $nameId->setAttribute('NameQualifier', $nq); + } + if (isset($format)) { + $nameId->setAttribute('Format', $format); + } + $nameId->appendChild($doc->createTextNode($value)); + + $doc->appendChild($nameId); + + if (!empty($cert)) { + $seckey = new XMLSecurityKey(XMLSecurityKey::RSA_1_5, array('type'=>'public')); + $seckey->loadKey($cert); + + $enc = new XMLSecEnc(); + $enc->setNode($nameId); + $enc->type = XMLSecEnc::Element; + + $symmetricKey = new XMLSecurityKey(XMLSecurityKey::AES128_CBC); + $symmetricKey->generateSessionKey(); + $enc->encryptKey($seckey, $symmetricKey); + + $encryptedData = $enc->encryptNode($symmetricKey); + + $newdoc = new DOMDocument(); + + $encryptedID = $newdoc->createElement('saml:EncryptedID'); + + $newdoc->appendChild($encryptedID); + + $encryptedID->appendChild($encryptedID->ownerDocument->importNode($encryptedData, true)); + + return $newdoc->saveXML($encryptedID); + } else { + return $doc->saveXML($nameId); + } + } + + + /** + * Gets Status from a Response. + * + * @param DOMDocument $dom The Response as XML + * + * @return array $status The Status, an array with the code and a message. + * + * @throws ValidationError + */ + public static function getStatus(DOMDocument $dom) + { + $status = array(); + + $statusEntry = self::query($dom, '/samlp:Response/samlp:Status'); + if ($statusEntry->length != 1) { + throw new ValidationError( + "Missing Status on response", + ValidationError::MISSING_STATUS + ); + } + + $codeEntry = self::query($dom, '/samlp:Response/samlp:Status/samlp:StatusCode', $statusEntry->item(0)); + if ($codeEntry->length != 1) { + throw new ValidationError( + "Missing Status Code on response", + ValidationError::MISSING_STATUS_CODE + ); + } + $code = $codeEntry->item(0)->getAttribute('Value'); + $status['code'] = $code; + + $status['msg'] = ''; + $messageEntry = self::query($dom, '/samlp:Response/samlp:Status/samlp:StatusMessage', $statusEntry->item(0)); + if ($messageEntry->length == 0) { + $subCodeEntry = self::query($dom, '/samlp:Response/samlp:Status/samlp:StatusCode/samlp:StatusCode', $statusEntry->item(0)); + if ($subCodeEntry->length == 1) { + $status['msg'] = $subCodeEntry->item(0)->getAttribute('Value'); + } + } else if ($messageEntry->length == 1) { + $msg = $messageEntry->item(0)->textContent; + $status['msg'] = $msg; + } + + return $status; + } + + /** + * Decrypts an encrypted element. + * + * @param DOMElement $encryptedData The encrypted data. + * @param XMLSecurityKey $inputKey The decryption key. + * @param bool $formatOutput Format or not the output. + * + * @return DOMElement The decrypted element. + * + * @throws ValidationError + */ + public static function decryptElement(DOMElement $encryptedData, XMLSecurityKey $inputKey, $formatOutput = true) + { + + $enc = new XMLSecEnc(); + + $enc->setNode($encryptedData); + $enc->type = $encryptedData->getAttribute("Type"); + + $symmetricKey = $enc->locateKey($encryptedData); + if (!$symmetricKey) { + throw new ValidationError( + 'Could not locate key algorithm in encrypted data.', + ValidationError::KEY_ALGORITHM_ERROR + ); + } + + $symmetricKeyInfo = $enc->locateKeyInfo($symmetricKey); + if (!$symmetricKeyInfo) { + throw new ValidationError( + "Could not locate for the encrypted key.", + ValidationError::KEYINFO_NOT_FOUND_IN_ENCRYPTED_DATA + ); + } + + $inputKeyAlgo = $inputKey->getAlgorithm(); + if ($symmetricKeyInfo->isEncrypted) { + $symKeyInfoAlgo = $symmetricKeyInfo->getAlgorithm(); + + if ($symKeyInfoAlgo === XMLSecurityKey::RSA_OAEP_MGF1P && $inputKeyAlgo === XMLSecurityKey::RSA_1_5) { + $inputKeyAlgo = XMLSecurityKey::RSA_OAEP_MGF1P; + } + + if ($inputKeyAlgo !== $symKeyInfoAlgo) { + throw new ValidationError( + 'Algorithm mismatch between input key and key used to encrypt ' . + ' the symmetric key for the message. Key was: ' . + var_export($inputKeyAlgo, true) . '; message was: ' . + var_export($symKeyInfoAlgo, true), + ValidationError::KEY_ALGORITHM_ERROR + ); + } + + $encKey = $symmetricKeyInfo->encryptedCtx; + $symmetricKeyInfo->key = $inputKey->key; + $keySize = $symmetricKey->getSymmetricKeySize(); + if ($keySize === null) { + // To protect against "key oracle" attacks + throw new ValidationError( + 'Unknown key size for encryption algorithm: ' . var_export($symmetricKey->type, true), + ValidationError::KEY_ALGORITHM_ERROR + ); + } + + $key = $encKey->decryptKey($symmetricKeyInfo); + if (strlen($key) != $keySize) { + $encryptedKey = $encKey->getCipherValue(); + $pkey = openssl_pkey_get_details($symmetricKeyInfo->key); + $pkey = sha1(serialize($pkey), true); + $key = sha1($encryptedKey . $pkey, true); + + /* Make sure that the key has the correct length. */ + if (strlen($key) > $keySize) { + $key = substr($key, 0, $keySize); + } elseif (strlen($key) < $keySize) { + $key = str_pad($key, $keySize); + } + } + $symmetricKey->loadKey($key); + } else { + $symKeyAlgo = $symmetricKey->getAlgorithm(); + if ($inputKeyAlgo !== $symKeyAlgo) { + throw new ValidationError( + 'Algorithm mismatch between input key and key in message. ' . + 'Key was: ' . var_export($inputKeyAlgo, true) . '; message was: ' . + var_export($symKeyAlgo, true), + ValidationError::KEY_ALGORITHM_ERROR + ); + } + $symmetricKey = $inputKey; + } + + $decrypted = $enc->decryptNode($symmetricKey, false); + + $xml = ''.$decrypted.''; + $newDoc = new DOMDocument(); + if ($formatOutput) { + $newDoc->preserveWhiteSpace = false; + $newDoc->formatOutput = true; + } + $newDoc = self::loadXML($newDoc, $xml); + if (!$newDoc) { + throw new ValidationError( + 'Failed to parse decrypted XML.', + ValidationError::INVALID_XML_FORMAT + ); + } + + $decryptedElement = $newDoc->firstChild->firstChild; + if ($decryptedElement === null) { + throw new ValidationError( + 'Missing encrypted element.', + ValidationError::MISSING_ENCRYPTED_ELEMENT + ); + } + + return $decryptedElement; + } + + /** + * Converts a XMLSecurityKey to the correct algorithm. + * + * @param XMLSecurityKey $key The key. + * @param string $algorithm The desired algorithm. + * @param string $type Public or private key, defaults to public. + * + * @return XMLSecurityKey The new key. + * + * @throws Exception + */ + public static function castKey(XMLSecurityKey $key, $algorithm, $type = 'public') + { + assert(is_string($algorithm)); + assert($type === 'public' || $type === 'private'); + + // do nothing if algorithm is already the type of the key + if ($key->type === $algorithm) { + return $key; + } + + if (!Utils::isSupportedSigningAlgorithm($algorithm)) { + throw new Exception('Unsupported signing algorithm.'); + } + + $keyInfo = openssl_pkey_get_details($key->key); + if ($keyInfo === false) { + throw new Exception('Unable to get key details from XMLSecurityKey.'); + } + if (!isset($keyInfo['key'])) { + throw new Exception('Missing key in public key details.'); + } + $newKey = new XMLSecurityKey($algorithm, array('type'=>$type)); + $newKey->loadKey($keyInfo['key']); + return $newKey; + } + + /** + * @param $algorithm + * + * @return bool + */ + public static function isSupportedSigningAlgorithm($algorithm) + { + return in_array( + $algorithm, + array( + XMLSecurityKey::RSA_1_5, + XMLSecurityKey::RSA_SHA1, + XMLSecurityKey::RSA_SHA256, + XMLSecurityKey::RSA_SHA384, + XMLSecurityKey::RSA_SHA512 + ) + ); + } + + /** + * Adds signature key and senders certificate to an element (Message or Assertion). + * + * @param string|DOMDocument $xml The element we should sign + * @param string $key The private key + * @param string $cert The public + * @param string $signAlgorithm Signature algorithm method + * @param string $digestAlgorithm Digest algorithm method + * + * @return string + * + * @throws Exception + */ + public static function addSign($xml, $key, $cert, $signAlgorithm = XMLSecurityKey::RSA_SHA256, $digestAlgorithm = XMLSecurityDSig::SHA256) + { + if ($xml instanceof DOMDocument) { + $dom = $xml; + } else { + $dom = new DOMDocument(); + $dom = self::loadXML($dom, $xml); + if (!$dom) { + throw new Exception('Error parsing xml string'); + } + } + + /* Load the private key. */ + $objKey = new XMLSecurityKey($signAlgorithm, array('type' => 'private')); + $objKey->loadKey($key, false); + + /* Get the EntityDescriptor node we should sign. */ + $rootNode = $dom->firstChild; + + /* Sign the metadata with our private key. */ + $objXMLSecDSig = new XMLSecurityDSig(); + $objXMLSecDSig->setCanonicalMethod(XMLSecurityDSig::EXC_C14N); + + $objXMLSecDSig->addReferenceList( + array($rootNode), + $digestAlgorithm, + array('http://www.w3.org/2000/09/xmldsig#enveloped-signature', XMLSecurityDSig::EXC_C14N), + array('id_name' => 'ID') + ); + + $objXMLSecDSig->sign($objKey); + + /* Add the certificate to the signature. */ + $objXMLSecDSig->add509Cert($cert, true); + + $insertBefore = $rootNode->firstChild; + $messageTypes = array('AuthnRequest', 'Response', 'LogoutRequest','LogoutResponse'); + if (in_array($rootNode->localName, $messageTypes)) { + $issuerNodes = self::query($dom, '/'.$rootNode->tagName.'/saml:Issuer'); + if ($issuerNodes->length == 1) { + $insertBefore = $issuerNodes->item(0)->nextSibling; + } + } + + /* Add the signature. */ + $objXMLSecDSig->insertSignature($rootNode, $insertBefore); + + /* Return the DOM tree as a string. */ + $signedxml = $dom->saveXML(); + + return $signedxml; + } + + /** + * Validates a signature (Message or Assertion). + * + * @param string|\DomNode $xml The element we should validate + * @param string|null $cert The pubic cert + * @param string|null $fingerprint The fingerprint of the public cert + * @param string|null $fingerprintalg The algorithm used to get the fingerprint + * @param string|null $xpath The xpath of the signed element + * @param array|null $multiCerts Multiple public certs + * + * @return bool + * + * @throws Exception + */ + public static function validateSign($xml, $cert = null, $fingerprint = null, $fingerprintalg = 'sha1', $xpath = null, $multiCerts = null) + { + if ($xml instanceof DOMDocument) { + $dom = clone $xml; + } else if ($xml instanceof DOMElement) { + $dom = clone $xml->ownerDocument; + } else { + $dom = new DOMDocument(); + $dom = self::loadXML($dom, $xml); + } + + $objXMLSecDSig = new XMLSecurityDSig(); + $objXMLSecDSig->idKeys = array('ID'); + + if ($xpath) { + $nodeset = Utils::query($dom, $xpath); + $objDSig = $nodeset->item(0); + $objXMLSecDSig->sigNode = $objDSig; + } else { + $objDSig = $objXMLSecDSig->locateSignature($dom); + } + + if (!$objDSig) { + throw new Exception('Cannot locate Signature Node'); + } + + $objKey = $objXMLSecDSig->locateKey(); + if (!$objKey) { + throw new Exception('We have no idea about the key'); + } + + if (!Utils::isSupportedSigningAlgorithm($objKey->type)) { + throw new Exception('Unsupported signing algorithm.'); + } + + $objXMLSecDSig->canonicalizeSignedInfo(); + + try { + $retVal = $objXMLSecDSig->validateReference(); + } catch (Exception $e) { + throw $e; + } + + XMLSecEnc::staticLocateKeyInfo($objKey, $objDSig); + + if (!empty($multiCerts)) { + // If multiple certs are provided, I may ignore $cert and + // $fingerprint provided by the method and just check the + // certs on the array + $fingerprint = null; + } else { + // else I add the cert to the array in order to check + // validate signatures with it and the with it and the + // $fingerprint value + $multiCerts = array($cert); + } + + $valid = false; + foreach ($multiCerts as $cert) { + if (!empty($cert)) { + $objKey->loadKey($cert, false, true); + if ($objXMLSecDSig->verify($objKey) === 1) { + $valid = true; + break; + } + } else { + if (!empty($fingerprint)) { + $domCert = $objKey->getX509Certificate(); + $domCertFingerprint = Utils::calculateX509Fingerprint($domCert, $fingerprintalg); + if (Utils::formatFingerPrint($fingerprint) == $domCertFingerprint) { + $objKey->loadKey($domCert, false, true); + if ($objXMLSecDSig->verify($objKey) === 1) { + $valid = true; + break; + } + } + } + } + } + return $valid; + } + + /** + * Validates a binary signature + * + * @param string $messageType Type of SAML Message + * @param array $getData HTTP GET array + * @param array $idpData IdP setting data + * @param bool $retrieveParametersFromServer Indicates where to get the values in order to validate the Sign, from getData or from $_SERVER + * + * @return bool + * + * @throws Exception + */ + public static function validateBinarySign($messageType, $getData, $idpData, $retrieveParametersFromServer = false) + { + if (!isset($getData['SigAlg'])) { + $signAlg = XMLSecurityKey::RSA_SHA1; + } else { + $signAlg = $getData['SigAlg']; + } + + if ($retrieveParametersFromServer) { + $signedQuery = $messageType.'='.Utils::extractOriginalQueryParam($messageType); + if (isset($getData['RelayState'])) { + $signedQuery .= '&RelayState='.Utils::extractOriginalQueryParam('RelayState'); + } + $signedQuery .= '&SigAlg='.Utils::extractOriginalQueryParam('SigAlg'); + } else { + $signedQuery = $messageType.'='.urlencode($getData[$messageType]); + if (isset($getData['RelayState'])) { + $signedQuery .= '&RelayState='.urlencode($getData['RelayState']); + } + $signedQuery .= '&SigAlg='.urlencode($signAlg); + } + + if ($messageType == "SAMLRequest") { + $strMessageType = "Logout Request"; + } else { + $strMessageType = "Logout Response"; + } + $existsMultiX509Sign = isset($idpData['x509certMulti']) && isset($idpData['x509certMulti']['signing']) && !empty($idpData['x509certMulti']['signing']); + if ((!isset($idpData['x509cert']) || empty($idpData['x509cert'])) && !$existsMultiX509Sign) { + throw new Error( + "In order to validate the sign on the ".$strMessageType.", the x509cert of the IdP is required", + Error::CERT_NOT_FOUND + ); + } + + if ($existsMultiX509Sign) { + $multiCerts = $idpData['x509certMulti']['signing']; + } else { + $multiCerts = array($idpData['x509cert']); + } + + $signatureValid = false; + foreach ($multiCerts as $cert) { + $objKey = new XMLSecurityKey(XMLSecurityKey::RSA_SHA1, array('type' => 'public')); + $objKey->loadKey($cert, false, true); + + if ($signAlg != XMLSecurityKey::RSA_SHA1) { + try { + $objKey = Utils::castKey($objKey, $signAlg, 'public'); + } catch (Exception $e) { + $ex = new ValidationError( + "Invalid signAlg in the recieved ".$strMessageType, + ValidationError::INVALID_SIGNATURE + ); + if (count($multiCerts) == 1) { + throw $ex; + } + } + } + + if ($objKey->verifySignature($signedQuery, base64_decode($getData['Signature'])) === 1) { + $signatureValid = true; + break; + } + } + return $signatureValid; + } +} diff --git a/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/ValidationError.php b/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/ValidationError.php new file mode 100644 index 0000000..889f531 --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/ValidationError.php @@ -0,0 +1,100 @@ + + * @license MIT https://github.com/onelogin/php-saml/blob/master/LICENSE + * @link https://github.com/onelogin/php-saml + */ + +namespace OneLogin\Saml2; + +use Exception; + +/** + * ValidationError class of OneLogin PHP Toolkit + * + * This class implements another custom Exception handler, + * related to exceptions that happens during validation process. + */ +class ValidationError extends Exception +{ + // Validation Errors + const UNSUPPORTED_SAML_VERSION = 0; + const MISSING_ID = 1; + const WRONG_NUMBER_OF_ASSERTIONS = 2; + const MISSING_STATUS = 3; + const MISSING_STATUS_CODE = 4; + const STATUS_CODE_IS_NOT_SUCCESS = 5; + const WRONG_SIGNED_ELEMENT = 6; + const ID_NOT_FOUND_IN_SIGNED_ELEMENT = 7; + const DUPLICATED_ID_IN_SIGNED_ELEMENTS = 8; + const INVALID_SIGNED_ELEMENT = 9; + const DUPLICATED_REFERENCE_IN_SIGNED_ELEMENTS = 10; + const UNEXPECTED_SIGNED_ELEMENTS = 11; + const WRONG_NUMBER_OF_SIGNATURES_IN_RESPONSE = 12; + const WRONG_NUMBER_OF_SIGNATURES_IN_ASSERTION = 13; + const INVALID_XML_FORMAT = 14; + const WRONG_INRESPONSETO = 15; + const NO_ENCRYPTED_ASSERTION = 16; + const NO_ENCRYPTED_NAMEID = 17; + const MISSING_CONDITIONS = 18; + const ASSERTION_TOO_EARLY = 19; + const ASSERTION_EXPIRED = 20; + const WRONG_NUMBER_OF_AUTHSTATEMENTS = 21; + const NO_ATTRIBUTESTATEMENT = 22; + const ENCRYPTED_ATTRIBUTES = 23; + const WRONG_DESTINATION = 24; + const EMPTY_DESTINATION = 25; + const WRONG_AUDIENCE = 26; + const ISSUER_MULTIPLE_IN_RESPONSE = 27; + const ISSUER_NOT_FOUND_IN_ASSERTION = 28; + const WRONG_ISSUER = 29; + const SESSION_EXPIRED = 30; + const WRONG_SUBJECTCONFIRMATION = 31; + const NO_SIGNED_MESSAGE = 32; + const NO_SIGNED_ASSERTION = 33; + const NO_SIGNATURE_FOUND = 34; + const KEYINFO_NOT_FOUND_IN_ENCRYPTED_DATA = 35; + const CHILDREN_NODE_NOT_FOUND_IN_KEYINFO = 36; + const UNSUPPORTED_RETRIEVAL_METHOD = 37; + const NO_NAMEID = 38; + const EMPTY_NAMEID = 39; + const SP_NAME_QUALIFIER_NAME_MISMATCH = 40; + const DUPLICATED_ATTRIBUTE_NAME_FOUND = 41; + const INVALID_SIGNATURE = 42; + const WRONG_NUMBER_OF_SIGNATURES = 43; + const RESPONSE_EXPIRED = 44; + const UNEXPECTED_REFERENCE = 45; + const NOT_SUPPORTED = 46; + const KEY_ALGORITHM_ERROR = 47; + const MISSING_ENCRYPTED_ELEMENT = 48; + + + /** + * Constructor + * + * @param string $msg Describes the error. + * @param int $code The code error (defined in the error class). + * @param array|null $args Arguments used in the message that describes the error. + */ + public function __construct($msg, $code = 0, $args = array()) + { + assert(is_string($msg)); + assert(is_int($code)); + + if (!isset($args)) { + $args = array(); + } + $params = array_merge(array($msg), $args); + $message = call_user_func_array('sprintf', $params); + + parent::__construct($message, $code); + } +} diff --git a/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/schemas/saml-schema-assertion-2.0.xsd b/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/schemas/saml-schema-assertion-2.0.xsd new file mode 100644 index 0000000..2b2f7b8 --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/schemas/saml-schema-assertion-2.0.xsd @@ -0,0 +1,283 @@ + + + + + + + Document identifier: saml-schema-assertion-2.0 + Location: http://docs.oasis-open.org/security/saml/v2.0/ + Revision history: + V1.0 (November, 2002): + Initial Standard Schema. + V1.1 (September, 2003): + Updates within the same V1.0 namespace. + V2.0 (March, 2005): + New assertion schema for SAML V2.0 namespace. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/schemas/saml-schema-authn-context-2.0.xsd b/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/schemas/saml-schema-authn-context-2.0.xsd new file mode 100644 index 0000000..e4754fa --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/schemas/saml-schema-authn-context-2.0.xsd @@ -0,0 +1,23 @@ + + + + + + Document identifier: saml-schema-authn-context-2.0 + Location: http://docs.oasis-open.org/security/saml/v2.0/ + Revision history: + V2.0 (March, 2005): + New core authentication context schema for SAML V2.0. + This is just an include of all types from the schema + referred to in the include statement below. + + + + + + \ No newline at end of file diff --git a/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/schemas/saml-schema-authn-context-types-2.0.xsd b/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/schemas/saml-schema-authn-context-types-2.0.xsd new file mode 100644 index 0000000..8513959 --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/schemas/saml-schema-authn-context-types-2.0.xsd @@ -0,0 +1,821 @@ + + + + + + Document identifier: saml-schema-authn-context-types-2.0 + Location: http://docs.oasis-open.org/security/saml/v2.0/ + Revision history: + V2.0 (March, 2005): + New core authentication context schema types for SAML V2.0. + + + + + + + A particular assertion on an identity + provider's part with respect to the authentication + context associated with an authentication assertion. + + + + + + + + Refers to those characteristics that describe the + processes and mechanisms + the Authentication Authority uses to initially create + an association between a Principal + and the identity (or name) by which the Principal will + be known + + + + + + + + This element indicates that identification has been + performed in a physical + face-to-face meeting with the principal and not in an + online manner. + + + + + + + + + + + + + + + + + + + + Refers to those characterstics that describe how the + 'secret' (the knowledge or possession + of which allows the Principal to authenticate to the + Authentication Authority) is kept secure + + + + + + + + This element indicates the types and strengths of + facilities + of a UA used to protect a shared secret key from + unauthorized access and/or use. + + + + + + + + This element indicates the types and strengths of + facilities + of a UA used to protect a private key from + unauthorized access and/or use. + + + + + + + The actions that must be performed + before the private key can be used. + + + + + + Whether or not the private key is shared + with the certificate authority. + + + + + + + In which medium is the key stored. + memory - the key is stored in memory. + smartcard - the key is stored in a smartcard. + token - the key is stored in a hardware token. + MobileDevice - the key is stored in a mobile device. + MobileAuthCard - the key is stored in a mobile + authentication card. + + + + + + + + + + + This element indicates that a password (or passphrase) + has been used to + authenticate the Principal to a remote system. + + + + + + + + This element indicates that a Pin (Personal + Identification Number) has been used to authenticate the Principal to + some local system in order to activate a key. + + + + + + + + This element indicates that a hardware or software + token is used + as a method of identifying the Principal. + + + + + + + + This element indicates that a time synchronization + token is used to identify the Principal. hardware - + the time synchonization + token has been implemented in hardware. software - the + time synchronization + token has been implemented in software. SeedLength - + the length, in bits, of the + random seed used in the time synchronization token. + + + + + + + + This element indicates that a smartcard is used to + identity the Principal. + + + + + + + + This element indicates the minimum and/or maximum + ASCII length of the password which is enforced (by the UA or the + IdP). In other words, this is the minimum and/or maximum number of + ASCII characters required to represent a valid password. + min - the minimum number of ASCII characters required + in a valid password, as enforced by the UA or the IdP. + max - the maximum number of ASCII characters required + in a valid password, as enforced by the UA or the IdP. + + + + + + + + This element indicates the length of time for which an + PIN-based authentication is valid. + + + + + + + + Indicates whether the password was chosen by the + Principal or auto-supplied by the Authentication Authority. + principalchosen - the Principal is allowed to choose + the value of the password. This is true even if + the initial password is chosen at random by the UA or + the IdP and the Principal is then free to change + the password. + automatic - the password is chosen by the UA or the + IdP to be cryptographically strong in some sense, + or to satisfy certain password rules, and that the + Principal is not free to change it or to choose a new password. + + + + + + + + + + + + + + + + + + + Refers to those characteristics that define the + mechanisms by which the Principal authenticates to the Authentication + Authority. + + + + + + + + The method that a Principal employs to perform + authentication to local system components. + + + + + + + + The method applied to validate a principal's + authentication across a network + + + + + + + + Supports Authenticators with nested combinations of + additional complexity. + + + + + + + + Indicates that the Principal has been strongly + authenticated in a previous session during which the IdP has set a + cookie in the UA. During the present session the Principal has only + been authenticated by the UA returning the cookie to the IdP. + + + + + + + + Rather like PreviousSession but using stronger + security. A secret that was established in a previous session with + the Authentication Authority has been cached by the local system and + is now re-used (e.g. a Master Secret is used to derive new session + keys in TLS, SSL, WTLS). + + + + + + + + This element indicates that the Principal has been + authenticated by a zero knowledge technique as specified in ISO/IEC + 9798-5. + + + + + + + + + + This element indicates that the Principal has been + authenticated by a challenge-response protocol utilizing shared secret + keys and symmetric cryptography. + + + + + + + + + + + + This element indicates that the Principal has been + authenticated by a mechanism which involves the Principal computing a + digital signature over at least challenge data provided by the IdP. + + + + + + + + The local system has a private key but it is used + in decryption mode, rather than signature mode. For example, the + Authentication Authority generates a secret and encrypts it using the + local system's public key: the local system then proves it has + decrypted the secret. + + + + + + + + The local system has a private key and uses it for + shared secret key agreement with the Authentication Authority (e.g. + via Diffie Helman). + + + + + + + + + + + + + + + This element indicates that the Principal has been + authenticated through connection from a particular IP address. + + + + + + + + The local system and Authentication Authority + share a secret key. The local system uses this to encrypt a + randomised string to pass to the Authentication Authority. + + + + + + + + The protocol across which Authenticator information is + transferred to an Authentication Authority verifier. + + + + + + + + This element indicates that the Authenticator has been + transmitted using bare HTTP utilizing no additional security + protocols. + + + + + + + + This element indicates that the Authenticator has been + transmitted using a transport mechanism protected by an IPSEC session. + + + + + + + + This element indicates that the Authenticator has been + transmitted using a transport mechanism protected by a WTLS session. + + + + + + + + This element indicates that the Authenticator has been + transmitted solely across a mobile network using no additional + security mechanism. + + + + + + + + + + + This element indicates that the Authenticator has been + transmitted using a transport mechnanism protected by an SSL or TLS + session. + + + + + + + + + + + + Refers to those characteristics that describe + procedural security controls employed by the Authentication Authority. + + + + + + + + + + + + Provides a mechanism for linking to external (likely + human readable) documents in which additional business agreements, + (e.g. liability constraints, obligations, etc) can be placed. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + This attribute indicates whether or not the + Identification mechanisms allow the actions of the Principal to be + linked to an actual end user. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + This element indicates that the Key Activation Limit is + defined as a specific duration of time. + + + + + + + + This element indicates that the Key Activation Limit is + defined as a number of usages. + + + + + + + + This element indicates that the Key Activation Limit is + the session. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/schemas/saml-schema-metadata-2.0.xsd b/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/schemas/saml-schema-metadata-2.0.xsd new file mode 100644 index 0000000..86e58f9 --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/schemas/saml-schema-metadata-2.0.xsd @@ -0,0 +1,336 @@ + + + + + + + + + Document identifier: saml-schema-metadata-2.0 + Location: http://docs.oasis-open.org/security/saml/v2.0/ + Revision history: + V2.0 (March, 2005): + Schema for SAML metadata, first published in SAML 2.0. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/schemas/saml-schema-protocol-2.0.xsd b/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/schemas/saml-schema-protocol-2.0.xsd new file mode 100644 index 0000000..7fa6f48 --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/schemas/saml-schema-protocol-2.0.xsd @@ -0,0 +1,302 @@ + + + + + + + Document identifier: saml-schema-protocol-2.0 + Location: http://docs.oasis-open.org/security/saml/v2.0/ + Revision history: + V1.0 (November, 2002): + Initial Standard Schema. + V1.1 (September, 2003): + Updates within the same V1.0 namespace. + V2.0 (March, 2005): + New protocol schema based in a SAML V2.0 namespace. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/schemas/sstc-metadata-attr.xsd b/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/schemas/sstc-metadata-attr.xsd new file mode 100644 index 0000000..f23e462 --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/schemas/sstc-metadata-attr.xsd @@ -0,0 +1,35 @@ + + + + + + Document title: SAML V2.0 Metadata Extention for Entity Attributes Schema + Document identifier: sstc-metadata-attr.xsd + Location: http://www.oasis-open.org/committees/documents.php?wg_abbrev=security + Revision history: + V1.0 (November 2008): + Initial version. + + + + + + + + + + + + + + + diff --git a/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/schemas/sstc-saml-attribute-ext.xsd b/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/schemas/sstc-saml-attribute-ext.xsd new file mode 100644 index 0000000..ad309c1 --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/schemas/sstc-saml-attribute-ext.xsd @@ -0,0 +1,25 @@ + + + + + + Document title: SAML V2.0 Attribute Extension Schema + Document identifier: sstc-saml-attribute-ext.xsd + Location: http://www.oasis-open.org/committees/documents.php?wg_abbrev=security + Revision history: + V1.0 (October 2008): + Initial version. + + + + + + + + diff --git a/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/schemas/sstc-saml-metadata-algsupport-v1.0.xsd b/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/schemas/sstc-saml-metadata-algsupport-v1.0.xsd new file mode 100644 index 0000000..3236ffc --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/schemas/sstc-saml-metadata-algsupport-v1.0.xsd @@ -0,0 +1,41 @@ + + + + + + Document title: Metadata Extension Schema for SAML V2.0 Metadata Profile for Algorithm Support Version 1.0 + Document identifier: sstc-saml-metadata-algsupport.xsd + Location: http://docs.oasis-open.org/security/saml/Post2.0/ + Revision history: + V1.0 (June 2010): + Initial version. + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/schemas/sstc-saml-metadata-ui-v1.0.xsd b/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/schemas/sstc-saml-metadata-ui-v1.0.xsd new file mode 100644 index 0000000..de0b754 --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/schemas/sstc-saml-metadata-ui-v1.0.xsd @@ -0,0 +1,89 @@ + + + + + + Document title: Metadata Extension Schema for SAML V2.0 Metadata Extensions for Login and Discovery User Interface Version 1.0 + Document identifier: sstc-saml-metadata-ui-v1.0.xsd + Location: http://docs.oasis-open.org/security/saml/Post2.0/ + Revision history: + 16 November 2010: + Added Keywords element/type. + 01 November 2010 + Changed filename. + September 2010: + Initial version. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/schemas/xenc-schema.xsd b/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/schemas/xenc-schema.xsd new file mode 100644 index 0000000..d6d7910 --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/schemas/xenc-schema.xsd @@ -0,0 +1,136 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/schemas/xml.xsd b/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/schemas/xml.xsd new file mode 100644 index 0000000..aea7d0d --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/schemas/xml.xsd @@ -0,0 +1,287 @@ + + + + + + +
+

About the XML namespace

+ +
+

+ This schema document describes the XML namespace, in a form + suitable for import by other schema documents. +

+

+ See + http://www.w3.org/XML/1998/namespace.html and + + http://www.w3.org/TR/REC-xml for information + about this namespace. +

+

+ Note that local names in this namespace are intended to be + defined only by the World Wide Web Consortium or its subgroups. + The names currently defined in this namespace are listed below. + They should not be used with conflicting semantics by any Working + Group, specification, or document instance. +

+

+ See further below in this document for more information about how to refer to this schema document from your own + XSD schema documents and about the + namespace-versioning policy governing this schema document. +

+
+
+ + + + + + +
+ +

lang (as an attribute name)

+

+ denotes an attribute whose value + is a language code for the natural language of the content of + any element; its value is inherited. This name is reserved + by virtue of its definition in the XML specification.

+ +
+
+

Notes

+

+ Attempting to install the relevant ISO 2- and 3-letter + codes as the enumerated possible values is probably never + going to be a realistic possibility. +

+

+ See BCP 47 at + http://www.rfc-editor.org/rfc/bcp/bcp47.txt + and the IANA language subtag registry at + + http://www.iana.org/assignments/language-subtag-registry + for further information. +

+

+ The union allows for the 'un-declaration' of xml:lang with + the empty string. +

+
+ + + + + + + + + + + + + + + + +
+ +

space (as an attribute name)

+

+ denotes an attribute whose + value is a keyword indicating what whitespace processing + discipline is intended for the content of the element; its + value is inherited. This name is reserved by virtue of its + definition in the XML specification.

+ +
+ + + + + + + + + + + + +
+ +

base (as an attribute name)

+

+ denotes an attribute whose value + provides a URI to be used as the base for interpreting any + relative URIs in the scope of the element on which it + appears; its value is inherited. This name is reserved + by virtue of its definition in the XML Base specification.

+ +

+ See http://www.w3.org/TR/xmlbase/ + for information about this attribute. +

+
+ + + + + + + +
+ +

id (as an attribute name)

+

+ denotes an attribute whose value + should be interpreted as if declared to be of type ID. + This name is reserved by virtue of its definition in the + xml:id specification.

+ +

+ See http://www.w3.org/TR/xml-id/ + for information about this attribute. +

+
+ + + + + + + + + + + + + +
+ +

Father (in any context at all)

+ +
+

+ denotes Jon Bosak, the chair of + the original XML Working Group. This name is reserved by + the following decision of the W3C XML Plenary and + XML Coordination groups: +

+
+

+ In appreciation for his vision, leadership and + dedication the W3C XML Plenary on this 10th day of + February, 2000, reserves for Jon Bosak in perpetuity + the XML name "xml:Father". +

+
+
+
+ + + + + +
+

About this schema document

+ +
+

+ This schema defines attributes and an attribute group suitable + for use by schemas wishing to allow xml:base, + xml:lang, xml:space or + xml:id attributes on elements they define. +

+

+ To enable this, such a schema must import this schema for + the XML namespace, e.g. as follows: +

+ 
+          <schema . . .>
+           . . .
+           <import namespace="http://www.w3.org/XML/1998/namespace"
+                      schemaLocation="http://www.w3.org/2001/xml.xsd"/>
+
+

+ or +

+ 
+           <import namespace="http://www.w3.org/XML/1998/namespace"
+                      schemaLocation="http://www.w3.org/2009/01/xml.xsd"/>
+
+

+ Subsequently, qualified reference to any of the attributes or the + group defined below will have the desired effect, e.g. +

+ 
+          <type . . .>
+           . . .
+           <attributeGroup ref="xml:specialAttrs"/>
+
+

+ will define a type which will schema-validate an instance element + with any of those attributes. +

+
+
+ + + + + +
+

Versioning policy for this schema document

+
+

+ In keeping with the XML Schema WG's standard versioning + policy, this schema document will persist at + + http://www.w3.org/2009/01/xml.xsd. +

+

+ At the date of issue it can also be found at + + http://www.w3.org/2001/xml.xsd. +

+

+ The schema document at that URI may however change in the future, + in order to remain compatible with the latest version of XML + Schema itself, or with the XML namespace itself. In other words, + if the XML Schema or XML namespaces change, the version of this + document at + http://www.w3.org/2001/xml.xsd + + will change accordingly; the version at + + http://www.w3.org/2009/01/xml.xsd + + will not change. +

+

+ Previous dated (and unchanging) versions of this schema + document are at: +

+ +
+
+ + + + + diff --git a/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/schemas/xmldsig-core-schema.xsd b/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/schemas/xmldsig-core-schema.xsd new file mode 100644 index 0000000..6f5acc7 --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/schemas/xmldsig-core-schema.xsd @@ -0,0 +1,309 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/version.json b/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/version.json new file mode 100644 index 0000000..0fdfc33 --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/version.json @@ -0,0 +1,7 @@ +{ + "php-saml": { + "version": "3.4.1", + "released": "25/11/2019" + } +} + diff --git a/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/robrichards/xmlseclibs/CHANGELOG.txt b/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/robrichards/xmlseclibs/CHANGELOG.txt new file mode 100644 index 0000000..351b104 --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/robrichards/xmlseclibs/CHANGELOG.txt @@ -0,0 +1,228 @@ +xmlseclibs.php +||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| +05, Sep 2020, 3.1.1 +Features: +- Support OAEP (iggyvolz) + +Bug Fixes: +- Fix AES128 (iggyvolz) + +Improvements: +- Fix tests for older PHP + +22, Apr 2020, 3.1.0 +Features: +- Support AES-GCM. Requires PHP 7.1. (François Kooman) + +Improvements: +- Fix Travis tests for older PHP versions. +- Use DOMElement interface to fix some IDEs reporting documentation errors + +Bug Fixes: +- FIX missing InclusiveNamespaces PrefixList from Java + Apache WSS4J. (njake) + +06, Nov 2019, 3.0.4 +Security Improvements: +- Insure only a single SignedInfo element exists within a signature during + verification. Refs CVE-2019-3465. +Bug Fixes: +- Fix variable casing. + +15, Nov 2018, 3.0.3 +Bug Fixes: +- Fix casing of class name. (Willem Stuursma-Ruwen) +- Fix Xpath casing. (Tim van Dijen) + +Improvements: +- Make PCRE2 compliant. (Stefan Winter) +- Add PHP 7.3 support. (Stefan Winter) + +27, Sep 2018, 3.0.2 +Security Improvements: +- OpenSSL is now a requirement rather than suggestion. (Slaven Bacelic) +- Filter input to avoid XPath injection. (Jaime Pérez) + +Bug Fixes: +- Fix missing parentheses (Tim van Dijen) + +Improvements: +- Use strict comparison operator to compare digest values. (Jaime Pérez) +- Remove call to file_get_contents that doesn't even work. (Jaime Pérez) +- Document potentially dangerous return value behaviour. (Thijs Kinkhorst) + +31, Aug 2017, 3.0.1 +Bug Fixes: +- Fixed missing () in function call. (Dennis Væversted) + +Improvements: +- Add OneLogin to supported software. +- Add .gitattributes to remove unneeded files. (Filippo Tessarotto) +- Fix bug in example code. (Dan Church) +- Travis: add PHP 7.1, move hhvm to allowed failures. (Thijs Kinkhorst) +- Drop failing extract-win-cert test (Thijs Kinkhorst). (Thijs Kinkhorst) +- Add comments to warn about return values of verify(). (Thijs Kinkhorst) +- Fix tests to properly check return code of verify(). (Thijs Kinkhorst) +- Restore support for PHP >= 5.4. (Jaime Pérez) + +25, May 2017, 3.0.0 +Improvements: +- Remove use of mcrypt (skymeyer) + +08, Sep 2016, 2.0.1 +Bug Fixes: +- Strip whitespace characters when parsing X509Certificate. fixes #84 + (klemen.bratec) +- Certificate 'subject' values can be arrays. fixes #80 (Andreas Stangl) +- HHVM signing node with ID attribute w/out namespace regenerates ID value. + fixes #88 (Milos Tomic) + +Improvements: +- Fix typos and add some PHPDoc Blocks. (gfaust-qb) +- Update lightSAML link. (Milos Tomic) +- Update copyright dates. + +31, Jul 2015, 2.0.0 +Features: +- Namespace support. Classes now in the RobRichards\XMLSecLibs\ namespace. + +Improvements: +- Dropped support for PHP 5.2 + +31, Jul 2015, 1.4.1 +Bug Fixes: +- Allow for large digest values that may have line breaks. fixes #62 + +Features: +- Support for locating specific signature when multiple exist in + document. (griga3k) + +Improvements: +- Add optional argument to XMLSecurityDSig to define the prefix to be used, + also allowing for null to use no prefix, for the dsig namespace. fixes #13 +- Code cleanup +- Depreciated XMLSecurityDSig::generate_GUID for XMLSecurityDSig::generateGUID + +23, Jun 2015, 1.4.0 +Features: +- Support for PSR-0 standard. +- Support for X509SubjectName. (Milos Tomic) +- Add HMAC-SHA1 support. + +Improvements: +- Add how to install to README. (Bernardo Vieira da Silva) +- Code cleanup. (Jaime Pérez) +- Normalilze tests. (Hidde Wieringa) +- Add basic usage to README. (Hidde Wieringa) + +21, May 2015, 1.3.2 +Bug Fixes: +- Fix Undefined variable notice. (dpieper85) +- Fix typo when setting MimeType attribute. (Eugene OZ) +- Fix validateReference() with enveloping signatures + +Features: +- canonicalizeData performance optimization. (Jaime Pérez) +- Add composer support (Maks3w) + +19, Jun 2013, 1.3.1 +Features: +- return encrypted node from XMLSecEnc::encryptNode() when replace is set to + false. (Olav) +- Add support for RSA SHA384 and RSA_SHA512 and SHA384 digest. (Jaime PŽrez) +- Add options parameter to the add cert methods. +- Add optional issuerSerial creation with cert + +Bug Fixes: +- Fix persisted Id when namespaced. (Koen Thomeer) + +Improvements: +- Add LICENSE file +- Convert CHANGELOG.txt to UTF-8 + +26, Sep 2011, 1.3.0 +Features: +- Add param to append sig to node when signing. Fixes a problem when using + inclusive canonicalization to append a signature within a namespaced subtree. + ex. $objDSig->sign($objKey, $appendToNode); +- Add ability to encrypt by reference +- Add support for refences within an encrypted key +- Add thumbprint generation capability (XMLSecurityKey->getX509Thumbprint() and + XMLSecurityKey::getRawThumbprint($cert)) +- Return signature element node from XMLSecurityDSig::insertSignature() and + XMLSecurityDSig::appendSignature() methods +- Support for with simple URI Id reference. +- Add XMLSecurityKey::getSymmetricKeySize() method (Olav) +- Add XMLSecEnc::getCipherValue() method (Olav) +- Improve XMLSecurityKey:generateSessionKey() logic (Olav) + +Bug Fixes: +- Change split() to explode() as split is now depreciated +- ds:References using empty or simple URI Id reference should never include + comments in canonicalized data. +- Make sure that the elements in EncryptedData are emitted in the correct + sequence. + +11 Jan 2010, 1.2.2 +Features: +- Add support XPath support when creating signature. Provides support for + working with EBXML documents. +- Add reference option to force creation of URI attribute. For use + when adding a DOM Document where by default no URI attribute is added. +- Add support for RSA-SHA256 + +Bug Fixes: +- fix bug #5: createDOMDocumentFragment() in decryptNode when data is node + content (patch by Francois Wang) + + +08 Jul 2008, 1.2.1 +Features: +- Attempt to use mhash when hash extension is not present. (Alfredo Cubitos). +- Add fallback to built-in sha1 if both hash and mhash are not available and + throw error for other for other missing hashes. (patch by Olav Morken). +- Add getX509Certificate method to retrieve the x509 cert used for Key. + (patch by Olav Morken). +- Add getValidatedNodes method to retrieve the elements signed by the + signature. (patch by Olav Morken). +- Add insertSignature method for precision signature insertion. Merge + functionality from appendSignature in the process. (Olav Morken, Rob). +- Finally add some tests + +Bug Fixes: +- Fix canonicalization for Document node when using PHP < 5.2. +- Add padding for RSA_SHA1. (patch by Olav Morken). + + +27 Nov 2007, 1.2.0 +Features: +- New addReference/List option (overwrite). Boolean flag indicating if URI + value should be overwritten if already existing within document. + Default is TRUE to maintain BC. + +18 Nov 2007, 1.1.2 +Bug Fixes: +- Remove closing PHP tag to fix extra whitespace characters from being output + +11 Nov 2007, 1.1.1 +Features: +- Add getRefNodeID() and getRefIDs() methods missed in previous release. + Provide functionality to find URIs of existing reference nodes. + Required by simpleSAMLphp project + +Bug Fixes: +- Remove erroneous whitespace causing issues under certain circumastances. + +18 Oct 2007, 1.1.0 +Features: +- Enable creation of enveloping signature. This allows the creation of + managed information cards. +- Add addObject method for enveloping signatures. +- Add staticGet509XCerts method. Chained certificates within a PEM file can + now be added within the X509Data node. +- Add xpath support within transformations +- Add InclusiveNamespaces prefix list support within exclusive transformations. + +Bug Fixes: +- Initialize random number generator for mcrypt_create_iv. (Joan Cornadó). +- Fix an interoperability issue with .NET when encrypting data in CBC mode. + (Joan Cornadó). diff --git a/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/robrichards/xmlseclibs/LICENSE b/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/robrichards/xmlseclibs/LICENSE new file mode 100644 index 0000000..4fe5e5f --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/robrichards/xmlseclibs/LICENSE @@ -0,0 +1,31 @@ +Copyright (c) 2007-2019, Robert Richards . +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions +are met: + + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in + the documentation and/or other materials provided with the + distribution. + + * Neither the name of Robert Richards nor the names of his + contributors may be used to endorse or promote products derived + from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS +FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE +COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, +INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, +BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN +ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +POSSIBILITY OF SUCH DAMAGE. \ No newline at end of file diff --git a/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/robrichards/xmlseclibs/README.md b/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/robrichards/xmlseclibs/README.md new file mode 100644 index 0000000..a576080 --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/robrichards/xmlseclibs/README.md @@ -0,0 +1,85 @@ +#xmlseclibs + +xmlseclibs is a library written in PHP for working with XML Encryption and Signatures. + +The author of xmlseclibs is Rob Richards. + +# Branches +Master is currently the only actively maintained branch. +* master/3.1: Added AES-GCM support requiring 7.1+ +* 3.0: Removes mcrypt usage requiring 5.4+ (5.6.24+ recommended for security reasons) +* 2.0: Contains namespace support requiring 5.3+ +* 1.4: Contains auto-loader support while also maintaining backwards compatiblity with the older 1.3 version using the xmlseclibs.php file. Supports PHP 5.2+ + +# Requirements + +xmlseclibs requires PHP version 5.4 or greater. **5.6.24+ recommended for security reasons** + + +## How to Install + +Install with [`composer.phar`](http://getcomposer.org). + +```sh +php composer.phar require "robrichards/xmlseclibs" +``` + + +## Use cases + +xmlseclibs is being used in many different software. + +* [SimpleSAMLPHP](https://github.com/simplesamlphp/simplesamlphp) +* [LightSAML](https://github.com/lightsaml/lightsaml) +* [OneLogin](https://github.com/onelogin/php-saml) + +## Basic usage + +The example below shows basic usage of xmlseclibs, with a SHA-256 signature. + +```php +use RobRichards\XMLSecLibs\XMLSecurityDSig; +use RobRichards\XMLSecLibs\XMLSecurityKey; + +// Load the XML to be signed +$doc = new DOMDocument(); +$doc->load('./path/to/file/tobesigned.xml'); + +// Create a new Security object +$objDSig = new XMLSecurityDSig(); +// Use the c14n exclusive canonicalization +$objDSig->setCanonicalMethod(XMLSecurityDSig::EXC_C14N); +// Sign using SHA-256 +$objDSig->addReference( + $doc, + XMLSecurityDSig::SHA256, + array('http://www.w3.org/2000/09/xmldsig#enveloped-signature') +); + +// Create a new (private) Security key +$objKey = new XMLSecurityKey(XMLSecurityKey::RSA_SHA256, array('type'=>'private')); +/* +If key has a passphrase, set it using +$objKey->passphrase = ''; +*/ +// Load the private key +$objKey->loadKey('./path/to/privatekey.pem', TRUE); + +// Sign the XML file +$objDSig->sign($objKey); + +// Add the associated public key to the signature +$objDSig->add509Cert(file_get_contents('./path/to/file/mycert.pem')); + +// Append the signature to the XML +$objDSig->appendSignature($doc->documentElement); +// Save the signed XML +$doc->save('./path/to/signed.xml'); +``` + +## How to Contribute + +* [Open Issues](https://github.com/robrichards/xmlseclibs/issues) +* [Open Pull Requests](https://github.com/robrichards/xmlseclibs/pulls) + +Mailing List: https://groups.google.com/forum/#!forum/xmlseclibs diff --git a/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/robrichards/xmlseclibs/composer.json b/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/robrichards/xmlseclibs/composer.json new file mode 100644 index 0000000..22ce7a3 --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/robrichards/xmlseclibs/composer.json @@ -0,0 +1,21 @@ +{ + "name": "robrichards/xmlseclibs", + "description": "A PHP library for XML Security", + "license": "BSD-3-Clause", + "keywords": [ + "xml", + "xmldsig", + "signature", + "security" + ], + "homepage": "https://github.com/robrichards/xmlseclibs", + "autoload": { + "psr-4": { + "RobRichards\\XMLSecLibs\\": "src" + } + }, + "require": { + "php": ">= 5.4", + "ext-openssl": "*" + } +} diff --git a/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/robrichards/xmlseclibs/src/Utils/XPath.php b/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/robrichards/xmlseclibs/src/Utils/XPath.php new file mode 100644 index 0000000..8cdc48e --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/robrichards/xmlseclibs/src/Utils/XPath.php @@ -0,0 +1,44 @@ +. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * * Neither the name of Robert Richards nor the names of his + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER + * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN + * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + * + * @author Robert Richards + * @copyright 2007-2020 Robert Richards + * @license http://www.opensource.org/licenses/bsd-license.php BSD License + */ + +class XMLSecEnc +{ + const template = " + + + +"; + + const Element = 'http://www.w3.org/2001/04/xmlenc#Element'; + const Content = 'http://www.w3.org/2001/04/xmlenc#Content'; + const URI = 3; + const XMLENCNS = 'http://www.w3.org/2001/04/xmlenc#'; + + /** @var null|DOMDocument */ + private $encdoc = null; + + /** @var null|DOMNode */ + private $rawNode = null; + + /** @var null|string */ + public $type = null; + + /** @var null|DOMElement */ + public $encKey = null; + + /** @var array */ + private $references = array(); + + public function __construct() + { + $this->_resetTemplate(); + } + + private function _resetTemplate() + { + $this->encdoc = new DOMDocument(); + $this->encdoc->loadXML(self::template); + } + + /** + * @param string $name + * @param DOMNode $node + * @param string $type + * @throws Exception + */ + public function addReference($name, $node, $type) + { + if (! $node instanceOf DOMNode) { + throw new Exception('$node is not of type DOMNode'); + } + $curencdoc = $this->encdoc; + $this->_resetTemplate(); + $encdoc = $this->encdoc; + $this->encdoc = $curencdoc; + $refuri = XMLSecurityDSig::generateGUID(); + $element = $encdoc->documentElement; + $element->setAttribute("Id", $refuri); + $this->references[$name] = array("node" => $node, "type" => $type, "encnode" => $encdoc, "refuri" => $refuri); + } + + /** + * @param DOMNode $node + */ + public function setNode($node) + { + $this->rawNode = $node; + } + + /** + * Encrypt the selected node with the given key. + * + * @param XMLSecurityKey $objKey The encryption key and algorithm. + * @param bool $replace Whether the encrypted node should be replaced in the original tree. Default is true. + * @throws Exception + * + * @return DOMElement The -element. + */ + public function encryptNode($objKey, $replace = true) + { + $data = ''; + if (empty($this->rawNode)) { + throw new Exception('Node to encrypt has not been set'); + } + if (! $objKey instanceof XMLSecurityKey) { + throw new Exception('Invalid Key'); + } + $doc = $this->rawNode->ownerDocument; + $xPath = new DOMXPath($this->encdoc); + $objList = $xPath->query('/xenc:EncryptedData/xenc:CipherData/xenc:CipherValue'); + $cipherValue = $objList->item(0); + if ($cipherValue == null) { + throw new Exception('Error locating CipherValue element within template'); + } + switch ($this->type) { + case (self::Element): + $data = $doc->saveXML($this->rawNode); + $this->encdoc->documentElement->setAttribute('Type', self::Element); + break; + case (self::Content): + $children = $this->rawNode->childNodes; + foreach ($children AS $child) { + $data .= $doc->saveXML($child); + } + $this->encdoc->documentElement->setAttribute('Type', self::Content); + break; + default: + throw new Exception('Type is currently not supported'); + } + + $encMethod = $this->encdoc->documentElement->appendChild($this->encdoc->createElementNS(self::XMLENCNS, 'xenc:EncryptionMethod')); + $encMethod->setAttribute('Algorithm', $objKey->getAlgorithm()); + $cipherValue->parentNode->parentNode->insertBefore($encMethod, $cipherValue->parentNode->parentNode->firstChild); + + $strEncrypt = base64_encode($objKey->encryptData($data)); + $value = $this->encdoc->createTextNode($strEncrypt); + $cipherValue->appendChild($value); + + if ($replace) { + switch ($this->type) { + case (self::Element): + if ($this->rawNode->nodeType == XML_DOCUMENT_NODE) { + return $this->encdoc; + } + $importEnc = $this->rawNode->ownerDocument->importNode($this->encdoc->documentElement, true); + $this->rawNode->parentNode->replaceChild($importEnc, $this->rawNode); + return $importEnc; + case (self::Content): + $importEnc = $this->rawNode->ownerDocument->importNode($this->encdoc->documentElement, true); + while ($this->rawNode->firstChild) { + $this->rawNode->removeChild($this->rawNode->firstChild); + } + $this->rawNode->appendChild($importEnc); + return $importEnc; + } + } else { + return $this->encdoc->documentElement; + } + } + + /** + * @param XMLSecurityKey $objKey + * @throws Exception + */ + public function encryptReferences($objKey) + { + $curRawNode = $this->rawNode; + $curType = $this->type; + foreach ($this->references AS $name => $reference) { + $this->encdoc = $reference["encnode"]; + $this->rawNode = $reference["node"]; + $this->type = $reference["type"]; + try { + $encNode = $this->encryptNode($objKey); + $this->references[$name]["encnode"] = $encNode; + } catch (Exception $e) { + $this->rawNode = $curRawNode; + $this->type = $curType; + throw $e; + } + } + $this->rawNode = $curRawNode; + $this->type = $curType; + } + + /** + * Retrieve the CipherValue text from this encrypted node. + * + * @throws Exception + * @return string|null The Ciphervalue text, or null if no CipherValue is found. + */ + public function getCipherValue() + { + if (empty($this->rawNode)) { + throw new Exception('Node to decrypt has not been set'); + } + + $doc = $this->rawNode->ownerDocument; + $xPath = new DOMXPath($doc); + $xPath->registerNamespace('xmlencr', self::XMLENCNS); + /* Only handles embedded content right now and not a reference */ + $query = "./xmlencr:CipherData/xmlencr:CipherValue"; + $nodeset = $xPath->query($query, $this->rawNode); + $node = $nodeset->item(0); + + if (!$node) { + return null; + } + + return base64_decode($node->nodeValue); + } + + /** + * Decrypt this encrypted node. + * + * The behaviour of this function depends on the value of $replace. + * If $replace is false, we will return the decrypted data as a string. + * If $replace is true, we will insert the decrypted element(s) into the + * document, and return the decrypted element(s). + * + * @param XMLSecurityKey $objKey The decryption key that should be used when decrypting the node. + * @param boolean $replace Whether we should replace the encrypted node in the XML document with the decrypted data. The default is true. + * + * @return string|DOMElement The decrypted data. + */ + public function decryptNode($objKey, $replace=true) + { + if (! $objKey instanceof XMLSecurityKey) { + throw new Exception('Invalid Key'); + } + + $encryptedData = $this->getCipherValue(); + if ($encryptedData) { + $decrypted = $objKey->decryptData($encryptedData); + if ($replace) { + switch ($this->type) { + case (self::Element): + $newdoc = new DOMDocument(); + $newdoc->loadXML($decrypted); + if ($this->rawNode->nodeType == XML_DOCUMENT_NODE) { + return $newdoc; + } + $importEnc = $this->rawNode->ownerDocument->importNode($newdoc->documentElement, true); + $this->rawNode->parentNode->replaceChild($importEnc, $this->rawNode); + return $importEnc; + case (self::Content): + if ($this->rawNode->nodeType == XML_DOCUMENT_NODE) { + $doc = $this->rawNode; + } else { + $doc = $this->rawNode->ownerDocument; + } + $newFrag = $doc->createDocumentFragment(); + $newFrag->appendXML($decrypted); + $parent = $this->rawNode->parentNode; + $parent->replaceChild($newFrag, $this->rawNode); + return $parent; + default: + return $decrypted; + } + } else { + return $decrypted; + } + } else { + throw new Exception("Cannot locate encrypted data"); + } + } + + /** + * Encrypt the XMLSecurityKey + * + * @param XMLSecurityKey $srcKey + * @param XMLSecurityKey $rawKey + * @param bool $append + * @throws Exception + */ + public function encryptKey($srcKey, $rawKey, $append=true) + { + if ((! $srcKey instanceof XMLSecurityKey) || (! $rawKey instanceof XMLSecurityKey)) { + throw new Exception('Invalid Key'); + } + $strEncKey = base64_encode($srcKey->encryptData($rawKey->key)); + $root = $this->encdoc->documentElement; + $encKey = $this->encdoc->createElementNS(self::XMLENCNS, 'xenc:EncryptedKey'); + if ($append) { + $keyInfo = $root->insertBefore($this->encdoc->createElementNS('http://www.w3.org/2000/09/xmldsig#', 'dsig:KeyInfo'), $root->firstChild); + $keyInfo->appendChild($encKey); + } else { + $this->encKey = $encKey; + } + $encMethod = $encKey->appendChild($this->encdoc->createElementNS(self::XMLENCNS, 'xenc:EncryptionMethod')); + $encMethod->setAttribute('Algorithm', $srcKey->getAlgorith()); + if (! empty($srcKey->name)) { + $keyInfo = $encKey->appendChild($this->encdoc->createElementNS('http://www.w3.org/2000/09/xmldsig#', 'dsig:KeyInfo')); + $keyInfo->appendChild($this->encdoc->createElementNS('http://www.w3.org/2000/09/xmldsig#', 'dsig:KeyName', $srcKey->name)); + } + $cipherData = $encKey->appendChild($this->encdoc->createElementNS(self::XMLENCNS, 'xenc:CipherData')); + $cipherData->appendChild($this->encdoc->createElementNS(self::XMLENCNS, 'xenc:CipherValue', $strEncKey)); + if (is_array($this->references) && count($this->references) > 0) { + $refList = $encKey->appendChild($this->encdoc->createElementNS(self::XMLENCNS, 'xenc:ReferenceList')); + foreach ($this->references AS $name => $reference) { + $refuri = $reference["refuri"]; + $dataRef = $refList->appendChild($this->encdoc->createElementNS(self::XMLENCNS, 'xenc:DataReference')); + $dataRef->setAttribute("URI", '#' . $refuri); + } + } + return; + } + + /** + * @param XMLSecurityKey $encKey + * @return DOMElement|string + * @throws Exception + */ + public function decryptKey($encKey) + { + if (! $encKey->isEncrypted) { + throw new Exception("Key is not Encrypted"); + } + if (empty($encKey->key)) { + throw new Exception("Key is missing data to perform the decryption"); + } + return $this->decryptNode($encKey, false); + } + + /** + * @param DOMDocument $element + * @return DOMNode|null + */ + public function locateEncryptedData($element) + { + if ($element instanceof DOMDocument) { + $doc = $element; + } else { + $doc = $element->ownerDocument; + } + if ($doc) { + $xpath = new DOMXPath($doc); + $query = "//*[local-name()='EncryptedData' and namespace-uri()='".self::XMLENCNS."']"; + $nodeset = $xpath->query($query); + return $nodeset->item(0); + } + return null; + } + + /** + * Returns the key from the DOM + * @param null|DOMNode $node + * @return null|XMLSecurityKey + */ + public function locateKey($node=null) + { + if (empty($node)) { + $node = $this->rawNode; + } + if (! $node instanceof DOMNode) { + return null; + } + if ($doc = $node->ownerDocument) { + $xpath = new DOMXPath($doc); + $xpath->registerNamespace('xmlsecenc', self::XMLENCNS); + $query = ".//xmlsecenc:EncryptionMethod"; + $nodeset = $xpath->query($query, $node); + if ($encmeth = $nodeset->item(0)) { + $attrAlgorithm = $encmeth->getAttribute("Algorithm"); + try { + $objKey = new XMLSecurityKey($attrAlgorithm, array('type' => 'private')); + } catch (Exception $e) { + return null; + } + return $objKey; + } + } + return null; + } + + /** + * @param null|XMLSecurityKey $objBaseKey + * @param null|DOMNode $node + * @return null|XMLSecurityKey + * @throws Exception + */ + public static function staticLocateKeyInfo($objBaseKey=null, $node=null) + { + if (empty($node) || (! $node instanceof DOMNode)) { + return null; + } + $doc = $node->ownerDocument; + if (!$doc) { + return null; + } + + $xpath = new DOMXPath($doc); + $xpath->registerNamespace('xmlsecenc', self::XMLENCNS); + $xpath->registerNamespace('xmlsecdsig', XMLSecurityDSig::XMLDSIGNS); + $query = "./xmlsecdsig:KeyInfo"; + $nodeset = $xpath->query($query, $node); + $encmeth = $nodeset->item(0); + if (!$encmeth) { + /* No KeyInfo in EncryptedData / EncryptedKey. */ + return $objBaseKey; + } + + foreach ($encmeth->childNodes AS $child) { + switch ($child->localName) { + case 'KeyName': + if (! empty($objBaseKey)) { + $objBaseKey->name = $child->nodeValue; + } + break; + case 'KeyValue': + foreach ($child->childNodes AS $keyval) { + switch ($keyval->localName) { + case 'DSAKeyValue': + throw new Exception("DSAKeyValue currently not supported"); + case 'RSAKeyValue': + $modulus = null; + $exponent = null; + if ($modulusNode = $keyval->getElementsByTagName('Modulus')->item(0)) { + $modulus = base64_decode($modulusNode->nodeValue); + } + if ($exponentNode = $keyval->getElementsByTagName('Exponent')->item(0)) { + $exponent = base64_decode($exponentNode->nodeValue); + } + if (empty($modulus) || empty($exponent)) { + throw new Exception("Missing Modulus or Exponent"); + } + $publicKey = XMLSecurityKey::convertRSA($modulus, $exponent); + $objBaseKey->loadKey($publicKey); + break; + } + } + break; + case 'RetrievalMethod': + $type = $child->getAttribute('Type'); + if ($type !== 'http://www.w3.org/2001/04/xmlenc#EncryptedKey') { + /* Unsupported key type. */ + break; + } + $uri = $child->getAttribute('URI'); + if ($uri[0] !== '#') { + /* URI not a reference - unsupported. */ + break; + } + $id = substr($uri, 1); + + $query = '//xmlsecenc:EncryptedKey[@Id="'.XPath::filterAttrValue($id, XPath::DOUBLE_QUOTE).'"]'; + $keyElement = $xpath->query($query)->item(0); + if (!$keyElement) { + throw new Exception("Unable to locate EncryptedKey with @Id='$id'."); + } + + return XMLSecurityKey::fromEncryptedKeyElement($keyElement); + case 'EncryptedKey': + return XMLSecurityKey::fromEncryptedKeyElement($child); + case 'X509Data': + if ($x509certNodes = $child->getElementsByTagName('X509Certificate')) { + if ($x509certNodes->length > 0) { + $x509cert = $x509certNodes->item(0)->textContent; + $x509cert = str_replace(array("\r", "\n", " "), "", $x509cert); + $x509cert = "-----BEGIN CERTIFICATE-----\n".chunk_split($x509cert, 64, "\n")."-----END CERTIFICATE-----\n"; + $objBaseKey->loadKey($x509cert, false, true); + } + } + break; + } + } + return $objBaseKey; + } + + /** + * @param null|XMLSecurityKey $objBaseKey + * @param null|DOMNode $node + * @return null|XMLSecurityKey + */ + public function locateKeyInfo($objBaseKey=null, $node=null) + { + if (empty($node)) { + $node = $this->rawNode; + } + return self::staticLocateKeyInfo($objBaseKey, $node); + } +} diff --git a/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/robrichards/xmlseclibs/src/XMLSecurityDSig.php b/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/robrichards/xmlseclibs/src/XMLSecurityDSig.php new file mode 100644 index 0000000..9986123 --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/robrichards/xmlseclibs/src/XMLSecurityDSig.php @@ -0,0 +1,1162 @@ +. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * * Neither the name of Robert Richards nor the names of his + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER + * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN + * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + * + * @author Robert Richards + * @copyright 2007-2020 Robert Richards + * @license http://www.opensource.org/licenses/bsd-license.php BSD License + */ + +class XMLSecurityDSig +{ + const XMLDSIGNS = 'http://www.w3.org/2000/09/xmldsig#'; + const SHA1 = 'http://www.w3.org/2000/09/xmldsig#sha1'; + const SHA256 = 'http://www.w3.org/2001/04/xmlenc#sha256'; + const SHA384 = 'http://www.w3.org/2001/04/xmldsig-more#sha384'; + const SHA512 = 'http://www.w3.org/2001/04/xmlenc#sha512'; + const RIPEMD160 = 'http://www.w3.org/2001/04/xmlenc#ripemd160'; + + const C14N = 'http://www.w3.org/TR/2001/REC-xml-c14n-20010315'; + const C14N_COMMENTS = 'http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments'; + const EXC_C14N = 'http://www.w3.org/2001/10/xml-exc-c14n#'; + const EXC_C14N_COMMENTS = 'http://www.w3.org/2001/10/xml-exc-c14n#WithComments'; + + const template = ' + + + +'; + + const BASE_TEMPLATE = ' + + + +'; + + /** @var DOMElement|null */ + public $sigNode = null; + + /** @var array */ + public $idKeys = array(); + + /** @var array */ + public $idNS = array(); + + /** @var string|null */ + private $signedInfo = null; + + /** @var DomXPath|null */ + private $xPathCtx = null; + + /** @var string|null */ + private $canonicalMethod = null; + + /** @var string */ + private $prefix = ''; + + /** @var string */ + private $searchpfx = 'secdsig'; + + /** + * This variable contains an associative array of validated nodes. + * @var array|null + */ + private $validatedNodes = null; + + /** + * @param string $prefix + */ + public function __construct($prefix='ds') + { + $template = self::BASE_TEMPLATE; + if (! empty($prefix)) { + $this->prefix = $prefix.':'; + $search = array("ownerDocument; + } + if ($doc) { + $xpath = new DOMXPath($doc); + $xpath->registerNamespace('secdsig', self::XMLDSIGNS); + $query = ".//secdsig:Signature"; + $nodeset = $xpath->query($query, $objDoc); + $this->sigNode = $nodeset->item($pos); + $query = "./secdsig:SignedInfo"; + $nodeset = $xpath->query($query, $this->sigNode); + if ($nodeset->length > 1) { + throw new Exception("Invalid structure - Too many SignedInfo elements found"); + } + return $this->sigNode; + } + return null; + } + + /** + * @param string $name + * @param null|string $value + * @return DOMElement + */ + public function createNewSignNode($name, $value=null) + { + $doc = $this->sigNode->ownerDocument; + if (! is_null($value)) { + $node = $doc->createElementNS(self::XMLDSIGNS, $this->prefix.$name, $value); + } else { + $node = $doc->createElementNS(self::XMLDSIGNS, $this->prefix.$name); + } + return $node; + } + + /** + * @param string $method + * @throws Exception + */ + public function setCanonicalMethod($method) + { + switch ($method) { + case 'http://www.w3.org/TR/2001/REC-xml-c14n-20010315': + case 'http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments': + case 'http://www.w3.org/2001/10/xml-exc-c14n#': + case 'http://www.w3.org/2001/10/xml-exc-c14n#WithComments': + $this->canonicalMethod = $method; + break; + default: + throw new Exception('Invalid Canonical Method'); + } + if ($xpath = $this->getXPathObj()) { + $query = './'.$this->searchpfx.':SignedInfo'; + $nodeset = $xpath->query($query, $this->sigNode); + if ($sinfo = $nodeset->item(0)) { + $query = './'.$this->searchpfx.'CanonicalizationMethod'; + $nodeset = $xpath->query($query, $sinfo); + if (! ($canonNode = $nodeset->item(0))) { + $canonNode = $this->createNewSignNode('CanonicalizationMethod'); + $sinfo->insertBefore($canonNode, $sinfo->firstChild); + } + $canonNode->setAttribute('Algorithm', $this->canonicalMethod); + } + } + } + + /** + * @param DOMNode $node + * @param string $canonicalmethod + * @param null|array $arXPath + * @param null|array $prefixList + * @return string + */ + private function canonicalizeData($node, $canonicalmethod, $arXPath=null, $prefixList=null) + { + $exclusive = false; + $withComments = false; + switch ($canonicalmethod) { + case 'http://www.w3.org/TR/2001/REC-xml-c14n-20010315': + $exclusive = false; + $withComments = false; + break; + case 'http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments': + $withComments = true; + break; + case 'http://www.w3.org/2001/10/xml-exc-c14n#': + $exclusive = true; + break; + case 'http://www.w3.org/2001/10/xml-exc-c14n#WithComments': + $exclusive = true; + $withComments = true; + break; + } + + if (is_null($arXPath) && ($node instanceof DOMNode) && ($node->ownerDocument !== null) && $node->isSameNode($node->ownerDocument->documentElement)) { + /* Check for any PI or comments as they would have been excluded */ + $element = $node; + while ($refnode = $element->previousSibling) { + if ($refnode->nodeType == XML_PI_NODE || (($refnode->nodeType == XML_COMMENT_NODE) && $withComments)) { + break; + } + $element = $refnode; + } + if ($refnode == null) { + $node = $node->ownerDocument; + } + } + + return $node->C14N($exclusive, $withComments, $arXPath, $prefixList); + } + + /** + * @return null|string + */ + public function canonicalizeSignedInfo() + { + + $doc = $this->sigNode->ownerDocument; + $canonicalmethod = null; + if ($doc) { + $xpath = $this->getXPathObj(); + $query = "./secdsig:SignedInfo"; + $nodeset = $xpath->query($query, $this->sigNode); + if ($nodeset->length > 1) { + throw new Exception("Invalid structure - Too many SignedInfo elements found"); + } + if ($signInfoNode = $nodeset->item(0)) { + $query = "./secdsig:CanonicalizationMethod"; + $nodeset = $xpath->query($query, $signInfoNode); + $prefixList = null; + if ($canonNode = $nodeset->item(0)) { + $canonicalmethod = $canonNode->getAttribute('Algorithm'); + foreach ($canonNode->childNodes as $node) + { + if ($node->localName == 'InclusiveNamespaces') { + if ($pfx = $node->getAttribute('PrefixList')) { + $arpfx = array_filter(explode(' ', $pfx)); + if (count($arpfx) > 0) { + $prefixList = array_merge($prefixList ? $prefixList : array(), $arpfx); + } + } + } + } + } + $this->signedInfo = $this->canonicalizeData($signInfoNode, $canonicalmethod, null, $prefixList); + return $this->signedInfo; + } + } + return null; + } + + /** + * @param string $digestAlgorithm + * @param string $data + * @param bool $encode + * @return string + * @throws Exception + */ + public function calculateDigest($digestAlgorithm, $data, $encode = true) + { + switch ($digestAlgorithm) { + case self::SHA1: + $alg = 'sha1'; + break; + case self::SHA256: + $alg = 'sha256'; + break; + case self::SHA384: + $alg = 'sha384'; + break; + case self::SHA512: + $alg = 'sha512'; + break; + case self::RIPEMD160: + $alg = 'ripemd160'; + break; + default: + throw new Exception("Cannot validate digest: Unsupported Algorithm <$digestAlgorithm>"); + } + + $digest = hash($alg, $data, true); + if ($encode) { + $digest = base64_encode($digest); + } + return $digest; + + } + + /** + * @param $refNode + * @param string $data + * @return bool + */ + public function validateDigest($refNode, $data) + { + $xpath = new DOMXPath($refNode->ownerDocument); + $xpath->registerNamespace('secdsig', self::XMLDSIGNS); + $query = 'string(./secdsig:DigestMethod/@Algorithm)'; + $digestAlgorithm = $xpath->evaluate($query, $refNode); + $digValue = $this->calculateDigest($digestAlgorithm, $data, false); + $query = 'string(./secdsig:DigestValue)'; + $digestValue = $xpath->evaluate($query, $refNode); + return ($digValue === base64_decode($digestValue)); + } + + /** + * @param $refNode + * @param DOMNode $objData + * @param bool $includeCommentNodes + * @return string + */ + public function processTransforms($refNode, $objData, $includeCommentNodes = true) + { + $data = $objData; + $xpath = new DOMXPath($refNode->ownerDocument); + $xpath->registerNamespace('secdsig', self::XMLDSIGNS); + $query = './secdsig:Transforms/secdsig:Transform'; + $nodelist = $xpath->query($query, $refNode); + $canonicalMethod = 'http://www.w3.org/TR/2001/REC-xml-c14n-20010315'; + $arXPath = null; + $prefixList = null; + foreach ($nodelist AS $transform) { + $algorithm = $transform->getAttribute("Algorithm"); + switch ($algorithm) { + case 'http://www.w3.org/2001/10/xml-exc-c14n#': + case 'http://www.w3.org/2001/10/xml-exc-c14n#WithComments': + + if (!$includeCommentNodes) { + /* We remove comment nodes by forcing it to use a canonicalization + * without comments. + */ + $canonicalMethod = 'http://www.w3.org/2001/10/xml-exc-c14n#'; + } else { + $canonicalMethod = $algorithm; + } + + $node = $transform->firstChild; + while ($node) { + if ($node->localName == 'InclusiveNamespaces') { + if ($pfx = $node->getAttribute('PrefixList')) { + $arpfx = array(); + $pfxlist = explode(" ", $pfx); + foreach ($pfxlist AS $pfx) { + $val = trim($pfx); + if (! empty($val)) { + $arpfx[] = $val; + } + } + if (count($arpfx) > 0) { + $prefixList = $arpfx; + } + } + break; + } + $node = $node->nextSibling; + } + break; + case 'http://www.w3.org/TR/2001/REC-xml-c14n-20010315': + case 'http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments': + if (!$includeCommentNodes) { + /* We remove comment nodes by forcing it to use a canonicalization + * without comments. + */ + $canonicalMethod = 'http://www.w3.org/TR/2001/REC-xml-c14n-20010315'; + } else { + $canonicalMethod = $algorithm; + } + + break; + case 'http://www.w3.org/TR/1999/REC-xpath-19991116': + $node = $transform->firstChild; + while ($node) { + if ($node->localName == 'XPath') { + $arXPath = array(); + $arXPath['query'] = '(.//. | .//@* | .//namespace::*)['.$node->nodeValue.']'; + $arXPath['namespaces'] = array(); + $nslist = $xpath->query('./namespace::*', $node); + foreach ($nslist AS $nsnode) { + if ($nsnode->localName != "xml") { + $arXPath['namespaces'][$nsnode->localName] = $nsnode->nodeValue; + } + } + break; + } + $node = $node->nextSibling; + } + break; + } + } + if ($data instanceof DOMNode) { + $data = $this->canonicalizeData($objData, $canonicalMethod, $arXPath, $prefixList); + } + return $data; + } + + /** + * @param DOMNode $refNode + * @return bool + */ + public function processRefNode($refNode) + { + $dataObject = null; + + /* + * Depending on the URI, we may not want to include comments in the result + * See: http://www.w3.org/TR/xmldsig-core/#sec-ReferenceProcessingModel + */ + $includeCommentNodes = true; + + if ($uri = $refNode->getAttribute("URI")) { + $arUrl = parse_url($uri); + if (empty($arUrl['path'])) { + if ($identifier = $arUrl['fragment']) { + + /* This reference identifies a node with the given id by using + * a URI on the form "#identifier". This should not include comments. + */ + $includeCommentNodes = false; + + $xPath = new DOMXPath($refNode->ownerDocument); + if ($this->idNS && is_array($this->idNS)) { + foreach ($this->idNS as $nspf => $ns) { + $xPath->registerNamespace($nspf, $ns); + } + } + $iDlist = '@Id="'.XPath::filterAttrValue($identifier, XPath::DOUBLE_QUOTE).'"'; + if (is_array($this->idKeys)) { + foreach ($this->idKeys as $idKey) { + $iDlist .= " or @".XPath::filterAttrName($idKey).'="'. + XPath::filterAttrValue($identifier, XPath::DOUBLE_QUOTE).'"'; + } + } + $query = '//*['.$iDlist.']'; + $dataObject = $xPath->query($query)->item(0); + } else { + $dataObject = $refNode->ownerDocument; + } + } + } else { + /* This reference identifies the root node with an empty URI. This should + * not include comments. + */ + $includeCommentNodes = false; + + $dataObject = $refNode->ownerDocument; + } + $data = $this->processTransforms($refNode, $dataObject, $includeCommentNodes); + if (!$this->validateDigest($refNode, $data)) { + return false; + } + + if ($dataObject instanceof DOMNode) { + /* Add this node to the list of validated nodes. */ + if (! empty($identifier)) { + $this->validatedNodes[$identifier] = $dataObject; + } else { + $this->validatedNodes[] = $dataObject; + } + } + + return true; + } + + /** + * @param DOMNode $refNode + * @return null + */ + public function getRefNodeID($refNode) + { + if ($uri = $refNode->getAttribute("URI")) { + $arUrl = parse_url($uri); + if (empty($arUrl['path'])) { + if ($identifier = $arUrl['fragment']) { + return $identifier; + } + } + } + return null; + } + + /** + * @return array + * @throws Exception + */ + public function getRefIDs() + { + $refids = array(); + + $xpath = $this->getXPathObj(); + $query = "./secdsig:SignedInfo[1]/secdsig:Reference"; + $nodeset = $xpath->query($query, $this->sigNode); + if ($nodeset->length == 0) { + throw new Exception("Reference nodes not found"); + } + foreach ($nodeset AS $refNode) { + $refids[] = $this->getRefNodeID($refNode); + } + return $refids; + } + + /** + * @return bool + * @throws Exception + */ + public function validateReference() + { + $docElem = $this->sigNode->ownerDocument->documentElement; + if (! $docElem->isSameNode($this->sigNode)) { + if ($this->sigNode->parentNode != null) { + $this->sigNode->parentNode->removeChild($this->sigNode); + } + } + $xpath = $this->getXPathObj(); + $query = "./secdsig:SignedInfo[1]/secdsig:Reference"; + $nodeset = $xpath->query($query, $this->sigNode); + if ($nodeset->length == 0) { + throw new Exception("Reference nodes not found"); + } + + /* Initialize/reset the list of validated nodes. */ + $this->validatedNodes = array(); + + foreach ($nodeset AS $refNode) { + if (! $this->processRefNode($refNode)) { + /* Clear the list of validated nodes. */ + $this->validatedNodes = null; + throw new Exception("Reference validation failed"); + } + } + return true; + } + + /** + * @param DOMNode $sinfoNode + * @param DOMDocument $node + * @param string $algorithm + * @param null|array $arTransforms + * @param null|array $options + */ + private function addRefInternal($sinfoNode, $node, $algorithm, $arTransforms=null, $options=null) + { + $prefix = null; + $prefix_ns = null; + $id_name = 'Id'; + $overwrite_id = true; + $force_uri = false; + + if (is_array($options)) { + $prefix = empty($options['prefix']) ? null : $options['prefix']; + $prefix_ns = empty($options['prefix_ns']) ? null : $options['prefix_ns']; + $id_name = empty($options['id_name']) ? 'Id' : $options['id_name']; + $overwrite_id = !isset($options['overwrite']) ? true : (bool) $options['overwrite']; + $force_uri = !isset($options['force_uri']) ? false : (bool) $options['force_uri']; + } + + $attname = $id_name; + if (! empty($prefix)) { + $attname = $prefix.':'.$attname; + } + + $refNode = $this->createNewSignNode('Reference'); + $sinfoNode->appendChild($refNode); + + if (! $node instanceof DOMDocument) { + $uri = null; + if (! $overwrite_id) { + $uri = $prefix_ns ? $node->getAttributeNS($prefix_ns, $id_name) : $node->getAttribute($id_name); + } + if (empty($uri)) { + $uri = self::generateGUID(); + $node->setAttributeNS($prefix_ns, $attname, $uri); + } + $refNode->setAttribute("URI", '#'.$uri); + } elseif ($force_uri) { + $refNode->setAttribute("URI", ''); + } + + $transNodes = $this->createNewSignNode('Transforms'); + $refNode->appendChild($transNodes); + + if (is_array($arTransforms)) { + foreach ($arTransforms AS $transform) { + $transNode = $this->createNewSignNode('Transform'); + $transNodes->appendChild($transNode); + if (is_array($transform) && + (! empty($transform['http://www.w3.org/TR/1999/REC-xpath-19991116'])) && + (! empty($transform['http://www.w3.org/TR/1999/REC-xpath-19991116']['query']))) { + $transNode->setAttribute('Algorithm', 'http://www.w3.org/TR/1999/REC-xpath-19991116'); + $XPathNode = $this->createNewSignNode('XPath', $transform['http://www.w3.org/TR/1999/REC-xpath-19991116']['query']); + $transNode->appendChild($XPathNode); + if (! empty($transform['http://www.w3.org/TR/1999/REC-xpath-19991116']['namespaces'])) { + foreach ($transform['http://www.w3.org/TR/1999/REC-xpath-19991116']['namespaces'] AS $prefix => $namespace) { + $XPathNode->setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:$prefix", $namespace); + } + } + } else { + $transNode->setAttribute('Algorithm', $transform); + } + } + } elseif (! empty($this->canonicalMethod)) { + $transNode = $this->createNewSignNode('Transform'); + $transNodes->appendChild($transNode); + $transNode->setAttribute('Algorithm', $this->canonicalMethod); + } + + $canonicalData = $this->processTransforms($refNode, $node); + $digValue = $this->calculateDigest($algorithm, $canonicalData); + + $digestMethod = $this->createNewSignNode('DigestMethod'); + $refNode->appendChild($digestMethod); + $digestMethod->setAttribute('Algorithm', $algorithm); + + $digestValue = $this->createNewSignNode('DigestValue', $digValue); + $refNode->appendChild($digestValue); + } + + /** + * @param DOMDocument $node + * @param string $algorithm + * @param null|array $arTransforms + * @param null|array $options + */ + public function addReference($node, $algorithm, $arTransforms=null, $options=null) + { + if ($xpath = $this->getXPathObj()) { + $query = "./secdsig:SignedInfo"; + $nodeset = $xpath->query($query, $this->sigNode); + if ($sInfo = $nodeset->item(0)) { + $this->addRefInternal($sInfo, $node, $algorithm, $arTransforms, $options); + } + } + } + + /** + * @param array $arNodes + * @param string $algorithm + * @param null|array $arTransforms + * @param null|array $options + */ + public function addReferenceList($arNodes, $algorithm, $arTransforms=null, $options=null) + { + if ($xpath = $this->getXPathObj()) { + $query = "./secdsig:SignedInfo"; + $nodeset = $xpath->query($query, $this->sigNode); + if ($sInfo = $nodeset->item(0)) { + foreach ($arNodes AS $node) { + $this->addRefInternal($sInfo, $node, $algorithm, $arTransforms, $options); + } + } + } + } + + /** + * @param DOMElement|string $data + * @param null|string $mimetype + * @param null|string $encoding + * @return DOMElement + */ + public function addObject($data, $mimetype=null, $encoding=null) + { + $objNode = $this->createNewSignNode('Object'); + $this->sigNode->appendChild($objNode); + if (! empty($mimetype)) { + $objNode->setAttribute('MimeType', $mimetype); + } + if (! empty($encoding)) { + $objNode->setAttribute('Encoding', $encoding); + } + + if ($data instanceof DOMElement) { + $newData = $this->sigNode->ownerDocument->importNode($data, true); + } else { + $newData = $this->sigNode->ownerDocument->createTextNode($data); + } + $objNode->appendChild($newData); + + return $objNode; + } + + /** + * @param null|DOMNode $node + * @return null|XMLSecurityKey + */ + public function locateKey($node=null) + { + if (empty($node)) { + $node = $this->sigNode; + } + if (! $node instanceof DOMNode) { + return null; + } + if ($doc = $node->ownerDocument) { + $xpath = new DOMXPath($doc); + $xpath->registerNamespace('secdsig', self::XMLDSIGNS); + $query = "string(./secdsig:SignedInfo/secdsig:SignatureMethod/@Algorithm)"; + $algorithm = $xpath->evaluate($query, $node); + if ($algorithm) { + try { + $objKey = new XMLSecurityKey($algorithm, array('type' => 'public')); + } catch (Exception $e) { + return null; + } + return $objKey; + } + } + return null; + } + + /** + * Returns: + * Bool when verifying HMAC_SHA1; + * Int otherwise, with following meanings: + * 1 on succesful signature verification, + * 0 when signature verification failed, + * -1 if an error occurred during processing. + * + * NOTE: be very careful when checking the int return value, because in + * PHP, -1 will be cast to True when in boolean context. Always check the + * return value in a strictly typed way, e.g. "$obj->verify(...) === 1". + * + * @param XMLSecurityKey $objKey + * @return bool|int + * @throws Exception + */ + public function verify($objKey) + { + $doc = $this->sigNode->ownerDocument; + $xpath = new DOMXPath($doc); + $xpath->registerNamespace('secdsig', self::XMLDSIGNS); + $query = "string(./secdsig:SignatureValue)"; + $sigValue = $xpath->evaluate($query, $this->sigNode); + if (empty($sigValue)) { + throw new Exception("Unable to locate SignatureValue"); + } + return $objKey->verifySignature($this->signedInfo, base64_decode($sigValue)); + } + + /** + * @param XMLSecurityKey $objKey + * @param string $data + * @return mixed|string + */ + public function signData($objKey, $data) + { + return $objKey->signData($data); + } + + /** + * @param XMLSecurityKey $objKey + * @param null|DOMNode $appendToNode + */ + public function sign($objKey, $appendToNode = null) + { + // If we have a parent node append it now so C14N properly works + if ($appendToNode != null) { + $this->resetXPathObj(); + $this->appendSignature($appendToNode); + $this->sigNode = $appendToNode->lastChild; + } + if ($xpath = $this->getXPathObj()) { + $query = "./secdsig:SignedInfo"; + $nodeset = $xpath->query($query, $this->sigNode); + if ($sInfo = $nodeset->item(0)) { + $query = "./secdsig:SignatureMethod"; + $nodeset = $xpath->query($query, $sInfo); + $sMethod = $nodeset->item(0); + $sMethod->setAttribute('Algorithm', $objKey->type); + $data = $this->canonicalizeData($sInfo, $this->canonicalMethod); + $sigValue = base64_encode($this->signData($objKey, $data)); + $sigValueNode = $this->createNewSignNode('SignatureValue', $sigValue); + if ($infoSibling = $sInfo->nextSibling) { + $infoSibling->parentNode->insertBefore($sigValueNode, $infoSibling); + } else { + $this->sigNode->appendChild($sigValueNode); + } + } + } + } + + public function appendCert() + { + + } + + /** + * @param XMLSecurityKey $objKey + * @param null|DOMNode $parent + */ + public function appendKey($objKey, $parent=null) + { + $objKey->serializeKey($parent); + } + + + /** + * This function inserts the signature element. + * + * The signature element will be appended to the element, unless $beforeNode is specified. If $beforeNode + * is specified, the signature element will be inserted as the last element before $beforeNode. + * + * @param DOMNode $node The node the signature element should be inserted into. + * @param DOMNode $beforeNode The node the signature element should be located before. + * + * @return DOMNode The signature element node + */ + public function insertSignature($node, $beforeNode = null) + { + + $document = $node->ownerDocument; + $signatureElement = $document->importNode($this->sigNode, true); + + if ($beforeNode == null) { + return $node->insertBefore($signatureElement); + } else { + return $node->insertBefore($signatureElement, $beforeNode); + } + } + + /** + * @param DOMNode $parentNode + * @param bool $insertBefore + * @return DOMNode + */ + public function appendSignature($parentNode, $insertBefore = false) + { + $beforeNode = $insertBefore ? $parentNode->firstChild : null; + return $this->insertSignature($parentNode, $beforeNode); + } + + /** + * @param string $cert + * @param bool $isPEMFormat + * @return string + */ + public static function get509XCert($cert, $isPEMFormat=true) + { + $certs = self::staticGet509XCerts($cert, $isPEMFormat); + if (! empty($certs)) { + return $certs[0]; + } + return ''; + } + + /** + * @param string $certs + * @param bool $isPEMFormat + * @return array + */ + public static function staticGet509XCerts($certs, $isPEMFormat=true) + { + if ($isPEMFormat) { + $data = ''; + $certlist = array(); + $arCert = explode("\n", $certs); + $inData = false; + foreach ($arCert AS $curData) { + if (! $inData) { + if (strncmp($curData, '-----BEGIN CERTIFICATE', 22) == 0) { + $inData = true; + } + } else { + if (strncmp($curData, '-----END CERTIFICATE', 20) == 0) { + $inData = false; + $certlist[] = $data; + $data = ''; + continue; + } + $data .= trim($curData); + } + } + return $certlist; + } else { + return array($certs); + } + } + + /** + * @param DOMElement $parentRef + * @param string $cert + * @param bool $isPEMFormat + * @param bool $isURL + * @param null|DOMXPath $xpath + * @param null|array $options + * @throws Exception + */ + public static function staticAdd509Cert($parentRef, $cert, $isPEMFormat=true, $isURL=false, $xpath=null, $options=null) + { + if ($isURL) { + $cert = file_get_contents($cert); + } + if (! $parentRef instanceof DOMElement) { + throw new Exception('Invalid parent Node parameter'); + } + $baseDoc = $parentRef->ownerDocument; + + if (empty($xpath)) { + $xpath = new DOMXPath($parentRef->ownerDocument); + $xpath->registerNamespace('secdsig', self::XMLDSIGNS); + } + + $query = "./secdsig:KeyInfo"; + $nodeset = $xpath->query($query, $parentRef); + $keyInfo = $nodeset->item(0); + $dsig_pfx = ''; + if (! $keyInfo) { + $pfx = $parentRef->lookupPrefix(self::XMLDSIGNS); + if (! empty($pfx)) { + $dsig_pfx = $pfx.":"; + } + $inserted = false; + $keyInfo = $baseDoc->createElementNS(self::XMLDSIGNS, $dsig_pfx.'KeyInfo'); + + $query = "./secdsig:Object"; + $nodeset = $xpath->query($query, $parentRef); + if ($sObject = $nodeset->item(0)) { + $sObject->parentNode->insertBefore($keyInfo, $sObject); + $inserted = true; + } + + if (! $inserted) { + $parentRef->appendChild($keyInfo); + } + } else { + $pfx = $keyInfo->lookupPrefix(self::XMLDSIGNS); + if (! empty($pfx)) { + $dsig_pfx = $pfx.":"; + } + } + + // Add all certs if there are more than one + $certs = self::staticGet509XCerts($cert, $isPEMFormat); + + // Attach X509 data node + $x509DataNode = $baseDoc->createElementNS(self::XMLDSIGNS, $dsig_pfx.'X509Data'); + $keyInfo->appendChild($x509DataNode); + + $issuerSerial = false; + $subjectName = false; + if (is_array($options)) { + if (! empty($options['issuerSerial'])) { + $issuerSerial = true; + } + if (! empty($options['subjectName'])) { + $subjectName = true; + } + } + + // Attach all certificate nodes and any additional data + foreach ($certs as $X509Cert) { + if ($issuerSerial || $subjectName) { + if ($certData = openssl_x509_parse("-----BEGIN CERTIFICATE-----\n".chunk_split($X509Cert, 64, "\n")."-----END CERTIFICATE-----\n")) { + if ($subjectName && ! empty($certData['subject'])) { + if (is_array($certData['subject'])) { + $parts = array(); + foreach ($certData['subject'] AS $key => $value) { + if (is_array($value)) { + foreach ($value as $valueElement) { + array_unshift($parts, "$key=$valueElement"); + } + } else { + array_unshift($parts, "$key=$value"); + } + } + $subjectNameValue = implode(',', $parts); + } else { + $subjectNameValue = $certData['issuer']; + } + $x509SubjectNode = $baseDoc->createElementNS(self::XMLDSIGNS, $dsig_pfx.'X509SubjectName', $subjectNameValue); + $x509DataNode->appendChild($x509SubjectNode); + } + if ($issuerSerial && ! empty($certData['issuer']) && ! empty($certData['serialNumber'])) { + if (is_array($certData['issuer'])) { + $parts = array(); + foreach ($certData['issuer'] AS $key => $value) { + array_unshift($parts, "$key=$value"); + } + $issuerName = implode(',', $parts); + } else { + $issuerName = $certData['issuer']; + } + + $x509IssuerNode = $baseDoc->createElementNS(self::XMLDSIGNS, $dsig_pfx.'X509IssuerSerial'); + $x509DataNode->appendChild($x509IssuerNode); + + $x509Node = $baseDoc->createElementNS(self::XMLDSIGNS, $dsig_pfx.'X509IssuerName', $issuerName); + $x509IssuerNode->appendChild($x509Node); + $x509Node = $baseDoc->createElementNS(self::XMLDSIGNS, $dsig_pfx.'X509SerialNumber', $certData['serialNumber']); + $x509IssuerNode->appendChild($x509Node); + } + } + + } + $x509CertNode = $baseDoc->createElementNS(self::XMLDSIGNS, $dsig_pfx.'X509Certificate', $X509Cert); + $x509DataNode->appendChild($x509CertNode); + } + } + + /** + * @param string $cert + * @param bool $isPEMFormat + * @param bool $isURL + * @param null|array $options + */ + public function add509Cert($cert, $isPEMFormat=true, $isURL=false, $options=null) + { + if ($xpath = $this->getXPathObj()) { + self::staticAdd509Cert($this->sigNode, $cert, $isPEMFormat, $isURL, $xpath, $options); + } + } + + /** + * This function appends a node to the KeyInfo. + * + * The KeyInfo element will be created if one does not exist in the document. + * + * @param DOMNode $node The node to append to the KeyInfo. + * + * @return DOMNode The KeyInfo element node + */ + public function appendToKeyInfo($node) + { + $parentRef = $this->sigNode; + $baseDoc = $parentRef->ownerDocument; + + $xpath = $this->getXPathObj(); + if (empty($xpath)) { + $xpath = new DOMXPath($parentRef->ownerDocument); + $xpath->registerNamespace('secdsig', self::XMLDSIGNS); + } + + $query = "./secdsig:KeyInfo"; + $nodeset = $xpath->query($query, $parentRef); + $keyInfo = $nodeset->item(0); + if (! $keyInfo) { + $dsig_pfx = ''; + $pfx = $parentRef->lookupPrefix(self::XMLDSIGNS); + if (! empty($pfx)) { + $dsig_pfx = $pfx.":"; + } + $inserted = false; + $keyInfo = $baseDoc->createElementNS(self::XMLDSIGNS, $dsig_pfx.'KeyInfo'); + + $query = "./secdsig:Object"; + $nodeset = $xpath->query($query, $parentRef); + if ($sObject = $nodeset->item(0)) { + $sObject->parentNode->insertBefore($keyInfo, $sObject); + $inserted = true; + } + + if (! $inserted) { + $parentRef->appendChild($keyInfo); + } + } + + $keyInfo->appendChild($node); + + return $keyInfo; + } + + /** + * This function retrieves an associative array of the validated nodes. + * + * The array will contain the id of the referenced node as the key and the node itself + * as the value. + * + * Returns: + * An associative array of validated nodes or null if no nodes have been validated. + * + * @return array Associative array of validated nodes + */ + public function getValidatedNodes() + { + return $this->validatedNodes; + } +} diff --git a/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/robrichards/xmlseclibs/src/XMLSecurityKey.php b/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/robrichards/xmlseclibs/src/XMLSecurityKey.php new file mode 100644 index 0000000..7eed04d --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/robrichards/xmlseclibs/src/XMLSecurityKey.php @@ -0,0 +1,813 @@ +. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * * Neither the name of Robert Richards nor the names of his + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER + * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN + * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + * + * @author Robert Richards + * @copyright 2007-2020 Robert Richards + * @license http://www.opensource.org/licenses/bsd-license.php BSD License + */ + +class XMLSecurityKey +{ + const TRIPLEDES_CBC = 'http://www.w3.org/2001/04/xmlenc#tripledes-cbc'; + const AES128_CBC = 'http://www.w3.org/2001/04/xmlenc#aes128-cbc'; + const AES192_CBC = 'http://www.w3.org/2001/04/xmlenc#aes192-cbc'; + const AES256_CBC = 'http://www.w3.org/2001/04/xmlenc#aes256-cbc'; + const AES128_GCM = 'http://www.w3.org/2009/xmlenc11#aes128-gcm'; + const AES192_GCM = 'http://www.w3.org/2009/xmlenc11#aes192-gcm'; + const AES256_GCM = 'http://www.w3.org/2009/xmlenc11#aes256-gcm'; + const RSA_1_5 = 'http://www.w3.org/2001/04/xmlenc#rsa-1_5'; + const RSA_OAEP_MGF1P = 'http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p'; + const RSA_OAEP = 'http://www.w3.org/2009/xmlenc11#rsa-oaep'; + const DSA_SHA1 = 'http://www.w3.org/2000/09/xmldsig#dsa-sha1'; + const RSA_SHA1 = 'http://www.w3.org/2000/09/xmldsig#rsa-sha1'; + const RSA_SHA256 = 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256'; + const RSA_SHA384 = 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha384'; + const RSA_SHA512 = 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha512'; + const HMAC_SHA1 = 'http://www.w3.org/2000/09/xmldsig#hmac-sha1'; + const AUTHTAG_LENGTH = 16; + + /** @var array */ + private $cryptParams = array(); + + /** @var int|string */ + public $type = 0; + + /** @var mixed|null */ + public $key = null; + + /** @var string */ + public $passphrase = ""; + + /** @var string|null */ + public $iv = null; + + /** @var string|null */ + public $name = null; + + /** @var mixed|null */ + public $keyChain = null; + + /** @var bool */ + public $isEncrypted = false; + + /** @var XMLSecEnc|null */ + public $encryptedCtx = null; + + /** @var mixed|null */ + public $guid = null; + + /** + * This variable contains the certificate as a string if this key represents an X509-certificate. + * If this key doesn't represent a certificate, this will be null. + * @var string|null + */ + private $x509Certificate = null; + + /** + * This variable contains the certificate thumbprint if we have loaded an X509-certificate. + * @var string|null + */ + private $X509Thumbprint = null; + + /** + * @param string $type + * @param null|array $params + * @throws Exception + */ + public function __construct($type, $params=null) + { + switch ($type) { + case (self::TRIPLEDES_CBC): + $this->cryptParams['library'] = 'openssl'; + $this->cryptParams['cipher'] = 'des-ede3-cbc'; + $this->cryptParams['type'] = 'symmetric'; + $this->cryptParams['method'] = 'http://www.w3.org/2001/04/xmlenc#tripledes-cbc'; + $this->cryptParams['keysize'] = 24; + $this->cryptParams['blocksize'] = 8; + break; + case (self::AES128_CBC): + $this->cryptParams['library'] = 'openssl'; + $this->cryptParams['cipher'] = 'aes-128-cbc'; + $this->cryptParams['type'] = 'symmetric'; + $this->cryptParams['method'] = 'http://www.w3.org/2001/04/xmlenc#aes128-cbc'; + $this->cryptParams['keysize'] = 16; + $this->cryptParams['blocksize'] = 16; + break; + case (self::AES192_CBC): + $this->cryptParams['library'] = 'openssl'; + $this->cryptParams['cipher'] = 'aes-192-cbc'; + $this->cryptParams['type'] = 'symmetric'; + $this->cryptParams['method'] = 'http://www.w3.org/2001/04/xmlenc#aes192-cbc'; + $this->cryptParams['keysize'] = 24; + $this->cryptParams['blocksize'] = 16; + break; + case (self::AES256_CBC): + $this->cryptParams['library'] = 'openssl'; + $this->cryptParams['cipher'] = 'aes-256-cbc'; + $this->cryptParams['type'] = 'symmetric'; + $this->cryptParams['method'] = 'http://www.w3.org/2001/04/xmlenc#aes256-cbc'; + $this->cryptParams['keysize'] = 32; + $this->cryptParams['blocksize'] = 16; + break; + case (self::AES128_GCM): + $this->cryptParams['library'] = 'openssl'; + $this->cryptParams['cipher'] = 'aes-128-gcm'; + $this->cryptParams['type'] = 'symmetric'; + $this->cryptParams['method'] = 'http://www.w3.org/2009/xmlenc11#aes128-gcm'; + $this->cryptParams['keysize'] = 16; + $this->cryptParams['blocksize'] = 16; + break; + case (self::AES192_GCM): + $this->cryptParams['library'] = 'openssl'; + $this->cryptParams['cipher'] = 'aes-192-gcm'; + $this->cryptParams['type'] = 'symmetric'; + $this->cryptParams['method'] = 'http://www.w3.org/2009/xmlenc11#aes192-gcm'; + $this->cryptParams['keysize'] = 24; + $this->cryptParams['blocksize'] = 16; + break; + case (self::AES256_GCM): + $this->cryptParams['library'] = 'openssl'; + $this->cryptParams['cipher'] = 'aes-256-gcm'; + $this->cryptParams['type'] = 'symmetric'; + $this->cryptParams['method'] = 'http://www.w3.org/2009/xmlenc11#aes256-gcm'; + $this->cryptParams['keysize'] = 32; + $this->cryptParams['blocksize'] = 16; + break; + case (self::RSA_1_5): + $this->cryptParams['library'] = 'openssl'; + $this->cryptParams['padding'] = OPENSSL_PKCS1_PADDING; + $this->cryptParams['method'] = 'http://www.w3.org/2001/04/xmlenc#rsa-1_5'; + if (is_array($params) && ! empty($params['type'])) { + if ($params['type'] == 'public' || $params['type'] == 'private') { + $this->cryptParams['type'] = $params['type']; + break; + } + } + throw new Exception('Certificate "type" (private/public) must be passed via parameters'); + case (self::RSA_OAEP_MGF1P): + $this->cryptParams['library'] = 'openssl'; + $this->cryptParams['padding'] = OPENSSL_PKCS1_OAEP_PADDING; + $this->cryptParams['method'] = 'http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p'; + $this->cryptParams['hash'] = null; + if (is_array($params) && ! empty($params['type'])) { + if ($params['type'] == 'public' || $params['type'] == 'private') { + $this->cryptParams['type'] = $params['type']; + break; + } + } + throw new Exception('Certificate "type" (private/public) must be passed via parameters'); + case (self::RSA_OAEP): + $this->cryptParams['library'] = 'openssl'; + $this->cryptParams['padding'] = OPENSSL_PKCS1_OAEP_PADDING; + $this->cryptParams['method'] = 'http://www.w3.org/2009/xmlenc11#rsa-oaep'; + $this->cryptParams['hash'] = 'http://www.w3.org/2009/xmlenc11#mgf1sha1'; + if (is_array($params) && ! empty($params['type'])) { + if ($params['type'] == 'public' || $params['type'] == 'private') { + $this->cryptParams['type'] = $params['type']; + break; + } + } + throw new Exception('Certificate "type" (private/public) must be passed via parameters'); + case (self::RSA_SHA1): + $this->cryptParams['library'] = 'openssl'; + $this->cryptParams['method'] = 'http://www.w3.org/2000/09/xmldsig#rsa-sha1'; + $this->cryptParams['padding'] = OPENSSL_PKCS1_PADDING; + if (is_array($params) && ! empty($params['type'])) { + if ($params['type'] == 'public' || $params['type'] == 'private') { + $this->cryptParams['type'] = $params['type']; + break; + } + } + throw new Exception('Certificate "type" (private/public) must be passed via parameters'); + case (self::RSA_SHA256): + $this->cryptParams['library'] = 'openssl'; + $this->cryptParams['method'] = 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256'; + $this->cryptParams['padding'] = OPENSSL_PKCS1_PADDING; + $this->cryptParams['digest'] = 'SHA256'; + if (is_array($params) && ! empty($params['type'])) { + if ($params['type'] == 'public' || $params['type'] == 'private') { + $this->cryptParams['type'] = $params['type']; + break; + } + } + throw new Exception('Certificate "type" (private/public) must be passed via parameters'); + case (self::RSA_SHA384): + $this->cryptParams['library'] = 'openssl'; + $this->cryptParams['method'] = 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha384'; + $this->cryptParams['padding'] = OPENSSL_PKCS1_PADDING; + $this->cryptParams['digest'] = 'SHA384'; + if (is_array($params) && ! empty($params['type'])) { + if ($params['type'] == 'public' || $params['type'] == 'private') { + $this->cryptParams['type'] = $params['type']; + break; + } + } + throw new Exception('Certificate "type" (private/public) must be passed via parameters'); + case (self::RSA_SHA512): + $this->cryptParams['library'] = 'openssl'; + $this->cryptParams['method'] = 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha512'; + $this->cryptParams['padding'] = OPENSSL_PKCS1_PADDING; + $this->cryptParams['digest'] = 'SHA512'; + if (is_array($params) && ! empty($params['type'])) { + if ($params['type'] == 'public' || $params['type'] == 'private') { + $this->cryptParams['type'] = $params['type']; + break; + } + } + throw new Exception('Certificate "type" (private/public) must be passed via parameters'); + case (self::HMAC_SHA1): + $this->cryptParams['library'] = $type; + $this->cryptParams['method'] = 'http://www.w3.org/2000/09/xmldsig#hmac-sha1'; + break; + default: + throw new Exception('Invalid Key Type'); + } + $this->type = $type; + } + + /** + * Retrieve the key size for the symmetric encryption algorithm.. + * + * If the key size is unknown, or this isn't a symmetric encryption algorithm, + * null is returned. + * + * @return int|null The number of bytes in the key. + */ + public function getSymmetricKeySize() + { + if (! isset($this->cryptParams['keysize'])) { + return null; + } + return $this->cryptParams['keysize']; + } + + /** + * Generates a session key using the openssl-extension. + * In case of using DES3-CBC the key is checked for a proper parity bits set. + * @return string + * @throws Exception + */ + public function generateSessionKey() + { + if (!isset($this->cryptParams['keysize'])) { + throw new Exception('Unknown key size for type "' . $this->type . '".'); + } + $keysize = $this->cryptParams['keysize']; + + $key = openssl_random_pseudo_bytes($keysize); + + if ($this->type === self::TRIPLEDES_CBC) { + /* Make sure that the generated key has the proper parity bits set. + * Mcrypt doesn't care about the parity bits, but others may care. + */ + for ($i = 0; $i < strlen($key); $i++) { + $byte = ord($key[$i]) & 0xfe; + $parity = 1; + for ($j = 1; $j < 8; $j++) { + $parity ^= ($byte >> $j) & 1; + } + $byte |= $parity; + $key[$i] = chr($byte); + } + } + + $this->key = $key; + return $key; + } + + /** + * Get the raw thumbprint of a certificate + * + * @param string $cert + * @return null|string + */ + public static function getRawThumbprint($cert) + { + + $arCert = explode("\n", $cert); + $data = ''; + $inData = false; + + foreach ($arCert AS $curData) { + if (! $inData) { + if (strncmp($curData, '-----BEGIN CERTIFICATE', 22) == 0) { + $inData = true; + } + } else { + if (strncmp($curData, '-----END CERTIFICATE', 20) == 0) { + break; + } + $data .= trim($curData); + } + } + + if (! empty($data)) { + return strtolower(sha1(base64_decode($data))); + } + + return null; + } + + /** + * Loads the given key, or - with isFile set true - the key from the keyfile. + * + * @param string $key + * @param bool $isFile + * @param bool $isCert + * @throws Exception + */ + public function loadKey($key, $isFile=false, $isCert = false) + { + if ($isFile) { + $this->key = file_get_contents($key); + } else { + $this->key = $key; + } + if ($isCert) { + $this->key = openssl_x509_read($this->key); + openssl_x509_export($this->key, $str_cert); + $this->x509Certificate = $str_cert; + $this->key = $str_cert; + } else { + $this->x509Certificate = null; + } + if ($this->cryptParams['library'] == 'openssl') { + switch ($this->cryptParams['type']) { + case 'public': + if ($isCert) { + /* Load the thumbprint if this is an X509 certificate. */ + $this->X509Thumbprint = self::getRawThumbprint($this->key); + } + $this->key = openssl_get_publickey($this->key); + if (! $this->key) { + throw new Exception('Unable to extract public key'); + } + break; + + case 'private': + $this->key = openssl_get_privatekey($this->key, $this->passphrase); + break; + + case'symmetric': + if (strlen($this->key) < $this->cryptParams['keysize']) { + throw new Exception('Key must contain at least '.$this->cryptParams['keysize'].' characters for this cipher, contains '.strlen($this->key)); + } + break; + + default: + throw new Exception('Unknown type'); + } + } + } + + /** + * ISO 10126 Padding + * + * @param string $data + * @param integer $blockSize + * @throws Exception + * @return string + */ + private function padISO10126($data, $blockSize) + { + if ($blockSize > 256) { + throw new Exception('Block size higher than 256 not allowed'); + } + $padChr = $blockSize - (strlen($data) % $blockSize); + $pattern = chr($padChr); + return $data . str_repeat($pattern, $padChr); + } + + /** + * Remove ISO 10126 Padding + * + * @param string $data + * @return string + */ + private function unpadISO10126($data) + { + $padChr = substr($data, -1); + $padLen = ord($padChr); + return substr($data, 0, -$padLen); + } + + /** + * Encrypts the given data (string) using the openssl-extension + * + * @param string $data + * @return string + */ + private function encryptSymmetric($data) + { + $this->iv = openssl_random_pseudo_bytes(openssl_cipher_iv_length($this->cryptParams['cipher'])); + $authTag = null; + if(in_array($this->cryptParams['cipher'], ['aes-128-gcm', 'aes-192-gcm', 'aes-256-gcm'])) { + if (version_compare(PHP_VERSION, '7.1.0') < 0) { + throw new Exception('PHP 7.1.0 is required to use AES GCM algorithms'); + } + $authTag = openssl_random_pseudo_bytes(self::AUTHTAG_LENGTH); + $encrypted = openssl_encrypt($data, $this->cryptParams['cipher'], $this->key, OPENSSL_RAW_DATA, $this->iv, $authTag); + } else { + $data = $this->padISO10126($data, $this->cryptParams['blocksize']); + $encrypted = openssl_encrypt($data, $this->cryptParams['cipher'], $this->key, OPENSSL_RAW_DATA | OPENSSL_ZERO_PADDING, $this->iv); + } + + if (false === $encrypted) { + throw new Exception('Failure encrypting Data (openssl symmetric) - ' . openssl_error_string()); + } + return $this->iv . $encrypted . $authTag; + } + + /** + * Decrypts the given data (string) using the openssl-extension + * + * @param string $data + * @return string + */ + private function decryptSymmetric($data) + { + $iv_length = openssl_cipher_iv_length($this->cryptParams['cipher']); + $this->iv = substr($data, 0, $iv_length); + $data = substr($data, $iv_length); + $authTag = null; + if(in_array($this->cryptParams['cipher'], ['aes-128-gcm', 'aes-192-gcm', 'aes-256-gcm'])) { + if (version_compare(PHP_VERSION, '7.1.0') < 0) { + throw new Exception('PHP 7.1.0 is required to use AES GCM algorithms'); + } + // obtain and remove the authentication tag + $offset = 0 - self::AUTHTAG_LENGTH; + $authTag = substr($data, $offset); + $data = substr($data, 0, $offset); + $decrypted = openssl_decrypt($data, $this->cryptParams['cipher'], $this->key, OPENSSL_RAW_DATA, $this->iv, $authTag); + } else { + $decrypted = openssl_decrypt($data, $this->cryptParams['cipher'], $this->key, OPENSSL_RAW_DATA | OPENSSL_ZERO_PADDING, $this->iv); + } + + if (false === $decrypted) { + throw new Exception('Failure decrypting Data (openssl symmetric) - ' . openssl_error_string()); + } + return null !== $authTag ? $decrypted : $this->unpadISO10126($decrypted); + } + + /** + * Encrypts the given public data (string) using the openssl-extension + * + * @param string $data + * @return string + * @throws Exception + */ + private function encryptPublic($data) + { + if (! openssl_public_encrypt($data, $encrypted, $this->key, $this->cryptParams['padding'])) { + throw new Exception('Failure encrypting Data (openssl public) - ' . openssl_error_string()); + } + return $encrypted; + } + + /** + * Decrypts the given public data (string) using the openssl-extension + * + * @param string $data + * @return string + * @throws Exception + */ + private function decryptPublic($data) + { + if (! openssl_public_decrypt($data, $decrypted, $this->key, $this->cryptParams['padding'])) { + throw new Exception('Failure decrypting Data (openssl public) - ' . openssl_error_string()); + } + return $decrypted; + } + + /** + * Encrypts the given private data (string) using the openssl-extension + * + * @param string $data + * @return string + * @throws Exception + */ + private function encryptPrivate($data) + { + if (! openssl_private_encrypt($data, $encrypted, $this->key, $this->cryptParams['padding'])) { + throw new Exception('Failure encrypting Data (openssl private) - ' . openssl_error_string()); + } + return $encrypted; + } + + /** + * Decrypts the given private data (string) using the openssl-extension + * + * @param string $data + * @return string + * @throws Exception + */ + private function decryptPrivate($data) + { + if (! openssl_private_decrypt($data, $decrypted, $this->key, $this->cryptParams['padding'])) { + throw new Exception('Failure decrypting Data (openssl private) - ' . openssl_error_string()); + } + return $decrypted; + } + + /** + * Signs the given data (string) using the openssl-extension + * + * @param string $data + * @return string + * @throws Exception + */ + private function signOpenSSL($data) + { + $algo = OPENSSL_ALGO_SHA1; + if (! empty($this->cryptParams['digest'])) { + $algo = $this->cryptParams['digest']; + } + if (! openssl_sign($data, $signature, $this->key, $algo)) { + throw new Exception('Failure Signing Data: ' . openssl_error_string() . ' - ' . $algo); + } + return $signature; + } + + /** + * Verifies the given data (string) belonging to the given signature using the openssl-extension + * + * Returns: + * 1 on succesful signature verification, + * 0 when signature verification failed, + * -1 if an error occurred during processing. + * + * NOTE: be very careful when checking the return value, because in PHP, + * -1 will be cast to True when in boolean context. So always check the + * return value in a strictly typed way, e.g. "$obj->verify(...) === 1". + * + * @param string $data + * @param string $signature + * @return int + */ + private function verifyOpenSSL($data, $signature) + { + $algo = OPENSSL_ALGO_SHA1; + if (! empty($this->cryptParams['digest'])) { + $algo = $this->cryptParams['digest']; + } + return openssl_verify($data, $signature, $this->key, $algo); + } + + /** + * Encrypts the given data (string) using the regarding php-extension, depending on the library assigned to algorithm in the contructor. + * + * @param string $data + * @return mixed|string + */ + public function encryptData($data) + { + if ($this->cryptParams['library'] === 'openssl') { + switch ($this->cryptParams['type']) { + case 'symmetric': + return $this->encryptSymmetric($data); + case 'public': + return $this->encryptPublic($data); + case 'private': + return $this->encryptPrivate($data); + } + } + } + + /** + * Decrypts the given data (string) using the regarding php-extension, depending on the library assigned to algorithm in the contructor. + * + * @param string $data + * @return mixed|string + */ + public function decryptData($data) + { + if ($this->cryptParams['library'] === 'openssl') { + switch ($this->cryptParams['type']) { + case 'symmetric': + return $this->decryptSymmetric($data); + case 'public': + return $this->decryptPublic($data); + case 'private': + return $this->decryptPrivate($data); + } + } + } + + /** + * Signs the data (string) using the extension assigned to the type in the constructor. + * + * @param string $data + * @return mixed|string + */ + public function signData($data) + { + switch ($this->cryptParams['library']) { + case 'openssl': + return $this->signOpenSSL($data); + case (self::HMAC_SHA1): + return hash_hmac("sha1", $data, $this->key, true); + } + } + + /** + * Verifies the data (string) against the given signature using the extension assigned to the type in the constructor. + * + * Returns in case of openSSL: + * 1 on succesful signature verification, + * 0 when signature verification failed, + * -1 if an error occurred during processing. + * + * NOTE: be very careful when checking the return value, because in PHP, + * -1 will be cast to True when in boolean context. So always check the + * return value in a strictly typed way, e.g. "$obj->verify(...) === 1". + * + * @param string $data + * @param string $signature + * @return bool|int + */ + public function verifySignature($data, $signature) + { + switch ($this->cryptParams['library']) { + case 'openssl': + return $this->verifyOpenSSL($data, $signature); + case (self::HMAC_SHA1): + $expectedSignature = hash_hmac("sha1", $data, $this->key, true); + return strcmp($signature, $expectedSignature) == 0; + } + } + + /** + * @deprecated + * @see getAlgorithm() + * @return mixed + */ + public function getAlgorith() + { + return $this->getAlgorithm(); + } + + /** + * @return mixed + */ + public function getAlgorithm() + { + return $this->cryptParams['method']; + } + + /** + * + * @param int $type + * @param string $string + * @return null|string + */ + public static function makeAsnSegment($type, $string) + { + switch ($type) { + case 0x02: + if (ord($string) > 0x7f) + $string = chr(0).$string; + break; + case 0x03: + $string = chr(0).$string; + break; + } + + $length = strlen($string); + + if ($length < 128) { + $output = sprintf("%c%c%s", $type, $length, $string); + } else if ($length < 0x0100) { + $output = sprintf("%c%c%c%s", $type, 0x81, $length, $string); + } else if ($length < 0x010000) { + $output = sprintf("%c%c%c%c%s", $type, 0x82, $length / 0x0100, $length % 0x0100, $string); + } else { + $output = null; + } + return $output; + } + + /** + * + * Hint: Modulus and Exponent must already be base64 decoded + * @param string $modulus + * @param string $exponent + * @return string + */ + public static function convertRSA($modulus, $exponent) + { + /* make an ASN publicKeyInfo */ + $exponentEncoding = self::makeAsnSegment(0x02, $exponent); + $modulusEncoding = self::makeAsnSegment(0x02, $modulus); + $sequenceEncoding = self::makeAsnSegment(0x30, $modulusEncoding.$exponentEncoding); + $bitstringEncoding = self::makeAsnSegment(0x03, $sequenceEncoding); + $rsaAlgorithmIdentifier = pack("H*", "300D06092A864886F70D0101010500"); + $publicKeyInfo = self::makeAsnSegment(0x30, $rsaAlgorithmIdentifier.$bitstringEncoding); + + /* encode the publicKeyInfo in base64 and add PEM brackets */ + $publicKeyInfoBase64 = base64_encode($publicKeyInfo); + $encoding = "-----BEGIN PUBLIC KEY-----\n"; + $offset = 0; + while ($segment = substr($publicKeyInfoBase64, $offset, 64)) { + $encoding = $encoding.$segment."\n"; + $offset += 64; + } + return $encoding."-----END PUBLIC KEY-----\n"; + } + + /** + * @param mixed $parent + */ + public function serializeKey($parent) + { + + } + + /** + * Retrieve the X509 certificate this key represents. + * + * Will return the X509 certificate in PEM-format if this key represents + * an X509 certificate. + * + * @return string The X509 certificate or null if this key doesn't represent an X509-certificate. + */ + public function getX509Certificate() + { + return $this->x509Certificate; + } + + /** + * Get the thumbprint of this X509 certificate. + * + * Returns: + * The thumbprint as a lowercase 40-character hexadecimal number, or null + * if this isn't a X509 certificate. + * + * @return string Lowercase 40-character hexadecimal number of thumbprint + */ + public function getX509Thumbprint() + { + return $this->X509Thumbprint; + } + + + /** + * Create key from an EncryptedKey-element. + * + * @param DOMElement $element The EncryptedKey-element. + * @throws Exception + * + * @return XMLSecurityKey The new key. + */ + public static function fromEncryptedKeyElement(DOMElement $element) + { + + $objenc = new XMLSecEnc(); + $objenc->setNode($element); + if (! $objKey = $objenc->locateKey()) { + throw new Exception("Unable to locate algorithm for this Encrypted Key"); + } + $objKey->isEncrypted = true; + $objKey->encryptedCtx = $objenc; + XMLSecEnc::staticLocateKeyInfo($objKey, $element); + return $objKey; + } + +} diff --git a/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/robrichards/xmlseclibs/xmlseclibs.php b/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/robrichards/xmlseclibs/xmlseclibs.php new file mode 100644 index 0000000..1c10acc --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/3rdparty/vendor/robrichards/xmlseclibs/xmlseclibs.php @@ -0,0 +1,47 @@ +. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * * Neither the name of Robert Richards nor the names of his + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER + * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN + * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + * + * @author Robert Richards + * @copyright 2007-2020 Robert Richards + * @license http://www.opensource.org/licenses/bsd-license.php BSD License + * @version 3.1.1 + */ + +$xmlseclibs_srcdir = dirname(__FILE__) . '/src/'; +require $xmlseclibs_srcdir . '/XMLSecurityKey.php'; +require $xmlseclibs_srcdir . '/XMLSecurityDSig.php'; +require $xmlseclibs_srcdir . '/XMLSecEnc.php'; +require $xmlseclibs_srcdir . '/Utils/XPath.php'; diff --git a/docker/nextcloud/custom_apps/user_saml/CHANGELOG.md b/docker/nextcloud/custom_apps/user_saml/CHANGELOG.md new file mode 100644 index 0000000..5d74dc5 --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/CHANGELOG.md @@ -0,0 +1,184 @@ +# Changelog +All notable changes to this project will be documented in this file. + +## 4.1.0 +### Added +- Nextcloud 22 support + +### Fixed +- logins with base64 resembling UIDs + +## 4.0.0 +### Removed +- Nextcloud <21 support + +## 3.3.3 +### Added +- Possibility to add custom direct login message + +## 3.3.2 +### Added +- Possible url for SLO response + +### Fixed +- Fix login flow support yet again +- Buton colors +- Translations +- Fixed provisioning users from encoded uids +- Fix missing IDP variable + +## 3.3.1 +### Fixed +- 21 suport +- login flow support with strict cookies + +## 3.1.2 +### Fixed +- 19 support. This was broken due to stricter cookies + +## 3.0.1 +### Added +- Add setting to specify a different signature algorithm #401 + +### Changed +- translation updates + +## 3.0.0 +### Changed +- fixed login with chrome browser #379 +- translation updates +- Make 19 compatible #380 + +## 2.4.0 +### Added +- IdP initiated logout + +### Fixed +- No password confirmation for passwordless users +- Handle exceptions more graceful (prevent app from disabling) +- Desktop client login failing in some cases + +## 2.3.1 +### Fixed +- name id format is set per provider + +## 2.3.0 + +### Added +- Ability to specify nameformat when configuring IdPs +- Properly set the timezone + +### Changed +- Also search for diplayname and email in backend +- Bumped onelogin/php-saml to 3.1.1 +- Updated translations + +### Fixed +- Catch exception so app does not get disabled on random PUT requests + +## 2.2.0 + +### Changed + +- Update dependencies for PHP 7.3 compatibility +- Ready for Nextcloud 16 +- improve logging + + +## 2.1.1 + +### Changed + +- sort IDP's alphabetical +- improved documentation in UI, add hint for direct login URL + +### Fixed + +- create skeleton files if SAML is used in combination with LDAP + +## 2.1.0 + +### Changed + +- add attribute mapping for the users home directory when creating a new user +- use a combobox to select the IDP on login when more then 4 IDPs are configured +- improved debug logging and in case of errors +- Add sabredav plugin to register environment auth for dav requests + +### Fixed + +- remove trailing and leading spaces on settings +- adjust login page to the theme + +## 2.0.0 + +### Changed + +- update to upstream php-saml 3.0 (upstream library) which removes the mcrypt dependency +- Improve SAML behaviour in a Global Scale setup + + +## 1.7.0 + +### Changed + +- many small changes/fixes to make SAML work in a Global Scale setup + +## 1.6.2 + +### Changed + +- Add reset button to start over with the configuration +- Show default login screen until SSO is configured +- updated translations + +### Fixed + +- small fixes + +## 1.6.1 + +### Fixed + +- internal version number + +## 1.6.0 + +### Changed + +- Allow multiple IDP's +- Add attribute mapping for groups + +## 1.5.0 + +### Changed + +- add attribute mapping for the users quota +- add option to use the local user back-end (and LDAP) in parallel to SAML + +### Fixed + +- fix redirect loop in case a user was disabled +- query LDAP for user data during auto-provisioning in case "Only allow authentication if an account is existent on some other backend" is enabled + +## 1.4.2 + +- update display name in accounts table correctly +- improve error messages and logging + +## 1.4.0 + +### Fixed + +- Spelling mistakes +- Keep displayname after login +- Fix compatibility with reverse proxies +- Set last login after successful login operation +- SLO support +- Hide attribute mapping until a type is selected + +## 1.3.2 + +### Added + +- Added sample screenshots diff --git a/docker/nextcloud/custom_apps/user_saml/LICENSE b/docker/nextcloud/custom_apps/user_saml/LICENSE new file mode 100644 index 0000000..0ad25db --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/LICENSE @@ -0,0 +1,661 @@ + GNU AFFERO GENERAL PUBLIC LICENSE + Version 3, 19 November 2007 + + Copyright (C) 2007 Free Software Foundation, Inc. + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + + Preamble + + The GNU Affero General Public License is a free, copyleft license for +software and other kinds of works, specifically designed to ensure +cooperation with the community in the case of network server software. + + The licenses for most software and other practical works are designed +to take away your freedom to share and change the works. By contrast, +our General Public Licenses are intended to guarantee your freedom to +share and change all versions of a program--to make sure it remains free +software for all its users. + + When we speak of free software, we are referring to freedom, not +price. Our General Public Licenses are designed to make sure that you +have the freedom to distribute copies of free software (and charge for +them if you wish), that you receive source code or can get it if you +want it, that you can change the software or use pieces of it in new +free programs, and that you know you can do these things. + + Developers that use our General Public Licenses protect your rights +with two steps: (1) assert copyright on the software, and (2) offer +you this License which gives you legal permission to copy, distribute +and/or modify the software. + + A secondary benefit of defending all users' freedom is that +improvements made in alternate versions of the program, if they +receive widespread use, become available for other developers to +incorporate. Many developers of free software are heartened and +encouraged by the resulting cooperation. However, in the case of +software used on network servers, this result may fail to come about. +The GNU General Public License permits making a modified version and +letting the public access it on a server without ever releasing its +source code to the public. + + The GNU Affero General Public License is designed specifically to +ensure that, in such cases, the modified source code becomes available +to the community. It requires the operator of a network server to +provide the source code of the modified version running there to the +users of that server. Therefore, public use of a modified version, on +a publicly accessible server, gives the public access to the source +code of the modified version. + + An older license, called the Affero General Public License and +published by Affero, was designed to accomplish similar goals. This is +a different license, not a version of the Affero GPL, but Affero has +released a new version of the Affero GPL which permits relicensing under +this license. + + The precise terms and conditions for copying, distribution and +modification follow. + + TERMS AND CONDITIONS + + 0. Definitions. + + "This License" refers to version 3 of the GNU Affero General Public License. + + "Copyright" also means copyright-like laws that apply to other kinds of +works, such as semiconductor masks. + + "The Program" refers to any copyrightable work licensed under this +License. Each licensee is addressed as "you". "Licensees" and +"recipients" may be individuals or organizations. + + To "modify" a work means to copy from or adapt all or part of the work +in a fashion requiring copyright permission, other than the making of an +exact copy. The resulting work is called a "modified version" of the +earlier work or a work "based on" the earlier work. + + A "covered work" means either the unmodified Program or a work based +on the Program. + + To "propagate" a work means to do anything with it that, without +permission, would make you directly or secondarily liable for +infringement under applicable copyright law, except executing it on a +computer or modifying a private copy. Propagation includes copying, +distribution (with or without modification), making available to the +public, and in some countries other activities as well. + + To "convey" a work means any kind of propagation that enables other +parties to make or receive copies. Mere interaction with a user through +a computer network, with no transfer of a copy, is not conveying. + + An interactive user interface displays "Appropriate Legal Notices" +to the extent that it includes a convenient and prominently visible +feature that (1) displays an appropriate copyright notice, and (2) +tells the user that there is no warranty for the work (except to the +extent that warranties are provided), that licensees may convey the +work under this License, and how to view a copy of this License. If +the interface presents a list of user commands or options, such as a +menu, a prominent item in the list meets this criterion. + + 1. Source Code. + + The "source code" for a work means the preferred form of the work +for making modifications to it. "Object code" means any non-source +form of a work. + + A "Standard Interface" means an interface that either is an official +standard defined by a recognized standards body, or, in the case of +interfaces specified for a particular programming language, one that +is widely used among developers working in that language. + + The "System Libraries" of an executable work include anything, other +than the work as a whole, that (a) is included in the normal form of +packaging a Major Component, but which is not part of that Major +Component, and (b) serves only to enable use of the work with that +Major Component, or to implement a Standard Interface for which an +implementation is available to the public in source code form. A +"Major Component", in this context, means a major essential component +(kernel, window system, and so on) of the specific operating system +(if any) on which the executable work runs, or a compiler used to +produce the work, or an object code interpreter used to run it. + + The "Corresponding Source" for a work in object code form means all +the source code needed to generate, install, and (for an executable +work) run the object code and to modify the work, including scripts to +control those activities. However, it does not include the work's +System Libraries, or general-purpose tools or generally available free +programs which are used unmodified in performing those activities but +which are not part of the work. For example, Corresponding Source +includes interface definition files associated with source files for +the work, and the source code for shared libraries and dynamically +linked subprograms that the work is specifically designed to require, +such as by intimate data communication or control flow between those +subprograms and other parts of the work. + + The Corresponding Source need not include anything that users +can regenerate automatically from other parts of the Corresponding +Source. + + The Corresponding Source for a work in source code form is that +same work. + + 2. Basic Permissions. + + All rights granted under this License are granted for the term of +copyright on the Program, and are irrevocable provided the stated +conditions are met. This License explicitly affirms your unlimited +permission to run the unmodified Program. The output from running a +covered work is covered by this License only if the output, given its +content, constitutes a covered work. This License acknowledges your +rights of fair use or other equivalent, as provided by copyright law. + + You may make, run and propagate covered works that you do not +convey, without conditions so long as your license otherwise remains +in force. You may convey covered works to others for the sole purpose +of having them make modifications exclusively for you, or provide you +with facilities for running those works, provided that you comply with +the terms of this License in conveying all material for which you do +not control copyright. Those thus making or running the covered works +for you must do so exclusively on your behalf, under your direction +and control, on terms that prohibit them from making any copies of +your copyrighted material outside their relationship with you. + + Conveying under any other circumstances is permitted solely under +the conditions stated below. Sublicensing is not allowed; section 10 +makes it unnecessary. + + 3. Protecting Users' Legal Rights From Anti-Circumvention Law. + + No covered work shall be deemed part of an effective technological +measure under any applicable law fulfilling obligations under article +11 of the WIPO copyright treaty adopted on 20 December 1996, or +similar laws prohibiting or restricting circumvention of such +measures. + + When you convey a covered work, you waive any legal power to forbid +circumvention of technological measures to the extent such circumvention +is effected by exercising rights under this License with respect to +the covered work, and you disclaim any intention to limit operation or +modification of the work as a means of enforcing, against the work's +users, your or third parties' legal rights to forbid circumvention of +technological measures. + + 4. Conveying Verbatim Copies. + + You may convey verbatim copies of the Program's source code as you +receive it, in any medium, provided that you conspicuously and +appropriately publish on each copy an appropriate copyright notice; +keep intact all notices stating that this License and any +non-permissive terms added in accord with section 7 apply to the code; +keep intact all notices of the absence of any warranty; and give all +recipients a copy of this License along with the Program. + + You may charge any price or no price for each copy that you convey, +and you may offer support or warranty protection for a fee. + + 5. Conveying Modified Source Versions. + + You may convey a work based on the Program, or the modifications to +produce it from the Program, in the form of source code under the +terms of section 4, provided that you also meet all of these conditions: + + a) The work must carry prominent notices stating that you modified + it, and giving a relevant date. + + b) The work must carry prominent notices stating that it is + released under this License and any conditions added under section + 7. This requirement modifies the requirement in section 4 to + "keep intact all notices". + + c) You must license the entire work, as a whole, under this + License to anyone who comes into possession of a copy. This + License will therefore apply, along with any applicable section 7 + additional terms, to the whole of the work, and all its parts, + regardless of how they are packaged. This License gives no + permission to license the work in any other way, but it does not + invalidate such permission if you have separately received it. + + d) If the work has interactive user interfaces, each must display + Appropriate Legal Notices; however, if the Program has interactive + interfaces that do not display Appropriate Legal Notices, your + work need not make them do so. + + A compilation of a covered work with other separate and independent +works, which are not by their nature extensions of the covered work, +and which are not combined with it such as to form a larger program, +in or on a volume of a storage or distribution medium, is called an +"aggregate" if the compilation and its resulting copyright are not +used to limit the access or legal rights of the compilation's users +beyond what the individual works permit. Inclusion of a covered work +in an aggregate does not cause this License to apply to the other +parts of the aggregate. + + 6. Conveying Non-Source Forms. + + You may convey a covered work in object code form under the terms +of sections 4 and 5, provided that you also convey the +machine-readable Corresponding Source under the terms of this License, +in one of these ways: + + a) Convey the object code in, or embodied in, a physical product + (including a physical distribution medium), accompanied by the + Corresponding Source fixed on a durable physical medium + customarily used for software interchange. + + b) Convey the object code in, or embodied in, a physical product + (including a physical distribution medium), accompanied by a + written offer, valid for at least three years and valid for as + long as you offer spare parts or customer support for that product + model, to give anyone who possesses the object code either (1) a + copy of the Corresponding Source for all the software in the + product that is covered by this License, on a durable physical + medium customarily used for software interchange, for a price no + more than your reasonable cost of physically performing this + conveying of source, or (2) access to copy the + Corresponding Source from a network server at no charge. + + c) Convey individual copies of the object code with a copy of the + written offer to provide the Corresponding Source. This + alternative is allowed only occasionally and noncommercially, and + only if you received the object code with such an offer, in accord + with subsection 6b. + + d) Convey the object code by offering access from a designated + place (gratis or for a charge), and offer equivalent access to the + Corresponding Source in the same way through the same place at no + further charge. You need not require recipients to copy the + Corresponding Source along with the object code. If the place to + copy the object code is a network server, the Corresponding Source + may be on a different server (operated by you or a third party) + that supports equivalent copying facilities, provided you maintain + clear directions next to the object code saying where to find the + Corresponding Source. Regardless of what server hosts the + Corresponding Source, you remain obligated to ensure that it is + available for as long as needed to satisfy these requirements. + + e) Convey the object code using peer-to-peer transmission, provided + you inform other peers where the object code and Corresponding + Source of the work are being offered to the general public at no + charge under subsection 6d. + + A separable portion of the object code, whose source code is excluded +from the Corresponding Source as a System Library, need not be +included in conveying the object code work. + + A "User Product" is either (1) a "consumer product", which means any +tangible personal property which is normally used for personal, family, +or household purposes, or (2) anything designed or sold for incorporation +into a dwelling. In determining whether a product is a consumer product, +doubtful cases shall be resolved in favor of coverage. For a particular +product received by a particular user, "normally used" refers to a +typical or common use of that class of product, regardless of the status +of the particular user or of the way in which the particular user +actually uses, or expects or is expected to use, the product. A product +is a consumer product regardless of whether the product has substantial +commercial, industrial or non-consumer uses, unless such uses represent +the only significant mode of use of the product. + + "Installation Information" for a User Product means any methods, +procedures, authorization keys, or other information required to install +and execute modified versions of a covered work in that User Product from +a modified version of its Corresponding Source. The information must +suffice to ensure that the continued functioning of the modified object +code is in no case prevented or interfered with solely because +modification has been made. + + If you convey an object code work under this section in, or with, or +specifically for use in, a User Product, and the conveying occurs as +part of a transaction in which the right of possession and use of the +User Product is transferred to the recipient in perpetuity or for a +fixed term (regardless of how the transaction is characterized), the +Corresponding Source conveyed under this section must be accompanied +by the Installation Information. But this requirement does not apply +if neither you nor any third party retains the ability to install +modified object code on the User Product (for example, the work has +been installed in ROM). + + The requirement to provide Installation Information does not include a +requirement to continue to provide support service, warranty, or updates +for a work that has been modified or installed by the recipient, or for +the User Product in which it has been modified or installed. Access to a +network may be denied when the modification itself materially and +adversely affects the operation of the network or violates the rules and +protocols for communication across the network. + + Corresponding Source conveyed, and Installation Information provided, +in accord with this section must be in a format that is publicly +documented (and with an implementation available to the public in +source code form), and must require no special password or key for +unpacking, reading or copying. + + 7. Additional Terms. + + "Additional permissions" are terms that supplement the terms of this +License by making exceptions from one or more of its conditions. +Additional permissions that are applicable to the entire Program shall +be treated as though they were included in this License, to the extent +that they are valid under applicable law. If additional permissions +apply only to part of the Program, that part may be used separately +under those permissions, but the entire Program remains governed by +this License without regard to the additional permissions. + + When you convey a copy of a covered work, you may at your option +remove any additional permissions from that copy, or from any part of +it. (Additional permissions may be written to require their own +removal in certain cases when you modify the work.) You may place +additional permissions on material, added by you to a covered work, +for which you have or can give appropriate copyright permission. + + Notwithstanding any other provision of this License, for material you +add to a covered work, you may (if authorized by the copyright holders of +that material) supplement the terms of this License with terms: + + a) Disclaiming warranty or limiting liability differently from the + terms of sections 15 and 16 of this License; or + + b) Requiring preservation of specified reasonable legal notices or + author attributions in that material or in the Appropriate Legal + Notices displayed by works containing it; or + + c) Prohibiting misrepresentation of the origin of that material, or + requiring that modified versions of such material be marked in + reasonable ways as different from the original version; or + + d) Limiting the use for publicity purposes of names of licensors or + authors of the material; or + + e) Declining to grant rights under trademark law for use of some + trade names, trademarks, or service marks; or + + f) Requiring indemnification of licensors and authors of that + material by anyone who conveys the material (or modified versions of + it) with contractual assumptions of liability to the recipient, for + any liability that these contractual assumptions directly impose on + those licensors and authors. + + All other non-permissive additional terms are considered "further +restrictions" within the meaning of section 10. If the Program as you +received it, or any part of it, contains a notice stating that it is +governed by this License along with a term that is a further +restriction, you may remove that term. If a license document contains +a further restriction but permits relicensing or conveying under this +License, you may add to a covered work material governed by the terms +of that license document, provided that the further restriction does +not survive such relicensing or conveying. + + If you add terms to a covered work in accord with this section, you +must place, in the relevant source files, a statement of the +additional terms that apply to those files, or a notice indicating +where to find the applicable terms. + + Additional terms, permissive or non-permissive, may be stated in the +form of a separately written license, or stated as exceptions; +the above requirements apply either way. + + 8. Termination. + + You may not propagate or modify a covered work except as expressly +provided under this License. Any attempt otherwise to propagate or +modify it is void, and will automatically terminate your rights under +this License (including any patent licenses granted under the third +paragraph of section 11). + + However, if you cease all violation of this License, then your +license from a particular copyright holder is reinstated (a) +provisionally, unless and until the copyright holder explicitly and +finally terminates your license, and (b) permanently, if the copyright +holder fails to notify you of the violation by some reasonable means +prior to 60 days after the cessation. + + Moreover, your license from a particular copyright holder is +reinstated permanently if the copyright holder notifies you of the +violation by some reasonable means, this is the first time you have +received notice of violation of this License (for any work) from that +copyright holder, and you cure the violation prior to 30 days after +your receipt of the notice. + + Termination of your rights under this section does not terminate the +licenses of parties who have received copies or rights from you under +this License. If your rights have been terminated and not permanently +reinstated, you do not qualify to receive new licenses for the same +material under section 10. + + 9. Acceptance Not Required for Having Copies. + + You are not required to accept this License in order to receive or +run a copy of the Program. Ancillary propagation of a covered work +occurring solely as a consequence of using peer-to-peer transmission +to receive a copy likewise does not require acceptance. However, +nothing other than this License grants you permission to propagate or +modify any covered work. These actions infringe copyright if you do +not accept this License. Therefore, by modifying or propagating a +covered work, you indicate your acceptance of this License to do so. + + 10. Automatic Licensing of Downstream Recipients. + + Each time you convey a covered work, the recipient automatically +receives a license from the original licensors, to run, modify and +propagate that work, subject to this License. You are not responsible +for enforcing compliance by third parties with this License. + + An "entity transaction" is a transaction transferring control of an +organization, or substantially all assets of one, or subdividing an +organization, or merging organizations. If propagation of a covered +work results from an entity transaction, each party to that +transaction who receives a copy of the work also receives whatever +licenses to the work the party's predecessor in interest had or could +give under the previous paragraph, plus a right to possession of the +Corresponding Source of the work from the predecessor in interest, if +the predecessor has it or can get it with reasonable efforts. + + You may not impose any further restrictions on the exercise of the +rights granted or affirmed under this License. For example, you may +not impose a license fee, royalty, or other charge for exercise of +rights granted under this License, and you may not initiate litigation +(including a cross-claim or counterclaim in a lawsuit) alleging that +any patent claim is infringed by making, using, selling, offering for +sale, or importing the Program or any portion of it. + + 11. Patents. + + A "contributor" is a copyright holder who authorizes use under this +License of the Program or a work on which the Program is based. The +work thus licensed is called the contributor's "contributor version". + + A contributor's "essential patent claims" are all patent claims +owned or controlled by the contributor, whether already acquired or +hereafter acquired, that would be infringed by some manner, permitted +by this License, of making, using, or selling its contributor version, +but do not include claims that would be infringed only as a +consequence of further modification of the contributor version. For +purposes of this definition, "control" includes the right to grant +patent sublicenses in a manner consistent with the requirements of +this License. + + Each contributor grants you a non-exclusive, worldwide, royalty-free +patent license under the contributor's essential patent claims, to +make, use, sell, offer for sale, import and otherwise run, modify and +propagate the contents of its contributor version. + + In the following three paragraphs, a "patent license" is any express +agreement or commitment, however denominated, not to enforce a patent +(such as an express permission to practice a patent or covenant not to +sue for patent infringement). To "grant" such a patent license to a +party means to make such an agreement or commitment not to enforce a +patent against the party. + + If you convey a covered work, knowingly relying on a patent license, +and the Corresponding Source of the work is not available for anyone +to copy, free of charge and under the terms of this License, through a +publicly available network server or other readily accessible means, +then you must either (1) cause the Corresponding Source to be so +available, or (2) arrange to deprive yourself of the benefit of the +patent license for this particular work, or (3) arrange, in a manner +consistent with the requirements of this License, to extend the patent +license to downstream recipients. "Knowingly relying" means you have +actual knowledge that, but for the patent license, your conveying the +covered work in a country, or your recipient's use of the covered work +in a country, would infringe one or more identifiable patents in that +country that you have reason to believe are valid. + + If, pursuant to or in connection with a single transaction or +arrangement, you convey, or propagate by procuring conveyance of, a +covered work, and grant a patent license to some of the parties +receiving the covered work authorizing them to use, propagate, modify +or convey a specific copy of the covered work, then the patent license +you grant is automatically extended to all recipients of the covered +work and works based on it. + + A patent license is "discriminatory" if it does not include within +the scope of its coverage, prohibits the exercise of, or is +conditioned on the non-exercise of one or more of the rights that are +specifically granted under this License. You may not convey a covered +work if you are a party to an arrangement with a third party that is +in the business of distributing software, under which you make payment +to the third party based on the extent of your activity of conveying +the work, and under which the third party grants, to any of the +parties who would receive the covered work from you, a discriminatory +patent license (a) in connection with copies of the covered work +conveyed by you (or copies made from those copies), or (b) primarily +for and in connection with specific products or compilations that +contain the covered work, unless you entered into that arrangement, +or that patent license was granted, prior to 28 March 2007. + + Nothing in this License shall be construed as excluding or limiting +any implied license or other defenses to infringement that may +otherwise be available to you under applicable patent law. + + 12. No Surrender of Others' Freedom. + + If conditions are imposed on you (whether by court order, agreement or +otherwise) that contradict the conditions of this License, they do not +excuse you from the conditions of this License. If you cannot convey a +covered work so as to satisfy simultaneously your obligations under this +License and any other pertinent obligations, then as a consequence you may +not convey it at all. For example, if you agree to terms that obligate you +to collect a royalty for further conveying from those to whom you convey +the Program, the only way you could satisfy both those terms and this +License would be to refrain entirely from conveying the Program. + + 13. Remote Network Interaction; Use with the GNU General Public License. + + Notwithstanding any other provision of this License, if you modify the +Program, your modified version must prominently offer all users +interacting with it remotely through a computer network (if your version +supports such interaction) an opportunity to receive the Corresponding +Source of your version by providing access to the Corresponding Source +from a network server at no charge, through some standard or customary +means of facilitating copying of software. This Corresponding Source +shall include the Corresponding Source for any work covered by version 3 +of the GNU General Public License that is incorporated pursuant to the +following paragraph. + + Notwithstanding any other provision of this License, you have +permission to link or combine any covered work with a work licensed +under version 3 of the GNU General Public License into a single +combined work, and to convey the resulting work. The terms of this +License will continue to apply to the part which is the covered work, +but the work with which it is combined will remain governed by version +3 of the GNU General Public License. + + 14. Revised Versions of this License. + + The Free Software Foundation may publish revised and/or new versions of +the GNU Affero General Public License from time to time. Such new versions +will be similar in spirit to the present version, but may differ in detail to +address new problems or concerns. + + Each version is given a distinguishing version number. If the +Program specifies that a certain numbered version of the GNU Affero General +Public License "or any later version" applies to it, you have the +option of following the terms and conditions either of that numbered +version or of any later version published by the Free Software +Foundation. If the Program does not specify a version number of the +GNU Affero General Public License, you may choose any version ever published +by the Free Software Foundation. + + If the Program specifies that a proxy can decide which future +versions of the GNU Affero General Public License can be used, that proxy's +public statement of acceptance of a version permanently authorizes you +to choose that version for the Program. + + Later license versions may give you additional or different +permissions. However, no additional obligations are imposed on any +author or copyright holder as a result of your choosing to follow a +later version. + + 15. Disclaimer of Warranty. + + THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY +APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT +HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY +OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, +THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM +IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF +ALL NECESSARY SERVICING, REPAIR OR CORRECTION. + + 16. Limitation of Liability. + + IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING +WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS +THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY +GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE +USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF +DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD +PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), +EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF +SUCH DAMAGES. + + 17. Interpretation of Sections 15 and 16. + + If the disclaimer of warranty and limitation of liability provided +above cannot be given local legal effect according to their terms, +reviewing courts shall apply local law that most closely approximates +an absolute waiver of all civil liability in connection with the +Program, unless a warranty or assumption of liability accompanies a +copy of the Program in return for a fee. + + END OF TERMS AND CONDITIONS + + How to Apply These Terms to Your New Programs + + If you develop a new program, and you want it to be of the greatest +possible use to the public, the best way to achieve this is to make it +free software which everyone can redistribute and change under these terms. + + To do so, attach the following notices to the program. It is safest +to attach them to the start of each source file to most effectively +state the exclusion of warranty; and each file should have at least +the "copyright" line and a pointer to where the full notice is found. + + + Copyright (C) + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU Affero General Public License as published + by the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU Affero General Public License for more details. + + You should have received a copy of the GNU Affero General Public License + along with this program. If not, see . + +Also add information on how to contact you by electronic and paper mail. + + If your software can interact with users remotely through a computer +network, you should also make sure that it provides a way for users to +get its source. For example, if your program is a web application, its +interface could display a "Source" link that leads users to an archive +of the code. There are many ways you could offer source, and different +solutions will be better for different programs; see section 13 for the +specific requirements. + + You should also get your employer (if you work as a programmer) or school, +if any, to sign a "copyright disclaimer" for the program, if necessary. +For more information on this, and how to apply and follow the GNU AGPL, see +. diff --git a/docker/nextcloud/custom_apps/user_saml/appinfo/app.php b/docker/nextcloud/custom_apps/user_saml/appinfo/app.php new file mode 100644 index 0000000..43db79e --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/appinfo/app.php @@ -0,0 +1,206 @@ + + * + * @license GNU AGPL version 3 or any later version + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + * + */ + +require_once __DIR__ . '/../3rdparty/vendor/autoload.php'; + +// If we run in CLI mode do not setup the app as it can fail the OCC execution +// since the URLGenerator isn't accessible. +$cli = false; +if(OC::$CLI) { + $cli = true; +} +try { + $urlGenerator = \OC::$server->getURLGenerator(); + $l = \OC::$server->getL10N('user_saml'); + $config = \OC::$server->getConfig(); + $request = \OC::$server->getRequest(); + $userSession = \OC::$server->getUserSession(); + $session = \OC::$server->getSession(); +} catch (Throwable $e) { + \OC::$server->getLogger()->logException($e); + return; +} +$samlSettings = new \OCA\User_SAML\SAMLSettings( + $urlGenerator, + $config, + $request, + $session +); + +$userBackend = new \OCA\User_SAML\UserBackend( + $config, + $urlGenerator, + \OC::$server->getSession(), + \OC::$server->getDatabaseConnection(), + \OC::$server->getUserManager(), + \OC::$server->getGroupManager(), + $samlSettings, + \OC::$server->getLogger() +); +$userBackend->registerBackends(\OC::$server->getUserManager()->getBackends()); +OC_User::useBackend($userBackend); + +$params = []; + +// Setting up the one login config may fail, if so, do not catch the requests later. +$returnScript = false; +$type = ''; +switch($config->getAppValue('user_saml', 'type')) { + case 'saml': + try { + $oneLoginSettings = new \OneLogin\Saml2\Settings($samlSettings->getOneLoginSettingsArray(1)); + } catch (\OneLogin\SAML2\Error $e) { + $returnScript = true; + } + $type = 'saml'; + break; + case 'environment-variable': + $type = 'environment-variable'; + break; + default: + return; +} + +if ($type === 'environment-variable') { + // We should ignore oauth2 token endpoint (oauth can send the credentials as basic auth which will fail with apache auth) + $uri = $request->getRequestUri(); + if (substr($uri, -24) === '/apps/oauth/api/v1/token') { + return; + } + + OC_User::handleApacheAuth(); +} + +if($returnScript === true) { + return; +} + +$app = \OC::$server->query(\OCA\User_SAML\AppInfo\Application::class); +$app->registerDavAuth(); + +$redirectSituation = false; + +$user = $userSession->getUser(); +if ($user !== null) { + $enabled = $user->isEnabled(); + if ($enabled === false) { + $targetUrl = $urlGenerator->linkToRouteAbsolute( + 'user_saml.SAML.genericError', + [ + 'message' => $l->t('This user account is disabled, please contact your administrator.') + ] + ); + header('Location: '.$targetUrl); + exit(); + } +} + +// All requests that are not authenticated and match against the "/login" route are +// redirected to the SAML login endpoint +if(!$cli && + !$userSession->isLoggedIn() && + \OC::$server->getRequest()->getPathInfo() === '/login' && + $type !== '') { + try { + $params = $request->getParams(); + } catch (\LogicException $e) { + // ignore exception when PUT is called since getParams cannot parse parameters in that case + } + if (isset($params['direct'])) { + return; + } + $redirectSituation = true; +} + +// If a request to OCS or remote.php is sent by the official desktop clients it can +// be intercepted as it supports SAML. All other clients don't yet and thus we +// require the usage of application specific passwords there. +// +// However, it is an opt-in setting to use SAML for the desktop clients. For better +// UX (users don't have to reauthenticate) we default to disallow the access via +// SAML at the moment. +$useSamlForDesktopClients = $config->getAppValue('user_saml', 'general-use_saml_auth_for_desktop', '0'); +if($useSamlForDesktopClients === '1') { + $currentUrl = substr(explode('?',$request->getRequestUri(), 2)[0], strlen(\OC::$WEBROOT)); + if(substr($currentUrl, 0, 12) === '/remote.php/' || substr($currentUrl, 0, 5) === '/ocs/') { + if(!$userSession->isLoggedIn() && $request->isUserAgent([\OCP\IRequest::USER_AGENT_CLIENT_DESKTOP])) { + $redirectSituation = true; + + if (preg_match('/^.*\/(\d+\.\d+\.\d+).*$/', $request->getHeader('USER_AGENT'), $matches) === 1) { + $versionstring = $matches[1]; + + if (version_compare($versionstring, '2.5.0', '>=') === true) { + $redirectSituation = false; + } + } + } + } +} + +$multipleUserBackEnds = $samlSettings->allowMultipleUserBackEnds(); +$configuredIdps = $samlSettings->getListOfIdps(); +$showLoginOptions = $multipleUserBackEnds || count($configuredIdps) > 1; + +if ($redirectSituation === true && $showLoginOptions) { + try { + $params = $request->getParams(); + } catch (\LogicException $e) { + // ignore exception when PUT is called since getParams cannot parse parameters in that case + } + $redirectUrl = ''; + if(isset($params['redirect_url'])) { + $redirectUrl = $params['redirect_url']; + } + + $targetUrl = $urlGenerator->linkToRouteAbsolute( + 'user_saml.SAML.selectUserBackEnd', + [ + 'redirectUrl' => $redirectUrl + ] + ); + header('Location: '.$targetUrl); + exit(); + +} + +if($redirectSituation === true) { + try { + $params = $request->getParams(); + } catch (\LogicException $e) { + // ignore exception when PUT is called since getParams cannot parse parameters in that case + } + $originalUrl = ''; + if(isset($params['redirect_url'])) { + $originalUrl = $urlGenerator->getAbsoluteURL($params['redirect_url']); + } + + $csrfToken = \OC::$server->getCsrfTokenManager()->getToken(); + $targetUrl = $urlGenerator->linkToRouteAbsolute( + 'user_saml.SAML.login', + [ + 'requesttoken' => $csrfToken->getEncryptedValue(), + 'originalUrl' => $originalUrl, + 'idp' => 1, + ] + ); + header('Location: '.$targetUrl); + exit(); +} diff --git a/docker/nextcloud/custom_apps/user_saml/appinfo/info.xml b/docker/nextcloud/custom_apps/user_saml/appinfo/info.xml new file mode 100644 index 0000000..2b3d294 --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/appinfo/info.xml @@ -0,0 +1,45 @@ + + + user_saml + SSO & SAML authentication + Authenticate using single sign-on + + 4.1.0 + agpl + Lukas Reschke + User_SAML + + + + + https://portal.nextcloud.com/article/configuring-single-sign-on-10.html + + integration + https://github.com/nextcloud/user_saml + https://github.com/nextcloud/user_saml/issues + https://github.com/nextcloud/user_saml.git + https://raw.githubusercontent.com/nextcloud/user_saml/master/screenshots/1.png + https://raw.githubusercontent.com/nextcloud/user_saml/master/screenshots/2.png + + + + + OCA\User_SAML\Command\GetMetadata + + + OCA\User_SAML\Settings\Admin + OCA\User_SAML\Settings\Section + + diff --git a/docker/nextcloud/custom_apps/user_saml/appinfo/routes.php b/docker/nextcloud/custom_apps/user_saml/appinfo/routes.php new file mode 100644 index 0000000..63e5ca9 --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/appinfo/routes.php @@ -0,0 +1,94 @@ + + * + * @license GNU AGPL version 3 or any later version + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + * + */ + +namespace OCA\User_SAML\AppInfo; + +return [ + 'routes' => [ + [ + 'name' => 'SAML#login', + 'url' => '/saml/login', + 'verb' => 'GET', + ], + [ + 'name' => 'SAML#base', + 'url' => '/saml', + 'verb' => 'GET', + ], + [ + 'name' => 'SAML#getMetadata', + 'url' => '/saml/metadata', + 'verb' => 'GET', + ], + [ + 'name' => 'SAML#assertionConsumerService', + 'url' => '/saml/acs', + 'verb' => 'POST', + ], + [ + 'name' => 'SAML#singleLogoutService', + 'url' => '/saml/sls', + 'verb' => 'GET', + ], + [ + 'name' => 'SAML#singleLogoutService', + 'url' => '/saml/sls', + 'verb' => 'POST', + 'postfix' => 'slspost', + ], + [ + 'name' => 'SAML#notProvisioned', + 'url' => '/saml/notProvisioned', + 'verb' => 'GET', + ], + [ + 'name' => 'SAML#genericError', + 'url' => '/saml/error', + 'verb' => 'GET', + ], + [ + 'name' => 'SAML#selectUserBackEnd', + 'url' => '/saml/selectUserBackEnd', + 'verb' => 'GET', + ], + [ + 'name' => 'Settings#getSamlProviderSettings', + 'url' => '/settings/providerSettings/{providerId}', + 'verb' => 'GET', + 'defaults' => [ + 'providerId' => '1' + ] + ], + [ + 'name' => 'Settings#deleteSamlProviderSettings', + 'url' => '/settings/providerSettings/{providerId}', + 'verb' => 'DELETE', + 'defaults' => [ + 'providerId' => '1' + ] + ], + [ + 'name' => 'Timezone#setTimezone', + 'url' => '/config/timezone', + 'verb' => 'POST', + ], + ], +]; diff --git a/docker/nextcloud/custom_apps/user_saml/css/admin.css b/docker/nextcloud/custom_apps/user_saml/css/admin.css new file mode 100644 index 0000000..f0ca800 --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/css/admin.css @@ -0,0 +1,60 @@ +#user-saml input[type="text"],textarea { + max-width: 600px; + width: 100%; +} + +#user-saml input[type="checkbox"] { + vertical-align:middle; + cursor: pointer; +} + +#user-saml h3 .icon-delete { + display: inline-block; + padding: 5px; + margin-bottom: -6px; +} + +#user-saml h4 { + font-size: 14px; + font-weight: 300; + margin: 12px 0; +} + +#user-saml-settings > div { + margin-bottom: 10px; +} + +.indent { + padding-left: 14px; +} + +#user-saml-settings .toggle { + clear: both; + padding: 7px 0; + cursor: pointer; + opacity: .5; +} + +#user-saml .account-list { + margin: 10px 0 10px 0; + overflow:hidden; + padding: 10px 0 10px 0; +} +#user-saml .account-list li { + float: left; +} + +#user-saml .account-list li a:not(.button) { + padding: 7px; +} +#user-saml .account-list li a.button { + margin-left: 20px; +} +#user-saml .account-list li.active a { + border-bottom: 1px solid #333; + font-weight: bold; +} + +#user-saml-reset-settings { + float: right; +} diff --git a/docker/nextcloud/custom_apps/user_saml/css/personal.css b/docker/nextcloud/custom_apps/user_saml/css/personal.css new file mode 100644 index 0000000..7495c58 --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/css/personal.css @@ -0,0 +1,30 @@ +#user-saml-apppasswords table { + width: 100%; + min-height: 150px; + padding-top: 25px; +} +#user-saml-appasswords table th { + font-weight: 800; +} +#user-saml-apppasswords table th, +#user-saml-apppasswords table td { + padding: 10px; +} + +#user-saml-apppasswords .token-list td { + border-top: 1px solid #DDD; + text-overflow: ellipsis; + max-width: 200px; + white-space: nowrap; + overflow: hidden; +} +#user-saml-apppasswords .token-list td a.icon-delete { + display: block; + opacity: 0.6; +} + +#user-saml-new-app-password { + width: 186px; + font-family: monospace; + background-color: lightyellow; +} diff --git a/docker/nextcloud/custom_apps/user_saml/css/selectUserBackEnd.css b/docker/nextcloud/custom_apps/user_saml/css/selectUserBackEnd.css new file mode 100644 index 0000000..542a4ed --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/css/selectUserBackEnd.css @@ -0,0 +1,38 @@ +#saml-select-user-back-end { + color: var(--color-primary-text); +} + +#saml-select-user-back-end #av_mode{ + height: auto; +} + +#saml-select-user-back-end h1 { + font-size: 16px; + padding: 20px 0; +} + +.login-option { + background-color: var(--color-primary); + border: 1px solid var(--color-primary-text); + font-weight: 600; + height: 40px; + + margin: 15px 0; + min-width: 269px; + border-radius: 3px; + font-size: 20px; +} + +.login-option a { + display:inline-block; + width:100%; + line-height:40px; + color: var(--color-primary-text); + cursor: pointer; +} + +.login-option .icon-confirm-white { + float: right; + line-height: 40px; +} + diff --git a/docker/nextcloud/custom_apps/user_saml/img/app-dark.svg b/docker/nextcloud/custom_apps/user_saml/img/app-dark.svg new file mode 100644 index 0000000..6bd2478 --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/img/app-dark.svg @@ -0,0 +1,4 @@ + + + + diff --git a/docker/nextcloud/custom_apps/user_saml/img/app.svg b/docker/nextcloud/custom_apps/user_saml/img/app.svg new file mode 100644 index 0000000..15bc9e6 --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/img/app.svg @@ -0,0 +1,4 @@ + + + + diff --git a/docker/nextcloud/custom_apps/user_saml/js/admin.js b/docker/nextcloud/custom_apps/user_saml/js/admin.js new file mode 100644 index 0000000..71301fc --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/js/admin.js @@ -0,0 +1,411 @@ +(function(OCA) { + OCA.User_SAML = OCA.User_SAML || {}; + + /** + * @namespace OCA.User_SAML.Admin + */ + OCA.User_SAML.Admin = { + currentConfig: '1', + providerIds: '1', + + _getAppConfig: function (key) { + return $.ajax({ + type: 'GET', + url: OC.linkToOCS('apps/provisioning_api/api/v1', 2) + 'config/apps' + '/user_saml/' + key + '?format=json' + }); + }, + init: function(callback) { + this._getAppConfig('providerIds').done(function (data){ + if (data.ocs.data.data !== '') { + OCA.User_SAML.Admin.providerIds = data.ocs.data.data; + OCA.User_SAML.Admin.currentConfig = OCA.User_SAML.Admin.providerIds.split(',').sort()[0]; + } + callback(); + }); + }, + chooseEnv: function() { + if (OC.PasswordConfirmation.requiresPasswordConfirmation()) { + OC.PasswordConfirmation.requirePasswordConfirmation(_.bind(this.chooseEnv, this)); + return; + } + + OCP.AppConfig.setValue('user_saml', 'type', 'environment-variable', {success: function() {location.reload();}}); + }, + + chooseSaml: function() { + if (OC.PasswordConfirmation.requiresPasswordConfirmation()) { + OC.PasswordConfirmation.requirePasswordConfirmation(_.bind(this.chooseSaml, this)); + return; + } + + OCP.AppConfig.setValue('user_saml', 'type', 'saml', {success: function() {location.reload();}}); + }, + + resetSettings: function() { + if (OC.PasswordConfirmation.requiresPasswordConfirmation()) { + OC.PasswordConfirmation.requirePasswordConfirmation(_.bind(this.resetSettings, this)); + return; + } + + OCP.AppConfig.setValue('user_saml', 'type', '', {success: function() {location.reload();}}); + }, + + + getConfigIdentifier: function() { + if (this.currentConfig === '1') { + return ''; + } + return this.currentConfig + '-'; + }, + + /** + * Add a new provider + * @returns {number} id of the provider + */ + addProvider: function(callback) { + var providerIds = OCA.User_SAML.Admin.providerIds.split(','); + var nextId = 1; + if (providerIds.indexOf('1') >= 0) { + nextId = 2; + while ($.inArray('' + nextId, providerIds) >= 0) { + nextId++; + } + } + OCP.AppConfig.setValue('user_saml', 'providerIds', OCA.User_SAML.Admin.providerIds + ',' + nextId, { + success: function () { + OCA.User_SAML.Admin.providerIds += ',' + nextId; + callback(nextId) + } + }); + }, + + removeProvider: function(callback) { + var providerIds = OCA.User_SAML.Admin.providerIds.split(','); + if (providerIds.length > 1) { + var index = providerIds.indexOf(this.currentConfig); + if (index > -1) { + providerIds.splice(index, 1); + } + var config = this.currentConfig; + $.ajax({ url: OC.generateUrl('/apps/user_saml/settings/providerSettings/' + this.currentConfig), type: 'DELETE'}) + .done(function(data) { + OCP.AppConfig.setValue('user_saml', 'providerIds', providerIds.join(','), { + success: function () { + OCA.User_SAML.Admin.providerIds = providerIds.join(','); + callback(config); + } + }); + }); + + } + }, + + setSamlConfigValue: function(category, setting, value, global) { + if (OC.PasswordConfirmation.requiresPasswordConfirmation()) { + OC.PasswordConfirmation.requirePasswordConfirmation(_.bind(this.setSamlConfigValue, this, category, setting, value)); + return; + } + // store global config flags without idp prefix + var configIdentifier = this.getConfigIdentifier(); + if (global === true) { + configIdentifier = ''; + } + OC.msg.startSaving('#user-saml-save-indicator'); + OCP.AppConfig.setValue('user_saml', configIdentifier + category + '-' + setting, value.trim()); + OC.msg.finishedSaving('#user-saml-save-indicator', {status: 'success', data: {message: t('user_saml', 'Saved')}}); + } + } +})(OCA); + +$(function() { + + var type = $('#user-saml').data('type'); + + OCA.User_SAML.Admin.init(function() { + $('.account-list li[data-id="' + OCA.User_SAML.Admin.currentConfig + '"]').addClass('active'); + if (OCA.User_SAML.Admin.providerIds.split(',').length <= 1) { + $('[data-js="remove-idp"]').addClass('hidden'); + } + // Hide depending on the setup state + if(type !== 'environment-variable' && type !== 'saml') { + $('#user-saml-choose-type').removeClass('hidden'); + } else { + $('#user-saml-global').removeClass('hidden'); + $('#user-saml-warning-admin-user').removeClass('hidden'); + $('#user-saml-settings').removeClass('hidden'); + } + if(type === 'environment-variable') { + // we need the settings div to be visible for require_providioned_account + $('#user-saml-settings div').addClass('hidden'); + $('#user-saml-settings .button').addClass('hidden'); + $('#user-saml-general').removeClass('hidden'); + } + if (type === 'saml') { + $('#user-saml .account-list').removeClass('hidden'); + $('#user-saml-general').removeClass('hidden'); + } + + if($('#user-saml-general-require_provisioned_account').val() === '0' && type !== '') { + $('#user-saml-attribute-mapping').removeClass('hidden'); + } else { + $('#user-saml-attribute-mapping').addClass('hidden'); + } + }); + + $('#user-saml-choose-saml').click(function(e) { + e.preventDefault(); + if(type === '') { + OCA.User_SAML.Admin.chooseSaml(); + } + }); + $('#user-saml-choose-env').click(function(e) { + e.preventDefault(); + if(type === '') { + OCA.User_SAML.Admin.chooseEnv(); + } + }); + + $('#user-saml-reset-settings').click(function(e) { + e.preventDefault(); + OCA.User_SAML.Admin.resetSettings(); + }); + + var switchProvider = function(providerId) { + $('.account-list li').removeClass('active'); + $('.account-list li[data-id="' + providerId + '"]').addClass('active'); + OCA.User_SAML.Admin.currentConfig = '' + providerId; + $.get(OC.generateUrl('/apps/user_saml/settings/providerSettings/' + providerId)).done(function(data) { + Object.keys(data).forEach(function(category, index){ + var entries = data[category]; + Object.keys(entries).forEach(function (configKey) { + var element = $('#user-saml-settings *[data-key="' + configKey + '"]'); + if ($('#user-saml-settings #user-saml-' + category + ' #user-saml-' + configKey).length) { + element = $('#user-saml-' + category + ' #user-saml-' + configKey); + } + if ($('#user-saml-settings #user-saml-' + category + ' [name="' + configKey + '"]').length) { + element = $('#user-saml-' + category + ' [name="' + configKey + '"]'); + } + if(element.is('input') && element.prop('type') === 'text') { + element.val(entries[configKey]) + } + else if(element.is('textarea')) { + element.val(entries[configKey]); + } + else if(element.prop('type') === 'checkbox') { + var value = entries[configKey] === '1' ? '1' : '0'; + element.val(value); + } else { + console.log('unable to find element for ' + configKey); + } + }); + }); + $('input:checkbox[value="1"]').attr('checked', true); + $('input:checkbox[value="0"]').attr('checked', false); + var xmlDownloadButton = $('#get-metadata'); + var url = xmlDownloadButton.data('base') + '?idp=' + providerId; + xmlDownloadButton.attr('href', url); + }); + }; + + $('.account-list').on('click', 'li:not(.add-provider):not(.remove-provider)', function() { + var providerId = '' + $(this).data('id'); + switchProvider(providerId); + }); + + $('.account-list .add-provider').on('click', function() { + OCA.User_SAML.Admin.addProvider(function (nextId) { + $('
  • ' + t('user_saml', 'Provider') + ' ' + nextId + '
    • ').insertBefore('.account-list .remove-provider'); + switchProvider(nextId); + $('[data-js="remove-idp"]').removeClass('hidden'); + }); + }); + + $('[data-js="remove-idp"]').on('click', function() { + OCA.User_SAML.Admin.removeProvider(function(currentConfig) { + $('.account-list li[data-id="' + currentConfig + '"]').remove(); + switchProvider(OCA.User_SAML.Admin.providerIds.split(',')[0]); + if (OCA.User_SAML.Admin.providerIds.split(',').length <= 1) { + $('[data-js="remove-idp"]').addClass('hidden'); + } + }); + }); + + // Enable tabs + $('input:checkbox[value="1"]').attr('checked', true); + + $('#user-saml-sp input[type="text"], #user-saml-sp textarea').change(function(e) { + var el = $(this); + $.when(el.focusout()).then(function() { + var key = $(this).attr('name'); + OCA.User_SAML.Admin.setSamlConfigValue('sp', key, $(this).val()); + }); + if (e.keyCode === 13) { + var key = $(this).attr('name'); + OCA.User_SAML.Admin.setSamlConfigValue('sp', key, $(this).val()); + } + }); + $('#user-saml-sp select').change(function(e) { + var key = $(this).attr('name'); + OCA.User_SAML.Admin.setSamlConfigValue('sp', key, $(this).val()); + }); + + $('#user-saml-idp input[type="text"], #user-saml-idp textarea').change(function(e) { + var el = $(this); + $.when(el.focusout()).then(function() { + var key = $(this).attr('name'); + OCA.User_SAML.Admin.setSamlConfigValue('idp', key, $(this).val()); + }); + if (e.keyCode === 13) { + var key = $(this).attr('name'); + OCA.User_SAML.Admin.setSamlConfigValue('idp', key, $(this).val()); + } + }); + + $('#user-saml-general input[type="text"], #user-saml-general textarea').change(function(e) { + var el = $(this); + $.when(el.focusout()).then(function() { + var key = $(this).attr('name'); + OCA.User_SAML.Admin.setSamlConfigValue('general', key, $(this).val()); + }); + if (e.keyCode === 13) { + var key = $(this).attr('name'); + OCA.User_SAML.Admin.setSamlConfigValue('general', key, $(this).val()); + } + if(el.data('key') === 'idp0_display_name') { + if ($(this).val() !== '') { + $('.account-list li[data-id=' + OCA.User_SAML.Admin.currentConfig + '] a').text($(this).val()) + } else { + $('.account-list li[data-id=' + OCA.User_SAML.Admin.currentConfig + '] a').text(t('user_saml', 'Provider') + ' ' + OCA.User_SAML.Admin.currentConfig); + } + } + }); + + $('#user-saml-global input[type="checkbox"]').change(function(e) { + var el = $(this); + $.when(el.focusout()).then(function() { + var key = $(this).attr('name'); + if($(this).val() === "0") { + $(this).val("1"); + } else { + $(this).val("0"); + } + if(key === 'require_provisioned_account') { + $('#user-saml-attribute-mapping').toggleClass('hidden'); + } + OCA.User_SAML.Admin.setSamlConfigValue('general', key, $(this).val(), true); + }); + }); + + $('#user-saml-general input[type="checkbox"]').change(function(e) { + var el = $(this); + $.when(el.focusout()).then(function() { + var key = $(this).attr('name'); + if($(this).val() === "0") { + $(this).val("1"); + } else { + $(this).val("0"); + } + OCA.User_SAML.Admin.setSamlConfigValue('general', key, $(this).val()); + }); + }); + + $('#user-saml-security input[type="checkbox"]').change(function(e) { + var el = $(this); + $.when(el.focusout()).then(function() { + var key = $(this).attr('name'); + if($(this).val() === "0") { + $(this).val("1"); + } else { + $(this).val("0"); + } + OCA.User_SAML.Admin.setSamlConfigValue('security', key, $(this).val()); + }); + }); + + $('#user-saml-security input[type="text"], #user-saml-security textarea').change(function(e) { + var el = $(this); + $.when(el.focusout()).then(function() { + var key = $(this).attr('name'); + OCA.User_SAML.Admin.setSamlConfigValue('security', key, $(this).val()); + }); + if (e.keyCode === 13) { + var key = $(this).attr('name'); + OCA.User_SAML.Admin.setSamlConfigValue('security', key, $(this).val()); + } + }); + + $('#user-saml-attribute-mapping input[type="text"], #user-saml-attribute-mapping textarea').change(function(e) { + var el = $(this); + $.when(el.focusout()).then(function() { + var key = $(this).attr('name'); + OCA.User_SAML.Admin.setSamlConfigValue('saml-attribute-mapping', key, $(this).val()); + }); + if (e.keyCode === 13) { + var key = $(this).attr('name'); + OCA.User_SAML.Admin.setSamlConfigValue('saml-attribute-mapping', key, $(this).val()); + } + }); + + $('#user-saml').change(function() { + if(type === 'saml') { + // Checks on each request whether the settings make sense or not + $.ajax({ + url: OC.generateUrl('/apps/user_saml/saml/metadata'), + data: { idp: OCA.User_SAML.Admin.getConfigIdentifier() }, + type: 'GET' + }).fail(function (e) { + if (e.status === 500) { + $('#user-saml-settings-complete').addClass('hidden'); + $('#user-saml-settings-incomplete').removeClass('hidden'); + } + }).success(function (e) { + $('#user-saml-settings-complete').removeClass('hidden'); + $('#user-saml-settings-incomplete').addClass('hidden'); + }) + } + }); + + $('#user-saml-settings .toggle').on('click', function() { + var el = $(this), + nextSibling = el.parent().next(), + parentSettingId = el.closest('div').attr('id'), + text = ''; + switch(parentSettingId) { + case 'user-saml-security': + if (nextSibling.hasClass('hidden')) { + text = 'Hide security settings ...'; + } else { + text = 'Show security settings ...'; + } + break; + case 'user-saml-idp': + if (nextSibling.hasClass('hidden')) { + text = 'Hide optional Identity Provider settings ...'; + } else { + text = 'Show optional Identity Provider settings ...'; + } + break; + case 'user-saml-sp': + if (nextSibling.hasClass('hidden')) { + text = 'Hide Service Provider settings ...'; + } else { + text = 'Show Service Provider settings ...'; + } + break; + case 'user-saml-attribute-mapping': + if (nextSibling.hasClass('hidden')) { + text = 'Hide attribute mapping settings ...'; + } else { + text = 'Show attribute mapping settings ...'; + } + break; + } + el.html(t('user_saml', text)); + + if (nextSibling.is(":visible")) { + nextSibling.slideUp(); + } else { + nextSibling.slideDown(); + } + }); +}); diff --git a/docker/nextcloud/custom_apps/user_saml/js/selectUserBackEnd.js b/docker/nextcloud/custom_apps/user_saml/js/selectUserBackEnd.js new file mode 100644 index 0000000..ca6596a --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/js/selectUserBackEnd.js @@ -0,0 +1,10 @@ +$(window).load(function() { + + $(".login-chose-saml-idp").change(function() { + var target = $(this).val(); + if (target !== '') { + window.location.href = target; + } + }); + +}); diff --git a/docker/nextcloud/custom_apps/user_saml/js/timezone.js b/docker/nextcloud/custom_apps/user_saml/js/timezone.js new file mode 100644 index 0000000..e48e622 --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/js/timezone.js @@ -0,0 +1,39 @@ +/* global $, jstz, OC */ + +/* + * @copyright 2019 Christoph Wurst + * + * @author 2019 Christoph Wurst + * + * @license GNU AGPL version 3 or any later version + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ + +console.debug('updating timezone and offset for SAML user') + +$.ajax({ + type: 'POST', + url: OC.generateUrl('/apps/user_saml/config/timezone'), + data: { + timezone: jstz.determine().name(), + timezoneOffset: (-new Date().getTimezoneOffset() / 60) + }, + error: function(e) { + console.error('could not set timezone and offset for SAML user', e) + }, + success: function() { + console.info('timezone and offset udpated for SAML user') + } +}) diff --git a/docker/nextcloud/custom_apps/user_saml/l10n/.gitkeep b/docker/nextcloud/custom_apps/user_saml/l10n/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/docker/nextcloud/custom_apps/user_saml/l10n/af.js b/docker/nextcloud/custom_apps/user_saml/l10n/af.js new file mode 100644 index 0000000..0a47297 --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/l10n/af.js @@ -0,0 +1,22 @@ +OC.L10N.register( + "user_saml", + { + "Saved" : "Bewaar", + "Provider" : "Verskaffer", + "Provider " : "Verskaffer", + "Private key of the Service Provider" : "Privaatsleutel van die Diensverskaffer", + "Open documentation" : "Open dokumentasie", + "Remove identity provider" : "Verwyder identiteitsverskaffer", + "Add identity provider" : "Voeg identiteitsverskaffer toe", + "General" : "Algemeen", + "Service Provider Data" : "Diensverskafferdata", + "Identity Provider Data" : "Identiteitsverskafferdata", + "Security settings" : "Sekuriteitsinstellings", + "Signatures and encryption offered" : "Handtekeninge en enkripsie gebied", + "Signatures and encryption required" : "Handtekeninge en enkripsie vereis", + "Download metadata XML" : "Laai metadata XML af", + "Metadata invalid" : "Metadata ongeldig", + "Metadata valid" : "Metadata geldig", + "Error" : "Fout" +}, +"nplurals=2; plural=(n != 1);"); diff --git a/docker/nextcloud/custom_apps/user_saml/l10n/af.json b/docker/nextcloud/custom_apps/user_saml/l10n/af.json new file mode 100644 index 0000000..a7e07c1 --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/l10n/af.json @@ -0,0 +1,20 @@ +{ "translations": { + "Saved" : "Bewaar", + "Provider" : "Verskaffer", + "Provider " : "Verskaffer", + "Private key of the Service Provider" : "Privaatsleutel van die Diensverskaffer", + "Open documentation" : "Open dokumentasie", + "Remove identity provider" : "Verwyder identiteitsverskaffer", + "Add identity provider" : "Voeg identiteitsverskaffer toe", + "General" : "Algemeen", + "Service Provider Data" : "Diensverskafferdata", + "Identity Provider Data" : "Identiteitsverskafferdata", + "Security settings" : "Sekuriteitsinstellings", + "Signatures and encryption offered" : "Handtekeninge en enkripsie gebied", + "Signatures and encryption required" : "Handtekeninge en enkripsie vereis", + "Download metadata XML" : "Laai metadata XML af", + "Metadata invalid" : "Metadata ongeldig", + "Metadata valid" : "Metadata geldig", + "Error" : "Fout" +},"pluralForm" :"nplurals=2; plural=(n != 1);" +} \ No newline at end of file diff --git a/docker/nextcloud/custom_apps/user_saml/l10n/ar.js b/docker/nextcloud/custom_apps/user_saml/l10n/ar.js new file mode 100644 index 0000000..5cec2e3 --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/l10n/ar.js @@ -0,0 +1,18 @@ +OC.L10N.register( + "user_saml", + { + "Saved" : "تم الإحتفاظ به", + "Provider" : "المزوّد", + "Provider " : "المزوّد", + "Private key of the Service Provider" : "المفتاح الشخصي لموفر الخدمة", + "Email address" : "عنوان البريد الإلكتروني", + "SSO & SAML authentication" : "المصادقة عبر SSO و SAML", + "Open documentation" : "فتح الدليل", + "Global settings" : "الإعدادات العامة", + "General" : "العامة", + "Identity Provider Data" : "مُزوِّد بيانات الهوية", + "Security settings" : "الإعدادات الأمنية", + "Show security settings…" : "إظهار إعدادات الأمان …", + "Error" : "خطأ" +}, +"nplurals=6; plural=n==0 ? 0 : n==1 ? 1 : n==2 ? 2 : n%100>=3 && n%100<=10 ? 3 : n%100>=11 && n%100<=99 ? 4 : 5;"); diff --git a/docker/nextcloud/custom_apps/user_saml/l10n/ar.json b/docker/nextcloud/custom_apps/user_saml/l10n/ar.json new file mode 100644 index 0000000..e95701f --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/l10n/ar.json @@ -0,0 +1,16 @@ +{ "translations": { + "Saved" : "تم الإحتفاظ به", + "Provider" : "المزوّد", + "Provider " : "المزوّد", + "Private key of the Service Provider" : "المفتاح الشخصي لموفر الخدمة", + "Email address" : "عنوان البريد الإلكتروني", + "SSO & SAML authentication" : "المصادقة عبر SSO و SAML", + "Open documentation" : "فتح الدليل", + "Global settings" : "الإعدادات العامة", + "General" : "العامة", + "Identity Provider Data" : "مُزوِّد بيانات الهوية", + "Security settings" : "الإعدادات الأمنية", + "Show security settings…" : "إظهار إعدادات الأمان …", + "Error" : "خطأ" +},"pluralForm" :"nplurals=6; plural=n==0 ? 0 : n==1 ? 1 : n==2 ? 2 : n%100>=3 && n%100<=10 ? 3 : n%100>=11 && n%100<=99 ? 4 : 5;" +} \ No newline at end of file diff --git a/docker/nextcloud/custom_apps/user_saml/l10n/ast.js b/docker/nextcloud/custom_apps/user_saml/l10n/ast.js new file mode 100644 index 0000000..08da1d7 --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/l10n/ast.js @@ -0,0 +1,23 @@ +OC.L10N.register( + "user_saml", + { + "Saved" : "Guardóse", + "X.509 certificate of the Service Provider" : "Certificáu X.509 del fornidor de servicios", + "Private key of the Service Provider" : "Clave privada del fornidor de servicios", + "Whether the metadata should be signed." : "Si los datos meta deberíen roblase.", + "SSO & SAML authentication" : "Autenticación SSO y SAML", + "Open documentation" : "Abrir documentación", + "Use built-in SAML authentication" : "Usar autenticación integrada SAML", + "Use environment variable" : "Usar variable d'entornu", + "General" : "Xeneral", + "Service Provider Data" : "Datos del fornidor de servicios", + "Identifier of the IdP entity (must be a URI)" : "Identificador de la entidá IdP (ha ser una URI)", + "Security settings" : "Axustes de seguranza", + "Signatures and encryption offered" : "Ufriéronse robles y cifráu", + "Signatures and encryption required" : "Ríquense robles y cifráu", + "Download metadata XML" : "Baxar XML de datos meta", + "Metadata invalid" : "Datos meta non válidos", + "Metadata valid" : "Datos meta válidos", + "Error" : "Fallu" +}, +"nplurals=2; plural=(n != 1);"); diff --git a/docker/nextcloud/custom_apps/user_saml/l10n/ast.json b/docker/nextcloud/custom_apps/user_saml/l10n/ast.json new file mode 100644 index 0000000..969ce01 --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/l10n/ast.json @@ -0,0 +1,21 @@ +{ "translations": { + "Saved" : "Guardóse", + "X.509 certificate of the Service Provider" : "Certificáu X.509 del fornidor de servicios", + "Private key of the Service Provider" : "Clave privada del fornidor de servicios", + "Whether the metadata should be signed." : "Si los datos meta deberíen roblase.", + "SSO & SAML authentication" : "Autenticación SSO y SAML", + "Open documentation" : "Abrir documentación", + "Use built-in SAML authentication" : "Usar autenticación integrada SAML", + "Use environment variable" : "Usar variable d'entornu", + "General" : "Xeneral", + "Service Provider Data" : "Datos del fornidor de servicios", + "Identifier of the IdP entity (must be a URI)" : "Identificador de la entidá IdP (ha ser una URI)", + "Security settings" : "Axustes de seguranza", + "Signatures and encryption offered" : "Ufriéronse robles y cifráu", + "Signatures and encryption required" : "Ríquense robles y cifráu", + "Download metadata XML" : "Baxar XML de datos meta", + "Metadata invalid" : "Datos meta non válidos", + "Metadata valid" : "Datos meta válidos", + "Error" : "Fallu" +},"pluralForm" :"nplurals=2; plural=(n != 1);" +} \ No newline at end of file diff --git a/docker/nextcloud/custom_apps/user_saml/l10n/bg.js b/docker/nextcloud/custom_apps/user_saml/l10n/bg.js new file mode 100644 index 0000000..f27a9be --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/l10n/bg.js @@ -0,0 +1,14 @@ +OC.L10N.register( + "user_saml", + { + "Saved" : "Запазено", + "Email address" : "Имейл адрес", + "SSO & SAML authentication" : "SSO и SAML удостоверяване", + "Open documentation" : "Отвори документацията", + "Use built-in SAML authentication" : "Ползвай вграденото SAML удостоверяване", + "General" : "Общи", + "Security settings" : "Настройки за сигурност", + "Reset settings" : "Нулиране на настройките", + "Error" : "Грешка" +}, +"nplurals=2; plural=(n != 1);"); diff --git a/docker/nextcloud/custom_apps/user_saml/l10n/bg.json b/docker/nextcloud/custom_apps/user_saml/l10n/bg.json new file mode 100644 index 0000000..98f24bd --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/l10n/bg.json @@ -0,0 +1,12 @@ +{ "translations": { + "Saved" : "Запазено", + "Email address" : "Имейл адрес", + "SSO & SAML authentication" : "SSO и SAML удостоверяване", + "Open documentation" : "Отвори документацията", + "Use built-in SAML authentication" : "Ползвай вграденото SAML удостоверяване", + "General" : "Общи", + "Security settings" : "Настройки за сигурност", + "Reset settings" : "Нулиране на настройките", + "Error" : "Грешка" +},"pluralForm" :"nplurals=2; plural=(n != 1);" +} \ No newline at end of file diff --git a/docker/nextcloud/custom_apps/user_saml/l10n/ca.js b/docker/nextcloud/custom_apps/user_saml/l10n/ca.js new file mode 100644 index 0000000..03e4fe0 --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/l10n/ca.js @@ -0,0 +1,88 @@ +OC.L10N.register( + "user_saml", + { + "This user account is disabled, please contact your administrator." : "Aquest compte d'usuari està inhabilitat, contacteu amb l'administrador.", + "Saved" : "Desat", + "Provider" : "Proveïdor", + "Unknown error, please check the log file for more details." : "Error desconegut, comprovar el fitxer de registre per a més detalls.", + "Direct log in" : "Entrada directa", + "SSO & SAML log in" : "Entrada SSO i SAML", + "This page should not be visited directly." : "No s' hauria de visitar directament aquesta plana.", + "Provider " : "Proveïdor ", + "X.509 certificate of the Service Provider" : "X.509 El certificat d'aquest servidor és invàlid", + "Private key of the Service Provider" : "Clau privada del proveïdor de serveis", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Indica que la identificació del nom de la enviada per aquest SP serà xifrada.", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Indica si es signaran els missatges enviats per aquest SP. [Les metadades del SP oferiran aquesta informació]", + "Indicates whether the messages sent by this SP will be signed." : "Indica si els signes enviats per aquest SP seran signats.", + "Indicates whether the messages sent by this SP will be signed." : "Indica si es signaran els missatges enviats per aquest SP.", + "Whether the metadata should be signed." : "S’han de signar les metadades.", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Indica un requisit per a la signatura de la , i elements rebuts per aquest SP.", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Indica un requisit per a la signatura dels elements rebuts per aquest SP. [Les metadades del SP oferiran aquesta informació]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Indica un requisit perquè els elements rebuts per aquest SP es codifiquin.", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : " Indica un requisit per a l'element NameID de la resposta SAML rebuda per aquest SP per estar present.", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Indica un requisit perquè l'encriptació de nom d'aquest SP sigui xifrada.", + "Indicates if the SP will validate all received XML." : "Indica si el SP validarà tots els XML rebuts.", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS URL: codifica les dades SAML com a minúscules, i el kit d'eines per defecte usa majúscules. Activa la compatibilitat ADFS sobre la verificació de la signatura.", + "Algorithm that the toolkit will use on signing process." : "Algorisme que s'emprarà en el procés de signatura.", + "Attribute to map the UID to." : "Atribut per assignar un UID a.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Només permetre l'autenticació si hi ha un compte en un altre suport. (p. ex., LDAP)", + "Attribute to map the displayname to." : "Atribut per assignar el nom de la pantalla a.", + "Attribute to map the email address to." : "Atribut per assignar l'adreça de correu electrònic a.", + "Attribute to map the quota to." : "Atribut per mapejar la quota.", + "Attribute to map the users groups to." : "Atribut per mapejar els grups d'usuaris.", + "Attribute to map the users home to." : "Atribut per ubicar al mapa la casa dels usuaris.", + "Email address" : "Adreça de correu electrònic", + "Encrypted" : "Xifrat", + "Entity" : "Entitat", + "Kerberos" : "Kerberos", + "Persistent" : "Persistent", + "Transient" : "Transitori", + "Unspecified" : "No especificat", + "Windows domain qualified name" : "Nom qualificat del domini de Windows (FQDN)", + "X509 subject name" : "Nom X509 del subjecte", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Utilitzeu l'autenticació SAML per als clients %s (requereix una autenticació de l'usuari)", + "Optional display name of the identity provider (default: \"SSO & SAML log in\")" : "Nom de visualització opcional del proveïdor d'identitat (per defecte: “Entrada SSO i SAML\")", + "Allow the use of multiple user back-ends (e.g. LDAP)" : "Permetre l'ús de múltiples bases d'usuaris (p. ex. LDAP)", + "SSO & SAML authentication" : "Autenticació SSO & SAML", + "Authenticate using single sign-on" : "Autenticar mitjançant inici únic de sessió", + "Using the SSO & SAML app of your Nextcloud you can make it easily possible to integrate your existing Single-Sign-On solution with Nextcloud. In addition, you can use the Nextcloud LDAP user provider to keep the convenience for users. (e.g. when sharing)\nThe following providers are supported and tested at the moment:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Authentication via Environment Variable**\n\t* Kerberos (mod_auth_kerb)\n\t* Any other provider that authenticates using the environment variable\n\nWhile theoretically any other authentication provider implementing either one of those standards is compatible, we like to note that they are not part of any internal test matrix." : "Utilitzant l’app d'SSO i SAML del teu Nextcloud pots fer fàcilment possible integrar la seva solució existent d’inici únic de sessió amb Nextcloud. A més, pots utilitzar el proveïdor d'usuaris LDAP de Nextcloud per la comoditat dels usuaris. (p. ex. en compartir)\nEls proveïdors següents es dóna suport i provats actualment:\n\n * **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation serveis (ADFS)\n\n* **Autenticació mitjançant variable d’entorn**\n\t* Kerberos (mod_auth_kerb)\n\t* Qualsevol altre proveïdor que autentiqui amb una variable d'entorn\n\nMentre que teòricament qualsevol altre proveïdor d'autenticació que implementi alguna d'aquestes normes és compatible, voldríem comentar que no formen part de cap banc de proves intern.", + "Open documentation" : "Obre la documentació", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you enabled \"%s\" or you go directly to the URL %s." : "Assegureu-vos de configurar un usuari administratiu que pugui accedir a la instància via SSO. Doncs ja no serà possible accedir amb el vostre compte regular %s , a menys que activeu \"%s\" o aneu directament a l'URL %s.", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you go directly to the URL %s." : "Assegureu-vos de configurar un usuari administratiu que pugui accedir a la instància via SSO. Doncs ja no serà possible accedir amb el vostre compte regular %s , a menys que aneu directament a l'URL %s.", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Trieu si voleu autenticar amb el proveïdor de SAML incorporat a Nextcloud o si voleu autenticar-se amb una variable d'entorn.", + "Use built-in SAML authentication" : "Utilitzeu l'autenticació SAML integrada", + "Use environment variable" : "Utilitza la variable d'entorn", + "Global settings" : "Paràmetres globals", + "Remove identity provider" : "Treure proveïdor d'identitat", + "Add identity provider" : "Afegir proveïdor d'identitat", + "General" : "General", + "Service Provider Data" : "Dades del proveïdor de serveis", + "If your Service Provider should use certificates you can optionally specify them here." : "Si el vostre proveïdor de serveis ha d'utilitzar certificats, podeu especificar-los aquí.", + "Show Service Provider settings…" : "Dades del proveïdor de serveis…", + "Name ID format" : "Format del nom ID", + "Identity Provider Data" : "Dades del proveïdor de serveis", + "Configure your IdP settings here." : "Configureu aquí la configuració d'IdP.", + "Identifier of the IdP entity (must be a URI)" : "Identificador de l'entitat IdP (ha de ser un URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "Orientació URL de l'IdP on SP enviarà el missatge de sol·licitud d'autenticació", + "Show optional Identity Provider settings…" : "Dades del proveïdor de serveis…", + "URL Location of the IdP where the SP will send the SLO Request" : "Ubicació URL de l'IdP on SP enviarà la sol·licitud SLO", + "Public X.509 certificate of the IdP" : "Certificat públic X.509 de l'IdP", + "Attribute mapping" : "Mapatge d’atributs", + "If you want to optionally map attributes to the user you can configure these here." : "Si voleu assignar atributs a l'usuari opcionalment, podeu configurar-los aquí.", + "Show attribute mapping settings…" : "Mostra la configuració del mapa d'atributs…", + "Security settings" : "Paràmetres de seguretat", + "For increased security we recommend enabling the following settings if supported by your environment." : "Per a una major seguretat, us recomanem que activeu la configuració següent si l'accepta el vostre entorn.", + "Show security settings…" : "Mostra els paràmetres de seguretat…", + "Signatures and encryption offered" : "Firmes i encriptació oferts", + "Signatures and encryption required" : "S'han de signar i xifrar", + "Download metadata XML" : "Descarrega metadades XML", + "Reset settings" : "Reinicialitza els paràmetres", + "Metadata invalid" : "Les metadades no són vàlides", + "Metadata valid" : "Les metadades vàlides", + "Error" : "Error", + "Account not provisioned." : "Compte no subministrat.", + "Your account is not provisioned, access to this service is thus not possible." : "El vostre compte no està proveït, per tant, l'accés a aquest servei no és possible.", + "Login options:" : "Opcions d'inici de sessió:", + "Choose a authentication provider" : "Tria un proveïdor d'autenticació" +}, +"nplurals=2; plural=(n != 1);"); diff --git a/docker/nextcloud/custom_apps/user_saml/l10n/ca.json b/docker/nextcloud/custom_apps/user_saml/l10n/ca.json new file mode 100644 index 0000000..72dc8f7 --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/l10n/ca.json @@ -0,0 +1,86 @@ +{ "translations": { + "This user account is disabled, please contact your administrator." : "Aquest compte d'usuari està inhabilitat, contacteu amb l'administrador.", + "Saved" : "Desat", + "Provider" : "Proveïdor", + "Unknown error, please check the log file for more details." : "Error desconegut, comprovar el fitxer de registre per a més detalls.", + "Direct log in" : "Entrada directa", + "SSO & SAML log in" : "Entrada SSO i SAML", + "This page should not be visited directly." : "No s' hauria de visitar directament aquesta plana.", + "Provider " : "Proveïdor ", + "X.509 certificate of the Service Provider" : "X.509 El certificat d'aquest servidor és invàlid", + "Private key of the Service Provider" : "Clau privada del proveïdor de serveis", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Indica que la identificació del nom de la enviada per aquest SP serà xifrada.", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Indica si es signaran els missatges enviats per aquest SP. [Les metadades del SP oferiran aquesta informació]", + "Indicates whether the messages sent by this SP will be signed." : "Indica si els signes enviats per aquest SP seran signats.", + "Indicates whether the messages sent by this SP will be signed." : "Indica si es signaran els missatges enviats per aquest SP.", + "Whether the metadata should be signed." : "S’han de signar les metadades.", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Indica un requisit per a la signatura de la , i elements rebuts per aquest SP.", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Indica un requisit per a la signatura dels elements rebuts per aquest SP. [Les metadades del SP oferiran aquesta informació]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Indica un requisit perquè els elements rebuts per aquest SP es codifiquin.", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : " Indica un requisit per a l'element NameID de la resposta SAML rebuda per aquest SP per estar present.", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Indica un requisit perquè l'encriptació de nom d'aquest SP sigui xifrada.", + "Indicates if the SP will validate all received XML." : "Indica si el SP validarà tots els XML rebuts.", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS URL: codifica les dades SAML com a minúscules, i el kit d'eines per defecte usa majúscules. Activa la compatibilitat ADFS sobre la verificació de la signatura.", + "Algorithm that the toolkit will use on signing process." : "Algorisme que s'emprarà en el procés de signatura.", + "Attribute to map the UID to." : "Atribut per assignar un UID a.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Només permetre l'autenticació si hi ha un compte en un altre suport. (p. ex., LDAP)", + "Attribute to map the displayname to." : "Atribut per assignar el nom de la pantalla a.", + "Attribute to map the email address to." : "Atribut per assignar l'adreça de correu electrònic a.", + "Attribute to map the quota to." : "Atribut per mapejar la quota.", + "Attribute to map the users groups to." : "Atribut per mapejar els grups d'usuaris.", + "Attribute to map the users home to." : "Atribut per ubicar al mapa la casa dels usuaris.", + "Email address" : "Adreça de correu electrònic", + "Encrypted" : "Xifrat", + "Entity" : "Entitat", + "Kerberos" : "Kerberos", + "Persistent" : "Persistent", + "Transient" : "Transitori", + "Unspecified" : "No especificat", + "Windows domain qualified name" : "Nom qualificat del domini de Windows (FQDN)", + "X509 subject name" : "Nom X509 del subjecte", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Utilitzeu l'autenticació SAML per als clients %s (requereix una autenticació de l'usuari)", + "Optional display name of the identity provider (default: \"SSO & SAML log in\")" : "Nom de visualització opcional del proveïdor d'identitat (per defecte: “Entrada SSO i SAML\")", + "Allow the use of multiple user back-ends (e.g. LDAP)" : "Permetre l'ús de múltiples bases d'usuaris (p. ex. LDAP)", + "SSO & SAML authentication" : "Autenticació SSO & SAML", + "Authenticate using single sign-on" : "Autenticar mitjançant inici únic de sessió", + "Using the SSO & SAML app of your Nextcloud you can make it easily possible to integrate your existing Single-Sign-On solution with Nextcloud. In addition, you can use the Nextcloud LDAP user provider to keep the convenience for users. (e.g. when sharing)\nThe following providers are supported and tested at the moment:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Authentication via Environment Variable**\n\t* Kerberos (mod_auth_kerb)\n\t* Any other provider that authenticates using the environment variable\n\nWhile theoretically any other authentication provider implementing either one of those standards is compatible, we like to note that they are not part of any internal test matrix." : "Utilitzant l’app d'SSO i SAML del teu Nextcloud pots fer fàcilment possible integrar la seva solució existent d’inici únic de sessió amb Nextcloud. A més, pots utilitzar el proveïdor d'usuaris LDAP de Nextcloud per la comoditat dels usuaris. (p. ex. en compartir)\nEls proveïdors següents es dóna suport i provats actualment:\n\n * **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation serveis (ADFS)\n\n* **Autenticació mitjançant variable d’entorn**\n\t* Kerberos (mod_auth_kerb)\n\t* Qualsevol altre proveïdor que autentiqui amb una variable d'entorn\n\nMentre que teòricament qualsevol altre proveïdor d'autenticació que implementi alguna d'aquestes normes és compatible, voldríem comentar que no formen part de cap banc de proves intern.", + "Open documentation" : "Obre la documentació", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you enabled \"%s\" or you go directly to the URL %s." : "Assegureu-vos de configurar un usuari administratiu que pugui accedir a la instància via SSO. Doncs ja no serà possible accedir amb el vostre compte regular %s , a menys que activeu \"%s\" o aneu directament a l'URL %s.", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you go directly to the URL %s." : "Assegureu-vos de configurar un usuari administratiu que pugui accedir a la instància via SSO. Doncs ja no serà possible accedir amb el vostre compte regular %s , a menys que aneu directament a l'URL %s.", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Trieu si voleu autenticar amb el proveïdor de SAML incorporat a Nextcloud o si voleu autenticar-se amb una variable d'entorn.", + "Use built-in SAML authentication" : "Utilitzeu l'autenticació SAML integrada", + "Use environment variable" : "Utilitza la variable d'entorn", + "Global settings" : "Paràmetres globals", + "Remove identity provider" : "Treure proveïdor d'identitat", + "Add identity provider" : "Afegir proveïdor d'identitat", + "General" : "General", + "Service Provider Data" : "Dades del proveïdor de serveis", + "If your Service Provider should use certificates you can optionally specify them here." : "Si el vostre proveïdor de serveis ha d'utilitzar certificats, podeu especificar-los aquí.", + "Show Service Provider settings…" : "Dades del proveïdor de serveis…", + "Name ID format" : "Format del nom ID", + "Identity Provider Data" : "Dades del proveïdor de serveis", + "Configure your IdP settings here." : "Configureu aquí la configuració d'IdP.", + "Identifier of the IdP entity (must be a URI)" : "Identificador de l'entitat IdP (ha de ser un URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "Orientació URL de l'IdP on SP enviarà el missatge de sol·licitud d'autenticació", + "Show optional Identity Provider settings…" : "Dades del proveïdor de serveis…", + "URL Location of the IdP where the SP will send the SLO Request" : "Ubicació URL de l'IdP on SP enviarà la sol·licitud SLO", + "Public X.509 certificate of the IdP" : "Certificat públic X.509 de l'IdP", + "Attribute mapping" : "Mapatge d’atributs", + "If you want to optionally map attributes to the user you can configure these here." : "Si voleu assignar atributs a l'usuari opcionalment, podeu configurar-los aquí.", + "Show attribute mapping settings…" : "Mostra la configuració del mapa d'atributs…", + "Security settings" : "Paràmetres de seguretat", + "For increased security we recommend enabling the following settings if supported by your environment." : "Per a una major seguretat, us recomanem que activeu la configuració següent si l'accepta el vostre entorn.", + "Show security settings…" : "Mostra els paràmetres de seguretat…", + "Signatures and encryption offered" : "Firmes i encriptació oferts", + "Signatures and encryption required" : "S'han de signar i xifrar", + "Download metadata XML" : "Descarrega metadades XML", + "Reset settings" : "Reinicialitza els paràmetres", + "Metadata invalid" : "Les metadades no són vàlides", + "Metadata valid" : "Les metadades vàlides", + "Error" : "Error", + "Account not provisioned." : "Compte no subministrat.", + "Your account is not provisioned, access to this service is thus not possible." : "El vostre compte no està proveït, per tant, l'accés a aquest servei no és possible.", + "Login options:" : "Opcions d'inici de sessió:", + "Choose a authentication provider" : "Tria un proveïdor d'autenticació" +},"pluralForm" :"nplurals=2; plural=(n != 1);" +} \ No newline at end of file diff --git a/docker/nextcloud/custom_apps/user_saml/l10n/cs.js b/docker/nextcloud/custom_apps/user_saml/l10n/cs.js new file mode 100644 index 0000000..820862c --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/l10n/cs.js @@ -0,0 +1,89 @@ +OC.L10N.register( + "user_saml", + { + "This user account is disabled, please contact your administrator." : "Tento uživatelský účet byl znepřístupněn, obraťte se na správce.", + "Saved" : "Uloženo", + "Provider" : "Poskytovatel", + "Unknown error, please check the log file for more details." : "Neznámá chyba, podrobnosti naleznete v záznamu událostí.", + "Direct log in" : "Přímé přihlášení", + "SSO & SAML log in" : "SSO a SAML přihlášení", + "This page should not be visited directly." : "Tato stránka by neměla být zobrazována přímo.", + "Provider " : "Poskytovatel", + "X.509 certificate of the Service Provider" : "X.509 certifikát poskytovatele služby", + "Private key of the Service Provider" : "Soukromý klíč poskytovatele služby", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Značí, že nameID odeslané tímto poskytovatelem služeb bude šifrováno.", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Indikuje, zda budou zprávy odeslané tímto SP podepsané. [Tato informace bude dostupná v metadatech SP]", + "Indicates whether the messages sent by this SP will be signed." : "Indikuje, zda budou zprávy odeslané tímto SP podepsané.", + "Indicates whether the messages sent by this SP will be signed." : "Indikuje, zda budou zprávy odeslané tímto SP podepsané.", + "Whether the metadata should be signed." : "Zda mají být metadata podepisována.", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Indikuje požadavek na podepsání elementů , a ve zprávách tímto SP.", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Indikuje požadavek na podepsání elementů přijaté tímto SP. [Tato informace bude dostupná v metadatech SP]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Indikuje požadavek na šifrování elementů přijaté tímto SP.", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : " Indikuje požadavek na přítomnost elementu NameID v SAMLResponse přijaté tímto SP.", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Indikuje požadavek poskytovatele služby na přijetí NameID v zašifrované podobě.", + "Indicates if the SP will validate all received XML." : "Indikuje, zda poskytovatel služeb ověří všechna přijatá XML.", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS URL kóduje SAML data malými písmeny, a toolkit používá ve výchozím nastavení velká písmena. Povolit pro ADFS kompatibilitu pro ověření podpisu.", + "Algorithm that the toolkit will use on signing process." : "Algoritmus který sada nástrojů použije při procesu podepisování.", + "Attribute to map the UID to." : "Atribut k přiřazení UID.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Přihlášení povolit pouze pokud účet už existuje i někde jinde. (např. LDAP)", + "Attribute to map the displayname to." : "Atribut, na který se má mapovat zobrazované jméno.", + "Attribute to map the email address to." : "Atribut, na který se má mapovat e-mailová adresa.", + "Attribute to map the quota to." : "Atribut, na který namapovat kvótu.", + "Attribute to map the users groups to." : "Atribut, na který namapovat uživatelovy skupiny.", + "Attribute to map the users home to." : "Atribut, na který namapovat uživatelovu domovskou složku.", + "Email address" : "E-mailová adresa", + "Encrypted" : "Šifrováno", + "Entity" : "Entita", + "Kerberos" : "Kerberos", + "Persistent" : "Trvalé", + "Transient" : "Přechodné", + "Unspecified" : "Neurčeno", + "Windows domain qualified name" : "Úplný název domény Windows", + "X509 subject name" : "Název subjektu pro X509", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Použít SAML pro %s desktopové klienty (vyžaduje, aby se uživatele znovu přihlásil)", + "Optional display name of the identity provider (default: \"SSO & SAML log in\")" : "Volitelný zobrazovaný název poskytovatele identity (výchozí: „SSO a SAML přihlášení“)", + "Allow the use of multiple user back-ends (e.g. LDAP)" : "Povolit použití vícero podpůrných vrstev pro uživatelské účty (např. LDAP)", + "SSO & SAML authentication" : "SSO a SAML ověření", + "Authenticate using single sign-on" : "Ověřit pomocí sjednoceného přihlášení (sso)", + "Using the SSO & SAML app of your Nextcloud you can make it easily possible to integrate your existing Single-Sign-On solution with Nextcloud. In addition, you can use the Nextcloud LDAP user provider to keep the convenience for users. (e.g. when sharing)\nThe following providers are supported and tested at the moment:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Authentication via Environment Variable**\n\t* Kerberos (mod_auth_kerb)\n\t* Any other provider that authenticates using the environment variable\n\nWhile theoretically any other authentication provider implementing either one of those standards is compatible, we like to note that they are not part of any internal test matrix." : "Použitím SSO & SAML aplikace svého Nextcloud do něho můžete snadno začlenit své stávající řešení pro sjednocené přihlašování. Krom toho můžete použít Nextcloud LDAP poskytovatele uživatelů pro pohodlí uživatelů. (např. při sdílení)\nV tuto chvíli jsou podporováni a vyzkoušení tito poskytovatelé:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Ověřování prostřednictvím proměnné prostředí**\n\t* Kerberos (mod_auth_kerb)\n\t* Jakýkoli jiný poskytovatel který ověřuje pomocí proměnné prostředí\n\nByť by teoreticky mohl být podporovaný jakýkoli poskytovatel, implementující buď jednu nebo druhý z těchto standardů, rádi bychom poznamenali, že nejsou součástí mřížky interních testů.", + "Open documentation" : "Otevřít dokumentaci", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you enabled \"%s\" or you go directly to the URL %s." : "Nezapomeňte nastavit správního uživatele, který může přistupovat k instanci prostřednictvím SSO. Přihlášení vaším běžným %s účtem nadále nebude možné, pokud nezapnete „%s“ nebo nepůjdete přímo na URL %s.", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you go directly to the URL %s." : "Nezapomeňte nastavit správního uživatele který může přistupovat k instanci přes SSO. Přihlašování vaším běžným %s účtem nadále nebude možné, jedině že půjdete přímo na URL %s.", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Vyberte zda chcete ověřovat za použití dodané zabudované SAML funkce v Nextcloud nebo zda chcete ověřovat za pomoci proměnné prostředí.", + "Use built-in SAML authentication" : "Použít zabudované SAML ověření", + "Use environment variable" : "Použít hodnotu z proměnné prostředí", + "Global settings" : "Globální nastavení", + "Remove identity provider" : "Vzdálený poskytovatel identity", + "Add identity provider" : "Přidat poskytovatele identity", + "General" : "Obecné", + "Service Provider Data" : "Poskytovatel datových služeb", + "If your Service Provider should use certificates you can optionally specify them here." : "Pokud by měl váš poskytovatel služeb používat certifikáty, můžete je zde specifikovat.", + "Show Service Provider settings…" : "Zobrazit nastavení poskytovatele služeb…", + "Name ID format" : "Formát identifikátoru názvu", + "Identity Provider Data" : "Poskytovatel přihlašovacích dat", + "Configure your IdP settings here." : "Zde lze vytvořit nastavení pro poskytovatele přihlašovacích údajů.", + "Identifier of the IdP entity (must be a URI)" : "Identifikátor entity z poskytovatele identit (je třeba, aby bylo URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "Cíl URL IdP, kam SP odešle zprávu s požadavkem na ověření se", + "Show optional Identity Provider settings…" : "Zobrazit nepovinná nastavení poskytovatele přihlašovacích údajů…", + "URL Location of the IdP where the SP will send the SLO Request" : "Umístění URL IdP, kam SP odešle SLO požadavek", + "URL Location of the IDP's SLO Response" : "Umístění URL IDP, kam SLO odešle odpověď", + "Public X.509 certificate of the IdP" : "Veřejný X.509 certifikát poskytovatele přihlašovacích údajů", + "Attribute mapping" : "Mapování atributů", + "If you want to optionally map attributes to the user you can configure these here." : "Pokud chcete volitelně provést mapování atributů na uživatele, můžete to provést zde.", + "Show attribute mapping settings…" : "Zobrazit nastavení pro mapování atributů…", + "Security settings" : "Nastavení zabezpečení", + "For increased security we recommend enabling the following settings if supported by your environment." : "Pro zvýšení bezpečnosti doporučujeme povolení následujících možností, pokud jsou tyto podporovány ve vašem prostředí.", + "Show security settings…" : "Zobrazit nastavení zabezpečení…", + "Signatures and encryption offered" : "Podpisy a šifrování nabízeno", + "Signatures and encryption required" : "Podpisy a šifrování vyžadováno", + "Download metadata XML" : "Stahovat metadata XML", + "Reset settings" : "Resetovat nastavení", + "Metadata invalid" : "Metadata neplatná", + "Metadata valid" : "Metadata platná", + "Error" : "Chyba", + "Account not provisioned." : "Účet není zprovozněn.", + "Your account is not provisioned, access to this service is thus not possible." : "Váš účet ještě nebyl zprovozněn, přístup ke službě tedy ještě není možný.", + "Login options:" : "Možnosti přihlašování:", + "Choose a authentication provider" : "Zvolte poskytovatele ověřování" +}, +"nplurals=4; plural=(n == 1 && n % 1 == 0) ? 0 : (n >= 2 && n <= 4 && n % 1 == 0) ? 1: (n % 1 != 0 ) ? 2 : 3;"); diff --git a/docker/nextcloud/custom_apps/user_saml/l10n/cs.json b/docker/nextcloud/custom_apps/user_saml/l10n/cs.json new file mode 100644 index 0000000..b21569b --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/l10n/cs.json @@ -0,0 +1,87 @@ +{ "translations": { + "This user account is disabled, please contact your administrator." : "Tento uživatelský účet byl znepřístupněn, obraťte se na správce.", + "Saved" : "Uloženo", + "Provider" : "Poskytovatel", + "Unknown error, please check the log file for more details." : "Neznámá chyba, podrobnosti naleznete v záznamu událostí.", + "Direct log in" : "Přímé přihlášení", + "SSO & SAML log in" : "SSO a SAML přihlášení", + "This page should not be visited directly." : "Tato stránka by neměla být zobrazována přímo.", + "Provider " : "Poskytovatel", + "X.509 certificate of the Service Provider" : "X.509 certifikát poskytovatele služby", + "Private key of the Service Provider" : "Soukromý klíč poskytovatele služby", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Značí, že nameID odeslané tímto poskytovatelem služeb bude šifrováno.", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Indikuje, zda budou zprávy odeslané tímto SP podepsané. [Tato informace bude dostupná v metadatech SP]", + "Indicates whether the messages sent by this SP will be signed." : "Indikuje, zda budou zprávy odeslané tímto SP podepsané.", + "Indicates whether the messages sent by this SP will be signed." : "Indikuje, zda budou zprávy odeslané tímto SP podepsané.", + "Whether the metadata should be signed." : "Zda mají být metadata podepisována.", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Indikuje požadavek na podepsání elementů , a ve zprávách tímto SP.", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Indikuje požadavek na podepsání elementů přijaté tímto SP. [Tato informace bude dostupná v metadatech SP]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Indikuje požadavek na šifrování elementů přijaté tímto SP.", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : " Indikuje požadavek na přítomnost elementu NameID v SAMLResponse přijaté tímto SP.", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Indikuje požadavek poskytovatele služby na přijetí NameID v zašifrované podobě.", + "Indicates if the SP will validate all received XML." : "Indikuje, zda poskytovatel služeb ověří všechna přijatá XML.", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS URL kóduje SAML data malými písmeny, a toolkit používá ve výchozím nastavení velká písmena. Povolit pro ADFS kompatibilitu pro ověření podpisu.", + "Algorithm that the toolkit will use on signing process." : "Algoritmus který sada nástrojů použije při procesu podepisování.", + "Attribute to map the UID to." : "Atribut k přiřazení UID.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Přihlášení povolit pouze pokud účet už existuje i někde jinde. (např. LDAP)", + "Attribute to map the displayname to." : "Atribut, na který se má mapovat zobrazované jméno.", + "Attribute to map the email address to." : "Atribut, na který se má mapovat e-mailová adresa.", + "Attribute to map the quota to." : "Atribut, na který namapovat kvótu.", + "Attribute to map the users groups to." : "Atribut, na který namapovat uživatelovy skupiny.", + "Attribute to map the users home to." : "Atribut, na který namapovat uživatelovu domovskou složku.", + "Email address" : "E-mailová adresa", + "Encrypted" : "Šifrováno", + "Entity" : "Entita", + "Kerberos" : "Kerberos", + "Persistent" : "Trvalé", + "Transient" : "Přechodné", + "Unspecified" : "Neurčeno", + "Windows domain qualified name" : "Úplný název domény Windows", + "X509 subject name" : "Název subjektu pro X509", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Použít SAML pro %s desktopové klienty (vyžaduje, aby se uživatele znovu přihlásil)", + "Optional display name of the identity provider (default: \"SSO & SAML log in\")" : "Volitelný zobrazovaný název poskytovatele identity (výchozí: „SSO a SAML přihlášení“)", + "Allow the use of multiple user back-ends (e.g. LDAP)" : "Povolit použití vícero podpůrných vrstev pro uživatelské účty (např. LDAP)", + "SSO & SAML authentication" : "SSO a SAML ověření", + "Authenticate using single sign-on" : "Ověřit pomocí sjednoceného přihlášení (sso)", + "Using the SSO & SAML app of your Nextcloud you can make it easily possible to integrate your existing Single-Sign-On solution with Nextcloud. In addition, you can use the Nextcloud LDAP user provider to keep the convenience for users. (e.g. when sharing)\nThe following providers are supported and tested at the moment:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Authentication via Environment Variable**\n\t* Kerberos (mod_auth_kerb)\n\t* Any other provider that authenticates using the environment variable\n\nWhile theoretically any other authentication provider implementing either one of those standards is compatible, we like to note that they are not part of any internal test matrix." : "Použitím SSO & SAML aplikace svého Nextcloud do něho můžete snadno začlenit své stávající řešení pro sjednocené přihlašování. Krom toho můžete použít Nextcloud LDAP poskytovatele uživatelů pro pohodlí uživatelů. (např. při sdílení)\nV tuto chvíli jsou podporováni a vyzkoušení tito poskytovatelé:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Ověřování prostřednictvím proměnné prostředí**\n\t* Kerberos (mod_auth_kerb)\n\t* Jakýkoli jiný poskytovatel který ověřuje pomocí proměnné prostředí\n\nByť by teoreticky mohl být podporovaný jakýkoli poskytovatel, implementující buď jednu nebo druhý z těchto standardů, rádi bychom poznamenali, že nejsou součástí mřížky interních testů.", + "Open documentation" : "Otevřít dokumentaci", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you enabled \"%s\" or you go directly to the URL %s." : "Nezapomeňte nastavit správního uživatele, který může přistupovat k instanci prostřednictvím SSO. Přihlášení vaším běžným %s účtem nadále nebude možné, pokud nezapnete „%s“ nebo nepůjdete přímo na URL %s.", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you go directly to the URL %s." : "Nezapomeňte nastavit správního uživatele který může přistupovat k instanci přes SSO. Přihlašování vaším běžným %s účtem nadále nebude možné, jedině že půjdete přímo na URL %s.", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Vyberte zda chcete ověřovat za použití dodané zabudované SAML funkce v Nextcloud nebo zda chcete ověřovat za pomoci proměnné prostředí.", + "Use built-in SAML authentication" : "Použít zabudované SAML ověření", + "Use environment variable" : "Použít hodnotu z proměnné prostředí", + "Global settings" : "Globální nastavení", + "Remove identity provider" : "Vzdálený poskytovatel identity", + "Add identity provider" : "Přidat poskytovatele identity", + "General" : "Obecné", + "Service Provider Data" : "Poskytovatel datových služeb", + "If your Service Provider should use certificates you can optionally specify them here." : "Pokud by měl váš poskytovatel služeb používat certifikáty, můžete je zde specifikovat.", + "Show Service Provider settings…" : "Zobrazit nastavení poskytovatele služeb…", + "Name ID format" : "Formát identifikátoru názvu", + "Identity Provider Data" : "Poskytovatel přihlašovacích dat", + "Configure your IdP settings here." : "Zde lze vytvořit nastavení pro poskytovatele přihlašovacích údajů.", + "Identifier of the IdP entity (must be a URI)" : "Identifikátor entity z poskytovatele identit (je třeba, aby bylo URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "Cíl URL IdP, kam SP odešle zprávu s požadavkem na ověření se", + "Show optional Identity Provider settings…" : "Zobrazit nepovinná nastavení poskytovatele přihlašovacích údajů…", + "URL Location of the IdP where the SP will send the SLO Request" : "Umístění URL IdP, kam SP odešle SLO požadavek", + "URL Location of the IDP's SLO Response" : "Umístění URL IDP, kam SLO odešle odpověď", + "Public X.509 certificate of the IdP" : "Veřejný X.509 certifikát poskytovatele přihlašovacích údajů", + "Attribute mapping" : "Mapování atributů", + "If you want to optionally map attributes to the user you can configure these here." : "Pokud chcete volitelně provést mapování atributů na uživatele, můžete to provést zde.", + "Show attribute mapping settings…" : "Zobrazit nastavení pro mapování atributů…", + "Security settings" : "Nastavení zabezpečení", + "For increased security we recommend enabling the following settings if supported by your environment." : "Pro zvýšení bezpečnosti doporučujeme povolení následujících možností, pokud jsou tyto podporovány ve vašem prostředí.", + "Show security settings…" : "Zobrazit nastavení zabezpečení…", + "Signatures and encryption offered" : "Podpisy a šifrování nabízeno", + "Signatures and encryption required" : "Podpisy a šifrování vyžadováno", + "Download metadata XML" : "Stahovat metadata XML", + "Reset settings" : "Resetovat nastavení", + "Metadata invalid" : "Metadata neplatná", + "Metadata valid" : "Metadata platná", + "Error" : "Chyba", + "Account not provisioned." : "Účet není zprovozněn.", + "Your account is not provisioned, access to this service is thus not possible." : "Váš účet ještě nebyl zprovozněn, přístup ke službě tedy ještě není možný.", + "Login options:" : "Možnosti přihlašování:", + "Choose a authentication provider" : "Zvolte poskytovatele ověřování" +},"pluralForm" :"nplurals=4; plural=(n == 1 && n % 1 == 0) ? 0 : (n >= 2 && n <= 4 && n % 1 == 0) ? 1: (n % 1 != 0 ) ? 2 : 3;" +} \ No newline at end of file diff --git a/docker/nextcloud/custom_apps/user_saml/l10n/da.js b/docker/nextcloud/custom_apps/user_saml/l10n/da.js new file mode 100644 index 0000000..7266512 --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/l10n/da.js @@ -0,0 +1,43 @@ +OC.L10N.register( + "user_saml", + { + "This user account is disabled, please contact your administrator." : "Denne bruger konto er deaktiveret. Kontakt venligst din administrator.", + "Saved" : "Gemt", + "Provider" : "Udbyder", + "Unknown error, please check the log file for more details." : "Ukendt fejl, tjek venligst logfilen for flere detaljer.", + "Direct log in" : "Direkte login", + "SSO & SAML log in" : "SSO & SAML log in", + "Provider " : "Udbyder", + "X.509 certificate of the Service Provider" : "X.509 certifikat hos udbyderen", + "Private key of the Service Provider" : "Privat nøgle for udbyderen", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Indikerer at nameID af sendt af denne SP vil blive krypteret.", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Indikerer om beskeder sendt af denne SP vil blive underskrevet [Metadata af denne SP vil indeholde denne info]", + "Indicates whether the messages sent by this SP will be signed." : "Indikerer om sendt af denne SP vil blive underskrevet.", + "Indicates whether the messages sent by this SP will be signed." : "Indikerer om sendt af denne SP vil blive underskrevet.", + "Whether the metadata should be signed." : "Indikerer om metadata vil blive underskrevet.", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Angiver et krav til , og elementer modtaget af denne SP, der skal underskrives.", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Angiver et krav for -elementer modtaget af denne SP, der skal underskrives. [SP-metadata vil tilbyde denne info]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Angiver et krav for, at elementer modtaget af denne SP der skal krypteres.", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Angiver et krav til NameID-elementet på SAMLResponse modtaget af denne SP skal være til stede.", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Angiver et krav for, at NameID modtaget af denne SP skal krypteres.", + "Indicates if the SP will validate all received XML." : "Angiver om SP'en vil validere alle modtagne XML'er.", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS URL-koder SAML-data som små bogstaver, og værktøjet bruger som standard store bogstaver. Aktivér for ADFS-kompatibilitet ved underskriftskontrol.", + "Attribute to map the UID to." : "Egenskab til at kortlægge UID til.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Tillad kun godkendelse, hvis der findes en konto på en anden backend. (f.eks. LDAP)", + "Attribute to map the displayname to." : "Egenskab til at kortlægge visningsnavn til.", + "Attribute to map the email address to." : "Egenskab til at kortlægge e-mail-adressen til.", + "Email address" : "E-mailadresse", + "Optional display name of the identity provider (default: \"SSO & SAML log in\")" : "Valgfrit visningsnavn for identitetsudbyderen (standard: \"SSO & SAML log ind\")", + "Allow the use of multiple user back-ends (e.g. LDAP)" : "Tillad brug af flere brugerbackender (f.eks. LDAP)", + "Open documentation" : "Åbn dokumentation", + "Use environment variable" : "Brug miljøvariabel", + "Global settings" : "Globale indstillinger", + "General" : "General", + "Configure your IdP settings here." : "Indstil IdP her.", + "Security settings" : "Sikkerhedsindstillinger", + "Download metadata XML" : "Download metadata XML", + "Metadata invalid" : "Ugyldig metadata", + "Metadata valid" : "Gyldig metadata", + "Error" : "Fejl" +}, +"nplurals=2; plural=(n != 1);"); diff --git a/docker/nextcloud/custom_apps/user_saml/l10n/da.json b/docker/nextcloud/custom_apps/user_saml/l10n/da.json new file mode 100644 index 0000000..b3bd03f --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/l10n/da.json @@ -0,0 +1,41 @@ +{ "translations": { + "This user account is disabled, please contact your administrator." : "Denne bruger konto er deaktiveret. Kontakt venligst din administrator.", + "Saved" : "Gemt", + "Provider" : "Udbyder", + "Unknown error, please check the log file for more details." : "Ukendt fejl, tjek venligst logfilen for flere detaljer.", + "Direct log in" : "Direkte login", + "SSO & SAML log in" : "SSO & SAML log in", + "Provider " : "Udbyder", + "X.509 certificate of the Service Provider" : "X.509 certifikat hos udbyderen", + "Private key of the Service Provider" : "Privat nøgle for udbyderen", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Indikerer at nameID af sendt af denne SP vil blive krypteret.", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Indikerer om beskeder sendt af denne SP vil blive underskrevet [Metadata af denne SP vil indeholde denne info]", + "Indicates whether the messages sent by this SP will be signed." : "Indikerer om sendt af denne SP vil blive underskrevet.", + "Indicates whether the messages sent by this SP will be signed." : "Indikerer om sendt af denne SP vil blive underskrevet.", + "Whether the metadata should be signed." : "Indikerer om metadata vil blive underskrevet.", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Angiver et krav til , og elementer modtaget af denne SP, der skal underskrives.", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Angiver et krav for -elementer modtaget af denne SP, der skal underskrives. [SP-metadata vil tilbyde denne info]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Angiver et krav for, at elementer modtaget af denne SP der skal krypteres.", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Angiver et krav til NameID-elementet på SAMLResponse modtaget af denne SP skal være til stede.", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Angiver et krav for, at NameID modtaget af denne SP skal krypteres.", + "Indicates if the SP will validate all received XML." : "Angiver om SP'en vil validere alle modtagne XML'er.", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS URL-koder SAML-data som små bogstaver, og værktøjet bruger som standard store bogstaver. Aktivér for ADFS-kompatibilitet ved underskriftskontrol.", + "Attribute to map the UID to." : "Egenskab til at kortlægge UID til.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Tillad kun godkendelse, hvis der findes en konto på en anden backend. (f.eks. LDAP)", + "Attribute to map the displayname to." : "Egenskab til at kortlægge visningsnavn til.", + "Attribute to map the email address to." : "Egenskab til at kortlægge e-mail-adressen til.", + "Email address" : "E-mailadresse", + "Optional display name of the identity provider (default: \"SSO & SAML log in\")" : "Valgfrit visningsnavn for identitetsudbyderen (standard: \"SSO & SAML log ind\")", + "Allow the use of multiple user back-ends (e.g. LDAP)" : "Tillad brug af flere brugerbackender (f.eks. LDAP)", + "Open documentation" : "Åbn dokumentation", + "Use environment variable" : "Brug miljøvariabel", + "Global settings" : "Globale indstillinger", + "General" : "General", + "Configure your IdP settings here." : "Indstil IdP her.", + "Security settings" : "Sikkerhedsindstillinger", + "Download metadata XML" : "Download metadata XML", + "Metadata invalid" : "Ugyldig metadata", + "Metadata valid" : "Gyldig metadata", + "Error" : "Fejl" +},"pluralForm" :"nplurals=2; plural=(n != 1);" +} \ No newline at end of file diff --git a/docker/nextcloud/custom_apps/user_saml/l10n/de.js b/docker/nextcloud/custom_apps/user_saml/l10n/de.js new file mode 100644 index 0000000..d2da905 --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/l10n/de.js @@ -0,0 +1,89 @@ +OC.L10N.register( + "user_saml", + { + "This user account is disabled, please contact your administrator." : "Dieses Nutzerkonto ist deaktiviert. Bitte kontaktiere Deinen Administrator.", + "Saved" : "Gespeichert", + "Provider" : "Anbieter", + "Unknown error, please check the log file for more details." : "Unbekannter Fehler, bitte prüfe die Log-Datei für weitere Informationen.", + "Direct log in" : "Direkte Anmeldung", + "SSO & SAML log in" : "SSO- & SAML-Anmeldung", + "This page should not be visited directly." : "Diese Seite sollte nicht direkt aufgerufen werden", + "Provider " : "Anbieter", + "X.509 certificate of the Service Provider" : "X.509-Zertifikat des Service-Providers", + "Private key of the Service Provider" : "Privater Schlüssel des Diensteanbieters", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Zeigt an, dass die nameID des von diesem Diensteanbieter verschlüsselt versandt werden.", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Zeigt an, ob die von diesem Diensteanbieter gesendeten - Nachrichten signiert werden. [Die Metadaten des Diensteanbieters zeigen diese Infos an]", + "Indicates whether the messages sent by this SP will be signed." : "Zeigt an, ob die von diesem Diensteanbieter gesendeten - Nachrichten signiert werden.", + "Indicates whether the messages sent by this SP will be signed." : "Zeigt an, ob die von diesem Diensteanbieter gesendeten - Nachrichten signiert werden.", + "Whether the metadata should be signed." : "Ob die Metadaten signiert werden sollen.", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Zeigt an, dass die von diesem Diensteanbieter empfangenen , und Elemente signiert sein müssen.", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Zeigt an, dass die Elemente die von diesem Diensteanbieter empfangen wurden verschlüsselt sein müssen. [Metadaten des Diensteanbieters enthalten diese Informationen]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Zeigt an, dass die Elemente die von diesem Diensteanbieter empfangen wurden verschlüsselt sein müssen.", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Zeigt an, dass das NameID-Element der SAML-Antwort dieses Diensteanbieters vorhanden sein muss.", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Zeigt an, dass die NameID die von diesem Diensteanbieter empfangen wird verschlüsselt sein muss.", + "Indicates if the SP will validate all received XML." : "Zeigt an, ob der Diensteanbieter alles empfangene XML überprüft. ", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS kodiert SAML-URL-Daten in Kleinbuchstaben und das Toolkit nutzt als Standard Großbuchstaben. Diese Option für ADFS-Kompatibilität bei Signatur-Überprüfung aktivieren.", + "Algorithm that the toolkit will use on signing process." : "Algorithmus, den das Toolkit beim Signieren verwendet.", + "Attribute to map the UID to." : "Attribut dem die UID zugeordnet werden soll.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Anmeldung nur erlauben, wenn ein Konto auf einem anderen Backend vorhanden ist (z.B. LDAP)", + "Attribute to map the displayname to." : "Attribut dem der Anzeigename zugeordnet werden soll.", + "Attribute to map the email address to." : "Attribut dem die E-Mail-Adresse zugeordnet werden soll.", + "Attribute to map the quota to." : "Attribut, dem das Kontingent zugeordnet werden soll.", + "Attribute to map the users groups to." : "Attribut, dem die Gruppen des Benutzers zugeordnet werden sollen.", + "Attribute to map the users home to." : "Attribut dem das zu Hause des Benutzers zugeordnet werden soll.", + "Email address" : "E-Mail-Adresse", + "Encrypted" : "Verschlüsselt", + "Entity" : "Einheit", + "Kerberos" : "Kerberos", + "Persistent" : "Dauerhaft", + "Transient" : "Flüchtig", + "Unspecified" : "Nicht spezifiziert", + "Windows domain qualified name" : "Windows-Domäne qualifizierter Name", + "X509 subject name" : "X509-Subjektname ", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "SAML-Autorisierung für die %s Desktop-Clients nutzen (erfordert eine Neu-Autorisierung der Benutzer)", + "Optional display name of the identity provider (default: \"SSO & SAML log in\")" : "Optional den Namen des Identitätsanbieters anzeigen (Standard: \"SSO- & SAML-Anmeldung\")", + "Allow the use of multiple user back-ends (e.g. LDAP)" : "Die Verwendung von mehreren Benutzerverwaltungen erlauben (z. B. LDAP)", + "SSO & SAML authentication" : "SSO & SAML-Autorisierung", + "Authenticate using single sign-on" : "Authentifizieren mit Single-Sign-On", + "Using the SSO & SAML app of your Nextcloud you can make it easily possible to integrate your existing Single-Sign-On solution with Nextcloud. In addition, you can use the Nextcloud LDAP user provider to keep the convenience for users. (e.g. when sharing)\nThe following providers are supported and tested at the moment:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Authentication via Environment Variable**\n\t* Kerberos (mod_auth_kerb)\n\t* Any other provider that authenticates using the environment variable\n\nWhile theoretically any other authentication provider implementing either one of those standards is compatible, we like to note that they are not part of any internal test matrix." : "Die SSO-&-SAML-App ermöglicht es, Deine bereits bestehende Single-Sign-On-Lösung einfach in Nextcloud zu integrieren. Ausserdem kann der Nextcloud-LDAP-Nutzer-Anbieter verwendet werden, um es den Nutzern (z. B. beim Teilen) besonders einfach zu machen.\nBislang werden folgende Anbieter unterstützt und sind getestet:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Anmeldung über Umgebungsvariable**\n\t* Kerberos (mod_auth_kerb)\n\t* Alle anderen Anbieter, die die Umgebungsvariable verwenden\n\nObwohl theoretisch jeder andere Anmeldungsanbieter, der einen der Standards implementiert hat, verwendet werden kann, weisen wir darauf hin, dass diese anderen Anbieter nicht in unserer Testmatrix berücksichtigt werden.", + "Open documentation" : "Dokumentation öffnen", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you enabled \"%s\" or you go directly to the URL %s." : "Es muss ein Benutzer mit Administrator-Rechten vorhanden sein, der sich mittels SSO anmelden kann. Eine Anmeldung mit Deinem normalen Zugang %s ist dann nicht mehr möglich, außer Du hast \"%s\" aktiviert oder Du gehst Direkt zur URL %s .", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you go directly to the URL %s." : "Es muss ein Benutzer mit Administrator-Rechten vorhanden sein, der sich mittels SSO anmelden kann. Eine Anmeldung mit Deinem normalen Zugang %s ist dann nicht mehr möglich, es sei denn, Du gehst direkt zur URL %s.", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Bitte auswählen ob die Autorisierung mittels in Nextcloud integriertem SAML oder gegen eine Umgebungsvariable erfolgen soll.", + "Use built-in SAML authentication" : "Integrierte SAML-Autorisierung benutzen", + "Use environment variable" : "Umgebungsvariable benutzen", + "Global settings" : "Globale Einstellungen", + "Remove identity provider" : "Autorisierungsdienst entfernen", + "Add identity provider" : "Autorisierungsdienst hinzufügen", + "General" : "Allgemein", + "Service Provider Data" : "Diensteanbieter-Daten", + "If your Service Provider should use certificates you can optionally specify them here." : "Sollte dein Diensteanbieter Zertifikate benutzen, dann hast du hier die Möglichkeit diese anzugeben.", + "Show Service Provider settings…" : "Zeige die Diensteanbieter-Einstellungen…", + "Name ID format" : "Name-ID-Format", + "Identity Provider Data" : "Daten des Autorisierungsdienstes", + "Configure your IdP settings here." : "Autorisierungsdiensteinstellungen hier konfigurieren.", + "Identifier of the IdP entity (must be a URI)" : "Identifikationsmerkmal des Autorisierungsdienstes (muss URI sein)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "URL-Ziel des Autorisierungsdienstes an den der Dienstanbieter die Anmeldungsanfrage senden soll", + "Show optional Identity Provider settings…" : "Zeige optionale Autorisierungsdienst-Einstellungen", + "URL Location of the IdP where the SP will send the SLO Request" : "URL-Adresse des Autorisierungsdienstes an den der Diensteanbieter die SLO-Anfrage senden soll", + "URL Location of the IDP's SLO Response" : "URL-Adresse der SLO-Antwort des Autorisierungsdienstes", + "Public X.509 certificate of the IdP" : "Öffentliches X.509-Zertifikat des Autorisierungsdienstes", + "Attribute mapping" : "Attribute zuordnen", + "If you want to optionally map attributes to the user you can configure these here." : "Wenn Du optional Attribute dem Benutzer zuordnen möchtest, kannst Du dies hier einstellen.", + "Show attribute mapping settings…" : "Einstellungen der Attribute-Zuordnung anzeigen… ", + "Security settings" : "Sicherheitseinstellungen", + "For increased security we recommend enabling the following settings if supported by your environment." : "Um die Sicherheit zu erhöhen empfehlen wir die nachfolgenden Einstellungen, soweit diese von Deiner Installation unterstützt werden.", + "Show security settings…" : "Zeige Sicherheitseinstellungen… ", + "Signatures and encryption offered" : "Signaturen und Verschlüsselung werden angeboten", + "Signatures and encryption required" : "Signaturen und Verschlüsselung erforderlich", + "Download metadata XML" : "Lade Metadaten-XML herunter", + "Reset settings" : "Einstellungen zurücksetzen", + "Metadata invalid" : "Metadaten ungültig", + "Metadata valid" : "Metadaten gültig", + "Error" : "Fehler", + "Account not provisioned." : "Konto nicht bereitgestellt.", + "Your account is not provisioned, access to this service is thus not possible." : "Dein Konto wird nicht bereitgestellt. Der Zugriff ist daher nicht möglich.", + "Login options:" : "Anmeldeoptionen:", + "Choose a authentication provider" : "Einen Authentifizierungsanbieter auswählen" +}, +"nplurals=2; plural=(n != 1);"); diff --git a/docker/nextcloud/custom_apps/user_saml/l10n/de.json b/docker/nextcloud/custom_apps/user_saml/l10n/de.json new file mode 100644 index 0000000..d25c80f --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/l10n/de.json @@ -0,0 +1,87 @@ +{ "translations": { + "This user account is disabled, please contact your administrator." : "Dieses Nutzerkonto ist deaktiviert. Bitte kontaktiere Deinen Administrator.", + "Saved" : "Gespeichert", + "Provider" : "Anbieter", + "Unknown error, please check the log file for more details." : "Unbekannter Fehler, bitte prüfe die Log-Datei für weitere Informationen.", + "Direct log in" : "Direkte Anmeldung", + "SSO & SAML log in" : "SSO- & SAML-Anmeldung", + "This page should not be visited directly." : "Diese Seite sollte nicht direkt aufgerufen werden", + "Provider " : "Anbieter", + "X.509 certificate of the Service Provider" : "X.509-Zertifikat des Service-Providers", + "Private key of the Service Provider" : "Privater Schlüssel des Diensteanbieters", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Zeigt an, dass die nameID des von diesem Diensteanbieter verschlüsselt versandt werden.", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Zeigt an, ob die von diesem Diensteanbieter gesendeten - Nachrichten signiert werden. [Die Metadaten des Diensteanbieters zeigen diese Infos an]", + "Indicates whether the messages sent by this SP will be signed." : "Zeigt an, ob die von diesem Diensteanbieter gesendeten - Nachrichten signiert werden.", + "Indicates whether the messages sent by this SP will be signed." : "Zeigt an, ob die von diesem Diensteanbieter gesendeten - Nachrichten signiert werden.", + "Whether the metadata should be signed." : "Ob die Metadaten signiert werden sollen.", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Zeigt an, dass die von diesem Diensteanbieter empfangenen , und Elemente signiert sein müssen.", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Zeigt an, dass die Elemente die von diesem Diensteanbieter empfangen wurden verschlüsselt sein müssen. [Metadaten des Diensteanbieters enthalten diese Informationen]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Zeigt an, dass die Elemente die von diesem Diensteanbieter empfangen wurden verschlüsselt sein müssen.", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Zeigt an, dass das NameID-Element der SAML-Antwort dieses Diensteanbieters vorhanden sein muss.", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Zeigt an, dass die NameID die von diesem Diensteanbieter empfangen wird verschlüsselt sein muss.", + "Indicates if the SP will validate all received XML." : "Zeigt an, ob der Diensteanbieter alles empfangene XML überprüft. ", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS kodiert SAML-URL-Daten in Kleinbuchstaben und das Toolkit nutzt als Standard Großbuchstaben. Diese Option für ADFS-Kompatibilität bei Signatur-Überprüfung aktivieren.", + "Algorithm that the toolkit will use on signing process." : "Algorithmus, den das Toolkit beim Signieren verwendet.", + "Attribute to map the UID to." : "Attribut dem die UID zugeordnet werden soll.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Anmeldung nur erlauben, wenn ein Konto auf einem anderen Backend vorhanden ist (z.B. LDAP)", + "Attribute to map the displayname to." : "Attribut dem der Anzeigename zugeordnet werden soll.", + "Attribute to map the email address to." : "Attribut dem die E-Mail-Adresse zugeordnet werden soll.", + "Attribute to map the quota to." : "Attribut, dem das Kontingent zugeordnet werden soll.", + "Attribute to map the users groups to." : "Attribut, dem die Gruppen des Benutzers zugeordnet werden sollen.", + "Attribute to map the users home to." : "Attribut dem das zu Hause des Benutzers zugeordnet werden soll.", + "Email address" : "E-Mail-Adresse", + "Encrypted" : "Verschlüsselt", + "Entity" : "Einheit", + "Kerberos" : "Kerberos", + "Persistent" : "Dauerhaft", + "Transient" : "Flüchtig", + "Unspecified" : "Nicht spezifiziert", + "Windows domain qualified name" : "Windows-Domäne qualifizierter Name", + "X509 subject name" : "X509-Subjektname ", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "SAML-Autorisierung für die %s Desktop-Clients nutzen (erfordert eine Neu-Autorisierung der Benutzer)", + "Optional display name of the identity provider (default: \"SSO & SAML log in\")" : "Optional den Namen des Identitätsanbieters anzeigen (Standard: \"SSO- & SAML-Anmeldung\")", + "Allow the use of multiple user back-ends (e.g. LDAP)" : "Die Verwendung von mehreren Benutzerverwaltungen erlauben (z. B. LDAP)", + "SSO & SAML authentication" : "SSO & SAML-Autorisierung", + "Authenticate using single sign-on" : "Authentifizieren mit Single-Sign-On", + "Using the SSO & SAML app of your Nextcloud you can make it easily possible to integrate your existing Single-Sign-On solution with Nextcloud. In addition, you can use the Nextcloud LDAP user provider to keep the convenience for users. (e.g. when sharing)\nThe following providers are supported and tested at the moment:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Authentication via Environment Variable**\n\t* Kerberos (mod_auth_kerb)\n\t* Any other provider that authenticates using the environment variable\n\nWhile theoretically any other authentication provider implementing either one of those standards is compatible, we like to note that they are not part of any internal test matrix." : "Die SSO-&-SAML-App ermöglicht es, Deine bereits bestehende Single-Sign-On-Lösung einfach in Nextcloud zu integrieren. Ausserdem kann der Nextcloud-LDAP-Nutzer-Anbieter verwendet werden, um es den Nutzern (z. B. beim Teilen) besonders einfach zu machen.\nBislang werden folgende Anbieter unterstützt und sind getestet:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Anmeldung über Umgebungsvariable**\n\t* Kerberos (mod_auth_kerb)\n\t* Alle anderen Anbieter, die die Umgebungsvariable verwenden\n\nObwohl theoretisch jeder andere Anmeldungsanbieter, der einen der Standards implementiert hat, verwendet werden kann, weisen wir darauf hin, dass diese anderen Anbieter nicht in unserer Testmatrix berücksichtigt werden.", + "Open documentation" : "Dokumentation öffnen", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you enabled \"%s\" or you go directly to the URL %s." : "Es muss ein Benutzer mit Administrator-Rechten vorhanden sein, der sich mittels SSO anmelden kann. Eine Anmeldung mit Deinem normalen Zugang %s ist dann nicht mehr möglich, außer Du hast \"%s\" aktiviert oder Du gehst Direkt zur URL %s .", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you go directly to the URL %s." : "Es muss ein Benutzer mit Administrator-Rechten vorhanden sein, der sich mittels SSO anmelden kann. Eine Anmeldung mit Deinem normalen Zugang %s ist dann nicht mehr möglich, es sei denn, Du gehst direkt zur URL %s.", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Bitte auswählen ob die Autorisierung mittels in Nextcloud integriertem SAML oder gegen eine Umgebungsvariable erfolgen soll.", + "Use built-in SAML authentication" : "Integrierte SAML-Autorisierung benutzen", + "Use environment variable" : "Umgebungsvariable benutzen", + "Global settings" : "Globale Einstellungen", + "Remove identity provider" : "Autorisierungsdienst entfernen", + "Add identity provider" : "Autorisierungsdienst hinzufügen", + "General" : "Allgemein", + "Service Provider Data" : "Diensteanbieter-Daten", + "If your Service Provider should use certificates you can optionally specify them here." : "Sollte dein Diensteanbieter Zertifikate benutzen, dann hast du hier die Möglichkeit diese anzugeben.", + "Show Service Provider settings…" : "Zeige die Diensteanbieter-Einstellungen…", + "Name ID format" : "Name-ID-Format", + "Identity Provider Data" : "Daten des Autorisierungsdienstes", + "Configure your IdP settings here." : "Autorisierungsdiensteinstellungen hier konfigurieren.", + "Identifier of the IdP entity (must be a URI)" : "Identifikationsmerkmal des Autorisierungsdienstes (muss URI sein)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "URL-Ziel des Autorisierungsdienstes an den der Dienstanbieter die Anmeldungsanfrage senden soll", + "Show optional Identity Provider settings…" : "Zeige optionale Autorisierungsdienst-Einstellungen", + "URL Location of the IdP where the SP will send the SLO Request" : "URL-Adresse des Autorisierungsdienstes an den der Diensteanbieter die SLO-Anfrage senden soll", + "URL Location of the IDP's SLO Response" : "URL-Adresse der SLO-Antwort des Autorisierungsdienstes", + "Public X.509 certificate of the IdP" : "Öffentliches X.509-Zertifikat des Autorisierungsdienstes", + "Attribute mapping" : "Attribute zuordnen", + "If you want to optionally map attributes to the user you can configure these here." : "Wenn Du optional Attribute dem Benutzer zuordnen möchtest, kannst Du dies hier einstellen.", + "Show attribute mapping settings…" : "Einstellungen der Attribute-Zuordnung anzeigen… ", + "Security settings" : "Sicherheitseinstellungen", + "For increased security we recommend enabling the following settings if supported by your environment." : "Um die Sicherheit zu erhöhen empfehlen wir die nachfolgenden Einstellungen, soweit diese von Deiner Installation unterstützt werden.", + "Show security settings…" : "Zeige Sicherheitseinstellungen… ", + "Signatures and encryption offered" : "Signaturen und Verschlüsselung werden angeboten", + "Signatures and encryption required" : "Signaturen und Verschlüsselung erforderlich", + "Download metadata XML" : "Lade Metadaten-XML herunter", + "Reset settings" : "Einstellungen zurücksetzen", + "Metadata invalid" : "Metadaten ungültig", + "Metadata valid" : "Metadaten gültig", + "Error" : "Fehler", + "Account not provisioned." : "Konto nicht bereitgestellt.", + "Your account is not provisioned, access to this service is thus not possible." : "Dein Konto wird nicht bereitgestellt. Der Zugriff ist daher nicht möglich.", + "Login options:" : "Anmeldeoptionen:", + "Choose a authentication provider" : "Einen Authentifizierungsanbieter auswählen" +},"pluralForm" :"nplurals=2; plural=(n != 1);" +} \ No newline at end of file diff --git a/docker/nextcloud/custom_apps/user_saml/l10n/de_DE.js b/docker/nextcloud/custom_apps/user_saml/l10n/de_DE.js new file mode 100644 index 0000000..10bfe75 --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/l10n/de_DE.js @@ -0,0 +1,89 @@ +OC.L10N.register( + "user_saml", + { + "This user account is disabled, please contact your administrator." : "Dieses Nutzerkonto ist deaktiviert. Bitte kontaktieren Sie Ihren Administrator.", + "Saved" : "Gespeichert", + "Provider" : "Anbieter", + "Unknown error, please check the log file for more details." : "Unbekannter Fehler, bitte prüfen Sie die Log-Datei für weitere Informationen.", + "Direct log in" : "Direkte Anmeldung", + "SSO & SAML log in" : "SSO- & SAML-Anmeldung", + "This page should not be visited directly." : "Diese Seite sollte nicht direkt aufgerufen werden.", + "Provider " : "Anbieter", + "X.509 certificate of the Service Provider" : "X.509-Zertifikat des Diensteanbieters", + "Private key of the Service Provider" : "Privater Schlüssel des Diensteanbieters", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Zeigt an, dass die nameID des von diesem Diensteanbieter verschlüsselt versandt werden.", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Zeigt an, ob die von diesem Diensteanbieter gesendeten - Nachrichten signiert werden. [Die Metadaten des Diensteanbieters zeigen diese Infos an]", + "Indicates whether the messages sent by this SP will be signed." : "Erfordert, dass die von diesem Diensteanbieter gesendeten Nachrichten signiert werden.", + "Indicates whether the messages sent by this SP will be signed." : "Zeigt an, ob die von diesem Diensteanbieter gesendeten Nachrichten signiert werden.", + "Whether the metadata should be signed." : "Gibt an, ob die Metadaten signiert werden sollen.", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Zeigt an, dass die von diesem SP empfangenen Elemente , und signiert werden müssen.", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Erfordert, dass die Elemente, die von diesem Diensteanbieter empfangen wurden, verschlüsselt sein müssen. [Metadaten des Diensteanbieters enthalten diese Informationen]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Erfordert, dass die Elemente, die von diesem Diensteanbieter empfangen wurden, verschlüsselt sein müssen.", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Erfordert, dass das NameID-Element der SAML-Antwort dieses Diensteanbieters vorhanden sein muss.", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Erfordert, dass die NameID, die von diesem Diensteanbieter empfangen wird, verschlüsselt sein muss.", + "Indicates if the SP will validate all received XML." : "Gibt an, ob der Diensteanbieter alle empfangenen XML-Inhalte überprüft.", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS kodiert SAML-URL-Daten in Kleinbuchstaben und das Toolkit nutzt als Standard Großbuchstaben. Diese Option für ADFS-Kompatibilität bei Signatur-Überprüfung aktivieren.", + "Algorithm that the toolkit will use on signing process." : "Algorithmus, den das Toolkit beim Signieren verwendet.", + "Attribute to map the UID to." : "Attribut dem die UID zugeordnet werden soll.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Anmeldung nur erlauben, wenn ein Konto auf einem anderen Backend vorhanden ist (z.B. LDAP)", + "Attribute to map the displayname to." : "Attribut dem der Anzeigename zugeordnet werden soll.", + "Attribute to map the email address to." : "Attribut dem die E-Mail-Adresse zugeordnet werden soll.", + "Attribute to map the quota to." : "Attribut, dem das Speicherkontingent zugeordnet werden soll.", + "Attribute to map the users groups to." : "Attribut, dem die Gruppen des Benutzers zugeordnet werden sollen.", + "Attribute to map the users home to." : "Attribut dem das zu Hause des Benutzers zugeordnet werden soll.", + "Email address" : "E-Mail-Adresse", + "Encrypted" : "Verschlüsselt", + "Entity" : "Einheit", + "Kerberos" : "Kerberos", + "Persistent" : "Dauerhaft", + "Transient" : "Flüchtig", + "Unspecified" : "Nicht spezifiziert", + "Windows domain qualified name" : "Windows-Domäne qualifizierter Name", + "X509 subject name" : "X509-Subjektname ", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "SAML-Autorisierung für die %s Desktop-Clients nutzen (erfordert eine Neu-Autorisierung der Benutzer)", + "Optional display name of the identity provider (default: \"SSO & SAML log in\")" : "Optional den Namen des Identitätsanbieters anzeigen (Standard: \"SSO- & SAML-Anmeldung\")", + "Allow the use of multiple user back-ends (e.g. LDAP)" : "Die Verwendung von mehreren Benutzerverwaltungen erlauben (z. B. LDAP)", + "SSO & SAML authentication" : "SSO & SAML-Autorisierung", + "Authenticate using single sign-on" : "Authentifizieren mit Single-Sign-On", + "Using the SSO & SAML app of your Nextcloud you can make it easily possible to integrate your existing Single-Sign-On solution with Nextcloud. In addition, you can use the Nextcloud LDAP user provider to keep the convenience for users. (e.g. when sharing)\nThe following providers are supported and tested at the moment:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Authentication via Environment Variable**\n\t* Kerberos (mod_auth_kerb)\n\t* Any other provider that authenticates using the environment variable\n\nWhile theoretically any other authentication provider implementing either one of those standards is compatible, we like to note that they are not part of any internal test matrix." : "Die SSO & SAML-App ermöglicht es Ihre bereits bestehende Singl-Sign-On-Lösung einfach in Nextcloud zu integrieren. Ausserdem kann der Nextcloud LDAP-Nutzer-Anbieter verwendet werden, um es den Nutzern (z.B. beim eilen) besonders einfach zu machen.\nBislang werden folgende Anbieter unterstützt und sind getestet:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Anmeldung über Umgebungsvariable**\n\t* Kerberos (mod_auth_kerb)\n\t* Alle anderen Anbieter, die die Umgebungsvariable verwenden\n\nObwohl theoretisch jeder andere Anmeldungs-Anbieter der einen der Standards implementiert hat verwendet werden kann, weisen wir darauf hin, dass diese anderen Anbieter nicht in unserer Test-Matrix berücksichtigt werden.", + "Open documentation" : "Dokumentation öffnen", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you enabled \"%s\" or you go directly to the URL %s." : "Es muss ein Benutzer mit Administrator-Rechten vorhanden sein, der sich mittels SSO anmelden kann. Eine Anmeldung mit Ihrem normalen Zugang %s ist dann nicht mehr möglich, außer Sie haben \"%s\" aktiviert oder Sie gehen direkt zur URL %s.", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you go directly to the URL %s." : "Es muss ein Benutzer mit Administrator-Rechten vorhanden sein, der sich mittels SSO anmelden kann. Eine Anmeldung mit ihrem normalen Zugang %s ist dann nicht mehr möglich, es sei denn, Sie gehen direkt zur URL %s.", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Bitte auswählen ob die Autorisierung mittels in Nextcloud integriertem SAML oder gegen eine Umgebungsvariable erfolgen soll.", + "Use built-in SAML authentication" : "Integrierte SAML-Autorisierung benutzen", + "Use environment variable" : "Umgebungsvariable benutzen", + "Global settings" : "Globale Einstellungen", + "Remove identity provider" : "Autorisierungsdienst entfernen", + "Add identity provider" : "Autorisierungsdienst hinzufügen", + "General" : "Allgemein", + "Service Provider Data" : "Diensteanbieter-Daten", + "If your Service Provider should use certificates you can optionally specify them here." : "Sollte Ihr Diensteanbieter Zertifikate benutzen dann haben Sie hier die Möglichkeit diese anzugeben.", + "Show Service Provider settings…" : "Zeige die Diensteanbieter-Einstellungen…", + "Name ID format" : "Name-ID-Format", + "Identity Provider Data" : "Daten des Autorisierungsdienstes", + "Configure your IdP settings here." : "Autorisierungsdienst-Einstellungen hier konfigurieren.", + "Identifier of the IdP entity (must be a URI)" : "Identifikationsmerkmal des Autorisierungsdienstes (muss URI sein)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "URL-Ziel des Autorisierungsdienstes an den der Diensteanbieter die Anmeldungsanfrage senden soll", + "Show optional Identity Provider settings…" : "Zeige optionale Autorisierungsdienst-Einstellungen", + "URL Location of the IdP where the SP will send the SLO Request" : "URL-Adresse des Autorisierungsdienstes an den der Diensteanbieter die SLO-Anfrage senden soll", + "URL Location of the IDP's SLO Response" : "URL-Adresse der SLO-Antwort des Autorisierungsdienstes", + "Public X.509 certificate of the IdP" : "Öffentliches X.509-Zertifikat des Autorisierungsdienstes", + "Attribute mapping" : "Attribute zuordnen", + "If you want to optionally map attributes to the user you can configure these here." : "Wenn Sie optional Attribute dem Benutzer zuordnen möchten, können Sie dies hier einstellen.", + "Show attribute mapping settings…" : "Einstellungen der Attribute-Zuordnung anzeigen… ", + "Security settings" : "Sicherheitseinstellungen", + "For increased security we recommend enabling the following settings if supported by your environment." : "Um die Sicherheit zu erhöhen empfehlen wir die nachfolgenden Einstellungen, soweit diese von Ihrer Installation unterstützt werden.", + "Show security settings…" : "Zeige Sicherheitseinstellungen… ", + "Signatures and encryption offered" : "Signaturen und Verschlüsselung werden angeboten", + "Signatures and encryption required" : "Signaturen und Verschlüsselung erforderlich", + "Download metadata XML" : "Lade Metadaten-XML herunter", + "Reset settings" : "Einstellungen zurücksetzen", + "Metadata invalid" : "Metadaten ungültig", + "Metadata valid" : "Metadaten gültig", + "Error" : "Fehler", + "Account not provisioned." : "Konto nicht bereitgestellt.", + "Your account is not provisioned, access to this service is thus not possible." : "Ihr Konto wird nicht bereitgestellt. Der Zugriff ist daher nicht möglich.", + "Login options:" : "Anmeldeoptionen:", + "Choose a authentication provider" : "Einen Authentifizierungsanbieter auswählen" +}, +"nplurals=2; plural=(n != 1);"); diff --git a/docker/nextcloud/custom_apps/user_saml/l10n/de_DE.json b/docker/nextcloud/custom_apps/user_saml/l10n/de_DE.json new file mode 100644 index 0000000..98c2075 --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/l10n/de_DE.json @@ -0,0 +1,87 @@ +{ "translations": { + "This user account is disabled, please contact your administrator." : "Dieses Nutzerkonto ist deaktiviert. Bitte kontaktieren Sie Ihren Administrator.", + "Saved" : "Gespeichert", + "Provider" : "Anbieter", + "Unknown error, please check the log file for more details." : "Unbekannter Fehler, bitte prüfen Sie die Log-Datei für weitere Informationen.", + "Direct log in" : "Direkte Anmeldung", + "SSO & SAML log in" : "SSO- & SAML-Anmeldung", + "This page should not be visited directly." : "Diese Seite sollte nicht direkt aufgerufen werden.", + "Provider " : "Anbieter", + "X.509 certificate of the Service Provider" : "X.509-Zertifikat des Diensteanbieters", + "Private key of the Service Provider" : "Privater Schlüssel des Diensteanbieters", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Zeigt an, dass die nameID des von diesem Diensteanbieter verschlüsselt versandt werden.", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Zeigt an, ob die von diesem Diensteanbieter gesendeten - Nachrichten signiert werden. [Die Metadaten des Diensteanbieters zeigen diese Infos an]", + "Indicates whether the messages sent by this SP will be signed." : "Erfordert, dass die von diesem Diensteanbieter gesendeten Nachrichten signiert werden.", + "Indicates whether the messages sent by this SP will be signed." : "Zeigt an, ob die von diesem Diensteanbieter gesendeten Nachrichten signiert werden.", + "Whether the metadata should be signed." : "Gibt an, ob die Metadaten signiert werden sollen.", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Zeigt an, dass die von diesem SP empfangenen Elemente , und signiert werden müssen.", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Erfordert, dass die Elemente, die von diesem Diensteanbieter empfangen wurden, verschlüsselt sein müssen. [Metadaten des Diensteanbieters enthalten diese Informationen]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Erfordert, dass die Elemente, die von diesem Diensteanbieter empfangen wurden, verschlüsselt sein müssen.", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Erfordert, dass das NameID-Element der SAML-Antwort dieses Diensteanbieters vorhanden sein muss.", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Erfordert, dass die NameID, die von diesem Diensteanbieter empfangen wird, verschlüsselt sein muss.", + "Indicates if the SP will validate all received XML." : "Gibt an, ob der Diensteanbieter alle empfangenen XML-Inhalte überprüft.", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS kodiert SAML-URL-Daten in Kleinbuchstaben und das Toolkit nutzt als Standard Großbuchstaben. Diese Option für ADFS-Kompatibilität bei Signatur-Überprüfung aktivieren.", + "Algorithm that the toolkit will use on signing process." : "Algorithmus, den das Toolkit beim Signieren verwendet.", + "Attribute to map the UID to." : "Attribut dem die UID zugeordnet werden soll.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Anmeldung nur erlauben, wenn ein Konto auf einem anderen Backend vorhanden ist (z.B. LDAP)", + "Attribute to map the displayname to." : "Attribut dem der Anzeigename zugeordnet werden soll.", + "Attribute to map the email address to." : "Attribut dem die E-Mail-Adresse zugeordnet werden soll.", + "Attribute to map the quota to." : "Attribut, dem das Speicherkontingent zugeordnet werden soll.", + "Attribute to map the users groups to." : "Attribut, dem die Gruppen des Benutzers zugeordnet werden sollen.", + "Attribute to map the users home to." : "Attribut dem das zu Hause des Benutzers zugeordnet werden soll.", + "Email address" : "E-Mail-Adresse", + "Encrypted" : "Verschlüsselt", + "Entity" : "Einheit", + "Kerberos" : "Kerberos", + "Persistent" : "Dauerhaft", + "Transient" : "Flüchtig", + "Unspecified" : "Nicht spezifiziert", + "Windows domain qualified name" : "Windows-Domäne qualifizierter Name", + "X509 subject name" : "X509-Subjektname ", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "SAML-Autorisierung für die %s Desktop-Clients nutzen (erfordert eine Neu-Autorisierung der Benutzer)", + "Optional display name of the identity provider (default: \"SSO & SAML log in\")" : "Optional den Namen des Identitätsanbieters anzeigen (Standard: \"SSO- & SAML-Anmeldung\")", + "Allow the use of multiple user back-ends (e.g. LDAP)" : "Die Verwendung von mehreren Benutzerverwaltungen erlauben (z. B. LDAP)", + "SSO & SAML authentication" : "SSO & SAML-Autorisierung", + "Authenticate using single sign-on" : "Authentifizieren mit Single-Sign-On", + "Using the SSO & SAML app of your Nextcloud you can make it easily possible to integrate your existing Single-Sign-On solution with Nextcloud. In addition, you can use the Nextcloud LDAP user provider to keep the convenience for users. (e.g. when sharing)\nThe following providers are supported and tested at the moment:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Authentication via Environment Variable**\n\t* Kerberos (mod_auth_kerb)\n\t* Any other provider that authenticates using the environment variable\n\nWhile theoretically any other authentication provider implementing either one of those standards is compatible, we like to note that they are not part of any internal test matrix." : "Die SSO & SAML-App ermöglicht es Ihre bereits bestehende Singl-Sign-On-Lösung einfach in Nextcloud zu integrieren. Ausserdem kann der Nextcloud LDAP-Nutzer-Anbieter verwendet werden, um es den Nutzern (z.B. beim eilen) besonders einfach zu machen.\nBislang werden folgende Anbieter unterstützt und sind getestet:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Anmeldung über Umgebungsvariable**\n\t* Kerberos (mod_auth_kerb)\n\t* Alle anderen Anbieter, die die Umgebungsvariable verwenden\n\nObwohl theoretisch jeder andere Anmeldungs-Anbieter der einen der Standards implementiert hat verwendet werden kann, weisen wir darauf hin, dass diese anderen Anbieter nicht in unserer Test-Matrix berücksichtigt werden.", + "Open documentation" : "Dokumentation öffnen", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you enabled \"%s\" or you go directly to the URL %s." : "Es muss ein Benutzer mit Administrator-Rechten vorhanden sein, der sich mittels SSO anmelden kann. Eine Anmeldung mit Ihrem normalen Zugang %s ist dann nicht mehr möglich, außer Sie haben \"%s\" aktiviert oder Sie gehen direkt zur URL %s.", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you go directly to the URL %s." : "Es muss ein Benutzer mit Administrator-Rechten vorhanden sein, der sich mittels SSO anmelden kann. Eine Anmeldung mit ihrem normalen Zugang %s ist dann nicht mehr möglich, es sei denn, Sie gehen direkt zur URL %s.", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Bitte auswählen ob die Autorisierung mittels in Nextcloud integriertem SAML oder gegen eine Umgebungsvariable erfolgen soll.", + "Use built-in SAML authentication" : "Integrierte SAML-Autorisierung benutzen", + "Use environment variable" : "Umgebungsvariable benutzen", + "Global settings" : "Globale Einstellungen", + "Remove identity provider" : "Autorisierungsdienst entfernen", + "Add identity provider" : "Autorisierungsdienst hinzufügen", + "General" : "Allgemein", + "Service Provider Data" : "Diensteanbieter-Daten", + "If your Service Provider should use certificates you can optionally specify them here." : "Sollte Ihr Diensteanbieter Zertifikate benutzen dann haben Sie hier die Möglichkeit diese anzugeben.", + "Show Service Provider settings…" : "Zeige die Diensteanbieter-Einstellungen…", + "Name ID format" : "Name-ID-Format", + "Identity Provider Data" : "Daten des Autorisierungsdienstes", + "Configure your IdP settings here." : "Autorisierungsdienst-Einstellungen hier konfigurieren.", + "Identifier of the IdP entity (must be a URI)" : "Identifikationsmerkmal des Autorisierungsdienstes (muss URI sein)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "URL-Ziel des Autorisierungsdienstes an den der Diensteanbieter die Anmeldungsanfrage senden soll", + "Show optional Identity Provider settings…" : "Zeige optionale Autorisierungsdienst-Einstellungen", + "URL Location of the IdP where the SP will send the SLO Request" : "URL-Adresse des Autorisierungsdienstes an den der Diensteanbieter die SLO-Anfrage senden soll", + "URL Location of the IDP's SLO Response" : "URL-Adresse der SLO-Antwort des Autorisierungsdienstes", + "Public X.509 certificate of the IdP" : "Öffentliches X.509-Zertifikat des Autorisierungsdienstes", + "Attribute mapping" : "Attribute zuordnen", + "If you want to optionally map attributes to the user you can configure these here." : "Wenn Sie optional Attribute dem Benutzer zuordnen möchten, können Sie dies hier einstellen.", + "Show attribute mapping settings…" : "Einstellungen der Attribute-Zuordnung anzeigen… ", + "Security settings" : "Sicherheitseinstellungen", + "For increased security we recommend enabling the following settings if supported by your environment." : "Um die Sicherheit zu erhöhen empfehlen wir die nachfolgenden Einstellungen, soweit diese von Ihrer Installation unterstützt werden.", + "Show security settings…" : "Zeige Sicherheitseinstellungen… ", + "Signatures and encryption offered" : "Signaturen und Verschlüsselung werden angeboten", + "Signatures and encryption required" : "Signaturen und Verschlüsselung erforderlich", + "Download metadata XML" : "Lade Metadaten-XML herunter", + "Reset settings" : "Einstellungen zurücksetzen", + "Metadata invalid" : "Metadaten ungültig", + "Metadata valid" : "Metadaten gültig", + "Error" : "Fehler", + "Account not provisioned." : "Konto nicht bereitgestellt.", + "Your account is not provisioned, access to this service is thus not possible." : "Ihr Konto wird nicht bereitgestellt. Der Zugriff ist daher nicht möglich.", + "Login options:" : "Anmeldeoptionen:", + "Choose a authentication provider" : "Einen Authentifizierungsanbieter auswählen" +},"pluralForm" :"nplurals=2; plural=(n != 1);" +} \ No newline at end of file diff --git a/docker/nextcloud/custom_apps/user_saml/l10n/el.js b/docker/nextcloud/custom_apps/user_saml/l10n/el.js new file mode 100644 index 0000000..631ec59 --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/l10n/el.js @@ -0,0 +1,89 @@ +OC.L10N.register( + "user_saml", + { + "This user account is disabled, please contact your administrator." : "Ο λογαριασμός χρήστη είναι απενεργοποιημένος, επικοινωνήστε με τον διαχειριστή σας.", + "Saved" : "Αποθηκεύτηκαν", + "Provider" : "Πάροχος", + "Unknown error, please check the log file for more details." : "Άγνωστο σφάλμα, παρακαλούμε ελέξτε το ιστορικό για περισσότερες λεπτομέρειες.", + "Direct log in" : "Άμεση είσοδος", + "SSO & SAML log in" : "Είσοδος SSO & SAML", + "This page should not be visited directly." : "Αυτή η σελίδα δεν πρέπει να επισκέφτεται απευθείας", + "Provider " : "Πάροχος", + "X.509 certificate of the Service Provider" : "Το πιστοποιητικό του Παρόχου Υπηρεσιών X.509", + "Private key of the Service Provider" : "Ιδιωτικό κλειδί για τον παροχέα δικτύου", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Υποδεικνύει ότι το αναγνωριστικό όνομα του  που αποστέλλονται από αυτό το SP θα κρυπτογραφηθούν.", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Υποδεικνύει το κατα πόσο των μηνυμάτων που αποστέλλονται από αυτό το SP θα υπογραφούν. [Τα μεταδεδομένα του SP θα προσφέρουν αυτές τις πληροφορίες]", + "Indicates whether the messages sent by this SP will be signed." : "Υποδεικνύει το κατα πόσο των μηνυμάτων που έχουν σταλλεί από αυτό το SP θα υπογραφούν.", + "Indicates whether the messages sent by this SP will be signed." : "Υποδεικνύει το κατα πόσο του  σταλθέντων μηνυμάτων απο αυτό το SP θα υπογραφούν.", + "Whether the metadata should be signed." : "Εάν τα μεταδεδομένα πρέπει να είναι υπογεγραμένα.", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Υποδεικνύει μία απαίτηση για το,καιτων ληφθέντων στοιχείων απο αυτό το SP ως προς υπογραφή.", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Προαπαιτείται για το των ληφθέντων στοιχείων απο αυτό το SP ως προς υπογραφή.[Τα μεταδεδομένα του SP θα προσφέρουν αυτές τις πληροφορίες]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Υποδεικνύει την απαίτηση κρυπτογράφησης των στοιχείων που λαμβάνονται από αυτό το SP.", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Υποδεικνύει μια απαίτηση για το στοιχείο ΌνομαΑντικειμένου στο SAMLResponse που λαμβάνεται από αυτό το SP να είναι παρόν.", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Υποδεικνύει την απαίτηση για κρυπτογράφηση του αναγνωριστικού ονόματος που λαμβάνεται από αυτό το SP.", + "Indicates if the SP will validate all received XML." : "Υποδεικνύει εάν το SP θα επικυρώσει όλες τις ληφθείσες XML.", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "Διεύθυνση URL ADFS - Κωδικοποιεί τα δεδομένα SAML ως πεζά και το κιτ εργαλείων χρησιμοποιεί από προεπιλογή κεφαλαία γράμματα. Ενεργοποιήστε τη συμβατότητα ADFS κατά την επαλήθευση υπογραφής.", + "Algorithm that the toolkit will use on signing process." : "Αλγόριθμος που θα χρησιμοποιήσει η εργαλειοθήκη κατά τη διαδικασία υπογραφής.", + "Attribute to map the UID to." : "Χαρακτηριστικό χαρτογράφησης του UID.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Να επιτρέπεται η πιστοποίηση μόνον εάν ένας λογαριασμός υπάρχει σε κάποιο άλλο backend. (πχ. LDAP)", + "Attribute to map the displayname to." : "Χαρακτηριστικό για τη χαρτογράφηση του ονόματος εμφάνισης.", + "Attribute to map the email address to." : "Χαρακτηριστικό για τη χαρτογράφηση της διεύθυνσης αλληλογραφίας.", + "Attribute to map the quota to." : "Χαρακτηριστικό χαρτογράφησης της ποσόστωσης.", + "Attribute to map the users groups to." : "Χαρακτηριστικό χαρτογράφησης της ομάδας χρηστών.", + "Attribute to map the users home to." : "Χαρακτηριστικό χαρτογράφησης της οικίας χρηστών.", + "Email address" : "Διεύθυνση αλληλογραφίας", + "Encrypted" : "Κρυπτογραφημένο", + "Entity" : "Οντότητα", + "Kerberos" : "Kerberos", + "Persistent" : "Επίμονος", + "Transient" : "Παροδικός", + "Unspecified" : "Απροσδιόριστος", + "Windows domain qualified name" : "Χαρακτηριστικό όνομα τομέα των Windows", + "X509 subject name" : "Όνομα θέματος X509", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Χρησιμοποιείστε πιστοποίηση SAML για τους %s σταθερούς υπολογιστές (απαιτείται έλεγχος επαλήθευσης από τον χρήστη)", + "Optional display name of the identity provider (default: \"SSO & SAML log in\")" : "Προαιρετικά εμφάνιση ονόματος ταυτότητας παρόχου (προεπιλογή:\"SSO & SAML\")", + "Allow the use of multiple user back-ends (e.g. LDAP)" : "Επιτρέψτε τη χρήση εφαρμογών παρασκηνίου (π.χ. LDAP)", + "SSO & SAML authentication" : "Πιστοποίηση SSO & SAML", + "Authenticate using single sign-on" : "Πιστοποίηση με χρήση απλής σύνδεσης", + "Using the SSO & SAML app of your Nextcloud you can make it easily possible to integrate your existing Single-Sign-On solution with Nextcloud. In addition, you can use the Nextcloud LDAP user provider to keep the convenience for users. (e.g. when sharing)\nThe following providers are supported and tested at the moment:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Authentication via Environment Variable**\n\t* Kerberos (mod_auth_kerb)\n\t* Any other provider that authenticates using the environment variable\n\nWhile theoretically any other authentication provider implementing either one of those standards is compatible, we like to note that they are not part of any internal test matrix." : "Χρησιμοποιώντας την εφαρμογή SSO & SAML του Nextcloud, μπορείτε εύκολα να ενσωματώσετε την υπάρχουσα λύση Ευκολή Σύνδεση με το Nextcloud. Επιπλέον, μπορείτε να χρησιμοποιήσετε τον πάροχο χρηστών του Nextcloud LDAP για να διατηρήσετε την ευκολία των χρηστών. (π.χ. κατά την κοινή χρήση)\nΣήμερα υποστηρίζονται και δοκιμάστηκαν οι παρακάτω πάροχες:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Authentication via Environment Variable**\n\t* Kerberos (mod_auth_kerb)\n\t * Κάθε άλλος πάροχος που πιστοποιείται με χρήση της μεταβλητής περιβάλλοντος\n\nΕνώ θεωρητικά οποιοσδήποτε άλλος πάροχος πιστοποίησης που εφαρμόζει ένα από αυτά τα πρότυπα είναι συμβατός, θέλουμε να σημειώσουμε ότι δεν αποτελούν μέρος εσωτερικών δοκιμών.", + "Open documentation" : "Άνοιγμα τεκμηρίωσης", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you enabled \"%s\" or you go directly to the URL %s." : "Βεβαιωθείτε ότι έχετε ρυθμίσει έναν χρήστη διαχείρισης ο οποίος μπορεί να έχει άμεση πρόσβαση μέσω SSO. Σύνδεση στον τακτικό λογαριασμό σας %sδε θα είναι δυνατή πλέον, εκτός και εάν ενεργοποιηθεί το \"%s\" ή μεταβείτε απευθείας στην URL %s.", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you go directly to the URL %s." : "Βεβαιωθείτε ότι έχετε ρυθμίσει έναν χρήστη διαχείρισης ο οποίος μπορεί να έχει άμεση πρόσβαση μέσω SSO. Σύνδεση στον τακτικό λογαριασμό σας %sδε θα είναι δυνατή πλέον, εκτός και εάν μεταβείτε απευθείας στην URL %s.", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Επιλέξτε εάν θέλετε να επαληθεύσετε την ταυτότητα χρησιμοποιώντας τον ενσωματωμένο στο Nextcloud φορέα SAML ή αν θέλετε να επαληθεύσετε την ταυτότητά σας σε σχέση με μια μεταβλητή περιβάλλοντος.", + "Use built-in SAML authentication" : "Χρησιμοποιήστε ενσωματωμένο έλεγχο ταυτότητας SAML", + "Use environment variable" : "Χρησιμοποιήστε μεταβλητή περιβάλλοντος", + "Global settings" : "Γενικές ρυθμίσεις", + "Remove identity provider" : "Κατάργηση ταυτότητας παρόχου", + "Add identity provider" : "Προσθήκη ταυτότητας παρόχου", + "General" : "Γενικά", + "Service Provider Data" : "Δεδομένα φορέα παροχής υπηρεσιών", + "If your Service Provider should use certificates you can optionally specify them here." : "Εάν ο πάροχος υπηρεσιών σας πρέπει να χρησιμοποιήσει πιστοποιητικά, μπορείτε να τα ορίσετε προαιρετικά εδώ.", + "Show Service Provider settings…" : "Εμφάνιση ρυθμίσεων Υπηρεσίας Παρόχου ...", + "Name ID format" : "Μορφή ταυτότητας ονόματος", + "Identity Provider Data" : "Στοιχεία παροχέα ταυτότητας", + "Configure your IdP settings here." : "Ρυθμίστε το IdP εδώ.", + "Identifier of the IdP entity (must be a URI)" : "Αναγνωριστικό οντότητας IdP (πρέπει να είναι URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "Αποδέκτης URL του IdP όπου το SP θα στείλει μήνυμα Αίτησης Ελέγχου Ταυτότητας", + "Show optional Identity Provider settings…" : "Εμφάνιση προαιρετικών ρυθμίσεων Παροχέα Ταυτότητας ...", + "URL Location of the IdP where the SP will send the SLO Request" : "Τοποθεσία URL του IdP όπου το SP θα στείλει Αίτηση SLO", + "URL Location of the IDP's SLO Response" : "Τοποθεσία URL της απάντησης SLO του IDP", + "Public X.509 certificate of the IdP" : "Δημόσιο πιστοποιητικό X.509 του IdP", + "Attribute mapping" : "Χαρτογράφηση χαρακτηριστικών", + "If you want to optionally map attributes to the user you can configure these here." : "Αν επιθυμείτε προαιρετικά να χαρτογραφήσετε χαρακτηριστικά στον χρήστη, μπορείτε να τις διαμορφώσετε εδώ.", + "Show attribute mapping settings…" : "Εμφάνιση ρυθμίσεων χαρτογράφησης χαρακτηριστικών ", + "Security settings" : "Ρυθμίσεις ασφαλείας", + "For increased security we recommend enabling the following settings if supported by your environment." : "Για αυξημένη ασφάλεια σας συνιστούμε να ενεργοποιήσετε τις παρακάτω ρυθμίσεις εάν υποστηρίζονται από το περιβάλλον σας.", + "Show security settings…" : "Εμφάνιση ρυθμίσεων ασφαλείας...", + "Signatures and encryption offered" : "Υπογραφές και κρυπτογράφηση που προσφέρονται", + "Signatures and encryption required" : "Απαιτούνται υπογραφές και κρυπτογράφηση", + "Download metadata XML" : "Λήψη μεταδεδομένων XML", + "Reset settings" : "Επαναφορά ρυθμίσεων", + "Metadata invalid" : "Μη έγκυρα μεταδεδομένα", + "Metadata valid" : "Έγκυρα μεταδεδομένα", + "Error" : "Σφάλμα", + "Account not provisioned." : "Ο λογαριασμός δεν προβλέφθηκε.", + "Your account is not provisioned, access to this service is thus not possible." : "Ο λογαριασμός σας δεν προβλέπεται, επομένως δεν είναι δυνατή η πρόσβαση σε αυτήν την υπηρεσία.", + "Login options:" : "Επιλογές σύνδεσης:", + "Choose a authentication provider" : "Επιλογή παρόχου πιστοποίησης" +}, +"nplurals=2; plural=(n != 1);"); diff --git a/docker/nextcloud/custom_apps/user_saml/l10n/el.json b/docker/nextcloud/custom_apps/user_saml/l10n/el.json new file mode 100644 index 0000000..6368c65 --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/l10n/el.json @@ -0,0 +1,87 @@ +{ "translations": { + "This user account is disabled, please contact your administrator." : "Ο λογαριασμός χρήστη είναι απενεργοποιημένος, επικοινωνήστε με τον διαχειριστή σας.", + "Saved" : "Αποθηκεύτηκαν", + "Provider" : "Πάροχος", + "Unknown error, please check the log file for more details." : "Άγνωστο σφάλμα, παρακαλούμε ελέξτε το ιστορικό για περισσότερες λεπτομέρειες.", + "Direct log in" : "Άμεση είσοδος", + "SSO & SAML log in" : "Είσοδος SSO & SAML", + "This page should not be visited directly." : "Αυτή η σελίδα δεν πρέπει να επισκέφτεται απευθείας", + "Provider " : "Πάροχος", + "X.509 certificate of the Service Provider" : "Το πιστοποιητικό του Παρόχου Υπηρεσιών X.509", + "Private key of the Service Provider" : "Ιδιωτικό κλειδί για τον παροχέα δικτύου", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Υποδεικνύει ότι το αναγνωριστικό όνομα του  που αποστέλλονται από αυτό το SP θα κρυπτογραφηθούν.", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Υποδεικνύει το κατα πόσο των μηνυμάτων που αποστέλλονται από αυτό το SP θα υπογραφούν. [Τα μεταδεδομένα του SP θα προσφέρουν αυτές τις πληροφορίες]", + "Indicates whether the messages sent by this SP will be signed." : "Υποδεικνύει το κατα πόσο των μηνυμάτων που έχουν σταλλεί από αυτό το SP θα υπογραφούν.", + "Indicates whether the messages sent by this SP will be signed." : "Υποδεικνύει το κατα πόσο του  σταλθέντων μηνυμάτων απο αυτό το SP θα υπογραφούν.", + "Whether the metadata should be signed." : "Εάν τα μεταδεδομένα πρέπει να είναι υπογεγραμένα.", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Υποδεικνύει μία απαίτηση για το,καιτων ληφθέντων στοιχείων απο αυτό το SP ως προς υπογραφή.", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Προαπαιτείται για το των ληφθέντων στοιχείων απο αυτό το SP ως προς υπογραφή.[Τα μεταδεδομένα του SP θα προσφέρουν αυτές τις πληροφορίες]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Υποδεικνύει την απαίτηση κρυπτογράφησης των στοιχείων που λαμβάνονται από αυτό το SP.", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Υποδεικνύει μια απαίτηση για το στοιχείο ΌνομαΑντικειμένου στο SAMLResponse που λαμβάνεται από αυτό το SP να είναι παρόν.", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Υποδεικνύει την απαίτηση για κρυπτογράφηση του αναγνωριστικού ονόματος που λαμβάνεται από αυτό το SP.", + "Indicates if the SP will validate all received XML." : "Υποδεικνύει εάν το SP θα επικυρώσει όλες τις ληφθείσες XML.", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "Διεύθυνση URL ADFS - Κωδικοποιεί τα δεδομένα SAML ως πεζά και το κιτ εργαλείων χρησιμοποιεί από προεπιλογή κεφαλαία γράμματα. Ενεργοποιήστε τη συμβατότητα ADFS κατά την επαλήθευση υπογραφής.", + "Algorithm that the toolkit will use on signing process." : "Αλγόριθμος που θα χρησιμοποιήσει η εργαλειοθήκη κατά τη διαδικασία υπογραφής.", + "Attribute to map the UID to." : "Χαρακτηριστικό χαρτογράφησης του UID.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Να επιτρέπεται η πιστοποίηση μόνον εάν ένας λογαριασμός υπάρχει σε κάποιο άλλο backend. (πχ. LDAP)", + "Attribute to map the displayname to." : "Χαρακτηριστικό για τη χαρτογράφηση του ονόματος εμφάνισης.", + "Attribute to map the email address to." : "Χαρακτηριστικό για τη χαρτογράφηση της διεύθυνσης αλληλογραφίας.", + "Attribute to map the quota to." : "Χαρακτηριστικό χαρτογράφησης της ποσόστωσης.", + "Attribute to map the users groups to." : "Χαρακτηριστικό χαρτογράφησης της ομάδας χρηστών.", + "Attribute to map the users home to." : "Χαρακτηριστικό χαρτογράφησης της οικίας χρηστών.", + "Email address" : "Διεύθυνση αλληλογραφίας", + "Encrypted" : "Κρυπτογραφημένο", + "Entity" : "Οντότητα", + "Kerberos" : "Kerberos", + "Persistent" : "Επίμονος", + "Transient" : "Παροδικός", + "Unspecified" : "Απροσδιόριστος", + "Windows domain qualified name" : "Χαρακτηριστικό όνομα τομέα των Windows", + "X509 subject name" : "Όνομα θέματος X509", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Χρησιμοποιείστε πιστοποίηση SAML για τους %s σταθερούς υπολογιστές (απαιτείται έλεγχος επαλήθευσης από τον χρήστη)", + "Optional display name of the identity provider (default: \"SSO & SAML log in\")" : "Προαιρετικά εμφάνιση ονόματος ταυτότητας παρόχου (προεπιλογή:\"SSO & SAML\")", + "Allow the use of multiple user back-ends (e.g. LDAP)" : "Επιτρέψτε τη χρήση εφαρμογών παρασκηνίου (π.χ. LDAP)", + "SSO & SAML authentication" : "Πιστοποίηση SSO & SAML", + "Authenticate using single sign-on" : "Πιστοποίηση με χρήση απλής σύνδεσης", + "Using the SSO & SAML app of your Nextcloud you can make it easily possible to integrate your existing Single-Sign-On solution with Nextcloud. In addition, you can use the Nextcloud LDAP user provider to keep the convenience for users. (e.g. when sharing)\nThe following providers are supported and tested at the moment:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Authentication via Environment Variable**\n\t* Kerberos (mod_auth_kerb)\n\t* Any other provider that authenticates using the environment variable\n\nWhile theoretically any other authentication provider implementing either one of those standards is compatible, we like to note that they are not part of any internal test matrix." : "Χρησιμοποιώντας την εφαρμογή SSO & SAML του Nextcloud, μπορείτε εύκολα να ενσωματώσετε την υπάρχουσα λύση Ευκολή Σύνδεση με το Nextcloud. Επιπλέον, μπορείτε να χρησιμοποιήσετε τον πάροχο χρηστών του Nextcloud LDAP για να διατηρήσετε την ευκολία των χρηστών. (π.χ. κατά την κοινή χρήση)\nΣήμερα υποστηρίζονται και δοκιμάστηκαν οι παρακάτω πάροχες:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Authentication via Environment Variable**\n\t* Kerberos (mod_auth_kerb)\n\t * Κάθε άλλος πάροχος που πιστοποιείται με χρήση της μεταβλητής περιβάλλοντος\n\nΕνώ θεωρητικά οποιοσδήποτε άλλος πάροχος πιστοποίησης που εφαρμόζει ένα από αυτά τα πρότυπα είναι συμβατός, θέλουμε να σημειώσουμε ότι δεν αποτελούν μέρος εσωτερικών δοκιμών.", + "Open documentation" : "Άνοιγμα τεκμηρίωσης", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you enabled \"%s\" or you go directly to the URL %s." : "Βεβαιωθείτε ότι έχετε ρυθμίσει έναν χρήστη διαχείρισης ο οποίος μπορεί να έχει άμεση πρόσβαση μέσω SSO. Σύνδεση στον τακτικό λογαριασμό σας %sδε θα είναι δυνατή πλέον, εκτός και εάν ενεργοποιηθεί το \"%s\" ή μεταβείτε απευθείας στην URL %s.", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you go directly to the URL %s." : "Βεβαιωθείτε ότι έχετε ρυθμίσει έναν χρήστη διαχείρισης ο οποίος μπορεί να έχει άμεση πρόσβαση μέσω SSO. Σύνδεση στον τακτικό λογαριασμό σας %sδε θα είναι δυνατή πλέον, εκτός και εάν μεταβείτε απευθείας στην URL %s.", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Επιλέξτε εάν θέλετε να επαληθεύσετε την ταυτότητα χρησιμοποιώντας τον ενσωματωμένο στο Nextcloud φορέα SAML ή αν θέλετε να επαληθεύσετε την ταυτότητά σας σε σχέση με μια μεταβλητή περιβάλλοντος.", + "Use built-in SAML authentication" : "Χρησιμοποιήστε ενσωματωμένο έλεγχο ταυτότητας SAML", + "Use environment variable" : "Χρησιμοποιήστε μεταβλητή περιβάλλοντος", + "Global settings" : "Γενικές ρυθμίσεις", + "Remove identity provider" : "Κατάργηση ταυτότητας παρόχου", + "Add identity provider" : "Προσθήκη ταυτότητας παρόχου", + "General" : "Γενικά", + "Service Provider Data" : "Δεδομένα φορέα παροχής υπηρεσιών", + "If your Service Provider should use certificates you can optionally specify them here." : "Εάν ο πάροχος υπηρεσιών σας πρέπει να χρησιμοποιήσει πιστοποιητικά, μπορείτε να τα ορίσετε προαιρετικά εδώ.", + "Show Service Provider settings…" : "Εμφάνιση ρυθμίσεων Υπηρεσίας Παρόχου ...", + "Name ID format" : "Μορφή ταυτότητας ονόματος", + "Identity Provider Data" : "Στοιχεία παροχέα ταυτότητας", + "Configure your IdP settings here." : "Ρυθμίστε το IdP εδώ.", + "Identifier of the IdP entity (must be a URI)" : "Αναγνωριστικό οντότητας IdP (πρέπει να είναι URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "Αποδέκτης URL του IdP όπου το SP θα στείλει μήνυμα Αίτησης Ελέγχου Ταυτότητας", + "Show optional Identity Provider settings…" : "Εμφάνιση προαιρετικών ρυθμίσεων Παροχέα Ταυτότητας ...", + "URL Location of the IdP where the SP will send the SLO Request" : "Τοποθεσία URL του IdP όπου το SP θα στείλει Αίτηση SLO", + "URL Location of the IDP's SLO Response" : "Τοποθεσία URL της απάντησης SLO του IDP", + "Public X.509 certificate of the IdP" : "Δημόσιο πιστοποιητικό X.509 του IdP", + "Attribute mapping" : "Χαρτογράφηση χαρακτηριστικών", + "If you want to optionally map attributes to the user you can configure these here." : "Αν επιθυμείτε προαιρετικά να χαρτογραφήσετε χαρακτηριστικά στον χρήστη, μπορείτε να τις διαμορφώσετε εδώ.", + "Show attribute mapping settings…" : "Εμφάνιση ρυθμίσεων χαρτογράφησης χαρακτηριστικών ", + "Security settings" : "Ρυθμίσεις ασφαλείας", + "For increased security we recommend enabling the following settings if supported by your environment." : "Για αυξημένη ασφάλεια σας συνιστούμε να ενεργοποιήσετε τις παρακάτω ρυθμίσεις εάν υποστηρίζονται από το περιβάλλον σας.", + "Show security settings…" : "Εμφάνιση ρυθμίσεων ασφαλείας...", + "Signatures and encryption offered" : "Υπογραφές και κρυπτογράφηση που προσφέρονται", + "Signatures and encryption required" : "Απαιτούνται υπογραφές και κρυπτογράφηση", + "Download metadata XML" : "Λήψη μεταδεδομένων XML", + "Reset settings" : "Επαναφορά ρυθμίσεων", + "Metadata invalid" : "Μη έγκυρα μεταδεδομένα", + "Metadata valid" : "Έγκυρα μεταδεδομένα", + "Error" : "Σφάλμα", + "Account not provisioned." : "Ο λογαριασμός δεν προβλέφθηκε.", + "Your account is not provisioned, access to this service is thus not possible." : "Ο λογαριασμός σας δεν προβλέπεται, επομένως δεν είναι δυνατή η πρόσβαση σε αυτήν την υπηρεσία.", + "Login options:" : "Επιλογές σύνδεσης:", + "Choose a authentication provider" : "Επιλογή παρόχου πιστοποίησης" +},"pluralForm" :"nplurals=2; plural=(n != 1);" +} \ No newline at end of file diff --git a/docker/nextcloud/custom_apps/user_saml/l10n/en_GB.js b/docker/nextcloud/custom_apps/user_saml/l10n/en_GB.js new file mode 100644 index 0000000..8b073ea --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/l10n/en_GB.js @@ -0,0 +1,65 @@ +OC.L10N.register( + "user_saml", + { + "This user account is disabled, please contact your administrator." : "This user account is disabled, please contact your administrator.", + "Saved" : "Saved", + "Unknown error, please check the log file for more details." : "Unknown error, please check the log file for more details.", + "Direct log in" : "Direct log in", + "SSO & SAML log in" : "SSO & SAML log in", + "X.509 certificate of the Service Provider" : "X.509 certificate of the Service Provider", + "Private key of the Service Provider" : "Private key of the Service Provider", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Indicates that the nameID of the sent by this SP will be encrypted.", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]", + "Indicates whether the messages sent by this SP will be signed." : "Indicates whether the messages sent by this SP will be signed.", + "Indicates whether the messages sent by this SP will be signed." : "Indicates whether the messages sent by this SP will be signed.", + "Whether the metadata should be signed." : "Whether the metadata should be signed.", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Indicates a requirement for the , and elements received by this SP to be signed.", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Indicates a requirement for the elements received by this SP to be encrypted.", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present.", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Indicates a requirement for the NameID received by this SP to be encrypted.", + "Indicates if the SP will validate all received XML." : "Indicates if the SP will validate all received XML.", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification.", + "Attribute to map the UID to." : "Attribute to map the UID to.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Only allow authentication if an account exists on some other backend. (e.g. LDAP)", + "Attribute to map the displayname to." : "Attribute to map the displayname to.", + "Attribute to map the email address to." : "Attribute to map the email address to.", + "Attribute to map the quota to." : "Attribute to map the quota to.", + "Attribute to map the users groups to." : "Attribute to map the users groups to.", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Use SAML auth for the %s desktop clients (requires user re-authentication)", + "Optional display name of the identity provider (default: \"SSO & SAML log in\")" : "Optional display name of the identity provider (default: \"SSO & SAML log in\")", + "Allow the use of multiple user back-ends (e.g. LDAP)" : "Allow the use of multiple user back-ends (e.g. LDAP)", + "SSO & SAML authentication" : "SSO & SAML authentication", + "Authenticate using single sign-on" : "Authenticate using single sign-on", + "Using the SSO & SAML app of your Nextcloud you can make it easily possible to integrate your existing Single-Sign-On solution with Nextcloud. In addition, you can use the Nextcloud LDAP user provider to keep the convenience for users. (e.g. when sharing)\nThe following providers are supported and tested at the moment:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Authentication via Environment Variable**\n\t* Kerberos (mod_auth_kerb)\n\t* Any other provider that authenticates using the environment variable\n\nWhile theoretically any other authentication provider implementing either one of those standards is compatible, we like to note that they are not part of any internal test matrix." : "Using the SSO & SAML app of your Nextcloud you can make it easily possible to integrate your existing Single-Sign-On solution with Nextcloud. In addition, you can use the Nextcloud LDAP user provider to keep the convenience for users. (e.g. when sharing)\nThe following providers are supported and tested at the moment:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Authentication via Environment Variable**\n\t* Kerberos (mod_auth_kerb)\n\t* Any other provider that authenticates using the environment variable\n\nWhile theoretically any other authentication provider implementing either one of those standards is compatible, we like to note that they are not part of any internal test matrix.", + "Open documentation" : "Open documentation", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable.", + "Use built-in SAML authentication" : "Use built-in SAML authentication", + "Use environment variable" : "Use environment variable", + "General" : "General", + "Service Provider Data" : "Service Provider Data", + "If your Service Provider should use certificates you can optionally specify them here." : "If your Service Provider should use certificates you can optionally specify them here.", + "Show Service Provider settings…" : "Show Service Provider settings…", + "Identity Provider Data" : "Identity Provider Data", + "Configure your IdP settings here." : "Configure your IdP settings here.", + "Identifier of the IdP entity (must be a URI)" : "Identifier of the IdP entity (must be a URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "URL Target of the IdP where the SP will send the Authentication Request Message", + "Show optional Identity Provider settings…" : "Show optional Identity Provider settings…", + "URL Location of the IdP where the SP will send the SLO Request" : "URL Location of the IdP where the SP will send the SLO Request", + "Public X.509 certificate of the IdP" : "Public X.509 certificate of the IdP", + "Attribute mapping" : "Attribute mapping", + "If you want to optionally map attributes to the user you can configure these here." : "If you want to optionally map attributes to the user you can configure these here.", + "Show attribute mapping settings…" : "Show attribute mapping settings…", + "Security settings" : "Security settings", + "For increased security we recommend enabling the following settings if supported by your environment." : "For increased security we recommend enabling the following settings if supported by your environment.", + "Show security settings…" : "Show security settings…", + "Signatures and encryption offered" : "Signatures and encryption offered", + "Signatures and encryption required" : "Signatures and encryption required", + "Download metadata XML" : "Download metadata XML", + "Metadata invalid" : "Metadata invalid", + "Metadata valid" : "Metadata valid", + "Error" : "Error", + "Account not provisioned." : "Account not provisioned.", + "Your account is not provisioned, access to this service is thus not possible." : "Your account is not provisioned, access to this service is thus not possible." +}, +"nplurals=2; plural=(n != 1);"); diff --git a/docker/nextcloud/custom_apps/user_saml/l10n/en_GB.json b/docker/nextcloud/custom_apps/user_saml/l10n/en_GB.json new file mode 100644 index 0000000..220ec21 --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/l10n/en_GB.json @@ -0,0 +1,63 @@ +{ "translations": { + "This user account is disabled, please contact your administrator." : "This user account is disabled, please contact your administrator.", + "Saved" : "Saved", + "Unknown error, please check the log file for more details." : "Unknown error, please check the log file for more details.", + "Direct log in" : "Direct log in", + "SSO & SAML log in" : "SSO & SAML log in", + "X.509 certificate of the Service Provider" : "X.509 certificate of the Service Provider", + "Private key of the Service Provider" : "Private key of the Service Provider", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Indicates that the nameID of the sent by this SP will be encrypted.", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]", + "Indicates whether the messages sent by this SP will be signed." : "Indicates whether the messages sent by this SP will be signed.", + "Indicates whether the messages sent by this SP will be signed." : "Indicates whether the messages sent by this SP will be signed.", + "Whether the metadata should be signed." : "Whether the metadata should be signed.", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Indicates a requirement for the , and elements received by this SP to be signed.", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Indicates a requirement for the elements received by this SP to be encrypted.", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present.", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Indicates a requirement for the NameID received by this SP to be encrypted.", + "Indicates if the SP will validate all received XML." : "Indicates if the SP will validate all received XML.", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification.", + "Attribute to map the UID to." : "Attribute to map the UID to.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Only allow authentication if an account exists on some other backend. (e.g. LDAP)", + "Attribute to map the displayname to." : "Attribute to map the displayname to.", + "Attribute to map the email address to." : "Attribute to map the email address to.", + "Attribute to map the quota to." : "Attribute to map the quota to.", + "Attribute to map the users groups to." : "Attribute to map the users groups to.", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Use SAML auth for the %s desktop clients (requires user re-authentication)", + "Optional display name of the identity provider (default: \"SSO & SAML log in\")" : "Optional display name of the identity provider (default: \"SSO & SAML log in\")", + "Allow the use of multiple user back-ends (e.g. LDAP)" : "Allow the use of multiple user back-ends (e.g. LDAP)", + "SSO & SAML authentication" : "SSO & SAML authentication", + "Authenticate using single sign-on" : "Authenticate using single sign-on", + "Using the SSO & SAML app of your Nextcloud you can make it easily possible to integrate your existing Single-Sign-On solution with Nextcloud. In addition, you can use the Nextcloud LDAP user provider to keep the convenience for users. (e.g. when sharing)\nThe following providers are supported and tested at the moment:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Authentication via Environment Variable**\n\t* Kerberos (mod_auth_kerb)\n\t* Any other provider that authenticates using the environment variable\n\nWhile theoretically any other authentication provider implementing either one of those standards is compatible, we like to note that they are not part of any internal test matrix." : "Using the SSO & SAML app of your Nextcloud you can make it easily possible to integrate your existing Single-Sign-On solution with Nextcloud. In addition, you can use the Nextcloud LDAP user provider to keep the convenience for users. (e.g. when sharing)\nThe following providers are supported and tested at the moment:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Authentication via Environment Variable**\n\t* Kerberos (mod_auth_kerb)\n\t* Any other provider that authenticates using the environment variable\n\nWhile theoretically any other authentication provider implementing either one of those standards is compatible, we like to note that they are not part of any internal test matrix.", + "Open documentation" : "Open documentation", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable.", + "Use built-in SAML authentication" : "Use built-in SAML authentication", + "Use environment variable" : "Use environment variable", + "General" : "General", + "Service Provider Data" : "Service Provider Data", + "If your Service Provider should use certificates you can optionally specify them here." : "If your Service Provider should use certificates you can optionally specify them here.", + "Show Service Provider settings…" : "Show Service Provider settings…", + "Identity Provider Data" : "Identity Provider Data", + "Configure your IdP settings here." : "Configure your IdP settings here.", + "Identifier of the IdP entity (must be a URI)" : "Identifier of the IdP entity (must be a URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "URL Target of the IdP where the SP will send the Authentication Request Message", + "Show optional Identity Provider settings…" : "Show optional Identity Provider settings…", + "URL Location of the IdP where the SP will send the SLO Request" : "URL Location of the IdP where the SP will send the SLO Request", + "Public X.509 certificate of the IdP" : "Public X.509 certificate of the IdP", + "Attribute mapping" : "Attribute mapping", + "If you want to optionally map attributes to the user you can configure these here." : "If you want to optionally map attributes to the user you can configure these here.", + "Show attribute mapping settings…" : "Show attribute mapping settings…", + "Security settings" : "Security settings", + "For increased security we recommend enabling the following settings if supported by your environment." : "For increased security we recommend enabling the following settings if supported by your environment.", + "Show security settings…" : "Show security settings…", + "Signatures and encryption offered" : "Signatures and encryption offered", + "Signatures and encryption required" : "Signatures and encryption required", + "Download metadata XML" : "Download metadata XML", + "Metadata invalid" : "Metadata invalid", + "Metadata valid" : "Metadata valid", + "Error" : "Error", + "Account not provisioned." : "Account not provisioned.", + "Your account is not provisioned, access to this service is thus not possible." : "Your account is not provisioned, access to this service is thus not possible." +},"pluralForm" :"nplurals=2; plural=(n != 1);" +} \ No newline at end of file diff --git a/docker/nextcloud/custom_apps/user_saml/l10n/eo.js b/docker/nextcloud/custom_apps/user_saml/l10n/eo.js new file mode 100644 index 0000000..760302e --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/l10n/eo.js @@ -0,0 +1,10 @@ +OC.L10N.register( + "user_saml", + { + "Saved" : "Konservita", + "Email address" : "Retpoŝtadreso", + "Open documentation" : "Malfermi la dokumentaron", + "General" : "Ĝenerala", + "Error" : "Eraro" +}, +"nplurals=2; plural=(n != 1);"); diff --git a/docker/nextcloud/custom_apps/user_saml/l10n/eo.json b/docker/nextcloud/custom_apps/user_saml/l10n/eo.json new file mode 100644 index 0000000..d398961 --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/l10n/eo.json @@ -0,0 +1,8 @@ +{ "translations": { + "Saved" : "Konservita", + "Email address" : "Retpoŝtadreso", + "Open documentation" : "Malfermi la dokumentaron", + "General" : "Ĝenerala", + "Error" : "Eraro" +},"pluralForm" :"nplurals=2; plural=(n != 1);" +} \ No newline at end of file diff --git a/docker/nextcloud/custom_apps/user_saml/l10n/es.js b/docker/nextcloud/custom_apps/user_saml/l10n/es.js new file mode 100644 index 0000000..be17f69 --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/l10n/es.js @@ -0,0 +1,89 @@ +OC.L10N.register( + "user_saml", + { + "This user account is disabled, please contact your administrator." : "Esta cuenta de usuario está deshabilitada. Por favor, ponte en contacto con el administrador.", + "Saved" : "Guardado", + "Provider" : "Proveedor", + "Unknown error, please check the log file for more details." : "Error desconocido. Por favor, revisa el registro para más información.", + "Direct log in" : "Inicio de sesión directo", + "SSO & SAML log in" : "Inicio de sesión mediante SSO & SAML", + "This page should not be visited directly." : "No se debería visitar directamente esta página.", + "Provider " : "Proveedor", + "X.509 certificate of the Service Provider" : "Certificado X.509 del Proveedor de Servicio", + "Private key of the Service Provider" : "Clave privada del Proveedor de Servicio", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Indica que el nameID del enviado por este SP será cifrado.", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Indica si los mensajes enviados por este SP serán firmados. [Los metadatos del SP ofrecerán esta información]", + "Indicates whether the messages sent by this SP will be signed." : "Indica cuando los mensajes mandados por este SP serán firmados.", + "Indicates whether the messages sent by this SP will be signed." : "Indica cuando el mensaje es enviado por este SP será firmado.", + "Whether the metadata should be signed." : "Tal vez los metadatos deban ser firmados.", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Indica un requisito para los elementos , y recibidos por este SP a ser asignado.", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Indica un requisito de los elementos recibido por este SP para ser firmados. [Metadata del SP ofrecerá este información]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Indica un requisito para el elemento recibido por este SP para ser cifrado.", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Indica un requisito para que el elemento NameID en el SAMLResponse recibido por este SP esté presente.", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Indica un requisito para que el NameID recibido por este SP esté cifrado.", + "Indicates if the SP will validate all received XML." : "Indica si el SP validará todo el XML recibido.", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS URL-Cifra datos SAML en minúsculas, y el kit de herramientas usa mayúsculas por omisión. Active ADFS para compatibilidad en la firma de verificación.", + "Algorithm that the toolkit will use on signing process." : "El algoritmo que la herramienta usará en el proceso de firma.", + "Attribute to map the UID to." : "Atributo para definir la UID.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Permitir la autenticación solo si una cuenta existe en algún otro motor (LDAP, p. ej.).", + "Attribute to map the displayname to." : "Atributo para definir el nombre mostrado", + "Attribute to map the email address to." : "Atributo para definir la dirección de correo electrónico", + "Attribute to map the quota to." : "Atributo para asignar la cuota a.", + "Attribute to map the users groups to." : "Atributo para mapear los grupos de usuarios", + "Attribute to map the users home to." : "Atributo para mapear los grupos de usuarios", + "Email address" : "Dirección de correo", + "Encrypted" : "Cifrado", + "Entity" : "Entidad", + "Kerberos" : "Kerberos", + "Persistent" : "Persistente", + "Transient" : "Transitorio", + "Unspecified" : "No especificado", + "Windows domain qualified name" : "Nombre calificado de dominio Windows", + "X509 subject name" : "Nombre de asunto o sujeto X509", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Usar la autenticación SAML para los clientes de escritorio %s (necesita una re-autenticación del usuario)", + "Optional display name of the identity provider (default: \"SSO & SAML log in\")" : "Visualización opcional del nombre del proveedor de identidad (predeterminado: \"inicio de sesión de SSO y SAML\")", + "Allow the use of multiple user back-ends (e.g. LDAP)" : "Permitir el uso de back-ends de múltiples usuarios (por ejemplo, LDAP)", + "SSO & SAML authentication" : "Autenticación SSO & SAML", + "Authenticate using single sign-on" : "Autenticación usando single sign-on", + "Using the SSO & SAML app of your Nextcloud you can make it easily possible to integrate your existing Single-Sign-On solution with Nextcloud. In addition, you can use the Nextcloud LDAP user provider to keep the convenience for users. (e.g. when sharing)\nThe following providers are supported and tested at the moment:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Authentication via Environment Variable**\n\t* Kerberos (mod_auth_kerb)\n\t* Any other provider that authenticates using the environment variable\n\nWhile theoretically any other authentication provider implementing either one of those standards is compatible, we like to note that they are not part of any internal test matrix." : "Usando la app SSO y SAML en tu NextCloud puedes hacer posible integrar tu solución de single sign-on con Nextcloud. Además, puedes usar el proveedor de usuarios LDAP de NextCloud para mantener la conveniencia para usuarios (p. ej., al compartir).\nLos siguientes proveedores están soportados y han sido comprobados por el momentos:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n** Autenticación vía variable de entorno**\n\t* Kerberos (mod_auth_kerb)\n\t* Cualquier otro proveedor que autentique usando la variable de entorno\n\n\tMientras que teóricamente cualquier otro proveedor de autenticación que implemente cualquiera de estos estándares es compatible, queremos hacer notar que no son parte de ninguna matriz de prueba interna", + "Open documentation" : "Abrir documentación", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you enabled \"%s\" or you go directly to the URL %s." : "Asegúrate de configurar un usuario administrativo que puede acceder a la instancia vía SSO. Entrar con tu cuenta habitual %s no será ya posible, a no ser que hayas activado \"%s\" o vayas directamente a la URL %s.", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you go directly to the URL %s." : "Asegúrate de configurar un usuario administrativo que puede acceder a la instancia vía SSO. Entrar con tu cuenta habitual %s no será ya posible, a no ser que vayas directamente a la URL %s.", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Por favor elija si desea autenticar usando el proveedor SAML nativo en Nextcloud o si desea autenticar contra una variable del entorno.", + "Use built-in SAML authentication" : "Use la autenticación nativa SAML", + "Use environment variable" : "Usar variable de entorno", + "Global settings" : "Ajustes globales", + "Remove identity provider" : "Eliminar proveedor de identidad", + "Add identity provider" : "Añadir proveedor de identidad", + "General" : "General", + "Service Provider Data" : "Proovedor de Servicio de Datos", + "If your Service Provider should use certificates you can optionally specify them here." : "Si su proveedor de servicio usa certificados, se pueden opcionalmente especificar aquí.", + "Show Service Provider settings…" : "Mostrar configuración del Proveedor de servicio", + "Name ID format" : "Formato del ID de nombre", + "Identity Provider Data" : "Identificación del Proveedor de Datos", + "Configure your IdP settings here." : "Configura tus configuraciones de IdP aquí.", + "Identifier of the IdP entity (must be a URI)" : "Identificador de la entidad IdP (debe ser un URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "URL objetivo del IdP donde el SP mandará el Mensaje de Solicitud de Autenticación", + "Show optional Identity Provider settings…" : "Mostrar configuración del Proveedor de identidad opcional...", + "URL Location of the IdP where the SP will send the SLO Request" : "Dirección URL de el IdP donde el SP enviará las peticiones SLO", + "URL Location of the IDP's SLO Response" : "Dirección URL de la respuesta SLO del IDP", + "Public X.509 certificate of the IdP" : "Certificado público X.509 del IdP", + "Attribute mapping" : "Definición de atributos", + "If you want to optionally map attributes to the user you can configure these here." : "Si opcionalmente quieres mapear atributos al usuario puedes configurar éstos aquí.", + "Show attribute mapping settings…" : "Mostrar configuración de mapeado de atributos...", + "Security settings" : "Configuración de seguridad", + "For increased security we recommend enabling the following settings if supported by your environment." : "Para incrementar la seguridad recomendamos activar los siguientes ajustes si son soportados por su entorno.", + "Show security settings…" : "Mostrar configuración de seguridad...", + "Signatures and encryption offered" : "Firmas y cifrado ofrecido", + "Signatures and encryption required" : "Firmas y cifrado necesitado", + "Download metadata XML" : "Descargar metadatos en XML", + "Reset settings" : "Volver a configuración por defecto", + "Metadata invalid" : "Metadatos inválidos", + "Metadata valid" : "Metadatos válidos", + "Error" : "Error", + "Account not provisioned." : "Cuenta de usuario no aprovisionada.", + "Your account is not provisioned, access to this service is thus not possible." : "Su cuenta no esta aprovisionada, por lo tanto el acceso a este servicio no es posible.", + "Login options:" : "Opciones de login:", + "Choose a authentication provider" : "Escoge un proveedor de autenticación" +}, +"nplurals=2; plural=(n != 1);"); diff --git a/docker/nextcloud/custom_apps/user_saml/l10n/es.json b/docker/nextcloud/custom_apps/user_saml/l10n/es.json new file mode 100644 index 0000000..7377f8e --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/l10n/es.json @@ -0,0 +1,87 @@ +{ "translations": { + "This user account is disabled, please contact your administrator." : "Esta cuenta de usuario está deshabilitada. Por favor, ponte en contacto con el administrador.", + "Saved" : "Guardado", + "Provider" : "Proveedor", + "Unknown error, please check the log file for more details." : "Error desconocido. Por favor, revisa el registro para más información.", + "Direct log in" : "Inicio de sesión directo", + "SSO & SAML log in" : "Inicio de sesión mediante SSO & SAML", + "This page should not be visited directly." : "No se debería visitar directamente esta página.", + "Provider " : "Proveedor", + "X.509 certificate of the Service Provider" : "Certificado X.509 del Proveedor de Servicio", + "Private key of the Service Provider" : "Clave privada del Proveedor de Servicio", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Indica que el nameID del enviado por este SP será cifrado.", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Indica si los mensajes enviados por este SP serán firmados. [Los metadatos del SP ofrecerán esta información]", + "Indicates whether the messages sent by this SP will be signed." : "Indica cuando los mensajes mandados por este SP serán firmados.", + "Indicates whether the messages sent by this SP will be signed." : "Indica cuando el mensaje es enviado por este SP será firmado.", + "Whether the metadata should be signed." : "Tal vez los metadatos deban ser firmados.", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Indica un requisito para los elementos , y recibidos por este SP a ser asignado.", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Indica un requisito de los elementos recibido por este SP para ser firmados. [Metadata del SP ofrecerá este información]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Indica un requisito para el elemento recibido por este SP para ser cifrado.", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Indica un requisito para que el elemento NameID en el SAMLResponse recibido por este SP esté presente.", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Indica un requisito para que el NameID recibido por este SP esté cifrado.", + "Indicates if the SP will validate all received XML." : "Indica si el SP validará todo el XML recibido.", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS URL-Cifra datos SAML en minúsculas, y el kit de herramientas usa mayúsculas por omisión. Active ADFS para compatibilidad en la firma de verificación.", + "Algorithm that the toolkit will use on signing process." : "El algoritmo que la herramienta usará en el proceso de firma.", + "Attribute to map the UID to." : "Atributo para definir la UID.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Permitir la autenticación solo si una cuenta existe en algún otro motor (LDAP, p. ej.).", + "Attribute to map the displayname to." : "Atributo para definir el nombre mostrado", + "Attribute to map the email address to." : "Atributo para definir la dirección de correo electrónico", + "Attribute to map the quota to." : "Atributo para asignar la cuota a.", + "Attribute to map the users groups to." : "Atributo para mapear los grupos de usuarios", + "Attribute to map the users home to." : "Atributo para mapear los grupos de usuarios", + "Email address" : "Dirección de correo", + "Encrypted" : "Cifrado", + "Entity" : "Entidad", + "Kerberos" : "Kerberos", + "Persistent" : "Persistente", + "Transient" : "Transitorio", + "Unspecified" : "No especificado", + "Windows domain qualified name" : "Nombre calificado de dominio Windows", + "X509 subject name" : "Nombre de asunto o sujeto X509", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Usar la autenticación SAML para los clientes de escritorio %s (necesita una re-autenticación del usuario)", + "Optional display name of the identity provider (default: \"SSO & SAML log in\")" : "Visualización opcional del nombre del proveedor de identidad (predeterminado: \"inicio de sesión de SSO y SAML\")", + "Allow the use of multiple user back-ends (e.g. LDAP)" : "Permitir el uso de back-ends de múltiples usuarios (por ejemplo, LDAP)", + "SSO & SAML authentication" : "Autenticación SSO & SAML", + "Authenticate using single sign-on" : "Autenticación usando single sign-on", + "Using the SSO & SAML app of your Nextcloud you can make it easily possible to integrate your existing Single-Sign-On solution with Nextcloud. In addition, you can use the Nextcloud LDAP user provider to keep the convenience for users. (e.g. when sharing)\nThe following providers are supported and tested at the moment:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Authentication via Environment Variable**\n\t* Kerberos (mod_auth_kerb)\n\t* Any other provider that authenticates using the environment variable\n\nWhile theoretically any other authentication provider implementing either one of those standards is compatible, we like to note that they are not part of any internal test matrix." : "Usando la app SSO y SAML en tu NextCloud puedes hacer posible integrar tu solución de single sign-on con Nextcloud. Además, puedes usar el proveedor de usuarios LDAP de NextCloud para mantener la conveniencia para usuarios (p. ej., al compartir).\nLos siguientes proveedores están soportados y han sido comprobados por el momentos:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n** Autenticación vía variable de entorno**\n\t* Kerberos (mod_auth_kerb)\n\t* Cualquier otro proveedor que autentique usando la variable de entorno\n\n\tMientras que teóricamente cualquier otro proveedor de autenticación que implemente cualquiera de estos estándares es compatible, queremos hacer notar que no son parte de ninguna matriz de prueba interna", + "Open documentation" : "Abrir documentación", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you enabled \"%s\" or you go directly to the URL %s." : "Asegúrate de configurar un usuario administrativo que puede acceder a la instancia vía SSO. Entrar con tu cuenta habitual %s no será ya posible, a no ser que hayas activado \"%s\" o vayas directamente a la URL %s.", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you go directly to the URL %s." : "Asegúrate de configurar un usuario administrativo que puede acceder a la instancia vía SSO. Entrar con tu cuenta habitual %s no será ya posible, a no ser que vayas directamente a la URL %s.", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Por favor elija si desea autenticar usando el proveedor SAML nativo en Nextcloud o si desea autenticar contra una variable del entorno.", + "Use built-in SAML authentication" : "Use la autenticación nativa SAML", + "Use environment variable" : "Usar variable de entorno", + "Global settings" : "Ajustes globales", + "Remove identity provider" : "Eliminar proveedor de identidad", + "Add identity provider" : "Añadir proveedor de identidad", + "General" : "General", + "Service Provider Data" : "Proovedor de Servicio de Datos", + "If your Service Provider should use certificates you can optionally specify them here." : "Si su proveedor de servicio usa certificados, se pueden opcionalmente especificar aquí.", + "Show Service Provider settings…" : "Mostrar configuración del Proveedor de servicio", + "Name ID format" : "Formato del ID de nombre", + "Identity Provider Data" : "Identificación del Proveedor de Datos", + "Configure your IdP settings here." : "Configura tus configuraciones de IdP aquí.", + "Identifier of the IdP entity (must be a URI)" : "Identificador de la entidad IdP (debe ser un URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "URL objetivo del IdP donde el SP mandará el Mensaje de Solicitud de Autenticación", + "Show optional Identity Provider settings…" : "Mostrar configuración del Proveedor de identidad opcional...", + "URL Location of the IdP where the SP will send the SLO Request" : "Dirección URL de el IdP donde el SP enviará las peticiones SLO", + "URL Location of the IDP's SLO Response" : "Dirección URL de la respuesta SLO del IDP", + "Public X.509 certificate of the IdP" : "Certificado público X.509 del IdP", + "Attribute mapping" : "Definición de atributos", + "If you want to optionally map attributes to the user you can configure these here." : "Si opcionalmente quieres mapear atributos al usuario puedes configurar éstos aquí.", + "Show attribute mapping settings…" : "Mostrar configuración de mapeado de atributos...", + "Security settings" : "Configuración de seguridad", + "For increased security we recommend enabling the following settings if supported by your environment." : "Para incrementar la seguridad recomendamos activar los siguientes ajustes si son soportados por su entorno.", + "Show security settings…" : "Mostrar configuración de seguridad...", + "Signatures and encryption offered" : "Firmas y cifrado ofrecido", + "Signatures and encryption required" : "Firmas y cifrado necesitado", + "Download metadata XML" : "Descargar metadatos en XML", + "Reset settings" : "Volver a configuración por defecto", + "Metadata invalid" : "Metadatos inválidos", + "Metadata valid" : "Metadatos válidos", + "Error" : "Error", + "Account not provisioned." : "Cuenta de usuario no aprovisionada.", + "Your account is not provisioned, access to this service is thus not possible." : "Su cuenta no esta aprovisionada, por lo tanto el acceso a este servicio no es posible.", + "Login options:" : "Opciones de login:", + "Choose a authentication provider" : "Escoge un proveedor de autenticación" +},"pluralForm" :"nplurals=2; plural=(n != 1);" +} \ No newline at end of file diff --git a/docker/nextcloud/custom_apps/user_saml/l10n/es_419.js b/docker/nextcloud/custom_apps/user_saml/l10n/es_419.js new file mode 100644 index 0000000..1dd4add --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/l10n/es_419.js @@ -0,0 +1,55 @@ +OC.L10N.register( + "user_saml", + { + "Saved" : "Guardado", + "X.509 certificate of the Service Provider" : "certificado X.509 del Proveedor de Servicio", + "Private key of the Service Provider" : "Llave privada del Proveedor de Servicio", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Indica que el nameID de enviado por este SP será encriptado. ", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Indica si los mensajes enviados por este SP serán firmados. [Los metadatos del SP proporcionarán esta información]", + "Indicates whether the messages sent by this SP will be signed." : "Indica si los mensjaes enviados por este SP serán firmados. ", + "Indicates whether the messages sent by this SP will be signed." : "Indica is los mensajes enviados por este SP serán firmados. ", + "Whether the metadata should be signed." : "Si los metadatos deben ser firmados o no. ", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Indica un requerimiento para que los elementos recibidos , y por este SP sean firmados. ", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Indica un requerimiento para que los elementos recibidos de este SP sean firmados. [Los metadatos del SP proporcionarán esta información]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Indica un requerimiento para que los elelemtnos recibidos de este SP sean encriptados. ", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Indica un requerimiento para que el elemento NameID en la SAMLResponse recibida por este SP esté presente. ", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Indica que un requerimiento para el NameID recibido por este SP está encriptado.", + "Indicates if the SP will validate all received XML." : "Indica si el SP validará todos el XML recibido. ", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS URL-Codifica los datos SAML como minúsculas, y el juego de herramientas usa mayúsculas por defecto. Habilita para tener compatibilidad con ADFS en la verificación de la firma.", + "Attribute to map the UID to." : "Atributo a mapear al UID.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Sólo permitir la autenticación si la cuenta exite en algún otro backend. (p. ej. LDAP)", + "Attribute to map the displayname to." : "Atributo a mapear a displayname. ", + "Attribute to map the email address to." : "Atributo a mapear a email address.", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Por favor usa autenticación SAML para los %s clientes de escritorio (se requiere volver a autenticar)", + "SSO & SAML authentication" : "Autenticación SSO & SAML", + "Open documentation" : "Abrir documentación", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Por favor selecciona si deseas autenticarte usando el proveedor integrado SAML de Nextcloud o si deseas autenticarte contra una variable de ambiente. ", + "Use built-in SAML authentication" : "Usar autenticación SAML integrada", + "Use environment variable" : "Usar la variable de ambiente", + "General" : "General", + "Service Provider Data" : "Datos del Proveedor de Servicio", + "If your Service Provider should use certificates you can optionally specify them here." : "Si tu Proveedor de Servicio debe usar certificados, puedes especificarlos opcionalmente desde aquí.", + "Show Service Provider settings…" : "Mostrar las configuraciones de Proveedor de Servicio...", + "Identity Provider Data" : "Datos del Proveedor de Identidad", + "Configure your IdP settings here." : "Configura las configuraciones de IdP aquí. ", + "Identifier of the IdP entity (must be a URI)" : "Identificador de la entidad IdP (debe ser un URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "URL Destino del IdP donde el SP enviará automaticamente el Mensaje de Solicitud de Autenticación", + "Show optional Identity Provider settings…" : "Mostrar las configuraciones opcionales del Proveedor de Identidad...", + "URL Location of the IdP where the SP will send the SLO Request" : "Ubicación del URL del IdP donde el SP enviará la Solicitud SLO", + "Public X.509 certificate of the IdP" : "Certificado X.509 público del IdP", + "Attribute mapping" : "Mapeo del atributo", + "If you want to optionally map attributes to the user you can configure these here." : "SI opcionalmente quieres mapear los atributos del usuario, puedes configurarlos aquí.", + "Show attribute mapping settings…" : "Mostrar las configuraciones del mapeo de atributos...", + "Security settings" : "Configuraciones de seguridad", + "For increased security we recommend enabling the following settings if supported by your environment." : "Para mayor seguridad te recomendamos habilitar las siguientes configuraciones si están soportados en tu ambiente.", + "Show security settings…" : "Mostrar las configuraciones de seguridad...", + "Signatures and encryption offered" : "Firmas y encripción disponibles", + "Signatures and encryption required" : "Firmas y encripción requeridos", + "Download metadata XML" : "Descargar metadatos XML", + "Metadata invalid" : "Metadatos inválidos", + "Metadata valid" : "Metadatos válidos", + "Error" : "Error", + "Account not provisioned." : "La cuenta no está aprovisionada. ", + "Your account is not provisioned, access to this service is thus not possible." : "Tu cuenta no ha sido aprovisionada, por lo cual el acceso a este servico no es posible. " +}, +"nplurals=2; plural=(n != 1);"); diff --git a/docker/nextcloud/custom_apps/user_saml/l10n/es_419.json b/docker/nextcloud/custom_apps/user_saml/l10n/es_419.json new file mode 100644 index 0000000..d7b0780 --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/l10n/es_419.json @@ -0,0 +1,53 @@ +{ "translations": { + "Saved" : "Guardado", + "X.509 certificate of the Service Provider" : "certificado X.509 del Proveedor de Servicio", + "Private key of the Service Provider" : "Llave privada del Proveedor de Servicio", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Indica que el nameID de enviado por este SP será encriptado. ", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Indica si los mensajes enviados por este SP serán firmados. [Los metadatos del SP proporcionarán esta información]", + "Indicates whether the messages sent by this SP will be signed." : "Indica si los mensjaes enviados por este SP serán firmados. ", + "Indicates whether the messages sent by this SP will be signed." : "Indica is los mensajes enviados por este SP serán firmados. ", + "Whether the metadata should be signed." : "Si los metadatos deben ser firmados o no. ", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Indica un requerimiento para que los elementos recibidos , y por este SP sean firmados. ", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Indica un requerimiento para que los elementos recibidos de este SP sean firmados. [Los metadatos del SP proporcionarán esta información]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Indica un requerimiento para que los elelemtnos recibidos de este SP sean encriptados. ", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Indica un requerimiento para que el elemento NameID en la SAMLResponse recibida por este SP esté presente. ", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Indica que un requerimiento para el NameID recibido por este SP está encriptado.", + "Indicates if the SP will validate all received XML." : "Indica si el SP validará todos el XML recibido. ", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS URL-Codifica los datos SAML como minúsculas, y el juego de herramientas usa mayúsculas por defecto. Habilita para tener compatibilidad con ADFS en la verificación de la firma.", + "Attribute to map the UID to." : "Atributo a mapear al UID.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Sólo permitir la autenticación si la cuenta exite en algún otro backend. (p. ej. LDAP)", + "Attribute to map the displayname to." : "Atributo a mapear a displayname. ", + "Attribute to map the email address to." : "Atributo a mapear a email address.", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Por favor usa autenticación SAML para los %s clientes de escritorio (se requiere volver a autenticar)", + "SSO & SAML authentication" : "Autenticación SSO & SAML", + "Open documentation" : "Abrir documentación", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Por favor selecciona si deseas autenticarte usando el proveedor integrado SAML de Nextcloud o si deseas autenticarte contra una variable de ambiente. ", + "Use built-in SAML authentication" : "Usar autenticación SAML integrada", + "Use environment variable" : "Usar la variable de ambiente", + "General" : "General", + "Service Provider Data" : "Datos del Proveedor de Servicio", + "If your Service Provider should use certificates you can optionally specify them here." : "Si tu Proveedor de Servicio debe usar certificados, puedes especificarlos opcionalmente desde aquí.", + "Show Service Provider settings…" : "Mostrar las configuraciones de Proveedor de Servicio...", + "Identity Provider Data" : "Datos del Proveedor de Identidad", + "Configure your IdP settings here." : "Configura las configuraciones de IdP aquí. ", + "Identifier of the IdP entity (must be a URI)" : "Identificador de la entidad IdP (debe ser un URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "URL Destino del IdP donde el SP enviará automaticamente el Mensaje de Solicitud de Autenticación", + "Show optional Identity Provider settings…" : "Mostrar las configuraciones opcionales del Proveedor de Identidad...", + "URL Location of the IdP where the SP will send the SLO Request" : "Ubicación del URL del IdP donde el SP enviará la Solicitud SLO", + "Public X.509 certificate of the IdP" : "Certificado X.509 público del IdP", + "Attribute mapping" : "Mapeo del atributo", + "If you want to optionally map attributes to the user you can configure these here." : "SI opcionalmente quieres mapear los atributos del usuario, puedes configurarlos aquí.", + "Show attribute mapping settings…" : "Mostrar las configuraciones del mapeo de atributos...", + "Security settings" : "Configuraciones de seguridad", + "For increased security we recommend enabling the following settings if supported by your environment." : "Para mayor seguridad te recomendamos habilitar las siguientes configuraciones si están soportados en tu ambiente.", + "Show security settings…" : "Mostrar las configuraciones de seguridad...", + "Signatures and encryption offered" : "Firmas y encripción disponibles", + "Signatures and encryption required" : "Firmas y encripción requeridos", + "Download metadata XML" : "Descargar metadatos XML", + "Metadata invalid" : "Metadatos inválidos", + "Metadata valid" : "Metadatos válidos", + "Error" : "Error", + "Account not provisioned." : "La cuenta no está aprovisionada. ", + "Your account is not provisioned, access to this service is thus not possible." : "Tu cuenta no ha sido aprovisionada, por lo cual el acceso a este servico no es posible. " +},"pluralForm" :"nplurals=2; plural=(n != 1);" +} \ No newline at end of file diff --git a/docker/nextcloud/custom_apps/user_saml/l10n/es_AR.js b/docker/nextcloud/custom_apps/user_saml/l10n/es_AR.js new file mode 100644 index 0000000..be98365 --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/l10n/es_AR.js @@ -0,0 +1,50 @@ +OC.L10N.register( + "user_saml", + { + "Saved" : "Guardado", + "X.509 certificate of the Service Provider" : "certificado X.509 del Proveedor de Servicio", + "Private key of the Service Provider" : "Llave privada del Proveedor de Servicio", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Indica que el nameID de enviado por este SP será encriptado. ", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Indica si los mensajes enviados por este SP serán firmados. [Los metadatos del SP proporcionarán esta información]", + "Indicates whether the messages sent by this SP will be signed." : "Indica si los mensjaes enviados por este SP serán firmados. ", + "Indicates whether the messages sent by this SP will be signed." : "Indica is los mensajes enviados por este SP serán firmados. ", + "Whether the metadata should be signed." : "Si los metadatos deben ser firmados o no. ", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Indica un requerimiento para que los elementos recibidos , y por este SP sean firmados. ", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Indica un requerimientos para que los elementos recibidos por este SP para ser firmados. [Los metadatos del SP proporcionarán esta información]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Indica un requerimiento para que los elelemtnos recibidos de este SP sean encriptados. ", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Indica un requerimiento para que el elemento NameID en la SAMLResponse recibida por este SP esté presente. ", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Indica que un requerimiento para el NameID recibido por este SP está encriptado.", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS URL-Codifica los datos SAML como minúsculas, y el juego de herramientas usa mayúsculas por defecto. Habilite para tener compatibilidad con ADFS en la verificacón de la firma.", + "Attribute to map the UID to." : "Atributo a mapear al UID.", + "Attribute to map the displayname to." : "Atributo a mapear a displayname. ", + "Attribute to map the email address to." : "Atributo a mapear a email address.", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Favor de usar autenticación SAML para los %s clientes de escritorio (se requiere volver a autenticar)", + "SSO & SAML authentication" : "Autenticación SSO & SAML", + "Open documentation" : "Abrir documentación", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Favor de seleccionar si usted desdea autenticarse usando el proveedor integrado SAML de Nextcloud o si desdea autenticarse contra una variable de ambiente. ", + "Use built-in SAML authentication" : "Usar autenticación SAML integrada", + "Use environment variable" : "Usar la variable de ambiente", + "Remove identity provider" : "Eliminar proveedor de identidad", + "Add identity provider" : "Añadir proveedor de identidad", + "General" : "General", + "Service Provider Data" : "Datos del Proveedor de Servicio", + "If your Service Provider should use certificates you can optionally specify them here." : "Si su Proveedor de Servicio debe usar certificados, usted puede especificarlos opcionalmente desde aquí.", + "Identity Provider Data" : "Datos del Proveedor de Identidad", + "Configure your IdP settings here." : "Configure los configuraciones de IdP aquí. ", + "Identifier of the IdP entity (must be a URI)" : "Identificador de la entidad IdP (debe ser un URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "URL Destino del IdP donde el SP enviará automaticamente el Mensaje de Solicitud de Autenticación", + "URL Location of the IdP where the SP will send the SLO Request" : "Ubicación del URL del IdP donde el SP enviará la Solicitud SLO", + "Public X.509 certificate of the IdP" : "Certificado X.509 público del IdP", + "Attribute mapping" : "Mapeo del atributo", + "Security settings" : "Configuraciones de seguridad", + "For increased security we recommend enabling the following settings if supported by your environment." : "Para mayor seguridad le recomendamos habilitar las siguientes configuraciones si están soportados en su ambiente.", + "Signatures and encryption offered" : "Firmas y encripción disponibles", + "Signatures and encryption required" : "Firmas y encripción requeridos", + "Download metadata XML" : "Descargar metadatos XML", + "Metadata invalid" : "Metadatos inválidos", + "Metadata valid" : "Metadatos válidos", + "Error" : "Error", + "Account not provisioned." : "La cuenta no está aprovisionada. ", + "Your account is not provisioned, access to this service is thus not possible." : "Su cuenta no ha sido aprovisionada, por lo cual el acceso a este servico no es posible. " +}, +"nplurals=2; plural=(n != 1);"); diff --git a/docker/nextcloud/custom_apps/user_saml/l10n/es_AR.json b/docker/nextcloud/custom_apps/user_saml/l10n/es_AR.json new file mode 100644 index 0000000..f2aa945 --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/l10n/es_AR.json @@ -0,0 +1,48 @@ +{ "translations": { + "Saved" : "Guardado", + "X.509 certificate of the Service Provider" : "certificado X.509 del Proveedor de Servicio", + "Private key of the Service Provider" : "Llave privada del Proveedor de Servicio", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Indica que el nameID de enviado por este SP será encriptado. ", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Indica si los mensajes enviados por este SP serán firmados. [Los metadatos del SP proporcionarán esta información]", + "Indicates whether the messages sent by this SP will be signed." : "Indica si los mensjaes enviados por este SP serán firmados. ", + "Indicates whether the messages sent by this SP will be signed." : "Indica is los mensajes enviados por este SP serán firmados. ", + "Whether the metadata should be signed." : "Si los metadatos deben ser firmados o no. ", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Indica un requerimiento para que los elementos recibidos , y por este SP sean firmados. ", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Indica un requerimientos para que los elementos recibidos por este SP para ser firmados. [Los metadatos del SP proporcionarán esta información]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Indica un requerimiento para que los elelemtnos recibidos de este SP sean encriptados. ", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Indica un requerimiento para que el elemento NameID en la SAMLResponse recibida por este SP esté presente. ", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Indica que un requerimiento para el NameID recibido por este SP está encriptado.", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS URL-Codifica los datos SAML como minúsculas, y el juego de herramientas usa mayúsculas por defecto. Habilite para tener compatibilidad con ADFS en la verificacón de la firma.", + "Attribute to map the UID to." : "Atributo a mapear al UID.", + "Attribute to map the displayname to." : "Atributo a mapear a displayname. ", + "Attribute to map the email address to." : "Atributo a mapear a email address.", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Favor de usar autenticación SAML para los %s clientes de escritorio (se requiere volver a autenticar)", + "SSO & SAML authentication" : "Autenticación SSO & SAML", + "Open documentation" : "Abrir documentación", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Favor de seleccionar si usted desdea autenticarse usando el proveedor integrado SAML de Nextcloud o si desdea autenticarse contra una variable de ambiente. ", + "Use built-in SAML authentication" : "Usar autenticación SAML integrada", + "Use environment variable" : "Usar la variable de ambiente", + "Remove identity provider" : "Eliminar proveedor de identidad", + "Add identity provider" : "Añadir proveedor de identidad", + "General" : "General", + "Service Provider Data" : "Datos del Proveedor de Servicio", + "If your Service Provider should use certificates you can optionally specify them here." : "Si su Proveedor de Servicio debe usar certificados, usted puede especificarlos opcionalmente desde aquí.", + "Identity Provider Data" : "Datos del Proveedor de Identidad", + "Configure your IdP settings here." : "Configure los configuraciones de IdP aquí. ", + "Identifier of the IdP entity (must be a URI)" : "Identificador de la entidad IdP (debe ser un URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "URL Destino del IdP donde el SP enviará automaticamente el Mensaje de Solicitud de Autenticación", + "URL Location of the IdP where the SP will send the SLO Request" : "Ubicación del URL del IdP donde el SP enviará la Solicitud SLO", + "Public X.509 certificate of the IdP" : "Certificado X.509 público del IdP", + "Attribute mapping" : "Mapeo del atributo", + "Security settings" : "Configuraciones de seguridad", + "For increased security we recommend enabling the following settings if supported by your environment." : "Para mayor seguridad le recomendamos habilitar las siguientes configuraciones si están soportados en su ambiente.", + "Signatures and encryption offered" : "Firmas y encripción disponibles", + "Signatures and encryption required" : "Firmas y encripción requeridos", + "Download metadata XML" : "Descargar metadatos XML", + "Metadata invalid" : "Metadatos inválidos", + "Metadata valid" : "Metadatos válidos", + "Error" : "Error", + "Account not provisioned." : "La cuenta no está aprovisionada. ", + "Your account is not provisioned, access to this service is thus not possible." : "Su cuenta no ha sido aprovisionada, por lo cual el acceso a este servico no es posible. " +},"pluralForm" :"nplurals=2; plural=(n != 1);" +} \ No newline at end of file diff --git a/docker/nextcloud/custom_apps/user_saml/l10n/es_CL.js b/docker/nextcloud/custom_apps/user_saml/l10n/es_CL.js new file mode 100644 index 0000000..8d68fca --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/l10n/es_CL.js @@ -0,0 +1,63 @@ +OC.L10N.register( + "user_saml", + { + "This user account is disabled, please contact your administrator." : "Esta cuenta de usuario se encuentra deshabilitada, por favor contacta a tu administrador.", + "Saved" : "Guardado", + "Unknown error, please check the log file for more details." : "Error desonocido, por favor revisa el archivo de bitácora para más detalles.", + "Direct log in" : "Inicio de sesión directo", + "SSO & SAML log in" : "Inicio de sesión SSO & SAML", + "X.509 certificate of the Service Provider" : "certificado X.509 del Proveedor de Servicio", + "Private key of the Service Provider" : "Llave privada del Proveedor de Servicio", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Indica que el nameID de enviado por este SP será encriptado. ", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Indica si los mensajes enviados por este SP serán firmados. [Los metadatos del SP proporcionarán esta información]", + "Indicates whether the messages sent by this SP will be signed." : "Indica si los mensjaes enviados por este SP serán firmados. ", + "Indicates whether the messages sent by this SP will be signed." : "Indica is los mensajes enviados por este SP serán firmados. ", + "Whether the metadata should be signed." : "Si los metadatos deben ser firmados o no. ", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Indica un requerimiento para que los elementos recibidos , y por este SP sean firmados. ", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Indica un requerimiento para que los elementos recibidos de este SP sean firmados. [Los metadatos del SP proporcionarán esta información]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Indica un requerimiento para que los elelemtnos recibidos de este SP sean encriptados. ", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Indica un requerimiento para que el elemento NameID en la SAMLResponse recibida por este SP esté presente. ", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Indica que un requerimiento para el NameID recibido por este SP está encriptado.", + "Indicates if the SP will validate all received XML." : "Indica si el SP validará todos el XML recibido. ", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS URL-Codifica los datos SAML como minúsculas, y el juego de herramientas usa mayúsculas por defecto. Habilita para tener compatibilidad con ADFS en la verificación de la firma.", + "Attribute to map the UID to." : "Atributo a mapear al UID.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Sólo permitir la autenticación si la cuenta exite en algún otro backend. (p. ej. LDAP)", + "Attribute to map the displayname to." : "Atributo a mapear a displayname. ", + "Attribute to map the email address to." : "Atributo a mapear a email address.", + "Attribute to map the quota to." : "Atributo al cual mapear la cuota. ", + "Attribute to map the users groups to." : "Atributo de correspondiencia de grupos de usuarios.", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Por favor usa autenticación SAML para los %s clientes de escritorio (se requiere volver a autenticar)", + "Optional display name of the identity provider (default: \"SSO & SAML log in\")" : "Nombre a desplegar opcional de la identidad del proveedor (valor por omisión: \"Inicio de sesión SSO & SAML\")", + "Allow the use of multiple user back-ends (e.g. LDAP)" : "Permitir el uso de múltiples sistemas de back-end de usuario (p. ej. LDAP)", + "SSO & SAML authentication" : "Autenticación SSO & SAML", + "Open documentation" : "Abrir documentación", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Por favor selecciona si deseas autenticarte usando el proveedor integrado SAML de Nextcloud o si deseas autenticarte contra una variable de ambiente. ", + "Use built-in SAML authentication" : "Usar autenticación SAML integrada", + "Use environment variable" : "Usar la variable de ambiente", + "General" : "General", + "Service Provider Data" : "Datos del Proveedor de Servicio", + "If your Service Provider should use certificates you can optionally specify them here." : "Si tu Proveedor de Servicio debe usar certificados, puedes especificarlos opcionalmente desde aquí.", + "Show Service Provider settings…" : "Mostrar las configuraciones de Proveedor de Servicio...", + "Identity Provider Data" : "Datos del Proveedor de Identidad", + "Configure your IdP settings here." : "Configura las configuraciones de IdP aquí. ", + "Identifier of the IdP entity (must be a URI)" : "Identificador de la entidad IdP (debe ser un URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "URL Destino del IdP donde el SP enviará automaticamente el Mensaje de Solicitud de Autenticación", + "Show optional Identity Provider settings…" : "Mostrar las configuraciones opcionales del Proveedor de Identidad...", + "URL Location of the IdP where the SP will send the SLO Request" : "Ubicación del URL del IdP donde el SP enviará la Solicitud SLO", + "Public X.509 certificate of the IdP" : "Certificado X.509 público del IdP", + "Attribute mapping" : "Mapeo del atributo", + "If you want to optionally map attributes to the user you can configure these here." : "SI opcionalmente quieres mapear los atributos del usuario, puedes configurarlos aquí.", + "Show attribute mapping settings…" : "Mostrar las configuraciones del mapeo de atributos...", + "Security settings" : "Configuraciones de seguridad", + "For increased security we recommend enabling the following settings if supported by your environment." : "Para mayor seguridad te recomendamos habilitar las siguientes configuraciones si están soportados en tu ambiente.", + "Show security settings…" : "Mostrar las configuraciones de seguridad...", + "Signatures and encryption offered" : "Firmas y encripción disponibles", + "Signatures and encryption required" : "Firmas y encripción requeridos", + "Download metadata XML" : "Descargar metadatos XML", + "Metadata invalid" : "Metadatos inválidos", + "Metadata valid" : "Metadatos válidos", + "Error" : "Error", + "Account not provisioned." : "La cuenta no está aprovisionada. ", + "Your account is not provisioned, access to this service is thus not possible." : "Tu cuenta no ha sido aprovisionada, por lo cual el acceso a este servico no es posible. " +}, +"nplurals=2; plural=(n != 1);"); diff --git a/docker/nextcloud/custom_apps/user_saml/l10n/es_CL.json b/docker/nextcloud/custom_apps/user_saml/l10n/es_CL.json new file mode 100644 index 0000000..37aa268 --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/l10n/es_CL.json @@ -0,0 +1,61 @@ +{ "translations": { + "This user account is disabled, please contact your administrator." : "Esta cuenta de usuario se encuentra deshabilitada, por favor contacta a tu administrador.", + "Saved" : "Guardado", + "Unknown error, please check the log file for more details." : "Error desonocido, por favor revisa el archivo de bitácora para más detalles.", + "Direct log in" : "Inicio de sesión directo", + "SSO & SAML log in" : "Inicio de sesión SSO & SAML", + "X.509 certificate of the Service Provider" : "certificado X.509 del Proveedor de Servicio", + "Private key of the Service Provider" : "Llave privada del Proveedor de Servicio", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Indica que el nameID de enviado por este SP será encriptado. ", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Indica si los mensajes enviados por este SP serán firmados. [Los metadatos del SP proporcionarán esta información]", + "Indicates whether the messages sent by this SP will be signed." : "Indica si los mensjaes enviados por este SP serán firmados. ", + "Indicates whether the messages sent by this SP will be signed." : "Indica is los mensajes enviados por este SP serán firmados. ", + "Whether the metadata should be signed." : "Si los metadatos deben ser firmados o no. ", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Indica un requerimiento para que los elementos recibidos , y por este SP sean firmados. ", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Indica un requerimiento para que los elementos recibidos de este SP sean firmados. [Los metadatos del SP proporcionarán esta información]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Indica un requerimiento para que los elelemtnos recibidos de este SP sean encriptados. ", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Indica un requerimiento para que el elemento NameID en la SAMLResponse recibida por este SP esté presente. ", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Indica que un requerimiento para el NameID recibido por este SP está encriptado.", + "Indicates if the SP will validate all received XML." : "Indica si el SP validará todos el XML recibido. ", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS URL-Codifica los datos SAML como minúsculas, y el juego de herramientas usa mayúsculas por defecto. Habilita para tener compatibilidad con ADFS en la verificación de la firma.", + "Attribute to map the UID to." : "Atributo a mapear al UID.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Sólo permitir la autenticación si la cuenta exite en algún otro backend. (p. ej. LDAP)", + "Attribute to map the displayname to." : "Atributo a mapear a displayname. ", + "Attribute to map the email address to." : "Atributo a mapear a email address.", + "Attribute to map the quota to." : "Atributo al cual mapear la cuota. ", + "Attribute to map the users groups to." : "Atributo de correspondiencia de grupos de usuarios.", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Por favor usa autenticación SAML para los %s clientes de escritorio (se requiere volver a autenticar)", + "Optional display name of the identity provider (default: \"SSO & SAML log in\")" : "Nombre a desplegar opcional de la identidad del proveedor (valor por omisión: \"Inicio de sesión SSO & SAML\")", + "Allow the use of multiple user back-ends (e.g. LDAP)" : "Permitir el uso de múltiples sistemas de back-end de usuario (p. ej. LDAP)", + "SSO & SAML authentication" : "Autenticación SSO & SAML", + "Open documentation" : "Abrir documentación", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Por favor selecciona si deseas autenticarte usando el proveedor integrado SAML de Nextcloud o si deseas autenticarte contra una variable de ambiente. ", + "Use built-in SAML authentication" : "Usar autenticación SAML integrada", + "Use environment variable" : "Usar la variable de ambiente", + "General" : "General", + "Service Provider Data" : "Datos del Proveedor de Servicio", + "If your Service Provider should use certificates you can optionally specify them here." : "Si tu Proveedor de Servicio debe usar certificados, puedes especificarlos opcionalmente desde aquí.", + "Show Service Provider settings…" : "Mostrar las configuraciones de Proveedor de Servicio...", + "Identity Provider Data" : "Datos del Proveedor de Identidad", + "Configure your IdP settings here." : "Configura las configuraciones de IdP aquí. ", + "Identifier of the IdP entity (must be a URI)" : "Identificador de la entidad IdP (debe ser un URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "URL Destino del IdP donde el SP enviará automaticamente el Mensaje de Solicitud de Autenticación", + "Show optional Identity Provider settings…" : "Mostrar las configuraciones opcionales del Proveedor de Identidad...", + "URL Location of the IdP where the SP will send the SLO Request" : "Ubicación del URL del IdP donde el SP enviará la Solicitud SLO", + "Public X.509 certificate of the IdP" : "Certificado X.509 público del IdP", + "Attribute mapping" : "Mapeo del atributo", + "If you want to optionally map attributes to the user you can configure these here." : "SI opcionalmente quieres mapear los atributos del usuario, puedes configurarlos aquí.", + "Show attribute mapping settings…" : "Mostrar las configuraciones del mapeo de atributos...", + "Security settings" : "Configuraciones de seguridad", + "For increased security we recommend enabling the following settings if supported by your environment." : "Para mayor seguridad te recomendamos habilitar las siguientes configuraciones si están soportados en tu ambiente.", + "Show security settings…" : "Mostrar las configuraciones de seguridad...", + "Signatures and encryption offered" : "Firmas y encripción disponibles", + "Signatures and encryption required" : "Firmas y encripción requeridos", + "Download metadata XML" : "Descargar metadatos XML", + "Metadata invalid" : "Metadatos inválidos", + "Metadata valid" : "Metadatos válidos", + "Error" : "Error", + "Account not provisioned." : "La cuenta no está aprovisionada. ", + "Your account is not provisioned, access to this service is thus not possible." : "Tu cuenta no ha sido aprovisionada, por lo cual el acceso a este servico no es posible. " +},"pluralForm" :"nplurals=2; plural=(n != 1);" +} \ No newline at end of file diff --git a/docker/nextcloud/custom_apps/user_saml/l10n/es_CO.js b/docker/nextcloud/custom_apps/user_saml/l10n/es_CO.js new file mode 100644 index 0000000..8d68fca --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/l10n/es_CO.js @@ -0,0 +1,63 @@ +OC.L10N.register( + "user_saml", + { + "This user account is disabled, please contact your administrator." : "Esta cuenta de usuario se encuentra deshabilitada, por favor contacta a tu administrador.", + "Saved" : "Guardado", + "Unknown error, please check the log file for more details." : "Error desonocido, por favor revisa el archivo de bitácora para más detalles.", + "Direct log in" : "Inicio de sesión directo", + "SSO & SAML log in" : "Inicio de sesión SSO & SAML", + "X.509 certificate of the Service Provider" : "certificado X.509 del Proveedor de Servicio", + "Private key of the Service Provider" : "Llave privada del Proveedor de Servicio", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Indica que el nameID de enviado por este SP será encriptado. ", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Indica si los mensajes enviados por este SP serán firmados. [Los metadatos del SP proporcionarán esta información]", + "Indicates whether the messages sent by this SP will be signed." : "Indica si los mensjaes enviados por este SP serán firmados. ", + "Indicates whether the messages sent by this SP will be signed." : "Indica is los mensajes enviados por este SP serán firmados. ", + "Whether the metadata should be signed." : "Si los metadatos deben ser firmados o no. ", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Indica un requerimiento para que los elementos recibidos , y por este SP sean firmados. ", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Indica un requerimiento para que los elementos recibidos de este SP sean firmados. [Los metadatos del SP proporcionarán esta información]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Indica un requerimiento para que los elelemtnos recibidos de este SP sean encriptados. ", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Indica un requerimiento para que el elemento NameID en la SAMLResponse recibida por este SP esté presente. ", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Indica que un requerimiento para el NameID recibido por este SP está encriptado.", + "Indicates if the SP will validate all received XML." : "Indica si el SP validará todos el XML recibido. ", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS URL-Codifica los datos SAML como minúsculas, y el juego de herramientas usa mayúsculas por defecto. Habilita para tener compatibilidad con ADFS en la verificación de la firma.", + "Attribute to map the UID to." : "Atributo a mapear al UID.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Sólo permitir la autenticación si la cuenta exite en algún otro backend. (p. ej. LDAP)", + "Attribute to map the displayname to." : "Atributo a mapear a displayname. ", + "Attribute to map the email address to." : "Atributo a mapear a email address.", + "Attribute to map the quota to." : "Atributo al cual mapear la cuota. ", + "Attribute to map the users groups to." : "Atributo de correspondiencia de grupos de usuarios.", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Por favor usa autenticación SAML para los %s clientes de escritorio (se requiere volver a autenticar)", + "Optional display name of the identity provider (default: \"SSO & SAML log in\")" : "Nombre a desplegar opcional de la identidad del proveedor (valor por omisión: \"Inicio de sesión SSO & SAML\")", + "Allow the use of multiple user back-ends (e.g. LDAP)" : "Permitir el uso de múltiples sistemas de back-end de usuario (p. ej. LDAP)", + "SSO & SAML authentication" : "Autenticación SSO & SAML", + "Open documentation" : "Abrir documentación", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Por favor selecciona si deseas autenticarte usando el proveedor integrado SAML de Nextcloud o si deseas autenticarte contra una variable de ambiente. ", + "Use built-in SAML authentication" : "Usar autenticación SAML integrada", + "Use environment variable" : "Usar la variable de ambiente", + "General" : "General", + "Service Provider Data" : "Datos del Proveedor de Servicio", + "If your Service Provider should use certificates you can optionally specify them here." : "Si tu Proveedor de Servicio debe usar certificados, puedes especificarlos opcionalmente desde aquí.", + "Show Service Provider settings…" : "Mostrar las configuraciones de Proveedor de Servicio...", + "Identity Provider Data" : "Datos del Proveedor de Identidad", + "Configure your IdP settings here." : "Configura las configuraciones de IdP aquí. ", + "Identifier of the IdP entity (must be a URI)" : "Identificador de la entidad IdP (debe ser un URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "URL Destino del IdP donde el SP enviará automaticamente el Mensaje de Solicitud de Autenticación", + "Show optional Identity Provider settings…" : "Mostrar las configuraciones opcionales del Proveedor de Identidad...", + "URL Location of the IdP where the SP will send the SLO Request" : "Ubicación del URL del IdP donde el SP enviará la Solicitud SLO", + "Public X.509 certificate of the IdP" : "Certificado X.509 público del IdP", + "Attribute mapping" : "Mapeo del atributo", + "If you want to optionally map attributes to the user you can configure these here." : "SI opcionalmente quieres mapear los atributos del usuario, puedes configurarlos aquí.", + "Show attribute mapping settings…" : "Mostrar las configuraciones del mapeo de atributos...", + "Security settings" : "Configuraciones de seguridad", + "For increased security we recommend enabling the following settings if supported by your environment." : "Para mayor seguridad te recomendamos habilitar las siguientes configuraciones si están soportados en tu ambiente.", + "Show security settings…" : "Mostrar las configuraciones de seguridad...", + "Signatures and encryption offered" : "Firmas y encripción disponibles", + "Signatures and encryption required" : "Firmas y encripción requeridos", + "Download metadata XML" : "Descargar metadatos XML", + "Metadata invalid" : "Metadatos inválidos", + "Metadata valid" : "Metadatos válidos", + "Error" : "Error", + "Account not provisioned." : "La cuenta no está aprovisionada. ", + "Your account is not provisioned, access to this service is thus not possible." : "Tu cuenta no ha sido aprovisionada, por lo cual el acceso a este servico no es posible. " +}, +"nplurals=2; plural=(n != 1);"); diff --git a/docker/nextcloud/custom_apps/user_saml/l10n/es_CO.json b/docker/nextcloud/custom_apps/user_saml/l10n/es_CO.json new file mode 100644 index 0000000..37aa268 --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/l10n/es_CO.json @@ -0,0 +1,61 @@ +{ "translations": { + "This user account is disabled, please contact your administrator." : "Esta cuenta de usuario se encuentra deshabilitada, por favor contacta a tu administrador.", + "Saved" : "Guardado", + "Unknown error, please check the log file for more details." : "Error desonocido, por favor revisa el archivo de bitácora para más detalles.", + "Direct log in" : "Inicio de sesión directo", + "SSO & SAML log in" : "Inicio de sesión SSO & SAML", + "X.509 certificate of the Service Provider" : "certificado X.509 del Proveedor de Servicio", + "Private key of the Service Provider" : "Llave privada del Proveedor de Servicio", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Indica que el nameID de enviado por este SP será encriptado. ", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Indica si los mensajes enviados por este SP serán firmados. [Los metadatos del SP proporcionarán esta información]", + "Indicates whether the messages sent by this SP will be signed." : "Indica si los mensjaes enviados por este SP serán firmados. ", + "Indicates whether the messages sent by this SP will be signed." : "Indica is los mensajes enviados por este SP serán firmados. ", + "Whether the metadata should be signed." : "Si los metadatos deben ser firmados o no. ", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Indica un requerimiento para que los elementos recibidos , y por este SP sean firmados. ", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Indica un requerimiento para que los elementos recibidos de este SP sean firmados. [Los metadatos del SP proporcionarán esta información]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Indica un requerimiento para que los elelemtnos recibidos de este SP sean encriptados. ", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Indica un requerimiento para que el elemento NameID en la SAMLResponse recibida por este SP esté presente. ", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Indica que un requerimiento para el NameID recibido por este SP está encriptado.", + "Indicates if the SP will validate all received XML." : "Indica si el SP validará todos el XML recibido. ", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS URL-Codifica los datos SAML como minúsculas, y el juego de herramientas usa mayúsculas por defecto. Habilita para tener compatibilidad con ADFS en la verificación de la firma.", + "Attribute to map the UID to." : "Atributo a mapear al UID.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Sólo permitir la autenticación si la cuenta exite en algún otro backend. (p. ej. LDAP)", + "Attribute to map the displayname to." : "Atributo a mapear a displayname. ", + "Attribute to map the email address to." : "Atributo a mapear a email address.", + "Attribute to map the quota to." : "Atributo al cual mapear la cuota. ", + "Attribute to map the users groups to." : "Atributo de correspondiencia de grupos de usuarios.", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Por favor usa autenticación SAML para los %s clientes de escritorio (se requiere volver a autenticar)", + "Optional display name of the identity provider (default: \"SSO & SAML log in\")" : "Nombre a desplegar opcional de la identidad del proveedor (valor por omisión: \"Inicio de sesión SSO & SAML\")", + "Allow the use of multiple user back-ends (e.g. LDAP)" : "Permitir el uso de múltiples sistemas de back-end de usuario (p. ej. LDAP)", + "SSO & SAML authentication" : "Autenticación SSO & SAML", + "Open documentation" : "Abrir documentación", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Por favor selecciona si deseas autenticarte usando el proveedor integrado SAML de Nextcloud o si deseas autenticarte contra una variable de ambiente. ", + "Use built-in SAML authentication" : "Usar autenticación SAML integrada", + "Use environment variable" : "Usar la variable de ambiente", + "General" : "General", + "Service Provider Data" : "Datos del Proveedor de Servicio", + "If your Service Provider should use certificates you can optionally specify them here." : "Si tu Proveedor de Servicio debe usar certificados, puedes especificarlos opcionalmente desde aquí.", + "Show Service Provider settings…" : "Mostrar las configuraciones de Proveedor de Servicio...", + "Identity Provider Data" : "Datos del Proveedor de Identidad", + "Configure your IdP settings here." : "Configura las configuraciones de IdP aquí. ", + "Identifier of the IdP entity (must be a URI)" : "Identificador de la entidad IdP (debe ser un URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "URL Destino del IdP donde el SP enviará automaticamente el Mensaje de Solicitud de Autenticación", + "Show optional Identity Provider settings…" : "Mostrar las configuraciones opcionales del Proveedor de Identidad...", + "URL Location of the IdP where the SP will send the SLO Request" : "Ubicación del URL del IdP donde el SP enviará la Solicitud SLO", + "Public X.509 certificate of the IdP" : "Certificado X.509 público del IdP", + "Attribute mapping" : "Mapeo del atributo", + "If you want to optionally map attributes to the user you can configure these here." : "SI opcionalmente quieres mapear los atributos del usuario, puedes configurarlos aquí.", + "Show attribute mapping settings…" : "Mostrar las configuraciones del mapeo de atributos...", + "Security settings" : "Configuraciones de seguridad", + "For increased security we recommend enabling the following settings if supported by your environment." : "Para mayor seguridad te recomendamos habilitar las siguientes configuraciones si están soportados en tu ambiente.", + "Show security settings…" : "Mostrar las configuraciones de seguridad...", + "Signatures and encryption offered" : "Firmas y encripción disponibles", + "Signatures and encryption required" : "Firmas y encripción requeridos", + "Download metadata XML" : "Descargar metadatos XML", + "Metadata invalid" : "Metadatos inválidos", + "Metadata valid" : "Metadatos válidos", + "Error" : "Error", + "Account not provisioned." : "La cuenta no está aprovisionada. ", + "Your account is not provisioned, access to this service is thus not possible." : "Tu cuenta no ha sido aprovisionada, por lo cual el acceso a este servico no es posible. " +},"pluralForm" :"nplurals=2; plural=(n != 1);" +} \ No newline at end of file diff --git a/docker/nextcloud/custom_apps/user_saml/l10n/es_CR.js b/docker/nextcloud/custom_apps/user_saml/l10n/es_CR.js new file mode 100644 index 0000000..8d68fca --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/l10n/es_CR.js @@ -0,0 +1,63 @@ +OC.L10N.register( + "user_saml", + { + "This user account is disabled, please contact your administrator." : "Esta cuenta de usuario se encuentra deshabilitada, por favor contacta a tu administrador.", + "Saved" : "Guardado", + "Unknown error, please check the log file for more details." : "Error desonocido, por favor revisa el archivo de bitácora para más detalles.", + "Direct log in" : "Inicio de sesión directo", + "SSO & SAML log in" : "Inicio de sesión SSO & SAML", + "X.509 certificate of the Service Provider" : "certificado X.509 del Proveedor de Servicio", + "Private key of the Service Provider" : "Llave privada del Proveedor de Servicio", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Indica que el nameID de enviado por este SP será encriptado. ", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Indica si los mensajes enviados por este SP serán firmados. [Los metadatos del SP proporcionarán esta información]", + "Indicates whether the messages sent by this SP will be signed." : "Indica si los mensjaes enviados por este SP serán firmados. ", + "Indicates whether the messages sent by this SP will be signed." : "Indica is los mensajes enviados por este SP serán firmados. ", + "Whether the metadata should be signed." : "Si los metadatos deben ser firmados o no. ", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Indica un requerimiento para que los elementos recibidos , y por este SP sean firmados. ", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Indica un requerimiento para que los elementos recibidos de este SP sean firmados. [Los metadatos del SP proporcionarán esta información]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Indica un requerimiento para que los elelemtnos recibidos de este SP sean encriptados. ", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Indica un requerimiento para que el elemento NameID en la SAMLResponse recibida por este SP esté presente. ", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Indica que un requerimiento para el NameID recibido por este SP está encriptado.", + "Indicates if the SP will validate all received XML." : "Indica si el SP validará todos el XML recibido. ", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS URL-Codifica los datos SAML como minúsculas, y el juego de herramientas usa mayúsculas por defecto. Habilita para tener compatibilidad con ADFS en la verificación de la firma.", + "Attribute to map the UID to." : "Atributo a mapear al UID.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Sólo permitir la autenticación si la cuenta exite en algún otro backend. (p. ej. LDAP)", + "Attribute to map the displayname to." : "Atributo a mapear a displayname. ", + "Attribute to map the email address to." : "Atributo a mapear a email address.", + "Attribute to map the quota to." : "Atributo al cual mapear la cuota. ", + "Attribute to map the users groups to." : "Atributo de correspondiencia de grupos de usuarios.", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Por favor usa autenticación SAML para los %s clientes de escritorio (se requiere volver a autenticar)", + "Optional display name of the identity provider (default: \"SSO & SAML log in\")" : "Nombre a desplegar opcional de la identidad del proveedor (valor por omisión: \"Inicio de sesión SSO & SAML\")", + "Allow the use of multiple user back-ends (e.g. LDAP)" : "Permitir el uso de múltiples sistemas de back-end de usuario (p. ej. LDAP)", + "SSO & SAML authentication" : "Autenticación SSO & SAML", + "Open documentation" : "Abrir documentación", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Por favor selecciona si deseas autenticarte usando el proveedor integrado SAML de Nextcloud o si deseas autenticarte contra una variable de ambiente. ", + "Use built-in SAML authentication" : "Usar autenticación SAML integrada", + "Use environment variable" : "Usar la variable de ambiente", + "General" : "General", + "Service Provider Data" : "Datos del Proveedor de Servicio", + "If your Service Provider should use certificates you can optionally specify them here." : "Si tu Proveedor de Servicio debe usar certificados, puedes especificarlos opcionalmente desde aquí.", + "Show Service Provider settings…" : "Mostrar las configuraciones de Proveedor de Servicio...", + "Identity Provider Data" : "Datos del Proveedor de Identidad", + "Configure your IdP settings here." : "Configura las configuraciones de IdP aquí. ", + "Identifier of the IdP entity (must be a URI)" : "Identificador de la entidad IdP (debe ser un URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "URL Destino del IdP donde el SP enviará automaticamente el Mensaje de Solicitud de Autenticación", + "Show optional Identity Provider settings…" : "Mostrar las configuraciones opcionales del Proveedor de Identidad...", + "URL Location of the IdP where the SP will send the SLO Request" : "Ubicación del URL del IdP donde el SP enviará la Solicitud SLO", + "Public X.509 certificate of the IdP" : "Certificado X.509 público del IdP", + "Attribute mapping" : "Mapeo del atributo", + "If you want to optionally map attributes to the user you can configure these here." : "SI opcionalmente quieres mapear los atributos del usuario, puedes configurarlos aquí.", + "Show attribute mapping settings…" : "Mostrar las configuraciones del mapeo de atributos...", + "Security settings" : "Configuraciones de seguridad", + "For increased security we recommend enabling the following settings if supported by your environment." : "Para mayor seguridad te recomendamos habilitar las siguientes configuraciones si están soportados en tu ambiente.", + "Show security settings…" : "Mostrar las configuraciones de seguridad...", + "Signatures and encryption offered" : "Firmas y encripción disponibles", + "Signatures and encryption required" : "Firmas y encripción requeridos", + "Download metadata XML" : "Descargar metadatos XML", + "Metadata invalid" : "Metadatos inválidos", + "Metadata valid" : "Metadatos válidos", + "Error" : "Error", + "Account not provisioned." : "La cuenta no está aprovisionada. ", + "Your account is not provisioned, access to this service is thus not possible." : "Tu cuenta no ha sido aprovisionada, por lo cual el acceso a este servico no es posible. " +}, +"nplurals=2; plural=(n != 1);"); diff --git a/docker/nextcloud/custom_apps/user_saml/l10n/es_CR.json b/docker/nextcloud/custom_apps/user_saml/l10n/es_CR.json new file mode 100644 index 0000000..37aa268 --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/l10n/es_CR.json @@ -0,0 +1,61 @@ +{ "translations": { + "This user account is disabled, please contact your administrator." : "Esta cuenta de usuario se encuentra deshabilitada, por favor contacta a tu administrador.", + "Saved" : "Guardado", + "Unknown error, please check the log file for more details." : "Error desonocido, por favor revisa el archivo de bitácora para más detalles.", + "Direct log in" : "Inicio de sesión directo", + "SSO & SAML log in" : "Inicio de sesión SSO & SAML", + "X.509 certificate of the Service Provider" : "certificado X.509 del Proveedor de Servicio", + "Private key of the Service Provider" : "Llave privada del Proveedor de Servicio", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Indica que el nameID de enviado por este SP será encriptado. ", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Indica si los mensajes enviados por este SP serán firmados. [Los metadatos del SP proporcionarán esta información]", + "Indicates whether the messages sent by this SP will be signed." : "Indica si los mensjaes enviados por este SP serán firmados. ", + "Indicates whether the messages sent by this SP will be signed." : "Indica is los mensajes enviados por este SP serán firmados. ", + "Whether the metadata should be signed." : "Si los metadatos deben ser firmados o no. ", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Indica un requerimiento para que los elementos recibidos , y por este SP sean firmados. ", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Indica un requerimiento para que los elementos recibidos de este SP sean firmados. [Los metadatos del SP proporcionarán esta información]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Indica un requerimiento para que los elelemtnos recibidos de este SP sean encriptados. ", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Indica un requerimiento para que el elemento NameID en la SAMLResponse recibida por este SP esté presente. ", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Indica que un requerimiento para el NameID recibido por este SP está encriptado.", + "Indicates if the SP will validate all received XML." : "Indica si el SP validará todos el XML recibido. ", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS URL-Codifica los datos SAML como minúsculas, y el juego de herramientas usa mayúsculas por defecto. Habilita para tener compatibilidad con ADFS en la verificación de la firma.", + "Attribute to map the UID to." : "Atributo a mapear al UID.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Sólo permitir la autenticación si la cuenta exite en algún otro backend. (p. ej. LDAP)", + "Attribute to map the displayname to." : "Atributo a mapear a displayname. ", + "Attribute to map the email address to." : "Atributo a mapear a email address.", + "Attribute to map the quota to." : "Atributo al cual mapear la cuota. ", + "Attribute to map the users groups to." : "Atributo de correspondiencia de grupos de usuarios.", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Por favor usa autenticación SAML para los %s clientes de escritorio (se requiere volver a autenticar)", + "Optional display name of the identity provider (default: \"SSO & SAML log in\")" : "Nombre a desplegar opcional de la identidad del proveedor (valor por omisión: \"Inicio de sesión SSO & SAML\")", + "Allow the use of multiple user back-ends (e.g. LDAP)" : "Permitir el uso de múltiples sistemas de back-end de usuario (p. ej. LDAP)", + "SSO & SAML authentication" : "Autenticación SSO & SAML", + "Open documentation" : "Abrir documentación", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Por favor selecciona si deseas autenticarte usando el proveedor integrado SAML de Nextcloud o si deseas autenticarte contra una variable de ambiente. ", + "Use built-in SAML authentication" : "Usar autenticación SAML integrada", + "Use environment variable" : "Usar la variable de ambiente", + "General" : "General", + "Service Provider Data" : "Datos del Proveedor de Servicio", + "If your Service Provider should use certificates you can optionally specify them here." : "Si tu Proveedor de Servicio debe usar certificados, puedes especificarlos opcionalmente desde aquí.", + "Show Service Provider settings…" : "Mostrar las configuraciones de Proveedor de Servicio...", + "Identity Provider Data" : "Datos del Proveedor de Identidad", + "Configure your IdP settings here." : "Configura las configuraciones de IdP aquí. ", + "Identifier of the IdP entity (must be a URI)" : "Identificador de la entidad IdP (debe ser un URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "URL Destino del IdP donde el SP enviará automaticamente el Mensaje de Solicitud de Autenticación", + "Show optional Identity Provider settings…" : "Mostrar las configuraciones opcionales del Proveedor de Identidad...", + "URL Location of the IdP where the SP will send the SLO Request" : "Ubicación del URL del IdP donde el SP enviará la Solicitud SLO", + "Public X.509 certificate of the IdP" : "Certificado X.509 público del IdP", + "Attribute mapping" : "Mapeo del atributo", + "If you want to optionally map attributes to the user you can configure these here." : "SI opcionalmente quieres mapear los atributos del usuario, puedes configurarlos aquí.", + "Show attribute mapping settings…" : "Mostrar las configuraciones del mapeo de atributos...", + "Security settings" : "Configuraciones de seguridad", + "For increased security we recommend enabling the following settings if supported by your environment." : "Para mayor seguridad te recomendamos habilitar las siguientes configuraciones si están soportados en tu ambiente.", + "Show security settings…" : "Mostrar las configuraciones de seguridad...", + "Signatures and encryption offered" : "Firmas y encripción disponibles", + "Signatures and encryption required" : "Firmas y encripción requeridos", + "Download metadata XML" : "Descargar metadatos XML", + "Metadata invalid" : "Metadatos inválidos", + "Metadata valid" : "Metadatos válidos", + "Error" : "Error", + "Account not provisioned." : "La cuenta no está aprovisionada. ", + "Your account is not provisioned, access to this service is thus not possible." : "Tu cuenta no ha sido aprovisionada, por lo cual el acceso a este servico no es posible. " +},"pluralForm" :"nplurals=2; plural=(n != 1);" +} \ No newline at end of file diff --git a/docker/nextcloud/custom_apps/user_saml/l10n/es_DO.js b/docker/nextcloud/custom_apps/user_saml/l10n/es_DO.js new file mode 100644 index 0000000..8d68fca --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/l10n/es_DO.js @@ -0,0 +1,63 @@ +OC.L10N.register( + "user_saml", + { + "This user account is disabled, please contact your administrator." : "Esta cuenta de usuario se encuentra deshabilitada, por favor contacta a tu administrador.", + "Saved" : "Guardado", + "Unknown error, please check the log file for more details." : "Error desonocido, por favor revisa el archivo de bitácora para más detalles.", + "Direct log in" : "Inicio de sesión directo", + "SSO & SAML log in" : "Inicio de sesión SSO & SAML", + "X.509 certificate of the Service Provider" : "certificado X.509 del Proveedor de Servicio", + "Private key of the Service Provider" : "Llave privada del Proveedor de Servicio", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Indica que el nameID de enviado por este SP será encriptado. ", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Indica si los mensajes enviados por este SP serán firmados. [Los metadatos del SP proporcionarán esta información]", + "Indicates whether the messages sent by this SP will be signed." : "Indica si los mensjaes enviados por este SP serán firmados. ", + "Indicates whether the messages sent by this SP will be signed." : "Indica is los mensajes enviados por este SP serán firmados. ", + "Whether the metadata should be signed." : "Si los metadatos deben ser firmados o no. ", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Indica un requerimiento para que los elementos recibidos , y por este SP sean firmados. ", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Indica un requerimiento para que los elementos recibidos de este SP sean firmados. [Los metadatos del SP proporcionarán esta información]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Indica un requerimiento para que los elelemtnos recibidos de este SP sean encriptados. ", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Indica un requerimiento para que el elemento NameID en la SAMLResponse recibida por este SP esté presente. ", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Indica que un requerimiento para el NameID recibido por este SP está encriptado.", + "Indicates if the SP will validate all received XML." : "Indica si el SP validará todos el XML recibido. ", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS URL-Codifica los datos SAML como minúsculas, y el juego de herramientas usa mayúsculas por defecto. Habilita para tener compatibilidad con ADFS en la verificación de la firma.", + "Attribute to map the UID to." : "Atributo a mapear al UID.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Sólo permitir la autenticación si la cuenta exite en algún otro backend. (p. ej. LDAP)", + "Attribute to map the displayname to." : "Atributo a mapear a displayname. ", + "Attribute to map the email address to." : "Atributo a mapear a email address.", + "Attribute to map the quota to." : "Atributo al cual mapear la cuota. ", + "Attribute to map the users groups to." : "Atributo de correspondiencia de grupos de usuarios.", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Por favor usa autenticación SAML para los %s clientes de escritorio (se requiere volver a autenticar)", + "Optional display name of the identity provider (default: \"SSO & SAML log in\")" : "Nombre a desplegar opcional de la identidad del proveedor (valor por omisión: \"Inicio de sesión SSO & SAML\")", + "Allow the use of multiple user back-ends (e.g. LDAP)" : "Permitir el uso de múltiples sistemas de back-end de usuario (p. ej. LDAP)", + "SSO & SAML authentication" : "Autenticación SSO & SAML", + "Open documentation" : "Abrir documentación", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Por favor selecciona si deseas autenticarte usando el proveedor integrado SAML de Nextcloud o si deseas autenticarte contra una variable de ambiente. ", + "Use built-in SAML authentication" : "Usar autenticación SAML integrada", + "Use environment variable" : "Usar la variable de ambiente", + "General" : "General", + "Service Provider Data" : "Datos del Proveedor de Servicio", + "If your Service Provider should use certificates you can optionally specify them here." : "Si tu Proveedor de Servicio debe usar certificados, puedes especificarlos opcionalmente desde aquí.", + "Show Service Provider settings…" : "Mostrar las configuraciones de Proveedor de Servicio...", + "Identity Provider Data" : "Datos del Proveedor de Identidad", + "Configure your IdP settings here." : "Configura las configuraciones de IdP aquí. ", + "Identifier of the IdP entity (must be a URI)" : "Identificador de la entidad IdP (debe ser un URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "URL Destino del IdP donde el SP enviará automaticamente el Mensaje de Solicitud de Autenticación", + "Show optional Identity Provider settings…" : "Mostrar las configuraciones opcionales del Proveedor de Identidad...", + "URL Location of the IdP where the SP will send the SLO Request" : "Ubicación del URL del IdP donde el SP enviará la Solicitud SLO", + "Public X.509 certificate of the IdP" : "Certificado X.509 público del IdP", + "Attribute mapping" : "Mapeo del atributo", + "If you want to optionally map attributes to the user you can configure these here." : "SI opcionalmente quieres mapear los atributos del usuario, puedes configurarlos aquí.", + "Show attribute mapping settings…" : "Mostrar las configuraciones del mapeo de atributos...", + "Security settings" : "Configuraciones de seguridad", + "For increased security we recommend enabling the following settings if supported by your environment." : "Para mayor seguridad te recomendamos habilitar las siguientes configuraciones si están soportados en tu ambiente.", + "Show security settings…" : "Mostrar las configuraciones de seguridad...", + "Signatures and encryption offered" : "Firmas y encripción disponibles", + "Signatures and encryption required" : "Firmas y encripción requeridos", + "Download metadata XML" : "Descargar metadatos XML", + "Metadata invalid" : "Metadatos inválidos", + "Metadata valid" : "Metadatos válidos", + "Error" : "Error", + "Account not provisioned." : "La cuenta no está aprovisionada. ", + "Your account is not provisioned, access to this service is thus not possible." : "Tu cuenta no ha sido aprovisionada, por lo cual el acceso a este servico no es posible. " +}, +"nplurals=2; plural=(n != 1);"); diff --git a/docker/nextcloud/custom_apps/user_saml/l10n/es_DO.json b/docker/nextcloud/custom_apps/user_saml/l10n/es_DO.json new file mode 100644 index 0000000..37aa268 --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/l10n/es_DO.json @@ -0,0 +1,61 @@ +{ "translations": { + "This user account is disabled, please contact your administrator." : "Esta cuenta de usuario se encuentra deshabilitada, por favor contacta a tu administrador.", + "Saved" : "Guardado", + "Unknown error, please check the log file for more details." : "Error desonocido, por favor revisa el archivo de bitácora para más detalles.", + "Direct log in" : "Inicio de sesión directo", + "SSO & SAML log in" : "Inicio de sesión SSO & SAML", + "X.509 certificate of the Service Provider" : "certificado X.509 del Proveedor de Servicio", + "Private key of the Service Provider" : "Llave privada del Proveedor de Servicio", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Indica que el nameID de enviado por este SP será encriptado. ", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Indica si los mensajes enviados por este SP serán firmados. [Los metadatos del SP proporcionarán esta información]", + "Indicates whether the messages sent by this SP will be signed." : "Indica si los mensjaes enviados por este SP serán firmados. ", + "Indicates whether the messages sent by this SP will be signed." : "Indica is los mensajes enviados por este SP serán firmados. ", + "Whether the metadata should be signed." : "Si los metadatos deben ser firmados o no. ", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Indica un requerimiento para que los elementos recibidos , y por este SP sean firmados. ", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Indica un requerimiento para que los elementos recibidos de este SP sean firmados. [Los metadatos del SP proporcionarán esta información]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Indica un requerimiento para que los elelemtnos recibidos de este SP sean encriptados. ", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Indica un requerimiento para que el elemento NameID en la SAMLResponse recibida por este SP esté presente. ", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Indica que un requerimiento para el NameID recibido por este SP está encriptado.", + "Indicates if the SP will validate all received XML." : "Indica si el SP validará todos el XML recibido. ", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS URL-Codifica los datos SAML como minúsculas, y el juego de herramientas usa mayúsculas por defecto. Habilita para tener compatibilidad con ADFS en la verificación de la firma.", + "Attribute to map the UID to." : "Atributo a mapear al UID.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Sólo permitir la autenticación si la cuenta exite en algún otro backend. (p. ej. LDAP)", + "Attribute to map the displayname to." : "Atributo a mapear a displayname. ", + "Attribute to map the email address to." : "Atributo a mapear a email address.", + "Attribute to map the quota to." : "Atributo al cual mapear la cuota. ", + "Attribute to map the users groups to." : "Atributo de correspondiencia de grupos de usuarios.", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Por favor usa autenticación SAML para los %s clientes de escritorio (se requiere volver a autenticar)", + "Optional display name of the identity provider (default: \"SSO & SAML log in\")" : "Nombre a desplegar opcional de la identidad del proveedor (valor por omisión: \"Inicio de sesión SSO & SAML\")", + "Allow the use of multiple user back-ends (e.g. LDAP)" : "Permitir el uso de múltiples sistemas de back-end de usuario (p. ej. LDAP)", + "SSO & SAML authentication" : "Autenticación SSO & SAML", + "Open documentation" : "Abrir documentación", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Por favor selecciona si deseas autenticarte usando el proveedor integrado SAML de Nextcloud o si deseas autenticarte contra una variable de ambiente. ", + "Use built-in SAML authentication" : "Usar autenticación SAML integrada", + "Use environment variable" : "Usar la variable de ambiente", + "General" : "General", + "Service Provider Data" : "Datos del Proveedor de Servicio", + "If your Service Provider should use certificates you can optionally specify them here." : "Si tu Proveedor de Servicio debe usar certificados, puedes especificarlos opcionalmente desde aquí.", + "Show Service Provider settings…" : "Mostrar las configuraciones de Proveedor de Servicio...", + "Identity Provider Data" : "Datos del Proveedor de Identidad", + "Configure your IdP settings here." : "Configura las configuraciones de IdP aquí. ", + "Identifier of the IdP entity (must be a URI)" : "Identificador de la entidad IdP (debe ser un URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "URL Destino del IdP donde el SP enviará automaticamente el Mensaje de Solicitud de Autenticación", + "Show optional Identity Provider settings…" : "Mostrar las configuraciones opcionales del Proveedor de Identidad...", + "URL Location of the IdP where the SP will send the SLO Request" : "Ubicación del URL del IdP donde el SP enviará la Solicitud SLO", + "Public X.509 certificate of the IdP" : "Certificado X.509 público del IdP", + "Attribute mapping" : "Mapeo del atributo", + "If you want to optionally map attributes to the user you can configure these here." : "SI opcionalmente quieres mapear los atributos del usuario, puedes configurarlos aquí.", + "Show attribute mapping settings…" : "Mostrar las configuraciones del mapeo de atributos...", + "Security settings" : "Configuraciones de seguridad", + "For increased security we recommend enabling the following settings if supported by your environment." : "Para mayor seguridad te recomendamos habilitar las siguientes configuraciones si están soportados en tu ambiente.", + "Show security settings…" : "Mostrar las configuraciones de seguridad...", + "Signatures and encryption offered" : "Firmas y encripción disponibles", + "Signatures and encryption required" : "Firmas y encripción requeridos", + "Download metadata XML" : "Descargar metadatos XML", + "Metadata invalid" : "Metadatos inválidos", + "Metadata valid" : "Metadatos válidos", + "Error" : "Error", + "Account not provisioned." : "La cuenta no está aprovisionada. ", + "Your account is not provisioned, access to this service is thus not possible." : "Tu cuenta no ha sido aprovisionada, por lo cual el acceso a este servico no es posible. " +},"pluralForm" :"nplurals=2; plural=(n != 1);" +} \ No newline at end of file diff --git a/docker/nextcloud/custom_apps/user_saml/l10n/es_EC.js b/docker/nextcloud/custom_apps/user_saml/l10n/es_EC.js new file mode 100644 index 0000000..8d68fca --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/l10n/es_EC.js @@ -0,0 +1,63 @@ +OC.L10N.register( + "user_saml", + { + "This user account is disabled, please contact your administrator." : "Esta cuenta de usuario se encuentra deshabilitada, por favor contacta a tu administrador.", + "Saved" : "Guardado", + "Unknown error, please check the log file for more details." : "Error desonocido, por favor revisa el archivo de bitácora para más detalles.", + "Direct log in" : "Inicio de sesión directo", + "SSO & SAML log in" : "Inicio de sesión SSO & SAML", + "X.509 certificate of the Service Provider" : "certificado X.509 del Proveedor de Servicio", + "Private key of the Service Provider" : "Llave privada del Proveedor de Servicio", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Indica que el nameID de enviado por este SP será encriptado. ", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Indica si los mensajes enviados por este SP serán firmados. [Los metadatos del SP proporcionarán esta información]", + "Indicates whether the messages sent by this SP will be signed." : "Indica si los mensjaes enviados por este SP serán firmados. ", + "Indicates whether the messages sent by this SP will be signed." : "Indica is los mensajes enviados por este SP serán firmados. ", + "Whether the metadata should be signed." : "Si los metadatos deben ser firmados o no. ", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Indica un requerimiento para que los elementos recibidos , y por este SP sean firmados. ", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Indica un requerimiento para que los elementos recibidos de este SP sean firmados. [Los metadatos del SP proporcionarán esta información]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Indica un requerimiento para que los elelemtnos recibidos de este SP sean encriptados. ", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Indica un requerimiento para que el elemento NameID en la SAMLResponse recibida por este SP esté presente. ", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Indica que un requerimiento para el NameID recibido por este SP está encriptado.", + "Indicates if the SP will validate all received XML." : "Indica si el SP validará todos el XML recibido. ", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS URL-Codifica los datos SAML como minúsculas, y el juego de herramientas usa mayúsculas por defecto. Habilita para tener compatibilidad con ADFS en la verificación de la firma.", + "Attribute to map the UID to." : "Atributo a mapear al UID.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Sólo permitir la autenticación si la cuenta exite en algún otro backend. (p. ej. LDAP)", + "Attribute to map the displayname to." : "Atributo a mapear a displayname. ", + "Attribute to map the email address to." : "Atributo a mapear a email address.", + "Attribute to map the quota to." : "Atributo al cual mapear la cuota. ", + "Attribute to map the users groups to." : "Atributo de correspondiencia de grupos de usuarios.", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Por favor usa autenticación SAML para los %s clientes de escritorio (se requiere volver a autenticar)", + "Optional display name of the identity provider (default: \"SSO & SAML log in\")" : "Nombre a desplegar opcional de la identidad del proveedor (valor por omisión: \"Inicio de sesión SSO & SAML\")", + "Allow the use of multiple user back-ends (e.g. LDAP)" : "Permitir el uso de múltiples sistemas de back-end de usuario (p. ej. LDAP)", + "SSO & SAML authentication" : "Autenticación SSO & SAML", + "Open documentation" : "Abrir documentación", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Por favor selecciona si deseas autenticarte usando el proveedor integrado SAML de Nextcloud o si deseas autenticarte contra una variable de ambiente. ", + "Use built-in SAML authentication" : "Usar autenticación SAML integrada", + "Use environment variable" : "Usar la variable de ambiente", + "General" : "General", + "Service Provider Data" : "Datos del Proveedor de Servicio", + "If your Service Provider should use certificates you can optionally specify them here." : "Si tu Proveedor de Servicio debe usar certificados, puedes especificarlos opcionalmente desde aquí.", + "Show Service Provider settings…" : "Mostrar las configuraciones de Proveedor de Servicio...", + "Identity Provider Data" : "Datos del Proveedor de Identidad", + "Configure your IdP settings here." : "Configura las configuraciones de IdP aquí. ", + "Identifier of the IdP entity (must be a URI)" : "Identificador de la entidad IdP (debe ser un URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "URL Destino del IdP donde el SP enviará automaticamente el Mensaje de Solicitud de Autenticación", + "Show optional Identity Provider settings…" : "Mostrar las configuraciones opcionales del Proveedor de Identidad...", + "URL Location of the IdP where the SP will send the SLO Request" : "Ubicación del URL del IdP donde el SP enviará la Solicitud SLO", + "Public X.509 certificate of the IdP" : "Certificado X.509 público del IdP", + "Attribute mapping" : "Mapeo del atributo", + "If you want to optionally map attributes to the user you can configure these here." : "SI opcionalmente quieres mapear los atributos del usuario, puedes configurarlos aquí.", + "Show attribute mapping settings…" : "Mostrar las configuraciones del mapeo de atributos...", + "Security settings" : "Configuraciones de seguridad", + "For increased security we recommend enabling the following settings if supported by your environment." : "Para mayor seguridad te recomendamos habilitar las siguientes configuraciones si están soportados en tu ambiente.", + "Show security settings…" : "Mostrar las configuraciones de seguridad...", + "Signatures and encryption offered" : "Firmas y encripción disponibles", + "Signatures and encryption required" : "Firmas y encripción requeridos", + "Download metadata XML" : "Descargar metadatos XML", + "Metadata invalid" : "Metadatos inválidos", + "Metadata valid" : "Metadatos válidos", + "Error" : "Error", + "Account not provisioned." : "La cuenta no está aprovisionada. ", + "Your account is not provisioned, access to this service is thus not possible." : "Tu cuenta no ha sido aprovisionada, por lo cual el acceso a este servico no es posible. " +}, +"nplurals=2; plural=(n != 1);"); diff --git a/docker/nextcloud/custom_apps/user_saml/l10n/es_EC.json b/docker/nextcloud/custom_apps/user_saml/l10n/es_EC.json new file mode 100644 index 0000000..37aa268 --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/l10n/es_EC.json @@ -0,0 +1,61 @@ +{ "translations": { + "This user account is disabled, please contact your administrator." : "Esta cuenta de usuario se encuentra deshabilitada, por favor contacta a tu administrador.", + "Saved" : "Guardado", + "Unknown error, please check the log file for more details." : "Error desonocido, por favor revisa el archivo de bitácora para más detalles.", + "Direct log in" : "Inicio de sesión directo", + "SSO & SAML log in" : "Inicio de sesión SSO & SAML", + "X.509 certificate of the Service Provider" : "certificado X.509 del Proveedor de Servicio", + "Private key of the Service Provider" : "Llave privada del Proveedor de Servicio", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Indica que el nameID de enviado por este SP será encriptado. ", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Indica si los mensajes enviados por este SP serán firmados. [Los metadatos del SP proporcionarán esta información]", + "Indicates whether the messages sent by this SP will be signed." : "Indica si los mensjaes enviados por este SP serán firmados. ", + "Indicates whether the messages sent by this SP will be signed." : "Indica is los mensajes enviados por este SP serán firmados. ", + "Whether the metadata should be signed." : "Si los metadatos deben ser firmados o no. ", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Indica un requerimiento para que los elementos recibidos , y por este SP sean firmados. ", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Indica un requerimiento para que los elementos recibidos de este SP sean firmados. [Los metadatos del SP proporcionarán esta información]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Indica un requerimiento para que los elelemtnos recibidos de este SP sean encriptados. ", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Indica un requerimiento para que el elemento NameID en la SAMLResponse recibida por este SP esté presente. ", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Indica que un requerimiento para el NameID recibido por este SP está encriptado.", + "Indicates if the SP will validate all received XML." : "Indica si el SP validará todos el XML recibido. ", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS URL-Codifica los datos SAML como minúsculas, y el juego de herramientas usa mayúsculas por defecto. Habilita para tener compatibilidad con ADFS en la verificación de la firma.", + "Attribute to map the UID to." : "Atributo a mapear al UID.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Sólo permitir la autenticación si la cuenta exite en algún otro backend. (p. ej. LDAP)", + "Attribute to map the displayname to." : "Atributo a mapear a displayname. ", + "Attribute to map the email address to." : "Atributo a mapear a email address.", + "Attribute to map the quota to." : "Atributo al cual mapear la cuota. ", + "Attribute to map the users groups to." : "Atributo de correspondiencia de grupos de usuarios.", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Por favor usa autenticación SAML para los %s clientes de escritorio (se requiere volver a autenticar)", + "Optional display name of the identity provider (default: \"SSO & SAML log in\")" : "Nombre a desplegar opcional de la identidad del proveedor (valor por omisión: \"Inicio de sesión SSO & SAML\")", + "Allow the use of multiple user back-ends (e.g. LDAP)" : "Permitir el uso de múltiples sistemas de back-end de usuario (p. ej. LDAP)", + "SSO & SAML authentication" : "Autenticación SSO & SAML", + "Open documentation" : "Abrir documentación", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Por favor selecciona si deseas autenticarte usando el proveedor integrado SAML de Nextcloud o si deseas autenticarte contra una variable de ambiente. ", + "Use built-in SAML authentication" : "Usar autenticación SAML integrada", + "Use environment variable" : "Usar la variable de ambiente", + "General" : "General", + "Service Provider Data" : "Datos del Proveedor de Servicio", + "If your Service Provider should use certificates you can optionally specify them here." : "Si tu Proveedor de Servicio debe usar certificados, puedes especificarlos opcionalmente desde aquí.", + "Show Service Provider settings…" : "Mostrar las configuraciones de Proveedor de Servicio...", + "Identity Provider Data" : "Datos del Proveedor de Identidad", + "Configure your IdP settings here." : "Configura las configuraciones de IdP aquí. ", + "Identifier of the IdP entity (must be a URI)" : "Identificador de la entidad IdP (debe ser un URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "URL Destino del IdP donde el SP enviará automaticamente el Mensaje de Solicitud de Autenticación", + "Show optional Identity Provider settings…" : "Mostrar las configuraciones opcionales del Proveedor de Identidad...", + "URL Location of the IdP where the SP will send the SLO Request" : "Ubicación del URL del IdP donde el SP enviará la Solicitud SLO", + "Public X.509 certificate of the IdP" : "Certificado X.509 público del IdP", + "Attribute mapping" : "Mapeo del atributo", + "If you want to optionally map attributes to the user you can configure these here." : "SI opcionalmente quieres mapear los atributos del usuario, puedes configurarlos aquí.", + "Show attribute mapping settings…" : "Mostrar las configuraciones del mapeo de atributos...", + "Security settings" : "Configuraciones de seguridad", + "For increased security we recommend enabling the following settings if supported by your environment." : "Para mayor seguridad te recomendamos habilitar las siguientes configuraciones si están soportados en tu ambiente.", + "Show security settings…" : "Mostrar las configuraciones de seguridad...", + "Signatures and encryption offered" : "Firmas y encripción disponibles", + "Signatures and encryption required" : "Firmas y encripción requeridos", + "Download metadata XML" : "Descargar metadatos XML", + "Metadata invalid" : "Metadatos inválidos", + "Metadata valid" : "Metadatos válidos", + "Error" : "Error", + "Account not provisioned." : "La cuenta no está aprovisionada. ", + "Your account is not provisioned, access to this service is thus not possible." : "Tu cuenta no ha sido aprovisionada, por lo cual el acceso a este servico no es posible. " +},"pluralForm" :"nplurals=2; plural=(n != 1);" +} \ No newline at end of file diff --git a/docker/nextcloud/custom_apps/user_saml/l10n/es_GT.js b/docker/nextcloud/custom_apps/user_saml/l10n/es_GT.js new file mode 100644 index 0000000..8d68fca --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/l10n/es_GT.js @@ -0,0 +1,63 @@ +OC.L10N.register( + "user_saml", + { + "This user account is disabled, please contact your administrator." : "Esta cuenta de usuario se encuentra deshabilitada, por favor contacta a tu administrador.", + "Saved" : "Guardado", + "Unknown error, please check the log file for more details." : "Error desonocido, por favor revisa el archivo de bitácora para más detalles.", + "Direct log in" : "Inicio de sesión directo", + "SSO & SAML log in" : "Inicio de sesión SSO & SAML", + "X.509 certificate of the Service Provider" : "certificado X.509 del Proveedor de Servicio", + "Private key of the Service Provider" : "Llave privada del Proveedor de Servicio", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Indica que el nameID de enviado por este SP será encriptado. ", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Indica si los mensajes enviados por este SP serán firmados. [Los metadatos del SP proporcionarán esta información]", + "Indicates whether the messages sent by this SP will be signed." : "Indica si los mensjaes enviados por este SP serán firmados. ", + "Indicates whether the messages sent by this SP will be signed." : "Indica is los mensajes enviados por este SP serán firmados. ", + "Whether the metadata should be signed." : "Si los metadatos deben ser firmados o no. ", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Indica un requerimiento para que los elementos recibidos , y por este SP sean firmados. ", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Indica un requerimiento para que los elementos recibidos de este SP sean firmados. [Los metadatos del SP proporcionarán esta información]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Indica un requerimiento para que los elelemtnos recibidos de este SP sean encriptados. ", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Indica un requerimiento para que el elemento NameID en la SAMLResponse recibida por este SP esté presente. ", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Indica que un requerimiento para el NameID recibido por este SP está encriptado.", + "Indicates if the SP will validate all received XML." : "Indica si el SP validará todos el XML recibido. ", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS URL-Codifica los datos SAML como minúsculas, y el juego de herramientas usa mayúsculas por defecto. Habilita para tener compatibilidad con ADFS en la verificación de la firma.", + "Attribute to map the UID to." : "Atributo a mapear al UID.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Sólo permitir la autenticación si la cuenta exite en algún otro backend. (p. ej. LDAP)", + "Attribute to map the displayname to." : "Atributo a mapear a displayname. ", + "Attribute to map the email address to." : "Atributo a mapear a email address.", + "Attribute to map the quota to." : "Atributo al cual mapear la cuota. ", + "Attribute to map the users groups to." : "Atributo de correspondiencia de grupos de usuarios.", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Por favor usa autenticación SAML para los %s clientes de escritorio (se requiere volver a autenticar)", + "Optional display name of the identity provider (default: \"SSO & SAML log in\")" : "Nombre a desplegar opcional de la identidad del proveedor (valor por omisión: \"Inicio de sesión SSO & SAML\")", + "Allow the use of multiple user back-ends (e.g. LDAP)" : "Permitir el uso de múltiples sistemas de back-end de usuario (p. ej. LDAP)", + "SSO & SAML authentication" : "Autenticación SSO & SAML", + "Open documentation" : "Abrir documentación", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Por favor selecciona si deseas autenticarte usando el proveedor integrado SAML de Nextcloud o si deseas autenticarte contra una variable de ambiente. ", + "Use built-in SAML authentication" : "Usar autenticación SAML integrada", + "Use environment variable" : "Usar la variable de ambiente", + "General" : "General", + "Service Provider Data" : "Datos del Proveedor de Servicio", + "If your Service Provider should use certificates you can optionally specify them here." : "Si tu Proveedor de Servicio debe usar certificados, puedes especificarlos opcionalmente desde aquí.", + "Show Service Provider settings…" : "Mostrar las configuraciones de Proveedor de Servicio...", + "Identity Provider Data" : "Datos del Proveedor de Identidad", + "Configure your IdP settings here." : "Configura las configuraciones de IdP aquí. ", + "Identifier of the IdP entity (must be a URI)" : "Identificador de la entidad IdP (debe ser un URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "URL Destino del IdP donde el SP enviará automaticamente el Mensaje de Solicitud de Autenticación", + "Show optional Identity Provider settings…" : "Mostrar las configuraciones opcionales del Proveedor de Identidad...", + "URL Location of the IdP where the SP will send the SLO Request" : "Ubicación del URL del IdP donde el SP enviará la Solicitud SLO", + "Public X.509 certificate of the IdP" : "Certificado X.509 público del IdP", + "Attribute mapping" : "Mapeo del atributo", + "If you want to optionally map attributes to the user you can configure these here." : "SI opcionalmente quieres mapear los atributos del usuario, puedes configurarlos aquí.", + "Show attribute mapping settings…" : "Mostrar las configuraciones del mapeo de atributos...", + "Security settings" : "Configuraciones de seguridad", + "For increased security we recommend enabling the following settings if supported by your environment." : "Para mayor seguridad te recomendamos habilitar las siguientes configuraciones si están soportados en tu ambiente.", + "Show security settings…" : "Mostrar las configuraciones de seguridad...", + "Signatures and encryption offered" : "Firmas y encripción disponibles", + "Signatures and encryption required" : "Firmas y encripción requeridos", + "Download metadata XML" : "Descargar metadatos XML", + "Metadata invalid" : "Metadatos inválidos", + "Metadata valid" : "Metadatos válidos", + "Error" : "Error", + "Account not provisioned." : "La cuenta no está aprovisionada. ", + "Your account is not provisioned, access to this service is thus not possible." : "Tu cuenta no ha sido aprovisionada, por lo cual el acceso a este servico no es posible. " +}, +"nplurals=2; plural=(n != 1);"); diff --git a/docker/nextcloud/custom_apps/user_saml/l10n/es_GT.json b/docker/nextcloud/custom_apps/user_saml/l10n/es_GT.json new file mode 100644 index 0000000..37aa268 --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/l10n/es_GT.json @@ -0,0 +1,61 @@ +{ "translations": { + "This user account is disabled, please contact your administrator." : "Esta cuenta de usuario se encuentra deshabilitada, por favor contacta a tu administrador.", + "Saved" : "Guardado", + "Unknown error, please check the log file for more details." : "Error desonocido, por favor revisa el archivo de bitácora para más detalles.", + "Direct log in" : "Inicio de sesión directo", + "SSO & SAML log in" : "Inicio de sesión SSO & SAML", + "X.509 certificate of the Service Provider" : "certificado X.509 del Proveedor de Servicio", + "Private key of the Service Provider" : "Llave privada del Proveedor de Servicio", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Indica que el nameID de enviado por este SP será encriptado. ", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Indica si los mensajes enviados por este SP serán firmados. [Los metadatos del SP proporcionarán esta información]", + "Indicates whether the messages sent by this SP will be signed." : "Indica si los mensjaes enviados por este SP serán firmados. ", + "Indicates whether the messages sent by this SP will be signed." : "Indica is los mensajes enviados por este SP serán firmados. ", + "Whether the metadata should be signed." : "Si los metadatos deben ser firmados o no. ", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Indica un requerimiento para que los elementos recibidos , y por este SP sean firmados. ", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Indica un requerimiento para que los elementos recibidos de este SP sean firmados. [Los metadatos del SP proporcionarán esta información]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Indica un requerimiento para que los elelemtnos recibidos de este SP sean encriptados. ", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Indica un requerimiento para que el elemento NameID en la SAMLResponse recibida por este SP esté presente. ", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Indica que un requerimiento para el NameID recibido por este SP está encriptado.", + "Indicates if the SP will validate all received XML." : "Indica si el SP validará todos el XML recibido. ", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS URL-Codifica los datos SAML como minúsculas, y el juego de herramientas usa mayúsculas por defecto. Habilita para tener compatibilidad con ADFS en la verificación de la firma.", + "Attribute to map the UID to." : "Atributo a mapear al UID.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Sólo permitir la autenticación si la cuenta exite en algún otro backend. (p. ej. LDAP)", + "Attribute to map the displayname to." : "Atributo a mapear a displayname. ", + "Attribute to map the email address to." : "Atributo a mapear a email address.", + "Attribute to map the quota to." : "Atributo al cual mapear la cuota. ", + "Attribute to map the users groups to." : "Atributo de correspondiencia de grupos de usuarios.", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Por favor usa autenticación SAML para los %s clientes de escritorio (se requiere volver a autenticar)", + "Optional display name of the identity provider (default: \"SSO & SAML log in\")" : "Nombre a desplegar opcional de la identidad del proveedor (valor por omisión: \"Inicio de sesión SSO & SAML\")", + "Allow the use of multiple user back-ends (e.g. LDAP)" : "Permitir el uso de múltiples sistemas de back-end de usuario (p. ej. LDAP)", + "SSO & SAML authentication" : "Autenticación SSO & SAML", + "Open documentation" : "Abrir documentación", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Por favor selecciona si deseas autenticarte usando el proveedor integrado SAML de Nextcloud o si deseas autenticarte contra una variable de ambiente. ", + "Use built-in SAML authentication" : "Usar autenticación SAML integrada", + "Use environment variable" : "Usar la variable de ambiente", + "General" : "General", + "Service Provider Data" : "Datos del Proveedor de Servicio", + "If your Service Provider should use certificates you can optionally specify them here." : "Si tu Proveedor de Servicio debe usar certificados, puedes especificarlos opcionalmente desde aquí.", + "Show Service Provider settings…" : "Mostrar las configuraciones de Proveedor de Servicio...", + "Identity Provider Data" : "Datos del Proveedor de Identidad", + "Configure your IdP settings here." : "Configura las configuraciones de IdP aquí. ", + "Identifier of the IdP entity (must be a URI)" : "Identificador de la entidad IdP (debe ser un URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "URL Destino del IdP donde el SP enviará automaticamente el Mensaje de Solicitud de Autenticación", + "Show optional Identity Provider settings…" : "Mostrar las configuraciones opcionales del Proveedor de Identidad...", + "URL Location of the IdP where the SP will send the SLO Request" : "Ubicación del URL del IdP donde el SP enviará la Solicitud SLO", + "Public X.509 certificate of the IdP" : "Certificado X.509 público del IdP", + "Attribute mapping" : "Mapeo del atributo", + "If you want to optionally map attributes to the user you can configure these here." : "SI opcionalmente quieres mapear los atributos del usuario, puedes configurarlos aquí.", + "Show attribute mapping settings…" : "Mostrar las configuraciones del mapeo de atributos...", + "Security settings" : "Configuraciones de seguridad", + "For increased security we recommend enabling the following settings if supported by your environment." : "Para mayor seguridad te recomendamos habilitar las siguientes configuraciones si están soportados en tu ambiente.", + "Show security settings…" : "Mostrar las configuraciones de seguridad...", + "Signatures and encryption offered" : "Firmas y encripción disponibles", + "Signatures and encryption required" : "Firmas y encripción requeridos", + "Download metadata XML" : "Descargar metadatos XML", + "Metadata invalid" : "Metadatos inválidos", + "Metadata valid" : "Metadatos válidos", + "Error" : "Error", + "Account not provisioned." : "La cuenta no está aprovisionada. ", + "Your account is not provisioned, access to this service is thus not possible." : "Tu cuenta no ha sido aprovisionada, por lo cual el acceso a este servico no es posible. " +},"pluralForm" :"nplurals=2; plural=(n != 1);" +} \ No newline at end of file diff --git a/docker/nextcloud/custom_apps/user_saml/l10n/es_HN.js b/docker/nextcloud/custom_apps/user_saml/l10n/es_HN.js new file mode 100644 index 0000000..1dd4add --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/l10n/es_HN.js @@ -0,0 +1,55 @@ +OC.L10N.register( + "user_saml", + { + "Saved" : "Guardado", + "X.509 certificate of the Service Provider" : "certificado X.509 del Proveedor de Servicio", + "Private key of the Service Provider" : "Llave privada del Proveedor de Servicio", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Indica que el nameID de enviado por este SP será encriptado. ", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Indica si los mensajes enviados por este SP serán firmados. [Los metadatos del SP proporcionarán esta información]", + "Indicates whether the messages sent by this SP will be signed." : "Indica si los mensjaes enviados por este SP serán firmados. ", + "Indicates whether the messages sent by this SP will be signed." : "Indica is los mensajes enviados por este SP serán firmados. ", + "Whether the metadata should be signed." : "Si los metadatos deben ser firmados o no. ", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Indica un requerimiento para que los elementos recibidos , y por este SP sean firmados. ", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Indica un requerimiento para que los elementos recibidos de este SP sean firmados. [Los metadatos del SP proporcionarán esta información]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Indica un requerimiento para que los elelemtnos recibidos de este SP sean encriptados. ", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Indica un requerimiento para que el elemento NameID en la SAMLResponse recibida por este SP esté presente. ", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Indica que un requerimiento para el NameID recibido por este SP está encriptado.", + "Indicates if the SP will validate all received XML." : "Indica si el SP validará todos el XML recibido. ", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS URL-Codifica los datos SAML como minúsculas, y el juego de herramientas usa mayúsculas por defecto. Habilita para tener compatibilidad con ADFS en la verificación de la firma.", + "Attribute to map the UID to." : "Atributo a mapear al UID.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Sólo permitir la autenticación si la cuenta exite en algún otro backend. (p. ej. LDAP)", + "Attribute to map the displayname to." : "Atributo a mapear a displayname. ", + "Attribute to map the email address to." : "Atributo a mapear a email address.", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Por favor usa autenticación SAML para los %s clientes de escritorio (se requiere volver a autenticar)", + "SSO & SAML authentication" : "Autenticación SSO & SAML", + "Open documentation" : "Abrir documentación", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Por favor selecciona si deseas autenticarte usando el proveedor integrado SAML de Nextcloud o si deseas autenticarte contra una variable de ambiente. ", + "Use built-in SAML authentication" : "Usar autenticación SAML integrada", + "Use environment variable" : "Usar la variable de ambiente", + "General" : "General", + "Service Provider Data" : "Datos del Proveedor de Servicio", + "If your Service Provider should use certificates you can optionally specify them here." : "Si tu Proveedor de Servicio debe usar certificados, puedes especificarlos opcionalmente desde aquí.", + "Show Service Provider settings…" : "Mostrar las configuraciones de Proveedor de Servicio...", + "Identity Provider Data" : "Datos del Proveedor de Identidad", + "Configure your IdP settings here." : "Configura las configuraciones de IdP aquí. ", + "Identifier of the IdP entity (must be a URI)" : "Identificador de la entidad IdP (debe ser un URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "URL Destino del IdP donde el SP enviará automaticamente el Mensaje de Solicitud de Autenticación", + "Show optional Identity Provider settings…" : "Mostrar las configuraciones opcionales del Proveedor de Identidad...", + "URL Location of the IdP where the SP will send the SLO Request" : "Ubicación del URL del IdP donde el SP enviará la Solicitud SLO", + "Public X.509 certificate of the IdP" : "Certificado X.509 público del IdP", + "Attribute mapping" : "Mapeo del atributo", + "If you want to optionally map attributes to the user you can configure these here." : "SI opcionalmente quieres mapear los atributos del usuario, puedes configurarlos aquí.", + "Show attribute mapping settings…" : "Mostrar las configuraciones del mapeo de atributos...", + "Security settings" : "Configuraciones de seguridad", + "For increased security we recommend enabling the following settings if supported by your environment." : "Para mayor seguridad te recomendamos habilitar las siguientes configuraciones si están soportados en tu ambiente.", + "Show security settings…" : "Mostrar las configuraciones de seguridad...", + "Signatures and encryption offered" : "Firmas y encripción disponibles", + "Signatures and encryption required" : "Firmas y encripción requeridos", + "Download metadata XML" : "Descargar metadatos XML", + "Metadata invalid" : "Metadatos inválidos", + "Metadata valid" : "Metadatos válidos", + "Error" : "Error", + "Account not provisioned." : "La cuenta no está aprovisionada. ", + "Your account is not provisioned, access to this service is thus not possible." : "Tu cuenta no ha sido aprovisionada, por lo cual el acceso a este servico no es posible. " +}, +"nplurals=2; plural=(n != 1);"); diff --git a/docker/nextcloud/custom_apps/user_saml/l10n/es_HN.json b/docker/nextcloud/custom_apps/user_saml/l10n/es_HN.json new file mode 100644 index 0000000..d7b0780 --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/l10n/es_HN.json @@ -0,0 +1,53 @@ +{ "translations": { + "Saved" : "Guardado", + "X.509 certificate of the Service Provider" : "certificado X.509 del Proveedor de Servicio", + "Private key of the Service Provider" : "Llave privada del Proveedor de Servicio", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Indica que el nameID de enviado por este SP será encriptado. ", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Indica si los mensajes enviados por este SP serán firmados. [Los metadatos del SP proporcionarán esta información]", + "Indicates whether the messages sent by this SP will be signed." : "Indica si los mensjaes enviados por este SP serán firmados. ", + "Indicates whether the messages sent by this SP will be signed." : "Indica is los mensajes enviados por este SP serán firmados. ", + "Whether the metadata should be signed." : "Si los metadatos deben ser firmados o no. ", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Indica un requerimiento para que los elementos recibidos , y por este SP sean firmados. ", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Indica un requerimiento para que los elementos recibidos de este SP sean firmados. [Los metadatos del SP proporcionarán esta información]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Indica un requerimiento para que los elelemtnos recibidos de este SP sean encriptados. ", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Indica un requerimiento para que el elemento NameID en la SAMLResponse recibida por este SP esté presente. ", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Indica que un requerimiento para el NameID recibido por este SP está encriptado.", + "Indicates if the SP will validate all received XML." : "Indica si el SP validará todos el XML recibido. ", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS URL-Codifica los datos SAML como minúsculas, y el juego de herramientas usa mayúsculas por defecto. Habilita para tener compatibilidad con ADFS en la verificación de la firma.", + "Attribute to map the UID to." : "Atributo a mapear al UID.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Sólo permitir la autenticación si la cuenta exite en algún otro backend. (p. ej. LDAP)", + "Attribute to map the displayname to." : "Atributo a mapear a displayname. ", + "Attribute to map the email address to." : "Atributo a mapear a email address.", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Por favor usa autenticación SAML para los %s clientes de escritorio (se requiere volver a autenticar)", + "SSO & SAML authentication" : "Autenticación SSO & SAML", + "Open documentation" : "Abrir documentación", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Por favor selecciona si deseas autenticarte usando el proveedor integrado SAML de Nextcloud o si deseas autenticarte contra una variable de ambiente. ", + "Use built-in SAML authentication" : "Usar autenticación SAML integrada", + "Use environment variable" : "Usar la variable de ambiente", + "General" : "General", + "Service Provider Data" : "Datos del Proveedor de Servicio", + "If your Service Provider should use certificates you can optionally specify them here." : "Si tu Proveedor de Servicio debe usar certificados, puedes especificarlos opcionalmente desde aquí.", + "Show Service Provider settings…" : "Mostrar las configuraciones de Proveedor de Servicio...", + "Identity Provider Data" : "Datos del Proveedor de Identidad", + "Configure your IdP settings here." : "Configura las configuraciones de IdP aquí. ", + "Identifier of the IdP entity (must be a URI)" : "Identificador de la entidad IdP (debe ser un URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "URL Destino del IdP donde el SP enviará automaticamente el Mensaje de Solicitud de Autenticación", + "Show optional Identity Provider settings…" : "Mostrar las configuraciones opcionales del Proveedor de Identidad...", + "URL Location of the IdP where the SP will send the SLO Request" : "Ubicación del URL del IdP donde el SP enviará la Solicitud SLO", + "Public X.509 certificate of the IdP" : "Certificado X.509 público del IdP", + "Attribute mapping" : "Mapeo del atributo", + "If you want to optionally map attributes to the user you can configure these here." : "SI opcionalmente quieres mapear los atributos del usuario, puedes configurarlos aquí.", + "Show attribute mapping settings…" : "Mostrar las configuraciones del mapeo de atributos...", + "Security settings" : "Configuraciones de seguridad", + "For increased security we recommend enabling the following settings if supported by your environment." : "Para mayor seguridad te recomendamos habilitar las siguientes configuraciones si están soportados en tu ambiente.", + "Show security settings…" : "Mostrar las configuraciones de seguridad...", + "Signatures and encryption offered" : "Firmas y encripción disponibles", + "Signatures and encryption required" : "Firmas y encripción requeridos", + "Download metadata XML" : "Descargar metadatos XML", + "Metadata invalid" : "Metadatos inválidos", + "Metadata valid" : "Metadatos válidos", + "Error" : "Error", + "Account not provisioned." : "La cuenta no está aprovisionada. ", + "Your account is not provisioned, access to this service is thus not possible." : "Tu cuenta no ha sido aprovisionada, por lo cual el acceso a este servico no es posible. " +},"pluralForm" :"nplurals=2; plural=(n != 1);" +} \ No newline at end of file diff --git a/docker/nextcloud/custom_apps/user_saml/l10n/es_MX.js b/docker/nextcloud/custom_apps/user_saml/l10n/es_MX.js new file mode 100644 index 0000000..84f1a28 --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/l10n/es_MX.js @@ -0,0 +1,65 @@ +OC.L10N.register( + "user_saml", + { + "This user account is disabled, please contact your administrator." : "Esta cuenta de usuario se encuentra deshabilitada, por favor contacta a tu administrador.", + "Saved" : "Guardado", + "Unknown error, please check the log file for more details." : "Error desonocido, por favor revisa el archivo de bitácora para más detalles.", + "Direct log in" : "Inicio de sesión directo", + "SSO & SAML log in" : "Inicio de sesión SSO & SAML", + "X.509 certificate of the Service Provider" : "certificado X.509 del Proveedor de Servicio", + "Private key of the Service Provider" : "Llave privada del Proveedor de Servicio", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Indica que el nameID de enviado por este SP será encriptado. ", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Indica si los mensajes enviados por este SP serán firmados. [Los metadatos del SP proporcionarán esta información]", + "Indicates whether the messages sent by this SP will be signed." : "Indica si los mensjaes enviados por este SP serán firmados. ", + "Indicates whether the messages sent by this SP will be signed." : "Indica is los mensajes enviados por este SP serán firmados. ", + "Whether the metadata should be signed." : "Si los metadatos deben ser firmados o no. ", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Indica un requerimiento para que los elementos recibidos , y por este SP sean firmados. ", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Indica un requerimiento para que los elementos recibidos de este SP sean firmados. [Los metadatos del SP proporcionarán esta información]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Indica un requerimiento para que los elelemtnos recibidos de este SP sean encriptados. ", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Indica un requerimiento para que el elemento NameID en la SAMLResponse recibida por este SP esté presente. ", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Indica que un requerimiento para el NameID recibido por este SP está encriptado.", + "Indicates if the SP will validate all received XML." : "Indica si el SP validará todos el XML recibido. ", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS URL-Codifica los datos SAML como minúsculas, y el juego de herramientas usa mayúsculas por defecto. Habilita para tener compatibilidad con ADFS en la verificación de la firma.", + "Attribute to map the UID to." : "Atributo a mapear al UID.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Sólo permitir la autenticación si la cuenta exite en algún otro backend. (p. ej. LDAP)", + "Attribute to map the displayname to." : "Atributo a mapear a displayname. ", + "Attribute to map the email address to." : "Atributo a mapear a email address.", + "Attribute to map the quota to." : "Atributo al cual mapear la cuota. ", + "Attribute to map the users groups to." : "Atributo de correspondiencia de grupos de usuarios.", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Por favor usa autenticación SAML para los %s clientes de escritorio (se requiere volver a autenticar)", + "Optional display name of the identity provider (default: \"SSO & SAML log in\")" : "Nombre a desplegar opcional de la identidad del proveedor (valor por omisión: \"Inicio de sesión SSO & SAML\")", + "Allow the use of multiple user back-ends (e.g. LDAP)" : "Permitir el uso de múltiples sistemas de back-end de usuario (p. ej. LDAP)", + "SSO & SAML authentication" : "Autenticación SSO & SAML", + "Authenticate using single sign-on" : "Autenticar usando inicio de sesión único", + "Using the SSO & SAML app of your Nextcloud you can make it easily possible to integrate your existing Single-Sign-On solution with Nextcloud. In addition, you can use the Nextcloud LDAP user provider to keep the convenience for users. (e.g. when sharing)\nThe following providers are supported and tested at the moment:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Authentication via Environment Variable**\n\t* Kerberos (mod_auth_kerb)\n\t* Any other provider that authenticates using the environment variable\n\nWhile theoretically any other authentication provider implementing either one of those standards is compatible, we like to note that they are not part of any internal test matrix." : "Usando la aplicación de SSO & SAML de tu Nextcloud podrás hacer la integración de tu solución de Inicio de Sesión Única con Nextcloud de forma sencilla. Adicionalmente, podrás usar el proveedor de usuarios Nextcloud LDAP para la conveniencia de los usarios (p.e. al comparitr)\nLos siguientes porveedores están soportados y probados hasta este momento:\n\n* **SAML 2.0**\n* OneLogin\n* Shibboleth\n* Active Directory Federation Services (ADFS)\n\n* **Autentciación mediante Variable de Ambiente**\n* Kerberos (mod_auth_kerb)\n* Cualquier otro proveedor que autentica usando variable de ambiente\n\nMientras que teóricamente cualquier otro proveedor de autenticación que implemente cualquiera de esos estándares es compatible, nos gustaria hacer notar que no son parte de alguna matriz de pruebas interna. ", + "Open documentation" : "Abrir documentación", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Por favor selecciona si deseas autenticarte usando el proveedor integrado SAML de Nextcloud o si deseas autenticarte contra una variable de ambiente. ", + "Use built-in SAML authentication" : "Usar autenticación SAML integrada", + "Use environment variable" : "Usar la variable de ambiente", + "General" : "General", + "Service Provider Data" : "Datos del Proveedor de Servicio", + "If your Service Provider should use certificates you can optionally specify them here." : "Si tu Proveedor de Servicio debe usar certificados, puedes especificarlos opcionalmente desde aquí.", + "Show Service Provider settings…" : "Mostrar las configuraciones de Proveedor de Servicio...", + "Identity Provider Data" : "Datos del Proveedor de Identidad", + "Configure your IdP settings here." : "Configura las configuraciones de IdP aquí. ", + "Identifier of the IdP entity (must be a URI)" : "Identificador de la entidad IdP (debe ser un URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "URL Destino del IdP donde el SP enviará automaticamente el Mensaje de Solicitud de Autenticación", + "Show optional Identity Provider settings…" : "Mostrar las configuraciones opcionales del Proveedor de Identidad...", + "URL Location of the IdP where the SP will send the SLO Request" : "Ubicación del URL del IdP donde el SP enviará la Solicitud SLO", + "Public X.509 certificate of the IdP" : "Certificado X.509 público del IdP", + "Attribute mapping" : "Mapeo del atributo", + "If you want to optionally map attributes to the user you can configure these here." : "SI opcionalmente quieres mapear los atributos del usuario, puedes configurarlos aquí.", + "Show attribute mapping settings…" : "Mostrar las configuraciones del mapeo de atributos...", + "Security settings" : "Configuraciones de seguridad", + "For increased security we recommend enabling the following settings if supported by your environment." : "Para mayor seguridad te recomendamos habilitar las siguientes configuraciones si están soportados en tu ambiente.", + "Show security settings…" : "Mostrar las configuraciones de seguridad...", + "Signatures and encryption offered" : "Firmas y encripción disponibles", + "Signatures and encryption required" : "Firmas y encripción requeridos", + "Download metadata XML" : "Descargar metadatos XML", + "Metadata invalid" : "Metadatos inválidos", + "Metadata valid" : "Metadatos válidos", + "Error" : "Error", + "Account not provisioned." : "La cuenta no está aprovisionada. ", + "Your account is not provisioned, access to this service is thus not possible." : "Tu cuenta no ha sido aprovisionada, por lo cual el acceso a este servico no es posible. " +}, +"nplurals=2; plural=(n != 1);"); diff --git a/docker/nextcloud/custom_apps/user_saml/l10n/es_MX.json b/docker/nextcloud/custom_apps/user_saml/l10n/es_MX.json new file mode 100644 index 0000000..4ea4f9b --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/l10n/es_MX.json @@ -0,0 +1,63 @@ +{ "translations": { + "This user account is disabled, please contact your administrator." : "Esta cuenta de usuario se encuentra deshabilitada, por favor contacta a tu administrador.", + "Saved" : "Guardado", + "Unknown error, please check the log file for more details." : "Error desonocido, por favor revisa el archivo de bitácora para más detalles.", + "Direct log in" : "Inicio de sesión directo", + "SSO & SAML log in" : "Inicio de sesión SSO & SAML", + "X.509 certificate of the Service Provider" : "certificado X.509 del Proveedor de Servicio", + "Private key of the Service Provider" : "Llave privada del Proveedor de Servicio", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Indica que el nameID de enviado por este SP será encriptado. ", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Indica si los mensajes enviados por este SP serán firmados. [Los metadatos del SP proporcionarán esta información]", + "Indicates whether the messages sent by this SP will be signed." : "Indica si los mensjaes enviados por este SP serán firmados. ", + "Indicates whether the messages sent by this SP will be signed." : "Indica is los mensajes enviados por este SP serán firmados. ", + "Whether the metadata should be signed." : "Si los metadatos deben ser firmados o no. ", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Indica un requerimiento para que los elementos recibidos , y por este SP sean firmados. ", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Indica un requerimiento para que los elementos recibidos de este SP sean firmados. [Los metadatos del SP proporcionarán esta información]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Indica un requerimiento para que los elelemtnos recibidos de este SP sean encriptados. ", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Indica un requerimiento para que el elemento NameID en la SAMLResponse recibida por este SP esté presente. ", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Indica que un requerimiento para el NameID recibido por este SP está encriptado.", + "Indicates if the SP will validate all received XML." : "Indica si el SP validará todos el XML recibido. ", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS URL-Codifica los datos SAML como minúsculas, y el juego de herramientas usa mayúsculas por defecto. Habilita para tener compatibilidad con ADFS en la verificación de la firma.", + "Attribute to map the UID to." : "Atributo a mapear al UID.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Sólo permitir la autenticación si la cuenta exite en algún otro backend. (p. ej. LDAP)", + "Attribute to map the displayname to." : "Atributo a mapear a displayname. ", + "Attribute to map the email address to." : "Atributo a mapear a email address.", + "Attribute to map the quota to." : "Atributo al cual mapear la cuota. ", + "Attribute to map the users groups to." : "Atributo de correspondiencia de grupos de usuarios.", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Por favor usa autenticación SAML para los %s clientes de escritorio (se requiere volver a autenticar)", + "Optional display name of the identity provider (default: \"SSO & SAML log in\")" : "Nombre a desplegar opcional de la identidad del proveedor (valor por omisión: \"Inicio de sesión SSO & SAML\")", + "Allow the use of multiple user back-ends (e.g. LDAP)" : "Permitir el uso de múltiples sistemas de back-end de usuario (p. ej. LDAP)", + "SSO & SAML authentication" : "Autenticación SSO & SAML", + "Authenticate using single sign-on" : "Autenticar usando inicio de sesión único", + "Using the SSO & SAML app of your Nextcloud you can make it easily possible to integrate your existing Single-Sign-On solution with Nextcloud. In addition, you can use the Nextcloud LDAP user provider to keep the convenience for users. (e.g. when sharing)\nThe following providers are supported and tested at the moment:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Authentication via Environment Variable**\n\t* Kerberos (mod_auth_kerb)\n\t* Any other provider that authenticates using the environment variable\n\nWhile theoretically any other authentication provider implementing either one of those standards is compatible, we like to note that they are not part of any internal test matrix." : "Usando la aplicación de SSO & SAML de tu Nextcloud podrás hacer la integración de tu solución de Inicio de Sesión Única con Nextcloud de forma sencilla. Adicionalmente, podrás usar el proveedor de usuarios Nextcloud LDAP para la conveniencia de los usarios (p.e. al comparitr)\nLos siguientes porveedores están soportados y probados hasta este momento:\n\n* **SAML 2.0**\n* OneLogin\n* Shibboleth\n* Active Directory Federation Services (ADFS)\n\n* **Autentciación mediante Variable de Ambiente**\n* Kerberos (mod_auth_kerb)\n* Cualquier otro proveedor que autentica usando variable de ambiente\n\nMientras que teóricamente cualquier otro proveedor de autenticación que implemente cualquiera de esos estándares es compatible, nos gustaria hacer notar que no son parte de alguna matriz de pruebas interna. ", + "Open documentation" : "Abrir documentación", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Por favor selecciona si deseas autenticarte usando el proveedor integrado SAML de Nextcloud o si deseas autenticarte contra una variable de ambiente. ", + "Use built-in SAML authentication" : "Usar autenticación SAML integrada", + "Use environment variable" : "Usar la variable de ambiente", + "General" : "General", + "Service Provider Data" : "Datos del Proveedor de Servicio", + "If your Service Provider should use certificates you can optionally specify them here." : "Si tu Proveedor de Servicio debe usar certificados, puedes especificarlos opcionalmente desde aquí.", + "Show Service Provider settings…" : "Mostrar las configuraciones de Proveedor de Servicio...", + "Identity Provider Data" : "Datos del Proveedor de Identidad", + "Configure your IdP settings here." : "Configura las configuraciones de IdP aquí. ", + "Identifier of the IdP entity (must be a URI)" : "Identificador de la entidad IdP (debe ser un URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "URL Destino del IdP donde el SP enviará automaticamente el Mensaje de Solicitud de Autenticación", + "Show optional Identity Provider settings…" : "Mostrar las configuraciones opcionales del Proveedor de Identidad...", + "URL Location of the IdP where the SP will send the SLO Request" : "Ubicación del URL del IdP donde el SP enviará la Solicitud SLO", + "Public X.509 certificate of the IdP" : "Certificado X.509 público del IdP", + "Attribute mapping" : "Mapeo del atributo", + "If you want to optionally map attributes to the user you can configure these here." : "SI opcionalmente quieres mapear los atributos del usuario, puedes configurarlos aquí.", + "Show attribute mapping settings…" : "Mostrar las configuraciones del mapeo de atributos...", + "Security settings" : "Configuraciones de seguridad", + "For increased security we recommend enabling the following settings if supported by your environment." : "Para mayor seguridad te recomendamos habilitar las siguientes configuraciones si están soportados en tu ambiente.", + "Show security settings…" : "Mostrar las configuraciones de seguridad...", + "Signatures and encryption offered" : "Firmas y encripción disponibles", + "Signatures and encryption required" : "Firmas y encripción requeridos", + "Download metadata XML" : "Descargar metadatos XML", + "Metadata invalid" : "Metadatos inválidos", + "Metadata valid" : "Metadatos válidos", + "Error" : "Error", + "Account not provisioned." : "La cuenta no está aprovisionada. ", + "Your account is not provisioned, access to this service is thus not possible." : "Tu cuenta no ha sido aprovisionada, por lo cual el acceso a este servico no es posible. " +},"pluralForm" :"nplurals=2; plural=(n != 1);" +} \ No newline at end of file diff --git a/docker/nextcloud/custom_apps/user_saml/l10n/es_NI.js b/docker/nextcloud/custom_apps/user_saml/l10n/es_NI.js new file mode 100644 index 0000000..1dd4add --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/l10n/es_NI.js @@ -0,0 +1,55 @@ +OC.L10N.register( + "user_saml", + { + "Saved" : "Guardado", + "X.509 certificate of the Service Provider" : "certificado X.509 del Proveedor de Servicio", + "Private key of the Service Provider" : "Llave privada del Proveedor de Servicio", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Indica que el nameID de enviado por este SP será encriptado. ", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Indica si los mensajes enviados por este SP serán firmados. [Los metadatos del SP proporcionarán esta información]", + "Indicates whether the messages sent by this SP will be signed." : "Indica si los mensjaes enviados por este SP serán firmados. ", + "Indicates whether the messages sent by this SP will be signed." : "Indica is los mensajes enviados por este SP serán firmados. ", + "Whether the metadata should be signed." : "Si los metadatos deben ser firmados o no. ", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Indica un requerimiento para que los elementos recibidos , y por este SP sean firmados. ", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Indica un requerimiento para que los elementos recibidos de este SP sean firmados. [Los metadatos del SP proporcionarán esta información]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Indica un requerimiento para que los elelemtnos recibidos de este SP sean encriptados. ", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Indica un requerimiento para que el elemento NameID en la SAMLResponse recibida por este SP esté presente. ", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Indica que un requerimiento para el NameID recibido por este SP está encriptado.", + "Indicates if the SP will validate all received XML." : "Indica si el SP validará todos el XML recibido. ", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS URL-Codifica los datos SAML como minúsculas, y el juego de herramientas usa mayúsculas por defecto. Habilita para tener compatibilidad con ADFS en la verificación de la firma.", + "Attribute to map the UID to." : "Atributo a mapear al UID.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Sólo permitir la autenticación si la cuenta exite en algún otro backend. (p. ej. LDAP)", + "Attribute to map the displayname to." : "Atributo a mapear a displayname. ", + "Attribute to map the email address to." : "Atributo a mapear a email address.", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Por favor usa autenticación SAML para los %s clientes de escritorio (se requiere volver a autenticar)", + "SSO & SAML authentication" : "Autenticación SSO & SAML", + "Open documentation" : "Abrir documentación", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Por favor selecciona si deseas autenticarte usando el proveedor integrado SAML de Nextcloud o si deseas autenticarte contra una variable de ambiente. ", + "Use built-in SAML authentication" : "Usar autenticación SAML integrada", + "Use environment variable" : "Usar la variable de ambiente", + "General" : "General", + "Service Provider Data" : "Datos del Proveedor de Servicio", + "If your Service Provider should use certificates you can optionally specify them here." : "Si tu Proveedor de Servicio debe usar certificados, puedes especificarlos opcionalmente desde aquí.", + "Show Service Provider settings…" : "Mostrar las configuraciones de Proveedor de Servicio...", + "Identity Provider Data" : "Datos del Proveedor de Identidad", + "Configure your IdP settings here." : "Configura las configuraciones de IdP aquí. ", + "Identifier of the IdP entity (must be a URI)" : "Identificador de la entidad IdP (debe ser un URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "URL Destino del IdP donde el SP enviará automaticamente el Mensaje de Solicitud de Autenticación", + "Show optional Identity Provider settings…" : "Mostrar las configuraciones opcionales del Proveedor de Identidad...", + "URL Location of the IdP where the SP will send the SLO Request" : "Ubicación del URL del IdP donde el SP enviará la Solicitud SLO", + "Public X.509 certificate of the IdP" : "Certificado X.509 público del IdP", + "Attribute mapping" : "Mapeo del atributo", + "If you want to optionally map attributes to the user you can configure these here." : "SI opcionalmente quieres mapear los atributos del usuario, puedes configurarlos aquí.", + "Show attribute mapping settings…" : "Mostrar las configuraciones del mapeo de atributos...", + "Security settings" : "Configuraciones de seguridad", + "For increased security we recommend enabling the following settings if supported by your environment." : "Para mayor seguridad te recomendamos habilitar las siguientes configuraciones si están soportados en tu ambiente.", + "Show security settings…" : "Mostrar las configuraciones de seguridad...", + "Signatures and encryption offered" : "Firmas y encripción disponibles", + "Signatures and encryption required" : "Firmas y encripción requeridos", + "Download metadata XML" : "Descargar metadatos XML", + "Metadata invalid" : "Metadatos inválidos", + "Metadata valid" : "Metadatos válidos", + "Error" : "Error", + "Account not provisioned." : "La cuenta no está aprovisionada. ", + "Your account is not provisioned, access to this service is thus not possible." : "Tu cuenta no ha sido aprovisionada, por lo cual el acceso a este servico no es posible. " +}, +"nplurals=2; plural=(n != 1);"); diff --git a/docker/nextcloud/custom_apps/user_saml/l10n/es_NI.json b/docker/nextcloud/custom_apps/user_saml/l10n/es_NI.json new file mode 100644 index 0000000..d7b0780 --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/l10n/es_NI.json @@ -0,0 +1,53 @@ +{ "translations": { + "Saved" : "Guardado", + "X.509 certificate of the Service Provider" : "certificado X.509 del Proveedor de Servicio", + "Private key of the Service Provider" : "Llave privada del Proveedor de Servicio", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Indica que el nameID de enviado por este SP será encriptado. ", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Indica si los mensajes enviados por este SP serán firmados. [Los metadatos del SP proporcionarán esta información]", + "Indicates whether the messages sent by this SP will be signed." : "Indica si los mensjaes enviados por este SP serán firmados. ", + "Indicates whether the messages sent by this SP will be signed." : "Indica is los mensajes enviados por este SP serán firmados. ", + "Whether the metadata should be signed." : "Si los metadatos deben ser firmados o no. ", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Indica un requerimiento para que los elementos recibidos , y por este SP sean firmados. ", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Indica un requerimiento para que los elementos recibidos de este SP sean firmados. [Los metadatos del SP proporcionarán esta información]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Indica un requerimiento para que los elelemtnos recibidos de este SP sean encriptados. ", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Indica un requerimiento para que el elemento NameID en la SAMLResponse recibida por este SP esté presente. ", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Indica que un requerimiento para el NameID recibido por este SP está encriptado.", + "Indicates if the SP will validate all received XML." : "Indica si el SP validará todos el XML recibido. ", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS URL-Codifica los datos SAML como minúsculas, y el juego de herramientas usa mayúsculas por defecto. Habilita para tener compatibilidad con ADFS en la verificación de la firma.", + "Attribute to map the UID to." : "Atributo a mapear al UID.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Sólo permitir la autenticación si la cuenta exite en algún otro backend. (p. ej. LDAP)", + "Attribute to map the displayname to." : "Atributo a mapear a displayname. ", + "Attribute to map the email address to." : "Atributo a mapear a email address.", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Por favor usa autenticación SAML para los %s clientes de escritorio (se requiere volver a autenticar)", + "SSO & SAML authentication" : "Autenticación SSO & SAML", + "Open documentation" : "Abrir documentación", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Por favor selecciona si deseas autenticarte usando el proveedor integrado SAML de Nextcloud o si deseas autenticarte contra una variable de ambiente. ", + "Use built-in SAML authentication" : "Usar autenticación SAML integrada", + "Use environment variable" : "Usar la variable de ambiente", + "General" : "General", + "Service Provider Data" : "Datos del Proveedor de Servicio", + "If your Service Provider should use certificates you can optionally specify them here." : "Si tu Proveedor de Servicio debe usar certificados, puedes especificarlos opcionalmente desde aquí.", + "Show Service Provider settings…" : "Mostrar las configuraciones de Proveedor de Servicio...", + "Identity Provider Data" : "Datos del Proveedor de Identidad", + "Configure your IdP settings here." : "Configura las configuraciones de IdP aquí. ", + "Identifier of the IdP entity (must be a URI)" : "Identificador de la entidad IdP (debe ser un URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "URL Destino del IdP donde el SP enviará automaticamente el Mensaje de Solicitud de Autenticación", + "Show optional Identity Provider settings…" : "Mostrar las configuraciones opcionales del Proveedor de Identidad...", + "URL Location of the IdP where the SP will send the SLO Request" : "Ubicación del URL del IdP donde el SP enviará la Solicitud SLO", + "Public X.509 certificate of the IdP" : "Certificado X.509 público del IdP", + "Attribute mapping" : "Mapeo del atributo", + "If you want to optionally map attributes to the user you can configure these here." : "SI opcionalmente quieres mapear los atributos del usuario, puedes configurarlos aquí.", + "Show attribute mapping settings…" : "Mostrar las configuraciones del mapeo de atributos...", + "Security settings" : "Configuraciones de seguridad", + "For increased security we recommend enabling the following settings if supported by your environment." : "Para mayor seguridad te recomendamos habilitar las siguientes configuraciones si están soportados en tu ambiente.", + "Show security settings…" : "Mostrar las configuraciones de seguridad...", + "Signatures and encryption offered" : "Firmas y encripción disponibles", + "Signatures and encryption required" : "Firmas y encripción requeridos", + "Download metadata XML" : "Descargar metadatos XML", + "Metadata invalid" : "Metadatos inválidos", + "Metadata valid" : "Metadatos válidos", + "Error" : "Error", + "Account not provisioned." : "La cuenta no está aprovisionada. ", + "Your account is not provisioned, access to this service is thus not possible." : "Tu cuenta no ha sido aprovisionada, por lo cual el acceso a este servico no es posible. " +},"pluralForm" :"nplurals=2; plural=(n != 1);" +} \ No newline at end of file diff --git a/docker/nextcloud/custom_apps/user_saml/l10n/es_PA.js b/docker/nextcloud/custom_apps/user_saml/l10n/es_PA.js new file mode 100644 index 0000000..1dd4add --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/l10n/es_PA.js @@ -0,0 +1,55 @@ +OC.L10N.register( + "user_saml", + { + "Saved" : "Guardado", + "X.509 certificate of the Service Provider" : "certificado X.509 del Proveedor de Servicio", + "Private key of the Service Provider" : "Llave privada del Proveedor de Servicio", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Indica que el nameID de enviado por este SP será encriptado. ", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Indica si los mensajes enviados por este SP serán firmados. [Los metadatos del SP proporcionarán esta información]", + "Indicates whether the messages sent by this SP will be signed." : "Indica si los mensjaes enviados por este SP serán firmados. ", + "Indicates whether the messages sent by this SP will be signed." : "Indica is los mensajes enviados por este SP serán firmados. ", + "Whether the metadata should be signed." : "Si los metadatos deben ser firmados o no. ", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Indica un requerimiento para que los elementos recibidos , y por este SP sean firmados. ", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Indica un requerimiento para que los elementos recibidos de este SP sean firmados. [Los metadatos del SP proporcionarán esta información]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Indica un requerimiento para que los elelemtnos recibidos de este SP sean encriptados. ", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Indica un requerimiento para que el elemento NameID en la SAMLResponse recibida por este SP esté presente. ", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Indica que un requerimiento para el NameID recibido por este SP está encriptado.", + "Indicates if the SP will validate all received XML." : "Indica si el SP validará todos el XML recibido. ", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS URL-Codifica los datos SAML como minúsculas, y el juego de herramientas usa mayúsculas por defecto. Habilita para tener compatibilidad con ADFS en la verificación de la firma.", + "Attribute to map the UID to." : "Atributo a mapear al UID.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Sólo permitir la autenticación si la cuenta exite en algún otro backend. (p. ej. LDAP)", + "Attribute to map the displayname to." : "Atributo a mapear a displayname. ", + "Attribute to map the email address to." : "Atributo a mapear a email address.", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Por favor usa autenticación SAML para los %s clientes de escritorio (se requiere volver a autenticar)", + "SSO & SAML authentication" : "Autenticación SSO & SAML", + "Open documentation" : "Abrir documentación", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Por favor selecciona si deseas autenticarte usando el proveedor integrado SAML de Nextcloud o si deseas autenticarte contra una variable de ambiente. ", + "Use built-in SAML authentication" : "Usar autenticación SAML integrada", + "Use environment variable" : "Usar la variable de ambiente", + "General" : "General", + "Service Provider Data" : "Datos del Proveedor de Servicio", + "If your Service Provider should use certificates you can optionally specify them here." : "Si tu Proveedor de Servicio debe usar certificados, puedes especificarlos opcionalmente desde aquí.", + "Show Service Provider settings…" : "Mostrar las configuraciones de Proveedor de Servicio...", + "Identity Provider Data" : "Datos del Proveedor de Identidad", + "Configure your IdP settings here." : "Configura las configuraciones de IdP aquí. ", + "Identifier of the IdP entity (must be a URI)" : "Identificador de la entidad IdP (debe ser un URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "URL Destino del IdP donde el SP enviará automaticamente el Mensaje de Solicitud de Autenticación", + "Show optional Identity Provider settings…" : "Mostrar las configuraciones opcionales del Proveedor de Identidad...", + "URL Location of the IdP where the SP will send the SLO Request" : "Ubicación del URL del IdP donde el SP enviará la Solicitud SLO", + "Public X.509 certificate of the IdP" : "Certificado X.509 público del IdP", + "Attribute mapping" : "Mapeo del atributo", + "If you want to optionally map attributes to the user you can configure these here." : "SI opcionalmente quieres mapear los atributos del usuario, puedes configurarlos aquí.", + "Show attribute mapping settings…" : "Mostrar las configuraciones del mapeo de atributos...", + "Security settings" : "Configuraciones de seguridad", + "For increased security we recommend enabling the following settings if supported by your environment." : "Para mayor seguridad te recomendamos habilitar las siguientes configuraciones si están soportados en tu ambiente.", + "Show security settings…" : "Mostrar las configuraciones de seguridad...", + "Signatures and encryption offered" : "Firmas y encripción disponibles", + "Signatures and encryption required" : "Firmas y encripción requeridos", + "Download metadata XML" : "Descargar metadatos XML", + "Metadata invalid" : "Metadatos inválidos", + "Metadata valid" : "Metadatos válidos", + "Error" : "Error", + "Account not provisioned." : "La cuenta no está aprovisionada. ", + "Your account is not provisioned, access to this service is thus not possible." : "Tu cuenta no ha sido aprovisionada, por lo cual el acceso a este servico no es posible. " +}, +"nplurals=2; plural=(n != 1);"); diff --git a/docker/nextcloud/custom_apps/user_saml/l10n/es_PA.json b/docker/nextcloud/custom_apps/user_saml/l10n/es_PA.json new file mode 100644 index 0000000..d7b0780 --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/l10n/es_PA.json @@ -0,0 +1,53 @@ +{ "translations": { + "Saved" : "Guardado", + "X.509 certificate of the Service Provider" : "certificado X.509 del Proveedor de Servicio", + "Private key of the Service Provider" : "Llave privada del Proveedor de Servicio", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Indica que el nameID de enviado por este SP será encriptado. ", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Indica si los mensajes enviados por este SP serán firmados. [Los metadatos del SP proporcionarán esta información]", + "Indicates whether the messages sent by this SP will be signed." : "Indica si los mensjaes enviados por este SP serán firmados. ", + "Indicates whether the messages sent by this SP will be signed." : "Indica is los mensajes enviados por este SP serán firmados. ", + "Whether the metadata should be signed." : "Si los metadatos deben ser firmados o no. ", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Indica un requerimiento para que los elementos recibidos , y por este SP sean firmados. ", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Indica un requerimiento para que los elementos recibidos de este SP sean firmados. [Los metadatos del SP proporcionarán esta información]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Indica un requerimiento para que los elelemtnos recibidos de este SP sean encriptados. ", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Indica un requerimiento para que el elemento NameID en la SAMLResponse recibida por este SP esté presente. ", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Indica que un requerimiento para el NameID recibido por este SP está encriptado.", + "Indicates if the SP will validate all received XML." : "Indica si el SP validará todos el XML recibido. ", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS URL-Codifica los datos SAML como minúsculas, y el juego de herramientas usa mayúsculas por defecto. Habilita para tener compatibilidad con ADFS en la verificación de la firma.", + "Attribute to map the UID to." : "Atributo a mapear al UID.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Sólo permitir la autenticación si la cuenta exite en algún otro backend. (p. ej. LDAP)", + "Attribute to map the displayname to." : "Atributo a mapear a displayname. ", + "Attribute to map the email address to." : "Atributo a mapear a email address.", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Por favor usa autenticación SAML para los %s clientes de escritorio (se requiere volver a autenticar)", + "SSO & SAML authentication" : "Autenticación SSO & SAML", + "Open documentation" : "Abrir documentación", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Por favor selecciona si deseas autenticarte usando el proveedor integrado SAML de Nextcloud o si deseas autenticarte contra una variable de ambiente. ", + "Use built-in SAML authentication" : "Usar autenticación SAML integrada", + "Use environment variable" : "Usar la variable de ambiente", + "General" : "General", + "Service Provider Data" : "Datos del Proveedor de Servicio", + "If your Service Provider should use certificates you can optionally specify them here." : "Si tu Proveedor de Servicio debe usar certificados, puedes especificarlos opcionalmente desde aquí.", + "Show Service Provider settings…" : "Mostrar las configuraciones de Proveedor de Servicio...", + "Identity Provider Data" : "Datos del Proveedor de Identidad", + "Configure your IdP settings here." : "Configura las configuraciones de IdP aquí. ", + "Identifier of the IdP entity (must be a URI)" : "Identificador de la entidad IdP (debe ser un URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "URL Destino del IdP donde el SP enviará automaticamente el Mensaje de Solicitud de Autenticación", + "Show optional Identity Provider settings…" : "Mostrar las configuraciones opcionales del Proveedor de Identidad...", + "URL Location of the IdP where the SP will send the SLO Request" : "Ubicación del URL del IdP donde el SP enviará la Solicitud SLO", + "Public X.509 certificate of the IdP" : "Certificado X.509 público del IdP", + "Attribute mapping" : "Mapeo del atributo", + "If you want to optionally map attributes to the user you can configure these here." : "SI opcionalmente quieres mapear los atributos del usuario, puedes configurarlos aquí.", + "Show attribute mapping settings…" : "Mostrar las configuraciones del mapeo de atributos...", + "Security settings" : "Configuraciones de seguridad", + "For increased security we recommend enabling the following settings if supported by your environment." : "Para mayor seguridad te recomendamos habilitar las siguientes configuraciones si están soportados en tu ambiente.", + "Show security settings…" : "Mostrar las configuraciones de seguridad...", + "Signatures and encryption offered" : "Firmas y encripción disponibles", + "Signatures and encryption required" : "Firmas y encripción requeridos", + "Download metadata XML" : "Descargar metadatos XML", + "Metadata invalid" : "Metadatos inválidos", + "Metadata valid" : "Metadatos válidos", + "Error" : "Error", + "Account not provisioned." : "La cuenta no está aprovisionada. ", + "Your account is not provisioned, access to this service is thus not possible." : "Tu cuenta no ha sido aprovisionada, por lo cual el acceso a este servico no es posible. " +},"pluralForm" :"nplurals=2; plural=(n != 1);" +} \ No newline at end of file diff --git a/docker/nextcloud/custom_apps/user_saml/l10n/es_PE.js b/docker/nextcloud/custom_apps/user_saml/l10n/es_PE.js new file mode 100644 index 0000000..1dd4add --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/l10n/es_PE.js @@ -0,0 +1,55 @@ +OC.L10N.register( + "user_saml", + { + "Saved" : "Guardado", + "X.509 certificate of the Service Provider" : "certificado X.509 del Proveedor de Servicio", + "Private key of the Service Provider" : "Llave privada del Proveedor de Servicio", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Indica que el nameID de enviado por este SP será encriptado. ", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Indica si los mensajes enviados por este SP serán firmados. [Los metadatos del SP proporcionarán esta información]", + "Indicates whether the messages sent by this SP will be signed." : "Indica si los mensjaes enviados por este SP serán firmados. ", + "Indicates whether the messages sent by this SP will be signed." : "Indica is los mensajes enviados por este SP serán firmados. ", + "Whether the metadata should be signed." : "Si los metadatos deben ser firmados o no. ", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Indica un requerimiento para que los elementos recibidos , y por este SP sean firmados. ", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Indica un requerimiento para que los elementos recibidos de este SP sean firmados. [Los metadatos del SP proporcionarán esta información]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Indica un requerimiento para que los elelemtnos recibidos de este SP sean encriptados. ", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Indica un requerimiento para que el elemento NameID en la SAMLResponse recibida por este SP esté presente. ", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Indica que un requerimiento para el NameID recibido por este SP está encriptado.", + "Indicates if the SP will validate all received XML." : "Indica si el SP validará todos el XML recibido. ", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS URL-Codifica los datos SAML como minúsculas, y el juego de herramientas usa mayúsculas por defecto. Habilita para tener compatibilidad con ADFS en la verificación de la firma.", + "Attribute to map the UID to." : "Atributo a mapear al UID.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Sólo permitir la autenticación si la cuenta exite en algún otro backend. (p. ej. LDAP)", + "Attribute to map the displayname to." : "Atributo a mapear a displayname. ", + "Attribute to map the email address to." : "Atributo a mapear a email address.", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Por favor usa autenticación SAML para los %s clientes de escritorio (se requiere volver a autenticar)", + "SSO & SAML authentication" : "Autenticación SSO & SAML", + "Open documentation" : "Abrir documentación", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Por favor selecciona si deseas autenticarte usando el proveedor integrado SAML de Nextcloud o si deseas autenticarte contra una variable de ambiente. ", + "Use built-in SAML authentication" : "Usar autenticación SAML integrada", + "Use environment variable" : "Usar la variable de ambiente", + "General" : "General", + "Service Provider Data" : "Datos del Proveedor de Servicio", + "If your Service Provider should use certificates you can optionally specify them here." : "Si tu Proveedor de Servicio debe usar certificados, puedes especificarlos opcionalmente desde aquí.", + "Show Service Provider settings…" : "Mostrar las configuraciones de Proveedor de Servicio...", + "Identity Provider Data" : "Datos del Proveedor de Identidad", + "Configure your IdP settings here." : "Configura las configuraciones de IdP aquí. ", + "Identifier of the IdP entity (must be a URI)" : "Identificador de la entidad IdP (debe ser un URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "URL Destino del IdP donde el SP enviará automaticamente el Mensaje de Solicitud de Autenticación", + "Show optional Identity Provider settings…" : "Mostrar las configuraciones opcionales del Proveedor de Identidad...", + "URL Location of the IdP where the SP will send the SLO Request" : "Ubicación del URL del IdP donde el SP enviará la Solicitud SLO", + "Public X.509 certificate of the IdP" : "Certificado X.509 público del IdP", + "Attribute mapping" : "Mapeo del atributo", + "If you want to optionally map attributes to the user you can configure these here." : "SI opcionalmente quieres mapear los atributos del usuario, puedes configurarlos aquí.", + "Show attribute mapping settings…" : "Mostrar las configuraciones del mapeo de atributos...", + "Security settings" : "Configuraciones de seguridad", + "For increased security we recommend enabling the following settings if supported by your environment." : "Para mayor seguridad te recomendamos habilitar las siguientes configuraciones si están soportados en tu ambiente.", + "Show security settings…" : "Mostrar las configuraciones de seguridad...", + "Signatures and encryption offered" : "Firmas y encripción disponibles", + "Signatures and encryption required" : "Firmas y encripción requeridos", + "Download metadata XML" : "Descargar metadatos XML", + "Metadata invalid" : "Metadatos inválidos", + "Metadata valid" : "Metadatos válidos", + "Error" : "Error", + "Account not provisioned." : "La cuenta no está aprovisionada. ", + "Your account is not provisioned, access to this service is thus not possible." : "Tu cuenta no ha sido aprovisionada, por lo cual el acceso a este servico no es posible. " +}, +"nplurals=2; plural=(n != 1);"); diff --git a/docker/nextcloud/custom_apps/user_saml/l10n/es_PE.json b/docker/nextcloud/custom_apps/user_saml/l10n/es_PE.json new file mode 100644 index 0000000..d7b0780 --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/l10n/es_PE.json @@ -0,0 +1,53 @@ +{ "translations": { + "Saved" : "Guardado", + "X.509 certificate of the Service Provider" : "certificado X.509 del Proveedor de Servicio", + "Private key of the Service Provider" : "Llave privada del Proveedor de Servicio", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Indica que el nameID de enviado por este SP será encriptado. ", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Indica si los mensajes enviados por este SP serán firmados. [Los metadatos del SP proporcionarán esta información]", + "Indicates whether the messages sent by this SP will be signed." : "Indica si los mensjaes enviados por este SP serán firmados. ", + "Indicates whether the messages sent by this SP will be signed." : "Indica is los mensajes enviados por este SP serán firmados. ", + "Whether the metadata should be signed." : "Si los metadatos deben ser firmados o no. ", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Indica un requerimiento para que los elementos recibidos , y por este SP sean firmados. ", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Indica un requerimiento para que los elementos recibidos de este SP sean firmados. [Los metadatos del SP proporcionarán esta información]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Indica un requerimiento para que los elelemtnos recibidos de este SP sean encriptados. ", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Indica un requerimiento para que el elemento NameID en la SAMLResponse recibida por este SP esté presente. ", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Indica que un requerimiento para el NameID recibido por este SP está encriptado.", + "Indicates if the SP will validate all received XML." : "Indica si el SP validará todos el XML recibido. ", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS URL-Codifica los datos SAML como minúsculas, y el juego de herramientas usa mayúsculas por defecto. Habilita para tener compatibilidad con ADFS en la verificación de la firma.", + "Attribute to map the UID to." : "Atributo a mapear al UID.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Sólo permitir la autenticación si la cuenta exite en algún otro backend. (p. ej. LDAP)", + "Attribute to map the displayname to." : "Atributo a mapear a displayname. ", + "Attribute to map the email address to." : "Atributo a mapear a email address.", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Por favor usa autenticación SAML para los %s clientes de escritorio (se requiere volver a autenticar)", + "SSO & SAML authentication" : "Autenticación SSO & SAML", + "Open documentation" : "Abrir documentación", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Por favor selecciona si deseas autenticarte usando el proveedor integrado SAML de Nextcloud o si deseas autenticarte contra una variable de ambiente. ", + "Use built-in SAML authentication" : "Usar autenticación SAML integrada", + "Use environment variable" : "Usar la variable de ambiente", + "General" : "General", + "Service Provider Data" : "Datos del Proveedor de Servicio", + "If your Service Provider should use certificates you can optionally specify them here." : "Si tu Proveedor de Servicio debe usar certificados, puedes especificarlos opcionalmente desde aquí.", + "Show Service Provider settings…" : "Mostrar las configuraciones de Proveedor de Servicio...", + "Identity Provider Data" : "Datos del Proveedor de Identidad", + "Configure your IdP settings here." : "Configura las configuraciones de IdP aquí. ", + "Identifier of the IdP entity (must be a URI)" : "Identificador de la entidad IdP (debe ser un URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "URL Destino del IdP donde el SP enviará automaticamente el Mensaje de Solicitud de Autenticación", + "Show optional Identity Provider settings…" : "Mostrar las configuraciones opcionales del Proveedor de Identidad...", + "URL Location of the IdP where the SP will send the SLO Request" : "Ubicación del URL del IdP donde el SP enviará la Solicitud SLO", + "Public X.509 certificate of the IdP" : "Certificado X.509 público del IdP", + "Attribute mapping" : "Mapeo del atributo", + "If you want to optionally map attributes to the user you can configure these here." : "SI opcionalmente quieres mapear los atributos del usuario, puedes configurarlos aquí.", + "Show attribute mapping settings…" : "Mostrar las configuraciones del mapeo de atributos...", + "Security settings" : "Configuraciones de seguridad", + "For increased security we recommend enabling the following settings if supported by your environment." : "Para mayor seguridad te recomendamos habilitar las siguientes configuraciones si están soportados en tu ambiente.", + "Show security settings…" : "Mostrar las configuraciones de seguridad...", + "Signatures and encryption offered" : "Firmas y encripción disponibles", + "Signatures and encryption required" : "Firmas y encripción requeridos", + "Download metadata XML" : "Descargar metadatos XML", + "Metadata invalid" : "Metadatos inválidos", + "Metadata valid" : "Metadatos válidos", + "Error" : "Error", + "Account not provisioned." : "La cuenta no está aprovisionada. ", + "Your account is not provisioned, access to this service is thus not possible." : "Tu cuenta no ha sido aprovisionada, por lo cual el acceso a este servico no es posible. " +},"pluralForm" :"nplurals=2; plural=(n != 1);" +} \ No newline at end of file diff --git a/docker/nextcloud/custom_apps/user_saml/l10n/es_PR.js b/docker/nextcloud/custom_apps/user_saml/l10n/es_PR.js new file mode 100644 index 0000000..1dd4add --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/l10n/es_PR.js @@ -0,0 +1,55 @@ +OC.L10N.register( + "user_saml", + { + "Saved" : "Guardado", + "X.509 certificate of the Service Provider" : "certificado X.509 del Proveedor de Servicio", + "Private key of the Service Provider" : "Llave privada del Proveedor de Servicio", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Indica que el nameID de enviado por este SP será encriptado. ", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Indica si los mensajes enviados por este SP serán firmados. [Los metadatos del SP proporcionarán esta información]", + "Indicates whether the messages sent by this SP will be signed." : "Indica si los mensjaes enviados por este SP serán firmados. ", + "Indicates whether the messages sent by this SP will be signed." : "Indica is los mensajes enviados por este SP serán firmados. ", + "Whether the metadata should be signed." : "Si los metadatos deben ser firmados o no. ", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Indica un requerimiento para que los elementos recibidos , y por este SP sean firmados. ", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Indica un requerimiento para que los elementos recibidos de este SP sean firmados. [Los metadatos del SP proporcionarán esta información]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Indica un requerimiento para que los elelemtnos recibidos de este SP sean encriptados. ", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Indica un requerimiento para que el elemento NameID en la SAMLResponse recibida por este SP esté presente. ", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Indica que un requerimiento para el NameID recibido por este SP está encriptado.", + "Indicates if the SP will validate all received XML." : "Indica si el SP validará todos el XML recibido. ", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS URL-Codifica los datos SAML como minúsculas, y el juego de herramientas usa mayúsculas por defecto. Habilita para tener compatibilidad con ADFS en la verificación de la firma.", + "Attribute to map the UID to." : "Atributo a mapear al UID.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Sólo permitir la autenticación si la cuenta exite en algún otro backend. (p. ej. LDAP)", + "Attribute to map the displayname to." : "Atributo a mapear a displayname. ", + "Attribute to map the email address to." : "Atributo a mapear a email address.", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Por favor usa autenticación SAML para los %s clientes de escritorio (se requiere volver a autenticar)", + "SSO & SAML authentication" : "Autenticación SSO & SAML", + "Open documentation" : "Abrir documentación", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Por favor selecciona si deseas autenticarte usando el proveedor integrado SAML de Nextcloud o si deseas autenticarte contra una variable de ambiente. ", + "Use built-in SAML authentication" : "Usar autenticación SAML integrada", + "Use environment variable" : "Usar la variable de ambiente", + "General" : "General", + "Service Provider Data" : "Datos del Proveedor de Servicio", + "If your Service Provider should use certificates you can optionally specify them here." : "Si tu Proveedor de Servicio debe usar certificados, puedes especificarlos opcionalmente desde aquí.", + "Show Service Provider settings…" : "Mostrar las configuraciones de Proveedor de Servicio...", + "Identity Provider Data" : "Datos del Proveedor de Identidad", + "Configure your IdP settings here." : "Configura las configuraciones de IdP aquí. ", + "Identifier of the IdP entity (must be a URI)" : "Identificador de la entidad IdP (debe ser un URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "URL Destino del IdP donde el SP enviará automaticamente el Mensaje de Solicitud de Autenticación", + "Show optional Identity Provider settings…" : "Mostrar las configuraciones opcionales del Proveedor de Identidad...", + "URL Location of the IdP where the SP will send the SLO Request" : "Ubicación del URL del IdP donde el SP enviará la Solicitud SLO", + "Public X.509 certificate of the IdP" : "Certificado X.509 público del IdP", + "Attribute mapping" : "Mapeo del atributo", + "If you want to optionally map attributes to the user you can configure these here." : "SI opcionalmente quieres mapear los atributos del usuario, puedes configurarlos aquí.", + "Show attribute mapping settings…" : "Mostrar las configuraciones del mapeo de atributos...", + "Security settings" : "Configuraciones de seguridad", + "For increased security we recommend enabling the following settings if supported by your environment." : "Para mayor seguridad te recomendamos habilitar las siguientes configuraciones si están soportados en tu ambiente.", + "Show security settings…" : "Mostrar las configuraciones de seguridad...", + "Signatures and encryption offered" : "Firmas y encripción disponibles", + "Signatures and encryption required" : "Firmas y encripción requeridos", + "Download metadata XML" : "Descargar metadatos XML", + "Metadata invalid" : "Metadatos inválidos", + "Metadata valid" : "Metadatos válidos", + "Error" : "Error", + "Account not provisioned." : "La cuenta no está aprovisionada. ", + "Your account is not provisioned, access to this service is thus not possible." : "Tu cuenta no ha sido aprovisionada, por lo cual el acceso a este servico no es posible. " +}, +"nplurals=2; plural=(n != 1);"); diff --git a/docker/nextcloud/custom_apps/user_saml/l10n/es_PR.json b/docker/nextcloud/custom_apps/user_saml/l10n/es_PR.json new file mode 100644 index 0000000..d7b0780 --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/l10n/es_PR.json @@ -0,0 +1,53 @@ +{ "translations": { + "Saved" : "Guardado", + "X.509 certificate of the Service Provider" : "certificado X.509 del Proveedor de Servicio", + "Private key of the Service Provider" : "Llave privada del Proveedor de Servicio", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Indica que el nameID de enviado por este SP será encriptado. ", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Indica si los mensajes enviados por este SP serán firmados. [Los metadatos del SP proporcionarán esta información]", + "Indicates whether the messages sent by this SP will be signed." : "Indica si los mensjaes enviados por este SP serán firmados. ", + "Indicates whether the messages sent by this SP will be signed." : "Indica is los mensajes enviados por este SP serán firmados. ", + "Whether the metadata should be signed." : "Si los metadatos deben ser firmados o no. ", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Indica un requerimiento para que los elementos recibidos , y por este SP sean firmados. ", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Indica un requerimiento para que los elementos recibidos de este SP sean firmados. [Los metadatos del SP proporcionarán esta información]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Indica un requerimiento para que los elelemtnos recibidos de este SP sean encriptados. ", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Indica un requerimiento para que el elemento NameID en la SAMLResponse recibida por este SP esté presente. ", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Indica que un requerimiento para el NameID recibido por este SP está encriptado.", + "Indicates if the SP will validate all received XML." : "Indica si el SP validará todos el XML recibido. ", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS URL-Codifica los datos SAML como minúsculas, y el juego de herramientas usa mayúsculas por defecto. Habilita para tener compatibilidad con ADFS en la verificación de la firma.", + "Attribute to map the UID to." : "Atributo a mapear al UID.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Sólo permitir la autenticación si la cuenta exite en algún otro backend. (p. ej. LDAP)", + "Attribute to map the displayname to." : "Atributo a mapear a displayname. ", + "Attribute to map the email address to." : "Atributo a mapear a email address.", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Por favor usa autenticación SAML para los %s clientes de escritorio (se requiere volver a autenticar)", + "SSO & SAML authentication" : "Autenticación SSO & SAML", + "Open documentation" : "Abrir documentación", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Por favor selecciona si deseas autenticarte usando el proveedor integrado SAML de Nextcloud o si deseas autenticarte contra una variable de ambiente. ", + "Use built-in SAML authentication" : "Usar autenticación SAML integrada", + "Use environment variable" : "Usar la variable de ambiente", + "General" : "General", + "Service Provider Data" : "Datos del Proveedor de Servicio", + "If your Service Provider should use certificates you can optionally specify them here." : "Si tu Proveedor de Servicio debe usar certificados, puedes especificarlos opcionalmente desde aquí.", + "Show Service Provider settings…" : "Mostrar las configuraciones de Proveedor de Servicio...", + "Identity Provider Data" : "Datos del Proveedor de Identidad", + "Configure your IdP settings here." : "Configura las configuraciones de IdP aquí. ", + "Identifier of the IdP entity (must be a URI)" : "Identificador de la entidad IdP (debe ser un URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "URL Destino del IdP donde el SP enviará automaticamente el Mensaje de Solicitud de Autenticación", + "Show optional Identity Provider settings…" : "Mostrar las configuraciones opcionales del Proveedor de Identidad...", + "URL Location of the IdP where the SP will send the SLO Request" : "Ubicación del URL del IdP donde el SP enviará la Solicitud SLO", + "Public X.509 certificate of the IdP" : "Certificado X.509 público del IdP", + "Attribute mapping" : "Mapeo del atributo", + "If you want to optionally map attributes to the user you can configure these here." : "SI opcionalmente quieres mapear los atributos del usuario, puedes configurarlos aquí.", + "Show attribute mapping settings…" : "Mostrar las configuraciones del mapeo de atributos...", + "Security settings" : "Configuraciones de seguridad", + "For increased security we recommend enabling the following settings if supported by your environment." : "Para mayor seguridad te recomendamos habilitar las siguientes configuraciones si están soportados en tu ambiente.", + "Show security settings…" : "Mostrar las configuraciones de seguridad...", + "Signatures and encryption offered" : "Firmas y encripción disponibles", + "Signatures and encryption required" : "Firmas y encripción requeridos", + "Download metadata XML" : "Descargar metadatos XML", + "Metadata invalid" : "Metadatos inválidos", + "Metadata valid" : "Metadatos válidos", + "Error" : "Error", + "Account not provisioned." : "La cuenta no está aprovisionada. ", + "Your account is not provisioned, access to this service is thus not possible." : "Tu cuenta no ha sido aprovisionada, por lo cual el acceso a este servico no es posible. " +},"pluralForm" :"nplurals=2; plural=(n != 1);" +} \ No newline at end of file diff --git a/docker/nextcloud/custom_apps/user_saml/l10n/es_PY.js b/docker/nextcloud/custom_apps/user_saml/l10n/es_PY.js new file mode 100644 index 0000000..1dd4add --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/l10n/es_PY.js @@ -0,0 +1,55 @@ +OC.L10N.register( + "user_saml", + { + "Saved" : "Guardado", + "X.509 certificate of the Service Provider" : "certificado X.509 del Proveedor de Servicio", + "Private key of the Service Provider" : "Llave privada del Proveedor de Servicio", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Indica que el nameID de enviado por este SP será encriptado. ", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Indica si los mensajes enviados por este SP serán firmados. [Los metadatos del SP proporcionarán esta información]", + "Indicates whether the messages sent by this SP will be signed." : "Indica si los mensjaes enviados por este SP serán firmados. ", + "Indicates whether the messages sent by this SP will be signed." : "Indica is los mensajes enviados por este SP serán firmados. ", + "Whether the metadata should be signed." : "Si los metadatos deben ser firmados o no. ", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Indica un requerimiento para que los elementos recibidos , y por este SP sean firmados. ", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Indica un requerimiento para que los elementos recibidos de este SP sean firmados. [Los metadatos del SP proporcionarán esta información]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Indica un requerimiento para que los elelemtnos recibidos de este SP sean encriptados. ", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Indica un requerimiento para que el elemento NameID en la SAMLResponse recibida por este SP esté presente. ", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Indica que un requerimiento para el NameID recibido por este SP está encriptado.", + "Indicates if the SP will validate all received XML." : "Indica si el SP validará todos el XML recibido. ", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS URL-Codifica los datos SAML como minúsculas, y el juego de herramientas usa mayúsculas por defecto. Habilita para tener compatibilidad con ADFS en la verificación de la firma.", + "Attribute to map the UID to." : "Atributo a mapear al UID.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Sólo permitir la autenticación si la cuenta exite en algún otro backend. (p. ej. LDAP)", + "Attribute to map the displayname to." : "Atributo a mapear a displayname. ", + "Attribute to map the email address to." : "Atributo a mapear a email address.", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Por favor usa autenticación SAML para los %s clientes de escritorio (se requiere volver a autenticar)", + "SSO & SAML authentication" : "Autenticación SSO & SAML", + "Open documentation" : "Abrir documentación", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Por favor selecciona si deseas autenticarte usando el proveedor integrado SAML de Nextcloud o si deseas autenticarte contra una variable de ambiente. ", + "Use built-in SAML authentication" : "Usar autenticación SAML integrada", + "Use environment variable" : "Usar la variable de ambiente", + "General" : "General", + "Service Provider Data" : "Datos del Proveedor de Servicio", + "If your Service Provider should use certificates you can optionally specify them here." : "Si tu Proveedor de Servicio debe usar certificados, puedes especificarlos opcionalmente desde aquí.", + "Show Service Provider settings…" : "Mostrar las configuraciones de Proveedor de Servicio...", + "Identity Provider Data" : "Datos del Proveedor de Identidad", + "Configure your IdP settings here." : "Configura las configuraciones de IdP aquí. ", + "Identifier of the IdP entity (must be a URI)" : "Identificador de la entidad IdP (debe ser un URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "URL Destino del IdP donde el SP enviará automaticamente el Mensaje de Solicitud de Autenticación", + "Show optional Identity Provider settings…" : "Mostrar las configuraciones opcionales del Proveedor de Identidad...", + "URL Location of the IdP where the SP will send the SLO Request" : "Ubicación del URL del IdP donde el SP enviará la Solicitud SLO", + "Public X.509 certificate of the IdP" : "Certificado X.509 público del IdP", + "Attribute mapping" : "Mapeo del atributo", + "If you want to optionally map attributes to the user you can configure these here." : "SI opcionalmente quieres mapear los atributos del usuario, puedes configurarlos aquí.", + "Show attribute mapping settings…" : "Mostrar las configuraciones del mapeo de atributos...", + "Security settings" : "Configuraciones de seguridad", + "For increased security we recommend enabling the following settings if supported by your environment." : "Para mayor seguridad te recomendamos habilitar las siguientes configuraciones si están soportados en tu ambiente.", + "Show security settings…" : "Mostrar las configuraciones de seguridad...", + "Signatures and encryption offered" : "Firmas y encripción disponibles", + "Signatures and encryption required" : "Firmas y encripción requeridos", + "Download metadata XML" : "Descargar metadatos XML", + "Metadata invalid" : "Metadatos inválidos", + "Metadata valid" : "Metadatos válidos", + "Error" : "Error", + "Account not provisioned." : "La cuenta no está aprovisionada. ", + "Your account is not provisioned, access to this service is thus not possible." : "Tu cuenta no ha sido aprovisionada, por lo cual el acceso a este servico no es posible. " +}, +"nplurals=2; plural=(n != 1);"); diff --git a/docker/nextcloud/custom_apps/user_saml/l10n/es_PY.json b/docker/nextcloud/custom_apps/user_saml/l10n/es_PY.json new file mode 100644 index 0000000..d7b0780 --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/l10n/es_PY.json @@ -0,0 +1,53 @@ +{ "translations": { + "Saved" : "Guardado", + "X.509 certificate of the Service Provider" : "certificado X.509 del Proveedor de Servicio", + "Private key of the Service Provider" : "Llave privada del Proveedor de Servicio", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Indica que el nameID de enviado por este SP será encriptado. ", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Indica si los mensajes enviados por este SP serán firmados. [Los metadatos del SP proporcionarán esta información]", + "Indicates whether the messages sent by this SP will be signed." : "Indica si los mensjaes enviados por este SP serán firmados. ", + "Indicates whether the messages sent by this SP will be signed." : "Indica is los mensajes enviados por este SP serán firmados. ", + "Whether the metadata should be signed." : "Si los metadatos deben ser firmados o no. ", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Indica un requerimiento para que los elementos recibidos , y por este SP sean firmados. ", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Indica un requerimiento para que los elementos recibidos de este SP sean firmados. [Los metadatos del SP proporcionarán esta información]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Indica un requerimiento para que los elelemtnos recibidos de este SP sean encriptados. ", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Indica un requerimiento para que el elemento NameID en la SAMLResponse recibida por este SP esté presente. ", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Indica que un requerimiento para el NameID recibido por este SP está encriptado.", + "Indicates if the SP will validate all received XML." : "Indica si el SP validará todos el XML recibido. ", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS URL-Codifica los datos SAML como minúsculas, y el juego de herramientas usa mayúsculas por defecto. Habilita para tener compatibilidad con ADFS en la verificación de la firma.", + "Attribute to map the UID to." : "Atributo a mapear al UID.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Sólo permitir la autenticación si la cuenta exite en algún otro backend. (p. ej. LDAP)", + "Attribute to map the displayname to." : "Atributo a mapear a displayname. ", + "Attribute to map the email address to." : "Atributo a mapear a email address.", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Por favor usa autenticación SAML para los %s clientes de escritorio (se requiere volver a autenticar)", + "SSO & SAML authentication" : "Autenticación SSO & SAML", + "Open documentation" : "Abrir documentación", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Por favor selecciona si deseas autenticarte usando el proveedor integrado SAML de Nextcloud o si deseas autenticarte contra una variable de ambiente. ", + "Use built-in SAML authentication" : "Usar autenticación SAML integrada", + "Use environment variable" : "Usar la variable de ambiente", + "General" : "General", + "Service Provider Data" : "Datos del Proveedor de Servicio", + "If your Service Provider should use certificates you can optionally specify them here." : "Si tu Proveedor de Servicio debe usar certificados, puedes especificarlos opcionalmente desde aquí.", + "Show Service Provider settings…" : "Mostrar las configuraciones de Proveedor de Servicio...", + "Identity Provider Data" : "Datos del Proveedor de Identidad", + "Configure your IdP settings here." : "Configura las configuraciones de IdP aquí. ", + "Identifier of the IdP entity (must be a URI)" : "Identificador de la entidad IdP (debe ser un URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "URL Destino del IdP donde el SP enviará automaticamente el Mensaje de Solicitud de Autenticación", + "Show optional Identity Provider settings…" : "Mostrar las configuraciones opcionales del Proveedor de Identidad...", + "URL Location of the IdP where the SP will send the SLO Request" : "Ubicación del URL del IdP donde el SP enviará la Solicitud SLO", + "Public X.509 certificate of the IdP" : "Certificado X.509 público del IdP", + "Attribute mapping" : "Mapeo del atributo", + "If you want to optionally map attributes to the user you can configure these here." : "SI opcionalmente quieres mapear los atributos del usuario, puedes configurarlos aquí.", + "Show attribute mapping settings…" : "Mostrar las configuraciones del mapeo de atributos...", + "Security settings" : "Configuraciones de seguridad", + "For increased security we recommend enabling the following settings if supported by your environment." : "Para mayor seguridad te recomendamos habilitar las siguientes configuraciones si están soportados en tu ambiente.", + "Show security settings…" : "Mostrar las configuraciones de seguridad...", + "Signatures and encryption offered" : "Firmas y encripción disponibles", + "Signatures and encryption required" : "Firmas y encripción requeridos", + "Download metadata XML" : "Descargar metadatos XML", + "Metadata invalid" : "Metadatos inválidos", + "Metadata valid" : "Metadatos válidos", + "Error" : "Error", + "Account not provisioned." : "La cuenta no está aprovisionada. ", + "Your account is not provisioned, access to this service is thus not possible." : "Tu cuenta no ha sido aprovisionada, por lo cual el acceso a este servico no es posible. " +},"pluralForm" :"nplurals=2; plural=(n != 1);" +} \ No newline at end of file diff --git a/docker/nextcloud/custom_apps/user_saml/l10n/es_SV.js b/docker/nextcloud/custom_apps/user_saml/l10n/es_SV.js new file mode 100644 index 0000000..8d68fca --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/l10n/es_SV.js @@ -0,0 +1,63 @@ +OC.L10N.register( + "user_saml", + { + "This user account is disabled, please contact your administrator." : "Esta cuenta de usuario se encuentra deshabilitada, por favor contacta a tu administrador.", + "Saved" : "Guardado", + "Unknown error, please check the log file for more details." : "Error desonocido, por favor revisa el archivo de bitácora para más detalles.", + "Direct log in" : "Inicio de sesión directo", + "SSO & SAML log in" : "Inicio de sesión SSO & SAML", + "X.509 certificate of the Service Provider" : "certificado X.509 del Proveedor de Servicio", + "Private key of the Service Provider" : "Llave privada del Proveedor de Servicio", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Indica que el nameID de enviado por este SP será encriptado. ", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Indica si los mensajes enviados por este SP serán firmados. [Los metadatos del SP proporcionarán esta información]", + "Indicates whether the messages sent by this SP will be signed." : "Indica si los mensjaes enviados por este SP serán firmados. ", + "Indicates whether the messages sent by this SP will be signed." : "Indica is los mensajes enviados por este SP serán firmados. ", + "Whether the metadata should be signed." : "Si los metadatos deben ser firmados o no. ", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Indica un requerimiento para que los elementos recibidos , y por este SP sean firmados. ", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Indica un requerimiento para que los elementos recibidos de este SP sean firmados. [Los metadatos del SP proporcionarán esta información]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Indica un requerimiento para que los elelemtnos recibidos de este SP sean encriptados. ", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Indica un requerimiento para que el elemento NameID en la SAMLResponse recibida por este SP esté presente. ", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Indica que un requerimiento para el NameID recibido por este SP está encriptado.", + "Indicates if the SP will validate all received XML." : "Indica si el SP validará todos el XML recibido. ", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS URL-Codifica los datos SAML como minúsculas, y el juego de herramientas usa mayúsculas por defecto. Habilita para tener compatibilidad con ADFS en la verificación de la firma.", + "Attribute to map the UID to." : "Atributo a mapear al UID.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Sólo permitir la autenticación si la cuenta exite en algún otro backend. (p. ej. LDAP)", + "Attribute to map the displayname to." : "Atributo a mapear a displayname. ", + "Attribute to map the email address to." : "Atributo a mapear a email address.", + "Attribute to map the quota to." : "Atributo al cual mapear la cuota. ", + "Attribute to map the users groups to." : "Atributo de correspondiencia de grupos de usuarios.", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Por favor usa autenticación SAML para los %s clientes de escritorio (se requiere volver a autenticar)", + "Optional display name of the identity provider (default: \"SSO & SAML log in\")" : "Nombre a desplegar opcional de la identidad del proveedor (valor por omisión: \"Inicio de sesión SSO & SAML\")", + "Allow the use of multiple user back-ends (e.g. LDAP)" : "Permitir el uso de múltiples sistemas de back-end de usuario (p. ej. LDAP)", + "SSO & SAML authentication" : "Autenticación SSO & SAML", + "Open documentation" : "Abrir documentación", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Por favor selecciona si deseas autenticarte usando el proveedor integrado SAML de Nextcloud o si deseas autenticarte contra una variable de ambiente. ", + "Use built-in SAML authentication" : "Usar autenticación SAML integrada", + "Use environment variable" : "Usar la variable de ambiente", + "General" : "General", + "Service Provider Data" : "Datos del Proveedor de Servicio", + "If your Service Provider should use certificates you can optionally specify them here." : "Si tu Proveedor de Servicio debe usar certificados, puedes especificarlos opcionalmente desde aquí.", + "Show Service Provider settings…" : "Mostrar las configuraciones de Proveedor de Servicio...", + "Identity Provider Data" : "Datos del Proveedor de Identidad", + "Configure your IdP settings here." : "Configura las configuraciones de IdP aquí. ", + "Identifier of the IdP entity (must be a URI)" : "Identificador de la entidad IdP (debe ser un URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "URL Destino del IdP donde el SP enviará automaticamente el Mensaje de Solicitud de Autenticación", + "Show optional Identity Provider settings…" : "Mostrar las configuraciones opcionales del Proveedor de Identidad...", + "URL Location of the IdP where the SP will send the SLO Request" : "Ubicación del URL del IdP donde el SP enviará la Solicitud SLO", + "Public X.509 certificate of the IdP" : "Certificado X.509 público del IdP", + "Attribute mapping" : "Mapeo del atributo", + "If you want to optionally map attributes to the user you can configure these here." : "SI opcionalmente quieres mapear los atributos del usuario, puedes configurarlos aquí.", + "Show attribute mapping settings…" : "Mostrar las configuraciones del mapeo de atributos...", + "Security settings" : "Configuraciones de seguridad", + "For increased security we recommend enabling the following settings if supported by your environment." : "Para mayor seguridad te recomendamos habilitar las siguientes configuraciones si están soportados en tu ambiente.", + "Show security settings…" : "Mostrar las configuraciones de seguridad...", + "Signatures and encryption offered" : "Firmas y encripción disponibles", + "Signatures and encryption required" : "Firmas y encripción requeridos", + "Download metadata XML" : "Descargar metadatos XML", + "Metadata invalid" : "Metadatos inválidos", + "Metadata valid" : "Metadatos válidos", + "Error" : "Error", + "Account not provisioned." : "La cuenta no está aprovisionada. ", + "Your account is not provisioned, access to this service is thus not possible." : "Tu cuenta no ha sido aprovisionada, por lo cual el acceso a este servico no es posible. " +}, +"nplurals=2; plural=(n != 1);"); diff --git a/docker/nextcloud/custom_apps/user_saml/l10n/es_SV.json b/docker/nextcloud/custom_apps/user_saml/l10n/es_SV.json new file mode 100644 index 0000000..37aa268 --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/l10n/es_SV.json @@ -0,0 +1,61 @@ +{ "translations": { + "This user account is disabled, please contact your administrator." : "Esta cuenta de usuario se encuentra deshabilitada, por favor contacta a tu administrador.", + "Saved" : "Guardado", + "Unknown error, please check the log file for more details." : "Error desonocido, por favor revisa el archivo de bitácora para más detalles.", + "Direct log in" : "Inicio de sesión directo", + "SSO & SAML log in" : "Inicio de sesión SSO & SAML", + "X.509 certificate of the Service Provider" : "certificado X.509 del Proveedor de Servicio", + "Private key of the Service Provider" : "Llave privada del Proveedor de Servicio", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Indica que el nameID de enviado por este SP será encriptado. ", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Indica si los mensajes enviados por este SP serán firmados. [Los metadatos del SP proporcionarán esta información]", + "Indicates whether the messages sent by this SP will be signed." : "Indica si los mensjaes enviados por este SP serán firmados. ", + "Indicates whether the messages sent by this SP will be signed." : "Indica is los mensajes enviados por este SP serán firmados. ", + "Whether the metadata should be signed." : "Si los metadatos deben ser firmados o no. ", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Indica un requerimiento para que los elementos recibidos , y por este SP sean firmados. ", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Indica un requerimiento para que los elementos recibidos de este SP sean firmados. [Los metadatos del SP proporcionarán esta información]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Indica un requerimiento para que los elelemtnos recibidos de este SP sean encriptados. ", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Indica un requerimiento para que el elemento NameID en la SAMLResponse recibida por este SP esté presente. ", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Indica que un requerimiento para el NameID recibido por este SP está encriptado.", + "Indicates if the SP will validate all received XML." : "Indica si el SP validará todos el XML recibido. ", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS URL-Codifica los datos SAML como minúsculas, y el juego de herramientas usa mayúsculas por defecto. Habilita para tener compatibilidad con ADFS en la verificación de la firma.", + "Attribute to map the UID to." : "Atributo a mapear al UID.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Sólo permitir la autenticación si la cuenta exite en algún otro backend. (p. ej. LDAP)", + "Attribute to map the displayname to." : "Atributo a mapear a displayname. ", + "Attribute to map the email address to." : "Atributo a mapear a email address.", + "Attribute to map the quota to." : "Atributo al cual mapear la cuota. ", + "Attribute to map the users groups to." : "Atributo de correspondiencia de grupos de usuarios.", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Por favor usa autenticación SAML para los %s clientes de escritorio (se requiere volver a autenticar)", + "Optional display name of the identity provider (default: \"SSO & SAML log in\")" : "Nombre a desplegar opcional de la identidad del proveedor (valor por omisión: \"Inicio de sesión SSO & SAML\")", + "Allow the use of multiple user back-ends (e.g. LDAP)" : "Permitir el uso de múltiples sistemas de back-end de usuario (p. ej. LDAP)", + "SSO & SAML authentication" : "Autenticación SSO & SAML", + "Open documentation" : "Abrir documentación", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Por favor selecciona si deseas autenticarte usando el proveedor integrado SAML de Nextcloud o si deseas autenticarte contra una variable de ambiente. ", + "Use built-in SAML authentication" : "Usar autenticación SAML integrada", + "Use environment variable" : "Usar la variable de ambiente", + "General" : "General", + "Service Provider Data" : "Datos del Proveedor de Servicio", + "If your Service Provider should use certificates you can optionally specify them here." : "Si tu Proveedor de Servicio debe usar certificados, puedes especificarlos opcionalmente desde aquí.", + "Show Service Provider settings…" : "Mostrar las configuraciones de Proveedor de Servicio...", + "Identity Provider Data" : "Datos del Proveedor de Identidad", + "Configure your IdP settings here." : "Configura las configuraciones de IdP aquí. ", + "Identifier of the IdP entity (must be a URI)" : "Identificador de la entidad IdP (debe ser un URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "URL Destino del IdP donde el SP enviará automaticamente el Mensaje de Solicitud de Autenticación", + "Show optional Identity Provider settings…" : "Mostrar las configuraciones opcionales del Proveedor de Identidad...", + "URL Location of the IdP where the SP will send the SLO Request" : "Ubicación del URL del IdP donde el SP enviará la Solicitud SLO", + "Public X.509 certificate of the IdP" : "Certificado X.509 público del IdP", + "Attribute mapping" : "Mapeo del atributo", + "If you want to optionally map attributes to the user you can configure these here." : "SI opcionalmente quieres mapear los atributos del usuario, puedes configurarlos aquí.", + "Show attribute mapping settings…" : "Mostrar las configuraciones del mapeo de atributos...", + "Security settings" : "Configuraciones de seguridad", + "For increased security we recommend enabling the following settings if supported by your environment." : "Para mayor seguridad te recomendamos habilitar las siguientes configuraciones si están soportados en tu ambiente.", + "Show security settings…" : "Mostrar las configuraciones de seguridad...", + "Signatures and encryption offered" : "Firmas y encripción disponibles", + "Signatures and encryption required" : "Firmas y encripción requeridos", + "Download metadata XML" : "Descargar metadatos XML", + "Metadata invalid" : "Metadatos inválidos", + "Metadata valid" : "Metadatos válidos", + "Error" : "Error", + "Account not provisioned." : "La cuenta no está aprovisionada. ", + "Your account is not provisioned, access to this service is thus not possible." : "Tu cuenta no ha sido aprovisionada, por lo cual el acceso a este servico no es posible. " +},"pluralForm" :"nplurals=2; plural=(n != 1);" +} \ No newline at end of file diff --git a/docker/nextcloud/custom_apps/user_saml/l10n/es_UY.js b/docker/nextcloud/custom_apps/user_saml/l10n/es_UY.js new file mode 100644 index 0000000..1dd4add --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/l10n/es_UY.js @@ -0,0 +1,55 @@ +OC.L10N.register( + "user_saml", + { + "Saved" : "Guardado", + "X.509 certificate of the Service Provider" : "certificado X.509 del Proveedor de Servicio", + "Private key of the Service Provider" : "Llave privada del Proveedor de Servicio", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Indica que el nameID de enviado por este SP será encriptado. ", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Indica si los mensajes enviados por este SP serán firmados. [Los metadatos del SP proporcionarán esta información]", + "Indicates whether the messages sent by this SP will be signed." : "Indica si los mensjaes enviados por este SP serán firmados. ", + "Indicates whether the messages sent by this SP will be signed." : "Indica is los mensajes enviados por este SP serán firmados. ", + "Whether the metadata should be signed." : "Si los metadatos deben ser firmados o no. ", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Indica un requerimiento para que los elementos recibidos , y por este SP sean firmados. ", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Indica un requerimiento para que los elementos recibidos de este SP sean firmados. [Los metadatos del SP proporcionarán esta información]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Indica un requerimiento para que los elelemtnos recibidos de este SP sean encriptados. ", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Indica un requerimiento para que el elemento NameID en la SAMLResponse recibida por este SP esté presente. ", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Indica que un requerimiento para el NameID recibido por este SP está encriptado.", + "Indicates if the SP will validate all received XML." : "Indica si el SP validará todos el XML recibido. ", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS URL-Codifica los datos SAML como minúsculas, y el juego de herramientas usa mayúsculas por defecto. Habilita para tener compatibilidad con ADFS en la verificación de la firma.", + "Attribute to map the UID to." : "Atributo a mapear al UID.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Sólo permitir la autenticación si la cuenta exite en algún otro backend. (p. ej. LDAP)", + "Attribute to map the displayname to." : "Atributo a mapear a displayname. ", + "Attribute to map the email address to." : "Atributo a mapear a email address.", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Por favor usa autenticación SAML para los %s clientes de escritorio (se requiere volver a autenticar)", + "SSO & SAML authentication" : "Autenticación SSO & SAML", + "Open documentation" : "Abrir documentación", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Por favor selecciona si deseas autenticarte usando el proveedor integrado SAML de Nextcloud o si deseas autenticarte contra una variable de ambiente. ", + "Use built-in SAML authentication" : "Usar autenticación SAML integrada", + "Use environment variable" : "Usar la variable de ambiente", + "General" : "General", + "Service Provider Data" : "Datos del Proveedor de Servicio", + "If your Service Provider should use certificates you can optionally specify them here." : "Si tu Proveedor de Servicio debe usar certificados, puedes especificarlos opcionalmente desde aquí.", + "Show Service Provider settings…" : "Mostrar las configuraciones de Proveedor de Servicio...", + "Identity Provider Data" : "Datos del Proveedor de Identidad", + "Configure your IdP settings here." : "Configura las configuraciones de IdP aquí. ", + "Identifier of the IdP entity (must be a URI)" : "Identificador de la entidad IdP (debe ser un URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "URL Destino del IdP donde el SP enviará automaticamente el Mensaje de Solicitud de Autenticación", + "Show optional Identity Provider settings…" : "Mostrar las configuraciones opcionales del Proveedor de Identidad...", + "URL Location of the IdP where the SP will send the SLO Request" : "Ubicación del URL del IdP donde el SP enviará la Solicitud SLO", + "Public X.509 certificate of the IdP" : "Certificado X.509 público del IdP", + "Attribute mapping" : "Mapeo del atributo", + "If you want to optionally map attributes to the user you can configure these here." : "SI opcionalmente quieres mapear los atributos del usuario, puedes configurarlos aquí.", + "Show attribute mapping settings…" : "Mostrar las configuraciones del mapeo de atributos...", + "Security settings" : "Configuraciones de seguridad", + "For increased security we recommend enabling the following settings if supported by your environment." : "Para mayor seguridad te recomendamos habilitar las siguientes configuraciones si están soportados en tu ambiente.", + "Show security settings…" : "Mostrar las configuraciones de seguridad...", + "Signatures and encryption offered" : "Firmas y encripción disponibles", + "Signatures and encryption required" : "Firmas y encripción requeridos", + "Download metadata XML" : "Descargar metadatos XML", + "Metadata invalid" : "Metadatos inválidos", + "Metadata valid" : "Metadatos válidos", + "Error" : "Error", + "Account not provisioned." : "La cuenta no está aprovisionada. ", + "Your account is not provisioned, access to this service is thus not possible." : "Tu cuenta no ha sido aprovisionada, por lo cual el acceso a este servico no es posible. " +}, +"nplurals=2; plural=(n != 1);"); diff --git a/docker/nextcloud/custom_apps/user_saml/l10n/es_UY.json b/docker/nextcloud/custom_apps/user_saml/l10n/es_UY.json new file mode 100644 index 0000000..d7b0780 --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/l10n/es_UY.json @@ -0,0 +1,53 @@ +{ "translations": { + "Saved" : "Guardado", + "X.509 certificate of the Service Provider" : "certificado X.509 del Proveedor de Servicio", + "Private key of the Service Provider" : "Llave privada del Proveedor de Servicio", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Indica que el nameID de enviado por este SP será encriptado. ", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Indica si los mensajes enviados por este SP serán firmados. [Los metadatos del SP proporcionarán esta información]", + "Indicates whether the messages sent by this SP will be signed." : "Indica si los mensjaes enviados por este SP serán firmados. ", + "Indicates whether the messages sent by this SP will be signed." : "Indica is los mensajes enviados por este SP serán firmados. ", + "Whether the metadata should be signed." : "Si los metadatos deben ser firmados o no. ", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Indica un requerimiento para que los elementos recibidos , y por este SP sean firmados. ", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Indica un requerimiento para que los elementos recibidos de este SP sean firmados. [Los metadatos del SP proporcionarán esta información]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Indica un requerimiento para que los elelemtnos recibidos de este SP sean encriptados. ", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Indica un requerimiento para que el elemento NameID en la SAMLResponse recibida por este SP esté presente. ", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Indica que un requerimiento para el NameID recibido por este SP está encriptado.", + "Indicates if the SP will validate all received XML." : "Indica si el SP validará todos el XML recibido. ", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS URL-Codifica los datos SAML como minúsculas, y el juego de herramientas usa mayúsculas por defecto. Habilita para tener compatibilidad con ADFS en la verificación de la firma.", + "Attribute to map the UID to." : "Atributo a mapear al UID.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Sólo permitir la autenticación si la cuenta exite en algún otro backend. (p. ej. LDAP)", + "Attribute to map the displayname to." : "Atributo a mapear a displayname. ", + "Attribute to map the email address to." : "Atributo a mapear a email address.", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Por favor usa autenticación SAML para los %s clientes de escritorio (se requiere volver a autenticar)", + "SSO & SAML authentication" : "Autenticación SSO & SAML", + "Open documentation" : "Abrir documentación", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Por favor selecciona si deseas autenticarte usando el proveedor integrado SAML de Nextcloud o si deseas autenticarte contra una variable de ambiente. ", + "Use built-in SAML authentication" : "Usar autenticación SAML integrada", + "Use environment variable" : "Usar la variable de ambiente", + "General" : "General", + "Service Provider Data" : "Datos del Proveedor de Servicio", + "If your Service Provider should use certificates you can optionally specify them here." : "Si tu Proveedor de Servicio debe usar certificados, puedes especificarlos opcionalmente desde aquí.", + "Show Service Provider settings…" : "Mostrar las configuraciones de Proveedor de Servicio...", + "Identity Provider Data" : "Datos del Proveedor de Identidad", + "Configure your IdP settings here." : "Configura las configuraciones de IdP aquí. ", + "Identifier of the IdP entity (must be a URI)" : "Identificador de la entidad IdP (debe ser un URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "URL Destino del IdP donde el SP enviará automaticamente el Mensaje de Solicitud de Autenticación", + "Show optional Identity Provider settings…" : "Mostrar las configuraciones opcionales del Proveedor de Identidad...", + "URL Location of the IdP where the SP will send the SLO Request" : "Ubicación del URL del IdP donde el SP enviará la Solicitud SLO", + "Public X.509 certificate of the IdP" : "Certificado X.509 público del IdP", + "Attribute mapping" : "Mapeo del atributo", + "If you want to optionally map attributes to the user you can configure these here." : "SI opcionalmente quieres mapear los atributos del usuario, puedes configurarlos aquí.", + "Show attribute mapping settings…" : "Mostrar las configuraciones del mapeo de atributos...", + "Security settings" : "Configuraciones de seguridad", + "For increased security we recommend enabling the following settings if supported by your environment." : "Para mayor seguridad te recomendamos habilitar las siguientes configuraciones si están soportados en tu ambiente.", + "Show security settings…" : "Mostrar las configuraciones de seguridad...", + "Signatures and encryption offered" : "Firmas y encripción disponibles", + "Signatures and encryption required" : "Firmas y encripción requeridos", + "Download metadata XML" : "Descargar metadatos XML", + "Metadata invalid" : "Metadatos inválidos", + "Metadata valid" : "Metadatos válidos", + "Error" : "Error", + "Account not provisioned." : "La cuenta no está aprovisionada. ", + "Your account is not provisioned, access to this service is thus not possible." : "Tu cuenta no ha sido aprovisionada, por lo cual el acceso a este servico no es posible. " +},"pluralForm" :"nplurals=2; plural=(n != 1);" +} \ No newline at end of file diff --git a/docker/nextcloud/custom_apps/user_saml/l10n/et_EE.js b/docker/nextcloud/custom_apps/user_saml/l10n/et_EE.js new file mode 100644 index 0000000..33d3f20 --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/l10n/et_EE.js @@ -0,0 +1,16 @@ +OC.L10N.register( + "user_saml", + { + "Saved" : "Salvestatud", + "X.509 certificate of the Service Provider" : "Teenusepakkuja X.509 sertifikaat", + "Private key of the Service Provider" : "Teenusepakkuja privaatvõti", + "SSO & SAML authentication" : "SSO & SAML autentimine", + "Open documentation" : "Ava dokumentatsioon", + "Use built-in SAML authentication" : "Kasuta sisse-ehitatud SAML autentimist", + "Use environment variable" : "Kasuta keskonnamuutujat", + "General" : "Üldine", + "Service Provider Data" : "Teenusepakkuja andmed", + "Security settings" : "Turvaseaded", + "Error" : "Viga" +}, +"nplurals=2; plural=(n != 1);"); diff --git a/docker/nextcloud/custom_apps/user_saml/l10n/et_EE.json b/docker/nextcloud/custom_apps/user_saml/l10n/et_EE.json new file mode 100644 index 0000000..53ce63c --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/l10n/et_EE.json @@ -0,0 +1,14 @@ +{ "translations": { + "Saved" : "Salvestatud", + "X.509 certificate of the Service Provider" : "Teenusepakkuja X.509 sertifikaat", + "Private key of the Service Provider" : "Teenusepakkuja privaatvõti", + "SSO & SAML authentication" : "SSO & SAML autentimine", + "Open documentation" : "Ava dokumentatsioon", + "Use built-in SAML authentication" : "Kasuta sisse-ehitatud SAML autentimist", + "Use environment variable" : "Kasuta keskonnamuutujat", + "General" : "Üldine", + "Service Provider Data" : "Teenusepakkuja andmed", + "Security settings" : "Turvaseaded", + "Error" : "Viga" +},"pluralForm" :"nplurals=2; plural=(n != 1);" +} \ No newline at end of file diff --git a/docker/nextcloud/custom_apps/user_saml/l10n/eu.js b/docker/nextcloud/custom_apps/user_saml/l10n/eu.js new file mode 100644 index 0000000..ec225c0 --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/l10n/eu.js @@ -0,0 +1,56 @@ +OC.L10N.register( + "user_saml", + { + "This user account is disabled, please contact your administrator." : "Erabiltzaile-kontu hau desgaitua dago, mesedez, jarri harremanetan administratzailearekin", + "Saved" : "Gordeta", + "Provider" : "Hornitzailea", + "Unknown error, please check the log file for more details." : "Errore ezezaguna, mesedez egiaztatu egunkari fitxategia xehetasun gehiagorako.", + "Direct log in" : "Saio-hasiera zuzena", + "SSO & SAML log in" : "SSO eta SAML saio-hasiera", + "Provider " : "Hornitzailea", + "X.509 certificate of the Service Provider" : "Zerbitzu-hornitzailearen X.509 ziurtagiria", + "Private key of the Service Provider" : "Zerbitzu-hornitzaileraren gako pribatua", + "Indicates that the nameID of the sent by this SP will be encrypted." : "SP honek bidalitako nameID enkriptatuta egongo dela adierazten du.", + "Indicates whether the messages sent by this SP will be signed." : "SP honek bidalitako mezuak sinatu behar diren ala ez adierazten du.", + "Indicates whether the messages sent by this SP will be signed." : "SP honek bidalitako mezuak sinatu behar diren ala ez adierazten du.", + "Whether the metadata should be signed." : "Metadatuek sinatuta egon behar duten ala ez.", + "Email address" : "Posta helbidea", + "Encrypted" : "Zifratua", + "Entity" : "Entitatea", + "Kerberos" : "Kerberos", + "Persistent" : "Iraunkorra", + "Transient" : "Behin-behinekoa", + "Unspecified" : "Zehaztu gabea", + "X509 subject name" : "X509 gaia", + "Allow the use of multiple user back-ends (e.g. LDAP)" : "Baimendu erabiltzaile atzealde anitzen erabilpena (adib. LDAP)", + "SSO & SAML authentication" : "SSO eta SAML autentifikazioa", + "Open documentation" : "Ireki dokumentazioa", + "Use environment variable" : "Erabili inguruneko aldagaia", + "Global settings" : "Ezarpen orokorrak", + "Remove identity provider" : "Kendu identitate hornitzailea", + "Add identity provider" : "Gehitu identitate hornitzailea", + "General" : "Orokorra", + "Service Provider Data" : "Zerbitzu-hornitzailearen datuak", + "Show Service Provider settings…" : "Erakutsi zerbitzu hornitzailearen ezarpenak...", + "Identity Provider Data" : "Identitate-hornitzailearen datuak", + "Configure your IdP settings here." : "Konfiguratu zure IdP ezarpenak hemen.", + "Show optional Identity Provider settings…" : "Erakutsi identitate-hornitzailearen aukerako ezarpenak...", + "Public X.509 certificate of the IdP" : "IdP-aren X.509 ziurtagiri publikoa", + "Attribute mapping" : "Atributuen esleitzea", + "Show attribute mapping settings…" : "Erakutsi atributuen esleitze ezarpenak...", + "Security settings" : "Segurtasun ezarpenak", + "For increased security we recommend enabling the following settings if supported by your environment." : "Segurtasun gehiago izateko, gaitu honako ezarpenak, zure inguruneak onartzen baidtu.", + "Show security settings…" : "Erakutsi segurtasun ezarpenak", + "Signatures and encryption offered" : "Sinadurak eta zifratzea eskaini dira", + "Signatures and encryption required" : "Sinadurak eta zifratzea derrigorrezkoak dira", + "Download metadata XML" : "Deskargatu metadatuen XMLa", + "Reset settings" : "Leheneratu ezarpenak", + "Metadata invalid" : "Baliogabeko metadatuak", + "Metadata valid" : "Baliozko metadatuak", + "Error" : "Errorea", + "Account not provisioned." : "Kontua ez dago hornituta.", + "Your account is not provisioned, access to this service is thus not possible." : "Zure kontua ez dago hornituta. Zerbitzu honetara sarbidea, ondorioz, ez da posiblea.", + "Login options:" : "Saio-hasiera aukerak:", + "Choose a authentication provider" : "Aukeratu autentifikazio-hornitzailea" +}, +"nplurals=2; plural=(n != 1);"); diff --git a/docker/nextcloud/custom_apps/user_saml/l10n/eu.json b/docker/nextcloud/custom_apps/user_saml/l10n/eu.json new file mode 100644 index 0000000..5c68397 --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/l10n/eu.json @@ -0,0 +1,54 @@ +{ "translations": { + "This user account is disabled, please contact your administrator." : "Erabiltzaile-kontu hau desgaitua dago, mesedez, jarri harremanetan administratzailearekin", + "Saved" : "Gordeta", + "Provider" : "Hornitzailea", + "Unknown error, please check the log file for more details." : "Errore ezezaguna, mesedez egiaztatu egunkari fitxategia xehetasun gehiagorako.", + "Direct log in" : "Saio-hasiera zuzena", + "SSO & SAML log in" : "SSO eta SAML saio-hasiera", + "Provider " : "Hornitzailea", + "X.509 certificate of the Service Provider" : "Zerbitzu-hornitzailearen X.509 ziurtagiria", + "Private key of the Service Provider" : "Zerbitzu-hornitzaileraren gako pribatua", + "Indicates that the nameID of the sent by this SP will be encrypted." : "SP honek bidalitako nameID enkriptatuta egongo dela adierazten du.", + "Indicates whether the messages sent by this SP will be signed." : "SP honek bidalitako mezuak sinatu behar diren ala ez adierazten du.", + "Indicates whether the messages sent by this SP will be signed." : "SP honek bidalitako mezuak sinatu behar diren ala ez adierazten du.", + "Whether the metadata should be signed." : "Metadatuek sinatuta egon behar duten ala ez.", + "Email address" : "Posta helbidea", + "Encrypted" : "Zifratua", + "Entity" : "Entitatea", + "Kerberos" : "Kerberos", + "Persistent" : "Iraunkorra", + "Transient" : "Behin-behinekoa", + "Unspecified" : "Zehaztu gabea", + "X509 subject name" : "X509 gaia", + "Allow the use of multiple user back-ends (e.g. LDAP)" : "Baimendu erabiltzaile atzealde anitzen erabilpena (adib. LDAP)", + "SSO & SAML authentication" : "SSO eta SAML autentifikazioa", + "Open documentation" : "Ireki dokumentazioa", + "Use environment variable" : "Erabili inguruneko aldagaia", + "Global settings" : "Ezarpen orokorrak", + "Remove identity provider" : "Kendu identitate hornitzailea", + "Add identity provider" : "Gehitu identitate hornitzailea", + "General" : "Orokorra", + "Service Provider Data" : "Zerbitzu-hornitzailearen datuak", + "Show Service Provider settings…" : "Erakutsi zerbitzu hornitzailearen ezarpenak...", + "Identity Provider Data" : "Identitate-hornitzailearen datuak", + "Configure your IdP settings here." : "Konfiguratu zure IdP ezarpenak hemen.", + "Show optional Identity Provider settings…" : "Erakutsi identitate-hornitzailearen aukerako ezarpenak...", + "Public X.509 certificate of the IdP" : "IdP-aren X.509 ziurtagiri publikoa", + "Attribute mapping" : "Atributuen esleitzea", + "Show attribute mapping settings…" : "Erakutsi atributuen esleitze ezarpenak...", + "Security settings" : "Segurtasun ezarpenak", + "For increased security we recommend enabling the following settings if supported by your environment." : "Segurtasun gehiago izateko, gaitu honako ezarpenak, zure inguruneak onartzen baidtu.", + "Show security settings…" : "Erakutsi segurtasun ezarpenak", + "Signatures and encryption offered" : "Sinadurak eta zifratzea eskaini dira", + "Signatures and encryption required" : "Sinadurak eta zifratzea derrigorrezkoak dira", + "Download metadata XML" : "Deskargatu metadatuen XMLa", + "Reset settings" : "Leheneratu ezarpenak", + "Metadata invalid" : "Baliogabeko metadatuak", + "Metadata valid" : "Baliozko metadatuak", + "Error" : "Errorea", + "Account not provisioned." : "Kontua ez dago hornituta.", + "Your account is not provisioned, access to this service is thus not possible." : "Zure kontua ez dago hornituta. Zerbitzu honetara sarbidea, ondorioz, ez da posiblea.", + "Login options:" : "Saio-hasiera aukerak:", + "Choose a authentication provider" : "Aukeratu autentifikazio-hornitzailea" +},"pluralForm" :"nplurals=2; plural=(n != 1);" +} \ No newline at end of file diff --git a/docker/nextcloud/custom_apps/user_saml/l10n/fa.js b/docker/nextcloud/custom_apps/user_saml/l10n/fa.js new file mode 100644 index 0000000..ec69236 --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/l10n/fa.js @@ -0,0 +1,21 @@ +OC.L10N.register( + "user_saml", + { + "This user account is disabled, please contact your administrator." : "این حساب کاربری غیرفعال شده ، لطفاً با مدیر خود تماس بگیرید.", + "Saved" : "ذخیره شد", + "Provider" : "تامین کننده", + "Unknown error, please check the log file for more details." : "خطای ناشناخته ، لطفاً پرونده ورود را برای جزئیات بیشتر بررسی کنید.", + "Direct log in" : "جزئیات ورود", + "SSO & SAML log in" : " SSO و SAMLورود ", + "This page should not be visited directly." : "این صفحه نباید مستقیماً بازدید شود.", + "Provider " : "تامیین کننده", + "X.509 certificate of the Service Provider" : "گواهینامه X.509 ارائه دهنده خدمات", + "Private key of the Service Provider" : "کلید خصوصی ارائه دهنده خدمات", + "Indicates that the nameID of the sent by this SP will be encrypted." : "نشان می دهد که نامID از ارسال شده توسط این SP رمزگذاری می شود.", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "نشان می دهد که آیا پیام های ارسال شده توسط این SP امضا خواهد شد. [ابرداده SP این اطلاعات را ارائه می دهد]", + "Email address" : "آدرس ایمیل", + "Open documentation" : "مستندات باز", + "General" : "عمومی", + "Error" : "خطا" +}, +"nplurals=2; plural=(n > 1);"); diff --git a/docker/nextcloud/custom_apps/user_saml/l10n/fa.json b/docker/nextcloud/custom_apps/user_saml/l10n/fa.json new file mode 100644 index 0000000..99181e7 --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/l10n/fa.json @@ -0,0 +1,19 @@ +{ "translations": { + "This user account is disabled, please contact your administrator." : "این حساب کاربری غیرفعال شده ، لطفاً با مدیر خود تماس بگیرید.", + "Saved" : "ذخیره شد", + "Provider" : "تامین کننده", + "Unknown error, please check the log file for more details." : "خطای ناشناخته ، لطفاً پرونده ورود را برای جزئیات بیشتر بررسی کنید.", + "Direct log in" : "جزئیات ورود", + "SSO & SAML log in" : " SSO و SAMLورود ", + "This page should not be visited directly." : "این صفحه نباید مستقیماً بازدید شود.", + "Provider " : "تامیین کننده", + "X.509 certificate of the Service Provider" : "گواهینامه X.509 ارائه دهنده خدمات", + "Private key of the Service Provider" : "کلید خصوصی ارائه دهنده خدمات", + "Indicates that the nameID of the sent by this SP will be encrypted." : "نشان می دهد که نامID از ارسال شده توسط این SP رمزگذاری می شود.", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "نشان می دهد که آیا پیام های ارسال شده توسط این SP امضا خواهد شد. [ابرداده SP این اطلاعات را ارائه می دهد]", + "Email address" : "آدرس ایمیل", + "Open documentation" : "مستندات باز", + "General" : "عمومی", + "Error" : "خطا" +},"pluralForm" :"nplurals=2; plural=(n > 1);" +} \ No newline at end of file diff --git a/docker/nextcloud/custom_apps/user_saml/l10n/fi.js b/docker/nextcloud/custom_apps/user_saml/l10n/fi.js new file mode 100644 index 0000000..b9226a7 --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/l10n/fi.js @@ -0,0 +1,21 @@ +OC.L10N.register( + "user_saml", + { + "This user account is disabled, please contact your administrator." : "Tämä käyttäjätili ei ole käytössä. Ota yhteys ylläpitoon.", + "Saved" : "Tallennettu", + "Direct log in" : "Suora kirjautuminen", + "SSO & SAML log in" : "SSO- ja SAML-kirjautuminen", + "X.509 certificate of the Service Provider" : "Palveluntarjoajan X.509-varmenne", + "Private key of the Service Provider" : "Palveluntarjoajan yksityinen avain", + "Email address" : "Sähköpostiosoite", + "SSO & SAML authentication" : "SSO- ja SAML-tunnistautuminen", + "Open documentation" : "Avaa dokumentaatio", + "Use built-in SAML authentication" : "Käytä sisäänrakennettua SAML-tunnistautumista", + "Use environment variable" : "Käytä ympäristömuuttujaa", + "General" : "Yleiset", + "Show Service Provider settings…" : "Näytä palveluntarjoajan asetukset…", + "Security settings" : "Turvallisuusasetukset", + "Show security settings…" : "Näytä turvallisuusasetukset…", + "Error" : "Virhe" +}, +"nplurals=2; plural=(n != 1);"); diff --git a/docker/nextcloud/custom_apps/user_saml/l10n/fi.json b/docker/nextcloud/custom_apps/user_saml/l10n/fi.json new file mode 100644 index 0000000..87ade41 --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/l10n/fi.json @@ -0,0 +1,19 @@ +{ "translations": { + "This user account is disabled, please contact your administrator." : "Tämä käyttäjätili ei ole käytössä. Ota yhteys ylläpitoon.", + "Saved" : "Tallennettu", + "Direct log in" : "Suora kirjautuminen", + "SSO & SAML log in" : "SSO- ja SAML-kirjautuminen", + "X.509 certificate of the Service Provider" : "Palveluntarjoajan X.509-varmenne", + "Private key of the Service Provider" : "Palveluntarjoajan yksityinen avain", + "Email address" : "Sähköpostiosoite", + "SSO & SAML authentication" : "SSO- ja SAML-tunnistautuminen", + "Open documentation" : "Avaa dokumentaatio", + "Use built-in SAML authentication" : "Käytä sisäänrakennettua SAML-tunnistautumista", + "Use environment variable" : "Käytä ympäristömuuttujaa", + "General" : "Yleiset", + "Show Service Provider settings…" : "Näytä palveluntarjoajan asetukset…", + "Security settings" : "Turvallisuusasetukset", + "Show security settings…" : "Näytä turvallisuusasetukset…", + "Error" : "Virhe" +},"pluralForm" :"nplurals=2; plural=(n != 1);" +} \ No newline at end of file diff --git a/docker/nextcloud/custom_apps/user_saml/l10n/fr.js b/docker/nextcloud/custom_apps/user_saml/l10n/fr.js new file mode 100644 index 0000000..b0a90b6 --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/l10n/fr.js @@ -0,0 +1,89 @@ +OC.L10N.register( + "user_saml", + { + "This user account is disabled, please contact your administrator." : "Ce compte utilisateur est désactivé, veuillez contacter votre administrateur.", + "Saved" : "Sauvegardé", + "Provider" : "Fournisseur", + "Unknown error, please check the log file for more details." : "Erreur inconnue, veuillez vérifier le fichier journal pour plus de détails.", + "Direct log in" : "Connexion directe", + "SSO & SAML log in" : "Connexion SSO & SAML", + "This page should not be visited directly." : "Cette page ne devrait pas être accessible directement.", + "Provider " : "Fournisseur", + "X.509 certificate of the Service Provider" : "Certificat X.509 du fournisseur de service", + "Private key of the Service Provider" : "Clé privée du fournisseur de service", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Indique que le \"nameID\" de envoyé par ce SP sera chiffré.", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Indique que le de messages envoyé par SP va être signé. [Métadonnée du SP va donner cette info]", + "Indicates whether the messages sent by this SP will be signed." : "Indique si le message envoyé par ce SP sera signé.", + "Indicates whether the messages sent by this SP will be signed." : "Indique si le message envoyé par ce SP sera signé.", + "Whether the metadata should be signed." : "Si les méta-données peuvent-être signées.", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Indique que les éléments , et reçus par ce SP doivent être signés.", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Indique que les éléments reçus par ce SP doivent être signés.[Méta-données du SP offrent cette info]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Indique que les éléments reçus par ce SP doivent être chiffrés.", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Indique que l'élément NameID sur la réponse SAML reçu par ce SP doit être présent.", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Indique que l'élément NameID sur la réponse SAML reçu par ce SP doit être chiffré.", + "Indicates if the SP will validate all received XML." : "Indique si le SP validera tous les XML reçus.", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS encode les données du lien SAML en lettre minuscule alors que la boîte à outil utilise par défaut les lettres majuscules. Activez la compatibilité ADFS pour la vérification de la signature.", + "Algorithm that the toolkit will use on signing process." : "Algorithme que la boîte à outils utilisera lors du processus de signature.", + "Attribute to map the UID to." : "Attribut pour relier l'UID.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Ne permettre l'authentification d'un compte que s'il existe sur un autre système d'authentification. (ex : LDAP)", + "Attribute to map the displayname to." : "Attribut pour relier le nom d'utilisateur.", + "Attribute to map the email address to." : "Attribut pour relier l'adresse mail.", + "Attribute to map the quota to." : "Attribut pour relier le quota.", + "Attribute to map the users groups to." : "Attribut pour relier les groupes d'utilisateurs.", + "Attribute to map the users home to." : "Attribut pour relier le domicile des utilisateurs.", + "Email address" : "Adresse e-mail", + "Encrypted" : "Chiffré", + "Entity" : "Entité", + "Kerberos" : "Kerberos", + "Persistent" : "Persistant", + "Transient" : "En transit", + "Unspecified" : "Non spécifié", + "Windows domain qualified name" : "Nom de domaine Windows", + "X509 subject name" : "Nom du sujet X509", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Utiliser l'authentification SAML pour le client bureau de %s (requiert une ré-authentification de l'utilisateur)", + "Optional display name of the identity provider (default: \"SSO & SAML log in\")" : "Nom d'affichage facultatif du fournisseur d'identité (par défaut : \"Connexion SSO & SAML\")", + "Allow the use of multiple user back-ends (e.g. LDAP)" : "Autoriser l'utilisation de plusieurs systèmes d'authentification (ex: LDAP)", + "SSO & SAML authentication" : "Authentification SSO & SAML", + "Authenticate using single sign-on" : "Authentification SSO", + "Using the SSO & SAML app of your Nextcloud you can make it easily possible to integrate your existing Single-Sign-On solution with Nextcloud. In addition, you can use the Nextcloud LDAP user provider to keep the convenience for users. (e.g. when sharing)\nThe following providers are supported and tested at the moment:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Authentication via Environment Variable**\n\t* Kerberos (mod_auth_kerb)\n\t* Any other provider that authenticates using the environment variable\n\nWhile theoretically any other authentication provider implementing either one of those standards is compatible, we like to note that they are not part of any internal test matrix." : "\tEn utilisant l'application SSO & SAML de votre Nextcloud, vous pouvez facilement intégrer votre solution Single-Sign-On existante avec Nextcloud. En outre, vous pouvez utiliser le fournisseur d'utilisateurs LDAP Nextcloud pour conserver une meilleur simplicité pour les utilisateurs. (par exemple quand ils partageant)\nPour le moment, seuls les fournisseurs suivants sont testés et pris en charge. \n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Authentification via une variable d'environnement\n\t* Kerberos (mod_auth_kerb)\n\tTout autre fournisseur qui s'authentifie à l'aide d'une variable d'environnement\n\nBien que théoriquement, tout autre fournisseur d'authentification mettant en œuvre l'une ou l'autre de ces normes soit compatible, veuillez noter que leur compatibilité n'est pas garantie, car ils ne sont pas tester par nos équipes.", + "Open documentation" : "Voir la documentation", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you enabled \"%s\" or you go directly to the URL %s." : "Assurez-vous de configurer un utilisateur administratif qui peut accéder à l'instance par SSO. La connexion avec votre compte habituel %s ne sera plus possible, à moins que vous activiez \"%s\" ou que vous alliez directement à l'adresse URL %s.", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you go directly to the URL %s." : "Assurez-vous de configurer un utilisateur administratif qui peut accéder à l'instance par SSO. La connexion avec votre compte habituel %s ne sera plus possible, à moins que vous alliez directement à l'adresse URL %s.", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Veuillez choisir si vous voulez vous authentifier en utilisant le fournisseur SAML intégré à Nextcloud ou si vous voulez vous authentifier avec une variable d'environnement.", + "Use built-in SAML authentication" : "Utiliser l'authentification SAML intégrée", + "Use environment variable" : "Utiliser une variable d’environnement", + "Global settings" : "Paramètres généraux", + "Remove identity provider" : "Supprimer le fournisseur d'identité", + "Add identity provider" : "Ajouter le fournisseur d'identité", + "General" : "Général", + "Service Provider Data" : "Service du Fournisseur de Données", + "If your Service Provider should use certificates you can optionally specify them here." : "Si votre fournisseur de service utilise des certificats, vous pouvez les indiquer ici.", + "Show Service Provider settings…" : "Afficher les options du fournisseur de service...", + "Name ID format" : "Format de l'ID du nom", + "Identity Provider Data" : "Fournisseur de données d'identité", + "Configure your IdP settings here." : "Configurez vos options IdP ici.", + "Identifier of the IdP entity (must be a URI)" : "Identifiant de l'entité IdP (doit être une URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "URL cible du fournisseur d'identités à qui le fournisseur de service enverra la requête d'authentification", + "Show optional Identity Provider settings…" : "Afficher les paramètres optionnels du fournisseur d'identité...", + "URL Location of the IdP where the SP will send the SLO Request" : "URL du fournisseur d'identité où le fournisseur de service enverra la requête de déconnexion SLO", + "URL Location of the IDP's SLO Response" : "URL de la réponse SLO du fournisseur d’identité", + "Public X.509 certificate of the IdP" : "Certificat public X.509 de l'IdP", + "Attribute mapping" : "Mappage des attributs", + "If you want to optionally map attributes to the user you can configure these here." : "Si vous préférez relier les attributs à l'utilisateur, vous pouvez les configurer ici.", + "Show attribute mapping settings…" : "Montrer les paramètres du mappage des attributs...", + "Security settings" : "Paramètres de sécurité", + "For increased security we recommend enabling the following settings if supported by your environment." : "Pour augmenter la sécurité nous recommandons d'activer les paramètres suivants s'ils sont supportés par votre environnement.", + "Show security settings…" : "Afficher les paramètres de sécurité...", + "Signatures and encryption offered" : "Signatures et chiffrement proposés", + "Signatures and encryption required" : "Signatures et chiffrement obligatoire", + "Download metadata XML" : "Télécharger les méta-données XML", + "Reset settings" : "Réinitialiser les paramètres", + "Metadata invalid" : "Méta-données invalides", + "Metadata valid" : "Méta-données valides", + "Error" : "Erreur", + "Account not provisioned." : "Compte non approvisionné.", + "Your account is not provisioned, access to this service is thus not possible." : "Votre compte n'est pas approvisionné, l'accès à ce service n'est donc pas possible.", + "Login options:" : "Options de connexion :", + "Choose a authentication provider" : "Choisir un fournisseur d'authentification" +}, +"nplurals=2; plural=(n > 1);"); diff --git a/docker/nextcloud/custom_apps/user_saml/l10n/fr.json b/docker/nextcloud/custom_apps/user_saml/l10n/fr.json new file mode 100644 index 0000000..0977fe1 --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/l10n/fr.json @@ -0,0 +1,87 @@ +{ "translations": { + "This user account is disabled, please contact your administrator." : "Ce compte utilisateur est désactivé, veuillez contacter votre administrateur.", + "Saved" : "Sauvegardé", + "Provider" : "Fournisseur", + "Unknown error, please check the log file for more details." : "Erreur inconnue, veuillez vérifier le fichier journal pour plus de détails.", + "Direct log in" : "Connexion directe", + "SSO & SAML log in" : "Connexion SSO & SAML", + "This page should not be visited directly." : "Cette page ne devrait pas être accessible directement.", + "Provider " : "Fournisseur", + "X.509 certificate of the Service Provider" : "Certificat X.509 du fournisseur de service", + "Private key of the Service Provider" : "Clé privée du fournisseur de service", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Indique que le \"nameID\" de envoyé par ce SP sera chiffré.", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Indique que le de messages envoyé par SP va être signé. [Métadonnée du SP va donner cette info]", + "Indicates whether the messages sent by this SP will be signed." : "Indique si le message envoyé par ce SP sera signé.", + "Indicates whether the messages sent by this SP will be signed." : "Indique si le message envoyé par ce SP sera signé.", + "Whether the metadata should be signed." : "Si les méta-données peuvent-être signées.", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Indique que les éléments , et reçus par ce SP doivent être signés.", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Indique que les éléments reçus par ce SP doivent être signés.[Méta-données du SP offrent cette info]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Indique que les éléments reçus par ce SP doivent être chiffrés.", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Indique que l'élément NameID sur la réponse SAML reçu par ce SP doit être présent.", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Indique que l'élément NameID sur la réponse SAML reçu par ce SP doit être chiffré.", + "Indicates if the SP will validate all received XML." : "Indique si le SP validera tous les XML reçus.", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS encode les données du lien SAML en lettre minuscule alors que la boîte à outil utilise par défaut les lettres majuscules. Activez la compatibilité ADFS pour la vérification de la signature.", + "Algorithm that the toolkit will use on signing process." : "Algorithme que la boîte à outils utilisera lors du processus de signature.", + "Attribute to map the UID to." : "Attribut pour relier l'UID.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Ne permettre l'authentification d'un compte que s'il existe sur un autre système d'authentification. (ex : LDAP)", + "Attribute to map the displayname to." : "Attribut pour relier le nom d'utilisateur.", + "Attribute to map the email address to." : "Attribut pour relier l'adresse mail.", + "Attribute to map the quota to." : "Attribut pour relier le quota.", + "Attribute to map the users groups to." : "Attribut pour relier les groupes d'utilisateurs.", + "Attribute to map the users home to." : "Attribut pour relier le domicile des utilisateurs.", + "Email address" : "Adresse e-mail", + "Encrypted" : "Chiffré", + "Entity" : "Entité", + "Kerberos" : "Kerberos", + "Persistent" : "Persistant", + "Transient" : "En transit", + "Unspecified" : "Non spécifié", + "Windows domain qualified name" : "Nom de domaine Windows", + "X509 subject name" : "Nom du sujet X509", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Utiliser l'authentification SAML pour le client bureau de %s (requiert une ré-authentification de l'utilisateur)", + "Optional display name of the identity provider (default: \"SSO & SAML log in\")" : "Nom d'affichage facultatif du fournisseur d'identité (par défaut : \"Connexion SSO & SAML\")", + "Allow the use of multiple user back-ends (e.g. LDAP)" : "Autoriser l'utilisation de plusieurs systèmes d'authentification (ex: LDAP)", + "SSO & SAML authentication" : "Authentification SSO & SAML", + "Authenticate using single sign-on" : "Authentification SSO", + "Using the SSO & SAML app of your Nextcloud you can make it easily possible to integrate your existing Single-Sign-On solution with Nextcloud. In addition, you can use the Nextcloud LDAP user provider to keep the convenience for users. (e.g. when sharing)\nThe following providers are supported and tested at the moment:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Authentication via Environment Variable**\n\t* Kerberos (mod_auth_kerb)\n\t* Any other provider that authenticates using the environment variable\n\nWhile theoretically any other authentication provider implementing either one of those standards is compatible, we like to note that they are not part of any internal test matrix." : "\tEn utilisant l'application SSO & SAML de votre Nextcloud, vous pouvez facilement intégrer votre solution Single-Sign-On existante avec Nextcloud. En outre, vous pouvez utiliser le fournisseur d'utilisateurs LDAP Nextcloud pour conserver une meilleur simplicité pour les utilisateurs. (par exemple quand ils partageant)\nPour le moment, seuls les fournisseurs suivants sont testés et pris en charge. \n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Authentification via une variable d'environnement\n\t* Kerberos (mod_auth_kerb)\n\tTout autre fournisseur qui s'authentifie à l'aide d'une variable d'environnement\n\nBien que théoriquement, tout autre fournisseur d'authentification mettant en œuvre l'une ou l'autre de ces normes soit compatible, veuillez noter que leur compatibilité n'est pas garantie, car ils ne sont pas tester par nos équipes.", + "Open documentation" : "Voir la documentation", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you enabled \"%s\" or you go directly to the URL %s." : "Assurez-vous de configurer un utilisateur administratif qui peut accéder à l'instance par SSO. La connexion avec votre compte habituel %s ne sera plus possible, à moins que vous activiez \"%s\" ou que vous alliez directement à l'adresse URL %s.", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you go directly to the URL %s." : "Assurez-vous de configurer un utilisateur administratif qui peut accéder à l'instance par SSO. La connexion avec votre compte habituel %s ne sera plus possible, à moins que vous alliez directement à l'adresse URL %s.", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Veuillez choisir si vous voulez vous authentifier en utilisant le fournisseur SAML intégré à Nextcloud ou si vous voulez vous authentifier avec une variable d'environnement.", + "Use built-in SAML authentication" : "Utiliser l'authentification SAML intégrée", + "Use environment variable" : "Utiliser une variable d’environnement", + "Global settings" : "Paramètres généraux", + "Remove identity provider" : "Supprimer le fournisseur d'identité", + "Add identity provider" : "Ajouter le fournisseur d'identité", + "General" : "Général", + "Service Provider Data" : "Service du Fournisseur de Données", + "If your Service Provider should use certificates you can optionally specify them here." : "Si votre fournisseur de service utilise des certificats, vous pouvez les indiquer ici.", + "Show Service Provider settings…" : "Afficher les options du fournisseur de service...", + "Name ID format" : "Format de l'ID du nom", + "Identity Provider Data" : "Fournisseur de données d'identité", + "Configure your IdP settings here." : "Configurez vos options IdP ici.", + "Identifier of the IdP entity (must be a URI)" : "Identifiant de l'entité IdP (doit être une URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "URL cible du fournisseur d'identités à qui le fournisseur de service enverra la requête d'authentification", + "Show optional Identity Provider settings…" : "Afficher les paramètres optionnels du fournisseur d'identité...", + "URL Location of the IdP where the SP will send the SLO Request" : "URL du fournisseur d'identité où le fournisseur de service enverra la requête de déconnexion SLO", + "URL Location of the IDP's SLO Response" : "URL de la réponse SLO du fournisseur d’identité", + "Public X.509 certificate of the IdP" : "Certificat public X.509 de l'IdP", + "Attribute mapping" : "Mappage des attributs", + "If you want to optionally map attributes to the user you can configure these here." : "Si vous préférez relier les attributs à l'utilisateur, vous pouvez les configurer ici.", + "Show attribute mapping settings…" : "Montrer les paramètres du mappage des attributs...", + "Security settings" : "Paramètres de sécurité", + "For increased security we recommend enabling the following settings if supported by your environment." : "Pour augmenter la sécurité nous recommandons d'activer les paramètres suivants s'ils sont supportés par votre environnement.", + "Show security settings…" : "Afficher les paramètres de sécurité...", + "Signatures and encryption offered" : "Signatures et chiffrement proposés", + "Signatures and encryption required" : "Signatures et chiffrement obligatoire", + "Download metadata XML" : "Télécharger les méta-données XML", + "Reset settings" : "Réinitialiser les paramètres", + "Metadata invalid" : "Méta-données invalides", + "Metadata valid" : "Méta-données valides", + "Error" : "Erreur", + "Account not provisioned." : "Compte non approvisionné.", + "Your account is not provisioned, access to this service is thus not possible." : "Votre compte n'est pas approvisionné, l'accès à ce service n'est donc pas possible.", + "Login options:" : "Options de connexion :", + "Choose a authentication provider" : "Choisir un fournisseur d'authentification" +},"pluralForm" :"nplurals=2; plural=(n > 1);" +} \ No newline at end of file diff --git a/docker/nextcloud/custom_apps/user_saml/l10n/gl.js b/docker/nextcloud/custom_apps/user_saml/l10n/gl.js new file mode 100644 index 0000000..068d0b2 --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/l10n/gl.js @@ -0,0 +1,89 @@ +OC.L10N.register( + "user_saml", + { + "This user account is disabled, please contact your administrator." : "Esta conta de usuario está desactivada, póñase en contacto co administrador.", + "Saved" : "Gardado", + "Provider" : "Provedor", + "Unknown error, please check the log file for more details." : "Produciuse un erro descoñecido, revise o rexistro para obter máis información.", + "Direct log in" : "Acceso directo", + "SSO & SAML log in" : "Acceso SSO e SAML", + "This page should not be visited directly." : "Esta páxina non debe ser visitada directamente.", + "Provider " : "Provedor", + "X.509 certificate of the Service Provider" : "Certificado X.509 do provedor do servizo", + "Private key of the Service Provider" : "Clave privada do provedor do servizo", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Indica que o nameID do enviado por este SP vai ser cifrado.", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Indica se as mensaxes enviadas por este SP van seren asinadas. [Os metadatos do SP ofrecerán esta información]", + "Indicates whether the messages sent by this SP will be signed." : "Indica se as mensaxes enviadas por este SP van seren asinadas.", + "Indicates whether the messages sent by this SP will be signed." : "Indica se as mensaxes enviadas por este SP van seren asinadas.", + "Whether the metadata should be signed." : "Se os metadatos deben ser asinados.", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Indica un requisito para os elementos , e recibidos por este SP para seren asinados.", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Indica un requisito para os elementos recibidos por este SP para seren asinados. [Os metadatos do SP ofrecerán esta información]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Indica un requisito para os elementos recibidos por este SP para seren cifrados.", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Indica un requisito para que o elemento NameID no SAMLResponse recibido por este SP estea presente.", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Indica un requisito para que o NameID recibido por este SP estea cifrado.", + "Indicates if the SP will validate all received XML." : "Indica se o SP validará todos os XMLs recibidos.", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS URL-Cifra datos SAML en minúsculas, e, por omisión, o conxunto de ferramentas usa maiúsculas. Active ADFS para a compatibilidade na sinatura de verificación.", + "Algorithm that the toolkit will use on signing process." : "Algoritmo que o conxnto de ferramentas empregará no proceso de sinatura.", + "Attribute to map the UID to." : "Atributo para asignar o UID.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Permitir soamente se existe unha conta noutro sistema. (p. ex. LDAP)", + "Attribute to map the displayname to." : "Atributo para asignar o nome que amosar.", + "Attribute to map the email address to." : "Atributo para asignar o enderezo de correo que amosar.", + "Attribute to map the quota to." : "Atributo para asignar a cota.", + "Attribute to map the users groups to." : "Atributo para asignar os grupos de usuarios.", + "Attribute to map the users home to." : "Atributo para asignar o cartafol dos usuarios.", + "Email address" : "Enderezo de correo", + "Encrypted" : "Cifrado", + "Entity" : "Entidade", + "Kerberos" : "Kerberos", + "Persistent" : "Persistente", + "Transient" : "Transitorio", + "Unspecified" : "Sen especificar", + "Windows domain qualified name" : "Nome cualificado do dominio de Windows", + "X509 subject name" : "Nome do suxeito X509", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Usar a autenticación SAML para os clientes de escritorio %s (necesita unha re-autenticación do usuario)", + "Optional display name of the identity provider (default: \"SSO & SAML log in\")" : "Nome para amosar opcional do provedor de identidade (por omisión: «rexistro SSO e SAML»)", + "Allow the use of multiple user back-ends (e.g. LDAP)" : "Permitir o uso de várias infraestruturas de autenticación (p. ex. LDAP) ", + "SSO & SAML authentication" : "Autenticación SSO e SAML", + "Authenticate using single sign-on" : "Autenticación usando SSO (single sign-on)", + "Using the SSO & SAML app of your Nextcloud you can make it easily possible to integrate your existing Single-Sign-On solution with Nextcloud. In addition, you can use the Nextcloud LDAP user provider to keep the convenience for users. (e.g. when sharing)\nThe following providers are supported and tested at the moment:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Authentication via Environment Variable**\n\t* Kerberos (mod_auth_kerb)\n\t* Any other provider that authenticates using the environment variable\n\nWhile theoretically any other authentication provider implementing either one of those standards is compatible, we like to note that they are not part of any internal test matrix." : "Usando a aplicación SSO e SAML no seu NextCloud pode facer posíbel integrar a súa solución de «Inicio de sesión único» (Single-Sign-On) co Nextcloud. Ademaiss, pode empregar o provedor de usuarios LDAP do NextCloud para conservar a conveniencia para usuarios (p. ej., ao compartir).\nPolo momento foron omprobados e son compatíbeis os seguintes proveedores:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Autenticación mediante variábel de contorno**\n\t* Kerberos (mod_auth_kerb)\n\t* Calquera outro provedor que autentique usando a variábel de contorno\n\nAínda que teoricamente calquera outro provedor de autenticación que implemente calquera destes estándares é compatíbel, queremos facer notar que non forman parte de ningunha matriz de probas interna.", + "Open documentation" : "Abrir a documentación", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you enabled \"%s\" or you go directly to the URL %s." : "Asegúrese de configurar un usuario administrativo que poida acceder á instancia a través de SSO. Acceder coa súa conta normal %s xa non será posíbel, a non ser que teña activado «%s» ou que vaia directamente ao URL %s.", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you go directly to the URL %s." : "Asegúrese de configurar un usuario administrativo que poida acceder á instancia a través de SSO. Acceder coa súa conta normal %s xa non será posíbel, a non ser que vaia directamente ao URL %s.", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Escolla se quere autenticarse usando o provedor SAML integrado en Nextcloud ou se quere autenticarse nunha variábel de contorno.", + "Use built-in SAML authentication" : "Usar a autenticación integrada de SAML", + "Use environment variable" : "Usar variábel de contorno", + "Global settings" : "Axustes globais", + "Remove identity provider" : "Retirar o provedor de identidade", + "Add identity provider" : "Engadir un provedor de identidade", + "General" : "Xeral", + "Service Provider Data" : "Provedor do servizo de datos", + "If your Service Provider should use certificates you can optionally specify them here." : "Se o seu provedor do servizo usa certificados, pode, opcionalmente, especificalos aquí.", + "Show Service Provider settings…" : "Amosar os axustes do Proveedor dos Servizos...", + "Name ID format" : "Formato do ID de nome", + "Identity Provider Data" : "Identificación do provedor de datos", + "Configure your IdP settings here." : "Configure os axustes do seu IdP aquí.", + "Identifier of the IdP entity (must be a URI)" : "Identificador da entidade IdP (ten que ser un URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "URL obxectivo do IdP onde o SP enviará a mensaxe de solicitude de autenticación", + "Show optional Identity Provider settings…" : "Amosar axustes opcionais do Provedor de Identidade...", + "URL Location of the IdP where the SP will send the SLO Request" : "Enderezo URL do IdP onde o SP enviará as solicitudes SLO", + "URL Location of the IDP's SLO Response" : "Localización URL da resposta SLO do IDP", + "Public X.509 certificate of the IdP" : "Certificado público X.509 do IdP", + "Attribute mapping" : "Asignación de atributos", + "If you want to optionally map attributes to the user you can configure these here." : "Se queres asignar atributos opcionais ao usuario, podes configuralos aquí.", + "Show attribute mapping settings…" : "Amosar axustes de asignación de atributos...", + "Security settings" : "Axustes de seguridade", + "For increased security we recommend enabling the following settings if supported by your environment." : "Para incrementar a seguridade recomendámoslle que active os seguintes axustes se son admitidos polo seu contorno.", + "Show security settings…" : "Amosar os axustes de seguridade...", + "Signatures and encryption offered" : "Sinaturas e cifrado ofrecidos", + "Signatures and encryption required" : "Son ncesarios as sinaturas e o cifrado", + "Download metadata XML" : "Descargar metadatos en XML", + "Reset settings" : "Restabelecer os axustes", + "Metadata invalid" : "Metadatos incorrectos", + "Metadata valid" : "Metadatos correctos", + "Error" : "Erro", + "Account not provisioned." : "Conta non aprovisionada.", + "Your account is not provisioned, access to this service is thus not possible." : "A súa conta non esta aprovisionada, polo que non é posíbel o acceso a este servizo.", + "Login options:" : "Opcións de acceso", + "Choose a authentication provider" : "Escolla un provedor de autenticación" +}, +"nplurals=2; plural=(n != 1);"); diff --git a/docker/nextcloud/custom_apps/user_saml/l10n/gl.json b/docker/nextcloud/custom_apps/user_saml/l10n/gl.json new file mode 100644 index 0000000..ebd5326 --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/l10n/gl.json @@ -0,0 +1,87 @@ +{ "translations": { + "This user account is disabled, please contact your administrator." : "Esta conta de usuario está desactivada, póñase en contacto co administrador.", + "Saved" : "Gardado", + "Provider" : "Provedor", + "Unknown error, please check the log file for more details." : "Produciuse un erro descoñecido, revise o rexistro para obter máis información.", + "Direct log in" : "Acceso directo", + "SSO & SAML log in" : "Acceso SSO e SAML", + "This page should not be visited directly." : "Esta páxina non debe ser visitada directamente.", + "Provider " : "Provedor", + "X.509 certificate of the Service Provider" : "Certificado X.509 do provedor do servizo", + "Private key of the Service Provider" : "Clave privada do provedor do servizo", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Indica que o nameID do enviado por este SP vai ser cifrado.", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Indica se as mensaxes enviadas por este SP van seren asinadas. [Os metadatos do SP ofrecerán esta información]", + "Indicates whether the messages sent by this SP will be signed." : "Indica se as mensaxes enviadas por este SP van seren asinadas.", + "Indicates whether the messages sent by this SP will be signed." : "Indica se as mensaxes enviadas por este SP van seren asinadas.", + "Whether the metadata should be signed." : "Se os metadatos deben ser asinados.", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Indica un requisito para os elementos , e recibidos por este SP para seren asinados.", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Indica un requisito para os elementos recibidos por este SP para seren asinados. [Os metadatos do SP ofrecerán esta información]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Indica un requisito para os elementos recibidos por este SP para seren cifrados.", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Indica un requisito para que o elemento NameID no SAMLResponse recibido por este SP estea presente.", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Indica un requisito para que o NameID recibido por este SP estea cifrado.", + "Indicates if the SP will validate all received XML." : "Indica se o SP validará todos os XMLs recibidos.", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS URL-Cifra datos SAML en minúsculas, e, por omisión, o conxunto de ferramentas usa maiúsculas. Active ADFS para a compatibilidade na sinatura de verificación.", + "Algorithm that the toolkit will use on signing process." : "Algoritmo que o conxnto de ferramentas empregará no proceso de sinatura.", + "Attribute to map the UID to." : "Atributo para asignar o UID.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Permitir soamente se existe unha conta noutro sistema. (p. ex. LDAP)", + "Attribute to map the displayname to." : "Atributo para asignar o nome que amosar.", + "Attribute to map the email address to." : "Atributo para asignar o enderezo de correo que amosar.", + "Attribute to map the quota to." : "Atributo para asignar a cota.", + "Attribute to map the users groups to." : "Atributo para asignar os grupos de usuarios.", + "Attribute to map the users home to." : "Atributo para asignar o cartafol dos usuarios.", + "Email address" : "Enderezo de correo", + "Encrypted" : "Cifrado", + "Entity" : "Entidade", + "Kerberos" : "Kerberos", + "Persistent" : "Persistente", + "Transient" : "Transitorio", + "Unspecified" : "Sen especificar", + "Windows domain qualified name" : "Nome cualificado do dominio de Windows", + "X509 subject name" : "Nome do suxeito X509", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Usar a autenticación SAML para os clientes de escritorio %s (necesita unha re-autenticación do usuario)", + "Optional display name of the identity provider (default: \"SSO & SAML log in\")" : "Nome para amosar opcional do provedor de identidade (por omisión: «rexistro SSO e SAML»)", + "Allow the use of multiple user back-ends (e.g. LDAP)" : "Permitir o uso de várias infraestruturas de autenticación (p. ex. LDAP) ", + "SSO & SAML authentication" : "Autenticación SSO e SAML", + "Authenticate using single sign-on" : "Autenticación usando SSO (single sign-on)", + "Using the SSO & SAML app of your Nextcloud you can make it easily possible to integrate your existing Single-Sign-On solution with Nextcloud. In addition, you can use the Nextcloud LDAP user provider to keep the convenience for users. (e.g. when sharing)\nThe following providers are supported and tested at the moment:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Authentication via Environment Variable**\n\t* Kerberos (mod_auth_kerb)\n\t* Any other provider that authenticates using the environment variable\n\nWhile theoretically any other authentication provider implementing either one of those standards is compatible, we like to note that they are not part of any internal test matrix." : "Usando a aplicación SSO e SAML no seu NextCloud pode facer posíbel integrar a súa solución de «Inicio de sesión único» (Single-Sign-On) co Nextcloud. Ademaiss, pode empregar o provedor de usuarios LDAP do NextCloud para conservar a conveniencia para usuarios (p. ej., ao compartir).\nPolo momento foron omprobados e son compatíbeis os seguintes proveedores:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Autenticación mediante variábel de contorno**\n\t* Kerberos (mod_auth_kerb)\n\t* Calquera outro provedor que autentique usando a variábel de contorno\n\nAínda que teoricamente calquera outro provedor de autenticación que implemente calquera destes estándares é compatíbel, queremos facer notar que non forman parte de ningunha matriz de probas interna.", + "Open documentation" : "Abrir a documentación", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you enabled \"%s\" or you go directly to the URL %s." : "Asegúrese de configurar un usuario administrativo que poida acceder á instancia a través de SSO. Acceder coa súa conta normal %s xa non será posíbel, a non ser que teña activado «%s» ou que vaia directamente ao URL %s.", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you go directly to the URL %s." : "Asegúrese de configurar un usuario administrativo que poida acceder á instancia a través de SSO. Acceder coa súa conta normal %s xa non será posíbel, a non ser que vaia directamente ao URL %s.", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Escolla se quere autenticarse usando o provedor SAML integrado en Nextcloud ou se quere autenticarse nunha variábel de contorno.", + "Use built-in SAML authentication" : "Usar a autenticación integrada de SAML", + "Use environment variable" : "Usar variábel de contorno", + "Global settings" : "Axustes globais", + "Remove identity provider" : "Retirar o provedor de identidade", + "Add identity provider" : "Engadir un provedor de identidade", + "General" : "Xeral", + "Service Provider Data" : "Provedor do servizo de datos", + "If your Service Provider should use certificates you can optionally specify them here." : "Se o seu provedor do servizo usa certificados, pode, opcionalmente, especificalos aquí.", + "Show Service Provider settings…" : "Amosar os axustes do Proveedor dos Servizos...", + "Name ID format" : "Formato do ID de nome", + "Identity Provider Data" : "Identificación do provedor de datos", + "Configure your IdP settings here." : "Configure os axustes do seu IdP aquí.", + "Identifier of the IdP entity (must be a URI)" : "Identificador da entidade IdP (ten que ser un URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "URL obxectivo do IdP onde o SP enviará a mensaxe de solicitude de autenticación", + "Show optional Identity Provider settings…" : "Amosar axustes opcionais do Provedor de Identidade...", + "URL Location of the IdP where the SP will send the SLO Request" : "Enderezo URL do IdP onde o SP enviará as solicitudes SLO", + "URL Location of the IDP's SLO Response" : "Localización URL da resposta SLO do IDP", + "Public X.509 certificate of the IdP" : "Certificado público X.509 do IdP", + "Attribute mapping" : "Asignación de atributos", + "If you want to optionally map attributes to the user you can configure these here." : "Se queres asignar atributos opcionais ao usuario, podes configuralos aquí.", + "Show attribute mapping settings…" : "Amosar axustes de asignación de atributos...", + "Security settings" : "Axustes de seguridade", + "For increased security we recommend enabling the following settings if supported by your environment." : "Para incrementar a seguridade recomendámoslle que active os seguintes axustes se son admitidos polo seu contorno.", + "Show security settings…" : "Amosar os axustes de seguridade...", + "Signatures and encryption offered" : "Sinaturas e cifrado ofrecidos", + "Signatures and encryption required" : "Son ncesarios as sinaturas e o cifrado", + "Download metadata XML" : "Descargar metadatos en XML", + "Reset settings" : "Restabelecer os axustes", + "Metadata invalid" : "Metadatos incorrectos", + "Metadata valid" : "Metadatos correctos", + "Error" : "Erro", + "Account not provisioned." : "Conta non aprovisionada.", + "Your account is not provisioned, access to this service is thus not possible." : "A súa conta non esta aprovisionada, polo que non é posíbel o acceso a este servizo.", + "Login options:" : "Opcións de acceso", + "Choose a authentication provider" : "Escolla un provedor de autenticación" +},"pluralForm" :"nplurals=2; plural=(n != 1);" +} \ No newline at end of file diff --git a/docker/nextcloud/custom_apps/user_saml/l10n/he.js b/docker/nextcloud/custom_apps/user_saml/l10n/he.js new file mode 100644 index 0000000..c3e2ebd --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/l10n/he.js @@ -0,0 +1,61 @@ +OC.L10N.register( + "user_saml", + { + "This user account is disabled, please contact your administrator." : "החשבון הזה מושבת, נא ליצור קשר עם מנהל המערכת.", + "Saved" : "נשמר", + "Provider" : "ספק", + "Unknown error, please check the log file for more details." : "שגיאה בלתי ידועה, נא לעיין בקובץ הרישום לפרטים נוספים.", + "Direct log in" : "כניסה ישירה", + "SSO & SAML log in" : "כניסה עם SSO ו־SAML", + "This page should not be visited directly." : "אין סיבה להגיע לעמוד זה ישירות.", + "Provider " : "ספק", + "X.509 certificate of the Service Provider" : "אישור X.509 של ספק השירות", + "Private key of the Service Provider" : "מפתח פרטי של ספק השירות", + "Indicates that the nameID of the sent by this SP will be encrypted." : "מציין שה־nameID של ה־ שנשלח על ידי ספק השירות הזה יהיה מוצפן.", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "מציין האם הודעות מסוג שנשלחות על ידי ספק השירות הזה תהיינה חתומות. [נתוני העל של ספק השירות יציעו את המידע הזה]", + "Indicates whether the messages sent by this SP will be signed." : "מציין האם הודעות מסוג שנשלחות על ידי ספק השירות הזה תהיינה חתומות.", + "Indicates whether the messages sent by this SP will be signed." : "מציין האם הודעות מסוג שנשלחות על ידי ספק השירות הזה תהיינה חתומות.", + "Whether the metadata should be signed." : "האם לחתום על נתוני העל.", + "Indicates a requirement for the , and elements received by this SP to be signed." : "מציין דרישה לחתימה על הרכיבים , ו־ שהתקבלו על ידי ספק השירות הזה.", + "Indicates if the SP will validate all received XML." : "מציין אם ספק השירות יאמת את כל ה־XML שמתקבל", + "Algorithm that the toolkit will use on signing process." : "האלגוריתם בו תשתמש ערכת הכלים בתהליך החתימה.", + "Attribute to map the UID to." : "מאפיין למפות אליו את ה־UID (מזהה המשתמש).", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "לאפשר אימות רק אם קיים חשבון במנגנון אחר כלשהו (למשל LDAP)", + "Attribute to map the displayname to." : "מאפיין למפות אליו את displayname (שם התצוגה).", + "Attribute to map the email address to." : "מאפיין למפות אליו את email (כתובת הדוא״ל).", + "Attribute to map the quota to." : "מאפיין למפות אליו את quota (מיכסה).", + "Attribute to map the users groups to." : "מאפיין למפות אליו את קבוצות המשתמשים.", + "Attribute to map the users home to." : "מאפיין למפות אליו את תיקיות הבית של המשתמשים.", + "Email address" : "כתובת דוא״ל", + "Encrypted" : "מוצפן", + "Entity" : "יישות", + "Kerberos" : "Kerberos", + "X509 subject name" : "שם נושא X509", + "SSO & SAML authentication" : "אימות גישה אחודה (SSO) ו־SAML", + "Open documentation" : "פתיחת תיעוד", + "Use built-in SAML authentication" : "שימוש באימות SAML מובנה", + "Use environment variable" : "שימוש במשתני סביבה", + "Global settings" : "הגדרות גלובליות", + "Remove identity provider" : "הסרת ספק זהות", + "Add identity provider" : "הוספת ספק זהות", + "General" : "כללי", + "Service Provider Data" : "נתוני ספק שירות", + "If your Service Provider should use certificates you can optionally specify them here." : "אם ספק הזהות שלך אמור להשתמש באישורים ניתן לציין אותם כאן.", + "Show Service Provider settings…" : "הצגת הגדרות ספק שירות…", + "Identity Provider Data" : "נתוני ספק שירות", + "Configure your IdP settings here." : "הגדרת תצורת ספק השירות להלן.", + "Attribute mapping" : "מיפוי מאפיינים", + "Security settings" : "הגדרות אבטחה", + "Show security settings…" : "הצגת הגדרות אבטחה…", + "Signatures and encryption offered" : "הוצעו חתימות והצפנה", + "Signatures and encryption required" : "נדרשו חתימות והצפנה", + "Download metadata XML" : "הורדת XML של נתוני העל", + "Reset settings" : "איפוס הגדרות", + "Metadata invalid" : "נתוני העל שגויים", + "Metadata valid" : "נתוני העל תקינים", + "Error" : "שגיאה", + "Account not provisioned." : "החשבון לא מנוהל.", + "Your account is not provisioned, access to this service is thus not possible." : "החשבון שלך לא מנוהל, לכן הגישה לשירות הזה אינה אפשרות.", + "Choose a authentication provider" : "נא לבחור ספק אימות" +}, +"nplurals=4; plural=(n == 1 && n % 1 == 0) ? 0 : (n == 2 && n % 1 == 0) ? 1: (n % 10 == 0 && n % 1 == 0 && n > 10) ? 2 : 3;"); diff --git a/docker/nextcloud/custom_apps/user_saml/l10n/he.json b/docker/nextcloud/custom_apps/user_saml/l10n/he.json new file mode 100644 index 0000000..ae2fe12 --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/l10n/he.json @@ -0,0 +1,59 @@ +{ "translations": { + "This user account is disabled, please contact your administrator." : "החשבון הזה מושבת, נא ליצור קשר עם מנהל המערכת.", + "Saved" : "נשמר", + "Provider" : "ספק", + "Unknown error, please check the log file for more details." : "שגיאה בלתי ידועה, נא לעיין בקובץ הרישום לפרטים נוספים.", + "Direct log in" : "כניסה ישירה", + "SSO & SAML log in" : "כניסה עם SSO ו־SAML", + "This page should not be visited directly." : "אין סיבה להגיע לעמוד זה ישירות.", + "Provider " : "ספק", + "X.509 certificate of the Service Provider" : "אישור X.509 של ספק השירות", + "Private key of the Service Provider" : "מפתח פרטי של ספק השירות", + "Indicates that the nameID of the sent by this SP will be encrypted." : "מציין שה־nameID של ה־ שנשלח על ידי ספק השירות הזה יהיה מוצפן.", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "מציין האם הודעות מסוג שנשלחות על ידי ספק השירות הזה תהיינה חתומות. [נתוני העל של ספק השירות יציעו את המידע הזה]", + "Indicates whether the messages sent by this SP will be signed." : "מציין האם הודעות מסוג שנשלחות על ידי ספק השירות הזה תהיינה חתומות.", + "Indicates whether the messages sent by this SP will be signed." : "מציין האם הודעות מסוג שנשלחות על ידי ספק השירות הזה תהיינה חתומות.", + "Whether the metadata should be signed." : "האם לחתום על נתוני העל.", + "Indicates a requirement for the , and elements received by this SP to be signed." : "מציין דרישה לחתימה על הרכיבים , ו־ שהתקבלו על ידי ספק השירות הזה.", + "Indicates if the SP will validate all received XML." : "מציין אם ספק השירות יאמת את כל ה־XML שמתקבל", + "Algorithm that the toolkit will use on signing process." : "האלגוריתם בו תשתמש ערכת הכלים בתהליך החתימה.", + "Attribute to map the UID to." : "מאפיין למפות אליו את ה־UID (מזהה המשתמש).", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "לאפשר אימות רק אם קיים חשבון במנגנון אחר כלשהו (למשל LDAP)", + "Attribute to map the displayname to." : "מאפיין למפות אליו את displayname (שם התצוגה).", + "Attribute to map the email address to." : "מאפיין למפות אליו את email (כתובת הדוא״ל).", + "Attribute to map the quota to." : "מאפיין למפות אליו את quota (מיכסה).", + "Attribute to map the users groups to." : "מאפיין למפות אליו את קבוצות המשתמשים.", + "Attribute to map the users home to." : "מאפיין למפות אליו את תיקיות הבית של המשתמשים.", + "Email address" : "כתובת דוא״ל", + "Encrypted" : "מוצפן", + "Entity" : "יישות", + "Kerberos" : "Kerberos", + "X509 subject name" : "שם נושא X509", + "SSO & SAML authentication" : "אימות גישה אחודה (SSO) ו־SAML", + "Open documentation" : "פתיחת תיעוד", + "Use built-in SAML authentication" : "שימוש באימות SAML מובנה", + "Use environment variable" : "שימוש במשתני סביבה", + "Global settings" : "הגדרות גלובליות", + "Remove identity provider" : "הסרת ספק זהות", + "Add identity provider" : "הוספת ספק זהות", + "General" : "כללי", + "Service Provider Data" : "נתוני ספק שירות", + "If your Service Provider should use certificates you can optionally specify them here." : "אם ספק הזהות שלך אמור להשתמש באישורים ניתן לציין אותם כאן.", + "Show Service Provider settings…" : "הצגת הגדרות ספק שירות…", + "Identity Provider Data" : "נתוני ספק שירות", + "Configure your IdP settings here." : "הגדרת תצורת ספק השירות להלן.", + "Attribute mapping" : "מיפוי מאפיינים", + "Security settings" : "הגדרות אבטחה", + "Show security settings…" : "הצגת הגדרות אבטחה…", + "Signatures and encryption offered" : "הוצעו חתימות והצפנה", + "Signatures and encryption required" : "נדרשו חתימות והצפנה", + "Download metadata XML" : "הורדת XML של נתוני העל", + "Reset settings" : "איפוס הגדרות", + "Metadata invalid" : "נתוני העל שגויים", + "Metadata valid" : "נתוני העל תקינים", + "Error" : "שגיאה", + "Account not provisioned." : "החשבון לא מנוהל.", + "Your account is not provisioned, access to this service is thus not possible." : "החשבון שלך לא מנוהל, לכן הגישה לשירות הזה אינה אפשרות.", + "Choose a authentication provider" : "נא לבחור ספק אימות" +},"pluralForm" :"nplurals=4; plural=(n == 1 && n % 1 == 0) ? 0 : (n == 2 && n % 1 == 0) ? 1: (n % 10 == 0 && n % 1 == 0 && n > 10) ? 2 : 3;" +} \ No newline at end of file diff --git a/docker/nextcloud/custom_apps/user_saml/l10n/hr.js b/docker/nextcloud/custom_apps/user_saml/l10n/hr.js new file mode 100644 index 0000000..31e573f --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/l10n/hr.js @@ -0,0 +1,89 @@ +OC.L10N.register( + "user_saml", + { + "This user account is disabled, please contact your administrator." : "Ovaj je korisnički račun onemogućen, obratite se svom administratoru.", + "Saved" : "Spremljeno", + "Provider" : "Davatelj usluge", + "Unknown error, please check the log file for more details." : "Došlo je do nepoznate pogreške, provjerite datoteku sa zapisom.", + "Direct log in" : "Izravna prijava", + "SSO & SAML log in" : "Prijava SSO i SAML", + "This page should not be visited directly." : "Ovu stranicu ne bi trebalo izravno posjetiti.", + "Provider " : "Davatelj usluge ", + "X.509 certificate of the Service Provider" : "X.509 vjerodajnica davatelja usluge", + "Private key of the Service Provider" : "Privatni ključ davatelja usluge", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Označava da će se šifrirati nameID koje je poslao ovaj DU.", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Označava hoće li se potpisati poruke koje pošalje ovaj DU. [Informacije su sadržane u metapodacima DU-a]", + "Indicates whether the messages sent by this SP will be signed." : "Označava hoće li se potpisati poruke koje pošalje ovaj DU.", + "Indicates whether the messages sent by this SP will be signed." : "Označava hoće li se potpisati poruke koje pošalje ovaj DU.", + "Whether the metadata should be signed." : "Trebaju li biti potpisani metapodaci.", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Označava zahtjev za potpisivanjem elemenata , i koji primi ovaj DU.", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Označava zahtjev za potpisivanjem elementa koji primi ovaj DU. [Informacije su sadržane u metapodacima DU-a]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Označava zahtjev za šifriranjem elementa koji primi ovaj DU.", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : " Označava zahtjev da mora biti prisutan element NameID na SAMLResponse koji primi ovaj DU.", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Označava zahtjev za šifriranjem NameID-ja koji primi ovaj DU.", + "Indicates if the SP will validate all received XML." : "Označava hoće li DU potvrditi sve primljene XML-ove.", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS šifrira SAML podatke malim slovima, a alati prema zadanim postavkama koriste velika slova. Omogućite kako biste osigurali kompatibilnost s ADFS-om prilikom provjere potpisa.", + "Algorithm that the toolkit will use on signing process." : "Algoritam koji će primijeniti alat tijekom postupka potpisivanja.", + "Attribute to map the UID to." : "Atribut na koji se mapira UID.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Dopustite autentifikaciju samo ako račun postoji u nekom drugom pozadinskom sustavu. (npr. LDAP-u)", + "Attribute to map the displayname to." : "Atribut na koji se mapira ime za prikaz.", + "Attribute to map the email address to." : "Atribut na koji se mapira adresa e-pošte.", + "Attribute to map the quota to." : "Atribut na koji se mapira kvota.", + "Attribute to map the users groups to." : "Atribut na koji se mapiraju grupe korisnika.", + "Attribute to map the users home to." : "Atribut na koji se mapira početna mapa korisnika.", + "Email address" : "Adresa e-pošte", + "Encrypted" : "Šifrirano", + "Entity" : "Entitet", + "Kerberos" : "Kerberos", + "Persistent" : "Stalan", + "Transient" : "Prolazan", + "Unspecified" : "Neodređen", + "Windows domain qualified name" : "Naziv za Windows domenu", + "X509 subject name" : "Naziv subjekta X509", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Upotrijebite SAML auth za %s računalne klijente (zahtijeva ponovnu autentifikaciju korisnika)", + "Optional display name of the identity provider (default: \"SSO & SAML log in\")" : "Neobavezno ime za prikaz davatelja identiteta (zadano: „prijava SSO i SAML”)", + "Allow the use of multiple user back-ends (e.g. LDAP)" : "Dopusti korištenje višestrukih pozadinskih sustava (npr. LDAP-a)", + "SSO & SAML authentication" : "SSO i SAML autentifikacija", + "Authenticate using single sign-on" : "Autentifikacija jedinstvenom prijavom", + "Using the SSO & SAML app of your Nextcloud you can make it easily possible to integrate your existing Single-Sign-On solution with Nextcloud. In addition, you can use the Nextcloud LDAP user provider to keep the convenience for users. (e.g. when sharing)\nThe following providers are supported and tested at the moment:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Authentication via Environment Variable**\n\t* Kerberos (mod_auth_kerb)\n\t* Any other provider that authenticates using the environment variable\n\nWhile theoretically any other authentication provider implementing either one of those standards is compatible, we like to note that they are not part of any internal test matrix." : "Korištenjem aplikacije SSO i SAML u Nextcloudu možete lako integrirati svoje postojeće rješenje za jedinstvenu prijavu u Nextcloud. Također se možete koristiti Nextcloudovim pružateljem LDAP usluga kako biste zadržali praktičnost za korisnike. (npr. prilikom dijeljenja)\nSljedeći su davatelji usluge trenutno podržani i ispitani:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Autentifikacija putem varijable okoliša**\n\t* Kerberos (mod_auth_kerb)\n\t* Bilo koji drugi davatelj usluge koji provodi autentifikaciju putem varijable okoliša\n\nIako je teoretski kompatibilan bilo koji drugi davatelj usluge autentifikacije koji implementira bilo koji od tih standarda, naglašavamo da oni nisu dio nijedne unutarnje matrice ispitivanja.", + "Open documentation" : "Otvori dokumentaciju", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you enabled \"%s\" or you go directly to the URL %s." : "Obavezno konfigurirajte administrativnog korisnika koji može pristupiti instanci putem SSO-a. Prijava sa svojim redovnim %s računom više neće biti moguća, osim ako niste omogućili „%s” ili idete izravno na URL %s.", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you go directly to the URL %s." : "Obavezno konfigurirajte administrativnog korisnika koji može pristupiti instanci putem SSO-a. Prijava sa svojim redovnim %s računom više neće biti moguća, osim ako izravno ne otvorite URL %s.", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Odaberite želite li provoditi autentifikaciju putem davatelja usluge SAML-a ugrađenog u Nextcloud ili varijable okoliša.", + "Use built-in SAML authentication" : "Koristi ugrađenu SAML autentifikaciju", + "Use environment variable" : "Koristi varijablu okoliša", + "Global settings" : "Globalne postavke", + "Remove identity provider" : "Ukloni davatelja identiteta", + "Add identity provider" : "Dodaj davatelja identiteta", + "General" : "Općenito", + "Service Provider Data" : "Podaci davatelja usluga", + "If your Service Provider should use certificates you can optionally specify them here." : "Ako bi vaš pružatelj usluga trebao upotrebljavati vjerodajnice, možete ih ovdje navesti.", + "Show Service Provider settings…" : "Prikaži postavke davatelja usluga…", + "Name ID format" : "Format ID-ja imena", + "Identity Provider Data" : "Podaci davatelja identiteta", + "Configure your IdP settings here." : "Ovdje konfigurirajte svoje IdP postavke.", + "Identifier of the IdP entity (must be a URI)" : "Identifikator IdP identiteta (mora biti URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "Ciljni URL IdP-a za koji će DU poslati poruku zahtjeva za autentifikacijom", + "Show optional Identity Provider settings…" : "Prikaži neobvezne postavke davatelja identiteta...", + "URL Location of the IdP where the SP will send the SLO Request" : "Lokacija URL-a IdP-a gdje će DU poslati zahtjev za SLO", + "URL Location of the IDP's SLO Response" : "URL lokacija odgovora IDP SLO", + "Public X.509 certificate of the IdP" : "Javna X.509 vjerodajnica IdP-a", + "Attribute mapping" : "Mapiranje atributa", + "If you want to optionally map attributes to the user you can configure these here." : "Ako želite mapirati atribute korisniku, možete ih ovdje konfigurirati.", + "Show attribute mapping settings…" : "Prikaži postavke mapiranja atributa...", + "Security settings" : "Sigurnosne postavke", + "For increased security we recommend enabling the following settings if supported by your environment." : "Za veću sigurnost preporučujemo da omogućite sljedeće postavke ako ih okolina podržava.", + "Show security settings…" : "Prikaži sigurnosne postavke...", + "Signatures and encryption offered" : "Ponuđeni potpisi i šifriranje", + "Signatures and encryption required" : "Potrebni potpisi i šifriranje", + "Download metadata XML" : "Preuzmi XML metapodatke", + "Reset settings" : "Poništi postavke", + "Metadata invalid" : "Metapodaci nisu valjani", + "Metadata valid" : "Metapodaci su valjani", + "Error" : "Pogreška", + "Account not provisioned." : "Račun nije uspostavljen.", + "Your account is not provisioned, access to this service is thus not possible." : "Vaš račun nije uspostavljen, pristup ovoj usluzi nije moguć.", + "Login options:" : "Mogućnosti prijave:", + "Choose a authentication provider" : "Odaberi davatelja usluge autentifikacije" +}, +"nplurals=3; plural=n%10==1 && n%100!=11 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2;"); diff --git a/docker/nextcloud/custom_apps/user_saml/l10n/hr.json b/docker/nextcloud/custom_apps/user_saml/l10n/hr.json new file mode 100644 index 0000000..b3a7948 --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/l10n/hr.json @@ -0,0 +1,87 @@ +{ "translations": { + "This user account is disabled, please contact your administrator." : "Ovaj je korisnički račun onemogućen, obratite se svom administratoru.", + "Saved" : "Spremljeno", + "Provider" : "Davatelj usluge", + "Unknown error, please check the log file for more details." : "Došlo je do nepoznate pogreške, provjerite datoteku sa zapisom.", + "Direct log in" : "Izravna prijava", + "SSO & SAML log in" : "Prijava SSO i SAML", + "This page should not be visited directly." : "Ovu stranicu ne bi trebalo izravno posjetiti.", + "Provider " : "Davatelj usluge ", + "X.509 certificate of the Service Provider" : "X.509 vjerodajnica davatelja usluge", + "Private key of the Service Provider" : "Privatni ključ davatelja usluge", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Označava da će se šifrirati nameID koje je poslao ovaj DU.", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Označava hoće li se potpisati poruke koje pošalje ovaj DU. [Informacije su sadržane u metapodacima DU-a]", + "Indicates whether the messages sent by this SP will be signed." : "Označava hoće li se potpisati poruke koje pošalje ovaj DU.", + "Indicates whether the messages sent by this SP will be signed." : "Označava hoće li se potpisati poruke koje pošalje ovaj DU.", + "Whether the metadata should be signed." : "Trebaju li biti potpisani metapodaci.", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Označava zahtjev za potpisivanjem elemenata , i koji primi ovaj DU.", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Označava zahtjev za potpisivanjem elementa koji primi ovaj DU. [Informacije su sadržane u metapodacima DU-a]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Označava zahtjev za šifriranjem elementa koji primi ovaj DU.", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : " Označava zahtjev da mora biti prisutan element NameID na SAMLResponse koji primi ovaj DU.", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Označava zahtjev za šifriranjem NameID-ja koji primi ovaj DU.", + "Indicates if the SP will validate all received XML." : "Označava hoće li DU potvrditi sve primljene XML-ove.", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS šifrira SAML podatke malim slovima, a alati prema zadanim postavkama koriste velika slova. Omogućite kako biste osigurali kompatibilnost s ADFS-om prilikom provjere potpisa.", + "Algorithm that the toolkit will use on signing process." : "Algoritam koji će primijeniti alat tijekom postupka potpisivanja.", + "Attribute to map the UID to." : "Atribut na koji se mapira UID.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Dopustite autentifikaciju samo ako račun postoji u nekom drugom pozadinskom sustavu. (npr. LDAP-u)", + "Attribute to map the displayname to." : "Atribut na koji se mapira ime za prikaz.", + "Attribute to map the email address to." : "Atribut na koji se mapira adresa e-pošte.", + "Attribute to map the quota to." : "Atribut na koji se mapira kvota.", + "Attribute to map the users groups to." : "Atribut na koji se mapiraju grupe korisnika.", + "Attribute to map the users home to." : "Atribut na koji se mapira početna mapa korisnika.", + "Email address" : "Adresa e-pošte", + "Encrypted" : "Šifrirano", + "Entity" : "Entitet", + "Kerberos" : "Kerberos", + "Persistent" : "Stalan", + "Transient" : "Prolazan", + "Unspecified" : "Neodređen", + "Windows domain qualified name" : "Naziv za Windows domenu", + "X509 subject name" : "Naziv subjekta X509", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Upotrijebite SAML auth za %s računalne klijente (zahtijeva ponovnu autentifikaciju korisnika)", + "Optional display name of the identity provider (default: \"SSO & SAML log in\")" : "Neobavezno ime za prikaz davatelja identiteta (zadano: „prijava SSO i SAML”)", + "Allow the use of multiple user back-ends (e.g. LDAP)" : "Dopusti korištenje višestrukih pozadinskih sustava (npr. LDAP-a)", + "SSO & SAML authentication" : "SSO i SAML autentifikacija", + "Authenticate using single sign-on" : "Autentifikacija jedinstvenom prijavom", + "Using the SSO & SAML app of your Nextcloud you can make it easily possible to integrate your existing Single-Sign-On solution with Nextcloud. In addition, you can use the Nextcloud LDAP user provider to keep the convenience for users. (e.g. when sharing)\nThe following providers are supported and tested at the moment:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Authentication via Environment Variable**\n\t* Kerberos (mod_auth_kerb)\n\t* Any other provider that authenticates using the environment variable\n\nWhile theoretically any other authentication provider implementing either one of those standards is compatible, we like to note that they are not part of any internal test matrix." : "Korištenjem aplikacije SSO i SAML u Nextcloudu možete lako integrirati svoje postojeće rješenje za jedinstvenu prijavu u Nextcloud. Također se možete koristiti Nextcloudovim pružateljem LDAP usluga kako biste zadržali praktičnost za korisnike. (npr. prilikom dijeljenja)\nSljedeći su davatelji usluge trenutno podržani i ispitani:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Autentifikacija putem varijable okoliša**\n\t* Kerberos (mod_auth_kerb)\n\t* Bilo koji drugi davatelj usluge koji provodi autentifikaciju putem varijable okoliša\n\nIako je teoretski kompatibilan bilo koji drugi davatelj usluge autentifikacije koji implementira bilo koji od tih standarda, naglašavamo da oni nisu dio nijedne unutarnje matrice ispitivanja.", + "Open documentation" : "Otvori dokumentaciju", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you enabled \"%s\" or you go directly to the URL %s." : "Obavezno konfigurirajte administrativnog korisnika koji može pristupiti instanci putem SSO-a. Prijava sa svojim redovnim %s računom više neće biti moguća, osim ako niste omogućili „%s” ili idete izravno na URL %s.", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you go directly to the URL %s." : "Obavezno konfigurirajte administrativnog korisnika koji može pristupiti instanci putem SSO-a. Prijava sa svojim redovnim %s računom više neće biti moguća, osim ako izravno ne otvorite URL %s.", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Odaberite želite li provoditi autentifikaciju putem davatelja usluge SAML-a ugrađenog u Nextcloud ili varijable okoliša.", + "Use built-in SAML authentication" : "Koristi ugrađenu SAML autentifikaciju", + "Use environment variable" : "Koristi varijablu okoliša", + "Global settings" : "Globalne postavke", + "Remove identity provider" : "Ukloni davatelja identiteta", + "Add identity provider" : "Dodaj davatelja identiteta", + "General" : "Općenito", + "Service Provider Data" : "Podaci davatelja usluga", + "If your Service Provider should use certificates you can optionally specify them here." : "Ako bi vaš pružatelj usluga trebao upotrebljavati vjerodajnice, možete ih ovdje navesti.", + "Show Service Provider settings…" : "Prikaži postavke davatelja usluga…", + "Name ID format" : "Format ID-ja imena", + "Identity Provider Data" : "Podaci davatelja identiteta", + "Configure your IdP settings here." : "Ovdje konfigurirajte svoje IdP postavke.", + "Identifier of the IdP entity (must be a URI)" : "Identifikator IdP identiteta (mora biti URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "Ciljni URL IdP-a za koji će DU poslati poruku zahtjeva za autentifikacijom", + "Show optional Identity Provider settings…" : "Prikaži neobvezne postavke davatelja identiteta...", + "URL Location of the IdP where the SP will send the SLO Request" : "Lokacija URL-a IdP-a gdje će DU poslati zahtjev za SLO", + "URL Location of the IDP's SLO Response" : "URL lokacija odgovora IDP SLO", + "Public X.509 certificate of the IdP" : "Javna X.509 vjerodajnica IdP-a", + "Attribute mapping" : "Mapiranje atributa", + "If you want to optionally map attributes to the user you can configure these here." : "Ako želite mapirati atribute korisniku, možete ih ovdje konfigurirati.", + "Show attribute mapping settings…" : "Prikaži postavke mapiranja atributa...", + "Security settings" : "Sigurnosne postavke", + "For increased security we recommend enabling the following settings if supported by your environment." : "Za veću sigurnost preporučujemo da omogućite sljedeće postavke ako ih okolina podržava.", + "Show security settings…" : "Prikaži sigurnosne postavke...", + "Signatures and encryption offered" : "Ponuđeni potpisi i šifriranje", + "Signatures and encryption required" : "Potrebni potpisi i šifriranje", + "Download metadata XML" : "Preuzmi XML metapodatke", + "Reset settings" : "Poništi postavke", + "Metadata invalid" : "Metapodaci nisu valjani", + "Metadata valid" : "Metapodaci su valjani", + "Error" : "Pogreška", + "Account not provisioned." : "Račun nije uspostavljen.", + "Your account is not provisioned, access to this service is thus not possible." : "Vaš račun nije uspostavljen, pristup ovoj usluzi nije moguć.", + "Login options:" : "Mogućnosti prijave:", + "Choose a authentication provider" : "Odaberi davatelja usluge autentifikacije" +},"pluralForm" :"nplurals=3; plural=n%10==1 && n%100!=11 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2;" +} \ No newline at end of file diff --git a/docker/nextcloud/custom_apps/user_saml/l10n/hu.js b/docker/nextcloud/custom_apps/user_saml/l10n/hu.js new file mode 100644 index 0000000..c45a8d4 --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/l10n/hu.js @@ -0,0 +1,71 @@ +OC.L10N.register( + "user_saml", + { + "This user account is disabled, please contact your administrator." : "Ez a fiók le van tiltva, kérlek lépj kapcsolatba a rendszergazdával.", + "Saved" : "Elmentve", + "Provider" : "Szolgáltató", + "Unknown error, please check the log file for more details." : "Ismeretlen hiba, kérlek ellenőrizd a log fájlokat további részletekért.", + "Direct log in" : "Közvetlen belépés", + "SSO & SAML log in" : "SSO & SAML belépés", + "Provider " : "Szolgáltató", + "X.509 certificate of the Service Provider" : "Szolgáltató X.509 tanúsítványa", + "Private key of the Service Provider" : "Szolgáltató titkos kulcsa", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Jelzi, hogy a nameID-ja titkosítva lesz küldve ezen SP által.", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Jelzi, hogy a üzenetek ezen az SP-n keresztül küldve alá lesznek írva. [Az SP metaadatai megadják ezt az infót]", + "Indicates whether the messages sent by this SP will be signed." : "Jelzi, hogy a üzenetek ezen az SP-n keresztül küldve alá lesznek írva.", + "Indicates whether the messages sent by this SP will be signed." : "Jelzi, hogy a üzenetek ezen az SP-n keresztül küldve alá lesznek írva.", + "Whether the metadata should be signed." : "Metaadatok aláírása.", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Jelzi, hogy az SP által fogadott , és elemek kötelezően aláírtak.", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Jelzi, hogy az SP által fogadott elemek kötelezően aláírtak. [Az SP metaadatai felajánlják ezt az infót.]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Kényszeríti a elemek ezen SP által történő fogadáskori titkosítását.", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Jelzi, hogy az SP által fogadott SAMLResponse kötelezően tartalmazta a NameID-t.", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Jelzi, hogy az SP által fogadott NameID titkosítva lesznek-e.", + "Indicates if the SP will validate all received XML." : "Mutatja ha az SP validálja az összes fogadott XML-t.", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "Az ADFS kisbetűvel URL-kódolja a SAML adatokat, és az eszköz alapértelmezetten nagybetűket használ. Kapcsold be az ADFS kompatibilitáshoz az aláírás ellenőrzéskor.", + "Attribute to map the UID to." : "Attribútum melyre az UID leképeződik.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Csak akkor engedd a hitelesítést, ha egy másik háttérszolgáltatásban is létezik a fiók. (pl: LDAP)", + "Attribute to map the displayname to." : "Attribútum melyre az megjelenítendő név leképeződik.", + "Attribute to map the email address to." : "Attribútum melyre az e-mail leképeződik.", + "Attribute to map the quota to." : "Attribútum melyhez a kvóta hozzárendelődik.", + "Email address" : "E-mail cím", + "Encrypted" : "Tikosítva", + "Kerberos" : "Kerberos", + "Unspecified" : "Nem meghatározott", + "Windows domain qualified name" : "Windows tartományi név", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "SAML használata %s asztali kliens hitelesítés (felhasználók ismételt bejelentkezését igényli)", + "Allow the use of multiple user back-ends (e.g. LDAP)" : "Megengedi, hogy a felhasználó több back-endet is használjon (pl.: LDAP)", + "SSO & SAML authentication" : "SSO & SAML hitelesítés", + "Authenticate using single sign-on" : "Hitelesítés egyszeri belépéssel", + "Open documentation" : "Dokumentáció megnyitása", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Kélek válassz, hogy a Nextcloud-ba épített SAML szolgáltató vagy egy környezeti változó ellenében szeretnél bejelentkeztetni.", + "Use built-in SAML authentication" : "Használd a beépített SAML hitelesítés", + "Use environment variable" : "Használd a környezeti változót", + "Global settings" : "Globális beállítások", + "General" : "Általános", + "Service Provider Data" : "Szolgáltató adatok", + "If your Service Provider should use certificates you can optionally specify them here." : "Ha a szolgáltatód tanúsítványokat kellene használjon, megadhatod azokat.", + "Show Service Provider settings…" : "Szolgáltató beállításainak mutatása…", + "Identity Provider Data" : "Azonosítási szolgáltató adatai", + "Configure your IdP settings here." : "IdP beállításaid.", + "Identifier of the IdP entity (must be a URI)" : "IdP bejegyzés azonosítója (URI kell legyen)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "IdP URL célja ahova SP küldi a bejelentkezés kérési üzeneteit", + "Show optional Identity Provider settings…" : "Kiegészítő identitás szolgáltató beállításai…", + "URL Location of the IdP where the SP will send the SLO Request" : "Az IdP URL-je ahova az SP küldi az SLO kérést", + "Public X.509 certificate of the IdP" : " IdP nyilvános X.509 tanúsítványa", + "Attribute mapping" : "Attribútum összekötés", + "If you want to optionally map attributes to the user you can configure these here." : "Ha opcionális attribútumokat szeretnél rendelni a felhasználóhoz, itt megteheted.", + "Show attribute mapping settings…" : "Attribútum összerendelési beállítások mutatása…", + "Security settings" : "Biztonsági beállítások", + "For increased security we recommend enabling the following settings if supported by your environment." : "A nagyobb biztonság érdekében javasoljuk az alábbi bekapcsolását, ha a környezeted lehetővé teszi.", + "Show security settings…" : "Biztonsági beállítások mutatása…", + "Signatures and encryption offered" : "Aláírások és titkosítás ajánlott", + "Signatures and encryption required" : "Aláírások és titkosítás szükséges", + "Download metadata XML" : "XML metaadat letöltés", + "Reset settings" : "Beállítások visszaállítása", + "Metadata invalid" : "Érvénytelen metaadat", + "Metadata valid" : "Érvényes metaadat", + "Error" : "Hiba", + "Account not provisioned." : "Nem felügyelt fiók.", + "Your account is not provisioned, access to this service is thus not possible." : "A fiókod nincs engedélyezve, így ehhez a szolgáltatáshoz nem férhetsz hozzá." +}, +"nplurals=2; plural=(n != 1);"); diff --git a/docker/nextcloud/custom_apps/user_saml/l10n/hu.json b/docker/nextcloud/custom_apps/user_saml/l10n/hu.json new file mode 100644 index 0000000..6a781be --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/l10n/hu.json @@ -0,0 +1,69 @@ +{ "translations": { + "This user account is disabled, please contact your administrator." : "Ez a fiók le van tiltva, kérlek lépj kapcsolatba a rendszergazdával.", + "Saved" : "Elmentve", + "Provider" : "Szolgáltató", + "Unknown error, please check the log file for more details." : "Ismeretlen hiba, kérlek ellenőrizd a log fájlokat további részletekért.", + "Direct log in" : "Közvetlen belépés", + "SSO & SAML log in" : "SSO & SAML belépés", + "Provider " : "Szolgáltató", + "X.509 certificate of the Service Provider" : "Szolgáltató X.509 tanúsítványa", + "Private key of the Service Provider" : "Szolgáltató titkos kulcsa", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Jelzi, hogy a nameID-ja titkosítva lesz küldve ezen SP által.", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Jelzi, hogy a üzenetek ezen az SP-n keresztül küldve alá lesznek írva. [Az SP metaadatai megadják ezt az infót]", + "Indicates whether the messages sent by this SP will be signed." : "Jelzi, hogy a üzenetek ezen az SP-n keresztül küldve alá lesznek írva.", + "Indicates whether the messages sent by this SP will be signed." : "Jelzi, hogy a üzenetek ezen az SP-n keresztül küldve alá lesznek írva.", + "Whether the metadata should be signed." : "Metaadatok aláírása.", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Jelzi, hogy az SP által fogadott , és elemek kötelezően aláírtak.", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Jelzi, hogy az SP által fogadott elemek kötelezően aláírtak. [Az SP metaadatai felajánlják ezt az infót.]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Kényszeríti a elemek ezen SP által történő fogadáskori titkosítását.", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Jelzi, hogy az SP által fogadott SAMLResponse kötelezően tartalmazta a NameID-t.", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Jelzi, hogy az SP által fogadott NameID titkosítva lesznek-e.", + "Indicates if the SP will validate all received XML." : "Mutatja ha az SP validálja az összes fogadott XML-t.", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "Az ADFS kisbetűvel URL-kódolja a SAML adatokat, és az eszköz alapértelmezetten nagybetűket használ. Kapcsold be az ADFS kompatibilitáshoz az aláírás ellenőrzéskor.", + "Attribute to map the UID to." : "Attribútum melyre az UID leképeződik.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Csak akkor engedd a hitelesítést, ha egy másik háttérszolgáltatásban is létezik a fiók. (pl: LDAP)", + "Attribute to map the displayname to." : "Attribútum melyre az megjelenítendő név leképeződik.", + "Attribute to map the email address to." : "Attribútum melyre az e-mail leképeződik.", + "Attribute to map the quota to." : "Attribútum melyhez a kvóta hozzárendelődik.", + "Email address" : "E-mail cím", + "Encrypted" : "Tikosítva", + "Kerberos" : "Kerberos", + "Unspecified" : "Nem meghatározott", + "Windows domain qualified name" : "Windows tartományi név", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "SAML használata %s asztali kliens hitelesítés (felhasználók ismételt bejelentkezését igényli)", + "Allow the use of multiple user back-ends (e.g. LDAP)" : "Megengedi, hogy a felhasználó több back-endet is használjon (pl.: LDAP)", + "SSO & SAML authentication" : "SSO & SAML hitelesítés", + "Authenticate using single sign-on" : "Hitelesítés egyszeri belépéssel", + "Open documentation" : "Dokumentáció megnyitása", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Kélek válassz, hogy a Nextcloud-ba épített SAML szolgáltató vagy egy környezeti változó ellenében szeretnél bejelentkeztetni.", + "Use built-in SAML authentication" : "Használd a beépített SAML hitelesítés", + "Use environment variable" : "Használd a környezeti változót", + "Global settings" : "Globális beállítások", + "General" : "Általános", + "Service Provider Data" : "Szolgáltató adatok", + "If your Service Provider should use certificates you can optionally specify them here." : "Ha a szolgáltatód tanúsítványokat kellene használjon, megadhatod azokat.", + "Show Service Provider settings…" : "Szolgáltató beállításainak mutatása…", + "Identity Provider Data" : "Azonosítási szolgáltató adatai", + "Configure your IdP settings here." : "IdP beállításaid.", + "Identifier of the IdP entity (must be a URI)" : "IdP bejegyzés azonosítója (URI kell legyen)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "IdP URL célja ahova SP küldi a bejelentkezés kérési üzeneteit", + "Show optional Identity Provider settings…" : "Kiegészítő identitás szolgáltató beállításai…", + "URL Location of the IdP where the SP will send the SLO Request" : "Az IdP URL-je ahova az SP küldi az SLO kérést", + "Public X.509 certificate of the IdP" : " IdP nyilvános X.509 tanúsítványa", + "Attribute mapping" : "Attribútum összekötés", + "If you want to optionally map attributes to the user you can configure these here." : "Ha opcionális attribútumokat szeretnél rendelni a felhasználóhoz, itt megteheted.", + "Show attribute mapping settings…" : "Attribútum összerendelési beállítások mutatása…", + "Security settings" : "Biztonsági beállítások", + "For increased security we recommend enabling the following settings if supported by your environment." : "A nagyobb biztonság érdekében javasoljuk az alábbi bekapcsolását, ha a környezeted lehetővé teszi.", + "Show security settings…" : "Biztonsági beállítások mutatása…", + "Signatures and encryption offered" : "Aláírások és titkosítás ajánlott", + "Signatures and encryption required" : "Aláírások és titkosítás szükséges", + "Download metadata XML" : "XML metaadat letöltés", + "Reset settings" : "Beállítások visszaállítása", + "Metadata invalid" : "Érvénytelen metaadat", + "Metadata valid" : "Érvényes metaadat", + "Error" : "Hiba", + "Account not provisioned." : "Nem felügyelt fiók.", + "Your account is not provisioned, access to this service is thus not possible." : "A fiókod nincs engedélyezve, így ehhez a szolgáltatáshoz nem férhetsz hozzá." +},"pluralForm" :"nplurals=2; plural=(n != 1);" +} \ No newline at end of file diff --git a/docker/nextcloud/custom_apps/user_saml/l10n/ia.js b/docker/nextcloud/custom_apps/user_saml/l10n/ia.js new file mode 100644 index 0000000..b10119c --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/l10n/ia.js @@ -0,0 +1,12 @@ +OC.L10N.register( + "user_saml", + { + "Saved" : "Salveguardate", + "Open documentation" : "Aperir documentation", + "General" : "General", + "Security settings" : "Configurationes de securitate", + "Metadata invalid" : "Metadatos non valide", + "Metadata valid" : "Metadatos valide", + "Error" : "Error" +}, +"nplurals=2; plural=(n != 1);"); diff --git a/docker/nextcloud/custom_apps/user_saml/l10n/ia.json b/docker/nextcloud/custom_apps/user_saml/l10n/ia.json new file mode 100644 index 0000000..6043fcf --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/l10n/ia.json @@ -0,0 +1,10 @@ +{ "translations": { + "Saved" : "Salveguardate", + "Open documentation" : "Aperir documentation", + "General" : "General", + "Security settings" : "Configurationes de securitate", + "Metadata invalid" : "Metadatos non valide", + "Metadata valid" : "Metadatos valide", + "Error" : "Error" +},"pluralForm" :"nplurals=2; plural=(n != 1);" +} \ No newline at end of file diff --git a/docker/nextcloud/custom_apps/user_saml/l10n/id.js b/docker/nextcloud/custom_apps/user_saml/l10n/id.js new file mode 100644 index 0000000..4e935a8 --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/l10n/id.js @@ -0,0 +1,38 @@ +OC.L10N.register( + "user_saml", + { + "Saved" : "Tersimpan", + "X.509 certificate of the Service Provider" : "Sertifikat X.509 Penyedia Layanan", + "Private key of the Service Provider" : "Kunci pribadi Penyedia Layanan", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Mengindikasikan bahwa nameID dari dikirimkan oleh SP ini akan dienkripsi", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Mengindikasikan apabila pesan dikirim dari SP ini akan ditandai. [Metadata SP akan menawarkan informasi ini]", + "Indicates whether the messages sent by this SP will be signed." : "Mengindikasikan apabila pesan dikirim dari SP ini akan ditandai.", + "Indicates whether the messages sent by this SP will be signed." : "Mengindikasikan apabila pesan dikirim dari SP ini akan ditandai.", + "Whether the metadata should be signed." : "Apabila metadatanya harus ditandai.", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Mengindikasikan keharusan untuk elemen , dan diterima oleh SP ini ditandai.", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Mengindikasikan keharusan untuk elemen yang diterima SP ini untuk ditandai. [Metadata SP akan menawarkan informasi ini]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Mengindikasikan keharusan elemen yang diterima SP ini untuk dienkripsi.", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Mengindikasikan keharusan untuk elemen NameID di SAMLResponse yang diterima oleh SP ini untuk hadir.", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Mengindikasikan keharusan untuk elemen NameID yang diterima oleh SP ini untuk dienkripsi.", + "Open documentation" : "Buka dokumentasi", + "General" : "Umum", + "Service Provider Data" : "Data Penyedia Layanan", + "If your Service Provider should use certificates you can optionally specify them here." : "Apabila Penyedia Layanan Anda harus menggunakan sertifikat Anda dapat menentukannya disini secara opsional.", + "Identity Provider Data" : "Identitas Penyedia Data", + "Configure your IdP settings here." : "Konfigurasi pengaturan IdP Anda disini.", + "Identifier of the IdP entity (must be a URI)" : "Pengidentifikasian entitas IdP (harus berupa URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "Target URL IdP dimana SP akan mengirim Pesan Permintaan Otentikasi", + "URL Location of the IdP where the SP will send the SLO Request" : "Lokasi URL IdP dimana SP akan mengirim Permintaan SLO", + "Public X.509 certificate of the IdP" : "Sertifikat publik X.509 IdP", + "Security settings" : "Pengaturan keamanan", + "For increased security we recommend enabling the following settings if supported by your environment." : "Untuk menambah keamanan kami merekomendasikan mengaktifkan pengaturan berikut apabila lingkungan Anda mendukungnya.", + "Signatures and encryption offered" : "Tanda dan enkripsi ditawarkan", + "Signatures and encryption required" : "Tanda dan enkripsi diperlukan", + "Download metadata XML" : "Unduh metadata XML", + "Metadata invalid" : "Metadata tidak sah", + "Metadata valid" : "Metadata sah", + "Error" : "Kesalahan", + "Account not provisioned." : "Akun tidak ditetapkan.", + "Your account is not provisioned, access to this service is thus not possible." : "Akun Anda tidak ditetapkan, akses ke layanan tidak mungkin." +}, +"nplurals=1; plural=0;"); diff --git a/docker/nextcloud/custom_apps/user_saml/l10n/id.json b/docker/nextcloud/custom_apps/user_saml/l10n/id.json new file mode 100644 index 0000000..eeb9f7a --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/l10n/id.json @@ -0,0 +1,36 @@ +{ "translations": { + "Saved" : "Tersimpan", + "X.509 certificate of the Service Provider" : "Sertifikat X.509 Penyedia Layanan", + "Private key of the Service Provider" : "Kunci pribadi Penyedia Layanan", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Mengindikasikan bahwa nameID dari dikirimkan oleh SP ini akan dienkripsi", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Mengindikasikan apabila pesan dikirim dari SP ini akan ditandai. [Metadata SP akan menawarkan informasi ini]", + "Indicates whether the messages sent by this SP will be signed." : "Mengindikasikan apabila pesan dikirim dari SP ini akan ditandai.", + "Indicates whether the messages sent by this SP will be signed." : "Mengindikasikan apabila pesan dikirim dari SP ini akan ditandai.", + "Whether the metadata should be signed." : "Apabila metadatanya harus ditandai.", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Mengindikasikan keharusan untuk elemen , dan diterima oleh SP ini ditandai.", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Mengindikasikan keharusan untuk elemen yang diterima SP ini untuk ditandai. [Metadata SP akan menawarkan informasi ini]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Mengindikasikan keharusan elemen yang diterima SP ini untuk dienkripsi.", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Mengindikasikan keharusan untuk elemen NameID di SAMLResponse yang diterima oleh SP ini untuk hadir.", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Mengindikasikan keharusan untuk elemen NameID yang diterima oleh SP ini untuk dienkripsi.", + "Open documentation" : "Buka dokumentasi", + "General" : "Umum", + "Service Provider Data" : "Data Penyedia Layanan", + "If your Service Provider should use certificates you can optionally specify them here." : "Apabila Penyedia Layanan Anda harus menggunakan sertifikat Anda dapat menentukannya disini secara opsional.", + "Identity Provider Data" : "Identitas Penyedia Data", + "Configure your IdP settings here." : "Konfigurasi pengaturan IdP Anda disini.", + "Identifier of the IdP entity (must be a URI)" : "Pengidentifikasian entitas IdP (harus berupa URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "Target URL IdP dimana SP akan mengirim Pesan Permintaan Otentikasi", + "URL Location of the IdP where the SP will send the SLO Request" : "Lokasi URL IdP dimana SP akan mengirim Permintaan SLO", + "Public X.509 certificate of the IdP" : "Sertifikat publik X.509 IdP", + "Security settings" : "Pengaturan keamanan", + "For increased security we recommend enabling the following settings if supported by your environment." : "Untuk menambah keamanan kami merekomendasikan mengaktifkan pengaturan berikut apabila lingkungan Anda mendukungnya.", + "Signatures and encryption offered" : "Tanda dan enkripsi ditawarkan", + "Signatures and encryption required" : "Tanda dan enkripsi diperlukan", + "Download metadata XML" : "Unduh metadata XML", + "Metadata invalid" : "Metadata tidak sah", + "Metadata valid" : "Metadata sah", + "Error" : "Kesalahan", + "Account not provisioned." : "Akun tidak ditetapkan.", + "Your account is not provisioned, access to this service is thus not possible." : "Akun Anda tidak ditetapkan, akses ke layanan tidak mungkin." +},"pluralForm" :"nplurals=1; plural=0;" +} \ No newline at end of file diff --git a/docker/nextcloud/custom_apps/user_saml/l10n/is.js b/docker/nextcloud/custom_apps/user_saml/l10n/is.js new file mode 100644 index 0000000..6b28ac1 --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/l10n/is.js @@ -0,0 +1,47 @@ +OC.L10N.register( + "user_saml", + { + "This user account is disabled, please contact your administrator." : "Þessi notandaaðgangur er óvirkur; hafðu samband við kerfisstjóra.", + "Saved" : "Vistað", + "Provider" : "Þjónustuveita", + "Unknown error, please check the log file for more details." : "Óþekkt villa, skoðaðu atvikaskráninguna til að sjá nánari upplýsingar.", + "Direct log in" : "Bein innskráning", + "SSO & SAML log in" : "SSO & SAML innskráning", + "This page should not be visited directly." : "Þessa síðu ætti ekki að heimsækja beint.", + "Provider " : "Þjónustuveita ", + "X.509 certificate of the Service Provider" : "X.509 skilríki internetþjónustu", + "Private key of the Service Provider" : "Einkalykill internetþjónustu", + "Whether the metadata should be signed." : "Hvort undirrita eigi lýsigögnin.", + "Email address" : "Tölvupóstfang", + "Encrypted" : "Dulritað", + "Entity" : "Einindi", + "Kerberos" : "Kerberos", + "Persistent" : "Viðvarandi", + "Transient" : "Tímabundið", + "Unspecified" : "Óskilgreint", + "SSO & SAML authentication" : "SSO & SAML auðkenning", + "Open documentation" : "Opna hjálparskjöl", + "Use built-in SAML authentication" : "Nota innbyggða SAML-auðkenningu", + "Use environment variable" : "Nota umhverfisbreytu", + "Global settings" : "Víðværar stillingar", + "Remove identity provider" : "Fjarlægja auðkenningarþjónustu", + "Add identity provider" : "Bæta við auðkenningarþjónustu", + "General" : "Almennt", + "Service Provider Data" : "Gögn um internetþjónustu", + "Show Service Provider settings…" : "Birta stillingar internetþjónustu…", + "Identity Provider Data" : "Gögn um auðkenningarþjónustu", + "Public X.509 certificate of the IdP" : "Opinbert X.509-skilríki fyrir IdP", + "Attribute mapping" : "Vörpun eiginda", + "Security settings" : "Öryggisstillingar", + "Show security settings…" : "Birta öryggisstillingar…", + "Signatures and encryption offered" : "Undirritanir og dulritun í boði", + "Signatures and encryption required" : "Krafist er undirritunar og dulritununar", + "Download metadata XML" : "Sækja XML-lýsigögn", + "Reset settings" : "Frumstilla stillingar", + "Metadata invalid" : "Lýsigögn eru ógild", + "Metadata valid" : "Lýsigögn eru gild", + "Error" : "Villa", + "Account not provisioned." : "Aðgangur ekki tilbúinn.", + "Choose a authentication provider" : "Veldu auðkenningarþjónustu" +}, +"nplurals=2; plural=(n % 10 != 1 || n % 100 == 11);"); diff --git a/docker/nextcloud/custom_apps/user_saml/l10n/is.json b/docker/nextcloud/custom_apps/user_saml/l10n/is.json new file mode 100644 index 0000000..499a628 --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/l10n/is.json @@ -0,0 +1,45 @@ +{ "translations": { + "This user account is disabled, please contact your administrator." : "Þessi notandaaðgangur er óvirkur; hafðu samband við kerfisstjóra.", + "Saved" : "Vistað", + "Provider" : "Þjónustuveita", + "Unknown error, please check the log file for more details." : "Óþekkt villa, skoðaðu atvikaskráninguna til að sjá nánari upplýsingar.", + "Direct log in" : "Bein innskráning", + "SSO & SAML log in" : "SSO & SAML innskráning", + "This page should not be visited directly." : "Þessa síðu ætti ekki að heimsækja beint.", + "Provider " : "Þjónustuveita ", + "X.509 certificate of the Service Provider" : "X.509 skilríki internetþjónustu", + "Private key of the Service Provider" : "Einkalykill internetþjónustu", + "Whether the metadata should be signed." : "Hvort undirrita eigi lýsigögnin.", + "Email address" : "Tölvupóstfang", + "Encrypted" : "Dulritað", + "Entity" : "Einindi", + "Kerberos" : "Kerberos", + "Persistent" : "Viðvarandi", + "Transient" : "Tímabundið", + "Unspecified" : "Óskilgreint", + "SSO & SAML authentication" : "SSO & SAML auðkenning", + "Open documentation" : "Opna hjálparskjöl", + "Use built-in SAML authentication" : "Nota innbyggða SAML-auðkenningu", + "Use environment variable" : "Nota umhverfisbreytu", + "Global settings" : "Víðværar stillingar", + "Remove identity provider" : "Fjarlægja auðkenningarþjónustu", + "Add identity provider" : "Bæta við auðkenningarþjónustu", + "General" : "Almennt", + "Service Provider Data" : "Gögn um internetþjónustu", + "Show Service Provider settings…" : "Birta stillingar internetþjónustu…", + "Identity Provider Data" : "Gögn um auðkenningarþjónustu", + "Public X.509 certificate of the IdP" : "Opinbert X.509-skilríki fyrir IdP", + "Attribute mapping" : "Vörpun eiginda", + "Security settings" : "Öryggisstillingar", + "Show security settings…" : "Birta öryggisstillingar…", + "Signatures and encryption offered" : "Undirritanir og dulritun í boði", + "Signatures and encryption required" : "Krafist er undirritunar og dulritununar", + "Download metadata XML" : "Sækja XML-lýsigögn", + "Reset settings" : "Frumstilla stillingar", + "Metadata invalid" : "Lýsigögn eru ógild", + "Metadata valid" : "Lýsigögn eru gild", + "Error" : "Villa", + "Account not provisioned." : "Aðgangur ekki tilbúinn.", + "Choose a authentication provider" : "Veldu auðkenningarþjónustu" +},"pluralForm" :"nplurals=2; plural=(n % 10 != 1 || n % 100 == 11);" +} \ No newline at end of file diff --git a/docker/nextcloud/custom_apps/user_saml/l10n/it.js b/docker/nextcloud/custom_apps/user_saml/l10n/it.js new file mode 100644 index 0000000..c1662fd --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/l10n/it.js @@ -0,0 +1,89 @@ +OC.L10N.register( + "user_saml", + { + "This user account is disabled, please contact your administrator." : "Questo account utente è disabilitato, contatta il tuo amministratore.", + "Saved" : "Salvato", + "Provider" : "Fornitore", + "Unknown error, please check the log file for more details." : "Errore sconosciuto, controlla il file di log per ulteriori dettagli.", + "Direct log in" : "Accesso diretto", + "SSO & SAML log in" : "Accesso SSO e SAML", + "This page should not be visited directly." : "Questa pagina non dovrebbe essere visitata direttamente.", + "Provider " : "Fornitore", + "X.509 certificate of the Service Provider" : "Certificato X.509 del fornitore di servizi", + "Private key of the Service Provider" : "Chiave privata del fornitore di servizi", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Indica che il nameID della inviata da questo SP sarà cifrato.", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Indica se i messaggi inviati da questo SP saranno firmati. [I metadati del SP forniranno queste informazioni]", + "Indicates whether the messages sent by this SP will be signed." : "Indica se i messaggi inviati da questo SP saranno firmati.", + "Indicates whether the messages sent by this SP will be signed." : "Indica se i messaggi inviati da questo SP saranno firmati.", + "Whether the metadata should be signed." : "Decidi se firmare o meno i metadati.", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Indica la firma come requisiti per gli elementi , e ricevuti da questo SP.", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Indica la firma come requisito per gli elementi ricevuti da questo SP. [I metadati dello SP forniranno queste informazioni]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Indica la cifratura come requisito per gli elementi ricevuti da questo SP.", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Indica la presenza come requisito dell'elemento NameID nella SAMLResponse ricevuta da questo SP.", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Indica la cifratura come requisito per il NameID ricevuto da questo SP.", + "Indicates if the SP will validate all received XML." : "Indica se lo SP convaliderà tutti gli XML ricevuti.", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "URL ADFS-Codifica i dati SAML come lettere minuscole, mentre il sistema utilizza, in modo predefinito, le lettere maiuscole. Abilitata per compatibilità con ADFS sulla verifica della firma.", + "Algorithm that the toolkit will use on signing process." : "Algoritmo che il toolkit utilizzerà per il processo di firma.", + "Attribute to map the UID to." : "Attributo a cui associare l'UID.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Consenti l'autenticazione solo se un account esiste in un altro motore. (ad es. LDAP)", + "Attribute to map the displayname to." : "Attributo a cui associare il nome visualizzato.", + "Attribute to map the email address to." : "Attributo a cui associare l'indirizzo di posta elettronica.", + "Attribute to map the quota to." : "Attributo a cui associare la quota.", + "Attribute to map the users groups to." : "Attributo per associare i gruppi di utenti", + "Attribute to map the users home to." : ".Attributo per associare le home degli utenti.", + "Email address" : "Indirizzo email", + "Encrypted" : "Cifrato", + "Entity" : "Entità", + "Kerberos" : "Kerberos", + "Persistent" : "Persistente", + "Transient" : "Transitorio", + "Unspecified" : "Non specificato", + "Windows domain qualified name" : "Nome di dominio Windows qualificato", + "X509 subject name" : "Nome oggetto X509", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Utilizza autenticazione SAML per i client desktop di %s (richiede una nuova autenticazione degli utenti)", + "Optional display name of the identity provider (default: \"SSO & SAML log in\")" : "Nome visualizzato facoltativo del fornitore d'identità (predefinito: \"Accesso SSO e SAML\")", + "Allow the use of multiple user back-ends (e.g. LDAP)" : "Consenti l'utilizzo di più motori utente (ad es. LDAP)", + "SSO & SAML authentication" : "Autenticazione SSO e SAML", + "Authenticate using single sign-on" : "Autenticazione con single sign-on", + "Using the SSO & SAML app of your Nextcloud you can make it easily possible to integrate your existing Single-Sign-On solution with Nextcloud. In addition, you can use the Nextcloud LDAP user provider to keep the convenience for users. (e.g. when sharing)\nThe following providers are supported and tested at the moment:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Authentication via Environment Variable**\n\t* Kerberos (mod_auth_kerb)\n\t* Any other provider that authenticates using the environment variable\n\nWhile theoretically any other authentication provider implementing either one of those standards is compatible, we like to note that they are not part of any internal test matrix." : "Utilizzando l'applicazione SSO e SAML di Nextcloud, puoi rendere possibile l'integrazione della tua soluzione Single-Sign-On esistente con Nextcloud. In aggiunta, puoi utilizzare il fornitore di utenti LDAP di Nextcloud per mantenere la convenienza degli utenti. (ad es. quando si condivide)\nI seguenti fornitori sono supportati e verificati al momento:\n* ** SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS) \n\n* **Autenticazione tramite variabile d'ambiente**\n\t* Kerberos (mod_auth_kerb)\n\t* Qualsiasi altro fornitore che autentichi utilizzando una variabile d'ambiente\n\nSebbene teoricamente qualsiasi altro fornitore di autenticazione che implementi uno di questi standard sia compatibile, segnaliamo che essi non sono parte della matrice dei test interni.", + "Open documentation" : "Apri la documentazione", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you enabled \"%s\" or you go directly to the URL %s." : "Assicurati di configurare un utente amministrativo che possa accedere all'istanza tramite SSO. L'accesso con il tuo account normale %s non sarà più possibile a meno che tu abbia abilitato \"%s\" o che tu vada direttamente all'URL %s.", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you go directly to the URL %s." : "Assicurati di configurare un utente amministrativo che possa accedere all'istanza tramite SSO. L'accesso con il tuo account normale %s non sarà più possibile a meno che tu vada direttamente all'URL %s.", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Scegli se vuoi autenticarti utilizzando il fornitore SAML integratore in Nextcloud o se vuoi autenticarti utilizzando una variabile d'ambiente.", + "Use built-in SAML authentication" : "Usa autenticazione SAML integrata", + "Use environment variable" : "Usa variabile d'ambiente", + "Global settings" : "Impostazioni globali", + "Remove identity provider" : "Rimuovi fornitore di identità", + "Add identity provider" : "Aggiungi fornitore di identità", + "General" : "Generale", + "Service Provider Data" : "Dati del fornitore di servizi", + "If your Service Provider should use certificates you can optionally specify them here." : "Se il tuo fornitore di servizi utilizza i certificati, puoi specificarli qui.", + "Show Service Provider settings…" : "Mostra impostazioni fornitore di servizi...", + "Name ID format" : "Formato ID Nome", + "Identity Provider Data" : "Dati del fornitore di identità", + "Configure your IdP settings here." : "Configura qui le tue impostazioni IdP.", + "Identifier of the IdP entity (must be a URI)" : "Identificatore dell'entità IdP (deve essere un URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "Destinazione dell'URL dell'IdP dove lo SP invierà il messaggio di richiesta di autenticazione", + "Show optional Identity Provider settings…" : "Mostra impostazioni opzionali del fornitore di identità...", + "URL Location of the IdP where the SP will send the SLO Request" : "Posizione dell'URL dell'IdP dove lo SP invierà la richiesta SLO", + "URL Location of the IDP's SLO Response" : "Posizione dell'URL della risposta SLO dell'IDP", + "Public X.509 certificate of the IdP" : "Certificato X.509 dell'IdP", + "Attribute mapping" : "Associazione degli attributi", + "If you want to optionally map attributes to the user you can configure these here." : "Se vuoi associare, in modo facoltativo, gli attributi all'utente, puoi configurarli qui.", + "Show attribute mapping settings…" : "Mostra le impostazioni di associazione degli attributi...", + "Security settings" : "Impostazioni di sicurezza", + "For increased security we recommend enabling the following settings if supported by your environment." : "Per una maggiore sicurezza, consigliamo di abilitare le seguenti impostazioni, se supportate dal tuo ambiente.", + "Show security settings…" : "Mostra impostazioni di sicurezza...", + "Signatures and encryption offered" : "Firme e cifratura offerte", + "Signatures and encryption required" : "Firme e cifratura richieste", + "Download metadata XML" : "Scarica XML metadati", + "Reset settings" : "Ripristina impostazioni", + "Metadata invalid" : "Metadati non validi", + "Metadata valid" : "Metadati validi", + "Error" : "Errore", + "Account not provisioned." : "Account non generato.", + "Your account is not provisioned, access to this service is thus not possible." : "Il tuo account non è stato generato, l'accesso a questo servizio è perciò impossibile", + "Login options:" : "Opzioni di accesso:", + "Choose a authentication provider" : "Scegli un fornitore di autenticazione" +}, +"nplurals=2; plural=(n != 1);"); diff --git a/docker/nextcloud/custom_apps/user_saml/l10n/it.json b/docker/nextcloud/custom_apps/user_saml/l10n/it.json new file mode 100644 index 0000000..71a1f4b --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/l10n/it.json @@ -0,0 +1,87 @@ +{ "translations": { + "This user account is disabled, please contact your administrator." : "Questo account utente è disabilitato, contatta il tuo amministratore.", + "Saved" : "Salvato", + "Provider" : "Fornitore", + "Unknown error, please check the log file for more details." : "Errore sconosciuto, controlla il file di log per ulteriori dettagli.", + "Direct log in" : "Accesso diretto", + "SSO & SAML log in" : "Accesso SSO e SAML", + "This page should not be visited directly." : "Questa pagina non dovrebbe essere visitata direttamente.", + "Provider " : "Fornitore", + "X.509 certificate of the Service Provider" : "Certificato X.509 del fornitore di servizi", + "Private key of the Service Provider" : "Chiave privata del fornitore di servizi", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Indica che il nameID della inviata da questo SP sarà cifrato.", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Indica se i messaggi inviati da questo SP saranno firmati. [I metadati del SP forniranno queste informazioni]", + "Indicates whether the messages sent by this SP will be signed." : "Indica se i messaggi inviati da questo SP saranno firmati.", + "Indicates whether the messages sent by this SP will be signed." : "Indica se i messaggi inviati da questo SP saranno firmati.", + "Whether the metadata should be signed." : "Decidi se firmare o meno i metadati.", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Indica la firma come requisiti per gli elementi , e ricevuti da questo SP.", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Indica la firma come requisito per gli elementi ricevuti da questo SP. [I metadati dello SP forniranno queste informazioni]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Indica la cifratura come requisito per gli elementi ricevuti da questo SP.", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Indica la presenza come requisito dell'elemento NameID nella SAMLResponse ricevuta da questo SP.", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Indica la cifratura come requisito per il NameID ricevuto da questo SP.", + "Indicates if the SP will validate all received XML." : "Indica se lo SP convaliderà tutti gli XML ricevuti.", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "URL ADFS-Codifica i dati SAML come lettere minuscole, mentre il sistema utilizza, in modo predefinito, le lettere maiuscole. Abilitata per compatibilità con ADFS sulla verifica della firma.", + "Algorithm that the toolkit will use on signing process." : "Algoritmo che il toolkit utilizzerà per il processo di firma.", + "Attribute to map the UID to." : "Attributo a cui associare l'UID.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Consenti l'autenticazione solo se un account esiste in un altro motore. (ad es. LDAP)", + "Attribute to map the displayname to." : "Attributo a cui associare il nome visualizzato.", + "Attribute to map the email address to." : "Attributo a cui associare l'indirizzo di posta elettronica.", + "Attribute to map the quota to." : "Attributo a cui associare la quota.", + "Attribute to map the users groups to." : "Attributo per associare i gruppi di utenti", + "Attribute to map the users home to." : ".Attributo per associare le home degli utenti.", + "Email address" : "Indirizzo email", + "Encrypted" : "Cifrato", + "Entity" : "Entità", + "Kerberos" : "Kerberos", + "Persistent" : "Persistente", + "Transient" : "Transitorio", + "Unspecified" : "Non specificato", + "Windows domain qualified name" : "Nome di dominio Windows qualificato", + "X509 subject name" : "Nome oggetto X509", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Utilizza autenticazione SAML per i client desktop di %s (richiede una nuova autenticazione degli utenti)", + "Optional display name of the identity provider (default: \"SSO & SAML log in\")" : "Nome visualizzato facoltativo del fornitore d'identità (predefinito: \"Accesso SSO e SAML\")", + "Allow the use of multiple user back-ends (e.g. LDAP)" : "Consenti l'utilizzo di più motori utente (ad es. LDAP)", + "SSO & SAML authentication" : "Autenticazione SSO e SAML", + "Authenticate using single sign-on" : "Autenticazione con single sign-on", + "Using the SSO & SAML app of your Nextcloud you can make it easily possible to integrate your existing Single-Sign-On solution with Nextcloud. In addition, you can use the Nextcloud LDAP user provider to keep the convenience for users. (e.g. when sharing)\nThe following providers are supported and tested at the moment:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Authentication via Environment Variable**\n\t* Kerberos (mod_auth_kerb)\n\t* Any other provider that authenticates using the environment variable\n\nWhile theoretically any other authentication provider implementing either one of those standards is compatible, we like to note that they are not part of any internal test matrix." : "Utilizzando l'applicazione SSO e SAML di Nextcloud, puoi rendere possibile l'integrazione della tua soluzione Single-Sign-On esistente con Nextcloud. In aggiunta, puoi utilizzare il fornitore di utenti LDAP di Nextcloud per mantenere la convenienza degli utenti. (ad es. quando si condivide)\nI seguenti fornitori sono supportati e verificati al momento:\n* ** SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS) \n\n* **Autenticazione tramite variabile d'ambiente**\n\t* Kerberos (mod_auth_kerb)\n\t* Qualsiasi altro fornitore che autentichi utilizzando una variabile d'ambiente\n\nSebbene teoricamente qualsiasi altro fornitore di autenticazione che implementi uno di questi standard sia compatibile, segnaliamo che essi non sono parte della matrice dei test interni.", + "Open documentation" : "Apri la documentazione", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you enabled \"%s\" or you go directly to the URL %s." : "Assicurati di configurare un utente amministrativo che possa accedere all'istanza tramite SSO. L'accesso con il tuo account normale %s non sarà più possibile a meno che tu abbia abilitato \"%s\" o che tu vada direttamente all'URL %s.", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you go directly to the URL %s." : "Assicurati di configurare un utente amministrativo che possa accedere all'istanza tramite SSO. L'accesso con il tuo account normale %s non sarà più possibile a meno che tu vada direttamente all'URL %s.", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Scegli se vuoi autenticarti utilizzando il fornitore SAML integratore in Nextcloud o se vuoi autenticarti utilizzando una variabile d'ambiente.", + "Use built-in SAML authentication" : "Usa autenticazione SAML integrata", + "Use environment variable" : "Usa variabile d'ambiente", + "Global settings" : "Impostazioni globali", + "Remove identity provider" : "Rimuovi fornitore di identità", + "Add identity provider" : "Aggiungi fornitore di identità", + "General" : "Generale", + "Service Provider Data" : "Dati del fornitore di servizi", + "If your Service Provider should use certificates you can optionally specify them here." : "Se il tuo fornitore di servizi utilizza i certificati, puoi specificarli qui.", + "Show Service Provider settings…" : "Mostra impostazioni fornitore di servizi...", + "Name ID format" : "Formato ID Nome", + "Identity Provider Data" : "Dati del fornitore di identità", + "Configure your IdP settings here." : "Configura qui le tue impostazioni IdP.", + "Identifier of the IdP entity (must be a URI)" : "Identificatore dell'entità IdP (deve essere un URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "Destinazione dell'URL dell'IdP dove lo SP invierà il messaggio di richiesta di autenticazione", + "Show optional Identity Provider settings…" : "Mostra impostazioni opzionali del fornitore di identità...", + "URL Location of the IdP where the SP will send the SLO Request" : "Posizione dell'URL dell'IdP dove lo SP invierà la richiesta SLO", + "URL Location of the IDP's SLO Response" : "Posizione dell'URL della risposta SLO dell'IDP", + "Public X.509 certificate of the IdP" : "Certificato X.509 dell'IdP", + "Attribute mapping" : "Associazione degli attributi", + "If you want to optionally map attributes to the user you can configure these here." : "Se vuoi associare, in modo facoltativo, gli attributi all'utente, puoi configurarli qui.", + "Show attribute mapping settings…" : "Mostra le impostazioni di associazione degli attributi...", + "Security settings" : "Impostazioni di sicurezza", + "For increased security we recommend enabling the following settings if supported by your environment." : "Per una maggiore sicurezza, consigliamo di abilitare le seguenti impostazioni, se supportate dal tuo ambiente.", + "Show security settings…" : "Mostra impostazioni di sicurezza...", + "Signatures and encryption offered" : "Firme e cifratura offerte", + "Signatures and encryption required" : "Firme e cifratura richieste", + "Download metadata XML" : "Scarica XML metadati", + "Reset settings" : "Ripristina impostazioni", + "Metadata invalid" : "Metadati non validi", + "Metadata valid" : "Metadati validi", + "Error" : "Errore", + "Account not provisioned." : "Account non generato.", + "Your account is not provisioned, access to this service is thus not possible." : "Il tuo account non è stato generato, l'accesso a questo servizio è perciò impossibile", + "Login options:" : "Opzioni di accesso:", + "Choose a authentication provider" : "Scegli un fornitore di autenticazione" +},"pluralForm" :"nplurals=2; plural=(n != 1);" +} \ No newline at end of file diff --git a/docker/nextcloud/custom_apps/user_saml/l10n/ja.js b/docker/nextcloud/custom_apps/user_saml/l10n/ja.js new file mode 100644 index 0000000..2627569 --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/l10n/ja.js @@ -0,0 +1,87 @@ +OC.L10N.register( + "user_saml", + { + "This user account is disabled, please contact your administrator." : "このユーザーアカウントは無効です。管理者に連絡してください。", + "Saved" : "保存しました", + "Provider" : "プロバイダー", + "Unknown error, please check the log file for more details." : "不明なエラー、詳細はログファイルを確認してください。", + "Direct log in" : "ダイレクトログイン", + "SSO & SAML log in" : "SSO & SAML log in", + "This page should not be visited directly." : "このページには直接アクセスしないでください。", + "Provider " : "プロバイダー", + "X.509 certificate of the Service Provider" : "サービスプロバイダのX.509 証明書", + "Private key of the Service Provider" : "サービスプロバイダーの秘密鍵", + "Indicates that the nameID of the sent by this SP will be encrypted." : "このSPによって送信された のnameIDが暗号化されることを示します。", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "このSPによって送信された メッセージが署名されるかどうかを示します。[SPのメタデータがこの情報を提供する]", + "Indicates whether the messages sent by this SP will be signed." : "このSPによって送信された メッセージが署名されるかどうかを示します。", + "Indicates whether the messages sent by this SP will be signed." : "このSPによって送信された メッセージが署名されるかどうかを示します。", + "Whether the metadata should be signed." : "メタデータに署名する必要があるかどうか。", + "Indicates a requirement for the , and elements received by this SP to be signed." : "このSPが受信した、および要素が署名されるための要件を示します。", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "このSPによって受信された要素が署名されるための要件を示します。 [SPのメタデータはこの情報を提供する]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "このSPが受信した要素を暗号化するための要件を示します。", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "このSPによって受信されたSAMLResponse上のNameID要素が存在する必要があることを示します。", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "このSPによって受信されたNameIDが暗号化されるための要件を示します。", + "Indicates if the SP will validate all received XML." : "SPが受信したすべてのXMLを検証するかどうかを示します。", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS URL- SAMLデータを小文字で符号化し、ツールキットはデフォルトで大文字を使用します。 署名検証でADFSとの互換性を有効にする。", + "Algorithm that the toolkit will use on signing process." : "ツールキットが署名処理で使用するアルゴリズム。", + "Attribute to map the UID to." : "UIDをマップする属性。", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "ほかのバックエンドにアカウントが存在する場合のみ、認証を許可します。 (例えば、LDAP)", + "Attribute to map the displayname to." : "表示名をにマップする属性。", + "Attribute to map the email address to." : "電子メールアドレスをマップする属性。", + "Attribute to map the quota to." : "クオータをマップする属性。", + "Attribute to map the users groups to." : "ユーザーグループをマップする属性。", + "Attribute to map the users home to." : "ユーザーをホームにマップするための属性。", + "Email address" : "メールアドレス", + "Encrypted" : "暗号化", + "Entity" : "エンティティ", + "Kerberos" : "ケルベロス", + "Persistent" : "永続性", + "Transient" : "一時的", + "Unspecified" : "指定なし", + "Windows domain qualified name" : "Windowsドメイン修飾名", + "X509 subject name" : "X509の件名", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "%s デスクトップクライアントにSAML認証を使用する(ユーザーの再認証が必要)", + "Optional display name of the identity provider (default: \"SSO & SAML log in\")" : "IDプロバイダのオプションの表示名(デフォルト: \"SSO&SAMLログイン\")", + "Allow the use of multiple user back-ends (e.g. LDAP)" : "複数のユーザーのバックエンド(LDAPなど)の使用を許可する", + "SSO & SAML authentication" : "SSOとSAML認証", + "Authenticate using single sign-on" : "シングルサインオンを使用して認証する", + "Using the SSO & SAML app of your Nextcloud you can make it easily possible to integrate your existing Single-Sign-On solution with Nextcloud. In addition, you can use the Nextcloud LDAP user provider to keep the convenience for users. (e.g. when sharing)\nThe following providers are supported and tested at the moment:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Authentication via Environment Variable**\n\t* Kerberos (mod_auth_kerb)\n\t* Any other provider that authenticates using the environment variable\n\nWhile theoretically any other authentication provider implementing either one of those standards is compatible, we like to note that they are not part of any internal test matrix." : "NextcloudのSSO&SAMLアプリを使用すると、既存のシングルサインオンソリューションをNextcloudと簡単に統合することができます。 さらに、Nextcloud LDAPユーザープロバイダを使用して、ユーザーの利便性を保つことができます。 (例:共有時)\n現時点では、以下のプロバイダがサポートおよびテストされています。\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **環境変数による認証**\n\t* Kerberos (mod_auth_kerb)\n\t* Any other provider that authenticates using the environment variable\n\n理論的には、これらの規格のいずれかを実装している他の認証プロバイダにも互換性がありますが、それらは内部テストマトリックスの一部ではないことに注意してください。", + "Open documentation" : "ドキュメントを開く", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you enabled \"%s\" or you go directly to the URL %s." : "SSOを介してインスタンスにアクセスできる管理ユーザーを必ず作成してください。 \"%s\"を有効にしないか、直接URL %sにアクセスしない限り、もう通常の%sアカウントでログインすることはできません。", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you go directly to the URL %s." : "SSOを介してインスタンスにアクセスできる管理ユーザーを作成してください。URL %sに直接アクセスしないかぎり、もう通常の%sアカウントでログインすることはできません。", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Nextcloudに組み込まれているSAMLプロバイダを使用して認証するか、環境変数を使用して認証するかを選択してください。", + "Use built-in SAML authentication" : "組み込みのSAML認証を使用する", + "Use environment variable" : "環境変数を使用する", + "Global settings" : "グローバル設定", + "Remove identity provider" : "identity providerを削除する", + "Add identity provider" : "identity providerを追加する", + "General" : "一般", + "Service Provider Data" : "Service Providerデータ", + "If your Service Provider should use certificates you can optionally specify them here." : "サービスプロバイダが証明書を使用する必要がある場合は、オプションでここで指定することができます。", + "Show Service Provider settings…" : "サービスプロバイダの設定を表示しています...", + "Name ID format" : "名前IDの形式", + "Identity Provider Data" : "Identity Providerデータ", + "Configure your IdP settings here." : "IdP をここで設定します。", + "Identifier of the IdP entity (must be a URI)" : "IdPエンティティの識別子(URIでなければならない)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "SPが認証要求メッセージを送信するIdPのURLターゲット", + "Show optional Identity Provider settings…" : "オプションのIdentity Provider設定を表示する...", + "URL Location of the IdP where the SP will send the SLO Request" : "URL SPがSLO要求を送信するIdPの場所", + "Public X.509 certificate of the IdP" : "IdPの公開X.509証明書", + "Attribute mapping" : "属性マッピング", + "If you want to optionally map attributes to the user you can configure these here." : "オプションで属性をユーザーにマップする場合は、ここでそれらを構成できます。", + "Show attribute mapping settings…" : "属性マッピングの設定を表示する...", + "Security settings" : "セキュリティ設定", + "For increased security we recommend enabling the following settings if supported by your environment." : "セキュリティを強化するため、ご使用の環境でサポートされている場合は、次の設定を有効にすることをお勧めします", + "Show security settings…" : "セキュリティ設定を表示...", + "Signatures and encryption offered" : "署名と暗号化を提供", + "Signatures and encryption required" : "署名と暗号化が必要", + "Download metadata XML" : "メタデータXMLをダウンロード", + "Reset settings" : "設定をリセット", + "Metadata invalid" : "メタデータが無効です", + "Metadata valid" : "有効なメタデータ", + "Error" : "エラー", + "Account not provisioned." : "アカウントがプロビジョニングされていない", + "Your account is not provisioned, access to this service is thus not possible." : "アカウントにプロビジョニングされていないため、このサービスへのアクセスはできません。", + "Choose a authentication provider" : "認証プロバイダを選択する" +}, +"nplurals=1; plural=0;"); diff --git a/docker/nextcloud/custom_apps/user_saml/l10n/ja.json b/docker/nextcloud/custom_apps/user_saml/l10n/ja.json new file mode 100644 index 0000000..1a6c92e --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/l10n/ja.json @@ -0,0 +1,85 @@ +{ "translations": { + "This user account is disabled, please contact your administrator." : "このユーザーアカウントは無効です。管理者に連絡してください。", + "Saved" : "保存しました", + "Provider" : "プロバイダー", + "Unknown error, please check the log file for more details." : "不明なエラー、詳細はログファイルを確認してください。", + "Direct log in" : "ダイレクトログイン", + "SSO & SAML log in" : "SSO & SAML log in", + "This page should not be visited directly." : "このページには直接アクセスしないでください。", + "Provider " : "プロバイダー", + "X.509 certificate of the Service Provider" : "サービスプロバイダのX.509 証明書", + "Private key of the Service Provider" : "サービスプロバイダーの秘密鍵", + "Indicates that the nameID of the sent by this SP will be encrypted." : "このSPによって送信された のnameIDが暗号化されることを示します。", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "このSPによって送信された メッセージが署名されるかどうかを示します。[SPのメタデータがこの情報を提供する]", + "Indicates whether the messages sent by this SP will be signed." : "このSPによって送信された メッセージが署名されるかどうかを示します。", + "Indicates whether the messages sent by this SP will be signed." : "このSPによって送信された メッセージが署名されるかどうかを示します。", + "Whether the metadata should be signed." : "メタデータに署名する必要があるかどうか。", + "Indicates a requirement for the , and elements received by this SP to be signed." : "このSPが受信した、および要素が署名されるための要件を示します。", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "このSPによって受信された要素が署名されるための要件を示します。 [SPのメタデータはこの情報を提供する]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "このSPが受信した要素を暗号化するための要件を示します。", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "このSPによって受信されたSAMLResponse上のNameID要素が存在する必要があることを示します。", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "このSPによって受信されたNameIDが暗号化されるための要件を示します。", + "Indicates if the SP will validate all received XML." : "SPが受信したすべてのXMLを検証するかどうかを示します。", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS URL- SAMLデータを小文字で符号化し、ツールキットはデフォルトで大文字を使用します。 署名検証でADFSとの互換性を有効にする。", + "Algorithm that the toolkit will use on signing process." : "ツールキットが署名処理で使用するアルゴリズム。", + "Attribute to map the UID to." : "UIDをマップする属性。", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "ほかのバックエンドにアカウントが存在する場合のみ、認証を許可します。 (例えば、LDAP)", + "Attribute to map the displayname to." : "表示名をにマップする属性。", + "Attribute to map the email address to." : "電子メールアドレスをマップする属性。", + "Attribute to map the quota to." : "クオータをマップする属性。", + "Attribute to map the users groups to." : "ユーザーグループをマップする属性。", + "Attribute to map the users home to." : "ユーザーをホームにマップするための属性。", + "Email address" : "メールアドレス", + "Encrypted" : "暗号化", + "Entity" : "エンティティ", + "Kerberos" : "ケルベロス", + "Persistent" : "永続性", + "Transient" : "一時的", + "Unspecified" : "指定なし", + "Windows domain qualified name" : "Windowsドメイン修飾名", + "X509 subject name" : "X509の件名", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "%s デスクトップクライアントにSAML認証を使用する(ユーザーの再認証が必要)", + "Optional display name of the identity provider (default: \"SSO & SAML log in\")" : "IDプロバイダのオプションの表示名(デフォルト: \"SSO&SAMLログイン\")", + "Allow the use of multiple user back-ends (e.g. LDAP)" : "複数のユーザーのバックエンド(LDAPなど)の使用を許可する", + "SSO & SAML authentication" : "SSOとSAML認証", + "Authenticate using single sign-on" : "シングルサインオンを使用して認証する", + "Using the SSO & SAML app of your Nextcloud you can make it easily possible to integrate your existing Single-Sign-On solution with Nextcloud. In addition, you can use the Nextcloud LDAP user provider to keep the convenience for users. (e.g. when sharing)\nThe following providers are supported and tested at the moment:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Authentication via Environment Variable**\n\t* Kerberos (mod_auth_kerb)\n\t* Any other provider that authenticates using the environment variable\n\nWhile theoretically any other authentication provider implementing either one of those standards is compatible, we like to note that they are not part of any internal test matrix." : "NextcloudのSSO&SAMLアプリを使用すると、既存のシングルサインオンソリューションをNextcloudと簡単に統合することができます。 さらに、Nextcloud LDAPユーザープロバイダを使用して、ユーザーの利便性を保つことができます。 (例:共有時)\n現時点では、以下のプロバイダがサポートおよびテストされています。\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **環境変数による認証**\n\t* Kerberos (mod_auth_kerb)\n\t* Any other provider that authenticates using the environment variable\n\n理論的には、これらの規格のいずれかを実装している他の認証プロバイダにも互換性がありますが、それらは内部テストマトリックスの一部ではないことに注意してください。", + "Open documentation" : "ドキュメントを開く", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you enabled \"%s\" or you go directly to the URL %s." : "SSOを介してインスタンスにアクセスできる管理ユーザーを必ず作成してください。 \"%s\"を有効にしないか、直接URL %sにアクセスしない限り、もう通常の%sアカウントでログインすることはできません。", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you go directly to the URL %s." : "SSOを介してインスタンスにアクセスできる管理ユーザーを作成してください。URL %sに直接アクセスしないかぎり、もう通常の%sアカウントでログインすることはできません。", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Nextcloudに組み込まれているSAMLプロバイダを使用して認証するか、環境変数を使用して認証するかを選択してください。", + "Use built-in SAML authentication" : "組み込みのSAML認証を使用する", + "Use environment variable" : "環境変数を使用する", + "Global settings" : "グローバル設定", + "Remove identity provider" : "identity providerを削除する", + "Add identity provider" : "identity providerを追加する", + "General" : "一般", + "Service Provider Data" : "Service Providerデータ", + "If your Service Provider should use certificates you can optionally specify them here." : "サービスプロバイダが証明書を使用する必要がある場合は、オプションでここで指定することができます。", + "Show Service Provider settings…" : "サービスプロバイダの設定を表示しています...", + "Name ID format" : "名前IDの形式", + "Identity Provider Data" : "Identity Providerデータ", + "Configure your IdP settings here." : "IdP をここで設定します。", + "Identifier of the IdP entity (must be a URI)" : "IdPエンティティの識別子(URIでなければならない)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "SPが認証要求メッセージを送信するIdPのURLターゲット", + "Show optional Identity Provider settings…" : "オプションのIdentity Provider設定を表示する...", + "URL Location of the IdP where the SP will send the SLO Request" : "URL SPがSLO要求を送信するIdPの場所", + "Public X.509 certificate of the IdP" : "IdPの公開X.509証明書", + "Attribute mapping" : "属性マッピング", + "If you want to optionally map attributes to the user you can configure these here." : "オプションで属性をユーザーにマップする場合は、ここでそれらを構成できます。", + "Show attribute mapping settings…" : "属性マッピングの設定を表示する...", + "Security settings" : "セキュリティ設定", + "For increased security we recommend enabling the following settings if supported by your environment." : "セキュリティを強化するため、ご使用の環境でサポートされている場合は、次の設定を有効にすることをお勧めします", + "Show security settings…" : "セキュリティ設定を表示...", + "Signatures and encryption offered" : "署名と暗号化を提供", + "Signatures and encryption required" : "署名と暗号化が必要", + "Download metadata XML" : "メタデータXMLをダウンロード", + "Reset settings" : "設定をリセット", + "Metadata invalid" : "メタデータが無効です", + "Metadata valid" : "有効なメタデータ", + "Error" : "エラー", + "Account not provisioned." : "アカウントがプロビジョニングされていない", + "Your account is not provisioned, access to this service is thus not possible." : "アカウントにプロビジョニングされていないため、このサービスへのアクセスはできません。", + "Choose a authentication provider" : "認証プロバイダを選択する" +},"pluralForm" :"nplurals=1; plural=0;" +} \ No newline at end of file diff --git a/docker/nextcloud/custom_apps/user_saml/l10n/ka_GE.js b/docker/nextcloud/custom_apps/user_saml/l10n/ka_GE.js new file mode 100644 index 0000000..d8d6b24 --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/l10n/ka_GE.js @@ -0,0 +1,55 @@ +OC.L10N.register( + "user_saml", + { + "Saved" : "შენახულია", + "X.509 certificate of the Service Provider" : "სერვისის მომწოდებლის X.509 სერტიფიკატი", + "Private key of the Service Provider" : "სერვისის მომწოდებლის პირადი გასაღები", + "Indicates that the nameID of the sent by this SP will be encrypted." : "ანიშნებს რომ ამ SP-ს მეშვეობით გამოგზავნილი -ის nameID იქნება დაშიფრული.", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "ანიშნებს ამ SP-ს მეშვეობით გამოგზავნილი ხელმოწერილ იქნება თუ არა. [ამ ინფორმაციას მოგვაწოდებს SP-s მეტა მონაცემები]", + "Indicates whether the messages sent by this SP will be signed." : "ანიშნებს ამ SP-ს მეშვეობით გამოგზავნილი ხელმოწერილ იქნება თუ არა.", + "Indicates whether the messages sent by this SP will be signed." : "ანიშნებს ამ SP-ს მეშვეობით გამოგზავნილი ხელმოწერილ იქნება თუ არა.", + "Whether the metadata should be signed." : "უნდა მოეწეროს თუ არა მეტა-მონაცემებს ხელი.", + "Indicates a requirement for the , and elements received by this SP to be signed." : "ანიშნებს მოთხოვნილებას, ამ SP-ს საშუალებით მიღებულ , და ელემენტებს უნდა მოეწეროთ ხელი თუ არა.", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "ანიშნებს მოთხოვნილებას, ამ SP-ს საშუალებით მიღებულ ელემენტებს უნდა მოეწეროთ ხელი თუ არა. [ამ ინფორმაციას მოგვაწოდებს SP-s მეტა მონაცემები]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "ანიშნებს მოთხოვნილებას, ამ SP-ს საშუალებით მიღებული ელემენტები უნდა დაიშიფროს თუ არა.", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "ანიშნებს მოთხოვნილებას ამ SP-ს მეშვეობით მიღებულ SAMLResponse-ში უნდა იყოს თუ არა NameID ელემენტი.", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "ანიშნებს მოთხოვნილებას, ამ SP-ს საშუალებით მიღებული NameID უნდა დაიშიფროს თუ არა.", + "Indicates if the SP will validate all received XML." : "ანიშნებს გაუწევს თუ არა SP ვალიდაციას ყველა შემოსულ XML-ს.", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS URL უწევს SAML მონაცემებს კოდირებას პატარა ასოებით, ხელსაწყობის ნაკრები კი საწყისად იყენებს დიდ ასოებს. ჩართეთ ADFS თავსებადობა ხელმოწერის დამოწმებებზე.", + "Attribute to map the UID to." : "ატრიბუტი რომელსაც მიებმევა UID.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "აუტენტიფიკაციის უფლება დართეთ მხოლოდ მაშინ, თუ ანგარიში არსებობს რაიმე სხვა ბექენდზეც. (მაგ. LDAP-ზე)", + "Attribute to map the displayname to." : "ატრიბუტი რომელსაც მიებმევა დისპლეის სახელი.", + "Attribute to map the email address to." : "ატრიბუტი რომელსაც მიებმევა ელ-ფოსტის მისამართი.", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "გამოიყენეთ SAML აუტენტიფიკაცია %s დესკტოპ კლიენტებისთვის (საჭიროებს ხელახალ აუტენტიფიკაციას)", + "SSO & SAML authentication" : "SSO და SAML აუტენტიფიკაცია", + "Open documentation" : "ღია დოკუმენტაცია", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "გთხოვთ აირჩიოთ აუტენტიფიკაცია გსურთ Nextcloud-ში ჩაშენებული SAML მომწოდებელით თუ გსურთ აუტენტიფიკაცია სხვა გარემოს ცვლადის წინააღმდეგ.", + "Use built-in SAML authentication" : "ჩაშენებული SAML აუტენტიფიკაციის გამოყენება", + "Use environment variable" : "გარემოში არსებული ცვლადის გამოყენება", + "General" : "მთავარი", + "Service Provider Data" : "სერვისის მომწოდებლის მონაცემები", + "If your Service Provider should use certificates you can optionally specify them here." : "თუ თქვენი სერვის პროვაიდერი უნდა იყენებდეს სერტიფიკატებს, სურვილისამებრ შეგიძლიათ ისინი აქ ჩამოწეროთ.", + "Show Service Provider settings…" : "სერვისის მომწოდებლის პარამეტრების ჩვენება...", + "Identity Provider Data" : "იდენტობის მომწოდებლის მონაცემები", + "Configure your IdP settings here." : "დააყენეთ თქვენი IdP-ის პარამეტრები აქ.", + "Identifier of the IdP entity (must be a URI)" : "IdP შენატანის იდენტიფიკატორი (უნდა იყოს URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "IdP-s URL მისამართი სადაც SP გააგზავნის აუტენტიფიკაციის მოთხოვნის წერილს", + "Show optional Identity Provider settings…" : "არა-აუცილებელი იდენტობის პროვაიდერის პარამეტრების ჩვენება...", + "URL Location of the IdP where the SP will send the SLO Request" : "IdP-ს URL მისამართ სადაც SP გააგზავნის SLO მოთხოვნას", + "Public X.509 certificate of the IdP" : "IdP-ს ღია X.509 სერტიფიკატი", + "Attribute mapping" : "ატრიბუტების ბმები", + "If you want to optionally map attributes to the user you can configure these here." : "არაა აუცილებელი, მაგრამ თუ გსურთ ატრიბუტების მიბმა მომხმარებელთან, შეგიძლიათ კონფიგურაცია შეასრულოთ აქ.", + "Show attribute mapping settings…" : "ატრიბუტების მიბმის პარამეტრების ჩვენება...", + "Security settings" : "უსაფრთხოების პარამეტრები", + "For increased security we recommend enabling the following settings if supported by your environment." : "გაუმჯობესებული უსაფრთხოებისთვის, რეკომენდაციას გიწევთ, შესაძლებლობის შემთხვევაში, აამოქმედოთ შემდეგი პრამეტრები.", + "Show security settings…" : "უსაფრთხოების პარამეტრების ჩვენება...", + "Signatures and encryption offered" : "შემოთავაზებული ხელმოწერები და შიფრაციები", + "Signatures and encryption required" : "ხელმოწერები და შიფრაციები აუცილებელია", + "Download metadata XML" : "XML მეტა-მონაცემების გადმოწერა", + "Metadata invalid" : "მეტა-მონაცემი არასწორია", + "Metadata valid" : "მეტა-მონაცემი სწორია", + "Error" : "შეცდომა", + "Account not provisioned." : "ანგარიში არაა გათვალისწინებული.", + "Your account is not provisioned, access to this service is thus not possible." : "თქვენი ანგარიში არაა გათვალისწინებული, ამ სერვისისადმი წვდომა შესაბამისად შეუძლებელია." +}, +"nplurals=2; plural=(n!=1);"); diff --git a/docker/nextcloud/custom_apps/user_saml/l10n/ka_GE.json b/docker/nextcloud/custom_apps/user_saml/l10n/ka_GE.json new file mode 100644 index 0000000..1f388fa --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/l10n/ka_GE.json @@ -0,0 +1,53 @@ +{ "translations": { + "Saved" : "შენახულია", + "X.509 certificate of the Service Provider" : "სერვისის მომწოდებლის X.509 სერტიფიკატი", + "Private key of the Service Provider" : "სერვისის მომწოდებლის პირადი გასაღები", + "Indicates that the nameID of the sent by this SP will be encrypted." : "ანიშნებს რომ ამ SP-ს მეშვეობით გამოგზავნილი -ის nameID იქნება დაშიფრული.", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "ანიშნებს ამ SP-ს მეშვეობით გამოგზავნილი ხელმოწერილ იქნება თუ არა. [ამ ინფორმაციას მოგვაწოდებს SP-s მეტა მონაცემები]", + "Indicates whether the messages sent by this SP will be signed." : "ანიშნებს ამ SP-ს მეშვეობით გამოგზავნილი ხელმოწერილ იქნება თუ არა.", + "Indicates whether the messages sent by this SP will be signed." : "ანიშნებს ამ SP-ს მეშვეობით გამოგზავნილი ხელმოწერილ იქნება თუ არა.", + "Whether the metadata should be signed." : "უნდა მოეწეროს თუ არა მეტა-მონაცემებს ხელი.", + "Indicates a requirement for the , and elements received by this SP to be signed." : "ანიშნებს მოთხოვნილებას, ამ SP-ს საშუალებით მიღებულ , და ელემენტებს უნდა მოეწეროთ ხელი თუ არა.", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "ანიშნებს მოთხოვნილებას, ამ SP-ს საშუალებით მიღებულ ელემენტებს უნდა მოეწეროთ ხელი თუ არა. [ამ ინფორმაციას მოგვაწოდებს SP-s მეტა მონაცემები]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "ანიშნებს მოთხოვნილებას, ამ SP-ს საშუალებით მიღებული ელემენტები უნდა დაიშიფროს თუ არა.", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "ანიშნებს მოთხოვნილებას ამ SP-ს მეშვეობით მიღებულ SAMLResponse-ში უნდა იყოს თუ არა NameID ელემენტი.", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "ანიშნებს მოთხოვნილებას, ამ SP-ს საშუალებით მიღებული NameID უნდა დაიშიფროს თუ არა.", + "Indicates if the SP will validate all received XML." : "ანიშნებს გაუწევს თუ არა SP ვალიდაციას ყველა შემოსულ XML-ს.", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS URL უწევს SAML მონაცემებს კოდირებას პატარა ასოებით, ხელსაწყობის ნაკრები კი საწყისად იყენებს დიდ ასოებს. ჩართეთ ADFS თავსებადობა ხელმოწერის დამოწმებებზე.", + "Attribute to map the UID to." : "ატრიბუტი რომელსაც მიებმევა UID.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "აუტენტიფიკაციის უფლება დართეთ მხოლოდ მაშინ, თუ ანგარიში არსებობს რაიმე სხვა ბექენდზეც. (მაგ. LDAP-ზე)", + "Attribute to map the displayname to." : "ატრიბუტი რომელსაც მიებმევა დისპლეის სახელი.", + "Attribute to map the email address to." : "ატრიბუტი რომელსაც მიებმევა ელ-ფოსტის მისამართი.", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "გამოიყენეთ SAML აუტენტიფიკაცია %s დესკტოპ კლიენტებისთვის (საჭიროებს ხელახალ აუტენტიფიკაციას)", + "SSO & SAML authentication" : "SSO და SAML აუტენტიფიკაცია", + "Open documentation" : "ღია დოკუმენტაცია", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "გთხოვთ აირჩიოთ აუტენტიფიკაცია გსურთ Nextcloud-ში ჩაშენებული SAML მომწოდებელით თუ გსურთ აუტენტიფიკაცია სხვა გარემოს ცვლადის წინააღმდეგ.", + "Use built-in SAML authentication" : "ჩაშენებული SAML აუტენტიფიკაციის გამოყენება", + "Use environment variable" : "გარემოში არსებული ცვლადის გამოყენება", + "General" : "მთავარი", + "Service Provider Data" : "სერვისის მომწოდებლის მონაცემები", + "If your Service Provider should use certificates you can optionally specify them here." : "თუ თქვენი სერვის პროვაიდერი უნდა იყენებდეს სერტიფიკატებს, სურვილისამებრ შეგიძლიათ ისინი აქ ჩამოწეროთ.", + "Show Service Provider settings…" : "სერვისის მომწოდებლის პარამეტრების ჩვენება...", + "Identity Provider Data" : "იდენტობის მომწოდებლის მონაცემები", + "Configure your IdP settings here." : "დააყენეთ თქვენი IdP-ის პარამეტრები აქ.", + "Identifier of the IdP entity (must be a URI)" : "IdP შენატანის იდენტიფიკატორი (უნდა იყოს URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "IdP-s URL მისამართი სადაც SP გააგზავნის აუტენტიფიკაციის მოთხოვნის წერილს", + "Show optional Identity Provider settings…" : "არა-აუცილებელი იდენტობის პროვაიდერის პარამეტრების ჩვენება...", + "URL Location of the IdP where the SP will send the SLO Request" : "IdP-ს URL მისამართ სადაც SP გააგზავნის SLO მოთხოვნას", + "Public X.509 certificate of the IdP" : "IdP-ს ღია X.509 სერტიფიკატი", + "Attribute mapping" : "ატრიბუტების ბმები", + "If you want to optionally map attributes to the user you can configure these here." : "არაა აუცილებელი, მაგრამ თუ გსურთ ატრიბუტების მიბმა მომხმარებელთან, შეგიძლიათ კონფიგურაცია შეასრულოთ აქ.", + "Show attribute mapping settings…" : "ატრიბუტების მიბმის პარამეტრების ჩვენება...", + "Security settings" : "უსაფრთხოების პარამეტრები", + "For increased security we recommend enabling the following settings if supported by your environment." : "გაუმჯობესებული უსაფრთხოებისთვის, რეკომენდაციას გიწევთ, შესაძლებლობის შემთხვევაში, აამოქმედოთ შემდეგი პრამეტრები.", + "Show security settings…" : "უსაფრთხოების პარამეტრების ჩვენება...", + "Signatures and encryption offered" : "შემოთავაზებული ხელმოწერები და შიფრაციები", + "Signatures and encryption required" : "ხელმოწერები და შიფრაციები აუცილებელია", + "Download metadata XML" : "XML მეტა-მონაცემების გადმოწერა", + "Metadata invalid" : "მეტა-მონაცემი არასწორია", + "Metadata valid" : "მეტა-მონაცემი სწორია", + "Error" : "შეცდომა", + "Account not provisioned." : "ანგარიში არაა გათვალისწინებული.", + "Your account is not provisioned, access to this service is thus not possible." : "თქვენი ანგარიში არაა გათვალისწინებული, ამ სერვისისადმი წვდომა შესაბამისად შეუძლებელია." +},"pluralForm" :"nplurals=2; plural=(n!=1);" +} \ No newline at end of file diff --git a/docker/nextcloud/custom_apps/user_saml/l10n/ko.js b/docker/nextcloud/custom_apps/user_saml/l10n/ko.js new file mode 100644 index 0000000..21bcfe5 --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/l10n/ko.js @@ -0,0 +1,76 @@ +OC.L10N.register( + "user_saml", + { + "This user account is disabled, please contact your administrator." : "이 계정이 비활성화되었습니다. 관리자에게 연락해 주십시오.", + "Saved" : "저장됨", + "Provider" : "공급자", + "Unknown error, please check the log file for more details." : "알 수 없는 오류. 자세한 정보를 보려면 로그 파일을 참조하십시오.", + "Direct log in" : "직접 로그인", + "SSO & SAML log in" : "SSO 및 SAML 로그인", + "This page should not be visited directly." : "이 페이지를 직접 방문하면 안 됩니다.", + "Provider " : "공급자", + "X.509 certificate of the Service Provider" : "서비스 공급자의 X.509 인증서", + "Private key of the Service Provider" : "서비스 공급자의 개인 키", + "Indicates that the nameID of the sent by this SP will be encrypted." : "이 서비스 공급자가 보낸 의 nameID를 암호화할지 여부입니다.", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "이 서비스 공급자가 보낸 메시지를 서명할지 여부입니다. [서비스 공급자 메타데이터가 정보를 제공함]", + "Indicates whether the messages sent by this SP will be signed." : "이 서비스 공급자가 보낸 메시지를 서명할지 여부입니다.", + "Indicates whether the messages sent by this SP will be signed." : "이 서비스 공급자가 보낸 메시지를 서명할지 여부입니다.", + "Whether the metadata should be signed." : "메타데이터를 서명할지 여부입니다.", + "Indicates a requirement for the , and elements received by this SP to be signed." : "이 서비스 공급자가 받는 , 원소를 서명해야 할지 여부입니다.", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "이 서비스 공급자가 받는 메시지를 서명해야 할지 여부입니다. [서비스 공급자 메타데이터가 정보를 제공함]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "이 서비스 공급자가 받는 원소를 암호화해야 할지 여부입니다.", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "이 서비스 공급자가 받는 SAMLResponse의 NameID 원소가 존재해야 할지 여부입니다.", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "이 서비스 공급자가 받는 NameID를 암호화해야 할지 여부입니다.", + "Indicates if the SP will validate all received XML." : "SP에서 모든 수신 XML을 검증할지 여부입니다.", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS는 SAML 데이터를 소문자로 URL에 인코딩하며, 툴킷은 기본적으로 대문자를 사용합니다. 서명 검증 시 ADFS 호환성이 필요할 때 사용하십시오.", + "Attribute to map the UID to." : "UID를 매핑할 속성입니다.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "다른 백엔드(예: LDAP)에 계정이 있을 때에만 인증을 허용합니다.", + "Attribute to map the displayname to." : "표시 이름을 매핑할 속성입니다.", + "Attribute to map the email address to." : "이메일 주소를 매핑할 속성입니다.", + "Attribute to map the quota to." : "할당량을 매핑할 속성입니다.", + "Attribute to map the users groups to." : "사용자 그룹을 매핑할 속성입니다.", + "Attribute to map the users home to." : "사용자 홈 경로를 매핑할 속성입니다.", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "%s 데스크톱 클라이언트에 SAML 인증을 사용합니다(사용자 재인증이 필요함)", + "Optional display name of the identity provider (default: \"SSO & SAML log in\")" : "인증 공급자 표시 이름(선택 사항, 기본값: \"SSO 및 SAML 로그인\")", + "Allow the use of multiple user back-ends (e.g. LDAP)" : "다중 사용자 백엔드 허용(예: LDAP)", + "SSO & SAML authentication" : "SSO 및 SAML 인증", + "Authenticate using single sign-on" : "통합 로그인으로 인증", + "Using the SSO & SAML app of your Nextcloud you can make it easily possible to integrate your existing Single-Sign-On solution with Nextcloud. In addition, you can use the Nextcloud LDAP user provider to keep the convenience for users. (e.g. when sharing)\nThe following providers are supported and tested at the moment:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Authentication via Environment Variable**\n\t* Kerberos (mod_auth_kerb)\n\t* Any other provider that authenticates using the environment variable\n\nWhile theoretically any other authentication provider implementing either one of those standards is compatible, we like to note that they are not part of any internal test matrix." : "Nextcloud의 SSO 및 SAML 앱을 사용하면 기존 통합 로그인 솔루션과 Nextcloud를 통합할 수 있습니다. 추가적으로 사용자 편의성을 위해서(예: 공유 시) Nextcloud LDAP 사용자 공급자를 지정할 수 있습니다.\n현재 다음 공급자를 지원합니다:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services ADFS)\n\n* **환경 변수를 통한 인증**\n\t* Kerberos(mod_auth_kerb)\n\t* 기타 환경 변수를 사용하는 인증 공급자\n\n이론적으로 같은 표준을 사용하는 다른 인증 공급자를 사용할 수 있으나, 내부적으로 시험되지 않았습니다.", + "Open documentation" : "문서 열기", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you enabled \"%s\" or you go directly to the URL %s." : "인스턴스에 SSO로 접근할 수 있는 관리 사용자를 설정하십시오. 더 이상 일반 %s 계정으로 로그인할 수 없습니다. 일반 계정으로 로그인하려면 \"%s\"을(를) 활성화하거나 %s URL을 직접 방문해야 합니다.", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you go directly to the URL %s." : "인스턴스에 SSO로 접근할 수 있는 관리 사용자를 설정하십시오. 더 이상 일반 %s 계정으로 로그인할 수 없습니다. 일반 계정으로 로그인하려면 %s URL을 직접 방문해야 합니다.", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Nextcloud에 내장된 SAML 공급자로 인증할지, 환경 변수를 사용하여 인증할지를 선택하십시오.", + "Use built-in SAML authentication" : "내장 SAML 인증 사용", + "Use environment variable" : "환경 변수 사용", + "Global settings" : "전역 설정", + "Remove identity provider" : "인증 공급자 삭제", + "Add identity provider" : "인증 공급자 추가", + "General" : "일반", + "Service Provider Data" : "서비스 공급자 데이터", + "If your Service Provider should use certificates you can optionally specify them here." : "서비스 공급자가 인증서를 사용한다면 여기에 추가적으로 지정할 수 있습니다.", + "Show Service Provider settings…" : "서비스 공급자 설정 표시…", + "Identity Provider Data" : "인증 공급자 데이터", + "Configure your IdP settings here." : "IdP를 여기에서 설정할 수 있습니다.", + "Identifier of the IdP entity (must be a URI)" : "IdP 엔티티 식별자(URI여야 함)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "SP에서 인증 요청 메시지를 보낼 IdP 대상 URL", + "Show optional Identity Provider settings…" : "추가 인증 공급자 설정 표시…", + "URL Location of the IdP where the SP will send the SLO Request" : "SP에서 SLO 요청 메시지를 보낼 IdP 대상 URL", + "Public X.509 certificate of the IdP" : "IdP의 공개 X.509 인증서", + "Attribute mapping" : "속성 매핑", + "If you want to optionally map attributes to the user you can configure these here." : "추가 속성을 사용자에게 연결하려면 여기에서 설정하십시오.", + "Show attribute mapping settings…" : "속성 매핑 설정 표시…", + "Security settings" : "보안 설정", + "For increased security we recommend enabling the following settings if supported by your environment." : "보안을 강화하기 위해서 환경에서 지원하는 경우 다음 설정을 사용할 것을 추천합니다.", + "Show security settings…" : "보안 설정 표시…", + "Signatures and encryption offered" : "서명과 암호화 제공됨", + "Signatures and encryption required" : "서명과 암호화 필요함", + "Download metadata XML" : "메타데이터 XML 다운로드", + "Reset settings" : "설정 초기화", + "Metadata invalid" : "메타데이터 잘못됨", + "Metadata valid" : "메타데이터 올바름", + "Error" : "오류", + "Account not provisioned." : "계정이 프로비전되지 않았습니다.", + "Your account is not provisioned, access to this service is thus not possible." : "계정이 프로비전되지 않아서 이 서비스에 접근할 수 없습니다.", + "Choose a authentication provider" : "인증 공급자 선택" +}, +"nplurals=1; plural=0;"); diff --git a/docker/nextcloud/custom_apps/user_saml/l10n/ko.json b/docker/nextcloud/custom_apps/user_saml/l10n/ko.json new file mode 100644 index 0000000..0f8a06a --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/l10n/ko.json @@ -0,0 +1,74 @@ +{ "translations": { + "This user account is disabled, please contact your administrator." : "이 계정이 비활성화되었습니다. 관리자에게 연락해 주십시오.", + "Saved" : "저장됨", + "Provider" : "공급자", + "Unknown error, please check the log file for more details." : "알 수 없는 오류. 자세한 정보를 보려면 로그 파일을 참조하십시오.", + "Direct log in" : "직접 로그인", + "SSO & SAML log in" : "SSO 및 SAML 로그인", + "This page should not be visited directly." : "이 페이지를 직접 방문하면 안 됩니다.", + "Provider " : "공급자", + "X.509 certificate of the Service Provider" : "서비스 공급자의 X.509 인증서", + "Private key of the Service Provider" : "서비스 공급자의 개인 키", + "Indicates that the nameID of the sent by this SP will be encrypted." : "이 서비스 공급자가 보낸 의 nameID를 암호화할지 여부입니다.", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "이 서비스 공급자가 보낸 메시지를 서명할지 여부입니다. [서비스 공급자 메타데이터가 정보를 제공함]", + "Indicates whether the messages sent by this SP will be signed." : "이 서비스 공급자가 보낸 메시지를 서명할지 여부입니다.", + "Indicates whether the messages sent by this SP will be signed." : "이 서비스 공급자가 보낸 메시지를 서명할지 여부입니다.", + "Whether the metadata should be signed." : "메타데이터를 서명할지 여부입니다.", + "Indicates a requirement for the , and elements received by this SP to be signed." : "이 서비스 공급자가 받는 , 원소를 서명해야 할지 여부입니다.", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "이 서비스 공급자가 받는 메시지를 서명해야 할지 여부입니다. [서비스 공급자 메타데이터가 정보를 제공함]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "이 서비스 공급자가 받는 원소를 암호화해야 할지 여부입니다.", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "이 서비스 공급자가 받는 SAMLResponse의 NameID 원소가 존재해야 할지 여부입니다.", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "이 서비스 공급자가 받는 NameID를 암호화해야 할지 여부입니다.", + "Indicates if the SP will validate all received XML." : "SP에서 모든 수신 XML을 검증할지 여부입니다.", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS는 SAML 데이터를 소문자로 URL에 인코딩하며, 툴킷은 기본적으로 대문자를 사용합니다. 서명 검증 시 ADFS 호환성이 필요할 때 사용하십시오.", + "Attribute to map the UID to." : "UID를 매핑할 속성입니다.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "다른 백엔드(예: LDAP)에 계정이 있을 때에만 인증을 허용합니다.", + "Attribute to map the displayname to." : "표시 이름을 매핑할 속성입니다.", + "Attribute to map the email address to." : "이메일 주소를 매핑할 속성입니다.", + "Attribute to map the quota to." : "할당량을 매핑할 속성입니다.", + "Attribute to map the users groups to." : "사용자 그룹을 매핑할 속성입니다.", + "Attribute to map the users home to." : "사용자 홈 경로를 매핑할 속성입니다.", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "%s 데스크톱 클라이언트에 SAML 인증을 사용합니다(사용자 재인증이 필요함)", + "Optional display name of the identity provider (default: \"SSO & SAML log in\")" : "인증 공급자 표시 이름(선택 사항, 기본값: \"SSO 및 SAML 로그인\")", + "Allow the use of multiple user back-ends (e.g. LDAP)" : "다중 사용자 백엔드 허용(예: LDAP)", + "SSO & SAML authentication" : "SSO 및 SAML 인증", + "Authenticate using single sign-on" : "통합 로그인으로 인증", + "Using the SSO & SAML app of your Nextcloud you can make it easily possible to integrate your existing Single-Sign-On solution with Nextcloud. In addition, you can use the Nextcloud LDAP user provider to keep the convenience for users. (e.g. when sharing)\nThe following providers are supported and tested at the moment:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Authentication via Environment Variable**\n\t* Kerberos (mod_auth_kerb)\n\t* Any other provider that authenticates using the environment variable\n\nWhile theoretically any other authentication provider implementing either one of those standards is compatible, we like to note that they are not part of any internal test matrix." : "Nextcloud의 SSO 및 SAML 앱을 사용하면 기존 통합 로그인 솔루션과 Nextcloud를 통합할 수 있습니다. 추가적으로 사용자 편의성을 위해서(예: 공유 시) Nextcloud LDAP 사용자 공급자를 지정할 수 있습니다.\n현재 다음 공급자를 지원합니다:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services ADFS)\n\n* **환경 변수를 통한 인증**\n\t* Kerberos(mod_auth_kerb)\n\t* 기타 환경 변수를 사용하는 인증 공급자\n\n이론적으로 같은 표준을 사용하는 다른 인증 공급자를 사용할 수 있으나, 내부적으로 시험되지 않았습니다.", + "Open documentation" : "문서 열기", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you enabled \"%s\" or you go directly to the URL %s." : "인스턴스에 SSO로 접근할 수 있는 관리 사용자를 설정하십시오. 더 이상 일반 %s 계정으로 로그인할 수 없습니다. 일반 계정으로 로그인하려면 \"%s\"을(를) 활성화하거나 %s URL을 직접 방문해야 합니다.", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you go directly to the URL %s." : "인스턴스에 SSO로 접근할 수 있는 관리 사용자를 설정하십시오. 더 이상 일반 %s 계정으로 로그인할 수 없습니다. 일반 계정으로 로그인하려면 %s URL을 직접 방문해야 합니다.", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Nextcloud에 내장된 SAML 공급자로 인증할지, 환경 변수를 사용하여 인증할지를 선택하십시오.", + "Use built-in SAML authentication" : "내장 SAML 인증 사용", + "Use environment variable" : "환경 변수 사용", + "Global settings" : "전역 설정", + "Remove identity provider" : "인증 공급자 삭제", + "Add identity provider" : "인증 공급자 추가", + "General" : "일반", + "Service Provider Data" : "서비스 공급자 데이터", + "If your Service Provider should use certificates you can optionally specify them here." : "서비스 공급자가 인증서를 사용한다면 여기에 추가적으로 지정할 수 있습니다.", + "Show Service Provider settings…" : "서비스 공급자 설정 표시…", + "Identity Provider Data" : "인증 공급자 데이터", + "Configure your IdP settings here." : "IdP를 여기에서 설정할 수 있습니다.", + "Identifier of the IdP entity (must be a URI)" : "IdP 엔티티 식별자(URI여야 함)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "SP에서 인증 요청 메시지를 보낼 IdP 대상 URL", + "Show optional Identity Provider settings…" : "추가 인증 공급자 설정 표시…", + "URL Location of the IdP where the SP will send the SLO Request" : "SP에서 SLO 요청 메시지를 보낼 IdP 대상 URL", + "Public X.509 certificate of the IdP" : "IdP의 공개 X.509 인증서", + "Attribute mapping" : "속성 매핑", + "If you want to optionally map attributes to the user you can configure these here." : "추가 속성을 사용자에게 연결하려면 여기에서 설정하십시오.", + "Show attribute mapping settings…" : "속성 매핑 설정 표시…", + "Security settings" : "보안 설정", + "For increased security we recommend enabling the following settings if supported by your environment." : "보안을 강화하기 위해서 환경에서 지원하는 경우 다음 설정을 사용할 것을 추천합니다.", + "Show security settings…" : "보안 설정 표시…", + "Signatures and encryption offered" : "서명과 암호화 제공됨", + "Signatures and encryption required" : "서명과 암호화 필요함", + "Download metadata XML" : "메타데이터 XML 다운로드", + "Reset settings" : "설정 초기화", + "Metadata invalid" : "메타데이터 잘못됨", + "Metadata valid" : "메타데이터 올바름", + "Error" : "오류", + "Account not provisioned." : "계정이 프로비전되지 않았습니다.", + "Your account is not provisioned, access to this service is thus not possible." : "계정이 프로비전되지 않아서 이 서비스에 접근할 수 없습니다.", + "Choose a authentication provider" : "인증 공급자 선택" +},"pluralForm" :"nplurals=1; plural=0;" +} \ No newline at end of file diff --git a/docker/nextcloud/custom_apps/user_saml/l10n/lb.js b/docker/nextcloud/custom_apps/user_saml/l10n/lb.js new file mode 100644 index 0000000..73fa215 --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/l10n/lb.js @@ -0,0 +1,10 @@ +OC.L10N.register( + "user_saml", + { + "Saved" : "Gespäichert", + "Open documentation" : "Dokumentatioun opmaachen", + "General" : "Allgemeng", + "Metadata invalid" : "Falsch Metadata", + "Error" : "Fehler" +}, +"nplurals=2; plural=(n != 1);"); diff --git a/docker/nextcloud/custom_apps/user_saml/l10n/lb.json b/docker/nextcloud/custom_apps/user_saml/l10n/lb.json new file mode 100644 index 0000000..832d573 --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/l10n/lb.json @@ -0,0 +1,8 @@ +{ "translations": { + "Saved" : "Gespäichert", + "Open documentation" : "Dokumentatioun opmaachen", + "General" : "Allgemeng", + "Metadata invalid" : "Falsch Metadata", + "Error" : "Fehler" +},"pluralForm" :"nplurals=2; plural=(n != 1);" +} \ No newline at end of file diff --git a/docker/nextcloud/custom_apps/user_saml/l10n/lt_LT.js b/docker/nextcloud/custom_apps/user_saml/l10n/lt_LT.js new file mode 100644 index 0000000..b356a05 --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/l10n/lt_LT.js @@ -0,0 +1,35 @@ +OC.L10N.register( + "user_saml", + { + "This user account is disabled, please contact your administrator." : "Ši naudotojo paskyra yra išjungta, prašome susisiekti su savo administratoriumi.", + "Saved" : "Įrašyta", + "Unknown error, please check the log file for more details." : "Nežinoma klaida, išsamesnei informacijai žiūrėkite žurnalo failą.", + "Direct log in" : "Tiesioginis prisijungimas", + "X.509 certificate of the Service Provider" : "Paslaugų teikėjo X.509 liudijimas", + "Private key of the Service Provider" : "Paslaugų teikėjo privatusis raktas", + "Whether the metadata should be signed." : "Ar metaduomenys turėtų būti pasirašyti.", + "Email address" : "El. pašto adresas", + "Entity" : "Esybė", + "SSO & SAML authentication" : "SSO & SAML tapatybės nustatymas", + "Open documentation" : "Atverti dokumentaciją", + "Use built-in SAML authentication" : "Naudoti įtaisytąjį SAML tapatybės nustatymą", + "Use environment variable" : "Naudoti aplinkos kintamąjį", + "Global settings" : "Visuotiniai nustatymai", + "General" : "Bendra", + "Service Provider Data" : "Paslaugų teikėjo duomenys", + "If your Service Provider should use certificates you can optionally specify them here." : "Jeigu jūsų paslaugų teikėjas turėtų naudoti liudijimus, galite čia pasirinktinai juos nurodyti.", + "Show Service Provider settings…" : "Rodyti paslaugų teikėjo nustatymus…", + "Identity Provider Data" : "Tapatybės teikėjo duomenys", + "Configure your IdP settings here." : "Čia konfigūruokite savo IdP nustatymus.", + "Identifier of the IdP entity (must be a URI)" : "IdP esybės identifikatorius (privalo būti URI)", + "Security settings" : "Saugumo nustatymai", + "Show security settings…" : "Rodyti saugumo nustatymus…", + "Signatures and encryption offered" : "Siūlomi parašai ir šifravimas", + "Signatures and encryption required" : "Reikalingi parašai ir šifravimas", + "Download metadata XML" : "Atsisiųsti metaduomenų XML", + "Reset settings" : "Atstatyti nustatymus", + "Metadata invalid" : "Metaduomenys neteisingi", + "Metadata valid" : "Metaduomenys teisingi", + "Error" : "Klaida" +}, +"nplurals=4; plural=(n % 10 == 1 && (n % 100 > 19 || n % 100 < 11) ? 0 : (n % 10 >= 2 && n % 10 <=9) && (n % 100 > 19 || n % 100 < 11) ? 1 : n % 1 != 0 ? 2: 3);"); diff --git a/docker/nextcloud/custom_apps/user_saml/l10n/lt_LT.json b/docker/nextcloud/custom_apps/user_saml/l10n/lt_LT.json new file mode 100644 index 0000000..e29ab1c --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/l10n/lt_LT.json @@ -0,0 +1,33 @@ +{ "translations": { + "This user account is disabled, please contact your administrator." : "Ši naudotojo paskyra yra išjungta, prašome susisiekti su savo administratoriumi.", + "Saved" : "Įrašyta", + "Unknown error, please check the log file for more details." : "Nežinoma klaida, išsamesnei informacijai žiūrėkite žurnalo failą.", + "Direct log in" : "Tiesioginis prisijungimas", + "X.509 certificate of the Service Provider" : "Paslaugų teikėjo X.509 liudijimas", + "Private key of the Service Provider" : "Paslaugų teikėjo privatusis raktas", + "Whether the metadata should be signed." : "Ar metaduomenys turėtų būti pasirašyti.", + "Email address" : "El. pašto adresas", + "Entity" : "Esybė", + "SSO & SAML authentication" : "SSO & SAML tapatybės nustatymas", + "Open documentation" : "Atverti dokumentaciją", + "Use built-in SAML authentication" : "Naudoti įtaisytąjį SAML tapatybės nustatymą", + "Use environment variable" : "Naudoti aplinkos kintamąjį", + "Global settings" : "Visuotiniai nustatymai", + "General" : "Bendra", + "Service Provider Data" : "Paslaugų teikėjo duomenys", + "If your Service Provider should use certificates you can optionally specify them here." : "Jeigu jūsų paslaugų teikėjas turėtų naudoti liudijimus, galite čia pasirinktinai juos nurodyti.", + "Show Service Provider settings…" : "Rodyti paslaugų teikėjo nustatymus…", + "Identity Provider Data" : "Tapatybės teikėjo duomenys", + "Configure your IdP settings here." : "Čia konfigūruokite savo IdP nustatymus.", + "Identifier of the IdP entity (must be a URI)" : "IdP esybės identifikatorius (privalo būti URI)", + "Security settings" : "Saugumo nustatymai", + "Show security settings…" : "Rodyti saugumo nustatymus…", + "Signatures and encryption offered" : "Siūlomi parašai ir šifravimas", + "Signatures and encryption required" : "Reikalingi parašai ir šifravimas", + "Download metadata XML" : "Atsisiųsti metaduomenų XML", + "Reset settings" : "Atstatyti nustatymus", + "Metadata invalid" : "Metaduomenys neteisingi", + "Metadata valid" : "Metaduomenys teisingi", + "Error" : "Klaida" +},"pluralForm" :"nplurals=4; plural=(n % 10 == 1 && (n % 100 > 19 || n % 100 < 11) ? 0 : (n % 10 >= 2 && n % 10 <=9) && (n % 100 > 19 || n % 100 < 11) ? 1 : n % 1 != 0 ? 2: 3);" +} \ No newline at end of file diff --git a/docker/nextcloud/custom_apps/user_saml/l10n/lv.js b/docker/nextcloud/custom_apps/user_saml/l10n/lv.js new file mode 100644 index 0000000..12ea872 --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/l10n/lv.js @@ -0,0 +1,26 @@ +OC.L10N.register( + "user_saml", + { + "Saved" : "Saglabāts", + "X.509 certificate of the Service Provider" : "X.509 sertifikātu no pakalpojumu sniedzēja", + "Private key of the Service Provider" : "Privātā atslēga no pakalpojumu sniedzēja", + "SSO & SAML authentication" : "SSO & SAML autentifikācija", + "Open documentation" : "Atvērt dokumentāciju", + "Use built-in SAML authentication" : "Izmantot iebūvēto SAML autentifikācija", + "Use environment variable" : "Izmantot vides mainīgo", + "General" : "Vispārīgi", + "Service Provider Data" : "Pakalpojumu sniedzēja dati", + "If your Service Provider should use certificates you can optionally specify them here." : "Ja jūsu pakalpojumu sniedzējs izmanto sertifikātus, varat norādiet tos šeit.", + "Identity Provider Data" : "Identitātes nodrošinātāja dati", + "Configure your IdP settings here." : "Konfigurēt IdP iestatījumus šeit.", + "Security settings" : "Drošības iestatījumi", + "For increased security we recommend enabling the following settings if supported by your environment." : "Lai paaugstinātu drošību, iesakām iespējot šos iestatījumus, ja to atbalsta jūsu vidē.", + "Signatures and encryption required" : "Paraksti un šifrēšana ir nepieciešama", + "Download metadata XML" : "Lejupielādēt metadatu XML", + "Metadata invalid" : "Nederīgi metadati", + "Metadata valid" : "Derīgi metadati", + "Error" : "Kļūda", + "Account not provisioned." : "Konts nav nodrošināts.", + "Your account is not provisioned, access to this service is thus not possible." : "Jūsu konts netiek nodrošināts, tādējādi piekļuve šim pakalpojumam nav iespējama." +}, +"nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n != 0 ? 1 : 2);"); diff --git a/docker/nextcloud/custom_apps/user_saml/l10n/lv.json b/docker/nextcloud/custom_apps/user_saml/l10n/lv.json new file mode 100644 index 0000000..ac3b87c --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/l10n/lv.json @@ -0,0 +1,24 @@ +{ "translations": { + "Saved" : "Saglabāts", + "X.509 certificate of the Service Provider" : "X.509 sertifikātu no pakalpojumu sniedzēja", + "Private key of the Service Provider" : "Privātā atslēga no pakalpojumu sniedzēja", + "SSO & SAML authentication" : "SSO & SAML autentifikācija", + "Open documentation" : "Atvērt dokumentāciju", + "Use built-in SAML authentication" : "Izmantot iebūvēto SAML autentifikācija", + "Use environment variable" : "Izmantot vides mainīgo", + "General" : "Vispārīgi", + "Service Provider Data" : "Pakalpojumu sniedzēja dati", + "If your Service Provider should use certificates you can optionally specify them here." : "Ja jūsu pakalpojumu sniedzējs izmanto sertifikātus, varat norādiet tos šeit.", + "Identity Provider Data" : "Identitātes nodrošinātāja dati", + "Configure your IdP settings here." : "Konfigurēt IdP iestatījumus šeit.", + "Security settings" : "Drošības iestatījumi", + "For increased security we recommend enabling the following settings if supported by your environment." : "Lai paaugstinātu drošību, iesakām iespējot šos iestatījumus, ja to atbalsta jūsu vidē.", + "Signatures and encryption required" : "Paraksti un šifrēšana ir nepieciešama", + "Download metadata XML" : "Lejupielādēt metadatu XML", + "Metadata invalid" : "Nederīgi metadati", + "Metadata valid" : "Derīgi metadati", + "Error" : "Kļūda", + "Account not provisioned." : "Konts nav nodrošināts.", + "Your account is not provisioned, access to this service is thus not possible." : "Jūsu konts netiek nodrošināts, tādējādi piekļuve šim pakalpojumam nav iespējama." +},"pluralForm" :"nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n != 0 ? 1 : 2);" +} \ No newline at end of file diff --git a/docker/nextcloud/custom_apps/user_saml/l10n/mk.js b/docker/nextcloud/custom_apps/user_saml/l10n/mk.js new file mode 100644 index 0000000..b6ea1e5 --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/l10n/mk.js @@ -0,0 +1,10 @@ +OC.L10N.register( + "user_saml", + { + "Saved" : "Зачувано", + "Email address" : "Е-пошта адреси", + "Open documentation" : "Отвори ја документацијата", + "General" : "Општо", + "Error" : "Грешка" +}, +"nplurals=2; plural=(n % 10 == 1 && n % 100 != 11) ? 0 : 1;"); diff --git a/docker/nextcloud/custom_apps/user_saml/l10n/mk.json b/docker/nextcloud/custom_apps/user_saml/l10n/mk.json new file mode 100644 index 0000000..c12a24d --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/l10n/mk.json @@ -0,0 +1,8 @@ +{ "translations": { + "Saved" : "Зачувано", + "Email address" : "Е-пошта адреси", + "Open documentation" : "Отвори ја документацијата", + "General" : "Општо", + "Error" : "Грешка" +},"pluralForm" :"nplurals=2; plural=(n % 10 == 1 && n % 100 != 11) ? 0 : 1;" +} \ No newline at end of file diff --git a/docker/nextcloud/custom_apps/user_saml/l10n/nb.js b/docker/nextcloud/custom_apps/user_saml/l10n/nb.js new file mode 100644 index 0000000..ab5b0be --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/l10n/nb.js @@ -0,0 +1,88 @@ +OC.L10N.register( + "user_saml", + { + "This user account is disabled, please contact your administrator." : "Denne brukerkontoen er avskrudd, kontakt administratoren din.", + "Saved" : "Lagret", + "Provider" : "Tilbyder", + "Unknown error, please check the log file for more details." : "Ukjent feil, sjekk loggfilen for flere detaljer.", + "Direct log in" : "Direkte innlogging", + "SSO & SAML log in" : "SSO- og SAML -innlogging", + "This page should not be visited directly." : "Denne siden bør ikke besøkes direkte.", + "Provider " : "Tilbyder", + "X.509 certificate of the Service Provider" : "X.509-sertifikat for tjenesteleverandøren", + "Private key of the Service Provider" : "Privat nøkkel for tjenesteleverandøren", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Forteller om av denne SPen er kryptert.", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Forteller om -meldinger sendt av denne SP-en vil bli signert. [Metadataen til SP-en vil ha denne infoen å by på]", + "Indicates whether the messages sent by this SP will be signed." : "Forteller om av denne SPen er signert.", + "Indicates whether the messages sent by this SP will be signed." : "Forteller om av denne SP-en er signert.", + "Whether the metadata should be signed." : "Om metadataene skal være signert.", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Forteller om kravet om signering for , og -elementer mottatt av denne SP-en.", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Forteller om kravet om signering for -elementer mottatt av denne SP-en. [Metadataen til denne SP-en vil ha denne infoen å by på]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Forteller om kravet for om kryptering for -elementer mottatt av denne SP-en.", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Forteller om kravet om at dette NameID-elementet på SAMLResponse mottatt av denne SP-en skal være tilstede.", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Forteller om kravet om at NameID mottatt av denne SP-en skal være kryptert.", + "Indicates if the SP will validate all received XML." : "Forteller om SP-en skal validere all mottatt XML.", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS URL-koder SAML-data som små bokstaver, og verktøyssettet bruker store bokstaver som forvalg. Skru på for ADFS-kompabilitet for signaturbekreftelse.", + "Algorithm that the toolkit will use on signing process." : "Algoritme som verktøysettet skal bruke ved signeringsprosessen.", + "Attribute to map the UID to." : "Attributt å binde UID til.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Bare tillat autentisering hvis en konto finnes på en annen bakende. (f.eks. LDAP)", + "Attribute to map the displayname to." : "Attributt å binde visningsnavnet til.", + "Attribute to map the email address to." : "Attributt å binde e-postadressen til.", + "Attribute to map the quota to." : "Egenskap å tilordne kvoten til.", + "Attribute to map the users groups to." : "Egenskap for å tilordne brukergruppene til.", + "Attribute to map the users home to." : "Egenskap for å tilordne hjem for brukere til.", + "Email address" : "E-post adresse", + "Encrypted" : "Kryptert", + "Entity" : "Enhet", + "Kerberos" : "Kerberos", + "Persistent" : "Vedvarende", + "Transient" : "Flyktig", + "Unspecified" : "Uspesifisert", + "Windows domain qualified name" : "Windows-domenekvalifisert navn", + "X509 subject name" : "X509 emne navn", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Bruk SAML-auth for %s-skrivebordsklienter (krever ny autentisering av brukere)", + "Optional display name of the identity provider (default: \"SSO & SAML log in\")" : "Valgfritt visningsnavn for identitetsleverandøren (standard: \"SSO & SAML logg inn\")", + "Allow the use of multiple user back-ends (e.g. LDAP)" : "Tillat bruk av flere brukerbakgrunner (f.eks. LDAP)", + "SSO & SAML authentication" : "SSO- og SAML-autentisering", + "Authenticate using single sign-on" : "Autentiser med enkel pålogging", + "Using the SSO & SAML app of your Nextcloud you can make it easily possible to integrate your existing Single-Sign-On solution with Nextcloud. In addition, you can use the Nextcloud LDAP user provider to keep the convenience for users. (e.g. when sharing)\nThe following providers are supported and tested at the moment:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Authentication via Environment Variable**\n\t* Kerberos (mod_auth_kerb)\n\t* Any other provider that authenticates using the environment variable\n\nWhile theoretically any other authentication provider implementing either one of those standards is compatible, we like to note that they are not part of any internal test matrix." : "Ved å bruke SSO & SAML-appen til Nextcloud kan du enkelt gjøre det mulig å integrere din eksisterende Single Sign-On-løsning med Nextcloud. I tillegg kan du bruke Nextcloud LDAP-brukerleverandøren for å beholde brukerne. (f.eks. når du deler)\nFølgende leverandører støttes og testes for øyeblikket:\n\n* ** SAML 2.0 **\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* ** Autentisering via miljøvariabel **\n\t* Kerberos (mod_auth_kerb)\n\t* Enhver annen leverandør som autentiserer ved hjelp av miljøvariabelen\n\nMens teoretisk er alle andre godkjenningsleverandører som implementerer en av disse standardene kompatible, vil vi merke at de ikke er en del av noen intern testmatrise.", + "Open documentation" : "Åpne dokumentasjonen", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you enabled \"%s\" or you go directly to the URL %s." : "Sørg for å konfigurere en administrativ bruker som har tilgang til forekomsten via SSO. Innlogging med den vanlige %s kontoen din vil ikke være mulig lenger, med mindre du har aktivert \"%s\" eller du går direkte til URL-en %s.", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you go directly to the URL %s." : "Sørg for å konfigurere en administrativ bruker som har tilgang til forekomsten via SSO. Innlogging med den vanlige %s kontoen din vil ikke være mulig lenger, med mindre du går direkte til URL-en %s.", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Velg om du vil identifisere deg med SAML-tilbyderen som er innebygget i Nextcloud eller om du vil du vil identifisere deg mot en miljøvariabel.", + "Use built-in SAML authentication" : "Bruk innebygd SAML-autentisering", + "Use environment variable" : "Bruk miljøvariabel", + "Global settings" : "Globale innstillinger", + "Remove identity provider" : "Fjern identitetstilbyder.", + "Add identity provider" : "Legg til identitetstilbyder", + "General" : "Generelt", + "Service Provider Data" : "Tjenesteleverandørdata", + "If your Service Provider should use certificates you can optionally specify them here." : "Hvis din tjenesteleverandør skal bruke sertifikater kan du velge å spesifisere dem her.", + "Show Service Provider settings…" : "Vis tjenesteleverandørinnstillinger…", + "Name ID format" : "Navn ID format", + "Identity Provider Data" : "Identitetstilbyder-data", + "Configure your IdP settings here." : "Konfigurer dine IdP innstillinger her.", + "Identifier of the IdP entity (must be a URI)" : "Identifikator for IdP-enheten (må være en URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "URL-mål for IdP der SP vil sende autentiseringsforespørselsmeldingen", + "Show optional Identity Provider settings…" : "Vis valgfrie identitetstilbyderinnstillinger…", + "URL Location of the IdP where the SP will send the SLO Request" : "URL-plassering for IdP der SP vil sende SLO-forespørselen", + "Public X.509 certificate of the IdP" : "Offentlig X.509 sertificat for IdP", + "Attribute mapping" : "Attributt-binding", + "If you want to optionally map attributes to the user you can configure these here." : "Hvis du valgfritt ønsker å knytte attributter til brukeren kan du sette opp disse her.", + "Show attribute mapping settings…" : "Vis attributttilnytningsinnstillinger…", + "Security settings" : "Sikkerhetsinnstillinger", + "For increased security we recommend enabling the following settings if supported by your environment." : "For økt sikkerhet anbefaler vi at du aktiverer følgende innstillinger hvis det er støttet i ditt systemlandskap.", + "Show security settings…" : "Vis sikkerhetsinnstillinger …", + "Signatures and encryption offered" : "Signaturer og kryptering er tilbudt", + "Signatures and encryption required" : "Signaturer og kryptering er påkrevd", + "Download metadata XML" : "Last ned XML med metadata", + "Reset settings" : "Tilbakestill innstillinger", + "Metadata invalid" : "Ugyldige metadata", + "Metadata valid" : "Gyldige metadata", + "Error" : "Feil", + "Account not provisioned." : "Kontoen er ikke klargjort", + "Your account is not provisioned, access to this service is thus not possible." : "Din konto er ikke klargjort, tilgang til denne tjenesten er ikke mulig akkurat nå.", + "Login options:" : "Innloggingsinstillinger:", + "Choose a authentication provider" : "Velg en autentiseringstilbyder" +}, +"nplurals=2; plural=(n != 1);"); diff --git a/docker/nextcloud/custom_apps/user_saml/l10n/nb.json b/docker/nextcloud/custom_apps/user_saml/l10n/nb.json new file mode 100644 index 0000000..d0fba5d --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/l10n/nb.json @@ -0,0 +1,86 @@ +{ "translations": { + "This user account is disabled, please contact your administrator." : "Denne brukerkontoen er avskrudd, kontakt administratoren din.", + "Saved" : "Lagret", + "Provider" : "Tilbyder", + "Unknown error, please check the log file for more details." : "Ukjent feil, sjekk loggfilen for flere detaljer.", + "Direct log in" : "Direkte innlogging", + "SSO & SAML log in" : "SSO- og SAML -innlogging", + "This page should not be visited directly." : "Denne siden bør ikke besøkes direkte.", + "Provider " : "Tilbyder", + "X.509 certificate of the Service Provider" : "X.509-sertifikat for tjenesteleverandøren", + "Private key of the Service Provider" : "Privat nøkkel for tjenesteleverandøren", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Forteller om av denne SPen er kryptert.", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Forteller om -meldinger sendt av denne SP-en vil bli signert. [Metadataen til SP-en vil ha denne infoen å by på]", + "Indicates whether the messages sent by this SP will be signed." : "Forteller om av denne SPen er signert.", + "Indicates whether the messages sent by this SP will be signed." : "Forteller om av denne SP-en er signert.", + "Whether the metadata should be signed." : "Om metadataene skal være signert.", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Forteller om kravet om signering for , og -elementer mottatt av denne SP-en.", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Forteller om kravet om signering for -elementer mottatt av denne SP-en. [Metadataen til denne SP-en vil ha denne infoen å by på]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Forteller om kravet for om kryptering for -elementer mottatt av denne SP-en.", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Forteller om kravet om at dette NameID-elementet på SAMLResponse mottatt av denne SP-en skal være tilstede.", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Forteller om kravet om at NameID mottatt av denne SP-en skal være kryptert.", + "Indicates if the SP will validate all received XML." : "Forteller om SP-en skal validere all mottatt XML.", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS URL-koder SAML-data som små bokstaver, og verktøyssettet bruker store bokstaver som forvalg. Skru på for ADFS-kompabilitet for signaturbekreftelse.", + "Algorithm that the toolkit will use on signing process." : "Algoritme som verktøysettet skal bruke ved signeringsprosessen.", + "Attribute to map the UID to." : "Attributt å binde UID til.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Bare tillat autentisering hvis en konto finnes på en annen bakende. (f.eks. LDAP)", + "Attribute to map the displayname to." : "Attributt å binde visningsnavnet til.", + "Attribute to map the email address to." : "Attributt å binde e-postadressen til.", + "Attribute to map the quota to." : "Egenskap å tilordne kvoten til.", + "Attribute to map the users groups to." : "Egenskap for å tilordne brukergruppene til.", + "Attribute to map the users home to." : "Egenskap for å tilordne hjem for brukere til.", + "Email address" : "E-post adresse", + "Encrypted" : "Kryptert", + "Entity" : "Enhet", + "Kerberos" : "Kerberos", + "Persistent" : "Vedvarende", + "Transient" : "Flyktig", + "Unspecified" : "Uspesifisert", + "Windows domain qualified name" : "Windows-domenekvalifisert navn", + "X509 subject name" : "X509 emne navn", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Bruk SAML-auth for %s-skrivebordsklienter (krever ny autentisering av brukere)", + "Optional display name of the identity provider (default: \"SSO & SAML log in\")" : "Valgfritt visningsnavn for identitetsleverandøren (standard: \"SSO & SAML logg inn\")", + "Allow the use of multiple user back-ends (e.g. LDAP)" : "Tillat bruk av flere brukerbakgrunner (f.eks. LDAP)", + "SSO & SAML authentication" : "SSO- og SAML-autentisering", + "Authenticate using single sign-on" : "Autentiser med enkel pålogging", + "Using the SSO & SAML app of your Nextcloud you can make it easily possible to integrate your existing Single-Sign-On solution with Nextcloud. In addition, you can use the Nextcloud LDAP user provider to keep the convenience for users. (e.g. when sharing)\nThe following providers are supported and tested at the moment:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Authentication via Environment Variable**\n\t* Kerberos (mod_auth_kerb)\n\t* Any other provider that authenticates using the environment variable\n\nWhile theoretically any other authentication provider implementing either one of those standards is compatible, we like to note that they are not part of any internal test matrix." : "Ved å bruke SSO & SAML-appen til Nextcloud kan du enkelt gjøre det mulig å integrere din eksisterende Single Sign-On-løsning med Nextcloud. I tillegg kan du bruke Nextcloud LDAP-brukerleverandøren for å beholde brukerne. (f.eks. når du deler)\nFølgende leverandører støttes og testes for øyeblikket:\n\n* ** SAML 2.0 **\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* ** Autentisering via miljøvariabel **\n\t* Kerberos (mod_auth_kerb)\n\t* Enhver annen leverandør som autentiserer ved hjelp av miljøvariabelen\n\nMens teoretisk er alle andre godkjenningsleverandører som implementerer en av disse standardene kompatible, vil vi merke at de ikke er en del av noen intern testmatrise.", + "Open documentation" : "Åpne dokumentasjonen", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you enabled \"%s\" or you go directly to the URL %s." : "Sørg for å konfigurere en administrativ bruker som har tilgang til forekomsten via SSO. Innlogging med den vanlige %s kontoen din vil ikke være mulig lenger, med mindre du har aktivert \"%s\" eller du går direkte til URL-en %s.", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you go directly to the URL %s." : "Sørg for å konfigurere en administrativ bruker som har tilgang til forekomsten via SSO. Innlogging med den vanlige %s kontoen din vil ikke være mulig lenger, med mindre du går direkte til URL-en %s.", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Velg om du vil identifisere deg med SAML-tilbyderen som er innebygget i Nextcloud eller om du vil du vil identifisere deg mot en miljøvariabel.", + "Use built-in SAML authentication" : "Bruk innebygd SAML-autentisering", + "Use environment variable" : "Bruk miljøvariabel", + "Global settings" : "Globale innstillinger", + "Remove identity provider" : "Fjern identitetstilbyder.", + "Add identity provider" : "Legg til identitetstilbyder", + "General" : "Generelt", + "Service Provider Data" : "Tjenesteleverandørdata", + "If your Service Provider should use certificates you can optionally specify them here." : "Hvis din tjenesteleverandør skal bruke sertifikater kan du velge å spesifisere dem her.", + "Show Service Provider settings…" : "Vis tjenesteleverandørinnstillinger…", + "Name ID format" : "Navn ID format", + "Identity Provider Data" : "Identitetstilbyder-data", + "Configure your IdP settings here." : "Konfigurer dine IdP innstillinger her.", + "Identifier of the IdP entity (must be a URI)" : "Identifikator for IdP-enheten (må være en URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "URL-mål for IdP der SP vil sende autentiseringsforespørselsmeldingen", + "Show optional Identity Provider settings…" : "Vis valgfrie identitetstilbyderinnstillinger…", + "URL Location of the IdP where the SP will send the SLO Request" : "URL-plassering for IdP der SP vil sende SLO-forespørselen", + "Public X.509 certificate of the IdP" : "Offentlig X.509 sertificat for IdP", + "Attribute mapping" : "Attributt-binding", + "If you want to optionally map attributes to the user you can configure these here." : "Hvis du valgfritt ønsker å knytte attributter til brukeren kan du sette opp disse her.", + "Show attribute mapping settings…" : "Vis attributttilnytningsinnstillinger…", + "Security settings" : "Sikkerhetsinnstillinger", + "For increased security we recommend enabling the following settings if supported by your environment." : "For økt sikkerhet anbefaler vi at du aktiverer følgende innstillinger hvis det er støttet i ditt systemlandskap.", + "Show security settings…" : "Vis sikkerhetsinnstillinger …", + "Signatures and encryption offered" : "Signaturer og kryptering er tilbudt", + "Signatures and encryption required" : "Signaturer og kryptering er påkrevd", + "Download metadata XML" : "Last ned XML med metadata", + "Reset settings" : "Tilbakestill innstillinger", + "Metadata invalid" : "Ugyldige metadata", + "Metadata valid" : "Gyldige metadata", + "Error" : "Feil", + "Account not provisioned." : "Kontoen er ikke klargjort", + "Your account is not provisioned, access to this service is thus not possible." : "Din konto er ikke klargjort, tilgang til denne tjenesten er ikke mulig akkurat nå.", + "Login options:" : "Innloggingsinstillinger:", + "Choose a authentication provider" : "Velg en autentiseringstilbyder" +},"pluralForm" :"nplurals=2; plural=(n != 1);" +} \ No newline at end of file diff --git a/docker/nextcloud/custom_apps/user_saml/l10n/nl.js b/docker/nextcloud/custom_apps/user_saml/l10n/nl.js new file mode 100644 index 0000000..1c15005 --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/l10n/nl.js @@ -0,0 +1,89 @@ +OC.L10N.register( + "user_saml", + { + "This user account is disabled, please contact your administrator." : "Dit gebruikersaccount is uitgeschakeld, neem a.u.b. contact op met je beheerder.", + "Saved" : "Bewaard", + "Provider" : "Provider", + "Unknown error, please check the log file for more details." : "Onbekende fout, controleer de log voor meer details.", + "Direct log in" : "Directe log-in", + "SSO & SAML log in" : "SSO & SAML login", + "This page should not be visited directly." : "Deze pagina zou niet rechtstreeks bezocht moeten worden. ", + "Provider " : "Provider ", + "X.509 certificate of the Service Provider" : "X.509 certificaat ban de Service Provider", + "Private key of the Service Provider" : "Privésleutel van de Service Provider", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Geeft aan dat de nameID van de verzonden door deze SP zal worden versleuteld.", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Geeft aan of het bericht, verzonden door deze SP, zal worden ondertekend. [Metadata van de SP verschaft deze info]", + "Indicates whether the messages sent by this SP will be signed." : "Geeft aan of het bericht, verzonden door deze SP, zal worden ondertekend.", + "Indicates whether the messages sent by this SP will be signed." : "Geeft aan of het bericht, verzonden door deze SP, zal worden ondertekend.", + "Whether the metadata should be signed." : "Of de metadata moet worden ondertekend.", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Betekent de vereiste van de ondertekening van de , en elementen die door deze SP worden ontvangen.", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Betekent de vereiste van ondertekening van het element dat door deze SP wordt ontvangen.\n[Metadata van de SP geeft deze info]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Betekent de vereiste van versleuteling van het element dat door deze SP wordt ontvangen.", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Betekent dat het NameID element in het door deze SP ontvangen SAMLResponse aanwezig moet zijn.", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Betekent dat het NameID element dat wordt ontvangen door deze SP versleuteld moet zijn.", + "Indicates if the SP will validate all received XML." : "Geeft aan of de SP alle ontvangen XMLs zal valideren.", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS URL - codeert SAML gegevens als kleine letters en de toolkit gebruikt standaard hoofdletters. Inschakelen voor ADFS compatibiliteit voor handtekeningverificatie.", + "Algorithm that the toolkit will use on signing process." : "Algoritme dat de toolkit zal gebruiken bij het ondertekeningsproces.", + "Attribute to map the UID to." : "Attribuut om de UID op te mappen.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Sta alleen authenticatie toe als een account bestaat op een ander backend (bijv. LDAP).", + "Attribute to map the displayname to." : "weergavenaam toekennen om in kaart te brengen", + "Attribute to map the email address to." : "Email adres toekennen om in kaart te brengen", + "Attribute to map the quota to." : "Attribuut om de quota op te mappen.", + "Attribute to map the users groups to." : "Attribuut om de gebruikersgroep aan te koppelen.", + "Attribute to map the users home to." : "Attribuut om de startpagina van de gebruiekrs aan te koppelen.", + "Email address" : "E-mailadres", + "Encrypted" : "Versleuteld", + "Entity" : "Eenheid", + "Kerberos" : "Kerberos", + "Persistent" : "Blijvend", + "Transient" : "Tijdelijk", + "Unspecified" : "Ongedefinieerd", + "Windows domain qualified name" : "Windows domain qualified name", + "X509 subject name" : "X509 onderwerpnaam", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Gebruik SAML authenticatie voor de %s desktop clients (vereist gebruiker herauthenticatie)", + "Optional display name of the identity provider (default: \"SSO & SAML log in\")" : "Optionele weergave naam van de identity provider (standaard: \"SSO & SAML log-in\")", + "Allow the use of multiple user back-ends (e.g. LDAP)" : "Sta het gebruik van meerdere gebruikers back-ends toe (bijvoorbeeld LDAP)", + "SSO & SAML authentication" : "SSO & SAML authenticatie", + "Authenticate using single sign-on" : "Authenticeren via single sign-on", + "Using the SSO & SAML app of your Nextcloud you can make it easily possible to integrate your existing Single-Sign-On solution with Nextcloud. In addition, you can use the Nextcloud LDAP user provider to keep the convenience for users. (e.g. when sharing)\nThe following providers are supported and tested at the moment:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Authentication via Environment Variable**\n\t* Kerberos (mod_auth_kerb)\n\t* Any other provider that authenticates using the environment variable\n\nWhile theoretically any other authentication provider implementing either one of those standards is compatible, we like to note that they are not part of any internal test matrix." : "Door gebruik te maken van de SSO & SAML app van je Nextcloud kun je makkelijk je bestaande Single-Sign-On oplossing integreren met Nextcloud. En daarbij kun je ook de Nextcloud LDAP gebruikersbeheerfuncties gebruiken voor meer gebruiksgemak van de gebruikers (bijv nij delen)\nDe volgende providers worden momenteel ondersteund en getest :\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Authenticatie via Omgevingsvariabele**\n\t* Kerberos (mod_auth_kerb)\n\t* Elke andere provider die inloggen via de omgevingsvariabele biedt\n\nHoewel in theorie elke andere authenticatieprovider die deze standaarden hanteert ook compatible zou moeten zijn, moeten we opmerken dat deze geen onderdeel van de interne testmatrix zijn.", + "Open documentation" : "Open documentatie", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you enabled \"%s\" or you go directly to the URL %s." : "Zorg ervoor dat er een gebruiker is met administratieve toegang om de instantie te benaderen met SSO. Inloggen met een reguliere %s account is niet langer mogelijk, tenzij \"%s\" is ingeschakeld of je direct naar URL %skunt gaan.", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you go directly to the URL %s." : "Zorg ervoor dat er een gebruiker is met administratieve toegang om de instantie te benaderen met SSO. Inloggen met een reguliere account is niet langer mogelijk, tenzij %s is ingeschakeld of je direct naar URL %s kunt gaan.", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Kies of je wilt authenticeren via de in Nextcloud ingebouwde SAML provider, of dat je wilt authenticeren tegen een omgevingsvariabele", + "Use built-in SAML authentication" : "Ingebouwde SAML authenticatie gebruiken", + "Use environment variable" : "Gebruik een omgevingsvariabele", + "Global settings" : "Globale instellingen", + "Remove identity provider" : "Verwijderen identity provider", + "Add identity provider" : "Toevoegen identity provider", + "General" : "Algemeen", + "Service Provider Data" : "Service Provider gegevens", + "If your Service Provider should use certificates you can optionally specify them here." : "Als je Service Provider certificaten moet gebruiken, kun je die hier optioneel opgeven.", + "Show Service Provider settings…" : "Serviceverleners instellingen weergeven...", + "Name ID format" : "Naam ID formaat", + "Identity Provider Data" : "Identity Provider gegevens", + "Configure your IdP settings here." : "Configureer hier je IdP instellingen.", + "Identifier of the IdP entity (must be a URI)" : "Identificatie van de IdP (moet een URI zijn)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "URL doel van de IdP waar de SP het Authentication Request Message naartoe zal versturen", + "Show optional Identity Provider settings…" : "Optionele Identiteit serviceverleners instellingen weergeven...", + "URL Location of the IdP where the SP will send the SLO Request" : "URL locatie van de IdP waar de SP het SLO Request naartoe zal versturen", + "URL Location of the IDP's SLO Response" : "URL locatie van de IDP's SLO Response", + "Public X.509 certificate of the IdP" : "Publiek X.509 certificaat van de IdP", + "Attribute mapping" : "mapping toekennen", + "If you want to optionally map attributes to the user you can configure these here." : "Mocht je optionele kenmerken aan de gebruiker wilt koppelen, kun je deze hier instellen", + "Show attribute mapping settings…" : "Attribuut instellingen weergeven...", + "Security settings" : "Beveiligingsinstellingen", + "For increased security we recommend enabling the following settings if supported by your environment." : "Voor verhoogde beveiliging adviseren we om de volgende instellingen te activeren als die door jouw omgeving worden ondersteund.", + "Show security settings…" : "Beveiligingsinstellingen weergeven...", + "Signatures and encryption offered" : "Beschikbare handtekeningen en versleuteling", + "Signatures and encryption required" : "Vereiste handtekeningen en versleuteling", + "Download metadata XML" : "Downloaden metadata XML", + "Reset settings" : "Terugzetten instellingen", + "Metadata invalid" : "Metadata ongeldig", + "Metadata valid" : "Metadata geldig", + "Error" : "Fout", + "Account not provisioned." : "Account niet verstrekt.", + "Your account is not provisioned, access to this service is thus not possible." : "Je account is niet verstrekt, toegang tot deze dienst is dus niet mogelijk.", + "Login options:" : "Inlogopties:", + "Choose a authentication provider" : "Kies een authenticatieprovider" +}, +"nplurals=2; plural=(n != 1);"); diff --git a/docker/nextcloud/custom_apps/user_saml/l10n/nl.json b/docker/nextcloud/custom_apps/user_saml/l10n/nl.json new file mode 100644 index 0000000..98daf52 --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/l10n/nl.json @@ -0,0 +1,87 @@ +{ "translations": { + "This user account is disabled, please contact your administrator." : "Dit gebruikersaccount is uitgeschakeld, neem a.u.b. contact op met je beheerder.", + "Saved" : "Bewaard", + "Provider" : "Provider", + "Unknown error, please check the log file for more details." : "Onbekende fout, controleer de log voor meer details.", + "Direct log in" : "Directe log-in", + "SSO & SAML log in" : "SSO & SAML login", + "This page should not be visited directly." : "Deze pagina zou niet rechtstreeks bezocht moeten worden. ", + "Provider " : "Provider ", + "X.509 certificate of the Service Provider" : "X.509 certificaat ban de Service Provider", + "Private key of the Service Provider" : "Privésleutel van de Service Provider", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Geeft aan dat de nameID van de verzonden door deze SP zal worden versleuteld.", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Geeft aan of het bericht, verzonden door deze SP, zal worden ondertekend. [Metadata van de SP verschaft deze info]", + "Indicates whether the messages sent by this SP will be signed." : "Geeft aan of het bericht, verzonden door deze SP, zal worden ondertekend.", + "Indicates whether the messages sent by this SP will be signed." : "Geeft aan of het bericht, verzonden door deze SP, zal worden ondertekend.", + "Whether the metadata should be signed." : "Of de metadata moet worden ondertekend.", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Betekent de vereiste van de ondertekening van de , en elementen die door deze SP worden ontvangen.", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Betekent de vereiste van ondertekening van het element dat door deze SP wordt ontvangen.\n[Metadata van de SP geeft deze info]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Betekent de vereiste van versleuteling van het element dat door deze SP wordt ontvangen.", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Betekent dat het NameID element in het door deze SP ontvangen SAMLResponse aanwezig moet zijn.", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Betekent dat het NameID element dat wordt ontvangen door deze SP versleuteld moet zijn.", + "Indicates if the SP will validate all received XML." : "Geeft aan of de SP alle ontvangen XMLs zal valideren.", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS URL - codeert SAML gegevens als kleine letters en de toolkit gebruikt standaard hoofdletters. Inschakelen voor ADFS compatibiliteit voor handtekeningverificatie.", + "Algorithm that the toolkit will use on signing process." : "Algoritme dat de toolkit zal gebruiken bij het ondertekeningsproces.", + "Attribute to map the UID to." : "Attribuut om de UID op te mappen.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Sta alleen authenticatie toe als een account bestaat op een ander backend (bijv. LDAP).", + "Attribute to map the displayname to." : "weergavenaam toekennen om in kaart te brengen", + "Attribute to map the email address to." : "Email adres toekennen om in kaart te brengen", + "Attribute to map the quota to." : "Attribuut om de quota op te mappen.", + "Attribute to map the users groups to." : "Attribuut om de gebruikersgroep aan te koppelen.", + "Attribute to map the users home to." : "Attribuut om de startpagina van de gebruiekrs aan te koppelen.", + "Email address" : "E-mailadres", + "Encrypted" : "Versleuteld", + "Entity" : "Eenheid", + "Kerberos" : "Kerberos", + "Persistent" : "Blijvend", + "Transient" : "Tijdelijk", + "Unspecified" : "Ongedefinieerd", + "Windows domain qualified name" : "Windows domain qualified name", + "X509 subject name" : "X509 onderwerpnaam", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Gebruik SAML authenticatie voor de %s desktop clients (vereist gebruiker herauthenticatie)", + "Optional display name of the identity provider (default: \"SSO & SAML log in\")" : "Optionele weergave naam van de identity provider (standaard: \"SSO & SAML log-in\")", + "Allow the use of multiple user back-ends (e.g. LDAP)" : "Sta het gebruik van meerdere gebruikers back-ends toe (bijvoorbeeld LDAP)", + "SSO & SAML authentication" : "SSO & SAML authenticatie", + "Authenticate using single sign-on" : "Authenticeren via single sign-on", + "Using the SSO & SAML app of your Nextcloud you can make it easily possible to integrate your existing Single-Sign-On solution with Nextcloud. In addition, you can use the Nextcloud LDAP user provider to keep the convenience for users. (e.g. when sharing)\nThe following providers are supported and tested at the moment:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Authentication via Environment Variable**\n\t* Kerberos (mod_auth_kerb)\n\t* Any other provider that authenticates using the environment variable\n\nWhile theoretically any other authentication provider implementing either one of those standards is compatible, we like to note that they are not part of any internal test matrix." : "Door gebruik te maken van de SSO & SAML app van je Nextcloud kun je makkelijk je bestaande Single-Sign-On oplossing integreren met Nextcloud. En daarbij kun je ook de Nextcloud LDAP gebruikersbeheerfuncties gebruiken voor meer gebruiksgemak van de gebruikers (bijv nij delen)\nDe volgende providers worden momenteel ondersteund en getest :\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Authenticatie via Omgevingsvariabele**\n\t* Kerberos (mod_auth_kerb)\n\t* Elke andere provider die inloggen via de omgevingsvariabele biedt\n\nHoewel in theorie elke andere authenticatieprovider die deze standaarden hanteert ook compatible zou moeten zijn, moeten we opmerken dat deze geen onderdeel van de interne testmatrix zijn.", + "Open documentation" : "Open documentatie", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you enabled \"%s\" or you go directly to the URL %s." : "Zorg ervoor dat er een gebruiker is met administratieve toegang om de instantie te benaderen met SSO. Inloggen met een reguliere %s account is niet langer mogelijk, tenzij \"%s\" is ingeschakeld of je direct naar URL %skunt gaan.", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you go directly to the URL %s." : "Zorg ervoor dat er een gebruiker is met administratieve toegang om de instantie te benaderen met SSO. Inloggen met een reguliere account is niet langer mogelijk, tenzij %s is ingeschakeld of je direct naar URL %s kunt gaan.", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Kies of je wilt authenticeren via de in Nextcloud ingebouwde SAML provider, of dat je wilt authenticeren tegen een omgevingsvariabele", + "Use built-in SAML authentication" : "Ingebouwde SAML authenticatie gebruiken", + "Use environment variable" : "Gebruik een omgevingsvariabele", + "Global settings" : "Globale instellingen", + "Remove identity provider" : "Verwijderen identity provider", + "Add identity provider" : "Toevoegen identity provider", + "General" : "Algemeen", + "Service Provider Data" : "Service Provider gegevens", + "If your Service Provider should use certificates you can optionally specify them here." : "Als je Service Provider certificaten moet gebruiken, kun je die hier optioneel opgeven.", + "Show Service Provider settings…" : "Serviceverleners instellingen weergeven...", + "Name ID format" : "Naam ID formaat", + "Identity Provider Data" : "Identity Provider gegevens", + "Configure your IdP settings here." : "Configureer hier je IdP instellingen.", + "Identifier of the IdP entity (must be a URI)" : "Identificatie van de IdP (moet een URI zijn)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "URL doel van de IdP waar de SP het Authentication Request Message naartoe zal versturen", + "Show optional Identity Provider settings…" : "Optionele Identiteit serviceverleners instellingen weergeven...", + "URL Location of the IdP where the SP will send the SLO Request" : "URL locatie van de IdP waar de SP het SLO Request naartoe zal versturen", + "URL Location of the IDP's SLO Response" : "URL locatie van de IDP's SLO Response", + "Public X.509 certificate of the IdP" : "Publiek X.509 certificaat van de IdP", + "Attribute mapping" : "mapping toekennen", + "If you want to optionally map attributes to the user you can configure these here." : "Mocht je optionele kenmerken aan de gebruiker wilt koppelen, kun je deze hier instellen", + "Show attribute mapping settings…" : "Attribuut instellingen weergeven...", + "Security settings" : "Beveiligingsinstellingen", + "For increased security we recommend enabling the following settings if supported by your environment." : "Voor verhoogde beveiliging adviseren we om de volgende instellingen te activeren als die door jouw omgeving worden ondersteund.", + "Show security settings…" : "Beveiligingsinstellingen weergeven...", + "Signatures and encryption offered" : "Beschikbare handtekeningen en versleuteling", + "Signatures and encryption required" : "Vereiste handtekeningen en versleuteling", + "Download metadata XML" : "Downloaden metadata XML", + "Reset settings" : "Terugzetten instellingen", + "Metadata invalid" : "Metadata ongeldig", + "Metadata valid" : "Metadata geldig", + "Error" : "Fout", + "Account not provisioned." : "Account niet verstrekt.", + "Your account is not provisioned, access to this service is thus not possible." : "Je account is niet verstrekt, toegang tot deze dienst is dus niet mogelijk.", + "Login options:" : "Inlogopties:", + "Choose a authentication provider" : "Kies een authenticatieprovider" +},"pluralForm" :"nplurals=2; plural=(n != 1);" +} \ No newline at end of file diff --git a/docker/nextcloud/custom_apps/user_saml/l10n/pl.js b/docker/nextcloud/custom_apps/user_saml/l10n/pl.js new file mode 100644 index 0000000..dd71c8a --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/l10n/pl.js @@ -0,0 +1,89 @@ +OC.L10N.register( + "user_saml", + { + "This user account is disabled, please contact your administrator." : "To konto użytkownika jest wyłączone, skontaktuj się z administratorem.", + "Saved" : "Zapisano", + "Provider" : "Dostawca", + "Unknown error, please check the log file for more details." : "Nieznany błąd, sprawdź plik dziennika, aby dowiedzieć się więcej.", + "Direct log in" : "Bezpośrednie logowanie", + "SSO & SAML log in" : "Logowanie SSO i SAML", + "This page should not be visited directly." : "Ta strona nie powinna być odwiedzana bezpośrednio.", + "Provider " : "Dostawca", + "X.509 certificate of the Service Provider" : "Certyfikat X.509 dostawcy usługi", + "Private key of the Service Provider" : "Klucz prywatny dostawcy usługi", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Wskazuje, że nameID wysłany przez tego dostawcę usług będzie zaszyfrowany.", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Wskazuje, czy wiadomości wysłane przez tego dostawcę usług będą podpisane. [Metadane dostawcy usług będą przekazywały te informacje]", + "Indicates whether the messages sent by this SP will be signed." : "Wskazuje, czy wiadomości wysłane przez tego dostawcę usług będą podpisane.", + "Indicates whether the messages sent by this SP will be signed." : "Wskazuje, czy wiadomości wysłane przez tego dostawcę usług będą podpisane.", + "Whether the metadata should be signed." : "Określa, czy metadane powinny być podpisane.", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Wskazuje wymóg podpisania dla elementów , i otrzymanych przez tego dostawcę usług.", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Wskazuje wymóg podpisania dla elementów otrzymanych przez tego dostawcę usług. [Metadane dostawcy usług będą przekazywały te informacje]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Wskazuje wymóg szyfrowania dla elementów otrzymanych przez tego dostawcę usług.", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Wskazuje wymóg obecności elementu NameID przy SAMLResponse otrzymanego przez tego dostawcę usług.", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Wskazuje wymóg szyfrowania NameID otrzymanego przez tego dostawcę usług.", + "Indicates if the SP will validate all received XML." : "Wskazuje, czy dostawca usług zatwierdzi wszystkie odebrane XML.", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "Dane ADFS URL-Encodes SAML są małymi literami a narzędzie standardowo obsługuje duże litery. Włącz dla ADFS kompatybilność weryfikacji podpisu.", + "Algorithm that the toolkit will use on signing process." : "Algorytm, który zostanie użyty podczas procesu podpisywania.", + "Attribute to map the UID to." : "Atrybut do mapowania UID.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Zezwalaj na uwierzytelnienie tylko wtedy, jeśli konto istnieje na jakiejś innej platformie (np. LDAP)", + "Attribute to map the displayname to." : "Atrybut do mapowania wyświetlanej nazwy użytkownika.", + "Attribute to map the email address to." : "Atrybut do zamapowania adresu e-mail.", + "Attribute to map the quota to." : "Atrybut do mapowania przydziału.", + "Attribute to map the users groups to." : "Atrybut do mapowania grup użytkowników.", + "Attribute to map the users home to." : "Atrybut do mapowania katalogów domowych użytkowników.", + "Email address" : "Adres e-mail", + "Encrypted" : "Zaszyfrowane", + "Entity" : "Jednostka", + "Kerberos" : "Kerberos", + "Persistent" : "Stały", + "Transient" : "Przejściowy", + "Unspecified" : "Nieokreślony", + "Windows domain qualified name" : "Zakwalifikowana nazwa domeny Windows", + "X509 subject name" : "Nazwa X509", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Użyj uwierzytelnienia LDAP dla %s klienta desktopowego (wymaga ponownego uwierzytelnienia)", + "Optional display name of the identity provider (default: \"SSO & SAML log in\")" : "Opcjonalna wyświetlana nazwa dostawcy tożsamości (domyślnie: \"SSO & SAML log in\")", + "Allow the use of multiple user back-ends (e.g. LDAP)" : "Zezwalaj na korzystanie z zaplecza przez wielu użytkowników (np. LDAP)", + "SSO & SAML authentication" : "Uwierzytelenienie SSO i SAML", + "Authenticate using single sign-on" : "Uwierzytelniaj używając pojedynczego logowania (SSO)", + "Using the SSO & SAML app of your Nextcloud you can make it easily possible to integrate your existing Single-Sign-On solution with Nextcloud. In addition, you can use the Nextcloud LDAP user provider to keep the convenience for users. (e.g. when sharing)\nThe following providers are supported and tested at the moment:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Authentication via Environment Variable**\n\t* Kerberos (mod_auth_kerb)\n\t* Any other provider that authenticates using the environment variable\n\nWhile theoretically any other authentication provider implementing either one of those standards is compatible, we like to note that they are not part of any internal test matrix." : "Korzystając z aplikacji SSO & SAML w Nextcloud, możesz łatwo zintegrować istniejące rozwiązanie jednokrotnego logowania z Nextcloud. Ponadto możesz użyć LDAP w Nextcloud, jako dostawcy użytkownika, aby zachować wygodę dla użytkowników (np. podczas udostępniania).\nObecnie obsługiwani i testowani są dostawcy:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* ** Uwierzytelnianie za pomocą zmiennej środowiskowej **\n\t* Kerberos (mod_auth_kerb)\n\t* Każdy inny dostawca, który uwierzytelnia się przy użyciu zmiennej środowiskowej\n\nChociaż teoretycznie każdy inny dostawca wdrażający jeden z tych standardów uwierzytelniania jest zgodny, chcemy zwrócić uwagę, że nie są one częścią żadnej wewnętrznej macierzy testowej.", + "Open documentation" : "Otwórz dokumentację", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you enabled \"%s\" or you go directly to the URL %s." : "Upewnij się, że skonfigurowany został użytkownik administracyjny, który może zalogować się do instancji poprzez SSO. Logowanie za pomocą twojego zwykłego konta %s nie będzie już możliwe, chyba że włączone zostało \"%s\" lub wpiszesz bezpośrednio URL %s.", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you go directly to the URL %s." : "Upewnij się, że skonfigurowany został użytkownik administracyjny, który może zalogować się do instancji poprzez SSO. Logowanie za pomocą Twojego zwykłego konta %s nie będzie już możliwe, chyba że wpiszesz bezpośrednio adres URL %s.", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Wybierz czy chcesz uwierzytelniać używając wbudowanego w Nextcloud dostawcę SAML czy chcesz uwierzytelniać przez zmienne środowiskowe.", + "Use built-in SAML authentication" : "Użyj wbudowanego uwierzytelnienia SAML", + "Use environment variable" : "Użyj zmiennej środowiskowej", + "Global settings" : "Ustawienia globalne", + "Remove identity provider" : "Usuń dostawcę tożsamości", + "Add identity provider" : "Dodaj dostawcę tożsamości", + "General" : "Ogólne", + "Service Provider Data" : "Dane dostawcy usług", + "If your Service Provider should use certificates you can optionally specify them here." : "Jeśli Twój dostawca usług powinien używać certyfikatów, możesz opcjonalnie określić je tutaj.", + "Show Service Provider settings…" : "Pokaż ustawienia dostawcy usług…", + "Name ID format" : "Format nazwy ID", + "Identity Provider Data" : "Dane od dostawcy tożsamości", + "Configure your IdP settings here." : "Tutaj skonfiguruj swoje ustawienia IdP.", + "Identifier of the IdP entity (must be a URI)" : "Identyfikator jednostki IdP (musi być URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "Adres URL IdP, z którego dostawca usług wyśle wiadomość o żądaniu uwierzytelnienia", + "Show optional Identity Provider settings…" : "Pokaż opcjonalne ustawienia tożsamości dostawcy usług…", + "URL Location of the IdP where the SP will send the SLO Request" : "Adres URL IdP gdzie dostawca usług wyśle żądanie SLO", + "URL Location of the IDP's SLO Response" : "Adres URL lokalizacji odpowiedzi SLO IDP", + "Public X.509 certificate of the IdP" : "Publiczny certyfikat X.509 IdP", + "Attribute mapping" : "Atrybut mapowania", + "If you want to optionally map attributes to the user you can configure these here." : "Tutaj możesz opcjonalnie przypisać atrybuty użytkownikowi.", + "Show attribute mapping settings…" : "Wyświetl ustawienia atrybutów mapowania…", + "Security settings" : "Ustawienia bezpieczeństwa", + "For increased security we recommend enabling the following settings if supported by your environment." : "Dla zwiększenia bezpieczeństwa zalecamy włączenie kolejnych ustawień jeśli są wspierane przez twoje środowisko.", + "Show security settings…" : "Pokaż ustawienia bezpieczeństwa…", + "Signatures and encryption offered" : "Podpisy i szyfrowanie są oferowane", + "Signatures and encryption required" : "Podpisy i szyfrowanie są wymagane", + "Download metadata XML" : "Ściągnij metadane XML", + "Reset settings" : "Wyzeruj ustawienia", + "Metadata invalid" : "Nieprawidłowe metadane", + "Metadata valid" : "Prawidłowe metadane", + "Error" : "Błąd", + "Account not provisioned." : "Konto nie jest wspierane", + "Your account is not provisioned, access to this service is thus not possible." : "Twoje konto nie jest świadczone, dostęp do usługi jest po prostu niemożliwy.", + "Login options:" : "Opcje logowania:", + "Choose a authentication provider" : "Wybierz dostawcę uwierzytelniania" +}, +"nplurals=4; plural=(n==1 ? 0 : (n%10>=2 && n%10<=4) && (n%100<12 || n%100>14) ? 1 : n!=1 && (n%10>=0 && n%10<=1) || (n%10>=5 && n%10<=9) || (n%100>=12 && n%100<=14) ? 2 : 3);"); diff --git a/docker/nextcloud/custom_apps/user_saml/l10n/pl.json b/docker/nextcloud/custom_apps/user_saml/l10n/pl.json new file mode 100644 index 0000000..e51d00c --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/l10n/pl.json @@ -0,0 +1,87 @@ +{ "translations": { + "This user account is disabled, please contact your administrator." : "To konto użytkownika jest wyłączone, skontaktuj się z administratorem.", + "Saved" : "Zapisano", + "Provider" : "Dostawca", + "Unknown error, please check the log file for more details." : "Nieznany błąd, sprawdź plik dziennika, aby dowiedzieć się więcej.", + "Direct log in" : "Bezpośrednie logowanie", + "SSO & SAML log in" : "Logowanie SSO i SAML", + "This page should not be visited directly." : "Ta strona nie powinna być odwiedzana bezpośrednio.", + "Provider " : "Dostawca", + "X.509 certificate of the Service Provider" : "Certyfikat X.509 dostawcy usługi", + "Private key of the Service Provider" : "Klucz prywatny dostawcy usługi", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Wskazuje, że nameID wysłany przez tego dostawcę usług będzie zaszyfrowany.", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Wskazuje, czy wiadomości wysłane przez tego dostawcę usług będą podpisane. [Metadane dostawcy usług będą przekazywały te informacje]", + "Indicates whether the messages sent by this SP will be signed." : "Wskazuje, czy wiadomości wysłane przez tego dostawcę usług będą podpisane.", + "Indicates whether the messages sent by this SP will be signed." : "Wskazuje, czy wiadomości wysłane przez tego dostawcę usług będą podpisane.", + "Whether the metadata should be signed." : "Określa, czy metadane powinny być podpisane.", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Wskazuje wymóg podpisania dla elementów , i otrzymanych przez tego dostawcę usług.", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Wskazuje wymóg podpisania dla elementów otrzymanych przez tego dostawcę usług. [Metadane dostawcy usług będą przekazywały te informacje]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Wskazuje wymóg szyfrowania dla elementów otrzymanych przez tego dostawcę usług.", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Wskazuje wymóg obecności elementu NameID przy SAMLResponse otrzymanego przez tego dostawcę usług.", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Wskazuje wymóg szyfrowania NameID otrzymanego przez tego dostawcę usług.", + "Indicates if the SP will validate all received XML." : "Wskazuje, czy dostawca usług zatwierdzi wszystkie odebrane XML.", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "Dane ADFS URL-Encodes SAML są małymi literami a narzędzie standardowo obsługuje duże litery. Włącz dla ADFS kompatybilność weryfikacji podpisu.", + "Algorithm that the toolkit will use on signing process." : "Algorytm, który zostanie użyty podczas procesu podpisywania.", + "Attribute to map the UID to." : "Atrybut do mapowania UID.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Zezwalaj na uwierzytelnienie tylko wtedy, jeśli konto istnieje na jakiejś innej platformie (np. LDAP)", + "Attribute to map the displayname to." : "Atrybut do mapowania wyświetlanej nazwy użytkownika.", + "Attribute to map the email address to." : "Atrybut do zamapowania adresu e-mail.", + "Attribute to map the quota to." : "Atrybut do mapowania przydziału.", + "Attribute to map the users groups to." : "Atrybut do mapowania grup użytkowników.", + "Attribute to map the users home to." : "Atrybut do mapowania katalogów domowych użytkowników.", + "Email address" : "Adres e-mail", + "Encrypted" : "Zaszyfrowane", + "Entity" : "Jednostka", + "Kerberos" : "Kerberos", + "Persistent" : "Stały", + "Transient" : "Przejściowy", + "Unspecified" : "Nieokreślony", + "Windows domain qualified name" : "Zakwalifikowana nazwa domeny Windows", + "X509 subject name" : "Nazwa X509", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Użyj uwierzytelnienia LDAP dla %s klienta desktopowego (wymaga ponownego uwierzytelnienia)", + "Optional display name of the identity provider (default: \"SSO & SAML log in\")" : "Opcjonalna wyświetlana nazwa dostawcy tożsamości (domyślnie: \"SSO & SAML log in\")", + "Allow the use of multiple user back-ends (e.g. LDAP)" : "Zezwalaj na korzystanie z zaplecza przez wielu użytkowników (np. LDAP)", + "SSO & SAML authentication" : "Uwierzytelenienie SSO i SAML", + "Authenticate using single sign-on" : "Uwierzytelniaj używając pojedynczego logowania (SSO)", + "Using the SSO & SAML app of your Nextcloud you can make it easily possible to integrate your existing Single-Sign-On solution with Nextcloud. In addition, you can use the Nextcloud LDAP user provider to keep the convenience for users. (e.g. when sharing)\nThe following providers are supported and tested at the moment:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Authentication via Environment Variable**\n\t* Kerberos (mod_auth_kerb)\n\t* Any other provider that authenticates using the environment variable\n\nWhile theoretically any other authentication provider implementing either one of those standards is compatible, we like to note that they are not part of any internal test matrix." : "Korzystając z aplikacji SSO & SAML w Nextcloud, możesz łatwo zintegrować istniejące rozwiązanie jednokrotnego logowania z Nextcloud. Ponadto możesz użyć LDAP w Nextcloud, jako dostawcy użytkownika, aby zachować wygodę dla użytkowników (np. podczas udostępniania).\nObecnie obsługiwani i testowani są dostawcy:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* ** Uwierzytelnianie za pomocą zmiennej środowiskowej **\n\t* Kerberos (mod_auth_kerb)\n\t* Każdy inny dostawca, który uwierzytelnia się przy użyciu zmiennej środowiskowej\n\nChociaż teoretycznie każdy inny dostawca wdrażający jeden z tych standardów uwierzytelniania jest zgodny, chcemy zwrócić uwagę, że nie są one częścią żadnej wewnętrznej macierzy testowej.", + "Open documentation" : "Otwórz dokumentację", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you enabled \"%s\" or you go directly to the URL %s." : "Upewnij się, że skonfigurowany został użytkownik administracyjny, który może zalogować się do instancji poprzez SSO. Logowanie za pomocą twojego zwykłego konta %s nie będzie już możliwe, chyba że włączone zostało \"%s\" lub wpiszesz bezpośrednio URL %s.", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you go directly to the URL %s." : "Upewnij się, że skonfigurowany został użytkownik administracyjny, który może zalogować się do instancji poprzez SSO. Logowanie za pomocą Twojego zwykłego konta %s nie będzie już możliwe, chyba że wpiszesz bezpośrednio adres URL %s.", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Wybierz czy chcesz uwierzytelniać używając wbudowanego w Nextcloud dostawcę SAML czy chcesz uwierzytelniać przez zmienne środowiskowe.", + "Use built-in SAML authentication" : "Użyj wbudowanego uwierzytelnienia SAML", + "Use environment variable" : "Użyj zmiennej środowiskowej", + "Global settings" : "Ustawienia globalne", + "Remove identity provider" : "Usuń dostawcę tożsamości", + "Add identity provider" : "Dodaj dostawcę tożsamości", + "General" : "Ogólne", + "Service Provider Data" : "Dane dostawcy usług", + "If your Service Provider should use certificates you can optionally specify them here." : "Jeśli Twój dostawca usług powinien używać certyfikatów, możesz opcjonalnie określić je tutaj.", + "Show Service Provider settings…" : "Pokaż ustawienia dostawcy usług…", + "Name ID format" : "Format nazwy ID", + "Identity Provider Data" : "Dane od dostawcy tożsamości", + "Configure your IdP settings here." : "Tutaj skonfiguruj swoje ustawienia IdP.", + "Identifier of the IdP entity (must be a URI)" : "Identyfikator jednostki IdP (musi być URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "Adres URL IdP, z którego dostawca usług wyśle wiadomość o żądaniu uwierzytelnienia", + "Show optional Identity Provider settings…" : "Pokaż opcjonalne ustawienia tożsamości dostawcy usług…", + "URL Location of the IdP where the SP will send the SLO Request" : "Adres URL IdP gdzie dostawca usług wyśle żądanie SLO", + "URL Location of the IDP's SLO Response" : "Adres URL lokalizacji odpowiedzi SLO IDP", + "Public X.509 certificate of the IdP" : "Publiczny certyfikat X.509 IdP", + "Attribute mapping" : "Atrybut mapowania", + "If you want to optionally map attributes to the user you can configure these here." : "Tutaj możesz opcjonalnie przypisać atrybuty użytkownikowi.", + "Show attribute mapping settings…" : "Wyświetl ustawienia atrybutów mapowania…", + "Security settings" : "Ustawienia bezpieczeństwa", + "For increased security we recommend enabling the following settings if supported by your environment." : "Dla zwiększenia bezpieczeństwa zalecamy włączenie kolejnych ustawień jeśli są wspierane przez twoje środowisko.", + "Show security settings…" : "Pokaż ustawienia bezpieczeństwa…", + "Signatures and encryption offered" : "Podpisy i szyfrowanie są oferowane", + "Signatures and encryption required" : "Podpisy i szyfrowanie są wymagane", + "Download metadata XML" : "Ściągnij metadane XML", + "Reset settings" : "Wyzeruj ustawienia", + "Metadata invalid" : "Nieprawidłowe metadane", + "Metadata valid" : "Prawidłowe metadane", + "Error" : "Błąd", + "Account not provisioned." : "Konto nie jest wspierane", + "Your account is not provisioned, access to this service is thus not possible." : "Twoje konto nie jest świadczone, dostęp do usługi jest po prostu niemożliwy.", + "Login options:" : "Opcje logowania:", + "Choose a authentication provider" : "Wybierz dostawcę uwierzytelniania" +},"pluralForm" :"nplurals=4; plural=(n==1 ? 0 : (n%10>=2 && n%10<=4) && (n%100<12 || n%100>14) ? 1 : n!=1 && (n%10>=0 && n%10<=1) || (n%10>=5 && n%10<=9) || (n%100>=12 && n%100<=14) ? 2 : 3);" +} \ No newline at end of file diff --git a/docker/nextcloud/custom_apps/user_saml/l10n/pt_BR.js b/docker/nextcloud/custom_apps/user_saml/l10n/pt_BR.js new file mode 100644 index 0000000..b0b7e98 --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/l10n/pt_BR.js @@ -0,0 +1,89 @@ +OC.L10N.register( + "user_saml", + { + "This user account is disabled, please contact your administrator." : "Esta conta de usuário está desabilitada, contacte o administrador.", + "Saved" : "Salvo", + "Provider" : "Provedor", + "Unknown error, please check the log file for more details." : "Erro desconhecido, verifique o log para mais detalhes.", + "Direct log in" : "Login direto", + "SSO & SAML log in" : "Login SSO & SAML", + "This page should not be visited directly." : "Esta página não deve ser visitada diretamente.", + "Provider " : "Provedor", + "X.509 certificate of the Service Provider" : "Certificado X.509 do Provedor de Serviços", + "Private key of the Service Provider" : "Chave privada do Provedor de Serviços", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Indica que o ID do nome do enviado por este SP será criptografado.", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Indica se as mensagens enviadas por este SP serão assinadas. [Metadados do SP oferecerá esta informação]", + "Indicates whether the messages sent by this SP will be signed." : "Indica se as mensagens enviadas por este SP serão assinadas.", + "Indicates whether the messages sent by this SP will be signed." : "Indica se as mensagens enviadas por este SP serão assinadas.", + "Whether the metadata should be signed." : "Se os metadados devem ser assinados.", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Indica uma solicitação para os elementos , e recebidos por este SP a serem assinados.", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Indica uma solicitação para que os elementos recebidos por este SP sejam assinados. [Metadados do SP oferecerão esta informação]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Indica uma solicitação para os elementos recebidos por este SP serem criptografados.", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Indica uma solicitação para que o elemento NameID no SAMLResponse recebido por este SP esteja presente.", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Indica uma solicitação para que o NameID recebido por este SP seja criptografado.", + "Indicates if the SP will validate all received XML." : "Indica se o SP validará todos os XML recebidos.", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS URL - codifica os dados do SAML como minúsculas, e o kit de ferramentas por padrão usa letras maiúsculas. Habilite para compatibilidade do ADFS na verificação de assinaturas.", + "Algorithm that the toolkit will use on signing process." : "Algoritmo que o kit de ferramentas usará no processo de assinatura.", + "Attribute to map the UID to." : "Atributo para mapear o UID.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Apenas permitir a autenticação se uma conta existir em algum outro backend. (Por ex. LDAP)", + "Attribute to map the displayname to." : "Atributo para mapear o nome de exibição.", + "Attribute to map the email address to." : "Atributo para mapear o endereço de e-mail.", + "Attribute to map the quota to." : "Atribua a cota ao mapa.", + "Attribute to map the users groups to." : "Atributo para mapear os grupos de usuários.", + "Attribute to map the users home to." : "Atributo para mapear a localidade do usuários.", + "Email address" : "Endereço de e-mail", + "Encrypted" : "Criptografado", + "Entity" : "Entidade", + "Kerberos" : "Kerberos", + "Persistent" : "Permanente", + "Transient" : "Temporário", + "Unspecified" : "Não especificado", + "Windows domain qualified name" : "Nome qualificado do domínio do Windows", + "X509 subject name" : "Nome do tópico X509", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Usar autenticação SAML para os clientes desktop %s (a reautenticação do usuário é requerida)", + "Optional display name of the identity provider (default: \"SSO & SAML log in\")" : "Nome opcional do provedor de identidade (padrão: \"Login SSO & SAML\")", + "Allow the use of multiple user back-ends (e.g. LDAP)" : "Permitir o uso de vários backends de usuário (por ex. LDAP)", + "SSO & SAML authentication" : "Autenticação SSO & SAML", + "Authenticate using single sign-on" : "Autenticar usando logon único", + "Using the SSO & SAML app of your Nextcloud you can make it easily possible to integrate your existing Single-Sign-On solution with Nextcloud. In addition, you can use the Nextcloud LDAP user provider to keep the convenience for users. (e.g. when sharing)\nThe following providers are supported and tested at the moment:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Authentication via Environment Variable**\n\t* Kerberos (mod_auth_kerb)\n\t* Any other provider that authenticates using the environment variable\n\nWhile theoretically any other authentication provider implementing either one of those standards is compatible, we like to note that they are not part of any internal test matrix." : "Usando o aplicativo SSO & SAML do seu Nextcloud, você pode facilitar a integração da sua solução de logon único com o Nextcloud. Além disso, você pode usar o provedor de usuários LDAP do Nextcloud para facilidade dos usuários. (por exemplo, quando compartilhando)\nOs seguintes provedores são suportados e testados no momento:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Autenticação via Variáveis de Ambiente**\n\t* Kerberos (mod_auth_kerb)\n\t* Qualquer outro provedor que autentique usando variáveis de ambiente\n\nEmbora, teoricamente, qualquer outro provedor de autenticação que implemente qualquer um desses padrões seja compatível, gostaríamos de observar que eles não fazem parte de nenhuma matriz de teste interna.", + "Open documentation" : "Abrir documentação", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you enabled \"%s\" or you go directly to the URL %s." : "Certifique-se de configurar um usuário administrativo que possa acessar a instância via SSO. Fazer o login com sua conta %s normal não será mais possível, a menos que você tenha ativado \"%s\" ou você vai diretamente para a URL %s.", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you go directly to the URL %s." : "Certifique-se de configurar um usuário administrativo que possa acessar a instância via SSO. Fazer o login com sua conta %s normal não será mais possível, a menos que você vá diretamente para a URL %s.", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Por favor, escolha se deseja autenticar usando o provedor SAML integrado no Nextcloud ou se deseja autenticar com uma variável de ambiente.", + "Use built-in SAML authentication" : "Usar a autenticação built-in SAML", + "Use environment variable" : "Usar variável de ambiente", + "Global settings" : "Configurações globais", + "Remove identity provider" : "Remover provedor de identidade", + "Add identity provider" : "Adicionar provedor de identidade", + "General" : "Geral", + "Service Provider Data" : "Dados do Provedor de Serviços", + "If your Service Provider should use certificates you can optionally specify them here." : "Se o Provedor de Serviços usar certificados você pode especificá-los aqui.", + "Show Service Provider settings…" : "Exibir as configurações do Provedor de Serviços...", + "Name ID format" : "Formato do ID do nome", + "Identity Provider Data" : "Dados do Provedor de Identidade", + "Configure your IdP settings here." : "Defina suas configurações IdP aqui.", + "Identifier of the IdP entity (must be a URI)" : "Identificador da entidade IdP (deve ser uma URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "URL do IdP para onde o SP enviará a mensagem de solicitação de autenticação", + "Show optional Identity Provider settings…" : "Exibir configurações opcionais do Provedor de Identidade...", + "URL Location of the IdP where the SP will send the SLO Request" : "Localização da URL do IdP para onde o SP enviará a solicitação SLO", + "URL Location of the IDP's SLO Response" : "Localização da resposta da URL do SLO do IDP", + "Public X.509 certificate of the IdP" : "Certificado público X.509 do IdP", + "Attribute mapping" : "Mapeamento de atributo", + "If you want to optionally map attributes to the user you can configure these here." : "Aqui você pode opcionalmente mapear atributos aos usuários.", + "Show attribute mapping settings…" : "Exibir configurações de mapeamento de atributos...", + "Security settings" : "Configurações de segurança", + "For increased security we recommend enabling the following settings if supported by your environment." : "Para aumentar a segurança recomendamos ativar as seguinte configurações se seu ambiente suportar", + "Show security settings…" : "Exibir configurações de segurança...", + "Signatures and encryption offered" : "Assinaturas e criptografias oferecidas", + "Signatures and encryption required" : "Assinaturas e criptografia requeridas", + "Download metadata XML" : "Baixar metadata XML", + "Reset settings" : "Redefinir as configurações", + "Metadata invalid" : "Metadado inválido", + "Metadata valid" : "Metadado válido", + "Error" : "Erro", + "Account not provisioned." : "Conta não provisionada", + "Your account is not provisioned, access to this service is thus not possible." : "Seu conta não é provisionada. O acesso a esse serviço não é possível", + "Login options:" : "Opções de login:", + "Choose a authentication provider" : "Escolha um provedor de autenticação" +}, +"nplurals=2; plural=(n > 1);"); diff --git a/docker/nextcloud/custom_apps/user_saml/l10n/pt_BR.json b/docker/nextcloud/custom_apps/user_saml/l10n/pt_BR.json new file mode 100644 index 0000000..37d3ae0 --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/l10n/pt_BR.json @@ -0,0 +1,87 @@ +{ "translations": { + "This user account is disabled, please contact your administrator." : "Esta conta de usuário está desabilitada, contacte o administrador.", + "Saved" : "Salvo", + "Provider" : "Provedor", + "Unknown error, please check the log file for more details." : "Erro desconhecido, verifique o log para mais detalhes.", + "Direct log in" : "Login direto", + "SSO & SAML log in" : "Login SSO & SAML", + "This page should not be visited directly." : "Esta página não deve ser visitada diretamente.", + "Provider " : "Provedor", + "X.509 certificate of the Service Provider" : "Certificado X.509 do Provedor de Serviços", + "Private key of the Service Provider" : "Chave privada do Provedor de Serviços", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Indica que o ID do nome do enviado por este SP será criptografado.", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Indica se as mensagens enviadas por este SP serão assinadas. [Metadados do SP oferecerá esta informação]", + "Indicates whether the messages sent by this SP will be signed." : "Indica se as mensagens enviadas por este SP serão assinadas.", + "Indicates whether the messages sent by this SP will be signed." : "Indica se as mensagens enviadas por este SP serão assinadas.", + "Whether the metadata should be signed." : "Se os metadados devem ser assinados.", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Indica uma solicitação para os elementos , e recebidos por este SP a serem assinados.", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Indica uma solicitação para que os elementos recebidos por este SP sejam assinados. [Metadados do SP oferecerão esta informação]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Indica uma solicitação para os elementos recebidos por este SP serem criptografados.", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Indica uma solicitação para que o elemento NameID no SAMLResponse recebido por este SP esteja presente.", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Indica uma solicitação para que o NameID recebido por este SP seja criptografado.", + "Indicates if the SP will validate all received XML." : "Indica se o SP validará todos os XML recebidos.", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS URL - codifica os dados do SAML como minúsculas, e o kit de ferramentas por padrão usa letras maiúsculas. Habilite para compatibilidade do ADFS na verificação de assinaturas.", + "Algorithm that the toolkit will use on signing process." : "Algoritmo que o kit de ferramentas usará no processo de assinatura.", + "Attribute to map the UID to." : "Atributo para mapear o UID.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Apenas permitir a autenticação se uma conta existir em algum outro backend. (Por ex. LDAP)", + "Attribute to map the displayname to." : "Atributo para mapear o nome de exibição.", + "Attribute to map the email address to." : "Atributo para mapear o endereço de e-mail.", + "Attribute to map the quota to." : "Atribua a cota ao mapa.", + "Attribute to map the users groups to." : "Atributo para mapear os grupos de usuários.", + "Attribute to map the users home to." : "Atributo para mapear a localidade do usuários.", + "Email address" : "Endereço de e-mail", + "Encrypted" : "Criptografado", + "Entity" : "Entidade", + "Kerberos" : "Kerberos", + "Persistent" : "Permanente", + "Transient" : "Temporário", + "Unspecified" : "Não especificado", + "Windows domain qualified name" : "Nome qualificado do domínio do Windows", + "X509 subject name" : "Nome do tópico X509", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Usar autenticação SAML para os clientes desktop %s (a reautenticação do usuário é requerida)", + "Optional display name of the identity provider (default: \"SSO & SAML log in\")" : "Nome opcional do provedor de identidade (padrão: \"Login SSO & SAML\")", + "Allow the use of multiple user back-ends (e.g. LDAP)" : "Permitir o uso de vários backends de usuário (por ex. LDAP)", + "SSO & SAML authentication" : "Autenticação SSO & SAML", + "Authenticate using single sign-on" : "Autenticar usando logon único", + "Using the SSO & SAML app of your Nextcloud you can make it easily possible to integrate your existing Single-Sign-On solution with Nextcloud. In addition, you can use the Nextcloud LDAP user provider to keep the convenience for users. (e.g. when sharing)\nThe following providers are supported and tested at the moment:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Authentication via Environment Variable**\n\t* Kerberos (mod_auth_kerb)\n\t* Any other provider that authenticates using the environment variable\n\nWhile theoretically any other authentication provider implementing either one of those standards is compatible, we like to note that they are not part of any internal test matrix." : "Usando o aplicativo SSO & SAML do seu Nextcloud, você pode facilitar a integração da sua solução de logon único com o Nextcloud. Além disso, você pode usar o provedor de usuários LDAP do Nextcloud para facilidade dos usuários. (por exemplo, quando compartilhando)\nOs seguintes provedores são suportados e testados no momento:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Autenticação via Variáveis de Ambiente**\n\t* Kerberos (mod_auth_kerb)\n\t* Qualquer outro provedor que autentique usando variáveis de ambiente\n\nEmbora, teoricamente, qualquer outro provedor de autenticação que implemente qualquer um desses padrões seja compatível, gostaríamos de observar que eles não fazem parte de nenhuma matriz de teste interna.", + "Open documentation" : "Abrir documentação", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you enabled \"%s\" or you go directly to the URL %s." : "Certifique-se de configurar um usuário administrativo que possa acessar a instância via SSO. Fazer o login com sua conta %s normal não será mais possível, a menos que você tenha ativado \"%s\" ou você vai diretamente para a URL %s.", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you go directly to the URL %s." : "Certifique-se de configurar um usuário administrativo que possa acessar a instância via SSO. Fazer o login com sua conta %s normal não será mais possível, a menos que você vá diretamente para a URL %s.", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Por favor, escolha se deseja autenticar usando o provedor SAML integrado no Nextcloud ou se deseja autenticar com uma variável de ambiente.", + "Use built-in SAML authentication" : "Usar a autenticação built-in SAML", + "Use environment variable" : "Usar variável de ambiente", + "Global settings" : "Configurações globais", + "Remove identity provider" : "Remover provedor de identidade", + "Add identity provider" : "Adicionar provedor de identidade", + "General" : "Geral", + "Service Provider Data" : "Dados do Provedor de Serviços", + "If your Service Provider should use certificates you can optionally specify them here." : "Se o Provedor de Serviços usar certificados você pode especificá-los aqui.", + "Show Service Provider settings…" : "Exibir as configurações do Provedor de Serviços...", + "Name ID format" : "Formato do ID do nome", + "Identity Provider Data" : "Dados do Provedor de Identidade", + "Configure your IdP settings here." : "Defina suas configurações IdP aqui.", + "Identifier of the IdP entity (must be a URI)" : "Identificador da entidade IdP (deve ser uma URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "URL do IdP para onde o SP enviará a mensagem de solicitação de autenticação", + "Show optional Identity Provider settings…" : "Exibir configurações opcionais do Provedor de Identidade...", + "URL Location of the IdP where the SP will send the SLO Request" : "Localização da URL do IdP para onde o SP enviará a solicitação SLO", + "URL Location of the IDP's SLO Response" : "Localização da resposta da URL do SLO do IDP", + "Public X.509 certificate of the IdP" : "Certificado público X.509 do IdP", + "Attribute mapping" : "Mapeamento de atributo", + "If you want to optionally map attributes to the user you can configure these here." : "Aqui você pode opcionalmente mapear atributos aos usuários.", + "Show attribute mapping settings…" : "Exibir configurações de mapeamento de atributos...", + "Security settings" : "Configurações de segurança", + "For increased security we recommend enabling the following settings if supported by your environment." : "Para aumentar a segurança recomendamos ativar as seguinte configurações se seu ambiente suportar", + "Show security settings…" : "Exibir configurações de segurança...", + "Signatures and encryption offered" : "Assinaturas e criptografias oferecidas", + "Signatures and encryption required" : "Assinaturas e criptografia requeridas", + "Download metadata XML" : "Baixar metadata XML", + "Reset settings" : "Redefinir as configurações", + "Metadata invalid" : "Metadado inválido", + "Metadata valid" : "Metadado válido", + "Error" : "Erro", + "Account not provisioned." : "Conta não provisionada", + "Your account is not provisioned, access to this service is thus not possible." : "Seu conta não é provisionada. O acesso a esse serviço não é possível", + "Login options:" : "Opções de login:", + "Choose a authentication provider" : "Escolha um provedor de autenticação" +},"pluralForm" :"nplurals=2; plural=(n > 1);" +} \ No newline at end of file diff --git a/docker/nextcloud/custom_apps/user_saml/l10n/pt_PT.js b/docker/nextcloud/custom_apps/user_saml/l10n/pt_PT.js new file mode 100644 index 0000000..85b6400 --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/l10n/pt_PT.js @@ -0,0 +1,20 @@ +OC.L10N.register( + "user_saml", + { + "This user account is disabled, please contact your administrator." : "Esta conta do utilizador está desativada, por favor, contacte o seu administrador.", + "Saved" : "Guardado", + "Provider" : "Fornecedor", + "Provider " : "Fornecedor", + "SSO & SAML authentication" : "Autenticação SSO e SAML", + "Open documentation" : "Abrir documentação", + "Global settings" : "Definições globais", + "General" : "Geral", + "Security settings" : "Definições de segurança", + "Show security settings…" : "Mostrar definições de segurança...", + "Download metadata XML" : "Transferir metadados XML", + "Reset settings" : "Reiniciar definições", + "Metadata invalid" : "Metadados inválidos", + "Metadata valid" : "Metadados válidos", + "Error" : "Erro" +}, +"nplurals=2; plural=(n != 1);"); diff --git a/docker/nextcloud/custom_apps/user_saml/l10n/pt_PT.json b/docker/nextcloud/custom_apps/user_saml/l10n/pt_PT.json new file mode 100644 index 0000000..a2bf765 --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/l10n/pt_PT.json @@ -0,0 +1,18 @@ +{ "translations": { + "This user account is disabled, please contact your administrator." : "Esta conta do utilizador está desativada, por favor, contacte o seu administrador.", + "Saved" : "Guardado", + "Provider" : "Fornecedor", + "Provider " : "Fornecedor", + "SSO & SAML authentication" : "Autenticação SSO e SAML", + "Open documentation" : "Abrir documentação", + "Global settings" : "Definições globais", + "General" : "Geral", + "Security settings" : "Definições de segurança", + "Show security settings…" : "Mostrar definições de segurança...", + "Download metadata XML" : "Transferir metadados XML", + "Reset settings" : "Reiniciar definições", + "Metadata invalid" : "Metadados inválidos", + "Metadata valid" : "Metadados válidos", + "Error" : "Erro" +},"pluralForm" :"nplurals=2; plural=(n != 1);" +} \ No newline at end of file diff --git a/docker/nextcloud/custom_apps/user_saml/l10n/ru.js b/docker/nextcloud/custom_apps/user_saml/l10n/ru.js new file mode 100644 index 0000000..42baad5 --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/l10n/ru.js @@ -0,0 +1,89 @@ +OC.L10N.register( + "user_saml", + { + "This user account is disabled, please contact your administrator." : "Учётная запись пользователя отключена, свяжитесь с администратором сервера.", + "Saved" : "Сохранено", + "Provider" : "Поставщик услуги", + "Unknown error, please check the log file for more details." : "Неизвестная ошибка, обратитесь к файлу журнала для более подробных сведений.", + "Direct log in" : "Прямой вход в систему", + "SSO & SAML log in" : "Вход через SSO и SAML", + "This page should not be visited directly." : "Невозможен прямой переход на эту страницу.", + "Provider " : "Поставщик", + "X.509 certificate of the Service Provider" : "X.509-сертификат поставщика услуг", + "Private key of the Service Provider" : "Закрытый ключ поставщика услуг", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Указывает, что nameID , отправленное этим поставщиком услуг, будет зашифровано.", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Указывает, должны ли отправляемые этим SP сообщения , быть подписанными. [Метаданные SP предложат эту информацию]", + "Indicates whether the messages sent by this SP will be signed." : "Указывает, должны ли отправляемые этим SP сообщения , быть подписанными.", + "Indicates whether the messages sent by this SP will be signed." : "Указывает, должны ли отправляемые этим SP сообщения , быть подписанными.", + "Whether the metadata should be signed." : "Должны ли быть подписаны метаданные.", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Указывает, должны ли запрашиваемые этим SP элементы , и , быть подписанными.", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Указывает, должны ли запрашиваемые этим SP элементы , быть подписанными. [Метаданные SP предложат эту информацию]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Указывает, требуется ли шифрование полученных этим SP элементов .", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Указывает, должно ли NameID, полученное этим SP, быть текущим.", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Указывает, должно ли NameID, полученное этим SP, быть зашифрованным.", + "Indicates if the SP will validate all received XML." : "Указывает, будет ли SP проверять все полученные XML.", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS кодирует в формат URL-Encoded данные SAML в нижнем регистре, а тулкит умолчанию использует верхний регистр. Включите для совместимости ADFS на проверке подписи.", + "Algorithm that the toolkit will use on signing process." : "Алгоритм для подписания. ", + "Attribute to map the UID to." : "Атрибут для привязки UID.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Позволять аутентификацию только если учётная запись существует на другом внутреннем интерфейсе (например, LDAP).", + "Attribute to map the displayname to." : "Атрибут для привязки отображаемого имени.", + "Attribute to map the email address to." : "Атрибут для привязки email.", + "Attribute to map the quota to." : "Атрибут для сопоставления квоты.", + "Attribute to map the users groups to." : "Атрибут для отображения групп пользователей.", + "Attribute to map the users home to." : "Атрибут для привязки домашней директории пользователей.", + "Email address" : "Адрес электронной почты", + "Encrypted" : "Зашифровано", + "Entity" : "Записи", + "Kerberos" : "Kerberos", + "Persistent" : "Постоянный", + "Transient" : "Временный", + "Unspecified" : "Не указано", + "Windows domain qualified name" : "Квалифицированное имя домена Windows", + "X509 subject name" : "Имя субъекта X509", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Использовать SAML для настольных клиентов синхронизации %s (потребуется повторная аутентификация пользователей)", + "Optional display name of the identity provider (default: \"SSO & SAML log in\")" : "Дополнительное отображаемое имя поставщика удостоверений (по умолчанию: «SSO & SAML log in»)", + "Allow the use of multiple user back-ends (e.g. LDAP)" : "Разрешить использование нескольких пользовательских back-end (например, LDAP)", + "SSO & SAML authentication" : "Подтверждение подлинности SSO и SAML", + "Authenticate using single sign-on" : "Аутентификация с использованием единого входа", + "Using the SSO & SAML app of your Nextcloud you can make it easily possible to integrate your existing Single-Sign-On solution with Nextcloud. In addition, you can use the Nextcloud LDAP user provider to keep the convenience for users. (e.g. when sharing)\nThe following providers are supported and tested at the moment:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Authentication via Environment Variable**\n\t* Kerberos (mod_auth_kerb)\n\t* Any other provider that authenticates using the environment variable\n\nWhile theoretically any other authentication provider implementing either one of those standards is compatible, we like to note that they are not part of any internal test matrix." : "Используя приложение SSO & SAML вашего Nextcloud, вы можете легко интегрировать существующее решение Single Sign-On с Nextcloud. Кроме того, вы можете использовать службу Nextcloud LDAP для удобства пользователей. (например, при совместном использовании)\nНа данный момент поддерживаются и тестируются следующие поставщики:\n\n* ** SAML 2.0 **\n* OneLogin\n* Shibboleth\n* Active Directory Federation Services (ADFS)\n\n* ** Аутентификация через переменную окружения **\n* Kerberos (mod_auth_kerb)\n* Любая другая служба, которая проводит аутентификацию с использованием переменной среды\n\nХотя теоретически любая другая служба аутентификации, реализующая один из этих стандартов, совместима, мы хотели бы отметить, что они не являются частью какой-либо матрицей внутренних тестов.", + "Open documentation" : "Открыть документацию", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you enabled \"%s\" or you go directly to the URL %s." : "Убедитесь, что настроен пользователь с правами администратора, который может получить доступ к экземпляру через SSO. Вход в систему с вашей обычной учетной записью %s больше не будет возможен, если вы не включили \"%s\" или вы не идёте напрямую по адресу URL %s.", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you go directly to the URL %s." : "Убедитесь, что настроен пользователь с правами администратора, который может получить доступ к экземпляру через SSO. Вход в систему с вашей обычной учетной записью %s больше не будет возможен, если вы не идёте напрямую по адресу URL %s.", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Выберите, хотите ли вы проверять подлинность с помощью встроенного в Nextcloud провайдера SAML или же хотите использовать для этого переменные окружения.", + "Use built-in SAML authentication" : "Использовать встроенную SAML аутентификацию", + "Use environment variable" : "Использовать переменные окружения", + "Global settings" : "Общие настройки", + "Remove identity provider" : "Удалить поставщика удостоверений", + "Add identity provider" : "Добавить поставщика удостоверений", + "General" : "Основные", + "Service Provider Data" : "Данные поставщика услуг (SP)", + "If your Service Provider should use certificates you can optionally specify them here." : "Если вашему SP следует использовать сертификаты, вы сможете дополнительно указать их тут.", + "Show Service Provider settings…" : "Показать настройки поставщика услуг…", + "Name ID format" : "Формат ID имени", + "Identity Provider Data" : "Данные провайдера идентификации (IdP)", + "Configure your IdP settings here." : "Настройте тут параметры вашего IdP.", + "Identifier of the IdP entity (must be a URI)" : "Идентификатор записи IdP (в формате URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "URL провайдера идентификации (IdP), на который поставщик услуг (SP) будет отправлять запрос подтверждения подлинности", + "Show optional Identity Provider settings…" : "Показать дополнительные настройки провайдера идентификации", + "URL Location of the IdP where the SP will send the SLO Request" : "URL адрес IdP, куда SP будет оправлять запросы SLO.", + "URL Location of the IDP's SLO Response" : "URL адрес ответа IDP SLO", + "Public X.509 certificate of the IdP" : "Открытый сертификат X.509 ldP", + "Attribute mapping" : "Привязка атрибутов", + "If you want to optionally map attributes to the user you can configure these here." : "Здесь можно настроить дополнительную привязку атрибутов пользователю.", + "Show attribute mapping settings…" : "Показать настройки привязки атрибутов…", + "Security settings" : "Настройки безопасности", + "For increased security we recommend enabling the following settings if supported by your environment." : "Для повышения безопасности рекомендуем использовать следующие настройки, если они поддерживаются вашим окружением.", + "Show security settings…" : "Показать настройки безопасности…", + "Signatures and encryption offered" : "Предложены подписи и шихрование", + "Signatures and encryption required" : "Требуется подпись и шифрование", + "Download metadata XML" : "Скачать метаданные XML", + "Reset settings" : "Сбросить настройки", + "Metadata invalid" : "Метаданные не верны", + "Metadata valid" : "Метаданные верны", + "Error" : "Ошибка", + "Account not provisioned." : "Учётная запись не обслуживается.", + "Your account is not provisioned, access to this service is thus not possible." : "Ваша учётная запись не обслуживается. Доступ к этой услуге, таким образом, не представляется возможным.", + "Login options:" : "Варианты входа:", + "Choose a authentication provider" : "Выберите службу аутентификации" +}, +"nplurals=4; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n%10<=4 && (n%100<12 || n%100>14) ? 1 : n%10==0 || (n%10>=5 && n%10<=9) || (n%100>=11 && n%100<=14)? 2 : 3);"); diff --git a/docker/nextcloud/custom_apps/user_saml/l10n/ru.json b/docker/nextcloud/custom_apps/user_saml/l10n/ru.json new file mode 100644 index 0000000..2d2bf80 --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/l10n/ru.json @@ -0,0 +1,87 @@ +{ "translations": { + "This user account is disabled, please contact your administrator." : "Учётная запись пользователя отключена, свяжитесь с администратором сервера.", + "Saved" : "Сохранено", + "Provider" : "Поставщик услуги", + "Unknown error, please check the log file for more details." : "Неизвестная ошибка, обратитесь к файлу журнала для более подробных сведений.", + "Direct log in" : "Прямой вход в систему", + "SSO & SAML log in" : "Вход через SSO и SAML", + "This page should not be visited directly." : "Невозможен прямой переход на эту страницу.", + "Provider " : "Поставщик", + "X.509 certificate of the Service Provider" : "X.509-сертификат поставщика услуг", + "Private key of the Service Provider" : "Закрытый ключ поставщика услуг", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Указывает, что nameID , отправленное этим поставщиком услуг, будет зашифровано.", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Указывает, должны ли отправляемые этим SP сообщения , быть подписанными. [Метаданные SP предложат эту информацию]", + "Indicates whether the messages sent by this SP will be signed." : "Указывает, должны ли отправляемые этим SP сообщения , быть подписанными.", + "Indicates whether the messages sent by this SP will be signed." : "Указывает, должны ли отправляемые этим SP сообщения , быть подписанными.", + "Whether the metadata should be signed." : "Должны ли быть подписаны метаданные.", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Указывает, должны ли запрашиваемые этим SP элементы , и , быть подписанными.", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Указывает, должны ли запрашиваемые этим SP элементы , быть подписанными. [Метаданные SP предложат эту информацию]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Указывает, требуется ли шифрование полученных этим SP элементов .", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Указывает, должно ли NameID, полученное этим SP, быть текущим.", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Указывает, должно ли NameID, полученное этим SP, быть зашифрованным.", + "Indicates if the SP will validate all received XML." : "Указывает, будет ли SP проверять все полученные XML.", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS кодирует в формат URL-Encoded данные SAML в нижнем регистре, а тулкит умолчанию использует верхний регистр. Включите для совместимости ADFS на проверке подписи.", + "Algorithm that the toolkit will use on signing process." : "Алгоритм для подписания. ", + "Attribute to map the UID to." : "Атрибут для привязки UID.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Позволять аутентификацию только если учётная запись существует на другом внутреннем интерфейсе (например, LDAP).", + "Attribute to map the displayname to." : "Атрибут для привязки отображаемого имени.", + "Attribute to map the email address to." : "Атрибут для привязки email.", + "Attribute to map the quota to." : "Атрибут для сопоставления квоты.", + "Attribute to map the users groups to." : "Атрибут для отображения групп пользователей.", + "Attribute to map the users home to." : "Атрибут для привязки домашней директории пользователей.", + "Email address" : "Адрес электронной почты", + "Encrypted" : "Зашифровано", + "Entity" : "Записи", + "Kerberos" : "Kerberos", + "Persistent" : "Постоянный", + "Transient" : "Временный", + "Unspecified" : "Не указано", + "Windows domain qualified name" : "Квалифицированное имя домена Windows", + "X509 subject name" : "Имя субъекта X509", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Использовать SAML для настольных клиентов синхронизации %s (потребуется повторная аутентификация пользователей)", + "Optional display name of the identity provider (default: \"SSO & SAML log in\")" : "Дополнительное отображаемое имя поставщика удостоверений (по умолчанию: «SSO & SAML log in»)", + "Allow the use of multiple user back-ends (e.g. LDAP)" : "Разрешить использование нескольких пользовательских back-end (например, LDAP)", + "SSO & SAML authentication" : "Подтверждение подлинности SSO и SAML", + "Authenticate using single sign-on" : "Аутентификация с использованием единого входа", + "Using the SSO & SAML app of your Nextcloud you can make it easily possible to integrate your existing Single-Sign-On solution with Nextcloud. In addition, you can use the Nextcloud LDAP user provider to keep the convenience for users. (e.g. when sharing)\nThe following providers are supported and tested at the moment:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Authentication via Environment Variable**\n\t* Kerberos (mod_auth_kerb)\n\t* Any other provider that authenticates using the environment variable\n\nWhile theoretically any other authentication provider implementing either one of those standards is compatible, we like to note that they are not part of any internal test matrix." : "Используя приложение SSO & SAML вашего Nextcloud, вы можете легко интегрировать существующее решение Single Sign-On с Nextcloud. Кроме того, вы можете использовать службу Nextcloud LDAP для удобства пользователей. (например, при совместном использовании)\nНа данный момент поддерживаются и тестируются следующие поставщики:\n\n* ** SAML 2.0 **\n* OneLogin\n* Shibboleth\n* Active Directory Federation Services (ADFS)\n\n* ** Аутентификация через переменную окружения **\n* Kerberos (mod_auth_kerb)\n* Любая другая служба, которая проводит аутентификацию с использованием переменной среды\n\nХотя теоретически любая другая служба аутентификации, реализующая один из этих стандартов, совместима, мы хотели бы отметить, что они не являются частью какой-либо матрицей внутренних тестов.", + "Open documentation" : "Открыть документацию", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you enabled \"%s\" or you go directly to the URL %s." : "Убедитесь, что настроен пользователь с правами администратора, который может получить доступ к экземпляру через SSO. Вход в систему с вашей обычной учетной записью %s больше не будет возможен, если вы не включили \"%s\" или вы не идёте напрямую по адресу URL %s.", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you go directly to the URL %s." : "Убедитесь, что настроен пользователь с правами администратора, который может получить доступ к экземпляру через SSO. Вход в систему с вашей обычной учетной записью %s больше не будет возможен, если вы не идёте напрямую по адресу URL %s.", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Выберите, хотите ли вы проверять подлинность с помощью встроенного в Nextcloud провайдера SAML или же хотите использовать для этого переменные окружения.", + "Use built-in SAML authentication" : "Использовать встроенную SAML аутентификацию", + "Use environment variable" : "Использовать переменные окружения", + "Global settings" : "Общие настройки", + "Remove identity provider" : "Удалить поставщика удостоверений", + "Add identity provider" : "Добавить поставщика удостоверений", + "General" : "Основные", + "Service Provider Data" : "Данные поставщика услуг (SP)", + "If your Service Provider should use certificates you can optionally specify them here." : "Если вашему SP следует использовать сертификаты, вы сможете дополнительно указать их тут.", + "Show Service Provider settings…" : "Показать настройки поставщика услуг…", + "Name ID format" : "Формат ID имени", + "Identity Provider Data" : "Данные провайдера идентификации (IdP)", + "Configure your IdP settings here." : "Настройте тут параметры вашего IdP.", + "Identifier of the IdP entity (must be a URI)" : "Идентификатор записи IdP (в формате URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "URL провайдера идентификации (IdP), на который поставщик услуг (SP) будет отправлять запрос подтверждения подлинности", + "Show optional Identity Provider settings…" : "Показать дополнительные настройки провайдера идентификации", + "URL Location of the IdP where the SP will send the SLO Request" : "URL адрес IdP, куда SP будет оправлять запросы SLO.", + "URL Location of the IDP's SLO Response" : "URL адрес ответа IDP SLO", + "Public X.509 certificate of the IdP" : "Открытый сертификат X.509 ldP", + "Attribute mapping" : "Привязка атрибутов", + "If you want to optionally map attributes to the user you can configure these here." : "Здесь можно настроить дополнительную привязку атрибутов пользователю.", + "Show attribute mapping settings…" : "Показать настройки привязки атрибутов…", + "Security settings" : "Настройки безопасности", + "For increased security we recommend enabling the following settings if supported by your environment." : "Для повышения безопасности рекомендуем использовать следующие настройки, если они поддерживаются вашим окружением.", + "Show security settings…" : "Показать настройки безопасности…", + "Signatures and encryption offered" : "Предложены подписи и шихрование", + "Signatures and encryption required" : "Требуется подпись и шифрование", + "Download metadata XML" : "Скачать метаданные XML", + "Reset settings" : "Сбросить настройки", + "Metadata invalid" : "Метаданные не верны", + "Metadata valid" : "Метаданные верны", + "Error" : "Ошибка", + "Account not provisioned." : "Учётная запись не обслуживается.", + "Your account is not provisioned, access to this service is thus not possible." : "Ваша учётная запись не обслуживается. Доступ к этой услуге, таким образом, не представляется возможным.", + "Login options:" : "Варианты входа:", + "Choose a authentication provider" : "Выберите службу аутентификации" +},"pluralForm" :"nplurals=4; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n%10<=4 && (n%100<12 || n%100>14) ? 1 : n%10==0 || (n%10>=5 && n%10<=9) || (n%100>=11 && n%100<=14)? 2 : 3);" +} \ No newline at end of file diff --git a/docker/nextcloud/custom_apps/user_saml/l10n/sk.js b/docker/nextcloud/custom_apps/user_saml/l10n/sk.js new file mode 100644 index 0000000..7e61c78 --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/l10n/sk.js @@ -0,0 +1,89 @@ +OC.L10N.register( + "user_saml", + { + "This user account is disabled, please contact your administrator." : "Tento používateľský účet bol zakázaný, obráťte sa na správcu.", + "Saved" : "Uložené", + "Provider" : "Poskytovateľ", + "Unknown error, please check the log file for more details." : "Neznáma chyba. Pre viac informácií skontrolujte logy.", + "Direct log in" : "Priame prihlásenie", + "SSO & SAML log in" : "SSO a SAML prihlásenie", + "This page should not be visited directly." : "Táto stránka by nemala byť zobrazovaná napriamo.", + "Provider " : "Poskytovateľ", + "X.509 certificate of the Service Provider" : "X.509 certifikát poskytovateľa služby", + "Private key of the Service Provider" : "Privátny kľúč poskytovateľa služby", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Znamená, že nameID odoslané týmto poskytovateľom služieb bude šifrované.", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Ukazuje, či budú správy odoslané týmto SP podpísané. [Táto informácia bude uvedená v meta údajoch SP]", + "Indicates whether the messages sent by this SP will be signed." : "Ukazuje, či budú správy odoslané týmto SP podpísané.", + "Indicates whether the messages sent by this SP will be signed." : "Ukazuje, či budú správy odoslané týmto SP podpísané.", + "Whether the metadata should be signed." : "Či majú byť meta údaje podpisované.", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Označuje požiadavku na podpísanie prvkov , a prijatých týmto SP.", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Označuje požiadavku na podpísanie prvkov prijatých týmto SP. [Táto informácia bude uvedená v meta údajoch SP]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Označuje požiadavku na šifrovanie prvkov prijatých týmto SP.", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : " Označuje požiadavku, aby bol prítomný prvok NameID v SAMLResponse prijatý týmto SP.", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Označuje požiadavku na šifrovanie NameID prijatého týmto SP.", + "Indicates if the SP will validate all received XML." : "Označuje, či SP overí všetky prijaté XML.", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS URL-kóduje SAML malými písmenami a sada nástrojov predvolene používa veľké písmená. Povoliť kompatibilitu ADFS pri overovaní podpisu.", + "Algorithm that the toolkit will use on signing process." : "Algoritmus, ktorý sa použije v procese podpisovania.", + "Attribute to map the UID to." : "Atribút na priradenie UID.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Overenie totožnosti povoľte iba v prípade, že účet existuje na nejakom inom serveri. (napr. LDAP)", + "Attribute to map the displayname to." : "Atribút na priradenie zobrazovaného mena.", + "Attribute to map the email address to." : "Atribút na priradenie e-mailovej adresy.", + "Attribute to map the quota to." : "Atribút na priradenie kvóty.", + "Attribute to map the users groups to." : "Atribút na priradenie skupiny používateľov.", + "Attribute to map the users home to." : "Atribút na priradenie domovského priečinka používateľa.", + "Email address" : "E-mailová adresa", + "Encrypted" : "Šifrované", + "Entity" : "Entita", + "Kerberos" : "Kerberos", + "Persistent" : "Trvalé", + "Transient" : "Prechodné", + "Unspecified" : "Neurčené", + "Windows domain qualified name" : "Úplný názov domény Windows", + "X509 subject name" : "Názov subjektu pre X509", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Použiť overenie totožnosti SAML pre %s stolných klientov (vyžaduje opätovné overenie používateľa)", + "Optional display name of the identity provider (default: \"SSO & SAML log in\")" : "Voliteľný zobrazovaný názov poskytovateľa identity (predvolené nastavenie: „Prihlásenie SSO a SAML“)", + "Allow the use of multiple user back-ends (e.g. LDAP)" : "Povoliť použitie viacerých podporných vrstiev pre použivatelské účty (napr. LDAP)", + "SSO & SAML authentication" : "Overenie totožnosti SSO & SAML", + "Authenticate using single sign-on" : "Overenie totožnosti pomocou zjednoteného prihlásenia (sso)", + "Using the SSO & SAML app of your Nextcloud you can make it easily possible to integrate your existing Single-Sign-On solution with Nextcloud. In addition, you can use the Nextcloud LDAP user provider to keep the convenience for users. (e.g. when sharing)\nThe following providers are supported and tested at the moment:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Authentication via Environment Variable**\n\t* Kerberos (mod_auth_kerb)\n\t* Any other provider that authenticates using the environment variable\n\nWhile theoretically any other authentication provider implementing either one of those standards is compatible, we like to note that they are not part of any internal test matrix." : "Pomocou aplikácie SSO a SAML vášho Nextcloud môžete ľahko integrovať svoje existujúce riešenie zjednoteného prihlasovania s Nextcloud. Na zaistenie pohodlia pre používateľov môžete navyše použiť poskytovateľa používateľov Nextcloud LDAP. (napr. pri zdieľaní)\nV súčasnosti sú podporovaní a testovaní títo poskytovatelia:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Overovanie prostredníctvom premennej prostredia**\n\t* Kerberos (mod_auth_kerb)\n\t* Akýkoľvek iný poskytovateľ, ktorý overuje pomocou premennej prostredia\n\nAj keď teoreticky je akýkoľvek iný poskytovateľ overenia totožnosti využívajúci niektorý z týchto štandardov kompatibilný, radi by sme poznamenali, že neboli testované.", + "Open documentation" : "Otvoriť dokumentáciu", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you enabled \"%s\" or you go directly to the URL %s." : "Nezabudnite nastaviť používateľa-správcu, ktorý má prístup k inštancii prostredníctvom SSO. Prihlásenie pomocou bežného účtu %s už nebude možné, pokiaľ nepovolíte „%s“ alebo nezačnete priamo na URL %s.", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you go directly to the URL %s." : "Nezabudnite nastaviť používateľa-správcu, ktorý má prístup k inštancii prostredníctvom SSO. Prihlásenie pomocou bežného účtu %s už nebude možné, jedine ak začnete priamo na URL %s.", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Vyberte, či chcete overovať totožnosť pomocou poskytovateľa SAML zabudovaného v Nextcloud alebo pomocou premennej prostredia.", + "Use built-in SAML authentication" : "Použiť zabudované SAML overenie totožnosti", + "Use environment variable" : "Použiť premennú prostredia", + "Global settings" : "Globálne nastavenia", + "Remove identity provider" : "Vzdialený poskytovateľ identity", + "Add identity provider" : "Pridať poskytovateľa identity.", + "General" : "Všeobecné", + "Service Provider Data" : "Poskytovateľ dátových služieb", + "If your Service Provider should use certificates you can optionally specify them here." : "Ak by poskytovateľ služieb mal používať certifikáty, môžete ich tu špecifikovať.", + "Show Service Provider settings…" : "Zobraziť nastavenia poskytovateľa služieb...", + "Name ID format" : "Formát identifikátora názvu", + "Identity Provider Data" : "Poskytovateľ prihlasovacích údajov", + "Configure your IdP settings here." : "Tu nastavte poskytovateľa prihlasovacích údajov.", + "Identifier of the IdP entity (must be a URI)" : "Identifikátor položky poskytovateľa prihlasovacích údajov (musí byť URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "Cieľová URL IdP, kam SP zašle správu s požiadavkou na overenie totožnosti", + "Show optional Identity Provider settings…" : "Zobraziť voliteľné nastavenia poskytovateľa identity…", + "URL Location of the IdP where the SP will send the SLO Request" : "Umiestnenie URL IdP, kam SP zašle SLO požiadavku", + "URL Location of the IDP's SLO Response" : "Umiestnenie URL IDP, kam SLO pošle odpoveď", + "Public X.509 certificate of the IdP" : "Verejný certifikát X.509 poskytovateľa prihlasovacích údajov", + "Attribute mapping" : "Mapovanie atribútov", + "If you want to optionally map attributes to the user you can configure these here." : "Ak chcete voliteľne priradiť atribúty k používateľom, môžete ich nastaviť tu.", + "Show attribute mapping settings…" : "Zobraziť nastavenia priradzovania atribútov ...", + "Security settings" : "Nastavenia súkromia", + "For increased security we recommend enabling the following settings if supported by your environment." : "Ak to vaše prostredie podporuje, odporúčame povoliť nasledujúce nastavenia, aby sa zvýšila bezpečnosť.", + "Show security settings…" : "Zobraziť nastavenia zabezpečenia...", + "Signatures and encryption offered" : "Podpisy a šifrovanie ponúkané", + "Signatures and encryption required" : "Podpisy a šifrovanie vyžadované", + "Download metadata XML" : "Sťahovať metadáta XML", + "Reset settings" : "Resetovať nastavenia", + "Metadata invalid" : "Neplatné metadáta", + "Metadata valid" : "Metadáta sú platné", + "Error" : "Chyba", + "Account not provisioned." : "Účet nebol poskytnutý.", + "Your account is not provisioned, access to this service is thus not possible." : "Váš účet nie je poskytnutý, prístup k tejto službe preto nie je možný.", + "Login options:" : "Možnosti prihlásenia:", + "Choose a authentication provider" : "Vyberte poskytovateľa overovania" +}, +"nplurals=4; plural=(n % 1 == 0 && n == 1 ? 0 : n % 1 == 0 && n >= 2 && n <= 4 ? 1 : n % 1 != 0 ? 2: 3);"); diff --git a/docker/nextcloud/custom_apps/user_saml/l10n/sk.json b/docker/nextcloud/custom_apps/user_saml/l10n/sk.json new file mode 100644 index 0000000..9df42a3 --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/l10n/sk.json @@ -0,0 +1,87 @@ +{ "translations": { + "This user account is disabled, please contact your administrator." : "Tento používateľský účet bol zakázaný, obráťte sa na správcu.", + "Saved" : "Uložené", + "Provider" : "Poskytovateľ", + "Unknown error, please check the log file for more details." : "Neznáma chyba. Pre viac informácií skontrolujte logy.", + "Direct log in" : "Priame prihlásenie", + "SSO & SAML log in" : "SSO a SAML prihlásenie", + "This page should not be visited directly." : "Táto stránka by nemala byť zobrazovaná napriamo.", + "Provider " : "Poskytovateľ", + "X.509 certificate of the Service Provider" : "X.509 certifikát poskytovateľa služby", + "Private key of the Service Provider" : "Privátny kľúč poskytovateľa služby", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Znamená, že nameID odoslané týmto poskytovateľom služieb bude šifrované.", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Ukazuje, či budú správy odoslané týmto SP podpísané. [Táto informácia bude uvedená v meta údajoch SP]", + "Indicates whether the messages sent by this SP will be signed." : "Ukazuje, či budú správy odoslané týmto SP podpísané.", + "Indicates whether the messages sent by this SP will be signed." : "Ukazuje, či budú správy odoslané týmto SP podpísané.", + "Whether the metadata should be signed." : "Či majú byť meta údaje podpisované.", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Označuje požiadavku na podpísanie prvkov , a prijatých týmto SP.", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Označuje požiadavku na podpísanie prvkov prijatých týmto SP. [Táto informácia bude uvedená v meta údajoch SP]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Označuje požiadavku na šifrovanie prvkov prijatých týmto SP.", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : " Označuje požiadavku, aby bol prítomný prvok NameID v SAMLResponse prijatý týmto SP.", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Označuje požiadavku na šifrovanie NameID prijatého týmto SP.", + "Indicates if the SP will validate all received XML." : "Označuje, či SP overí všetky prijaté XML.", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS URL-kóduje SAML malými písmenami a sada nástrojov predvolene používa veľké písmená. Povoliť kompatibilitu ADFS pri overovaní podpisu.", + "Algorithm that the toolkit will use on signing process." : "Algoritmus, ktorý sa použije v procese podpisovania.", + "Attribute to map the UID to." : "Atribút na priradenie UID.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Overenie totožnosti povoľte iba v prípade, že účet existuje na nejakom inom serveri. (napr. LDAP)", + "Attribute to map the displayname to." : "Atribút na priradenie zobrazovaného mena.", + "Attribute to map the email address to." : "Atribút na priradenie e-mailovej adresy.", + "Attribute to map the quota to." : "Atribút na priradenie kvóty.", + "Attribute to map the users groups to." : "Atribút na priradenie skupiny používateľov.", + "Attribute to map the users home to." : "Atribút na priradenie domovského priečinka používateľa.", + "Email address" : "E-mailová adresa", + "Encrypted" : "Šifrované", + "Entity" : "Entita", + "Kerberos" : "Kerberos", + "Persistent" : "Trvalé", + "Transient" : "Prechodné", + "Unspecified" : "Neurčené", + "Windows domain qualified name" : "Úplný názov domény Windows", + "X509 subject name" : "Názov subjektu pre X509", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Použiť overenie totožnosti SAML pre %s stolných klientov (vyžaduje opätovné overenie používateľa)", + "Optional display name of the identity provider (default: \"SSO & SAML log in\")" : "Voliteľný zobrazovaný názov poskytovateľa identity (predvolené nastavenie: „Prihlásenie SSO a SAML“)", + "Allow the use of multiple user back-ends (e.g. LDAP)" : "Povoliť použitie viacerých podporných vrstiev pre použivatelské účty (napr. LDAP)", + "SSO & SAML authentication" : "Overenie totožnosti SSO & SAML", + "Authenticate using single sign-on" : "Overenie totožnosti pomocou zjednoteného prihlásenia (sso)", + "Using the SSO & SAML app of your Nextcloud you can make it easily possible to integrate your existing Single-Sign-On solution with Nextcloud. In addition, you can use the Nextcloud LDAP user provider to keep the convenience for users. (e.g. when sharing)\nThe following providers are supported and tested at the moment:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Authentication via Environment Variable**\n\t* Kerberos (mod_auth_kerb)\n\t* Any other provider that authenticates using the environment variable\n\nWhile theoretically any other authentication provider implementing either one of those standards is compatible, we like to note that they are not part of any internal test matrix." : "Pomocou aplikácie SSO a SAML vášho Nextcloud môžete ľahko integrovať svoje existujúce riešenie zjednoteného prihlasovania s Nextcloud. Na zaistenie pohodlia pre používateľov môžete navyše použiť poskytovateľa používateľov Nextcloud LDAP. (napr. pri zdieľaní)\nV súčasnosti sú podporovaní a testovaní títo poskytovatelia:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Overovanie prostredníctvom premennej prostredia**\n\t* Kerberos (mod_auth_kerb)\n\t* Akýkoľvek iný poskytovateľ, ktorý overuje pomocou premennej prostredia\n\nAj keď teoreticky je akýkoľvek iný poskytovateľ overenia totožnosti využívajúci niektorý z týchto štandardov kompatibilný, radi by sme poznamenali, že neboli testované.", + "Open documentation" : "Otvoriť dokumentáciu", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you enabled \"%s\" or you go directly to the URL %s." : "Nezabudnite nastaviť používateľa-správcu, ktorý má prístup k inštancii prostredníctvom SSO. Prihlásenie pomocou bežného účtu %s už nebude možné, pokiaľ nepovolíte „%s“ alebo nezačnete priamo na URL %s.", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you go directly to the URL %s." : "Nezabudnite nastaviť používateľa-správcu, ktorý má prístup k inštancii prostredníctvom SSO. Prihlásenie pomocou bežného účtu %s už nebude možné, jedine ak začnete priamo na URL %s.", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Vyberte, či chcete overovať totožnosť pomocou poskytovateľa SAML zabudovaného v Nextcloud alebo pomocou premennej prostredia.", + "Use built-in SAML authentication" : "Použiť zabudované SAML overenie totožnosti", + "Use environment variable" : "Použiť premennú prostredia", + "Global settings" : "Globálne nastavenia", + "Remove identity provider" : "Vzdialený poskytovateľ identity", + "Add identity provider" : "Pridať poskytovateľa identity.", + "General" : "Všeobecné", + "Service Provider Data" : "Poskytovateľ dátových služieb", + "If your Service Provider should use certificates you can optionally specify them here." : "Ak by poskytovateľ služieb mal používať certifikáty, môžete ich tu špecifikovať.", + "Show Service Provider settings…" : "Zobraziť nastavenia poskytovateľa služieb...", + "Name ID format" : "Formát identifikátora názvu", + "Identity Provider Data" : "Poskytovateľ prihlasovacích údajov", + "Configure your IdP settings here." : "Tu nastavte poskytovateľa prihlasovacích údajov.", + "Identifier of the IdP entity (must be a URI)" : "Identifikátor položky poskytovateľa prihlasovacích údajov (musí byť URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "Cieľová URL IdP, kam SP zašle správu s požiadavkou na overenie totožnosti", + "Show optional Identity Provider settings…" : "Zobraziť voliteľné nastavenia poskytovateľa identity…", + "URL Location of the IdP where the SP will send the SLO Request" : "Umiestnenie URL IdP, kam SP zašle SLO požiadavku", + "URL Location of the IDP's SLO Response" : "Umiestnenie URL IDP, kam SLO pošle odpoveď", + "Public X.509 certificate of the IdP" : "Verejný certifikát X.509 poskytovateľa prihlasovacích údajov", + "Attribute mapping" : "Mapovanie atribútov", + "If you want to optionally map attributes to the user you can configure these here." : "Ak chcete voliteľne priradiť atribúty k používateľom, môžete ich nastaviť tu.", + "Show attribute mapping settings…" : "Zobraziť nastavenia priradzovania atribútov ...", + "Security settings" : "Nastavenia súkromia", + "For increased security we recommend enabling the following settings if supported by your environment." : "Ak to vaše prostredie podporuje, odporúčame povoliť nasledujúce nastavenia, aby sa zvýšila bezpečnosť.", + "Show security settings…" : "Zobraziť nastavenia zabezpečenia...", + "Signatures and encryption offered" : "Podpisy a šifrovanie ponúkané", + "Signatures and encryption required" : "Podpisy a šifrovanie vyžadované", + "Download metadata XML" : "Sťahovať metadáta XML", + "Reset settings" : "Resetovať nastavenia", + "Metadata invalid" : "Neplatné metadáta", + "Metadata valid" : "Metadáta sú platné", + "Error" : "Chyba", + "Account not provisioned." : "Účet nebol poskytnutý.", + "Your account is not provisioned, access to this service is thus not possible." : "Váš účet nie je poskytnutý, prístup k tejto službe preto nie je možný.", + "Login options:" : "Možnosti prihlásenia:", + "Choose a authentication provider" : "Vyberte poskytovateľa overovania" +},"pluralForm" :"nplurals=4; plural=(n % 1 == 0 && n == 1 ? 0 : n % 1 == 0 && n >= 2 && n <= 4 ? 1 : n % 1 != 0 ? 2: 3);" +} \ No newline at end of file diff --git a/docker/nextcloud/custom_apps/user_saml/l10n/sl.js b/docker/nextcloud/custom_apps/user_saml/l10n/sl.js new file mode 100644 index 0000000..926b81d --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/l10n/sl.js @@ -0,0 +1,89 @@ +OC.L10N.register( + "user_saml", + { + "This user account is disabled, please contact your administrator." : "Ta uporabniški račun je onemogočen. Stopite v stik s skrbnikom sistema.", + "Saved" : "Shranjeno", + "Provider" : "Ponudnik", + "Unknown error, please check the log file for more details." : "Neznana napaka; več podrobnosti je zapisanih v dnevniški datoteki.", + "Direct log in" : "Račun ni zagotovljen", + "SSO & SAML log in" : "Prijava SSO in SAML", + "This page should not be visited directly." : "Ta strani naj ne bi bilo mogoče obiskati neposredno.", + "Provider " : "Ponudnik", + "X.509 certificate of the Service Provider" : "Potrdilo X.509 ponudnika storitev", + "Private key of the Service Provider" : "Zasebni ključ ponudnika storitev", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Določa, da bo ID imena poslan prek tega ponudnika storitev, šifriran.", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Določa, ali naj bodo sporočila, poslana prek tega spletnega ponudnika, podpisana. [Ponudnik omogoča pregled metapodatkov med podrobnostmi]", + "Indicates whether the messages sent by this SP will be signed." : "Določa, ali naj bodo sporočila, poslana prek tega spletnega ponudnika, podpisana.", + "Indicates whether the messages sent by this SP will be signed." : "Določa, ali naj bodo sporočila, poslana prek tega spletnega ponudnika, podpisana.", + "Whether the metadata should be signed." : "Ali naj bodo metapodatki podpisani.", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Določa zahtevo, da bodo predmeti , in , prejeti prek ponudnika storitev, podpisani.", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Določa zahtevo, da bodo predmeti, prejeti prek ponudnika storitev, šifrirani. [Podrobnosti so zavedene med metapodatki ponudnika.]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Določa zahtevo, da bodo predmeti, prejeti prek ponudnika storitev, šifrirani.", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Določa zahtevo, da bo ID imena, prejetega prek ponudnika storitev v okviru odziva SAML, obvezen podatek.", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Določa zahtevo, da bo ID imena, prejetega prek ponudnika storitev, šifrirani.", + "Indicates if the SP will validate all received XML." : "Določa, ali bo ponudnik storitev overil vse prejete datoteke XML.", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "Protokol ADFS URL kodira podatke SAML v malih črkah, orodja pa privzeto uporabljajo velike. Za overitev podpisa mora biti v primeru ADFS možnost omogočena.", + "Algorithm that the toolkit will use on signing process." : "Algoritem, ki ga uporabljajo orodja za postopek prijave.", + "Attribute to map the UID to." : "Atribut za preslikavo UID.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Overitev dovoli le, če račun obstaja na nekem drugem ozadnjem programu (npr. LDAP)", + "Attribute to map the displayname to." : "Atribut za preslikavo prikaznega imena.", + "Attribute to map the email address to." : "Atribut za preslikavo elektronskega naslova.", + "Attribute to map the quota to." : "Atribut za preslikavo količinske omejitve.", + "Attribute to map the users groups to." : "Atribut za preslikavo uporabniških skupin.", + "Attribute to map the users home to." : "Atribut za preslikavo uporabnikove osebne mape.", + "Email address" : "Elektronski naslov", + "Encrypted" : "Šifrirano", + "Entity" : "Entiteta", + "Kerberos" : "Kerberos", + "Persistent" : "Nenehno", + "Transient" : "Prehodno", + "Unspecified" : "Nedoločeno", + "Windows domain qualified name" : "Ime domene Windows", + "X509 subject name" : "Ime predmeta X509", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Uporabi overitev SAML za odjemalec %s (zahteva ponovno overitev uporabnika)", + "Optional display name of the identity provider (default: \"SSO & SAML log in\")" : "Izbirno prikazno ime ponudnika istovetnosti (privzeto: »Prijava SSO in SAML«)", + "Allow the use of multiple user back-ends (e.g. LDAP)" : "Dovoli uporabo več uporabniških računov (na primer LDAP)", + "SSO & SAML authentication" : "Overitev SSO in SAML", + "Authenticate using single sign-on" : "Overi z uporabo enojne prijave", + "Using the SSO & SAML app of your Nextcloud you can make it easily possible to integrate your existing Single-Sign-On solution with Nextcloud. In addition, you can use the Nextcloud LDAP user provider to keep the convenience for users. (e.g. when sharing)\nThe following providers are supported and tested at the moment:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Authentication via Environment Variable**\n\t* Kerberos (mod_auth_kerb)\n\t* Any other provider that authenticates using the environment variable\n\nWhile theoretically any other authentication provider implementing either one of those standards is compatible, we like to note that they are not part of any internal test matrix." : "Uporaba programa SSO & SAML omogoča uporabo obstoječih možnosti enkratne prijave tudi za okolje Nextcloud. Prav tako je mogoče uporabiti povezavo z Nextcloud LDAP za enostavnejše delo (npr. pri skupni rabi).\nTrenutno so podprte in preizkušene storitve:\n\n* ** SAML 2.0 **\n* OneLogin\n* Shibboleth\n* Active Directory Federation Services (ADFS)\n\n* ** Preverjanje pristnosti prek spremenljivke okolja **\n* Kerberos (mod_auth_kerb)\n* Katerikoli drug ponudnik, ki omogoča overjanje z uporabo spremenljivke okolja\n\nČeprav je za overjanje na razpolago takorekoč katerikoli drug ponudnik overjanja, ki podpira izvajanje navedenih standardov, je pomembno vedeti, da ti niso vključeni v nobeno uradno preizkusno okolje.", + "Open documentation" : "Odpri dokumentacijo", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you enabled \"%s\" or you go directly to the URL %s." : "Uporabniku s skrbniškimi dovoljenji je treba nastaviti dostop prek SSO. Prijava z običajnim računom %s bo mogoča le, če omogočite »%s« oziroma se povežete prek povezave URL %s.", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you go directly to the URL %s." : "Uporabniku s skrbniškimi dovoljenji je treba nastaviti dostop prek SSO. Prijava z običajnim računom %s bo mogoča izključno prek povezave URL %s.", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Izberite, ali naj se overitev izvede z uporabo vgrajene možnosti SAML v okolju Nextcloud ali pa bo overitev potekala prek okoljskih spremenljivk.", + "Use built-in SAML authentication" : "Uporabi vgrajeno overitev SAML", + "Use environment variable" : "Uporabi okoljsko spremenljivko", + "Global settings" : "Splošne nastavitve", + "Remove identity provider" : "Odstrani ponudnika istovetnosti", + "Add identity provider" : "Dodaj ponudnika istovetnosti", + "General" : "Splošno", + "Service Provider Data" : "Podatki ponudnika storitev", + "If your Service Provider should use certificates you can optionally specify them here." : "Če naj ponudnik storitve uporabi potrdilo, ga je izbirno mogoče določiti na tem mestu.", + "Show Service Provider settings…" : "Pokaži nastavitve ponudnika storitve ...", + "Name ID format" : "Zapis določila ID imena", + "Identity Provider Data" : "Podatki ponudnika istovetnosti", + "Configure your IdP settings here." : "Prilagoditev nastavitev IdP.", + "Identifier of the IdP entity (must be a URI)" : "Dololilo IdP (zapisano kot naslov URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "Ciljni naslov URL za IdP, kamor bo ponudnik storitev poslal sporočilo o zahtevi overitve.", + "Show optional Identity Provider settings…" : "Pokaži izbirne nastavitve IP (ponudnika istovetnosti) ...", + "URL Location of the IdP where the SP will send the SLO Request" : "Ciljni naslov URL za IdP, kamor bo ponudnik storitev poslal zahtevo SLO", + "URL Location of the IDP's SLO Response" : "Ciljni naslov URL za zahteve IDP SLO", + "Public X.509 certificate of the IdP" : "Javno potrdilo X.509 IdP", + "Attribute mapping" : "Preslikave atributov", + "If you want to optionally map attributes to the user you can configure these here." : "Če želite izbirno preslikati atribute na uporabnika, lahko to nastavite na tem mestu.", + "Show attribute mapping settings…" : "Pokaži nastavitve preslikave atributov ...", + "Security settings" : "Varnostne nastavitve", + "For increased security we recommend enabling the following settings if supported by your environment." : "Iz varnostnih razlogov je priporočljivo omogočiti nekatere nastavitve, če so te podprte znotraj zagnanega okolja.", + "Show security settings…" : "Pokaži varnostne nastavitve ...", + "Signatures and encryption offered" : "Ponujeno podpisovanje in šifriranje", + "Signatures and encryption required" : "Zahtevano podpisovanje in šifriranje", + "Download metadata XML" : "Prejmi datoteko metapodatkov XML", + "Reset settings" : "Ponastavi nastavitve", + "Metadata invalid" : "Neveljavni metapodatki", + "Metadata valid" : "Veljavni metapodatki", + "Error" : "Napaka", + "Account not provisioned." : "Račun ni pripravljen.", + "Your account is not provisioned, access to this service is thus not possible." : "Naveden račun ni pripravljen, zato dostop do te storitve mogoč.", + "Login options:" : "Možnosti prijave:", + "Choose a authentication provider" : "Izbor ponudnika overitve" +}, +"nplurals=4; plural=(n%100==1 ? 0 : n%100==2 ? 1 : n%100==3 || n%100==4 ? 2 : 3);"); diff --git a/docker/nextcloud/custom_apps/user_saml/l10n/sl.json b/docker/nextcloud/custom_apps/user_saml/l10n/sl.json new file mode 100644 index 0000000..ed5c49d --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/l10n/sl.json @@ -0,0 +1,87 @@ +{ "translations": { + "This user account is disabled, please contact your administrator." : "Ta uporabniški račun je onemogočen. Stopite v stik s skrbnikom sistema.", + "Saved" : "Shranjeno", + "Provider" : "Ponudnik", + "Unknown error, please check the log file for more details." : "Neznana napaka; več podrobnosti je zapisanih v dnevniški datoteki.", + "Direct log in" : "Račun ni zagotovljen", + "SSO & SAML log in" : "Prijava SSO in SAML", + "This page should not be visited directly." : "Ta strani naj ne bi bilo mogoče obiskati neposredno.", + "Provider " : "Ponudnik", + "X.509 certificate of the Service Provider" : "Potrdilo X.509 ponudnika storitev", + "Private key of the Service Provider" : "Zasebni ključ ponudnika storitev", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Določa, da bo ID imena poslan prek tega ponudnika storitev, šifriran.", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Določa, ali naj bodo sporočila, poslana prek tega spletnega ponudnika, podpisana. [Ponudnik omogoča pregled metapodatkov med podrobnostmi]", + "Indicates whether the messages sent by this SP will be signed." : "Določa, ali naj bodo sporočila, poslana prek tega spletnega ponudnika, podpisana.", + "Indicates whether the messages sent by this SP will be signed." : "Določa, ali naj bodo sporočila, poslana prek tega spletnega ponudnika, podpisana.", + "Whether the metadata should be signed." : "Ali naj bodo metapodatki podpisani.", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Določa zahtevo, da bodo predmeti , in , prejeti prek ponudnika storitev, podpisani.", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Določa zahtevo, da bodo predmeti, prejeti prek ponudnika storitev, šifrirani. [Podrobnosti so zavedene med metapodatki ponudnika.]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Določa zahtevo, da bodo predmeti, prejeti prek ponudnika storitev, šifrirani.", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Določa zahtevo, da bo ID imena, prejetega prek ponudnika storitev v okviru odziva SAML, obvezen podatek.", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Določa zahtevo, da bo ID imena, prejetega prek ponudnika storitev, šifrirani.", + "Indicates if the SP will validate all received XML." : "Določa, ali bo ponudnik storitev overil vse prejete datoteke XML.", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "Protokol ADFS URL kodira podatke SAML v malih črkah, orodja pa privzeto uporabljajo velike. Za overitev podpisa mora biti v primeru ADFS možnost omogočena.", + "Algorithm that the toolkit will use on signing process." : "Algoritem, ki ga uporabljajo orodja za postopek prijave.", + "Attribute to map the UID to." : "Atribut za preslikavo UID.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Overitev dovoli le, če račun obstaja na nekem drugem ozadnjem programu (npr. LDAP)", + "Attribute to map the displayname to." : "Atribut za preslikavo prikaznega imena.", + "Attribute to map the email address to." : "Atribut za preslikavo elektronskega naslova.", + "Attribute to map the quota to." : "Atribut za preslikavo količinske omejitve.", + "Attribute to map the users groups to." : "Atribut za preslikavo uporabniških skupin.", + "Attribute to map the users home to." : "Atribut za preslikavo uporabnikove osebne mape.", + "Email address" : "Elektronski naslov", + "Encrypted" : "Šifrirano", + "Entity" : "Entiteta", + "Kerberos" : "Kerberos", + "Persistent" : "Nenehno", + "Transient" : "Prehodno", + "Unspecified" : "Nedoločeno", + "Windows domain qualified name" : "Ime domene Windows", + "X509 subject name" : "Ime predmeta X509", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Uporabi overitev SAML za odjemalec %s (zahteva ponovno overitev uporabnika)", + "Optional display name of the identity provider (default: \"SSO & SAML log in\")" : "Izbirno prikazno ime ponudnika istovetnosti (privzeto: »Prijava SSO in SAML«)", + "Allow the use of multiple user back-ends (e.g. LDAP)" : "Dovoli uporabo več uporabniških računov (na primer LDAP)", + "SSO & SAML authentication" : "Overitev SSO in SAML", + "Authenticate using single sign-on" : "Overi z uporabo enojne prijave", + "Using the SSO & SAML app of your Nextcloud you can make it easily possible to integrate your existing Single-Sign-On solution with Nextcloud. In addition, you can use the Nextcloud LDAP user provider to keep the convenience for users. (e.g. when sharing)\nThe following providers are supported and tested at the moment:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Authentication via Environment Variable**\n\t* Kerberos (mod_auth_kerb)\n\t* Any other provider that authenticates using the environment variable\n\nWhile theoretically any other authentication provider implementing either one of those standards is compatible, we like to note that they are not part of any internal test matrix." : "Uporaba programa SSO & SAML omogoča uporabo obstoječih možnosti enkratne prijave tudi za okolje Nextcloud. Prav tako je mogoče uporabiti povezavo z Nextcloud LDAP za enostavnejše delo (npr. pri skupni rabi).\nTrenutno so podprte in preizkušene storitve:\n\n* ** SAML 2.0 **\n* OneLogin\n* Shibboleth\n* Active Directory Federation Services (ADFS)\n\n* ** Preverjanje pristnosti prek spremenljivke okolja **\n* Kerberos (mod_auth_kerb)\n* Katerikoli drug ponudnik, ki omogoča overjanje z uporabo spremenljivke okolja\n\nČeprav je za overjanje na razpolago takorekoč katerikoli drug ponudnik overjanja, ki podpira izvajanje navedenih standardov, je pomembno vedeti, da ti niso vključeni v nobeno uradno preizkusno okolje.", + "Open documentation" : "Odpri dokumentacijo", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you enabled \"%s\" or you go directly to the URL %s." : "Uporabniku s skrbniškimi dovoljenji je treba nastaviti dostop prek SSO. Prijava z običajnim računom %s bo mogoča le, če omogočite »%s« oziroma se povežete prek povezave URL %s.", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you go directly to the URL %s." : "Uporabniku s skrbniškimi dovoljenji je treba nastaviti dostop prek SSO. Prijava z običajnim računom %s bo mogoča izključno prek povezave URL %s.", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Izberite, ali naj se overitev izvede z uporabo vgrajene možnosti SAML v okolju Nextcloud ali pa bo overitev potekala prek okoljskih spremenljivk.", + "Use built-in SAML authentication" : "Uporabi vgrajeno overitev SAML", + "Use environment variable" : "Uporabi okoljsko spremenljivko", + "Global settings" : "Splošne nastavitve", + "Remove identity provider" : "Odstrani ponudnika istovetnosti", + "Add identity provider" : "Dodaj ponudnika istovetnosti", + "General" : "Splošno", + "Service Provider Data" : "Podatki ponudnika storitev", + "If your Service Provider should use certificates you can optionally specify them here." : "Če naj ponudnik storitve uporabi potrdilo, ga je izbirno mogoče določiti na tem mestu.", + "Show Service Provider settings…" : "Pokaži nastavitve ponudnika storitve ...", + "Name ID format" : "Zapis določila ID imena", + "Identity Provider Data" : "Podatki ponudnika istovetnosti", + "Configure your IdP settings here." : "Prilagoditev nastavitev IdP.", + "Identifier of the IdP entity (must be a URI)" : "Dololilo IdP (zapisano kot naslov URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "Ciljni naslov URL za IdP, kamor bo ponudnik storitev poslal sporočilo o zahtevi overitve.", + "Show optional Identity Provider settings…" : "Pokaži izbirne nastavitve IP (ponudnika istovetnosti) ...", + "URL Location of the IdP where the SP will send the SLO Request" : "Ciljni naslov URL za IdP, kamor bo ponudnik storitev poslal zahtevo SLO", + "URL Location of the IDP's SLO Response" : "Ciljni naslov URL za zahteve IDP SLO", + "Public X.509 certificate of the IdP" : "Javno potrdilo X.509 IdP", + "Attribute mapping" : "Preslikave atributov", + "If you want to optionally map attributes to the user you can configure these here." : "Če želite izbirno preslikati atribute na uporabnika, lahko to nastavite na tem mestu.", + "Show attribute mapping settings…" : "Pokaži nastavitve preslikave atributov ...", + "Security settings" : "Varnostne nastavitve", + "For increased security we recommend enabling the following settings if supported by your environment." : "Iz varnostnih razlogov je priporočljivo omogočiti nekatere nastavitve, če so te podprte znotraj zagnanega okolja.", + "Show security settings…" : "Pokaži varnostne nastavitve ...", + "Signatures and encryption offered" : "Ponujeno podpisovanje in šifriranje", + "Signatures and encryption required" : "Zahtevano podpisovanje in šifriranje", + "Download metadata XML" : "Prejmi datoteko metapodatkov XML", + "Reset settings" : "Ponastavi nastavitve", + "Metadata invalid" : "Neveljavni metapodatki", + "Metadata valid" : "Veljavni metapodatki", + "Error" : "Napaka", + "Account not provisioned." : "Račun ni pripravljen.", + "Your account is not provisioned, access to this service is thus not possible." : "Naveden račun ni pripravljen, zato dostop do te storitve mogoč.", + "Login options:" : "Možnosti prijave:", + "Choose a authentication provider" : "Izbor ponudnika overitve" +},"pluralForm" :"nplurals=4; plural=(n%100==1 ? 0 : n%100==2 ? 1 : n%100==3 || n%100==4 ? 2 : 3);" +} \ No newline at end of file diff --git a/docker/nextcloud/custom_apps/user_saml/l10n/sq.js b/docker/nextcloud/custom_apps/user_saml/l10n/sq.js new file mode 100644 index 0000000..34f597b --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/l10n/sq.js @@ -0,0 +1,55 @@ +OC.L10N.register( + "user_saml", + { + "Saved" : "U ruajt", + "X.509 certificate of the Service Provider" : "Çertifikata X.509 e ofruesit të shërbimit", + "Private key of the Service Provider" : "Çelësi privat i Ofruesit të Shërbimit", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Tregon se nameID i i dërguar nga kjo SP do të enkriptohet.", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Tregon nëse mesazhet  të dërguara nga kjo SP do të firmosen. [Metadata të kësaj SP do të ofrojnë këtë informacion]", + "Indicates whether the messages sent by this SP will be signed." : "Tregon nëse mesazhet të dëguara nga ky SP do të nënshkruhen.", + "Indicates whether the messages sent by this SP will be signed." : "Tregon nëse mesazhet   të dërguara nga kjo SP do të firmosen.", + "Whether the metadata should be signed." : "Nëse duhet të nënshkruhet metadata", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Tregon një nevojë për elementët , and të marra nga kjo SP për t'u nënshkruar.", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Tregon një nevojë për elementet të marra nga kjo SP për t'u nënshkruar. [Metadata të SP do të ofrojnë këtë informacion]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Tregon nje kërkesë të elementëve të marrë nga kjo SP për tu enkriptuar.", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Tregon një kërkesë për elementin NameID nëSAMLResponse e marrë nga kjo SP për tu prezantuar.", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Tregon një kërkesë për EmërID të marrë nga ky PS për t'u koduar.", + "Indicates if the SP will validate all received XML." : "Tregon nëse SP do të quaj të vlefshëm të gjitha XML e marra.", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS URL-Kodon të dhënat SAMP në shkronja të vogla, dhe toolkit sipas parapërzgjedhjes përdor shkronja të vogla. Aktivizo pajtueshmërinë e ADFS në verifikimin e firmës.", + "Attribute to map the UID to." : "Atributi për të identifikuar UID.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Lejo autentikimin vetëm nëse një llogari ekziston në një backend tjetër. (p.sh. LDAP)", + "Attribute to map the displayname to." : "Atributi për të mapuar emrin e shfaqjes në.", + "Attribute to map the email address to." : "Atributi për të hartuar adresën e postës elektronike në.", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Përdor vërtetimin SAML për desktopët klient %s( kërkon ri-vërtetimin e përdoruesit)", + "SSO & SAML authentication" : "Identifikim SSO & SAML", + "Open documentation" : "Dokumentacion i hapur", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Ju lutem zgjidhni nëse doni të vërtetoni përdorimin e ofruesit SAML të ndërtuar në Nextcloud ose nëse dëshironi të vërtetoni kundër një ndryshoreje mjedisi.", + "Use built-in SAML authentication" : "Përdor identifikimin me SAML", + "Use environment variable" : "Përdor variablin e mjedisit", + "General" : "Të përgjithshme", + "Service Provider Data" : "Të dhënat e ofruesit të shërbimit", + "If your Service Provider should use certificates you can optionally specify them here." : "Nëse Ofruesi i Shërbimit tuaj duhet të përdori çertifikata ju mund ti specifikoni ato këtu.", + "Show Service Provider settings…" : "Trego konfigurimet e Ofruesit të Shërbimit", + "Identity Provider Data" : "Identifiko Ofruesin e të Dhënave", + "Configure your IdP settings here." : "Konfiguroni rregullimet e IdP tuaj këtu", + "Identifier of the IdP entity (must be a URI)" : "Identifikues i ekzistencës së IdP(duhet të jetë një URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "Targeti URL i IdP ku PS do të dërgojë Mesazhin e Kërkesës së Autentifikimit", + "Show optional Identity Provider settings…" : "Trego konfigurimet opsionale të Dhënësit të Identitetit ...", + "URL Location of the IdP where the SP will send the SLO Request" : "Vendndodhja URL e IDP ku PS do të dërgojë Kërkesën SLO", + "Public X.509 certificate of the IdP" : "Çertifikatë publike X.509 e IdP", + "Attribute mapping" : "Përcaktimi i atributeve", + "If you want to optionally map attributes to the user you can configure these here." : "Nëse dëshironi të maponi atributet tek përdoruesi opsionalisht, ju mund t'i konfiguroni ato këtu.", + "Show attribute mapping settings…" : "Trego konfigurimet e përcaktimit të atributeve...", + "Security settings" : "Konfigurimet e sigurisë", + "For increased security we recommend enabling the following settings if supported by your environment." : "Për të rritur nivelin e sigurisë ne ju rekomandojmë të mundësoni konfigurimet në vijim nëse ato suportohen nga mjedisi juaj.", + "Show security settings…" : "Trego konfigurimet e sigurisë...", + "Signatures and encryption offered" : "Firmat dhe enkriptimi janë ofruara", + "Signatures and encryption required" : "Kërkohet firma dhe enkriptimi", + "Download metadata XML" : "Shkarko metadata XML", + "Metadata invalid" : "Metadata jo e vlefshme", + "Metadata valid" : "Metadata e vlefshme", + "Error" : "Error", + "Account not provisioned." : "Llogaria nuk është e provizionuar", + "Your account is not provisioned, access to this service is thus not possible." : "Llogaria juaj nuk është e provizionuar, prandaj aksesi në këtë pajisje nuk është i munduar." +}, +"nplurals=2; plural=(n != 1);"); diff --git a/docker/nextcloud/custom_apps/user_saml/l10n/sq.json b/docker/nextcloud/custom_apps/user_saml/l10n/sq.json new file mode 100644 index 0000000..7909f01 --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/l10n/sq.json @@ -0,0 +1,53 @@ +{ "translations": { + "Saved" : "U ruajt", + "X.509 certificate of the Service Provider" : "Çertifikata X.509 e ofruesit të shërbimit", + "Private key of the Service Provider" : "Çelësi privat i Ofruesit të Shërbimit", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Tregon se nameID i i dërguar nga kjo SP do të enkriptohet.", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Tregon nëse mesazhet  të dërguara nga kjo SP do të firmosen. [Metadata të kësaj SP do të ofrojnë këtë informacion]", + "Indicates whether the messages sent by this SP will be signed." : "Tregon nëse mesazhet të dëguara nga ky SP do të nënshkruhen.", + "Indicates whether the messages sent by this SP will be signed." : "Tregon nëse mesazhet   të dërguara nga kjo SP do të firmosen.", + "Whether the metadata should be signed." : "Nëse duhet të nënshkruhet metadata", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Tregon një nevojë për elementët , and të marra nga kjo SP për t'u nënshkruar.", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Tregon një nevojë për elementet të marra nga kjo SP për t'u nënshkruar. [Metadata të SP do të ofrojnë këtë informacion]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Tregon nje kërkesë të elementëve të marrë nga kjo SP për tu enkriptuar.", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Tregon një kërkesë për elementin NameID nëSAMLResponse e marrë nga kjo SP për tu prezantuar.", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Tregon një kërkesë për EmërID të marrë nga ky PS për t'u koduar.", + "Indicates if the SP will validate all received XML." : "Tregon nëse SP do të quaj të vlefshëm të gjitha XML e marra.", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS URL-Kodon të dhënat SAMP në shkronja të vogla, dhe toolkit sipas parapërzgjedhjes përdor shkronja të vogla. Aktivizo pajtueshmërinë e ADFS në verifikimin e firmës.", + "Attribute to map the UID to." : "Atributi për të identifikuar UID.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Lejo autentikimin vetëm nëse një llogari ekziston në një backend tjetër. (p.sh. LDAP)", + "Attribute to map the displayname to." : "Atributi për të mapuar emrin e shfaqjes në.", + "Attribute to map the email address to." : "Atributi për të hartuar adresën e postës elektronike në.", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Përdor vërtetimin SAML për desktopët klient %s( kërkon ri-vërtetimin e përdoruesit)", + "SSO & SAML authentication" : "Identifikim SSO & SAML", + "Open documentation" : "Dokumentacion i hapur", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Ju lutem zgjidhni nëse doni të vërtetoni përdorimin e ofruesit SAML të ndërtuar në Nextcloud ose nëse dëshironi të vërtetoni kundër një ndryshoreje mjedisi.", + "Use built-in SAML authentication" : "Përdor identifikimin me SAML", + "Use environment variable" : "Përdor variablin e mjedisit", + "General" : "Të përgjithshme", + "Service Provider Data" : "Të dhënat e ofruesit të shërbimit", + "If your Service Provider should use certificates you can optionally specify them here." : "Nëse Ofruesi i Shërbimit tuaj duhet të përdori çertifikata ju mund ti specifikoni ato këtu.", + "Show Service Provider settings…" : "Trego konfigurimet e Ofruesit të Shërbimit", + "Identity Provider Data" : "Identifiko Ofruesin e të Dhënave", + "Configure your IdP settings here." : "Konfiguroni rregullimet e IdP tuaj këtu", + "Identifier of the IdP entity (must be a URI)" : "Identifikues i ekzistencës së IdP(duhet të jetë një URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "Targeti URL i IdP ku PS do të dërgojë Mesazhin e Kërkesës së Autentifikimit", + "Show optional Identity Provider settings…" : "Trego konfigurimet opsionale të Dhënësit të Identitetit ...", + "URL Location of the IdP where the SP will send the SLO Request" : "Vendndodhja URL e IDP ku PS do të dërgojë Kërkesën SLO", + "Public X.509 certificate of the IdP" : "Çertifikatë publike X.509 e IdP", + "Attribute mapping" : "Përcaktimi i atributeve", + "If you want to optionally map attributes to the user you can configure these here." : "Nëse dëshironi të maponi atributet tek përdoruesi opsionalisht, ju mund t'i konfiguroni ato këtu.", + "Show attribute mapping settings…" : "Trego konfigurimet e përcaktimit të atributeve...", + "Security settings" : "Konfigurimet e sigurisë", + "For increased security we recommend enabling the following settings if supported by your environment." : "Për të rritur nivelin e sigurisë ne ju rekomandojmë të mundësoni konfigurimet në vijim nëse ato suportohen nga mjedisi juaj.", + "Show security settings…" : "Trego konfigurimet e sigurisë...", + "Signatures and encryption offered" : "Firmat dhe enkriptimi janë ofruara", + "Signatures and encryption required" : "Kërkohet firma dhe enkriptimi", + "Download metadata XML" : "Shkarko metadata XML", + "Metadata invalid" : "Metadata jo e vlefshme", + "Metadata valid" : "Metadata e vlefshme", + "Error" : "Error", + "Account not provisioned." : "Llogaria nuk është e provizionuar", + "Your account is not provisioned, access to this service is thus not possible." : "Llogaria juaj nuk është e provizionuar, prandaj aksesi në këtë pajisje nuk është i munduar." +},"pluralForm" :"nplurals=2; plural=(n != 1);" +} \ No newline at end of file diff --git a/docker/nextcloud/custom_apps/user_saml/l10n/sr.js b/docker/nextcloud/custom_apps/user_saml/l10n/sr.js new file mode 100644 index 0000000..4498013 --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/l10n/sr.js @@ -0,0 +1,89 @@ +OC.L10N.register( + "user_saml", + { + "This user account is disabled, please contact your administrator." : "Овај кориснички налог је искључен. Контактирајте администратора.", + "Saved" : "Сачувано", + "Provider" : "Провајдер", + "Unknown error, please check the log file for more details." : "Непозната грешка. Проверите дневнике за више детаља.", + "Direct log in" : "Директна пријава", + "SSO & SAML log in" : "SSO & SAML пријава", + "This page should not be visited directly." : "Ова страна не би требало да се посећује директно.", + "Provider " : "Провајдер", + "X.509 certificate of the Service Provider" : "X.509 сертификат провајдера услуга", + "Private key of the Service Provider" : "Приватни кључ провајдера услуга", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Назначава да ће се nameID од који шаље добављач услуга бити шифрован.", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Назначава да ли ће поруке које шаље добављач услуга бити потписане. [метаподаци овог добављача услуга ће понудити ову информацију]", + "Indicates whether the messages sent by this SP will be signed." : "Назначава да ли ће поруке које шаље добављач услуга бити потписане.", + "Indicates whether the messages sent by this SP will be signed." : "Назначава да ли ће поруке које шаље добављач услуга бити потписане.", + "Whether the metadata should be signed." : "Да ли метаподаци треба да буду потписани.", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Назначава захтев да , и елементи које прима овај добављач услуга буду потписани.", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Назначава захтев да елемент који прима овај добављач услуга буде потписан. [метаподаци овог добављача услуга ће понудити ову информацију]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Назначава захтев да елемент који прима овај добављач услуга буде шифрован.", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Назначава захтев да NameID елемент који прима овај добављач услуга буде у поруци.", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Назначава захтев да NameID елемент који прима овај добављач услуга буде шифрован.", + "Indicates if the SP will validate all received XML." : "Назначава да ли ће добављач услуга валидирати сав примљени XML.", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS URL-Енкодује SAML податке малим словима, а тулкит подразумевано користи велика слова. Укључити за ADFS компатибилност при верификацији потписа.", + "Algorithm that the toolkit will use on signing process." : "Алгоритам који ће комплет алатки користити код процеса регистрације.", + "Attribute to map the UID to." : "Атрибут на који се UID мапира.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Дозволи проверу идентитета само ако налог постоји на неком другом позадинском механизму (нпр. LDAP)", + "Attribute to map the displayname to." : "Атрибут на који се displayname мапира.", + "Attribute to map the email address to." : "Атрибут на који се мапира адреса е-поште.", + "Attribute to map the quota to." : "Атрибут на који се мапира квота.", + "Attribute to map the users groups to." : "Атрибут на који да се мапира корисничка група.", + "Attribute to map the users home to." : "Атрибут на који да се мапира кориснички директоријум.", + "Email address" : "Адреса е-поште", + "Encrypted" : "Шифровано", + "Entity" : "Ентитет", + "Kerberos" : "Керберос", + "Persistent" : "Трајно сачувано", + "Transient" : "Привремено", + "Unspecified" : "Неодређено", + "Windows domain qualified name" : "Квалификовано име Windows домена", + "X509 subject name" : "X509 име субјекта", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Користи SAML проверу идентитета за %s десктоп клијенте (захтева поновну проверу идентитета)", + "Optional display name of the identity provider (default: \"SSO & SAML log in\")" : "Опциони натпис за опслужиоца идентитета (подразумевано: „SSO & SAML log in“)", + "Allow the use of multiple user back-ends (e.g. LDAP)" : "Дозволи коришћење више позадинских механизама (нпр. LDAP)", + "SSO & SAML authentication" : "SSO & SAML провера идентитета", + "Authenticate using single sign-on" : "Идентификујте се користећи јединствену пријаву", + "Using the SSO & SAML app of your Nextcloud you can make it easily possible to integrate your existing Single-Sign-On solution with Nextcloud. In addition, you can use the Nextcloud LDAP user provider to keep the convenience for users. (e.g. when sharing)\nThe following providers are supported and tested at the moment:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Authentication via Environment Variable**\n\t* Kerberos (mod_auth_kerb)\n\t* Any other provider that authenticates using the environment variable\n\nWhile theoretically any other authentication provider implementing either one of those standards is compatible, we like to note that they are not part of any internal test matrix." : "Коришћењем SSO & SAML Некстклауд апликације, можете лако омогућити интеграцију у постојеће Single-Sign-On решење са Некстклаудом. Додатно, можете користити и Некстклауд LDAP добављача корисника да корисницима све буде једноставније (нпр. приликом дељења)\nСледећи добављачи су тренутно подржани и тестирани:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Идентификација преко променљивих окружења**\n\t* Kerberos (mod_auth_kerb)\n\t* Било који други провајдер који проверава идентитет преко променљивих окружења\n\nИако је, теоријски, сваки добављач провере идентитета који имплементира било који од стандарда изнад компатибилан, желели бисмо да нагласимо да они нису део интерне тест матрице.", + "Open documentation" : "Отвори документацију", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you enabled \"%s\" or you go directly to the URL %s." : "Постарајте се да подесите административног корисника који може да приступи инстанци преко SSO-а. Пријава преко обичног %s налога неће виши бити могућа, осим ако не укључите \"%s\" или одете директно на адресу %s.", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you go directly to the URL %s." : "Постарајте се да подесите административног корисника који може да приступи инстанци преко SSO-а. Пријава преко обичног %s налога неће виши бити могућа, осим ако не укључите \"%s\".", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Одаберите желите ли да обавите проверу идентитета користећи SAML добављача уграђеног у Некстклауд или преко променљиве окружења.", + "Use built-in SAML authentication" : "Користи уграђени SAML проверу идентитета", + "Use environment variable" : "Користи променљиву окружења", + "Global settings" : "Опште поставке", + "Remove identity provider" : "Уклони провајдера идентитета", + "Add identity provider" : "Додај провајдера идентитета", + "General" : "Опште", + "Service Provider Data" : "Подаци добављача услуга", + "If your Service Provider should use certificates you can optionally specify them here." : "Ако Ваш провајдер услуга користи сертификате, можете их опционо навести овде.", + "Show Service Provider settings…" : "Прикажи поставке провајдера услуга…", + "Name ID format" : "Name ID формат", + "Identity Provider Data" : "Подаци провајдера идентитета", + "Configure your IdP settings here." : "Подесите добављача идентитета овде.", + "Identifier of the IdP entity (must be a URI)" : "Идентификација ентитета добављача идентитета (мора бити URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "URL одредиште добављача идентитета где ће добављач услуга слати Authentication Request Message", + "Show optional Identity Provider settings…" : "Прикажи опционе поставке провајдера идентитета…", + "URL Location of the IdP where the SP will send the SLO Request" : "URL локација добављача идентитета где ће добављач услуга послати SLO захтев", + "URL Location of the IDP's SLO Response" : "URL адреса IDP SLO одговора", + "Public X.509 certificate of the IdP" : "Јавни X.509 сертификат добављача идентитета", + "Attribute mapping" : "Мапирање атрибута", + "If you want to optionally map attributes to the user you can configure these here." : "Ако желите да опционо мапирате атрибуте на корисника, то можете учинити овде.", + "Show attribute mapping settings…" : "Прикажи поставке мапирања атрибута…", + "Security settings" : "Безбедоносне поставке", + "For increased security we recommend enabling the following settings if supported by your environment." : "За повећану безбедност, препоручујемо да укључите следеће поставке, ако их Ваше окружење подржава.", + "Show security settings…" : "Прикажи безбедоносне поставке…", + "Signatures and encryption offered" : "Понуђено потписи и шифровање", + "Signatures and encryption required" : "Захтевани потписи и шифровање", + "Download metadata XML" : "Скини XML метаподатака", + "Reset settings" : "Ресетуј поставке", + "Metadata invalid" : "Метаподаци неисправни", + "Metadata valid" : "Метаподаци исправни", + "Error" : "Грешка", + "Account not provisioned." : "Налог није добављен.", + "Your account is not provisioned, access to this service is thus not possible." : "Ваш налог није добављен. Због тога није могућ приступ овом сервису.", + "Login options:" : "Опције пријаве:", + "Choose a authentication provider" : "Одаберите провајдера провере идентитета" +}, +"nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);"); diff --git a/docker/nextcloud/custom_apps/user_saml/l10n/sr.json b/docker/nextcloud/custom_apps/user_saml/l10n/sr.json new file mode 100644 index 0000000..5c4c4a9 --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/l10n/sr.json @@ -0,0 +1,87 @@ +{ "translations": { + "This user account is disabled, please contact your administrator." : "Овај кориснички налог је искључен. Контактирајте администратора.", + "Saved" : "Сачувано", + "Provider" : "Провајдер", + "Unknown error, please check the log file for more details." : "Непозната грешка. Проверите дневнике за више детаља.", + "Direct log in" : "Директна пријава", + "SSO & SAML log in" : "SSO & SAML пријава", + "This page should not be visited directly." : "Ова страна не би требало да се посећује директно.", + "Provider " : "Провајдер", + "X.509 certificate of the Service Provider" : "X.509 сертификат провајдера услуга", + "Private key of the Service Provider" : "Приватни кључ провајдера услуга", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Назначава да ће се nameID од који шаље добављач услуга бити шифрован.", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Назначава да ли ће поруке које шаље добављач услуга бити потписане. [метаподаци овог добављача услуга ће понудити ову информацију]", + "Indicates whether the messages sent by this SP will be signed." : "Назначава да ли ће поруке које шаље добављач услуга бити потписане.", + "Indicates whether the messages sent by this SP will be signed." : "Назначава да ли ће поруке које шаље добављач услуга бити потписане.", + "Whether the metadata should be signed." : "Да ли метаподаци треба да буду потписани.", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Назначава захтев да , и елементи које прима овај добављач услуга буду потписани.", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Назначава захтев да елемент који прима овај добављач услуга буде потписан. [метаподаци овог добављача услуга ће понудити ову информацију]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Назначава захтев да елемент који прима овај добављач услуга буде шифрован.", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Назначава захтев да NameID елемент који прима овај добављач услуга буде у поруци.", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Назначава захтев да NameID елемент који прима овај добављач услуга буде шифрован.", + "Indicates if the SP will validate all received XML." : "Назначава да ли ће добављач услуга валидирати сав примљени XML.", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS URL-Енкодује SAML податке малим словима, а тулкит подразумевано користи велика слова. Укључити за ADFS компатибилност при верификацији потписа.", + "Algorithm that the toolkit will use on signing process." : "Алгоритам који ће комплет алатки користити код процеса регистрације.", + "Attribute to map the UID to." : "Атрибут на који се UID мапира.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Дозволи проверу идентитета само ако налог постоји на неком другом позадинском механизму (нпр. LDAP)", + "Attribute to map the displayname to." : "Атрибут на који се displayname мапира.", + "Attribute to map the email address to." : "Атрибут на који се мапира адреса е-поште.", + "Attribute to map the quota to." : "Атрибут на који се мапира квота.", + "Attribute to map the users groups to." : "Атрибут на који да се мапира корисничка група.", + "Attribute to map the users home to." : "Атрибут на који да се мапира кориснички директоријум.", + "Email address" : "Адреса е-поште", + "Encrypted" : "Шифровано", + "Entity" : "Ентитет", + "Kerberos" : "Керберос", + "Persistent" : "Трајно сачувано", + "Transient" : "Привремено", + "Unspecified" : "Неодређено", + "Windows domain qualified name" : "Квалификовано име Windows домена", + "X509 subject name" : "X509 име субјекта", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Користи SAML проверу идентитета за %s десктоп клијенте (захтева поновну проверу идентитета)", + "Optional display name of the identity provider (default: \"SSO & SAML log in\")" : "Опциони натпис за опслужиоца идентитета (подразумевано: „SSO & SAML log in“)", + "Allow the use of multiple user back-ends (e.g. LDAP)" : "Дозволи коришћење више позадинских механизама (нпр. LDAP)", + "SSO & SAML authentication" : "SSO & SAML провера идентитета", + "Authenticate using single sign-on" : "Идентификујте се користећи јединствену пријаву", + "Using the SSO & SAML app of your Nextcloud you can make it easily possible to integrate your existing Single-Sign-On solution with Nextcloud. In addition, you can use the Nextcloud LDAP user provider to keep the convenience for users. (e.g. when sharing)\nThe following providers are supported and tested at the moment:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Authentication via Environment Variable**\n\t* Kerberos (mod_auth_kerb)\n\t* Any other provider that authenticates using the environment variable\n\nWhile theoretically any other authentication provider implementing either one of those standards is compatible, we like to note that they are not part of any internal test matrix." : "Коришћењем SSO & SAML Некстклауд апликације, можете лако омогућити интеграцију у постојеће Single-Sign-On решење са Некстклаудом. Додатно, можете користити и Некстклауд LDAP добављача корисника да корисницима све буде једноставније (нпр. приликом дељења)\nСледећи добављачи су тренутно подржани и тестирани:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Идентификација преко променљивих окружења**\n\t* Kerberos (mod_auth_kerb)\n\t* Било који други провајдер који проверава идентитет преко променљивих окружења\n\nИако је, теоријски, сваки добављач провере идентитета који имплементира било који од стандарда изнад компатибилан, желели бисмо да нагласимо да они нису део интерне тест матрице.", + "Open documentation" : "Отвори документацију", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you enabled \"%s\" or you go directly to the URL %s." : "Постарајте се да подесите административног корисника који може да приступи инстанци преко SSO-а. Пријава преко обичног %s налога неће виши бити могућа, осим ако не укључите \"%s\" или одете директно на адресу %s.", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you go directly to the URL %s." : "Постарајте се да подесите административног корисника који може да приступи инстанци преко SSO-а. Пријава преко обичног %s налога неће виши бити могућа, осим ако не укључите \"%s\".", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Одаберите желите ли да обавите проверу идентитета користећи SAML добављача уграђеног у Некстклауд или преко променљиве окружења.", + "Use built-in SAML authentication" : "Користи уграђени SAML проверу идентитета", + "Use environment variable" : "Користи променљиву окружења", + "Global settings" : "Опште поставке", + "Remove identity provider" : "Уклони провајдера идентитета", + "Add identity provider" : "Додај провајдера идентитета", + "General" : "Опште", + "Service Provider Data" : "Подаци добављача услуга", + "If your Service Provider should use certificates you can optionally specify them here." : "Ако Ваш провајдер услуга користи сертификате, можете их опционо навести овде.", + "Show Service Provider settings…" : "Прикажи поставке провајдера услуга…", + "Name ID format" : "Name ID формат", + "Identity Provider Data" : "Подаци провајдера идентитета", + "Configure your IdP settings here." : "Подесите добављача идентитета овде.", + "Identifier of the IdP entity (must be a URI)" : "Идентификација ентитета добављача идентитета (мора бити URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "URL одредиште добављача идентитета где ће добављач услуга слати Authentication Request Message", + "Show optional Identity Provider settings…" : "Прикажи опционе поставке провајдера идентитета…", + "URL Location of the IdP where the SP will send the SLO Request" : "URL локација добављача идентитета где ће добављач услуга послати SLO захтев", + "URL Location of the IDP's SLO Response" : "URL адреса IDP SLO одговора", + "Public X.509 certificate of the IdP" : "Јавни X.509 сертификат добављача идентитета", + "Attribute mapping" : "Мапирање атрибута", + "If you want to optionally map attributes to the user you can configure these here." : "Ако желите да опционо мапирате атрибуте на корисника, то можете учинити овде.", + "Show attribute mapping settings…" : "Прикажи поставке мапирања атрибута…", + "Security settings" : "Безбедоносне поставке", + "For increased security we recommend enabling the following settings if supported by your environment." : "За повећану безбедност, препоручујемо да укључите следеће поставке, ако их Ваше окружење подржава.", + "Show security settings…" : "Прикажи безбедоносне поставке…", + "Signatures and encryption offered" : "Понуђено потписи и шифровање", + "Signatures and encryption required" : "Захтевани потписи и шифровање", + "Download metadata XML" : "Скини XML метаподатака", + "Reset settings" : "Ресетуј поставке", + "Metadata invalid" : "Метаподаци неисправни", + "Metadata valid" : "Метаподаци исправни", + "Error" : "Грешка", + "Account not provisioned." : "Налог није добављен.", + "Your account is not provisioned, access to this service is thus not possible." : "Ваш налог није добављен. Због тога није могућ приступ овом сервису.", + "Login options:" : "Опције пријаве:", + "Choose a authentication provider" : "Одаберите провајдера провере идентитета" +},"pluralForm" :"nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);" +} \ No newline at end of file diff --git a/docker/nextcloud/custom_apps/user_saml/l10n/sv.js b/docker/nextcloud/custom_apps/user_saml/l10n/sv.js new file mode 100644 index 0000000..1b3d84f --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/l10n/sv.js @@ -0,0 +1,88 @@ +OC.L10N.register( + "user_saml", + { + "This user account is disabled, please contact your administrator." : "Detta användarkontot är avstängt, kontakta din administratör.", + "Saved" : "Sparad", + "Provider" : "Leverantör", + "Unknown error, please check the log file for more details." : "Okänt fel, vänligen kontrollera loggfilen för mer detaljer.", + "Direct log in" : "Direkt inloggning", + "SSO & SAML log in" : "SSO & SAML-inloggning", + "This page should not be visited directly." : "Den här sidan ska inte besökas direkt.", + "Provider " : "Leverantör", + "X.509 certificate of the Service Provider" : "X.509-certifikat av leverantören", + "Private key of the Service Provider" : "Privat nyckel från leverantören", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Indikerar att nameID av som skickats av SP kommer att krypteras.", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Indikerar om meddelanden från denna SP kommer att undertecknas. [Metadata av SP kommer att erbjuda denna information]", + "Indicates whether the messages sent by this SP will be signed." : "Indikerar om meddelanden från denna SP kommer att undertecknas.", + "Indicates whether the messages sent by this SP will be signed." : "Indikerar om meddelanden från denna SP kommer att undertecknas.", + "Whether the metadata should be signed." : "Huruvida metadata bör undertecknas.", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Indikerar ett krav för , och delar mottaget av denna SP signeras.", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Indikerar ett krav för de mottagna -objekten av denna SP att signeras. [Metadata av SP'n erbjuder denna information]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Indikerar ett krav för de mottagna -objekten från denna SP att krypteras.", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Indikerar ett krav för objektet NameID på SAMLResponse mottaget av denna SP ska finnas.", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Indikerar ett krav för NameID mottagen av denna SP att vara krypterad.", + "Indicates if the SP will validate all received XML." : "Indikerar om SP'n kommer validera alla mottagna XML.", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS webbadress avkodar SAML-data som små bokstäver och verktyget använder stora bokstäver som standard. Aktivera för ADFS-kompatibilitet för signaturverifiering.", + "Algorithm that the toolkit will use on signing process." : "Algoritm som kommer att användas vid signeringsprocessen.", + "Attribute to map the UID to." : "Attribut för att mappa UID till.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Tillåt bara tillgång om ett konto finns på någon annan backend. (t.ex. LDAP)", + "Attribute to map the displayname to." : "Attribut att mappa visningsnamnet till", + "Attribute to map the email address to." : "Attribut att mappa epost-adress till.", + "Attribute to map the quota to." : "Attribut att mappa quota till.", + "Attribute to map the users groups to." : "Attribut att mappa användargrupper till.", + "Attribute to map the users home to." : "Attribut att mappa hemkataloger till.", + "Email address" : "E-postadress", + "Encrypted" : "Krypterad", + "Entity" : "Entity", + "Kerberos" : "Kerberos", + "Persistent" : "Persistent", + "Transient" : "Transient", + "Unspecified" : "Unspecified", + "Windows domain qualified name" : "Windows domain qualified name", + "X509 subject name" : "X509 subject name", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Använd SAML-autentisering för %s skrivbordsklienter (kräver att användarna loggar in på nytt)", + "Optional display name of the identity provider (default: \"SSO & SAML log in\")" : "Frivilligt visningsnamn av den identifierande aktören (standard: \"SSO & SAML inloggning\")", + "Allow the use of multiple user back-ends (e.g. LDAP)" : "Tillåt användning av flera användarkataloger (t.ex. LDAP)", + "SSO & SAML authentication" : "SSO & SAML-autentisering", + "Authenticate using single sign-on" : "Autentisera med single sign-on", + "Using the SSO & SAML app of your Nextcloud you can make it easily possible to integrate your existing Single-Sign-On solution with Nextcloud. In addition, you can use the Nextcloud LDAP user provider to keep the convenience for users. (e.g. when sharing)\nThe following providers are supported and tested at the moment:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Authentication via Environment Variable**\n\t* Kerberos (mod_auth_kerb)\n\t* Any other provider that authenticates using the environment variable\n\nWhile theoretically any other authentication provider implementing either one of those standards is compatible, we like to note that they are not part of any internal test matrix." : "Med hjälp av SSO & SAML-appen i din Nextcloud kan du enkelt integrera din befintliga Single-Sign-On-lösning med Nextcloud. Dessutom kan du använda Nextcloud LDAP-användarleverantören för att hålla bekvämligheten för användarna. (t.ex. vid delning)\nFöljande leverantörer stöds och testas för tillfället:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Autentisering via miljövariabel**\n\t* Kerberos (mod_auth_kerb)\n\t* Alla andra leverantörer som autentiserar med hjälp av miljövariabeln\n\nMedan teoretiskt någon annan autentiseringsleverantör som implementerar någon av dessa standarder är kompatibel, vill vi notera att de inte ingår i någon intern testmatris.", + "Open documentation" : "Öppna dokumentationen", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you enabled \"%s\" or you go directly to the URL %s." : "Var säker på att konfigurera en administratörs-användare som kommer åt instansen via SSO. Inloggning med ditt vanliga %s konto kommer inte vara möjligt längre, om du inte aktiverat \"%s\" eller gå direkt till webbadressen %s.", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you go directly to the URL %s." : "Var säker på att konfigurera en administratörs-användare som kommer åt instansen via SSO. Inloggning med ditt vanliga %s konto kommer inte vara möjligt längre, om du inte går direkt till webbadressen %s.", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Vänligen välj om du vill autentisera med SAML-leverantören inbyggd i Nextcloud eller om du vill autentisera mot en miljövariabel.", + "Use built-in SAML authentication" : "Använd den inbyggda SAML-autentiseringen", + "Use environment variable" : "Använd miljövariabel", + "Global settings" : "Globala inställningar", + "Remove identity provider" : "Ta bort identity provider", + "Add identity provider" : "Lägg till identity provider", + "General" : "Allmänt", + "Service Provider Data" : "Leverantörsdata", + "If your Service Provider should use certificates you can optionally specify them here." : "Om din tjänstleverantör använder certifikat kan du välja att ange dem här.", + "Show Service Provider settings…" : "Visa leverantörsinställningar", + "Name ID format" : "Name ID format", + "Identity Provider Data" : "Identitetsleverantörsdata", + "Configure your IdP settings here." : "Konfigurera dina IdP-inställningar här.", + "Identifier of the IdP entity (must be a URI)" : "Identifierare av IdP'n (måste vara en URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "Webbadressmål av IdP där SP skickar autentiseringsförfrågningsmeddelandet", + "Show optional Identity Provider settings…" : "Visa valbara Identity Provider inställningar...", + "URL Location of the IdP where the SP will send the SLO Request" : "Webbadressplatsen för IdP där SP skickar SLO-förfrågan", + "Public X.509 certificate of the IdP" : "Publikt X.509-certifikat av IdP'n", + "Attribute mapping" : "Attributmappning", + "If you want to optionally map attributes to the user you can configure these here." : "Om du vill mappa attributen till användaren kan du konfigurera dessa här", + "Show attribute mapping settings…" : "Visa inställningar för attributmappning", + "Security settings" : "Säkerhetsinställningar", + "For increased security we recommend enabling the following settings if supported by your environment." : "För ökad säkerhet rekommenderar vi att följande inställningar aktiveras om de stöds av din miljö.", + "Show security settings…" : "Visa säkerhetsinställningar...", + "Signatures and encryption offered" : "Signatur och kryptering erbjuden", + "Signatures and encryption required" : "Signaturer och kryptering krävs", + "Download metadata XML" : "Hämta metadata XML-fil", + "Reset settings" : "Återställ inställningar", + "Metadata invalid" : "Metadata ogiltig", + "Metadata valid" : "Metadata giltig", + "Error" : "Fel", + "Account not provisioned." : "Konto inte förberett", + "Your account is not provisioned, access to this service is thus not possible." : "Ditt konto tillhandahålls inte, åtkomst till den här tjänsten är därför inte möjligt.", + "Login options:" : "Inloggningsalternativ:", + "Choose a authentication provider" : "Välj en autentiseringsleverantör" +}, +"nplurals=2; plural=(n != 1);"); diff --git a/docker/nextcloud/custom_apps/user_saml/l10n/sv.json b/docker/nextcloud/custom_apps/user_saml/l10n/sv.json new file mode 100644 index 0000000..a3becab --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/l10n/sv.json @@ -0,0 +1,86 @@ +{ "translations": { + "This user account is disabled, please contact your administrator." : "Detta användarkontot är avstängt, kontakta din administratör.", + "Saved" : "Sparad", + "Provider" : "Leverantör", + "Unknown error, please check the log file for more details." : "Okänt fel, vänligen kontrollera loggfilen för mer detaljer.", + "Direct log in" : "Direkt inloggning", + "SSO & SAML log in" : "SSO & SAML-inloggning", + "This page should not be visited directly." : "Den här sidan ska inte besökas direkt.", + "Provider " : "Leverantör", + "X.509 certificate of the Service Provider" : "X.509-certifikat av leverantören", + "Private key of the Service Provider" : "Privat nyckel från leverantören", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Indikerar att nameID av som skickats av SP kommer att krypteras.", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Indikerar om meddelanden från denna SP kommer att undertecknas. [Metadata av SP kommer att erbjuda denna information]", + "Indicates whether the messages sent by this SP will be signed." : "Indikerar om meddelanden från denna SP kommer att undertecknas.", + "Indicates whether the messages sent by this SP will be signed." : "Indikerar om meddelanden från denna SP kommer att undertecknas.", + "Whether the metadata should be signed." : "Huruvida metadata bör undertecknas.", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Indikerar ett krav för , och delar mottaget av denna SP signeras.", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Indikerar ett krav för de mottagna -objekten av denna SP att signeras. [Metadata av SP'n erbjuder denna information]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Indikerar ett krav för de mottagna -objekten från denna SP att krypteras.", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Indikerar ett krav för objektet NameID på SAMLResponse mottaget av denna SP ska finnas.", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Indikerar ett krav för NameID mottagen av denna SP att vara krypterad.", + "Indicates if the SP will validate all received XML." : "Indikerar om SP'n kommer validera alla mottagna XML.", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS webbadress avkodar SAML-data som små bokstäver och verktyget använder stora bokstäver som standard. Aktivera för ADFS-kompatibilitet för signaturverifiering.", + "Algorithm that the toolkit will use on signing process." : "Algoritm som kommer att användas vid signeringsprocessen.", + "Attribute to map the UID to." : "Attribut för att mappa UID till.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Tillåt bara tillgång om ett konto finns på någon annan backend. (t.ex. LDAP)", + "Attribute to map the displayname to." : "Attribut att mappa visningsnamnet till", + "Attribute to map the email address to." : "Attribut att mappa epost-adress till.", + "Attribute to map the quota to." : "Attribut att mappa quota till.", + "Attribute to map the users groups to." : "Attribut att mappa användargrupper till.", + "Attribute to map the users home to." : "Attribut att mappa hemkataloger till.", + "Email address" : "E-postadress", + "Encrypted" : "Krypterad", + "Entity" : "Entity", + "Kerberos" : "Kerberos", + "Persistent" : "Persistent", + "Transient" : "Transient", + "Unspecified" : "Unspecified", + "Windows domain qualified name" : "Windows domain qualified name", + "X509 subject name" : "X509 subject name", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Använd SAML-autentisering för %s skrivbordsklienter (kräver att användarna loggar in på nytt)", + "Optional display name of the identity provider (default: \"SSO & SAML log in\")" : "Frivilligt visningsnamn av den identifierande aktören (standard: \"SSO & SAML inloggning\")", + "Allow the use of multiple user back-ends (e.g. LDAP)" : "Tillåt användning av flera användarkataloger (t.ex. LDAP)", + "SSO & SAML authentication" : "SSO & SAML-autentisering", + "Authenticate using single sign-on" : "Autentisera med single sign-on", + "Using the SSO & SAML app of your Nextcloud you can make it easily possible to integrate your existing Single-Sign-On solution with Nextcloud. In addition, you can use the Nextcloud LDAP user provider to keep the convenience for users. (e.g. when sharing)\nThe following providers are supported and tested at the moment:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Authentication via Environment Variable**\n\t* Kerberos (mod_auth_kerb)\n\t* Any other provider that authenticates using the environment variable\n\nWhile theoretically any other authentication provider implementing either one of those standards is compatible, we like to note that they are not part of any internal test matrix." : "Med hjälp av SSO & SAML-appen i din Nextcloud kan du enkelt integrera din befintliga Single-Sign-On-lösning med Nextcloud. Dessutom kan du använda Nextcloud LDAP-användarleverantören för att hålla bekvämligheten för användarna. (t.ex. vid delning)\nFöljande leverantörer stöds och testas för tillfället:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Autentisering via miljövariabel**\n\t* Kerberos (mod_auth_kerb)\n\t* Alla andra leverantörer som autentiserar med hjälp av miljövariabeln\n\nMedan teoretiskt någon annan autentiseringsleverantör som implementerar någon av dessa standarder är kompatibel, vill vi notera att de inte ingår i någon intern testmatris.", + "Open documentation" : "Öppna dokumentationen", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you enabled \"%s\" or you go directly to the URL %s." : "Var säker på att konfigurera en administratörs-användare som kommer åt instansen via SSO. Inloggning med ditt vanliga %s konto kommer inte vara möjligt längre, om du inte aktiverat \"%s\" eller gå direkt till webbadressen %s.", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you go directly to the URL %s." : "Var säker på att konfigurera en administratörs-användare som kommer åt instansen via SSO. Inloggning med ditt vanliga %s konto kommer inte vara möjligt längre, om du inte går direkt till webbadressen %s.", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Vänligen välj om du vill autentisera med SAML-leverantören inbyggd i Nextcloud eller om du vill autentisera mot en miljövariabel.", + "Use built-in SAML authentication" : "Använd den inbyggda SAML-autentiseringen", + "Use environment variable" : "Använd miljövariabel", + "Global settings" : "Globala inställningar", + "Remove identity provider" : "Ta bort identity provider", + "Add identity provider" : "Lägg till identity provider", + "General" : "Allmänt", + "Service Provider Data" : "Leverantörsdata", + "If your Service Provider should use certificates you can optionally specify them here." : "Om din tjänstleverantör använder certifikat kan du välja att ange dem här.", + "Show Service Provider settings…" : "Visa leverantörsinställningar", + "Name ID format" : "Name ID format", + "Identity Provider Data" : "Identitetsleverantörsdata", + "Configure your IdP settings here." : "Konfigurera dina IdP-inställningar här.", + "Identifier of the IdP entity (must be a URI)" : "Identifierare av IdP'n (måste vara en URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "Webbadressmål av IdP där SP skickar autentiseringsförfrågningsmeddelandet", + "Show optional Identity Provider settings…" : "Visa valbara Identity Provider inställningar...", + "URL Location of the IdP where the SP will send the SLO Request" : "Webbadressplatsen för IdP där SP skickar SLO-förfrågan", + "Public X.509 certificate of the IdP" : "Publikt X.509-certifikat av IdP'n", + "Attribute mapping" : "Attributmappning", + "If you want to optionally map attributes to the user you can configure these here." : "Om du vill mappa attributen till användaren kan du konfigurera dessa här", + "Show attribute mapping settings…" : "Visa inställningar för attributmappning", + "Security settings" : "Säkerhetsinställningar", + "For increased security we recommend enabling the following settings if supported by your environment." : "För ökad säkerhet rekommenderar vi att följande inställningar aktiveras om de stöds av din miljö.", + "Show security settings…" : "Visa säkerhetsinställningar...", + "Signatures and encryption offered" : "Signatur och kryptering erbjuden", + "Signatures and encryption required" : "Signaturer och kryptering krävs", + "Download metadata XML" : "Hämta metadata XML-fil", + "Reset settings" : "Återställ inställningar", + "Metadata invalid" : "Metadata ogiltig", + "Metadata valid" : "Metadata giltig", + "Error" : "Fel", + "Account not provisioned." : "Konto inte förberett", + "Your account is not provisioned, access to this service is thus not possible." : "Ditt konto tillhandahålls inte, åtkomst till den här tjänsten är därför inte möjligt.", + "Login options:" : "Inloggningsalternativ:", + "Choose a authentication provider" : "Välj en autentiseringsleverantör" +},"pluralForm" :"nplurals=2; plural=(n != 1);" +} \ No newline at end of file diff --git a/docker/nextcloud/custom_apps/user_saml/l10n/th.js b/docker/nextcloud/custom_apps/user_saml/l10n/th.js new file mode 100644 index 0000000..df7edf7 --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/l10n/th.js @@ -0,0 +1,10 @@ +OC.L10N.register( + "user_saml", + { + "This user account is disabled, please contact your administrator." : "ผู้ใช้รายนี้ ถูกระงับ\nกรุณาติดต่อ ผู้ดูแลระบบ", + "Saved" : "บันทึกแล้ว", + "Open documentation" : "เปิดเอกสาร", + "General" : "ทั่วไป", + "Error" : "ข้อผิดพลาด" +}, +"nplurals=1; plural=0;"); diff --git a/docker/nextcloud/custom_apps/user_saml/l10n/th.json b/docker/nextcloud/custom_apps/user_saml/l10n/th.json new file mode 100644 index 0000000..f78bf7b --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/l10n/th.json @@ -0,0 +1,8 @@ +{ "translations": { + "This user account is disabled, please contact your administrator." : "ผู้ใช้รายนี้ ถูกระงับ\nกรุณาติดต่อ ผู้ดูแลระบบ", + "Saved" : "บันทึกแล้ว", + "Open documentation" : "เปิดเอกสาร", + "General" : "ทั่วไป", + "Error" : "ข้อผิดพลาด" +},"pluralForm" :"nplurals=1; plural=0;" +} \ No newline at end of file diff --git a/docker/nextcloud/custom_apps/user_saml/l10n/tr.js b/docker/nextcloud/custom_apps/user_saml/l10n/tr.js new file mode 100644 index 0000000..bfba999 --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/l10n/tr.js @@ -0,0 +1,89 @@ +OC.L10N.register( + "user_saml", + { + "This user account is disabled, please contact your administrator." : "Kullanıcı hesabı devre dışı bırakılmış. Lütfen yöneticiniz ile görüşün.", + "Saved" : "Kaydedildi", + "Provider" : "Hizmet Sağlayıcı", + "Unknown error, please check the log file for more details." : "Bilinmeyen bir sorun çıktı. Ayrıntılı bilgi almak için günlük dosyalarına bakabilirsiniz.", + "Direct log in" : "Doğrudan oturum açma", + "SSO & SAML log in" : "SSO ve SAML oturum açma", + "This page should not be visited directly." : "Bu sayfaya doğrudan erişilememelidir.", + "Provider " : "Hizmet Sağlayıcı", + "X.509 certificate of the Service Provider" : "Hizmet sağlayıcısının X.509 sertifikası", + "Private key of the Service Provider" : "Hizmet sağlayıcısının özel anahtarı", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Bu hizmet sağlayıcı tarafından gönderilen NameID değerinin şifrelenmiş olup olmayacağını gösterir.", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Bu hizmet sağlayıcı tarafından gönderilen iletilerinin imzalanmış olup olmayacağını gösterir [bu bilgi hizmet sağlayıcının üst verilerinde bulunur].", + "Indicates whether the messages sent by this SP will be signed." : "Bu hizmet sağlayıcı tarafından gönderilen iletilerinin imzalanmış olup olmayacağını gösterir.", + "Indicates whether the messages sent by this SP will be signed." : "Bu hizmet sağlayıcı tarafından gönderilen iletilerinin imzalanmış olup olmayacağını gösterir.", + "Whether the metadata should be signed." : "Üst verilerin imzalanmasının gerekip gerekmediği.", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Bu hizmet sağlayıcı tarafından alınan , ve bileşenleri için isteğin imzalanmış olup olmayacağını gösterir.", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Bu hizmet sağlayıcı tarafından alınan bileşenleri için isteğin imzalanmış olup olmayacağını gösterir [bu bilgi hizmet sağlayıcının üst verilerinde bulunur]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Bu hizmet sağlayıcı tarafından alınan bileşenlerinin şifrelenmiş olup olmayacağını gösterir.", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Bu hizmet sağlayıcı tarafından alınan SAMLResponse içindeki zorunlu NameID bileşeninin var olup olmayacağını gösterir.", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Bu hizmet sağlayıcı tarafından alınan zorunlu NameID şifrelenmiş olup olmayacağını gösterir.", + "Indicates if the SP will validate all received XML." : "Hizmet sağlayıcının alınan tüm XML kodlarını doğrulayacağını gösterir.", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS SAML verilerindeki adres kodlamalarını küçük harfler ile yaparken araç büyük harf kullanır. İmza doğrulaması bölümündeki ADFS uyumluluğunu etkinleştirin.", + "Algorithm that the toolkit will use on signing process." : "İmzalama işleminde araç takımı tarafından kullanılacak algoritma.", + "Attribute to map the UID to." : "UID değerinin eşleştirileceği öznitelik.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Kimlik yalnız, hesap başka bir arka sistemde varsa (LDAP gibi) doğrulansın", + "Attribute to map the displayname to." : "Görüntülenecek ad değerinin eşleştirileceği öznitelik.", + "Attribute to map the email address to." : "E-posta adresi değerinin eşleştirileceği özellik.", + "Attribute to map the quota to." : "Kime kotası değerinin eşleştirileceği öznitelik.", + "Attribute to map the users groups to." : "Kulanıcı grupları değerinin eşleştirileceği öznitelik.", + "Attribute to map the users home to." : "Kullanıcıların ev değerinin eşleştirileceği öznitelik.", + "Email address" : "E-posta adresi", + "Encrypted" : "Şifrelenmiş", + "Entity" : "Varlık", + "Kerberos" : "Kerberos", + "Persistent" : "Kalıcı", + "Transient" : "Geçici", + "Unspecified" : "Belirtilmemiş", + "Windows domain qualified name" : "Windows etki alanı tam adı", + "X509 subject name" : "X509 ögesi adı", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "%s masaüstü istemcileri için SAML kimlik doğrulaması kullanılsın (kullanıcının kimliğini yeniden doğrulaması gerekir)", + "Optional display name of the identity provider (default: \"SSO & SAML log in\")" : "İsteğe bağlı olarak görüntülenecek kimlik hizmeti sağlayıcısının adı (varsayılan: \"SSO ve SAML oturum açma\")", + "Allow the use of multiple user back-ends (e.g. LDAP)" : "Birden çok kullanıcı arka yüzü kullanılabilsin (LDAP gibi)", + "SSO & SAML authentication" : "SSO ve SAML kimlik doğrulaması", + "Authenticate using single sign-on" : "Bu uygulama, tek oturum açma ile kimlik doğrulaması yapılmasını sağlar.", + "Using the SSO & SAML app of your Nextcloud you can make it easily possible to integrate your existing Single-Sign-On solution with Nextcloud. In addition, you can use the Nextcloud LDAP user provider to keep the convenience for users. (e.g. when sharing)\nThe following providers are supported and tested at the moment:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Authentication via Environment Variable**\n\t* Kerberos (mod_auth_kerb)\n\t* Any other provider that authenticates using the environment variable\n\nWhile theoretically any other authentication provider implementing either one of those standards is compatible, we like to note that they are not part of any internal test matrix." : "Tek Oturum Açma ve SAML uygulaması var olan Tek Oturum Açma uygulamanız ile Nextcloud sunucunuzun bütünleşik çalışmasını sağlar. Ek olarak Kullanıcılarınıza kolaylık sağlamak için (paylaşım sırasında gibi) LDAP kullanıcı hizmeti sağlayıcısını da kullanabilirsiniz.
    Şu anda aşağıdaki hizmet sağlayıcılar denenmiş ve desteklenmektedir:

    * **SAML 2.0**
    * OneLogin
    * Shibboleth
    * Active Directory Federation Services (ADFS)

    * **Authentication via Environment Variable**
    * Kerberos (mod_auth_kerb)
    * Kimlik doğrulamasında ortam değişkeni kullanan diğer hizmet sağlayıcılar

    Teorik olarak bu standartlara uygun diğer hizmet sağlayıcıların da uyumlu olması gerekir. Denememizi istediğiniz diğer uygulamaları bize bildirirseniz seviniriz.", + "Open documentation" : "Belgeleri aç", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you enabled \"%s\" or you go directly to the URL %s." : "Kopyaya SSO üzerinden erişebilecek bir yönetici kullanıcı yapılandırdığınızdan emin olun. Bundan sonra normal %s hesabınızı kullanarak oturum açabilmeniz için \"%s\" seçeneğini etkinleştirmeniz ya da doğrudan %s adresine gitmeniz gerekir.", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you go directly to the URL %s." : "Kopyaya SSO üzerinden erişebilecek bir yönetici kullanıcı yapılandırdığınızdan emin olun. Bundan sonra normal %s hesabınızı kullanarak oturum açabilmeniz için doğrudan %s adresine gitmeniz gerekir.", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Kimlik doğrulamasının Nextcloud içindeki SAML hizmet sağlayıcısı mı ortam değişkeni mi kullanılarak mı yapılacağını seçin.", + "Use built-in SAML authentication" : "İç SAML kimlik doğrulaması kullanılsın", + "Use environment variable" : "Ortam değişkeni kullanılsın", + "Global settings" : "Genel ayarlar", + "Remove identity provider" : "Kimlik hizmeti sağlayıcısını sil", + "Add identity provider" : "Kimlik hizmeti sağlayıcı ekle", + "General" : "Genel", + "Service Provider Data" : "Hizmet Sağlayıcısı Verileri", + "If your Service Provider should use certificates you can optionally specify them here." : "Hizmet sağlayıcınızın kullandığı sertifikalar varsa buradan isteğinize göre belirtebilirsiniz.", + "Show Service Provider settings…" : "Hizmet Sağlayıcı ayarlarını görüntüle …", + "Name ID format" : "Ad kodu biçimi", + "Identity Provider Data" : "Kimlik Sağlayıcısı Verileri", + "Configure your IdP settings here." : "Buradan Kimlik Sağlayıcı ayarlarınızı yapılandırabilirsiniz.", + "Identifier of the IdP entity (must be a URI)" : "Kimlik Sağlayıcı varlığının belirteci (bir adres olmalı)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "Hizmet sağlayıcının Kimlik Doğrulama İsteği İletisini gödereceği Kimlik Sağlayıcı hedef adresini yazın", + "Show optional Identity Provider settings…" : "İsteğe bağlı ek Kimlik Sağlayıcısı ayarları …", + "URL Location of the IdP where the SP will send the SLO Request" : "Hizmet sağlayıcının SLO İsteğini gödereceği Kimlik Sağlayıcı adresini yazın", + "URL Location of the IDP's SLO Response" : "Kimlik hizmeti sağlayıcının SLO yanıtı adresi", + "Public X.509 certificate of the IdP" : "Kimlik Sağlayıcının herkese açık X.509 sertifikası", + "Attribute mapping" : "Öznitelik eşleştirme", + "If you want to optionally map attributes to the user you can configure these here." : "Öznitelikler isteğe bağlı olarak kullanıcı ile buradan eşleştirilebilir.", + "Show attribute mapping settings…" : "Öznitelik eşleştirme ayarlarını görüntüle …", + "Security settings" : "Güvenlik ayarları", + "For increased security we recommend enabling the following settings if supported by your environment." : "Arttırılmış güvenlik için ortamınız tarafından destekleniyorsa şu seçenekleri etkinleştirmeniz önerilir.", + "Show security settings…" : "Güvenlik ayarlarını görüntüle …", + "Signatures and encryption offered" : "Önerilen imza ve şifreleme", + "Signatures and encryption required" : "Gereken imza ve şifreleme", + "Download metadata XML" : "Üst veri XML dosyasını indir", + "Reset settings" : "Ayarları sıfırla", + "Metadata invalid" : "Üst veri geçersiz", + "Metadata valid" : "Üst veri geçerli", + "Error" : "Hata", + "Account not provisioned." : "Hesabınız hazır değil.", + "Your account is not provisioned, access to this service is thus not possible." : "Hesabınız hazır olmadığından bu hizmeti kullanamazsınız.", + "Login options:" : "Oturum açma seçenekleri:", + "Choose a authentication provider" : "Bir kimlik doğrulama hizmeti sağlayıcısı seçin" +}, +"nplurals=2; plural=(n > 1);"); diff --git a/docker/nextcloud/custom_apps/user_saml/l10n/tr.json b/docker/nextcloud/custom_apps/user_saml/l10n/tr.json new file mode 100644 index 0000000..bc06f80 --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/l10n/tr.json @@ -0,0 +1,87 @@ +{ "translations": { + "This user account is disabled, please contact your administrator." : "Kullanıcı hesabı devre dışı bırakılmış. Lütfen yöneticiniz ile görüşün.", + "Saved" : "Kaydedildi", + "Provider" : "Hizmet Sağlayıcı", + "Unknown error, please check the log file for more details." : "Bilinmeyen bir sorun çıktı. Ayrıntılı bilgi almak için günlük dosyalarına bakabilirsiniz.", + "Direct log in" : "Doğrudan oturum açma", + "SSO & SAML log in" : "SSO ve SAML oturum açma", + "This page should not be visited directly." : "Bu sayfaya doğrudan erişilememelidir.", + "Provider " : "Hizmet Sağlayıcı", + "X.509 certificate of the Service Provider" : "Hizmet sağlayıcısının X.509 sertifikası", + "Private key of the Service Provider" : "Hizmet sağlayıcısının özel anahtarı", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Bu hizmet sağlayıcı tarafından gönderilen NameID değerinin şifrelenmiş olup olmayacağını gösterir.", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Bu hizmet sağlayıcı tarafından gönderilen iletilerinin imzalanmış olup olmayacağını gösterir [bu bilgi hizmet sağlayıcının üst verilerinde bulunur].", + "Indicates whether the messages sent by this SP will be signed." : "Bu hizmet sağlayıcı tarafından gönderilen iletilerinin imzalanmış olup olmayacağını gösterir.", + "Indicates whether the messages sent by this SP will be signed." : "Bu hizmet sağlayıcı tarafından gönderilen iletilerinin imzalanmış olup olmayacağını gösterir.", + "Whether the metadata should be signed." : "Üst verilerin imzalanmasının gerekip gerekmediği.", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Bu hizmet sağlayıcı tarafından alınan , ve bileşenleri için isteğin imzalanmış olup olmayacağını gösterir.", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Bu hizmet sağlayıcı tarafından alınan bileşenleri için isteğin imzalanmış olup olmayacağını gösterir [bu bilgi hizmet sağlayıcının üst verilerinde bulunur]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Bu hizmet sağlayıcı tarafından alınan bileşenlerinin şifrelenmiş olup olmayacağını gösterir.", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Bu hizmet sağlayıcı tarafından alınan SAMLResponse içindeki zorunlu NameID bileşeninin var olup olmayacağını gösterir.", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Bu hizmet sağlayıcı tarafından alınan zorunlu NameID şifrelenmiş olup olmayacağını gösterir.", + "Indicates if the SP will validate all received XML." : "Hizmet sağlayıcının alınan tüm XML kodlarını doğrulayacağını gösterir.", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS SAML verilerindeki adres kodlamalarını küçük harfler ile yaparken araç büyük harf kullanır. İmza doğrulaması bölümündeki ADFS uyumluluğunu etkinleştirin.", + "Algorithm that the toolkit will use on signing process." : "İmzalama işleminde araç takımı tarafından kullanılacak algoritma.", + "Attribute to map the UID to." : "UID değerinin eşleştirileceği öznitelik.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Kimlik yalnız, hesap başka bir arka sistemde varsa (LDAP gibi) doğrulansın", + "Attribute to map the displayname to." : "Görüntülenecek ad değerinin eşleştirileceği öznitelik.", + "Attribute to map the email address to." : "E-posta adresi değerinin eşleştirileceği özellik.", + "Attribute to map the quota to." : "Kime kotası değerinin eşleştirileceği öznitelik.", + "Attribute to map the users groups to." : "Kulanıcı grupları değerinin eşleştirileceği öznitelik.", + "Attribute to map the users home to." : "Kullanıcıların ev değerinin eşleştirileceği öznitelik.", + "Email address" : "E-posta adresi", + "Encrypted" : "Şifrelenmiş", + "Entity" : "Varlık", + "Kerberos" : "Kerberos", + "Persistent" : "Kalıcı", + "Transient" : "Geçici", + "Unspecified" : "Belirtilmemiş", + "Windows domain qualified name" : "Windows etki alanı tam adı", + "X509 subject name" : "X509 ögesi adı", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "%s masaüstü istemcileri için SAML kimlik doğrulaması kullanılsın (kullanıcının kimliğini yeniden doğrulaması gerekir)", + "Optional display name of the identity provider (default: \"SSO & SAML log in\")" : "İsteğe bağlı olarak görüntülenecek kimlik hizmeti sağlayıcısının adı (varsayılan: \"SSO ve SAML oturum açma\")", + "Allow the use of multiple user back-ends (e.g. LDAP)" : "Birden çok kullanıcı arka yüzü kullanılabilsin (LDAP gibi)", + "SSO & SAML authentication" : "SSO ve SAML kimlik doğrulaması", + "Authenticate using single sign-on" : "Bu uygulama, tek oturum açma ile kimlik doğrulaması yapılmasını sağlar.", + "Using the SSO & SAML app of your Nextcloud you can make it easily possible to integrate your existing Single-Sign-On solution with Nextcloud. In addition, you can use the Nextcloud LDAP user provider to keep the convenience for users. (e.g. when sharing)\nThe following providers are supported and tested at the moment:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Authentication via Environment Variable**\n\t* Kerberos (mod_auth_kerb)\n\t* Any other provider that authenticates using the environment variable\n\nWhile theoretically any other authentication provider implementing either one of those standards is compatible, we like to note that they are not part of any internal test matrix." : "Tek Oturum Açma ve SAML uygulaması var olan Tek Oturum Açma uygulamanız ile Nextcloud sunucunuzun bütünleşik çalışmasını sağlar. Ek olarak Kullanıcılarınıza kolaylık sağlamak için (paylaşım sırasında gibi) LDAP kullanıcı hizmeti sağlayıcısını da kullanabilirsiniz.
    Şu anda aşağıdaki hizmet sağlayıcılar denenmiş ve desteklenmektedir:

    * **SAML 2.0**
    * OneLogin
    * Shibboleth
    * Active Directory Federation Services (ADFS)

    * **Authentication via Environment Variable**
    * Kerberos (mod_auth_kerb)
    * Kimlik doğrulamasında ortam değişkeni kullanan diğer hizmet sağlayıcılar

    Teorik olarak bu standartlara uygun diğer hizmet sağlayıcıların da uyumlu olması gerekir. Denememizi istediğiniz diğer uygulamaları bize bildirirseniz seviniriz.", + "Open documentation" : "Belgeleri aç", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you enabled \"%s\" or you go directly to the URL %s." : "Kopyaya SSO üzerinden erişebilecek bir yönetici kullanıcı yapılandırdığınızdan emin olun. Bundan sonra normal %s hesabınızı kullanarak oturum açabilmeniz için \"%s\" seçeneğini etkinleştirmeniz ya da doğrudan %s adresine gitmeniz gerekir.", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you go directly to the URL %s." : "Kopyaya SSO üzerinden erişebilecek bir yönetici kullanıcı yapılandırdığınızdan emin olun. Bundan sonra normal %s hesabınızı kullanarak oturum açabilmeniz için doğrudan %s adresine gitmeniz gerekir.", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Kimlik doğrulamasının Nextcloud içindeki SAML hizmet sağlayıcısı mı ortam değişkeni mi kullanılarak mı yapılacağını seçin.", + "Use built-in SAML authentication" : "İç SAML kimlik doğrulaması kullanılsın", + "Use environment variable" : "Ortam değişkeni kullanılsın", + "Global settings" : "Genel ayarlar", + "Remove identity provider" : "Kimlik hizmeti sağlayıcısını sil", + "Add identity provider" : "Kimlik hizmeti sağlayıcı ekle", + "General" : "Genel", + "Service Provider Data" : "Hizmet Sağlayıcısı Verileri", + "If your Service Provider should use certificates you can optionally specify them here." : "Hizmet sağlayıcınızın kullandığı sertifikalar varsa buradan isteğinize göre belirtebilirsiniz.", + "Show Service Provider settings…" : "Hizmet Sağlayıcı ayarlarını görüntüle …", + "Name ID format" : "Ad kodu biçimi", + "Identity Provider Data" : "Kimlik Sağlayıcısı Verileri", + "Configure your IdP settings here." : "Buradan Kimlik Sağlayıcı ayarlarınızı yapılandırabilirsiniz.", + "Identifier of the IdP entity (must be a URI)" : "Kimlik Sağlayıcı varlığının belirteci (bir adres olmalı)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "Hizmet sağlayıcının Kimlik Doğrulama İsteği İletisini gödereceği Kimlik Sağlayıcı hedef adresini yazın", + "Show optional Identity Provider settings…" : "İsteğe bağlı ek Kimlik Sağlayıcısı ayarları …", + "URL Location of the IdP where the SP will send the SLO Request" : "Hizmet sağlayıcının SLO İsteğini gödereceği Kimlik Sağlayıcı adresini yazın", + "URL Location of the IDP's SLO Response" : "Kimlik hizmeti sağlayıcının SLO yanıtı adresi", + "Public X.509 certificate of the IdP" : "Kimlik Sağlayıcının herkese açık X.509 sertifikası", + "Attribute mapping" : "Öznitelik eşleştirme", + "If you want to optionally map attributes to the user you can configure these here." : "Öznitelikler isteğe bağlı olarak kullanıcı ile buradan eşleştirilebilir.", + "Show attribute mapping settings…" : "Öznitelik eşleştirme ayarlarını görüntüle …", + "Security settings" : "Güvenlik ayarları", + "For increased security we recommend enabling the following settings if supported by your environment." : "Arttırılmış güvenlik için ortamınız tarafından destekleniyorsa şu seçenekleri etkinleştirmeniz önerilir.", + "Show security settings…" : "Güvenlik ayarlarını görüntüle …", + "Signatures and encryption offered" : "Önerilen imza ve şifreleme", + "Signatures and encryption required" : "Gereken imza ve şifreleme", + "Download metadata XML" : "Üst veri XML dosyasını indir", + "Reset settings" : "Ayarları sıfırla", + "Metadata invalid" : "Üst veri geçersiz", + "Metadata valid" : "Üst veri geçerli", + "Error" : "Hata", + "Account not provisioned." : "Hesabınız hazır değil.", + "Your account is not provisioned, access to this service is thus not possible." : "Hesabınız hazır olmadığından bu hizmeti kullanamazsınız.", + "Login options:" : "Oturum açma seçenekleri:", + "Choose a authentication provider" : "Bir kimlik doğrulama hizmeti sağlayıcısı seçin" +},"pluralForm" :"nplurals=2; plural=(n > 1);" +} \ No newline at end of file diff --git a/docker/nextcloud/custom_apps/user_saml/l10n/uk.js b/docker/nextcloud/custom_apps/user_saml/l10n/uk.js new file mode 100644 index 0000000..6c3aa2e --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/l10n/uk.js @@ -0,0 +1,10 @@ +OC.L10N.register( + "user_saml", + { + "Saved" : "Збережено", + "Email address" : "Адреса ел.пошти", + "Open documentation" : "Відкрити документацію", + "General" : "Загальна", + "Error" : "Помилка" +}, +"nplurals=4; plural=(n % 1 == 0 && n % 10 == 1 && n % 100 != 11 ? 0 : n % 1 == 0 && n % 10 >= 2 && n % 10 <= 4 && (n % 100 < 12 || n % 100 > 14) ? 1 : n % 1 == 0 && (n % 10 ==0 || (n % 10 >=5 && n % 10 <=9) || (n % 100 >=11 && n % 100 <=14 )) ? 2: 3);"); diff --git a/docker/nextcloud/custom_apps/user_saml/l10n/uk.json b/docker/nextcloud/custom_apps/user_saml/l10n/uk.json new file mode 100644 index 0000000..4ba0ae5 --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/l10n/uk.json @@ -0,0 +1,8 @@ +{ "translations": { + "Saved" : "Збережено", + "Email address" : "Адреса ел.пошти", + "Open documentation" : "Відкрити документацію", + "General" : "Загальна", + "Error" : "Помилка" +},"pluralForm" :"nplurals=4; plural=(n % 1 == 0 && n % 10 == 1 && n % 100 != 11 ? 0 : n % 1 == 0 && n % 10 >= 2 && n % 10 <= 4 && (n % 100 < 12 || n % 100 > 14) ? 1 : n % 1 == 0 && (n % 10 ==0 || (n % 10 >=5 && n % 10 <=9) || (n % 100 >=11 && n % 100 <=14 )) ? 2: 3);" +} \ No newline at end of file diff --git a/docker/nextcloud/custom_apps/user_saml/l10n/zh_CN.js b/docker/nextcloud/custom_apps/user_saml/l10n/zh_CN.js new file mode 100644 index 0000000..12f716d --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/l10n/zh_CN.js @@ -0,0 +1,89 @@ +OC.L10N.register( + "user_saml", + { + "This user account is disabled, please contact your administrator." : "此用户账号已禁用,请联系管理员。", + "Saved" : "已保存", + "Provider" : "服务商", + "Unknown error, please check the log file for more details." : "未知错误,请在日志文件检查更多详情。", + "Direct log in" : "直接登录", + "SSO & SAML log in" : "SSO & SAML 登录", + "This page should not be visited directly." : "此页面不应被直接访问 。", + "Provider " : "服务商", + "X.509 certificate of the Service Provider" : "服务商 X.509 认证", + "Private key of the Service Provider" : "服务商私钥", + "Indicates that the nameID of the sent by this SP will be encrypted." : "表明 SP 发送的 nameID 将被加密。", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "指示此SP发送的消息是否将被签名。 [SP的元数据将提供此信息]", + "Indicates whether the messages sent by this SP will be signed." : "指示该 SP 发送的 消息是否将被签名。", + "Indicates whether the messages sent by this SP will be signed." : "指示该 SP 发送的 消息是否将被签名。", + "Whether the metadata should be signed." : "元数据是否将被签名。", + "Indicates a requirement for the , and elements received by this SP to be signed." : "表示此 SP 接收的 的要求。", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "表示此SP接收到的元素需要签名。 [SP的元数据将提供此信息]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "表示要对此SP接收到的元素进行加密。", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "表示此 SP 收到的 SAMLResponse 上的 NameID 元素的要求。", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "表示对此 SP 接收到的 NameID 进行加密的要求。", + "Indicates if the SP will validate all received XML." : "指定 SP 是否验证所有接收到的 XML。", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS URL - 将 SAML 数据编码为小写,默认情况下,该工具包使用大写。 在签名验证时启用 ADFS 兼容性。", + "Algorithm that the toolkit will use on signing process." : "该工具包将在签名过程中使用的算法。", + "Attribute to map the UID to." : "映射到 UID 的属性。", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "仅在其他后端存在账号时才允许身份验证。 (例如 LDAP)", + "Attribute to map the displayname to." : "映射到显示名称的属性。", + "Attribute to map the email address to." : "将电子邮件地址映射到的属性。", + "Attribute to map the quota to." : "要将配额映射到的属性。", + "Attribute to map the users groups to." : "要映射到用户分组的属性。", + "Attribute to map the users home to." : "要映射到用户家目录的属性。", + "Email address" : "电子邮箱地址", + "Encrypted" : "已加密", + "Entity" : "实体", + "Kerberos" : "Kerberos", + "Persistent" : "持久", + "Transient" : "临时", + "Unspecified" : "未明确的", + "Windows domain qualified name" : "Windows域限定名称", + "X509 subject name" : "X509主体名称", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "为 %s 桌面客户端使用 SAML 认证(需要重新验证用户)", + "Optional display name of the identity provider (default: \"SSO & SAML log in\")" : "可选的身份提供者的显示名称(默认:\"SSO及SAML登录\")", + "Allow the use of multiple user back-ends (e.g. LDAP)" : "允许使用多个用户后端(例如 LDAP)", + "SSO & SAML authentication" : "SSO & SAML 认证", + "Authenticate using single sign-on" : "使用单点登录认证", + "Using the SSO & SAML app of your Nextcloud you can make it easily possible to integrate your existing Single-Sign-On solution with Nextcloud. In addition, you can use the Nextcloud LDAP user provider to keep the convenience for users. (e.g. when sharing)\nThe following providers are supported and tested at the moment:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Authentication via Environment Variable**\n\t* Kerberos (mod_auth_kerb)\n\t* Any other provider that authenticates using the environment variable\n\nWhile theoretically any other authentication provider implementing either one of those standards is compatible, we like to note that they are not part of any internal test matrix." : "使用 Nextcloud 的SSO & SAML 应用您可以很容易地将 Nextcloud 与您现有的单点登录解决方案集成。此外,您可以使用 Nextcloud 用户提供者来为用户提供方便。(比如在共享时)\n以下提供者目前受到支持并已通过测试:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **通过环境变量认证**\n\t* Kerberos (mod_auth_kerb)\n\t* 其他任意使用环境变量认证的提供者\n\n虽然理论上来说实现了以上标准之一的任何其他认证提供者都能与此应用兼容,但我们还是要提醒您它们不在内部测试矩阵之中。", + "Open documentation" : "打开文档", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you enabled \"%s\" or you go directly to the URL %s." : "请确保设置一个能通过SSO访问实例的管理员用户。您将无法使用您的普通 %s 账号登录,除非您启用 \"%s\" 或直接访问URL %s。", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you go directly to the URL %s." : "请确保设置一个能通过SSO访问实例的管理员用户。您将无法使用您的普通 %s 账号登录,除非您直接访问URL %s。", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "请选择是否要使用 Nextcloud 内置的 SAML 提供商进行身份验证,还是要根据环境变量进行身份验证。", + "Use built-in SAML authentication" : "使用内置 SAML 认证", + "Use environment variable" : "使用环境变量", + "Global settings" : "全局设置", + "Remove identity provider" : "移除身份提供者", + "Add identity provider" : "添加身份提供者", + "General" : "常规", + "Service Provider Data" : "数据服务提供商", + "If your Service Provider should use certificates you can optionally specify them here." : "如果您的服务提供商使用证书,您可以在这里选择指定。", + "Show Service Provider settings…" : "显示服务器供应商设置...", + "Name ID format" : "名称ID格式", + "Identity Provider Data" : "身份提供者的数据", + "Configure your IdP settings here." : "在这里配置您的 ldP 设置。", + "Identifier of the IdP entity (must be a URI)" : "IdP 实体的标识符(必须是URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "URL 的目标,其中 SP 将发送验证请求消息", + "Show optional Identity Provider settings…" : "显示可选的身份提供者设置...", + "URL Location of the IdP where the SP will send the SLO Request" : "URL 在 SP 发送 SLO 请求的 IdP 的位置", + "URL Location of the IDP's SLO Response" : "IDP 的 SLO 响应的 URL 位置", + "Public X.509 certificate of the IdP" : "公共 X.509 证书的 IdP", + "Attribute mapping" : "属性映射", + "If you want to optionally map attributes to the user you can configure these here." : "如果要选择将属性映射到用户,可以在这里配置。", + "Show attribute mapping settings…" : "显示属性映射设置...", + "Security settings" : "安全设置", + "For increased security we recommend enabling the following settings if supported by your environment." : "为了提升安全性,如果您的环境支持,建议启用以下设置。", + "Show security settings…" : "显示安全设置...", + "Signatures and encryption offered" : "提供签名和加密", + "Signatures and encryption required" : "需要签名和加密", + "Download metadata XML" : "下载元数据 XML", + "Reset settings" : "重置设置", + "Metadata invalid" : "元数据无效", + "Metadata valid" : "元数据有效", + "Error" : "错误", + "Account not provisioned." : "账号未配置。", + "Your account is not provisioned, access to this service is thus not possible." : "您的账号未配置,因此无法访问此服务。", + "Login options:" : "登录选项:", + "Choose a authentication provider" : "选择一个认证提供者" +}, +"nplurals=1; plural=0;"); diff --git a/docker/nextcloud/custom_apps/user_saml/l10n/zh_CN.json b/docker/nextcloud/custom_apps/user_saml/l10n/zh_CN.json new file mode 100644 index 0000000..c830e50 --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/l10n/zh_CN.json @@ -0,0 +1,87 @@ +{ "translations": { + "This user account is disabled, please contact your administrator." : "此用户账号已禁用,请联系管理员。", + "Saved" : "已保存", + "Provider" : "服务商", + "Unknown error, please check the log file for more details." : "未知错误,请在日志文件检查更多详情。", + "Direct log in" : "直接登录", + "SSO & SAML log in" : "SSO & SAML 登录", + "This page should not be visited directly." : "此页面不应被直接访问 。", + "Provider " : "服务商", + "X.509 certificate of the Service Provider" : "服务商 X.509 认证", + "Private key of the Service Provider" : "服务商私钥", + "Indicates that the nameID of the sent by this SP will be encrypted." : "表明 SP 发送的 nameID 将被加密。", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "指示此SP发送的消息是否将被签名。 [SP的元数据将提供此信息]", + "Indicates whether the messages sent by this SP will be signed." : "指示该 SP 发送的 消息是否将被签名。", + "Indicates whether the messages sent by this SP will be signed." : "指示该 SP 发送的 消息是否将被签名。", + "Whether the metadata should be signed." : "元数据是否将被签名。", + "Indicates a requirement for the , and elements received by this SP to be signed." : "表示此 SP 接收的 的要求。", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "表示此SP接收到的元素需要签名。 [SP的元数据将提供此信息]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "表示要对此SP接收到的元素进行加密。", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "表示此 SP 收到的 SAMLResponse 上的 NameID 元素的要求。", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "表示对此 SP 接收到的 NameID 进行加密的要求。", + "Indicates if the SP will validate all received XML." : "指定 SP 是否验证所有接收到的 XML。", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS URL - 将 SAML 数据编码为小写,默认情况下,该工具包使用大写。 在签名验证时启用 ADFS 兼容性。", + "Algorithm that the toolkit will use on signing process." : "该工具包将在签名过程中使用的算法。", + "Attribute to map the UID to." : "映射到 UID 的属性。", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "仅在其他后端存在账号时才允许身份验证。 (例如 LDAP)", + "Attribute to map the displayname to." : "映射到显示名称的属性。", + "Attribute to map the email address to." : "将电子邮件地址映射到的属性。", + "Attribute to map the quota to." : "要将配额映射到的属性。", + "Attribute to map the users groups to." : "要映射到用户分组的属性。", + "Attribute to map the users home to." : "要映射到用户家目录的属性。", + "Email address" : "电子邮箱地址", + "Encrypted" : "已加密", + "Entity" : "实体", + "Kerberos" : "Kerberos", + "Persistent" : "持久", + "Transient" : "临时", + "Unspecified" : "未明确的", + "Windows domain qualified name" : "Windows域限定名称", + "X509 subject name" : "X509主体名称", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "为 %s 桌面客户端使用 SAML 认证(需要重新验证用户)", + "Optional display name of the identity provider (default: \"SSO & SAML log in\")" : "可选的身份提供者的显示名称(默认:\"SSO及SAML登录\")", + "Allow the use of multiple user back-ends (e.g. LDAP)" : "允许使用多个用户后端(例如 LDAP)", + "SSO & SAML authentication" : "SSO & SAML 认证", + "Authenticate using single sign-on" : "使用单点登录认证", + "Using the SSO & SAML app of your Nextcloud you can make it easily possible to integrate your existing Single-Sign-On solution with Nextcloud. In addition, you can use the Nextcloud LDAP user provider to keep the convenience for users. (e.g. when sharing)\nThe following providers are supported and tested at the moment:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Authentication via Environment Variable**\n\t* Kerberos (mod_auth_kerb)\n\t* Any other provider that authenticates using the environment variable\n\nWhile theoretically any other authentication provider implementing either one of those standards is compatible, we like to note that they are not part of any internal test matrix." : "使用 Nextcloud 的SSO & SAML 应用您可以很容易地将 Nextcloud 与您现有的单点登录解决方案集成。此外,您可以使用 Nextcloud 用户提供者来为用户提供方便。(比如在共享时)\n以下提供者目前受到支持并已通过测试:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **通过环境变量认证**\n\t* Kerberos (mod_auth_kerb)\n\t* 其他任意使用环境变量认证的提供者\n\n虽然理论上来说实现了以上标准之一的任何其他认证提供者都能与此应用兼容,但我们还是要提醒您它们不在内部测试矩阵之中。", + "Open documentation" : "打开文档", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you enabled \"%s\" or you go directly to the URL %s." : "请确保设置一个能通过SSO访问实例的管理员用户。您将无法使用您的普通 %s 账号登录,除非您启用 \"%s\" 或直接访问URL %s。", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you go directly to the URL %s." : "请确保设置一个能通过SSO访问实例的管理员用户。您将无法使用您的普通 %s 账号登录,除非您直接访问URL %s。", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "请选择是否要使用 Nextcloud 内置的 SAML 提供商进行身份验证,还是要根据环境变量进行身份验证。", + "Use built-in SAML authentication" : "使用内置 SAML 认证", + "Use environment variable" : "使用环境变量", + "Global settings" : "全局设置", + "Remove identity provider" : "移除身份提供者", + "Add identity provider" : "添加身份提供者", + "General" : "常规", + "Service Provider Data" : "数据服务提供商", + "If your Service Provider should use certificates you can optionally specify them here." : "如果您的服务提供商使用证书,您可以在这里选择指定。", + "Show Service Provider settings…" : "显示服务器供应商设置...", + "Name ID format" : "名称ID格式", + "Identity Provider Data" : "身份提供者的数据", + "Configure your IdP settings here." : "在这里配置您的 ldP 设置。", + "Identifier of the IdP entity (must be a URI)" : "IdP 实体的标识符(必须是URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "URL 的目标,其中 SP 将发送验证请求消息", + "Show optional Identity Provider settings…" : "显示可选的身份提供者设置...", + "URL Location of the IdP where the SP will send the SLO Request" : "URL 在 SP 发送 SLO 请求的 IdP 的位置", + "URL Location of the IDP's SLO Response" : "IDP 的 SLO 响应的 URL 位置", + "Public X.509 certificate of the IdP" : "公共 X.509 证书的 IdP", + "Attribute mapping" : "属性映射", + "If you want to optionally map attributes to the user you can configure these here." : "如果要选择将属性映射到用户,可以在这里配置。", + "Show attribute mapping settings…" : "显示属性映射设置...", + "Security settings" : "安全设置", + "For increased security we recommend enabling the following settings if supported by your environment." : "为了提升安全性,如果您的环境支持,建议启用以下设置。", + "Show security settings…" : "显示安全设置...", + "Signatures and encryption offered" : "提供签名和加密", + "Signatures and encryption required" : "需要签名和加密", + "Download metadata XML" : "下载元数据 XML", + "Reset settings" : "重置设置", + "Metadata invalid" : "元数据无效", + "Metadata valid" : "元数据有效", + "Error" : "错误", + "Account not provisioned." : "账号未配置。", + "Your account is not provisioned, access to this service is thus not possible." : "您的账号未配置,因此无法访问此服务。", + "Login options:" : "登录选项:", + "Choose a authentication provider" : "选择一个认证提供者" +},"pluralForm" :"nplurals=1; plural=0;" +} \ No newline at end of file diff --git a/docker/nextcloud/custom_apps/user_saml/l10n/zh_TW.js b/docker/nextcloud/custom_apps/user_saml/l10n/zh_TW.js new file mode 100644 index 0000000..9765076 --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/l10n/zh_TW.js @@ -0,0 +1,24 @@ +OC.L10N.register( + "user_saml", + { + "This user account is disabled, please contact your administrator." : "您的使用者帳號已被停用,請聯繫系統管理員。", + "Saved" : "已儲存", + "Provider" : "提供者", + "Unknown error, please check the log file for more details." : "未知的錯誤,請檢查伺服器記錄檔案以獲取更多資訊。", + "Direct log in" : "直接登入", + "SSO & SAML log in" : "SSO 單一登入", + "Provider " : "提供者", + "X.509 certificate of the Service Provider" : "服務提供者 (SP) 的 X.509 憑證", + "Private key of the Service Provider" : "服務提供者 (SP) 的私鑰", + "Open documentation" : "開啟說明文件", + "General" : "一般", + "Service Provider Data" : "服務提供者 (Service Provider) 資料", + "If your Service Provider should use certificates you can optionally specify them here." : "如果您的服務提供者需要憑證,請在這邊指定", + "Identity Provider Data" : "身份提供者 (IdP) 資料", + "Show security settings…" : "顯示安全性設定", + "Download metadata XML" : "下載元數據XML", + "Metadata valid" : "元數據有效", + "Error" : "錯誤", + "Account not provisioned." : "帳號尚未配置" +}, +"nplurals=1; plural=0;"); diff --git a/docker/nextcloud/custom_apps/user_saml/l10n/zh_TW.json b/docker/nextcloud/custom_apps/user_saml/l10n/zh_TW.json new file mode 100644 index 0000000..9008f7c --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/l10n/zh_TW.json @@ -0,0 +1,22 @@ +{ "translations": { + "This user account is disabled, please contact your administrator." : "您的使用者帳號已被停用,請聯繫系統管理員。", + "Saved" : "已儲存", + "Provider" : "提供者", + "Unknown error, please check the log file for more details." : "未知的錯誤,請檢查伺服器記錄檔案以獲取更多資訊。", + "Direct log in" : "直接登入", + "SSO & SAML log in" : "SSO 單一登入", + "Provider " : "提供者", + "X.509 certificate of the Service Provider" : "服務提供者 (SP) 的 X.509 憑證", + "Private key of the Service Provider" : "服務提供者 (SP) 的私鑰", + "Open documentation" : "開啟說明文件", + "General" : "一般", + "Service Provider Data" : "服務提供者 (Service Provider) 資料", + "If your Service Provider should use certificates you can optionally specify them here." : "如果您的服務提供者需要憑證,請在這邊指定", + "Identity Provider Data" : "身份提供者 (IdP) 資料", + "Show security settings…" : "顯示安全性設定", + "Download metadata XML" : "下載元數據XML", + "Metadata valid" : "元數據有效", + "Error" : "錯誤", + "Account not provisioned." : "帳號尚未配置" +},"pluralForm" :"nplurals=1; plural=0;" +} \ No newline at end of file diff --git a/docker/nextcloud/custom_apps/user_saml/lib/AppInfo/Application.php b/docker/nextcloud/custom_apps/user_saml/lib/AppInfo/Application.php new file mode 100644 index 0000000..a56671e --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/lib/AppInfo/Application.php @@ -0,0 +1,90 @@ + + * + * @license GNU AGPL version 3 or any later version + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + * + */ + +namespace OCA\User_SAML\AppInfo; + +use OCA\User_SAML\DavPlugin; +use OCA\User_SAML\Middleware\OnlyLoggedInMiddleware; +use OCP\AppFramework\App; +use OCP\AppFramework\IAppContainer; +use OCP\SabrePluginEvent; + +class Application extends App { + public function __construct(array $urlParams = array()) { + parent::__construct('user_saml', $urlParams); + $container = $this->getContainer(); + + /** + * Middleware + */ + $container->registerService('OnlyLoggedInMiddleware', function (IAppContainer $c) { + return new OnlyLoggedInMiddleware( + $c->query('ControllerMethodReflector'), + $c->query('ServerContainer')->getUserSession(), + $c->query('ServerContainer')->getUrlGenerator() + ); + }); + + $container->registerService(DavPlugin::class, function (IAppContainer $c) { + $server = $c->getServer(); + return new DavPlugin( + $server->getSession(), + $server->getConfig(), + $_SERVER + ); + }); + + $container->registerMiddleWare('OnlyLoggedInMiddleware'); + $this->timezoneHandling(); + } + + public function registerDavAuth() { + + $container = $this->getContainer(); + + $dispatcher = $container->getServer()->getEventDispatcher(); + $dispatcher->addListener('OCA\DAV\Connector\Sabre::addPlugin', function (SabrePluginEvent $event) use ($container) { + $event->getServer()->addPlugin($container->query(DavPlugin::class)); + }); + } + + private function timezoneHandling() { + $container = $this->getContainer(); + + $userSession = $container->getServer()->getUserSession(); + $session = $container->getServer()->getSession(); + $config = $container->getServer()->getConfig(); + + $dispatcher = $container->getServer()->getEventDispatcher(); + $dispatcher->addListener('OCA\Files::loadAdditionalScripts', function() use ($session, $config, $userSession) { + if (!$userSession->isLoggedIn()) { + return; + } + + $user = $userSession->getUser(); + $timezoneDB = $config->getUserValue($user->getUID(), 'core', 'timezone', ''); + + if ($timezoneDB === '' || !$session->exists('timezone')) { + \OCP\Util::addScript('user_saml', 'timezone'); + } + }); + } +} diff --git a/docker/nextcloud/custom_apps/user_saml/lib/Command/GetMetadata.php b/docker/nextcloud/custom_apps/user_saml/lib/Command/GetMetadata.php new file mode 100644 index 0000000..f3a85e6 --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/lib/Command/GetMetadata.php @@ -0,0 +1,83 @@ + + * + * @license GNU AGPL version 3 or any later version + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + * + */ + +namespace OCA\User_SAML\Command; + +use Symfony\Component\Console\Command\Command; +use Symfony\Component\Console\Input\InputArgument; +use Symfony\Component\Console\Input\InputInterface; +use Symfony\Component\Console\Output\OutputInterface; +use OCA\User_SAML\SAMLSettings; +use OneLogin\Saml2\Settings; + +class GetMetadata extends Command { + + /** @var SAMLSettings */ + private $SAMLSettings; + + public function __construct( + SAMLSettings $SAMLSettings + ) { + parent::__construct(); + $this->SAMLSettings = $SAMLSettings; + } + + protected function configure() { + $this + ->setName('saml:metadata') + ->setDescription('Get SAML Metadata') + ->setHelp(<<addArgument( + 'idp', + InputArgument::OPTIONAL, + 'ID of the IDP you want metadata for', + '1' + ) + ; + } + + /** + * @param InputInterface $input + * @param OutputInterface $output + * @return void + */ + protected function execute(InputInterface $input, OutputInterface $output) { + $idp = $input->getArgument('idp'); + $settings = new Settings($this->SAMLSettings->getOneLoginSettingsArray($idp)); + $metadata = $settings->getSPMetadata(); + $errors = $settings->validateMetadata($metadata); + if (empty($errors)) { + $output->writeln($metadata); + } else { + throw new Error( + 'Invalid SP metadata: '.implode(', ', $errors), + Error::METADATA_SP_INVALID + ); + } + } +} diff --git a/docker/nextcloud/custom_apps/user_saml/lib/Controller/SAMLController.php b/docker/nextcloud/custom_apps/user_saml/lib/Controller/SAMLController.php new file mode 100644 index 0000000..161e5ae --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/lib/Controller/SAMLController.php @@ -0,0 +1,613 @@ + + * @copyright Copyright (c) 2018 Jean-Baptiste Pin + * + * @license GNU AGPL version 3 or any later version + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + * + */ + +namespace OCA\User_SAML\Controller; + +use Firebase\JWT\JWT; +use OC\Core\Controller\ClientFlowLoginController; +use OC\Core\Controller\ClientFlowLoginV2Controller; +use OCA\User_SAML\Exceptions\NoUserFoundException; +use OCA\User_SAML\SAMLSettings; +use OCA\User_SAML\UserBackend; +use OCP\AppFramework\Controller; +use OCP\AppFramework\Http; +use OCP\IConfig; +use OCP\IL10N; +use OCP\ILogger; +use OCP\IRequest; +use OCP\ISession; +use OCP\IURLGenerator; +use OCP\IUser; +use OCP\IUserManager; +use OCP\IUserSession; +use OCP\Security\ICrypto; +use OneLogin\Saml2\Auth; +use OneLogin\Saml2\Error; +use OneLogin\Saml2\Settings; +use OneLogin\Saml2\ValidationError; + +class SAMLController extends Controller { + /** @var ISession */ + private $session; + /** @var IUserSession */ + private $userSession; + /** @var SAMLSettings */ + private $SAMLSettings; + /** @var UserBackend */ + private $userBackend; + /** @var IConfig */ + private $config; + /** @var IURLGenerator */ + private $urlGenerator; + /** @var IUserManager */ + private $userManager; + /** @var ILogger */ + private $logger; + /** @var IL10N */ + private $l; + /** + * @var ICrypto + */ + private $crypto; + + /** + * @param string $appName + * @param IRequest $request + * @param ISession $session + * @param IUserSession $userSession + * @param SAMLSettings $SAMLSettings + * @param UserBackend $userBackend + * @param IConfig $config + * @param IURLGenerator $urlGenerator + * @param IUserManager $userManager + * @param ILogger $logger + * @param IL10N $l + */ + public function __construct($appName, + IRequest $request, + ISession $session, + IUserSession $userSession, + SAMLSettings $SAMLSettings, + UserBackend $userBackend, + IConfig $config, + IURLGenerator $urlGenerator, + IUserManager $userManager, + ILogger $logger, + IL10N $l, + ICrypto $crypto) { + parent::__construct($appName, $request); + $this->session = $session; + $this->userSession = $userSession; + $this->SAMLSettings = $SAMLSettings; + $this->userBackend = $userBackend; + $this->config = $config; + $this->urlGenerator = $urlGenerator; + $this->userManager = $userManager; + $this->logger = $logger; + $this->l = $l; + $this->crypto = $crypto; + } + + /** + * @param array $auth + * @throws NoUserFoundException + */ + private function autoprovisionIfPossible(array $auth) { + + $prefix = $this->SAMLSettings->getPrefix(); + $uidMapping = $this->config->getAppValue('user_saml', $prefix . 'general-uid_mapping'); + if(isset($auth[$uidMapping])) { + if(is_array($auth[$uidMapping])) { + $uid = $auth[$uidMapping][0]; + } else { + $uid = $auth[$uidMapping]; + } + + // make sure that a valid UID is given + if (empty($uid)) { + $this->logger->error('Uid "' . $uid . '" is not a valid uid please check your attribute mapping', ['app' => $this->appName]); + throw new \InvalidArgumentException('No valid uid given, please check your attribute mapping. Given uid: ' . $uid); + } + + $uid = $this->userBackend->testEncodedObjectGUID($uid); + + // if this server acts as a global scale master and the user is not + // a local admin of the server we just create the user and continue + // no need to update additional attributes + $isGsEnabled = $this->config->getSystemValue('gs.enabled', false); + $isGsMaster = $this->config->getSystemValue('gss.mode', 'slave') === 'master'; + $isGsMasterAdmin = in_array($uid, $this->config->getSystemValue('gss.master.admin', [])); + if ($isGsEnabled && $isGsMaster && !$isGsMasterAdmin) { + $this->userBackend->createUserIfNotExists($uid); + return; + } + $userExists = $this->userManager->userExists($uid); + $autoProvisioningAllowed = $this->userBackend->autoprovisionAllowed(); + if($userExists === true) { + if($autoProvisioningAllowed) { + $this->userBackend->updateAttributes($uid, $auth); + } + return; + } + + if(!$userExists && !$autoProvisioningAllowed) { + // it is possible that the user was not logged in before and + // thus is not known to the original backend. A search can + // help with it and make the user known + $this->userManager->search($uid); + if($this->userManager->userExists($uid)) { + return; + } + throw new NoUserFoundException('Auto provisioning not allowed and user ' . $uid . ' does not exist'); + } elseif(!$userExists && $autoProvisioningAllowed) { + $this->userBackend->createUserIfNotExists($uid, $auth); + $this->userBackend->updateAttributes($uid, $auth); + return; + } + } + + throw new NoUserFoundException('IDP parameter for the UID (' . $uidMapping . ') not found. Possible parameters are: ' . json_encode(array_keys($auth))); + } + + /** + * @PublicPage + * @UseSession + * @OnlyUnauthenticatedUsers + * @NoCSRFRequired + * + * @param int $idp id of the idp + * @return Http\RedirectResponse + * @throws \Exception + */ + public function login($idp) { + $type = $this->config->getAppValue($this->appName, 'type'); + switch($type) { + case 'saml': + $auth = new Auth($this->SAMLSettings->getOneLoginSettingsArray($idp)); + $ssoUrl = $auth->login(null, [], false, false, true); + $response = new Http\RedirectResponse($ssoUrl); + + // Small hack to make user_saml work with the loginflows + $flowData = []; + + if ($this->session->get(ClientFlowLoginController::STATE_NAME) !== null) { + $flowData['cf1'] = $this->session->get(ClientFlowLoginController::STATE_NAME); + } else if ($this->session->get(ClientFlowLoginV2Controller::TOKEN_NAME) !== null) { + $flowData['cf2'] = [ + 'token' => $this->session->get(ClientFlowLoginV2Controller::TOKEN_NAME), + 'state' => $this->session->get(ClientFlowLoginV2Controller::STATE_NAME), + ]; + } + + // Pack data as JSON so we can properly extract it later + $data = json_encode([ + 'AuthNRequestID' => $auth->getLastRequestID(), + 'OriginalUrl' => $this->request->getParam('originalUrl', ''), + 'Idp' => $idp, + 'flow' => $flowData, + ]); + + // Encrypt it + $data = $this->crypto->encrypt($data); + + // And base64 encode it + $data = base64_encode($data); + + $response->addCookie('saml_data', $data, null, 'None'); + break; + case 'environment-variable': + $ssoUrl = $this->request->getParam('originalUrl', ''); + if (empty($ssoUrl)) { + $ssoUrl = $this->urlGenerator->getAbsoluteURL('/'); + } + $this->session->set('user_saml.samlUserData', $_SERVER); + try { + $this->autoprovisionIfPossible($this->session->get('user_saml.samlUserData')); + $user = $this->userManager->get($this->userBackend->getCurrentUserId()); + if(!($user instanceof IUser)) { + throw new NoUserFoundException('User' . $this->userBackend->getCurrentUserId() . ' not valid or not found'); + } + $user->updateLastLoginTimestamp(); + } catch (NoUserFoundException $e) { + if ($e->getMessage()) { + $this->logger->warning('Error while trying to login using sso environment variable: ' . $e->getMessage(), ['app' => 'user_saml']); + } + $ssoUrl = $this->urlGenerator->linkToRouteAbsolute('user_saml.SAML.notProvisioned'); + } + $response = new Http\RedirectResponse($ssoUrl); + break; + default: + throw new \Exception( + sprintf( + 'Type of "%s" is not supported for user_saml', + $type + ) + ); + } + + return $response; + } + + /** + * @PublicPage + * @NoCSRFRequired + * @param int $idp + * @return Http\DataDownloadResponse + * @throws Error + */ + public function getMetadata($idp) { + $settings = new Settings($this->SAMLSettings->getOneLoginSettingsArray($idp)); + $metadata = $settings->getSPMetadata(); + $errors = $settings->validateMetadata($metadata); + if (empty($errors)) { + return new Http\DataDownloadResponse($metadata, 'metadata.xml', 'text/xml'); + } else { + throw new Error( + 'Invalid SP metadata: '.implode(', ', $errors), + Error::METADATA_SP_INVALID + ); + } + } + + /** + * @PublicPage + * @NoCSRFRequired + * @UseSession + * @OnlyUnauthenticatedUsers + * @NoSameSiteCookieRequired + * + * @return Http\RedirectResponse + * @throws Error + * @throws ValidationError + */ + public function assertionConsumerService(): Http\RedirectResponse { + // Fetch and decrypt the cookie + $cookie = $this->request->getCookie('saml_data'); + if ($cookie === null) { + $this->logger->debug('Cookie was not present', ['app' => 'user_saml']); + return new Http\RedirectResponse($this->urlGenerator->getAbsoluteURL('/')); + } + + // Base64 decode + $cookie = base64_decode($cookie); + + // Decrypt and deserialize + try { + $cookie = $this->crypto->decrypt($cookie); + } catch (\Exception $e) { + $this->logger->debug('Could not decrypt SAML cookie', ['app' => 'user_saml']); + return new Http\RedirectResponse($this->urlGenerator->getAbsoluteURL('/')); + } + $data = json_decode($cookie, true); + + if (isset($data['flow'])) { + if (isset($data['flow']['cf1'])) { + $this->session->set(ClientFlowLoginController::STATE_NAME, $data['flow']['cf1']); + } else if (isset($data['flow']['cf2'])) { + $this->session->set(ClientFlowLoginV2Controller::TOKEN_NAME, $data['flow']['cf2']['token']); + $this->session->set(ClientFlowLoginV2Controller::STATE_NAME, $data['flow']['cf2']['state']); + } + + } + + $AuthNRequestID = $data['AuthNRequestID']; + $idp = $data['Idp']; + // need to keep the IdP config ID during session lifetime (SAMLSettings::getPrefix) + $this->session->set('user_saml.Idp', $idp); + if(is_null($AuthNRequestID) || $AuthNRequestID === '' || is_null($idp)) { + $this->logger->debug('Invalid auth payload', ['app' => 'user_saml']); + return new Http\RedirectResponse($this->urlGenerator->getAbsoluteURL('/')); + } + + $auth = new Auth($this->SAMLSettings->getOneLoginSettingsArray($idp)); + $auth->processResponse($AuthNRequestID); + + $this->logger->debug('Attributes send by the IDP: ' . json_encode($auth->getAttributes())); + + $errors = $auth->getErrors(); + + if (!empty($errors)) { + foreach($errors as $error) { + $this->logger->error($error, ['app' => $this->appName]); + } + $this->logger->error($auth->getLastErrorReason(), ['app' => $this->appName]); + } + + if (!$auth->isAuthenticated()) { + $this->logger->info('Auth failed', ['app' => $this->appName]); + $response = new Http\RedirectResponse($this->urlGenerator->linkToRouteAbsolute('user_saml.SAML.notProvisioned')); + $response->invalidateCookie('saml_data'); + return $response; + } + + // Check whether the user actually exists, if not redirect to an error page + // explaining the issue. + try { + $this->autoprovisionIfPossible($auth->getAttributes()); + } catch (NoUserFoundException $e) { + $this->logger->error($e->getMessage(), ['app' => $this->appName]); + $response = new Http\RedirectResponse($this->urlGenerator->linkToRouteAbsolute('user_saml.SAML.notProvisioned')); + $response->invalidateCookie('saml_data'); + return $response; + } + + $this->session->set('user_saml.samlUserData', $auth->getAttributes()); + $this->session->set('user_saml.samlNameId', $auth->getNameId()); + $this->session->set('user_saml.samlNameIdFormat', $auth->getNameIdFormat()); + $this->session->set('user_saml.samlNameIdNameQualifier', $auth->getNameIdNameQualifier()); + $this->session->set('user_saml.samlNameIdSPNameQualifier', $auth->getNameIdSPNameQualifier()); + $this->session->set('user_saml.samlSessionIndex', $auth->getSessionIndex()); + $this->session->set('user_saml.samlSessionExpiration', $auth->getSessionExpiration()); + try { + $user = $this->userManager->get($this->userBackend->getCurrentUserId()); + if (!($user instanceof IUser)) { + throw new \InvalidArgumentException('User "' . $this->userBackend->getCurrentUserId() . '" is not valid'); + } + $firstLogin = $user->updateLastLoginTimestamp(); + if($firstLogin) { + $this->userBackend->initializeHomeDir($user->getUID()); + } + } catch (\Exception $e) { + $this->logger->logException($e, ['app' => $this->appName]); + $response = new Http\RedirectResponse($this->urlGenerator->linkToRouteAbsolute('user_saml.SAML.notProvisioned')); + $response->invalidateCookie('saml_data'); + return $response; + } + + $originalUrl = $data['OriginalUrl']; + if($originalUrl !== null && $originalUrl !== '') { + $response = new Http\RedirectResponse($originalUrl); + } else { + $response = new Http\RedirectResponse(\OC::$server->getURLGenerator()->getAbsoluteURL('/')); + } + // The Nextcloud desktop client expects a cookie with the key of "_shibsession" + // to be there. + if($this->request->isUserAgent(['/^.*(mirall|csyncoC)\/.*$/'])) { + $response->addCookie('_shibsession_', 'authenticated'); + } + + $response->invalidateCookie('saml_data'); + return $response; + } + + /** + * @PublicPage + * @NoAdminRequired + * @NoCSRFRequired + * + * @return Http\RedirectResponse + * @throws Error + */ + public function singleLogoutService() { + $isFromGS = ($this->config->getSystemValue('gs.enabled', false) && + $this->config->getSystemValue('gss.mode', '') === 'master'); + + // Some IDPs send the SLO request via POST, but OneLogin php-saml only handles GET. + // To hack around this issue we copy the request from _POST to _GET. + if(!empty($_POST['SAMLRequest'])) { + $_GET['SAMLRequest'] = $_POST['SAMLRequest']; + } + + $isFromIDP = !$isFromGS && !empty($_GET['SAMLRequest']); + + if($isFromIDP) { + // requests comes from the IDP so let it manage the logout + // (or raise Error if request is invalid) + $pass = True ; + } elseif($isFromGS) { + // Request is from master GlobalScale + // Request validity is check via a JSON Web Token + $jwt = $this->request->getParam('jwt', ''); + $pass = $this->isValidJwt($jwt); + } else { + // standard request : need read CRSF check + $pass = $this->request->passesCSRFCheck(); + } + + if($pass) { + $idp = $this->session->get('user_saml.Idp'); + $auth = new Auth($this->SAMLSettings->getOneLoginSettingsArray($idp)); + $stay = true ; // $auth will return the redirect URL but won't perform the redirect himself + if($isFromIDP){ + $keepLocalSession = true ; // do not let processSLO to delete the entire session. Let userSession->logout do the job + $targetUrl = $auth->processSLO($keepLocalSession, null, false, null, $stay); + } else { + // If request is not from IDP, we must send him the logout request + $parameters = array(); + $nameId = $this->session->get('user_saml.samlNameId'); + $nameIdFormat = $this->session->get('user_saml.samlNameIdFormat'); + $nameIdNameQualifier = $this->session->get('user_saml.samlNameIdNameQualifier'); + $nameIdSPNameQualifier = $this->session->get('user_saml.samlNameIdSPNameQualifier'); + $sessionIndex = $this->session->get('user_saml.samlSessionIndex'); + try { + $targetUrl = $auth->logout(null, [], $nameId, $sessionIndex, $stay, $nameIdFormat, $nameIdNameQualifier, $nameIdSPNameQualifier); + } catch (Error $e) { + $this->logger->logException($e, ['level' => ILogger::WARN]); + $this->userSession->logout(); + } + } + if(!empty($targetUrl) && !$auth->getLastErrorReason()){ + $this->userSession->logout(); + } + } + if(empty($targetUrl)){ + $targetUrl = $this->urlGenerator->getAbsoluteURL('/'); + } + + return new Http\RedirectResponse($targetUrl); + } + + /** + * @PublicPage + * @NoCSRFRequired + * @OnlyUnauthenticatedUsers + */ + public function notProvisioned() { + return new Http\TemplateResponse($this->appName, 'notProvisioned', [], 'guest'); + } + + + /** + * @PublicPage + * @NoCSRFRequired + * @OnlyUnauthenticatedUsers + * @param string $message + * @return Http\TemplateResponse + */ + public function genericError($message) { + if (empty($message)) { + $message = $this->l->t('Unknown error, please check the log file for more details.'); + } + return new Http\TemplateResponse($this->appName, 'error', ['message' => $message], 'guest'); + } + + /** + * @PublicPage + * @NoCSRFRequired + * @OnlyUnauthenticatedUsers + * @param string $redirectUrl + * @return Http\TemplateResponse + */ + public function selectUserBackEnd($redirectUrl) { + + $attributes = ['loginUrls' => []]; + + if ($this->SAMLSettings->allowMultipleUserBackEnds()) { + $displayName = $this->l->t('Direct log in'); + + $customDisplayName = $this->config->getAppValue('user_saml', 'directLoginName', ''); + if ($customDisplayName !== '') { + $displayName = $customDisplayName; + } + + $attributes['loginUrls']['directLogin'] = [ + 'url' => $this->getDirectLoginUrl($redirectUrl), + 'display-name' => $displayName, + ]; + } + + $attributes['loginUrls']['ssoLogin'] = $this->getIdps($redirectUrl); + + $attributes['useCombobox'] = count($attributes['loginUrls']['ssoLogin']) > 4 ? true : false; + + + return new Http\TemplateResponse($this->appName, 'selectUserBackEnd', $attributes, 'guest'); + } + + /** + * get the IdPs showed at the login page + * + * @param $redirectUrl + * @return array + */ + private function getIdps($redirectUrl) { + $result = []; + $idps = $this->SAMLSettings->getListOfIdps(); + foreach ($idps as $idpId => $displayName) { + $result[] = [ + 'url' => $this->getSSOUrl($redirectUrl, $idpId), + 'display-name' => $this->getSSODisplayName($displayName), + ]; + } + + return $result; + } + + /** + * get SSO URL + * + * @param $redirectUrl + * @param idp identifier + * @return string + */ + private function getSSOUrl($redirectUrl, $idp) { + + $originalUrl = ''; + if(!empty($redirectUrl)) { + $originalUrl = $this->urlGenerator->getAbsoluteURL($redirectUrl); + } + + + $csrfToken = \OC::$server->getCsrfTokenManager()->getToken(); + $ssoUrl = $this->urlGenerator->linkToRouteAbsolute( + 'user_saml.SAML.login', + [ + 'requesttoken' => $csrfToken->getEncryptedValue(), + 'originalUrl' => $originalUrl, + 'idp' => $idp + ] + ); + + return $ssoUrl; + + } + + /** + * return the display name of the SSO identity provider + * + * @param $displayName + * @return string + */ + protected function getSSODisplayName($displayName) { + if (empty($displayName)) { + $displayName = $this->l->t('SSO & SAML log in'); + } + + return $displayName; + } + + /** + * get Nextcloud login URL + * + * @return string + */ + private function getDirectLoginUrl($redirectUrl) { + $directUrl = $this->urlGenerator->linkToRouteAbsolute('core.login.tryLogin', [ + 'direct' => '1', + 'redirect_url' => $redirectUrl, + ]); + return $directUrl; + } + + private function isValidJwt($jwt) { + try { + $key = $this->config->getSystemValue('gss.jwt.key', ''); + JWT::decode($jwt, $key, ['HS256']); + } catch (\Exception $e) { + return false; + } + + return true; + } + + /** + * @PublicPage + * @NoCSRFRequired + * + * @return Http\TemplateResponse + */ + public function base() { + $message = $this->l->t('This page should not be visited directly.'); + return new Http\TemplateResponse($this->appName, 'error', ['message' => $message], 'guest'); + } + +} diff --git a/docker/nextcloud/custom_apps/user_saml/lib/Controller/SettingsController.php b/docker/nextcloud/custom_apps/user_saml/lib/Controller/SettingsController.php new file mode 100644 index 0000000..fb76ef5 --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/lib/Controller/SettingsController.php @@ -0,0 +1,120 @@ + + * + * @author Julius Härtl + * + * @license GNU AGPL version 3 or any later version + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + * + */ + +namespace OCA\User_SAML\Controller; + +use OCA\User_SAML\Settings\Admin; +use OCP\AppFramework\Controller; +use OCP\AppFramework\Http\Response; +use OCP\IConfig; +use OCP\IRequest; + +class SettingsController extends Controller { + + /** @var IConfig */ + private $config; + /** @var Admin */ + private $admin; + + public function __construct($appName, + IRequest $request, + IConfig $config, + Admin $admin) { + parent::__construct($appName, $request); + $this->config = $config; + $this->admin = $admin; + } + + /** + * @param $providerId + * @return array of categories containing entries for each config parameter with their value + */ + public function getSamlProviderSettings($providerId) { + /** + * This uses the list of available config parameters from the admin section + * and extends it with fields that are not coming from \OCA\User_SAML\Settings\Admin + */ + $params = $this->admin->getForm()->getParams(); + $params['idp'] = [ + 'singleLogoutService.url' => ['required' => false], + 'singleLogoutService.responseUrl' => ['required' => false], + 'singleSignOnService.url' => ['required' => false], + 'entityId' => ['required' => false], + 'x509cert' => ['required' => false], + ]; + /* Fetch all config values for the given providerId */ + $settings = []; + foreach ($params as $category => $content) { + if (empty($content) || $category === 'providers' || $category === 'type') { + continue; + } + foreach ($content as $setting => $details) { + $prefix = $providerId === '1' ? '' : $providerId . '-'; + /* use security as category instead of security-* */ + if (strpos($category, 'security-') === 0) { + $category = 'security'; + } + // make sure we properly fetch the attribute mapping + // as this is the only category that has the saml- prefix on config keys + if (strpos($category, 'attribute-mapping') === 0) { + $category = 'attribute-mapping'; + $key = $prefix . 'saml-attribute-mapping' . '-' . $setting; + } else { + $key = $prefix . $category . '-' . $setting; + } + $settings[$category][$setting] = $this->config->getAppValue('user_saml', $key, ''); + } + } + return $settings; + } + + public function deleteSamlProviderSettings($providerId) { + $params = $this->admin->getForm()->getParams(); + $params['idp'] = [ + 'singleLogoutService.url' => null, + 'singleLogoutService.responseUrl' => null, + 'singleSignOnService.url' => null, + 'idp-entityId' => null, + ]; + /* Fetch all config values for the given providerId */ + foreach ($params as $category => $content) { + if (!is_array($content) || $category === 'providers') { + continue; + } + foreach ($content as $setting => $details) { + if (isset($details['global']) && $details['global'] === true) { + continue; + } + $prefix = $providerId === '1' ? '' : $providerId . '-'; + $key = $prefix . $category . '-' . $setting; + /* use security as category instead of security-* */ + if (strpos($category, 'security-') === 0) { + $category = 'security'; + } + $this->config->deleteAppValue('user_saml', $key); + } + } + return new Response(); + } + +} diff --git a/docker/nextcloud/custom_apps/user_saml/lib/Controller/TimezoneController.php b/docker/nextcloud/custom_apps/user_saml/lib/Controller/TimezoneController.php new file mode 100644 index 0000000..46218c7 --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/lib/Controller/TimezoneController.php @@ -0,0 +1,68 @@ + + * + * @author Roeland Jago Douma + * + * @license GNU AGPL version 3 or any later version + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + * + */ + +namespace OCA\User_SAML\Controller; + +use OCP\AppFramework\Controller; +use OCP\AppFramework\Http\JSONResponse; +use OCP\IConfig; +use OCP\IRequest; +use OCP\ISession; + +class TimezoneController extends Controller { + + /** @var IConfig */ + private $config; + /** @var string */ + private $userId; + /** @var ISession */ + private $session; + + public function __construct($appName, + IRequest $request, + IConfig $config, + $userId, + ISession $session) { + parent::__construct($appName, $request); + $this->config = $config; + $this->userId = $userId; + $this->session = $session; + } + + /** + * @NoAdminRequired + * @UseSession + * + * @param string $timezone + * @param int $timezoneOffset + * @return JSONResponse + * @throws \OCP\PreConditionNotMetException + */ + public function setTimezone($timezone, $timezoneOffset) { + $this->config->setUserValue($this->userId, 'core', 'timezone', $timezone); + $this->session->set('timezone', $timezoneOffset); + + return new JSONResponse(); + } +} diff --git a/docker/nextcloud/custom_apps/user_saml/lib/DavPlugin.php b/docker/nextcloud/custom_apps/user_saml/lib/DavPlugin.php new file mode 100644 index 0000000..5340760 --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/lib/DavPlugin.php @@ -0,0 +1,67 @@ + + * + * @license GNU AGPL version 3 or any later version + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + * + */ + +namespace OCA\User_SAML; + +use OCA\DAV\Connector\Sabre\Auth; +use OCP\IConfig; +use OCP\ISession; +use Sabre\DAV\CorePlugin; +use Sabre\DAV\FS\Directory; +use Sabre\DAV\Server; +use Sabre\DAV\ServerPlugin; +use Sabre\DAV\Tree; +use Sabre\HTTP\RequestInterface; +use Sabre\HTTP\ResponseInterface; + +class DavPlugin extends ServerPlugin { + private $session; + private $config; + private $auth; + /** @var Server */ + private $server; + + public function __construct(ISession $session, IConfig $config, array $auth) { + $this->session = $session; + $this->config = $config; + $this->auth = $auth; + } + + + public function initialize(Server $server) { + // before auth + $server->on('beforeMethod:*', [$this, 'beforeMethod'], 9); + $this->server = $server; + } + + public function beforeMethod(RequestInterface $request, ResponseInterface $response) { + if ( + $this->config->getAppValue('user_saml', 'type') === 'environment-variable' && + !$this->session->exists('user_saml.samlUserData') + ) { + $uidMapping = $this->config->getAppValue('user_saml', 'general-uid_mapping'); + if (isset($this->auth[$uidMapping])) { + $this->session->set(Auth::DAV_AUTHENTICATED, $this->auth[$uidMapping]); + $this->session->set('user_saml.samlUserData', $this->auth); + } + } + } +} diff --git a/docker/nextcloud/custom_apps/user_saml/lib/Exceptions/NoUserFoundException.php b/docker/nextcloud/custom_apps/user_saml/lib/Exceptions/NoUserFoundException.php new file mode 100644 index 0000000..19b4fc2 --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/lib/Exceptions/NoUserFoundException.php @@ -0,0 +1,30 @@ + + * + * @license GNU AGPL version 3 or any later version + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + * + */ + +namespace OCA\User_SAML\Exceptions; + +/** + * Class NoUserFoundException is thrown when no user has been found + * + * @package OCA\User_SAML\Exceptions + */ +class NoUserFoundException extends \Exception { +} diff --git a/docker/nextcloud/custom_apps/user_saml/lib/Middleware/OnlyLoggedInMiddleware.php b/docker/nextcloud/custom_apps/user_saml/lib/Middleware/OnlyLoggedInMiddleware.php new file mode 100644 index 0000000..6a3bfdf --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/lib/Middleware/OnlyLoggedInMiddleware.php @@ -0,0 +1,84 @@ + + * + * @license GNU AGPL version 3 or any later version + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + * + */ + +namespace OCA\User_SAML\Middleware; + +use OCP\AppFramework\Http\JSONResponse; +use OCP\AppFramework\Http\RedirectResponse; +use OCP\AppFramework\Middleware; +use OCP\AppFramework\Utility\IControllerMethodReflector; +use OCP\IURLGenerator; +use OCP\IUserSession; + +/** + * Class OnlyLoggedInMiddleware prevents access to a controller method if the user + * is already logged-in. + * + * @package OCA\User_SAML\MiddleWare + */ +class OnlyLoggedInMiddleware extends Middleware { + /** @var IControllerMethodReflector */ + private $reflector; + /** @var IUserSession */ + private $userSession; + /** @var IURLGenerator */ + private $urlGenerator; + + /** + * @param IControllerMethodReflector $reflector + * @param IUserSession $userSession + */ + public function __construct( + IControllerMethodReflector $reflector, + IUserSession $userSession, + IURLGenerator $urlGenerator + ) { + $this->reflector = $reflector; + $this->userSession = $userSession; + $this->urlGenerator = $urlGenerator; + } + + /** + * @param \OCP\AppFramework\Controller $controller + * @param string $methodName + * @throws \Exception + */ + public function beforeController($controller, $methodName){ + if($this->reflector->hasAnnotation('OnlyUnauthenticatedUsers') && $this->userSession->isLoggedIn()) { + throw new \Exception('User is already logged-in'); + } + } + + /** + * @param \OCP\AppFramework\Controller $controller + * @param string $methodName + * @param \Exception $exception + * @return RedirectResponse + * @throws \Exception + */ + public function afterException($controller, $methodName, \Exception $exception) { + if($exception->getMessage() === 'User is already logged-in') { + return new RedirectResponse($this->urlGenerator->getAbsoluteURL('/')); + } + + throw $exception; + } +} diff --git a/docker/nextcloud/custom_apps/user_saml/lib/Migration/Version3001Date20200630193443.php b/docker/nextcloud/custom_apps/user_saml/lib/Migration/Version3001Date20200630193443.php new file mode 100644 index 0000000..df1a2cc --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/lib/Migration/Version3001Date20200630193443.php @@ -0,0 +1,91 @@ + + * + * @author Joas Schilling + * + * @license GNU AGPL version 3 or any later version + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + * + */ + +namespace OCA\User_SAML\Migration; + +use Closure; +use OCP\DB\ISchemaWrapper; +use OCP\DB\Types; +use OCP\Migration\IOutput; +use OCP\Migration\SimpleMigrationStep; + +class Version3001Date20200630193443 extends SimpleMigrationStep { + /** + * @param IOutput $output + * @param Closure $schemaClosure The `\Closure` returns a `ISchemaWrapper` + * @param array $options + * @return null|ISchemaWrapper + */ + public function changeSchema(IOutput $output, Closure $schemaClosure, array $options) { + /** @var ISchemaWrapper $schema */ + $schema = $schemaClosure(); + + if (!$schema->hasTable('user_saml_users')) { + $table = $schema->createTable('user_saml_users'); + $table->addColumn('uid', Types::STRING, [ + 'notnull' => true, + 'length' => 64, + 'default' => '', + ]); + $table->addColumn('displayname', Types::STRING, [ + 'notnull' => true, + 'length' => 255, + 'default' => '', + ]); + $table->addColumn('home', Types::STRING, [ + 'notnull' => true, + 'length' => 255, + 'default' => '', + ]); + $table->setPrimaryKey(['uid']); + } + + if (!$schema->hasTable('user_saml_auth_token')) { + $table = $schema->createTable('user_saml_auth_token'); + $table->addColumn('id', Types::INTEGER, [ + 'autoincrement' => true, + 'notnull' => true, + 'length' => 4, + 'unsigned' => true, + ]); + $table->addColumn('uid', Types::STRING, [ + 'notnull' => true, + 'length' => 64, + 'default' => '', + ]); + $table->addColumn('name', Types::TEXT, [ + 'notnull' => true, + 'default' => '', + ]); + $table->addColumn('token', Types::STRING, [ + 'notnull' => true, + 'length' => 200, + 'default' => '', + ]); + $table->setPrimaryKey(['id']); + } + return $schema; + } +} diff --git a/docker/nextcloud/custom_apps/user_saml/lib/SAMLSettings.php b/docker/nextcloud/custom_apps/user_saml/lib/SAMLSettings.php new file mode 100644 index 0000000..d25fa16 --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/lib/SAMLSettings.php @@ -0,0 +1,192 @@ + + * + * @license GNU AGPL version 3 or any later version + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + * + */ + +namespace OCA\User_SAML; + +use OCP\AppFramework\Http; +use OCP\IConfig; +use OCP\IRequest; +use OCP\ISession; +use OCP\IURLGenerator; +use OneLogin\Saml2\Constants; + +class SAMLSettings { + /** @var IURLGenerator */ + private $urlGenerator; + /** @var IConfig */ + private $config; + /** @var IRequest */ + private $request; + /** @var ISession */ + private $session; + /** @var array list of global settings which are valid for every idp */ + private $globalSettings = ['general-require_provisioned_account', 'general-allow_multiple_user_back_ends', 'general-use_saml_auth_for_desktop']; + + /** + * @param IURLGenerator $urlGenerator + * @param IConfig $config + * @param IRequest $request + * @param ISession $session + */ + public function __construct(IURLGenerator $urlGenerator, + IConfig $config, + IRequest $request, + ISession $session) { + $this->urlGenerator = $urlGenerator; + $this->config = $config; + $this->request = $request; + $this->session = $session; + } + + /** + * get list of the configured IDPs + * + * @return array + */ + public function getListOfIdps() { + $result = []; + + $providerIds = explode(',', $this->config->getAppValue('user_saml', 'providerIds', '1')); + natsort($providerIds); + + foreach ($providerIds as $id) { + $prefix = $id === '1' ? '' : $id .'-'; + $result[$id] = $this->config->getAppValue('user_saml', $prefix . 'general-idp0_display_name', ''); + } + + asort($result); + + return $result; + } + + /** + * check if multiple user back ends are allowed + * + * @return bool + */ + public function allowMultipleUserBackEnds() { + $type = $this->config->getAppValue('user_saml', 'type'); + $setting = $this->config->getAppValue('user_saml', 'general-allow_multiple_user_back_ends', '0'); + return ($setting === '1' && $type === 'saml'); + } + + /** + * get config for given IDP + * + * @param int $idp + * @return array + */ + public function getOneLoginSettingsArray($idp) { + + $prefix = ''; + if ($idp > 1) { + $prefix = $idp . '-'; + } + + $settings = [ + 'strict' => true, + 'debug' => $this->config->getSystemValue('debug', false), + 'baseurl' => $this->urlGenerator->linkToRouteAbsolute('user_saml.SAML.base'), + 'security' => [ + 'nameIdEncrypted' => ($this->config->getAppValue('user_saml', $prefix . 'security-nameIdEncrypted', '0') === '1') ? true : false, + 'authnRequestsSigned' => ($this->config->getAppValue('user_saml', $prefix . 'security-authnRequestsSigned', '0') === '1') ? true : false, + 'logoutRequestSigned' => ($this->config->getAppValue('user_saml', $prefix . 'security-logoutRequestSigned', '0') === '1') ? true : false, + 'logoutResponseSigned' => ($this->config->getAppValue('user_saml', $prefix . 'security-logoutResponseSigned', '0') === '1') ? true : false, + 'signMetadata' => ($this->config->getAppValue('user_saml', $prefix . 'security-signMetadata', '0') === '1') ? true : false, + 'wantMessagesSigned' => ($this->config->getAppValue('user_saml', $prefix . 'security-wantMessagesSigned', '0') === '1') ? true : false, + 'wantAssertionsSigned' => ($this->config->getAppValue('user_saml', $prefix . 'security-wantAssertionsSigned', '0') === '1') ? true : false, + 'wantAssertionsEncrypted' => ($this->config->getAppValue('user_saml', $prefix . 'security-wantAssertionsEncrypted', '0') === '1') ? true : false, + 'wantNameId' => ($this->config->getAppValue('user_saml', $prefix . 'security-wantNameId', '0') === '1') ? true : false, + 'wantNameIdEncrypted' => ($this->config->getAppValue('user_saml', $prefix . 'security-wantNameIdEncrypted', '0') === '1') ? true : false, + 'wantXMLValidation' => ($this->config->getAppValue('user_saml', $prefix . 'security-wantXMLValidation', '0') === '1') ? true : false, + 'requestedAuthnContext' => false, + 'lowercaseUrlencoding' => ($this->config->getAppValue('user_saml', $prefix . 'security-lowercaseUrlencoding', '0') === '1') ? true : false, + 'signatureAlgorithm' => $this->config->getAppValue('user_saml', $prefix . 'security-signatureAlgorithm', null) + ], + 'sp' => [ + 'entityId' => $this->urlGenerator->linkToRouteAbsolute('user_saml.SAML.getMetadata'), + 'assertionConsumerService' => [ + 'url' => $this->urlGenerator->linkToRouteAbsolute('user_saml.SAML.assertionConsumerService'), + ], + 'NameIDFormat' => $this->config->getAppValue('user_saml', $prefix . 'sp-name-id-format', Constants::NAMEID_UNSPECIFIED) + ], + 'idp' => [ + 'entityId' => $this->config->getAppValue('user_saml', $prefix . 'idp-entityId', ''), + 'singleSignOnService' => [ + 'url' => $this->config->getAppValue('user_saml', $prefix . 'idp-singleSignOnService.url', ''), + ], + ], + ]; + + $spx509cert = $this->config->getAppValue('user_saml', $prefix . 'sp-x509cert', ''); + $spxprivateKey = $this->config->getAppValue('user_saml', $prefix . 'sp-privateKey', ''); + if($spx509cert !== '') { + $settings['sp']['x509cert'] = $spx509cert; + } + if($spxprivateKey !== '') { + $settings['sp']['privateKey'] = $spxprivateKey; + } + + $idpx509cert = $this->config->getAppValue('user_saml', $prefix . 'idp-x509cert', ''); + if($idpx509cert !== '') { + $settings['idp']['x509cert'] = $idpx509cert; + } + + $slo = $this->config->getAppValue('user_saml', $prefix . 'idp-singleLogoutService.url', ''); + if($slo !== '') { + $settings['idp']['singleLogoutService'] = [ + 'url' => $this->config->getAppValue('user_saml', $prefix . 'idp-singleLogoutService.url', ''), + ]; + $settings['sp']['singleLogoutService'] = [ + 'url' => $this->urlGenerator->linkToRouteAbsolute('user_saml.SAML.singleLogoutService'), + ]; + + $sloResponseUrl = $this->config->getAppValue('user_saml', $prefix . 'idp-singleLogoutService.responseUrl', ''); + if($sloResponseUrl !== '') { + $settings['idp']['singleLogoutService']['responseUrl'] = $sloResponseUrl; + } + } + + return $settings; + } + + /** + * calculate prefix for config values + * + * @param string name of the setting + * @return string + */ + public function getPrefix($setting = '') { + + $prefix = ''; + if (!empty($setting) && in_array($setting, $this->globalSettings)) { + return $prefix; + } + + $idp = $this->session->get('user_saml.Idp'); + if ((int)$idp > 1) { + $prefix = $idp . '-'; + } + + return $prefix; + } + +} diff --git a/docker/nextcloud/custom_apps/user_saml/lib/Settings/Admin.php b/docker/nextcloud/custom_apps/user_saml/lib/Settings/Admin.php new file mode 100644 index 0000000..6a7cf87 --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/lib/Settings/Admin.php @@ -0,0 +1,229 @@ + + * + * @author Lukas Reschke + * + * @license GNU AGPL version 3 or any later version + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + * + */ + +namespace OCA\User_SAML\Settings; + +use OCP\AppFramework\Http\TemplateResponse; +use OCP\Defaults; +use OCP\IConfig; +use OCP\IL10N; +use OCP\Settings\ISettings; +use OneLogin\Saml2\Constants; + +class Admin implements ISettings { + /** @var IL10N */ + private $l10n; + /** @var Defaults */ + private $defaults; + /** @var IConfig */ + private $config; + + /** + * @param IL10N $l10n + * @param Defaults $defaults + * @param IConfig $config + */ + public function __construct(IL10N $l10n, + Defaults $defaults, + IConfig $config) { + $this->l10n = $l10n; + $this->defaults = $defaults; + $this->config = $config; + } + + /** + * @return TemplateResponse + */ + public function getForm() { + $providerIds = explode(',', $this->config->getAppValue('user_saml', 'providerIds', '1')); + natsort($providerIds); + $providers = []; + foreach ($providerIds as $id) { + $prefix = $id === '1' ? '' : $id .'-'; + $name = $this->config->getAppValue('user_saml', $prefix . 'general-idp0_display_name', ''); + $providers[] = [ + 'id' => $id, + 'name' => $name === '' ? $this->l10n->t('Provider ') . $id : $name + ]; + } + $serviceProviderFields = [ + 'x509cert' => $this->l10n->t('X.509 certificate of the Service Provider'), + 'privateKey' => $this->l10n->t('Private key of the Service Provider'), + ]; + $securityOfferFields = [ + 'nameIdEncrypted' => $this->l10n->t('Indicates that the nameID of the sent by this SP will be encrypted.'), + 'authnRequestsSigned' => $this->l10n->t('Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]'), + 'logoutRequestSigned' => $this->l10n->t('Indicates whether the messages sent by this SP will be signed.'), + 'logoutResponseSigned' => $this->l10n->t('Indicates whether the messages sent by this SP will be signed.'), + 'signMetadata' => $this->l10n->t('Whether the metadata should be signed.') + ]; + $securityRequiredFields = [ + 'wantMessagesSigned' => $this->l10n->t('Indicates a requirement for the , and elements received by this SP to be signed.'), + 'wantAssertionsSigned' => $this->l10n->t('Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]'), + 'wantAssertionsEncrypted' => $this->l10n->t('Indicates a requirement for the elements received by this SP to be encrypted.'), + 'wantNameId' => $this->l10n->t(' Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present.'), + 'wantNameIdEncrypted' => $this->l10n->t('Indicates a requirement for the NameID received by this SP to be encrypted.'), + 'wantXMLValidation' => $this->l10n->t('Indicates if the SP will validate all received XML.'), + ]; + $securityGeneral = [ + 'lowercaseUrlencoding' => $this->l10n->t('ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification.'), + 'signatureAlgorithm' => [ + 'type' => 'line', + 'text' => $this->l10n->t('Algorithm that the toolkit will use on signing process.') + ] + ]; + $generalSettings = [ + 'uid_mapping' => [ + 'text' => $this->l10n->t('Attribute to map the UID to.'), + 'type' => 'line', + 'required' => true, + ], + 'require_provisioned_account' => [ + 'text' => $this->l10n->t('Only allow authentication if an account exists on some other backend. (e.g. LDAP)'), + 'type' => 'checkbox', + 'global' => true, + ] + ]; + $attributeMappingSettings = [ + 'displayName_mapping' => [ + 'text' => $this->l10n->t('Attribute to map the displayname to.'), + 'type' => 'line', + 'required' => true, + ], + 'email_mapping' => [ + 'text' => $this->l10n->t('Attribute to map the email address to.'), + 'type' => 'line', + 'required' => true, + ], + 'quota_mapping' => [ + 'text' => $this->l10n->t('Attribute to map the quota to.'), + 'type' => 'line', + 'required' => false, + ], + 'group_mapping' => [ + 'text' => $this->l10n->t('Attribute to map the users groups to.'), + 'type' => 'line', + 'required' => true, + ], + 'home_mapping' => [ + 'text' => $this->l10n->t('Attribute to map the users home to.'), + 'type' => 'line', + 'required' => true, + ], + + ]; + + $selectedNameIdFormat = $this->config->getAppValue('user_saml', 'sp-name-id-format', Constants::NAMEID_UNSPECIFIED); + $nameIdFormats = [ + Constants::NAMEID_EMAIL_ADDRESS => [ + 'label' => $this->l10n->t('Email address'), + 'selected' => $selectedNameIdFormat === Constants::NAMEID_EMAIL_ADDRESS, + ], + Constants::NAMEID_ENCRYPTED => [ + 'label' => $this->l10n->t('Encrypted'), + 'selected' => $selectedNameIdFormat === Constants::NAMEID_ENCRYPTED, + ], + Constants::NAMEID_ENTITY => [ + 'label' => $this->l10n->t('Entity'), + 'selected' => $selectedNameIdFormat === Constants::NAMEID_ENTITY, + ], + Constants::NAMEID_KERBEROS => [ + 'label' => $this->l10n->t('Kerberos'), + 'selected' => $selectedNameIdFormat === Constants::NAMEID_KERBEROS, + ], + Constants::NAMEID_PERSISTENT => [ + 'label' => $this->l10n->t('Persistent'), + 'selected' => $selectedNameIdFormat === Constants::NAMEID_PERSISTENT, + ], + Constants::NAMEID_TRANSIENT => [ + 'label' => $this->l10n->t('Transient'), + 'selected' => $selectedNameIdFormat === Constants::NAMEID_TRANSIENT, + ], + Constants::NAMEID_UNSPECIFIED => [ + 'label' => $this->l10n->t('Unspecified'), + 'selected' => $selectedNameIdFormat === Constants::NAMEID_UNSPECIFIED, + ], + Constants::NAMEID_WINDOWS_DOMAIN_QUALIFIED_NAME => [ + 'label' => $this->l10n->t('Windows domain qualified name'), + 'selected' => $selectedNameIdFormat === Constants::NAMEID_WINDOWS_DOMAIN_QUALIFIED_NAME, + ], + Constants::NAMEID_X509_SUBJECT_NAME => [ + 'label' => $this->l10n->t('X509 subject name'), + 'selected' => $selectedNameIdFormat === Constants::NAMEID_X509_SUBJECT_NAME, + ], + ]; + + $type = $this->config->getAppValue('user_saml', 'type'); + if($type === 'saml') { + $generalSettings['use_saml_auth_for_desktop'] = [ + 'text' => $this->l10n->t('Use SAML auth for the %s desktop clients (requires user re-authentication)', [$this->defaults->getName()]), + 'type' => 'checkbox', + 'global' => true, + ]; + $generalSettings['idp0_display_name'] = [ + 'text' => $this->l10n->t('Optional display name of the identity provider (default: "SSO & SAML log in")'), + 'type' => 'line', + 'required' => false, + ]; + $generalSettings['allow_multiple_user_back_ends'] = [ + 'text' => $this->l10n->t('Allow the use of multiple user back-ends (e.g. LDAP)'), + 'type' => 'checkbox', + 'hideForEnv' => true, + 'global' => true, + ]; + } + + $params = [ + 'sp' => $serviceProviderFields, + 'security-offer' => $securityOfferFields, + 'security-required' => $securityRequiredFields, + 'security-general' => $securityGeneral, + 'general' => $generalSettings, + 'attribute-mapping' => $attributeMappingSettings, + 'name-id-formats' => $nameIdFormats, + 'type' => $type, + 'providers' => $providers + ]; + + return new TemplateResponse('user_saml', 'admin', $params); + } + + /** + * @return string the section ID, e.g. 'sharing' + */ + public function getSection() { + return 'saml'; + } + + /** + * @return int whether the form should be rather on the top or bottom of + * the admin section. The forms are arranged in ascending order of the + * priority values. It is required to return a value between 0 and 100. + * + * keep the server setting at the top, right after "server settings" + */ + public function getPriority() { + return 0; + } + +} diff --git a/docker/nextcloud/custom_apps/user_saml/lib/Settings/Section.php b/docker/nextcloud/custom_apps/user_saml/lib/Settings/Section.php new file mode 100644 index 0000000..5c267d3 --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/lib/Settings/Section.php @@ -0,0 +1,73 @@ + + * + * @author Lukas Reschke + * + * @license GNU AGPL version 3 or any later version + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + * + */ + +namespace OCA\User_SAML\Settings; + +use OCP\IL10N; +use OCP\IURLGenerator; +use OCP\Settings\IIconSection; + +class Section implements IIconSection { + /** @var IL10N */ + private $l; + /** @var IURLGenerator */ + private $url; + + /** + * @param IL10N $l + * @param IURLGenerator $url + */ + public function __construct(IL10N $l, + IURLGenerator $url) { + $this->l = $l; + $this->url = $url; + } + + /** + * {@inheritdoc} + */ + public function getID() { + return 'saml'; + } + + /** + * {@inheritdoc} + */ + public function getName() { + return $this->l->t('SSO & SAML authentication'); + } + + /** + * {@inheritdoc} + */ + public function getPriority() { + return 75; + } + + /** + * {@inheritdoc} + */ + public function getIcon() { + return $this->url->imagePath('user_saml', 'app-dark.svg'); + } +} diff --git a/docker/nextcloud/custom_apps/user_saml/lib/UserBackend.php b/docker/nextcloud/custom_apps/user_saml/lib/UserBackend.php new file mode 100644 index 0000000..dcec830 --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/lib/UserBackend.php @@ -0,0 +1,754 @@ + + * + * @license GNU AGPL version 3 or any later version + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + * + */ + +namespace OCA\User_SAML; + +use OCP\Authentication\IApacheBackend; +use OCP\DB\QueryBuilder\IQueryBuilder; +use OCP\Files\NotPermittedException; +use OCP\IDBConnection; +use OCP\ILogger; +use OCP\IUser; +use OCP\IUserManager; +use OCP\IGroupManager; +use OCP\UserInterface; +use OCP\IUserBackend; +use OCP\IConfig; +use OCP\IURLGenerator; +use OCP\ISession; +use Symfony\Component\EventDispatcher\GenericEvent; +use function base64_decode; + +class UserBackend implements IApacheBackend, UserInterface, IUserBackend { + /** @var IConfig */ + private $config; + /** @var IURLGenerator */ + private $urlGenerator; + /** @var ISession */ + private $session; + /** @var IDBConnection */ + private $db; + /** @var IUserManager */ + private $userManager; + /** @var IGroupManager */ + private $groupManager; + /** @var \OCP\UserInterface[] */ + private static $backends = []; + /** @var SAMLSettings */ + private $settings; + /** @var ILogger */ + private $logger; + + /** + * @param IConfig $config + * @param IURLGenerator $urlGenerator + * @param ISession $session + * @param IDBConnection $db + * @param IUserManager $userManager + * @param IGroupManager $groupManager + * @param SAMLSettings $settings + * @param ILogger $logger + */ + public function __construct(IConfig $config, + IURLGenerator $urlGenerator, + ISession $session, + IDBConnection $db, + IUserManager $userManager, + IGroupManager $groupManager, + SAMLSettings $settings, + ILogger $logger) { + $this->config = $config; + $this->urlGenerator = $urlGenerator; + $this->session = $session; + $this->db = $db; + $this->userManager = $userManager; + $this->groupManager = $groupManager; + $this->settings = $settings; + $this->logger = $logger; + } + + /** + * Whether $uid exists in the database + * + * @param string $uid + * @return bool + */ + protected function userExistsInDatabase($uid) { + /* @var $qb IQueryBuilder */ + $qb = $this->db->getQueryBuilder(); + $qb->select('uid') + ->from('user_saml_users') + ->where($qb->expr()->eq('uid', $qb->createNamedParameter($uid))) + ->setMaxResults(1); + $result = $qb->execute(); + $users = $result->fetchAll(); + $result->closeCursor(); + + return !empty($users); + } + + /** + * Creates a user if it does not exist. In case home directory mapping + * is enabled we also set up the user's home from $attributes. + * + * @param string $uid + * @param array $attributes + */ + public function createUserIfNotExists($uid, array $attributes = array()) { + if(!$this->userExistsInDatabase($uid)) { + $values = [ + 'uid' => $uid, + ]; + + // Try to get the mapped home directory of the user + try { + $home = $this->getAttributeValue('saml-attribute-mapping-home_mapping', $attributes); + } catch (\InvalidArgumentException $e) { + $home = ''; + } + + if ($home !== '') { + //if attribute's value is an absolute path take this, otherwise append it to data dir + //check for / at the beginning or pattern c:\ resp. c:/ + if( '/' !== $home[0] + && !(3 < strlen($home) && ctype_alpha($home[0]) + && $home[1] === ':' && ('\\' === $home[2] || '/' === $home[2])) + ) { + $home = $this->config->getSystemValue('datadirectory', + \OC::$SERVERROOT.'/data' ) . '/' . $home; + } + + $values['home'] = $home; + } + + /* @var $qb IQueryBuilder */ + $qb = $this->db->getQueryBuilder(); + $qb->insert('user_saml_users'); + foreach($values as $column => $value) { + $qb->setValue($column, $qb->createNamedParameter($value)); + } + $qb->execute(); + + $this->initializeHomeDir($uid); + + } + } + + /** + * @param string $uid + * @throws \OCP\Files\NotFoundException + */ + public function initializeHomeDir($uid) { + ### Code taken from lib/private/User/Session.php - function prepareUserLogin() ### + //trigger creation of user home and /files folder + $userFolder = \OC::$server->getUserFolder($uid); + try { + // copy skeleton + \OC_Util::copySkeleton($uid, $userFolder); + } catch (NotPermittedException $ex) { + // read only uses + } + // trigger any other initialization + $user = $this->userManager->get($uid); + \OC::$server->getEventDispatcher()->dispatch(IUser::class . '::firstLogin', new GenericEvent($user)); + } + + /** + * Check if backend implements actions + * @param int $actions bitwise-or'ed actions + * @return boolean + * + * Returns the supported actions as int to be + * compared with \OC\User\Backend::CREATE_USER etc. + * @since 4.5.0 + */ + public function implementsActions($actions) { + $availableActions = \OC\User\Backend::CHECK_PASSWORD; + $availableActions |= \OC\User\Backend::GET_DISPLAYNAME; + $availableActions |= \OC\User\Backend::GET_HOME; + $availableActions |= \OC\User\Backend::COUNT_USERS; + return (bool)($availableActions & $actions); + } + + /** + * Check if the provided token is correct + * @param string $uid The username + * @param string $password The password + * @return string + * + * Check if the password is correct without logging in the user + * returns the user id or false + */ + public function checkPassword($uid, $password) { + /* @var $qb IQueryBuilder */ + $qb = $this->db->getQueryBuilder(); + $qb->select('token') + ->from('user_saml_auth_token') + ->where($qb->expr()->eq('uid', $qb->createNamedParameter($uid))) + ->setMaxResults(1000); + $result = $qb->execute(); + $data = $result->fetchAll(); + $result->closeCursor(); + + foreach($data as $passwords) { + if(password_verify($password, $passwords['token'])) { + return $uid; + } + } + + return false; + } + + /** + * delete a user + * @param string $uid The username of the user to delete + * @return bool + * @since 4.5.0 + */ + public function deleteUser($uid) { + if($this->userExistsInDatabase($uid)) { + /* @var $qb IQueryBuilder */ + $qb = $this->db->getQueryBuilder(); + $qb->delete('user_saml_users') + ->where($qb->expr()->eq('uid', $qb->createNamedParameter($uid))) + ->execute(); + return true; + } + return false; + } + + /** + * Returns the user's home directory, if home directory mapping is set up. + * + * @param string $uid the username + * @return string + */ + public function getHome($uid) { + if($this->userExistsInDatabase($uid)) { + $qb = $this->db->getQueryBuilder(); + $qb->select('home') + ->from('user_saml_users') + ->where($qb->expr()->eq('uid', $qb->createNamedParameter($uid))) + ->setMaxResults(1); + $result = $qb->execute(); + $users = $result->fetchAll(); + if (isset($users[0]['home'])) { + return $users[0]['home']; + } + } + } + + /** + * Get a list of all users + * + * @param string $search + * @param null|int $limit + * @param null|int $offset + * @return string[] an array of all uids + * @since 4.5.0 + */ + public function getUsers($search = '', $limit = null, $offset = null) { + // shamelessly duplicated from \OC\User\Database + $users = $this->getDisplayNames($search, $limit, $offset); + $userIds = array_map(function ($uid) { + return (string)$uid; + }, array_keys($users)); + sort($userIds, SORT_STRING | SORT_FLAG_CASE); + return $userIds; + } + + /** + * check if a user exists + * @param string $uid the username + * @return boolean + * @since 4.5.0 + */ + public function userExists($uid) { + if($backend = $this->getActualUserBackend($uid)) { + return $backend->userExists($uid); + } else { + return $this->userExistsInDatabase($uid); + } + } + + public function setDisplayName($uid, $displayName) { + if($backend = $this->getActualUserBackend($uid)) { + return $backend->setDisplayName($uid, $displayName); + } + + if ($this->userExistsInDatabase($uid)) { + $qb = $this->db->getQueryBuilder(); + $qb->update('user_saml_users') + ->set('displayname', $qb->createNamedParameter($displayName)) + ->where($qb->expr()->eq('uid', $qb->createNamedParameter($uid))) + ->execute(); + return true; + } + + return false; + } + + /** + * Get display name of the user + * + * @param string $uid user ID of the user + * @return string display name + * @since 4.5.0 + */ + public function getDisplayName($uid) { + if($backend = $this->getActualUserBackend($uid)) { + return $backend->getDisplayName($uid); + } else { + if($this->userExistsInDatabase($uid)) { + $qb = $this->db->getQueryBuilder(); + $qb->select('displayname') + ->from('user_saml_users') + ->where($qb->expr()->eq('uid', $qb->createNamedParameter($uid))) + ->setMaxResults(1); + $result = $qb->execute(); + $users = $result->fetchAll(); + if (isset($users[0]['displayname'])) { + return $users[0]['displayname']; + } + } + } + + return false; + } + + /** + * Get a list of all display names and user ids. + * + * @param string $search + * @param string|null $limit + * @param string|null $offset + * @return array an array of all displayNames (value) and the corresponding uids (key) + * @since 4.5.0 + */ + public function getDisplayNames($search = '', $limit = null, $offset = null) { + // shamelessly duplicate from \OC\User\Database + $query = $this->db->getQueryBuilder(); + + $query->select('uid', 'displayname') + ->from('user_saml_users', 'u') + ->leftJoin('u', 'preferences', 'p', $query->expr()->andX( + $query->expr()->eq('userid', 'uid'), + $query->expr()->eq('appid', $query->expr()->literal('settings')), + $query->expr()->eq('configkey', $query->expr()->literal('email'))) + ) + // sqlite doesn't like re-using a single named parameter here + ->where($query->expr()->iLike('uid', $query->createPositionalParameter('%' . $this->db->escapeLikeParameter($search) . '%'))) + ->orWhere($query->expr()->iLike('displayname', $query->createPositionalParameter('%' . $this->db->escapeLikeParameter($search) . '%'))) + ->orWhere($query->expr()->iLike('configvalue', $query->createPositionalParameter('%' . $this->db->escapeLikeParameter($search) . '%'))) + ->orderBy($query->func()->lower('displayname'), 'ASC') + ->orderBy('uid', 'ASC') + ->setMaxResults($limit) + ->setFirstResult($offset); + + $result = $query->execute(); + $displayNames = []; + while ($row = $result->fetch()) { + $displayNames[(string)$row['uid']] = (string)$row['displayname']; + } + $result->closeCursor(); + + return $displayNames; + } + + /** + * Check if a user list is available or not + * @return boolean if users can be listed or not + * @since 4.5.0 + */ + public function hasUserListings() { + if($this->autoprovisionAllowed()) { + return true; + } + + return false; + } + + /** + * In case the user has been authenticated by Apache true is returned. + * + * @return boolean whether Apache reports a user as currently logged in. + * @since 6.0.0 + */ + public function isSessionActive() { + if($this->getCurrentUserId() !== '') { + return true; + } + return false; + } + + /** + * {@inheritdoc} + */ + public function getLogoutUrl() { + $prefix = $this->settings->getPrefix(); + $slo = $this->config->getAppValue('user_saml', $prefix . 'idp-singleLogoutService.url', ''); + if($slo === '') { + return ''; + } + + return $this->urlGenerator->linkToRouteAbsolute( + 'user_saml.SAML.singleLogoutService', + [ + 'requesttoken' => \OC::$server->getCsrfTokenManager()->getToken()->getEncryptedValue(), + ] + ); + } + + /** + * Logout attribute for Nextcloud < 12.0.3 + * + * @return string + */ + public function getLogoutAttribute() { + return 'style="display:none;"'; + } + + /** + * return user data from the idp + * + * @return mixed + */ + public function getUserData() { + $userData = $this->session->get('user_saml.samlUserData'); + $userData = $this->formatUserData($userData); + + // make sure that a valid UID is given + if (empty($userData['formatted']['uid'])) { + $this->logger->error('No valid uid given, please check your attribute mapping. Got uid: {uid}', ['app' => $this->appName, 'uid' => $userData['uid']]); + throw new \InvalidArgumentException('No valid uid given, please check your attribute mapping. Got uid: ' . $userData['uid']); + } + + + return $userData; + + } + + /** + * format user data and map them to the configured attributes + * + * @param $attributes + * @return array + */ + private function formatUserData($attributes) { + + $result = ['formatted' => [], 'raw' => $attributes]; + + try { + $result['formatted']['email'] = $this->getAttributeValue('saml-attribute-mapping-email_mapping', $attributes); + } catch (\InvalidArgumentException $e) { + $result['formatted']['email'] = null; + } + try { + $result['formatted']['displayName'] = $this->getAttributeValue('saml-attribute-mapping-displayName_mapping', $attributes); + } catch (\InvalidArgumentException $e) { + $result['formatted']['displayName'] = null; + } + try { + $result['formatted']['quota'] = $this->getAttributeValue('saml-attribute-mapping-quota_mapping', $attributes); + if ($result['formatted']['quota'] === '') { + $result['formatted']['quota'] = 'default'; + } + } catch (\InvalidArgumentException $e) { + $result['formatted']['quota'] = null; + } + + try { + $result['formatted']['groups'] = $this->getAttributeArrayValue('saml-attribute-mapping-group_mapping', $attributes); + } catch (\InvalidArgumentException $e) { + $result['formatted']['groups'] = null; + } + + $prefix = $this->settings->getPrefix(); + $uidMapping = $this->config->getAppValue('user_saml', $prefix . 'general-uid_mapping'); + $result['formatted']['uid'] = ''; + if (isset($attributes[$uidMapping])) { + $result['formatted']['uid'] = $attributes[$uidMapping][0]; + } + + return $result; + } + + /** + * Return the id of the current user + * @return string + * @since 6.0.0 + */ + public function getCurrentUserId() { + $samlData = $this->session->get('user_saml.samlUserData'); + $prefix = $this->settings->getPrefix(); + $uidMapping = $this->config->getAppValue('user_saml', $prefix . 'general-uid_mapping', ''); + + if($uidMapping !== '' && isset($samlData[$uidMapping])) { + if(is_array($samlData[$uidMapping])) { + $uid = $samlData[$uidMapping][0]; + } else { + $uid = $samlData[$uidMapping]; + } + $uid = $this->testEncodedObjectGUID($uid); + + if($this->userExists($uid)) { + $this->session->set('last-password-confirm', strtotime('+4 year', time())); + return $uid; + } + } + + return ''; + } + + + /** + * Backend name to be shown in user management + * @return string the name of the backend to be shown + * @since 8.0.0 + */ + public function getBackendName() { + return 'user_saml'; + } + + /** + * Whether autoprovisioning is enabled or not + * + * @return bool + */ + public function autoprovisionAllowed() { + return $this->config->getAppValue('user_saml', 'general-require_provisioned_account', '0') === '0'; + } + + /** + * Gets the actual user backend of the user + * + * @param string $uid + * @return null|UserInterface + */ + public function getActualUserBackend($uid) { + foreach(self::$backends as $backend) { + if($backend->userExists($uid)) { + return $backend; + } + } + + return null; + } + + /** + * Registers the used backends, used later to get the actual user backend + * of the user. + * + * @param \OCP\UserInterface[] $backends + */ + public function registerBackends(array $backends) { + self::$backends = $backends; + } + + private function getAttributeKeys($name) + { + $prefix = $this->settings->getPrefix($name); + $keys = explode(' ', $this->config->getAppValue('user_saml', $prefix . $name, '')); + + if (count($keys) === 1 && $keys[0] === '') { + throw new \InvalidArgumentException('Attribute is not configured'); + } + return $keys; + } + + private function getAttributeValue($name, array $attributes) { + $keys = $this->getAttributeKeys($name); + + $value = ''; + foreach($keys as $key) { + if (isset($attributes[$key])) { + if (is_array($attributes[$key])) { + foreach ($attributes[$key] as $attribute_part_value) { + if($value !== '') { + $value .= ' '; + } + $value .= $attribute_part_value; + } + } else { + if($value !== '') { + $value .= ' '; + } + $value .= $attributes[$key]; + } + } + } + + return $value; + } + + private function getAttributeArrayValue($name, array $attributes) { + $keys = $this->getAttributeKeys($name); + + $value = array(); + foreach($keys as $key) { + if (isset($attributes[$key])) { + if (is_array($attributes[$key])) { + $value = array_merge($value, array_values($attributes[$key])); + } else { + $value[] = $attributes[$key]; + } + } + } + + return $value; + } + + public function updateAttributes($uid, + array $attributes) { + $user = $this->userManager->get($uid); + try { + $newEmail = $this->getAttributeValue('saml-attribute-mapping-email_mapping', $attributes); + $this->logger->debug('Email attribute content: {email}', ['app' => 'user_saml', 'email' => $newEmail]); + } catch (\InvalidArgumentException $e) { + $this->logger->debug('Failed to fetch email attribute: {exception}', ['app' => 'user_saml', 'exception' => $e->getMessage()]); + $newEmail = null; + } + try { + $newDisplayname = $this->getAttributeValue('saml-attribute-mapping-displayName_mapping', $attributes); + $this->logger->debug('Display name attribute content: {displayName}', ['app' => 'user_saml', 'displayName' => $newDisplayname]); + } catch (\InvalidArgumentException $e) { + $this->logger->debug('Failed to fetch display name attribute: {exception}', ['app' => 'user_saml', 'exception' => $e->getMessage()]); + $newDisplayname = null; + } + try { + $newQuota = $this->getAttributeValue('saml-attribute-mapping-quota_mapping', $attributes); + $this->logger->debug('Quota attribute content: {quota}', ['app' => 'user_saml', 'quota' => $newQuota]); + if ($newQuota === '') { + $newQuota = 'default'; + } + } catch (\InvalidArgumentException $e) { + $this->logger->debug('Failed to fetch quota attribute: {exception}', ['app' => 'user_saml', 'exception' => $e->getMessage()]); + $newQuota = null; + } + + try { + $newGroups = $this->getAttributeArrayValue('saml-attribute-mapping-group_mapping', $attributes); + $this->logger->debug('Group attribute content: {groups}', ['app' => 'user_saml', 'groups' => json_encode($newGroups)]); + } catch (\InvalidArgumentException $e) { + $this->logger->debug('Failed to fetch group attribute: {exception}', ['app' => 'user_saml', 'exception' => $e->getMessage()]); + $newGroups = null; + } + + if ($user !== null) { + $currentEmail = (string)$user->getEMailAddress(); + if ($newEmail !== null + && $currentEmail !== $newEmail) { + $user->setEMailAddress($newEmail); + } + $currentDisplayname = (string)$this->getDisplayName($uid); + if ($newDisplayname !== null + && $currentDisplayname !== $newDisplayname) { + \OC_Hook::emit('OC_User', 'changeUser', + [ + 'user' => $user, + 'feature' => 'displayName', + 'value' => $newDisplayname + ] + ); + $this->setDisplayName($uid, $newDisplayname); + } + + if ($newQuota !== null) { + $user->setQuota($newQuota); + } + + if ($newGroups !== null) { + $groupManager = $this->groupManager; + $oldGroups = $groupManager->getUserGroupIds($user); + + $groupsToAdd = array_unique(array_diff($newGroups, $oldGroups)); + $groupsToRemove = array_diff($oldGroups, $newGroups); + + foreach ($groupsToAdd as $group) { + if (!($groupManager->groupExists($group))) { + $groupManager->createGroup($group); + } + $groupManager->get($group)->addUser($user); + } + + foreach ($groupsToRemove as $group) { + $groupManager->get($group)->removeUser($user); + } + } + } + } + + /** + * returns the plain text UUID if the provided $uid string is a + * base64-encoded binary string representing e.g. the objectGUID. Otherwise + * + */ + public function testEncodedObjectGUID(string $uid): string { + if (preg_match('/[^a-zA-Z0-9=+\/]/', $uid) !== 0) { + // certainly not encoded + return $uid; + } + + $candidate = base64_decode($uid, false); + if($candidate === false) { + return $uid; + } + $candidate = $this->convertObjectGUID2Str($candidate); + // the regex only matches the structure of the UUID, not its semantic + // (i.e. version or variant) simply to be future compatible + if(preg_match('/^[a-f0-9]{8}(-[a-f0-9]{4}){4}[a-f0-9]{8}$/i', $candidate) === 1) { + $uid = $candidate; + } + return $uid; + } + + /** + * @see \OCA\User_LDAP\Access::convertObjectGUID2Str + */ + protected function convertObjectGUID2Str($oguid) { + $hex_guid = bin2hex($oguid); + $hex_guid_to_guid_str = ''; + for($k = 1; $k <= 4; ++$k) { + $hex_guid_to_guid_str .= substr($hex_guid, 8 - 2 * $k, 2); + } + $hex_guid_to_guid_str .= '-'; + for($k = 1; $k <= 2; ++$k) { + $hex_guid_to_guid_str .= substr($hex_guid, 12 - 2 * $k, 2); + } + $hex_guid_to_guid_str .= '-'; + for($k = 1; $k <= 2; ++$k) { + $hex_guid_to_guid_str .= substr($hex_guid, 16 - 2 * $k, 2); + } + $hex_guid_to_guid_str .= '-' . substr($hex_guid, 16, 4); + $hex_guid_to_guid_str .= '-' . substr($hex_guid, 20); + + return strtoupper($hex_guid_to_guid_str); + } + + public function countUsers() { + $query = $this->db->getQueryBuilder(); + $query->select($query->func()->count('uid')) + ->from('user_saml_users'); + $result = $query->execute(); + + return $result->fetchColumn(); + } +} diff --git a/docker/nextcloud/custom_apps/user_saml/templates/admin.php b/docker/nextcloud/custom_apps/user_saml/templates/admin.php new file mode 100644 index 0000000..6d1b754 --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/templates/admin.php @@ -0,0 +1,210 @@ + +
    +

    t('SSO & SAML authentication')); ?>

    + + + + + + + + + + + + + + + +
    diff --git a/docker/nextcloud/custom_apps/user_saml/templates/error.php b/docker/nextcloud/custom_apps/user_saml/templates/error.php new file mode 100644 index 0000000..680939a --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/templates/error.php @@ -0,0 +1,4 @@ +
    +

    t('Error')) ?>

    +

    +
    diff --git a/docker/nextcloud/custom_apps/user_saml/templates/notProvisioned.php b/docker/nextcloud/custom_apps/user_saml/templates/notProvisioned.php new file mode 100644 index 0000000..04d7a1f --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/templates/notProvisioned.php @@ -0,0 +1,6 @@ +
      +
    • + t('Account not provisioned.')) ?>
      +

      t('Your account is not provisioned, access to this service is thus not possible.')) ?>

      +
      • +
    diff --git a/docker/nextcloud/custom_apps/user_saml/templates/selectUserBackEnd.php b/docker/nextcloud/custom_apps/user_saml/templates/selectUserBackEnd.php new file mode 100644 index 0000000..7d29002 --- /dev/null +++ b/docker/nextcloud/custom_apps/user_saml/templates/selectUserBackEnd.php @@ -0,0 +1,41 @@ + + +
    + +

    t('Login options:')); ?>

    + + + + + + + + + + + + + + + + + +
    diff --git a/docker/nextcloud/nextcloud.yml b/docker/nextcloud/nextcloud.yml new file mode 100644 index 0000000..1229ed6 --- /dev/null +++ b/docker/nextcloud/nextcloud.yml @@ -0,0 +1,44 @@ +version: '3.7' +services: + isard-apps-nextcloud-app: + build: + context: ${BUILD_ROOT_PATH}/docker/nextcloud + dockerfile: Dockerfile + #target: production + container_name: isard-apps-nextcloud-app + restart: unless-stopped +# links: +# - postgres + depends_on: + - isard-apps-postgresql + volumes: + - ${DATA_FOLDER}/nextcloud/html:/var/www/html + - ${DATA_FOLDER}/nextcloud/data:/var/www/html/data + #- ${BUILD_ROOT_PATH}/docker/nextcloud/custom_apps:/var/www/html/custom_apps + #- ${BUILD_ROOT_PATH}/docker/nextcloud/themes:/var/www/html/themes + environment: + - NEXTCLOUD_ADMIN_USER=${NEXTCLOUD_ADMIN_USER} + - NEXTCLOUD_ADMIN_PASSWORD=${NEXTCLOUD_ADMIN_PASSWORD} + - POSTGRES_DB=nextcloud + - POSTGRES_USER=${NEXTCLOUD_POSTGRES_USER} + - POSTGRES_PASSWORD=${NEXTCLOUD_POSTGRES_PASSWORD} + - POSTGRES_HOST=isard-apps-postgresql + - REDIS_HOST=isard-apps-redis + - NC_overwriteprotocol=https + - NEXTCLOUD_TRUSTED_DOMAINS=nextcloud.${DOMAIN} + #- REDIS_HOST_PORT: 6379 + #- REDIS_HOST_PASSWORD: + networks: + - isard_net + + isard-apps-nextcloud-nginx: + image: nginx + container_name: isard-apps-nextcloud-nginx + restart: unless-stopped + links: + - isard-apps-nextcloud-app + volumes: + - ${BUILD_ROOT_PATH}/docker/nextcloud/nginx.conf:/etc/nginx/nginx.conf:ro + - ${DATA_FOLDER}/nextcloud/html:/var/www/html:ro + networks: + - isard_net diff --git a/docker/nextcloud/nginx.conf b/docker/nextcloud/nginx.conf new file mode 100644 index 0000000..91573c7 --- /dev/null +++ b/docker/nextcloud/nginx.conf @@ -0,0 +1,173 @@ +worker_processes auto; + +error_log /var/log/nginx/error.log warn; +pid /var/run/nginx.pid; + + +events { + worker_connections 1024; +} + + +http { + include /etc/nginx/mime.types; + default_type application/octet-stream; + + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + access_log /var/log/nginx/access.log main; + + sendfile on; + #tcp_nopush on; + + keepalive_timeout 65; + + set_real_ip_from 10.0.0.0/8; + set_real_ip_from 172.16.0.0/12; + set_real_ip_from 192.168.0.0/16; + real_ip_header X-Real-IP; + + #gzip on; + + upstream php-handler { + server isard-apps-nextcloud-app:9000; + } + + server { + listen 80; + + # Add headers to serve security related headers + # Before enabling Strict-Transport-Security headers please read into this + # topic first. + #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always; + # + # WARNING: Only add the preload option once you read about + # the consequences in https://hstspreload.org/. This option + # will add the domain to a hardcoded list that is shipped + # in all major browsers and getting removed from this list + # could take several months. + add_header Referrer-Policy "no-referrer" always; + add_header X-Content-Type-Options "nosniff" always; + add_header X-Download-Options "noopen" always; + add_header X-Frame-Options "SAMEORIGIN" always; + add_header X-Permitted-Cross-Domain-Policies "none" always; + add_header X-Robots-Tag "none" always; + add_header X-XSS-Protection "1; mode=block" always; + + # Remove X-Powered-By, which is an information leak + fastcgi_hide_header X-Powered-By; + + # Path to the root of your installation + root /var/www/html; + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + # The following 2 rules are only needed for the user_webfinger app. + # Uncomment it if you're planning to use this app. + #rewrite ^/.well-known/host-meta /public.php?service=host-meta last; + #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last; + + # The following rule is only needed for the Social app. + # Uncomment it if you're planning to use this app. + #rewrite ^/.well-known/webfinger /public.php?service=webfinger last; + + location = /.well-known/carddav { + return 301 $scheme://$host/remote.php/dav; + } + + location = /.well-known/caldav { + return 301 $scheme://$host/remote.php/dav; + } + + # set max upload size + client_max_body_size 10G; + fastcgi_buffers 64 4K; + + # Enable gzip but do not remove ETag headers + gzip on; + gzip_vary on; + gzip_comp_level 4; + gzip_min_length 256; + gzip_proxied expired no-cache no-store private no_last_modified no_etag auth; + gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy; + + # Uncomment if your server is build with the ngx_pagespeed module + # This module is currently not supported. + #pagespeed off; + + location / { + rewrite ^ /index.php; + } + + location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ { + deny all; + } + location ~ ^\/(?:\.|autotest|occ|issue|indie|db_|console) { + deny all; + } + + location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) { + fastcgi_split_path_info ^(.+?\.php)(\/.*|)$; + set $path_info $fastcgi_path_info; + try_files $fastcgi_script_name =404; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $path_info; + # fastcgi_param HTTPS on; + + # Avoid sending the security headers twice + fastcgi_param modHeadersAvailable true; + + # Enable pretty urls + fastcgi_param front_controller_active true; + fastcgi_pass php-handler; + fastcgi_intercept_errors on; + fastcgi_request_buffering off; + } + + location ~ ^\/(?:updater|oc[ms]-provider)(?:$|\/) { + try_files $uri/ =404; + index index.php; + } + + # Adding the cache control header for js, css and map files + # Make sure it is BELOW the PHP block + location ~ \.(?:css|js|woff2?|svg|gif|map)$ { + try_files $uri /index.php$request_uri; + add_header Cache-Control "public, max-age=15778463"; + # Add headers to serve security related headers (It is intended to + # have those duplicated to the ones above) + # Before enabling Strict-Transport-Security headers please read into + # this topic first. + #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always; + # + # WARNING: Only add the preload option once you read about + # the consequences in https://hstspreload.org/. This option + # will add the domain to a hardcoded list that is shipped + # in all major browsers and getting removed from this list + # could take several months. + add_header Referrer-Policy "no-referrer" always; + add_header X-Content-Type-Options "nosniff" always; + add_header X-Download-Options "noopen" always; + add_header X-Frame-Options "SAMEORIGIN" always; + add_header X-Permitted-Cross-Domain-Policies "none" always; + add_header X-Robots-Tag "none" always; + add_header X-XSS-Protection "1; mode=block" always; + + # Optional: Don't log access to assets + access_log off; + } + + location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap|mp4|webm)$ { + try_files $uri /index.php$request_uri; + # Optional: Don't log access to other assets + access_log off; + } + } +} diff --git a/docker/nextcloud/supervisord.conf b/docker/nextcloud/supervisord.conf new file mode 100644 index 0000000..088d5dc --- /dev/null +++ b/docker/nextcloud/supervisord.conf @@ -0,0 +1,22 @@ +[supervisord] +nodaemon=true +logfile=/var/log/supervisord/supervisord.log +pidfile=/var/run/supervisord/supervisord.pid +childlogdir=/var/log/supervisord/ +logfile_maxbytes=50MB ; maximum size of logfile before rotation +logfile_backups=10 ; number of backed up logfiles +loglevel=error + +[program:php-fpm] +stdout_logfile=/dev/stdout +stdout_logfile_maxbytes=0 +stderr_logfile=/dev/stderr +stderr_logfile_maxbytes=0 +command=php-fpm + +[program:cron] +stdout_logfile=/dev/stdout +stdout_logfile_maxbytes=0 +stderr_logfile=/dev/stderr +stderr_logfile_maxbytes=0 +command=/cron.sh \ No newline at end of file diff --git a/docker/nextcloud/themes/README b/docker/nextcloud/themes/README new file mode 100755 index 0000000..5e6ea79 --- /dev/null +++ b/docker/nextcloud/themes/README @@ -0,0 +1,17 @@ +Themes can be used to customize the look and feel without the need to patch the source code. This makes it very easy to: + +* Use your own logo (in the top left, in log in and in emails) +* Customize the text strings to replace »Nextcloud« etc. with your name of choice +* Change the main color (used in header and as log in background) +* And more … + + +The process is simple: + +1. Put a folder here with the name of the theme as foldername +2. Activate it by putting 'theme' => 'themename', into the config.php file + + +The folder structure of a theme is exactly the same as the main structure. CSS files are loaded additionally to the default files so you can override properties. Images are replaced. You can also override JS files and PHP templates but we do not recommend that because you will need to adjust them after every update. + +You can also find a basic example here which you can build upon. diff --git a/docker/nextcloud/themes/example/core/css/server.css b/docker/nextcloud/themes/example/core/css/server.css new file mode 100755 index 0000000..53fdeda --- /dev/null +++ b/docker/nextcloud/themes/example/core/css/server.css @@ -0,0 +1,86 @@ +/** + * @author Jan-Christoph Borchardt, http://jancborchardt.net + * @copyright Copyright (c) 2015, ownCloud, Inc. + * @license AGPL-3.0 + * + * This code is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License, version 3, + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License, version 3, + * along with this program. If not, see + */ + + +/* header color */ +/* this is the main brand color */ +#body-user #header, +#body-settings #header, +#body-public #header { + background-color: #745bca; +} + +/* log in screen background color */ +/* gradient of the header color and a brighter shade */ +/* can also be a flat color or an image */ +#body-login { + background: #745bca; /* Old browsers */ + background: -moz-linear-gradient(top, #947bea 0%, #745bca 100%); /* FF3.6+ */ + background: -webkit-gradient(linear, left top, left bottom, color-stop(0%,#947bea), color-stop(100%,#745bca)); /* Chrome,Safari4+ */ + background: -webkit-linear-gradient(top, #947bea 0%,#745bca 100%); /* Chrome10+,Safari5.1+ */ + background: -o-linear-gradient(top, #947bea 0%,#745bca 100%); /* Opera11.10+ */ + background: -ms-linear-gradient(top, #947bea 0%,#745bca 100%); /* IE10+ */ + background: linear-gradient(top, #947bea 0%,#745bca 100%); /* W3C */ + filter: progid:DXImageTransform.Microsoft.gradient( startColorstr='#947bea', endColorstr='#745bca',GradientType=0 ); /* IE6-9 */ +} + +/* primary action button, use sparingly */ +/* header color as border, brighter shade again, here as background */ +.primary, +input[type="submit"].primary, +input[type="button"].primary, +button.primary, +.button.primary, +.primary:active, +input[type="submit"].primary:active, +input[type="button"].primary:active, +button.primary:active, +.button.primary:active { + border-color: #745bca; + background-color: #947bea; +} +.primary:hover, +input[type="submit"].primary:hover, +input[type="button"].primary:hover, +button.primary:hover, +.button.primary:hover, +.primary:focus, +input[type="submit"].primary:focus, +input[type="button"].primary:focus, +button.primary:focus, +.button.primary:focus { + background-color: #8b75e4; +} +.primary:active, input[type="submit"].primary:active, input[type="button"].primary:active, button.primary:active, .button.primary:active, +.primary:disabled, input[type="submit"].primary:disabled, input[type="button"].primary:disabled, button.primary:disabled, .button.primary:disabled, +.primary:disabled:hover, input[type="submit"].primary:disabled:hover, input[type="button"].primary:disabled:hover, button.primary:disabled:hover, .button.primary:disabled:hover, +.primary:disabled:focus, input[type="submit"].primary:disabled:focus, input[type="button"].primary:disabled:focus, button.primary:disabled:focus, .button.primary:disabled:focus { + background-color: #745bca; +} + +/* use logos from theme */ +#header .logo, +#firstrunwizard .logo { + background-image: url('../img/logo.svg'); + width: 256px; + height: 128px; +} +#header .logo-icon { + width: 62px; + height: 34px; +} diff --git a/docker/nextcloud/themes/example/core/img/favicon-touch.png b/docker/nextcloud/themes/example/core/img/favicon-touch.png new file mode 100755 index 0000000..e3a61ae Binary files /dev/null and b/docker/nextcloud/themes/example/core/img/favicon-touch.png differ diff --git a/docker/nextcloud/themes/example/core/img/favicon-touch.svg b/docker/nextcloud/themes/example/core/img/favicon-touch.svg new file mode 100755 index 0000000..2c48494 --- /dev/null +++ b/docker/nextcloud/themes/example/core/img/favicon-touch.svg @@ -0,0 +1 @@ + \ No newline at end of file diff --git a/docker/nextcloud/themes/example/core/img/favicon.ico b/docker/nextcloud/themes/example/core/img/favicon.ico new file mode 100755 index 0000000..70b59ad Binary files /dev/null and b/docker/nextcloud/themes/example/core/img/favicon.ico differ diff --git a/docker/nextcloud/themes/example/core/img/favicon.png b/docker/nextcloud/themes/example/core/img/favicon.png new file mode 100755 index 0000000..4394e13 Binary files /dev/null and b/docker/nextcloud/themes/example/core/img/favicon.png differ diff --git a/docker/nextcloud/themes/example/core/img/favicon.svg b/docker/nextcloud/themes/example/core/img/favicon.svg new file mode 100755 index 0000000..e14ea6f --- /dev/null +++ b/docker/nextcloud/themes/example/core/img/favicon.svg @@ -0,0 +1 @@ + \ No newline at end of file diff --git a/docker/nextcloud/themes/example/core/img/logo-icon.png b/docker/nextcloud/themes/example/core/img/logo-icon.png new file mode 100755 index 0000000..4ed7060 Binary files /dev/null and b/docker/nextcloud/themes/example/core/img/logo-icon.png differ diff --git a/docker/nextcloud/themes/example/core/img/logo-icon.svg b/docker/nextcloud/themes/example/core/img/logo-icon.svg new file mode 100755 index 0000000..e944866 --- /dev/null +++ b/docker/nextcloud/themes/example/core/img/logo-icon.svg @@ -0,0 +1 @@ + \ No newline at end of file diff --git a/docker/nextcloud/themes/example/core/img/logo-mail.gif b/docker/nextcloud/themes/example/core/img/logo-mail.gif new file mode 100755 index 0000000..431db4e Binary files /dev/null and b/docker/nextcloud/themes/example/core/img/logo-mail.gif differ diff --git a/docker/nextcloud/themes/example/core/img/logo.png b/docker/nextcloud/themes/example/core/img/logo.png new file mode 100755 index 0000000..ac766e2 Binary files /dev/null and b/docker/nextcloud/themes/example/core/img/logo.png differ diff --git a/docker/nextcloud/themes/example/core/img/logo.svg b/docker/nextcloud/themes/example/core/img/logo.svg new file mode 100755 index 0000000..7461eb5 --- /dev/null +++ b/docker/nextcloud/themes/example/core/img/logo.svg @@ -0,0 +1 @@ + \ No newline at end of file diff --git a/docker/nextcloud/themes/example/defaults.php b/docker/nextcloud/themes/example/defaults.php new file mode 100755 index 0000000..961a97f --- /dev/null +++ b/docker/nextcloud/themes/example/defaults.php @@ -0,0 +1,136 @@ + + * @author Jan-Christoph Borchardt, http://jancborchardt.net + * @copyright Copyright (c) 2016, ownCloud, Inc. + * @license AGPL-3.0 + * + * This code is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License, version 3, + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License, version 3, + * along with this program. If not, see + */ + +class OC_Theme { + + /** + * Returns the base URL + * @return string URL + */ + public function getBaseUrl() { + return 'https://nextcloud.com'; + } + + /** + * Returns the documentation URL + * @return string URL + */ + public function getDocBaseUrl() { + return 'https://docs.nextcloud.com'; + } + + /** + * Returns the title + * @return string title + */ + public function getTitle() { + return 'Custom Cloud'; + } + + /** + * Returns the short name of the software + * @return string title + */ + public function getName() { + return 'Custom Cloud'; + } + + /** + * Returns the short name of the software containing HTML strings + * @return string title + */ + public function getHTMLName() { + return 'Custom Cloud'; + } + + /** + * Returns entity (e.g. company name) - used for footer, copyright + * @return string entity name + */ + public function getEntity() { + return 'Custom Cloud Co.'; + } + + /** + * Returns slogan + * @return string slogan + */ + public function getSlogan() { + return 'Your custom cloud, personalized for you!'; + } + + /** + * Returns logo claim + * @return string logo claim + * @deprecated 13.0.0 not used anymore + */ + public function getLogoClaim() { + return ''; + } + + /** + * Returns short version of the footer + * @return string short footer + */ + public function getShortFooter() { + $footer = '© ' . date('Y') . ' ' . $this->getEntity() . '' . + '
    ' . $this->getSlogan(); + + return $footer; + } + + /** + * Returns long version of the footer + * @return string long footer + */ + public function getLongFooter() { + $footer = '© ' . date('Y') . ' ' . $this->getEntity() . '' . + '
    ' . $this->getSlogan(); + + return $footer; + } + + /** + * Generate a documentation link for a given key + * @return string documentation link + */ + public function buildDocLinkToKey($key) { + return $this->getDocBaseUrl() . '/server/15/go.php?to=' . $key; + } + + + /** + * Returns mail header color + * @return string + */ + public function getColorPrimary() { + return '#745bca'; + } + + /** + * Returns variables to overload defaults from core/css/variables.scss + * @return array + */ + public function getScssVariables() { + return [ + 'color-primary' => '#745bca' + ]; + } +} diff --git a/docker/nextcloud/user_saml/3rdparty/composer.json b/docker/nextcloud/user_saml/3rdparty/composer.json new file mode 100755 index 0000000..8735f1f --- /dev/null +++ b/docker/nextcloud/user_saml/3rdparty/composer.json @@ -0,0 +1,10 @@ +{ + "config": { + "optimize-autoloader": true, + "classmap-authoritative": true + }, + "require": { + "onelogin/php-saml": "^3.0", + "firebase/php-jwt": "^4.0" + } +} diff --git a/docker/nextcloud/user_saml/3rdparty/composer.lock b/docker/nextcloud/user_saml/3rdparty/composer.lock new file mode 100755 index 0000000..64e9ef9 --- /dev/null +++ b/docker/nextcloud/user_saml/3rdparty/composer.lock @@ -0,0 +1,150 @@ +{ + "_readme": [ + "This file locks the dependencies of your project to a known state", + "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", + "This file is @generated automatically" + ], + "content-hash": "f3e661f8388070704bd9b01b48752bf0", + "packages": [ + { + "name": "firebase/php-jwt", + "version": "v4.0.0", + "source": { + "type": "git", + "url": "https://github.com/firebase/php-jwt.git", + "reference": "dccf163dc8ed7ed6a00afc06c51ee5186a428d35" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/firebase/php-jwt/zipball/dccf163dc8ed7ed6a00afc06c51ee5186a428d35", + "reference": "dccf163dc8ed7ed6a00afc06c51ee5186a428d35", + "shasum": "" + }, + "require": { + "php": ">=5.3.0" + }, + "type": "library", + "autoload": { + "psr-4": { + "Firebase\\JWT\\": "src" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "BSD-3-Clause" + ], + "authors": [ + { + "name": "Neuman Vong", + "email": "neuman+pear@twilio.com", + "role": "Developer" + }, + { + "name": "Anant Narayanan", + "email": "anant@php.net", + "role": "Developer" + } + ], + "description": "A simple library to encode and decode JSON Web Tokens (JWT) in PHP. Should conform to the current spec.", + "homepage": "https://github.com/firebase/php-jwt", + "time": "2016-07-18T04:51:16+00:00" + }, + { + "name": "onelogin/php-saml", + "version": "3.4.1", + "source": { + "type": "git", + "url": "https://github.com/onelogin/php-saml.git", + "reference": "5fbf3486704ac9835b68184023ab54862c95f213" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/onelogin/php-saml/zipball/5fbf3486704ac9835b68184023ab54862c95f213", + "reference": "5fbf3486704ac9835b68184023ab54862c95f213", + "shasum": "" + }, + "require": { + "php": ">=5.4", + "robrichards/xmlseclibs": ">=3.0.4" + }, + "require-dev": { + "pdepend/pdepend": "^2.5.0", + "php-coveralls/php-coveralls": "^1.0.2 || ^2.0", + "phploc/phploc": "^2.1 || ^3.0 || ^4.0", + "phpunit/phpunit": "^4.8.35 || ^5.7 || ^6.5 || ^7.1", + "sebastian/phpcpd": "^2.0 || ^3.0 || ^4.0", + "squizlabs/php_codesniffer": "^3.1.1" + }, + "suggest": { + "ext-curl": "Install curl lib to be able to use the IdPMetadataParser for parsing remote XMLs", + "ext-gettext": "Install gettext and php5-gettext libs to handle translations", + "ext-openssl": "Install openssl lib in order to handle with x509 certs (require to support sign and encryption)" + }, + "type": "library", + "autoload": { + "psr-4": { + "OneLogin\\": "src/" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "description": "OneLogin PHP SAML Toolkit", + "homepage": "https://developers.onelogin.com/saml/php", + "keywords": [ + "SAML2", + "onelogin", + "saml" + ], + "time": "2019-11-25T17:30:07+00:00" + }, + { + "name": "robrichards/xmlseclibs", + "version": "3.1.1", + "source": { + "type": "git", + "url": "https://github.com/robrichards/xmlseclibs.git", + "reference": "f8f19e58f26cdb42c54b214ff8a820760292f8df" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/robrichards/xmlseclibs/zipball/f8f19e58f26cdb42c54b214ff8a820760292f8df", + "reference": "f8f19e58f26cdb42c54b214ff8a820760292f8df", + "shasum": "" + }, + "require": { + "ext-openssl": "*", + "php": ">= 5.4" + }, + "type": "library", + "autoload": { + "psr-4": { + "RobRichards\\XMLSecLibs\\": "src" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "BSD-3-Clause" + ], + "description": "A PHP library for XML Security", + "homepage": "https://github.com/robrichards/xmlseclibs", + "keywords": [ + "security", + "signature", + "xml", + "xmldsig" + ], + "time": "2020-09-05T13:00:25+00:00" + } + ], + "packages-dev": [], + "aliases": [], + "minimum-stability": "stable", + "stability-flags": [], + "prefer-stable": false, + "prefer-lowest": false, + "platform": [], + "platform-dev": [], + "plugin-api-version": "1.1.0" +} diff --git a/docker/nextcloud/user_saml/3rdparty/vendor/autoload.php b/docker/nextcloud/user_saml/3rdparty/vendor/autoload.php new file mode 100755 index 0000000..0c178cd --- /dev/null +++ b/docker/nextcloud/user_saml/3rdparty/vendor/autoload.php @@ -0,0 +1,7 @@ + + * Jordi Boggiano + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Composer\Autoload; + +/** + * ClassLoader implements a PSR-0, PSR-4 and classmap class loader. + * + * $loader = new \Composer\Autoload\ClassLoader(); + * + * // register classes with namespaces + * $loader->add('Symfony\Component', __DIR__.'/component'); + * $loader->add('Symfony', __DIR__.'/framework'); + * + * // activate the autoloader + * $loader->register(); + * + * // to enable searching the include path (eg. for PEAR packages) + * $loader->setUseIncludePath(true); + * + * In this example, if you try to use a class in the Symfony\Component + * namespace or one of its children (Symfony\Component\Console for instance), + * the autoloader will first look for the class under the component/ + * directory, and it will then fallback to the framework/ directory if not + * found before giving up. + * + * This class is loosely based on the Symfony UniversalClassLoader. + * + * @author Fabien Potencier + * @author Jordi Boggiano + * @see https://www.php-fig.org/psr/psr-0/ + * @see https://www.php-fig.org/psr/psr-4/ + */ +class ClassLoader +{ + private $vendorDir; + + // PSR-4 + private $prefixLengthsPsr4 = array(); + private $prefixDirsPsr4 = array(); + private $fallbackDirsPsr4 = array(); + + // PSR-0 + private $prefixesPsr0 = array(); + private $fallbackDirsPsr0 = array(); + + private $useIncludePath = false; + private $classMap = array(); + private $classMapAuthoritative = false; + private $missingClasses = array(); + private $apcuPrefix; + + private static $registeredLoaders = array(); + + public function __construct($vendorDir = null) + { + $this->vendorDir = $vendorDir; + } + + public function getPrefixes() + { + if (!empty($this->prefixesPsr0)) { + return call_user_func_array('array_merge', array_values($this->prefixesPsr0)); + } + + return array(); + } + + public function getPrefixesPsr4() + { + return $this->prefixDirsPsr4; + } + + public function getFallbackDirs() + { + return $this->fallbackDirsPsr0; + } + + public function getFallbackDirsPsr4() + { + return $this->fallbackDirsPsr4; + } + + public function getClassMap() + { + return $this->classMap; + } + + /** + * @param array $classMap Class to filename map + */ + public function addClassMap(array $classMap) + { + if ($this->classMap) { + $this->classMap = array_merge($this->classMap, $classMap); + } else { + $this->classMap = $classMap; + } + } + + /** + * Registers a set of PSR-0 directories for a given prefix, either + * appending or prepending to the ones previously set for this prefix. + * + * @param string $prefix The prefix + * @param array|string $paths The PSR-0 root directories + * @param bool $prepend Whether to prepend the directories + */ + public function add($prefix, $paths, $prepend = false) + { + if (!$prefix) { + if ($prepend) { + $this->fallbackDirsPsr0 = array_merge( + (array) $paths, + $this->fallbackDirsPsr0 + ); + } else { + $this->fallbackDirsPsr0 = array_merge( + $this->fallbackDirsPsr0, + (array) $paths + ); + } + + return; + } + + $first = $prefix[0]; + if (!isset($this->prefixesPsr0[$first][$prefix])) { + $this->prefixesPsr0[$first][$prefix] = (array) $paths; + + return; + } + if ($prepend) { + $this->prefixesPsr0[$first][$prefix] = array_merge( + (array) $paths, + $this->prefixesPsr0[$first][$prefix] + ); + } else { + $this->prefixesPsr0[$first][$prefix] = array_merge( + $this->prefixesPsr0[$first][$prefix], + (array) $paths + ); + } + } + + /** + * Registers a set of PSR-4 directories for a given namespace, either + * appending or prepending to the ones previously set for this namespace. + * + * @param string $prefix The prefix/namespace, with trailing '\\' + * @param array|string $paths The PSR-4 base directories + * @param bool $prepend Whether to prepend the directories + * + * @throws \InvalidArgumentException + */ + public function addPsr4($prefix, $paths, $prepend = false) + { + if (!$prefix) { + // Register directories for the root namespace. + if ($prepend) { + $this->fallbackDirsPsr4 = array_merge( + (array) $paths, + $this->fallbackDirsPsr4 + ); + } else { + $this->fallbackDirsPsr4 = array_merge( + $this->fallbackDirsPsr4, + (array) $paths + ); + } + } elseif (!isset($this->prefixDirsPsr4[$prefix])) { + // Register directories for a new namespace. + $length = strlen($prefix); + if ('\\' !== $prefix[$length - 1]) { + throw new \InvalidArgumentException("A non-empty PSR-4 prefix must end with a namespace separator."); + } + $this->prefixLengthsPsr4[$prefix[0]][$prefix] = $length; + $this->prefixDirsPsr4[$prefix] = (array) $paths; + } elseif ($prepend) { + // Prepend directories for an already registered namespace. + $this->prefixDirsPsr4[$prefix] = array_merge( + (array) $paths, + $this->prefixDirsPsr4[$prefix] + ); + } else { + // Append directories for an already registered namespace. + $this->prefixDirsPsr4[$prefix] = array_merge( + $this->prefixDirsPsr4[$prefix], + (array) $paths + ); + } + } + + /** + * Registers a set of PSR-0 directories for a given prefix, + * replacing any others previously set for this prefix. + * + * @param string $prefix The prefix + * @param array|string $paths The PSR-0 base directories + */ + public function set($prefix, $paths) + { + if (!$prefix) { + $this->fallbackDirsPsr0 = (array) $paths; + } else { + $this->prefixesPsr0[$prefix[0]][$prefix] = (array) $paths; + } + } + + /** + * Registers a set of PSR-4 directories for a given namespace, + * replacing any others previously set for this namespace. + * + * @param string $prefix The prefix/namespace, with trailing '\\' + * @param array|string $paths The PSR-4 base directories + * + * @throws \InvalidArgumentException + */ + public function setPsr4($prefix, $paths) + { + if (!$prefix) { + $this->fallbackDirsPsr4 = (array) $paths; + } else { + $length = strlen($prefix); + if ('\\' !== $prefix[$length - 1]) { + throw new \InvalidArgumentException("A non-empty PSR-4 prefix must end with a namespace separator."); + } + $this->prefixLengthsPsr4[$prefix[0]][$prefix] = $length; + $this->prefixDirsPsr4[$prefix] = (array) $paths; + } + } + + /** + * Turns on searching the include path for class files. + * + * @param bool $useIncludePath + */ + public function setUseIncludePath($useIncludePath) + { + $this->useIncludePath = $useIncludePath; + } + + /** + * Can be used to check if the autoloader uses the include path to check + * for classes. + * + * @return bool + */ + public function getUseIncludePath() + { + return $this->useIncludePath; + } + + /** + * Turns off searching the prefix and fallback directories for classes + * that have not been registered with the class map. + * + * @param bool $classMapAuthoritative + */ + public function setClassMapAuthoritative($classMapAuthoritative) + { + $this->classMapAuthoritative = $classMapAuthoritative; + } + + /** + * Should class lookup fail if not found in the current class map? + * + * @return bool + */ + public function isClassMapAuthoritative() + { + return $this->classMapAuthoritative; + } + + /** + * APCu prefix to use to cache found/not-found classes, if the extension is enabled. + * + * @param string|null $apcuPrefix + */ + public function setApcuPrefix($apcuPrefix) + { + $this->apcuPrefix = function_exists('apcu_fetch') && filter_var(ini_get('apc.enabled'), FILTER_VALIDATE_BOOLEAN) ? $apcuPrefix : null; + } + + /** + * The APCu prefix in use, or null if APCu caching is not enabled. + * + * @return string|null + */ + public function getApcuPrefix() + { + return $this->apcuPrefix; + } + + /** + * Registers this instance as an autoloader. + * + * @param bool $prepend Whether to prepend the autoloader or not + */ + public function register($prepend = false) + { + spl_autoload_register(array($this, 'loadClass'), true, $prepend); + + if (null === $this->vendorDir) { + //no-op + } elseif ($prepend) { + self::$registeredLoaders = array($this->vendorDir => $this) + self::$registeredLoaders; + } else { + unset(self::$registeredLoaders[$this->vendorDir]); + self::$registeredLoaders[$this->vendorDir] = $this; + } + } + + /** + * Unregisters this instance as an autoloader. + */ + public function unregister() + { + spl_autoload_unregister(array($this, 'loadClass')); + + if (null !== $this->vendorDir) { + unset(self::$registeredLoaders[$this->vendorDir]); + } + } + + /** + * Loads the given class or interface. + * + * @param string $class The name of the class + * @return bool|null True if loaded, null otherwise + */ + public function loadClass($class) + { + if ($file = $this->findFile($class)) { + includeFile($file); + + return true; + } + } + + /** + * Finds the path to the file where the class is defined. + * + * @param string $class The name of the class + * + * @return string|false The path if found, false otherwise + */ + public function findFile($class) + { + // class map lookup + if (isset($this->classMap[$class])) { + return $this->classMap[$class]; + } + if ($this->classMapAuthoritative || isset($this->missingClasses[$class])) { + return false; + } + if (null !== $this->apcuPrefix) { + $file = apcu_fetch($this->apcuPrefix.$class, $hit); + if ($hit) { + return $file; + } + } + + $file = $this->findFileWithExtension($class, '.php'); + + // Search for Hack files if we are running on HHVM + if (false === $file && defined('HHVM_VERSION')) { + $file = $this->findFileWithExtension($class, '.hh'); + } + + if (null !== $this->apcuPrefix) { + apcu_add($this->apcuPrefix.$class, $file); + } + + if (false === $file) { + // Remember that this class does not exist. + $this->missingClasses[$class] = true; + } + + return $file; + } + + /** + * Returns the currently registered loaders indexed by their corresponding vendor directories. + * + * @return self[] + */ + public static function getRegisteredLoaders() + { + return self::$registeredLoaders; + } + + private function findFileWithExtension($class, $ext) + { + // PSR-4 lookup + $logicalPathPsr4 = strtr($class, '\\', DIRECTORY_SEPARATOR) . $ext; + + $first = $class[0]; + if (isset($this->prefixLengthsPsr4[$first])) { + $subPath = $class; + while (false !== $lastPos = strrpos($subPath, '\\')) { + $subPath = substr($subPath, 0, $lastPos); + $search = $subPath . '\\'; + if (isset($this->prefixDirsPsr4[$search])) { + $pathEnd = DIRECTORY_SEPARATOR . substr($logicalPathPsr4, $lastPos + 1); + foreach ($this->prefixDirsPsr4[$search] as $dir) { + if (file_exists($file = $dir . $pathEnd)) { + return $file; + } + } + } + } + } + + // PSR-4 fallback dirs + foreach ($this->fallbackDirsPsr4 as $dir) { + if (file_exists($file = $dir . DIRECTORY_SEPARATOR . $logicalPathPsr4)) { + return $file; + } + } + + // PSR-0 lookup + if (false !== $pos = strrpos($class, '\\')) { + // namespaced class name + $logicalPathPsr0 = substr($logicalPathPsr4, 0, $pos + 1) + . strtr(substr($logicalPathPsr4, $pos + 1), '_', DIRECTORY_SEPARATOR); + } else { + // PEAR-like class name + $logicalPathPsr0 = strtr($class, '_', DIRECTORY_SEPARATOR) . $ext; + } + + if (isset($this->prefixesPsr0[$first])) { + foreach ($this->prefixesPsr0[$first] as $prefix => $dirs) { + if (0 === strpos($class, $prefix)) { + foreach ($dirs as $dir) { + if (file_exists($file = $dir . DIRECTORY_SEPARATOR . $logicalPathPsr0)) { + return $file; + } + } + } + } + } + + // PSR-0 fallback dirs + foreach ($this->fallbackDirsPsr0 as $dir) { + if (file_exists($file = $dir . DIRECTORY_SEPARATOR . $logicalPathPsr0)) { + return $file; + } + } + + // PSR-0 include paths. + if ($this->useIncludePath && $file = stream_resolve_include_path($logicalPathPsr0)) { + return $file; + } + + return false; + } +} + +/** + * Scope isolated include. + * + * Prevents access to $this/self from included files. + */ +function includeFile($file) +{ + include $file; +} diff --git a/docker/nextcloud/user_saml/3rdparty/vendor/composer/InstalledVersions.php b/docker/nextcloud/user_saml/3rdparty/vendor/composer/InstalledVersions.php new file mode 100755 index 0000000..edbb92a --- /dev/null +++ b/docker/nextcloud/user_saml/3rdparty/vendor/composer/InstalledVersions.php @@ -0,0 +1,311 @@ + + array ( + 'pretty_version' => 'dev-master', + 'version' => 'dev-master', + 'aliases' => + array ( + ), + 'reference' => '4e74fb44d08ff9e669c4a44db697badf8bdf2996', + 'name' => '__root__', + ), + 'versions' => + array ( + '__root__' => + array ( + 'pretty_version' => 'dev-master', + 'version' => 'dev-master', + 'aliases' => + array ( + ), + 'reference' => '4e74fb44d08ff9e669c4a44db697badf8bdf2996', + ), + 'firebase/php-jwt' => + array ( + 'pretty_version' => 'v4.0.0', + 'version' => '4.0.0.0', + 'aliases' => + array ( + ), + 'reference' => 'dccf163dc8ed7ed6a00afc06c51ee5186a428d35', + ), + 'onelogin/php-saml' => + array ( + 'pretty_version' => '3.4.1', + 'version' => '3.4.1.0', + 'aliases' => + array ( + ), + 'reference' => '5fbf3486704ac9835b68184023ab54862c95f213', + ), + 'robrichards/xmlseclibs' => + array ( + 'pretty_version' => '3.1.1', + 'version' => '3.1.1.0', + 'aliases' => + array ( + ), + 'reference' => 'f8f19e58f26cdb42c54b214ff8a820760292f8df', + ), + ), +); +private static $canGetVendors; +private static $installedByVendor = array(); + + + + + + + +public static function getInstalledPackages() +{ +$packages = array(); +foreach (self::getInstalled() as $installed) { +$packages[] = array_keys($installed['versions']); +} + + +if (1 === \count($packages)) { +return $packages[0]; +} + +return array_keys(array_flip(\call_user_func_array('array_merge', $packages))); +} + + + + + + + + + +public static function isInstalled($packageName) +{ +foreach (self::getInstalled() as $installed) { +if (isset($installed['versions'][$packageName])) { +return true; +} +} + +return false; +} + + + + + + + + + + + + + + +public static function satisfies(VersionParser $parser, $packageName, $constraint) +{ +$constraint = $parser->parseConstraints($constraint); +$provided = $parser->parseConstraints(self::getVersionRanges($packageName)); + +return $provided->matches($constraint); +} + + + + + + + + + + +public static function getVersionRanges($packageName) +{ +foreach (self::getInstalled() as $installed) { +if (!isset($installed['versions'][$packageName])) { +continue; +} + +$ranges = array(); +if (isset($installed['versions'][$packageName]['pretty_version'])) { +$ranges[] = $installed['versions'][$packageName]['pretty_version']; +} +if (array_key_exists('aliases', $installed['versions'][$packageName])) { +$ranges = array_merge($ranges, $installed['versions'][$packageName]['aliases']); +} +if (array_key_exists('replaced', $installed['versions'][$packageName])) { +$ranges = array_merge($ranges, $installed['versions'][$packageName]['replaced']); +} +if (array_key_exists('provided', $installed['versions'][$packageName])) { +$ranges = array_merge($ranges, $installed['versions'][$packageName]['provided']); +} + +return implode(' || ', $ranges); +} + +throw new \OutOfBoundsException('Package "' . $packageName . '" is not installed'); +} + + + + + +public static function getVersion($packageName) +{ +foreach (self::getInstalled() as $installed) { +if (!isset($installed['versions'][$packageName])) { +continue; +} + +if (!isset($installed['versions'][$packageName]['version'])) { +return null; +} + +return $installed['versions'][$packageName]['version']; +} + +throw new \OutOfBoundsException('Package "' . $packageName . '" is not installed'); +} + + + + + +public static function getPrettyVersion($packageName) +{ +foreach (self::getInstalled() as $installed) { +if (!isset($installed['versions'][$packageName])) { +continue; +} + +if (!isset($installed['versions'][$packageName]['pretty_version'])) { +return null; +} + +return $installed['versions'][$packageName]['pretty_version']; +} + +throw new \OutOfBoundsException('Package "' . $packageName . '" is not installed'); +} + + + + + +public static function getReference($packageName) +{ +foreach (self::getInstalled() as $installed) { +if (!isset($installed['versions'][$packageName])) { +continue; +} + +if (!isset($installed['versions'][$packageName]['reference'])) { +return null; +} + +return $installed['versions'][$packageName]['reference']; +} + +throw new \OutOfBoundsException('Package "' . $packageName . '" is not installed'); +} + + + + + +public static function getRootPackage() +{ +$installed = self::getInstalled(); + +return $installed[0]['root']; +} + + + + + + + +public static function getRawData() +{ +return self::$installed; +} + + + + + + + + + + + + + + + + + + + +public static function reload($data) +{ +self::$installed = $data; +self::$installedByVendor = array(); +} + + + + +private static function getInstalled() +{ +if (null === self::$canGetVendors) { +self::$canGetVendors = method_exists('Composer\Autoload\ClassLoader', 'getRegisteredLoaders'); +} + +$installed = array(); + +if (self::$canGetVendors) { + +foreach (ClassLoader::getRegisteredLoaders() as $vendorDir => $loader) { +if (isset(self::$installedByVendor[$vendorDir])) { +$installed[] = self::$installedByVendor[$vendorDir]; +} elseif (is_file($vendorDir.'/composer/installed.php')) { +$installed[] = self::$installedByVendor[$vendorDir] = require $vendorDir.'/composer/installed.php'; +} +} +} + +$installed[] = self::$installed; + +return $installed; +} +} diff --git a/docker/nextcloud/user_saml/3rdparty/vendor/composer/LICENSE b/docker/nextcloud/user_saml/3rdparty/vendor/composer/LICENSE new file mode 100755 index 0000000..f27399a --- /dev/null +++ b/docker/nextcloud/user_saml/3rdparty/vendor/composer/LICENSE @@ -0,0 +1,21 @@ + +Copyright (c) Nils Adermann, Jordi Boggiano + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is furnished +to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +THE SOFTWARE. + diff --git a/docker/nextcloud/user_saml/3rdparty/vendor/composer/autoload_classmap.php b/docker/nextcloud/user_saml/3rdparty/vendor/composer/autoload_classmap.php new file mode 100755 index 0000000..e6d43fb --- /dev/null +++ b/docker/nextcloud/user_saml/3rdparty/vendor/composer/autoload_classmap.php @@ -0,0 +1,30 @@ + $vendorDir . '/composer/InstalledVersions.php', + 'Firebase\\JWT\\BeforeValidException' => $vendorDir . '/firebase/php-jwt/src/BeforeValidException.php', + 'Firebase\\JWT\\ExpiredException' => $vendorDir . '/firebase/php-jwt/src/ExpiredException.php', + 'Firebase\\JWT\\JWT' => $vendorDir . '/firebase/php-jwt/src/JWT.php', + 'Firebase\\JWT\\SignatureInvalidException' => $vendorDir . '/firebase/php-jwt/src/SignatureInvalidException.php', + 'OneLogin\\Saml2\\Auth' => $vendorDir . '/onelogin/php-saml/src/Saml2/Auth.php', + 'OneLogin\\Saml2\\AuthnRequest' => $vendorDir . '/onelogin/php-saml/src/Saml2/AuthnRequest.php', + 'OneLogin\\Saml2\\Constants' => $vendorDir . '/onelogin/php-saml/src/Saml2/Constants.php', + 'OneLogin\\Saml2\\Error' => $vendorDir . '/onelogin/php-saml/src/Saml2/Error.php', + 'OneLogin\\Saml2\\IdPMetadataParser' => $vendorDir . '/onelogin/php-saml/src/Saml2/IdPMetadataParser.php', + 'OneLogin\\Saml2\\LogoutRequest' => $vendorDir . '/onelogin/php-saml/src/Saml2/LogoutRequest.php', + 'OneLogin\\Saml2\\LogoutResponse' => $vendorDir . '/onelogin/php-saml/src/Saml2/LogoutResponse.php', + 'OneLogin\\Saml2\\Metadata' => $vendorDir . '/onelogin/php-saml/src/Saml2/Metadata.php', + 'OneLogin\\Saml2\\Response' => $vendorDir . '/onelogin/php-saml/src/Saml2/Response.php', + 'OneLogin\\Saml2\\Settings' => $vendorDir . '/onelogin/php-saml/src/Saml2/Settings.php', + 'OneLogin\\Saml2\\Utils' => $vendorDir . '/onelogin/php-saml/src/Saml2/Utils.php', + 'OneLogin\\Saml2\\ValidationError' => $vendorDir . '/onelogin/php-saml/src/Saml2/ValidationError.php', + 'RobRichards\\XMLSecLibs\\Utils\\XPath' => $vendorDir . '/robrichards/xmlseclibs/src/Utils/XPath.php', + 'RobRichards\\XMLSecLibs\\XMLSecEnc' => $vendorDir . '/robrichards/xmlseclibs/src/XMLSecEnc.php', + 'RobRichards\\XMLSecLibs\\XMLSecurityDSig' => $vendorDir . '/robrichards/xmlseclibs/src/XMLSecurityDSig.php', + 'RobRichards\\XMLSecLibs\\XMLSecurityKey' => $vendorDir . '/robrichards/xmlseclibs/src/XMLSecurityKey.php', +); diff --git a/docker/nextcloud/user_saml/3rdparty/vendor/composer/autoload_namespaces.php b/docker/nextcloud/user_saml/3rdparty/vendor/composer/autoload_namespaces.php new file mode 100755 index 0000000..b7fc012 --- /dev/null +++ b/docker/nextcloud/user_saml/3rdparty/vendor/composer/autoload_namespaces.php @@ -0,0 +1,9 @@ + array($vendorDir . '/robrichards/xmlseclibs/src'), + 'OneLogin\\' => array($vendorDir . '/onelogin/php-saml/src'), + 'Firebase\\JWT\\' => array($vendorDir . '/firebase/php-jwt/src'), +); diff --git a/docker/nextcloud/user_saml/3rdparty/vendor/composer/autoload_real.php b/docker/nextcloud/user_saml/3rdparty/vendor/composer/autoload_real.php new file mode 100755 index 0000000..b3c3f98 --- /dev/null +++ b/docker/nextcloud/user_saml/3rdparty/vendor/composer/autoload_real.php @@ -0,0 +1,48 @@ += 50600 && !defined('HHVM_VERSION') && (!function_exists('zend_loader_file_encoded') || !zend_loader_file_encoded()); + if ($useStaticLoader) { + require __DIR__ . '/autoload_static.php'; + + call_user_func(\Composer\Autoload\ComposerStaticInitcc75f134f7630c1ee3a8e4d7c86f3bcc::getInitializer($loader)); + } else { + $classMap = require __DIR__ . '/autoload_classmap.php'; + if ($classMap) { + $loader->addClassMap($classMap); + } + } + + $loader->setClassMapAuthoritative(true); + $loader->register(true); + + return $loader; + } +} diff --git a/docker/nextcloud/user_saml/3rdparty/vendor/composer/autoload_static.php b/docker/nextcloud/user_saml/3rdparty/vendor/composer/autoload_static.php new file mode 100755 index 0000000..052f28c --- /dev/null +++ b/docker/nextcloud/user_saml/3rdparty/vendor/composer/autoload_static.php @@ -0,0 +1,72 @@ + + array ( + 'RobRichards\\XMLSecLibs\\' => 23, + ), + 'O' => + array ( + 'OneLogin\\' => 9, + ), + 'F' => + array ( + 'Firebase\\JWT\\' => 13, + ), + ); + + public static $prefixDirsPsr4 = array ( + 'RobRichards\\XMLSecLibs\\' => + array ( + 0 => __DIR__ . '/..' . '/robrichards/xmlseclibs/src', + ), + 'OneLogin\\' => + array ( + 0 => __DIR__ . '/..' . '/onelogin/php-saml/src', + ), + 'Firebase\\JWT\\' => + array ( + 0 => __DIR__ . '/..' . '/firebase/php-jwt/src', + ), + ); + + public static $classMap = array ( + 'Composer\\InstalledVersions' => __DIR__ . '/..' . '/composer/InstalledVersions.php', + 'Firebase\\JWT\\BeforeValidException' => __DIR__ . '/..' . '/firebase/php-jwt/src/BeforeValidException.php', + 'Firebase\\JWT\\ExpiredException' => __DIR__ . '/..' . '/firebase/php-jwt/src/ExpiredException.php', + 'Firebase\\JWT\\JWT' => __DIR__ . '/..' . '/firebase/php-jwt/src/JWT.php', + 'Firebase\\JWT\\SignatureInvalidException' => __DIR__ . '/..' . '/firebase/php-jwt/src/SignatureInvalidException.php', + 'OneLogin\\Saml2\\Auth' => __DIR__ . '/..' . '/onelogin/php-saml/src/Saml2/Auth.php', + 'OneLogin\\Saml2\\AuthnRequest' => __DIR__ . '/..' . '/onelogin/php-saml/src/Saml2/AuthnRequest.php', + 'OneLogin\\Saml2\\Constants' => __DIR__ . '/..' . '/onelogin/php-saml/src/Saml2/Constants.php', + 'OneLogin\\Saml2\\Error' => __DIR__ . '/..' . '/onelogin/php-saml/src/Saml2/Error.php', + 'OneLogin\\Saml2\\IdPMetadataParser' => __DIR__ . '/..' . '/onelogin/php-saml/src/Saml2/IdPMetadataParser.php', + 'OneLogin\\Saml2\\LogoutRequest' => __DIR__ . '/..' . '/onelogin/php-saml/src/Saml2/LogoutRequest.php', + 'OneLogin\\Saml2\\LogoutResponse' => __DIR__ . '/..' . '/onelogin/php-saml/src/Saml2/LogoutResponse.php', + 'OneLogin\\Saml2\\Metadata' => __DIR__ . '/..' . '/onelogin/php-saml/src/Saml2/Metadata.php', + 'OneLogin\\Saml2\\Response' => __DIR__ . '/..' . '/onelogin/php-saml/src/Saml2/Response.php', + 'OneLogin\\Saml2\\Settings' => __DIR__ . '/..' . '/onelogin/php-saml/src/Saml2/Settings.php', + 'OneLogin\\Saml2\\Utils' => __DIR__ . '/..' . '/onelogin/php-saml/src/Saml2/Utils.php', + 'OneLogin\\Saml2\\ValidationError' => __DIR__ . '/..' . '/onelogin/php-saml/src/Saml2/ValidationError.php', + 'RobRichards\\XMLSecLibs\\Utils\\XPath' => __DIR__ . '/..' . '/robrichards/xmlseclibs/src/Utils/XPath.php', + 'RobRichards\\XMLSecLibs\\XMLSecEnc' => __DIR__ . '/..' . '/robrichards/xmlseclibs/src/XMLSecEnc.php', + 'RobRichards\\XMLSecLibs\\XMLSecurityDSig' => __DIR__ . '/..' . '/robrichards/xmlseclibs/src/XMLSecurityDSig.php', + 'RobRichards\\XMLSecLibs\\XMLSecurityKey' => __DIR__ . '/..' . '/robrichards/xmlseclibs/src/XMLSecurityKey.php', + ); + + public static function getInitializer(ClassLoader $loader) + { + return \Closure::bind(function () use ($loader) { + $loader->prefixLengthsPsr4 = ComposerStaticInitcc75f134f7630c1ee3a8e4d7c86f3bcc::$prefixLengthsPsr4; + $loader->prefixDirsPsr4 = ComposerStaticInitcc75f134f7630c1ee3a8e4d7c86f3bcc::$prefixDirsPsr4; + $loader->classMap = ComposerStaticInitcc75f134f7630c1ee3a8e4d7c86f3bcc::$classMap; + + }, null, ClassLoader::class); + } +} diff --git a/docker/nextcloud/user_saml/3rdparty/vendor/composer/installed.json b/docker/nextcloud/user_saml/3rdparty/vendor/composer/installed.json new file mode 100755 index 0000000..cad26cc --- /dev/null +++ b/docker/nextcloud/user_saml/3rdparty/vendor/composer/installed.json @@ -0,0 +1,146 @@ +{ + "packages": [ + { + "name": "firebase/php-jwt", + "version": "v4.0.0", + "version_normalized": "4.0.0.0", + "source": { + "type": "git", + "url": "https://github.com/firebase/php-jwt.git", + "reference": "dccf163dc8ed7ed6a00afc06c51ee5186a428d35" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/firebase/php-jwt/zipball/dccf163dc8ed7ed6a00afc06c51ee5186a428d35", + "reference": "dccf163dc8ed7ed6a00afc06c51ee5186a428d35", + "shasum": "" + }, + "require": { + "php": ">=5.3.0" + }, + "time": "2016-07-18T04:51:16+00:00", + "type": "library", + "installation-source": "dist", + "autoload": { + "psr-4": { + "Firebase\\JWT\\": "src" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "BSD-3-Clause" + ], + "authors": [ + { + "name": "Neuman Vong", + "email": "neuman+pear@twilio.com", + "role": "Developer" + }, + { + "name": "Anant Narayanan", + "email": "anant@php.net", + "role": "Developer" + } + ], + "description": "A simple library to encode and decode JSON Web Tokens (JWT) in PHP. Should conform to the current spec.", + "homepage": "https://github.com/firebase/php-jwt", + "install-path": "../firebase/php-jwt" + }, + { + "name": "onelogin/php-saml", + "version": "3.4.1", + "version_normalized": "3.4.1.0", + "source": { + "type": "git", + "url": "https://github.com/onelogin/php-saml.git", + "reference": "5fbf3486704ac9835b68184023ab54862c95f213" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/onelogin/php-saml/zipball/5fbf3486704ac9835b68184023ab54862c95f213", + "reference": "5fbf3486704ac9835b68184023ab54862c95f213", + "shasum": "" + }, + "require": { + "php": ">=5.4", + "robrichards/xmlseclibs": ">=3.0.4" + }, + "require-dev": { + "pdepend/pdepend": "^2.5.0", + "php-coveralls/php-coveralls": "^1.0.2 || ^2.0", + "phploc/phploc": "^2.1 || ^3.0 || ^4.0", + "phpunit/phpunit": "^4.8.35 || ^5.7 || ^6.5 || ^7.1", + "sebastian/phpcpd": "^2.0 || ^3.0 || ^4.0", + "squizlabs/php_codesniffer": "^3.1.1" + }, + "suggest": { + "ext-curl": "Install curl lib to be able to use the IdPMetadataParser for parsing remote XMLs", + "ext-gettext": "Install gettext and php5-gettext libs to handle translations", + "ext-openssl": "Install openssl lib in order to handle with x509 certs (require to support sign and encryption)" + }, + "time": "2019-11-25T17:30:07+00:00", + "type": "library", + "installation-source": "dist", + "autoload": { + "psr-4": { + "OneLogin\\": "src/" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "description": "OneLogin PHP SAML Toolkit", + "homepage": "https://developers.onelogin.com/saml/php", + "keywords": [ + "SAML2", + "onelogin", + "saml" + ], + "install-path": "../onelogin/php-saml" + }, + { + "name": "robrichards/xmlseclibs", + "version": "3.1.1", + "version_normalized": "3.1.1.0", + "source": { + "type": "git", + "url": "https://github.com/robrichards/xmlseclibs.git", + "reference": "f8f19e58f26cdb42c54b214ff8a820760292f8df" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/robrichards/xmlseclibs/zipball/f8f19e58f26cdb42c54b214ff8a820760292f8df", + "reference": "f8f19e58f26cdb42c54b214ff8a820760292f8df", + "shasum": "" + }, + "require": { + "ext-openssl": "*", + "php": ">= 5.4" + }, + "time": "2020-09-05T13:00:25+00:00", + "type": "library", + "installation-source": "dist", + "autoload": { + "psr-4": { + "RobRichards\\XMLSecLibs\\": "src" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "BSD-3-Clause" + ], + "description": "A PHP library for XML Security", + "homepage": "https://github.com/robrichards/xmlseclibs", + "keywords": [ + "security", + "signature", + "xml", + "xmldsig" + ], + "install-path": "../robrichards/xmlseclibs" + } + ], + "dev": false, + "dev-package-names": [] +} diff --git a/docker/nextcloud/user_saml/3rdparty/vendor/composer/installed.php b/docker/nextcloud/user_saml/3rdparty/vendor/composer/installed.php new file mode 100755 index 0000000..c1929b8 --- /dev/null +++ b/docker/nextcloud/user_saml/3rdparty/vendor/composer/installed.php @@ -0,0 +1,51 @@ + + array ( + 'pretty_version' => 'dev-master', + 'version' => 'dev-master', + 'aliases' => + array ( + ), + 'reference' => '4e74fb44d08ff9e669c4a44db697badf8bdf2996', + 'name' => '__root__', + ), + 'versions' => + array ( + '__root__' => + array ( + 'pretty_version' => 'dev-master', + 'version' => 'dev-master', + 'aliases' => + array ( + ), + 'reference' => '4e74fb44d08ff9e669c4a44db697badf8bdf2996', + ), + 'firebase/php-jwt' => + array ( + 'pretty_version' => 'v4.0.0', + 'version' => '4.0.0.0', + 'aliases' => + array ( + ), + 'reference' => 'dccf163dc8ed7ed6a00afc06c51ee5186a428d35', + ), + 'onelogin/php-saml' => + array ( + 'pretty_version' => '3.4.1', + 'version' => '3.4.1.0', + 'aliases' => + array ( + ), + 'reference' => '5fbf3486704ac9835b68184023ab54862c95f213', + ), + 'robrichards/xmlseclibs' => + array ( + 'pretty_version' => '3.1.1', + 'version' => '3.1.1.0', + 'aliases' => + array ( + ), + 'reference' => 'f8f19e58f26cdb42c54b214ff8a820760292f8df', + ), + ), +); diff --git a/docker/nextcloud/user_saml/3rdparty/vendor/composer/platform_check.php b/docker/nextcloud/user_saml/3rdparty/vendor/composer/platform_check.php new file mode 100755 index 0000000..590554b --- /dev/null +++ b/docker/nextcloud/user_saml/3rdparty/vendor/composer/platform_check.php @@ -0,0 +1,26 @@ += 50400)) { + $issues[] = 'Your Composer dependencies require a PHP version ">= 5.4.0". You are running ' . PHP_VERSION . '.'; +} + +if ($issues) { + if (!headers_sent()) { + header('HTTP/1.1 500 Internal Server Error'); + } + if (!ini_get('display_errors')) { + if (PHP_SAPI === 'cli' || PHP_SAPI === 'phpdbg') { + fwrite(STDERR, 'Composer detected issues in your platform:' . PHP_EOL.PHP_EOL . implode(PHP_EOL, $issues) . PHP_EOL.PHP_EOL); + } elseif (!headers_sent()) { + echo 'Composer detected issues in your platform:' . PHP_EOL.PHP_EOL . str_replace('You are running '.PHP_VERSION.'.', '', implode(PHP_EOL, $issues)) . PHP_EOL.PHP_EOL; + } + } + trigger_error( + 'Composer detected issues in your platform: ' . implode(' ', $issues), + E_USER_ERROR + ); +} diff --git a/docker/nextcloud/user_saml/3rdparty/vendor/firebase/php-jwt/LICENSE b/docker/nextcloud/user_saml/3rdparty/vendor/firebase/php-jwt/LICENSE new file mode 100755 index 0000000..cb0c49b --- /dev/null +++ b/docker/nextcloud/user_saml/3rdparty/vendor/firebase/php-jwt/LICENSE @@ -0,0 +1,30 @@ +Copyright (c) 2011, Neuman Vong + +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + + * Redistributions in binary form must reproduce the above + copyright notice, this list of conditions and the following + disclaimer in the documentation and/or other materials provided + with the distribution. + + * Neither the name of Neuman Vong nor the names of other + contributors may be used to endorse or promote products derived + from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff --git a/docker/nextcloud/user_saml/3rdparty/vendor/firebase/php-jwt/README.md b/docker/nextcloud/user_saml/3rdparty/vendor/firebase/php-jwt/README.md new file mode 100755 index 0000000..d4589b1 --- /dev/null +++ b/docker/nextcloud/user_saml/3rdparty/vendor/firebase/php-jwt/README.md @@ -0,0 +1,119 @@ +[![Build Status](https://travis-ci.org/firebase/php-jwt.png?branch=master)](https://travis-ci.org/firebase/php-jwt) +[![Latest Stable Version](https://poser.pugx.org/firebase/php-jwt/v/stable)](https://packagist.org/packages/firebase/php-jwt) +[![Total Downloads](https://poser.pugx.org/firebase/php-jwt/downloads)](https://packagist.org/packages/firebase/php-jwt) +[![License](https://poser.pugx.org/firebase/php-jwt/license)](https://packagist.org/packages/firebase/php-jwt) + +PHP-JWT +======= +A simple library to encode and decode JSON Web Tokens (JWT) in PHP, conforming to [RFC 7519](https://tools.ietf.org/html/rfc7519). + +Installation +------------ + +Use composer to manage your dependencies and download PHP-JWT: + +```bash +composer require firebase/php-jwt +``` + +Example +------- +```php + "http://example.org", + "aud" => "http://example.com", + "iat" => 1356999524, + "nbf" => 1357000000 +); + +/** + * IMPORTANT: + * You must specify supported algorithms for your application. See + * https://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-40 + * for a list of spec-compliant algorithms. + */ +$jwt = JWT::encode($token, $key); +$decoded = JWT::decode($jwt, $key, array('HS256')); + +print_r($decoded); + +/* + NOTE: This will now be an object instead of an associative array. To get + an associative array, you will need to cast it as such: +*/ + +$decoded_array = (array) $decoded; + +/** + * You can add a leeway to account for when there is a clock skew times between + * the signing and verifying servers. It is recommended that this leeway should + * not be bigger than a few minutes. + * + * Source: http://self-issued.info/docs/draft-ietf-oauth-json-web-token.html#nbfDef + */ +JWT::$leeway = 60; // $leeway in seconds +$decoded = JWT::decode($jwt, $key, array('HS256')); + +?> +``` + +Changelog +--------- + +#### 4.0.0 / 2016-07-17 +- Add support for late static binding. See [#88](https://github.com/firebase/php-jwt/pull/88) for details. Thanks to [@chappy84](https://github.com/chappy84)! +- Use static `$timestamp` instead of `time()` to improve unit testing. See [#93](https://github.com/firebase/php-jwt/pull/93) for details. Thanks to [@josephmcdermott](https://github.com/josephmcdermott)! +- Fixes to exceptions classes. See [#81](https://github.com/firebase/php-jwt/pull/81) for details. Thanks to [@Maks3w](https://github.com/Maks3w)! +- Fixes to PHPDoc. See [#76](https://github.com/firebase/php-jwt/pull/76) for details. Thanks to [@akeeman](https://github.com/akeeman)! + +#### 3.0.0 / 2015-07-22 +- Minimum PHP version updated from `5.2.0` to `5.3.0`. +- Add `\Firebase\JWT` namespace. See +[#59](https://github.com/firebase/php-jwt/pull/59) for details. Thanks to +[@Dashron](https://github.com/Dashron)! +- Require a non-empty key to decode and verify a JWT. See +[#60](https://github.com/firebase/php-jwt/pull/60) for details. Thanks to +[@sjones608](https://github.com/sjones608)! +- Cleaner documentation blocks in the code. See +[#62](https://github.com/firebase/php-jwt/pull/62) for details. Thanks to +[@johanderuijter](https://github.com/johanderuijter)! + +#### 2.2.0 / 2015-06-22 +- Add support for adding custom, optional JWT headers to `JWT::encode()`. See +[#53](https://github.com/firebase/php-jwt/pull/53/files) for details. Thanks to +[@mcocaro](https://github.com/mcocaro)! + +#### 2.1.0 / 2015-05-20 +- Add support for adding a leeway to `JWT:decode()` that accounts for clock skew +between signing and verifying entities. Thanks to [@lcabral](https://github.com/lcabral)! +- Add support for passing an object implementing the `ArrayAccess` interface for +`$keys` argument in `JWT::decode()`. Thanks to [@aztech-dev](https://github.com/aztech-dev)! + +#### 2.0.0 / 2015-04-01 +- **Note**: It is strongly recommended that you update to > v2.0.0 to address + known security vulnerabilities in prior versions when both symmetric and + asymmetric keys are used together. +- Update signature for `JWT::decode(...)` to require an array of supported + algorithms to use when verifying token signatures. + + +Tests +----- +Run the tests using phpunit: + +```bash +$ pear install PHPUnit +$ phpunit --configuration phpunit.xml.dist +PHPUnit 3.7.10 by Sebastian Bergmann. +..... +Time: 0 seconds, Memory: 2.50Mb +OK (5 tests, 5 assertions) +``` + +License +------- +[3-Clause BSD](http://opensource.org/licenses/BSD-3-Clause). diff --git a/docker/nextcloud/user_saml/3rdparty/vendor/firebase/php-jwt/composer.json b/docker/nextcloud/user_saml/3rdparty/vendor/firebase/php-jwt/composer.json new file mode 100755 index 0000000..1a5e93b --- /dev/null +++ b/docker/nextcloud/user_saml/3rdparty/vendor/firebase/php-jwt/composer.json @@ -0,0 +1,27 @@ +{ + "name": "firebase/php-jwt", + "description": "A simple library to encode and decode JSON Web Tokens (JWT) in PHP. Should conform to the current spec.", + "homepage": "https://github.com/firebase/php-jwt", + "authors": [ + { + "name": "Neuman Vong", + "email": "neuman+pear@twilio.com", + "role": "Developer" + }, + { + "name": "Anant Narayanan", + "email": "anant@php.net", + "role": "Developer" + } + ], + "license": "BSD-3-Clause", + "require": { + "php": ">=5.3.0" + }, + "autoload": { + "psr-4": { + "Firebase\\JWT\\": "src" + } + }, + "minimum-stability": "dev" +} diff --git a/docker/nextcloud/user_saml/3rdparty/vendor/firebase/php-jwt/composer.lock b/docker/nextcloud/user_saml/3rdparty/vendor/firebase/php-jwt/composer.lock new file mode 100755 index 0000000..5518ae4 --- /dev/null +++ b/docker/nextcloud/user_saml/3rdparty/vendor/firebase/php-jwt/composer.lock @@ -0,0 +1,19 @@ +{ + "_readme": [ + "This file locks the dependencies of your project to a known state", + "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file", + "This file is @generated automatically" + ], + "hash": "60a5df5d283a7ae9000173248eba8909", + "packages": [], + "packages-dev": [], + "aliases": [], + "minimum-stability": "dev", + "stability-flags": [], + "prefer-stable": false, + "prefer-lowest": false, + "platform": { + "php": ">=5.2.0" + }, + "platform-dev": [] +} diff --git a/docker/nextcloud/user_saml/3rdparty/vendor/firebase/php-jwt/package.xml b/docker/nextcloud/user_saml/3rdparty/vendor/firebase/php-jwt/package.xml new file mode 100755 index 0000000..a95b056 --- /dev/null +++ b/docker/nextcloud/user_saml/3rdparty/vendor/firebase/php-jwt/package.xml @@ -0,0 +1,77 @@ + + + JWT + pear.php.net + A JWT encoder/decoder. + A JWT encoder/decoder library for PHP. + + Neuman Vong + lcfrs + neuman+pear@twilio.com + yes + + + Firebase Operations + firebase + operations@firebase.com + yes + + 2015-07-22 + + 3.0.0 + 3.0.0 + + + beta + beta + + BSD 3-Clause License + +Initial release with basic support for JWT encoding, decoding and signature verification. + + + + + + + + + + + + + 5.1 + + + 1.7.0 + + + json + + + hash + + + + + + + + 0.1.0 + 0.1.0 + + + beta + beta + + 2015-04-01 + BSD 3-Clause License + +Initial release with basic support for JWT encoding, decoding and signature verification. + + + + diff --git a/docker/nextcloud/user_saml/3rdparty/vendor/firebase/php-jwt/src/BeforeValidException.php b/docker/nextcloud/user_saml/3rdparty/vendor/firebase/php-jwt/src/BeforeValidException.php new file mode 100755 index 0000000..a6ee2f7 --- /dev/null +++ b/docker/nextcloud/user_saml/3rdparty/vendor/firebase/php-jwt/src/BeforeValidException.php @@ -0,0 +1,7 @@ + + * @author Anant Narayanan + * @license http://opensource.org/licenses/BSD-3-Clause 3-clause BSD + * @link https://github.com/firebase/php-jwt + */ +class JWT +{ + + /** + * When checking nbf, iat or expiration times, + * we want to provide some extra leeway time to + * account for clock skew. + */ + public static $leeway = 0; + + /** + * Allow the current timestamp to be specified. + * Useful for fixing a value within unit testing. + * + * Will default to PHP time() value if null. + */ + public static $timestamp = null; + + public static $supported_algs = array( + 'HS256' => array('hash_hmac', 'SHA256'), + 'HS512' => array('hash_hmac', 'SHA512'), + 'HS384' => array('hash_hmac', 'SHA384'), + 'RS256' => array('openssl', 'SHA256'), + ); + + /** + * Decodes a JWT string into a PHP object. + * + * @param string $jwt The JWT + * @param string|array $key The key, or map of keys. + * If the algorithm used is asymmetric, this is the public key + * @param array $allowed_algs List of supported verification algorithms + * Supported algorithms are 'HS256', 'HS384', 'HS512' and 'RS256' + * + * @return object The JWT's payload as a PHP object + * + * @throws UnexpectedValueException Provided JWT was invalid + * @throws SignatureInvalidException Provided JWT was invalid because the signature verification failed + * @throws BeforeValidException Provided JWT is trying to be used before it's eligible as defined by 'nbf' + * @throws BeforeValidException Provided JWT is trying to be used before it's been created as defined by 'iat' + * @throws ExpiredException Provided JWT has since expired, as defined by the 'exp' claim + * + * @uses jsonDecode + * @uses urlsafeB64Decode + */ + public static function decode($jwt, $key, $allowed_algs = array()) + { + $timestamp = is_null(static::$timestamp) ? time() : static::$timestamp; + + if (empty($key)) { + throw new InvalidArgumentException('Key may not be empty'); + } + if (!is_array($allowed_algs)) { + throw new InvalidArgumentException('Algorithm not allowed'); + } + $tks = explode('.', $jwt); + if (count($tks) != 3) { + throw new UnexpectedValueException('Wrong number of segments'); + } + list($headb64, $bodyb64, $cryptob64) = $tks; + if (null === ($header = static::jsonDecode(static::urlsafeB64Decode($headb64)))) { + throw new UnexpectedValueException('Invalid header encoding'); + } + if (null === $payload = static::jsonDecode(static::urlsafeB64Decode($bodyb64))) { + throw new UnexpectedValueException('Invalid claims encoding'); + } + $sig = static::urlsafeB64Decode($cryptob64); + + if (empty($header->alg)) { + throw new UnexpectedValueException('Empty algorithm'); + } + if (empty(static::$supported_algs[$header->alg])) { + throw new UnexpectedValueException('Algorithm not supported'); + } + if (!in_array($header->alg, $allowed_algs)) { + throw new UnexpectedValueException('Algorithm not allowed'); + } + if (is_array($key) || $key instanceof \ArrayAccess) { + if (isset($header->kid)) { + $key = $key[$header->kid]; + } else { + throw new UnexpectedValueException('"kid" empty, unable to lookup correct key'); + } + } + + // Check the signature + if (!static::verify("$headb64.$bodyb64", $sig, $key, $header->alg)) { + throw new SignatureInvalidException('Signature verification failed'); + } + + // Check if the nbf if it is defined. This is the time that the + // token can actually be used. If it's not yet that time, abort. + if (isset($payload->nbf) && $payload->nbf > ($timestamp + static::$leeway)) { + throw new BeforeValidException( + 'Cannot handle token prior to ' . date(DateTime::ISO8601, $payload->nbf) + ); + } + + // Check that this token has been created before 'now'. This prevents + // using tokens that have been created for later use (and haven't + // correctly used the nbf claim). + if (isset($payload->iat) && $payload->iat > ($timestamp + static::$leeway)) { + throw new BeforeValidException( + 'Cannot handle token prior to ' . date(DateTime::ISO8601, $payload->iat) + ); + } + + // Check if this token has expired. + if (isset($payload->exp) && ($timestamp - static::$leeway) >= $payload->exp) { + throw new ExpiredException('Expired token'); + } + + return $payload; + } + + /** + * Converts and signs a PHP object or array into a JWT string. + * + * @param object|array $payload PHP object or array + * @param string $key The secret key. + * If the algorithm used is asymmetric, this is the private key + * @param string $alg The signing algorithm. + * Supported algorithms are 'HS256', 'HS384', 'HS512' and 'RS256' + * @param mixed $keyId + * @param array $head An array with header elements to attach + * + * @return string A signed JWT + * + * @uses jsonEncode + * @uses urlsafeB64Encode + */ + public static function encode($payload, $key, $alg = 'HS256', $keyId = null, $head = null) + { + $header = array('typ' => 'JWT', 'alg' => $alg); + if ($keyId !== null) { + $header['kid'] = $keyId; + } + if ( isset($head) && is_array($head) ) { + $header = array_merge($head, $header); + } + $segments = array(); + $segments[] = static::urlsafeB64Encode(static::jsonEncode($header)); + $segments[] = static::urlsafeB64Encode(static::jsonEncode($payload)); + $signing_input = implode('.', $segments); + + $signature = static::sign($signing_input, $key, $alg); + $segments[] = static::urlsafeB64Encode($signature); + + return implode('.', $segments); + } + + /** + * Sign a string with a given key and algorithm. + * + * @param string $msg The message to sign + * @param string|resource $key The secret key + * @param string $alg The signing algorithm. + * Supported algorithms are 'HS256', 'HS384', 'HS512' and 'RS256' + * + * @return string An encrypted message + * + * @throws DomainException Unsupported algorithm was specified + */ + public static function sign($msg, $key, $alg = 'HS256') + { + if (empty(static::$supported_algs[$alg])) { + throw new DomainException('Algorithm not supported'); + } + list($function, $algorithm) = static::$supported_algs[$alg]; + switch($function) { + case 'hash_hmac': + return hash_hmac($algorithm, $msg, $key, true); + case 'openssl': + $signature = ''; + $success = openssl_sign($msg, $signature, $key, $algorithm); + if (!$success) { + throw new DomainException("OpenSSL unable to sign data"); + } else { + return $signature; + } + } + } + + /** + * Verify a signature with the message, key and method. Not all methods + * are symmetric, so we must have a separate verify and sign method. + * + * @param string $msg The original message (header and body) + * @param string $signature The original signature + * @param string|resource $key For HS*, a string key works. for RS*, must be a resource of an openssl public key + * @param string $alg The algorithm + * + * @return bool + * + * @throws DomainException Invalid Algorithm or OpenSSL failure + */ + private static function verify($msg, $signature, $key, $alg) + { + if (empty(static::$supported_algs[$alg])) { + throw new DomainException('Algorithm not supported'); + } + + list($function, $algorithm) = static::$supported_algs[$alg]; + switch($function) { + case 'openssl': + $success = openssl_verify($msg, $signature, $key, $algorithm); + if (!$success) { + throw new DomainException("OpenSSL unable to verify data: " . openssl_error_string()); + } else { + return $signature; + } + case 'hash_hmac': + default: + $hash = hash_hmac($algorithm, $msg, $key, true); + if (function_exists('hash_equals')) { + return hash_equals($signature, $hash); + } + $len = min(static::safeStrlen($signature), static::safeStrlen($hash)); + + $status = 0; + for ($i = 0; $i < $len; $i++) { + $status |= (ord($signature[$i]) ^ ord($hash[$i])); + } + $status |= (static::safeStrlen($signature) ^ static::safeStrlen($hash)); + + return ($status === 0); + } + } + + /** + * Decode a JSON string into a PHP object. + * + * @param string $input JSON string + * + * @return object Object representation of JSON string + * + * @throws DomainException Provided string was invalid JSON + */ + public static function jsonDecode($input) + { + if (version_compare(PHP_VERSION, '5.4.0', '>=') && !(defined('JSON_C_VERSION') && PHP_INT_SIZE > 4)) { + /** In PHP >=5.4.0, json_decode() accepts an options parameter, that allows you + * to specify that large ints (like Steam Transaction IDs) should be treated as + * strings, rather than the PHP default behaviour of converting them to floats. + */ + $obj = json_decode($input, false, 512, JSON_BIGINT_AS_STRING); + } else { + /** Not all servers will support that, however, so for older versions we must + * manually detect large ints in the JSON string and quote them (thus converting + *them to strings) before decoding, hence the preg_replace() call. + */ + $max_int_length = strlen((string) PHP_INT_MAX) - 1; + $json_without_bigints = preg_replace('/:\s*(-?\d{'.$max_int_length.',})/', ': "$1"', $input); + $obj = json_decode($json_without_bigints); + } + + if (function_exists('json_last_error') && $errno = json_last_error()) { + static::handleJsonError($errno); + } elseif ($obj === null && $input !== 'null') { + throw new DomainException('Null result with non-null input'); + } + return $obj; + } + + /** + * Encode a PHP object into a JSON string. + * + * @param object|array $input A PHP object or array + * + * @return string JSON representation of the PHP object or array + * + * @throws DomainException Provided object could not be encoded to valid JSON + */ + public static function jsonEncode($input) + { + $json = json_encode($input); + if (function_exists('json_last_error') && $errno = json_last_error()) { + static::handleJsonError($errno); + } elseif ($json === 'null' && $input !== null) { + throw new DomainException('Null result with non-null input'); + } + return $json; + } + + /** + * Decode a string with URL-safe Base64. + * + * @param string $input A Base64 encoded string + * + * @return string A decoded string + */ + public static function urlsafeB64Decode($input) + { + $remainder = strlen($input) % 4; + if ($remainder) { + $padlen = 4 - $remainder; + $input .= str_repeat('=', $padlen); + } + return base64_decode(strtr($input, '-_', '+/')); + } + + /** + * Encode a string with URL-safe Base64. + * + * @param string $input The string you want encoded + * + * @return string The base64 encode of what you passed in + */ + public static function urlsafeB64Encode($input) + { + return str_replace('=', '', strtr(base64_encode($input), '+/', '-_')); + } + + /** + * Helper method to create a JSON error. + * + * @param int $errno An error number from json_last_error() + * + * @return void + */ + private static function handleJsonError($errno) + { + $messages = array( + JSON_ERROR_DEPTH => 'Maximum stack depth exceeded', + JSON_ERROR_CTRL_CHAR => 'Unexpected control character found', + JSON_ERROR_SYNTAX => 'Syntax error, malformed JSON' + ); + throw new DomainException( + isset($messages[$errno]) + ? $messages[$errno] + : 'Unknown JSON error: ' . $errno + ); + } + + /** + * Get the number of bytes in cryptographic strings. + * + * @param string + * + * @return int + */ + private static function safeStrlen($str) + { + if (function_exists('mb_strlen')) { + return mb_strlen($str, '8bit'); + } + return strlen($str); + } +} diff --git a/docker/nextcloud/user_saml/3rdparty/vendor/firebase/php-jwt/src/SignatureInvalidException.php b/docker/nextcloud/user_saml/3rdparty/vendor/firebase/php-jwt/src/SignatureInvalidException.php new file mode 100755 index 0000000..27332b2 --- /dev/null +++ b/docker/nextcloud/user_saml/3rdparty/vendor/firebase/php-jwt/src/SignatureInvalidException.php @@ -0,0 +1,7 @@ +redirectTo instead of just call it. +* Split the setting check methods. Now 1 method for IdP settings and other for SP settings. +* Let the setting object to avoid the IdP setting check. required if we want to publish SP SAML Metadata when the IdP data is still not provided. + +v.2.5.0 +------- +* Do accesible the ID of the object Logout Request (id attribute). +* Add note about the fact that PHP 5.3 is unssuported. +* Add fingerprint algorithm support. +* Add dependences to composer. + +v.2.4.0 +------- +* Fix wrong element order in generated metadata. +* Added SLO with nameID and SessionIndex in demo1. +* Improve isHTTPS method in order to support HTTP_X_FORWARDED_PORT. +* Set optional the XMLvalidation (enable/disable it with wantXMLValidation security setting). + +v.2.3.0 +------- +* Resolve namespace problem. Some IdPs uses saml2p:Response and saml2:Assertion instead of samlp:Response saml:Assertion. +* Improve test and documentation. +* Improve ADFS compatibility. +* Remove unnecessary XSDs files. +* Make available the reason for the saml message invalidation. +* Adding ability to set idp cert once the Setting object initialized. +* Fix status info issue. +* Reject SAML Response if not signed and strict = false. +* Support NameId and SessionIndex in LogoutRequest. +* Add ForceAuh and IsPassive support. + +v.2.2.0 +------- +* Fix bug with Encrypted nameID on LogoutRequest. +* Fixed usability bug. SP will inform about AuthFail status after process a Response. +* Added SessionIndex support on LogoutRequest, and know is accesible from the Auth class. +* LogoutRequest and LogoutResponse classes now accept non deflated xml. +* Improved the XML metadata/ Decrypted Assertion output. (prettyprint). +* Fix bug in formatPrivateKey method, the key could be not RSA. +* Explicit warning message for signed element problem. +* Decrypt method improved. +* Support more algorithm at the SigAlg in the Signed LogoutRequests and LogoutResponses +* AuthNRequest now stores ID (it can be retrieved later). +* Fixed a typo on the 'NameIdPolicy' attribute that appeared at the README and settings_example file. + + +v.2.1.0 +------- + +* The isValid method of the Logout Request is now non-static. (affects processSLO method of Auth.php). +* Logout Request constructor now accepts encoded logout requests. +* Now after validate a message, if fails a method getError of the object will return the cause. +* Fix typos. +* Added extra parameters option to login and logout methods. +* Improve Test (new test, use the new getError method for testing). +* Bugfix namespace problem when getting Attributes. + + +v.2.0.0 +------- + +* New PHP SAML Toolkit (SLO, Sign, Encryptation). + + +v.1.0.0 +------- + +* Old PHP SAML Toolkit. diff --git a/docker/nextcloud/user_saml/3rdparty/vendor/onelogin/php-saml/LICENSE b/docker/nextcloud/user_saml/3rdparty/vendor/onelogin/php-saml/LICENSE new file mode 100755 index 0000000..dbbca9c --- /dev/null +++ b/docker/nextcloud/user_saml/3rdparty/vendor/onelogin/php-saml/LICENSE @@ -0,0 +1,23 @@ +Copyright (c) 2010-2016 OneLogin, Inc. + +Permission is hereby granted, free of charge, to any person +obtaining a copy of this software and associated documentation +files (the "Software"), to deal in the Software without +restriction, including without limitation the rights to use, +copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the +Software is furnished to do so, subject to the following +conditions: + +The above copyright notice and this permission notice shall be +included in all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, +EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES +OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND +NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT +HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, +WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING +FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR +OTHER DEALINGS IN THE SOFTWARE. + diff --git a/docker/nextcloud/user_saml/3rdparty/vendor/onelogin/php-saml/README.md b/docker/nextcloud/user_saml/3rdparty/vendor/onelogin/php-saml/README.md new file mode 100755 index 0000000..7ad8b48 --- /dev/null +++ b/docker/nextcloud/user_saml/3rdparty/vendor/onelogin/php-saml/README.md @@ -0,0 +1,1539 @@ +# OneLogin's SAML PHP Toolkit Compatible with PHP 5.X & 7.X + +[![Build Status](https://api.travis-ci.org/onelogin/php-saml.png?branch=master)](http://travis-ci.org/onelogin/php-saml) [![Coverage Status](https://coveralls.io/repos/onelogin/php-saml/badge.png)](https://coveralls.io/r/onelogin/php-saml) [![License](https://poser.pugx.org/onelogin/php-saml/license.png)](https://packagist.org/packages/onelogin/php-saml) + +Add SAML support to your PHP software using this library. +Forget those complicated libraries and use this open source library provided +and supported by OneLogin Inc. + + +Warning +------- + +Version 3.4.0 introduces the 'rejectUnsolicitedResponsesWithInResponseTo' setting parameter, by default disabled, that will allow invalidate unsolicited SAMLResponse. This version as well will reject SAMLResponse if requestId was provided to the validator but the SAMLResponse does not contain a InResponseTo attribute. And an additional setting parameter 'destinationStrictlyMatches', by default disabled, that will force that the Destination URL should strictly match to the address that process the SAMLResponse. + +Version 3.3.1 updates xmlseclibs to 3.0.4 (CVE-2019-3465), but php-saml was not directly affected since it implements additional checks that prevent to exploit that vulnerability. + +Version 3.3.0 sets strict mode active by default + +Update php-saml to 3.1.0, this version includes a security patch related to XEE attacks. + +This version is compatible with PHP 7.X and does not include xmlseclibs (you will need to install it via composer, dependency described in composer.json) + +Security Guidelines +------------------- + +If you believe you have discovered a security vulnerability in this toolkit, please report it at https://www.onelogin.com/security with a description. We follow responsible disclosure guidelines, and will work with you to quickly find a resolution. + + +Why add SAML support to my software? +------------------------------------ + +SAML is an XML-based standard for web browser single sign-on and is defined by +the OASIS Security Services Technical Committee. The standard has been around +since 2002, but lately it is becoming popular due its advantages: + + * **Usability** - One-click access from portals or intranets, deep linking, + password elimination and automatically renewing sessions make life + easier for the user. + * **Security** - Based on strong digital signatures for authentication and + integrity, SAML is a secure single sign-on protocol that the largest + and most security conscious enterprises in the world rely on. + * **Speed** - SAML is fast. One browser redirect is all it takes to securely + sign a user into an application. + * **Phishing Prevention** - If you don’t have a password for an app, you + can’t be tricked into entering it on a fake login page. + * **IT Friendly** - SAML simplifies life for IT because it centralizes + authentication, provides greater visibility and makes directory + integration easier. + * **Opportunity** - B2B cloud vendor should support SAML to facilitate the + integration of their product. + + +General description +------------------- + +OneLogin's SAML PHP toolkit let you build a SP (Service Provider) over +your PHP application and connect it to any IdP (Identity Provider). + +Supports: + + * SSO and SLO (SP-Initiated and IdP-Initiated). + * Assertion and nameId encryption. + * Assertion signature. + * Message signature: AuthNRequest, LogoutRequest, LogoutResponses. + * Enable an Assertion Consumer Service endpoint. + * Enable a Single Logout Service endpoint. + * Publish the SP metadata (which can be signed). + +Key features: + + * **saml2int** - Implements the SAML 2.0 Web Browser SSO Profile. + * **Session-less** - Forget those common conflicts between the SP and + the final app, the toolkit delegate session in the final app. + * **Easy to use** - Programmer will be allowed to code high-level and + low-level programming, 2 easy to use APIs are available. + * **Tested** - Thoroughly tested. + * **Popular** - OneLogin's customers use it. Many PHP SAML plugins uses it. + +Integrate your PHP toolkit at OneLogin using this guide: [https://developers.onelogin.com/page/saml-toolkit-for-php](https://developers.onelogin.com/page/saml-toolkit-for-php) + +Installation +------------ + +### Dependencies ### + + * `php >= 5.4` and some core extensions like `php-xml`, `php-date`, `php-zlib`. + * `openssl`. Install the openssl library. It handles x509 certificates. + * `gettext`. Install that library and its php driver. It handles translations. + * `curl`. Install that library and its php driver if you plan to use the IdP Metadata parser. + +### Code ### + +#### Option 1. clone the repository from github #### + +git clone git@github.com:onelogin/php-saml.git + +Then pull the 3.X.X branch/tag + +#### Option 2. Download from github #### + +The toolkit is hosted on github. You can download it from: + + * https://github.com/onelogin/php-saml/releases + +Search for 3.X.X releases + +Copy the core of the library inside the php application. (each application has its +structure so take your time to locate the PHP SAML toolkit in the best place). +See the "Guide to add SAML support to my app" to know how. + +Take in mind that the compressed file only contains the main files. +If you plan to play with the demos, use the Option 1. + +#### Option 3. Composer #### + +The toolkit supports [composer](https://getcomposer.org/). You can find the `onelogin/php-saml` package at https://packagist.org/packages/onelogin/php-saml + +In order to import the saml toolkit to your current php project, execute +``` +composer require onelogin/php-saml +``` + +Remember to select the 3.X.X branch + +After installation has completed you will find at the `vendor/` folder a new folder named `onelogin` and inside the `php-saml`. Make sure you are including the autoloader provided by composer. It can be found at `vendor/autoload.php`. + +**Important** In this option, the x509 certs must be stored at `vendor/onelogin/php-saml/certs` +and settings file stored at `vendor/onelogin/php-saml`. + +Your settings are at risk of being deleted when updating packages using `composer update` or similar commands. So it is **highly** recommended that instead of using settings files, you pass the settings as an array directly to the constructor (explained later in this document). If you do not use this approach your settings are at risk of being deleted when updating packages using `composer update` or similar commands. + +Compatibility +------------- + +This 3.X.X supports PHP 7.X. but can be used with PHP >=5.4 as well (5.6.24+ recommended for security reasons). + +Namespaces +---------- + +If you are using the library with a framework like Symfony that contains +namespaces, remember that calls to the class must be done by adding a backslash (`\`) to the +start, for example to use the static method getSelfURLNoQuery use: + + \OneLogin\Saml2\Utils::getSelfURLNoQuery() + + +Security warning +---------------- + +In production, the `strict` parameter **MUST** be set as `"true"` and the +`signatureAlgorithm` and `digestAlgorithm` under `security` must be set to +something other than SHA1 (see https://shattered.io/ ). Otherwise your +environment is not secure and will be exposed to attacks. + +In production also we highly recommended to register on the settings the IdP certificate instead of using the fingerprint method. The fingerprint, is a hash, so at the end is open to a collision attack that can end on a signature validation bypass. Other SAML toolkits deprecated that mechanism, we maintain it for compatibility and also to be used on test environment. + +Getting started +--------------- + +### Knowing the toolkit ### + +The new OneLogin SAML Toolkit contains different folders (`certs`, `endpoints`, +`lib`, `demo`, etc.) and some files. + +Let's start describing the folders: + +#### `certs/` #### + +SAML requires a x509 cert to sign and encrypt elements like `NameID`, `Message`, +`Assertion`, `Metadata`. + +If our environment requires sign or encrypt support, this folder may contain +the x509 cert and the private key that the SP will use: + + * `sp.crt` - The public cert of the SP + * `sp.key` - The private key of the SP + +Or also we can provide those data in the setting file at the `$settings['sp']['x509cert']` +and the `$settings['sp']['privateKey']`. + +Sometimes we could need a signature on the metadata published by the SP, in +this case we could use the x509 cert previously mentioned or use a new x.509 +cert: `metadata.crt` and `metadata.key`. + +Use `sp_new.crt` if you are in a key rollover process and you want to +publish that x509 certificate on Service Provider metadata. + +#### `src/` #### + +This folder contains the heart of the toolkit, the libraries: + + * `Saml2` folder contains the new version of the classes and methods that + are described in a later section. + + +#### `doc/` #### + +This folder contains the API documentation of the toolkit. + + +#### `endpoints/` #### + +The toolkit has three endpoints: + + * `metadata.php` - Where the metadata of the SP is published. + * `acs.php` - Assertion Consumer Service. Processes the SAML Responses. + * `sls.php` - Single Logout Service. Processes Logout Requests and Logout + Responses. + +You can use the files provided by the toolkit or create your own endpoints +files when adding SAML support to your applications. Take in mind that those +endpoints files uses the setting file of the toolkit's base folder. + + +#### `locale/` #### + +Locale folder contains some translations: `en_US` and `es_ES` as a proof of concept. +Currently there are no translations but we will eventually localize the messages +and support multiple languages. + + +#### Other important files #### + +* `settings_example.php` - A template to be used in order to create a + settings.php file which contains the basic configuration info of the toolkit. +* `advanced_settings_example.php` - A template to be used in order to create a + advanced_settings.php file which contains extra configuration info related to + the security, the contact person, and the organization associated to the SP. +* `_toolkit_loader.php` - This file load the toolkit libraries (The SAML2 lib). + + +#### Miscellaneous #### + +* `tests/` - Contains the unit test of the toolkit. +* `demo1/` - Contains an example of a simple PHP app with SAML support. + Read the `Readme.txt` inside for more info. +* `demo2/` - Contains another example. + + +### How it works ### + +#### Settings #### + +First of all we need to configure the toolkit. The SP's info, the IdP's info, +and in some cases, configure advanced security issues like signatures and +encryption. + +There are two ways to provide the settings information: + + * Use a `settings.php` file that we should locate at the base folder of the + toolkit. + * Use an array with the setting data and provide it directly to the + constructor of the class. + + +There is a template file, `settings_example.php`, so you can make a copy of this +file, rename and edit it. + +```php + true, + + // Enable debug mode (to print errors). + 'debug' => false, + + // Set a BaseURL to be used instead of try to guess + // the BaseURL of the view that process the SAML Message. + // Ex http://sp.example.com/ + // http://example.com/sp/ + 'baseurl' => null, + + // Service Provider Data that we are deploying. + 'sp' => array( + // Identifier of the SP entity (must be a URI) + 'entityId' => '', + // Specifies info about where and how the message MUST be + // returned to the requester, in this case our SP. + 'assertionConsumerService' => array( + // URL Location where the from the IdP will be returned + 'url' => '', + // SAML protocol binding to be used when returning the + // message. OneLogin Toolkit supports this endpoint for the + // HTTP-POST binding only. + 'binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST', + ), + // If you need to specify requested attributes, set a + // attributeConsumingService. nameFormat, attributeValue and + // friendlyName can be omitted + "attributeConsumingService"=> array( + "serviceName" => "SP test", + "serviceDescription" => "Test Service", + "requestedAttributes" => array( + array( + "name" => "", + "isRequired" => false, + "nameFormat" => "", + "friendlyName" => "", + "attributeValue" => array() + ) + ) + ), + // Specifies info about where and how the message MUST be + // returned to the requester, in this case our SP. + 'singleLogoutService' => array( + // URL Location where the from the IdP will be returned + 'url' => '', + // SAML protocol binding to be used when returning the + // message. OneLogin Toolkit supports the HTTP-Redirect binding + // only for this endpoint. + 'binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect', + ), + // Specifies the constraints on the name identifier to be used to + // represent the requested subject. + // Take a look on lib/Saml2/Constants.php to see the NameIdFormat supported. + 'NameIDFormat' => 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress', + // Usually x509cert and privateKey of the SP are provided by files placed at + // the certs folder. But we can also provide them with the following parameters + 'x509cert' => '', + 'privateKey' => '', + + /* + * Key rollover + * If you plan to update the SP x509cert and privateKey + * you can define here the new x509cert and it will be + * published on the SP metadata so Identity Providers can + * read them and get ready for rollover. + */ + // 'x509certNew' => '', + ), + + // Identity Provider Data that we want connected with our SP. + 'idp' => array( + // Identifier of the IdP entity (must be a URI) + 'entityId' => '', + // SSO endpoint info of the IdP. (Authentication Request protocol) + 'singleSignOnService' => array( + // URL Target of the IdP where the Authentication Request Message + // will be sent. + 'url' => '', + // SAML protocol binding to be used when returning the + // message. OneLogin Toolkit supports the HTTP-Redirect binding + // only for this endpoint. + 'binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect', + ), + // SLO endpoint info of the IdP. + 'singleLogoutService' => array( + // URL Location of the IdP where SLO Request will be sent. + 'url' => '', + // URL location of the IdP where SLO Response will be sent (ResponseLocation) + // if not set, url for the SLO Request will be used + 'responseUrl' => '', + // SAML protocol binding to be used when returning the + // message. OneLogin Toolkit supports the HTTP-Redirect binding + // only for this endpoint. + 'binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect', + ), + // Public x509 certificate of the IdP + 'x509cert' => '', + /* + * Instead of use the whole x509cert you can use a fingerprint in order to + * validate a SAMLResponse, but we don't recommend to use that + * method on production since is exploitable by a collision attack. + * (openssl x509 -noout -fingerprint -in "idp.crt" to generate it, + * or add for example the -sha256 , -sha384 or -sha512 parameter) + * + * If a fingerprint is provided, then the certFingerprintAlgorithm is required in order to + * let the toolkit know which algorithm was used. Possible values: sha1, sha256, sha384 or sha512 + * 'sha1' is the default value. + * + * Notice that if you want to validate any SAML Message sent by the HTTP-Redirect binding, you + * will need to provide the whole x509cert. + */ + // 'certFingerprint' => '', + // 'certFingerprintAlgorithm' => 'sha1', + + /* In some scenarios the IdP uses different certificates for + * signing/encryption, or is under key rollover phase and + * more than one certificate is published on IdP metadata. + * In order to handle that the toolkit offers that parameter. + * (when used, 'x509cert' and 'certFingerprint' values are + * ignored). + */ + // 'x509certMulti' => array( + // 'signing' => array( + // 0 => '', + // ), + // 'encryption' => array( + // 0 => '', + // ) + // ), + ), +); +``` +In addition to the required settings data (IdP, SP), there is extra +information that could be defined. In the same way that a template exists +for the basic info, there is a template for that advanced info located +at the base folder of the toolkit and named `advanced_settings_example.php` +that you can copy and rename it as `advanced_settings.php` + +```php + array( + 'requests' => true, + 'responses' => true + ), + // Security settings + 'security' => array( + + /** signatures and encryptions offered */ + + // Indicates that the nameID of the sent by this SP + // will be encrypted. + 'nameIdEncrypted' => false, + + // Indicates whether the messages sent by this SP + // will be signed. [Metadata of the SP will offer this info] + 'authnRequestsSigned' => false, + + // Indicates whether the messages sent by this SP + // will be signed. + 'logoutRequestSigned' => false, + + // Indicates whether the messages sent by this SP + // will be signed. + 'logoutResponseSigned' => false, + + /* Sign the Metadata + False || True (use sp certs) || array ( + 'keyFileName' => 'metadata.key', + 'certFileName' => 'metadata.crt' + ) + || array ( + 'x509cert' => '', + 'privateKey' => '' + ) + */ + 'signMetadata' => false, + + /** signatures and encryptions required **/ + + // Indicates a requirement for the , + // and elements received by this SP to be signed. + 'wantMessagesSigned' => false, + + // Indicates a requirement for the elements received by + // this SP to be encrypted. + 'wantAssertionsEncrypted' => false, + + // Indicates a requirement for the elements received by + // this SP to be signed. [Metadata of the SP will offer this info] + 'wantAssertionsSigned' => false, + + // Indicates a requirement for the NameID element on the SAMLResponse + // received by this SP to be present. + 'wantNameId' => true, + + // Indicates a requirement for the NameID received by + // this SP to be encrypted. + 'wantNameIdEncrypted' => false, + + // Authentication context. + // Set to false and no AuthContext will be sent in the AuthNRequest. + // Set true or don't present this parameter and you will get an AuthContext 'exact' 'urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport'. + // Set an array with the possible auth context values: array('urn:oasis:names:tc:SAML:2.0:ac:classes:Password', 'urn:oasis:names:tc:SAML:2.0:ac:classes:X509'). + 'requestedAuthnContext' => true, + + // Indicates if the SP will validate all received xmls. + // (In order to validate the xml, 'strict' and 'wantXMLValidation' must be true). + 'wantXMLValidation' => true, + + // If true, SAMLResponses with an empty value at its Destination + // attribute will not be rejected for this fact. + 'relaxDestinationValidation' => false, + + // If true, Destination URL should strictly match to the address to + // which the response has been sent. + // Notice that if 'relaxDestinationValidation' is true an empty Destintation + // will be accepted. + 'destinationStrictlyMatches' => false, + + // If true, SAMLResponses with an InResponseTo value will be rejectd if not + // AuthNRequest ID provided to the validation method. + 'rejectUnsolicitedResponsesWithInResponseTo' => false, + + // Algorithm that the toolkit will use on signing process. Options: + // 'http://www.w3.org/2000/09/xmldsig#rsa-sha1' + // 'http://www.w3.org/2000/09/xmldsig#dsa-sha1' + // 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256' + // 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha384' + // 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha512' + // Notice that rsa-sha1 is a deprecated algorithm and should not be used + 'signatureAlgorithm' => 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256', + + // Algorithm that the toolkit will use on digest process. Options: + // 'http://www.w3.org/2000/09/xmldsig#sha1' + // 'http://www.w3.org/2001/04/xmlenc#sha256' + // 'http://www.w3.org/2001/04/xmldsig-more#sha384' + // 'http://www.w3.org/2001/04/xmlenc#sha512' + // Notice that sha1 is a deprecated algorithm and should not be used + 'digestAlgorithm' => 'http://www.w3.org/2001/04/xmlenc#sha256', + + // ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses + // uppercase. Turn it True for ADFS compatibility on signature verification + 'lowercaseUrlencoding' => false, + ), + + // Contact information template, it is recommended to supply a + // technical and support contacts. + 'contactPerson' => array( + 'technical' => array( + 'givenName' => '', + 'emailAddress' => '' + ), + 'support' => array( + 'givenName' => '', + 'emailAddress' => '' + ), + ), + + // Organization information template, the info in en_US lang is + // recomended, add more if required. + 'organization' => array( + 'en-US' => array( + 'name' => '', + 'displayname' => '', + 'url' => '' + ), + ), +); +``` + +The compression settings allow you to instruct whether or not the IdP can accept +data that has been compressed using [gzip](gzip) ('requests' and 'responses'). +But if we provide a `$deflate` boolean parameter to the `getRequest` or `getResponse` method it will have priority over the compression settings. + +In the security section, you can set the way that the SP will handle the messages +and assertions. Contact the admin of the IdP and ask him what the IdP expects, +and decide what validations will handle the SP and what requirements the SP will have +and communicate them to the IdP's admin too. + +Once we know what kind of data could be configured, let's talk about the way +settings are handled within the toolkit. + +The settings files described (`settings.php` and `advanced_settings.php`) are loaded +by the toolkit if no other array with settings info is provided in the constructor of the toolkit. Let's see some examples. + +```php +// Initializes toolkit with settings.php & advanced_settings files. +$auth = new OneLogin\Saml2\Auth(); +//or +$settings = new OneLogin\Saml2\Settings(); + +// Initializes toolkit with the array provided. +$auth = new OneLogin\Saml2\Auth($settingsInfo); +//or +$settings = new OneLogin\Saml2\Settings($settingsInfo); +``` + +You can declare the `$settingsInfo` in the file that contains the constructor +execution or locate them in any file and load the file in order to get the +array available as we see in the following example: + +```php +login(); // Method that sent the AuthNRequest +``` + +The `AuthNRequest` will be sent signed or unsigned based on the security info +of the `advanced_settings.php` (`'authnRequestsSigned'`). + + +The IdP will then return the SAML Response to the user's client. The client is then forwarded to the Attribute Consumer Service of the SP with this information. If we do not set a `'url'` param in the login method and we are using the default ACS provided by the toolkit (`endpoints/acs.php`), then the ACS endpoint will redirect the user to the file that launched the SSO request. + +We can set a `'returnTo'` url to change the workflow and redirect the user to the other PHP file. + +```php +$newTargetUrl = 'http://example.com/consume2.php'; +$auth = new OneLogin\Saml2\Auth(); +$auth->login($newTargetUrl); +``` + +The login method can receive other six optional parameters: + +* `$parameters` - An array of parameters that will be added to the `GET` in the HTTP-Redirect. +* `$forceAuthn` - When true the `AuthNRequest` will set the `ForceAuthn='true'` +* `$isPassive` - When true the `AuthNRequest` will set the `Ispassive='true'` +* `$strict` - True if we want to stay (returns the url string) False to redirect +* `$setNameIdPolicy` - When true the AuthNRequest will set a nameIdPolicy element. +* `$nameIdValueReq` - Indicates to the IdP the subject that should be authenticated. + +If a match on the future SAMLResponse ID and the AuthNRequest ID to be sent is required, that AuthNRequest ID must to be extracted and saved. + +```php +$ssoBuiltUrl = $auth->login(null, array(), false, false, true); +$_SESSION['AuthNRequestID'] = $auth->getLastRequestID(); +header('Pragma: no-cache'); +header('Cache-Control: no-cache, must-revalidate'); +header('Location: ' . $ssoBuiltUrl); +exit(); +``` + +#### The SP Endpoints #### + +Related to the SP there are three important views: The metadata view, the ACS view and the SLS view. The toolkit +provides examples of those views in the endpoints directory. + +##### SP Metadata `endpoints/metadata.php` ##### + +This code will provide the XML metadata file of our SP, based on the info that we provided in the settings files. + +```php +getSettings(); + $metadata = $settings->getSPMetadata(); + $errors = $settings->validateMetadata($metadata); + if (empty($errors)) { + header('Content-Type: text/xml'); + echo $metadata; + } else { + throw new OneLogin\Saml2\Error( + 'Invalid SP metadata: '.implode(', ', $errors), + OneLogin\Saml2\Error::METADATA_SP_INVALID + ); + } +} catch (Exception $e) { + echo $e->getMessage(); +} +``` +The `getSPMetadata` will return the metadata signed or not based +on the security info of the `advanced_settings.php` (`'signMetadata'`). + +Before the XML metadata is exposed, a check takes place to ensure +that the info to be provided is valid. + +Instead of use the Auth object, you can directly use + +```php +$settings = new OneLogin\Saml2\Settings($settingsInfo, true); +``` +to get the settings object and with the true parameter we will avoid the IdP Settings validation. + + +##### Attribute Consumer Service(ACS) `endpoints/acs.php` ##### + +This code handles the SAML response that the IdP forwards to the SP through the user's client. + +```php +processResponse($requestID); +unset($_SESSION['AuthNRequestID']); + +$errors = $auth->getErrors(); + +if (!empty($errors)) { + echo '

    ' . implode(', ', $errors) . '

    '; + exit(); +} + +if (!$auth->isAuthenticated()) { + echo "

    Not authenticated

    "; + exit(); +} + +$_SESSION['samlUserdata'] = $auth->getAttributes(); +$_SESSION['samlNameId'] = $auth->getNameId(); +$_SESSION['samlNameIdFormat'] = $auth->getNameIdFormat(); +$_SESSION['samlNameidNameQualifier'] = $auth->getNameIdNameQualifier(); +$_SESSION['samlNameidSPNameQualifier'] = $auth->getNameIdSPNameQualifier(); +$_SESSION['samlSessionIndex'] = $auth->getSessionIndex(); + +if (isset($_POST['RelayState']) && OneLogin\Saml2\Utils::getSelfURL() != $_POST['RelayState']) { + $auth->redirectTo($_POST['RelayState']); +} + +$attributes = $_SESSION['samlUserdata']; +$nameId = $_SESSION['samlNameId']; + +echo '

    Identified user: '. htmlentities($nameId) .'

    '; + +if (!empty($attributes)) { + echo '

    ' . _('User attributes:') . '

    '; + echo ''; + foreach ($attributes as $attributeName => $attributeValues) { + echo ''; + } + echo '
    ' . _('Name') . '' . _('Values') . '
    ' . htmlentities($attributeName) . '
      '; + foreach ($attributeValues as $attributeValue) { + echo '
    • ' . htmlentities($attributeValue) . '
      • '; + } + echo '
    '; +} else { + echo _('No attributes found.'); +} +``` + +The SAML response is processed and then checked that there are no errors. +It also verifies that the user is authenticated and stored the userdata in session. + +At that point there are two possible alternatives: + + 1. If no `RelayState` is provided, we could show the user data in this view + or however we wanted. + + 2. If `RelayState` is provided, a redirection takes place. + +Notice that we saved the user data in the session before the redirection to +have the user data available at the `RelayState` view. + + +###### The `getAttributes` method ###### + +In order to retrieve attributes we can use: + +```php +$attributes = $auth->getAttributes(); +``` + +With this method we get all the user data provided by the IdP in the Assertion +of the SAML Response. + +If we execute ```print_r($attributes)``` we could get: + +```php +Array +( + [cn] => Array + ( + [0] => John + ) + [sn] => Array + ( + [0] => Doe + ) + [mail] => Array + ( + [0] => john.doe@example.com + ) + [groups] => Array + ( + [0] => users + [1] => members + ) +) +``` + +Each attribute name can be used as an index into `$attributes` to obtain the value. Every attribute value +is an array - a single-valued attribute is an array of a single element. + + +The following code is equivalent: + +```php +$attributes = $auth->getAttributes(); +print_r($attributes['cn']); +``` + +```php +print_r($auth->getAttribute('cn')); +``` + + +Before trying to get an attribute, check that the user is +authenticated. If the user isn't authenticated or if there were +no attributes in the SAML assertion, an empty array will be +returned. For example, if we call to `getAttributes` before a +`$auth->processResponse`, the `getAttributes()` will return an +empty array. + + +##### Single Logout Service (SLS) `endpoints/sls.php` ##### + +This code handles the Logout Request and the Logout Responses. + +```php +processSLO(false, $requestID); + +$errors = $auth->getErrors(); + +if (empty($errors)) { + echo 'Sucessfully logged out'; +} else { + echo implode(', ', $errors); +} +``` + +If the SLS endpoints receives a Logout Response, the response is +validated and the session could be closed + + + +```php +// part of the processSLO method + +$logoutResponse = new OneLogin\Saml2\LogoutResponse($this->_settings, $_GET['SAMLResponse']); +if (!$logoutResponse->isValid($requestId)) { + $this->_errors[] = 'invalid_logout_response'; +} else if ($logoutResponse->getStatus() !== OneLogin\Saml2\Constants::STATUS_SUCCESS) { + $this->_errors[] = 'logout_not_success'; +} else { + if (!$keepLocalSession) { + OneLogin\Saml2\Utils::deleteLocalSession(); + } +} +``` + +If the SLS endpoints receives an Logout Request, the request is validated, +the session is closed and a Logout Response is sent to the SLS endpoint of +the IdP. + +```php +// part of the processSLO method + +$decoded = base64_decode($_GET['SAMLRequest']); +$request = gzinflate($decoded); +if (!OneLogin\Saml2\LogoutRequest::isValid($this->_settings, $request)) { + $this->_errors[] = 'invalid_logout_request'; +} else { + if (!$keepLocalSession) { + OneLogin\Saml2\Utils::deleteLocalSession(); + } + + $inResponseTo = $request->id; + $responseBuilder = new OneLogin\Saml2\LogoutResponse($this->_settings); + $responseBuilder->build($inResponseTo); + $logoutResponse = $responseBuilder->getResponse(); + + $parameters = array('SAMLResponse' => $logoutResponse); + if (isset($_GET['RelayState'])) { + $parameters['RelayState'] = $_GET['RelayState']; + } + + $security = $this->_settings->getSecurityData(); + if (isset($security['logoutResponseSigned']) && $security['logoutResponseSigned']) { + $signature = $this->buildResponseSignature($logoutResponse, $parameters['RelayState'], $security['signatureAlgorithm']); + $parameters['SigAlg'] = $security['signatureAlgorithm']; + $parameters['Signature'] = $signature; + } + + $this->redirectTo($this->getSLOurl(), $parameters); +} +``` + +If you aren't using the default PHP session, or otherwise need a manual +way to destroy the session, you can pass a callback method to the +`processSLO` method as the fourth parameter + +```php +$keepLocalSession = False; +$callback = function () { + // Destroy user session +}; + +$auth->processSLO($keepLocalSession, null, false, $callback); +``` + + +If we don't want that `processSLO` to destroy the session, pass a true +parameter to the `processSLO` method + +```php +$keepLocalSession = True; +$auth->processSLO($keepLocalSession); +``` + +#### Initiate SLO #### + +In order to send a Logout Request to the IdP: + +```php +logout(); // Method that sent the Logout Request. +``` + +Also there are eight optional parameters that can be set: +* `$returnTo` - The target URL the user should be returned to after logout. +* `$parameters` - Extra parameters to be added to the GET. +* `$name_id` - That will be used to build the LogoutRequest. If `name_id` parameter is not set and the auth object processed a +SAML Response with a `NameId`, then this `NameId` will be used. +* `$session_index` - SessionIndex that identifies the session of the user. +* `$stay` - True if we want to stay (returns the url string) False to redirect. +* `$nameIdFormat` - The NameID Format will be set in the LogoutRequest. +* `$nameIdNameQualifier` - The NameID NameQualifier will be set in the LogoutRequest. +* `$nameIdSPNameQualifier` - The NameID SP NameQualifier will be set in the LogoutRequest. + +The Logout Request will be sent signed or unsigned based on the security +info of the `advanced_settings.php` (`'logoutRequestSigned'`). + +The IdP will return the Logout Response through the user's client to the +Single Logout Service of the SP. +If we do not set a `'url'` param in the logout method and are using the +default SLS provided by the toolkit (`endpoints/sls.php`), then the SLS +endpoint will redirect the user to the file that launched the SLO request. + +We can set an `'returnTo'` url to change the workflow and redirect the user +to other php file. + +```php +$newTargetUrl = 'http://example.com/loggedOut.php'; +$auth = new OneLogin\Saml2\Auth(); +$auth->logout($newTargetUrl); +``` +A more complex logout with all the parameters: +``` +$auth = new OneLogin\Saml2\Auth(); +$returnTo = null; +$parameters = array(); +$nameId = null; +$sessionIndex = null; +$nameIdFormat = null; +$nameIdNameQualifier = null; +$nameIdSPNameQualifier = null; + +if (isset($_SESSION['samlNameId'])) { + $nameId = $_SESSION['samlNameId']; +} +if (isset($_SESSION['samlSessionIndex'])) { + $sessionIndex = $_SESSION['samlSessionIndex']; +} +if (isset($_SESSION['samlNameIdFormat'])) { + $nameIdFormat = $_SESSION['samlNameIdFormat']; +} +if (isset($_SESSION['samlNameIdNameQualifier'])) { + $nameIdNameQualifier = $_SESSION['samlNameIdNameQualifier']; +} +if (isset($_SESSION['samlNameIdSPNameQualifier'])) { + $nameIdSPNameQualifier = $_SESSION['samlNameIdSPNameQualifier']; +} +$auth->logout($returnTo, $parameters, $nameId, $sessionIndex, false, $nameIdFormat, $nameIdNameQualifier, $nameIdSPNameQualifier); +``` + +If a match on the future LogoutResponse ID and the LogoutRequest ID to be sent is required, that LogoutRequest ID must to be extracted and stored. + +```php +$sloBuiltUrl = $auth->logout(null, $parameters, $nameId, $sessionIndex, true); +$_SESSION['LogoutRequestID'] = $auth->getLastRequestID(); +header('Pragma: no-cache'); +header('Cache-Control: no-cache, must-revalidate'); +header('Location: ' . $sloBuiltUrl); +exit(); +``` + +#### Example of a view that initiates the SSO request and handles the response (is the acs target) #### + +We can code a unique file that initiates the SSO process, handle the response, get the attributes, initiate +the SLO and processes the logout response. + +Note: Review the `demo1` folder that contains that use case; in a later section we +explain the demo1 use case further in detail. + +```php +login(); +} else if (isset($_GET['sso2'])) { // Another SSO action + $returnTo = $spBaseUrl.'/demo1/attrs.php'; // but set a custom RelayState URL + $auth->login($returnTo); +} else if (isset($_GET['slo'])) { // SLO action. Will sent a Logout Request to IdP + $auth->logout(); +} else if (isset($_GET['acs'])) { // Assertion Consumer Service + $auth->processResponse(); // Process the Response of the IdP, get the + // attributes and put then at + // $_SESSION['samlUserdata'] + + $errors = $auth->getErrors(); // This method receives an array with the errors + // that could took place during the process + + if (!empty($errors)) { + echo '

    ' . implode(', ', $errors) . '

    '; + } + // This check if the response was + if (!$auth->isAuthenticated()) { // sucessfully validated and the user + echo '

    Not authenticated

    '; // data retrieved or not + exit(); + } + + $_SESSION['samlUserdata'] = $auth->getAttributes(); // Retrieves user data + if (isset($_POST['RelayState']) && OneLogin\Saml2\Utils::getSelfURL() != $_POST['RelayState']) { + $auth->redirectTo($_POST['RelayState']); // Redirect if there is a + } // relayState set +} else if (isset($_GET['sls'])) { // Single Logout Service + $auth->processSLO(); // Process the Logout Request & Logout Response + $errors = $auth->getErrors(); // Retrieves possible validation errors + if (empty($errors)) { + echo '

    Sucessfully logged out

    '; + } else { + echo '

    ' . implode(', ', $errors) . '

    '; + } +} + +if (isset($_SESSION['samlUserdata'])) { // If there is user data we print it. + if (!empty($_SESSION['samlUserdata'])) { + $attributes = $_SESSION['samlUserdata']; + echo 'You have the following attributes:
    '; + echo ''; + foreach ($attributes as $attributeName => $attributeValues) { + echo ''; + } + echo '
    NameValues
    ' . htmlentities($attributeName) . '
      '; + foreach ($attributeValues as $attributeValue) { + echo '
    • ' . htmlentities($attributeValue) . '
      • '; + } + echo '
    '; + } else { // If there is not user data, we notify + echo "

    You don't have any attribute

    "; + } + + echo '

    Logout

    '; // Print some links with possible +} else { // actions + echo '

    Login

    '; + echo '

    Login and access to attrs.php page

    '; +} +``` + +#### URL-guessing methods #### + +php-saml toolkit uses a bunch of methods in OneLogin\Saml2\Utils that try to guess the URL where the SAML messages are processed. + +* `getSelfHost` Returns the current host. +* `getSelfPort` Return the port number used for the request +* `isHTTPS` Checks if the protocol is https or http. +* `getSelfURLhost` Returns the protocol + the current host + the port (if different than common ports). +* `getSelfURL` Returns the URL of the current host + current view + query. +* `getSelfURLNoQuery` Returns the URL of the current host + current view. +* `getSelfRoutedURLNoQuery` Returns the routed URL of the current host + current view. + +getSelfURLNoQuery and getSelfRoutedURLNoQuery are used to calculate the currentURL in order to validate SAML elements like Destination or Recipient. + +When the PHP application is behind a proxy or a load balancer we can execute `setProxyVars(true)` and `setSelfPort` and `isHTTPS` will take care of the `$_SERVER["HTTP_X_FORWARDED_PORT"]` and `$_SERVER['HTTP_X_FORWARDED_PROTO']` vars (otherwise they are ignored). + +Also a developer can use `setSelfProtocol`, `setSelfHost`, `setSelfPort` and `getBaseURLPath` to define a specific value to be returned by `isHTTPS`, `getSelfHost`, `getSelfPort` and `getBaseURLPath`. And define a `setBasePath` to be used on the `getSelfURL` and `getSelfRoutedURLNoQuery` to replace the data extracted from `$_SERVER["REQUEST_URI"]`. + +At the settings the developer will be able to set a `'baseurl'` parameter that automatically will use `setBaseURL` to set values for `setSelfProtocol`, `setSelfHost`, `setSelfPort` and `setBaseURLPath`. + + +### Working behind load balancer ### + +Is possible that asserting request URL and Destination attribute of SAML response fails when working behind load balancer with SSL offload. + +You should be able to workaround this by configuring your server so that it is aware of the proxy and returns the original url when requested. + +Or by using the method described on the previous section. + + +### SP Key rollover ### + +If you plan to update the SP x509cert and privateKey you can define the new x509cert as `$settings['sp']['x509certNew']` and it will be +published on the SP metadata so Identity Providers can read them and get ready for rollover. + + +### IdP with multiple certificates ### + +In some scenarios the IdP uses different certificates for +signing/encryption, or is under key rollover phase and more than one certificate is published on IdP metadata. + +In order to handle that the toolkit offers the `$settings['idp']['x509certMulti']` parameter. + +When that parameter is used, `'x509cert'` and `'certFingerprint'` values will be ignored by the toolkit. + +The `x509certMulti` is an array with 2 keys: +- `signing`. An array of certs that will be used to validate IdP signature +- `encryption` An array with one unique cert that will be used to encrypt data to be sent to the IdP + + +### Replay attacks ### + +In order to avoid replay attacks, you can store the ID of the SAML messages already processed, to avoid processing them twice. Since the Messages expires and will be invalidated due that fact, you don't need to store those IDs longer than the time frame that you currently accepting. + +Get the ID of the last processed message/assertion with the `getLastMessageId`/`getLastAssertionId` methods of the Auth object. + + +### Main classes and methods ### + +Described below are the main classes and methods that can be invoked. + +#### Saml2 library #### + +Lets describe now the classes and methods of the SAML2 library. + +##### OneLogin\Saml2\Auth - Auth.php ##### + +Main class of OneLogin PHP Toolkit + + * `Auth` - Initializes the SP SAML instance + * `login` - Initiates the SSO process. + * `logout` - Initiates the SLO process. + * `processResponse` - Process the SAML Response sent by the IdP. + * `processSLO` - Process the SAML Logout Response / Logout Request sent by the + IdP. + * `redirectTo` - Redirects the user to the url past by parameter or to the url + that we defined in our SSO Request. + * `isAuthenticated` - Checks if the user is authenticated or not. + * `getAttributes` - Returns the set of SAML attributes. + * `getAttribute` - Returns the requested SAML attribute + * `getNameId` - Returns the nameID + * `getNameIdFormat` - Gets the NameID Format provided by the SAML response from the IdP. + * `getNameIdNameQualifier` - Gets the NameID NameQualifier provided from the SAML Response String. + * `getNameIdNameSPQualifier` - Gets the NameID SP NameQualifier provided from the SAML Response String. + * `getSessionIndex` - Gets the SessionIndex from the AuthnStatement. + * `getErrors` - Returns if there were any error + * `getSSOurl` - Gets the SSO url. + * `getSLOurl` - Gets the SLO url. + * `getLastRequestID` - The ID of the last Request SAML message generated. + * `buildRequestSignature` - Generates the Signature for a SAML Request + * `buildResponseSignature` - Generates the Signature for a SAML Response + * `getSettings` - Returns the settings info + * `setStrict` - Set the strict mode active/disable + * `getLastRequestID` - Gets the ID of the last AuthNRequest or LogoutRequest generated by the Service Provider. + * `getLastRequestXML` - Returns the most recently-constructed/processed XML SAML request (AuthNRequest, LogoutRequest) + * `getLastResponseXML` - Returns the most recently-constructed/processed XML SAML response (SAMLResponse, LogoutResponse). If the SAMLResponse had an encrypted assertion, decrypts it. + + +##### OneLogin\Saml2\AuthnRequest - `AuthnRequest.php` ##### + +SAML 2 Authentication Request class + + * `AuthnRequest` - Constructs the `AuthnRequest` object. + * `getRequest` - Returns deflated, base64 encoded, unsigned `AuthnRequest`. + * `getId` - Returns the `AuthNRequest` ID. + * `getXML` - Returns the XML that will be sent as part of the request. + +##### OneLogin\Saml2\Response - `Response.php` ##### + +SAML 2 Authentication Response class + + * `Response` - Constructs the SAML Response object. + * `isValid` - Determines if the SAML Response is valid using the certificate. + * `checkStatus` - Checks if the Status is success. + * `getAudiences` - Gets the audiences. + * `getIssuers` - Gets the Issuers (from Response and Assertion) + * `getNameIdData` - Gets the NameID Data provided by the SAML response from the + IdP. + * `getNameId` - Gets the NameID provided by the SAML response from the IdP. + * `getNameIdFormat` - Gets the NameID Format provided by the SAML response from the IdP. + * `getNameIdNameQualifier` - Gets the NameID NameQualifier provided from the SAML Response String. + * `getNameIdNameSPQualifier` - Gets the NameID SP NameQualifier provided from the SAML Response String. + * `getSessionNotOnOrAfter` - Gets the SessionNotOnOrAfter from the + AuthnStatement + * `getSessionIndex` - Gets the SessionIndex from the AuthnStatement. + * `getAttributes` - Gets the Attributes from the AttributeStatement element. + * `validateNumAssertions` - Verifies that the document only contains a single + Assertion (encrypted or not). + * `validateTimestamps` - Verifies that the document is still valid according + Conditions Element. + * `getError` - After executing a validation process, if it fails, this method returns the cause + * `getXMLDocument` - Returns the SAML Response document (If contains an encrypted assertion, decrypts it) + +##### OneLogin\Saml2\LogoutRequest - `LogoutRequest.php` ##### + +SAML 2 Logout Request class + + * `LogoutRequest` - Constructs the Logout Request object. + * `getRequest` - Returns the Logout Request defated, base64encoded, unsigned + * `getID` - Returns the ID of the Logout Request. (If you have the object you can access to the id attribute) + * `getNameIdData` - Gets the NameID Data of the the Logout Request. + * `getNameId` - Gets the NameID of the Logout Request. + * `getIssuer` - Gets the Issuer of the Logout Request. + * `getSessionIndexes` - Gets the SessionIndexes from the Logout Request. + * `isValid` - Checks if the Logout Request received is valid. + * `getError` - After executing a validation process, if it fails, this method returns the cause + * `getXML` - Returns the XML that will be sent as part of the request or that was received at the SP. + +##### OneLogin\Saml2\LogoutResponse - `LogoutResponse.php` ##### + +SAML 2 Logout Response class + + * `LogoutResponse` - Constructs a Logout Response object + (Initialize params from settings and if provided load the Logout Response) + * `getIssuer` - Gets the Issuer of the Logout Response. + * `getStatus` - Gets the Status of the Logout Response. + * `isValid` - Determines if the SAML LogoutResponse is valid + * `build` - Generates a Logout Response object. + * `getResponse` - Returns a Logout Response object. + * `getError` - After executing a validation process, if it fails, this method returns the cause. + * `getXML` - Returns the XML that will be sent as part of the response or that was received at the SP. + +##### OneLogin\Saml2\Settings - `Settings.php` ##### + +Configuration of the OneLogin PHP Toolkit + + * `Settings` - Initializes the settings: Sets the paths of + the different folders and Loads settings info from settings file or + array/object provided + * `checkSettings` - Checks the settings info. + * `getBasePath` - Returns base path. + * `getCertPath` - Returns cert path. + * `getLibPath` - Returns lib path. + * `getExtLibPath` - Returns external lib path. + * `getSchemasPath` - Returns schema path. + * `checkSPCerts` - Checks if the x509 certs of the SP exists and are valid. + * `getSPkey` - Returns the x509 private key of the SP. + * `getSPcert` - Returns the x509 public cert of the SP. + * `getSPcertNew` - Returns the future x509 public cert of the SP. + * `getIdPData` - Gets the IdP data. + * `getSPData`Gets the SP data. + * `getSecurityData` - Gets security data. + * `getContacts` - Gets contact data. + * `getOrganization` - Gets organization data. + * `getSPMetadata` - Gets the SP metadata. The XML representation. + * `validateMetadata` - Validates an XML SP Metadata. + * `formatIdPCert` - Formats the IdP cert. + * `formatSPCert` - Formats the SP cert. + * `formatSPCertNew` - Formats the SP cert new. + * `formatSPKey` - Formats the SP private key. + * `getErrors` - Returns an array with the errors, the array is empty when + the settings is ok. + * `getLastErrorReason` - Returns the reason of the last error + * `getBaseURL` - Returns the baseurl set on the settings if any. + * `setBaseURL` - Set a baseurl value + * `setStrict` - Activates or deactivates the strict mode. + * `isStrict` - Returns if the 'strict' mode is active. + * `isDebugActive` - Returns if the debug is active. + +##### OneLogin\Saml2\Metadata - `Metadata.php` ##### + +A class that contains functionality related to the metadata of the SP + +* `builder` - Generates the metadata of the SP based on the settings. +* `signmetadata` - Signs the metadata with the key/cert provided +* `addX509KeyDescriptors` - Adds the x509 descriptors (sign/encriptation) to + the metadata + +##### OneLogin\Saml2\Utils - `Utils.php` ##### + +Auxiliary class that contains several methods + + * `validateXML` - This function attempts to validate an XML string against + the specified schema. + * `formatCert` - Returns a x509 cert (adding header & footer if required). + * `formatPrivateKey` - returns a RSA private key (adding header & footer if required). + * `redirect` - Executes a redirection to the provided url (or return the + target url). + * `isHTTPS` - Checks if https or http. + * `getSelfHost` - Returns the current host. + * `getSelfURLhost` - Returns the protocol + the current host + the port + (if different than common ports). + * `getSelfURLNoQuery` - Returns the URL of the current host + current view. + * `getSelfURL` - Returns the URL of the current host + current view + query. + * `generateUniqueID` - Generates a unique string (used for example as ID + for assertions). + * `parseTime2SAML` - Converts a UNIX timestamp to SAML2 timestamp on the + form `yyyy-mm-ddThh:mm:ss(\.s+)?Z`. + * `parseSAML2Time` - Converts a SAML2 timestamp on the form + `yyyy-mm-ddThh:mm:ss(\.s+)?Z` to a UNIX timestamp. The sub-second part is + ignored. + * `parseDuration` - Interprets a ISO8601 duration value relative to a given + timestamp. + * `getExpireTime` - Compares two dates and returns the earliest. + * `query` - Extracts nodes from the DOMDocument. + * `isSessionStarted` - Checks if the session is started or not. + * `deleteLocalSession` - Deletes the local session. + * `calculateX509Fingerprint` - Calculates the fingerprint of a x509cert. + * `formatFingerPrint` - Formats a fingerprint. + * `generateNameId` - Generates a `nameID`. + * `getStatus` - Gets Status from a Response. + * `decryptElement` - Decrypts an encrypted element. + * `castKey` - Converts a `XMLSecurityKey` to the correct algorithm. + * `addSign` - Adds signature key and senders certificate to an element + (Message or Assertion). + * `validateSign` - Validates a signature (Message or Assertion). + +##### OneLogin\Saml2\IdPMetadataParser - `IdPMetadataParser.php` ##### + +Auxiliary class that contains several methods to retrieve and process IdP metadata + + * `parseRemoteXML` - Get IdP Metadata Info from URL. + * `parseFileXML` - Get IdP Metadata Info from File. + * `parseXML` - Get IdP Metadata Info from XML. + * `injectIntoSettings` - Inject metadata info into php-saml settings array. + + +For more info, look at the source code; each method is documented and details +about what it does and how to use it are provided. Make sure to also check the doc folder where +HTML documentation about the classes and methods is provided for SAML and +SAML2. + + +Demos included in the toolkit +----------------------------- + +The toolkit includes three demo apps to teach how use the toolkit, take a look on it. + +Demos require that SP and IdP are well configured before test it. + +## Demo1 ## + +### SP setup ### + +The Onelogin's PHP Toolkit allows you to provide the settings info in two ways: + + * Use a `settings.php` file that we should locate at the base folder of the + toolkit. + * Use an array with the setting data. + +In this demo we provide the data in the second way, using a setting array named +`$settingsInfo`. This array users the `settings_example.php` included as a template +to create the `settings.php` settings and store it in the `demo1/` folder. +Configure the SP part and later review the metadata of the IdP and complete the IdP info. + +If you check the code of the index.php file you will see that the `settings.php` +file is loaded in order to get the `$settingsInfo` var to be used in order to initialize +the `Setting` class. + +Notice that in this demo, the `setting.php` file that could be defined at the base +folder of the toolkit is ignored and the libs are loaded using the +`_toolkit_loader.php` located at the base folder of the toolkit. + + +### IdP setup ### + +Once the SP is configured, the metadata of the SP is published at the +`metadata.php` file. Configure the IdP based on that information. + + +### How it works ### + + 1. First time you access to `index.php` view, you can select to login and return + to the same view or login and be redirected to the `attrs.php` view. + + 2. When you click: + + 2.1 in the first link, we access to (`index.php?sso`) an `AuthNRequest` + is sent to the IdP, we authenticate at the IdP and then a Response is sent + through the user's client to the SP, specifically the Assertion Consumer Service view: `index.php?acs`. + Notice that a `RelayState` parameter is set to the url that initiated the + process, the `index.php` view. + + 2.2 in the second link we access to (`attrs.php`) have the same process + described at 2.1 with the difference that as `RelayState` is set the `attrs.php`. + + 3. The SAML Response is processed in the ACS (`index.php?acs`), if the Response + is not valid, the process stops here and a message is shown. Otherwise we + are redirected to the RelayState view. a) `index.php` or b) `attrs.php`. + + 4. We are logged in the app and the user attributes are showed. + At this point, we can test the single log out functionality. + + 5. The single log out functionality could be tested by two ways. + + 5.1 SLO Initiated by SP. Click on the "logout" link at the SP, after that a + Logout Request is sent to the IdP, the session at the IdP is closed and + replies through the client to the SP with a Logout Response (sent to the + Single Logout Service endpoint). The SLS endpoint (`index.php?sls`) of the SP + process the Logout Response and if is valid, close the user session of the + local app. Notice that the SLO Workflow starts and ends at the SP. + + 5.2 SLO Initiated by IdP. In this case, the action takes place on the IdP + side, the logout process is initiated at the idP, sends a Logout + Request to the SP (SLS endpoint, `index.php?sls`). The SLS endpoint of the SP + process the Logout Request and if is valid, close the session of the user + at the local app and send a Logout Response to the IdP (to the SLS endpoint + of the IdP). The IdP receives the Logout Response, process it and close the + session at of the IdP. Notice that the SLO Workflow starts and ends at the IdP. + +Notice that all the SAML Requests and Responses are handled by a unique file, +the `index.php` file and how `GET` parameters are used to know the action that +must be done. + + +## Demo2 ## + +### SP setup ### + +The Onelogin's PHP Toolkit allows you to provide the settings info in two ways: + + * Use a `settings.php` file that we should locate at the base folder of the + toolkit. + * Use an array with the setting data. + +The first is the case of the demo2 app. The `setting.php` file and the +`setting_extended.php` file should be defined at the base folder of the toolkit. +Review the `setting_example.php` and the `advanced_settings_example.php` to +learn how to build them. + +In this case as Attribute Consume Service and Single Logout Service we are going to +use the files located in the endpoint folder (`acs.php` and `sls.php`). + + +### IdP setup ### + +Once the SP is configured, the metadata of the SP is published at the +`metadata.php` file. Based on that info, configure the IdP. + + +### How it works ### + +At demo1, we saw how all the SAML Request and Responses were handler at an +unique file, the `index.php` file. This demo1 uses high-level programming. + +At demo2, we have several views: `index.php`, `sso.php`, `slo.php`, `consume.php` +and `metadata.php`. As we said, we will use the endpoints that are defined +in the toolkit (`acs.php`, `sls.php` of the endpoints folder). This demo2 uses +low-level programming. + +Notice that the SSO action can be initiated at `index.php` or `sso.php`. + +The SAML workflow that take place is similar that the workflow defined in the +demo1, only changes the targets. + + 1. When you access `index.php` or `sso.php` for the first time, an `AuthNRequest` is + sent to the IdP automatically, (as `RelayState` is sent the origin url). + We authenticate at the IdP and then a `Response` is sent to the SP, to the + ACS endpoint, in this case `acs.php` of the endpoints folder. + + 2. The SAML Response is processed in the ACS, if the `Response` is not valid, + the process stops here and a message is shown. Otherwise we are redirected + to the `RelayState` view (`sso.php` or `index.php`). The `sso.php` detects if the + user is logged and redirects to `index.php`, so we will be in the + `index.php` at the end. + + 3. We are logged into the app and the user attributes (if any) are shown. + At this point, we can test the single log out functionality. + + 4. The single log out functionality could be tested by two ways. + + 4.1 SLO Initiated by SP. Click on the "logout" link at the SP, after that + we are redirected to the `slo.php` view and there a Logout Request is sent + to the IdP, the session at the IdP is closed and replies to the SP a + Logout Response (sent to the Single Logout Service endpoint). In this case + The SLS endpoint of the SP process the Logout Response and if is + valid, close the user session of the local app. Notice that the SLO + Workflow starts and ends at the SP. + + 4.2 SLO Initiated by IdP. In this case, the action takes place on the IdP + side, the logout process is initiated at the idP, sends a Logout + Request to the SP (SLS endpoint `sls.php` of the endpoint folder). + The SLS endpoint of the SP process the Logout Request and if is valid, + close the session of the user at the local app and sends a Logout Response + to the IdP (to the SLS endpoint of the IdP).The IdP receives the Logout + Response, process it and close the session at of the IdP. Notice that the + SLO Workflow starts and ends at the IdP. + diff --git a/docker/nextcloud/user_saml/3rdparty/vendor/onelogin/php-saml/_toolkit_loader.php b/docker/nextcloud/user_saml/3rdparty/vendor/onelogin/php-saml/_toolkit_loader.php new file mode 100755 index 0000000..c4649d7 --- /dev/null +++ b/docker/nextcloud/user_saml/3rdparty/vendor/onelogin/php-saml/_toolkit_loader.php @@ -0,0 +1,34 @@ + array( + 'requests' => true, + 'responses' => true + ), + + // Security settings + 'security' => array( + + /** signatures and encryptions offered */ + + // Indicates that the nameID of the sent by this SP + // will be encrypted. + 'nameIdEncrypted' => false, + + // Indicates whether the messages sent by this SP + // will be signed. [The Metadata of the SP will offer this info] + 'authnRequestsSigned' => false, + + // Indicates whether the messages sent by this SP + // will be signed. + 'logoutRequestSigned' => false, + + // Indicates whether the messages sent by this SP + // will be signed. + 'logoutResponseSigned' => false, + + /* Sign the Metadata + False || True (use sp certs) || array ( + 'keyFileName' => 'metadata.key', + 'certFileName' => 'metadata.crt' + ) + || array ( + 'x509cert' => '', + 'privateKey' => '' + ) + */ + 'signMetadata' => false, + + + /** signatures and encryptions required **/ + + // Indicates a requirement for the , and + // elements received by this SP to be signed. + 'wantMessagesSigned' => false, + + // Indicates a requirement for the elements received by + // this SP to be encrypted. + 'wantAssertionsEncrypted' => false, + + // Indicates a requirement for the elements received by + // this SP to be signed. [The Metadata of the SP will offer this info] + 'wantAssertionsSigned' => false, + + // Indicates a requirement for the NameID element on the SAMLResponse received + // by this SP to be present. + 'wantNameId' => true, + + // Indicates a requirement for the NameID received by + // this SP to be encrypted. + 'wantNameIdEncrypted' => false, + + // Authentication context. + // Set to false and no AuthContext will be sent in the AuthNRequest, + // Set true or don't present this parameter and you will get an AuthContext 'exact' 'urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport' + // Set an array with the possible auth context values: array('urn:oasis:names:tc:SAML:2.0:ac:classes:Password', 'urn:oasis:names:tc:SAML:2.0:ac:classes:X509'), + 'requestedAuthnContext' => false, + + // Allows the authn comparison parameter to be set, defaults to 'exact' if + // the setting is not present. + 'requestedAuthnContextComparison' => 'exact', + + // Indicates if the SP will validate all received xmls. + // (In order to validate the xml, 'strict' and 'wantXMLValidation' must be true). + 'wantXMLValidation' => true, + + // If true, SAMLResponses with an empty value at its Destination + // attribute will not be rejected for this fact. + 'relaxDestinationValidation' => false, + + // If true, Destination URL should strictly match to the address to + // which the response has been sent. + // Notice that if 'relaxDestinationValidation' is true an empty Destintation + // will be accepted. + 'destinationStrictlyMatches' => false, + + // If true, SAMLResponses with an InResponseTo value will be rejectd if not + // AuthNRequest ID provided to the validation method. + 'rejectUnsolicitedResponsesWithInResponseTo' => false, + + // Algorithm that the toolkit will use on signing process. Options: + // 'http://www.w3.org/2000/09/xmldsig#rsa-sha1' + // 'http://www.w3.org/2000/09/xmldsig#dsa-sha1' + // 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256' + // 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha384' + // 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha512' + // Notice that rsa-sha1 is a deprecated algorithm and should not be used + 'signatureAlgorithm' => 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256', + + // Algorithm that the toolkit will use on digest process. Options: + // 'http://www.w3.org/2000/09/xmldsig#sha1' + // 'http://www.w3.org/2001/04/xmlenc#sha256' + // 'http://www.w3.org/2001/04/xmldsig-more#sha384' + // 'http://www.w3.org/2001/04/xmlenc#sha512' + // Notice that sha1 is a deprecated algorithm and should not be used + 'digestAlgorithm' => 'http://www.w3.org/2001/04/xmlenc#sha256', + + // ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses + // uppercase. Turn it True for ADFS compatibility on signature verification + 'lowercaseUrlencoding' => false, + ), + + // Contact information template, it is recommended to suply a technical and support contacts + 'contactPerson' => array( + 'technical' => array( + 'givenName' => '', + 'emailAddress' => '' + ), + 'support' => array( + 'givenName' => '', + 'emailAddress' => '' + ), + ), + + // Organization information template, the info in en_US lang is recomended, add more if required + 'organization' => array( + 'en-US' => array( + 'name' => '', + 'displayname' => '', + 'url' => '' + ), + ), +); + + +/* Interoperable SAML 2.0 Web Browser SSO Profile [saml2int] http://saml2int.org/profile/current + + 'authnRequestsSigned' => false, // SP SHOULD NOT sign the , + // MUST NOT assume that the IdP validates the sign + 'wantAssertionsSigned' => true, + 'wantAssertionsEncrypted' => true, // MUST be enabled if SSL/HTTPs is disabled + 'wantNameIdEncrypted' => false, +*/ diff --git a/docker/nextcloud/user_saml/3rdparty/vendor/onelogin/php-saml/composer.json b/docker/nextcloud/user_saml/3rdparty/vendor/onelogin/php-saml/composer.json new file mode 100755 index 0000000..2cae8af --- /dev/null +++ b/docker/nextcloud/user_saml/3rdparty/vendor/onelogin/php-saml/composer.json @@ -0,0 +1,34 @@ +{ + "name": "onelogin/php-saml", + "description": "OneLogin PHP SAML Toolkit", + "license": "MIT", + "homepage": "https://developers.onelogin.com/saml/php", + "keywords": ["saml", "saml2", "onelogin"], + "autoload": { + "psr-4": { + "OneLogin\\": "src/" + } + }, + "support": { + "email": "sixto.garcia@onelogin.com", + "issues": "https://github.com/onelogin/php-saml/issues", + "source": "https://github.com/onelogin/php-saml/" + }, + "require": { + "php": ">=5.4", + "robrichards/xmlseclibs": ">=3.0.4" + }, + "require-dev": { + "php-coveralls/php-coveralls": "^1.0.2 || ^2.0", + "phpunit/phpunit": "^4.8.35 || ^5.7 || ^6.5 || ^7.1", + "sebastian/phpcpd": "^2.0 || ^3.0 || ^4.0", + "phploc/phploc": "^2.1 || ^3.0 || ^4.0", + "pdepend/pdepend": "^2.5.0", + "squizlabs/php_codesniffer": "^3.1.1" + }, + "suggest": { + "ext-openssl": "Install openssl lib in order to handle with x509 certs (require to support sign and encryption)", + "ext-curl": "Install curl lib to be able to use the IdPMetadataParser for parsing remote XMLs", + "ext-gettext": "Install gettext and php5-gettext libs to handle translations" + } +} diff --git a/docker/nextcloud/user_saml/3rdparty/vendor/onelogin/php-saml/phpunit.xml b/docker/nextcloud/user_saml/3rdparty/vendor/onelogin/php-saml/phpunit.xml new file mode 100755 index 0000000..3629f27 --- /dev/null +++ b/docker/nextcloud/user_saml/3rdparty/vendor/onelogin/php-saml/phpunit.xml @@ -0,0 +1,18 @@ + + + + ./tests/src + + + + + ./src + + + + + + + + + diff --git a/docker/nextcloud/user_saml/3rdparty/vendor/onelogin/php-saml/settings_example.php b/docker/nextcloud/user_saml/3rdparty/vendor/onelogin/php-saml/settings_example.php new file mode 100755 index 0000000..981a21a --- /dev/null +++ b/docker/nextcloud/user_saml/3rdparty/vendor/onelogin/php-saml/settings_example.php @@ -0,0 +1,137 @@ + true, + + // Enable debug mode (to print errors) + 'debug' => false, + + // Set a BaseURL to be used instead of try to guess + // the BaseURL of the view that process the SAML Message. + // Ex. http://sp.example.com/ + // http://example.com/sp/ + 'baseurl' => null, + + // Service Provider Data that we are deploying + 'sp' => array( + // Identifier of the SP entity (must be a URI) + 'entityId' => '', + // Specifies info about where and how the message MUST be + // returned to the requester, in this case our SP. + 'assertionConsumerService' => array( + // URL Location where the from the IdP will be returned + 'url' => '', + // SAML protocol binding to be used when returning the + // message. Onelogin Toolkit supports for this endpoint the + // HTTP-POST binding only + 'binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST', + ), + // If you need to specify requested attributes, set a + // attributeConsumingService. nameFormat, attributeValue and + // friendlyName can be omitted. Otherwise remove this section. + "attributeConsumingService"=> array( + "serviceName" => "SP test", + "serviceDescription" => "Test Service", + "requestedAttributes" => array( + array( + "name" => "", + "isRequired" => false, + "nameFormat" => "", + "friendlyName" => "", + "attributeValue" => "" + ) + ) + ), + // Specifies info about where and how the message MUST be + // returned to the requester, in this case our SP. + 'singleLogoutService' => array( + // URL Location where the from the IdP will be returned + 'url' => '', + // SAML protocol binding to be used when returning the + // message. Onelogin Toolkit supports for this endpoint the + // HTTP-Redirect binding only + 'binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect', + ), + // Specifies constraints on the name identifier to be used to + // represent the requested subject. + // Take a look on lib/Saml2/Constants.php to see the NameIdFormat supported + 'NameIDFormat' => 'urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified', + + // Usually x509cert and privateKey of the SP are provided by files placed at + // the certs folder. But we can also provide them with the following parameters + 'x509cert' => '', + 'privateKey' => '', + + /* + * Key rollover + * If you plan to update the SP x509cert and privateKey + * you can define here the new x509cert and it will be + * published on the SP metadata so Identity Providers can + * read them and get ready for rollover. + */ + // 'x509certNew' => '', + ), + + // Identity Provider Data that we want connect with our SP + 'idp' => array( + // Identifier of the IdP entity (must be a URI) + 'entityId' => '', + // SSO endpoint info of the IdP. (Authentication Request protocol) + 'singleSignOnService' => array( + // URL Target of the IdP where the SP will send the Authentication Request Message + 'url' => '', + // SAML protocol binding to be used when returning the + // message. Onelogin Toolkit supports for this endpoint the + // HTTP-Redirect binding only + 'binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect', + ), + // SLO endpoint info of the IdP. + 'singleLogoutService' => array( + // URL Location of the IdP where the SP will send the SLO Request + 'url' => '', + // URL location of the IdP where the SP SLO Response will be sent (ResponseLocation) + // if not set, url for the SLO Request will be used + 'responseUrl' => '', + // SAML protocol binding to be used when returning the + // message. Onelogin Toolkit supports for this endpoint the + // HTTP-Redirect binding only + 'binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect', + ), + // Public x509 certificate of the IdP + 'x509cert' => '', + /* + * Instead of use the whole x509cert you can use a fingerprint in + * order to validate the SAMLResponse, but we don't recommend to use + * that method on production since is exploitable by a collision + * attack. + * (openssl x509 -noout -fingerprint -in "idp.crt" to generate it, + * or add for example the -sha256 , -sha384 or -sha512 parameter) + * + * If a fingerprint is provided, then the certFingerprintAlgorithm is required in order to + * let the toolkit know which Algorithm was used. Possible values: sha1, sha256, sha384 or sha512 + * 'sha1' is the default value. + */ + // 'certFingerprint' => '', + // 'certFingerprintAlgorithm' => 'sha1', + + /* In some scenarios the IdP uses different certificates for + * signing/encryption, or is under key rollover phase and more + * than one certificate is published on IdP metadata. + * In order to handle that the toolkit offers that parameter. + * (when used, 'x509cert' and 'certFingerprint' values are + * ignored). + */ + // 'x509certMulti' => array( + // 'signing' => array( + // 0 => '', + // ), + // 'encryption' => array( + // 0 => '', + // ) + // ), + ), +); diff --git a/docker/nextcloud/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/Auth.php b/docker/nextcloud/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/Auth.php new file mode 100755 index 0000000..5f603a1 --- /dev/null +++ b/docker/nextcloud/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/Auth.php @@ -0,0 +1,826 @@ + + * @license MIT https://github.com/onelogin/php-saml/blob/master/LICENSE + * @link https://github.com/onelogin/php-saml + */ + +namespace OneLogin\Saml2; + +use RobRichards\XMLSecLibs\XMLSecurityKey; + +use Exception; + +/** + * Main class of OneLogin's PHP Toolkit + */ +class Auth +{ + /** + * Settings data. + * + * @var Settings + */ + private $_settings; + + /** + * User attributes data. + * + * @var array + */ + private $_attributes = array(); + + /** + * User attributes data with FriendlyName index. + * + * @var array + */ + private $_attributesWithFriendlyName = array(); + + /** + * NameID + * + * @var string + */ + private $_nameid; + + /** + * NameID Format + * + * @var string + */ + private $_nameidFormat; + + /** + * NameID NameQualifier + * + * @var string + */ + private $_nameidNameQualifier; + + /** + * NameID SP NameQualifier + * + * @var string + */ + private $_nameidSPNameQualifier; + + /** + * If user is authenticated. + * + * @var bool + */ + private $_authenticated = false; + + + /** + * SessionIndex. When the user is logged, this stored it + * from the AuthnStatement of the SAML Response + * + * @var string + */ + private $_sessionIndex; + + /** + * SessionNotOnOrAfter. When the user is logged, this stored it + * from the AuthnStatement of the SAML Response + * + * @var int|null + */ + private $_sessionExpiration; + + /** + * The ID of the last message processed + * + * @var string + */ + private $_lastMessageId; + + /** + * The ID of the last assertion processed + * + * @var string + */ + private $_lastAssertionId; + + /** + * The NotOnOrAfter value of the valid SubjectConfirmationData + * node (if any) of the last assertion processed + * + * @var int + */ + private $_lastAssertionNotOnOrAfter; + + /** + * If any error. + * + * @var array + */ + private $_errors = array(); + + /** + * Last error object. + * + * @var Error|null + */ + private $_lastErrorException; + + /** + * Last error. + * + * @var string|null + */ + private $_lastError; + + /** + * Last AuthNRequest ID or LogoutRequest ID generated by this Service Provider + * + * @var string + */ + private $_lastRequestID; + + /** + * The most recently-constructed/processed XML SAML request + * (AuthNRequest, LogoutRequest) + * + * @var string + */ + private $_lastRequest; + + /** + * The most recently-constructed/processed XML SAML response + * (SAMLResponse, LogoutResponse). If the SAMLResponse was + * encrypted, by default tries to return the decrypted XML + * + * @var string|\DomDocument|null + */ + private $_lastResponse; + + /** + * Initializes the SP SAML instance. + * + * @param array|null $settings Setting data + * + * @throws Exception + * @throws Error + */ + public function __construct(array $settings = null) + { + $this->_settings = new Settings($settings); + } + + /** + * Returns the settings info + * + * @return Settings The settings data. + */ + public function getSettings() + { + return $this->_settings; + } + + /** + * Set the strict mode active/disable + * + * @param bool $value Strict parameter + * + * @throws Error + */ + public function setStrict($value) + { + if (!is_bool($value)) { + throw new Error( + 'Invalid value passed to setStrict()', + Error::SETTINGS_INVALID_SYNTAX + ); + } + + $this->_settings->setStrict($value); + } + + /** + * Set schemas path + * + * @param string $path + * @return $this + */ + public function setSchemasPath($path) + { + $this->_paths['schemas'] = $path; + } + + /** + * Process the SAML Response sent by the IdP. + * + * @param string|null $requestId The ID of the AuthNRequest sent by this SP to the IdP + * + * @throws Error + * @throws ValidationError + */ + public function processResponse($requestId = null) + { + $this->_errors = array(); + $this->_lastError = $this->_lastErrorException = null; + if (isset($_POST['SAMLResponse'])) { + // AuthnResponse -- HTTP_POST Binding + $response = new Response($this->_settings, $_POST['SAMLResponse']); + $this->_lastResponse = $response->getXMLDocument(); + + if ($response->isValid($requestId)) { + $this->_attributes = $response->getAttributes(); + $this->_attributesWithFriendlyName = $response->getAttributesWithFriendlyName(); + $this->_nameid = $response->getNameId(); + $this->_nameidFormat = $response->getNameIdFormat(); + $this->_nameidNameQualifier = $response->getNameIdNameQualifier(); + $this->_nameidSPNameQualifier = $response->getNameIdSPNameQualifier(); + $this->_authenticated = true; + $this->_sessionIndex = $response->getSessionIndex(); + $this->_sessionExpiration = $response->getSessionNotOnOrAfter(); + $this->_lastMessageId = $response->getId(); + $this->_lastAssertionId = $response->getAssertionId(); + $this->_lastAssertionNotOnOrAfter = $response->getAssertionNotOnOrAfter(); + } else { + $this->_errors[] = 'invalid_response'; + $this->_lastErrorException = $response->getErrorException(); + $this->_lastError = $response->getError(); + } + } else { + $this->_errors[] = 'invalid_binding'; + throw new Error( + 'SAML Response not found, Only supported HTTP_POST Binding', + Error::SAML_RESPONSE_NOT_FOUND + ); + } + } + + /** + * Process the SAML Logout Response / Logout Request sent by the IdP. + * + * @param bool $keepLocalSession When false will destroy the local session, otherwise will keep it + * @param string|null $requestId The ID of the LogoutRequest sent by this SP to the IdP + * @param bool $retrieveParametersFromServer True if we want to use parameters from $_SERVER to validate the signature + * @param callable $cbDeleteSession Callback to be executed to delete session + * @param bool $stay True if we want to stay (returns the url string) False to redirect + * + * @return string|null + * + * @throws Error + */ + public function processSLO($keepLocalSession = false, $requestId = null, $retrieveParametersFromServer = false, $cbDeleteSession = null, $stay = false) + { + $this->_errors = array(); + $this->_lastError = $this->_lastErrorException = null; + if (isset($_GET['SAMLResponse'])) { + $logoutResponse = new LogoutResponse($this->_settings, $_GET['SAMLResponse']); + $this->_lastResponse = $logoutResponse->getXML(); + if (!$logoutResponse->isValid($requestId, $retrieveParametersFromServer)) { + $this->_errors[] = 'invalid_logout_response'; + $this->_lastErrorException = $logoutResponse->getErrorException(); + $this->_lastError = $logoutResponse->getError(); + + } else if ($logoutResponse->getStatus() !== Constants::STATUS_SUCCESS) { + $this->_errors[] = 'logout_not_success'; + } else { + $this->_lastMessageId = $logoutResponse->id; + if (!$keepLocalSession) { + if ($cbDeleteSession === null) { + Utils::deleteLocalSession(); + } else { + call_user_func($cbDeleteSession); + } + } + } + } else if (isset($_GET['SAMLRequest'])) { + $logoutRequest = new LogoutRequest($this->_settings, $_GET['SAMLRequest']); + $this->_lastRequest = $logoutRequest->getXML(); + if (!$logoutRequest->isValid($retrieveParametersFromServer)) { + $this->_errors[] = 'invalid_logout_request'; + $this->_lastErrorException = $logoutRequest->getErrorException(); + $this->_lastError = $logoutRequest->getError(); + } else { + if (!$keepLocalSession) { + if ($cbDeleteSession === null) { + Utils::deleteLocalSession(); + } else { + call_user_func($cbDeleteSession); + } + } + $inResponseTo = $logoutRequest->id; + $this->_lastMessageId = $logoutRequest->id; + $responseBuilder = new LogoutResponse($this->_settings); + $responseBuilder->build($inResponseTo); + $this->_lastResponse = $responseBuilder->getXML(); + + $logoutResponse = $responseBuilder->getResponse(); + + $parameters = array('SAMLResponse' => $logoutResponse); + if (isset($_GET['RelayState'])) { + $parameters['RelayState'] = $_GET['RelayState']; + } + + $security = $this->_settings->getSecurityData(); + if (isset($security['logoutResponseSigned']) && $security['logoutResponseSigned']) { + $signature = $this->buildResponseSignature($logoutResponse, isset($parameters['RelayState'])? $parameters['RelayState']: null, $security['signatureAlgorithm']); + $parameters['SigAlg'] = $security['signatureAlgorithm']; + $parameters['Signature'] = $signature; + } + + return $this->redirectTo($this->getSLOResponseUrl(), $parameters, $stay); + } + } else { + $this->_errors[] = 'invalid_binding'; + throw new Error( + 'SAML LogoutRequest/LogoutResponse not found. Only supported HTTP_REDIRECT Binding', + Error::SAML_LOGOUTMESSAGE_NOT_FOUND + ); + } + } + + /** + * Redirects the user to the url past by parameter + * or to the url that we defined in our SSO Request. + * + * @param string $url The target URL to redirect the user. + * @param array $parameters Extra parameters to be passed as part of the url + * @param bool $stay True if we want to stay (returns the url string) False to redirect + * + * @return string|null + */ + public function redirectTo($url = '', array $parameters = array(), $stay = false) + { + assert(is_string($url)); + + if (empty($url) && isset($_REQUEST['RelayState'])) { + $url = $_REQUEST['RelayState']; + } + + return Utils::redirect($url, $parameters, $stay); + } + + /** + * Checks if the user is authenticated or not. + * + * @return bool True if the user is authenticated + */ + public function isAuthenticated() + { + return $this->_authenticated; + } + + /** + * Returns the set of SAML attributes. + * + * @return array Attributes of the user. + */ + public function getAttributes() + { + return $this->_attributes; + } + + + /** + * Returns the set of SAML attributes indexed by FriendlyName + * + * @return array Attributes of the user. + */ + public function getAttributesWithFriendlyName() + { + return $this->_attributesWithFriendlyName; + } + + /** + * Returns the nameID + * + * @return string The nameID of the assertion + */ + public function getNameId() + { + return $this->_nameid; + } + + /** + * Returns the nameID Format + * + * @return string The nameID Format of the assertion + */ + public function getNameIdFormat() + { + return $this->_nameidFormat; + } + + /** + * Returns the nameID NameQualifier + * + * @return string The nameID NameQualifier of the assertion + */ + public function getNameIdNameQualifier() + { + return $this->_nameidNameQualifier; + } + + /** + * Returns the nameID SP NameQualifier + * + * @return string The nameID SP NameQualifier of the assertion + */ + public function getNameIdSPNameQualifier() + { + return $this->_nameidSPNameQualifier; + } + + /** + * Returns the SessionIndex + * + * @return string|null The SessionIndex of the assertion + */ + public function getSessionIndex() + { + return $this->_sessionIndex; + } + + /** + * Returns the SessionNotOnOrAfter + * + * @return int|null The SessionNotOnOrAfter of the assertion + */ + public function getSessionExpiration() + { + return $this->_sessionExpiration; + } + + /** + * Returns if there were any error + * + * @return array Errors + */ + public function getErrors() + { + return $this->_errors; + } + + /** + * Returns the reason for the last error + * + * @return string|null Error reason + */ + public function getLastErrorReason() + { + return $this->_lastError; + } + + + /** + * Returns the last error + * + * @return Exception|null Error + */ + public function getLastErrorException() + { + return $this->_lastErrorException; + } + + /** + * Returns the requested SAML attribute + * + * @param string $name The requested attribute of the user. + * + * @return array|null Requested SAML attribute ($name). + */ + public function getAttribute($name) + { + assert(is_string($name)); + + $value = null; + if (isset($this->_attributes[$name])) { + return $this->_attributes[$name]; + } + return $value; + } + + /** + * Returns the requested SAML attribute indexed by FriendlyName + * + * @param string $friendlyName The requested attribute of the user. + * + * @return array|null Requested SAML attribute ($friendlyName). + */ + public function getAttributeWithFriendlyName($friendlyName) + { + assert(is_string($friendlyName)); + $value = null; + if (isset($this->_attributesWithFriendlyName[$friendlyName])) { + return $this->_attributesWithFriendlyName[$friendlyName]; + } + return $value; + } + + /** + * Initiates the SSO process. + * + * @param string|null $returnTo The target URL the user should be returned to after login. + * @param array $parameters Extra parameters to be added to the GET + * @param bool $forceAuthn When true the AuthNRequest will set the ForceAuthn='true' + * @param bool $isPassive When true the AuthNRequest will set the Ispassive='true' + * @param bool $stay True if we want to stay (returns the url string) False to redirect + * @param bool $setNameIdPolicy When true the AuthNRequest will set a nameIdPolicy element + * @param string $nameIdValueReq Indicates to the IdP the subject that should be authenticated + * + * @return string|null If $stay is True, it return a string with the SLO URL + LogoutRequest + parameters + * + * @throws Error + */ + public function login($returnTo = null, array $parameters = array(), $forceAuthn = false, $isPassive = false, $stay = false, $setNameIdPolicy = true, $nameIdValueReq = null) + { + $authnRequest = $this->buildAuthnRequest($this->_settings, $forceAuthn, $isPassive, $setNameIdPolicy, $nameIdValueReq); + + $this->_lastRequest = $authnRequest->getXML(); + $this->_lastRequestID = $authnRequest->getId(); + + $samlRequest = $authnRequest->getRequest(); + $parameters['SAMLRequest'] = $samlRequest; + + if (!empty($returnTo)) { + $parameters['RelayState'] = $returnTo; + } else { + $parameters['RelayState'] = Utils::getSelfRoutedURLNoQuery(); + } + + $security = $this->_settings->getSecurityData(); + if (isset($security['authnRequestsSigned']) && $security['authnRequestsSigned']) { + $signature = $this->buildRequestSignature($samlRequest, $parameters['RelayState'], $security['signatureAlgorithm']); + $parameters['SigAlg'] = $security['signatureAlgorithm']; + $parameters['Signature'] = $signature; + } + return $this->redirectTo($this->getSSOurl(), $parameters, $stay); + } + + /** + * Initiates the SLO process. + * + * @param string|null $returnTo The target URL the user should be returned to after logout. + * @param array $parameters Extra parameters to be added to the GET + * @param string|null $nameId The NameID that will be set in the LogoutRequest. + * @param string|null $sessionIndex The SessionIndex (taken from the SAML Response in the SSO process). + * @param bool $stay True if we want to stay (returns the url string) False to redirect + * @param string|null $nameIdFormat The NameID Format will be set in the LogoutRequest. + * @param string|null $nameIdNameQualifier The NameID NameQualifier will be set in the LogoutRequest. + * + * @return string|null If $stay is True, it return a string with the SLO URL + LogoutRequest + parameters + * + * @throws Error + */ + public function logout($returnTo = null, array $parameters = array(), $nameId = null, $sessionIndex = null, $stay = false, $nameIdFormat = null, $nameIdNameQualifier = null, $nameIdSPNameQualifier = null) + { + $sloUrl = $this->getSLOurl(); + if (empty($sloUrl)) { + throw new Error( + 'The IdP does not support Single Log Out', + Error::SAML_SINGLE_LOGOUT_NOT_SUPPORTED + ); + } + + if (empty($nameId) && !empty($this->_nameid)) { + $nameId = $this->_nameid; + } + if (empty($nameIdFormat) && !empty($this->_nameidFormat)) { + $nameIdFormat = $this->_nameidFormat; + } + + $logoutRequest = new LogoutRequest($this->_settings, null, $nameId, $sessionIndex, $nameIdFormat, $nameIdNameQualifier, $nameIdSPNameQualifier); + + $this->_lastRequest = $logoutRequest->getXML(); + $this->_lastRequestID = $logoutRequest->id; + + $samlRequest = $logoutRequest->getRequest(); + + $parameters['SAMLRequest'] = $samlRequest; + if (!empty($returnTo)) { + $parameters['RelayState'] = $returnTo; + } else { + $parameters['RelayState'] = Utils::getSelfRoutedURLNoQuery(); + } + + $security = $this->_settings->getSecurityData(); + if (isset($security['logoutRequestSigned']) && $security['logoutRequestSigned']) { + $signature = $this->buildRequestSignature($samlRequest, $parameters['RelayState'], $security['signatureAlgorithm']); + $parameters['SigAlg'] = $security['signatureAlgorithm']; + $parameters['Signature'] = $signature; + } + + return $this->redirectTo($sloUrl, $parameters, $stay); + } + + /** + * Gets the SSO url. + * + * @return string The url of the Single Sign On Service + */ + public function getSSOurl() + { + $idpData = $this->_settings->getIdPData(); + return $idpData['singleSignOnService']['url']; + } + + /** + * Gets the SLO url. + * + * @return string|null The url of the Single Logout Service + */ + public function getSLOurl() + { + $url = null; + $idpData = $this->_settings->getIdPData(); + if (isset($idpData['singleLogoutService']) && isset($idpData['singleLogoutService']['url'])) { + $url = $idpData['singleLogoutService']['url']; + } + return $url; + } + + /** + * Gets the SLO response url. + * + * @return string|null The response url of the Single Logout Service + */ + public function getSLOResponseUrl() + { + $idpData = $this->_settings->getIdPData(); + if (isset($idpData['singleLogoutService']) && isset($idpData['singleLogoutService']['responseUrl'])) { + return $idpData['singleLogoutService']['responseUrl']; + } + return $this->getSLOurl(); + } + + /** + * Gets the ID of the last AuthNRequest or LogoutRequest generated by the Service Provider. + * + * @return string The ID of the Request SAML message. + */ + public function getLastRequestID() + { + return $this->_lastRequestID; + } + + /** + * Creates an AuthnRequest + * + * @param Settings $settings Setting data + * @param bool $forceAuthn When true the AuthNRequest will set the ForceAuthn='true' + * @param bool $isPassive When true the AuthNRequest will set the Ispassive='true' + * @param bool $setNameIdPolicy When true the AuthNRequest will set a nameIdPolicy element + * @param string $nameIdValueReq Indicates to the IdP the subject that should be authenticated + * + * @return AuthnRequest The AuthnRequest object + */ + public function buildAuthnRequest($settings, $forceAuthn, $isPassive, $setNameIdPolicy, $nameIdValueReq = null) + { + return new AuthnRequest($settings, $forceAuthn, $isPassive, $setNameIdPolicy, $nameIdValueReq); + } + + /** + * Generates the Signature for a SAML Request + * + * @param string $samlRequest The SAML Request + * @param string $relayState The RelayState + * @param string $signAlgorithm Signature algorithm method + * + * @return string A base64 encoded signature + * + * @throws Exception + * @throws Error + */ + public function buildRequestSignature($samlRequest, $relayState, $signAlgorithm = XMLSecurityKey::RSA_SHA256) + { + return $this->buildMessageSignature($samlRequest, $relayState, $signAlgorithm, "SAMLRequest"); + } + + /** + * Generates the Signature for a SAML Response + * + * @param string $samlResponse The SAML Response + * @param string $relayState The RelayState + * @param string $signAlgorithm Signature algorithm method + * + * @return string A base64 encoded signature + * + * @throws Exception + * @throws Error + */ + public function buildResponseSignature($samlResponse, $relayState, $signAlgorithm = XMLSecurityKey::RSA_SHA256) + { + return $this->buildMessageSignature($samlResponse, $relayState, $signAlgorithm, "SAMLResponse"); + } + + /** + * Generates the Signature for a SAML Message + * + * @param string $samlMessage The SAML Message + * @param string $relayState The RelayState + * @param string $signAlgorithm Signature algorithm method + * @param string $type "SAMLRequest" or "SAMLResponse" + * + * @return string A base64 encoded signature + * + * @throws Exception + * @throws Error + */ + private function buildMessageSignature($samlMessage, $relayState, $signAlgorithm = XMLSecurityKey::RSA_SHA256, $type = "SAMLRequest") + { + $key = $this->_settings->getSPkey(); + if (empty($key)) { + if ($type == "SAMLRequest") { + $errorMsg = "Trying to sign the SAML Request but can't load the SP private key"; + } else { + $errorMsg = "Trying to sign the SAML Response but can't load the SP private key"; + } + + throw new Error($errorMsg, Error::PRIVATE_KEY_NOT_FOUND); + } + + $objKey = new XMLSecurityKey($signAlgorithm, array('type' => 'private')); + $objKey->loadKey($key, false); + + $security = $this->_settings->getSecurityData(); + if ($security['lowercaseUrlencoding']) { + $msg = $type.'='.rawurlencode($samlMessage); + if (isset($relayState)) { + $msg .= '&RelayState='.rawurlencode($relayState); + } + $msg .= '&SigAlg=' . rawurlencode($signAlgorithm); + } else { + $msg = $type.'='.urlencode($samlMessage); + if (isset($relayState)) { + $msg .= '&RelayState='.urlencode($relayState); + } + $msg .= '&SigAlg=' . urlencode($signAlgorithm); + } + $signature = $objKey->signData($msg); + return base64_encode($signature); + } + + /** + * @return string The ID of the last message processed + */ + public function getLastMessageId() + { + return $this->_lastMessageId; + } + + /** + * @return string The ID of the last assertion processed + */ + public function getLastAssertionId() + { + return $this->_lastAssertionId; + } + + /** + * @return int The NotOnOrAfter value of the valid + * SubjectConfirmationData node (if any) + * of the last assertion processed + */ + public function getLastAssertionNotOnOrAfter() + { + return $this->_lastAssertionNotOnOrAfter; + } + + /** + * Returns the most recently-constructed/processed + * XML SAML request (AuthNRequest, LogoutRequest) + * + * @return string|null The Request XML + */ + public function getLastRequestXML() + { + return $this->_lastRequest; + } + + /** + * Returns the most recently-constructed/processed + * XML SAML response (SAMLResponse, LogoutResponse). + * If the SAMLResponse was encrypted, by default tries + * to return the decrypted XML. + * + * @return string|null The Response XML + */ + public function getLastResponseXML() + { + $response = null; + if (isset($this->_lastResponse)) { + if (is_string($this->_lastResponse)) { + $response = $this->_lastResponse; + } else { + $response = $this->_lastResponse->saveXML(); + } + } + + return $response; + } +} diff --git a/docker/nextcloud/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/AuthnRequest.php b/docker/nextcloud/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/AuthnRequest.php new file mode 100755 index 0000000..a1311f7 --- /dev/null +++ b/docker/nextcloud/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/AuthnRequest.php @@ -0,0 +1,214 @@ + + * @license MIT https://github.com/onelogin/php-saml/blob/master/LICENSE + * @link https://github.com/onelogin/php-saml + */ + +namespace OneLogin\Saml2; + +/** + * SAML 2 Authentication Request + */ +class AuthnRequest +{ + /** + * Object that represents the setting info + * + * @var Settings + */ + protected $_settings; + + /** + * SAML AuthNRequest string + * + * @var string + */ + private $_authnRequest; + + /** + * SAML AuthNRequest ID. + * + * @var string + */ + private $_id; + + /** + * Constructs the AuthnRequest object. + * + * @param Settings $settings SAML Toolkit Settings + * @param bool $forceAuthn When true the AuthNReuqest will set the ForceAuthn='true' + * @param bool $isPassive When true the AuthNReuqest will set the Ispassive='true' + * @param bool $setNameIdPolicy When true the AuthNReuqest will set a nameIdPolicy + * @param string $nameIdValueReq Indicates to the IdP the subject that should be authenticated + */ + public function __construct(\OneLogin\Saml2\Settings $settings, $forceAuthn = false, $isPassive = false, $setNameIdPolicy = true, $nameIdValueReq = null) + { + $this->_settings = $settings; + + $spData = $this->_settings->getSPData(); + $idpData = $this->_settings->getIdPData(); + $security = $this->_settings->getSecurityData(); + + $id = Utils::generateUniqueID(); + $issueInstant = Utils::parseTime2SAML(time()); + + $subjectStr = ""; + if (isset($nameIdValueReq)) { + $subjectStr = << + {$nameIdValueReq} + + +SUBJECT; + } + + $nameIdPolicyStr = ''; + if ($setNameIdPolicy) { + $nameIDPolicyFormat = $spData['NameIDFormat']; + if (isset($security['wantNameIdEncrypted']) && $security['wantNameIdEncrypted']) { + $nameIDPolicyFormat = Constants::NAMEID_ENCRYPTED; + } + + $nameIdPolicyStr = << +NAMEIDPOLICY; + } + + + $providerNameStr = ''; + $organizationData = $settings->getOrganization(); + if (!empty($organizationData)) { + $langs = array_keys($organizationData); + if (in_array('en-US', $langs)) { + $lang = 'en-US'; + } else { + $lang = $langs[0]; + } + if (isset($organizationData[$lang]['displayname']) && !empty($organizationData[$lang]['displayname'])) { + $providerNameStr = << + urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport + +REQUESTEDAUTHN; + } else { + $requestedAuthnStr .= " \n"; + foreach ($security['requestedAuthnContext'] as $contextValue) { + $requestedAuthnStr .= " ".$contextValue."\n"; + } + $requestedAuthnStr .= ' '; + } + } + + $spEntityId = htmlspecialchars($spData['entityId'], ENT_QUOTES); + $acsUrl = htmlspecialchars($spData['assertionConsumerService']['url'], ENT_QUOTES); + $request = << + {$spEntityId}{$subjectStr}{$nameIdPolicyStr}{$requestedAuthnStr} + +AUTHNREQUEST; + + $this->_id = $id; + $this->_authnRequest = $request; + } + + /** + * Returns deflated, base64 encoded, unsigned AuthnRequest. + * + * @param bool|null $deflate Whether or not we should 'gzdeflate' the request body before we return it. + * + * @return string + */ + public function getRequest($deflate = null) + { + $subject = $this->_authnRequest; + + if (is_null($deflate)) { + $deflate = $this->_settings->shouldCompressRequests(); + } + + if ($deflate) { + $subject = gzdeflate($this->_authnRequest); + } + + $base64Request = base64_encode($subject); + return $base64Request; + } + + /** + * Returns the AuthNRequest ID. + * + * @return string + */ + public function getId() + { + return $this->_id; + } + + /** + * Returns the XML that will be sent as part of the request + * + * @return string + */ + public function getXML() + { + return $this->_authnRequest; + } +} diff --git a/docker/nextcloud/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/Constants.php b/docker/nextcloud/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/Constants.php new file mode 100755 index 0000000..21261fb --- /dev/null +++ b/docker/nextcloud/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/Constants.php @@ -0,0 +1,84 @@ + + * @license MIT https://github.com/onelogin/php-saml/blob/master/LICENSE + * @link https://github.com/onelogin/php-saml + */ + +namespace OneLogin\Saml2; + +/** + * Constants of OneLogin PHP Toolkit + * + * Defines all required constants + */ +class Constants +{ + // Value added to the current time in time condition validations + const ALLOWED_CLOCK_DRIFT = 180; // 3 min in seconds + + // NameID Formats + const NAMEID_EMAIL_ADDRESS = 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress'; + const NAMEID_X509_SUBJECT_NAME = 'urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName'; + const NAMEID_WINDOWS_DOMAIN_QUALIFIED_NAME = 'urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName'; + const NAMEID_UNSPECIFIED = 'urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified'; + const NAMEID_KERBEROS = 'urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos'; + const NAMEID_ENTITY = 'urn:oasis:names:tc:SAML:2.0:nameid-format:entity'; + const NAMEID_TRANSIENT = 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient'; + const NAMEID_PERSISTENT = 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent'; + const NAMEID_ENCRYPTED = 'urn:oasis:names:tc:SAML:2.0:nameid-format:encrypted'; + + // Attribute Name Formats + const ATTRNAME_FORMAT_UNSPECIFIED = 'urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified'; + const ATTRNAME_FORMAT_URI = 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri'; + const ATTRNAME_FORMAT_BASIC = 'urn:oasis:names:tc:SAML:2.0:attrname-format:basic'; + + // Namespaces + const NS_SAML = 'urn:oasis:names:tc:SAML:2.0:assertion'; + const NS_SAMLP = 'urn:oasis:names:tc:SAML:2.0:protocol'; + const NS_SOAP = 'http://schemas.xmlsoap.org/soap/envelope/'; + const NS_MD = 'urn:oasis:names:tc:SAML:2.0:metadata'; + const NS_XS = 'http://www.w3.org/2001/XMLSchema'; + const NS_XSI = 'http://www.w3.org/2001/XMLSchema-instance'; + const NS_XENC = 'http://www.w3.org/2001/04/xmlenc#'; + const NS_DS = 'http://www.w3.org/2000/09/xmldsig#'; + + // Bindings + const BINDING_HTTP_POST = 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST'; + const BINDING_HTTP_REDIRECT = 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect'; + const BINDING_HTTP_ARTIFACT = 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact'; + const BINDING_SOAP = 'urn:oasis:names:tc:SAML:2.0:bindings:SOAP'; + const BINDING_DEFLATE = 'urn:oasis:names:tc:SAML:2.0:bindings:URL-Encoding:DEFLATE'; + + // Auth Context Class + const AC_UNSPECIFIED = 'urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified'; + const AC_PASSWORD = 'urn:oasis:names:tc:SAML:2.0:ac:classes:Password'; + const AC_PASSWORD_PROTECTED = 'urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport'; + const AC_X509 = 'urn:oasis:names:tc:SAML:2.0:ac:classes:X509'; + const AC_SMARTCARD = 'urn:oasis:names:tc:SAML:2.0:ac:classes:Smartcard'; + const AC_KERBEROS = 'urn:oasis:names:tc:SAML:2.0:ac:classes:Kerberos'; + const AC_WINDOWS = 'urn:federation:authentication:windows'; + const AC_TLS = 'urn:oasis:names:tc:SAML:2.0:ac:classes:TLSClient'; + + // Subject Confirmation + const CM_BEARER = 'urn:oasis:names:tc:SAML:2.0:cm:bearer'; + const CM_HOLDER_KEY = 'urn:oasis:names:tc:SAML:2.0:cm:holder-of-key'; + const CM_SENDER_VOUCHES = 'urn:oasis:names:tc:SAML:2.0:cm:sender-vouches'; + + // Status Codes + const STATUS_SUCCESS = 'urn:oasis:names:tc:SAML:2.0:status:Success'; + const STATUS_REQUESTER = 'urn:oasis:names:tc:SAML:2.0:status:Requester'; + const STATUS_RESPONDER = 'urn:oasis:names:tc:SAML:2.0:status:Responder'; + const STATUS_VERSION_MISMATCH = 'urn:oasis:names:tc:SAML:2.0:status:VersionMismatch'; + const STATUS_NO_PASSIVE = 'urn:oasis:names:tc:SAML:2.0:status:NoPassive'; + const STATUS_PARTIAL_LOGOUT = 'urn:oasis:names:tc:SAML:2.0:status:PartialLogout'; + const STATUS_PROXY_COUNT_EXCEEDED = 'urn:oasis:names:tc:SAML:2.0:status:ProxyCountExceeded'; +} diff --git a/docker/nextcloud/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/Error.php b/docker/nextcloud/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/Error.php new file mode 100755 index 0000000..211acf4 --- /dev/null +++ b/docker/nextcloud/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/Error.php @@ -0,0 +1,66 @@ + + * @license MIT https://github.com/onelogin/php-saml/blob/master/LICENSE + * @link https://github.com/onelogin/php-saml + */ + +namespace OneLogin\Saml2; + +use Exception; + +/** + * Error class of OneLogin PHP Toolkit + * + * Defines the Error class + */ +class Error extends Exception +{ + // Errors + const SETTINGS_FILE_NOT_FOUND = 0; + const SETTINGS_INVALID_SYNTAX = 1; + const SETTINGS_INVALID = 2; + const METADATA_SP_INVALID = 3; + const SP_CERTS_NOT_FOUND = 4; + // SP_CERTS_NOT_FOUND is deprecated, use CERT_NOT_FOUND instead + const CERT_NOT_FOUND = 4; + const REDIRECT_INVALID_URL = 5; + const PUBLIC_CERT_FILE_NOT_FOUND = 6; + const PRIVATE_KEY_FILE_NOT_FOUND = 7; + const SAML_RESPONSE_NOT_FOUND = 8; + const SAML_LOGOUTMESSAGE_NOT_FOUND = 9; + const SAML_LOGOUTREQUEST_INVALID = 10; + const SAML_LOGOUTRESPONSE_INVALID = 11; + const SAML_SINGLE_LOGOUT_NOT_SUPPORTED = 12; + const PRIVATE_KEY_NOT_FOUND = 13; + const UNSUPPORTED_SETTINGS_OBJECT = 14; + + /** + * Constructor + * + * @param string $msg Describes the error. + * @param int $code The code error (defined in the error class). + * @param array|null $args Arguments used in the message that describes the error. + */ + public function __construct($msg, $code = 0, $args = array()) + { + assert(is_string($msg)); + assert(is_int($code)); + + if (!isset($args)) { + $args = array(); + } + $params = array_merge(array($msg), $args); + $message = call_user_func_array('sprintf', $params); + + parent::__construct($message, $code); + } +} diff --git a/docker/nextcloud/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/IdPMetadataParser.php b/docker/nextcloud/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/IdPMetadataParser.php new file mode 100755 index 0000000..947d654 --- /dev/null +++ b/docker/nextcloud/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/IdPMetadataParser.php @@ -0,0 +1,243 @@ + + * @license MIT https://github.com/onelogin/php-saml/blob/master/LICENSE + * @link https://github.com/onelogin/php-saml + */ + +namespace OneLogin\Saml2; + +use DOMDocument; +use Exception; + +/** + * IdP Metadata Parser of OneLogin PHP Toolkit + */ +class IdPMetadataParser +{ + /** + * Get IdP Metadata Info from URL + * + * @param string $url URL where the IdP metadata is published + * @param string $entityId Entity Id of the desired IdP, if no + * entity Id is provided and the XML + * metadata contains more than one + * IDPSSODescriptor, the first is returned + * @param string $desiredNameIdFormat If available on IdP metadata, use that nameIdFormat + * @param string $desiredSSOBinding Parse specific binding SSO endpoint + * @param string $desiredSLOBinding Parse specific binding SLO endpoint + * + * @return array metadata info in php-saml settings format + */ + public static function parseRemoteXML($url, $entityId = null, $desiredNameIdFormat = null, $desiredSSOBinding = Constants::BINDING_HTTP_REDIRECT, $desiredSLOBinding = Constants::BINDING_HTTP_REDIRECT) + { + $metadataInfo = array(); + + try { + $ch = curl_init($url); + curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "GET"); + curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); + curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); + curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0); + curl_setopt($ch, CURLOPT_FAILONERROR, 1); + + $xml = curl_exec($ch); + if ($xml !== false) { + $metadataInfo = self::parseXML($xml, $entityId, $desiredNameIdFormat, $desiredSSOBinding, $desiredSLOBinding); + } else { + throw new Exception(curl_error($ch), curl_errno($ch)); + } + } catch (Exception $e) { + throw new Exception('Error on parseRemoteXML. '.$e->getMessage()); + } + return $metadataInfo; + } + + /** + * Get IdP Metadata Info from File + * + * @param string $filepath File path + * @param string $entityId Entity Id of the desired IdP, if no + * entity Id is provided and the XML + * metadata contains more than one + * IDPSSODescriptor, the first is returned + * @param string $desiredNameIdFormat If available on IdP metadata, use that nameIdFormat + * @param string $desiredSSOBinding Parse specific binding SSO endpoint + * @param string $desiredSLOBinding Parse specific binding SLO endpoint + * + * @return array metadata info in php-saml settings format + */ + public static function parseFileXML($filepath, $entityId = null, $desiredNameIdFormat = null, $desiredSSOBinding = Constants::BINDING_HTTP_REDIRECT, $desiredSLOBinding = Constants::BINDING_HTTP_REDIRECT) + { + $metadataInfo = array(); + + try { + if (file_exists($filepath)) { + $data = file_get_contents($filepath); + $metadataInfo = self::parseXML($data, $entityId, $desiredNameIdFormat, $desiredSSOBinding, $desiredSLOBinding); + } + } catch (Exception $e) { + throw new Exception('Error on parseFileXML. '.$e->getMessage()); + } + return $metadataInfo; + } + + /** + * Get IdP Metadata Info from URL + * + * @param string $xml XML that contains IdP metadata + * @param string $entityId Entity Id of the desired IdP, if no + * entity Id is provided and the XML + * metadata contains more than one + * IDPSSODescriptor, the first is returned + * @param string $desiredNameIdFormat If available on IdP metadata, use that nameIdFormat + * @param string $desiredSSOBinding Parse specific binding SSO endpoint + * @param string $desiredSLOBinding Parse specific binding SLO endpoint + * + * @return array metadata info in php-saml settings format + * + * @throws Exception + */ + public static function parseXML($xml, $entityId = null, $desiredNameIdFormat = null, $desiredSSOBinding = Constants::BINDING_HTTP_REDIRECT, $desiredSLOBinding = Constants::BINDING_HTTP_REDIRECT) + { + $metadataInfo = array(); + + $dom = new DOMDocument(); + $dom->preserveWhiteSpace = false; + $dom->formatOutput = true; + try { + $dom = Utils::loadXML($dom, $xml); + if (!$dom) { + throw new Exception('Error parsing metadata'); + } + + $customIdPStr = ''; + if (!empty($entityId)) { + $customIdPStr = '[@entityID="' . $entityId . '"]'; + } + $idpDescryptorXPath = '//md:EntityDescriptor' . $customIdPStr . '/md:IDPSSODescriptor'; + + $idpDescriptorNodes = Utils::query($dom, $idpDescryptorXPath); + + if (isset($idpDescriptorNodes) && $idpDescriptorNodes->length > 0) { + $metadataInfo['idp'] = array(); + + $idpDescriptor = $idpDescriptorNodes->item(0); + + if (empty($entityId) && $idpDescriptor->parentNode->hasAttribute('entityID')) { + $entityId = $idpDescriptor->parentNode->getAttribute('entityID'); + } + + if (!empty($entityId)) { + $metadataInfo['idp']['entityId'] = $entityId; + } + + $ssoNodes = Utils::query($dom, './md:SingleSignOnService[@Binding="'.$desiredSSOBinding.'"]', $idpDescriptor); + if ($ssoNodes->length < 1) { + $ssoNodes = Utils::query($dom, './md:SingleSignOnService', $idpDescriptor); + } + if ($ssoNodes->length > 0) { + $metadataInfo['idp']['singleSignOnService'] = array( + 'url' => $ssoNodes->item(0)->getAttribute('Location'), + 'binding' => $ssoNodes->item(0)->getAttribute('Binding') + ); + } + + $sloNodes = Utils::query($dom, './md:SingleLogoutService[@Binding="'.$desiredSLOBinding.'"]', $idpDescriptor); + if ($sloNodes->length < 1) { + $sloNodes = Utils::query($dom, './md:SingleLogoutService', $idpDescriptor); + } + if ($sloNodes->length > 0) { + $metadataInfo['idp']['singleLogoutService'] = array( + 'url' => $sloNodes->item(0)->getAttribute('Location'), + 'binding' => $sloNodes->item(0)->getAttribute('Binding') + ); + + if ($sloNodes->item(0)->hasAttribute('ResponseLocation')) { + $metadataInfo['idp']['singleLogoutService']['responseUrl'] = $sloNodes->item(0)->getAttribute('ResponseLocation'); + } + } + + $keyDescriptorCertSigningNodes = Utils::query($dom, './md:KeyDescriptor[not(contains(@use, "encryption"))]/ds:KeyInfo/ds:X509Data/ds:X509Certificate', $idpDescriptor); + + $keyDescriptorCertEncryptionNodes = Utils::query($dom, './md:KeyDescriptor[not(contains(@use, "signing"))]/ds:KeyInfo/ds:X509Data/ds:X509Certificate', $idpDescriptor); + + if (!empty($keyDescriptorCertSigningNodes) || !empty($keyDescriptorCertEncryptionNodes)) { + $metadataInfo['idp']['x509certMulti'] = array(); + if (!empty($keyDescriptorCertSigningNodes)) { + $idpInfo['x509certMulti']['signing'] = array(); + foreach ($keyDescriptorCertSigningNodes as $keyDescriptorCertSigningNode) { + $metadataInfo['idp']['x509certMulti']['signing'][] = Utils::formatCert($keyDescriptorCertSigningNode->nodeValue, false); + } + } + if (!empty($keyDescriptorCertEncryptionNodes)) { + $idpInfo['x509certMulti']['encryption'] = array(); + foreach ($keyDescriptorCertEncryptionNodes as $keyDescriptorCertEncryptionNode) { + $metadataInfo['idp']['x509certMulti']['encryption'][] = Utils::formatCert($keyDescriptorCertEncryptionNode->nodeValue, false); + } + } + + $idpCertdata = $metadataInfo['idp']['x509certMulti']; + if ((count($idpCertdata) == 1 and + ((isset($idpCertdata['signing']) and count($idpCertdata['signing']) == 1) or (isset($idpCertdata['encryption']) and count($idpCertdata['encryption']) == 1))) or + ((isset($idpCertdata['signing']) && count($idpCertdata['signing']) == 1) && isset($idpCertdata['encryption']) && count($idpCertdata['encryption']) == 1 && strcmp($idpCertdata['signing'][0], $idpCertdata['encryption'][0]) == 0)) { + if (isset($metadataInfo['idp']['x509certMulti']['signing'][0])) { + $metadataInfo['idp']['x509cert'] = $metadataInfo['idp']['x509certMulti']['signing'][0]; + } else { + $metadataInfo['idp']['x509cert'] = $metadataInfo['idp']['x509certMulti']['encryption'][0]; + } + unset($metadataInfo['idp']['x509certMulti']); + } + } + + $nameIdFormatNodes = Utils::query($dom, './md:NameIDFormat', $idpDescriptor); + if ($nameIdFormatNodes->length > 0) { + $metadataInfo['sp']['NameIDFormat'] = $nameIdFormatNodes->item(0)->nodeValue; + if (!empty($desiredNameIdFormat)) { + foreach ($nameIdFormatNodes as $nameIdFormatNode) { + if (strcmp($nameIdFormatNode->nodeValue, $desiredNameIdFormat) == 0) { + $metadataInfo['sp']['NameIDFormat'] = $nameIdFormatNode->nodeValue; + break; + } + } + } + } + } + } catch (Exception $e) { + throw new Exception('Error parsing metadata. '.$e->getMessage()); + } + + return $metadataInfo; + } + + /** + * Inject metadata info into php-saml settings array + * + * @param array $settings php-saml settings array + * @param array $metadataInfo array metadata info + * + * @return array settings + */ + public static function injectIntoSettings($settings, $metadataInfo) + { + if (isset($metadataInfo['idp']) && isset($settings['idp'])) { + if (isset($metadataInfo['idp']['x509certMulti']) && !empty($metadataInfo['idp']['x509certMulti']) && isset($settings['idp']['x509cert'])) { + unset($settings['idp']['x509cert']); + } + + if (isset($metadataInfo['idp']['x509cert']) && !empty($metadataInfo['idp']['x509cert']) && isset($settings['idp']['x509certMulti'])) { + unset($settings['idp']['x509certMulti']); + } + } + + return array_replace_recursive($settings, $metadataInfo); + } +} diff --git a/docker/nextcloud/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/LogoutRequest.php b/docker/nextcloud/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/LogoutRequest.php new file mode 100755 index 0000000..d540c22 --- /dev/null +++ b/docker/nextcloud/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/LogoutRequest.php @@ -0,0 +1,492 @@ + + * @license MIT https://github.com/onelogin/php-saml/blob/master/LICENSE + * @link https://github.com/onelogin/php-saml + */ + +namespace OneLogin\Saml2; + +use RobRichards\XMLSecLibs\XMLSecurityKey; + +use DOMDocument; +use Exception; + +/** + * SAML 2 Logout Request + */ +class LogoutRequest +{ + /** + * Contains the ID of the Logout Request + * + * @var string + */ + public $id; + + /** + * Object that represents the setting info + * + * @var Settings + */ + protected $_settings; + + /** + * SAML Logout Request + * + * @var string + */ + protected $_logoutRequest; + + /** + * After execute a validation process, this var contains the cause + * + * @var Exception + */ + private $_error; + + /** + * Constructs the Logout Request object. + * + * @param Settings $settings Settings + * @param string|null $request A UUEncoded Logout Request. + * @param string|null $nameId The NameID that will be set in the LogoutRequest. + * @param string|null $sessionIndex The SessionIndex (taken from the SAML Response in the SSO process). + * @param string|null $nameIdFormat The NameID Format will be set in the LogoutRequest. + * @param string|null $nameIdNameQualifier The NameID NameQualifier will be set in the LogoutRequest. + * @param string|null $nameIdSPNameQualifier The NameID SP NameQualifier will be set in the LogoutRequest. + */ + public function __construct(\OneLogin\Saml2\Settings $settings, $request = null, $nameId = null, $sessionIndex = null, $nameIdFormat = null, $nameIdNameQualifier = null, $nameIdSPNameQualifier = null) + { + $this->_settings = $settings; + + $baseURL = $this->_settings->getBaseURL(); + if (!empty($baseURL)) { + Utils::setBaseURL($baseURL); + } + + if (!isset($request) || empty($request)) { + $spData = $this->_settings->getSPData(); + $idpData = $this->_settings->getIdPData(); + $security = $this->_settings->getSecurityData(); + + $id = Utils::generateUniqueID(); + $this->id = $id; + + $issueInstant = Utils::parseTime2SAML(time()); + + $cert = null; + if (isset($security['nameIdEncrypted']) && $security['nameIdEncrypted']) { + $existsMultiX509Enc = isset($idpData['x509certMulti']) && isset($idpData['x509certMulti']['encryption']) && !empty($idpData['x509certMulti']['encryption']); + + if ($existsMultiX509Enc) { + $cert = $idpData['x509certMulti']['encryption'][0]; + } else { + $cert = $idpData['x509cert']; + } + } + + if (!empty($nameId)) { + if (empty($nameIdFormat) + && $spData['NameIDFormat'] != Constants::NAMEID_UNSPECIFIED) { + $nameIdFormat = $spData['NameIDFormat']; + } + } else { + $nameId = $idpData['entityId']; + $nameIdFormat = Constants::NAMEID_ENTITY; + } + + /* From saml-core-2.0-os 8.3.6, when the entity Format is used: + "The NameQualifier, SPNameQualifier, and SPProvidedID attributes MUST be omitted. + */ + if (!empty($nameIdFormat) && $nameIdFormat == Constants::NAMEID_ENTITY) { + $nameIdNameQualifier = null; + $nameIdSPNameQualifier = null; + } + + // NameID Format UNSPECIFIED omitted + if (!empty($nameIdFormat) && $nameIdFormat == Constants::NAMEID_UNSPECIFIED) { + $nameIdFormat = null; + } + + $nameIdObj = Utils::generateNameId( + $nameId, + $nameIdSPNameQualifier, + $nameIdFormat, + $cert, + $nameIdNameQualifier + ); + + $sessionIndexStr = isset($sessionIndex) ? "{$sessionIndex}" : ""; + + $spEntityId = htmlspecialchars($spData['entityId'], ENT_QUOTES); + $logoutRequest = << + {$spEntityId} + {$nameIdObj} + {$sessionIndexStr} + +LOGOUTREQUEST; + } else { + $decoded = base64_decode($request); + // We try to inflate + $inflated = @gzinflate($decoded); + if ($inflated != false) { + $logoutRequest = $inflated; + } else { + $logoutRequest = $decoded; + } + $this->id = static::getID($logoutRequest); + } + $this->_logoutRequest = $logoutRequest; + } + + /** + * Returns the Logout Request defated, base64encoded, unsigned + * + * @param bool|null $deflate Whether or not we should 'gzdeflate' the request body before we return it. + * + * @return string Deflated base64 encoded Logout Request + */ + public function getRequest($deflate = null) + { + $subject = $this->_logoutRequest; + + if (is_null($deflate)) { + $deflate = $this->_settings->shouldCompressRequests(); + } + + if ($deflate) { + $subject = gzdeflate($this->_logoutRequest); + } + + return base64_encode($subject); + } + + /** + * Returns the ID of the Logout Request. + * + * @param string|DOMDocument $request Logout Request Message + * + * @return string ID + * + * @throws Error + */ + public static function getID($request) + { + if ($request instanceof DOMDocument) { + $dom = $request; + } else { + $dom = new DOMDocument(); + $dom = Utils::loadXML($dom, $request); + } + + + if (false === $dom) { + throw new Error( + "LogoutRequest could not be processed", + Error::SAML_LOGOUTREQUEST_INVALID + ); + } + + $id = $dom->documentElement->getAttribute('ID'); + return $id; + } + + /** + * Gets the NameID Data of the the Logout Request. + * + * @param string|DOMDocument $request Logout Request Message + * @param string|null $key The SP key + * + * @return array Name ID Data (Value, Format, NameQualifier, SPNameQualifier) + * + * @throws Error + * @throws Exception + * @throws ValidationError + */ + public static function getNameIdData($request, $key = null) + { + if ($request instanceof DOMDocument) { + $dom = $request; + } else { + $dom = new DOMDocument(); + $dom = Utils::loadXML($dom, $request); + } + + $encryptedEntries = Utils::query($dom, '/samlp:LogoutRequest/saml:EncryptedID'); + + if ($encryptedEntries->length == 1) { + $encryptedDataNodes = $encryptedEntries->item(0)->getElementsByTagName('EncryptedData'); + $encryptedData = $encryptedDataNodes->item(0); + + if (empty($key)) { + throw new Error( + "Private Key is required in order to decrypt the NameID, check settings", + Error::PRIVATE_KEY_NOT_FOUND + ); + } + + $seckey = new XMLSecurityKey(XMLSecurityKey::RSA_1_5, array('type'=>'private')); + $seckey->loadKey($key); + + $nameId = Utils::decryptElement($encryptedData, $seckey); + + } else { + $entries = Utils::query($dom, '/samlp:LogoutRequest/saml:NameID'); + if ($entries->length == 1) { + $nameId = $entries->item(0); + } + } + + if (!isset($nameId)) { + throw new ValidationError( + "NameID not found in the Logout Request", + ValidationError::NO_NAMEID + ); + } + + $nameIdData = array(); + $nameIdData['Value'] = $nameId->nodeValue; + foreach (array('Format', 'SPNameQualifier', 'NameQualifier') as $attr) { + if ($nameId->hasAttribute($attr)) { + $nameIdData[$attr] = $nameId->getAttribute($attr); + } + } + + return $nameIdData; + } + + /** + * Gets the NameID of the Logout Request. + * + * @param string|DOMDocument $request Logout Request Message + * @param string|null $key The SP key + * + * @return string Name ID Value + * + * @throws Error + * @throws Exception + * @throws ValidationError + */ + public static function getNameId($request, $key = null) + { + $nameId = self::getNameIdData($request, $key); + return $nameId['Value']; + } + + /** + * Gets the Issuer of the Logout Request. + * + * @param string|DOMDocument $request Logout Request Message + * + * @return string|null $issuer The Issuer + * + * @throws Exception + */ + public static function getIssuer($request) + { + if ($request instanceof DOMDocument) { + $dom = $request; + } else { + $dom = new DOMDocument(); + $dom = Utils::loadXML($dom, $request); + } + + $issuer = null; + $issuerNodes = Utils::query($dom, '/samlp:LogoutRequest/saml:Issuer'); + if ($issuerNodes->length == 1) { + $issuer = $issuerNodes->item(0)->textContent; + } + return $issuer; + } + + /** + * Gets the SessionIndexes from the Logout Request. + * Notice: Our Constructor only support 1 SessionIndex but this parser + * extracts an array of all the SessionIndex found on a + * Logout Request, that could be many. + * + * @param string|DOMDocument $request Logout Request Message + * + * @return array The SessionIndex value + * + * @throws Exception + */ + public static function getSessionIndexes($request) + { + if ($request instanceof DOMDocument) { + $dom = $request; + } else { + $dom = new DOMDocument(); + $dom = Utils::loadXML($dom, $request); + } + + $sessionIndexes = array(); + $sessionIndexNodes = Utils::query($dom, '/samlp:LogoutRequest/samlp:SessionIndex'); + foreach ($sessionIndexNodes as $sessionIndexNode) { + $sessionIndexes[] = $sessionIndexNode->textContent; + } + return $sessionIndexes; + } + + /** + * Checks if the Logout Request recieved is valid. + * + * @param bool $retrieveParametersFromServer True if we want to use parameters from $_SERVER to validate the signature + * + * @return bool If the Logout Request is or not valid + * + * @throws Exception + * @throws ValidationError + */ + public function isValid($retrieveParametersFromServer = false) + { + $this->_error = null; + try { + $dom = new DOMDocument(); + $dom = Utils::loadXML($dom, $this->_logoutRequest); + + $idpData = $this->_settings->getIdPData(); + $idPEntityId = $idpData['entityId']; + + if ($this->_settings->isStrict()) { + $security = $this->_settings->getSecurityData(); + + if ($security['wantXMLValidation']) { + $res = Utils::validateXML($dom, 'saml-schema-protocol-2.0.xsd', $this->_settings->isDebugActive(), $this->_settings->getSchemasPath()); + if (!$res instanceof DOMDocument) { + throw new ValidationError( + "Invalid SAML Logout Request. Not match the saml-schema-protocol-2.0.xsd", + ValidationError::INVALID_XML_FORMAT + ); + } + } + + $currentURL = Utils::getSelfRoutedURLNoQuery(); + + // Check NotOnOrAfter + if ($dom->documentElement->hasAttribute('NotOnOrAfter')) { + $na = Utils::parseSAML2Time($dom->documentElement->getAttribute('NotOnOrAfter')); + if ($na <= time()) { + throw new ValidationError( + "Could not validate timestamp: expired. Check system clock.", + ValidationError::RESPONSE_EXPIRED + ); + } + } + + // Check destination + if ($dom->documentElement->hasAttribute('Destination')) { + $destination = $dom->documentElement->getAttribute('Destination'); + if (empty($destination)) { + if (!$security['relaxDestinationValidation']) { + throw new ValidationError( + "The LogoutRequest has an empty Destination value", + ValidationError::EMPTY_DESTINATION + ); + } + } else { + $urlComparisonLength = $security['destinationStrictlyMatches'] ? strlen($destination) : strlen($currentURL); + if (strncmp($destination, $currentURL, $urlComparisonLength) !== 0) { + $currentURLNoRouted = Utils::getSelfURLNoQuery(); + $urlComparisonLength = $security['destinationStrictlyMatches'] ? strlen($destination) : strlen($currentURLNoRouted); + if (strncmp($destination, $currentURLNoRouted, $urlComparisonLength) !== 0) { + throw new ValidationError( + "The LogoutRequest was received at $currentURL instead of $destination", + ValidationError::WRONG_DESTINATION + ); + } + } + } + } + + $nameId = static::getNameId($dom, $this->_settings->getSPkey()); + + // Check issuer + $issuer = static::getIssuer($dom); + if (!empty($issuer) && $issuer != $idPEntityId) { + throw new ValidationError( + "Invalid issuer in the Logout Request", + ValidationError::WRONG_ISSUER + ); + } + + if ($security['wantMessagesSigned'] && !isset($_GET['Signature'])) { + throw new ValidationError( + "The Message of the Logout Request is not signed and the SP require it", + ValidationError::NO_SIGNED_MESSAGE + ); + } + } + + if (isset($_GET['Signature'])) { + $signatureValid = Utils::validateBinarySign("SAMLRequest", $_GET, $idpData, $retrieveParametersFromServer); + if (!$signatureValid) { + throw new ValidationError( + "Signature validation failed. Logout Request rejected", + ValidationError::INVALID_SIGNATURE + ); + } + } + + return true; + } catch (Exception $e) { + $this->_error = $e; + $debug = $this->_settings->isDebugActive(); + if ($debug) { + echo htmlentities($this->_error->getMessage()); + } + return false; + } + } + + /** + * After execute a validation process, if fails this method returns the Exception of the cause + * + * @return Exception Cause + */ + public function getErrorException() + { + return $this->_error; + } + + /** + * After execute a validation process, if fails this method returns the cause + * + * @return null|string Error reason + */ + public function getError() + { + $errorMsg = null; + if (isset($this->_error)) { + $errorMsg = htmlentities($this->_error->getMessage()); + } + return $errorMsg; + } + + /** + * Returns the XML that will be sent as part of the request + * or that was received at the SP + * + * @return string + */ + public function getXML() + { + return $this->_logoutRequest; + } +} diff --git a/docker/nextcloud/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/LogoutResponse.php b/docker/nextcloud/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/LogoutResponse.php new file mode 100755 index 0000000..700feb0 --- /dev/null +++ b/docker/nextcloud/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/LogoutResponse.php @@ -0,0 +1,348 @@ + + * @license MIT https://github.com/onelogin/php-saml/blob/master/LICENSE + * @link https://github.com/onelogin/php-saml + */ + +namespace OneLogin\Saml2; + +use DOMDocument; +use DOMNodeList; +use Exception; + +/** + * SAML 2 Logout Response + */ +class LogoutResponse +{ + /** + * Contains the ID of the Logout Response + * + * @var string + */ + public $id; + + /** + * Object that represents the setting info + * + * @var Settings + */ + protected $_settings; + + /** + * The decoded, unprocessed XML response provided to the constructor. + * + * @var string|null + */ + protected $_logoutResponse; + + /** + * A DOMDocument class loaded from the SAML LogoutResponse. + * + * @var DOMDocument + */ + public $document; + + /** + * After execute a validation process, if it fails, this var contains the cause + * + * @var Exception|null + */ + private $_error; + + /** + * Constructs a Logout Response object (Initialize params from settings and if provided + * load the Logout Response. + * + * @param Settings $settings Settings. + * @param string|null $response An UUEncoded SAML Logout response from the IdP. + * + * @throws Error + * @throws Exception + */ + public function __construct(\OneLogin\Saml2\Settings $settings, $response = null) + { + $this->_settings = $settings; + + $baseURL = $this->_settings->getBaseURL(); + if (!empty($baseURL)) { + Utils::setBaseURL($baseURL); + } + + if ($response) { + $decoded = base64_decode($response); + $inflated = @gzinflate($decoded); + if ($inflated != false) { + $this->_logoutResponse = $inflated; + } else { + $this->_logoutResponse = $decoded; + } + $this->document = new DOMDocument(); + $this->document = Utils::loadXML($this->document, $this->_logoutResponse); + + if (false === $this->document) { + throw new Error( + "LogoutResponse could not be processed", + Error::SAML_LOGOUTRESPONSE_INVALID + ); + } + + if ($this->document->documentElement->hasAttribute('ID')) { + $this->id = $this->document->documentElement->getAttribute('ID'); + } + } + } + + /** + * Gets the Issuer of the Logout Response. + * + * @return string|null $issuer The Issuer + */ + public function getIssuer() + { + $issuer = null; + $issuerNodes = $this->_query('/samlp:LogoutResponse/saml:Issuer'); + if ($issuerNodes->length == 1) { + $issuer = $issuerNodes->item(0)->textContent; + } + return $issuer; + } + + /** + * Gets the Status of the Logout Response. + * + * @return string|null The Status + */ + public function getStatus() + { + $entries = $this->_query('/samlp:LogoutResponse/samlp:Status/samlp:StatusCode'); + if ($entries->length != 1) { + return null; + } + $status = $entries->item(0)->getAttribute('Value'); + return $status; + } + + /** + * Determines if the SAML LogoutResponse is valid + * + * @param string|null $requestId The ID of the LogoutRequest sent by this SP to the IdP + * @param bool $retrieveParametersFromServer True if we want to use parameters from $_SERVER to validate the signature + * + * @return bool Returns if the SAML LogoutResponse is or not valid + * + * @throws ValidationError + */ + public function isValid($requestId = null, $retrieveParametersFromServer = false) + { + $this->_error = null; + try { + $idpData = $this->_settings->getIdPData(); + $idPEntityId = $idpData['entityId']; + + if ($this->_settings->isStrict()) { + $security = $this->_settings->getSecurityData(); + + if ($security['wantXMLValidation']) { + $res = Utils::validateXML($this->document, 'saml-schema-protocol-2.0.xsd', $this->_settings->isDebugActive(), $this->_settings->getSchemasPath()); + if (!$res instanceof DOMDocument) { + throw new ValidationError( + "Invalid SAML Logout Response. Not match the saml-schema-protocol-2.0.xsd", + ValidationError::INVALID_XML_FORMAT + ); + } + } + + // Check if the InResponseTo of the Logout Response matchs the ID of the Logout Request (requestId) if provided + if (isset($requestId) && $this->document->documentElement->hasAttribute('InResponseTo')) { + $inResponseTo = $this->document->documentElement->getAttribute('InResponseTo'); + if ($requestId != $inResponseTo) { + throw new ValidationError( + "The InResponseTo of the Logout Response: $inResponseTo, does not match the ID of the Logout request sent by the SP: $requestId", + ValidationError::WRONG_INRESPONSETO + ); + } + } + + // Check issuer + $issuer = $this->getIssuer(); + if (!empty($issuer) && $issuer != $idPEntityId) { + throw new ValidationError( + "Invalid issuer in the Logout Response", + ValidationError::WRONG_ISSUER + ); + } + + $currentURL = Utils::getSelfRoutedURLNoQuery(); + + if ($this->document->documentElement->hasAttribute('Destination')) { + $destination = $this->document->documentElement->getAttribute('Destination'); + if (empty($destination)) { + if (!$security['relaxDestinationValidation']) { + throw new ValidationError( + "The LogoutResponse has an empty Destination value", + ValidationError::EMPTY_DESTINATION + ); + } + } else { + $urlComparisonLength = $security['destinationStrictlyMatches'] ? strlen($destination) : strlen($currentURL); + if (strncmp($destination, $currentURL, $urlComparisonLength) !== 0) { + $currentURLNoRouted = Utils::getSelfURLNoQuery(); + $urlComparisonLength = $security['destinationStrictlyMatches'] ? strlen($destination) : strlen($currentURLNoRouted); + if (strncmp($destination, $currentURLNoRouted, $urlComparisonLength) !== 0) { + throw new ValidationError( + "The LogoutResponse was received at $currentURL instead of $destination", + ValidationError::WRONG_DESTINATION + ); + } + } + } + } + + if ($security['wantMessagesSigned'] && !isset($_GET['Signature'])) { + throw new ValidationError( + "The Message of the Logout Response is not signed and the SP requires it", + ValidationError::NO_SIGNED_MESSAGE + ); + } + } + + if (isset($_GET['Signature'])) { + $signatureValid = Utils::validateBinarySign("SAMLResponse", $_GET, $idpData, $retrieveParametersFromServer); + if (!$signatureValid) { + throw new ValidationError( + "Signature validation failed. Logout Response rejected", + ValidationError::INVALID_SIGNATURE + ); + } + } + return true; + } catch (Exception $e) { + $this->_error = $e; + $debug = $this->_settings->isDebugActive(); + if ($debug) { + echo htmlentities($this->_error->getMessage()); + } + return false; + } + } + + /** + * Extracts a node from the DOMDocument (Logout Response Menssage) + * + * @param string $query Xpath Expression + * + * @return DOMNodeList The queried node + */ + private function _query($query) + { + return Utils::query($this->document, $query); + + } + + /** + * Generates a Logout Response object. + * + * @param string $inResponseTo InResponseTo value for the Logout Response. + */ + public function build($inResponseTo) + { + + $spData = $this->_settings->getSPData(); + $idpData = $this->_settings->getIdPData(); + + $this->id = Utils::generateUniqueID(); + $issueInstant = Utils::parseTime2SAML(time()); + + $spEntityId = htmlspecialchars($spData['entityId'], ENT_QUOTES); + $logoutResponse = << + {$spEntityId} + + + + +LOGOUTRESPONSE; + $this->_logoutResponse = $logoutResponse; + } + + /** + * Returns a Logout Response object. + * + * @param bool|null $deflate Whether or not we should 'gzdeflate' the response body before we return it. + * + * @return string Logout Response deflated and base64 encoded + */ + public function getResponse($deflate = null) + { + $logoutResponse = $this->_logoutResponse; + + if (is_null($deflate)) { + $deflate = $this->_settings->shouldCompressResponses(); + } + + if ($deflate) { + $logoutResponse = gzdeflate($this->_logoutResponse); + } + return base64_encode($logoutResponse); + } + + /** + * After execute a validation process, if fails this method returns the cause. + * + * @return Exception|null Cause + */ + public function getErrorException() + { + return $this->_error; + } + + /** + * After execute a validation process, if fails this method returns the cause + * + * @return null|string Error reason + */ + public function getError() + { + $errorMsg = null; + if (isset($this->_error)) { + $errorMsg = htmlentities($this->_error->getMessage()); + } + return $errorMsg; + } + + /** + * @return string the ID of the Response + */ + public function getId() + { + return $this->id; + } + + /** + * Returns the XML that will be sent as part of the response + * or that was received at the SP + * + * @return string|null + */ + public function getXML() + { + return $this->_logoutResponse; + } +} diff --git a/docker/nextcloud/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/Metadata.php b/docker/nextcloud/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/Metadata.php new file mode 100755 index 0000000..922ad60 --- /dev/null +++ b/docker/nextcloud/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/Metadata.php @@ -0,0 +1,267 @@ + + * @license MIT https://github.com/onelogin/php-saml/blob/master/LICENSE + * @link https://github.com/onelogin/php-saml + */ + +namespace OneLogin\Saml2; + +use RobRichards\XMLSecLibs\XMLSecurityKey; +use RobRichards\XMLSecLibs\XMLSecurityDSig; + +use DOMDocument; +use Exception; + +/** + * Metadata lib of OneLogin PHP Toolkit + */ +class Metadata +{ + const TIME_VALID = 172800; // 2 days + const TIME_CACHED = 604800; // 1 week + + /** + * Generates the metadata of the SP based on the settings + * + * @param array $sp The SP data + * @param bool|string $authnsign authnRequestsSigned attribute + * @param bool|string $wsign wantAssertionsSigned attribute + * @param int|null $validUntil Metadata's valid time + * @param int|null $cacheDuration Duration of the cache in seconds + * @param array $contacts Contacts info + * @param array $organization Organization ingo + * @param array $attributes + * + * @return string SAML Metadata XML + */ + public static function builder($sp, $authnsign = false, $wsign = false, $validUntil = null, $cacheDuration = null, $contacts = array(), $organization = array(), $attributes = array()) + { + + if (!isset($validUntil)) { + $validUntil = time() + self::TIME_VALID; + } + $validUntilTime = Utils::parseTime2SAML($validUntil); + + if (!isset($cacheDuration)) { + $cacheDuration = self::TIME_CACHED; + } + + $sls = ''; + + if (isset($sp['singleLogoutService'])) { + $slsUrl = htmlspecialchars($sp['singleLogoutService']['url'], ENT_QUOTES); + $sls = << + +SLS_TEMPLATE; + } + + if ($authnsign) { + $strAuthnsign = 'true'; + } else { + $strAuthnsign = 'false'; + } + + if ($wsign) { + $strWsign = 'true'; + } else { + $strWsign = 'false'; + } + + $strOrganization = ''; + + if (!empty($organization)) { + $organizationInfoNames = array(); + $organizationInfoDisplaynames = array(); + $organizationInfoUrls = array(); + foreach ($organization as $lang => $info) { + $organizationInfoNames[] = <<{$info['name']} +ORGANIZATION_NAME; + $organizationInfoDisplaynames[] = <<{$info['displayname']} +ORGANIZATION_DISPLAY; + $organizationInfoUrls[] = <<{$info['url']} +ORGANIZATION_URL; + } + $orgData = implode("\n", $organizationInfoNames)."\n".implode("\n", $organizationInfoDisplaynames)."\n".implode("\n", $organizationInfoUrls); + $strOrganization = << +{$orgData} + +ORGANIZATIONSTR; + } + + $strContacts = ''; + if (!empty($contacts)) { + $contactsInfo = array(); + foreach ($contacts as $type => $info) { + $contactsInfo[] = << + {$info['givenName']} + {$info['emailAddress']} + +CONTACT; + } + $strContacts = "\n".implode("\n", $contactsInfo); + } + + $strAttributeConsumingService = ''; + if (isset($sp['attributeConsumingService'])) { + $attrCsDesc = ''; + if (isset($sp['attributeConsumingService']['serviceDescription'])) { + $attrCsDesc = sprintf( + ' %s' . PHP_EOL, + $sp['attributeConsumingService']['serviceDescription'] + ); + } + if (!isset($sp['attributeConsumingService']['serviceName'])) { + $sp['attributeConsumingService']['serviceName'] = 'Service'; + } + $requestedAttributeData = array(); + foreach ($sp['attributeConsumingService']['requestedAttributes'] as $attribute) { + $requestedAttributeStr = sprintf(' {$attrValue} +ATTRIBUTEVALUE; + } + $reqAttrAuxStr .= "\n "; + } + + $requestedAttributeData[] = $requestedAttributeStr . $reqAttrAuxStr; + } + + $requestedAttributeStr = implode(PHP_EOL, $requestedAttributeData); + $strAttributeConsumingService = << + {$sp['attributeConsumingService']['serviceName']} +{$attrCsDesc}{$requestedAttributeStr} + +METADATA_TEMPLATE; + } + + $spEntityId = htmlspecialchars($sp['entityId'], ENT_QUOTES); + $acsUrl = htmlspecialchars($sp['assertionConsumerService']['url'], ENT_QUOTES); + $metadata = << + + +{$sls} {$sp['NameIDFormat']} + + {$strAttributeConsumingService} + {$strOrganization}{$strContacts} + +METADATA_TEMPLATE; + return $metadata; + } + + /** + * Signs the metadata with the key/cert provided + * + * @param string $metadata SAML Metadata XML + * @param string $key x509 key + * @param string $cert x509 cert + * @param string $signAlgorithm Signature algorithm method + * @param string $digestAlgorithm Digest algorithm method + * + * @return string Signed Metadata + * + * @throws Exception + */ + public static function signMetadata($metadata, $key, $cert, $signAlgorithm = XMLSecurityKey::RSA_SHA256, $digestAlgorithm = XMLSecurityDSig::SHA256) + { + return Utils::addSign($metadata, $key, $cert, $signAlgorithm, $digestAlgorithm); + } + + /** + * Adds the x509 descriptors (sign/encryption) to the metadata + * The same cert will be used for sign/encrypt + * + * @param string $metadata SAML Metadata XML + * @param string $cert x509 cert + * @param bool $wantsEncrypted Whether to include the KeyDescriptor for encryption + * + * @return string Metadata with KeyDescriptors + * + * @throws Exception + */ + public static function addX509KeyDescriptors($metadata, $cert, $wantsEncrypted = true) + { + $xml = new DOMDocument(); + $xml->preserveWhiteSpace = false; + $xml->formatOutput = true; + try { + $xml = Utils::loadXML($xml, $metadata); + if (!$xml) { + throw new Exception('Error parsing metadata'); + } + } catch (Exception $e) { + throw new Exception('Error parsing metadata. '.$e->getMessage()); + } + + $formatedCert = Utils::formatCert($cert, false); + $x509Certificate = $xml->createElementNS(Constants::NS_DS, 'X509Certificate', $formatedCert); + + $keyData = $xml->createElementNS(Constants::NS_DS, 'ds:X509Data'); + $keyData->appendChild($x509Certificate); + + $keyInfo = $xml->createElementNS(Constants::NS_DS, 'ds:KeyInfo'); + $keyInfo->appendChild($keyData); + + $keyDescriptor = $xml->createElementNS(Constants::NS_MD, "md:KeyDescriptor"); + + $SPSSODescriptor = $xml->getElementsByTagName('SPSSODescriptor')->item(0); + $SPSSODescriptor->insertBefore($keyDescriptor->cloneNode(), $SPSSODescriptor->firstChild); + if ($wantsEncrypted === true) { + $SPSSODescriptor->insertBefore($keyDescriptor->cloneNode(), $SPSSODescriptor->firstChild); + } + + $signing = $xml->getElementsByTagName('KeyDescriptor')->item(0); + $signing->setAttribute('use', 'signing'); + $signing->appendChild($keyInfo); + + if ($wantsEncrypted === true) { + $encryption = $xml->getElementsByTagName('KeyDescriptor')->item(1); + $encryption->setAttribute('use', 'encryption'); + + $encryption->appendChild($keyInfo->cloneNode(true)); + } + + return $xml->saveXML(); + } +} diff --git a/docker/nextcloud/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/Response.php b/docker/nextcloud/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/Response.php new file mode 100755 index 0000000..b34297f --- /dev/null +++ b/docker/nextcloud/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/Response.php @@ -0,0 +1,1227 @@ + + * @license MIT https://github.com/onelogin/php-saml/blob/master/LICENSE + * @link https://github.com/onelogin/php-saml + */ + +namespace OneLogin\Saml2; + +use RobRichards\XMLSecLibs\XMLSecurityKey; +use RobRichards\XMLSecLibs\XMLSecEnc; + +use DOMDocument; +use DOMNodeList; +use DOMXPath; +use Exception; + +/** + * SAML 2 Authentication Response + */ +class Response +{ + /** + * Settings + * + * @var Settings + */ + protected $_settings; + + /** + * The decoded, unprocessed XML response provided to the constructor. + * + * @var string + */ + public $response; + + /** + * A DOMDocument class loaded from the SAML Response. + * + * @var DOMDocument + */ + public $document; + + /** + * A DOMDocument class loaded from the SAML Response (Decrypted). + * + * @var DOMDocument + */ + public $decryptedDocument; + + /** + * The response contains an encrypted assertion. + * + * @var bool + */ + public $encrypted = false; + + /** + * After validation, if it fail this var has the cause of the problem + * + * @var Exception|null + */ + private $_error; + + /** + * NotOnOrAfter value of a valid SubjectConfirmationData node + * + * @var int + */ + private $_validSCDNotOnOrAfter; + + /** + * Constructs the SAML Response object. + * + * @param Settings $settings Settings. + * @param string $response A UUEncoded SAML response from the IdP. + * + * @throws Exception + * @throws ValidationError + */ + public function __construct(\OneLogin\Saml2\Settings $settings, $response) + { + $this->_settings = $settings; + + $baseURL = $this->_settings->getBaseURL(); + if (!empty($baseURL)) { + Utils::setBaseURL($baseURL); + } + + $this->response = base64_decode($response); + + $this->document = new DOMDocument(); + $this->document = Utils::loadXML($this->document, $this->response); + if (!$this->document) { + throw new ValidationError( + "SAML Response could not be processed", + ValidationError::INVALID_XML_FORMAT + ); + } + + // Quick check for the presence of EncryptedAssertion + $encryptedAssertionNodes = $this->document->getElementsByTagName('EncryptedAssertion'); + if ($encryptedAssertionNodes->length !== 0) { + $this->decryptedDocument = clone $this->document; + $this->encrypted = true; + $this->decryptedDocument = $this->decryptAssertion($this->decryptedDocument); + } + } + + /** + * Determines if the SAML Response is valid using the certificate. + * + * @param string|null $requestId The ID of the AuthNRequest sent by this SP to the IdP + * + * @return bool Validate the document + * + * @throws Exception + * @throws ValidationError + */ + public function isValid($requestId = null) + { + $this->_error = null; + try { + // Check SAML version + if ($this->document->documentElement->getAttribute('Version') != '2.0') { + throw new ValidationError( + "Unsupported SAML version", + ValidationError::UNSUPPORTED_SAML_VERSION + ); + } + + if (!$this->document->documentElement->hasAttribute('ID')) { + throw new ValidationError( + "Missing ID attribute on SAML Response", + ValidationError::MISSING_ID + ); + } + + $this->checkStatus(); + + $singleAssertion = $this->validateNumAssertions(); + if (!$singleAssertion) { + throw new ValidationError( + "SAML Response must contain 1 assertion", + ValidationError::WRONG_NUMBER_OF_ASSERTIONS + ); + } + + $idpData = $this->_settings->getIdPData(); + $idPEntityId = $idpData['entityId']; + $spData = $this->_settings->getSPData(); + $spEntityId = $spData['entityId']; + + $signedElements = $this->processSignedElements(); + + $responseTag = '{'.Constants::NS_SAMLP.'}Response'; + $assertionTag = '{'.Constants::NS_SAML.'}Assertion'; + + $hasSignedResponse = in_array($responseTag, $signedElements); + $hasSignedAssertion = in_array($assertionTag, $signedElements); + + if ($this->_settings->isStrict()) { + $security = $this->_settings->getSecurityData(); + + if ($security['wantXMLValidation']) { + $errorXmlMsg = "Invalid SAML Response. Not match the saml-schema-protocol-2.0.xsd"; + $res = Utils::validateXML($this->document, 'saml-schema-protocol-2.0.xsd', $this->_settings->isDebugActive(), $this->_settings->getSchemasPath()); + if (!$res instanceof DOMDocument) { + throw new ValidationError( + $errorXmlMsg, + ValidationError::INVALID_XML_FORMAT + ); + } + + // If encrypted, check also the decrypted document + if ($this->encrypted) { + $res = Utils::validateXML($this->decryptedDocument, 'saml-schema-protocol-2.0.xsd', $this->_settings->isDebugActive(), $this->_settings->getSchemasPath()); + if (!$res instanceof DOMDocument) { + throw new ValidationError( + $errorXmlMsg, + ValidationError::INVALID_XML_FORMAT + ); + } + } + + } + + $currentURL = Utils::getSelfRoutedURLNoQuery(); + + $responseInResponseTo = null; + if ($this->document->documentElement->hasAttribute('InResponseTo')) { + $responseInResponseTo = $this->document->documentElement->getAttribute('InResponseTo'); + } + + if (!isset($requestId) && isset($responseInResponseTo) && $security['rejectUnsolicitedResponsesWithInResponseTo']) { + throw new ValidationError( + "The Response has an InResponseTo attribute: " . $responseInResponseTo . " while no InResponseTo was expected", + ValidationError::WRONG_INRESPONSETO + ); + } + + // Check if the InResponseTo of the Response matchs the ID of the AuthNRequest (requestId) if provided + if (isset($requestId) && $requestId != $responseInResponseTo) { + if ($responseInResponseTo == null) { + throw new ValidationError( + "No InResponseTo at the Response, but it was provided the requestId related to the AuthNRequest sent by the SP: $requestId", + ValidationError::WRONG_INRESPONSETO + ); + } else { + throw new ValidationError( + "The InResponseTo of the Response: $responseInResponseTo, does not match the ID of the AuthNRequest sent by the SP: $requestId", + ValidationError::WRONG_INRESPONSETO + ); + } + } + + if (!$this->encrypted && $security['wantAssertionsEncrypted']) { + throw new ValidationError( + "The assertion of the Response is not encrypted and the SP requires it", + ValidationError::NO_ENCRYPTED_ASSERTION + ); + } + + if ($security['wantNameIdEncrypted']) { + $encryptedIdNodes = $this->_queryAssertion('/saml:Subject/saml:EncryptedID/xenc:EncryptedData'); + if ($encryptedIdNodes->length != 1) { + throw new ValidationError( + "The NameID of the Response is not encrypted and the SP requires it", + ValidationError::NO_ENCRYPTED_NAMEID + ); + } + } + + // Validate Conditions element exists + if (!$this->checkOneCondition()) { + throw new ValidationError( + "The Assertion must include a Conditions element", + ValidationError::MISSING_CONDITIONS + ); + } + + // Validate Asserion timestamps + $this->validateTimestamps(); + + // Validate AuthnStatement element exists and is unique + if (!$this->checkOneAuthnStatement()) { + throw new ValidationError( + "The Assertion must include an AuthnStatement element", + ValidationError::WRONG_NUMBER_OF_AUTHSTATEMENTS + ); + } + + // EncryptedAttributes are not supported + $encryptedAttributeNodes = $this->_queryAssertion('/saml:AttributeStatement/saml:EncryptedAttribute'); + if ($encryptedAttributeNodes->length > 0) { + throw new ValidationError( + "There is an EncryptedAttribute in the Response and this SP not support them", + ValidationError::ENCRYPTED_ATTRIBUTES + ); + } + + // Check destination + if ($this->document->documentElement->hasAttribute('Destination')) { + $destination = trim($this->document->documentElement->getAttribute('Destination')); + if (empty($destination)) { + if (!$security['relaxDestinationValidation']) { + throw new ValidationError( + "The response has an empty Destination value", + ValidationError::EMPTY_DESTINATION + ); + } + } else { + $urlComparisonLength = $security['destinationStrictlyMatches'] ? strlen($destination) : strlen($currentURL); + if (strncmp($destination, $currentURL, $urlComparisonLength) !== 0) { + $currentURLNoRouted = Utils::getSelfURLNoQuery(); + $urlComparisonLength = $security['destinationStrictlyMatches'] ? strlen($destination) : strlen($currentURLNoRouted); + if (strncmp($destination, $currentURLNoRouted, $urlComparisonLength) !== 0) { + throw new ValidationError( + "The response was received at $currentURL instead of $destination", + ValidationError::WRONG_DESTINATION + ); + } + } + } + } + + // Check audience + $validAudiences = $this->getAudiences(); + if (!empty($validAudiences) && !in_array($spEntityId, $validAudiences, true)) { + throw new ValidationError( + sprintf( + "Invalid audience for this Response (expected '%s', got '%s')", + $spEntityId, + implode(',', $validAudiences) + ), + ValidationError::WRONG_AUDIENCE + ); + } + + // Check the issuers + $issuers = $this->getIssuers(); + foreach ($issuers as $issuer) { + $trimmedIssuer = trim($issuer); + if (empty($trimmedIssuer) || $trimmedIssuer !== $idPEntityId) { + throw new ValidationError( + "Invalid issuer in the Assertion/Response (expected '$idPEntityId', got '$trimmedIssuer')", + ValidationError::WRONG_ISSUER + ); + } + } + + // Check the session Expiration + $sessionExpiration = $this->getSessionNotOnOrAfter(); + if (!empty($sessionExpiration) && $sessionExpiration + Constants::ALLOWED_CLOCK_DRIFT <= time()) { + throw new ValidationError( + "The attributes have expired, based on the SessionNotOnOrAfter of the AttributeStatement of this Response", + ValidationError::SESSION_EXPIRED + ); + } + + // Check the SubjectConfirmation, at least one SubjectConfirmation must be valid + $anySubjectConfirmation = false; + $subjectConfirmationNodes = $this->_queryAssertion('/saml:Subject/saml:SubjectConfirmation'); + foreach ($subjectConfirmationNodes as $scn) { + if ($scn->hasAttribute('Method') && $scn->getAttribute('Method') != Constants::CM_BEARER) { + continue; + } + $subjectConfirmationDataNodes = $scn->getElementsByTagName('SubjectConfirmationData'); + if ($subjectConfirmationDataNodes->length == 0) { + continue; + } else { + $scnData = $subjectConfirmationDataNodes->item(0); + if ($scnData->hasAttribute('InResponseTo')) { + $inResponseTo = $scnData->getAttribute('InResponseTo'); + if (isset($responseInResponseTo) && $responseInResponseTo != $inResponseTo) { + continue; + } + } + if ($scnData->hasAttribute('Recipient')) { + $recipient = $scnData->getAttribute('Recipient'); + if (!empty($recipient) && strpos($recipient, $currentURL) === false) { + continue; + } + } + if ($scnData->hasAttribute('NotOnOrAfter')) { + $noa = Utils::parseSAML2Time($scnData->getAttribute('NotOnOrAfter')); + if ($noa + Constants::ALLOWED_CLOCK_DRIFT <= time()) { + continue; + } + } + if ($scnData->hasAttribute('NotBefore')) { + $nb = Utils::parseSAML2Time($scnData->getAttribute('NotBefore')); + if ($nb > time() + Constants::ALLOWED_CLOCK_DRIFT) { + continue; + } + } + + // Save NotOnOrAfter value + if ($scnData->hasAttribute('NotOnOrAfter')) { + $this->_validSCDNotOnOrAfter = $noa; + } + $anySubjectConfirmation = true; + break; + } + } + + if (!$anySubjectConfirmation) { + throw new ValidationError( + "A valid SubjectConfirmation was not found on this Response", + ValidationError::WRONG_SUBJECTCONFIRMATION + ); + } + + if ($security['wantAssertionsSigned'] && !$hasSignedAssertion) { + throw new ValidationError( + "The Assertion of the Response is not signed and the SP requires it", + ValidationError::NO_SIGNED_ASSERTION + ); + } + + if ($security['wantMessagesSigned'] && !$hasSignedResponse) { + throw new ValidationError( + "The Message of the Response is not signed and the SP requires it", + ValidationError::NO_SIGNED_MESSAGE + ); + } + } + + // Detect case not supported + if ($this->encrypted) { + $encryptedIDNodes = Utils::query($this->decryptedDocument, '/samlp:Response/saml:Assertion/saml:Subject/saml:EncryptedID'); + if ($encryptedIDNodes->length > 0) { + throw new ValidationError( + 'SAML Response that contains an encrypted Assertion with encrypted nameId is not supported.', + ValidationError::NOT_SUPPORTED + ); + } + } + + if (empty($signedElements) || (!$hasSignedResponse && !$hasSignedAssertion)) { + throw new ValidationError( + 'No Signature found. SAML Response rejected', + ValidationError::NO_SIGNATURE_FOUND + ); + } else { + $cert = $idpData['x509cert']; + $fingerprint = $idpData['certFingerprint']; + $fingerprintalg = $idpData['certFingerprintAlgorithm']; + + $multiCerts = null; + $existsMultiX509Sign = isset($idpData['x509certMulti']) && isset($idpData['x509certMulti']['signing']) && !empty($idpData['x509certMulti']['signing']); + + if ($existsMultiX509Sign) { + $multiCerts = $idpData['x509certMulti']['signing']; + } + + // If find a Signature on the Response, validates it checking the original response + if ($hasSignedResponse && !Utils::validateSign($this->document, $cert, $fingerprint, $fingerprintalg, Utils::RESPONSE_SIGNATURE_XPATH, $multiCerts)) { + throw new ValidationError( + "Signature validation failed. SAML Response rejected", + ValidationError::INVALID_SIGNATURE + ); + } + + // If find a Signature on the Assertion (decrypted assertion if was encrypted) + $documentToCheckAssertion = $this->encrypted ? $this->decryptedDocument : $this->document; + if ($hasSignedAssertion && !Utils::validateSign($documentToCheckAssertion, $cert, $fingerprint, $fingerprintalg, Utils::ASSERTION_SIGNATURE_XPATH, $multiCerts)) { + throw new ValidationError( + "Signature validation failed. SAML Response rejected", + ValidationError::INVALID_SIGNATURE + ); + } + } + return true; + } catch (Exception $e) { + $this->_error = $e; + $debug = $this->_settings->isDebugActive(); + if ($debug) { + echo htmlentities($e->getMessage()); + } + return false; + } + } + + /** + * @return string|null the ID of the Response + */ + public function getId() + { + $id = null; + if ($this->document->documentElement->hasAttribute('ID')) { + $id = $this->document->documentElement->getAttribute('ID'); + } + return $id; + } + + /** + * @return string|null the ID of the assertion in the Response + * + * @throws ValidationError + */ + public function getAssertionId() + { + if (!$this->validateNumAssertions()) { + throw new ValidationError("SAML Response must contain 1 Assertion.", ValidationError::WRONG_NUMBER_OF_ASSERTIONS); + } + $assertionNodes = $this->_queryAssertion(""); + $id = null; + if ($assertionNodes->length == 1 && $assertionNodes->item(0)->hasAttribute('ID')) { + $id = $assertionNodes->item(0)->getAttribute('ID'); + } + return $id; + } + + /** + * @return int the NotOnOrAfter value of the valid SubjectConfirmationData + * node if any + */ + public function getAssertionNotOnOrAfter() + { + return $this->_validSCDNotOnOrAfter; + } + + /** + * Checks if the Status is success + * + * @throws ValidationError If status is not success + */ + public function checkStatus() + { + $status = Utils::getStatus($this->document); + + if (isset($status['code']) && $status['code'] !== Constants::STATUS_SUCCESS) { + $explodedCode = explode(':', $status['code']); + $printableCode = array_pop($explodedCode); + + $statusExceptionMsg = 'The status code of the Response was not Success, was '.$printableCode; + if (!empty($status['msg'])) { + $statusExceptionMsg .= ' -> '.$status['msg']; + } + throw new ValidationError( + $statusExceptionMsg, + ValidationError::STATUS_CODE_IS_NOT_SUCCESS + ); + } + } + + /** + * Checks that the samlp:Response/saml:Assertion/saml:Conditions element exists and is unique. + * + * @return boolean true if the Conditions element exists and is unique + */ + public function checkOneCondition() + { + $entries = $this->_queryAssertion("/saml:Conditions"); + if ($entries->length == 1) { + return true; + } else { + return false; + } + } + + /** + * Checks that the samlp:Response/saml:Assertion/saml:AuthnStatement element exists and is unique. + * + * @return boolean true if the AuthnStatement element exists and is unique + */ + public function checkOneAuthnStatement() + { + $entries = $this->_queryAssertion("/saml:AuthnStatement"); + if ($entries->length == 1) { + return true; + } else { + return false; + } + } + + /** + * Gets the audiences. + * + * @return array @audience The valid audiences of the response + */ + public function getAudiences() + { + $audiences = array(); + + $entries = $this->_queryAssertion('/saml:Conditions/saml:AudienceRestriction/saml:Audience'); + foreach ($entries as $entry) { + $value = trim($entry->textContent); + if (!empty($value)) { + $audiences[] = $value; + } + } + + return array_unique($audiences); + } + + /** + * Gets the Issuers (from Response and Assertion). + * + * @return array @issuers The issuers of the assertion/response + * + * @throws ValidationError + */ + public function getIssuers() + { + $issuers = array(); + + $responseIssuer = Utils::query($this->document, '/samlp:Response/saml:Issuer'); + if ($responseIssuer->length > 0) { + if ($responseIssuer->length == 1) { + $issuers[] = $responseIssuer->item(0)->textContent; + } else { + throw new ValidationError( + "Issuer of the Response is multiple.", + ValidationError::ISSUER_MULTIPLE_IN_RESPONSE + ); + } + } + + $assertionIssuer = $this->_queryAssertion('/saml:Issuer'); + if ($assertionIssuer->length == 1) { + $issuers[] = $assertionIssuer->item(0)->textContent; + } else { + throw new ValidationError( + "Issuer of the Assertion not found or multiple.", + ValidationError::ISSUER_NOT_FOUND_IN_ASSERTION + ); + } + + return array_unique($issuers); + } + + /** + * Gets the NameID Data provided by the SAML response from the IdP. + * + * @return array Name ID Data (Value, Format, NameQualifier, SPNameQualifier) + * + * @throws ValidationError + */ + public function getNameIdData() + { + $encryptedIdDataEntries = $this->_queryAssertion('/saml:Subject/saml:EncryptedID/xenc:EncryptedData'); + + if ($encryptedIdDataEntries->length == 1) { + $encryptedData = $encryptedIdDataEntries->item(0); + + $key = $this->_settings->getSPkey(); + $seckey = new XMLSecurityKey(XMLSecurityKey::RSA_1_5, array('type'=>'private')); + $seckey->loadKey($key); + + $nameId = Utils::decryptElement($encryptedData, $seckey); + + } else { + $entries = $this->_queryAssertion('/saml:Subject/saml:NameID'); + if ($entries->length == 1) { + $nameId = $entries->item(0); + } + } + + $nameIdData = array(); + + if (!isset($nameId)) { + $security = $this->_settings->getSecurityData(); + if ($security['wantNameId']) { + throw new ValidationError( + "NameID not found in the assertion of the Response", + ValidationError::NO_NAMEID + ); + } + } else { + if ($this->_settings->isStrict() && empty($nameId->nodeValue)) { + throw new ValidationError( + "An empty NameID value found", + ValidationError::EMPTY_NAMEID + ); + } + $nameIdData['Value'] = $nameId->nodeValue; + + foreach (array('Format', 'SPNameQualifier', 'NameQualifier') as $attr) { + if ($nameId->hasAttribute($attr)) { + if ($this->_settings->isStrict() && $attr == 'SPNameQualifier') { + $spData = $this->_settings->getSPData(); + $spEntityId = $spData['entityId']; + if ($spEntityId != $nameId->getAttribute($attr)) { + throw new ValidationError( + "The SPNameQualifier value mistmatch the SP entityID value.", + ValidationError::SP_NAME_QUALIFIER_NAME_MISMATCH + ); + } + } + $nameIdData[$attr] = $nameId->getAttribute($attr); + } + } + } + + return $nameIdData; + } + + /** + * Gets the NameID provided by the SAML response from the IdP. + * + * @return string|null Name ID Value + * + * @throws ValidationError + */ + public function getNameId() + { + $nameIdvalue = null; + $nameIdData = $this->getNameIdData(); + if (!empty($nameIdData) && isset($nameIdData['Value'])) { + $nameIdvalue = $nameIdData['Value']; + } + return $nameIdvalue; + } + + /** + * Gets the NameID Format provided by the SAML response from the IdP. + * + * @return string|null Name ID Format + * + * @throws ValidationError + */ + public function getNameIdFormat() + { + $nameIdFormat = null; + $nameIdData = $this->getNameIdData(); + if (!empty($nameIdData) && isset($nameIdData['Format'])) { + $nameIdFormat = $nameIdData['Format']; + } + return $nameIdFormat; + } + + /** + * Gets the NameID NameQualifier provided by the SAML response from the IdP. + * + * @return string|null Name ID NameQualifier + * + * @throws ValidationError + */ + public function getNameIdNameQualifier() + { + $nameIdNameQualifier = null; + $nameIdData = $this->getNameIdData(); + if (!empty($nameIdData) && isset($nameIdData['NameQualifier'])) { + $nameIdNameQualifier = $nameIdData['NameQualifier']; + } + return $nameIdNameQualifier; + } + + /** + * Gets the NameID SP NameQualifier provided by the SAML response from the IdP. + * + * @return string|null NameID SP NameQualifier + * + * @throws ValidationError + */ + public function getNameIdSPNameQualifier() + { + $nameIdSPNameQualifier = null; + $nameIdData = $this->getNameIdData(); + if (!empty($nameIdData) && isset($nameIdData['SPNameQualifier'])) { + $nameIdSPNameQualifier = $nameIdData['SPNameQualifier']; + } + return $nameIdSPNameQualifier; + } + + /** + * Gets the SessionNotOnOrAfter from the AuthnStatement. + * Could be used to set the local session expiration + * + * @return int|null The SessionNotOnOrAfter value + * + * @throws Exception + */ + public function getSessionNotOnOrAfter() + { + $notOnOrAfter = null; + $entries = $this->_queryAssertion('/saml:AuthnStatement[@SessionNotOnOrAfter]'); + if ($entries->length !== 0) { + $notOnOrAfter = Utils::parseSAML2Time($entries->item(0)->getAttribute('SessionNotOnOrAfter')); + } + return $notOnOrAfter; + } + + /** + * Gets the SessionIndex from the AuthnStatement. + * Could be used to be stored in the local session in order + * to be used in a future Logout Request that the SP could + * send to the SP, to set what specific session must be deleted + * + * @return string|null The SessionIndex value + */ + public function getSessionIndex() + { + $sessionIndex = null; + $entries = $this->_queryAssertion('/saml:AuthnStatement[@SessionIndex]'); + if ($entries->length !== 0) { + $sessionIndex = $entries->item(0)->getAttribute('SessionIndex'); + } + return $sessionIndex; + } + + /** + * Gets the Attributes from the AttributeStatement element. + * + * @return array The attributes of the SAML Assertion + * + * @throws ValidationError + */ + public function getAttributes() + { + return $this->_getAttributesByKeyName('Name'); + } + + /** + * Gets the Attributes from the AttributeStatement element using their FriendlyName. + * + * @return array The attributes of the SAML Assertion + * + * @throws ValidationError + */ + public function getAttributesWithFriendlyName() + { + return $this->_getAttributesByKeyName('FriendlyName'); + } + + /** + * @param string $keyName + * + * @return array + * + * @throws ValidationError + */ + private function _getAttributesByKeyName($keyName = "Name") + { + $attributes = array(); + $entries = $this->_queryAssertion('/saml:AttributeStatement/saml:Attribute'); + /** @var $entry DOMNode */ + foreach ($entries as $entry) { + $attributeKeyNode = $entry->attributes->getNamedItem($keyName); + if ($attributeKeyNode === null) { + continue; + } + $attributeKeyName = $attributeKeyNode->nodeValue; + if (in_array($attributeKeyName, array_keys($attributes))) { + throw new ValidationError( + "Found an Attribute element with duplicated ".$keyName, + ValidationError::DUPLICATED_ATTRIBUTE_NAME_FOUND + ); + } + $attributeValues = array(); + foreach ($entry->childNodes as $childNode) { + $tagName = ($childNode->prefix ? $childNode->prefix.':' : '') . 'AttributeValue'; + if ($childNode->nodeType == XML_ELEMENT_NODE && $childNode->tagName === $tagName) { + $attributeValues[] = $childNode->nodeValue; + } + } + $attributes[$attributeKeyName] = $attributeValues; + } + return $attributes; + } + + /** + * Verifies that the document only contains a single Assertion (encrypted or not). + * + * @return bool TRUE if the document passes. + */ + public function validateNumAssertions() + { + $encryptedAssertionNodes = $this->document->getElementsByTagName('EncryptedAssertion'); + $assertionNodes = $this->document->getElementsByTagName('Assertion'); + + $valid = $assertionNodes->length + $encryptedAssertionNodes->length == 1; + + if ($this->encrypted) { + $assertionNodes = $this->decryptedDocument->getElementsByTagName('Assertion'); + $valid = $valid && $assertionNodes->length == 1; + } + + return $valid; + } + + /** + * Verifies the signature nodes: + * - Checks that are Response or Assertion + * - Check that IDs and reference URI are unique and consistent. + * + * @return array Signed element tags + * + * @throws ValidationError + */ + public function processSignedElements() + { + $signedElements = array(); + $verifiedSeis = array(); + $verifiedIds = array(); + + if ($this->encrypted) { + $signNodes = $this->decryptedDocument->getElementsByTagName('Signature'); + } else { + $signNodes = $this->document->getElementsByTagName('Signature'); + } + foreach ($signNodes as $signNode) { + $responseTag = '{'.Constants::NS_SAMLP.'}Response'; + $assertionTag = '{'.Constants::NS_SAML.'}Assertion'; + + $signedElement = '{'.$signNode->parentNode->namespaceURI.'}'.$signNode->parentNode->localName; + + if ($signedElement != $responseTag && $signedElement != $assertionTag) { + throw new ValidationError( + "Invalid Signature Element $signedElement SAML Response rejected", + ValidationError::WRONG_SIGNED_ELEMENT + ); + } + + // Check that reference URI matches the parent ID and no duplicate References or IDs + $idValue = $signNode->parentNode->getAttribute('ID'); + if (empty($idValue)) { + throw new ValidationError( + 'Signed Element must contain an ID. SAML Response rejected', + ValidationError::ID_NOT_FOUND_IN_SIGNED_ELEMENT + ); + } + + if (in_array($idValue, $verifiedIds)) { + throw new ValidationError( + 'Duplicated ID. SAML Response rejected', + ValidationError::DUPLICATED_ID_IN_SIGNED_ELEMENTS + ); + } + $verifiedIds[] = $idValue; + + $ref = $signNode->getElementsByTagName('Reference'); + if ($ref->length == 1) { + $ref = $ref->item(0); + $sei = $ref->getAttribute('URI'); + if (!empty($sei)) { + $sei = substr($sei, 1); + + if ($sei != $idValue) { + throw new ValidationError( + 'Found an invalid Signed Element. SAML Response rejected', + ValidationError::INVALID_SIGNED_ELEMENT + ); + } + + if (in_array($sei, $verifiedSeis)) { + throw new ValidationError( + 'Duplicated Reference URI. SAML Response rejected', + ValidationError::DUPLICATED_REFERENCE_IN_SIGNED_ELEMENTS + ); + } + $verifiedSeis[] = $sei; + } + } else { + throw new ValidationError( + 'Unexpected number of Reference nodes found for signature. SAML Response rejected.', + ValidationError::UNEXPECTED_REFERENCE + ); + } + $signedElements[] = $signedElement; + } + + // Check SignedElements + if (!empty($signedElements) && !$this->validateSignedElements($signedElements)) { + throw new ValidationError( + 'Found an unexpected Signature Element. SAML Response rejected', + ValidationError::UNEXPECTED_SIGNED_ELEMENTS + ); + } + return $signedElements; + } + + /** + * Verifies that the document is still valid according Conditions Element. + * + * @return bool + * + * @throws Exception + * @throws ValidationError + */ + public function validateTimestamps() + { + if ($this->encrypted) { + $document = $this->decryptedDocument; + } else { + $document = $this->document; + } + + $timestampNodes = $document->getElementsByTagName('Conditions'); + for ($i = 0; $i < $timestampNodes->length; $i++) { + $nbAttribute = $timestampNodes->item($i)->attributes->getNamedItem("NotBefore"); + $naAttribute = $timestampNodes->item($i)->attributes->getNamedItem("NotOnOrAfter"); + if ($nbAttribute && Utils::parseSAML2Time($nbAttribute->textContent) > time() + Constants::ALLOWED_CLOCK_DRIFT) { + throw new ValidationError( + 'Could not validate timestamp: not yet valid. Check system clock.', + ValidationError::ASSERTION_TOO_EARLY + ); + } + if ($naAttribute && Utils::parseSAML2Time($naAttribute->textContent) + Constants::ALLOWED_CLOCK_DRIFT <= time()) { + throw new ValidationError( + 'Could not validate timestamp: expired. Check system clock.', + ValidationError::ASSERTION_EXPIRED + ); + } + } + return true; + } + + /** + * Verifies that the document has the expected signed nodes. + * + * @param array $signedElements Signed elements + * + * @return bool + * + * @throws ValidationError + */ + public function validateSignedElements($signedElements) + { + if (count($signedElements) > 2) { + return false; + } + + $responseTag = '{'.Constants::NS_SAMLP.'}Response'; + $assertionTag = '{'.Constants::NS_SAML.'}Assertion'; + + $ocurrence = array_count_values($signedElements); + if ((in_array($responseTag, $signedElements) && $ocurrence[$responseTag] > 1) + || (in_array($assertionTag, $signedElements) && $ocurrence[$assertionTag] > 1) + || !in_array($responseTag, $signedElements) && !in_array($assertionTag, $signedElements) + ) { + return false; + } + + // Check that the signed elements found here, are the ones that will be verified + // by Utils->validateSign() + if (in_array($responseTag, $signedElements)) { + $expectedSignatureNodes = Utils::query($this->document, Utils::RESPONSE_SIGNATURE_XPATH); + if ($expectedSignatureNodes->length != 1) { + throw new ValidationError( + "Unexpected number of Response signatures found. SAML Response rejected.", + ValidationError::WRONG_NUMBER_OF_SIGNATURES_IN_RESPONSE + ); + } + } + + if (in_array($assertionTag, $signedElements)) { + $expectedSignatureNodes = $this->_query(Utils::ASSERTION_SIGNATURE_XPATH); + if ($expectedSignatureNodes->length != 1) { + throw new ValidationError( + "Unexpected number of Assertion signatures found. SAML Response rejected.", + ValidationError::WRONG_NUMBER_OF_SIGNATURES_IN_ASSERTION + ); + } + } + + return true; + } + + /** + * Extracts a node from the DOMDocument (Assertion). + * + * @param string $assertionXpath Xpath Expression + * + * @return DOMNodeList The queried node + */ + protected function _queryAssertion($assertionXpath) + { + if ($this->encrypted) { + $xpath = new DOMXPath($this->decryptedDocument); + } else { + $xpath = new DOMXPath($this->document); + } + + $xpath->registerNamespace('samlp', Constants::NS_SAMLP); + $xpath->registerNamespace('saml', Constants::NS_SAML); + $xpath->registerNamespace('ds', Constants::NS_DS); + $xpath->registerNamespace('xenc', Constants::NS_XENC); + + $assertionNode = '/samlp:Response/saml:Assertion'; + $signatureQuery = $assertionNode . '/ds:Signature/ds:SignedInfo/ds:Reference'; + $assertionReferenceNode = $xpath->query($signatureQuery)->item(0); + if (!$assertionReferenceNode) { + // is the response signed as a whole? + $signatureQuery = '/samlp:Response/ds:Signature/ds:SignedInfo/ds:Reference'; + $responseReferenceNode = $xpath->query($signatureQuery)->item(0); + if ($responseReferenceNode) { + $uri = $responseReferenceNode->attributes->getNamedItem('URI')->nodeValue; + if (empty($uri)) { + $id = $responseReferenceNode->parentNode->parentNode->parentNode->attributes->getNamedItem('ID')->nodeValue; + } else { + $id = substr($responseReferenceNode->attributes->getNamedItem('URI')->nodeValue, 1); + } + $nameQuery = "/samlp:Response[@ID='$id']/saml:Assertion" . $assertionXpath; + } else { + $nameQuery = "/samlp:Response/saml:Assertion" . $assertionXpath; + } + } else { + $uri = $assertionReferenceNode->attributes->getNamedItem('URI')->nodeValue; + if (empty($uri)) { + $id = $assertionReferenceNode->parentNode->parentNode->parentNode->attributes->getNamedItem('ID')->nodeValue; + } else { + $id = substr($assertionReferenceNode->attributes->getNamedItem('URI')->nodeValue, 1); + } + $nameQuery = $assertionNode."[@ID='$id']" . $assertionXpath; + } + + return $xpath->query($nameQuery); + } + + /** + * Extracts nodes that match the query from the DOMDocument (Response Menssage) + * + * @param string $query Xpath Expression + * + * @return DOMNodeList The queried nodes + */ + private function _query($query) + { + if ($this->encrypted) { + return Utils::query($this->decryptedDocument, $query); + } else { + return Utils::query($this->document, $query); + } + } + + /** + * Decrypts the Assertion (DOMDocument) + * + * @param \DomNode $dom DomDocument + * + * @return DOMDocument Decrypted Assertion + * + * @throws Exception + * @throws ValidationError + */ + protected function decryptAssertion(\DomNode $dom) + { + $pem = $this->_settings->getSPkey(); + + if (empty($pem)) { + throw new Error( + "No private key available, check settings", + Error::PRIVATE_KEY_NOT_FOUND + ); + } + + $objenc = new XMLSecEnc(); + $encData = $objenc->locateEncryptedData($dom); + if (!$encData) { + throw new ValidationError( + "Cannot locate encrypted assertion", + ValidationError::MISSING_ENCRYPTED_ELEMENT + ); + } + + $objenc->setNode($encData); + $objenc->type = $encData->getAttribute("Type"); + if (!$objKey = $objenc->locateKey()) { + throw new ValidationError( + "Unknown algorithm", + ValidationError::KEY_ALGORITHM_ERROR + ); + } + + $key = null; + if ($objKeyInfo = $objenc->locateKeyInfo($objKey)) { + if ($objKeyInfo->isEncrypted) { + $objencKey = $objKeyInfo->encryptedCtx; + $objKeyInfo->loadKey($pem, false, false); + $key = $objencKey->decryptKey($objKeyInfo); + } else { + // symmetric encryption key support + $objKeyInfo->loadKey($pem, false, false); + } + } + + if (empty($objKey->key)) { + $objKey->loadKey($key); + } + + $decryptedXML = $objenc->decryptNode($objKey, false); + $decrypted = new DOMDocument(); + $check = Utils::loadXML($decrypted, $decryptedXML); + if ($check === false) { + throw new Exception('Error: string from decrypted assertion could not be loaded into a XML document'); + } + if ($encData->parentNode instanceof DOMDocument) { + return $decrypted; + } else { + $decrypted = $decrypted->documentElement; + $encryptedAssertion = $encData->parentNode; + $container = $encryptedAssertion->parentNode; + + // Fix possible issue with saml namespace + if (!$decrypted->hasAttributeNS('http://www.w3.org/2000/xmlns/', 'xmlns:saml') + && !$decrypted->hasAttributeNS('http://www.w3.org/2000/xmlns/', 'xmlns:saml2') + && !$decrypted->hasAttributeNS('http://www.w3.org/2000/xmlns/', 'xmlns') + && !$container->hasAttributeNS('http://www.w3.org/2000/xmlns/', 'xmlns:saml') + && !$container->hasAttributeNS('http://www.w3.org/2000/xmlns/', 'xmlns:saml2') + ) { + if (strpos($encryptedAssertion->tagName, 'saml2:') !== false) { + $ns = 'xmlns:saml2'; + } else if (strpos($encryptedAssertion->tagName, 'saml:') !== false) { + $ns = 'xmlns:saml'; + } else { + $ns = 'xmlns'; + } + $decrypted->setAttributeNS('http://www.w3.org/2000/xmlns/', $ns, Constants::NS_SAML); + } + + Utils::treeCopyReplace($encryptedAssertion, $decrypted); + + // Rebuild the DOM will fix issues with namespaces as well + $dom = new DOMDocument(); + return Utils::loadXML($dom, $container->ownerDocument->saveXML()); + } + } + + /** + * After execute a validation process, if fails this method returns the cause + * + * @return Exception|null Cause + */ + public function getErrorException() + { + return $this->_error; + } + + /** + * After execute a validation process, if fails this method returns the cause + * + * @return null|string Error reason + */ + public function getError() + { + $errorMsg = null; + if (isset($this->_error)) { + $errorMsg = htmlentities($this->_error->getMessage()); + } + return $errorMsg; + } + + /** + * Returns the SAML Response document (If contains an encrypted assertion, decrypts it) + * + * @return DomDocument SAML Response + */ + public function getXMLDocument() + { + if ($this->encrypted) { + return $this->decryptedDocument; + } else { + return $this->document; + } + } +} diff --git a/docker/nextcloud/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/Settings.php b/docker/nextcloud/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/Settings.php new file mode 100755 index 0000000..3c953fc --- /dev/null +++ b/docker/nextcloud/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/Settings.php @@ -0,0 +1,1116 @@ + + * @license MIT https://github.com/onelogin/php-saml/blob/master/LICENSE + * @link https://github.com/onelogin/php-saml + */ + +namespace OneLogin\Saml2; + +use RobRichards\XMLSecLibs\XMLSecurityKey; +use RobRichards\XMLSecLibs\XMLSecurityDSig; + +use DOMDocument; +use Exception; + +/** + * Configuration of the OneLogin PHP Toolkit + */ +class Settings +{ + /** + * List of paths. + * + * @var array + */ + private $_paths = array(); + + /** + * @var string + */ + private $_baseurl; + + /** + * Strict. If active, PHP Toolkit will reject unsigned or unencrypted messages + * if it expects them signed or encrypted. If not, the messages will be accepted + * and some security issues will be also relaxed. + * + * @var bool + */ + private $_strict = true; + + /** + * Activate debug mode + * + * @var bool + */ + private $_debug = false; + + /** + * SP data. + * + * @var array + */ + private $_sp = array(); + + /** + * IdP data. + * + * @var array + */ + private $_idp = array(); + + /** + * Compression settings that determine + * whether gzip compression should be used. + * + * @var array + */ + private $_compress = array(); + + /** + * Security Info related to the SP. + * + * @var array + */ + private $_security = array(); + + /** + * Setting contacts. + * + * @var array + */ + private $_contacts = array(); + + /** + * Setting organization. + * + * @var array + */ + private $_organization = array(); + + /** + * Setting errors. + * + * @var array + */ + private $_errors = array(); + + /** + * Valitate SP data only flag + * + * @var bool + */ + private $_spValidationOnly = false; + + /** + * Initializes the settings: + * - Sets the paths of the different folders + * - Loads settings info from settings file or array/object provided + * + * @param array|null $settings SAML Toolkit Settings + * @param bool $spValidationOnly Validate or not the IdP data + * + * @throws Error If any settings parameter is invalid + * @throws Exception If Settings is incorrectly supplied + */ + public function __construct(array $settings = null, $spValidationOnly = false) + { + $this->_spValidationOnly = $spValidationOnly; + $this->_loadPaths(); + + if (!isset($settings)) { + if (!$this->_loadSettingsFromFile()) { + throw new Error( + 'Invalid file settings: %s', + Error::SETTINGS_INVALID, + array(implode(', ', $this->_errors)) + ); + } + $this->_addDefaultValues(); + } else { + if (!$this->_loadSettingsFromArray($settings)) { + throw new Error( + 'Invalid array settings: %s', + Error::SETTINGS_INVALID, + array(implode(', ', $this->_errors)) + ); + } + } + + $this->formatIdPCert(); + $this->formatSPCert(); + $this->formatSPKey(); + $this->formatSPCertNew(); + $this->formatIdPCertMulti(); + } + + /** + * Sets the paths of the different folders + * @suppress PhanUndeclaredConstant + */ + private function _loadPaths() + { + $basePath = dirname(dirname(__DIR__)) . '/'; + $this->_paths = array( + 'base' => $basePath, + 'config' => $basePath, + 'cert' => $basePath.'certs/', + 'lib' => $basePath.'src/Saml2/' + ); + + if (defined('ONELOGIN_CUSTOMPATH')) { + $this->_paths['config'] = ONELOGIN_CUSTOMPATH; + $this->_paths['cert'] = ONELOGIN_CUSTOMPATH . 'certs/'; + } + } + + /** + * Returns base path. + * + * @return string The base toolkit folder path + */ + public function getBasePath() + { + return $this->_paths['base']; + } + + /** + * Returns cert path. + * + * @return string The cert folder path + */ + public function getCertPath() + { + return $this->_paths['cert']; + } + + /** + * Returns config path. + * + * @return string The config folder path + */ + public function getConfigPath() + { + return $this->_paths['config']; + } + + /** + * Returns lib path. + * + * @return string The library folder path + */ + public function getLibPath() + { + return $this->_paths['lib']; + } + + /** + * Returns schema path. + * + * @return string The external library folder path + */ + public function getSchemasPath() + { + if (isset($this->_paths['schemas'])) { + return $this->_paths['schemas']; + } + return __DIR__ . '/schemas/'; + } + + /** + * Set schemas path + * + * @param string $path + * @return $this + */ + public function setSchemasPath($path) + { + $this->_paths['schemas'] = $path; + } + + /** + * Loads settings info from a settings Array + * + * @param array $settings SAML Toolkit Settings + * + * @return bool True if the settings info is valid + */ + private function _loadSettingsFromArray(array $settings) + { + if (isset($settings['sp'])) { + $this->_sp = $settings['sp']; + } + if (isset($settings['idp'])) { + $this->_idp = $settings['idp']; + } + + $errors = $this->checkSettings($settings); + if (empty($errors)) { + $this->_errors = array(); + + if (isset($settings['strict'])) { + $this->_strict = $settings['strict']; + } + if (isset($settings['debug'])) { + $this->_debug = $settings['debug']; + } + + if (isset($settings['baseurl'])) { + $this->_baseurl = $settings['baseurl']; + } + + if (isset($settings['compress'])) { + $this->_compress = $settings['compress']; + } + + if (isset($settings['security'])) { + $this->_security = $settings['security']; + } + + if (isset($settings['contactPerson'])) { + $this->_contacts = $settings['contactPerson']; + } + + if (isset($settings['organization'])) { + $this->_organization = $settings['organization']; + } + + $this->_addDefaultValues(); + return true; + } else { + $this->_errors = $errors; + return false; + } + } + + /** + * Loads settings info from the settings file + * + * @return bool True if the settings info is valid + * + * @throws Error + * + * @suppress PhanUndeclaredVariable + */ + private function _loadSettingsFromFile() + { + $filename = $this->getConfigPath().'settings.php'; + + if (!file_exists($filename)) { + throw new Error( + 'Settings file not found: %s', + Error::SETTINGS_FILE_NOT_FOUND, + array($filename) + ); + } + + /** @var array $settings */ + include $filename; + + // Add advance_settings if exists + $advancedFilename = $this->getConfigPath().'advanced_settings.php'; + + if (file_exists($advancedFilename)) { + /** @var array $advancedSettings */ + include $advancedFilename; + $settings = array_merge($settings, $advancedSettings); + } + + + return $this->_loadSettingsFromArray($settings); + } + + /** + * Add default values if the settings info is not complete + */ + private function _addDefaultValues() + { + if (!isset($this->_sp['assertionConsumerService']['binding'])) { + $this->_sp['assertionConsumerService']['binding'] = Constants::BINDING_HTTP_POST; + } + if (isset($this->_sp['singleLogoutService']) && !isset($this->_sp['singleLogoutService']['binding'])) { + $this->_sp['singleLogoutService']['binding'] = Constants::BINDING_HTTP_REDIRECT; + } + + if (!isset($this->_compress['requests'])) { + $this->_compress['requests'] = true; + } + + if (!isset($this->_compress['responses'])) { + $this->_compress['responses'] = true; + } + + // Related to nameID + if (!isset($this->_sp['NameIDFormat'])) { + $this->_sp['NameIDFormat'] = Constants::NAMEID_UNSPECIFIED; + } + if (!isset($this->_security['nameIdEncrypted'])) { + $this->_security['nameIdEncrypted'] = false; + } + if (!isset($this->_security['requestedAuthnContext'])) { + $this->_security['requestedAuthnContext'] = true; + } + + // sign provided + if (!isset($this->_security['authnRequestsSigned'])) { + $this->_security['authnRequestsSigned'] = false; + } + if (!isset($this->_security['logoutRequestSigned'])) { + $this->_security['logoutRequestSigned'] = false; + } + if (!isset($this->_security['logoutResponseSigned'])) { + $this->_security['logoutResponseSigned'] = false; + } + if (!isset($this->_security['signMetadata'])) { + $this->_security['signMetadata'] = false; + } + + // sign expected + if (!isset($this->_security['wantMessagesSigned'])) { + $this->_security['wantMessagesSigned'] = false; + } + if (!isset($this->_security['wantAssertionsSigned'])) { + $this->_security['wantAssertionsSigned'] = false; + } + + // NameID element expected + if (!isset($this->_security['wantNameId'])) { + $this->_security['wantNameId'] = true; + } + + // Relax Destination validation + if (!isset($this->_security['relaxDestinationValidation'])) { + $this->_security['relaxDestinationValidation'] = false; + } + + // Strict Destination match validation + if (!isset($this->_security['destinationStrictlyMatches'])) { + $this->_security['destinationStrictlyMatches'] = false; + } + + // InResponseTo + if (!isset($this->_security['rejectUnsolicitedResponsesWithInResponseTo'])) { + $this->_security['rejectUnsolicitedResponsesWithInResponseTo'] = false; + } + + // encrypt expected + if (!isset($this->_security['wantAssertionsEncrypted'])) { + $this->_security['wantAssertionsEncrypted'] = false; + } + if (!isset($this->_security['wantNameIdEncrypted'])) { + $this->_security['wantNameIdEncrypted'] = false; + } + + // XML validation + if (!isset($this->_security['wantXMLValidation'])) { + $this->_security['wantXMLValidation'] = true; + } + + // SignatureAlgorithm + if (!isset($this->_security['signatureAlgorithm'])) { + $this->_security['signatureAlgorithm'] = XMLSecurityKey::RSA_SHA256; + } + + // DigestAlgorithm + if (!isset($this->_security['digestAlgorithm'])) { + $this->_security['digestAlgorithm'] = XMLSecurityDSig::SHA256; + } + + if (!isset($this->_security['lowercaseUrlencoding'])) { + $this->_security['lowercaseUrlencoding'] = false; + } + + // Certificates / Private key /Fingerprint + if (!isset($this->_idp['x509cert'])) { + $this->_idp['x509cert'] = ''; + } + if (!isset($this->_idp['certFingerprint'])) { + $this->_idp['certFingerprint'] = ''; + } + if (!isset($this->_idp['certFingerprintAlgorithm'])) { + $this->_idp['certFingerprintAlgorithm'] = 'sha1'; + } + + if (!isset($this->_sp['x509cert'])) { + $this->_sp['x509cert'] = ''; + } + if (!isset($this->_sp['privateKey'])) { + $this->_sp['privateKey'] = ''; + } + } + + /** + * Checks the settings info. + * + * @param array $settings Array with settings data + * + * @return array $errors Errors found on the settings data + */ + public function checkSettings(array $settings) + { + if (empty($settings)) { + $errors = array('invalid_syntax'); + } else { + $errors = array(); + if (!$this->_spValidationOnly) { + $idpErrors = $this->checkIdPSettings($settings); + $errors = array_merge($idpErrors, $errors); + } + $spErrors = $this->checkSPSettings($settings); + $errors = array_merge($spErrors, $errors); + + $compressErrors = $this->checkCompressionSettings($settings); + $errors = array_merge($compressErrors, $errors); + } + + return $errors; + } + + /** + * Checks the compression settings info. + * + * @param array $settings Array with settings data + * + * @return array $errors Errors found on the settings data + */ + public function checkCompressionSettings($settings) + { + $errors = array(); + + if (isset($settings['compress'])) { + if (!is_array($settings['compress'])) { + $errors[] = "invalid_syntax"; + } else if (isset($settings['compress']['requests']) + && $settings['compress']['requests'] !== true + && $settings['compress']['requests'] !== false + ) { + $errors[] = "'compress'=>'requests' values must be true or false."; + } else if (isset($settings['compress']['responses']) + && $settings['compress']['responses'] !== true + && $settings['compress']['responses'] !== false + ) { + $errors[] = "'compress'=>'responses' values must be true or false."; + } + } + return $errors; + } + + /** + * Checks the IdP settings info. + * + * @param array $settings Array with settings data + * + * @return array $errors Errors found on the IdP settings data + */ + public function checkIdPSettings(array $settings) + { + if (empty($settings)) { + return array('invalid_syntax'); + } + + $errors = array(); + + if (!isset($settings['idp']) || empty($settings['idp'])) { + $errors[] = 'idp_not_found'; + } else { + $idp = $settings['idp']; + if (!isset($idp['entityId']) || empty($idp['entityId'])) { + $errors[] = 'idp_entityId_not_found'; + } + + if (!isset($idp['singleSignOnService']) + || !isset($idp['singleSignOnService']['url']) + || empty($idp['singleSignOnService']['url']) + ) { + $errors[] = 'idp_sso_not_found'; + } else if (!filter_var($idp['singleSignOnService']['url'], FILTER_VALIDATE_URL)) { + $errors[] = 'idp_sso_url_invalid'; + } + + if (isset($idp['singleLogoutService']) + && isset($idp['singleLogoutService']['url']) + && !empty($idp['singleLogoutService']['url']) + && !filter_var($idp['singleLogoutService']['url'], FILTER_VALIDATE_URL) + ) { + $errors[] = 'idp_slo_url_invalid'; + } + + if (isset($idp['singleLogoutService']) + && isset($idp['singleLogoutService']['responseUrl']) + && !empty($idp['singleLogoutService']['responseUrl']) + && !filter_var($idp['singleLogoutService']['responseUrl'], FILTER_VALIDATE_URL) + ) { + $errors[] = 'idp_slo_response_url_invalid'; + } + + if (isset($settings['security'])) { + $security = $settings['security']; + + $existsX509 = isset($idp['x509cert']) && !empty($idp['x509cert']); + $existsMultiX509Sign = isset($idp['x509certMulti']) && isset($idp['x509certMulti']['signing']) && !empty($idp['x509certMulti']['signing']); + $existsMultiX509Enc = isset($idp['x509certMulti']) && isset($idp['x509certMulti']['encryption']) && !empty($idp['x509certMulti']['encryption']); + + $existsFingerprint = isset($idp['certFingerprint']) && !empty($idp['certFingerprint']); + if (!($existsX509 || $existsFingerprint || $existsMultiX509Sign) + ) { + $errors[] = 'idp_cert_or_fingerprint_not_found_and_required'; + } + if ((isset($security['nameIdEncrypted']) && $security['nameIdEncrypted'] == true) + && !($existsX509 || $existsMultiX509Enc) + ) { + $errors[] = 'idp_cert_not_found_and_required'; + } + } + } + + return $errors; + } + + /** + * Checks the SP settings info. + * + * @param array $settings Array with settings data + * + * @return array $errors Errors found on the SP settings data + */ + public function checkSPSettings(array $settings) + { + if (empty($settings)) { + return array('invalid_syntax'); + } + + $errors = array(); + + if (!isset($settings['sp']) || empty($settings['sp'])) { + $errors[] = 'sp_not_found'; + } else { + $sp = $settings['sp']; + $security = array(); + if (isset($settings['security'])) { + $security = $settings['security']; + } + + if (!isset($sp['entityId']) || empty($sp['entityId'])) { + $errors[] = 'sp_entityId_not_found'; + } + + if (!isset($sp['assertionConsumerService']) + || !isset($sp['assertionConsumerService']['url']) + || empty($sp['assertionConsumerService']['url']) + ) { + $errors[] = 'sp_acs_not_found'; + } else if (!filter_var($sp['assertionConsumerService']['url'], FILTER_VALIDATE_URL)) { + $errors[] = 'sp_acs_url_invalid'; + } + + if (isset($sp['singleLogoutService']) + && isset($sp['singleLogoutService']['url']) + && !filter_var($sp['singleLogoutService']['url'], FILTER_VALIDATE_URL) + ) { + $errors[] = 'sp_sls_url_invalid'; + } + + if (isset($security['signMetadata']) && is_array($security['signMetadata'])) { + if ((!isset($security['signMetadata']['keyFileName']) + || !isset($security['signMetadata']['certFileName'])) && + (!isset($security['signMetadata']['privateKey']) + || !isset($security['signMetadata']['x509cert'])) + ) { + $errors[] = 'sp_signMetadata_invalid'; + } + } + + if (((isset($security['authnRequestsSigned']) && $security['authnRequestsSigned'] == true) + || (isset($security['logoutRequestSigned']) && $security['logoutRequestSigned'] == true) + || (isset($security['logoutResponseSigned']) && $security['logoutResponseSigned'] == true) + || (isset($security['wantAssertionsEncrypted']) && $security['wantAssertionsEncrypted'] == true) + || (isset($security['wantNameIdEncrypted']) && $security['wantNameIdEncrypted'] == true)) + && !$this->checkSPCerts() + ) { + $errors[] = 'sp_certs_not_found_and_required'; + } + } + + if (isset($settings['contactPerson'])) { + $types = array_keys($settings['contactPerson']); + $validTypes = array('technical', 'support', 'administrative', 'billing', 'other'); + foreach ($types as $type) { + if (!in_array($type, $validTypes)) { + $errors[] = 'contact_type_invalid'; + break; + } + } + + foreach ($settings['contactPerson'] as $type => $contact) { + if (!isset($contact['givenName']) || empty($contact['givenName']) + || !isset($contact['emailAddress']) || empty($contact['emailAddress']) + ) { + $errors[] = 'contact_not_enought_data'; + break; + } + } + } + + if (isset($settings['organization'])) { + foreach ($settings['organization'] as $organization) { + if (!isset($organization['name']) || empty($organization['name']) + || !isset($organization['displayname']) || empty($organization['displayname']) + || !isset($organization['url']) || empty($organization['url']) + ) { + $errors[] = 'organization_not_enought_data'; + break; + } + } + } + + return $errors; + } + + /** + * Checks if the x509 certs of the SP exists and are valid. + * + * @return bool + */ + public function checkSPCerts() + { + $key = $this->getSPkey(); + $cert = $this->getSPcert(); + return (!empty($key) && !empty($cert)); + } + + /** + * Returns the x509 private key of the SP. + * + * @return string SP private key + */ + public function getSPkey() + { + $key = null; + if (isset($this->_sp['privateKey']) && !empty($this->_sp['privateKey'])) { + $key = $this->_sp['privateKey']; + } else { + $keyFile = $this->_paths['cert'].'sp.key'; + + if (file_exists($keyFile)) { + $key = file_get_contents($keyFile); + } + } + return $key; + } + + /** + * Returns the x509 public cert of the SP. + * + * @return string SP public cert + */ + public function getSPcert() + { + $cert = null; + + if (isset($this->_sp['x509cert']) && !empty($this->_sp['x509cert'])) { + $cert = $this->_sp['x509cert']; + } else { + $certFile = $this->_paths['cert'].'sp.crt'; + + if (file_exists($certFile)) { + $cert = file_get_contents($certFile); + } + } + return $cert; + } + + /** + * Returns the x509 public of the SP that is + * planed to be used soon instead the other + * public cert + * + * @return string SP public cert New + */ + public function getSPcertNew() + { + $cert = null; + + if (isset($this->_sp['x509certNew']) && !empty($this->_sp['x509certNew'])) { + $cert = $this->_sp['x509certNew']; + } else { + $certFile = $this->_paths['cert'].'sp_new.crt'; + + if (file_exists($certFile)) { + $cert = file_get_contents($certFile); + } + } + return $cert; + } + + /** + * Gets the IdP data. + * + * @return array IdP info + */ + public function getIdPData() + { + return $this->_idp; + } + + /** + * Gets the SP data. + * + * @return array SP info + */ + public function getSPData() + { + return $this->_sp; + } + + /** + * Gets security data. + * + * @return array SP info + */ + public function getSecurityData() + { + return $this->_security; + } + + /** + * Gets contact data. + * + * @return array SP info + */ + public function getContacts() + { + return $this->_contacts; + } + + /** + * Gets organization data. + * + * @return array SP info + */ + public function getOrganization() + { + return $this->_organization; + } + + /** + * Should SAML requests be compressed? + * + * @return bool Yes/No as True/False + */ + public function shouldCompressRequests() + { + return $this->_compress['requests']; + } + + /** + * Should SAML responses be compressed? + * + * @return bool Yes/No as True/False + */ + public function shouldCompressResponses() + { + return $this->_compress['responses']; + } + + /** + * Gets the SP metadata. The XML representation. + * + * @param bool $alwaysPublishEncryptionCert When 'true', the returned + * metadata will always include an 'encryption' KeyDescriptor. Otherwise, + * the 'encryption' KeyDescriptor will only be included if + * $advancedSettings['security']['wantNameIdEncrypted'] or + * $advancedSettings['security']['wantAssertionsEncrypted'] are enabled. + * @param int|null $validUntil Metadata's valid time + * @param int|null $cacheDuration Duration of the cache in seconds + * + * @return string SP metadata (xml) + * @throws Exception + * @throws Error + */ + public function getSPMetadata($alwaysPublishEncryptionCert = false, $validUntil = null, $cacheDuration = null) + { + $metadata = Metadata::builder($this->_sp, $this->_security['authnRequestsSigned'], $this->_security['wantAssertionsSigned'], $validUntil, $cacheDuration, $this->getContacts(), $this->getOrganization()); + + $certNew = $this->getSPcertNew(); + if (!empty($certNew)) { + $metadata = Metadata::addX509KeyDescriptors( + $metadata, + $certNew, + $alwaysPublishEncryptionCert || $this->_security['wantNameIdEncrypted'] || $this->_security['wantAssertionsEncrypted'] + ); + } + + $cert = $this->getSPcert(); + if (!empty($cert)) { + $metadata = Metadata::addX509KeyDescriptors( + $metadata, + $cert, + $alwaysPublishEncryptionCert || $this->_security['wantNameIdEncrypted'] || $this->_security['wantAssertionsEncrypted'] + ); + } + + //Sign Metadata + if (isset($this->_security['signMetadata']) && $this->_security['signMetadata'] != false) { + if ($this->_security['signMetadata'] === true) { + $keyMetadata = $this->getSPkey(); + $certMetadata = $cert; + + if (!$keyMetadata) { + throw new Error( + 'SP Private key not found.', + Error::PRIVATE_KEY_FILE_NOT_FOUND + ); + } + + if (!$certMetadata) { + throw new Error( + 'SP Public cert not found.', + Error::PUBLIC_CERT_FILE_NOT_FOUND + ); + } + } else if (isset($this->_security['signMetadata']['keyFileName']) && + isset($this->_security['signMetadata']['certFileName'])) { + $keyFileName = $this->_security['signMetadata']['keyFileName']; + $certFileName = $this->_security['signMetadata']['certFileName']; + + $keyMetadataFile = $this->_paths['cert'].$keyFileName; + $certMetadataFile = $this->_paths['cert'].$certFileName; + + if (!file_exists($keyMetadataFile)) { + throw new Error( + 'SP Private key file not found: %s', + Error::PRIVATE_KEY_FILE_NOT_FOUND, + array($keyMetadataFile) + ); + } + + if (!file_exists($certMetadataFile)) { + throw new Error( + 'SP Public cert file not found: %s', + Error::PUBLIC_CERT_FILE_NOT_FOUND, + array($certMetadataFile) + ); + } + $keyMetadata = file_get_contents($keyMetadataFile); + $certMetadata = file_get_contents($certMetadataFile); + } else if (isset($this->_security['signMetadata']['privateKey']) && + isset($this->_security['signMetadata']['x509cert'])) { + $keyMetadata = Utils::formatPrivateKey($this->_security['signMetadata']['privateKey']); + $certMetadata = Utils::formatCert($this->_security['signMetadata']['x509cert']); + if (!$keyMetadata) { + throw new Error( + 'Private key not found.', + Error::PRIVATE_KEY_FILE_NOT_FOUND + ); + } + + if (!$certMetadata) { + throw new Error( + 'Public cert not found.', + Error::PUBLIC_CERT_FILE_NOT_FOUND + ); + } + } else { + throw new Error( + 'Invalid Setting: signMetadata value of the sp is not valid', + Error::SETTINGS_INVALID_SYNTAX + ); + + } + + $signatureAlgorithm = $this->_security['signatureAlgorithm']; + $digestAlgorithm = $this->_security['digestAlgorithm']; + $metadata = Metadata::signMetadata($metadata, $keyMetadata, $certMetadata, $signatureAlgorithm, $digestAlgorithm); + } + return $metadata; + } + + /** + * Validates an XML SP Metadata. + * + * @param string $xml Metadata's XML that will be validate + * + * @return array The list of found errors + * + * @throws Exception + */ + public function validateMetadata($xml) + { + assert(is_string($xml)); + + $errors = array(); + $res = Utils::validateXML($xml, 'saml-schema-metadata-2.0.xsd', $this->_debug, $this->getSchemasPath()); + if (!$res instanceof DOMDocument) { + $errors[] = $res; + } else { + $dom = $res; + $element = $dom->documentElement; + if ($element->tagName !== 'md:EntityDescriptor') { + $errors[] = 'noEntityDescriptor_xml'; + } else { + $validUntil = $cacheDuration = $expireTime = null; + + if ($element->hasAttribute('validUntil')) { + $validUntil = Utils::parseSAML2Time($element->getAttribute('validUntil')); + } + if ($element->hasAttribute('cacheDuration')) { + $cacheDuration = $element->getAttribute('cacheDuration'); + } + + $expireTime = Utils::getExpireTime($cacheDuration, $validUntil); + if (isset($expireTime) && time() > $expireTime) { + $errors[] = 'expired_xml'; + } + } + } + + // TODO: Support Metadata Sign Validation + + return $errors; + } + + /** + * Formats the IdP cert. + */ + public function formatIdPCert() + { + if (isset($this->_idp['x509cert'])) { + $this->_idp['x509cert'] = Utils::formatCert($this->_idp['x509cert']); + } + } + + /** + * Formats the Multple IdP certs. + */ + public function formatIdPCertMulti() + { + if (isset($this->_idp['x509certMulti'])) { + if (isset($this->_idp['x509certMulti']['signing'])) { + foreach ($this->_idp['x509certMulti']['signing'] as $i => $cert) { + $this->_idp['x509certMulti']['signing'][$i] = Utils::formatCert($cert); + } + } + if (isset($this->_idp['x509certMulti']['encryption'])) { + foreach ($this->_idp['x509certMulti']['encryption'] as $i => $cert) { + $this->_idp['x509certMulti']['encryption'][$i] = Utils::formatCert($cert); + } + } + } + } + + /** + * Formats the SP cert. + */ + public function formatSPCert() + { + if (isset($this->_sp['x509cert'])) { + $this->_sp['x509cert'] = Utils::formatCert($this->_sp['x509cert']); + } + } + + /** + * Formats the SP cert. + */ + public function formatSPCertNew() + { + if (isset($this->_sp['x509certNew'])) { + $this->_sp['x509certNew'] = Utils::formatCert($this->_sp['x509certNew']); + } + } + + /** + * Formats the SP private key. + */ + public function formatSPKey() + { + if (isset($this->_sp['privateKey'])) { + $this->_sp['privateKey'] = Utils::formatPrivateKey($this->_sp['privateKey']); + } + } + + /** + * Returns an array with the errors, the array is empty when the settings is ok. + * + * @return array Errors + */ + public function getErrors() + { + return $this->_errors; + } + + /** + * Activates or deactivates the strict mode. + * + * @param bool $value Strict parameter + * + * @throws Exception + */ + public function setStrict($value) + { + if (!is_bool($value)) { + throw new Exception('Invalid value passed to setStrict()'); + } + + $this->_strict = $value; + } + + /** + * Returns if the 'strict' mode is active. + * + * @return bool Strict parameter + */ + public function isStrict() + { + return $this->_strict; + } + + /** + * Returns if the debug is active. + * + * @return bool Debug parameter + */ + public function isDebugActive() + { + return $this->_debug; + } + + /** + * Set a baseurl value. + * + * @param string $baseurl Base URL. + */ + public function setBaseURL($baseurl) + { + $this->_baseurl = $baseurl; + } + + /** + * Returns the baseurl set on the settings if any. + * + * @return null|string The baseurl + */ + public function getBaseURL() + { + return $this->_baseurl; + } + + /** + * Sets the IdP certificate. + * + * @param string $cert IdP certificate + */ + public function setIdPCert($cert) + { + $this->_idp['x509cert'] = $cert; + $this->formatIdPCert(); + } +} diff --git a/docker/nextcloud/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/Utils.php b/docker/nextcloud/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/Utils.php new file mode 100755 index 0000000..50d3d41 --- /dev/null +++ b/docker/nextcloud/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/Utils.php @@ -0,0 +1,1564 @@ + + * @license MIT https://github.com/onelogin/php-saml/blob/master/LICENSE + * @link https://github.com/onelogin/php-saml + */ + +namespace OneLogin\Saml2; + +use RobRichards\XMLSecLibs\XMLSecurityKey; +use RobRichards\XMLSecLibs\XMLSecurityDSig; +use RobRichards\XMLSecLibs\XMLSecEnc; + +use DOMDocument; +use DOMElement; +use DOMNodeList; +use DomNode; +use DOMXPath; +use Exception; + +/** + * Utils of OneLogin PHP Toolkit + * + * Defines several often used methods + */ +class Utils +{ + const RESPONSE_SIGNATURE_XPATH = "/samlp:Response/ds:Signature"; + const ASSERTION_SIGNATURE_XPATH = "/samlp:Response/saml:Assertion/ds:Signature"; + + /** + * @var bool Control if the `Forwarded-For-*` headers are used + */ + private static $_proxyVars = false; + + /** + * @var string|null + */ + private static $_host; + + /** + * @var string|null + */ + private static $_protocol; + + /** + * @var string + */ + private static $_protocolRegex = '@^https?://@i'; + + /** + * @var int|null + */ + private static $_port; + + /** + * @var string|null + */ + private static $_baseurlpath; + + /** + * This function load an XML string in a save way. + * Prevent XEE/XXE Attacks + * + * @param DOMDocument $dom The document where load the xml. + * @param string $xml The XML string to be loaded. + * + * @return DOMDocument|false $dom The result of load the XML at the DOMDocument + * + * @throws Exception + */ + public static function loadXML(DOMDocument $dom, $xml) + { + assert($dom instanceof DOMDocument); + assert(is_string($xml)); + + $oldEntityLoader = libxml_disable_entity_loader(true); + + $res = $dom->loadXML($xml); + + libxml_disable_entity_loader($oldEntityLoader); + + foreach ($dom->childNodes as $child) { + if ($child->nodeType === XML_DOCUMENT_TYPE_NODE) { + throw new Exception( + 'Detected use of DOCTYPE/ENTITY in XML, disabled to prevent XXE/XEE attacks' + ); + } + } + + if (!$res) { + return false; + } else { + return $dom; + } + } + + /** + * This function attempts to validate an XML string against the specified schema. + * + * It will parse the string into a DOMDocument and validate this document against the schema. + * + * @param string|DOMDocument $xml The XML string or document which should be validated. + * @param string $schema The schema filename which should be used. + * @param bool $debug To disable/enable the debug mode + * @param string $schemaPath Change schema path + * + * @return string|DOMDocument $dom string that explains the problem or the DOMDocument + * + * @throws Exception + */ + public static function validateXML($xml, $schema, $debug = false, $schemaPath = null) + { + assert(is_string($xml) || $xml instanceof DOMDocument); + assert(is_string($schema)); + + libxml_clear_errors(); + libxml_use_internal_errors(true); + + if ($xml instanceof DOMDocument) { + $dom = $xml; + } else { + $dom = new DOMDocument; + $dom = self::loadXML($dom, $xml); + if (!$dom) { + return 'unloaded_xml'; + } + } + + if (isset($schemaPath)) { + $schemaFile = $schemaPath . $schema; + } else { + $schemaFile = __DIR__ . '/schemas/' . $schema; + } + + $oldEntityLoader = libxml_disable_entity_loader(false); + $res = $dom->schemaValidate($schemaFile); + libxml_disable_entity_loader($oldEntityLoader); + if (!$res) { + $xmlErrors = libxml_get_errors(); + syslog(LOG_INFO, 'Error validating the metadata: '.var_export($xmlErrors, true)); + + if ($debug) { + foreach ($xmlErrors as $error) { + echo htmlentities($error->message)."\n"; + } + } + return 'invalid_xml'; + } + + return $dom; + } + + /** + * Import a node tree into a target document + * Copy it before a reference node as a sibling + * and at the end of the copy remove + * the reference node in the target document + * As it were 'replacing' it + * Leaving nested default namespaces alone + * (Standard importNode with deep copy + * mangles nested default namespaces) + * + * The reference node must not be a DomDocument + * It CAN be the top element of a document + * Returns the copied node in the target document + * + * @param DomNode $targetNode + * @param DomNode $sourceNode + * @param bool $recurse + * @return DOMNode + * @throws Exception + */ + public static function treeCopyReplace(DomNode $targetNode, DomNode $sourceNode, $recurse = false) + { + if ($targetNode->parentNode === null) { + throw new Exception('Illegal argument targetNode. It has no parentNode.'); + } + $clonedNode = $targetNode->ownerDocument->importNode($sourceNode, false); + if ($recurse) { + $resultNode = $targetNode->appendChild($clonedNode); + } else { + $resultNode = $targetNode->parentNode->insertBefore($clonedNode, $targetNode); + } + if ($sourceNode->childNodes !== null) { + foreach ($sourceNode->childNodes as $child) { + self::treeCopyReplace($resultNode, $child, true); + } + } + if (!$recurse) { + $targetNode->parentNode->removeChild($targetNode); + } + return $resultNode; + } + + /** + * Returns a x509 cert (adding header & footer if required). + * + * @param string $cert A x509 unformated cert + * @param bool $heads True if we want to include head and footer + * + * @return string $x509 Formatted cert + */ + public static function formatCert($cert, $heads = true) + { + $x509cert = str_replace(array("\x0D", "\r", "\n"), "", $cert); + if (!empty($x509cert)) { + $x509cert = str_replace('-----BEGIN CERTIFICATE-----', "", $x509cert); + $x509cert = str_replace('-----END CERTIFICATE-----', "", $x509cert); + $x509cert = str_replace(' ', '', $x509cert); + + if ($heads) { + $x509cert = "-----BEGIN CERTIFICATE-----\n".chunk_split($x509cert, 64, "\n")."-----END CERTIFICATE-----\n"; + } + + } + return $x509cert; + } + + /** + * Returns a private key (adding header & footer if required). + * + * @param string $key A private key + * @param bool $heads True if we want to include head and footer + * + * @return string $rsaKey Formatted private key + */ + public static function formatPrivateKey($key, $heads = true) + { + $key = str_replace(array("\x0D", "\r", "\n"), "", $key); + if (!empty($key)) { + if (strpos($key, '-----BEGIN PRIVATE KEY-----') !== false) { + $key = Utils::getStringBetween($key, '-----BEGIN PRIVATE KEY-----', '-----END PRIVATE KEY-----'); + $key = str_replace(' ', '', $key); + + if ($heads) { + $key = "-----BEGIN PRIVATE KEY-----\n".chunk_split($key, 64, "\n")."-----END PRIVATE KEY-----\n"; + } + } else if (strpos($key, '-----BEGIN RSA PRIVATE KEY-----') !== false) { + $key = Utils::getStringBetween($key, '-----BEGIN RSA PRIVATE KEY-----', '-----END RSA PRIVATE KEY-----'); + $key = str_replace(' ', '', $key); + + if ($heads) { + $key = "-----BEGIN RSA PRIVATE KEY-----\n".chunk_split($key, 64, "\n")."-----END RSA PRIVATE KEY-----\n"; + } + } else { + $key = str_replace(' ', '', $key); + + if ($heads) { + $key = "-----BEGIN RSA PRIVATE KEY-----\n".chunk_split($key, 64, "\n")."-----END RSA PRIVATE KEY-----\n"; + } + } + } + return $key; + } + + /** + * Extracts a substring between 2 marks + * + * @param string $str The target string + * @param string $start The initial mark + * @param string $end The end mark + * + * @return string A substring or an empty string if is not able to find the marks + * or if there is no string between the marks + */ + public static function getStringBetween($str, $start, $end) + { + $str = ' ' . $str; + $ini = strpos($str, $start); + + if ($ini == 0) { + return ''; + } + + $ini += strlen($start); + $len = strpos($str, $end, $ini) - $ini; + return substr($str, $ini, $len); + } + + /** + * Executes a redirection to the provided url (or return the target url). + * + * @param string $url The target url + * @param array $parameters Extra parameters to be passed as part of the url + * @param bool $stay True if we want to stay (returns the url string) False to redirect + * + * @return string|null $url + * + * @throws Error + */ + public static function redirect($url, array $parameters = array(), $stay = false) + { + assert(is_string($url)); + + if (substr($url, 0, 1) === '/') { + $url = self::getSelfURLhost() . $url; + } + + /** + * Verify that the URL matches the regex for the protocol. + * By default this will check for http and https + */ + $wrongProtocol = !preg_match(self::$_protocolRegex, $url); + $url = filter_var($url, FILTER_VALIDATE_URL); + if ($wrongProtocol || empty($url)) { + throw new Error( + 'Redirect to invalid URL: ' . $url, + Error::REDIRECT_INVALID_URL + ); + } + + /* Add encoded parameters */ + if (strpos($url, '?') === false) { + $paramPrefix = '?'; + } else { + $paramPrefix = '&'; + } + + foreach ($parameters as $name => $value) { + if ($value === null) { + $param = urlencode($name); + } else if (is_array($value)) { + $param = ""; + foreach ($value as $val) { + $param .= urlencode($name) . "[]=" . urlencode($val). '&'; + } + if (!empty($param)) { + $param = substr($param, 0, -1); + } + } else { + $param = urlencode($name) . '=' . urlencode($value); + } + + if (!empty($param)) { + $url .= $paramPrefix . $param; + $paramPrefix = '&'; + } + } + + if ($stay) { + return $url; + } + + header('Pragma: no-cache'); + header('Cache-Control: no-cache, must-revalidate'); + header('Location: ' . $url); + exit(); + } + + /** + * @param $protocolRegex string + */ + public static function setProtocolRegex($protocolRegex) + { + if (!empty($protocolRegex)) { + self::$_protocolRegex = $protocolRegex; + } + } + + /** + * Set the Base URL value. + * + * @param string $baseurl The base url to be used when constructing URLs + */ + public static function setBaseURL($baseurl) + { + if (!empty($baseurl)) { + $baseurlpath = '/'; + $matches = array(); + if (preg_match('#^https?://([^/]*)/?(.*)#i', $baseurl, $matches)) { + if (strpos($baseurl, 'https://') === false) { + self::setSelfProtocol('http'); + $port = '80'; + } else { + self::setSelfProtocol('https'); + $port = '443'; + } + + $currentHost = $matches[1]; + if (false !== strpos($currentHost, ':')) { + list($currentHost, $possiblePort) = explode(':', $matches[1], 2); + if (is_numeric($possiblePort)) { + $port = $possiblePort; + } + } + + if (isset($matches[2]) && !empty($matches[2])) { + $baseurlpath = $matches[2]; + } + + self::setSelfHost($currentHost); + self::setSelfPort($port); + self::setBaseURLPath($baseurlpath); + } + } else { + self::$_host = null; + self::$_protocol = null; + self::$_port = null; + self::$_baseurlpath = null; + } + } + + /** + * @param bool $proxyVars Whether to use `X-Forwarded-*` headers to determine port/domain/protocol + */ + public static function setProxyVars($proxyVars) + { + self::$_proxyVars = (bool)$proxyVars; + } + + /** + * @return bool + */ + public static function getProxyVars() + { + return self::$_proxyVars; + } + + /** + * Returns the protocol + the current host + the port (if different than + * common ports). + * + * @return string The URL + */ + public static function getSelfURLhost() + { + $currenthost = self::getSelfHost(); + + $port = ''; + + if (self::isHTTPS()) { + $protocol = 'https'; + } else { + $protocol = 'http'; + } + + $portnumber = self::getSelfPort(); + + if (isset($portnumber) && ($portnumber != '80') && ($portnumber != '443')) { + $port = ':' . $portnumber; + } + + return $protocol."://" . $currenthost . $port; + } + + /** + * @param string $host The host to use when constructing URLs + */ + public static function setSelfHost($host) + { + self::$_host = $host; + } + + /** + * @param string $baseurlpath The baseurl path to use when constructing URLs + */ + public static function setBaseURLPath($baseurlpath) + { + if (empty($baseurlpath)) { + self::$_baseurlpath = null; + } else if ($baseurlpath == '/') { + self::$_baseurlpath = '/'; + } else { + self::$_baseurlpath = '/' . trim($baseurlpath, '/') . '/'; + } + } + + /** + * @return string The baseurlpath to be used when constructing URLs + */ + public static function getBaseURLPath() + { + return self::$_baseurlpath; + } + + /** + * @return string The raw host name + */ + protected static function getRawHost() + { + if (self::$_host) { + $currentHost = self::$_host; + } elseif (self::getProxyVars() && array_key_exists('HTTP_X_FORWARDED_HOST', $_SERVER)) { + $currentHost = $_SERVER['HTTP_X_FORWARDED_HOST']; + } elseif (array_key_exists('HTTP_HOST', $_SERVER)) { + $currentHost = $_SERVER['HTTP_HOST']; + } elseif (array_key_exists('SERVER_NAME', $_SERVER)) { + $currentHost = $_SERVER['SERVER_NAME']; + } else { + if (function_exists('gethostname')) { + $currentHost = gethostname(); + } else { + $currentHost = php_uname("n"); + } + } + return $currentHost; + } + + /** + * @param int $port The port number to use when constructing URLs + */ + public static function setSelfPort($port) + { + self::$_port = $port; + } + + /** + * @param string $protocol The protocol to identify as using, usually http or https + */ + public static function setSelfProtocol($protocol) + { + self::$_protocol = $protocol; + } + + /** + * @return string http|https + */ + public static function getSelfProtocol() + { + $protocol = 'http'; + if (self::$_protocol) { + $protocol = self::$_protocol; + } elseif (self::getSelfPort() == 443) { + $protocol = 'https'; + } elseif (self::getProxyVars() && isset($_SERVER['HTTP_X_FORWARDED_PROTO'])) { + $protocol = $_SERVER['HTTP_X_FORWARDED_PROTO']; + } elseif (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') { + $protocol = 'https'; + } + return $protocol; + } + + /** + * Returns the current host. + * + * @return string $currentHost The current host + */ + public static function getSelfHost() + { + $currentHost = self::getRawHost(); + + // strip the port + if (false !== strpos($currentHost, ':')) { + list($currentHost, $port) = explode(':', $currentHost, 2); + } + + return $currentHost; + } + + /** + * @return null|string The port number used for the request + */ + public static function getSelfPort() + { + $portnumber = null; + if (self::$_port) { + $portnumber = self::$_port; + } else if (self::getProxyVars() && isset($_SERVER["HTTP_X_FORWARDED_PORT"])) { + $portnumber = $_SERVER["HTTP_X_FORWARDED_PORT"]; + } else if (isset($_SERVER["SERVER_PORT"])) { + $portnumber = $_SERVER["SERVER_PORT"]; + } else { + $currentHost = self::getRawHost(); + + // strip the port + if (false !== strpos($currentHost, ':')) { + list($currentHost, $port) = explode(':', $currentHost, 2); + if (is_numeric($port)) { + $portnumber = $port; + } + } + } + return $portnumber; + } + + /** + * Checks if https or http. + * + * @return bool $isHttps False if https is not active + */ + public static function isHTTPS() + { + return self::getSelfProtocol() == 'https'; + } + + /** + * Returns the URL of the current host + current view. + * + * @return string + */ + public static function getSelfURLNoQuery() + { + $selfURLNoQuery = self::getSelfURLhost(); + + $infoWithBaseURLPath = self::buildWithBaseURLPath($_SERVER['SCRIPT_NAME']); + if (!empty($infoWithBaseURLPath)) { + $selfURLNoQuery .= $infoWithBaseURLPath; + } else { + $selfURLNoQuery .= $_SERVER['SCRIPT_NAME']; + } + + if (isset($_SERVER['PATH_INFO'])) { + $selfURLNoQuery .= $_SERVER['PATH_INFO']; + } + + return $selfURLNoQuery; + } + + /** + * Returns the routed URL of the current host + current view. + * + * @return string + */ + public static function getSelfRoutedURLNoQuery() + { + $selfURLhost = self::getSelfURLhost(); + $route = ''; + + if (!empty($_SERVER['REQUEST_URI'])) { + $route = $_SERVER['REQUEST_URI']; + if (!empty($_SERVER['QUERY_STRING'])) { + $route = self::strLreplace($_SERVER['QUERY_STRING'], '', $route); + if (substr($route, -1) == '?') { + $route = substr($route, 0, -1); + } + } + } + + $infoWithBaseURLPath = self::buildWithBaseURLPath($route); + if (!empty($infoWithBaseURLPath)) { + $route = $infoWithBaseURLPath; + } + + $selfRoutedURLNoQuery = $selfURLhost . $route; + + $pos = strpos($selfRoutedURLNoQuery, "?"); + if ($pos !== false) { + $selfRoutedURLNoQuery = substr($selfRoutedURLNoQuery, 0, $pos-1); + } + + return $selfRoutedURLNoQuery; + } + + public static function strLreplace($search, $replace, $subject) + { + $pos = strrpos($subject, $search); + + if ($pos !== false) { + $subject = substr_replace($subject, $replace, $pos, strlen($search)); + } + + return $subject; + } + + /** + * Returns the URL of the current host + current view + query. + * + * @return string + */ + public static function getSelfURL() + { + $selfURLhost = self::getSelfURLhost(); + + $requestURI = ''; + if (!empty($_SERVER['REQUEST_URI'])) { + $requestURI = $_SERVER['REQUEST_URI']; + $matches = array(); + if ($requestURI[0] !== '/' && preg_match('#^https?://[^/]*(/.*)#i', $requestURI, $matches)) { + $requestURI = $matches[1]; + } + } + + $infoWithBaseURLPath = self::buildWithBaseURLPath($requestURI); + if (!empty($infoWithBaseURLPath)) { + $requestURI = $infoWithBaseURLPath; + } + + return $selfURLhost . $requestURI; + } + + /** + * Returns the part of the URL with the BaseURLPath. + * + * @param string $info Contains path info + * + * @return string + */ + protected static function buildWithBaseURLPath($info) + { + $result = ''; + $baseURLPath = self::getBaseURLPath(); + if (!empty($baseURLPath)) { + $result = $baseURLPath; + if (!empty($info)) { + $path = explode('/', $info); + $extractedInfo = array_pop($path); + if (!empty($extractedInfo)) { + $result .= $extractedInfo; + } + } + } + return $result; + } + + /** + * Extract a query param - as it was sent - from $_SERVER[QUERY_STRING] + * + * @param string $name The param to-be extracted + * + * @return string + */ + public static function extractOriginalQueryParam($name) + { + $index = strpos($_SERVER['QUERY_STRING'], $name.'='); + $substring = substr($_SERVER['QUERY_STRING'], $index + strlen($name) + 1); + $end = strpos($substring, '&'); + return $end ? substr($substring, 0, strpos($substring, '&')) : $substring; + } + + /** + * Generates an unique string (used for example as ID for assertions). + * + * @return string A unique string + */ + public static function generateUniqueID() + { + return 'ONELOGIN_' . sha1(uniqid((string)mt_rand(), true)); + } + + /** + * Converts a UNIX timestamp to SAML2 timestamp on the form + * yyyy-mm-ddThh:mm:ss(\.s+)?Z. + * + * @param string|int $time The time we should convert (DateTime). + * + * @return string $timestamp SAML2 timestamp. + */ + public static function parseTime2SAML($time) + { + $date = new \DateTime("@$time", new \DateTimeZone('UTC')); + $timestamp = $date->format("Y-m-d\TH:i:s\Z"); + return $timestamp; + } + + /** + * Converts a SAML2 timestamp on the form yyyy-mm-ddThh:mm:ss(\.s+)?Z + * to a UNIX timestamp. The sub-second part is ignored. + * + * @param string $time The time we should convert (SAML Timestamp). + * + * @return int $timestamp Converted to a unix timestamp. + * + * @throws Exception + */ + public static function parseSAML2Time($time) + { + $matches = array(); + + /* We use a very strict regex to parse the timestamp. */ + $exp1 = '/^(\\d\\d\\d\\d)-(\\d\\d)-(\\d\\d)'; + $exp2 = 'T(\\d\\d):(\\d\\d):(\\d\\d)(?:\\.\\d+)?Z$/D'; + if (preg_match($exp1 . $exp2, $time, $matches) == 0) { + throw new Exception( + 'Invalid SAML2 timestamp passed to' . + ' parseSAML2Time: ' . $time + ); + } + + /* Extract the different components of the time from the + * matches in the regex. int cast will ignore leading zeroes + * in the string. + */ + $year = (int) $matches[1]; + $month = (int) $matches[2]; + $day = (int) $matches[3]; + $hour = (int) $matches[4]; + $minute = (int) $matches[5]; + $second = (int) $matches[6]; + + /* We use gmmktime because the timestamp will always be given + * in UTC. + */ + $ts = gmmktime($hour, $minute, $second, $month, $day, $year); + + return $ts; + } + + + /** + * Interprets a ISO8601 duration value relative to a given timestamp. + * + * @param string $duration The duration, as a string. + * @param int|null $timestamp The unix timestamp we should apply the + * duration to. Optional, default to the + * current time. + * + * @return int The new timestamp, after the duration is applied. + * + * @throws Exception + */ + public static function parseDuration($duration, $timestamp = null) + { + assert(is_string($duration)); + assert(is_null($timestamp) || is_int($timestamp)); + + $matches = array(); + + /* Parse the duration. We use a very strict pattern. */ + $durationRegEx = '#^(-?)P(?:(?:(?:(\\d+)Y)?(?:(\\d+)M)?(?:(\\d+)D)?(?:T(?:(\\d+)H)?(?:(\\d+)M)?(?:(\\d+)S)?)?)|(?:(\\d+)W))$#D'; + if (!preg_match($durationRegEx, $duration, $matches)) { + throw new Exception('Invalid ISO 8601 duration: ' . $duration); + } + + $durYears = (empty($matches[2]) ? 0 : (int)$matches[2]); + $durMonths = (empty($matches[3]) ? 0 : (int)$matches[3]); + $durDays = (empty($matches[4]) ? 0 : (int)$matches[4]); + $durHours = (empty($matches[5]) ? 0 : (int)$matches[5]); + $durMinutes = (empty($matches[6]) ? 0 : (int)$matches[6]); + $durSeconds = (empty($matches[7]) ? 0 : (int)$matches[7]); + $durWeeks = (empty($matches[8]) ? 0 : (int)$matches[8]); + + if (!empty($matches[1])) { + /* Negative */ + $durYears = -$durYears; + $durMonths = -$durMonths; + $durDays = -$durDays; + $durHours = -$durHours; + $durMinutes = -$durMinutes; + $durSeconds = -$durSeconds; + $durWeeks = -$durWeeks; + } + + if ($timestamp === null) { + $timestamp = time(); + } + + if ($durYears !== 0 || $durMonths !== 0) { + /* Special handling of months and years, since they aren't a specific interval, but + * instead depend on the current time. + */ + + /* We need the year and month from the timestamp. Unfortunately, PHP doesn't have the + * gmtime function. Instead we use the gmdate function, and split the result. + */ + $yearmonth = explode(':', gmdate('Y:n', $timestamp)); + $year = (int)$yearmonth[0]; + $month = (int)$yearmonth[1]; + + /* Remove the year and month from the timestamp. */ + $timestamp -= gmmktime(0, 0, 0, $month, 1, $year); + + /* Add years and months, and normalize the numbers afterwards. */ + $year += $durYears; + $month += $durMonths; + while ($month > 12) { + $year += 1; + $month -= 12; + } + while ($month < 1) { + $year -= 1; + $month += 12; + } + + /* Add year and month back into timestamp. */ + $timestamp += gmmktime(0, 0, 0, $month, 1, $year); + } + + /* Add the other elements. */ + $timestamp += $durWeeks * 7 * 24 * 60 * 60; + $timestamp += $durDays * 24 * 60 * 60; + $timestamp += $durHours * 60 * 60; + $timestamp += $durMinutes * 60; + $timestamp += $durSeconds; + + return $timestamp; + } + + /** + * Compares 2 dates and returns the earliest. + * + * @param string|null $cacheDuration The duration, as a string. + * @param string|int|null $validUntil The valid until date, as a string or as a timestamp + * + * @return int|null $expireTime The expiration time. + * + * @throws Exception + */ + public static function getExpireTime($cacheDuration = null, $validUntil = null) + { + $expireTime = null; + + if ($cacheDuration !== null) { + $expireTime = self::parseDuration($cacheDuration, time()); + } + + if ($validUntil !== null) { + if (is_int($validUntil)) { + $validUntilTime = $validUntil; + } else { + $validUntilTime = self::parseSAML2Time($validUntil); + } + if ($expireTime === null || $expireTime > $validUntilTime) { + $expireTime = $validUntilTime; + } + } + + return $expireTime; + } + + + /** + * Extracts nodes from the DOMDocument. + * + * @param DOMDocument $dom The DOMDocument + * @param string $query \Xpath Expression + * @param DOMElement|null $context Context Node (DOMElement) + * + * @return DOMNodeList The queried nodes + */ + public static function query(DOMDocument $dom, $query, DOMElement $context = null) + { + $xpath = new DOMXPath($dom); + $xpath->registerNamespace('samlp', Constants::NS_SAMLP); + $xpath->registerNamespace('saml', Constants::NS_SAML); + $xpath->registerNamespace('ds', Constants::NS_DS); + $xpath->registerNamespace('xenc', Constants::NS_XENC); + $xpath->registerNamespace('xsi', Constants::NS_XSI); + $xpath->registerNamespace('xs', Constants::NS_XS); + $xpath->registerNamespace('md', Constants::NS_MD); + + if (isset($context)) { + $res = $xpath->query($query, $context); + } else { + $res = $xpath->query($query); + } + return $res; + } + + /** + * Checks if the session is started or not. + * + * @return bool true if the sessíon is started + */ + public static function isSessionStarted() + { + if (PHP_VERSION_ID >= 50400) { + return session_status() === PHP_SESSION_ACTIVE ? true : false; + } else { + return session_id() === '' ? false : true; + } + } + + /** + * Deletes the local session. + */ + public static function deleteLocalSession() + { + + if (Utils::isSessionStarted()) { + session_destroy(); + } + + unset($_SESSION); + } + + /** + * Calculates the fingerprint of a x509cert. + * + * @param string $x509cert x509 cert formatted + * @param string $alg Algorithm to be used in order to calculate the fingerprint + * + * @return null|string Formatted fingerprint + */ + public static function calculateX509Fingerprint($x509cert, $alg = 'sha1') + { + assert(is_string($x509cert)); + + $arCert = explode("\n", $x509cert); + $data = ''; + $inData = false; + + foreach ($arCert as $curData) { + if (! $inData) { + if (strncmp($curData, '-----BEGIN CERTIFICATE', 22) == 0) { + $inData = true; + } elseif ((strncmp($curData, '-----BEGIN PUBLIC KEY', 21) == 0) || (strncmp($curData, '-----BEGIN RSA PRIVATE KEY', 26) == 0)) { + /* This isn't an X509 certificate. */ + return null; + } + } else { + if (strncmp($curData, '-----END CERTIFICATE', 20) == 0) { + break; + } + $data .= trim($curData); + } + } + + if (empty($data)) { + return null; + } + + $decodedData = base64_decode($data); + + switch ($alg) { + case 'sha512': + case 'sha384': + case 'sha256': + $fingerprint = hash($alg, $decodedData, false); + break; + case 'sha1': + default: + $fingerprint = strtolower(sha1($decodedData)); + break; + } + return $fingerprint; + } + + /** + * Formates a fingerprint. + * + * @param string $fingerprint fingerprint + * + * @return string Formatted fingerprint + */ + public static function formatFingerPrint($fingerprint) + { + $formatedFingerprint = str_replace(':', '', $fingerprint); + $formatedFingerprint = strtolower($formatedFingerprint); + return $formatedFingerprint; + } + + /** + * Generates a nameID. + * + * @param string $value fingerprint + * @param string $spnq SP Name Qualifier + * @param string|null $format SP Format + * @param string|null $cert IdP Public cert to encrypt the nameID + * @param string|null $nq IdP Name Qualifier + * + * @return string $nameIDElement DOMElement | XMLSec nameID + * + * @throws Exception + */ + public static function generateNameId($value, $spnq, $format = null, $cert = null, $nq = null) + { + + $doc = new DOMDocument(); + + $nameId = $doc->createElement('saml:NameID'); + if (isset($spnq)) { + $nameId->setAttribute('SPNameQualifier', $spnq); + } + if (isset($nq)) { + $nameId->setAttribute('NameQualifier', $nq); + } + if (isset($format)) { + $nameId->setAttribute('Format', $format); + } + $nameId->appendChild($doc->createTextNode($value)); + + $doc->appendChild($nameId); + + if (!empty($cert)) { + $seckey = new XMLSecurityKey(XMLSecurityKey::RSA_1_5, array('type'=>'public')); + $seckey->loadKey($cert); + + $enc = new XMLSecEnc(); + $enc->setNode($nameId); + $enc->type = XMLSecEnc::Element; + + $symmetricKey = new XMLSecurityKey(XMLSecurityKey::AES128_CBC); + $symmetricKey->generateSessionKey(); + $enc->encryptKey($seckey, $symmetricKey); + + $encryptedData = $enc->encryptNode($symmetricKey); + + $newdoc = new DOMDocument(); + + $encryptedID = $newdoc->createElement('saml:EncryptedID'); + + $newdoc->appendChild($encryptedID); + + $encryptedID->appendChild($encryptedID->ownerDocument->importNode($encryptedData, true)); + + return $newdoc->saveXML($encryptedID); + } else { + return $doc->saveXML($nameId); + } + } + + + /** + * Gets Status from a Response. + * + * @param DOMDocument $dom The Response as XML + * + * @return array $status The Status, an array with the code and a message. + * + * @throws ValidationError + */ + public static function getStatus(DOMDocument $dom) + { + $status = array(); + + $statusEntry = self::query($dom, '/samlp:Response/samlp:Status'); + if ($statusEntry->length != 1) { + throw new ValidationError( + "Missing Status on response", + ValidationError::MISSING_STATUS + ); + } + + $codeEntry = self::query($dom, '/samlp:Response/samlp:Status/samlp:StatusCode', $statusEntry->item(0)); + if ($codeEntry->length != 1) { + throw new ValidationError( + "Missing Status Code on response", + ValidationError::MISSING_STATUS_CODE + ); + } + $code = $codeEntry->item(0)->getAttribute('Value'); + $status['code'] = $code; + + $status['msg'] = ''; + $messageEntry = self::query($dom, '/samlp:Response/samlp:Status/samlp:StatusMessage', $statusEntry->item(0)); + if ($messageEntry->length == 0) { + $subCodeEntry = self::query($dom, '/samlp:Response/samlp:Status/samlp:StatusCode/samlp:StatusCode', $statusEntry->item(0)); + if ($subCodeEntry->length == 1) { + $status['msg'] = $subCodeEntry->item(0)->getAttribute('Value'); + } + } else if ($messageEntry->length == 1) { + $msg = $messageEntry->item(0)->textContent; + $status['msg'] = $msg; + } + + return $status; + } + + /** + * Decrypts an encrypted element. + * + * @param DOMElement $encryptedData The encrypted data. + * @param XMLSecurityKey $inputKey The decryption key. + * @param bool $formatOutput Format or not the output. + * + * @return DOMElement The decrypted element. + * + * @throws ValidationError + */ + public static function decryptElement(DOMElement $encryptedData, XMLSecurityKey $inputKey, $formatOutput = true) + { + + $enc = new XMLSecEnc(); + + $enc->setNode($encryptedData); + $enc->type = $encryptedData->getAttribute("Type"); + + $symmetricKey = $enc->locateKey($encryptedData); + if (!$symmetricKey) { + throw new ValidationError( + 'Could not locate key algorithm in encrypted data.', + ValidationError::KEY_ALGORITHM_ERROR + ); + } + + $symmetricKeyInfo = $enc->locateKeyInfo($symmetricKey); + if (!$symmetricKeyInfo) { + throw new ValidationError( + "Could not locate for the encrypted key.", + ValidationError::KEYINFO_NOT_FOUND_IN_ENCRYPTED_DATA + ); + } + + $inputKeyAlgo = $inputKey->getAlgorithm(); + if ($symmetricKeyInfo->isEncrypted) { + $symKeyInfoAlgo = $symmetricKeyInfo->getAlgorithm(); + + if ($symKeyInfoAlgo === XMLSecurityKey::RSA_OAEP_MGF1P && $inputKeyAlgo === XMLSecurityKey::RSA_1_5) { + $inputKeyAlgo = XMLSecurityKey::RSA_OAEP_MGF1P; + } + + if ($inputKeyAlgo !== $symKeyInfoAlgo) { + throw new ValidationError( + 'Algorithm mismatch between input key and key used to encrypt ' . + ' the symmetric key for the message. Key was: ' . + var_export($inputKeyAlgo, true) . '; message was: ' . + var_export($symKeyInfoAlgo, true), + ValidationError::KEY_ALGORITHM_ERROR + ); + } + + $encKey = $symmetricKeyInfo->encryptedCtx; + $symmetricKeyInfo->key = $inputKey->key; + $keySize = $symmetricKey->getSymmetricKeySize(); + if ($keySize === null) { + // To protect against "key oracle" attacks + throw new ValidationError( + 'Unknown key size for encryption algorithm: ' . var_export($symmetricKey->type, true), + ValidationError::KEY_ALGORITHM_ERROR + ); + } + + $key = $encKey->decryptKey($symmetricKeyInfo); + if (strlen($key) != $keySize) { + $encryptedKey = $encKey->getCipherValue(); + $pkey = openssl_pkey_get_details($symmetricKeyInfo->key); + $pkey = sha1(serialize($pkey), true); + $key = sha1($encryptedKey . $pkey, true); + + /* Make sure that the key has the correct length. */ + if (strlen($key) > $keySize) { + $key = substr($key, 0, $keySize); + } elseif (strlen($key) < $keySize) { + $key = str_pad($key, $keySize); + } + } + $symmetricKey->loadKey($key); + } else { + $symKeyAlgo = $symmetricKey->getAlgorithm(); + if ($inputKeyAlgo !== $symKeyAlgo) { + throw new ValidationError( + 'Algorithm mismatch between input key and key in message. ' . + 'Key was: ' . var_export($inputKeyAlgo, true) . '; message was: ' . + var_export($symKeyAlgo, true), + ValidationError::KEY_ALGORITHM_ERROR + ); + } + $symmetricKey = $inputKey; + } + + $decrypted = $enc->decryptNode($symmetricKey, false); + + $xml = ''.$decrypted.''; + $newDoc = new DOMDocument(); + if ($formatOutput) { + $newDoc->preserveWhiteSpace = false; + $newDoc->formatOutput = true; + } + $newDoc = self::loadXML($newDoc, $xml); + if (!$newDoc) { + throw new ValidationError( + 'Failed to parse decrypted XML.', + ValidationError::INVALID_XML_FORMAT + ); + } + + $decryptedElement = $newDoc->firstChild->firstChild; + if ($decryptedElement === null) { + throw new ValidationError( + 'Missing encrypted element.', + ValidationError::MISSING_ENCRYPTED_ELEMENT + ); + } + + return $decryptedElement; + } + + /** + * Converts a XMLSecurityKey to the correct algorithm. + * + * @param XMLSecurityKey $key The key. + * @param string $algorithm The desired algorithm. + * @param string $type Public or private key, defaults to public. + * + * @return XMLSecurityKey The new key. + * + * @throws Exception + */ + public static function castKey(XMLSecurityKey $key, $algorithm, $type = 'public') + { + assert(is_string($algorithm)); + assert($type === 'public' || $type === 'private'); + + // do nothing if algorithm is already the type of the key + if ($key->type === $algorithm) { + return $key; + } + + if (!Utils::isSupportedSigningAlgorithm($algorithm)) { + throw new Exception('Unsupported signing algorithm.'); + } + + $keyInfo = openssl_pkey_get_details($key->key); + if ($keyInfo === false) { + throw new Exception('Unable to get key details from XMLSecurityKey.'); + } + if (!isset($keyInfo['key'])) { + throw new Exception('Missing key in public key details.'); + } + $newKey = new XMLSecurityKey($algorithm, array('type'=>$type)); + $newKey->loadKey($keyInfo['key']); + return $newKey; + } + + /** + * @param $algorithm + * + * @return bool + */ + public static function isSupportedSigningAlgorithm($algorithm) + { + return in_array( + $algorithm, + array( + XMLSecurityKey::RSA_1_5, + XMLSecurityKey::RSA_SHA1, + XMLSecurityKey::RSA_SHA256, + XMLSecurityKey::RSA_SHA384, + XMLSecurityKey::RSA_SHA512 + ) + ); + } + + /** + * Adds signature key and senders certificate to an element (Message or Assertion). + * + * @param string|DOMDocument $xml The element we should sign + * @param string $key The private key + * @param string $cert The public + * @param string $signAlgorithm Signature algorithm method + * @param string $digestAlgorithm Digest algorithm method + * + * @return string + * + * @throws Exception + */ + public static function addSign($xml, $key, $cert, $signAlgorithm = XMLSecurityKey::RSA_SHA256, $digestAlgorithm = XMLSecurityDSig::SHA256) + { + if ($xml instanceof DOMDocument) { + $dom = $xml; + } else { + $dom = new DOMDocument(); + $dom = self::loadXML($dom, $xml); + if (!$dom) { + throw new Exception('Error parsing xml string'); + } + } + + /* Load the private key. */ + $objKey = new XMLSecurityKey($signAlgorithm, array('type' => 'private')); + $objKey->loadKey($key, false); + + /* Get the EntityDescriptor node we should sign. */ + $rootNode = $dom->firstChild; + + /* Sign the metadata with our private key. */ + $objXMLSecDSig = new XMLSecurityDSig(); + $objXMLSecDSig->setCanonicalMethod(XMLSecurityDSig::EXC_C14N); + + $objXMLSecDSig->addReferenceList( + array($rootNode), + $digestAlgorithm, + array('http://www.w3.org/2000/09/xmldsig#enveloped-signature', XMLSecurityDSig::EXC_C14N), + array('id_name' => 'ID') + ); + + $objXMLSecDSig->sign($objKey); + + /* Add the certificate to the signature. */ + $objXMLSecDSig->add509Cert($cert, true); + + $insertBefore = $rootNode->firstChild; + $messageTypes = array('AuthnRequest', 'Response', 'LogoutRequest','LogoutResponse'); + if (in_array($rootNode->localName, $messageTypes)) { + $issuerNodes = self::query($dom, '/'.$rootNode->tagName.'/saml:Issuer'); + if ($issuerNodes->length == 1) { + $insertBefore = $issuerNodes->item(0)->nextSibling; + } + } + + /* Add the signature. */ + $objXMLSecDSig->insertSignature($rootNode, $insertBefore); + + /* Return the DOM tree as a string. */ + $signedxml = $dom->saveXML(); + + return $signedxml; + } + + /** + * Validates a signature (Message or Assertion). + * + * @param string|\DomNode $xml The element we should validate + * @param string|null $cert The pubic cert + * @param string|null $fingerprint The fingerprint of the public cert + * @param string|null $fingerprintalg The algorithm used to get the fingerprint + * @param string|null $xpath The xpath of the signed element + * @param array|null $multiCerts Multiple public certs + * + * @return bool + * + * @throws Exception + */ + public static function validateSign($xml, $cert = null, $fingerprint = null, $fingerprintalg = 'sha1', $xpath = null, $multiCerts = null) + { + if ($xml instanceof DOMDocument) { + $dom = clone $xml; + } else if ($xml instanceof DOMElement) { + $dom = clone $xml->ownerDocument; + } else { + $dom = new DOMDocument(); + $dom = self::loadXML($dom, $xml); + } + + $objXMLSecDSig = new XMLSecurityDSig(); + $objXMLSecDSig->idKeys = array('ID'); + + if ($xpath) { + $nodeset = Utils::query($dom, $xpath); + $objDSig = $nodeset->item(0); + $objXMLSecDSig->sigNode = $objDSig; + } else { + $objDSig = $objXMLSecDSig->locateSignature($dom); + } + + if (!$objDSig) { + throw new Exception('Cannot locate Signature Node'); + } + + $objKey = $objXMLSecDSig->locateKey(); + if (!$objKey) { + throw new Exception('We have no idea about the key'); + } + + if (!Utils::isSupportedSigningAlgorithm($objKey->type)) { + throw new Exception('Unsupported signing algorithm.'); + } + + $objXMLSecDSig->canonicalizeSignedInfo(); + + try { + $retVal = $objXMLSecDSig->validateReference(); + } catch (Exception $e) { + throw $e; + } + + XMLSecEnc::staticLocateKeyInfo($objKey, $objDSig); + + if (!empty($multiCerts)) { + // If multiple certs are provided, I may ignore $cert and + // $fingerprint provided by the method and just check the + // certs on the array + $fingerprint = null; + } else { + // else I add the cert to the array in order to check + // validate signatures with it and the with it and the + // $fingerprint value + $multiCerts = array($cert); + } + + $valid = false; + foreach ($multiCerts as $cert) { + if (!empty($cert)) { + $objKey->loadKey($cert, false, true); + if ($objXMLSecDSig->verify($objKey) === 1) { + $valid = true; + break; + } + } else { + if (!empty($fingerprint)) { + $domCert = $objKey->getX509Certificate(); + $domCertFingerprint = Utils::calculateX509Fingerprint($domCert, $fingerprintalg); + if (Utils::formatFingerPrint($fingerprint) == $domCertFingerprint) { + $objKey->loadKey($domCert, false, true); + if ($objXMLSecDSig->verify($objKey) === 1) { + $valid = true; + break; + } + } + } + } + } + return $valid; + } + + /** + * Validates a binary signature + * + * @param string $messageType Type of SAML Message + * @param array $getData HTTP GET array + * @param array $idpData IdP setting data + * @param bool $retrieveParametersFromServer Indicates where to get the values in order to validate the Sign, from getData or from $_SERVER + * + * @return bool + * + * @throws Exception + */ + public static function validateBinarySign($messageType, $getData, $idpData, $retrieveParametersFromServer = false) + { + if (!isset($getData['SigAlg'])) { + $signAlg = XMLSecurityKey::RSA_SHA1; + } else { + $signAlg = $getData['SigAlg']; + } + + if ($retrieveParametersFromServer) { + $signedQuery = $messageType.'='.Utils::extractOriginalQueryParam($messageType); + if (isset($getData['RelayState'])) { + $signedQuery .= '&RelayState='.Utils::extractOriginalQueryParam('RelayState'); + } + $signedQuery .= '&SigAlg='.Utils::extractOriginalQueryParam('SigAlg'); + } else { + $signedQuery = $messageType.'='.urlencode($getData[$messageType]); + if (isset($getData['RelayState'])) { + $signedQuery .= '&RelayState='.urlencode($getData['RelayState']); + } + $signedQuery .= '&SigAlg='.urlencode($signAlg); + } + + if ($messageType == "SAMLRequest") { + $strMessageType = "Logout Request"; + } else { + $strMessageType = "Logout Response"; + } + $existsMultiX509Sign = isset($idpData['x509certMulti']) && isset($idpData['x509certMulti']['signing']) && !empty($idpData['x509certMulti']['signing']); + if ((!isset($idpData['x509cert']) || empty($idpData['x509cert'])) && !$existsMultiX509Sign) { + throw new Error( + "In order to validate the sign on the ".$strMessageType.", the x509cert of the IdP is required", + Error::CERT_NOT_FOUND + ); + } + + if ($existsMultiX509Sign) { + $multiCerts = $idpData['x509certMulti']['signing']; + } else { + $multiCerts = array($idpData['x509cert']); + } + + $signatureValid = false; + foreach ($multiCerts as $cert) { + $objKey = new XMLSecurityKey(XMLSecurityKey::RSA_SHA1, array('type' => 'public')); + $objKey->loadKey($cert, false, true); + + if ($signAlg != XMLSecurityKey::RSA_SHA1) { + try { + $objKey = Utils::castKey($objKey, $signAlg, 'public'); + } catch (Exception $e) { + $ex = new ValidationError( + "Invalid signAlg in the recieved ".$strMessageType, + ValidationError::INVALID_SIGNATURE + ); + if (count($multiCerts) == 1) { + throw $ex; + } + } + } + + if ($objKey->verifySignature($signedQuery, base64_decode($getData['Signature'])) === 1) { + $signatureValid = true; + break; + } + } + return $signatureValid; + } +} diff --git a/docker/nextcloud/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/ValidationError.php b/docker/nextcloud/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/ValidationError.php new file mode 100755 index 0000000..889f531 --- /dev/null +++ b/docker/nextcloud/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/ValidationError.php @@ -0,0 +1,100 @@ + + * @license MIT https://github.com/onelogin/php-saml/blob/master/LICENSE + * @link https://github.com/onelogin/php-saml + */ + +namespace OneLogin\Saml2; + +use Exception; + +/** + * ValidationError class of OneLogin PHP Toolkit + * + * This class implements another custom Exception handler, + * related to exceptions that happens during validation process. + */ +class ValidationError extends Exception +{ + // Validation Errors + const UNSUPPORTED_SAML_VERSION = 0; + const MISSING_ID = 1; + const WRONG_NUMBER_OF_ASSERTIONS = 2; + const MISSING_STATUS = 3; + const MISSING_STATUS_CODE = 4; + const STATUS_CODE_IS_NOT_SUCCESS = 5; + const WRONG_SIGNED_ELEMENT = 6; + const ID_NOT_FOUND_IN_SIGNED_ELEMENT = 7; + const DUPLICATED_ID_IN_SIGNED_ELEMENTS = 8; + const INVALID_SIGNED_ELEMENT = 9; + const DUPLICATED_REFERENCE_IN_SIGNED_ELEMENTS = 10; + const UNEXPECTED_SIGNED_ELEMENTS = 11; + const WRONG_NUMBER_OF_SIGNATURES_IN_RESPONSE = 12; + const WRONG_NUMBER_OF_SIGNATURES_IN_ASSERTION = 13; + const INVALID_XML_FORMAT = 14; + const WRONG_INRESPONSETO = 15; + const NO_ENCRYPTED_ASSERTION = 16; + const NO_ENCRYPTED_NAMEID = 17; + const MISSING_CONDITIONS = 18; + const ASSERTION_TOO_EARLY = 19; + const ASSERTION_EXPIRED = 20; + const WRONG_NUMBER_OF_AUTHSTATEMENTS = 21; + const NO_ATTRIBUTESTATEMENT = 22; + const ENCRYPTED_ATTRIBUTES = 23; + const WRONG_DESTINATION = 24; + const EMPTY_DESTINATION = 25; + const WRONG_AUDIENCE = 26; + const ISSUER_MULTIPLE_IN_RESPONSE = 27; + const ISSUER_NOT_FOUND_IN_ASSERTION = 28; + const WRONG_ISSUER = 29; + const SESSION_EXPIRED = 30; + const WRONG_SUBJECTCONFIRMATION = 31; + const NO_SIGNED_MESSAGE = 32; + const NO_SIGNED_ASSERTION = 33; + const NO_SIGNATURE_FOUND = 34; + const KEYINFO_NOT_FOUND_IN_ENCRYPTED_DATA = 35; + const CHILDREN_NODE_NOT_FOUND_IN_KEYINFO = 36; + const UNSUPPORTED_RETRIEVAL_METHOD = 37; + const NO_NAMEID = 38; + const EMPTY_NAMEID = 39; + const SP_NAME_QUALIFIER_NAME_MISMATCH = 40; + const DUPLICATED_ATTRIBUTE_NAME_FOUND = 41; + const INVALID_SIGNATURE = 42; + const WRONG_NUMBER_OF_SIGNATURES = 43; + const RESPONSE_EXPIRED = 44; + const UNEXPECTED_REFERENCE = 45; + const NOT_SUPPORTED = 46; + const KEY_ALGORITHM_ERROR = 47; + const MISSING_ENCRYPTED_ELEMENT = 48; + + + /** + * Constructor + * + * @param string $msg Describes the error. + * @param int $code The code error (defined in the error class). + * @param array|null $args Arguments used in the message that describes the error. + */ + public function __construct($msg, $code = 0, $args = array()) + { + assert(is_string($msg)); + assert(is_int($code)); + + if (!isset($args)) { + $args = array(); + } + $params = array_merge(array($msg), $args); + $message = call_user_func_array('sprintf', $params); + + parent::__construct($message, $code); + } +} diff --git a/docker/nextcloud/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/schemas/saml-schema-assertion-2.0.xsd b/docker/nextcloud/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/schemas/saml-schema-assertion-2.0.xsd new file mode 100755 index 0000000..2b2f7b8 --- /dev/null +++ b/docker/nextcloud/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/schemas/saml-schema-assertion-2.0.xsd @@ -0,0 +1,283 @@ + + + + + + + Document identifier: saml-schema-assertion-2.0 + Location: http://docs.oasis-open.org/security/saml/v2.0/ + Revision history: + V1.0 (November, 2002): + Initial Standard Schema. + V1.1 (September, 2003): + Updates within the same V1.0 namespace. + V2.0 (March, 2005): + New assertion schema for SAML V2.0 namespace. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docker/nextcloud/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/schemas/saml-schema-authn-context-2.0.xsd b/docker/nextcloud/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/schemas/saml-schema-authn-context-2.0.xsd new file mode 100755 index 0000000..e4754fa --- /dev/null +++ b/docker/nextcloud/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/schemas/saml-schema-authn-context-2.0.xsd @@ -0,0 +1,23 @@ + + + + + + Document identifier: saml-schema-authn-context-2.0 + Location: http://docs.oasis-open.org/security/saml/v2.0/ + Revision history: + V2.0 (March, 2005): + New core authentication context schema for SAML V2.0. + This is just an include of all types from the schema + referred to in the include statement below. + + + + + + \ No newline at end of file diff --git a/docker/nextcloud/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/schemas/saml-schema-authn-context-types-2.0.xsd b/docker/nextcloud/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/schemas/saml-schema-authn-context-types-2.0.xsd new file mode 100755 index 0000000..8513959 --- /dev/null +++ b/docker/nextcloud/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/schemas/saml-schema-authn-context-types-2.0.xsd @@ -0,0 +1,821 @@ + + + + + + Document identifier: saml-schema-authn-context-types-2.0 + Location: http://docs.oasis-open.org/security/saml/v2.0/ + Revision history: + V2.0 (March, 2005): + New core authentication context schema types for SAML V2.0. + + + + + + + A particular assertion on an identity + provider's part with respect to the authentication + context associated with an authentication assertion. + + + + + + + + Refers to those characteristics that describe the + processes and mechanisms + the Authentication Authority uses to initially create + an association between a Principal + and the identity (or name) by which the Principal will + be known + + + + + + + + This element indicates that identification has been + performed in a physical + face-to-face meeting with the principal and not in an + online manner. + + + + + + + + + + + + + + + + + + + + Refers to those characterstics that describe how the + 'secret' (the knowledge or possession + of which allows the Principal to authenticate to the + Authentication Authority) is kept secure + + + + + + + + This element indicates the types and strengths of + facilities + of a UA used to protect a shared secret key from + unauthorized access and/or use. + + + + + + + + This element indicates the types and strengths of + facilities + of a UA used to protect a private key from + unauthorized access and/or use. + + + + + + + The actions that must be performed + before the private key can be used. + + + + + + Whether or not the private key is shared + with the certificate authority. + + + + + + + In which medium is the key stored. + memory - the key is stored in memory. + smartcard - the key is stored in a smartcard. + token - the key is stored in a hardware token. + MobileDevice - the key is stored in a mobile device. + MobileAuthCard - the key is stored in a mobile + authentication card. + + + + + + + + + + + This element indicates that a password (or passphrase) + has been used to + authenticate the Principal to a remote system. + + + + + + + + This element indicates that a Pin (Personal + Identification Number) has been used to authenticate the Principal to + some local system in order to activate a key. + + + + + + + + This element indicates that a hardware or software + token is used + as a method of identifying the Principal. + + + + + + + + This element indicates that a time synchronization + token is used to identify the Principal. hardware - + the time synchonization + token has been implemented in hardware. software - the + time synchronization + token has been implemented in software. SeedLength - + the length, in bits, of the + random seed used in the time synchronization token. + + + + + + + + This element indicates that a smartcard is used to + identity the Principal. + + + + + + + + This element indicates the minimum and/or maximum + ASCII length of the password which is enforced (by the UA or the + IdP). In other words, this is the minimum and/or maximum number of + ASCII characters required to represent a valid password. + min - the minimum number of ASCII characters required + in a valid password, as enforced by the UA or the IdP. + max - the maximum number of ASCII characters required + in a valid password, as enforced by the UA or the IdP. + + + + + + + + This element indicates the length of time for which an + PIN-based authentication is valid. + + + + + + + + Indicates whether the password was chosen by the + Principal or auto-supplied by the Authentication Authority. + principalchosen - the Principal is allowed to choose + the value of the password. This is true even if + the initial password is chosen at random by the UA or + the IdP and the Principal is then free to change + the password. + automatic - the password is chosen by the UA or the + IdP to be cryptographically strong in some sense, + or to satisfy certain password rules, and that the + Principal is not free to change it or to choose a new password. + + + + + + + + + + + + + + + + + + + Refers to those characteristics that define the + mechanisms by which the Principal authenticates to the Authentication + Authority. + + + + + + + + The method that a Principal employs to perform + authentication to local system components. + + + + + + + + The method applied to validate a principal's + authentication across a network + + + + + + + + Supports Authenticators with nested combinations of + additional complexity. + + + + + + + + Indicates that the Principal has been strongly + authenticated in a previous session during which the IdP has set a + cookie in the UA. During the present session the Principal has only + been authenticated by the UA returning the cookie to the IdP. + + + + + + + + Rather like PreviousSession but using stronger + security. A secret that was established in a previous session with + the Authentication Authority has been cached by the local system and + is now re-used (e.g. a Master Secret is used to derive new session + keys in TLS, SSL, WTLS). + + + + + + + + This element indicates that the Principal has been + authenticated by a zero knowledge technique as specified in ISO/IEC + 9798-5. + + + + + + + + + + This element indicates that the Principal has been + authenticated by a challenge-response protocol utilizing shared secret + keys and symmetric cryptography. + + + + + + + + + + + + This element indicates that the Principal has been + authenticated by a mechanism which involves the Principal computing a + digital signature over at least challenge data provided by the IdP. + + + + + + + + The local system has a private key but it is used + in decryption mode, rather than signature mode. For example, the + Authentication Authority generates a secret and encrypts it using the + local system's public key: the local system then proves it has + decrypted the secret. + + + + + + + + The local system has a private key and uses it for + shared secret key agreement with the Authentication Authority (e.g. + via Diffie Helman). + + + + + + + + + + + + + + + This element indicates that the Principal has been + authenticated through connection from a particular IP address. + + + + + + + + The local system and Authentication Authority + share a secret key. The local system uses this to encrypt a + randomised string to pass to the Authentication Authority. + + + + + + + + The protocol across which Authenticator information is + transferred to an Authentication Authority verifier. + + + + + + + + This element indicates that the Authenticator has been + transmitted using bare HTTP utilizing no additional security + protocols. + + + + + + + + This element indicates that the Authenticator has been + transmitted using a transport mechanism protected by an IPSEC session. + + + + + + + + This element indicates that the Authenticator has been + transmitted using a transport mechanism protected by a WTLS session. + + + + + + + + This element indicates that the Authenticator has been + transmitted solely across a mobile network using no additional + security mechanism. + + + + + + + + + + + This element indicates that the Authenticator has been + transmitted using a transport mechnanism protected by an SSL or TLS + session. + + + + + + + + + + + + Refers to those characteristics that describe + procedural security controls employed by the Authentication Authority. + + + + + + + + + + + + Provides a mechanism for linking to external (likely + human readable) documents in which additional business agreements, + (e.g. liability constraints, obligations, etc) can be placed. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + This attribute indicates whether or not the + Identification mechanisms allow the actions of the Principal to be + linked to an actual end user. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + This element indicates that the Key Activation Limit is + defined as a specific duration of time. + + + + + + + + This element indicates that the Key Activation Limit is + defined as a number of usages. + + + + + + + + This element indicates that the Key Activation Limit is + the session. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docker/nextcloud/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/schemas/saml-schema-metadata-2.0.xsd b/docker/nextcloud/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/schemas/saml-schema-metadata-2.0.xsd new file mode 100755 index 0000000..86e58f9 --- /dev/null +++ b/docker/nextcloud/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/schemas/saml-schema-metadata-2.0.xsd @@ -0,0 +1,336 @@ + + + + + + + + + Document identifier: saml-schema-metadata-2.0 + Location: http://docs.oasis-open.org/security/saml/v2.0/ + Revision history: + V2.0 (March, 2005): + Schema for SAML metadata, first published in SAML 2.0. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docker/nextcloud/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/schemas/saml-schema-protocol-2.0.xsd b/docker/nextcloud/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/schemas/saml-schema-protocol-2.0.xsd new file mode 100755 index 0000000..7fa6f48 --- /dev/null +++ b/docker/nextcloud/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/schemas/saml-schema-protocol-2.0.xsd @@ -0,0 +1,302 @@ + + + + + + + Document identifier: saml-schema-protocol-2.0 + Location: http://docs.oasis-open.org/security/saml/v2.0/ + Revision history: + V1.0 (November, 2002): + Initial Standard Schema. + V1.1 (September, 2003): + Updates within the same V1.0 namespace. + V2.0 (March, 2005): + New protocol schema based in a SAML V2.0 namespace. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docker/nextcloud/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/schemas/sstc-metadata-attr.xsd b/docker/nextcloud/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/schemas/sstc-metadata-attr.xsd new file mode 100755 index 0000000..f23e462 --- /dev/null +++ b/docker/nextcloud/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/schemas/sstc-metadata-attr.xsd @@ -0,0 +1,35 @@ + + + + + + Document title: SAML V2.0 Metadata Extention for Entity Attributes Schema + Document identifier: sstc-metadata-attr.xsd + Location: http://www.oasis-open.org/committees/documents.php?wg_abbrev=security + Revision history: + V1.0 (November 2008): + Initial version. + + + + + + + + + + + + + + + diff --git a/docker/nextcloud/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/schemas/sstc-saml-attribute-ext.xsd b/docker/nextcloud/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/schemas/sstc-saml-attribute-ext.xsd new file mode 100755 index 0000000..ad309c1 --- /dev/null +++ b/docker/nextcloud/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/schemas/sstc-saml-attribute-ext.xsd @@ -0,0 +1,25 @@ + + + + + + Document title: SAML V2.0 Attribute Extension Schema + Document identifier: sstc-saml-attribute-ext.xsd + Location: http://www.oasis-open.org/committees/documents.php?wg_abbrev=security + Revision history: + V1.0 (October 2008): + Initial version. + + + + + + + + diff --git a/docker/nextcloud/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/schemas/sstc-saml-metadata-algsupport-v1.0.xsd b/docker/nextcloud/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/schemas/sstc-saml-metadata-algsupport-v1.0.xsd new file mode 100755 index 0000000..3236ffc --- /dev/null +++ b/docker/nextcloud/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/schemas/sstc-saml-metadata-algsupport-v1.0.xsd @@ -0,0 +1,41 @@ + + + + + + Document title: Metadata Extension Schema for SAML V2.0 Metadata Profile for Algorithm Support Version 1.0 + Document identifier: sstc-saml-metadata-algsupport.xsd + Location: http://docs.oasis-open.org/security/saml/Post2.0/ + Revision history: + V1.0 (June 2010): + Initial version. + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docker/nextcloud/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/schemas/sstc-saml-metadata-ui-v1.0.xsd b/docker/nextcloud/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/schemas/sstc-saml-metadata-ui-v1.0.xsd new file mode 100755 index 0000000..de0b754 --- /dev/null +++ b/docker/nextcloud/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/schemas/sstc-saml-metadata-ui-v1.0.xsd @@ -0,0 +1,89 @@ + + + + + + Document title: Metadata Extension Schema for SAML V2.0 Metadata Extensions for Login and Discovery User Interface Version 1.0 + Document identifier: sstc-saml-metadata-ui-v1.0.xsd + Location: http://docs.oasis-open.org/security/saml/Post2.0/ + Revision history: + 16 November 2010: + Added Keywords element/type. + 01 November 2010 + Changed filename. + September 2010: + Initial version. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docker/nextcloud/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/schemas/xenc-schema.xsd b/docker/nextcloud/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/schemas/xenc-schema.xsd new file mode 100755 index 0000000..d6d7910 --- /dev/null +++ b/docker/nextcloud/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/schemas/xenc-schema.xsd @@ -0,0 +1,136 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docker/nextcloud/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/schemas/xml.xsd b/docker/nextcloud/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/schemas/xml.xsd new file mode 100755 index 0000000..aea7d0d --- /dev/null +++ b/docker/nextcloud/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/schemas/xml.xsd @@ -0,0 +1,287 @@ + + + + + + +
    +

    About the XML namespace

    + +
    +

    + This schema document describes the XML namespace, in a form + suitable for import by other schema documents. +

    +

    + See + http://www.w3.org/XML/1998/namespace.html and + + http://www.w3.org/TR/REC-xml for information + about this namespace. +

    +

    + Note that local names in this namespace are intended to be + defined only by the World Wide Web Consortium or its subgroups. + The names currently defined in this namespace are listed below. + They should not be used with conflicting semantics by any Working + Group, specification, or document instance. +

    +

    + See further below in this document for more information about how to refer to this schema document from your own + XSD schema documents and about the + namespace-versioning policy governing this schema document. +

    +
    +
    +     +     + + + + +
    + +

    lang (as an attribute name)

    +

    + denotes an attribute whose value + is a language code for the natural language of the content of + any element; its value is inherited. This name is reserved + by virtue of its definition in the XML specification.

    + +
    +
    +

    Notes

    +

    + Attempting to install the relevant ISO 2- and 3-letter + codes as the enumerated possible values is probably never + going to be a realistic possibility. +

    +

    + See BCP 47 at + http://www.rfc-editor.org/rfc/bcp/bcp47.txt + and the IANA language subtag registry at + + http://www.iana.org/assignments/language-subtag-registry + for further information. +

    +

    + The union allows for the 'un-declaration' of xml:lang with + the empty string. +

    +
    +     +     + + + + + + + + + +     + + + + +
    + +

    space (as an attribute name)

    +

    + denotes an attribute whose + value is a keyword indicating what whitespace processing + discipline is intended for the content of the element; its + value is inherited. This name is reserved by virtue of its + definition in the XML specification.

    + +
    +     +     + + + + + + +     + + + +
    + +

    base (as an attribute name)

    +

    + denotes an attribute whose value + provides a URI to be used as the base for interpreting any + relative URIs in the scope of the element on which it + appears; its value is inherited. This name is reserved + by virtue of its definition in the XML Base specification.

    + +

    + See http://www.w3.org/TR/xmlbase/ + for information about this attribute. +

    +
    +     +     +     + + + + +
    + +

    id (as an attribute name)

    +

    + denotes an attribute whose value + should be interpreted as if declared to be of type ID. + This name is reserved by virtue of its definition in the + xml:id specification.

    + +

    + See http://www.w3.org/TR/xml-id/ + for information about this attribute. +

    +
    +     +     +     + + + + + + + + + + +
    + +

    Father (in any context at all)

    + +
    +

    + denotes Jon Bosak, the chair of + the original XML Working Group. This name is reserved by + the following decision of the W3C XML Plenary and + XML Coordination groups: +

    +
    +

    + In appreciation for his vision, leadership and + dedication the W3C XML Plenary on this 10th day of + February, 2000, reserves for Jon Bosak in perpetuity + the XML name "xml:Father". +

    +
    +
    +
    +     +     + + + +
    +

    About this schema document

    + +
    +

    + This schema defines attributes and an attribute group suitable + for use by schemas wishing to allow xml:base, + xml:lang, xml:space or + xml:id attributes on elements they define. +

    +

    + To enable this, such a schema must import this schema for + the XML namespace, e.g. as follows: +

    + 
    +          <schema . . .>
+           . . .
+           <import namespace="http://www.w3.org/XML/1998/namespace"
+                      schemaLocation="http://www.w3.org/2001/xml.xsd"/>
+
    +

    + or +

    + 
    +           <import namespace="http://www.w3.org/XML/1998/namespace"
+                      schemaLocation="http://www.w3.org/2009/01/xml.xsd"/>
+
    +

    + Subsequently, qualified reference to any of the attributes or the + group defined below will have the desired effect, e.g. +

    + 
    +          <type . . .>
+           . . .
+           <attributeGroup ref="xml:specialAttrs"/>
+
    +

    + will define a type which will schema-validate an instance element + with any of those attributes. +

    +
    +
    +     +     + + + +
    +

    Versioning policy for this schema document

    +
    +

    + In keeping with the XML Schema WG's standard versioning + policy, this schema document will persist at + + http://www.w3.org/2009/01/xml.xsd. +

    +

    + At the date of issue it can also be found at + + http://www.w3.org/2001/xml.xsd. +

    +

    + The schema document at that URI may however change in the future, + in order to remain compatible with the latest version of XML + Schema itself, or with the XML namespace itself. In other words, + if the XML Schema or XML namespaces change, the version of this + document at + http://www.w3.org/2001/xml.xsd + + will change accordingly; the version at + + http://www.w3.org/2009/01/xml.xsd + + will not change. +

    +

    + Previous dated (and unchanging) versions of this schema + document are at: +

    + +
    +
    +     +     + +     + diff --git a/docker/nextcloud/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/schemas/xmldsig-core-schema.xsd b/docker/nextcloud/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/schemas/xmldsig-core-schema.xsd new file mode 100755 index 0000000..6f5acc7 --- /dev/null +++ b/docker/nextcloud/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/schemas/xmldsig-core-schema.xsd @@ -0,0 +1,309 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docker/nextcloud/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/version.json b/docker/nextcloud/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/version.json new file mode 100755 index 0000000..0fdfc33 --- /dev/null +++ b/docker/nextcloud/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/version.json @@ -0,0 +1,7 @@ +{ + "php-saml": { + "version": "3.4.1", + "released": "25/11/2019" + } +} + diff --git a/docker/nextcloud/user_saml/3rdparty/vendor/robrichards/xmlseclibs/CHANGELOG.txt b/docker/nextcloud/user_saml/3rdparty/vendor/robrichards/xmlseclibs/CHANGELOG.txt new file mode 100755 index 0000000..351b104 --- /dev/null +++ b/docker/nextcloud/user_saml/3rdparty/vendor/robrichards/xmlseclibs/CHANGELOG.txt @@ -0,0 +1,228 @@ +xmlseclibs.php +||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| +05, Sep 2020, 3.1.1 +Features: +- Support OAEP (iggyvolz) + +Bug Fixes: +- Fix AES128 (iggyvolz) + +Improvements: +- Fix tests for older PHP + +22, Apr 2020, 3.1.0 +Features: +- Support AES-GCM. Requires PHP 7.1. (François Kooman) + +Improvements: +- Fix Travis tests for older PHP versions. +- Use DOMElement interface to fix some IDEs reporting documentation errors + +Bug Fixes: +- FIX missing InclusiveNamespaces PrefixList from Java + Apache WSS4J. (njake) + +06, Nov 2019, 3.0.4 +Security Improvements: +- Insure only a single SignedInfo element exists within a signature during + verification. Refs CVE-2019-3465. +Bug Fixes: +- Fix variable casing. + +15, Nov 2018, 3.0.3 +Bug Fixes: +- Fix casing of class name. (Willem Stuursma-Ruwen) +- Fix Xpath casing. (Tim van Dijen) + +Improvements: +- Make PCRE2 compliant. (Stefan Winter) +- Add PHP 7.3 support. (Stefan Winter) + +27, Sep 2018, 3.0.2 +Security Improvements: +- OpenSSL is now a requirement rather than suggestion. (Slaven Bacelic) +- Filter input to avoid XPath injection. (Jaime Pérez) + +Bug Fixes: +- Fix missing parentheses (Tim van Dijen) + +Improvements: +- Use strict comparison operator to compare digest values. (Jaime Pérez) +- Remove call to file_get_contents that doesn't even work. (Jaime Pérez) +- Document potentially dangerous return value behaviour. (Thijs Kinkhorst) + +31, Aug 2017, 3.0.1 +Bug Fixes: +- Fixed missing () in function call. (Dennis Væversted) + +Improvements: +- Add OneLogin to supported software. +- Add .gitattributes to remove unneeded files. (Filippo Tessarotto) +- Fix bug in example code. (Dan Church) +- Travis: add PHP 7.1, move hhvm to allowed failures. (Thijs Kinkhorst) +- Drop failing extract-win-cert test (Thijs Kinkhorst). (Thijs Kinkhorst) +- Add comments to warn about return values of verify(). (Thijs Kinkhorst) +- Fix tests to properly check return code of verify(). (Thijs Kinkhorst) +- Restore support for PHP >= 5.4. (Jaime Pérez) + +25, May 2017, 3.0.0 +Improvements: +- Remove use of mcrypt (skymeyer) + +08, Sep 2016, 2.0.1 +Bug Fixes: +- Strip whitespace characters when parsing X509Certificate. fixes #84 + (klemen.bratec) +- Certificate 'subject' values can be arrays. fixes #80 (Andreas Stangl) +- HHVM signing node with ID attribute w/out namespace regenerates ID value. + fixes #88 (Milos Tomic) + +Improvements: +- Fix typos and add some PHPDoc Blocks. (gfaust-qb) +- Update lightSAML link. (Milos Tomic) +- Update copyright dates. + +31, Jul 2015, 2.0.0 +Features: +- Namespace support. Classes now in the RobRichards\XMLSecLibs\ namespace. + +Improvements: +- Dropped support for PHP 5.2 + +31, Jul 2015, 1.4.1 +Bug Fixes: +- Allow for large digest values that may have line breaks. fixes #62 + +Features: +- Support for locating specific signature when multiple exist in + document. (griga3k) + +Improvements: +- Add optional argument to XMLSecurityDSig to define the prefix to be used, + also allowing for null to use no prefix, for the dsig namespace. fixes #13 +- Code cleanup +- Depreciated XMLSecurityDSig::generate_GUID for XMLSecurityDSig::generateGUID + +23, Jun 2015, 1.4.0 +Features: +- Support for PSR-0 standard. +- Support for X509SubjectName. (Milos Tomic) +- Add HMAC-SHA1 support. + +Improvements: +- Add how to install to README. (Bernardo Vieira da Silva) +- Code cleanup. (Jaime Pérez) +- Normalilze tests. (Hidde Wieringa) +- Add basic usage to README. (Hidde Wieringa) + +21, May 2015, 1.3.2 +Bug Fixes: +- Fix Undefined variable notice. (dpieper85) +- Fix typo when setting MimeType attribute. (Eugene OZ) +- Fix validateReference() with enveloping signatures + +Features: +- canonicalizeData performance optimization. (Jaime Pérez) +- Add composer support (Maks3w) + +19, Jun 2013, 1.3.1 +Features: +- return encrypted node from XMLSecEnc::encryptNode() when replace is set to + false. (Olav) +- Add support for RSA SHA384 and RSA_SHA512 and SHA384 digest. (Jaime PŽrez) +- Add options parameter to the add cert methods. +- Add optional issuerSerial creation with cert + +Bug Fixes: +- Fix persisted Id when namespaced. (Koen Thomeer) + +Improvements: +- Add LICENSE file +- Convert CHANGELOG.txt to UTF-8 + +26, Sep 2011, 1.3.0 +Features: +- Add param to append sig to node when signing. Fixes a problem when using + inclusive canonicalization to append a signature within a namespaced subtree. + ex. $objDSig->sign($objKey, $appendToNode); +- Add ability to encrypt by reference +- Add support for refences within an encrypted key +- Add thumbprint generation capability (XMLSecurityKey->getX509Thumbprint() and + XMLSecurityKey::getRawThumbprint($cert)) +- Return signature element node from XMLSecurityDSig::insertSignature() and + XMLSecurityDSig::appendSignature() methods +- Support for with simple URI Id reference. +- Add XMLSecurityKey::getSymmetricKeySize() method (Olav) +- Add XMLSecEnc::getCipherValue() method (Olav) +- Improve XMLSecurityKey:generateSessionKey() logic (Olav) + +Bug Fixes: +- Change split() to explode() as split is now depreciated +- ds:References using empty or simple URI Id reference should never include + comments in canonicalized data. +- Make sure that the elements in EncryptedData are emitted in the correct + sequence. + +11 Jan 2010, 1.2.2 +Features: +- Add support XPath support when creating signature. Provides support for + working with EBXML documents. +- Add reference option to force creation of URI attribute. For use + when adding a DOM Document where by default no URI attribute is added. +- Add support for RSA-SHA256 + +Bug Fixes: +- fix bug #5: createDOMDocumentFragment() in decryptNode when data is node + content (patch by Francois Wang) + + +08 Jul 2008, 1.2.1 +Features: +- Attempt to use mhash when hash extension is not present. (Alfredo Cubitos). +- Add fallback to built-in sha1 if both hash and mhash are not available and + throw error for other for other missing hashes. (patch by Olav Morken). +- Add getX509Certificate method to retrieve the x509 cert used for Key. + (patch by Olav Morken). +- Add getValidatedNodes method to retrieve the elements signed by the + signature. (patch by Olav Morken). +- Add insertSignature method for precision signature insertion. Merge + functionality from appendSignature in the process. (Olav Morken, Rob). +- Finally add some tests + +Bug Fixes: +- Fix canonicalization for Document node when using PHP < 5.2. +- Add padding for RSA_SHA1. (patch by Olav Morken). + + +27 Nov 2007, 1.2.0 +Features: +- New addReference/List option (overwrite). Boolean flag indicating if URI + value should be overwritten if already existing within document. + Default is TRUE to maintain BC. + +18 Nov 2007, 1.1.2 +Bug Fixes: +- Remove closing PHP tag to fix extra whitespace characters from being output + +11 Nov 2007, 1.1.1 +Features: +- Add getRefNodeID() and getRefIDs() methods missed in previous release. + Provide functionality to find URIs of existing reference nodes. + Required by simpleSAMLphp project + +Bug Fixes: +- Remove erroneous whitespace causing issues under certain circumastances. + +18 Oct 2007, 1.1.0 +Features: +- Enable creation of enveloping signature. This allows the creation of + managed information cards. +- Add addObject method for enveloping signatures. +- Add staticGet509XCerts method. Chained certificates within a PEM file can + now be added within the X509Data node. +- Add xpath support within transformations +- Add InclusiveNamespaces prefix list support within exclusive transformations. + +Bug Fixes: +- Initialize random number generator for mcrypt_create_iv. (Joan Cornadó). +- Fix an interoperability issue with .NET when encrypting data in CBC mode. + (Joan Cornadó). diff --git a/docker/nextcloud/user_saml/3rdparty/vendor/robrichards/xmlseclibs/LICENSE b/docker/nextcloud/user_saml/3rdparty/vendor/robrichards/xmlseclibs/LICENSE new file mode 100755 index 0000000..4fe5e5f --- /dev/null +++ b/docker/nextcloud/user_saml/3rdparty/vendor/robrichards/xmlseclibs/LICENSE @@ -0,0 +1,31 @@ +Copyright (c) 2007-2019, Robert Richards . +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions +are met: + + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in + the documentation and/or other materials provided with the + distribution. + + * Neither the name of Robert Richards nor the names of his + contributors may be used to endorse or promote products derived + from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS +FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE +COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, +INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, +BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN +ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +POSSIBILITY OF SUCH DAMAGE. \ No newline at end of file diff --git a/docker/nextcloud/user_saml/3rdparty/vendor/robrichards/xmlseclibs/README.md b/docker/nextcloud/user_saml/3rdparty/vendor/robrichards/xmlseclibs/README.md new file mode 100755 index 0000000..a576080 --- /dev/null +++ b/docker/nextcloud/user_saml/3rdparty/vendor/robrichards/xmlseclibs/README.md @@ -0,0 +1,85 @@ +#xmlseclibs + +xmlseclibs is a library written in PHP for working with XML Encryption and Signatures. + +The author of xmlseclibs is Rob Richards. + +# Branches +Master is currently the only actively maintained branch. +* master/3.1: Added AES-GCM support requiring 7.1+ +* 3.0: Removes mcrypt usage requiring 5.4+ (5.6.24+ recommended for security reasons) +* 2.0: Contains namespace support requiring 5.3+ +* 1.4: Contains auto-loader support while also maintaining backwards compatiblity with the older 1.3 version using the xmlseclibs.php file. Supports PHP 5.2+ + +# Requirements + +xmlseclibs requires PHP version 5.4 or greater. **5.6.24+ recommended for security reasons** + + +## How to Install + +Install with [`composer.phar`](http://getcomposer.org). + +```sh +php composer.phar require "robrichards/xmlseclibs" +``` + + +## Use cases + +xmlseclibs is being used in many different software. + +* [SimpleSAMLPHP](https://github.com/simplesamlphp/simplesamlphp) +* [LightSAML](https://github.com/lightsaml/lightsaml) +* [OneLogin](https://github.com/onelogin/php-saml) + +## Basic usage + +The example below shows basic usage of xmlseclibs, with a SHA-256 signature. + +```php +use RobRichards\XMLSecLibs\XMLSecurityDSig; +use RobRichards\XMLSecLibs\XMLSecurityKey; + +// Load the XML to be signed +$doc = new DOMDocument(); +$doc->load('./path/to/file/tobesigned.xml'); + +// Create a new Security object +$objDSig = new XMLSecurityDSig(); +// Use the c14n exclusive canonicalization +$objDSig->setCanonicalMethod(XMLSecurityDSig::EXC_C14N); +// Sign using SHA-256 +$objDSig->addReference( + $doc, + XMLSecurityDSig::SHA256, + array('http://www.w3.org/2000/09/xmldsig#enveloped-signature') +); + +// Create a new (private) Security key +$objKey = new XMLSecurityKey(XMLSecurityKey::RSA_SHA256, array('type'=>'private')); +/* +If key has a passphrase, set it using +$objKey->passphrase = ''; +*/ +// Load the private key +$objKey->loadKey('./path/to/privatekey.pem', TRUE); + +// Sign the XML file +$objDSig->sign($objKey); + +// Add the associated public key to the signature +$objDSig->add509Cert(file_get_contents('./path/to/file/mycert.pem')); + +// Append the signature to the XML +$objDSig->appendSignature($doc->documentElement); +// Save the signed XML +$doc->save('./path/to/signed.xml'); +``` + +## How to Contribute + +* [Open Issues](https://github.com/robrichards/xmlseclibs/issues) +* [Open Pull Requests](https://github.com/robrichards/xmlseclibs/pulls) + +Mailing List: https://groups.google.com/forum/#!forum/xmlseclibs diff --git a/docker/nextcloud/user_saml/3rdparty/vendor/robrichards/xmlseclibs/composer.json b/docker/nextcloud/user_saml/3rdparty/vendor/robrichards/xmlseclibs/composer.json new file mode 100755 index 0000000..22ce7a3 --- /dev/null +++ b/docker/nextcloud/user_saml/3rdparty/vendor/robrichards/xmlseclibs/composer.json @@ -0,0 +1,21 @@ +{ + "name": "robrichards/xmlseclibs", + "description": "A PHP library for XML Security", + "license": "BSD-3-Clause", + "keywords": [ + "xml", + "xmldsig", + "signature", + "security" + ], + "homepage": "https://github.com/robrichards/xmlseclibs", + "autoload": { + "psr-4": { + "RobRichards\\XMLSecLibs\\": "src" + } + }, + "require": { + "php": ">= 5.4", + "ext-openssl": "*" + } +} diff --git a/docker/nextcloud/user_saml/3rdparty/vendor/robrichards/xmlseclibs/src/Utils/XPath.php b/docker/nextcloud/user_saml/3rdparty/vendor/robrichards/xmlseclibs/src/Utils/XPath.php new file mode 100755 index 0000000..8cdc48e --- /dev/null +++ b/docker/nextcloud/user_saml/3rdparty/vendor/robrichards/xmlseclibs/src/Utils/XPath.php @@ -0,0 +1,44 @@ +. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * * Neither the name of Robert Richards nor the names of his + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER + * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN + * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + * + * @author Robert Richards + * @copyright 2007-2020 Robert Richards + * @license http://www.opensource.org/licenses/bsd-license.php BSD License + */ + +class XMLSecEnc +{ + const template = " + + + +"; + + const Element = 'http://www.w3.org/2001/04/xmlenc#Element'; + const Content = 'http://www.w3.org/2001/04/xmlenc#Content'; + const URI = 3; + const XMLENCNS = 'http://www.w3.org/2001/04/xmlenc#'; + + /** @var null|DOMDocument */ + private $encdoc = null; + + /** @var null|DOMNode */ + private $rawNode = null; + + /** @var null|string */ + public $type = null; + + /** @var null|DOMElement */ + public $encKey = null; + + /** @var array */ + private $references = array(); + + public function __construct() + { + $this->_resetTemplate(); + } + + private function _resetTemplate() + { + $this->encdoc = new DOMDocument(); + $this->encdoc->loadXML(self::template); + } + + /** + * @param string $name + * @param DOMNode $node + * @param string $type + * @throws Exception + */ + public function addReference($name, $node, $type) + { + if (! $node instanceOf DOMNode) { + throw new Exception('$node is not of type DOMNode'); + } + $curencdoc = $this->encdoc; + $this->_resetTemplate(); + $encdoc = $this->encdoc; + $this->encdoc = $curencdoc; + $refuri = XMLSecurityDSig::generateGUID(); + $element = $encdoc->documentElement; + $element->setAttribute("Id", $refuri); + $this->references[$name] = array("node" => $node, "type" => $type, "encnode" => $encdoc, "refuri" => $refuri); + } + + /** + * @param DOMNode $node + */ + public function setNode($node) + { + $this->rawNode = $node; + } + + /** + * Encrypt the selected node with the given key. + * + * @param XMLSecurityKey $objKey The encryption key and algorithm. + * @param bool $replace Whether the encrypted node should be replaced in the original tree. Default is true. + * @throws Exception + * + * @return DOMElement The -element. + */ + public function encryptNode($objKey, $replace = true) + { + $data = ''; + if (empty($this->rawNode)) { + throw new Exception('Node to encrypt has not been set'); + } + if (! $objKey instanceof XMLSecurityKey) { + throw new Exception('Invalid Key'); + } + $doc = $this->rawNode->ownerDocument; + $xPath = new DOMXPath($this->encdoc); + $objList = $xPath->query('/xenc:EncryptedData/xenc:CipherData/xenc:CipherValue'); + $cipherValue = $objList->item(0); + if ($cipherValue == null) { + throw new Exception('Error locating CipherValue element within template'); + } + switch ($this->type) { + case (self::Element): + $data = $doc->saveXML($this->rawNode); + $this->encdoc->documentElement->setAttribute('Type', self::Element); + break; + case (self::Content): + $children = $this->rawNode->childNodes; + foreach ($children AS $child) { + $data .= $doc->saveXML($child); + } + $this->encdoc->documentElement->setAttribute('Type', self::Content); + break; + default: + throw new Exception('Type is currently not supported'); + } + + $encMethod = $this->encdoc->documentElement->appendChild($this->encdoc->createElementNS(self::XMLENCNS, 'xenc:EncryptionMethod')); + $encMethod->setAttribute('Algorithm', $objKey->getAlgorithm()); + $cipherValue->parentNode->parentNode->insertBefore($encMethod, $cipherValue->parentNode->parentNode->firstChild); + + $strEncrypt = base64_encode($objKey->encryptData($data)); + $value = $this->encdoc->createTextNode($strEncrypt); + $cipherValue->appendChild($value); + + if ($replace) { + switch ($this->type) { + case (self::Element): + if ($this->rawNode->nodeType == XML_DOCUMENT_NODE) { + return $this->encdoc; + } + $importEnc = $this->rawNode->ownerDocument->importNode($this->encdoc->documentElement, true); + $this->rawNode->parentNode->replaceChild($importEnc, $this->rawNode); + return $importEnc; + case (self::Content): + $importEnc = $this->rawNode->ownerDocument->importNode($this->encdoc->documentElement, true); + while ($this->rawNode->firstChild) { + $this->rawNode->removeChild($this->rawNode->firstChild); + } + $this->rawNode->appendChild($importEnc); + return $importEnc; + } + } else { + return $this->encdoc->documentElement; + } + } + + /** + * @param XMLSecurityKey $objKey + * @throws Exception + */ + public function encryptReferences($objKey) + { + $curRawNode = $this->rawNode; + $curType = $this->type; + foreach ($this->references AS $name => $reference) { + $this->encdoc = $reference["encnode"]; + $this->rawNode = $reference["node"]; + $this->type = $reference["type"]; + try { + $encNode = $this->encryptNode($objKey); + $this->references[$name]["encnode"] = $encNode; + } catch (Exception $e) { + $this->rawNode = $curRawNode; + $this->type = $curType; + throw $e; + } + } + $this->rawNode = $curRawNode; + $this->type = $curType; + } + + /** + * Retrieve the CipherValue text from this encrypted node. + * + * @throws Exception + * @return string|null The Ciphervalue text, or null if no CipherValue is found. + */ + public function getCipherValue() + { + if (empty($this->rawNode)) { + throw new Exception('Node to decrypt has not been set'); + } + + $doc = $this->rawNode->ownerDocument; + $xPath = new DOMXPath($doc); + $xPath->registerNamespace('xmlencr', self::XMLENCNS); + /* Only handles embedded content right now and not a reference */ + $query = "./xmlencr:CipherData/xmlencr:CipherValue"; + $nodeset = $xPath->query($query, $this->rawNode); + $node = $nodeset->item(0); + + if (!$node) { + return null; + } + + return base64_decode($node->nodeValue); + } + + /** + * Decrypt this encrypted node. + * + * The behaviour of this function depends on the value of $replace. + * If $replace is false, we will return the decrypted data as a string. + * If $replace is true, we will insert the decrypted element(s) into the + * document, and return the decrypted element(s). + * + * @param XMLSecurityKey $objKey The decryption key that should be used when decrypting the node. + * @param boolean $replace Whether we should replace the encrypted node in the XML document with the decrypted data. The default is true. + * + * @return string|DOMElement The decrypted data. + */ + public function decryptNode($objKey, $replace=true) + { + if (! $objKey instanceof XMLSecurityKey) { + throw new Exception('Invalid Key'); + } + + $encryptedData = $this->getCipherValue(); + if ($encryptedData) { + $decrypted = $objKey->decryptData($encryptedData); + if ($replace) { + switch ($this->type) { + case (self::Element): + $newdoc = new DOMDocument(); + $newdoc->loadXML($decrypted); + if ($this->rawNode->nodeType == XML_DOCUMENT_NODE) { + return $newdoc; + } + $importEnc = $this->rawNode->ownerDocument->importNode($newdoc->documentElement, true); + $this->rawNode->parentNode->replaceChild($importEnc, $this->rawNode); + return $importEnc; + case (self::Content): + if ($this->rawNode->nodeType == XML_DOCUMENT_NODE) { + $doc = $this->rawNode; + } else { + $doc = $this->rawNode->ownerDocument; + } + $newFrag = $doc->createDocumentFragment(); + $newFrag->appendXML($decrypted); + $parent = $this->rawNode->parentNode; + $parent->replaceChild($newFrag, $this->rawNode); + return $parent; + default: + return $decrypted; + } + } else { + return $decrypted; + } + } else { + throw new Exception("Cannot locate encrypted data"); + } + } + + /** + * Encrypt the XMLSecurityKey + * + * @param XMLSecurityKey $srcKey + * @param XMLSecurityKey $rawKey + * @param bool $append + * @throws Exception + */ + public function encryptKey($srcKey, $rawKey, $append=true) + { + if ((! $srcKey instanceof XMLSecurityKey) || (! $rawKey instanceof XMLSecurityKey)) { + throw new Exception('Invalid Key'); + } + $strEncKey = base64_encode($srcKey->encryptData($rawKey->key)); + $root = $this->encdoc->documentElement; + $encKey = $this->encdoc->createElementNS(self::XMLENCNS, 'xenc:EncryptedKey'); + if ($append) { + $keyInfo = $root->insertBefore($this->encdoc->createElementNS('http://www.w3.org/2000/09/xmldsig#', 'dsig:KeyInfo'), $root->firstChild); + $keyInfo->appendChild($encKey); + } else { + $this->encKey = $encKey; + } + $encMethod = $encKey->appendChild($this->encdoc->createElementNS(self::XMLENCNS, 'xenc:EncryptionMethod')); + $encMethod->setAttribute('Algorithm', $srcKey->getAlgorith()); + if (! empty($srcKey->name)) { + $keyInfo = $encKey->appendChild($this->encdoc->createElementNS('http://www.w3.org/2000/09/xmldsig#', 'dsig:KeyInfo')); + $keyInfo->appendChild($this->encdoc->createElementNS('http://www.w3.org/2000/09/xmldsig#', 'dsig:KeyName', $srcKey->name)); + } + $cipherData = $encKey->appendChild($this->encdoc->createElementNS(self::XMLENCNS, 'xenc:CipherData')); + $cipherData->appendChild($this->encdoc->createElementNS(self::XMLENCNS, 'xenc:CipherValue', $strEncKey)); + if (is_array($this->references) && count($this->references) > 0) { + $refList = $encKey->appendChild($this->encdoc->createElementNS(self::XMLENCNS, 'xenc:ReferenceList')); + foreach ($this->references AS $name => $reference) { + $refuri = $reference["refuri"]; + $dataRef = $refList->appendChild($this->encdoc->createElementNS(self::XMLENCNS, 'xenc:DataReference')); + $dataRef->setAttribute("URI", '#' . $refuri); + } + } + return; + } + + /** + * @param XMLSecurityKey $encKey + * @return DOMElement|string + * @throws Exception + */ + public function decryptKey($encKey) + { + if (! $encKey->isEncrypted) { + throw new Exception("Key is not Encrypted"); + } + if (empty($encKey->key)) { + throw new Exception("Key is missing data to perform the decryption"); + } + return $this->decryptNode($encKey, false); + } + + /** + * @param DOMDocument $element + * @return DOMNode|null + */ + public function locateEncryptedData($element) + { + if ($element instanceof DOMDocument) { + $doc = $element; + } else { + $doc = $element->ownerDocument; + } + if ($doc) { + $xpath = new DOMXPath($doc); + $query = "//*[local-name()='EncryptedData' and namespace-uri()='".self::XMLENCNS."']"; + $nodeset = $xpath->query($query); + return $nodeset->item(0); + } + return null; + } + + /** + * Returns the key from the DOM + * @param null|DOMNode $node + * @return null|XMLSecurityKey + */ + public function locateKey($node=null) + { + if (empty($node)) { + $node = $this->rawNode; + } + if (! $node instanceof DOMNode) { + return null; + } + if ($doc = $node->ownerDocument) { + $xpath = new DOMXPath($doc); + $xpath->registerNamespace('xmlsecenc', self::XMLENCNS); + $query = ".//xmlsecenc:EncryptionMethod"; + $nodeset = $xpath->query($query, $node); + if ($encmeth = $nodeset->item(0)) { + $attrAlgorithm = $encmeth->getAttribute("Algorithm"); + try { + $objKey = new XMLSecurityKey($attrAlgorithm, array('type' => 'private')); + } catch (Exception $e) { + return null; + } + return $objKey; + } + } + return null; + } + + /** + * @param null|XMLSecurityKey $objBaseKey + * @param null|DOMNode $node + * @return null|XMLSecurityKey + * @throws Exception + */ + public static function staticLocateKeyInfo($objBaseKey=null, $node=null) + { + if (empty($node) || (! $node instanceof DOMNode)) { + return null; + } + $doc = $node->ownerDocument; + if (!$doc) { + return null; + } + + $xpath = new DOMXPath($doc); + $xpath->registerNamespace('xmlsecenc', self::XMLENCNS); + $xpath->registerNamespace('xmlsecdsig', XMLSecurityDSig::XMLDSIGNS); + $query = "./xmlsecdsig:KeyInfo"; + $nodeset = $xpath->query($query, $node); + $encmeth = $nodeset->item(0); + if (!$encmeth) { + /* No KeyInfo in EncryptedData / EncryptedKey. */ + return $objBaseKey; + } + + foreach ($encmeth->childNodes AS $child) { + switch ($child->localName) { + case 'KeyName': + if (! empty($objBaseKey)) { + $objBaseKey->name = $child->nodeValue; + } + break; + case 'KeyValue': + foreach ($child->childNodes AS $keyval) { + switch ($keyval->localName) { + case 'DSAKeyValue': + throw new Exception("DSAKeyValue currently not supported"); + case 'RSAKeyValue': + $modulus = null; + $exponent = null; + if ($modulusNode = $keyval->getElementsByTagName('Modulus')->item(0)) { + $modulus = base64_decode($modulusNode->nodeValue); + } + if ($exponentNode = $keyval->getElementsByTagName('Exponent')->item(0)) { + $exponent = base64_decode($exponentNode->nodeValue); + } + if (empty($modulus) || empty($exponent)) { + throw new Exception("Missing Modulus or Exponent"); + } + $publicKey = XMLSecurityKey::convertRSA($modulus, $exponent); + $objBaseKey->loadKey($publicKey); + break; + } + } + break; + case 'RetrievalMethod': + $type = $child->getAttribute('Type'); + if ($type !== 'http://www.w3.org/2001/04/xmlenc#EncryptedKey') { + /* Unsupported key type. */ + break; + } + $uri = $child->getAttribute('URI'); + if ($uri[0] !== '#') { + /* URI not a reference - unsupported. */ + break; + } + $id = substr($uri, 1); + + $query = '//xmlsecenc:EncryptedKey[@Id="'.XPath::filterAttrValue($id, XPath::DOUBLE_QUOTE).'"]'; + $keyElement = $xpath->query($query)->item(0); + if (!$keyElement) { + throw new Exception("Unable to locate EncryptedKey with @Id='$id'."); + } + + return XMLSecurityKey::fromEncryptedKeyElement($keyElement); + case 'EncryptedKey': + return XMLSecurityKey::fromEncryptedKeyElement($child); + case 'X509Data': + if ($x509certNodes = $child->getElementsByTagName('X509Certificate')) { + if ($x509certNodes->length > 0) { + $x509cert = $x509certNodes->item(0)->textContent; + $x509cert = str_replace(array("\r", "\n", " "), "", $x509cert); + $x509cert = "-----BEGIN CERTIFICATE-----\n".chunk_split($x509cert, 64, "\n")."-----END CERTIFICATE-----\n"; + $objBaseKey->loadKey($x509cert, false, true); + } + } + break; + } + } + return $objBaseKey; + } + + /** + * @param null|XMLSecurityKey $objBaseKey + * @param null|DOMNode $node + * @return null|XMLSecurityKey + */ + public function locateKeyInfo($objBaseKey=null, $node=null) + { + if (empty($node)) { + $node = $this->rawNode; + } + return self::staticLocateKeyInfo($objBaseKey, $node); + } +} diff --git a/docker/nextcloud/user_saml/3rdparty/vendor/robrichards/xmlseclibs/src/XMLSecurityDSig.php b/docker/nextcloud/user_saml/3rdparty/vendor/robrichards/xmlseclibs/src/XMLSecurityDSig.php new file mode 100755 index 0000000..9986123 --- /dev/null +++ b/docker/nextcloud/user_saml/3rdparty/vendor/robrichards/xmlseclibs/src/XMLSecurityDSig.php @@ -0,0 +1,1162 @@ +. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * * Neither the name of Robert Richards nor the names of his + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER + * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN + * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + * + * @author Robert Richards + * @copyright 2007-2020 Robert Richards + * @license http://www.opensource.org/licenses/bsd-license.php BSD License + */ + +class XMLSecurityDSig +{ + const XMLDSIGNS = 'http://www.w3.org/2000/09/xmldsig#'; + const SHA1 = 'http://www.w3.org/2000/09/xmldsig#sha1'; + const SHA256 = 'http://www.w3.org/2001/04/xmlenc#sha256'; + const SHA384 = 'http://www.w3.org/2001/04/xmldsig-more#sha384'; + const SHA512 = 'http://www.w3.org/2001/04/xmlenc#sha512'; + const RIPEMD160 = 'http://www.w3.org/2001/04/xmlenc#ripemd160'; + + const C14N = 'http://www.w3.org/TR/2001/REC-xml-c14n-20010315'; + const C14N_COMMENTS = 'http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments'; + const EXC_C14N = 'http://www.w3.org/2001/10/xml-exc-c14n#'; + const EXC_C14N_COMMENTS = 'http://www.w3.org/2001/10/xml-exc-c14n#WithComments'; + + const template = ' + + + +'; + + const BASE_TEMPLATE = ' + + + +'; + + /** @var DOMElement|null */ + public $sigNode = null; + + /** @var array */ + public $idKeys = array(); + + /** @var array */ + public $idNS = array(); + + /** @var string|null */ + private $signedInfo = null; + + /** @var DomXPath|null */ + private $xPathCtx = null; + + /** @var string|null */ + private $canonicalMethod = null; + + /** @var string */ + private $prefix = ''; + + /** @var string */ + private $searchpfx = 'secdsig'; + + /** + * This variable contains an associative array of validated nodes. + * @var array|null + */ + private $validatedNodes = null; + + /** + * @param string $prefix + */ + public function __construct($prefix='ds') + { + $template = self::BASE_TEMPLATE; + if (! empty($prefix)) { + $this->prefix = $prefix.':'; + $search = array("ownerDocument; + } + if ($doc) { + $xpath = new DOMXPath($doc); + $xpath->registerNamespace('secdsig', self::XMLDSIGNS); + $query = ".//secdsig:Signature"; + $nodeset = $xpath->query($query, $objDoc); + $this->sigNode = $nodeset->item($pos); + $query = "./secdsig:SignedInfo"; + $nodeset = $xpath->query($query, $this->sigNode); + if ($nodeset->length > 1) { + throw new Exception("Invalid structure - Too many SignedInfo elements found"); + } + return $this->sigNode; + } + return null; + } + + /** + * @param string $name + * @param null|string $value + * @return DOMElement + */ + public function createNewSignNode($name, $value=null) + { + $doc = $this->sigNode->ownerDocument; + if (! is_null($value)) { + $node = $doc->createElementNS(self::XMLDSIGNS, $this->prefix.$name, $value); + } else { + $node = $doc->createElementNS(self::XMLDSIGNS, $this->prefix.$name); + } + return $node; + } + + /** + * @param string $method + * @throws Exception + */ + public function setCanonicalMethod($method) + { + switch ($method) { + case 'http://www.w3.org/TR/2001/REC-xml-c14n-20010315': + case 'http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments': + case 'http://www.w3.org/2001/10/xml-exc-c14n#': + case 'http://www.w3.org/2001/10/xml-exc-c14n#WithComments': + $this->canonicalMethod = $method; + break; + default: + throw new Exception('Invalid Canonical Method'); + } + if ($xpath = $this->getXPathObj()) { + $query = './'.$this->searchpfx.':SignedInfo'; + $nodeset = $xpath->query($query, $this->sigNode); + if ($sinfo = $nodeset->item(0)) { + $query = './'.$this->searchpfx.'CanonicalizationMethod'; + $nodeset = $xpath->query($query, $sinfo); + if (! ($canonNode = $nodeset->item(0))) { + $canonNode = $this->createNewSignNode('CanonicalizationMethod'); + $sinfo->insertBefore($canonNode, $sinfo->firstChild); + } + $canonNode->setAttribute('Algorithm', $this->canonicalMethod); + } + } + } + + /** + * @param DOMNode $node + * @param string $canonicalmethod + * @param null|array $arXPath + * @param null|array $prefixList + * @return string + */ + private function canonicalizeData($node, $canonicalmethod, $arXPath=null, $prefixList=null) + { + $exclusive = false; + $withComments = false; + switch ($canonicalmethod) { + case 'http://www.w3.org/TR/2001/REC-xml-c14n-20010315': + $exclusive = false; + $withComments = false; + break; + case 'http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments': + $withComments = true; + break; + case 'http://www.w3.org/2001/10/xml-exc-c14n#': + $exclusive = true; + break; + case 'http://www.w3.org/2001/10/xml-exc-c14n#WithComments': + $exclusive = true; + $withComments = true; + break; + } + + if (is_null($arXPath) && ($node instanceof DOMNode) && ($node->ownerDocument !== null) && $node->isSameNode($node->ownerDocument->documentElement)) { + /* Check for any PI or comments as they would have been excluded */ + $element = $node; + while ($refnode = $element->previousSibling) { + if ($refnode->nodeType == XML_PI_NODE || (($refnode->nodeType == XML_COMMENT_NODE) && $withComments)) { + break; + } + $element = $refnode; + } + if ($refnode == null) { + $node = $node->ownerDocument; + } + } + + return $node->C14N($exclusive, $withComments, $arXPath, $prefixList); + } + + /** + * @return null|string + */ + public function canonicalizeSignedInfo() + { + + $doc = $this->sigNode->ownerDocument; + $canonicalmethod = null; + if ($doc) { + $xpath = $this->getXPathObj(); + $query = "./secdsig:SignedInfo"; + $nodeset = $xpath->query($query, $this->sigNode); + if ($nodeset->length > 1) { + throw new Exception("Invalid structure - Too many SignedInfo elements found"); + } + if ($signInfoNode = $nodeset->item(0)) { + $query = "./secdsig:CanonicalizationMethod"; + $nodeset = $xpath->query($query, $signInfoNode); + $prefixList = null; + if ($canonNode = $nodeset->item(0)) { + $canonicalmethod = $canonNode->getAttribute('Algorithm'); + foreach ($canonNode->childNodes as $node) + { + if ($node->localName == 'InclusiveNamespaces') { + if ($pfx = $node->getAttribute('PrefixList')) { + $arpfx = array_filter(explode(' ', $pfx)); + if (count($arpfx) > 0) { + $prefixList = array_merge($prefixList ? $prefixList : array(), $arpfx); + } + } + } + } + } + $this->signedInfo = $this->canonicalizeData($signInfoNode, $canonicalmethod, null, $prefixList); + return $this->signedInfo; + } + } + return null; + } + + /** + * @param string $digestAlgorithm + * @param string $data + * @param bool $encode + * @return string + * @throws Exception + */ + public function calculateDigest($digestAlgorithm, $data, $encode = true) + { + switch ($digestAlgorithm) { + case self::SHA1: + $alg = 'sha1'; + break; + case self::SHA256: + $alg = 'sha256'; + break; + case self::SHA384: + $alg = 'sha384'; + break; + case self::SHA512: + $alg = 'sha512'; + break; + case self::RIPEMD160: + $alg = 'ripemd160'; + break; + default: + throw new Exception("Cannot validate digest: Unsupported Algorithm <$digestAlgorithm>"); + } + + $digest = hash($alg, $data, true); + if ($encode) { + $digest = base64_encode($digest); + } + return $digest; + + } + + /** + * @param $refNode + * @param string $data + * @return bool + */ + public function validateDigest($refNode, $data) + { + $xpath = new DOMXPath($refNode->ownerDocument); + $xpath->registerNamespace('secdsig', self::XMLDSIGNS); + $query = 'string(./secdsig:DigestMethod/@Algorithm)'; + $digestAlgorithm = $xpath->evaluate($query, $refNode); + $digValue = $this->calculateDigest($digestAlgorithm, $data, false); + $query = 'string(./secdsig:DigestValue)'; + $digestValue = $xpath->evaluate($query, $refNode); + return ($digValue === base64_decode($digestValue)); + } + + /** + * @param $refNode + * @param DOMNode $objData + * @param bool $includeCommentNodes + * @return string + */ + public function processTransforms($refNode, $objData, $includeCommentNodes = true) + { + $data = $objData; + $xpath = new DOMXPath($refNode->ownerDocument); + $xpath->registerNamespace('secdsig', self::XMLDSIGNS); + $query = './secdsig:Transforms/secdsig:Transform'; + $nodelist = $xpath->query($query, $refNode); + $canonicalMethod = 'http://www.w3.org/TR/2001/REC-xml-c14n-20010315'; + $arXPath = null; + $prefixList = null; + foreach ($nodelist AS $transform) { + $algorithm = $transform->getAttribute("Algorithm"); + switch ($algorithm) { + case 'http://www.w3.org/2001/10/xml-exc-c14n#': + case 'http://www.w3.org/2001/10/xml-exc-c14n#WithComments': + + if (!$includeCommentNodes) { + /* We remove comment nodes by forcing it to use a canonicalization + * without comments. + */ + $canonicalMethod = 'http://www.w3.org/2001/10/xml-exc-c14n#'; + } else { + $canonicalMethod = $algorithm; + } + + $node = $transform->firstChild; + while ($node) { + if ($node->localName == 'InclusiveNamespaces') { + if ($pfx = $node->getAttribute('PrefixList')) { + $arpfx = array(); + $pfxlist = explode(" ", $pfx); + foreach ($pfxlist AS $pfx) { + $val = trim($pfx); + if (! empty($val)) { + $arpfx[] = $val; + } + } + if (count($arpfx) > 0) { + $prefixList = $arpfx; + } + } + break; + } + $node = $node->nextSibling; + } + break; + case 'http://www.w3.org/TR/2001/REC-xml-c14n-20010315': + case 'http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments': + if (!$includeCommentNodes) { + /* We remove comment nodes by forcing it to use a canonicalization + * without comments. + */ + $canonicalMethod = 'http://www.w3.org/TR/2001/REC-xml-c14n-20010315'; + } else { + $canonicalMethod = $algorithm; + } + + break; + case 'http://www.w3.org/TR/1999/REC-xpath-19991116': + $node = $transform->firstChild; + while ($node) { + if ($node->localName == 'XPath') { + $arXPath = array(); + $arXPath['query'] = '(.//. | .//@* | .//namespace::*)['.$node->nodeValue.']'; + $arXPath['namespaces'] = array(); + $nslist = $xpath->query('./namespace::*', $node); + foreach ($nslist AS $nsnode) { + if ($nsnode->localName != "xml") { + $arXPath['namespaces'][$nsnode->localName] = $nsnode->nodeValue; + } + } + break; + } + $node = $node->nextSibling; + } + break; + } + } + if ($data instanceof DOMNode) { + $data = $this->canonicalizeData($objData, $canonicalMethod, $arXPath, $prefixList); + } + return $data; + } + + /** + * @param DOMNode $refNode + * @return bool + */ + public function processRefNode($refNode) + { + $dataObject = null; + + /* + * Depending on the URI, we may not want to include comments in the result + * See: http://www.w3.org/TR/xmldsig-core/#sec-ReferenceProcessingModel + */ + $includeCommentNodes = true; + + if ($uri = $refNode->getAttribute("URI")) { + $arUrl = parse_url($uri); + if (empty($arUrl['path'])) { + if ($identifier = $arUrl['fragment']) { + + /* This reference identifies a node with the given id by using + * a URI on the form "#identifier". This should not include comments. + */ + $includeCommentNodes = false; + + $xPath = new DOMXPath($refNode->ownerDocument); + if ($this->idNS && is_array($this->idNS)) { + foreach ($this->idNS as $nspf => $ns) { + $xPath->registerNamespace($nspf, $ns); + } + } + $iDlist = '@Id="'.XPath::filterAttrValue($identifier, XPath::DOUBLE_QUOTE).'"'; + if (is_array($this->idKeys)) { + foreach ($this->idKeys as $idKey) { + $iDlist .= " or @".XPath::filterAttrName($idKey).'="'. + XPath::filterAttrValue($identifier, XPath::DOUBLE_QUOTE).'"'; + } + } + $query = '//*['.$iDlist.']'; + $dataObject = $xPath->query($query)->item(0); + } else { + $dataObject = $refNode->ownerDocument; + } + } + } else { + /* This reference identifies the root node with an empty URI. This should + * not include comments. + */ + $includeCommentNodes = false; + + $dataObject = $refNode->ownerDocument; + } + $data = $this->processTransforms($refNode, $dataObject, $includeCommentNodes); + if (!$this->validateDigest($refNode, $data)) { + return false; + } + + if ($dataObject instanceof DOMNode) { + /* Add this node to the list of validated nodes. */ + if (! empty($identifier)) { + $this->validatedNodes[$identifier] = $dataObject; + } else { + $this->validatedNodes[] = $dataObject; + } + } + + return true; + } + + /** + * @param DOMNode $refNode + * @return null + */ + public function getRefNodeID($refNode) + { + if ($uri = $refNode->getAttribute("URI")) { + $arUrl = parse_url($uri); + if (empty($arUrl['path'])) { + if ($identifier = $arUrl['fragment']) { + return $identifier; + } + } + } + return null; + } + + /** + * @return array + * @throws Exception + */ + public function getRefIDs() + { + $refids = array(); + + $xpath = $this->getXPathObj(); + $query = "./secdsig:SignedInfo[1]/secdsig:Reference"; + $nodeset = $xpath->query($query, $this->sigNode); + if ($nodeset->length == 0) { + throw new Exception("Reference nodes not found"); + } + foreach ($nodeset AS $refNode) { + $refids[] = $this->getRefNodeID($refNode); + } + return $refids; + } + + /** + * @return bool + * @throws Exception + */ + public function validateReference() + { + $docElem = $this->sigNode->ownerDocument->documentElement; + if (! $docElem->isSameNode($this->sigNode)) { + if ($this->sigNode->parentNode != null) { + $this->sigNode->parentNode->removeChild($this->sigNode); + } + } + $xpath = $this->getXPathObj(); + $query = "./secdsig:SignedInfo[1]/secdsig:Reference"; + $nodeset = $xpath->query($query, $this->sigNode); + if ($nodeset->length == 0) { + throw new Exception("Reference nodes not found"); + } + + /* Initialize/reset the list of validated nodes. */ + $this->validatedNodes = array(); + + foreach ($nodeset AS $refNode) { + if (! $this->processRefNode($refNode)) { + /* Clear the list of validated nodes. */ + $this->validatedNodes = null; + throw new Exception("Reference validation failed"); + } + } + return true; + } + + /** + * @param DOMNode $sinfoNode + * @param DOMDocument $node + * @param string $algorithm + * @param null|array $arTransforms + * @param null|array $options + */ + private function addRefInternal($sinfoNode, $node, $algorithm, $arTransforms=null, $options=null) + { + $prefix = null; + $prefix_ns = null; + $id_name = 'Id'; + $overwrite_id = true; + $force_uri = false; + + if (is_array($options)) { + $prefix = empty($options['prefix']) ? null : $options['prefix']; + $prefix_ns = empty($options['prefix_ns']) ? null : $options['prefix_ns']; + $id_name = empty($options['id_name']) ? 'Id' : $options['id_name']; + $overwrite_id = !isset($options['overwrite']) ? true : (bool) $options['overwrite']; + $force_uri = !isset($options['force_uri']) ? false : (bool) $options['force_uri']; + } + + $attname = $id_name; + if (! empty($prefix)) { + $attname = $prefix.':'.$attname; + } + + $refNode = $this->createNewSignNode('Reference'); + $sinfoNode->appendChild($refNode); + + if (! $node instanceof DOMDocument) { + $uri = null; + if (! $overwrite_id) { + $uri = $prefix_ns ? $node->getAttributeNS($prefix_ns, $id_name) : $node->getAttribute($id_name); + } + if (empty($uri)) { + $uri = self::generateGUID(); + $node->setAttributeNS($prefix_ns, $attname, $uri); + } + $refNode->setAttribute("URI", '#'.$uri); + } elseif ($force_uri) { + $refNode->setAttribute("URI", ''); + } + + $transNodes = $this->createNewSignNode('Transforms'); + $refNode->appendChild($transNodes); + + if (is_array($arTransforms)) { + foreach ($arTransforms AS $transform) { + $transNode = $this->createNewSignNode('Transform'); + $transNodes->appendChild($transNode); + if (is_array($transform) && + (! empty($transform['http://www.w3.org/TR/1999/REC-xpath-19991116'])) && + (! empty($transform['http://www.w3.org/TR/1999/REC-xpath-19991116']['query']))) { + $transNode->setAttribute('Algorithm', 'http://www.w3.org/TR/1999/REC-xpath-19991116'); + $XPathNode = $this->createNewSignNode('XPath', $transform['http://www.w3.org/TR/1999/REC-xpath-19991116']['query']); + $transNode->appendChild($XPathNode); + if (! empty($transform['http://www.w3.org/TR/1999/REC-xpath-19991116']['namespaces'])) { + foreach ($transform['http://www.w3.org/TR/1999/REC-xpath-19991116']['namespaces'] AS $prefix => $namespace) { + $XPathNode->setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:$prefix", $namespace); + } + } + } else { + $transNode->setAttribute('Algorithm', $transform); + } + } + } elseif (! empty($this->canonicalMethod)) { + $transNode = $this->createNewSignNode('Transform'); + $transNodes->appendChild($transNode); + $transNode->setAttribute('Algorithm', $this->canonicalMethod); + } + + $canonicalData = $this->processTransforms($refNode, $node); + $digValue = $this->calculateDigest($algorithm, $canonicalData); + + $digestMethod = $this->createNewSignNode('DigestMethod'); + $refNode->appendChild($digestMethod); + $digestMethod->setAttribute('Algorithm', $algorithm); + + $digestValue = $this->createNewSignNode('DigestValue', $digValue); + $refNode->appendChild($digestValue); + } + + /** + * @param DOMDocument $node + * @param string $algorithm + * @param null|array $arTransforms + * @param null|array $options + */ + public function addReference($node, $algorithm, $arTransforms=null, $options=null) + { + if ($xpath = $this->getXPathObj()) { + $query = "./secdsig:SignedInfo"; + $nodeset = $xpath->query($query, $this->sigNode); + if ($sInfo = $nodeset->item(0)) { + $this->addRefInternal($sInfo, $node, $algorithm, $arTransforms, $options); + } + } + } + + /** + * @param array $arNodes + * @param string $algorithm + * @param null|array $arTransforms + * @param null|array $options + */ + public function addReferenceList($arNodes, $algorithm, $arTransforms=null, $options=null) + { + if ($xpath = $this->getXPathObj()) { + $query = "./secdsig:SignedInfo"; + $nodeset = $xpath->query($query, $this->sigNode); + if ($sInfo = $nodeset->item(0)) { + foreach ($arNodes AS $node) { + $this->addRefInternal($sInfo, $node, $algorithm, $arTransforms, $options); + } + } + } + } + + /** + * @param DOMElement|string $data + * @param null|string $mimetype + * @param null|string $encoding + * @return DOMElement + */ + public function addObject($data, $mimetype=null, $encoding=null) + { + $objNode = $this->createNewSignNode('Object'); + $this->sigNode->appendChild($objNode); + if (! empty($mimetype)) { + $objNode->setAttribute('MimeType', $mimetype); + } + if (! empty($encoding)) { + $objNode->setAttribute('Encoding', $encoding); + } + + if ($data instanceof DOMElement) { + $newData = $this->sigNode->ownerDocument->importNode($data, true); + } else { + $newData = $this->sigNode->ownerDocument->createTextNode($data); + } + $objNode->appendChild($newData); + + return $objNode; + } + + /** + * @param null|DOMNode $node + * @return null|XMLSecurityKey + */ + public function locateKey($node=null) + { + if (empty($node)) { + $node = $this->sigNode; + } + if (! $node instanceof DOMNode) { + return null; + } + if ($doc = $node->ownerDocument) { + $xpath = new DOMXPath($doc); + $xpath->registerNamespace('secdsig', self::XMLDSIGNS); + $query = "string(./secdsig:SignedInfo/secdsig:SignatureMethod/@Algorithm)"; + $algorithm = $xpath->evaluate($query, $node); + if ($algorithm) { + try { + $objKey = new XMLSecurityKey($algorithm, array('type' => 'public')); + } catch (Exception $e) { + return null; + } + return $objKey; + } + } + return null; + } + + /** + * Returns: + * Bool when verifying HMAC_SHA1; + * Int otherwise, with following meanings: + * 1 on succesful signature verification, + * 0 when signature verification failed, + * -1 if an error occurred during processing. + * + * NOTE: be very careful when checking the int return value, because in + * PHP, -1 will be cast to True when in boolean context. Always check the + * return value in a strictly typed way, e.g. "$obj->verify(...) === 1". + * + * @param XMLSecurityKey $objKey + * @return bool|int + * @throws Exception + */ + public function verify($objKey) + { + $doc = $this->sigNode->ownerDocument; + $xpath = new DOMXPath($doc); + $xpath->registerNamespace('secdsig', self::XMLDSIGNS); + $query = "string(./secdsig:SignatureValue)"; + $sigValue = $xpath->evaluate($query, $this->sigNode); + if (empty($sigValue)) { + throw new Exception("Unable to locate SignatureValue"); + } + return $objKey->verifySignature($this->signedInfo, base64_decode($sigValue)); + } + + /** + * @param XMLSecurityKey $objKey + * @param string $data + * @return mixed|string + */ + public function signData($objKey, $data) + { + return $objKey->signData($data); + } + + /** + * @param XMLSecurityKey $objKey + * @param null|DOMNode $appendToNode + */ + public function sign($objKey, $appendToNode = null) + { + // If we have a parent node append it now so C14N properly works + if ($appendToNode != null) { + $this->resetXPathObj(); + $this->appendSignature($appendToNode); + $this->sigNode = $appendToNode->lastChild; + } + if ($xpath = $this->getXPathObj()) { + $query = "./secdsig:SignedInfo"; + $nodeset = $xpath->query($query, $this->sigNode); + if ($sInfo = $nodeset->item(0)) { + $query = "./secdsig:SignatureMethod"; + $nodeset = $xpath->query($query, $sInfo); + $sMethod = $nodeset->item(0); + $sMethod->setAttribute('Algorithm', $objKey->type); + $data = $this->canonicalizeData($sInfo, $this->canonicalMethod); + $sigValue = base64_encode($this->signData($objKey, $data)); + $sigValueNode = $this->createNewSignNode('SignatureValue', $sigValue); + if ($infoSibling = $sInfo->nextSibling) { + $infoSibling->parentNode->insertBefore($sigValueNode, $infoSibling); + } else { + $this->sigNode->appendChild($sigValueNode); + } + } + } + } + + public function appendCert() + { + + } + + /** + * @param XMLSecurityKey $objKey + * @param null|DOMNode $parent + */ + public function appendKey($objKey, $parent=null) + { + $objKey->serializeKey($parent); + } + + + /** + * This function inserts the signature element. + * + * The signature element will be appended to the element, unless $beforeNode is specified. If $beforeNode + * is specified, the signature element will be inserted as the last element before $beforeNode. + * + * @param DOMNode $node The node the signature element should be inserted into. + * @param DOMNode $beforeNode The node the signature element should be located before. + * + * @return DOMNode The signature element node + */ + public function insertSignature($node, $beforeNode = null) + { + + $document = $node->ownerDocument; + $signatureElement = $document->importNode($this->sigNode, true); + + if ($beforeNode == null) { + return $node->insertBefore($signatureElement); + } else { + return $node->insertBefore($signatureElement, $beforeNode); + } + } + + /** + * @param DOMNode $parentNode + * @param bool $insertBefore + * @return DOMNode + */ + public function appendSignature($parentNode, $insertBefore = false) + { + $beforeNode = $insertBefore ? $parentNode->firstChild : null; + return $this->insertSignature($parentNode, $beforeNode); + } + + /** + * @param string $cert + * @param bool $isPEMFormat + * @return string + */ + public static function get509XCert($cert, $isPEMFormat=true) + { + $certs = self::staticGet509XCerts($cert, $isPEMFormat); + if (! empty($certs)) { + return $certs[0]; + } + return ''; + } + + /** + * @param string $certs + * @param bool $isPEMFormat + * @return array + */ + public static function staticGet509XCerts($certs, $isPEMFormat=true) + { + if ($isPEMFormat) { + $data = ''; + $certlist = array(); + $arCert = explode("\n", $certs); + $inData = false; + foreach ($arCert AS $curData) { + if (! $inData) { + if (strncmp($curData, '-----BEGIN CERTIFICATE', 22) == 0) { + $inData = true; + } + } else { + if (strncmp($curData, '-----END CERTIFICATE', 20) == 0) { + $inData = false; + $certlist[] = $data; + $data = ''; + continue; + } + $data .= trim($curData); + } + } + return $certlist; + } else { + return array($certs); + } + } + + /** + * @param DOMElement $parentRef + * @param string $cert + * @param bool $isPEMFormat + * @param bool $isURL + * @param null|DOMXPath $xpath + * @param null|array $options + * @throws Exception + */ + public static function staticAdd509Cert($parentRef, $cert, $isPEMFormat=true, $isURL=false, $xpath=null, $options=null) + { + if ($isURL) { + $cert = file_get_contents($cert); + } + if (! $parentRef instanceof DOMElement) { + throw new Exception('Invalid parent Node parameter'); + } + $baseDoc = $parentRef->ownerDocument; + + if (empty($xpath)) { + $xpath = new DOMXPath($parentRef->ownerDocument); + $xpath->registerNamespace('secdsig', self::XMLDSIGNS); + } + + $query = "./secdsig:KeyInfo"; + $nodeset = $xpath->query($query, $parentRef); + $keyInfo = $nodeset->item(0); + $dsig_pfx = ''; + if (! $keyInfo) { + $pfx = $parentRef->lookupPrefix(self::XMLDSIGNS); + if (! empty($pfx)) { + $dsig_pfx = $pfx.":"; + } + $inserted = false; + $keyInfo = $baseDoc->createElementNS(self::XMLDSIGNS, $dsig_pfx.'KeyInfo'); + + $query = "./secdsig:Object"; + $nodeset = $xpath->query($query, $parentRef); + if ($sObject = $nodeset->item(0)) { + $sObject->parentNode->insertBefore($keyInfo, $sObject); + $inserted = true; + } + + if (! $inserted) { + $parentRef->appendChild($keyInfo); + } + } else { + $pfx = $keyInfo->lookupPrefix(self::XMLDSIGNS); + if (! empty($pfx)) { + $dsig_pfx = $pfx.":"; + } + } + + // Add all certs if there are more than one + $certs = self::staticGet509XCerts($cert, $isPEMFormat); + + // Attach X509 data node + $x509DataNode = $baseDoc->createElementNS(self::XMLDSIGNS, $dsig_pfx.'X509Data'); + $keyInfo->appendChild($x509DataNode); + + $issuerSerial = false; + $subjectName = false; + if (is_array($options)) { + if (! empty($options['issuerSerial'])) { + $issuerSerial = true; + } + if (! empty($options['subjectName'])) { + $subjectName = true; + } + } + + // Attach all certificate nodes and any additional data + foreach ($certs as $X509Cert) { + if ($issuerSerial || $subjectName) { + if ($certData = openssl_x509_parse("-----BEGIN CERTIFICATE-----\n".chunk_split($X509Cert, 64, "\n")."-----END CERTIFICATE-----\n")) { + if ($subjectName && ! empty($certData['subject'])) { + if (is_array($certData['subject'])) { + $parts = array(); + foreach ($certData['subject'] AS $key => $value) { + if (is_array($value)) { + foreach ($value as $valueElement) { + array_unshift($parts, "$key=$valueElement"); + } + } else { + array_unshift($parts, "$key=$value"); + } + } + $subjectNameValue = implode(',', $parts); + } else { + $subjectNameValue = $certData['issuer']; + } + $x509SubjectNode = $baseDoc->createElementNS(self::XMLDSIGNS, $dsig_pfx.'X509SubjectName', $subjectNameValue); + $x509DataNode->appendChild($x509SubjectNode); + } + if ($issuerSerial && ! empty($certData['issuer']) && ! empty($certData['serialNumber'])) { + if (is_array($certData['issuer'])) { + $parts = array(); + foreach ($certData['issuer'] AS $key => $value) { + array_unshift($parts, "$key=$value"); + } + $issuerName = implode(',', $parts); + } else { + $issuerName = $certData['issuer']; + } + + $x509IssuerNode = $baseDoc->createElementNS(self::XMLDSIGNS, $dsig_pfx.'X509IssuerSerial'); + $x509DataNode->appendChild($x509IssuerNode); + + $x509Node = $baseDoc->createElementNS(self::XMLDSIGNS, $dsig_pfx.'X509IssuerName', $issuerName); + $x509IssuerNode->appendChild($x509Node); + $x509Node = $baseDoc->createElementNS(self::XMLDSIGNS, $dsig_pfx.'X509SerialNumber', $certData['serialNumber']); + $x509IssuerNode->appendChild($x509Node); + } + } + + } + $x509CertNode = $baseDoc->createElementNS(self::XMLDSIGNS, $dsig_pfx.'X509Certificate', $X509Cert); + $x509DataNode->appendChild($x509CertNode); + } + } + + /** + * @param string $cert + * @param bool $isPEMFormat + * @param bool $isURL + * @param null|array $options + */ + public function add509Cert($cert, $isPEMFormat=true, $isURL=false, $options=null) + { + if ($xpath = $this->getXPathObj()) { + self::staticAdd509Cert($this->sigNode, $cert, $isPEMFormat, $isURL, $xpath, $options); + } + } + + /** + * This function appends a node to the KeyInfo. + * + * The KeyInfo element will be created if one does not exist in the document. + * + * @param DOMNode $node The node to append to the KeyInfo. + * + * @return DOMNode The KeyInfo element node + */ + public function appendToKeyInfo($node) + { + $parentRef = $this->sigNode; + $baseDoc = $parentRef->ownerDocument; + + $xpath = $this->getXPathObj(); + if (empty($xpath)) { + $xpath = new DOMXPath($parentRef->ownerDocument); + $xpath->registerNamespace('secdsig', self::XMLDSIGNS); + } + + $query = "./secdsig:KeyInfo"; + $nodeset = $xpath->query($query, $parentRef); + $keyInfo = $nodeset->item(0); + if (! $keyInfo) { + $dsig_pfx = ''; + $pfx = $parentRef->lookupPrefix(self::XMLDSIGNS); + if (! empty($pfx)) { + $dsig_pfx = $pfx.":"; + } + $inserted = false; + $keyInfo = $baseDoc->createElementNS(self::XMLDSIGNS, $dsig_pfx.'KeyInfo'); + + $query = "./secdsig:Object"; + $nodeset = $xpath->query($query, $parentRef); + if ($sObject = $nodeset->item(0)) { + $sObject->parentNode->insertBefore($keyInfo, $sObject); + $inserted = true; + } + + if (! $inserted) { + $parentRef->appendChild($keyInfo); + } + } + + $keyInfo->appendChild($node); + + return $keyInfo; + } + + /** + * This function retrieves an associative array of the validated nodes. + * + * The array will contain the id of the referenced node as the key and the node itself + * as the value. + * + * Returns: + * An associative array of validated nodes or null if no nodes have been validated. + * + * @return array Associative array of validated nodes + */ + public function getValidatedNodes() + { + return $this->validatedNodes; + } +} diff --git a/docker/nextcloud/user_saml/3rdparty/vendor/robrichards/xmlseclibs/src/XMLSecurityKey.php b/docker/nextcloud/user_saml/3rdparty/vendor/robrichards/xmlseclibs/src/XMLSecurityKey.php new file mode 100755 index 0000000..7eed04d --- /dev/null +++ b/docker/nextcloud/user_saml/3rdparty/vendor/robrichards/xmlseclibs/src/XMLSecurityKey.php @@ -0,0 +1,813 @@ +. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * * Neither the name of Robert Richards nor the names of his + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER + * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN + * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + * + * @author Robert Richards + * @copyright 2007-2020 Robert Richards + * @license http://www.opensource.org/licenses/bsd-license.php BSD License + */ + +class XMLSecurityKey +{ + const TRIPLEDES_CBC = 'http://www.w3.org/2001/04/xmlenc#tripledes-cbc'; + const AES128_CBC = 'http://www.w3.org/2001/04/xmlenc#aes128-cbc'; + const AES192_CBC = 'http://www.w3.org/2001/04/xmlenc#aes192-cbc'; + const AES256_CBC = 'http://www.w3.org/2001/04/xmlenc#aes256-cbc'; + const AES128_GCM = 'http://www.w3.org/2009/xmlenc11#aes128-gcm'; + const AES192_GCM = 'http://www.w3.org/2009/xmlenc11#aes192-gcm'; + const AES256_GCM = 'http://www.w3.org/2009/xmlenc11#aes256-gcm'; + const RSA_1_5 = 'http://www.w3.org/2001/04/xmlenc#rsa-1_5'; + const RSA_OAEP_MGF1P = 'http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p'; + const RSA_OAEP = 'http://www.w3.org/2009/xmlenc11#rsa-oaep'; + const DSA_SHA1 = 'http://www.w3.org/2000/09/xmldsig#dsa-sha1'; + const RSA_SHA1 = 'http://www.w3.org/2000/09/xmldsig#rsa-sha1'; + const RSA_SHA256 = 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256'; + const RSA_SHA384 = 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha384'; + const RSA_SHA512 = 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha512'; + const HMAC_SHA1 = 'http://www.w3.org/2000/09/xmldsig#hmac-sha1'; + const AUTHTAG_LENGTH = 16; + + /** @var array */ + private $cryptParams = array(); + + /** @var int|string */ + public $type = 0; + + /** @var mixed|null */ + public $key = null; + + /** @var string */ + public $passphrase = ""; + + /** @var string|null */ + public $iv = null; + + /** @var string|null */ + public $name = null; + + /** @var mixed|null */ + public $keyChain = null; + + /** @var bool */ + public $isEncrypted = false; + + /** @var XMLSecEnc|null */ + public $encryptedCtx = null; + + /** @var mixed|null */ + public $guid = null; + + /** + * This variable contains the certificate as a string if this key represents an X509-certificate. + * If this key doesn't represent a certificate, this will be null. + * @var string|null + */ + private $x509Certificate = null; + + /** + * This variable contains the certificate thumbprint if we have loaded an X509-certificate. + * @var string|null + */ + private $X509Thumbprint = null; + + /** + * @param string $type + * @param null|array $params + * @throws Exception + */ + public function __construct($type, $params=null) + { + switch ($type) { + case (self::TRIPLEDES_CBC): + $this->cryptParams['library'] = 'openssl'; + $this->cryptParams['cipher'] = 'des-ede3-cbc'; + $this->cryptParams['type'] = 'symmetric'; + $this->cryptParams['method'] = 'http://www.w3.org/2001/04/xmlenc#tripledes-cbc'; + $this->cryptParams['keysize'] = 24; + $this->cryptParams['blocksize'] = 8; + break; + case (self::AES128_CBC): + $this->cryptParams['library'] = 'openssl'; + $this->cryptParams['cipher'] = 'aes-128-cbc'; + $this->cryptParams['type'] = 'symmetric'; + $this->cryptParams['method'] = 'http://www.w3.org/2001/04/xmlenc#aes128-cbc'; + $this->cryptParams['keysize'] = 16; + $this->cryptParams['blocksize'] = 16; + break; + case (self::AES192_CBC): + $this->cryptParams['library'] = 'openssl'; + $this->cryptParams['cipher'] = 'aes-192-cbc'; + $this->cryptParams['type'] = 'symmetric'; + $this->cryptParams['method'] = 'http://www.w3.org/2001/04/xmlenc#aes192-cbc'; + $this->cryptParams['keysize'] = 24; + $this->cryptParams['blocksize'] = 16; + break; + case (self::AES256_CBC): + $this->cryptParams['library'] = 'openssl'; + $this->cryptParams['cipher'] = 'aes-256-cbc'; + $this->cryptParams['type'] = 'symmetric'; + $this->cryptParams['method'] = 'http://www.w3.org/2001/04/xmlenc#aes256-cbc'; + $this->cryptParams['keysize'] = 32; + $this->cryptParams['blocksize'] = 16; + break; + case (self::AES128_GCM): + $this->cryptParams['library'] = 'openssl'; + $this->cryptParams['cipher'] = 'aes-128-gcm'; + $this->cryptParams['type'] = 'symmetric'; + $this->cryptParams['method'] = 'http://www.w3.org/2009/xmlenc11#aes128-gcm'; + $this->cryptParams['keysize'] = 16; + $this->cryptParams['blocksize'] = 16; + break; + case (self::AES192_GCM): + $this->cryptParams['library'] = 'openssl'; + $this->cryptParams['cipher'] = 'aes-192-gcm'; + $this->cryptParams['type'] = 'symmetric'; + $this->cryptParams['method'] = 'http://www.w3.org/2009/xmlenc11#aes192-gcm'; + $this->cryptParams['keysize'] = 24; + $this->cryptParams['blocksize'] = 16; + break; + case (self::AES256_GCM): + $this->cryptParams['library'] = 'openssl'; + $this->cryptParams['cipher'] = 'aes-256-gcm'; + $this->cryptParams['type'] = 'symmetric'; + $this->cryptParams['method'] = 'http://www.w3.org/2009/xmlenc11#aes256-gcm'; + $this->cryptParams['keysize'] = 32; + $this->cryptParams['blocksize'] = 16; + break; + case (self::RSA_1_5): + $this->cryptParams['library'] = 'openssl'; + $this->cryptParams['padding'] = OPENSSL_PKCS1_PADDING; + $this->cryptParams['method'] = 'http://www.w3.org/2001/04/xmlenc#rsa-1_5'; + if (is_array($params) && ! empty($params['type'])) { + if ($params['type'] == 'public' || $params['type'] == 'private') { + $this->cryptParams['type'] = $params['type']; + break; + } + } + throw new Exception('Certificate "type" (private/public) must be passed via parameters'); + case (self::RSA_OAEP_MGF1P): + $this->cryptParams['library'] = 'openssl'; + $this->cryptParams['padding'] = OPENSSL_PKCS1_OAEP_PADDING; + $this->cryptParams['method'] = 'http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p'; + $this->cryptParams['hash'] = null; + if (is_array($params) && ! empty($params['type'])) { + if ($params['type'] == 'public' || $params['type'] == 'private') { + $this->cryptParams['type'] = $params['type']; + break; + } + } + throw new Exception('Certificate "type" (private/public) must be passed via parameters'); + case (self::RSA_OAEP): + $this->cryptParams['library'] = 'openssl'; + $this->cryptParams['padding'] = OPENSSL_PKCS1_OAEP_PADDING; + $this->cryptParams['method'] = 'http://www.w3.org/2009/xmlenc11#rsa-oaep'; + $this->cryptParams['hash'] = 'http://www.w3.org/2009/xmlenc11#mgf1sha1'; + if (is_array($params) && ! empty($params['type'])) { + if ($params['type'] == 'public' || $params['type'] == 'private') { + $this->cryptParams['type'] = $params['type']; + break; + } + } + throw new Exception('Certificate "type" (private/public) must be passed via parameters'); + case (self::RSA_SHA1): + $this->cryptParams['library'] = 'openssl'; + $this->cryptParams['method'] = 'http://www.w3.org/2000/09/xmldsig#rsa-sha1'; + $this->cryptParams['padding'] = OPENSSL_PKCS1_PADDING; + if (is_array($params) && ! empty($params['type'])) { + if ($params['type'] == 'public' || $params['type'] == 'private') { + $this->cryptParams['type'] = $params['type']; + break; + } + } + throw new Exception('Certificate "type" (private/public) must be passed via parameters'); + case (self::RSA_SHA256): + $this->cryptParams['library'] = 'openssl'; + $this->cryptParams['method'] = 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256'; + $this->cryptParams['padding'] = OPENSSL_PKCS1_PADDING; + $this->cryptParams['digest'] = 'SHA256'; + if (is_array($params) && ! empty($params['type'])) { + if ($params['type'] == 'public' || $params['type'] == 'private') { + $this->cryptParams['type'] = $params['type']; + break; + } + } + throw new Exception('Certificate "type" (private/public) must be passed via parameters'); + case (self::RSA_SHA384): + $this->cryptParams['library'] = 'openssl'; + $this->cryptParams['method'] = 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha384'; + $this->cryptParams['padding'] = OPENSSL_PKCS1_PADDING; + $this->cryptParams['digest'] = 'SHA384'; + if (is_array($params) && ! empty($params['type'])) { + if ($params['type'] == 'public' || $params['type'] == 'private') { + $this->cryptParams['type'] = $params['type']; + break; + } + } + throw new Exception('Certificate "type" (private/public) must be passed via parameters'); + case (self::RSA_SHA512): + $this->cryptParams['library'] = 'openssl'; + $this->cryptParams['method'] = 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha512'; + $this->cryptParams['padding'] = OPENSSL_PKCS1_PADDING; + $this->cryptParams['digest'] = 'SHA512'; + if (is_array($params) && ! empty($params['type'])) { + if ($params['type'] == 'public' || $params['type'] == 'private') { + $this->cryptParams['type'] = $params['type']; + break; + } + } + throw new Exception('Certificate "type" (private/public) must be passed via parameters'); + case (self::HMAC_SHA1): + $this->cryptParams['library'] = $type; + $this->cryptParams['method'] = 'http://www.w3.org/2000/09/xmldsig#hmac-sha1'; + break; + default: + throw new Exception('Invalid Key Type'); + } + $this->type = $type; + } + + /** + * Retrieve the key size for the symmetric encryption algorithm.. + * + * If the key size is unknown, or this isn't a symmetric encryption algorithm, + * null is returned. + * + * @return int|null The number of bytes in the key. + */ + public function getSymmetricKeySize() + { + if (! isset($this->cryptParams['keysize'])) { + return null; + } + return $this->cryptParams['keysize']; + } + + /** + * Generates a session key using the openssl-extension. + * In case of using DES3-CBC the key is checked for a proper parity bits set. + * @return string + * @throws Exception + */ + public function generateSessionKey() + { + if (!isset($this->cryptParams['keysize'])) { + throw new Exception('Unknown key size for type "' . $this->type . '".'); + } + $keysize = $this->cryptParams['keysize']; + + $key = openssl_random_pseudo_bytes($keysize); + + if ($this->type === self::TRIPLEDES_CBC) { + /* Make sure that the generated key has the proper parity bits set. + * Mcrypt doesn't care about the parity bits, but others may care. + */ + for ($i = 0; $i < strlen($key); $i++) { + $byte = ord($key[$i]) & 0xfe; + $parity = 1; + for ($j = 1; $j < 8; $j++) { + $parity ^= ($byte >> $j) & 1; + } + $byte |= $parity; + $key[$i] = chr($byte); + } + } + + $this->key = $key; + return $key; + } + + /** + * Get the raw thumbprint of a certificate + * + * @param string $cert + * @return null|string + */ + public static function getRawThumbprint($cert) + { + + $arCert = explode("\n", $cert); + $data = ''; + $inData = false; + + foreach ($arCert AS $curData) { + if (! $inData) { + if (strncmp($curData, '-----BEGIN CERTIFICATE', 22) == 0) { + $inData = true; + } + } else { + if (strncmp($curData, '-----END CERTIFICATE', 20) == 0) { + break; + } + $data .= trim($curData); + } + } + + if (! empty($data)) { + return strtolower(sha1(base64_decode($data))); + } + + return null; + } + + /** + * Loads the given key, or - with isFile set true - the key from the keyfile. + * + * @param string $key + * @param bool $isFile + * @param bool $isCert + * @throws Exception + */ + public function loadKey($key, $isFile=false, $isCert = false) + { + if ($isFile) { + $this->key = file_get_contents($key); + } else { + $this->key = $key; + } + if ($isCert) { + $this->key = openssl_x509_read($this->key); + openssl_x509_export($this->key, $str_cert); + $this->x509Certificate = $str_cert; + $this->key = $str_cert; + } else { + $this->x509Certificate = null; + } + if ($this->cryptParams['library'] == 'openssl') { + switch ($this->cryptParams['type']) { + case 'public': + if ($isCert) { + /* Load the thumbprint if this is an X509 certificate. */ + $this->X509Thumbprint = self::getRawThumbprint($this->key); + } + $this->key = openssl_get_publickey($this->key); + if (! $this->key) { + throw new Exception('Unable to extract public key'); + } + break; + + case 'private': + $this->key = openssl_get_privatekey($this->key, $this->passphrase); + break; + + case'symmetric': + if (strlen($this->key) < $this->cryptParams['keysize']) { + throw new Exception('Key must contain at least '.$this->cryptParams['keysize'].' characters for this cipher, contains '.strlen($this->key)); + } + break; + + default: + throw new Exception('Unknown type'); + } + } + } + + /** + * ISO 10126 Padding + * + * @param string $data + * @param integer $blockSize + * @throws Exception + * @return string + */ + private function padISO10126($data, $blockSize) + { + if ($blockSize > 256) { + throw new Exception('Block size higher than 256 not allowed'); + } + $padChr = $blockSize - (strlen($data) % $blockSize); + $pattern = chr($padChr); + return $data . str_repeat($pattern, $padChr); + } + + /** + * Remove ISO 10126 Padding + * + * @param string $data + * @return string + */ + private function unpadISO10126($data) + { + $padChr = substr($data, -1); + $padLen = ord($padChr); + return substr($data, 0, -$padLen); + } + + /** + * Encrypts the given data (string) using the openssl-extension + * + * @param string $data + * @return string + */ + private function encryptSymmetric($data) + { + $this->iv = openssl_random_pseudo_bytes(openssl_cipher_iv_length($this->cryptParams['cipher'])); + $authTag = null; + if(in_array($this->cryptParams['cipher'], ['aes-128-gcm', 'aes-192-gcm', 'aes-256-gcm'])) { + if (version_compare(PHP_VERSION, '7.1.0') < 0) { + throw new Exception('PHP 7.1.0 is required to use AES GCM algorithms'); + } + $authTag = openssl_random_pseudo_bytes(self::AUTHTAG_LENGTH); + $encrypted = openssl_encrypt($data, $this->cryptParams['cipher'], $this->key, OPENSSL_RAW_DATA, $this->iv, $authTag); + } else { + $data = $this->padISO10126($data, $this->cryptParams['blocksize']); + $encrypted = openssl_encrypt($data, $this->cryptParams['cipher'], $this->key, OPENSSL_RAW_DATA | OPENSSL_ZERO_PADDING, $this->iv); + } + + if (false === $encrypted) { + throw new Exception('Failure encrypting Data (openssl symmetric) - ' . openssl_error_string()); + } + return $this->iv . $encrypted . $authTag; + } + + /** + * Decrypts the given data (string) using the openssl-extension + * + * @param string $data + * @return string + */ + private function decryptSymmetric($data) + { + $iv_length = openssl_cipher_iv_length($this->cryptParams['cipher']); + $this->iv = substr($data, 0, $iv_length); + $data = substr($data, $iv_length); + $authTag = null; + if(in_array($this->cryptParams['cipher'], ['aes-128-gcm', 'aes-192-gcm', 'aes-256-gcm'])) { + if (version_compare(PHP_VERSION, '7.1.0') < 0) { + throw new Exception('PHP 7.1.0 is required to use AES GCM algorithms'); + } + // obtain and remove the authentication tag + $offset = 0 - self::AUTHTAG_LENGTH; + $authTag = substr($data, $offset); + $data = substr($data, 0, $offset); + $decrypted = openssl_decrypt($data, $this->cryptParams['cipher'], $this->key, OPENSSL_RAW_DATA, $this->iv, $authTag); + } else { + $decrypted = openssl_decrypt($data, $this->cryptParams['cipher'], $this->key, OPENSSL_RAW_DATA | OPENSSL_ZERO_PADDING, $this->iv); + } + + if (false === $decrypted) { + throw new Exception('Failure decrypting Data (openssl symmetric) - ' . openssl_error_string()); + } + return null !== $authTag ? $decrypted : $this->unpadISO10126($decrypted); + } + + /** + * Encrypts the given public data (string) using the openssl-extension + * + * @param string $data + * @return string + * @throws Exception + */ + private function encryptPublic($data) + { + if (! openssl_public_encrypt($data, $encrypted, $this->key, $this->cryptParams['padding'])) { + throw new Exception('Failure encrypting Data (openssl public) - ' . openssl_error_string()); + } + return $encrypted; + } + + /** + * Decrypts the given public data (string) using the openssl-extension + * + * @param string $data + * @return string + * @throws Exception + */ + private function decryptPublic($data) + { + if (! openssl_public_decrypt($data, $decrypted, $this->key, $this->cryptParams['padding'])) { + throw new Exception('Failure decrypting Data (openssl public) - ' . openssl_error_string()); + } + return $decrypted; + } + + /** + * Encrypts the given private data (string) using the openssl-extension + * + * @param string $data + * @return string + * @throws Exception + */ + private function encryptPrivate($data) + { + if (! openssl_private_encrypt($data, $encrypted, $this->key, $this->cryptParams['padding'])) { + throw new Exception('Failure encrypting Data (openssl private) - ' . openssl_error_string()); + } + return $encrypted; + } + + /** + * Decrypts the given private data (string) using the openssl-extension + * + * @param string $data + * @return string + * @throws Exception + */ + private function decryptPrivate($data) + { + if (! openssl_private_decrypt($data, $decrypted, $this->key, $this->cryptParams['padding'])) { + throw new Exception('Failure decrypting Data (openssl private) - ' . openssl_error_string()); + } + return $decrypted; + } + + /** + * Signs the given data (string) using the openssl-extension + * + * @param string $data + * @return string + * @throws Exception + */ + private function signOpenSSL($data) + { + $algo = OPENSSL_ALGO_SHA1; + if (! empty($this->cryptParams['digest'])) { + $algo = $this->cryptParams['digest']; + } + if (! openssl_sign($data, $signature, $this->key, $algo)) { + throw new Exception('Failure Signing Data: ' . openssl_error_string() . ' - ' . $algo); + } + return $signature; + } + + /** + * Verifies the given data (string) belonging to the given signature using the openssl-extension + * + * Returns: + * 1 on succesful signature verification, + * 0 when signature verification failed, + * -1 if an error occurred during processing. + * + * NOTE: be very careful when checking the return value, because in PHP, + * -1 will be cast to True when in boolean context. So always check the + * return value in a strictly typed way, e.g. "$obj->verify(...) === 1". + * + * @param string $data + * @param string $signature + * @return int + */ + private function verifyOpenSSL($data, $signature) + { + $algo = OPENSSL_ALGO_SHA1; + if (! empty($this->cryptParams['digest'])) { + $algo = $this->cryptParams['digest']; + } + return openssl_verify($data, $signature, $this->key, $algo); + } + + /** + * Encrypts the given data (string) using the regarding php-extension, depending on the library assigned to algorithm in the contructor. + * + * @param string $data + * @return mixed|string + */ + public function encryptData($data) + { + if ($this->cryptParams['library'] === 'openssl') { + switch ($this->cryptParams['type']) { + case 'symmetric': + return $this->encryptSymmetric($data); + case 'public': + return $this->encryptPublic($data); + case 'private': + return $this->encryptPrivate($data); + } + } + } + + /** + * Decrypts the given data (string) using the regarding php-extension, depending on the library assigned to algorithm in the contructor. + * + * @param string $data + * @return mixed|string + */ + public function decryptData($data) + { + if ($this->cryptParams['library'] === 'openssl') { + switch ($this->cryptParams['type']) { + case 'symmetric': + return $this->decryptSymmetric($data); + case 'public': + return $this->decryptPublic($data); + case 'private': + return $this->decryptPrivate($data); + } + } + } + + /** + * Signs the data (string) using the extension assigned to the type in the constructor. + * + * @param string $data + * @return mixed|string + */ + public function signData($data) + { + switch ($this->cryptParams['library']) { + case 'openssl': + return $this->signOpenSSL($data); + case (self::HMAC_SHA1): + return hash_hmac("sha1", $data, $this->key, true); + } + } + + /** + * Verifies the data (string) against the given signature using the extension assigned to the type in the constructor. + * + * Returns in case of openSSL: + * 1 on succesful signature verification, + * 0 when signature verification failed, + * -1 if an error occurred during processing. + * + * NOTE: be very careful when checking the return value, because in PHP, + * -1 will be cast to True when in boolean context. So always check the + * return value in a strictly typed way, e.g. "$obj->verify(...) === 1". + * + * @param string $data + * @param string $signature + * @return bool|int + */ + public function verifySignature($data, $signature) + { + switch ($this->cryptParams['library']) { + case 'openssl': + return $this->verifyOpenSSL($data, $signature); + case (self::HMAC_SHA1): + $expectedSignature = hash_hmac("sha1", $data, $this->key, true); + return strcmp($signature, $expectedSignature) == 0; + } + } + + /** + * @deprecated + * @see getAlgorithm() + * @return mixed + */ + public function getAlgorith() + { + return $this->getAlgorithm(); + } + + /** + * @return mixed + */ + public function getAlgorithm() + { + return $this->cryptParams['method']; + } + + /** + * + * @param int $type + * @param string $string + * @return null|string + */ + public static function makeAsnSegment($type, $string) + { + switch ($type) { + case 0x02: + if (ord($string) > 0x7f) + $string = chr(0).$string; + break; + case 0x03: + $string = chr(0).$string; + break; + } + + $length = strlen($string); + + if ($length < 128) { + $output = sprintf("%c%c%s", $type, $length, $string); + } else if ($length < 0x0100) { + $output = sprintf("%c%c%c%s", $type, 0x81, $length, $string); + } else if ($length < 0x010000) { + $output = sprintf("%c%c%c%c%s", $type, 0x82, $length / 0x0100, $length % 0x0100, $string); + } else { + $output = null; + } + return $output; + } + + /** + * + * Hint: Modulus and Exponent must already be base64 decoded + * @param string $modulus + * @param string $exponent + * @return string + */ + public static function convertRSA($modulus, $exponent) + { + /* make an ASN publicKeyInfo */ + $exponentEncoding = self::makeAsnSegment(0x02, $exponent); + $modulusEncoding = self::makeAsnSegment(0x02, $modulus); + $sequenceEncoding = self::makeAsnSegment(0x30, $modulusEncoding.$exponentEncoding); + $bitstringEncoding = self::makeAsnSegment(0x03, $sequenceEncoding); + $rsaAlgorithmIdentifier = pack("H*", "300D06092A864886F70D0101010500"); + $publicKeyInfo = self::makeAsnSegment(0x30, $rsaAlgorithmIdentifier.$bitstringEncoding); + + /* encode the publicKeyInfo in base64 and add PEM brackets */ + $publicKeyInfoBase64 = base64_encode($publicKeyInfo); + $encoding = "-----BEGIN PUBLIC KEY-----\n"; + $offset = 0; + while ($segment = substr($publicKeyInfoBase64, $offset, 64)) { + $encoding = $encoding.$segment."\n"; + $offset += 64; + } + return $encoding."-----END PUBLIC KEY-----\n"; + } + + /** + * @param mixed $parent + */ + public function serializeKey($parent) + { + + } + + /** + * Retrieve the X509 certificate this key represents. + * + * Will return the X509 certificate in PEM-format if this key represents + * an X509 certificate. + * + * @return string The X509 certificate or null if this key doesn't represent an X509-certificate. + */ + public function getX509Certificate() + { + return $this->x509Certificate; + } + + /** + * Get the thumbprint of this X509 certificate. + * + * Returns: + * The thumbprint as a lowercase 40-character hexadecimal number, or null + * if this isn't a X509 certificate. + * + * @return string Lowercase 40-character hexadecimal number of thumbprint + */ + public function getX509Thumbprint() + { + return $this->X509Thumbprint; + } + + + /** + * Create key from an EncryptedKey-element. + * + * @param DOMElement $element The EncryptedKey-element. + * @throws Exception + * + * @return XMLSecurityKey The new key. + */ + public static function fromEncryptedKeyElement(DOMElement $element) + { + + $objenc = new XMLSecEnc(); + $objenc->setNode($element); + if (! $objKey = $objenc->locateKey()) { + throw new Exception("Unable to locate algorithm for this Encrypted Key"); + } + $objKey->isEncrypted = true; + $objKey->encryptedCtx = $objenc; + XMLSecEnc::staticLocateKeyInfo($objKey, $element); + return $objKey; + } + +} diff --git a/docker/nextcloud/user_saml/3rdparty/vendor/robrichards/xmlseclibs/xmlseclibs.php b/docker/nextcloud/user_saml/3rdparty/vendor/robrichards/xmlseclibs/xmlseclibs.php new file mode 100755 index 0000000..1c10acc --- /dev/null +++ b/docker/nextcloud/user_saml/3rdparty/vendor/robrichards/xmlseclibs/xmlseclibs.php @@ -0,0 +1,47 @@ +. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * * Neither the name of Robert Richards nor the names of his + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER + * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN + * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + * + * @author Robert Richards + * @copyright 2007-2020 Robert Richards + * @license http://www.opensource.org/licenses/bsd-license.php BSD License + * @version 3.1.1 + */ + +$xmlseclibs_srcdir = dirname(__FILE__) . '/src/'; +require $xmlseclibs_srcdir . '/XMLSecurityKey.php'; +require $xmlseclibs_srcdir . '/XMLSecurityDSig.php'; +require $xmlseclibs_srcdir . '/XMLSecEnc.php'; +require $xmlseclibs_srcdir . '/Utils/XPath.php'; diff --git a/docker/nextcloud/user_saml/CHANGELOG.md b/docker/nextcloud/user_saml/CHANGELOG.md new file mode 100755 index 0000000..5d74dc5 --- /dev/null +++ b/docker/nextcloud/user_saml/CHANGELOG.md @@ -0,0 +1,184 @@ +# Changelog +All notable changes to this project will be documented in this file. + +## 4.1.0 +### Added +- Nextcloud 22 support + +### Fixed +- logins with base64 resembling UIDs + +## 4.0.0 +### Removed +- Nextcloud <21 support + +## 3.3.3 +### Added +- Possibility to add custom direct login message + +## 3.3.2 +### Added +- Possible url for SLO response + +### Fixed +- Fix login flow support yet again +- Buton colors +- Translations +- Fixed provisioning users from encoded uids +- Fix missing IDP variable + +## 3.3.1 +### Fixed +- 21 suport +- login flow support with strict cookies + +## 3.1.2 +### Fixed +- 19 support. This was broken due to stricter cookies + +## 3.0.1 +### Added +- Add setting to specify a different signature algorithm #401 + +### Changed +- translation updates + +## 3.0.0 +### Changed +- fixed login with chrome browser #379 +- translation updates +- Make 19 compatible #380 + +## 2.4.0 +### Added +- IdP initiated logout + +### Fixed +- No password confirmation for passwordless users +- Handle exceptions more graceful (prevent app from disabling) +- Desktop client login failing in some cases + +## 2.3.1 +### Fixed +- name id format is set per provider + +## 2.3.0 + +### Added +- Ability to specify nameformat when configuring IdPs +- Properly set the timezone + +### Changed +- Also search for diplayname and email in backend +- Bumped onelogin/php-saml to 3.1.1 +- Updated translations + +### Fixed +- Catch exception so app does not get disabled on random PUT requests + +## 2.2.0 + +### Changed + +- Update dependencies for PHP 7.3 compatibility +- Ready for Nextcloud 16 +- improve logging + + +## 2.1.1 + +### Changed + +- sort IDP's alphabetical +- improved documentation in UI, add hint for direct login URL + +### Fixed + +- create skeleton files if SAML is used in combination with LDAP + +## 2.1.0 + +### Changed + +- add attribute mapping for the users home directory when creating a new user +- use a combobox to select the IDP on login when more then 4 IDPs are configured +- improved debug logging and in case of errors +- Add sabredav plugin to register environment auth for dav requests + +### Fixed + +- remove trailing and leading spaces on settings +- adjust login page to the theme + +## 2.0.0 + +### Changed + +- update to upstream php-saml 3.0 (upstream library) which removes the mcrypt dependency +- Improve SAML behaviour in a Global Scale setup + + +## 1.7.0 + +### Changed + +- many small changes/fixes to make SAML work in a Global Scale setup + +## 1.6.2 + +### Changed + +- Add reset button to start over with the configuration +- Show default login screen until SSO is configured +- updated translations + +### Fixed + +- small fixes + +## 1.6.1 + +### Fixed + +- internal version number + +## 1.6.0 + +### Changed + +- Allow multiple IDP's +- Add attribute mapping for groups + +## 1.5.0 + +### Changed + +- add attribute mapping for the users quota +- add option to use the local user back-end (and LDAP) in parallel to SAML + +### Fixed + +- fix redirect loop in case a user was disabled +- query LDAP for user data during auto-provisioning in case "Only allow authentication if an account is existent on some other backend" is enabled + +## 1.4.2 + +- update display name in accounts table correctly +- improve error messages and logging + +## 1.4.0 + +### Fixed + +- Spelling mistakes +- Keep displayname after login +- Fix compatibility with reverse proxies +- Set last login after successful login operation +- SLO support +- Hide attribute mapping until a type is selected + +## 1.3.2 + +### Added + +- Added sample screenshots diff --git a/docker/nextcloud/user_saml/LICENSE b/docker/nextcloud/user_saml/LICENSE new file mode 100755 index 0000000..0ad25db --- /dev/null +++ b/docker/nextcloud/user_saml/LICENSE @@ -0,0 +1,661 @@ + GNU AFFERO GENERAL PUBLIC LICENSE + Version 3, 19 November 2007 + + Copyright (C) 2007 Free Software Foundation, Inc. + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + + Preamble + + The GNU Affero General Public License is a free, copyleft license for +software and other kinds of works, specifically designed to ensure +cooperation with the community in the case of network server software. + + The licenses for most software and other practical works are designed +to take away your freedom to share and change the works. By contrast, +our General Public Licenses are intended to guarantee your freedom to +share and change all versions of a program--to make sure it remains free +software for all its users. + + When we speak of free software, we are referring to freedom, not +price. Our General Public Licenses are designed to make sure that you +have the freedom to distribute copies of free software (and charge for +them if you wish), that you receive source code or can get it if you +want it, that you can change the software or use pieces of it in new +free programs, and that you know you can do these things. + + Developers that use our General Public Licenses protect your rights +with two steps: (1) assert copyright on the software, and (2) offer +you this License which gives you legal permission to copy, distribute +and/or modify the software. + + A secondary benefit of defending all users' freedom is that +improvements made in alternate versions of the program, if they +receive widespread use, become available for other developers to +incorporate. Many developers of free software are heartened and +encouraged by the resulting cooperation. However, in the case of +software used on network servers, this result may fail to come about. +The GNU General Public License permits making a modified version and +letting the public access it on a server without ever releasing its +source code to the public. + + The GNU Affero General Public License is designed specifically to +ensure that, in such cases, the modified source code becomes available +to the community. It requires the operator of a network server to +provide the source code of the modified version running there to the +users of that server. Therefore, public use of a modified version, on +a publicly accessible server, gives the public access to the source +code of the modified version. + + An older license, called the Affero General Public License and +published by Affero, was designed to accomplish similar goals. This is +a different license, not a version of the Affero GPL, but Affero has +released a new version of the Affero GPL which permits relicensing under +this license. + + The precise terms and conditions for copying, distribution and +modification follow. + + TERMS AND CONDITIONS + + 0. Definitions. + + "This License" refers to version 3 of the GNU Affero General Public License. + + "Copyright" also means copyright-like laws that apply to other kinds of +works, such as semiconductor masks. + + "The Program" refers to any copyrightable work licensed under this +License. Each licensee is addressed as "you". "Licensees" and +"recipients" may be individuals or organizations. + + To "modify" a work means to copy from or adapt all or part of the work +in a fashion requiring copyright permission, other than the making of an +exact copy. The resulting work is called a "modified version" of the +earlier work or a work "based on" the earlier work. + + A "covered work" means either the unmodified Program or a work based +on the Program. + + To "propagate" a work means to do anything with it that, without +permission, would make you directly or secondarily liable for +infringement under applicable copyright law, except executing it on a +computer or modifying a private copy. Propagation includes copying, +distribution (with or without modification), making available to the +public, and in some countries other activities as well. + + To "convey" a work means any kind of propagation that enables other +parties to make or receive copies. Mere interaction with a user through +a computer network, with no transfer of a copy, is not conveying. + + An interactive user interface displays "Appropriate Legal Notices" +to the extent that it includes a convenient and prominently visible +feature that (1) displays an appropriate copyright notice, and (2) +tells the user that there is no warranty for the work (except to the +extent that warranties are provided), that licensees may convey the +work under this License, and how to view a copy of this License. If +the interface presents a list of user commands or options, such as a +menu, a prominent item in the list meets this criterion. + + 1. Source Code. + + The "source code" for a work means the preferred form of the work +for making modifications to it. "Object code" means any non-source +form of a work. + + A "Standard Interface" means an interface that either is an official +standard defined by a recognized standards body, or, in the case of +interfaces specified for a particular programming language, one that +is widely used among developers working in that language. + + The "System Libraries" of an executable work include anything, other +than the work as a whole, that (a) is included in the normal form of +packaging a Major Component, but which is not part of that Major +Component, and (b) serves only to enable use of the work with that +Major Component, or to implement a Standard Interface for which an +implementation is available to the public in source code form. A +"Major Component", in this context, means a major essential component +(kernel, window system, and so on) of the specific operating system +(if any) on which the executable work runs, or a compiler used to +produce the work, or an object code interpreter used to run it. + + The "Corresponding Source" for a work in object code form means all +the source code needed to generate, install, and (for an executable +work) run the object code and to modify the work, including scripts to +control those activities. However, it does not include the work's +System Libraries, or general-purpose tools or generally available free +programs which are used unmodified in performing those activities but +which are not part of the work. For example, Corresponding Source +includes interface definition files associated with source files for +the work, and the source code for shared libraries and dynamically +linked subprograms that the work is specifically designed to require, +such as by intimate data communication or control flow between those +subprograms and other parts of the work. + + The Corresponding Source need not include anything that users +can regenerate automatically from other parts of the Corresponding +Source. + + The Corresponding Source for a work in source code form is that +same work. + + 2. Basic Permissions. + + All rights granted under this License are granted for the term of +copyright on the Program, and are irrevocable provided the stated +conditions are met. This License explicitly affirms your unlimited +permission to run the unmodified Program. The output from running a +covered work is covered by this License only if the output, given its +content, constitutes a covered work. This License acknowledges your +rights of fair use or other equivalent, as provided by copyright law. + + You may make, run and propagate covered works that you do not +convey, without conditions so long as your license otherwise remains +in force. You may convey covered works to others for the sole purpose +of having them make modifications exclusively for you, or provide you +with facilities for running those works, provided that you comply with +the terms of this License in conveying all material for which you do +not control copyright. Those thus making or running the covered works +for you must do so exclusively on your behalf, under your direction +and control, on terms that prohibit them from making any copies of +your copyrighted material outside their relationship with you. + + Conveying under any other circumstances is permitted solely under +the conditions stated below. Sublicensing is not allowed; section 10 +makes it unnecessary. + + 3. Protecting Users' Legal Rights From Anti-Circumvention Law. + + No covered work shall be deemed part of an effective technological +measure under any applicable law fulfilling obligations under article +11 of the WIPO copyright treaty adopted on 20 December 1996, or +similar laws prohibiting or restricting circumvention of such +measures. + + When you convey a covered work, you waive any legal power to forbid +circumvention of technological measures to the extent such circumvention +is effected by exercising rights under this License with respect to +the covered work, and you disclaim any intention to limit operation or +modification of the work as a means of enforcing, against the work's +users, your or third parties' legal rights to forbid circumvention of +technological measures. + + 4. Conveying Verbatim Copies. + + You may convey verbatim copies of the Program's source code as you +receive it, in any medium, provided that you conspicuously and +appropriately publish on each copy an appropriate copyright notice; +keep intact all notices stating that this License and any +non-permissive terms added in accord with section 7 apply to the code; +keep intact all notices of the absence of any warranty; and give all +recipients a copy of this License along with the Program. + + You may charge any price or no price for each copy that you convey, +and you may offer support or warranty protection for a fee. + + 5. Conveying Modified Source Versions. + + You may convey a work based on the Program, or the modifications to +produce it from the Program, in the form of source code under the +terms of section 4, provided that you also meet all of these conditions: + + a) The work must carry prominent notices stating that you modified + it, and giving a relevant date. + + b) The work must carry prominent notices stating that it is + released under this License and any conditions added under section + 7. This requirement modifies the requirement in section 4 to + "keep intact all notices". + + c) You must license the entire work, as a whole, under this + License to anyone who comes into possession of a copy. This + License will therefore apply, along with any applicable section 7 + additional terms, to the whole of the work, and all its parts, + regardless of how they are packaged. This License gives no + permission to license the work in any other way, but it does not + invalidate such permission if you have separately received it. + + d) If the work has interactive user interfaces, each must display + Appropriate Legal Notices; however, if the Program has interactive + interfaces that do not display Appropriate Legal Notices, your + work need not make them do so. + + A compilation of a covered work with other separate and independent +works, which are not by their nature extensions of the covered work, +and which are not combined with it such as to form a larger program, +in or on a volume of a storage or distribution medium, is called an +"aggregate" if the compilation and its resulting copyright are not +used to limit the access or legal rights of the compilation's users +beyond what the individual works permit. Inclusion of a covered work +in an aggregate does not cause this License to apply to the other +parts of the aggregate. + + 6. Conveying Non-Source Forms. + + You may convey a covered work in object code form under the terms +of sections 4 and 5, provided that you also convey the +machine-readable Corresponding Source under the terms of this License, +in one of these ways: + + a) Convey the object code in, or embodied in, a physical product + (including a physical distribution medium), accompanied by the + Corresponding Source fixed on a durable physical medium + customarily used for software interchange. + + b) Convey the object code in, or embodied in, a physical product + (including a physical distribution medium), accompanied by a + written offer, valid for at least three years and valid for as + long as you offer spare parts or customer support for that product + model, to give anyone who possesses the object code either (1) a + copy of the Corresponding Source for all the software in the + product that is covered by this License, on a durable physical + medium customarily used for software interchange, for a price no + more than your reasonable cost of physically performing this + conveying of source, or (2) access to copy the + Corresponding Source from a network server at no charge. + + c) Convey individual copies of the object code with a copy of the + written offer to provide the Corresponding Source. This + alternative is allowed only occasionally and noncommercially, and + only if you received the object code with such an offer, in accord + with subsection 6b. + + d) Convey the object code by offering access from a designated + place (gratis or for a charge), and offer equivalent access to the + Corresponding Source in the same way through the same place at no + further charge. You need not require recipients to copy the + Corresponding Source along with the object code. If the place to + copy the object code is a network server, the Corresponding Source + may be on a different server (operated by you or a third party) + that supports equivalent copying facilities, provided you maintain + clear directions next to the object code saying where to find the + Corresponding Source. Regardless of what server hosts the + Corresponding Source, you remain obligated to ensure that it is + available for as long as needed to satisfy these requirements. + + e) Convey the object code using peer-to-peer transmission, provided + you inform other peers where the object code and Corresponding + Source of the work are being offered to the general public at no + charge under subsection 6d. + + A separable portion of the object code, whose source code is excluded +from the Corresponding Source as a System Library, need not be +included in conveying the object code work. + + A "User Product" is either (1) a "consumer product", which means any +tangible personal property which is normally used for personal, family, +or household purposes, or (2) anything designed or sold for incorporation +into a dwelling. In determining whether a product is a consumer product, +doubtful cases shall be resolved in favor of coverage. For a particular +product received by a particular user, "normally used" refers to a +typical or common use of that class of product, regardless of the status +of the particular user or of the way in which the particular user +actually uses, or expects or is expected to use, the product. A product +is a consumer product regardless of whether the product has substantial +commercial, industrial or non-consumer uses, unless such uses represent +the only significant mode of use of the product. + + "Installation Information" for a User Product means any methods, +procedures, authorization keys, or other information required to install +and execute modified versions of a covered work in that User Product from +a modified version of its Corresponding Source. The information must +suffice to ensure that the continued functioning of the modified object +code is in no case prevented or interfered with solely because +modification has been made. + + If you convey an object code work under this section in, or with, or +specifically for use in, a User Product, and the conveying occurs as +part of a transaction in which the right of possession and use of the +User Product is transferred to the recipient in perpetuity or for a +fixed term (regardless of how the transaction is characterized), the +Corresponding Source conveyed under this section must be accompanied +by the Installation Information. But this requirement does not apply +if neither you nor any third party retains the ability to install +modified object code on the User Product (for example, the work has +been installed in ROM). + + The requirement to provide Installation Information does not include a +requirement to continue to provide support service, warranty, or updates +for a work that has been modified or installed by the recipient, or for +the User Product in which it has been modified or installed. Access to a +network may be denied when the modification itself materially and +adversely affects the operation of the network or violates the rules and +protocols for communication across the network. + + Corresponding Source conveyed, and Installation Information provided, +in accord with this section must be in a format that is publicly +documented (and with an implementation available to the public in +source code form), and must require no special password or key for +unpacking, reading or copying. + + 7. Additional Terms. + + "Additional permissions" are terms that supplement the terms of this +License by making exceptions from one or more of its conditions. +Additional permissions that are applicable to the entire Program shall +be treated as though they were included in this License, to the extent +that they are valid under applicable law. If additional permissions +apply only to part of the Program, that part may be used separately +under those permissions, but the entire Program remains governed by +this License without regard to the additional permissions. + + When you convey a copy of a covered work, you may at your option +remove any additional permissions from that copy, or from any part of +it. (Additional permissions may be written to require their own +removal in certain cases when you modify the work.) You may place +additional permissions on material, added by you to a covered work, +for which you have or can give appropriate copyright permission. + + Notwithstanding any other provision of this License, for material you +add to a covered work, you may (if authorized by the copyright holders of +that material) supplement the terms of this License with terms: + + a) Disclaiming warranty or limiting liability differently from the + terms of sections 15 and 16 of this License; or + + b) Requiring preservation of specified reasonable legal notices or + author attributions in that material or in the Appropriate Legal + Notices displayed by works containing it; or + + c) Prohibiting misrepresentation of the origin of that material, or + requiring that modified versions of such material be marked in + reasonable ways as different from the original version; or + + d) Limiting the use for publicity purposes of names of licensors or + authors of the material; or + + e) Declining to grant rights under trademark law for use of some + trade names, trademarks, or service marks; or + + f) Requiring indemnification of licensors and authors of that + material by anyone who conveys the material (or modified versions of + it) with contractual assumptions of liability to the recipient, for + any liability that these contractual assumptions directly impose on + those licensors and authors. + + All other non-permissive additional terms are considered "further +restrictions" within the meaning of section 10. If the Program as you +received it, or any part of it, contains a notice stating that it is +governed by this License along with a term that is a further +restriction, you may remove that term. If a license document contains +a further restriction but permits relicensing or conveying under this +License, you may add to a covered work material governed by the terms +of that license document, provided that the further restriction does +not survive such relicensing or conveying. + + If you add terms to a covered work in accord with this section, you +must place, in the relevant source files, a statement of the +additional terms that apply to those files, or a notice indicating +where to find the applicable terms. + + Additional terms, permissive or non-permissive, may be stated in the +form of a separately written license, or stated as exceptions; +the above requirements apply either way. + + 8. Termination. + + You may not propagate or modify a covered work except as expressly +provided under this License. Any attempt otherwise to propagate or +modify it is void, and will automatically terminate your rights under +this License (including any patent licenses granted under the third +paragraph of section 11). + + However, if you cease all violation of this License, then your +license from a particular copyright holder is reinstated (a) +provisionally, unless and until the copyright holder explicitly and +finally terminates your license, and (b) permanently, if the copyright +holder fails to notify you of the violation by some reasonable means +prior to 60 days after the cessation. + + Moreover, your license from a particular copyright holder is +reinstated permanently if the copyright holder notifies you of the +violation by some reasonable means, this is the first time you have +received notice of violation of this License (for any work) from that +copyright holder, and you cure the violation prior to 30 days after +your receipt of the notice. + + Termination of your rights under this section does not terminate the +licenses of parties who have received copies or rights from you under +this License. If your rights have been terminated and not permanently +reinstated, you do not qualify to receive new licenses for the same +material under section 10. + + 9. Acceptance Not Required for Having Copies. + + You are not required to accept this License in order to receive or +run a copy of the Program. Ancillary propagation of a covered work +occurring solely as a consequence of using peer-to-peer transmission +to receive a copy likewise does not require acceptance. However, +nothing other than this License grants you permission to propagate or +modify any covered work. These actions infringe copyright if you do +not accept this License. Therefore, by modifying or propagating a +covered work, you indicate your acceptance of this License to do so. + + 10. Automatic Licensing of Downstream Recipients. + + Each time you convey a covered work, the recipient automatically +receives a license from the original licensors, to run, modify and +propagate that work, subject to this License. You are not responsible +for enforcing compliance by third parties with this License. + + An "entity transaction" is a transaction transferring control of an +organization, or substantially all assets of one, or subdividing an +organization, or merging organizations. If propagation of a covered +work results from an entity transaction, each party to that +transaction who receives a copy of the work also receives whatever +licenses to the work the party's predecessor in interest had or could +give under the previous paragraph, plus a right to possession of the +Corresponding Source of the work from the predecessor in interest, if +the predecessor has it or can get it with reasonable efforts. + + You may not impose any further restrictions on the exercise of the +rights granted or affirmed under this License. For example, you may +not impose a license fee, royalty, or other charge for exercise of +rights granted under this License, and you may not initiate litigation +(including a cross-claim or counterclaim in a lawsuit) alleging that +any patent claim is infringed by making, using, selling, offering for +sale, or importing the Program or any portion of it. + + 11. Patents. + + A "contributor" is a copyright holder who authorizes use under this +License of the Program or a work on which the Program is based. The +work thus licensed is called the contributor's "contributor version". + + A contributor's "essential patent claims" are all patent claims +owned or controlled by the contributor, whether already acquired or +hereafter acquired, that would be infringed by some manner, permitted +by this License, of making, using, or selling its contributor version, +but do not include claims that would be infringed only as a +consequence of further modification of the contributor version. For +purposes of this definition, "control" includes the right to grant +patent sublicenses in a manner consistent with the requirements of +this License. + + Each contributor grants you a non-exclusive, worldwide, royalty-free +patent license under the contributor's essential patent claims, to +make, use, sell, offer for sale, import and otherwise run, modify and +propagate the contents of its contributor version. + + In the following three paragraphs, a "patent license" is any express +agreement or commitment, however denominated, not to enforce a patent +(such as an express permission to practice a patent or covenant not to +sue for patent infringement). To "grant" such a patent license to a +party means to make such an agreement or commitment not to enforce a +patent against the party. + + If you convey a covered work, knowingly relying on a patent license, +and the Corresponding Source of the work is not available for anyone +to copy, free of charge and under the terms of this License, through a +publicly available network server or other readily accessible means, +then you must either (1) cause the Corresponding Source to be so +available, or (2) arrange to deprive yourself of the benefit of the +patent license for this particular work, or (3) arrange, in a manner +consistent with the requirements of this License, to extend the patent +license to downstream recipients. "Knowingly relying" means you have +actual knowledge that, but for the patent license, your conveying the +covered work in a country, or your recipient's use of the covered work +in a country, would infringe one or more identifiable patents in that +country that you have reason to believe are valid. + + If, pursuant to or in connection with a single transaction or +arrangement, you convey, or propagate by procuring conveyance of, a +covered work, and grant a patent license to some of the parties +receiving the covered work authorizing them to use, propagate, modify +or convey a specific copy of the covered work, then the patent license +you grant is automatically extended to all recipients of the covered +work and works based on it. + + A patent license is "discriminatory" if it does not include within +the scope of its coverage, prohibits the exercise of, or is +conditioned on the non-exercise of one or more of the rights that are +specifically granted under this License. You may not convey a covered +work if you are a party to an arrangement with a third party that is +in the business of distributing software, under which you make payment +to the third party based on the extent of your activity of conveying +the work, and under which the third party grants, to any of the +parties who would receive the covered work from you, a discriminatory +patent license (a) in connection with copies of the covered work +conveyed by you (or copies made from those copies), or (b) primarily +for and in connection with specific products or compilations that +contain the covered work, unless you entered into that arrangement, +or that patent license was granted, prior to 28 March 2007. + + Nothing in this License shall be construed as excluding or limiting +any implied license or other defenses to infringement that may +otherwise be available to you under applicable patent law. + + 12. No Surrender of Others' Freedom. + + If conditions are imposed on you (whether by court order, agreement or +otherwise) that contradict the conditions of this License, they do not +excuse you from the conditions of this License. If you cannot convey a +covered work so as to satisfy simultaneously your obligations under this +License and any other pertinent obligations, then as a consequence you may +not convey it at all. For example, if you agree to terms that obligate you +to collect a royalty for further conveying from those to whom you convey +the Program, the only way you could satisfy both those terms and this +License would be to refrain entirely from conveying the Program. + + 13. Remote Network Interaction; Use with the GNU General Public License. + + Notwithstanding any other provision of this License, if you modify the +Program, your modified version must prominently offer all users +interacting with it remotely through a computer network (if your version +supports such interaction) an opportunity to receive the Corresponding +Source of your version by providing access to the Corresponding Source +from a network server at no charge, through some standard or customary +means of facilitating copying of software. This Corresponding Source +shall include the Corresponding Source for any work covered by version 3 +of the GNU General Public License that is incorporated pursuant to the +following paragraph. + + Notwithstanding any other provision of this License, you have +permission to link or combine any covered work with a work licensed +under version 3 of the GNU General Public License into a single +combined work, and to convey the resulting work. The terms of this +License will continue to apply to the part which is the covered work, +but the work with which it is combined will remain governed by version +3 of the GNU General Public License. + + 14. Revised Versions of this License. + + The Free Software Foundation may publish revised and/or new versions of +the GNU Affero General Public License from time to time. Such new versions +will be similar in spirit to the present version, but may differ in detail to +address new problems or concerns. + + Each version is given a distinguishing version number. If the +Program specifies that a certain numbered version of the GNU Affero General +Public License "or any later version" applies to it, you have the +option of following the terms and conditions either of that numbered +version or of any later version published by the Free Software +Foundation. If the Program does not specify a version number of the +GNU Affero General Public License, you may choose any version ever published +by the Free Software Foundation. + + If the Program specifies that a proxy can decide which future +versions of the GNU Affero General Public License can be used, that proxy's +public statement of acceptance of a version permanently authorizes you +to choose that version for the Program. + + Later license versions may give you additional or different +permissions. However, no additional obligations are imposed on any +author or copyright holder as a result of your choosing to follow a +later version. + + 15. Disclaimer of Warranty. + + THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY +APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT +HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY +OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, +THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM +IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF +ALL NECESSARY SERVICING, REPAIR OR CORRECTION. + + 16. Limitation of Liability. + + IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING +WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS +THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY +GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE +USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF +DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD +PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), +EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF +SUCH DAMAGES. + + 17. Interpretation of Sections 15 and 16. + + If the disclaimer of warranty and limitation of liability provided +above cannot be given local legal effect according to their terms, +reviewing courts shall apply local law that most closely approximates +an absolute waiver of all civil liability in connection with the +Program, unless a warranty or assumption of liability accompanies a +copy of the Program in return for a fee. + + END OF TERMS AND CONDITIONS + + How to Apply These Terms to Your New Programs + + If you develop a new program, and you want it to be of the greatest +possible use to the public, the best way to achieve this is to make it +free software which everyone can redistribute and change under these terms. + + To do so, attach the following notices to the program. It is safest +to attach them to the start of each source file to most effectively +state the exclusion of warranty; and each file should have at least +the "copyright" line and a pointer to where the full notice is found. + + + Copyright (C) + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU Affero General Public License as published + by the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU Affero General Public License for more details. + + You should have received a copy of the GNU Affero General Public License + along with this program. If not, see . + +Also add information on how to contact you by electronic and paper mail. + + If your software can interact with users remotely through a computer +network, you should also make sure that it provides a way for users to +get its source. For example, if your program is a web application, its +interface could display a "Source" link that leads users to an archive +of the code. There are many ways you could offer source, and different +solutions will be better for different programs; see section 13 for the +specific requirements. + + You should also get your employer (if you work as a programmer) or school, +if any, to sign a "copyright disclaimer" for the program, if necessary. +For more information on this, and how to apply and follow the GNU AGPL, see +. diff --git a/docker/nextcloud/user_saml/appinfo/app.php b/docker/nextcloud/user_saml/appinfo/app.php new file mode 100755 index 0000000..43db79e --- /dev/null +++ b/docker/nextcloud/user_saml/appinfo/app.php @@ -0,0 +1,206 @@ + + * + * @license GNU AGPL version 3 or any later version + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + * + */ + +require_once __DIR__ . '/../3rdparty/vendor/autoload.php'; + +// If we run in CLI mode do not setup the app as it can fail the OCC execution +// since the URLGenerator isn't accessible. +$cli = false; +if(OC::$CLI) { + $cli = true; +} +try { + $urlGenerator = \OC::$server->getURLGenerator(); + $l = \OC::$server->getL10N('user_saml'); + $config = \OC::$server->getConfig(); + $request = \OC::$server->getRequest(); + $userSession = \OC::$server->getUserSession(); + $session = \OC::$server->getSession(); +} catch (Throwable $e) { + \OC::$server->getLogger()->logException($e); + return; +} +$samlSettings = new \OCA\User_SAML\SAMLSettings( + $urlGenerator, + $config, + $request, + $session +); + +$userBackend = new \OCA\User_SAML\UserBackend( + $config, + $urlGenerator, + \OC::$server->getSession(), + \OC::$server->getDatabaseConnection(), + \OC::$server->getUserManager(), + \OC::$server->getGroupManager(), + $samlSettings, + \OC::$server->getLogger() +); +$userBackend->registerBackends(\OC::$server->getUserManager()->getBackends()); +OC_User::useBackend($userBackend); + +$params = []; + +// Setting up the one login config may fail, if so, do not catch the requests later. +$returnScript = false; +$type = ''; +switch($config->getAppValue('user_saml', 'type')) { + case 'saml': + try { + $oneLoginSettings = new \OneLogin\Saml2\Settings($samlSettings->getOneLoginSettingsArray(1)); + } catch (\OneLogin\SAML2\Error $e) { + $returnScript = true; + } + $type = 'saml'; + break; + case 'environment-variable': + $type = 'environment-variable'; + break; + default: + return; +} + +if ($type === 'environment-variable') { + // We should ignore oauth2 token endpoint (oauth can send the credentials as basic auth which will fail with apache auth) + $uri = $request->getRequestUri(); + if (substr($uri, -24) === '/apps/oauth/api/v1/token') { + return; + } + + OC_User::handleApacheAuth(); +} + +if($returnScript === true) { + return; +} + +$app = \OC::$server->query(\OCA\User_SAML\AppInfo\Application::class); +$app->registerDavAuth(); + +$redirectSituation = false; + +$user = $userSession->getUser(); +if ($user !== null) { + $enabled = $user->isEnabled(); + if ($enabled === false) { + $targetUrl = $urlGenerator->linkToRouteAbsolute( + 'user_saml.SAML.genericError', + [ + 'message' => $l->t('This user account is disabled, please contact your administrator.') + ] + ); + header('Location: '.$targetUrl); + exit(); + } +} + +// All requests that are not authenticated and match against the "/login" route are +// redirected to the SAML login endpoint +if(!$cli && + !$userSession->isLoggedIn() && + \OC::$server->getRequest()->getPathInfo() === '/login' && + $type !== '') { + try { + $params = $request->getParams(); + } catch (\LogicException $e) { + // ignore exception when PUT is called since getParams cannot parse parameters in that case + } + if (isset($params['direct'])) { + return; + } + $redirectSituation = true; +} + +// If a request to OCS or remote.php is sent by the official desktop clients it can +// be intercepted as it supports SAML. All other clients don't yet and thus we +// require the usage of application specific passwords there. +// +// However, it is an opt-in setting to use SAML for the desktop clients. For better +// UX (users don't have to reauthenticate) we default to disallow the access via +// SAML at the moment. +$useSamlForDesktopClients = $config->getAppValue('user_saml', 'general-use_saml_auth_for_desktop', '0'); +if($useSamlForDesktopClients === '1') { + $currentUrl = substr(explode('?',$request->getRequestUri(), 2)[0], strlen(\OC::$WEBROOT)); + if(substr($currentUrl, 0, 12) === '/remote.php/' || substr($currentUrl, 0, 5) === '/ocs/') { + if(!$userSession->isLoggedIn() && $request->isUserAgent([\OCP\IRequest::USER_AGENT_CLIENT_DESKTOP])) { + $redirectSituation = true; + + if (preg_match('/^.*\/(\d+\.\d+\.\d+).*$/', $request->getHeader('USER_AGENT'), $matches) === 1) { + $versionstring = $matches[1]; + + if (version_compare($versionstring, '2.5.0', '>=') === true) { + $redirectSituation = false; + } + } + } + } +} + +$multipleUserBackEnds = $samlSettings->allowMultipleUserBackEnds(); +$configuredIdps = $samlSettings->getListOfIdps(); +$showLoginOptions = $multipleUserBackEnds || count($configuredIdps) > 1; + +if ($redirectSituation === true && $showLoginOptions) { + try { + $params = $request->getParams(); + } catch (\LogicException $e) { + // ignore exception when PUT is called since getParams cannot parse parameters in that case + } + $redirectUrl = ''; + if(isset($params['redirect_url'])) { + $redirectUrl = $params['redirect_url']; + } + + $targetUrl = $urlGenerator->linkToRouteAbsolute( + 'user_saml.SAML.selectUserBackEnd', + [ + 'redirectUrl' => $redirectUrl + ] + ); + header('Location: '.$targetUrl); + exit(); + +} + +if($redirectSituation === true) { + try { + $params = $request->getParams(); + } catch (\LogicException $e) { + // ignore exception when PUT is called since getParams cannot parse parameters in that case + } + $originalUrl = ''; + if(isset($params['redirect_url'])) { + $originalUrl = $urlGenerator->getAbsoluteURL($params['redirect_url']); + } + + $csrfToken = \OC::$server->getCsrfTokenManager()->getToken(); + $targetUrl = $urlGenerator->linkToRouteAbsolute( + 'user_saml.SAML.login', + [ + 'requesttoken' => $csrfToken->getEncryptedValue(), + 'originalUrl' => $originalUrl, + 'idp' => 1, + ] + ); + header('Location: '.$targetUrl); + exit(); +} diff --git a/docker/nextcloud/user_saml/appinfo/info.xml b/docker/nextcloud/user_saml/appinfo/info.xml new file mode 100755 index 0000000..2b3d294 --- /dev/null +++ b/docker/nextcloud/user_saml/appinfo/info.xml @@ -0,0 +1,45 @@ + + + user_saml + SSO & SAML authentication + Authenticate using single sign-on + + 4.1.0 + agpl + Lukas Reschke + User_SAML + + + + + https://portal.nextcloud.com/article/configuring-single-sign-on-10.html + + integration + https://github.com/nextcloud/user_saml + https://github.com/nextcloud/user_saml/issues + https://github.com/nextcloud/user_saml.git + https://raw.githubusercontent.com/nextcloud/user_saml/master/screenshots/1.png + https://raw.githubusercontent.com/nextcloud/user_saml/master/screenshots/2.png + + + + + OCA\User_SAML\Command\GetMetadata + + + OCA\User_SAML\Settings\Admin + OCA\User_SAML\Settings\Section + + diff --git a/docker/nextcloud/user_saml/appinfo/routes.php b/docker/nextcloud/user_saml/appinfo/routes.php new file mode 100755 index 0000000..63e5ca9 --- /dev/null +++ b/docker/nextcloud/user_saml/appinfo/routes.php @@ -0,0 +1,94 @@ + + * + * @license GNU AGPL version 3 or any later version + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + * + */ + +namespace OCA\User_SAML\AppInfo; + +return [ + 'routes' => [ + [ + 'name' => 'SAML#login', + 'url' => '/saml/login', + 'verb' => 'GET', + ], + [ + 'name' => 'SAML#base', + 'url' => '/saml', + 'verb' => 'GET', + ], + [ + 'name' => 'SAML#getMetadata', + 'url' => '/saml/metadata', + 'verb' => 'GET', + ], + [ + 'name' => 'SAML#assertionConsumerService', + 'url' => '/saml/acs', + 'verb' => 'POST', + ], + [ + 'name' => 'SAML#singleLogoutService', + 'url' => '/saml/sls', + 'verb' => 'GET', + ], + [ + 'name' => 'SAML#singleLogoutService', + 'url' => '/saml/sls', + 'verb' => 'POST', + 'postfix' => 'slspost', + ], + [ + 'name' => 'SAML#notProvisioned', + 'url' => '/saml/notProvisioned', + 'verb' => 'GET', + ], + [ + 'name' => 'SAML#genericError', + 'url' => '/saml/error', + 'verb' => 'GET', + ], + [ + 'name' => 'SAML#selectUserBackEnd', + 'url' => '/saml/selectUserBackEnd', + 'verb' => 'GET', + ], + [ + 'name' => 'Settings#getSamlProviderSettings', + 'url' => '/settings/providerSettings/{providerId}', + 'verb' => 'GET', + 'defaults' => [ + 'providerId' => '1' + ] + ], + [ + 'name' => 'Settings#deleteSamlProviderSettings', + 'url' => '/settings/providerSettings/{providerId}', + 'verb' => 'DELETE', + 'defaults' => [ + 'providerId' => '1' + ] + ], + [ + 'name' => 'Timezone#setTimezone', + 'url' => '/config/timezone', + 'verb' => 'POST', + ], + ], +]; diff --git a/docker/nextcloud/user_saml/css/admin.css b/docker/nextcloud/user_saml/css/admin.css new file mode 100755 index 0000000..f0ca800 --- /dev/null +++ b/docker/nextcloud/user_saml/css/admin.css @@ -0,0 +1,60 @@ +#user-saml input[type="text"],textarea { + max-width: 600px; + width: 100%; +} + +#user-saml input[type="checkbox"] { + vertical-align:middle; + cursor: pointer; +} + +#user-saml h3 .icon-delete { + display: inline-block; + padding: 5px; + margin-bottom: -6px; +} + +#user-saml h4 { + font-size: 14px; + font-weight: 300; + margin: 12px 0; +} + +#user-saml-settings > div { + margin-bottom: 10px; +} + +.indent { + padding-left: 14px; +} + +#user-saml-settings .toggle { + clear: both; + padding: 7px 0; + cursor: pointer; + opacity: .5; +} + +#user-saml .account-list { + margin: 10px 0 10px 0; + overflow:hidden; + padding: 10px 0 10px 0; +} +#user-saml .account-list li { + float: left; +} + +#user-saml .account-list li a:not(.button) { + padding: 7px; +} +#user-saml .account-list li a.button { + margin-left: 20px; +} +#user-saml .account-list li.active a { + border-bottom: 1px solid #333; + font-weight: bold; +} + +#user-saml-reset-settings { + float: right; +} diff --git a/docker/nextcloud/user_saml/css/personal.css b/docker/nextcloud/user_saml/css/personal.css new file mode 100755 index 0000000..7495c58 --- /dev/null +++ b/docker/nextcloud/user_saml/css/personal.css @@ -0,0 +1,30 @@ +#user-saml-apppasswords table { + width: 100%; + min-height: 150px; + padding-top: 25px; +} +#user-saml-appasswords table th { + font-weight: 800; +} +#user-saml-apppasswords table th, +#user-saml-apppasswords table td { + padding: 10px; +} + +#user-saml-apppasswords .token-list td { + border-top: 1px solid #DDD; + text-overflow: ellipsis; + max-width: 200px; + white-space: nowrap; + overflow: hidden; +} +#user-saml-apppasswords .token-list td a.icon-delete { + display: block; + opacity: 0.6; +} + +#user-saml-new-app-password { + width: 186px; + font-family: monospace; + background-color: lightyellow; +} diff --git a/docker/nextcloud/user_saml/css/selectUserBackEnd.css b/docker/nextcloud/user_saml/css/selectUserBackEnd.css new file mode 100755 index 0000000..542a4ed --- /dev/null +++ b/docker/nextcloud/user_saml/css/selectUserBackEnd.css @@ -0,0 +1,38 @@ +#saml-select-user-back-end { + color: var(--color-primary-text); +} + +#saml-select-user-back-end #av_mode{ + height: auto; +} + +#saml-select-user-back-end h1 { + font-size: 16px; + padding: 20px 0; +} + +.login-option { + background-color: var(--color-primary); + border: 1px solid var(--color-primary-text); + font-weight: 600; + height: 40px; + + margin: 15px 0; + min-width: 269px; + border-radius: 3px; + font-size: 20px; +} + +.login-option a { + display:inline-block; + width:100%; + line-height:40px; + color: var(--color-primary-text); + cursor: pointer; +} + +.login-option .icon-confirm-white { + float: right; + line-height: 40px; +} + diff --git a/docker/nextcloud/user_saml/img/app-dark.svg b/docker/nextcloud/user_saml/img/app-dark.svg new file mode 100755 index 0000000..6bd2478 --- /dev/null +++ b/docker/nextcloud/user_saml/img/app-dark.svg @@ -0,0 +1,4 @@ + + + + diff --git a/docker/nextcloud/user_saml/img/app.svg b/docker/nextcloud/user_saml/img/app.svg new file mode 100755 index 0000000..15bc9e6 --- /dev/null +++ b/docker/nextcloud/user_saml/img/app.svg @@ -0,0 +1,4 @@ + + + + diff --git a/docker/nextcloud/user_saml/js/admin.js b/docker/nextcloud/user_saml/js/admin.js new file mode 100755 index 0000000..71301fc --- /dev/null +++ b/docker/nextcloud/user_saml/js/admin.js @@ -0,0 +1,411 @@ +(function(OCA) { + OCA.User_SAML = OCA.User_SAML || {}; + + /** + * @namespace OCA.User_SAML.Admin + */ + OCA.User_SAML.Admin = { + currentConfig: '1', + providerIds: '1', + + _getAppConfig: function (key) { + return $.ajax({ + type: 'GET', + url: OC.linkToOCS('apps/provisioning_api/api/v1', 2) + 'config/apps' + '/user_saml/' + key + '?format=json' + }); + }, + init: function(callback) { + this._getAppConfig('providerIds').done(function (data){ + if (data.ocs.data.data !== '') { + OCA.User_SAML.Admin.providerIds = data.ocs.data.data; + OCA.User_SAML.Admin.currentConfig = OCA.User_SAML.Admin.providerIds.split(',').sort()[0]; + } + callback(); + }); + }, + chooseEnv: function() { + if (OC.PasswordConfirmation.requiresPasswordConfirmation()) { + OC.PasswordConfirmation.requirePasswordConfirmation(_.bind(this.chooseEnv, this)); + return; + } + + OCP.AppConfig.setValue('user_saml', 'type', 'environment-variable', {success: function() {location.reload();}}); + }, + + chooseSaml: function() { + if (OC.PasswordConfirmation.requiresPasswordConfirmation()) { + OC.PasswordConfirmation.requirePasswordConfirmation(_.bind(this.chooseSaml, this)); + return; + } + + OCP.AppConfig.setValue('user_saml', 'type', 'saml', {success: function() {location.reload();}}); + }, + + resetSettings: function() { + if (OC.PasswordConfirmation.requiresPasswordConfirmation()) { + OC.PasswordConfirmation.requirePasswordConfirmation(_.bind(this.resetSettings, this)); + return; + } + + OCP.AppConfig.setValue('user_saml', 'type', '', {success: function() {location.reload();}}); + }, + + + getConfigIdentifier: function() { + if (this.currentConfig === '1') { + return ''; + } + return this.currentConfig + '-'; + }, + + /** + * Add a new provider + * @returns {number} id of the provider + */ + addProvider: function(callback) { + var providerIds = OCA.User_SAML.Admin.providerIds.split(','); + var nextId = 1; + if (providerIds.indexOf('1') >= 0) { + nextId = 2; + while ($.inArray('' + nextId, providerIds) >= 0) { + nextId++; + } + } + OCP.AppConfig.setValue('user_saml', 'providerIds', OCA.User_SAML.Admin.providerIds + ',' + nextId, { + success: function () { + OCA.User_SAML.Admin.providerIds += ',' + nextId; + callback(nextId) + } + }); + }, + + removeProvider: function(callback) { + var providerIds = OCA.User_SAML.Admin.providerIds.split(','); + if (providerIds.length > 1) { + var index = providerIds.indexOf(this.currentConfig); + if (index > -1) { + providerIds.splice(index, 1); + } + var config = this.currentConfig; + $.ajax({ url: OC.generateUrl('/apps/user_saml/settings/providerSettings/' + this.currentConfig), type: 'DELETE'}) + .done(function(data) { + OCP.AppConfig.setValue('user_saml', 'providerIds', providerIds.join(','), { + success: function () { + OCA.User_SAML.Admin.providerIds = providerIds.join(','); + callback(config); + } + }); + }); + + } + }, + + setSamlConfigValue: function(category, setting, value, global) { + if (OC.PasswordConfirmation.requiresPasswordConfirmation()) { + OC.PasswordConfirmation.requirePasswordConfirmation(_.bind(this.setSamlConfigValue, this, category, setting, value)); + return; + } + // store global config flags without idp prefix + var configIdentifier = this.getConfigIdentifier(); + if (global === true) { + configIdentifier = ''; + } + OC.msg.startSaving('#user-saml-save-indicator'); + OCP.AppConfig.setValue('user_saml', configIdentifier + category + '-' + setting, value.trim()); + OC.msg.finishedSaving('#user-saml-save-indicator', {status: 'success', data: {message: t('user_saml', 'Saved')}}); + } + } +})(OCA); + +$(function() { + + var type = $('#user-saml').data('type'); + + OCA.User_SAML.Admin.init(function() { + $('.account-list li[data-id="' + OCA.User_SAML.Admin.currentConfig + '"]').addClass('active'); + if (OCA.User_SAML.Admin.providerIds.split(',').length <= 1) { + $('[data-js="remove-idp"]').addClass('hidden'); + } + // Hide depending on the setup state + if(type !== 'environment-variable' && type !== 'saml') { + $('#user-saml-choose-type').removeClass('hidden'); + } else { + $('#user-saml-global').removeClass('hidden'); + $('#user-saml-warning-admin-user').removeClass('hidden'); + $('#user-saml-settings').removeClass('hidden'); + } + if(type === 'environment-variable') { + // we need the settings div to be visible for require_providioned_account + $('#user-saml-settings div').addClass('hidden'); + $('#user-saml-settings .button').addClass('hidden'); + $('#user-saml-general').removeClass('hidden'); + } + if (type === 'saml') { + $('#user-saml .account-list').removeClass('hidden'); + $('#user-saml-general').removeClass('hidden'); + } + + if($('#user-saml-general-require_provisioned_account').val() === '0' && type !== '') { + $('#user-saml-attribute-mapping').removeClass('hidden'); + } else { + $('#user-saml-attribute-mapping').addClass('hidden'); + } + }); + + $('#user-saml-choose-saml').click(function(e) { + e.preventDefault(); + if(type === '') { + OCA.User_SAML.Admin.chooseSaml(); + } + }); + $('#user-saml-choose-env').click(function(e) { + e.preventDefault(); + if(type === '') { + OCA.User_SAML.Admin.chooseEnv(); + } + }); + + $('#user-saml-reset-settings').click(function(e) { + e.preventDefault(); + OCA.User_SAML.Admin.resetSettings(); + }); + + var switchProvider = function(providerId) { + $('.account-list li').removeClass('active'); + $('.account-list li[data-id="' + providerId + '"]').addClass('active'); + OCA.User_SAML.Admin.currentConfig = '' + providerId; + $.get(OC.generateUrl('/apps/user_saml/settings/providerSettings/' + providerId)).done(function(data) { + Object.keys(data).forEach(function(category, index){ + var entries = data[category]; + Object.keys(entries).forEach(function (configKey) { + var element = $('#user-saml-settings *[data-key="' + configKey + '"]'); + if ($('#user-saml-settings #user-saml-' + category + ' #user-saml-' + configKey).length) { + element = $('#user-saml-' + category + ' #user-saml-' + configKey); + } + if ($('#user-saml-settings #user-saml-' + category + ' [name="' + configKey + '"]').length) { + element = $('#user-saml-' + category + ' [name="' + configKey + '"]'); + } + if(element.is('input') && element.prop('type') === 'text') { + element.val(entries[configKey]) + } + else if(element.is('textarea')) { + element.val(entries[configKey]); + } + else if(element.prop('type') === 'checkbox') { + var value = entries[configKey] === '1' ? '1' : '0'; + element.val(value); + } else { + console.log('unable to find element for ' + configKey); + } + }); + }); + $('input:checkbox[value="1"]').attr('checked', true); + $('input:checkbox[value="0"]').attr('checked', false); + var xmlDownloadButton = $('#get-metadata'); + var url = xmlDownloadButton.data('base') + '?idp=' + providerId; + xmlDownloadButton.attr('href', url); + }); + }; + + $('.account-list').on('click', 'li:not(.add-provider):not(.remove-provider)', function() { + var providerId = '' + $(this).data('id'); + switchProvider(providerId); + }); + + $('.account-list .add-provider').on('click', function() { + OCA.User_SAML.Admin.addProvider(function (nextId) { + $('
  • ' + t('user_saml', 'Provider') + ' ' + nextId + '
    • ').insertBefore('.account-list .remove-provider'); + switchProvider(nextId); + $('[data-js="remove-idp"]').removeClass('hidden'); + }); + }); + + $('[data-js="remove-idp"]').on('click', function() { + OCA.User_SAML.Admin.removeProvider(function(currentConfig) { + $('.account-list li[data-id="' + currentConfig + '"]').remove(); + switchProvider(OCA.User_SAML.Admin.providerIds.split(',')[0]); + if (OCA.User_SAML.Admin.providerIds.split(',').length <= 1) { + $('[data-js="remove-idp"]').addClass('hidden'); + } + }); + }); + + // Enable tabs + $('input:checkbox[value="1"]').attr('checked', true); + + $('#user-saml-sp input[type="text"], #user-saml-sp textarea').change(function(e) { + var el = $(this); + $.when(el.focusout()).then(function() { + var key = $(this).attr('name'); + OCA.User_SAML.Admin.setSamlConfigValue('sp', key, $(this).val()); + }); + if (e.keyCode === 13) { + var key = $(this).attr('name'); + OCA.User_SAML.Admin.setSamlConfigValue('sp', key, $(this).val()); + } + }); + $('#user-saml-sp select').change(function(e) { + var key = $(this).attr('name'); + OCA.User_SAML.Admin.setSamlConfigValue('sp', key, $(this).val()); + }); + + $('#user-saml-idp input[type="text"], #user-saml-idp textarea').change(function(e) { + var el = $(this); + $.when(el.focusout()).then(function() { + var key = $(this).attr('name'); + OCA.User_SAML.Admin.setSamlConfigValue('idp', key, $(this).val()); + }); + if (e.keyCode === 13) { + var key = $(this).attr('name'); + OCA.User_SAML.Admin.setSamlConfigValue('idp', key, $(this).val()); + } + }); + + $('#user-saml-general input[type="text"], #user-saml-general textarea').change(function(e) { + var el = $(this); + $.when(el.focusout()).then(function() { + var key = $(this).attr('name'); + OCA.User_SAML.Admin.setSamlConfigValue('general', key, $(this).val()); + }); + if (e.keyCode === 13) { + var key = $(this).attr('name'); + OCA.User_SAML.Admin.setSamlConfigValue('general', key, $(this).val()); + } + if(el.data('key') === 'idp0_display_name') { + if ($(this).val() !== '') { + $('.account-list li[data-id=' + OCA.User_SAML.Admin.currentConfig + '] a').text($(this).val()) + } else { + $('.account-list li[data-id=' + OCA.User_SAML.Admin.currentConfig + '] a').text(t('user_saml', 'Provider') + ' ' + OCA.User_SAML.Admin.currentConfig); + } + } + }); + + $('#user-saml-global input[type="checkbox"]').change(function(e) { + var el = $(this); + $.when(el.focusout()).then(function() { + var key = $(this).attr('name'); + if($(this).val() === "0") { + $(this).val("1"); + } else { + $(this).val("0"); + } + if(key === 'require_provisioned_account') { + $('#user-saml-attribute-mapping').toggleClass('hidden'); + } + OCA.User_SAML.Admin.setSamlConfigValue('general', key, $(this).val(), true); + }); + }); + + $('#user-saml-general input[type="checkbox"]').change(function(e) { + var el = $(this); + $.when(el.focusout()).then(function() { + var key = $(this).attr('name'); + if($(this).val() === "0") { + $(this).val("1"); + } else { + $(this).val("0"); + } + OCA.User_SAML.Admin.setSamlConfigValue('general', key, $(this).val()); + }); + }); + + $('#user-saml-security input[type="checkbox"]').change(function(e) { + var el = $(this); + $.when(el.focusout()).then(function() { + var key = $(this).attr('name'); + if($(this).val() === "0") { + $(this).val("1"); + } else { + $(this).val("0"); + } + OCA.User_SAML.Admin.setSamlConfigValue('security', key, $(this).val()); + }); + }); + + $('#user-saml-security input[type="text"], #user-saml-security textarea').change(function(e) { + var el = $(this); + $.when(el.focusout()).then(function() { + var key = $(this).attr('name'); + OCA.User_SAML.Admin.setSamlConfigValue('security', key, $(this).val()); + }); + if (e.keyCode === 13) { + var key = $(this).attr('name'); + OCA.User_SAML.Admin.setSamlConfigValue('security', key, $(this).val()); + } + }); + + $('#user-saml-attribute-mapping input[type="text"], #user-saml-attribute-mapping textarea').change(function(e) { + var el = $(this); + $.when(el.focusout()).then(function() { + var key = $(this).attr('name'); + OCA.User_SAML.Admin.setSamlConfigValue('saml-attribute-mapping', key, $(this).val()); + }); + if (e.keyCode === 13) { + var key = $(this).attr('name'); + OCA.User_SAML.Admin.setSamlConfigValue('saml-attribute-mapping', key, $(this).val()); + } + }); + + $('#user-saml').change(function() { + if(type === 'saml') { + // Checks on each request whether the settings make sense or not + $.ajax({ + url: OC.generateUrl('/apps/user_saml/saml/metadata'), + data: { idp: OCA.User_SAML.Admin.getConfigIdentifier() }, + type: 'GET' + }).fail(function (e) { + if (e.status === 500) { + $('#user-saml-settings-complete').addClass('hidden'); + $('#user-saml-settings-incomplete').removeClass('hidden'); + } + }).success(function (e) { + $('#user-saml-settings-complete').removeClass('hidden'); + $('#user-saml-settings-incomplete').addClass('hidden'); + }) + } + }); + + $('#user-saml-settings .toggle').on('click', function() { + var el = $(this), + nextSibling = el.parent().next(), + parentSettingId = el.closest('div').attr('id'), + text = ''; + switch(parentSettingId) { + case 'user-saml-security': + if (nextSibling.hasClass('hidden')) { + text = 'Hide security settings ...'; + } else { + text = 'Show security settings ...'; + } + break; + case 'user-saml-idp': + if (nextSibling.hasClass('hidden')) { + text = 'Hide optional Identity Provider settings ...'; + } else { + text = 'Show optional Identity Provider settings ...'; + } + break; + case 'user-saml-sp': + if (nextSibling.hasClass('hidden')) { + text = 'Hide Service Provider settings ...'; + } else { + text = 'Show Service Provider settings ...'; + } + break; + case 'user-saml-attribute-mapping': + if (nextSibling.hasClass('hidden')) { + text = 'Hide attribute mapping settings ...'; + } else { + text = 'Show attribute mapping settings ...'; + } + break; + } + el.html(t('user_saml', text)); + + if (nextSibling.is(":visible")) { + nextSibling.slideUp(); + } else { + nextSibling.slideDown(); + } + }); +}); diff --git a/docker/nextcloud/user_saml/js/selectUserBackEnd.js b/docker/nextcloud/user_saml/js/selectUserBackEnd.js new file mode 100755 index 0000000..ca6596a --- /dev/null +++ b/docker/nextcloud/user_saml/js/selectUserBackEnd.js @@ -0,0 +1,10 @@ +$(window).load(function() { + + $(".login-chose-saml-idp").change(function() { + var target = $(this).val(); + if (target !== '') { + window.location.href = target; + } + }); + +}); diff --git a/docker/nextcloud/user_saml/js/timezone.js b/docker/nextcloud/user_saml/js/timezone.js new file mode 100755 index 0000000..e48e622 --- /dev/null +++ b/docker/nextcloud/user_saml/js/timezone.js @@ -0,0 +1,39 @@ +/* global $, jstz, OC */ + +/* + * @copyright 2019 Christoph Wurst + * + * @author 2019 Christoph Wurst + * + * @license GNU AGPL version 3 or any later version + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ + +console.debug('updating timezone and offset for SAML user') + +$.ajax({ + type: 'POST', + url: OC.generateUrl('/apps/user_saml/config/timezone'), + data: { + timezone: jstz.determine().name(), + timezoneOffset: (-new Date().getTimezoneOffset() / 60) + }, + error: function(e) { + console.error('could not set timezone and offset for SAML user', e) + }, + success: function() { + console.info('timezone and offset udpated for SAML user') + } +}) diff --git a/docker/nextcloud/user_saml/l10n/.gitkeep b/docker/nextcloud/user_saml/l10n/.gitkeep new file mode 100755 index 0000000..e69de29 diff --git a/docker/nextcloud/user_saml/l10n/af.js b/docker/nextcloud/user_saml/l10n/af.js new file mode 100755 index 0000000..0a47297 --- /dev/null +++ b/docker/nextcloud/user_saml/l10n/af.js @@ -0,0 +1,22 @@ +OC.L10N.register( + "user_saml", + { + "Saved" : "Bewaar", + "Provider" : "Verskaffer", + "Provider " : "Verskaffer", + "Private key of the Service Provider" : "Privaatsleutel van die Diensverskaffer", + "Open documentation" : "Open dokumentasie", + "Remove identity provider" : "Verwyder identiteitsverskaffer", + "Add identity provider" : "Voeg identiteitsverskaffer toe", + "General" : "Algemeen", + "Service Provider Data" : "Diensverskafferdata", + "Identity Provider Data" : "Identiteitsverskafferdata", + "Security settings" : "Sekuriteitsinstellings", + "Signatures and encryption offered" : "Handtekeninge en enkripsie gebied", + "Signatures and encryption required" : "Handtekeninge en enkripsie vereis", + "Download metadata XML" : "Laai metadata XML af", + "Metadata invalid" : "Metadata ongeldig", + "Metadata valid" : "Metadata geldig", + "Error" : "Fout" +}, +"nplurals=2; plural=(n != 1);"); diff --git a/docker/nextcloud/user_saml/l10n/af.json b/docker/nextcloud/user_saml/l10n/af.json new file mode 100755 index 0000000..a7e07c1 --- /dev/null +++ b/docker/nextcloud/user_saml/l10n/af.json @@ -0,0 +1,20 @@ +{ "translations": { + "Saved" : "Bewaar", + "Provider" : "Verskaffer", + "Provider " : "Verskaffer", + "Private key of the Service Provider" : "Privaatsleutel van die Diensverskaffer", + "Open documentation" : "Open dokumentasie", + "Remove identity provider" : "Verwyder identiteitsverskaffer", + "Add identity provider" : "Voeg identiteitsverskaffer toe", + "General" : "Algemeen", + "Service Provider Data" : "Diensverskafferdata", + "Identity Provider Data" : "Identiteitsverskafferdata", + "Security settings" : "Sekuriteitsinstellings", + "Signatures and encryption offered" : "Handtekeninge en enkripsie gebied", + "Signatures and encryption required" : "Handtekeninge en enkripsie vereis", + "Download metadata XML" : "Laai metadata XML af", + "Metadata invalid" : "Metadata ongeldig", + "Metadata valid" : "Metadata geldig", + "Error" : "Fout" +},"pluralForm" :"nplurals=2; plural=(n != 1);" +} \ No newline at end of file diff --git a/docker/nextcloud/user_saml/l10n/ar.js b/docker/nextcloud/user_saml/l10n/ar.js new file mode 100755 index 0000000..5cec2e3 --- /dev/null +++ b/docker/nextcloud/user_saml/l10n/ar.js @@ -0,0 +1,18 @@ +OC.L10N.register( + "user_saml", + { + "Saved" : "تم الإحتفاظ به", + "Provider" : "المزوّد", + "Provider " : "المزوّد", + "Private key of the Service Provider" : "المفتاح الشخصي لموفر الخدمة", + "Email address" : "عنوان البريد الإلكتروني", + "SSO & SAML authentication" : "المصادقة عبر SSO و SAML", + "Open documentation" : "فتح الدليل", + "Global settings" : "الإعدادات العامة", + "General" : "العامة", + "Identity Provider Data" : "مُزوِّد بيانات الهوية", + "Security settings" : "الإعدادات الأمنية", + "Show security settings…" : "إظهار إعدادات الأمان …", + "Error" : "خطأ" +}, +"nplurals=6; plural=n==0 ? 0 : n==1 ? 1 : n==2 ? 2 : n%100>=3 && n%100<=10 ? 3 : n%100>=11 && n%100<=99 ? 4 : 5;"); diff --git a/docker/nextcloud/user_saml/l10n/ar.json b/docker/nextcloud/user_saml/l10n/ar.json new file mode 100755 index 0000000..e95701f --- /dev/null +++ b/docker/nextcloud/user_saml/l10n/ar.json @@ -0,0 +1,16 @@ +{ "translations": { + "Saved" : "تم الإحتفاظ به", + "Provider" : "المزوّد", + "Provider " : "المزوّد", + "Private key of the Service Provider" : "المفتاح الشخصي لموفر الخدمة", + "Email address" : "عنوان البريد الإلكتروني", + "SSO & SAML authentication" : "المصادقة عبر SSO و SAML", + "Open documentation" : "فتح الدليل", + "Global settings" : "الإعدادات العامة", + "General" : "العامة", + "Identity Provider Data" : "مُزوِّد بيانات الهوية", + "Security settings" : "الإعدادات الأمنية", + "Show security settings…" : "إظهار إعدادات الأمان …", + "Error" : "خطأ" +},"pluralForm" :"nplurals=6; plural=n==0 ? 0 : n==1 ? 1 : n==2 ? 2 : n%100>=3 && n%100<=10 ? 3 : n%100>=11 && n%100<=99 ? 4 : 5;" +} \ No newline at end of file diff --git a/docker/nextcloud/user_saml/l10n/ast.js b/docker/nextcloud/user_saml/l10n/ast.js new file mode 100755 index 0000000..08da1d7 --- /dev/null +++ b/docker/nextcloud/user_saml/l10n/ast.js @@ -0,0 +1,23 @@ +OC.L10N.register( + "user_saml", + { + "Saved" : "Guardóse", + "X.509 certificate of the Service Provider" : "Certificáu X.509 del fornidor de servicios", + "Private key of the Service Provider" : "Clave privada del fornidor de servicios", + "Whether the metadata should be signed." : "Si los datos meta deberíen roblase.", + "SSO & SAML authentication" : "Autenticación SSO y SAML", + "Open documentation" : "Abrir documentación", + "Use built-in SAML authentication" : "Usar autenticación integrada SAML", + "Use environment variable" : "Usar variable d'entornu", + "General" : "Xeneral", + "Service Provider Data" : "Datos del fornidor de servicios", + "Identifier of the IdP entity (must be a URI)" : "Identificador de la entidá IdP (ha ser una URI)", + "Security settings" : "Axustes de seguranza", + "Signatures and encryption offered" : "Ufriéronse robles y cifráu", + "Signatures and encryption required" : "Ríquense robles y cifráu", + "Download metadata XML" : "Baxar XML de datos meta", + "Metadata invalid" : "Datos meta non válidos", + "Metadata valid" : "Datos meta válidos", + "Error" : "Fallu" +}, +"nplurals=2; plural=(n != 1);"); diff --git a/docker/nextcloud/user_saml/l10n/ast.json b/docker/nextcloud/user_saml/l10n/ast.json new file mode 100755 index 0000000..969ce01 --- /dev/null +++ b/docker/nextcloud/user_saml/l10n/ast.json @@ -0,0 +1,21 @@ +{ "translations": { + "Saved" : "Guardóse", + "X.509 certificate of the Service Provider" : "Certificáu X.509 del fornidor de servicios", + "Private key of the Service Provider" : "Clave privada del fornidor de servicios", + "Whether the metadata should be signed." : "Si los datos meta deberíen roblase.", + "SSO & SAML authentication" : "Autenticación SSO y SAML", + "Open documentation" : "Abrir documentación", + "Use built-in SAML authentication" : "Usar autenticación integrada SAML", + "Use environment variable" : "Usar variable d'entornu", + "General" : "Xeneral", + "Service Provider Data" : "Datos del fornidor de servicios", + "Identifier of the IdP entity (must be a URI)" : "Identificador de la entidá IdP (ha ser una URI)", + "Security settings" : "Axustes de seguranza", + "Signatures and encryption offered" : "Ufriéronse robles y cifráu", + "Signatures and encryption required" : "Ríquense robles y cifráu", + "Download metadata XML" : "Baxar XML de datos meta", + "Metadata invalid" : "Datos meta non válidos", + "Metadata valid" : "Datos meta válidos", + "Error" : "Fallu" +},"pluralForm" :"nplurals=2; plural=(n != 1);" +} \ No newline at end of file diff --git a/docker/nextcloud/user_saml/l10n/bg.js b/docker/nextcloud/user_saml/l10n/bg.js new file mode 100755 index 0000000..f27a9be --- /dev/null +++ b/docker/nextcloud/user_saml/l10n/bg.js @@ -0,0 +1,14 @@ +OC.L10N.register( + "user_saml", + { + "Saved" : "Запазено", + "Email address" : "Имейл адрес", + "SSO & SAML authentication" : "SSO и SAML удостоверяване", + "Open documentation" : "Отвори документацията", + "Use built-in SAML authentication" : "Ползвай вграденото SAML удостоверяване", + "General" : "Общи", + "Security settings" : "Настройки за сигурност", + "Reset settings" : "Нулиране на настройките", + "Error" : "Грешка" +}, +"nplurals=2; plural=(n != 1);"); diff --git a/docker/nextcloud/user_saml/l10n/bg.json b/docker/nextcloud/user_saml/l10n/bg.json new file mode 100755 index 0000000..98f24bd --- /dev/null +++ b/docker/nextcloud/user_saml/l10n/bg.json @@ -0,0 +1,12 @@ +{ "translations": { + "Saved" : "Запазено", + "Email address" : "Имейл адрес", + "SSO & SAML authentication" : "SSO и SAML удостоверяване", + "Open documentation" : "Отвори документацията", + "Use built-in SAML authentication" : "Ползвай вграденото SAML удостоверяване", + "General" : "Общи", + "Security settings" : "Настройки за сигурност", + "Reset settings" : "Нулиране на настройките", + "Error" : "Грешка" +},"pluralForm" :"nplurals=2; plural=(n != 1);" +} \ No newline at end of file diff --git a/docker/nextcloud/user_saml/l10n/ca.js b/docker/nextcloud/user_saml/l10n/ca.js new file mode 100755 index 0000000..03e4fe0 --- /dev/null +++ b/docker/nextcloud/user_saml/l10n/ca.js @@ -0,0 +1,88 @@ +OC.L10N.register( + "user_saml", + { + "This user account is disabled, please contact your administrator." : "Aquest compte d'usuari està inhabilitat, contacteu amb l'administrador.", + "Saved" : "Desat", + "Provider" : "Proveïdor", + "Unknown error, please check the log file for more details." : "Error desconegut, comprovar el fitxer de registre per a més detalls.", + "Direct log in" : "Entrada directa", + "SSO & SAML log in" : "Entrada SSO i SAML", + "This page should not be visited directly." : "No s' hauria de visitar directament aquesta plana.", + "Provider " : "Proveïdor ", + "X.509 certificate of the Service Provider" : "X.509 El certificat d'aquest servidor és invàlid", + "Private key of the Service Provider" : "Clau privada del proveïdor de serveis", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Indica que la identificació del nom de la enviada per aquest SP serà xifrada.", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Indica si es signaran els missatges enviats per aquest SP. [Les metadades del SP oferiran aquesta informació]", + "Indicates whether the messages sent by this SP will be signed." : "Indica si els signes enviats per aquest SP seran signats.", + "Indicates whether the messages sent by this SP will be signed." : "Indica si es signaran els missatges enviats per aquest SP.", + "Whether the metadata should be signed." : "S’han de signar les metadades.", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Indica un requisit per a la signatura de la , i elements rebuts per aquest SP.", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Indica un requisit per a la signatura dels elements rebuts per aquest SP. [Les metadades del SP oferiran aquesta informació]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Indica un requisit perquè els elements rebuts per aquest SP es codifiquin.", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : " Indica un requisit per a l'element NameID de la resposta SAML rebuda per aquest SP per estar present.", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Indica un requisit perquè l'encriptació de nom d'aquest SP sigui xifrada.", + "Indicates if the SP will validate all received XML." : "Indica si el SP validarà tots els XML rebuts.", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS URL: codifica les dades SAML com a minúscules, i el kit d'eines per defecte usa majúscules. Activa la compatibilitat ADFS sobre la verificació de la signatura.", + "Algorithm that the toolkit will use on signing process." : "Algorisme que s'emprarà en el procés de signatura.", + "Attribute to map the UID to." : "Atribut per assignar un UID a.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Només permetre l'autenticació si hi ha un compte en un altre suport. (p. ex., LDAP)", + "Attribute to map the displayname to." : "Atribut per assignar el nom de la pantalla a.", + "Attribute to map the email address to." : "Atribut per assignar l'adreça de correu electrònic a.", + "Attribute to map the quota to." : "Atribut per mapejar la quota.", + "Attribute to map the users groups to." : "Atribut per mapejar els grups d'usuaris.", + "Attribute to map the users home to." : "Atribut per ubicar al mapa la casa dels usuaris.", + "Email address" : "Adreça de correu electrònic", + "Encrypted" : "Xifrat", + "Entity" : "Entitat", + "Kerberos" : "Kerberos", + "Persistent" : "Persistent", + "Transient" : "Transitori", + "Unspecified" : "No especificat", + "Windows domain qualified name" : "Nom qualificat del domini de Windows (FQDN)", + "X509 subject name" : "Nom X509 del subjecte", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Utilitzeu l'autenticació SAML per als clients %s (requereix una autenticació de l'usuari)", + "Optional display name of the identity provider (default: \"SSO & SAML log in\")" : "Nom de visualització opcional del proveïdor d'identitat (per defecte: “Entrada SSO i SAML\")", + "Allow the use of multiple user back-ends (e.g. LDAP)" : "Permetre l'ús de múltiples bases d'usuaris (p. ex. LDAP)", + "SSO & SAML authentication" : "Autenticació SSO & SAML", + "Authenticate using single sign-on" : "Autenticar mitjançant inici únic de sessió", + "Using the SSO & SAML app of your Nextcloud you can make it easily possible to integrate your existing Single-Sign-On solution with Nextcloud. In addition, you can use the Nextcloud LDAP user provider to keep the convenience for users. (e.g. when sharing)\nThe following providers are supported and tested at the moment:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Authentication via Environment Variable**\n\t* Kerberos (mod_auth_kerb)\n\t* Any other provider that authenticates using the environment variable\n\nWhile theoretically any other authentication provider implementing either one of those standards is compatible, we like to note that they are not part of any internal test matrix." : "Utilitzant l’app d'SSO i SAML del teu Nextcloud pots fer fàcilment possible integrar la seva solució existent d’inici únic de sessió amb Nextcloud. A més, pots utilitzar el proveïdor d'usuaris LDAP de Nextcloud per la comoditat dels usuaris. (p. ex. en compartir)\nEls proveïdors següents es dóna suport i provats actualment:\n\n * **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation serveis (ADFS)\n\n* **Autenticació mitjançant variable d’entorn**\n\t* Kerberos (mod_auth_kerb)\n\t* Qualsevol altre proveïdor que autentiqui amb una variable d'entorn\n\nMentre que teòricament qualsevol altre proveïdor d'autenticació que implementi alguna d'aquestes normes és compatible, voldríem comentar que no formen part de cap banc de proves intern.", + "Open documentation" : "Obre la documentació", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you enabled \"%s\" or you go directly to the URL %s." : "Assegureu-vos de configurar un usuari administratiu que pugui accedir a la instància via SSO. Doncs ja no serà possible accedir amb el vostre compte regular %s , a menys que activeu \"%s\" o aneu directament a l'URL %s.", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you go directly to the URL %s." : "Assegureu-vos de configurar un usuari administratiu que pugui accedir a la instància via SSO. Doncs ja no serà possible accedir amb el vostre compte regular %s , a menys que aneu directament a l'URL %s.", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Trieu si voleu autenticar amb el proveïdor de SAML incorporat a Nextcloud o si voleu autenticar-se amb una variable d'entorn.", + "Use built-in SAML authentication" : "Utilitzeu l'autenticació SAML integrada", + "Use environment variable" : "Utilitza la variable d'entorn", + "Global settings" : "Paràmetres globals", + "Remove identity provider" : "Treure proveïdor d'identitat", + "Add identity provider" : "Afegir proveïdor d'identitat", + "General" : "General", + "Service Provider Data" : "Dades del proveïdor de serveis", + "If your Service Provider should use certificates you can optionally specify them here." : "Si el vostre proveïdor de serveis ha d'utilitzar certificats, podeu especificar-los aquí.", + "Show Service Provider settings…" : "Dades del proveïdor de serveis…", + "Name ID format" : "Format del nom ID", + "Identity Provider Data" : "Dades del proveïdor de serveis", + "Configure your IdP settings here." : "Configureu aquí la configuració d'IdP.", + "Identifier of the IdP entity (must be a URI)" : "Identificador de l'entitat IdP (ha de ser un URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "Orientació URL de l'IdP on SP enviarà el missatge de sol·licitud d'autenticació", + "Show optional Identity Provider settings…" : "Dades del proveïdor de serveis…", + "URL Location of the IdP where the SP will send the SLO Request" : "Ubicació URL de l'IdP on SP enviarà la sol·licitud SLO", + "Public X.509 certificate of the IdP" : "Certificat públic X.509 de l'IdP", + "Attribute mapping" : "Mapatge d’atributs", + "If you want to optionally map attributes to the user you can configure these here." : "Si voleu assignar atributs a l'usuari opcionalment, podeu configurar-los aquí.", + "Show attribute mapping settings…" : "Mostra la configuració del mapa d'atributs…", + "Security settings" : "Paràmetres de seguretat", + "For increased security we recommend enabling the following settings if supported by your environment." : "Per a una major seguretat, us recomanem que activeu la configuració següent si l'accepta el vostre entorn.", + "Show security settings…" : "Mostra els paràmetres de seguretat…", + "Signatures and encryption offered" : "Firmes i encriptació oferts", + "Signatures and encryption required" : "S'han de signar i xifrar", + "Download metadata XML" : "Descarrega metadades XML", + "Reset settings" : "Reinicialitza els paràmetres", + "Metadata invalid" : "Les metadades no són vàlides", + "Metadata valid" : "Les metadades vàlides", + "Error" : "Error", + "Account not provisioned." : "Compte no subministrat.", + "Your account is not provisioned, access to this service is thus not possible." : "El vostre compte no està proveït, per tant, l'accés a aquest servei no és possible.", + "Login options:" : "Opcions d'inici de sessió:", + "Choose a authentication provider" : "Tria un proveïdor d'autenticació" +}, +"nplurals=2; plural=(n != 1);"); diff --git a/docker/nextcloud/user_saml/l10n/ca.json b/docker/nextcloud/user_saml/l10n/ca.json new file mode 100755 index 0000000..72dc8f7 --- /dev/null +++ b/docker/nextcloud/user_saml/l10n/ca.json @@ -0,0 +1,86 @@ +{ "translations": { + "This user account is disabled, please contact your administrator." : "Aquest compte d'usuari està inhabilitat, contacteu amb l'administrador.", + "Saved" : "Desat", + "Provider" : "Proveïdor", + "Unknown error, please check the log file for more details." : "Error desconegut, comprovar el fitxer de registre per a més detalls.", + "Direct log in" : "Entrada directa", + "SSO & SAML log in" : "Entrada SSO i SAML", + "This page should not be visited directly." : "No s' hauria de visitar directament aquesta plana.", + "Provider " : "Proveïdor ", + "X.509 certificate of the Service Provider" : "X.509 El certificat d'aquest servidor és invàlid", + "Private key of the Service Provider" : "Clau privada del proveïdor de serveis", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Indica que la identificació del nom de la enviada per aquest SP serà xifrada.", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Indica si es signaran els missatges enviats per aquest SP. [Les metadades del SP oferiran aquesta informació]", + "Indicates whether the messages sent by this SP will be signed." : "Indica si els signes enviats per aquest SP seran signats.", + "Indicates whether the messages sent by this SP will be signed." : "Indica si es signaran els missatges enviats per aquest SP.", + "Whether the metadata should be signed." : "S’han de signar les metadades.", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Indica un requisit per a la signatura de la , i elements rebuts per aquest SP.", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Indica un requisit per a la signatura dels elements rebuts per aquest SP. [Les metadades del SP oferiran aquesta informació]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Indica un requisit perquè els elements rebuts per aquest SP es codifiquin.", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : " Indica un requisit per a l'element NameID de la resposta SAML rebuda per aquest SP per estar present.", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Indica un requisit perquè l'encriptació de nom d'aquest SP sigui xifrada.", + "Indicates if the SP will validate all received XML." : "Indica si el SP validarà tots els XML rebuts.", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS URL: codifica les dades SAML com a minúscules, i el kit d'eines per defecte usa majúscules. Activa la compatibilitat ADFS sobre la verificació de la signatura.", + "Algorithm that the toolkit will use on signing process." : "Algorisme que s'emprarà en el procés de signatura.", + "Attribute to map the UID to." : "Atribut per assignar un UID a.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Només permetre l'autenticació si hi ha un compte en un altre suport. (p. ex., LDAP)", + "Attribute to map the displayname to." : "Atribut per assignar el nom de la pantalla a.", + "Attribute to map the email address to." : "Atribut per assignar l'adreça de correu electrònic a.", + "Attribute to map the quota to." : "Atribut per mapejar la quota.", + "Attribute to map the users groups to." : "Atribut per mapejar els grups d'usuaris.", + "Attribute to map the users home to." : "Atribut per ubicar al mapa la casa dels usuaris.", + "Email address" : "Adreça de correu electrònic", + "Encrypted" : "Xifrat", + "Entity" : "Entitat", + "Kerberos" : "Kerberos", + "Persistent" : "Persistent", + "Transient" : "Transitori", + "Unspecified" : "No especificat", + "Windows domain qualified name" : "Nom qualificat del domini de Windows (FQDN)", + "X509 subject name" : "Nom X509 del subjecte", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Utilitzeu l'autenticació SAML per als clients %s (requereix una autenticació de l'usuari)", + "Optional display name of the identity provider (default: \"SSO & SAML log in\")" : "Nom de visualització opcional del proveïdor d'identitat (per defecte: “Entrada SSO i SAML\")", + "Allow the use of multiple user back-ends (e.g. LDAP)" : "Permetre l'ús de múltiples bases d'usuaris (p. ex. LDAP)", + "SSO & SAML authentication" : "Autenticació SSO & SAML", + "Authenticate using single sign-on" : "Autenticar mitjançant inici únic de sessió", + "Using the SSO & SAML app of your Nextcloud you can make it easily possible to integrate your existing Single-Sign-On solution with Nextcloud. In addition, you can use the Nextcloud LDAP user provider to keep the convenience for users. (e.g. when sharing)\nThe following providers are supported and tested at the moment:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Authentication via Environment Variable**\n\t* Kerberos (mod_auth_kerb)\n\t* Any other provider that authenticates using the environment variable\n\nWhile theoretically any other authentication provider implementing either one of those standards is compatible, we like to note that they are not part of any internal test matrix." : "Utilitzant l’app d'SSO i SAML del teu Nextcloud pots fer fàcilment possible integrar la seva solució existent d’inici únic de sessió amb Nextcloud. A més, pots utilitzar el proveïdor d'usuaris LDAP de Nextcloud per la comoditat dels usuaris. (p. ex. en compartir)\nEls proveïdors següents es dóna suport i provats actualment:\n\n * **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation serveis (ADFS)\n\n* **Autenticació mitjançant variable d’entorn**\n\t* Kerberos (mod_auth_kerb)\n\t* Qualsevol altre proveïdor que autentiqui amb una variable d'entorn\n\nMentre que teòricament qualsevol altre proveïdor d'autenticació que implementi alguna d'aquestes normes és compatible, voldríem comentar que no formen part de cap banc de proves intern.", + "Open documentation" : "Obre la documentació", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you enabled \"%s\" or you go directly to the URL %s." : "Assegureu-vos de configurar un usuari administratiu que pugui accedir a la instància via SSO. Doncs ja no serà possible accedir amb el vostre compte regular %s , a menys que activeu \"%s\" o aneu directament a l'URL %s.", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you go directly to the URL %s." : "Assegureu-vos de configurar un usuari administratiu que pugui accedir a la instància via SSO. Doncs ja no serà possible accedir amb el vostre compte regular %s , a menys que aneu directament a l'URL %s.", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Trieu si voleu autenticar amb el proveïdor de SAML incorporat a Nextcloud o si voleu autenticar-se amb una variable d'entorn.", + "Use built-in SAML authentication" : "Utilitzeu l'autenticació SAML integrada", + "Use environment variable" : "Utilitza la variable d'entorn", + "Global settings" : "Paràmetres globals", + "Remove identity provider" : "Treure proveïdor d'identitat", + "Add identity provider" : "Afegir proveïdor d'identitat", + "General" : "General", + "Service Provider Data" : "Dades del proveïdor de serveis", + "If your Service Provider should use certificates you can optionally specify them here." : "Si el vostre proveïdor de serveis ha d'utilitzar certificats, podeu especificar-los aquí.", + "Show Service Provider settings…" : "Dades del proveïdor de serveis…", + "Name ID format" : "Format del nom ID", + "Identity Provider Data" : "Dades del proveïdor de serveis", + "Configure your IdP settings here." : "Configureu aquí la configuració d'IdP.", + "Identifier of the IdP entity (must be a URI)" : "Identificador de l'entitat IdP (ha de ser un URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "Orientació URL de l'IdP on SP enviarà el missatge de sol·licitud d'autenticació", + "Show optional Identity Provider settings…" : "Dades del proveïdor de serveis…", + "URL Location of the IdP where the SP will send the SLO Request" : "Ubicació URL de l'IdP on SP enviarà la sol·licitud SLO", + "Public X.509 certificate of the IdP" : "Certificat públic X.509 de l'IdP", + "Attribute mapping" : "Mapatge d’atributs", + "If you want to optionally map attributes to the user you can configure these here." : "Si voleu assignar atributs a l'usuari opcionalment, podeu configurar-los aquí.", + "Show attribute mapping settings…" : "Mostra la configuració del mapa d'atributs…", + "Security settings" : "Paràmetres de seguretat", + "For increased security we recommend enabling the following settings if supported by your environment." : "Per a una major seguretat, us recomanem que activeu la configuració següent si l'accepta el vostre entorn.", + "Show security settings…" : "Mostra els paràmetres de seguretat…", + "Signatures and encryption offered" : "Firmes i encriptació oferts", + "Signatures and encryption required" : "S'han de signar i xifrar", + "Download metadata XML" : "Descarrega metadades XML", + "Reset settings" : "Reinicialitza els paràmetres", + "Metadata invalid" : "Les metadades no són vàlides", + "Metadata valid" : "Les metadades vàlides", + "Error" : "Error", + "Account not provisioned." : "Compte no subministrat.", + "Your account is not provisioned, access to this service is thus not possible." : "El vostre compte no està proveït, per tant, l'accés a aquest servei no és possible.", + "Login options:" : "Opcions d'inici de sessió:", + "Choose a authentication provider" : "Tria un proveïdor d'autenticació" +},"pluralForm" :"nplurals=2; plural=(n != 1);" +} \ No newline at end of file diff --git a/docker/nextcloud/user_saml/l10n/cs.js b/docker/nextcloud/user_saml/l10n/cs.js new file mode 100755 index 0000000..820862c --- /dev/null +++ b/docker/nextcloud/user_saml/l10n/cs.js @@ -0,0 +1,89 @@ +OC.L10N.register( + "user_saml", + { + "This user account is disabled, please contact your administrator." : "Tento uživatelský účet byl znepřístupněn, obraťte se na správce.", + "Saved" : "Uloženo", + "Provider" : "Poskytovatel", + "Unknown error, please check the log file for more details." : "Neznámá chyba, podrobnosti naleznete v záznamu událostí.", + "Direct log in" : "Přímé přihlášení", + "SSO & SAML log in" : "SSO a SAML přihlášení", + "This page should not be visited directly." : "Tato stránka by neměla být zobrazována přímo.", + "Provider " : "Poskytovatel", + "X.509 certificate of the Service Provider" : "X.509 certifikát poskytovatele služby", + "Private key of the Service Provider" : "Soukromý klíč poskytovatele služby", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Značí, že nameID odeslané tímto poskytovatelem služeb bude šifrováno.", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Indikuje, zda budou zprávy odeslané tímto SP podepsané. [Tato informace bude dostupná v metadatech SP]", + "Indicates whether the messages sent by this SP will be signed." : "Indikuje, zda budou zprávy odeslané tímto SP podepsané.", + "Indicates whether the messages sent by this SP will be signed." : "Indikuje, zda budou zprávy odeslané tímto SP podepsané.", + "Whether the metadata should be signed." : "Zda mají být metadata podepisována.", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Indikuje požadavek na podepsání elementů , a ve zprávách tímto SP.", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Indikuje požadavek na podepsání elementů přijaté tímto SP. [Tato informace bude dostupná v metadatech SP]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Indikuje požadavek na šifrování elementů přijaté tímto SP.", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : " Indikuje požadavek na přítomnost elementu NameID v SAMLResponse přijaté tímto SP.", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Indikuje požadavek poskytovatele služby na přijetí NameID v zašifrované podobě.", + "Indicates if the SP will validate all received XML." : "Indikuje, zda poskytovatel služeb ověří všechna přijatá XML.", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS URL kóduje SAML data malými písmeny, a toolkit používá ve výchozím nastavení velká písmena. Povolit pro ADFS kompatibilitu pro ověření podpisu.", + "Algorithm that the toolkit will use on signing process." : "Algoritmus který sada nástrojů použije při procesu podepisování.", + "Attribute to map the UID to." : "Atribut k přiřazení UID.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Přihlášení povolit pouze pokud účet už existuje i někde jinde. (např. LDAP)", + "Attribute to map the displayname to." : "Atribut, na který se má mapovat zobrazované jméno.", + "Attribute to map the email address to." : "Atribut, na který se má mapovat e-mailová adresa.", + "Attribute to map the quota to." : "Atribut, na který namapovat kvótu.", + "Attribute to map the users groups to." : "Atribut, na který namapovat uživatelovy skupiny.", + "Attribute to map the users home to." : "Atribut, na který namapovat uživatelovu domovskou složku.", + "Email address" : "E-mailová adresa", + "Encrypted" : "Šifrováno", + "Entity" : "Entita", + "Kerberos" : "Kerberos", + "Persistent" : "Trvalé", + "Transient" : "Přechodné", + "Unspecified" : "Neurčeno", + "Windows domain qualified name" : "Úplný název domény Windows", + "X509 subject name" : "Název subjektu pro X509", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Použít SAML pro %s desktopové klienty (vyžaduje, aby se uživatele znovu přihlásil)", + "Optional display name of the identity provider (default: \"SSO & SAML log in\")" : "Volitelný zobrazovaný název poskytovatele identity (výchozí: „SSO a SAML přihlášení“)", + "Allow the use of multiple user back-ends (e.g. LDAP)" : "Povolit použití vícero podpůrných vrstev pro uživatelské účty (např. LDAP)", + "SSO & SAML authentication" : "SSO a SAML ověření", + "Authenticate using single sign-on" : "Ověřit pomocí sjednoceného přihlášení (sso)", + "Using the SSO & SAML app of your Nextcloud you can make it easily possible to integrate your existing Single-Sign-On solution with Nextcloud. In addition, you can use the Nextcloud LDAP user provider to keep the convenience for users. (e.g. when sharing)\nThe following providers are supported and tested at the moment:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Authentication via Environment Variable**\n\t* Kerberos (mod_auth_kerb)\n\t* Any other provider that authenticates using the environment variable\n\nWhile theoretically any other authentication provider implementing either one of those standards is compatible, we like to note that they are not part of any internal test matrix." : "Použitím SSO & SAML aplikace svého Nextcloud do něho můžete snadno začlenit své stávající řešení pro sjednocené přihlašování. Krom toho můžete použít Nextcloud LDAP poskytovatele uživatelů pro pohodlí uživatelů. (např. při sdílení)\nV tuto chvíli jsou podporováni a vyzkoušení tito poskytovatelé:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Ověřování prostřednictvím proměnné prostředí**\n\t* Kerberos (mod_auth_kerb)\n\t* Jakýkoli jiný poskytovatel který ověřuje pomocí proměnné prostředí\n\nByť by teoreticky mohl být podporovaný jakýkoli poskytovatel, implementující buď jednu nebo druhý z těchto standardů, rádi bychom poznamenali, že nejsou součástí mřížky interních testů.", + "Open documentation" : "Otevřít dokumentaci", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you enabled \"%s\" or you go directly to the URL %s." : "Nezapomeňte nastavit správního uživatele, který může přistupovat k instanci prostřednictvím SSO. Přihlášení vaším běžným %s účtem nadále nebude možné, pokud nezapnete „%s“ nebo nepůjdete přímo na URL %s.", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you go directly to the URL %s." : "Nezapomeňte nastavit správního uživatele který může přistupovat k instanci přes SSO. Přihlašování vaším běžným %s účtem nadále nebude možné, jedině že půjdete přímo na URL %s.", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Vyberte zda chcete ověřovat za použití dodané zabudované SAML funkce v Nextcloud nebo zda chcete ověřovat za pomoci proměnné prostředí.", + "Use built-in SAML authentication" : "Použít zabudované SAML ověření", + "Use environment variable" : "Použít hodnotu z proměnné prostředí", + "Global settings" : "Globální nastavení", + "Remove identity provider" : "Vzdálený poskytovatel identity", + "Add identity provider" : "Přidat poskytovatele identity", + "General" : "Obecné", + "Service Provider Data" : "Poskytovatel datových služeb", + "If your Service Provider should use certificates you can optionally specify them here." : "Pokud by měl váš poskytovatel služeb používat certifikáty, můžete je zde specifikovat.", + "Show Service Provider settings…" : "Zobrazit nastavení poskytovatele služeb…", + "Name ID format" : "Formát identifikátoru názvu", + "Identity Provider Data" : "Poskytovatel přihlašovacích dat", + "Configure your IdP settings here." : "Zde lze vytvořit nastavení pro poskytovatele přihlašovacích údajů.", + "Identifier of the IdP entity (must be a URI)" : "Identifikátor entity z poskytovatele identit (je třeba, aby bylo URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "Cíl URL IdP, kam SP odešle zprávu s požadavkem na ověření se", + "Show optional Identity Provider settings…" : "Zobrazit nepovinná nastavení poskytovatele přihlašovacích údajů…", + "URL Location of the IdP where the SP will send the SLO Request" : "Umístění URL IdP, kam SP odešle SLO požadavek", + "URL Location of the IDP's SLO Response" : "Umístění URL IDP, kam SLO odešle odpověď", + "Public X.509 certificate of the IdP" : "Veřejný X.509 certifikát poskytovatele přihlašovacích údajů", + "Attribute mapping" : "Mapování atributů", + "If you want to optionally map attributes to the user you can configure these here." : "Pokud chcete volitelně provést mapování atributů na uživatele, můžete to provést zde.", + "Show attribute mapping settings…" : "Zobrazit nastavení pro mapování atributů…", + "Security settings" : "Nastavení zabezpečení", + "For increased security we recommend enabling the following settings if supported by your environment." : "Pro zvýšení bezpečnosti doporučujeme povolení následujících možností, pokud jsou tyto podporovány ve vašem prostředí.", + "Show security settings…" : "Zobrazit nastavení zabezpečení…", + "Signatures and encryption offered" : "Podpisy a šifrování nabízeno", + "Signatures and encryption required" : "Podpisy a šifrování vyžadováno", + "Download metadata XML" : "Stahovat metadata XML", + "Reset settings" : "Resetovat nastavení", + "Metadata invalid" : "Metadata neplatná", + "Metadata valid" : "Metadata platná", + "Error" : "Chyba", + "Account not provisioned." : "Účet není zprovozněn.", + "Your account is not provisioned, access to this service is thus not possible." : "Váš účet ještě nebyl zprovozněn, přístup ke službě tedy ještě není možný.", + "Login options:" : "Možnosti přihlašování:", + "Choose a authentication provider" : "Zvolte poskytovatele ověřování" +}, +"nplurals=4; plural=(n == 1 && n % 1 == 0) ? 0 : (n >= 2 && n <= 4 && n % 1 == 0) ? 1: (n % 1 != 0 ) ? 2 : 3;"); diff --git a/docker/nextcloud/user_saml/l10n/cs.json b/docker/nextcloud/user_saml/l10n/cs.json new file mode 100755 index 0000000..b21569b --- /dev/null +++ b/docker/nextcloud/user_saml/l10n/cs.json @@ -0,0 +1,87 @@ +{ "translations": { + "This user account is disabled, please contact your administrator." : "Tento uživatelský účet byl znepřístupněn, obraťte se na správce.", + "Saved" : "Uloženo", + "Provider" : "Poskytovatel", + "Unknown error, please check the log file for more details." : "Neznámá chyba, podrobnosti naleznete v záznamu událostí.", + "Direct log in" : "Přímé přihlášení", + "SSO & SAML log in" : "SSO a SAML přihlášení", + "This page should not be visited directly." : "Tato stránka by neměla být zobrazována přímo.", + "Provider " : "Poskytovatel", + "X.509 certificate of the Service Provider" : "X.509 certifikát poskytovatele služby", + "Private key of the Service Provider" : "Soukromý klíč poskytovatele služby", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Značí, že nameID odeslané tímto poskytovatelem služeb bude šifrováno.", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Indikuje, zda budou zprávy odeslané tímto SP podepsané. [Tato informace bude dostupná v metadatech SP]", + "Indicates whether the messages sent by this SP will be signed." : "Indikuje, zda budou zprávy odeslané tímto SP podepsané.", + "Indicates whether the messages sent by this SP will be signed." : "Indikuje, zda budou zprávy odeslané tímto SP podepsané.", + "Whether the metadata should be signed." : "Zda mají být metadata podepisována.", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Indikuje požadavek na podepsání elementů , a ve zprávách tímto SP.", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Indikuje požadavek na podepsání elementů přijaté tímto SP. [Tato informace bude dostupná v metadatech SP]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Indikuje požadavek na šifrování elementů přijaté tímto SP.", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : " Indikuje požadavek na přítomnost elementu NameID v SAMLResponse přijaté tímto SP.", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Indikuje požadavek poskytovatele služby na přijetí NameID v zašifrované podobě.", + "Indicates if the SP will validate all received XML." : "Indikuje, zda poskytovatel služeb ověří všechna přijatá XML.", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS URL kóduje SAML data malými písmeny, a toolkit používá ve výchozím nastavení velká písmena. Povolit pro ADFS kompatibilitu pro ověření podpisu.", + "Algorithm that the toolkit will use on signing process." : "Algoritmus který sada nástrojů použije při procesu podepisování.", + "Attribute to map the UID to." : "Atribut k přiřazení UID.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Přihlášení povolit pouze pokud účet už existuje i někde jinde. (např. LDAP)", + "Attribute to map the displayname to." : "Atribut, na který se má mapovat zobrazované jméno.", + "Attribute to map the email address to." : "Atribut, na který se má mapovat e-mailová adresa.", + "Attribute to map the quota to." : "Atribut, na který namapovat kvótu.", + "Attribute to map the users groups to." : "Atribut, na který namapovat uživatelovy skupiny.", + "Attribute to map the users home to." : "Atribut, na který namapovat uživatelovu domovskou složku.", + "Email address" : "E-mailová adresa", + "Encrypted" : "Šifrováno", + "Entity" : "Entita", + "Kerberos" : "Kerberos", + "Persistent" : "Trvalé", + "Transient" : "Přechodné", + "Unspecified" : "Neurčeno", + "Windows domain qualified name" : "Úplný název domény Windows", + "X509 subject name" : "Název subjektu pro X509", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Použít SAML pro %s desktopové klienty (vyžaduje, aby se uživatele znovu přihlásil)", + "Optional display name of the identity provider (default: \"SSO & SAML log in\")" : "Volitelný zobrazovaný název poskytovatele identity (výchozí: „SSO a SAML přihlášení“)", + "Allow the use of multiple user back-ends (e.g. LDAP)" : "Povolit použití vícero podpůrných vrstev pro uživatelské účty (např. LDAP)", + "SSO & SAML authentication" : "SSO a SAML ověření", + "Authenticate using single sign-on" : "Ověřit pomocí sjednoceného přihlášení (sso)", + "Using the SSO & SAML app of your Nextcloud you can make it easily possible to integrate your existing Single-Sign-On solution with Nextcloud. In addition, you can use the Nextcloud LDAP user provider to keep the convenience for users. (e.g. when sharing)\nThe following providers are supported and tested at the moment:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Authentication via Environment Variable**\n\t* Kerberos (mod_auth_kerb)\n\t* Any other provider that authenticates using the environment variable\n\nWhile theoretically any other authentication provider implementing either one of those standards is compatible, we like to note that they are not part of any internal test matrix." : "Použitím SSO & SAML aplikace svého Nextcloud do něho můžete snadno začlenit své stávající řešení pro sjednocené přihlašování. Krom toho můžete použít Nextcloud LDAP poskytovatele uživatelů pro pohodlí uživatelů. (např. při sdílení)\nV tuto chvíli jsou podporováni a vyzkoušení tito poskytovatelé:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Ověřování prostřednictvím proměnné prostředí**\n\t* Kerberos (mod_auth_kerb)\n\t* Jakýkoli jiný poskytovatel který ověřuje pomocí proměnné prostředí\n\nByť by teoreticky mohl být podporovaný jakýkoli poskytovatel, implementující buď jednu nebo druhý z těchto standardů, rádi bychom poznamenali, že nejsou součástí mřížky interních testů.", + "Open documentation" : "Otevřít dokumentaci", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you enabled \"%s\" or you go directly to the URL %s." : "Nezapomeňte nastavit správního uživatele, který může přistupovat k instanci prostřednictvím SSO. Přihlášení vaším běžným %s účtem nadále nebude možné, pokud nezapnete „%s“ nebo nepůjdete přímo na URL %s.", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you go directly to the URL %s." : "Nezapomeňte nastavit správního uživatele který může přistupovat k instanci přes SSO. Přihlašování vaším běžným %s účtem nadále nebude možné, jedině že půjdete přímo na URL %s.", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Vyberte zda chcete ověřovat za použití dodané zabudované SAML funkce v Nextcloud nebo zda chcete ověřovat za pomoci proměnné prostředí.", + "Use built-in SAML authentication" : "Použít zabudované SAML ověření", + "Use environment variable" : "Použít hodnotu z proměnné prostředí", + "Global settings" : "Globální nastavení", + "Remove identity provider" : "Vzdálený poskytovatel identity", + "Add identity provider" : "Přidat poskytovatele identity", + "General" : "Obecné", + "Service Provider Data" : "Poskytovatel datových služeb", + "If your Service Provider should use certificates you can optionally specify them here." : "Pokud by měl váš poskytovatel služeb používat certifikáty, můžete je zde specifikovat.", + "Show Service Provider settings…" : "Zobrazit nastavení poskytovatele služeb…", + "Name ID format" : "Formát identifikátoru názvu", + "Identity Provider Data" : "Poskytovatel přihlašovacích dat", + "Configure your IdP settings here." : "Zde lze vytvořit nastavení pro poskytovatele přihlašovacích údajů.", + "Identifier of the IdP entity (must be a URI)" : "Identifikátor entity z poskytovatele identit (je třeba, aby bylo URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "Cíl URL IdP, kam SP odešle zprávu s požadavkem na ověření se", + "Show optional Identity Provider settings…" : "Zobrazit nepovinná nastavení poskytovatele přihlašovacích údajů…", + "URL Location of the IdP where the SP will send the SLO Request" : "Umístění URL IdP, kam SP odešle SLO požadavek", + "URL Location of the IDP's SLO Response" : "Umístění URL IDP, kam SLO odešle odpověď", + "Public X.509 certificate of the IdP" : "Veřejný X.509 certifikát poskytovatele přihlašovacích údajů", + "Attribute mapping" : "Mapování atributů", + "If you want to optionally map attributes to the user you can configure these here." : "Pokud chcete volitelně provést mapování atributů na uživatele, můžete to provést zde.", + "Show attribute mapping settings…" : "Zobrazit nastavení pro mapování atributů…", + "Security settings" : "Nastavení zabezpečení", + "For increased security we recommend enabling the following settings if supported by your environment." : "Pro zvýšení bezpečnosti doporučujeme povolení následujících možností, pokud jsou tyto podporovány ve vašem prostředí.", + "Show security settings…" : "Zobrazit nastavení zabezpečení…", + "Signatures and encryption offered" : "Podpisy a šifrování nabízeno", + "Signatures and encryption required" : "Podpisy a šifrování vyžadováno", + "Download metadata XML" : "Stahovat metadata XML", + "Reset settings" : "Resetovat nastavení", + "Metadata invalid" : "Metadata neplatná", + "Metadata valid" : "Metadata platná", + "Error" : "Chyba", + "Account not provisioned." : "Účet není zprovozněn.", + "Your account is not provisioned, access to this service is thus not possible." : "Váš účet ještě nebyl zprovozněn, přístup ke službě tedy ještě není možný.", + "Login options:" : "Možnosti přihlašování:", + "Choose a authentication provider" : "Zvolte poskytovatele ověřování" +},"pluralForm" :"nplurals=4; plural=(n == 1 && n % 1 == 0) ? 0 : (n >= 2 && n <= 4 && n % 1 == 0) ? 1: (n % 1 != 0 ) ? 2 : 3;" +} \ No newline at end of file diff --git a/docker/nextcloud/user_saml/l10n/da.js b/docker/nextcloud/user_saml/l10n/da.js new file mode 100755 index 0000000..7266512 --- /dev/null +++ b/docker/nextcloud/user_saml/l10n/da.js @@ -0,0 +1,43 @@ +OC.L10N.register( + "user_saml", + { + "This user account is disabled, please contact your administrator." : "Denne bruger konto er deaktiveret. Kontakt venligst din administrator.", + "Saved" : "Gemt", + "Provider" : "Udbyder", + "Unknown error, please check the log file for more details." : "Ukendt fejl, tjek venligst logfilen for flere detaljer.", + "Direct log in" : "Direkte login", + "SSO & SAML log in" : "SSO & SAML log in", + "Provider " : "Udbyder", + "X.509 certificate of the Service Provider" : "X.509 certifikat hos udbyderen", + "Private key of the Service Provider" : "Privat nøgle for udbyderen", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Indikerer at nameID af sendt af denne SP vil blive krypteret.", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Indikerer om beskeder sendt af denne SP vil blive underskrevet [Metadata af denne SP vil indeholde denne info]", + "Indicates whether the messages sent by this SP will be signed." : "Indikerer om sendt af denne SP vil blive underskrevet.", + "Indicates whether the messages sent by this SP will be signed." : "Indikerer om sendt af denne SP vil blive underskrevet.", + "Whether the metadata should be signed." : "Indikerer om metadata vil blive underskrevet.", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Angiver et krav til , og elementer modtaget af denne SP, der skal underskrives.", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Angiver et krav for -elementer modtaget af denne SP, der skal underskrives. [SP-metadata vil tilbyde denne info]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Angiver et krav for, at elementer modtaget af denne SP der skal krypteres.", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Angiver et krav til NameID-elementet på SAMLResponse modtaget af denne SP skal være til stede.", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Angiver et krav for, at NameID modtaget af denne SP skal krypteres.", + "Indicates if the SP will validate all received XML." : "Angiver om SP'en vil validere alle modtagne XML'er.", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS URL-koder SAML-data som små bogstaver, og værktøjet bruger som standard store bogstaver. Aktivér for ADFS-kompatibilitet ved underskriftskontrol.", + "Attribute to map the UID to." : "Egenskab til at kortlægge UID til.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Tillad kun godkendelse, hvis der findes en konto på en anden backend. (f.eks. LDAP)", + "Attribute to map the displayname to." : "Egenskab til at kortlægge visningsnavn til.", + "Attribute to map the email address to." : "Egenskab til at kortlægge e-mail-adressen til.", + "Email address" : "E-mailadresse", + "Optional display name of the identity provider (default: \"SSO & SAML log in\")" : "Valgfrit visningsnavn for identitetsudbyderen (standard: \"SSO & SAML log ind\")", + "Allow the use of multiple user back-ends (e.g. LDAP)" : "Tillad brug af flere brugerbackender (f.eks. LDAP)", + "Open documentation" : "Åbn dokumentation", + "Use environment variable" : "Brug miljøvariabel", + "Global settings" : "Globale indstillinger", + "General" : "General", + "Configure your IdP settings here." : "Indstil IdP her.", + "Security settings" : "Sikkerhedsindstillinger", + "Download metadata XML" : "Download metadata XML", + "Metadata invalid" : "Ugyldig metadata", + "Metadata valid" : "Gyldig metadata", + "Error" : "Fejl" +}, +"nplurals=2; plural=(n != 1);"); diff --git a/docker/nextcloud/user_saml/l10n/da.json b/docker/nextcloud/user_saml/l10n/da.json new file mode 100755 index 0000000..b3bd03f --- /dev/null +++ b/docker/nextcloud/user_saml/l10n/da.json @@ -0,0 +1,41 @@ +{ "translations": { + "This user account is disabled, please contact your administrator." : "Denne bruger konto er deaktiveret. Kontakt venligst din administrator.", + "Saved" : "Gemt", + "Provider" : "Udbyder", + "Unknown error, please check the log file for more details." : "Ukendt fejl, tjek venligst logfilen for flere detaljer.", + "Direct log in" : "Direkte login", + "SSO & SAML log in" : "SSO & SAML log in", + "Provider " : "Udbyder", + "X.509 certificate of the Service Provider" : "X.509 certifikat hos udbyderen", + "Private key of the Service Provider" : "Privat nøgle for udbyderen", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Indikerer at nameID af sendt af denne SP vil blive krypteret.", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Indikerer om beskeder sendt af denne SP vil blive underskrevet [Metadata af denne SP vil indeholde denne info]", + "Indicates whether the messages sent by this SP will be signed." : "Indikerer om sendt af denne SP vil blive underskrevet.", + "Indicates whether the messages sent by this SP will be signed." : "Indikerer om sendt af denne SP vil blive underskrevet.", + "Whether the metadata should be signed." : "Indikerer om metadata vil blive underskrevet.", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Angiver et krav til , og elementer modtaget af denne SP, der skal underskrives.", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Angiver et krav for -elementer modtaget af denne SP, der skal underskrives. [SP-metadata vil tilbyde denne info]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Angiver et krav for, at elementer modtaget af denne SP der skal krypteres.", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Angiver et krav til NameID-elementet på SAMLResponse modtaget af denne SP skal være til stede.", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Angiver et krav for, at NameID modtaget af denne SP skal krypteres.", + "Indicates if the SP will validate all received XML." : "Angiver om SP'en vil validere alle modtagne XML'er.", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS URL-koder SAML-data som små bogstaver, og værktøjet bruger som standard store bogstaver. Aktivér for ADFS-kompatibilitet ved underskriftskontrol.", + "Attribute to map the UID to." : "Egenskab til at kortlægge UID til.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Tillad kun godkendelse, hvis der findes en konto på en anden backend. (f.eks. LDAP)", + "Attribute to map the displayname to." : "Egenskab til at kortlægge visningsnavn til.", + "Attribute to map the email address to." : "Egenskab til at kortlægge e-mail-adressen til.", + "Email address" : "E-mailadresse", + "Optional display name of the identity provider (default: \"SSO & SAML log in\")" : "Valgfrit visningsnavn for identitetsudbyderen (standard: \"SSO & SAML log ind\")", + "Allow the use of multiple user back-ends (e.g. LDAP)" : "Tillad brug af flere brugerbackender (f.eks. LDAP)", + "Open documentation" : "Åbn dokumentation", + "Use environment variable" : "Brug miljøvariabel", + "Global settings" : "Globale indstillinger", + "General" : "General", + "Configure your IdP settings here." : "Indstil IdP her.", + "Security settings" : "Sikkerhedsindstillinger", + "Download metadata XML" : "Download metadata XML", + "Metadata invalid" : "Ugyldig metadata", + "Metadata valid" : "Gyldig metadata", + "Error" : "Fejl" +},"pluralForm" :"nplurals=2; plural=(n != 1);" +} \ No newline at end of file diff --git a/docker/nextcloud/user_saml/l10n/de.js b/docker/nextcloud/user_saml/l10n/de.js new file mode 100755 index 0000000..d2da905 --- /dev/null +++ b/docker/nextcloud/user_saml/l10n/de.js @@ -0,0 +1,89 @@ +OC.L10N.register( + "user_saml", + { + "This user account is disabled, please contact your administrator." : "Dieses Nutzerkonto ist deaktiviert. Bitte kontaktiere Deinen Administrator.", + "Saved" : "Gespeichert", + "Provider" : "Anbieter", + "Unknown error, please check the log file for more details." : "Unbekannter Fehler, bitte prüfe die Log-Datei für weitere Informationen.", + "Direct log in" : "Direkte Anmeldung", + "SSO & SAML log in" : "SSO- & SAML-Anmeldung", + "This page should not be visited directly." : "Diese Seite sollte nicht direkt aufgerufen werden", + "Provider " : "Anbieter", + "X.509 certificate of the Service Provider" : "X.509-Zertifikat des Service-Providers", + "Private key of the Service Provider" : "Privater Schlüssel des Diensteanbieters", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Zeigt an, dass die nameID des von diesem Diensteanbieter verschlüsselt versandt werden.", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Zeigt an, ob die von diesem Diensteanbieter gesendeten - Nachrichten signiert werden. [Die Metadaten des Diensteanbieters zeigen diese Infos an]", + "Indicates whether the messages sent by this SP will be signed." : "Zeigt an, ob die von diesem Diensteanbieter gesendeten - Nachrichten signiert werden.", + "Indicates whether the messages sent by this SP will be signed." : "Zeigt an, ob die von diesem Diensteanbieter gesendeten - Nachrichten signiert werden.", + "Whether the metadata should be signed." : "Ob die Metadaten signiert werden sollen.", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Zeigt an, dass die von diesem Diensteanbieter empfangenen , und Elemente signiert sein müssen.", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Zeigt an, dass die Elemente die von diesem Diensteanbieter empfangen wurden verschlüsselt sein müssen. [Metadaten des Diensteanbieters enthalten diese Informationen]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Zeigt an, dass die Elemente die von diesem Diensteanbieter empfangen wurden verschlüsselt sein müssen.", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Zeigt an, dass das NameID-Element der SAML-Antwort dieses Diensteanbieters vorhanden sein muss.", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Zeigt an, dass die NameID die von diesem Diensteanbieter empfangen wird verschlüsselt sein muss.", + "Indicates if the SP will validate all received XML." : "Zeigt an, ob der Diensteanbieter alles empfangene XML überprüft. ", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS kodiert SAML-URL-Daten in Kleinbuchstaben und das Toolkit nutzt als Standard Großbuchstaben. Diese Option für ADFS-Kompatibilität bei Signatur-Überprüfung aktivieren.", + "Algorithm that the toolkit will use on signing process." : "Algorithmus, den das Toolkit beim Signieren verwendet.", + "Attribute to map the UID to." : "Attribut dem die UID zugeordnet werden soll.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Anmeldung nur erlauben, wenn ein Konto auf einem anderen Backend vorhanden ist (z.B. LDAP)", + "Attribute to map the displayname to." : "Attribut dem der Anzeigename zugeordnet werden soll.", + "Attribute to map the email address to." : "Attribut dem die E-Mail-Adresse zugeordnet werden soll.", + "Attribute to map the quota to." : "Attribut, dem das Kontingent zugeordnet werden soll.", + "Attribute to map the users groups to." : "Attribut, dem die Gruppen des Benutzers zugeordnet werden sollen.", + "Attribute to map the users home to." : "Attribut dem das zu Hause des Benutzers zugeordnet werden soll.", + "Email address" : "E-Mail-Adresse", + "Encrypted" : "Verschlüsselt", + "Entity" : "Einheit", + "Kerberos" : "Kerberos", + "Persistent" : "Dauerhaft", + "Transient" : "Flüchtig", + "Unspecified" : "Nicht spezifiziert", + "Windows domain qualified name" : "Windows-Domäne qualifizierter Name", + "X509 subject name" : "X509-Subjektname ", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "SAML-Autorisierung für die %s Desktop-Clients nutzen (erfordert eine Neu-Autorisierung der Benutzer)", + "Optional display name of the identity provider (default: \"SSO & SAML log in\")" : "Optional den Namen des Identitätsanbieters anzeigen (Standard: \"SSO- & SAML-Anmeldung\")", + "Allow the use of multiple user back-ends (e.g. LDAP)" : "Die Verwendung von mehreren Benutzerverwaltungen erlauben (z. B. LDAP)", + "SSO & SAML authentication" : "SSO & SAML-Autorisierung", + "Authenticate using single sign-on" : "Authentifizieren mit Single-Sign-On", + "Using the SSO & SAML app of your Nextcloud you can make it easily possible to integrate your existing Single-Sign-On solution with Nextcloud. In addition, you can use the Nextcloud LDAP user provider to keep the convenience for users. (e.g. when sharing)\nThe following providers are supported and tested at the moment:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Authentication via Environment Variable**\n\t* Kerberos (mod_auth_kerb)\n\t* Any other provider that authenticates using the environment variable\n\nWhile theoretically any other authentication provider implementing either one of those standards is compatible, we like to note that they are not part of any internal test matrix." : "Die SSO-&-SAML-App ermöglicht es, Deine bereits bestehende Single-Sign-On-Lösung einfach in Nextcloud zu integrieren. Ausserdem kann der Nextcloud-LDAP-Nutzer-Anbieter verwendet werden, um es den Nutzern (z. B. beim Teilen) besonders einfach zu machen.\nBislang werden folgende Anbieter unterstützt und sind getestet:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Anmeldung über Umgebungsvariable**\n\t* Kerberos (mod_auth_kerb)\n\t* Alle anderen Anbieter, die die Umgebungsvariable verwenden\n\nObwohl theoretisch jeder andere Anmeldungsanbieter, der einen der Standards implementiert hat, verwendet werden kann, weisen wir darauf hin, dass diese anderen Anbieter nicht in unserer Testmatrix berücksichtigt werden.", + "Open documentation" : "Dokumentation öffnen", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you enabled \"%s\" or you go directly to the URL %s." : "Es muss ein Benutzer mit Administrator-Rechten vorhanden sein, der sich mittels SSO anmelden kann. Eine Anmeldung mit Deinem normalen Zugang %s ist dann nicht mehr möglich, außer Du hast \"%s\" aktiviert oder Du gehst Direkt zur URL %s .", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you go directly to the URL %s." : "Es muss ein Benutzer mit Administrator-Rechten vorhanden sein, der sich mittels SSO anmelden kann. Eine Anmeldung mit Deinem normalen Zugang %s ist dann nicht mehr möglich, es sei denn, Du gehst direkt zur URL %s.", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Bitte auswählen ob die Autorisierung mittels in Nextcloud integriertem SAML oder gegen eine Umgebungsvariable erfolgen soll.", + "Use built-in SAML authentication" : "Integrierte SAML-Autorisierung benutzen", + "Use environment variable" : "Umgebungsvariable benutzen", + "Global settings" : "Globale Einstellungen", + "Remove identity provider" : "Autorisierungsdienst entfernen", + "Add identity provider" : "Autorisierungsdienst hinzufügen", + "General" : "Allgemein", + "Service Provider Data" : "Diensteanbieter-Daten", + "If your Service Provider should use certificates you can optionally specify them here." : "Sollte dein Diensteanbieter Zertifikate benutzen, dann hast du hier die Möglichkeit diese anzugeben.", + "Show Service Provider settings…" : "Zeige die Diensteanbieter-Einstellungen…", + "Name ID format" : "Name-ID-Format", + "Identity Provider Data" : "Daten des Autorisierungsdienstes", + "Configure your IdP settings here." : "Autorisierungsdiensteinstellungen hier konfigurieren.", + "Identifier of the IdP entity (must be a URI)" : "Identifikationsmerkmal des Autorisierungsdienstes (muss URI sein)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "URL-Ziel des Autorisierungsdienstes an den der Dienstanbieter die Anmeldungsanfrage senden soll", + "Show optional Identity Provider settings…" : "Zeige optionale Autorisierungsdienst-Einstellungen", + "URL Location of the IdP where the SP will send the SLO Request" : "URL-Adresse des Autorisierungsdienstes an den der Diensteanbieter die SLO-Anfrage senden soll", + "URL Location of the IDP's SLO Response" : "URL-Adresse der SLO-Antwort des Autorisierungsdienstes", + "Public X.509 certificate of the IdP" : "Öffentliches X.509-Zertifikat des Autorisierungsdienstes", + "Attribute mapping" : "Attribute zuordnen", + "If you want to optionally map attributes to the user you can configure these here." : "Wenn Du optional Attribute dem Benutzer zuordnen möchtest, kannst Du dies hier einstellen.", + "Show attribute mapping settings…" : "Einstellungen der Attribute-Zuordnung anzeigen… ", + "Security settings" : "Sicherheitseinstellungen", + "For increased security we recommend enabling the following settings if supported by your environment." : "Um die Sicherheit zu erhöhen empfehlen wir die nachfolgenden Einstellungen, soweit diese von Deiner Installation unterstützt werden.", + "Show security settings…" : "Zeige Sicherheitseinstellungen… ", + "Signatures and encryption offered" : "Signaturen und Verschlüsselung werden angeboten", + "Signatures and encryption required" : "Signaturen und Verschlüsselung erforderlich", + "Download metadata XML" : "Lade Metadaten-XML herunter", + "Reset settings" : "Einstellungen zurücksetzen", + "Metadata invalid" : "Metadaten ungültig", + "Metadata valid" : "Metadaten gültig", + "Error" : "Fehler", + "Account not provisioned." : "Konto nicht bereitgestellt.", + "Your account is not provisioned, access to this service is thus not possible." : "Dein Konto wird nicht bereitgestellt. Der Zugriff ist daher nicht möglich.", + "Login options:" : "Anmeldeoptionen:", + "Choose a authentication provider" : "Einen Authentifizierungsanbieter auswählen" +}, +"nplurals=2; plural=(n != 1);"); diff --git a/docker/nextcloud/user_saml/l10n/de.json b/docker/nextcloud/user_saml/l10n/de.json new file mode 100755 index 0000000..d25c80f --- /dev/null +++ b/docker/nextcloud/user_saml/l10n/de.json @@ -0,0 +1,87 @@ +{ "translations": { + "This user account is disabled, please contact your administrator." : "Dieses Nutzerkonto ist deaktiviert. Bitte kontaktiere Deinen Administrator.", + "Saved" : "Gespeichert", + "Provider" : "Anbieter", + "Unknown error, please check the log file for more details." : "Unbekannter Fehler, bitte prüfe die Log-Datei für weitere Informationen.", + "Direct log in" : "Direkte Anmeldung", + "SSO & SAML log in" : "SSO- & SAML-Anmeldung", + "This page should not be visited directly." : "Diese Seite sollte nicht direkt aufgerufen werden", + "Provider " : "Anbieter", + "X.509 certificate of the Service Provider" : "X.509-Zertifikat des Service-Providers", + "Private key of the Service Provider" : "Privater Schlüssel des Diensteanbieters", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Zeigt an, dass die nameID des von diesem Diensteanbieter verschlüsselt versandt werden.", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Zeigt an, ob die von diesem Diensteanbieter gesendeten - Nachrichten signiert werden. [Die Metadaten des Diensteanbieters zeigen diese Infos an]", + "Indicates whether the messages sent by this SP will be signed." : "Zeigt an, ob die von diesem Diensteanbieter gesendeten - Nachrichten signiert werden.", + "Indicates whether the messages sent by this SP will be signed." : "Zeigt an, ob die von diesem Diensteanbieter gesendeten - Nachrichten signiert werden.", + "Whether the metadata should be signed." : "Ob die Metadaten signiert werden sollen.", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Zeigt an, dass die von diesem Diensteanbieter empfangenen , und Elemente signiert sein müssen.", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Zeigt an, dass die Elemente die von diesem Diensteanbieter empfangen wurden verschlüsselt sein müssen. [Metadaten des Diensteanbieters enthalten diese Informationen]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Zeigt an, dass die Elemente die von diesem Diensteanbieter empfangen wurden verschlüsselt sein müssen.", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Zeigt an, dass das NameID-Element der SAML-Antwort dieses Diensteanbieters vorhanden sein muss.", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Zeigt an, dass die NameID die von diesem Diensteanbieter empfangen wird verschlüsselt sein muss.", + "Indicates if the SP will validate all received XML." : "Zeigt an, ob der Diensteanbieter alles empfangene XML überprüft. ", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS kodiert SAML-URL-Daten in Kleinbuchstaben und das Toolkit nutzt als Standard Großbuchstaben. Diese Option für ADFS-Kompatibilität bei Signatur-Überprüfung aktivieren.", + "Algorithm that the toolkit will use on signing process." : "Algorithmus, den das Toolkit beim Signieren verwendet.", + "Attribute to map the UID to." : "Attribut dem die UID zugeordnet werden soll.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Anmeldung nur erlauben, wenn ein Konto auf einem anderen Backend vorhanden ist (z.B. LDAP)", + "Attribute to map the displayname to." : "Attribut dem der Anzeigename zugeordnet werden soll.", + "Attribute to map the email address to." : "Attribut dem die E-Mail-Adresse zugeordnet werden soll.", + "Attribute to map the quota to." : "Attribut, dem das Kontingent zugeordnet werden soll.", + "Attribute to map the users groups to." : "Attribut, dem die Gruppen des Benutzers zugeordnet werden sollen.", + "Attribute to map the users home to." : "Attribut dem das zu Hause des Benutzers zugeordnet werden soll.", + "Email address" : "E-Mail-Adresse", + "Encrypted" : "Verschlüsselt", + "Entity" : "Einheit", + "Kerberos" : "Kerberos", + "Persistent" : "Dauerhaft", + "Transient" : "Flüchtig", + "Unspecified" : "Nicht spezifiziert", + "Windows domain qualified name" : "Windows-Domäne qualifizierter Name", + "X509 subject name" : "X509-Subjektname ", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "SAML-Autorisierung für die %s Desktop-Clients nutzen (erfordert eine Neu-Autorisierung der Benutzer)", + "Optional display name of the identity provider (default: \"SSO & SAML log in\")" : "Optional den Namen des Identitätsanbieters anzeigen (Standard: \"SSO- & SAML-Anmeldung\")", + "Allow the use of multiple user back-ends (e.g. LDAP)" : "Die Verwendung von mehreren Benutzerverwaltungen erlauben (z. B. LDAP)", + "SSO & SAML authentication" : "SSO & SAML-Autorisierung", + "Authenticate using single sign-on" : "Authentifizieren mit Single-Sign-On", + "Using the SSO & SAML app of your Nextcloud you can make it easily possible to integrate your existing Single-Sign-On solution with Nextcloud. In addition, you can use the Nextcloud LDAP user provider to keep the convenience for users. (e.g. when sharing)\nThe following providers are supported and tested at the moment:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Authentication via Environment Variable**\n\t* Kerberos (mod_auth_kerb)\n\t* Any other provider that authenticates using the environment variable\n\nWhile theoretically any other authentication provider implementing either one of those standards is compatible, we like to note that they are not part of any internal test matrix." : "Die SSO-&-SAML-App ermöglicht es, Deine bereits bestehende Single-Sign-On-Lösung einfach in Nextcloud zu integrieren. Ausserdem kann der Nextcloud-LDAP-Nutzer-Anbieter verwendet werden, um es den Nutzern (z. B. beim Teilen) besonders einfach zu machen.\nBislang werden folgende Anbieter unterstützt und sind getestet:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Anmeldung über Umgebungsvariable**\n\t* Kerberos (mod_auth_kerb)\n\t* Alle anderen Anbieter, die die Umgebungsvariable verwenden\n\nObwohl theoretisch jeder andere Anmeldungsanbieter, der einen der Standards implementiert hat, verwendet werden kann, weisen wir darauf hin, dass diese anderen Anbieter nicht in unserer Testmatrix berücksichtigt werden.", + "Open documentation" : "Dokumentation öffnen", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you enabled \"%s\" or you go directly to the URL %s." : "Es muss ein Benutzer mit Administrator-Rechten vorhanden sein, der sich mittels SSO anmelden kann. Eine Anmeldung mit Deinem normalen Zugang %s ist dann nicht mehr möglich, außer Du hast \"%s\" aktiviert oder Du gehst Direkt zur URL %s .", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you go directly to the URL %s." : "Es muss ein Benutzer mit Administrator-Rechten vorhanden sein, der sich mittels SSO anmelden kann. Eine Anmeldung mit Deinem normalen Zugang %s ist dann nicht mehr möglich, es sei denn, Du gehst direkt zur URL %s.", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Bitte auswählen ob die Autorisierung mittels in Nextcloud integriertem SAML oder gegen eine Umgebungsvariable erfolgen soll.", + "Use built-in SAML authentication" : "Integrierte SAML-Autorisierung benutzen", + "Use environment variable" : "Umgebungsvariable benutzen", + "Global settings" : "Globale Einstellungen", + "Remove identity provider" : "Autorisierungsdienst entfernen", + "Add identity provider" : "Autorisierungsdienst hinzufügen", + "General" : "Allgemein", + "Service Provider Data" : "Diensteanbieter-Daten", + "If your Service Provider should use certificates you can optionally specify them here." : "Sollte dein Diensteanbieter Zertifikate benutzen, dann hast du hier die Möglichkeit diese anzugeben.", + "Show Service Provider settings…" : "Zeige die Diensteanbieter-Einstellungen…", + "Name ID format" : "Name-ID-Format", + "Identity Provider Data" : "Daten des Autorisierungsdienstes", + "Configure your IdP settings here." : "Autorisierungsdiensteinstellungen hier konfigurieren.", + "Identifier of the IdP entity (must be a URI)" : "Identifikationsmerkmal des Autorisierungsdienstes (muss URI sein)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "URL-Ziel des Autorisierungsdienstes an den der Dienstanbieter die Anmeldungsanfrage senden soll", + "Show optional Identity Provider settings…" : "Zeige optionale Autorisierungsdienst-Einstellungen", + "URL Location of the IdP where the SP will send the SLO Request" : "URL-Adresse des Autorisierungsdienstes an den der Diensteanbieter die SLO-Anfrage senden soll", + "URL Location of the IDP's SLO Response" : "URL-Adresse der SLO-Antwort des Autorisierungsdienstes", + "Public X.509 certificate of the IdP" : "Öffentliches X.509-Zertifikat des Autorisierungsdienstes", + "Attribute mapping" : "Attribute zuordnen", + "If you want to optionally map attributes to the user you can configure these here." : "Wenn Du optional Attribute dem Benutzer zuordnen möchtest, kannst Du dies hier einstellen.", + "Show attribute mapping settings…" : "Einstellungen der Attribute-Zuordnung anzeigen… ", + "Security settings" : "Sicherheitseinstellungen", + "For increased security we recommend enabling the following settings if supported by your environment." : "Um die Sicherheit zu erhöhen empfehlen wir die nachfolgenden Einstellungen, soweit diese von Deiner Installation unterstützt werden.", + "Show security settings…" : "Zeige Sicherheitseinstellungen… ", + "Signatures and encryption offered" : "Signaturen und Verschlüsselung werden angeboten", + "Signatures and encryption required" : "Signaturen und Verschlüsselung erforderlich", + "Download metadata XML" : "Lade Metadaten-XML herunter", + "Reset settings" : "Einstellungen zurücksetzen", + "Metadata invalid" : "Metadaten ungültig", + "Metadata valid" : "Metadaten gültig", + "Error" : "Fehler", + "Account not provisioned." : "Konto nicht bereitgestellt.", + "Your account is not provisioned, access to this service is thus not possible." : "Dein Konto wird nicht bereitgestellt. Der Zugriff ist daher nicht möglich.", + "Login options:" : "Anmeldeoptionen:", + "Choose a authentication provider" : "Einen Authentifizierungsanbieter auswählen" +},"pluralForm" :"nplurals=2; plural=(n != 1);" +} \ No newline at end of file diff --git a/docker/nextcloud/user_saml/l10n/de_DE.js b/docker/nextcloud/user_saml/l10n/de_DE.js new file mode 100755 index 0000000..10bfe75 --- /dev/null +++ b/docker/nextcloud/user_saml/l10n/de_DE.js @@ -0,0 +1,89 @@ +OC.L10N.register( + "user_saml", + { + "This user account is disabled, please contact your administrator." : "Dieses Nutzerkonto ist deaktiviert. Bitte kontaktieren Sie Ihren Administrator.", + "Saved" : "Gespeichert", + "Provider" : "Anbieter", + "Unknown error, please check the log file for more details." : "Unbekannter Fehler, bitte prüfen Sie die Log-Datei für weitere Informationen.", + "Direct log in" : "Direkte Anmeldung", + "SSO & SAML log in" : "SSO- & SAML-Anmeldung", + "This page should not be visited directly." : "Diese Seite sollte nicht direkt aufgerufen werden.", + "Provider " : "Anbieter", + "X.509 certificate of the Service Provider" : "X.509-Zertifikat des Diensteanbieters", + "Private key of the Service Provider" : "Privater Schlüssel des Diensteanbieters", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Zeigt an, dass die nameID des von diesem Diensteanbieter verschlüsselt versandt werden.", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Zeigt an, ob die von diesem Diensteanbieter gesendeten - Nachrichten signiert werden. [Die Metadaten des Diensteanbieters zeigen diese Infos an]", + "Indicates whether the messages sent by this SP will be signed." : "Erfordert, dass die von diesem Diensteanbieter gesendeten Nachrichten signiert werden.", + "Indicates whether the messages sent by this SP will be signed." : "Zeigt an, ob die von diesem Diensteanbieter gesendeten Nachrichten signiert werden.", + "Whether the metadata should be signed." : "Gibt an, ob die Metadaten signiert werden sollen.", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Zeigt an, dass die von diesem SP empfangenen Elemente , und signiert werden müssen.", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Erfordert, dass die Elemente, die von diesem Diensteanbieter empfangen wurden, verschlüsselt sein müssen. [Metadaten des Diensteanbieters enthalten diese Informationen]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Erfordert, dass die Elemente, die von diesem Diensteanbieter empfangen wurden, verschlüsselt sein müssen.", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Erfordert, dass das NameID-Element der SAML-Antwort dieses Diensteanbieters vorhanden sein muss.", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Erfordert, dass die NameID, die von diesem Diensteanbieter empfangen wird, verschlüsselt sein muss.", + "Indicates if the SP will validate all received XML." : "Gibt an, ob der Diensteanbieter alle empfangenen XML-Inhalte überprüft.", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS kodiert SAML-URL-Daten in Kleinbuchstaben und das Toolkit nutzt als Standard Großbuchstaben. Diese Option für ADFS-Kompatibilität bei Signatur-Überprüfung aktivieren.", + "Algorithm that the toolkit will use on signing process." : "Algorithmus, den das Toolkit beim Signieren verwendet.", + "Attribute to map the UID to." : "Attribut dem die UID zugeordnet werden soll.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Anmeldung nur erlauben, wenn ein Konto auf einem anderen Backend vorhanden ist (z.B. LDAP)", + "Attribute to map the displayname to." : "Attribut dem der Anzeigename zugeordnet werden soll.", + "Attribute to map the email address to." : "Attribut dem die E-Mail-Adresse zugeordnet werden soll.", + "Attribute to map the quota to." : "Attribut, dem das Speicherkontingent zugeordnet werden soll.", + "Attribute to map the users groups to." : "Attribut, dem die Gruppen des Benutzers zugeordnet werden sollen.", + "Attribute to map the users home to." : "Attribut dem das zu Hause des Benutzers zugeordnet werden soll.", + "Email address" : "E-Mail-Adresse", + "Encrypted" : "Verschlüsselt", + "Entity" : "Einheit", + "Kerberos" : "Kerberos", + "Persistent" : "Dauerhaft", + "Transient" : "Flüchtig", + "Unspecified" : "Nicht spezifiziert", + "Windows domain qualified name" : "Windows-Domäne qualifizierter Name", + "X509 subject name" : "X509-Subjektname ", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "SAML-Autorisierung für die %s Desktop-Clients nutzen (erfordert eine Neu-Autorisierung der Benutzer)", + "Optional display name of the identity provider (default: \"SSO & SAML log in\")" : "Optional den Namen des Identitätsanbieters anzeigen (Standard: \"SSO- & SAML-Anmeldung\")", + "Allow the use of multiple user back-ends (e.g. LDAP)" : "Die Verwendung von mehreren Benutzerverwaltungen erlauben (z. B. LDAP)", + "SSO & SAML authentication" : "SSO & SAML-Autorisierung", + "Authenticate using single sign-on" : "Authentifizieren mit Single-Sign-On", + "Using the SSO & SAML app of your Nextcloud you can make it easily possible to integrate your existing Single-Sign-On solution with Nextcloud. In addition, you can use the Nextcloud LDAP user provider to keep the convenience for users. (e.g. when sharing)\nThe following providers are supported and tested at the moment:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Authentication via Environment Variable**\n\t* Kerberos (mod_auth_kerb)\n\t* Any other provider that authenticates using the environment variable\n\nWhile theoretically any other authentication provider implementing either one of those standards is compatible, we like to note that they are not part of any internal test matrix." : "Die SSO & SAML-App ermöglicht es Ihre bereits bestehende Singl-Sign-On-Lösung einfach in Nextcloud zu integrieren. Ausserdem kann der Nextcloud LDAP-Nutzer-Anbieter verwendet werden, um es den Nutzern (z.B. beim eilen) besonders einfach zu machen.\nBislang werden folgende Anbieter unterstützt und sind getestet:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Anmeldung über Umgebungsvariable**\n\t* Kerberos (mod_auth_kerb)\n\t* Alle anderen Anbieter, die die Umgebungsvariable verwenden\n\nObwohl theoretisch jeder andere Anmeldungs-Anbieter der einen der Standards implementiert hat verwendet werden kann, weisen wir darauf hin, dass diese anderen Anbieter nicht in unserer Test-Matrix berücksichtigt werden.", + "Open documentation" : "Dokumentation öffnen", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you enabled \"%s\" or you go directly to the URL %s." : "Es muss ein Benutzer mit Administrator-Rechten vorhanden sein, der sich mittels SSO anmelden kann. Eine Anmeldung mit Ihrem normalen Zugang %s ist dann nicht mehr möglich, außer Sie haben \"%s\" aktiviert oder Sie gehen direkt zur URL %s.", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you go directly to the URL %s." : "Es muss ein Benutzer mit Administrator-Rechten vorhanden sein, der sich mittels SSO anmelden kann. Eine Anmeldung mit ihrem normalen Zugang %s ist dann nicht mehr möglich, es sei denn, Sie gehen direkt zur URL %s.", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Bitte auswählen ob die Autorisierung mittels in Nextcloud integriertem SAML oder gegen eine Umgebungsvariable erfolgen soll.", + "Use built-in SAML authentication" : "Integrierte SAML-Autorisierung benutzen", + "Use environment variable" : "Umgebungsvariable benutzen", + "Global settings" : "Globale Einstellungen", + "Remove identity provider" : "Autorisierungsdienst entfernen", + "Add identity provider" : "Autorisierungsdienst hinzufügen", + "General" : "Allgemein", + "Service Provider Data" : "Diensteanbieter-Daten", + "If your Service Provider should use certificates you can optionally specify them here." : "Sollte Ihr Diensteanbieter Zertifikate benutzen dann haben Sie hier die Möglichkeit diese anzugeben.", + "Show Service Provider settings…" : "Zeige die Diensteanbieter-Einstellungen…", + "Name ID format" : "Name-ID-Format", + "Identity Provider Data" : "Daten des Autorisierungsdienstes", + "Configure your IdP settings here." : "Autorisierungsdienst-Einstellungen hier konfigurieren.", + "Identifier of the IdP entity (must be a URI)" : "Identifikationsmerkmal des Autorisierungsdienstes (muss URI sein)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "URL-Ziel des Autorisierungsdienstes an den der Diensteanbieter die Anmeldungsanfrage senden soll", + "Show optional Identity Provider settings…" : "Zeige optionale Autorisierungsdienst-Einstellungen", + "URL Location of the IdP where the SP will send the SLO Request" : "URL-Adresse des Autorisierungsdienstes an den der Diensteanbieter die SLO-Anfrage senden soll", + "URL Location of the IDP's SLO Response" : "URL-Adresse der SLO-Antwort des Autorisierungsdienstes", + "Public X.509 certificate of the IdP" : "Öffentliches X.509-Zertifikat des Autorisierungsdienstes", + "Attribute mapping" : "Attribute zuordnen", + "If you want to optionally map attributes to the user you can configure these here." : "Wenn Sie optional Attribute dem Benutzer zuordnen möchten, können Sie dies hier einstellen.", + "Show attribute mapping settings…" : "Einstellungen der Attribute-Zuordnung anzeigen… ", + "Security settings" : "Sicherheitseinstellungen", + "For increased security we recommend enabling the following settings if supported by your environment." : "Um die Sicherheit zu erhöhen empfehlen wir die nachfolgenden Einstellungen, soweit diese von Ihrer Installation unterstützt werden.", + "Show security settings…" : "Zeige Sicherheitseinstellungen… ", + "Signatures and encryption offered" : "Signaturen und Verschlüsselung werden angeboten", + "Signatures and encryption required" : "Signaturen und Verschlüsselung erforderlich", + "Download metadata XML" : "Lade Metadaten-XML herunter", + "Reset settings" : "Einstellungen zurücksetzen", + "Metadata invalid" : "Metadaten ungültig", + "Metadata valid" : "Metadaten gültig", + "Error" : "Fehler", + "Account not provisioned." : "Konto nicht bereitgestellt.", + "Your account is not provisioned, access to this service is thus not possible." : "Ihr Konto wird nicht bereitgestellt. Der Zugriff ist daher nicht möglich.", + "Login options:" : "Anmeldeoptionen:", + "Choose a authentication provider" : "Einen Authentifizierungsanbieter auswählen" +}, +"nplurals=2; plural=(n != 1);"); diff --git a/docker/nextcloud/user_saml/l10n/de_DE.json b/docker/nextcloud/user_saml/l10n/de_DE.json new file mode 100755 index 0000000..98c2075 --- /dev/null +++ b/docker/nextcloud/user_saml/l10n/de_DE.json @@ -0,0 +1,87 @@ +{ "translations": { + "This user account is disabled, please contact your administrator." : "Dieses Nutzerkonto ist deaktiviert. Bitte kontaktieren Sie Ihren Administrator.", + "Saved" : "Gespeichert", + "Provider" : "Anbieter", + "Unknown error, please check the log file for more details." : "Unbekannter Fehler, bitte prüfen Sie die Log-Datei für weitere Informationen.", + "Direct log in" : "Direkte Anmeldung", + "SSO & SAML log in" : "SSO- & SAML-Anmeldung", + "This page should not be visited directly." : "Diese Seite sollte nicht direkt aufgerufen werden.", + "Provider " : "Anbieter", + "X.509 certificate of the Service Provider" : "X.509-Zertifikat des Diensteanbieters", + "Private key of the Service Provider" : "Privater Schlüssel des Diensteanbieters", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Zeigt an, dass die nameID des von diesem Diensteanbieter verschlüsselt versandt werden.", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Zeigt an, ob die von diesem Diensteanbieter gesendeten - Nachrichten signiert werden. [Die Metadaten des Diensteanbieters zeigen diese Infos an]", + "Indicates whether the messages sent by this SP will be signed." : "Erfordert, dass die von diesem Diensteanbieter gesendeten Nachrichten signiert werden.", + "Indicates whether the messages sent by this SP will be signed." : "Zeigt an, ob die von diesem Diensteanbieter gesendeten Nachrichten signiert werden.", + "Whether the metadata should be signed." : "Gibt an, ob die Metadaten signiert werden sollen.", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Zeigt an, dass die von diesem SP empfangenen Elemente , und signiert werden müssen.", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Erfordert, dass die Elemente, die von diesem Diensteanbieter empfangen wurden, verschlüsselt sein müssen. [Metadaten des Diensteanbieters enthalten diese Informationen]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Erfordert, dass die Elemente, die von diesem Diensteanbieter empfangen wurden, verschlüsselt sein müssen.", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Erfordert, dass das NameID-Element der SAML-Antwort dieses Diensteanbieters vorhanden sein muss.", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Erfordert, dass die NameID, die von diesem Diensteanbieter empfangen wird, verschlüsselt sein muss.", + "Indicates if the SP will validate all received XML." : "Gibt an, ob der Diensteanbieter alle empfangenen XML-Inhalte überprüft.", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS kodiert SAML-URL-Daten in Kleinbuchstaben und das Toolkit nutzt als Standard Großbuchstaben. Diese Option für ADFS-Kompatibilität bei Signatur-Überprüfung aktivieren.", + "Algorithm that the toolkit will use on signing process." : "Algorithmus, den das Toolkit beim Signieren verwendet.", + "Attribute to map the UID to." : "Attribut dem die UID zugeordnet werden soll.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Anmeldung nur erlauben, wenn ein Konto auf einem anderen Backend vorhanden ist (z.B. LDAP)", + "Attribute to map the displayname to." : "Attribut dem der Anzeigename zugeordnet werden soll.", + "Attribute to map the email address to." : "Attribut dem die E-Mail-Adresse zugeordnet werden soll.", + "Attribute to map the quota to." : "Attribut, dem das Speicherkontingent zugeordnet werden soll.", + "Attribute to map the users groups to." : "Attribut, dem die Gruppen des Benutzers zugeordnet werden sollen.", + "Attribute to map the users home to." : "Attribut dem das zu Hause des Benutzers zugeordnet werden soll.", + "Email address" : "E-Mail-Adresse", + "Encrypted" : "Verschlüsselt", + "Entity" : "Einheit", + "Kerberos" : "Kerberos", + "Persistent" : "Dauerhaft", + "Transient" : "Flüchtig", + "Unspecified" : "Nicht spezifiziert", + "Windows domain qualified name" : "Windows-Domäne qualifizierter Name", + "X509 subject name" : "X509-Subjektname ", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "SAML-Autorisierung für die %s Desktop-Clients nutzen (erfordert eine Neu-Autorisierung der Benutzer)", + "Optional display name of the identity provider (default: \"SSO & SAML log in\")" : "Optional den Namen des Identitätsanbieters anzeigen (Standard: \"SSO- & SAML-Anmeldung\")", + "Allow the use of multiple user back-ends (e.g. LDAP)" : "Die Verwendung von mehreren Benutzerverwaltungen erlauben (z. B. LDAP)", + "SSO & SAML authentication" : "SSO & SAML-Autorisierung", + "Authenticate using single sign-on" : "Authentifizieren mit Single-Sign-On", + "Using the SSO & SAML app of your Nextcloud you can make it easily possible to integrate your existing Single-Sign-On solution with Nextcloud. In addition, you can use the Nextcloud LDAP user provider to keep the convenience for users. (e.g. when sharing)\nThe following providers are supported and tested at the moment:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Authentication via Environment Variable**\n\t* Kerberos (mod_auth_kerb)\n\t* Any other provider that authenticates using the environment variable\n\nWhile theoretically any other authentication provider implementing either one of those standards is compatible, we like to note that they are not part of any internal test matrix." : "Die SSO & SAML-App ermöglicht es Ihre bereits bestehende Singl-Sign-On-Lösung einfach in Nextcloud zu integrieren. Ausserdem kann der Nextcloud LDAP-Nutzer-Anbieter verwendet werden, um es den Nutzern (z.B. beim eilen) besonders einfach zu machen.\nBislang werden folgende Anbieter unterstützt und sind getestet:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Anmeldung über Umgebungsvariable**\n\t* Kerberos (mod_auth_kerb)\n\t* Alle anderen Anbieter, die die Umgebungsvariable verwenden\n\nObwohl theoretisch jeder andere Anmeldungs-Anbieter der einen der Standards implementiert hat verwendet werden kann, weisen wir darauf hin, dass diese anderen Anbieter nicht in unserer Test-Matrix berücksichtigt werden.", + "Open documentation" : "Dokumentation öffnen", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you enabled \"%s\" or you go directly to the URL %s." : "Es muss ein Benutzer mit Administrator-Rechten vorhanden sein, der sich mittels SSO anmelden kann. Eine Anmeldung mit Ihrem normalen Zugang %s ist dann nicht mehr möglich, außer Sie haben \"%s\" aktiviert oder Sie gehen direkt zur URL %s.", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you go directly to the URL %s." : "Es muss ein Benutzer mit Administrator-Rechten vorhanden sein, der sich mittels SSO anmelden kann. Eine Anmeldung mit ihrem normalen Zugang %s ist dann nicht mehr möglich, es sei denn, Sie gehen direkt zur URL %s.", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Bitte auswählen ob die Autorisierung mittels in Nextcloud integriertem SAML oder gegen eine Umgebungsvariable erfolgen soll.", + "Use built-in SAML authentication" : "Integrierte SAML-Autorisierung benutzen", + "Use environment variable" : "Umgebungsvariable benutzen", + "Global settings" : "Globale Einstellungen", + "Remove identity provider" : "Autorisierungsdienst entfernen", + "Add identity provider" : "Autorisierungsdienst hinzufügen", + "General" : "Allgemein", + "Service Provider Data" : "Diensteanbieter-Daten", + "If your Service Provider should use certificates you can optionally specify them here." : "Sollte Ihr Diensteanbieter Zertifikate benutzen dann haben Sie hier die Möglichkeit diese anzugeben.", + "Show Service Provider settings…" : "Zeige die Diensteanbieter-Einstellungen…", + "Name ID format" : "Name-ID-Format", + "Identity Provider Data" : "Daten des Autorisierungsdienstes", + "Configure your IdP settings here." : "Autorisierungsdienst-Einstellungen hier konfigurieren.", + "Identifier of the IdP entity (must be a URI)" : "Identifikationsmerkmal des Autorisierungsdienstes (muss URI sein)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "URL-Ziel des Autorisierungsdienstes an den der Diensteanbieter die Anmeldungsanfrage senden soll", + "Show optional Identity Provider settings…" : "Zeige optionale Autorisierungsdienst-Einstellungen", + "URL Location of the IdP where the SP will send the SLO Request" : "URL-Adresse des Autorisierungsdienstes an den der Diensteanbieter die SLO-Anfrage senden soll", + "URL Location of the IDP's SLO Response" : "URL-Adresse der SLO-Antwort des Autorisierungsdienstes", + "Public X.509 certificate of the IdP" : "Öffentliches X.509-Zertifikat des Autorisierungsdienstes", + "Attribute mapping" : "Attribute zuordnen", + "If you want to optionally map attributes to the user you can configure these here." : "Wenn Sie optional Attribute dem Benutzer zuordnen möchten, können Sie dies hier einstellen.", + "Show attribute mapping settings…" : "Einstellungen der Attribute-Zuordnung anzeigen… ", + "Security settings" : "Sicherheitseinstellungen", + "For increased security we recommend enabling the following settings if supported by your environment." : "Um die Sicherheit zu erhöhen empfehlen wir die nachfolgenden Einstellungen, soweit diese von Ihrer Installation unterstützt werden.", + "Show security settings…" : "Zeige Sicherheitseinstellungen… ", + "Signatures and encryption offered" : "Signaturen und Verschlüsselung werden angeboten", + "Signatures and encryption required" : "Signaturen und Verschlüsselung erforderlich", + "Download metadata XML" : "Lade Metadaten-XML herunter", + "Reset settings" : "Einstellungen zurücksetzen", + "Metadata invalid" : "Metadaten ungültig", + "Metadata valid" : "Metadaten gültig", + "Error" : "Fehler", + "Account not provisioned." : "Konto nicht bereitgestellt.", + "Your account is not provisioned, access to this service is thus not possible." : "Ihr Konto wird nicht bereitgestellt. Der Zugriff ist daher nicht möglich.", + "Login options:" : "Anmeldeoptionen:", + "Choose a authentication provider" : "Einen Authentifizierungsanbieter auswählen" +},"pluralForm" :"nplurals=2; plural=(n != 1);" +} \ No newline at end of file diff --git a/docker/nextcloud/user_saml/l10n/el.js b/docker/nextcloud/user_saml/l10n/el.js new file mode 100755 index 0000000..631ec59 --- /dev/null +++ b/docker/nextcloud/user_saml/l10n/el.js @@ -0,0 +1,89 @@ +OC.L10N.register( + "user_saml", + { + "This user account is disabled, please contact your administrator." : "Ο λογαριασμός χρήστη είναι απενεργοποιημένος, επικοινωνήστε με τον διαχειριστή σας.", + "Saved" : "Αποθηκεύτηκαν", + "Provider" : "Πάροχος", + "Unknown error, please check the log file for more details." : "Άγνωστο σφάλμα, παρακαλούμε ελέξτε το ιστορικό για περισσότερες λεπτομέρειες.", + "Direct log in" : "Άμεση είσοδος", + "SSO & SAML log in" : "Είσοδος SSO & SAML", + "This page should not be visited directly." : "Αυτή η σελίδα δεν πρέπει να επισκέφτεται απευθείας", + "Provider " : "Πάροχος", + "X.509 certificate of the Service Provider" : "Το πιστοποιητικό του Παρόχου Υπηρεσιών X.509", + "Private key of the Service Provider" : "Ιδιωτικό κλειδί για τον παροχέα δικτύου", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Υποδεικνύει ότι το αναγνωριστικό όνομα του  που αποστέλλονται από αυτό το SP θα κρυπτογραφηθούν.", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Υποδεικνύει το κατα πόσο των μηνυμάτων που αποστέλλονται από αυτό το SP θα υπογραφούν. [Τα μεταδεδομένα του SP θα προσφέρουν αυτές τις πληροφορίες]", + "Indicates whether the messages sent by this SP will be signed." : "Υποδεικνύει το κατα πόσο των μηνυμάτων που έχουν σταλλεί από αυτό το SP θα υπογραφούν.", + "Indicates whether the messages sent by this SP will be signed." : "Υποδεικνύει το κατα πόσο του  σταλθέντων μηνυμάτων απο αυτό το SP θα υπογραφούν.", + "Whether the metadata should be signed." : "Εάν τα μεταδεδομένα πρέπει να είναι υπογεγραμένα.", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Υποδεικνύει μία απαίτηση για το,καιτων ληφθέντων στοιχείων απο αυτό το SP ως προς υπογραφή.", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Προαπαιτείται για το των ληφθέντων στοιχείων απο αυτό το SP ως προς υπογραφή.[Τα μεταδεδομένα του SP θα προσφέρουν αυτές τις πληροφορίες]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Υποδεικνύει την απαίτηση κρυπτογράφησης των στοιχείων που λαμβάνονται από αυτό το SP.", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Υποδεικνύει μια απαίτηση για το στοιχείο ΌνομαΑντικειμένου στο SAMLResponse που λαμβάνεται από αυτό το SP να είναι παρόν.", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Υποδεικνύει την απαίτηση για κρυπτογράφηση του αναγνωριστικού ονόματος που λαμβάνεται από αυτό το SP.", + "Indicates if the SP will validate all received XML." : "Υποδεικνύει εάν το SP θα επικυρώσει όλες τις ληφθείσες XML.", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "Διεύθυνση URL ADFS - Κωδικοποιεί τα δεδομένα SAML ως πεζά και το κιτ εργαλείων χρησιμοποιεί από προεπιλογή κεφαλαία γράμματα. Ενεργοποιήστε τη συμβατότητα ADFS κατά την επαλήθευση υπογραφής.", + "Algorithm that the toolkit will use on signing process." : "Αλγόριθμος που θα χρησιμοποιήσει η εργαλειοθήκη κατά τη διαδικασία υπογραφής.", + "Attribute to map the UID to." : "Χαρακτηριστικό χαρτογράφησης του UID.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Να επιτρέπεται η πιστοποίηση μόνον εάν ένας λογαριασμός υπάρχει σε κάποιο άλλο backend. (πχ. LDAP)", + "Attribute to map the displayname to." : "Χαρακτηριστικό για τη χαρτογράφηση του ονόματος εμφάνισης.", + "Attribute to map the email address to." : "Χαρακτηριστικό για τη χαρτογράφηση της διεύθυνσης αλληλογραφίας.", + "Attribute to map the quota to." : "Χαρακτηριστικό χαρτογράφησης της ποσόστωσης.", + "Attribute to map the users groups to." : "Χαρακτηριστικό χαρτογράφησης της ομάδας χρηστών.", + "Attribute to map the users home to." : "Χαρακτηριστικό χαρτογράφησης της οικίας χρηστών.", + "Email address" : "Διεύθυνση αλληλογραφίας", + "Encrypted" : "Κρυπτογραφημένο", + "Entity" : "Οντότητα", + "Kerberos" : "Kerberos", + "Persistent" : "Επίμονος", + "Transient" : "Παροδικός", + "Unspecified" : "Απροσδιόριστος", + "Windows domain qualified name" : "Χαρακτηριστικό όνομα τομέα των Windows", + "X509 subject name" : "Όνομα θέματος X509", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Χρησιμοποιείστε πιστοποίηση SAML για τους %s σταθερούς υπολογιστές (απαιτείται έλεγχος επαλήθευσης από τον χρήστη)", + "Optional display name of the identity provider (default: \"SSO & SAML log in\")" : "Προαιρετικά εμφάνιση ονόματος ταυτότητας παρόχου (προεπιλογή:\"SSO & SAML\")", + "Allow the use of multiple user back-ends (e.g. LDAP)" : "Επιτρέψτε τη χρήση εφαρμογών παρασκηνίου (π.χ. LDAP)", + "SSO & SAML authentication" : "Πιστοποίηση SSO & SAML", + "Authenticate using single sign-on" : "Πιστοποίηση με χρήση απλής σύνδεσης", + "Using the SSO & SAML app of your Nextcloud you can make it easily possible to integrate your existing Single-Sign-On solution with Nextcloud. In addition, you can use the Nextcloud LDAP user provider to keep the convenience for users. (e.g. when sharing)\nThe following providers are supported and tested at the moment:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Authentication via Environment Variable**\n\t* Kerberos (mod_auth_kerb)\n\t* Any other provider that authenticates using the environment variable\n\nWhile theoretically any other authentication provider implementing either one of those standards is compatible, we like to note that they are not part of any internal test matrix." : "Χρησιμοποιώντας την εφαρμογή SSO & SAML του Nextcloud, μπορείτε εύκολα να ενσωματώσετε την υπάρχουσα λύση Ευκολή Σύνδεση με το Nextcloud. Επιπλέον, μπορείτε να χρησιμοποιήσετε τον πάροχο χρηστών του Nextcloud LDAP για να διατηρήσετε την ευκολία των χρηστών. (π.χ. κατά την κοινή χρήση)\nΣήμερα υποστηρίζονται και δοκιμάστηκαν οι παρακάτω πάροχες:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Authentication via Environment Variable**\n\t* Kerberos (mod_auth_kerb)\n\t * Κάθε άλλος πάροχος που πιστοποιείται με χρήση της μεταβλητής περιβάλλοντος\n\nΕνώ θεωρητικά οποιοσδήποτε άλλος πάροχος πιστοποίησης που εφαρμόζει ένα από αυτά τα πρότυπα είναι συμβατός, θέλουμε να σημειώσουμε ότι δεν αποτελούν μέρος εσωτερικών δοκιμών.", + "Open documentation" : "Άνοιγμα τεκμηρίωσης", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you enabled \"%s\" or you go directly to the URL %s." : "Βεβαιωθείτε ότι έχετε ρυθμίσει έναν χρήστη διαχείρισης ο οποίος μπορεί να έχει άμεση πρόσβαση μέσω SSO. Σύνδεση στον τακτικό λογαριασμό σας %sδε θα είναι δυνατή πλέον, εκτός και εάν ενεργοποιηθεί το \"%s\" ή μεταβείτε απευθείας στην URL %s.", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you go directly to the URL %s." : "Βεβαιωθείτε ότι έχετε ρυθμίσει έναν χρήστη διαχείρισης ο οποίος μπορεί να έχει άμεση πρόσβαση μέσω SSO. Σύνδεση στον τακτικό λογαριασμό σας %sδε θα είναι δυνατή πλέον, εκτός και εάν μεταβείτε απευθείας στην URL %s.", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Επιλέξτε εάν θέλετε να επαληθεύσετε την ταυτότητα χρησιμοποιώντας τον ενσωματωμένο στο Nextcloud φορέα SAML ή αν θέλετε να επαληθεύσετε την ταυτότητά σας σε σχέση με μια μεταβλητή περιβάλλοντος.", + "Use built-in SAML authentication" : "Χρησιμοποιήστε ενσωματωμένο έλεγχο ταυτότητας SAML", + "Use environment variable" : "Χρησιμοποιήστε μεταβλητή περιβάλλοντος", + "Global settings" : "Γενικές ρυθμίσεις", + "Remove identity provider" : "Κατάργηση ταυτότητας παρόχου", + "Add identity provider" : "Προσθήκη ταυτότητας παρόχου", + "General" : "Γενικά", + "Service Provider Data" : "Δεδομένα φορέα παροχής υπηρεσιών", + "If your Service Provider should use certificates you can optionally specify them here." : "Εάν ο πάροχος υπηρεσιών σας πρέπει να χρησιμοποιήσει πιστοποιητικά, μπορείτε να τα ορίσετε προαιρετικά εδώ.", + "Show Service Provider settings…" : "Εμφάνιση ρυθμίσεων Υπηρεσίας Παρόχου ...", + "Name ID format" : "Μορφή ταυτότητας ονόματος", + "Identity Provider Data" : "Στοιχεία παροχέα ταυτότητας", + "Configure your IdP settings here." : "Ρυθμίστε το IdP εδώ.", + "Identifier of the IdP entity (must be a URI)" : "Αναγνωριστικό οντότητας IdP (πρέπει να είναι URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "Αποδέκτης URL του IdP όπου το SP θα στείλει μήνυμα Αίτησης Ελέγχου Ταυτότητας", + "Show optional Identity Provider settings…" : "Εμφάνιση προαιρετικών ρυθμίσεων Παροχέα Ταυτότητας ...", + "URL Location of the IdP where the SP will send the SLO Request" : "Τοποθεσία URL του IdP όπου το SP θα στείλει Αίτηση SLO", + "URL Location of the IDP's SLO Response" : "Τοποθεσία URL της απάντησης SLO του IDP", + "Public X.509 certificate of the IdP" : "Δημόσιο πιστοποιητικό X.509 του IdP", + "Attribute mapping" : "Χαρτογράφηση χαρακτηριστικών", + "If you want to optionally map attributes to the user you can configure these here." : "Αν επιθυμείτε προαιρετικά να χαρτογραφήσετε χαρακτηριστικά στον χρήστη, μπορείτε να τις διαμορφώσετε εδώ.", + "Show attribute mapping settings…" : "Εμφάνιση ρυθμίσεων χαρτογράφησης χαρακτηριστικών ", + "Security settings" : "Ρυθμίσεις ασφαλείας", + "For increased security we recommend enabling the following settings if supported by your environment." : "Για αυξημένη ασφάλεια σας συνιστούμε να ενεργοποιήσετε τις παρακάτω ρυθμίσεις εάν υποστηρίζονται από το περιβάλλον σας.", + "Show security settings…" : "Εμφάνιση ρυθμίσεων ασφαλείας...", + "Signatures and encryption offered" : "Υπογραφές και κρυπτογράφηση που προσφέρονται", + "Signatures and encryption required" : "Απαιτούνται υπογραφές και κρυπτογράφηση", + "Download metadata XML" : "Λήψη μεταδεδομένων XML", + "Reset settings" : "Επαναφορά ρυθμίσεων", + "Metadata invalid" : "Μη έγκυρα μεταδεδομένα", + "Metadata valid" : "Έγκυρα μεταδεδομένα", + "Error" : "Σφάλμα", + "Account not provisioned." : "Ο λογαριασμός δεν προβλέφθηκε.", + "Your account is not provisioned, access to this service is thus not possible." : "Ο λογαριασμός σας δεν προβλέπεται, επομένως δεν είναι δυνατή η πρόσβαση σε αυτήν την υπηρεσία.", + "Login options:" : "Επιλογές σύνδεσης:", + "Choose a authentication provider" : "Επιλογή παρόχου πιστοποίησης" +}, +"nplurals=2; plural=(n != 1);"); diff --git a/docker/nextcloud/user_saml/l10n/el.json b/docker/nextcloud/user_saml/l10n/el.json new file mode 100755 index 0000000..6368c65 --- /dev/null +++ b/docker/nextcloud/user_saml/l10n/el.json @@ -0,0 +1,87 @@ +{ "translations": { + "This user account is disabled, please contact your administrator." : "Ο λογαριασμός χρήστη είναι απενεργοποιημένος, επικοινωνήστε με τον διαχειριστή σας.", + "Saved" : "Αποθηκεύτηκαν", + "Provider" : "Πάροχος", + "Unknown error, please check the log file for more details." : "Άγνωστο σφάλμα, παρακαλούμε ελέξτε το ιστορικό για περισσότερες λεπτομέρειες.", + "Direct log in" : "Άμεση είσοδος", + "SSO & SAML log in" : "Είσοδος SSO & SAML", + "This page should not be visited directly." : "Αυτή η σελίδα δεν πρέπει να επισκέφτεται απευθείας", + "Provider " : "Πάροχος", + "X.509 certificate of the Service Provider" : "Το πιστοποιητικό του Παρόχου Υπηρεσιών X.509", + "Private key of the Service Provider" : "Ιδιωτικό κλειδί για τον παροχέα δικτύου", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Υποδεικνύει ότι το αναγνωριστικό όνομα του  που αποστέλλονται από αυτό το SP θα κρυπτογραφηθούν.", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Υποδεικνύει το κατα πόσο των μηνυμάτων που αποστέλλονται από αυτό το SP θα υπογραφούν. [Τα μεταδεδομένα του SP θα προσφέρουν αυτές τις πληροφορίες]", + "Indicates whether the messages sent by this SP will be signed." : "Υποδεικνύει το κατα πόσο των μηνυμάτων που έχουν σταλλεί από αυτό το SP θα υπογραφούν.", + "Indicates whether the messages sent by this SP will be signed." : "Υποδεικνύει το κατα πόσο του  σταλθέντων μηνυμάτων απο αυτό το SP θα υπογραφούν.", + "Whether the metadata should be signed." : "Εάν τα μεταδεδομένα πρέπει να είναι υπογεγραμένα.", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Υποδεικνύει μία απαίτηση για το,καιτων ληφθέντων στοιχείων απο αυτό το SP ως προς υπογραφή.", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Προαπαιτείται για το των ληφθέντων στοιχείων απο αυτό το SP ως προς υπογραφή.[Τα μεταδεδομένα του SP θα προσφέρουν αυτές τις πληροφορίες]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Υποδεικνύει την απαίτηση κρυπτογράφησης των στοιχείων που λαμβάνονται από αυτό το SP.", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Υποδεικνύει μια απαίτηση για το στοιχείο ΌνομαΑντικειμένου στο SAMLResponse που λαμβάνεται από αυτό το SP να είναι παρόν.", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Υποδεικνύει την απαίτηση για κρυπτογράφηση του αναγνωριστικού ονόματος που λαμβάνεται από αυτό το SP.", + "Indicates if the SP will validate all received XML." : "Υποδεικνύει εάν το SP θα επικυρώσει όλες τις ληφθείσες XML.", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "Διεύθυνση URL ADFS - Κωδικοποιεί τα δεδομένα SAML ως πεζά και το κιτ εργαλείων χρησιμοποιεί από προεπιλογή κεφαλαία γράμματα. Ενεργοποιήστε τη συμβατότητα ADFS κατά την επαλήθευση υπογραφής.", + "Algorithm that the toolkit will use on signing process." : "Αλγόριθμος που θα χρησιμοποιήσει η εργαλειοθήκη κατά τη διαδικασία υπογραφής.", + "Attribute to map the UID to." : "Χαρακτηριστικό χαρτογράφησης του UID.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Να επιτρέπεται η πιστοποίηση μόνον εάν ένας λογαριασμός υπάρχει σε κάποιο άλλο backend. (πχ. LDAP)", + "Attribute to map the displayname to." : "Χαρακτηριστικό για τη χαρτογράφηση του ονόματος εμφάνισης.", + "Attribute to map the email address to." : "Χαρακτηριστικό για τη χαρτογράφηση της διεύθυνσης αλληλογραφίας.", + "Attribute to map the quota to." : "Χαρακτηριστικό χαρτογράφησης της ποσόστωσης.", + "Attribute to map the users groups to." : "Χαρακτηριστικό χαρτογράφησης της ομάδας χρηστών.", + "Attribute to map the users home to." : "Χαρακτηριστικό χαρτογράφησης της οικίας χρηστών.", + "Email address" : "Διεύθυνση αλληλογραφίας", + "Encrypted" : "Κρυπτογραφημένο", + "Entity" : "Οντότητα", + "Kerberos" : "Kerberos", + "Persistent" : "Επίμονος", + "Transient" : "Παροδικός", + "Unspecified" : "Απροσδιόριστος", + "Windows domain qualified name" : "Χαρακτηριστικό όνομα τομέα των Windows", + "X509 subject name" : "Όνομα θέματος X509", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Χρησιμοποιείστε πιστοποίηση SAML για τους %s σταθερούς υπολογιστές (απαιτείται έλεγχος επαλήθευσης από τον χρήστη)", + "Optional display name of the identity provider (default: \"SSO & SAML log in\")" : "Προαιρετικά εμφάνιση ονόματος ταυτότητας παρόχου (προεπιλογή:\"SSO & SAML\")", + "Allow the use of multiple user back-ends (e.g. LDAP)" : "Επιτρέψτε τη χρήση εφαρμογών παρασκηνίου (π.χ. LDAP)", + "SSO & SAML authentication" : "Πιστοποίηση SSO & SAML", + "Authenticate using single sign-on" : "Πιστοποίηση με χρήση απλής σύνδεσης", + "Using the SSO & SAML app of your Nextcloud you can make it easily possible to integrate your existing Single-Sign-On solution with Nextcloud. In addition, you can use the Nextcloud LDAP user provider to keep the convenience for users. (e.g. when sharing)\nThe following providers are supported and tested at the moment:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Authentication via Environment Variable**\n\t* Kerberos (mod_auth_kerb)\n\t* Any other provider that authenticates using the environment variable\n\nWhile theoretically any other authentication provider implementing either one of those standards is compatible, we like to note that they are not part of any internal test matrix." : "Χρησιμοποιώντας την εφαρμογή SSO & SAML του Nextcloud, μπορείτε εύκολα να ενσωματώσετε την υπάρχουσα λύση Ευκολή Σύνδεση με το Nextcloud. Επιπλέον, μπορείτε να χρησιμοποιήσετε τον πάροχο χρηστών του Nextcloud LDAP για να διατηρήσετε την ευκολία των χρηστών. (π.χ. κατά την κοινή χρήση)\nΣήμερα υποστηρίζονται και δοκιμάστηκαν οι παρακάτω πάροχες:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Authentication via Environment Variable**\n\t* Kerberos (mod_auth_kerb)\n\t * Κάθε άλλος πάροχος που πιστοποιείται με χρήση της μεταβλητής περιβάλλοντος\n\nΕνώ θεωρητικά οποιοσδήποτε άλλος πάροχος πιστοποίησης που εφαρμόζει ένα από αυτά τα πρότυπα είναι συμβατός, θέλουμε να σημειώσουμε ότι δεν αποτελούν μέρος εσωτερικών δοκιμών.", + "Open documentation" : "Άνοιγμα τεκμηρίωσης", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you enabled \"%s\" or you go directly to the URL %s." : "Βεβαιωθείτε ότι έχετε ρυθμίσει έναν χρήστη διαχείρισης ο οποίος μπορεί να έχει άμεση πρόσβαση μέσω SSO. Σύνδεση στον τακτικό λογαριασμό σας %sδε θα είναι δυνατή πλέον, εκτός και εάν ενεργοποιηθεί το \"%s\" ή μεταβείτε απευθείας στην URL %s.", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you go directly to the URL %s." : "Βεβαιωθείτε ότι έχετε ρυθμίσει έναν χρήστη διαχείρισης ο οποίος μπορεί να έχει άμεση πρόσβαση μέσω SSO. Σύνδεση στον τακτικό λογαριασμό σας %sδε θα είναι δυνατή πλέον, εκτός και εάν μεταβείτε απευθείας στην URL %s.", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Επιλέξτε εάν θέλετε να επαληθεύσετε την ταυτότητα χρησιμοποιώντας τον ενσωματωμένο στο Nextcloud φορέα SAML ή αν θέλετε να επαληθεύσετε την ταυτότητά σας σε σχέση με μια μεταβλητή περιβάλλοντος.", + "Use built-in SAML authentication" : "Χρησιμοποιήστε ενσωματωμένο έλεγχο ταυτότητας SAML", + "Use environment variable" : "Χρησιμοποιήστε μεταβλητή περιβάλλοντος", + "Global settings" : "Γενικές ρυθμίσεις", + "Remove identity provider" : "Κατάργηση ταυτότητας παρόχου", + "Add identity provider" : "Προσθήκη ταυτότητας παρόχου", + "General" : "Γενικά", + "Service Provider Data" : "Δεδομένα φορέα παροχής υπηρεσιών", + "If your Service Provider should use certificates you can optionally specify them here." : "Εάν ο πάροχος υπηρεσιών σας πρέπει να χρησιμοποιήσει πιστοποιητικά, μπορείτε να τα ορίσετε προαιρετικά εδώ.", + "Show Service Provider settings…" : "Εμφάνιση ρυθμίσεων Υπηρεσίας Παρόχου ...", + "Name ID format" : "Μορφή ταυτότητας ονόματος", + "Identity Provider Data" : "Στοιχεία παροχέα ταυτότητας", + "Configure your IdP settings here." : "Ρυθμίστε το IdP εδώ.", + "Identifier of the IdP entity (must be a URI)" : "Αναγνωριστικό οντότητας IdP (πρέπει να είναι URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "Αποδέκτης URL του IdP όπου το SP θα στείλει μήνυμα Αίτησης Ελέγχου Ταυτότητας", + "Show optional Identity Provider settings…" : "Εμφάνιση προαιρετικών ρυθμίσεων Παροχέα Ταυτότητας ...", + "URL Location of the IdP where the SP will send the SLO Request" : "Τοποθεσία URL του IdP όπου το SP θα στείλει Αίτηση SLO", + "URL Location of the IDP's SLO Response" : "Τοποθεσία URL της απάντησης SLO του IDP", + "Public X.509 certificate of the IdP" : "Δημόσιο πιστοποιητικό X.509 του IdP", + "Attribute mapping" : "Χαρτογράφηση χαρακτηριστικών", + "If you want to optionally map attributes to the user you can configure these here." : "Αν επιθυμείτε προαιρετικά να χαρτογραφήσετε χαρακτηριστικά στον χρήστη, μπορείτε να τις διαμορφώσετε εδώ.", + "Show attribute mapping settings…" : "Εμφάνιση ρυθμίσεων χαρτογράφησης χαρακτηριστικών ", + "Security settings" : "Ρυθμίσεις ασφαλείας", + "For increased security we recommend enabling the following settings if supported by your environment." : "Για αυξημένη ασφάλεια σας συνιστούμε να ενεργοποιήσετε τις παρακάτω ρυθμίσεις εάν υποστηρίζονται από το περιβάλλον σας.", + "Show security settings…" : "Εμφάνιση ρυθμίσεων ασφαλείας...", + "Signatures and encryption offered" : "Υπογραφές και κρυπτογράφηση που προσφέρονται", + "Signatures and encryption required" : "Απαιτούνται υπογραφές και κρυπτογράφηση", + "Download metadata XML" : "Λήψη μεταδεδομένων XML", + "Reset settings" : "Επαναφορά ρυθμίσεων", + "Metadata invalid" : "Μη έγκυρα μεταδεδομένα", + "Metadata valid" : "Έγκυρα μεταδεδομένα", + "Error" : "Σφάλμα", + "Account not provisioned." : "Ο λογαριασμός δεν προβλέφθηκε.", + "Your account is not provisioned, access to this service is thus not possible." : "Ο λογαριασμός σας δεν προβλέπεται, επομένως δεν είναι δυνατή η πρόσβαση σε αυτήν την υπηρεσία.", + "Login options:" : "Επιλογές σύνδεσης:", + "Choose a authentication provider" : "Επιλογή παρόχου πιστοποίησης" +},"pluralForm" :"nplurals=2; plural=(n != 1);" +} \ No newline at end of file diff --git a/docker/nextcloud/user_saml/l10n/en_GB.js b/docker/nextcloud/user_saml/l10n/en_GB.js new file mode 100755 index 0000000..8b073ea --- /dev/null +++ b/docker/nextcloud/user_saml/l10n/en_GB.js @@ -0,0 +1,65 @@ +OC.L10N.register( + "user_saml", + { + "This user account is disabled, please contact your administrator." : "This user account is disabled, please contact your administrator.", + "Saved" : "Saved", + "Unknown error, please check the log file for more details." : "Unknown error, please check the log file for more details.", + "Direct log in" : "Direct log in", + "SSO & SAML log in" : "SSO & SAML log in", + "X.509 certificate of the Service Provider" : "X.509 certificate of the Service Provider", + "Private key of the Service Provider" : "Private key of the Service Provider", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Indicates that the nameID of the sent by this SP will be encrypted.", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]", + "Indicates whether the messages sent by this SP will be signed." : "Indicates whether the messages sent by this SP will be signed.", + "Indicates whether the messages sent by this SP will be signed." : "Indicates whether the messages sent by this SP will be signed.", + "Whether the metadata should be signed." : "Whether the metadata should be signed.", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Indicates a requirement for the , and elements received by this SP to be signed.", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Indicates a requirement for the elements received by this SP to be encrypted.", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present.", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Indicates a requirement for the NameID received by this SP to be encrypted.", + "Indicates if the SP will validate all received XML." : "Indicates if the SP will validate all received XML.", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification.", + "Attribute to map the UID to." : "Attribute to map the UID to.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Only allow authentication if an account exists on some other backend. (e.g. LDAP)", + "Attribute to map the displayname to." : "Attribute to map the displayname to.", + "Attribute to map the email address to." : "Attribute to map the email address to.", + "Attribute to map the quota to." : "Attribute to map the quota to.", + "Attribute to map the users groups to." : "Attribute to map the users groups to.", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Use SAML auth for the %s desktop clients (requires user re-authentication)", + "Optional display name of the identity provider (default: \"SSO & SAML log in\")" : "Optional display name of the identity provider (default: \"SSO & SAML log in\")", + "Allow the use of multiple user back-ends (e.g. LDAP)" : "Allow the use of multiple user back-ends (e.g. LDAP)", + "SSO & SAML authentication" : "SSO & SAML authentication", + "Authenticate using single sign-on" : "Authenticate using single sign-on", + "Using the SSO & SAML app of your Nextcloud you can make it easily possible to integrate your existing Single-Sign-On solution with Nextcloud. In addition, you can use the Nextcloud LDAP user provider to keep the convenience for users. (e.g. when sharing)\nThe following providers are supported and tested at the moment:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Authentication via Environment Variable**\n\t* Kerberos (mod_auth_kerb)\n\t* Any other provider that authenticates using the environment variable\n\nWhile theoretically any other authentication provider implementing either one of those standards is compatible, we like to note that they are not part of any internal test matrix." : "Using the SSO & SAML app of your Nextcloud you can make it easily possible to integrate your existing Single-Sign-On solution with Nextcloud. In addition, you can use the Nextcloud LDAP user provider to keep the convenience for users. (e.g. when sharing)\nThe following providers are supported and tested at the moment:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Authentication via Environment Variable**\n\t* Kerberos (mod_auth_kerb)\n\t* Any other provider that authenticates using the environment variable\n\nWhile theoretically any other authentication provider implementing either one of those standards is compatible, we like to note that they are not part of any internal test matrix.", + "Open documentation" : "Open documentation", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable.", + "Use built-in SAML authentication" : "Use built-in SAML authentication", + "Use environment variable" : "Use environment variable", + "General" : "General", + "Service Provider Data" : "Service Provider Data", + "If your Service Provider should use certificates you can optionally specify them here." : "If your Service Provider should use certificates you can optionally specify them here.", + "Show Service Provider settings…" : "Show Service Provider settings…", + "Identity Provider Data" : "Identity Provider Data", + "Configure your IdP settings here." : "Configure your IdP settings here.", + "Identifier of the IdP entity (must be a URI)" : "Identifier of the IdP entity (must be a URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "URL Target of the IdP where the SP will send the Authentication Request Message", + "Show optional Identity Provider settings…" : "Show optional Identity Provider settings…", + "URL Location of the IdP where the SP will send the SLO Request" : "URL Location of the IdP where the SP will send the SLO Request", + "Public X.509 certificate of the IdP" : "Public X.509 certificate of the IdP", + "Attribute mapping" : "Attribute mapping", + "If you want to optionally map attributes to the user you can configure these here." : "If you want to optionally map attributes to the user you can configure these here.", + "Show attribute mapping settings…" : "Show attribute mapping settings…", + "Security settings" : "Security settings", + "For increased security we recommend enabling the following settings if supported by your environment." : "For increased security we recommend enabling the following settings if supported by your environment.", + "Show security settings…" : "Show security settings…", + "Signatures and encryption offered" : "Signatures and encryption offered", + "Signatures and encryption required" : "Signatures and encryption required", + "Download metadata XML" : "Download metadata XML", + "Metadata invalid" : "Metadata invalid", + "Metadata valid" : "Metadata valid", + "Error" : "Error", + "Account not provisioned." : "Account not provisioned.", + "Your account is not provisioned, access to this service is thus not possible." : "Your account is not provisioned, access to this service is thus not possible." +}, +"nplurals=2; plural=(n != 1);"); diff --git a/docker/nextcloud/user_saml/l10n/en_GB.json b/docker/nextcloud/user_saml/l10n/en_GB.json new file mode 100755 index 0000000..220ec21 --- /dev/null +++ b/docker/nextcloud/user_saml/l10n/en_GB.json @@ -0,0 +1,63 @@ +{ "translations": { + "This user account is disabled, please contact your administrator." : "This user account is disabled, please contact your administrator.", + "Saved" : "Saved", + "Unknown error, please check the log file for more details." : "Unknown error, please check the log file for more details.", + "Direct log in" : "Direct log in", + "SSO & SAML log in" : "SSO & SAML log in", + "X.509 certificate of the Service Provider" : "X.509 certificate of the Service Provider", + "Private key of the Service Provider" : "Private key of the Service Provider", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Indicates that the nameID of the sent by this SP will be encrypted.", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]", + "Indicates whether the messages sent by this SP will be signed." : "Indicates whether the messages sent by this SP will be signed.", + "Indicates whether the messages sent by this SP will be signed." : "Indicates whether the messages sent by this SP will be signed.", + "Whether the metadata should be signed." : "Whether the metadata should be signed.", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Indicates a requirement for the , and elements received by this SP to be signed.", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Indicates a requirement for the elements received by this SP to be encrypted.", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present.", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Indicates a requirement for the NameID received by this SP to be encrypted.", + "Indicates if the SP will validate all received XML." : "Indicates if the SP will validate all received XML.", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification.", + "Attribute to map the UID to." : "Attribute to map the UID to.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Only allow authentication if an account exists on some other backend. (e.g. LDAP)", + "Attribute to map the displayname to." : "Attribute to map the displayname to.", + "Attribute to map the email address to." : "Attribute to map the email address to.", + "Attribute to map the quota to." : "Attribute to map the quota to.", + "Attribute to map the users groups to." : "Attribute to map the users groups to.", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Use SAML auth for the %s desktop clients (requires user re-authentication)", + "Optional display name of the identity provider (default: \"SSO & SAML log in\")" : "Optional display name of the identity provider (default: \"SSO & SAML log in\")", + "Allow the use of multiple user back-ends (e.g. LDAP)" : "Allow the use of multiple user back-ends (e.g. LDAP)", + "SSO & SAML authentication" : "SSO & SAML authentication", + "Authenticate using single sign-on" : "Authenticate using single sign-on", + "Using the SSO & SAML app of your Nextcloud you can make it easily possible to integrate your existing Single-Sign-On solution with Nextcloud. In addition, you can use the Nextcloud LDAP user provider to keep the convenience for users. (e.g. when sharing)\nThe following providers are supported and tested at the moment:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Authentication via Environment Variable**\n\t* Kerberos (mod_auth_kerb)\n\t* Any other provider that authenticates using the environment variable\n\nWhile theoretically any other authentication provider implementing either one of those standards is compatible, we like to note that they are not part of any internal test matrix." : "Using the SSO & SAML app of your Nextcloud you can make it easily possible to integrate your existing Single-Sign-On solution with Nextcloud. In addition, you can use the Nextcloud LDAP user provider to keep the convenience for users. (e.g. when sharing)\nThe following providers are supported and tested at the moment:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Authentication via Environment Variable**\n\t* Kerberos (mod_auth_kerb)\n\t* Any other provider that authenticates using the environment variable\n\nWhile theoretically any other authentication provider implementing either one of those standards is compatible, we like to note that they are not part of any internal test matrix.", + "Open documentation" : "Open documentation", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable.", + "Use built-in SAML authentication" : "Use built-in SAML authentication", + "Use environment variable" : "Use environment variable", + "General" : "General", + "Service Provider Data" : "Service Provider Data", + "If your Service Provider should use certificates you can optionally specify them here." : "If your Service Provider should use certificates you can optionally specify them here.", + "Show Service Provider settings…" : "Show Service Provider settings…", + "Identity Provider Data" : "Identity Provider Data", + "Configure your IdP settings here." : "Configure your IdP settings here.", + "Identifier of the IdP entity (must be a URI)" : "Identifier of the IdP entity (must be a URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "URL Target of the IdP where the SP will send the Authentication Request Message", + "Show optional Identity Provider settings…" : "Show optional Identity Provider settings…", + "URL Location of the IdP where the SP will send the SLO Request" : "URL Location of the IdP where the SP will send the SLO Request", + "Public X.509 certificate of the IdP" : "Public X.509 certificate of the IdP", + "Attribute mapping" : "Attribute mapping", + "If you want to optionally map attributes to the user you can configure these here." : "If you want to optionally map attributes to the user you can configure these here.", + "Show attribute mapping settings…" : "Show attribute mapping settings…", + "Security settings" : "Security settings", + "For increased security we recommend enabling the following settings if supported by your environment." : "For increased security we recommend enabling the following settings if supported by your environment.", + "Show security settings…" : "Show security settings…", + "Signatures and encryption offered" : "Signatures and encryption offered", + "Signatures and encryption required" : "Signatures and encryption required", + "Download metadata XML" : "Download metadata XML", + "Metadata invalid" : "Metadata invalid", + "Metadata valid" : "Metadata valid", + "Error" : "Error", + "Account not provisioned." : "Account not provisioned.", + "Your account is not provisioned, access to this service is thus not possible." : "Your account is not provisioned, access to this service is thus not possible." +},"pluralForm" :"nplurals=2; plural=(n != 1);" +} \ No newline at end of file diff --git a/docker/nextcloud/user_saml/l10n/eo.js b/docker/nextcloud/user_saml/l10n/eo.js new file mode 100755 index 0000000..760302e --- /dev/null +++ b/docker/nextcloud/user_saml/l10n/eo.js @@ -0,0 +1,10 @@ +OC.L10N.register( + "user_saml", + { + "Saved" : "Konservita", + "Email address" : "Retpoŝtadreso", + "Open documentation" : "Malfermi la dokumentaron", + "General" : "Ĝenerala", + "Error" : "Eraro" +}, +"nplurals=2; plural=(n != 1);"); diff --git a/docker/nextcloud/user_saml/l10n/eo.json b/docker/nextcloud/user_saml/l10n/eo.json new file mode 100755 index 0000000..d398961 --- /dev/null +++ b/docker/nextcloud/user_saml/l10n/eo.json @@ -0,0 +1,8 @@ +{ "translations": { + "Saved" : "Konservita", + "Email address" : "Retpoŝtadreso", + "Open documentation" : "Malfermi la dokumentaron", + "General" : "Ĝenerala", + "Error" : "Eraro" +},"pluralForm" :"nplurals=2; plural=(n != 1);" +} \ No newline at end of file diff --git a/docker/nextcloud/user_saml/l10n/es.js b/docker/nextcloud/user_saml/l10n/es.js new file mode 100755 index 0000000..be17f69 --- /dev/null +++ b/docker/nextcloud/user_saml/l10n/es.js @@ -0,0 +1,89 @@ +OC.L10N.register( + "user_saml", + { + "This user account is disabled, please contact your administrator." : "Esta cuenta de usuario está deshabilitada. Por favor, ponte en contacto con el administrador.", + "Saved" : "Guardado", + "Provider" : "Proveedor", + "Unknown error, please check the log file for more details." : "Error desconocido. Por favor, revisa el registro para más información.", + "Direct log in" : "Inicio de sesión directo", + "SSO & SAML log in" : "Inicio de sesión mediante SSO & SAML", + "This page should not be visited directly." : "No se debería visitar directamente esta página.", + "Provider " : "Proveedor", + "X.509 certificate of the Service Provider" : "Certificado X.509 del Proveedor de Servicio", + "Private key of the Service Provider" : "Clave privada del Proveedor de Servicio", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Indica que el nameID del enviado por este SP será cifrado.", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Indica si los mensajes enviados por este SP serán firmados. [Los metadatos del SP ofrecerán esta información]", + "Indicates whether the messages sent by this SP will be signed." : "Indica cuando los mensajes mandados por este SP serán firmados.", + "Indicates whether the messages sent by this SP will be signed." : "Indica cuando el mensaje es enviado por este SP será firmado.", + "Whether the metadata should be signed." : "Tal vez los metadatos deban ser firmados.", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Indica un requisito para los elementos , y recibidos por este SP a ser asignado.", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Indica un requisito de los elementos recibido por este SP para ser firmados. [Metadata del SP ofrecerá este información]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Indica un requisito para el elemento recibido por este SP para ser cifrado.", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Indica un requisito para que el elemento NameID en el SAMLResponse recibido por este SP esté presente.", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Indica un requisito para que el NameID recibido por este SP esté cifrado.", + "Indicates if the SP will validate all received XML." : "Indica si el SP validará todo el XML recibido.", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS URL-Cifra datos SAML en minúsculas, y el kit de herramientas usa mayúsculas por omisión. Active ADFS para compatibilidad en la firma de verificación.", + "Algorithm that the toolkit will use on signing process." : "El algoritmo que la herramienta usará en el proceso de firma.", + "Attribute to map the UID to." : "Atributo para definir la UID.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Permitir la autenticación solo si una cuenta existe en algún otro motor (LDAP, p. ej.).", + "Attribute to map the displayname to." : "Atributo para definir el nombre mostrado", + "Attribute to map the email address to." : "Atributo para definir la dirección de correo electrónico", + "Attribute to map the quota to." : "Atributo para asignar la cuota a.", + "Attribute to map the users groups to." : "Atributo para mapear los grupos de usuarios", + "Attribute to map the users home to." : "Atributo para mapear los grupos de usuarios", + "Email address" : "Dirección de correo", + "Encrypted" : "Cifrado", + "Entity" : "Entidad", + "Kerberos" : "Kerberos", + "Persistent" : "Persistente", + "Transient" : "Transitorio", + "Unspecified" : "No especificado", + "Windows domain qualified name" : "Nombre calificado de dominio Windows", + "X509 subject name" : "Nombre de asunto o sujeto X509", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Usar la autenticación SAML para los clientes de escritorio %s (necesita una re-autenticación del usuario)", + "Optional display name of the identity provider (default: \"SSO & SAML log in\")" : "Visualización opcional del nombre del proveedor de identidad (predeterminado: \"inicio de sesión de SSO y SAML\")", + "Allow the use of multiple user back-ends (e.g. LDAP)" : "Permitir el uso de back-ends de múltiples usuarios (por ejemplo, LDAP)", + "SSO & SAML authentication" : "Autenticación SSO & SAML", + "Authenticate using single sign-on" : "Autenticación usando single sign-on", + "Using the SSO & SAML app of your Nextcloud you can make it easily possible to integrate your existing Single-Sign-On solution with Nextcloud. In addition, you can use the Nextcloud LDAP user provider to keep the convenience for users. (e.g. when sharing)\nThe following providers are supported and tested at the moment:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Authentication via Environment Variable**\n\t* Kerberos (mod_auth_kerb)\n\t* Any other provider that authenticates using the environment variable\n\nWhile theoretically any other authentication provider implementing either one of those standards is compatible, we like to note that they are not part of any internal test matrix." : "Usando la app SSO y SAML en tu NextCloud puedes hacer posible integrar tu solución de single sign-on con Nextcloud. Además, puedes usar el proveedor de usuarios LDAP de NextCloud para mantener la conveniencia para usuarios (p. ej., al compartir).\nLos siguientes proveedores están soportados y han sido comprobados por el momentos:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n** Autenticación vía variable de entorno**\n\t* Kerberos (mod_auth_kerb)\n\t* Cualquier otro proveedor que autentique usando la variable de entorno\n\n\tMientras que teóricamente cualquier otro proveedor de autenticación que implemente cualquiera de estos estándares es compatible, queremos hacer notar que no son parte de ninguna matriz de prueba interna", + "Open documentation" : "Abrir documentación", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you enabled \"%s\" or you go directly to the URL %s." : "Asegúrate de configurar un usuario administrativo que puede acceder a la instancia vía SSO. Entrar con tu cuenta habitual %s no será ya posible, a no ser que hayas activado \"%s\" o vayas directamente a la URL %s.", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you go directly to the URL %s." : "Asegúrate de configurar un usuario administrativo que puede acceder a la instancia vía SSO. Entrar con tu cuenta habitual %s no será ya posible, a no ser que vayas directamente a la URL %s.", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Por favor elija si desea autenticar usando el proveedor SAML nativo en Nextcloud o si desea autenticar contra una variable del entorno.", + "Use built-in SAML authentication" : "Use la autenticación nativa SAML", + "Use environment variable" : "Usar variable de entorno", + "Global settings" : "Ajustes globales", + "Remove identity provider" : "Eliminar proveedor de identidad", + "Add identity provider" : "Añadir proveedor de identidad", + "General" : "General", + "Service Provider Data" : "Proovedor de Servicio de Datos", + "If your Service Provider should use certificates you can optionally specify them here." : "Si su proveedor de servicio usa certificados, se pueden opcionalmente especificar aquí.", + "Show Service Provider settings…" : "Mostrar configuración del Proveedor de servicio", + "Name ID format" : "Formato del ID de nombre", + "Identity Provider Data" : "Identificación del Proveedor de Datos", + "Configure your IdP settings here." : "Configura tus configuraciones de IdP aquí.", + "Identifier of the IdP entity (must be a URI)" : "Identificador de la entidad IdP (debe ser un URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "URL objetivo del IdP donde el SP mandará el Mensaje de Solicitud de Autenticación", + "Show optional Identity Provider settings…" : "Mostrar configuración del Proveedor de identidad opcional...", + "URL Location of the IdP where the SP will send the SLO Request" : "Dirección URL de el IdP donde el SP enviará las peticiones SLO", + "URL Location of the IDP's SLO Response" : "Dirección URL de la respuesta SLO del IDP", + "Public X.509 certificate of the IdP" : "Certificado público X.509 del IdP", + "Attribute mapping" : "Definición de atributos", + "If you want to optionally map attributes to the user you can configure these here." : "Si opcionalmente quieres mapear atributos al usuario puedes configurar éstos aquí.", + "Show attribute mapping settings…" : "Mostrar configuración de mapeado de atributos...", + "Security settings" : "Configuración de seguridad", + "For increased security we recommend enabling the following settings if supported by your environment." : "Para incrementar la seguridad recomendamos activar los siguientes ajustes si son soportados por su entorno.", + "Show security settings…" : "Mostrar configuración de seguridad...", + "Signatures and encryption offered" : "Firmas y cifrado ofrecido", + "Signatures and encryption required" : "Firmas y cifrado necesitado", + "Download metadata XML" : "Descargar metadatos en XML", + "Reset settings" : "Volver a configuración por defecto", + "Metadata invalid" : "Metadatos inválidos", + "Metadata valid" : "Metadatos válidos", + "Error" : "Error", + "Account not provisioned." : "Cuenta de usuario no aprovisionada.", + "Your account is not provisioned, access to this service is thus not possible." : "Su cuenta no esta aprovisionada, por lo tanto el acceso a este servicio no es posible.", + "Login options:" : "Opciones de login:", + "Choose a authentication provider" : "Escoge un proveedor de autenticación" +}, +"nplurals=2; plural=(n != 1);"); diff --git a/docker/nextcloud/user_saml/l10n/es.json b/docker/nextcloud/user_saml/l10n/es.json new file mode 100755 index 0000000..7377f8e --- /dev/null +++ b/docker/nextcloud/user_saml/l10n/es.json @@ -0,0 +1,87 @@ +{ "translations": { + "This user account is disabled, please contact your administrator." : "Esta cuenta de usuario está deshabilitada. Por favor, ponte en contacto con el administrador.", + "Saved" : "Guardado", + "Provider" : "Proveedor", + "Unknown error, please check the log file for more details." : "Error desconocido. Por favor, revisa el registro para más información.", + "Direct log in" : "Inicio de sesión directo", + "SSO & SAML log in" : "Inicio de sesión mediante SSO & SAML", + "This page should not be visited directly." : "No se debería visitar directamente esta página.", + "Provider " : "Proveedor", + "X.509 certificate of the Service Provider" : "Certificado X.509 del Proveedor de Servicio", + "Private key of the Service Provider" : "Clave privada del Proveedor de Servicio", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Indica que el nameID del enviado por este SP será cifrado.", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Indica si los mensajes enviados por este SP serán firmados. [Los metadatos del SP ofrecerán esta información]", + "Indicates whether the messages sent by this SP will be signed." : "Indica cuando los mensajes mandados por este SP serán firmados.", + "Indicates whether the messages sent by this SP will be signed." : "Indica cuando el mensaje es enviado por este SP será firmado.", + "Whether the metadata should be signed." : "Tal vez los metadatos deban ser firmados.", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Indica un requisito para los elementos , y recibidos por este SP a ser asignado.", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Indica un requisito de los elementos recibido por este SP para ser firmados. [Metadata del SP ofrecerá este información]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Indica un requisito para el elemento recibido por este SP para ser cifrado.", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Indica un requisito para que el elemento NameID en el SAMLResponse recibido por este SP esté presente.", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Indica un requisito para que el NameID recibido por este SP esté cifrado.", + "Indicates if the SP will validate all received XML." : "Indica si el SP validará todo el XML recibido.", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS URL-Cifra datos SAML en minúsculas, y el kit de herramientas usa mayúsculas por omisión. Active ADFS para compatibilidad en la firma de verificación.", + "Algorithm that the toolkit will use on signing process." : "El algoritmo que la herramienta usará en el proceso de firma.", + "Attribute to map the UID to." : "Atributo para definir la UID.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Permitir la autenticación solo si una cuenta existe en algún otro motor (LDAP, p. ej.).", + "Attribute to map the displayname to." : "Atributo para definir el nombre mostrado", + "Attribute to map the email address to." : "Atributo para definir la dirección de correo electrónico", + "Attribute to map the quota to." : "Atributo para asignar la cuota a.", + "Attribute to map the users groups to." : "Atributo para mapear los grupos de usuarios", + "Attribute to map the users home to." : "Atributo para mapear los grupos de usuarios", + "Email address" : "Dirección de correo", + "Encrypted" : "Cifrado", + "Entity" : "Entidad", + "Kerberos" : "Kerberos", + "Persistent" : "Persistente", + "Transient" : "Transitorio", + "Unspecified" : "No especificado", + "Windows domain qualified name" : "Nombre calificado de dominio Windows", + "X509 subject name" : "Nombre de asunto o sujeto X509", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Usar la autenticación SAML para los clientes de escritorio %s (necesita una re-autenticación del usuario)", + "Optional display name of the identity provider (default: \"SSO & SAML log in\")" : "Visualización opcional del nombre del proveedor de identidad (predeterminado: \"inicio de sesión de SSO y SAML\")", + "Allow the use of multiple user back-ends (e.g. LDAP)" : "Permitir el uso de back-ends de múltiples usuarios (por ejemplo, LDAP)", + "SSO & SAML authentication" : "Autenticación SSO & SAML", + "Authenticate using single sign-on" : "Autenticación usando single sign-on", + "Using the SSO & SAML app of your Nextcloud you can make it easily possible to integrate your existing Single-Sign-On solution with Nextcloud. In addition, you can use the Nextcloud LDAP user provider to keep the convenience for users. (e.g. when sharing)\nThe following providers are supported and tested at the moment:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Authentication via Environment Variable**\n\t* Kerberos (mod_auth_kerb)\n\t* Any other provider that authenticates using the environment variable\n\nWhile theoretically any other authentication provider implementing either one of those standards is compatible, we like to note that they are not part of any internal test matrix." : "Usando la app SSO y SAML en tu NextCloud puedes hacer posible integrar tu solución de single sign-on con Nextcloud. Además, puedes usar el proveedor de usuarios LDAP de NextCloud para mantener la conveniencia para usuarios (p. ej., al compartir).\nLos siguientes proveedores están soportados y han sido comprobados por el momentos:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n** Autenticación vía variable de entorno**\n\t* Kerberos (mod_auth_kerb)\n\t* Cualquier otro proveedor que autentique usando la variable de entorno\n\n\tMientras que teóricamente cualquier otro proveedor de autenticación que implemente cualquiera de estos estándares es compatible, queremos hacer notar que no son parte de ninguna matriz de prueba interna", + "Open documentation" : "Abrir documentación", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you enabled \"%s\" or you go directly to the URL %s." : "Asegúrate de configurar un usuario administrativo que puede acceder a la instancia vía SSO. Entrar con tu cuenta habitual %s no será ya posible, a no ser que hayas activado \"%s\" o vayas directamente a la URL %s.", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you go directly to the URL %s." : "Asegúrate de configurar un usuario administrativo que puede acceder a la instancia vía SSO. Entrar con tu cuenta habitual %s no será ya posible, a no ser que vayas directamente a la URL %s.", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Por favor elija si desea autenticar usando el proveedor SAML nativo en Nextcloud o si desea autenticar contra una variable del entorno.", + "Use built-in SAML authentication" : "Use la autenticación nativa SAML", + "Use environment variable" : "Usar variable de entorno", + "Global settings" : "Ajustes globales", + "Remove identity provider" : "Eliminar proveedor de identidad", + "Add identity provider" : "Añadir proveedor de identidad", + "General" : "General", + "Service Provider Data" : "Proovedor de Servicio de Datos", + "If your Service Provider should use certificates you can optionally specify them here." : "Si su proveedor de servicio usa certificados, se pueden opcionalmente especificar aquí.", + "Show Service Provider settings…" : "Mostrar configuración del Proveedor de servicio", + "Name ID format" : "Formato del ID de nombre", + "Identity Provider Data" : "Identificación del Proveedor de Datos", + "Configure your IdP settings here." : "Configura tus configuraciones de IdP aquí.", + "Identifier of the IdP entity (must be a URI)" : "Identificador de la entidad IdP (debe ser un URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "URL objetivo del IdP donde el SP mandará el Mensaje de Solicitud de Autenticación", + "Show optional Identity Provider settings…" : "Mostrar configuración del Proveedor de identidad opcional...", + "URL Location of the IdP where the SP will send the SLO Request" : "Dirección URL de el IdP donde el SP enviará las peticiones SLO", + "URL Location of the IDP's SLO Response" : "Dirección URL de la respuesta SLO del IDP", + "Public X.509 certificate of the IdP" : "Certificado público X.509 del IdP", + "Attribute mapping" : "Definición de atributos", + "If you want to optionally map attributes to the user you can configure these here." : "Si opcionalmente quieres mapear atributos al usuario puedes configurar éstos aquí.", + "Show attribute mapping settings…" : "Mostrar configuración de mapeado de atributos...", + "Security settings" : "Configuración de seguridad", + "For increased security we recommend enabling the following settings if supported by your environment." : "Para incrementar la seguridad recomendamos activar los siguientes ajustes si son soportados por su entorno.", + "Show security settings…" : "Mostrar configuración de seguridad...", + "Signatures and encryption offered" : "Firmas y cifrado ofrecido", + "Signatures and encryption required" : "Firmas y cifrado necesitado", + "Download metadata XML" : "Descargar metadatos en XML", + "Reset settings" : "Volver a configuración por defecto", + "Metadata invalid" : "Metadatos inválidos", + "Metadata valid" : "Metadatos válidos", + "Error" : "Error", + "Account not provisioned." : "Cuenta de usuario no aprovisionada.", + "Your account is not provisioned, access to this service is thus not possible." : "Su cuenta no esta aprovisionada, por lo tanto el acceso a este servicio no es posible.", + "Login options:" : "Opciones de login:", + "Choose a authentication provider" : "Escoge un proveedor de autenticación" +},"pluralForm" :"nplurals=2; plural=(n != 1);" +} \ No newline at end of file diff --git a/docker/nextcloud/user_saml/l10n/es_419.js b/docker/nextcloud/user_saml/l10n/es_419.js new file mode 100755 index 0000000..1dd4add --- /dev/null +++ b/docker/nextcloud/user_saml/l10n/es_419.js @@ -0,0 +1,55 @@ +OC.L10N.register( + "user_saml", + { + "Saved" : "Guardado", + "X.509 certificate of the Service Provider" : "certificado X.509 del Proveedor de Servicio", + "Private key of the Service Provider" : "Llave privada del Proveedor de Servicio", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Indica que el nameID de enviado por este SP será encriptado. ", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Indica si los mensajes enviados por este SP serán firmados. [Los metadatos del SP proporcionarán esta información]", + "Indicates whether the messages sent by this SP will be signed." : "Indica si los mensjaes enviados por este SP serán firmados. ", + "Indicates whether the messages sent by this SP will be signed." : "Indica is los mensajes enviados por este SP serán firmados. ", + "Whether the metadata should be signed." : "Si los metadatos deben ser firmados o no. ", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Indica un requerimiento para que los elementos recibidos , y por este SP sean firmados. ", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Indica un requerimiento para que los elementos recibidos de este SP sean firmados. [Los metadatos del SP proporcionarán esta información]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Indica un requerimiento para que los elelemtnos recibidos de este SP sean encriptados. ", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Indica un requerimiento para que el elemento NameID en la SAMLResponse recibida por este SP esté presente. ", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Indica que un requerimiento para el NameID recibido por este SP está encriptado.", + "Indicates if the SP will validate all received XML." : "Indica si el SP validará todos el XML recibido. ", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS URL-Codifica los datos SAML como minúsculas, y el juego de herramientas usa mayúsculas por defecto. Habilita para tener compatibilidad con ADFS en la verificación de la firma.", + "Attribute to map the UID to." : "Atributo a mapear al UID.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Sólo permitir la autenticación si la cuenta exite en algún otro backend. (p. ej. LDAP)", + "Attribute to map the displayname to." : "Atributo a mapear a displayname. ", + "Attribute to map the email address to." : "Atributo a mapear a email address.", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Por favor usa autenticación SAML para los %s clientes de escritorio (se requiere volver a autenticar)", + "SSO & SAML authentication" : "Autenticación SSO & SAML", + "Open documentation" : "Abrir documentación", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Por favor selecciona si deseas autenticarte usando el proveedor integrado SAML de Nextcloud o si deseas autenticarte contra una variable de ambiente. ", + "Use built-in SAML authentication" : "Usar autenticación SAML integrada", + "Use environment variable" : "Usar la variable de ambiente", + "General" : "General", + "Service Provider Data" : "Datos del Proveedor de Servicio", + "If your Service Provider should use certificates you can optionally specify them here." : "Si tu Proveedor de Servicio debe usar certificados, puedes especificarlos opcionalmente desde aquí.", + "Show Service Provider settings…" : "Mostrar las configuraciones de Proveedor de Servicio...", + "Identity Provider Data" : "Datos del Proveedor de Identidad", + "Configure your IdP settings here." : "Configura las configuraciones de IdP aquí. ", + "Identifier of the IdP entity (must be a URI)" : "Identificador de la entidad IdP (debe ser un URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "URL Destino del IdP donde el SP enviará automaticamente el Mensaje de Solicitud de Autenticación", + "Show optional Identity Provider settings…" : "Mostrar las configuraciones opcionales del Proveedor de Identidad...", + "URL Location of the IdP where the SP will send the SLO Request" : "Ubicación del URL del IdP donde el SP enviará la Solicitud SLO", + "Public X.509 certificate of the IdP" : "Certificado X.509 público del IdP", + "Attribute mapping" : "Mapeo del atributo", + "If you want to optionally map attributes to the user you can configure these here." : "SI opcionalmente quieres mapear los atributos del usuario, puedes configurarlos aquí.", + "Show attribute mapping settings…" : "Mostrar las configuraciones del mapeo de atributos...", + "Security settings" : "Configuraciones de seguridad", + "For increased security we recommend enabling the following settings if supported by your environment." : "Para mayor seguridad te recomendamos habilitar las siguientes configuraciones si están soportados en tu ambiente.", + "Show security settings…" : "Mostrar las configuraciones de seguridad...", + "Signatures and encryption offered" : "Firmas y encripción disponibles", + "Signatures and encryption required" : "Firmas y encripción requeridos", + "Download metadata XML" : "Descargar metadatos XML", + "Metadata invalid" : "Metadatos inválidos", + "Metadata valid" : "Metadatos válidos", + "Error" : "Error", + "Account not provisioned." : "La cuenta no está aprovisionada. ", + "Your account is not provisioned, access to this service is thus not possible." : "Tu cuenta no ha sido aprovisionada, por lo cual el acceso a este servico no es posible. " +}, +"nplurals=2; plural=(n != 1);"); diff --git a/docker/nextcloud/user_saml/l10n/es_419.json b/docker/nextcloud/user_saml/l10n/es_419.json new file mode 100755 index 0000000..d7b0780 --- /dev/null +++ b/docker/nextcloud/user_saml/l10n/es_419.json @@ -0,0 +1,53 @@ +{ "translations": { + "Saved" : "Guardado", + "X.509 certificate of the Service Provider" : "certificado X.509 del Proveedor de Servicio", + "Private key of the Service Provider" : "Llave privada del Proveedor de Servicio", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Indica que el nameID de enviado por este SP será encriptado. ", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Indica si los mensajes enviados por este SP serán firmados. [Los metadatos del SP proporcionarán esta información]", + "Indicates whether the messages sent by this SP will be signed." : "Indica si los mensjaes enviados por este SP serán firmados. ", + "Indicates whether the messages sent by this SP will be signed." : "Indica is los mensajes enviados por este SP serán firmados. ", + "Whether the metadata should be signed." : "Si los metadatos deben ser firmados o no. ", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Indica un requerimiento para que los elementos recibidos , y por este SP sean firmados. ", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Indica un requerimiento para que los elementos recibidos de este SP sean firmados. [Los metadatos del SP proporcionarán esta información]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Indica un requerimiento para que los elelemtnos recibidos de este SP sean encriptados. ", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Indica un requerimiento para que el elemento NameID en la SAMLResponse recibida por este SP esté presente. ", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Indica que un requerimiento para el NameID recibido por este SP está encriptado.", + "Indicates if the SP will validate all received XML." : "Indica si el SP validará todos el XML recibido. ", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS URL-Codifica los datos SAML como minúsculas, y el juego de herramientas usa mayúsculas por defecto. Habilita para tener compatibilidad con ADFS en la verificación de la firma.", + "Attribute to map the UID to." : "Atributo a mapear al UID.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Sólo permitir la autenticación si la cuenta exite en algún otro backend. (p. ej. LDAP)", + "Attribute to map the displayname to." : "Atributo a mapear a displayname. ", + "Attribute to map the email address to." : "Atributo a mapear a email address.", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Por favor usa autenticación SAML para los %s clientes de escritorio (se requiere volver a autenticar)", + "SSO & SAML authentication" : "Autenticación SSO & SAML", + "Open documentation" : "Abrir documentación", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Por favor selecciona si deseas autenticarte usando el proveedor integrado SAML de Nextcloud o si deseas autenticarte contra una variable de ambiente. ", + "Use built-in SAML authentication" : "Usar autenticación SAML integrada", + "Use environment variable" : "Usar la variable de ambiente", + "General" : "General", + "Service Provider Data" : "Datos del Proveedor de Servicio", + "If your Service Provider should use certificates you can optionally specify them here." : "Si tu Proveedor de Servicio debe usar certificados, puedes especificarlos opcionalmente desde aquí.", + "Show Service Provider settings…" : "Mostrar las configuraciones de Proveedor de Servicio...", + "Identity Provider Data" : "Datos del Proveedor de Identidad", + "Configure your IdP settings here." : "Configura las configuraciones de IdP aquí. ", + "Identifier of the IdP entity (must be a URI)" : "Identificador de la entidad IdP (debe ser un URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "URL Destino del IdP donde el SP enviará automaticamente el Mensaje de Solicitud de Autenticación", + "Show optional Identity Provider settings…" : "Mostrar las configuraciones opcionales del Proveedor de Identidad...", + "URL Location of the IdP where the SP will send the SLO Request" : "Ubicación del URL del IdP donde el SP enviará la Solicitud SLO", + "Public X.509 certificate of the IdP" : "Certificado X.509 público del IdP", + "Attribute mapping" : "Mapeo del atributo", + "If you want to optionally map attributes to the user you can configure these here." : "SI opcionalmente quieres mapear los atributos del usuario, puedes configurarlos aquí.", + "Show attribute mapping settings…" : "Mostrar las configuraciones del mapeo de atributos...", + "Security settings" : "Configuraciones de seguridad", + "For increased security we recommend enabling the following settings if supported by your environment." : "Para mayor seguridad te recomendamos habilitar las siguientes configuraciones si están soportados en tu ambiente.", + "Show security settings…" : "Mostrar las configuraciones de seguridad...", + "Signatures and encryption offered" : "Firmas y encripción disponibles", + "Signatures and encryption required" : "Firmas y encripción requeridos", + "Download metadata XML" : "Descargar metadatos XML", + "Metadata invalid" : "Metadatos inválidos", + "Metadata valid" : "Metadatos válidos", + "Error" : "Error", + "Account not provisioned." : "La cuenta no está aprovisionada. ", + "Your account is not provisioned, access to this service is thus not possible." : "Tu cuenta no ha sido aprovisionada, por lo cual el acceso a este servico no es posible. " +},"pluralForm" :"nplurals=2; plural=(n != 1);" +} \ No newline at end of file diff --git a/docker/nextcloud/user_saml/l10n/es_AR.js b/docker/nextcloud/user_saml/l10n/es_AR.js new file mode 100755 index 0000000..be98365 --- /dev/null +++ b/docker/nextcloud/user_saml/l10n/es_AR.js @@ -0,0 +1,50 @@ +OC.L10N.register( + "user_saml", + { + "Saved" : "Guardado", + "X.509 certificate of the Service Provider" : "certificado X.509 del Proveedor de Servicio", + "Private key of the Service Provider" : "Llave privada del Proveedor de Servicio", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Indica que el nameID de enviado por este SP será encriptado. ", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Indica si los mensajes enviados por este SP serán firmados. [Los metadatos del SP proporcionarán esta información]", + "Indicates whether the messages sent by this SP will be signed." : "Indica si los mensjaes enviados por este SP serán firmados. ", + "Indicates whether the messages sent by this SP will be signed." : "Indica is los mensajes enviados por este SP serán firmados. ", + "Whether the metadata should be signed." : "Si los metadatos deben ser firmados o no. ", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Indica un requerimiento para que los elementos recibidos , y por este SP sean firmados. ", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Indica un requerimientos para que los elementos recibidos por este SP para ser firmados. [Los metadatos del SP proporcionarán esta información]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Indica un requerimiento para que los elelemtnos recibidos de este SP sean encriptados. ", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Indica un requerimiento para que el elemento NameID en la SAMLResponse recibida por este SP esté presente. ", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Indica que un requerimiento para el NameID recibido por este SP está encriptado.", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS URL-Codifica los datos SAML como minúsculas, y el juego de herramientas usa mayúsculas por defecto. Habilite para tener compatibilidad con ADFS en la verificacón de la firma.", + "Attribute to map the UID to." : "Atributo a mapear al UID.", + "Attribute to map the displayname to." : "Atributo a mapear a displayname. ", + "Attribute to map the email address to." : "Atributo a mapear a email address.", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Favor de usar autenticación SAML para los %s clientes de escritorio (se requiere volver a autenticar)", + "SSO & SAML authentication" : "Autenticación SSO & SAML", + "Open documentation" : "Abrir documentación", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Favor de seleccionar si usted desdea autenticarse usando el proveedor integrado SAML de Nextcloud o si desdea autenticarse contra una variable de ambiente. ", + "Use built-in SAML authentication" : "Usar autenticación SAML integrada", + "Use environment variable" : "Usar la variable de ambiente", + "Remove identity provider" : "Eliminar proveedor de identidad", + "Add identity provider" : "Añadir proveedor de identidad", + "General" : "General", + "Service Provider Data" : "Datos del Proveedor de Servicio", + "If your Service Provider should use certificates you can optionally specify them here." : "Si su Proveedor de Servicio debe usar certificados, usted puede especificarlos opcionalmente desde aquí.", + "Identity Provider Data" : "Datos del Proveedor de Identidad", + "Configure your IdP settings here." : "Configure los configuraciones de IdP aquí. ", + "Identifier of the IdP entity (must be a URI)" : "Identificador de la entidad IdP (debe ser un URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "URL Destino del IdP donde el SP enviará automaticamente el Mensaje de Solicitud de Autenticación", + "URL Location of the IdP where the SP will send the SLO Request" : "Ubicación del URL del IdP donde el SP enviará la Solicitud SLO", + "Public X.509 certificate of the IdP" : "Certificado X.509 público del IdP", + "Attribute mapping" : "Mapeo del atributo", + "Security settings" : "Configuraciones de seguridad", + "For increased security we recommend enabling the following settings if supported by your environment." : "Para mayor seguridad le recomendamos habilitar las siguientes configuraciones si están soportados en su ambiente.", + "Signatures and encryption offered" : "Firmas y encripción disponibles", + "Signatures and encryption required" : "Firmas y encripción requeridos", + "Download metadata XML" : "Descargar metadatos XML", + "Metadata invalid" : "Metadatos inválidos", + "Metadata valid" : "Metadatos válidos", + "Error" : "Error", + "Account not provisioned." : "La cuenta no está aprovisionada. ", + "Your account is not provisioned, access to this service is thus not possible." : "Su cuenta no ha sido aprovisionada, por lo cual el acceso a este servico no es posible. " +}, +"nplurals=2; plural=(n != 1);"); diff --git a/docker/nextcloud/user_saml/l10n/es_AR.json b/docker/nextcloud/user_saml/l10n/es_AR.json new file mode 100755 index 0000000..f2aa945 --- /dev/null +++ b/docker/nextcloud/user_saml/l10n/es_AR.json @@ -0,0 +1,48 @@ +{ "translations": { + "Saved" : "Guardado", + "X.509 certificate of the Service Provider" : "certificado X.509 del Proveedor de Servicio", + "Private key of the Service Provider" : "Llave privada del Proveedor de Servicio", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Indica que el nameID de enviado por este SP será encriptado. ", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Indica si los mensajes enviados por este SP serán firmados. [Los metadatos del SP proporcionarán esta información]", + "Indicates whether the messages sent by this SP will be signed." : "Indica si los mensjaes enviados por este SP serán firmados. ", + "Indicates whether the messages sent by this SP will be signed." : "Indica is los mensajes enviados por este SP serán firmados. ", + "Whether the metadata should be signed." : "Si los metadatos deben ser firmados o no. ", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Indica un requerimiento para que los elementos recibidos , y por este SP sean firmados. ", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Indica un requerimientos para que los elementos recibidos por este SP para ser firmados. [Los metadatos del SP proporcionarán esta información]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Indica un requerimiento para que los elelemtnos recibidos de este SP sean encriptados. ", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Indica un requerimiento para que el elemento NameID en la SAMLResponse recibida por este SP esté presente. ", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Indica que un requerimiento para el NameID recibido por este SP está encriptado.", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS URL-Codifica los datos SAML como minúsculas, y el juego de herramientas usa mayúsculas por defecto. Habilite para tener compatibilidad con ADFS en la verificacón de la firma.", + "Attribute to map the UID to." : "Atributo a mapear al UID.", + "Attribute to map the displayname to." : "Atributo a mapear a displayname. ", + "Attribute to map the email address to." : "Atributo a mapear a email address.", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Favor de usar autenticación SAML para los %s clientes de escritorio (se requiere volver a autenticar)", + "SSO & SAML authentication" : "Autenticación SSO & SAML", + "Open documentation" : "Abrir documentación", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Favor de seleccionar si usted desdea autenticarse usando el proveedor integrado SAML de Nextcloud o si desdea autenticarse contra una variable de ambiente. ", + "Use built-in SAML authentication" : "Usar autenticación SAML integrada", + "Use environment variable" : "Usar la variable de ambiente", + "Remove identity provider" : "Eliminar proveedor de identidad", + "Add identity provider" : "Añadir proveedor de identidad", + "General" : "General", + "Service Provider Data" : "Datos del Proveedor de Servicio", + "If your Service Provider should use certificates you can optionally specify them here." : "Si su Proveedor de Servicio debe usar certificados, usted puede especificarlos opcionalmente desde aquí.", + "Identity Provider Data" : "Datos del Proveedor de Identidad", + "Configure your IdP settings here." : "Configure los configuraciones de IdP aquí. ", + "Identifier of the IdP entity (must be a URI)" : "Identificador de la entidad IdP (debe ser un URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "URL Destino del IdP donde el SP enviará automaticamente el Mensaje de Solicitud de Autenticación", + "URL Location of the IdP where the SP will send the SLO Request" : "Ubicación del URL del IdP donde el SP enviará la Solicitud SLO", + "Public X.509 certificate of the IdP" : "Certificado X.509 público del IdP", + "Attribute mapping" : "Mapeo del atributo", + "Security settings" : "Configuraciones de seguridad", + "For increased security we recommend enabling the following settings if supported by your environment." : "Para mayor seguridad le recomendamos habilitar las siguientes configuraciones si están soportados en su ambiente.", + "Signatures and encryption offered" : "Firmas y encripción disponibles", + "Signatures and encryption required" : "Firmas y encripción requeridos", + "Download metadata XML" : "Descargar metadatos XML", + "Metadata invalid" : "Metadatos inválidos", + "Metadata valid" : "Metadatos válidos", + "Error" : "Error", + "Account not provisioned." : "La cuenta no está aprovisionada. ", + "Your account is not provisioned, access to this service is thus not possible." : "Su cuenta no ha sido aprovisionada, por lo cual el acceso a este servico no es posible. " +},"pluralForm" :"nplurals=2; plural=(n != 1);" +} \ No newline at end of file diff --git a/docker/nextcloud/user_saml/l10n/es_CL.js b/docker/nextcloud/user_saml/l10n/es_CL.js new file mode 100755 index 0000000..8d68fca --- /dev/null +++ b/docker/nextcloud/user_saml/l10n/es_CL.js @@ -0,0 +1,63 @@ +OC.L10N.register( + "user_saml", + { + "This user account is disabled, please contact your administrator." : "Esta cuenta de usuario se encuentra deshabilitada, por favor contacta a tu administrador.", + "Saved" : "Guardado", + "Unknown error, please check the log file for more details." : "Error desonocido, por favor revisa el archivo de bitácora para más detalles.", + "Direct log in" : "Inicio de sesión directo", + "SSO & SAML log in" : "Inicio de sesión SSO & SAML", + "X.509 certificate of the Service Provider" : "certificado X.509 del Proveedor de Servicio", + "Private key of the Service Provider" : "Llave privada del Proveedor de Servicio", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Indica que el nameID de enviado por este SP será encriptado. ", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Indica si los mensajes enviados por este SP serán firmados. [Los metadatos del SP proporcionarán esta información]", + "Indicates whether the messages sent by this SP will be signed." : "Indica si los mensjaes enviados por este SP serán firmados. ", + "Indicates whether the messages sent by this SP will be signed." : "Indica is los mensajes enviados por este SP serán firmados. ", + "Whether the metadata should be signed." : "Si los metadatos deben ser firmados o no. ", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Indica un requerimiento para que los elementos recibidos , y por este SP sean firmados. ", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Indica un requerimiento para que los elementos recibidos de este SP sean firmados. [Los metadatos del SP proporcionarán esta información]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Indica un requerimiento para que los elelemtnos recibidos de este SP sean encriptados. ", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Indica un requerimiento para que el elemento NameID en la SAMLResponse recibida por este SP esté presente. ", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Indica que un requerimiento para el NameID recibido por este SP está encriptado.", + "Indicates if the SP will validate all received XML." : "Indica si el SP validará todos el XML recibido. ", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS URL-Codifica los datos SAML como minúsculas, y el juego de herramientas usa mayúsculas por defecto. Habilita para tener compatibilidad con ADFS en la verificación de la firma.", + "Attribute to map the UID to." : "Atributo a mapear al UID.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Sólo permitir la autenticación si la cuenta exite en algún otro backend. (p. ej. LDAP)", + "Attribute to map the displayname to." : "Atributo a mapear a displayname. ", + "Attribute to map the email address to." : "Atributo a mapear a email address.", + "Attribute to map the quota to." : "Atributo al cual mapear la cuota. ", + "Attribute to map the users groups to." : "Atributo de correspondiencia de grupos de usuarios.", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Por favor usa autenticación SAML para los %s clientes de escritorio (se requiere volver a autenticar)", + "Optional display name of the identity provider (default: \"SSO & SAML log in\")" : "Nombre a desplegar opcional de la identidad del proveedor (valor por omisión: \"Inicio de sesión SSO & SAML\")", + "Allow the use of multiple user back-ends (e.g. LDAP)" : "Permitir el uso de múltiples sistemas de back-end de usuario (p. ej. LDAP)", + "SSO & SAML authentication" : "Autenticación SSO & SAML", + "Open documentation" : "Abrir documentación", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Por favor selecciona si deseas autenticarte usando el proveedor integrado SAML de Nextcloud o si deseas autenticarte contra una variable de ambiente. ", + "Use built-in SAML authentication" : "Usar autenticación SAML integrada", + "Use environment variable" : "Usar la variable de ambiente", + "General" : "General", + "Service Provider Data" : "Datos del Proveedor de Servicio", + "If your Service Provider should use certificates you can optionally specify them here." : "Si tu Proveedor de Servicio debe usar certificados, puedes especificarlos opcionalmente desde aquí.", + "Show Service Provider settings…" : "Mostrar las configuraciones de Proveedor de Servicio...", + "Identity Provider Data" : "Datos del Proveedor de Identidad", + "Configure your IdP settings here." : "Configura las configuraciones de IdP aquí. ", + "Identifier of the IdP entity (must be a URI)" : "Identificador de la entidad IdP (debe ser un URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "URL Destino del IdP donde el SP enviará automaticamente el Mensaje de Solicitud de Autenticación", + "Show optional Identity Provider settings…" : "Mostrar las configuraciones opcionales del Proveedor de Identidad...", + "URL Location of the IdP where the SP will send the SLO Request" : "Ubicación del URL del IdP donde el SP enviará la Solicitud SLO", + "Public X.509 certificate of the IdP" : "Certificado X.509 público del IdP", + "Attribute mapping" : "Mapeo del atributo", + "If you want to optionally map attributes to the user you can configure these here." : "SI opcionalmente quieres mapear los atributos del usuario, puedes configurarlos aquí.", + "Show attribute mapping settings…" : "Mostrar las configuraciones del mapeo de atributos...", + "Security settings" : "Configuraciones de seguridad", + "For increased security we recommend enabling the following settings if supported by your environment." : "Para mayor seguridad te recomendamos habilitar las siguientes configuraciones si están soportados en tu ambiente.", + "Show security settings…" : "Mostrar las configuraciones de seguridad...", + "Signatures and encryption offered" : "Firmas y encripción disponibles", + "Signatures and encryption required" : "Firmas y encripción requeridos", + "Download metadata XML" : "Descargar metadatos XML", + "Metadata invalid" : "Metadatos inválidos", + "Metadata valid" : "Metadatos válidos", + "Error" : "Error", + "Account not provisioned." : "La cuenta no está aprovisionada. ", + "Your account is not provisioned, access to this service is thus not possible." : "Tu cuenta no ha sido aprovisionada, por lo cual el acceso a este servico no es posible. " +}, +"nplurals=2; plural=(n != 1);"); diff --git a/docker/nextcloud/user_saml/l10n/es_CL.json b/docker/nextcloud/user_saml/l10n/es_CL.json new file mode 100755 index 0000000..37aa268 --- /dev/null +++ b/docker/nextcloud/user_saml/l10n/es_CL.json @@ -0,0 +1,61 @@ +{ "translations": { + "This user account is disabled, please contact your administrator." : "Esta cuenta de usuario se encuentra deshabilitada, por favor contacta a tu administrador.", + "Saved" : "Guardado", + "Unknown error, please check the log file for more details." : "Error desonocido, por favor revisa el archivo de bitácora para más detalles.", + "Direct log in" : "Inicio de sesión directo", + "SSO & SAML log in" : "Inicio de sesión SSO & SAML", + "X.509 certificate of the Service Provider" : "certificado X.509 del Proveedor de Servicio", + "Private key of the Service Provider" : "Llave privada del Proveedor de Servicio", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Indica que el nameID de enviado por este SP será encriptado. ", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Indica si los mensajes enviados por este SP serán firmados. [Los metadatos del SP proporcionarán esta información]", + "Indicates whether the messages sent by this SP will be signed." : "Indica si los mensjaes enviados por este SP serán firmados. ", + "Indicates whether the messages sent by this SP will be signed." : "Indica is los mensajes enviados por este SP serán firmados. ", + "Whether the metadata should be signed." : "Si los metadatos deben ser firmados o no. ", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Indica un requerimiento para que los elementos recibidos , y por este SP sean firmados. ", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Indica un requerimiento para que los elementos recibidos de este SP sean firmados. [Los metadatos del SP proporcionarán esta información]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Indica un requerimiento para que los elelemtnos recibidos de este SP sean encriptados. ", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Indica un requerimiento para que el elemento NameID en la SAMLResponse recibida por este SP esté presente. ", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Indica que un requerimiento para el NameID recibido por este SP está encriptado.", + "Indicates if the SP will validate all received XML." : "Indica si el SP validará todos el XML recibido. ", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS URL-Codifica los datos SAML como minúsculas, y el juego de herramientas usa mayúsculas por defecto. Habilita para tener compatibilidad con ADFS en la verificación de la firma.", + "Attribute to map the UID to." : "Atributo a mapear al UID.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Sólo permitir la autenticación si la cuenta exite en algún otro backend. (p. ej. LDAP)", + "Attribute to map the displayname to." : "Atributo a mapear a displayname. ", + "Attribute to map the email address to." : "Atributo a mapear a email address.", + "Attribute to map the quota to." : "Atributo al cual mapear la cuota. ", + "Attribute to map the users groups to." : "Atributo de correspondiencia de grupos de usuarios.", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Por favor usa autenticación SAML para los %s clientes de escritorio (se requiere volver a autenticar)", + "Optional display name of the identity provider (default: \"SSO & SAML log in\")" : "Nombre a desplegar opcional de la identidad del proveedor (valor por omisión: \"Inicio de sesión SSO & SAML\")", + "Allow the use of multiple user back-ends (e.g. LDAP)" : "Permitir el uso de múltiples sistemas de back-end de usuario (p. ej. LDAP)", + "SSO & SAML authentication" : "Autenticación SSO & SAML", + "Open documentation" : "Abrir documentación", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Por favor selecciona si deseas autenticarte usando el proveedor integrado SAML de Nextcloud o si deseas autenticarte contra una variable de ambiente. ", + "Use built-in SAML authentication" : "Usar autenticación SAML integrada", + "Use environment variable" : "Usar la variable de ambiente", + "General" : "General", + "Service Provider Data" : "Datos del Proveedor de Servicio", + "If your Service Provider should use certificates you can optionally specify them here." : "Si tu Proveedor de Servicio debe usar certificados, puedes especificarlos opcionalmente desde aquí.", + "Show Service Provider settings…" : "Mostrar las configuraciones de Proveedor de Servicio...", + "Identity Provider Data" : "Datos del Proveedor de Identidad", + "Configure your IdP settings here." : "Configura las configuraciones de IdP aquí. ", + "Identifier of the IdP entity (must be a URI)" : "Identificador de la entidad IdP (debe ser un URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "URL Destino del IdP donde el SP enviará automaticamente el Mensaje de Solicitud de Autenticación", + "Show optional Identity Provider settings…" : "Mostrar las configuraciones opcionales del Proveedor de Identidad...", + "URL Location of the IdP where the SP will send the SLO Request" : "Ubicación del URL del IdP donde el SP enviará la Solicitud SLO", + "Public X.509 certificate of the IdP" : "Certificado X.509 público del IdP", + "Attribute mapping" : "Mapeo del atributo", + "If you want to optionally map attributes to the user you can configure these here." : "SI opcionalmente quieres mapear los atributos del usuario, puedes configurarlos aquí.", + "Show attribute mapping settings…" : "Mostrar las configuraciones del mapeo de atributos...", + "Security settings" : "Configuraciones de seguridad", + "For increased security we recommend enabling the following settings if supported by your environment." : "Para mayor seguridad te recomendamos habilitar las siguientes configuraciones si están soportados en tu ambiente.", + "Show security settings…" : "Mostrar las configuraciones de seguridad...", + "Signatures and encryption offered" : "Firmas y encripción disponibles", + "Signatures and encryption required" : "Firmas y encripción requeridos", + "Download metadata XML" : "Descargar metadatos XML", + "Metadata invalid" : "Metadatos inválidos", + "Metadata valid" : "Metadatos válidos", + "Error" : "Error", + "Account not provisioned." : "La cuenta no está aprovisionada. ", + "Your account is not provisioned, access to this service is thus not possible." : "Tu cuenta no ha sido aprovisionada, por lo cual el acceso a este servico no es posible. " +},"pluralForm" :"nplurals=2; plural=(n != 1);" +} \ No newline at end of file diff --git a/docker/nextcloud/user_saml/l10n/es_CO.js b/docker/nextcloud/user_saml/l10n/es_CO.js new file mode 100755 index 0000000..8d68fca --- /dev/null +++ b/docker/nextcloud/user_saml/l10n/es_CO.js @@ -0,0 +1,63 @@ +OC.L10N.register( + "user_saml", + { + "This user account is disabled, please contact your administrator." : "Esta cuenta de usuario se encuentra deshabilitada, por favor contacta a tu administrador.", + "Saved" : "Guardado", + "Unknown error, please check the log file for more details." : "Error desonocido, por favor revisa el archivo de bitácora para más detalles.", + "Direct log in" : "Inicio de sesión directo", + "SSO & SAML log in" : "Inicio de sesión SSO & SAML", + "X.509 certificate of the Service Provider" : "certificado X.509 del Proveedor de Servicio", + "Private key of the Service Provider" : "Llave privada del Proveedor de Servicio", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Indica que el nameID de enviado por este SP será encriptado. ", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Indica si los mensajes enviados por este SP serán firmados. [Los metadatos del SP proporcionarán esta información]", + "Indicates whether the messages sent by this SP will be signed." : "Indica si los mensjaes enviados por este SP serán firmados. ", + "Indicates whether the messages sent by this SP will be signed." : "Indica is los mensajes enviados por este SP serán firmados. ", + "Whether the metadata should be signed." : "Si los metadatos deben ser firmados o no. ", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Indica un requerimiento para que los elementos recibidos , y por este SP sean firmados. ", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Indica un requerimiento para que los elementos recibidos de este SP sean firmados. [Los metadatos del SP proporcionarán esta información]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Indica un requerimiento para que los elelemtnos recibidos de este SP sean encriptados. ", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Indica un requerimiento para que el elemento NameID en la SAMLResponse recibida por este SP esté presente. ", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Indica que un requerimiento para el NameID recibido por este SP está encriptado.", + "Indicates if the SP will validate all received XML." : "Indica si el SP validará todos el XML recibido. ", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS URL-Codifica los datos SAML como minúsculas, y el juego de herramientas usa mayúsculas por defecto. Habilita para tener compatibilidad con ADFS en la verificación de la firma.", + "Attribute to map the UID to." : "Atributo a mapear al UID.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Sólo permitir la autenticación si la cuenta exite en algún otro backend. (p. ej. LDAP)", + "Attribute to map the displayname to." : "Atributo a mapear a displayname. ", + "Attribute to map the email address to." : "Atributo a mapear a email address.", + "Attribute to map the quota to." : "Atributo al cual mapear la cuota. ", + "Attribute to map the users groups to." : "Atributo de correspondiencia de grupos de usuarios.", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Por favor usa autenticación SAML para los %s clientes de escritorio (se requiere volver a autenticar)", + "Optional display name of the identity provider (default: \"SSO & SAML log in\")" : "Nombre a desplegar opcional de la identidad del proveedor (valor por omisión: \"Inicio de sesión SSO & SAML\")", + "Allow the use of multiple user back-ends (e.g. LDAP)" : "Permitir el uso de múltiples sistemas de back-end de usuario (p. ej. LDAP)", + "SSO & SAML authentication" : "Autenticación SSO & SAML", + "Open documentation" : "Abrir documentación", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Por favor selecciona si deseas autenticarte usando el proveedor integrado SAML de Nextcloud o si deseas autenticarte contra una variable de ambiente. ", + "Use built-in SAML authentication" : "Usar autenticación SAML integrada", + "Use environment variable" : "Usar la variable de ambiente", + "General" : "General", + "Service Provider Data" : "Datos del Proveedor de Servicio", + "If your Service Provider should use certificates you can optionally specify them here." : "Si tu Proveedor de Servicio debe usar certificados, puedes especificarlos opcionalmente desde aquí.", + "Show Service Provider settings…" : "Mostrar las configuraciones de Proveedor de Servicio...", + "Identity Provider Data" : "Datos del Proveedor de Identidad", + "Configure your IdP settings here." : "Configura las configuraciones de IdP aquí. ", + "Identifier of the IdP entity (must be a URI)" : "Identificador de la entidad IdP (debe ser un URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "URL Destino del IdP donde el SP enviará automaticamente el Mensaje de Solicitud de Autenticación", + "Show optional Identity Provider settings…" : "Mostrar las configuraciones opcionales del Proveedor de Identidad...", + "URL Location of the IdP where the SP will send the SLO Request" : "Ubicación del URL del IdP donde el SP enviará la Solicitud SLO", + "Public X.509 certificate of the IdP" : "Certificado X.509 público del IdP", + "Attribute mapping" : "Mapeo del atributo", + "If you want to optionally map attributes to the user you can configure these here." : "SI opcionalmente quieres mapear los atributos del usuario, puedes configurarlos aquí.", + "Show attribute mapping settings…" : "Mostrar las configuraciones del mapeo de atributos...", + "Security settings" : "Configuraciones de seguridad", + "For increased security we recommend enabling the following settings if supported by your environment." : "Para mayor seguridad te recomendamos habilitar las siguientes configuraciones si están soportados en tu ambiente.", + "Show security settings…" : "Mostrar las configuraciones de seguridad...", + "Signatures and encryption offered" : "Firmas y encripción disponibles", + "Signatures and encryption required" : "Firmas y encripción requeridos", + "Download metadata XML" : "Descargar metadatos XML", + "Metadata invalid" : "Metadatos inválidos", + "Metadata valid" : "Metadatos válidos", + "Error" : "Error", + "Account not provisioned." : "La cuenta no está aprovisionada. ", + "Your account is not provisioned, access to this service is thus not possible." : "Tu cuenta no ha sido aprovisionada, por lo cual el acceso a este servico no es posible. " +}, +"nplurals=2; plural=(n != 1);"); diff --git a/docker/nextcloud/user_saml/l10n/es_CO.json b/docker/nextcloud/user_saml/l10n/es_CO.json new file mode 100755 index 0000000..37aa268 --- /dev/null +++ b/docker/nextcloud/user_saml/l10n/es_CO.json @@ -0,0 +1,61 @@ +{ "translations": { + "This user account is disabled, please contact your administrator." : "Esta cuenta de usuario se encuentra deshabilitada, por favor contacta a tu administrador.", + "Saved" : "Guardado", + "Unknown error, please check the log file for more details." : "Error desonocido, por favor revisa el archivo de bitácora para más detalles.", + "Direct log in" : "Inicio de sesión directo", + "SSO & SAML log in" : "Inicio de sesión SSO & SAML", + "X.509 certificate of the Service Provider" : "certificado X.509 del Proveedor de Servicio", + "Private key of the Service Provider" : "Llave privada del Proveedor de Servicio", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Indica que el nameID de enviado por este SP será encriptado. ", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Indica si los mensajes enviados por este SP serán firmados. [Los metadatos del SP proporcionarán esta información]", + "Indicates whether the messages sent by this SP will be signed." : "Indica si los mensjaes enviados por este SP serán firmados. ", + "Indicates whether the messages sent by this SP will be signed." : "Indica is los mensajes enviados por este SP serán firmados. ", + "Whether the metadata should be signed." : "Si los metadatos deben ser firmados o no. ", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Indica un requerimiento para que los elementos recibidos , y por este SP sean firmados. ", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Indica un requerimiento para que los elementos recibidos de este SP sean firmados. [Los metadatos del SP proporcionarán esta información]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Indica un requerimiento para que los elelemtnos recibidos de este SP sean encriptados. ", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Indica un requerimiento para que el elemento NameID en la SAMLResponse recibida por este SP esté presente. ", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Indica que un requerimiento para el NameID recibido por este SP está encriptado.", + "Indicates if the SP will validate all received XML." : "Indica si el SP validará todos el XML recibido. ", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS URL-Codifica los datos SAML como minúsculas, y el juego de herramientas usa mayúsculas por defecto. Habilita para tener compatibilidad con ADFS en la verificación de la firma.", + "Attribute to map the UID to." : "Atributo a mapear al UID.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Sólo permitir la autenticación si la cuenta exite en algún otro backend. (p. ej. LDAP)", + "Attribute to map the displayname to." : "Atributo a mapear a displayname. ", + "Attribute to map the email address to." : "Atributo a mapear a email address.", + "Attribute to map the quota to." : "Atributo al cual mapear la cuota. ", + "Attribute to map the users groups to." : "Atributo de correspondiencia de grupos de usuarios.", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Por favor usa autenticación SAML para los %s clientes de escritorio (se requiere volver a autenticar)", + "Optional display name of the identity provider (default: \"SSO & SAML log in\")" : "Nombre a desplegar opcional de la identidad del proveedor (valor por omisión: \"Inicio de sesión SSO & SAML\")", + "Allow the use of multiple user back-ends (e.g. LDAP)" : "Permitir el uso de múltiples sistemas de back-end de usuario (p. ej. LDAP)", + "SSO & SAML authentication" : "Autenticación SSO & SAML", + "Open documentation" : "Abrir documentación", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Por favor selecciona si deseas autenticarte usando el proveedor integrado SAML de Nextcloud o si deseas autenticarte contra una variable de ambiente. ", + "Use built-in SAML authentication" : "Usar autenticación SAML integrada", + "Use environment variable" : "Usar la variable de ambiente", + "General" : "General", + "Service Provider Data" : "Datos del Proveedor de Servicio", + "If your Service Provider should use certificates you can optionally specify them here." : "Si tu Proveedor de Servicio debe usar certificados, puedes especificarlos opcionalmente desde aquí.", + "Show Service Provider settings…" : "Mostrar las configuraciones de Proveedor de Servicio...", + "Identity Provider Data" : "Datos del Proveedor de Identidad", + "Configure your IdP settings here." : "Configura las configuraciones de IdP aquí. ", + "Identifier of the IdP entity (must be a URI)" : "Identificador de la entidad IdP (debe ser un URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "URL Destino del IdP donde el SP enviará automaticamente el Mensaje de Solicitud de Autenticación", + "Show optional Identity Provider settings…" : "Mostrar las configuraciones opcionales del Proveedor de Identidad...", + "URL Location of the IdP where the SP will send the SLO Request" : "Ubicación del URL del IdP donde el SP enviará la Solicitud SLO", + "Public X.509 certificate of the IdP" : "Certificado X.509 público del IdP", + "Attribute mapping" : "Mapeo del atributo", + "If you want to optionally map attributes to the user you can configure these here." : "SI opcionalmente quieres mapear los atributos del usuario, puedes configurarlos aquí.", + "Show attribute mapping settings…" : "Mostrar las configuraciones del mapeo de atributos...", + "Security settings" : "Configuraciones de seguridad", + "For increased security we recommend enabling the following settings if supported by your environment." : "Para mayor seguridad te recomendamos habilitar las siguientes configuraciones si están soportados en tu ambiente.", + "Show security settings…" : "Mostrar las configuraciones de seguridad...", + "Signatures and encryption offered" : "Firmas y encripción disponibles", + "Signatures and encryption required" : "Firmas y encripción requeridos", + "Download metadata XML" : "Descargar metadatos XML", + "Metadata invalid" : "Metadatos inválidos", + "Metadata valid" : "Metadatos válidos", + "Error" : "Error", + "Account not provisioned." : "La cuenta no está aprovisionada. ", + "Your account is not provisioned, access to this service is thus not possible." : "Tu cuenta no ha sido aprovisionada, por lo cual el acceso a este servico no es posible. " +},"pluralForm" :"nplurals=2; plural=(n != 1);" +} \ No newline at end of file diff --git a/docker/nextcloud/user_saml/l10n/es_CR.js b/docker/nextcloud/user_saml/l10n/es_CR.js new file mode 100755 index 0000000..8d68fca --- /dev/null +++ b/docker/nextcloud/user_saml/l10n/es_CR.js @@ -0,0 +1,63 @@ +OC.L10N.register( + "user_saml", + { + "This user account is disabled, please contact your administrator." : "Esta cuenta de usuario se encuentra deshabilitada, por favor contacta a tu administrador.", + "Saved" : "Guardado", + "Unknown error, please check the log file for more details." : "Error desonocido, por favor revisa el archivo de bitácora para más detalles.", + "Direct log in" : "Inicio de sesión directo", + "SSO & SAML log in" : "Inicio de sesión SSO & SAML", + "X.509 certificate of the Service Provider" : "certificado X.509 del Proveedor de Servicio", + "Private key of the Service Provider" : "Llave privada del Proveedor de Servicio", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Indica que el nameID de enviado por este SP será encriptado. ", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Indica si los mensajes enviados por este SP serán firmados. [Los metadatos del SP proporcionarán esta información]", + "Indicates whether the messages sent by this SP will be signed." : "Indica si los mensjaes enviados por este SP serán firmados. ", + "Indicates whether the messages sent by this SP will be signed." : "Indica is los mensajes enviados por este SP serán firmados. ", + "Whether the metadata should be signed." : "Si los metadatos deben ser firmados o no. ", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Indica un requerimiento para que los elementos recibidos , y por este SP sean firmados. ", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Indica un requerimiento para que los elementos recibidos de este SP sean firmados. [Los metadatos del SP proporcionarán esta información]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Indica un requerimiento para que los elelemtnos recibidos de este SP sean encriptados. ", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Indica un requerimiento para que el elemento NameID en la SAMLResponse recibida por este SP esté presente. ", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Indica que un requerimiento para el NameID recibido por este SP está encriptado.", + "Indicates if the SP will validate all received XML." : "Indica si el SP validará todos el XML recibido. ", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS URL-Codifica los datos SAML como minúsculas, y el juego de herramientas usa mayúsculas por defecto. Habilita para tener compatibilidad con ADFS en la verificación de la firma.", + "Attribute to map the UID to." : "Atributo a mapear al UID.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Sólo permitir la autenticación si la cuenta exite en algún otro backend. (p. ej. LDAP)", + "Attribute to map the displayname to." : "Atributo a mapear a displayname. ", + "Attribute to map the email address to." : "Atributo a mapear a email address.", + "Attribute to map the quota to." : "Atributo al cual mapear la cuota. ", + "Attribute to map the users groups to." : "Atributo de correspondiencia de grupos de usuarios.", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Por favor usa autenticación SAML para los %s clientes de escritorio (se requiere volver a autenticar)", + "Optional display name of the identity provider (default: \"SSO & SAML log in\")" : "Nombre a desplegar opcional de la identidad del proveedor (valor por omisión: \"Inicio de sesión SSO & SAML\")", + "Allow the use of multiple user back-ends (e.g. LDAP)" : "Permitir el uso de múltiples sistemas de back-end de usuario (p. ej. LDAP)", + "SSO & SAML authentication" : "Autenticación SSO & SAML", + "Open documentation" : "Abrir documentación", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Por favor selecciona si deseas autenticarte usando el proveedor integrado SAML de Nextcloud o si deseas autenticarte contra una variable de ambiente. ", + "Use built-in SAML authentication" : "Usar autenticación SAML integrada", + "Use environment variable" : "Usar la variable de ambiente", + "General" : "General", + "Service Provider Data" : "Datos del Proveedor de Servicio", + "If your Service Provider should use certificates you can optionally specify them here." : "Si tu Proveedor de Servicio debe usar certificados, puedes especificarlos opcionalmente desde aquí.", + "Show Service Provider settings…" : "Mostrar las configuraciones de Proveedor de Servicio...", + "Identity Provider Data" : "Datos del Proveedor de Identidad", + "Configure your IdP settings here." : "Configura las configuraciones de IdP aquí. ", + "Identifier of the IdP entity (must be a URI)" : "Identificador de la entidad IdP (debe ser un URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "URL Destino del IdP donde el SP enviará automaticamente el Mensaje de Solicitud de Autenticación", + "Show optional Identity Provider settings…" : "Mostrar las configuraciones opcionales del Proveedor de Identidad...", + "URL Location of the IdP where the SP will send the SLO Request" : "Ubicación del URL del IdP donde el SP enviará la Solicitud SLO", + "Public X.509 certificate of the IdP" : "Certificado X.509 público del IdP", + "Attribute mapping" : "Mapeo del atributo", + "If you want to optionally map attributes to the user you can configure these here." : "SI opcionalmente quieres mapear los atributos del usuario, puedes configurarlos aquí.", + "Show attribute mapping settings…" : "Mostrar las configuraciones del mapeo de atributos...", + "Security settings" : "Configuraciones de seguridad", + "For increased security we recommend enabling the following settings if supported by your environment." : "Para mayor seguridad te recomendamos habilitar las siguientes configuraciones si están soportados en tu ambiente.", + "Show security settings…" : "Mostrar las configuraciones de seguridad...", + "Signatures and encryption offered" : "Firmas y encripción disponibles", + "Signatures and encryption required" : "Firmas y encripción requeridos", + "Download metadata XML" : "Descargar metadatos XML", + "Metadata invalid" : "Metadatos inválidos", + "Metadata valid" : "Metadatos válidos", + "Error" : "Error", + "Account not provisioned." : "La cuenta no está aprovisionada. ", + "Your account is not provisioned, access to this service is thus not possible." : "Tu cuenta no ha sido aprovisionada, por lo cual el acceso a este servico no es posible. " +}, +"nplurals=2; plural=(n != 1);"); diff --git a/docker/nextcloud/user_saml/l10n/es_CR.json b/docker/nextcloud/user_saml/l10n/es_CR.json new file mode 100755 index 0000000..37aa268 --- /dev/null +++ b/docker/nextcloud/user_saml/l10n/es_CR.json @@ -0,0 +1,61 @@ +{ "translations": { + "This user account is disabled, please contact your administrator." : "Esta cuenta de usuario se encuentra deshabilitada, por favor contacta a tu administrador.", + "Saved" : "Guardado", + "Unknown error, please check the log file for more details." : "Error desonocido, por favor revisa el archivo de bitácora para más detalles.", + "Direct log in" : "Inicio de sesión directo", + "SSO & SAML log in" : "Inicio de sesión SSO & SAML", + "X.509 certificate of the Service Provider" : "certificado X.509 del Proveedor de Servicio", + "Private key of the Service Provider" : "Llave privada del Proveedor de Servicio", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Indica que el nameID de enviado por este SP será encriptado. ", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Indica si los mensajes enviados por este SP serán firmados. [Los metadatos del SP proporcionarán esta información]", + "Indicates whether the messages sent by this SP will be signed." : "Indica si los mensjaes enviados por este SP serán firmados. ", + "Indicates whether the messages sent by this SP will be signed." : "Indica is los mensajes enviados por este SP serán firmados. ", + "Whether the metadata should be signed." : "Si los metadatos deben ser firmados o no. ", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Indica un requerimiento para que los elementos recibidos , y por este SP sean firmados. ", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Indica un requerimiento para que los elementos recibidos de este SP sean firmados. [Los metadatos del SP proporcionarán esta información]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Indica un requerimiento para que los elelemtnos recibidos de este SP sean encriptados. ", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Indica un requerimiento para que el elemento NameID en la SAMLResponse recibida por este SP esté presente. ", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Indica que un requerimiento para el NameID recibido por este SP está encriptado.", + "Indicates if the SP will validate all received XML." : "Indica si el SP validará todos el XML recibido. ", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS URL-Codifica los datos SAML como minúsculas, y el juego de herramientas usa mayúsculas por defecto. Habilita para tener compatibilidad con ADFS en la verificación de la firma.", + "Attribute to map the UID to." : "Atributo a mapear al UID.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Sólo permitir la autenticación si la cuenta exite en algún otro backend. (p. ej. LDAP)", + "Attribute to map the displayname to." : "Atributo a mapear a displayname. ", + "Attribute to map the email address to." : "Atributo a mapear a email address.", + "Attribute to map the quota to." : "Atributo al cual mapear la cuota. ", + "Attribute to map the users groups to." : "Atributo de correspondiencia de grupos de usuarios.", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Por favor usa autenticación SAML para los %s clientes de escritorio (se requiere volver a autenticar)", + "Optional display name of the identity provider (default: \"SSO & SAML log in\")" : "Nombre a desplegar opcional de la identidad del proveedor (valor por omisión: \"Inicio de sesión SSO & SAML\")", + "Allow the use of multiple user back-ends (e.g. LDAP)" : "Permitir el uso de múltiples sistemas de back-end de usuario (p. ej. LDAP)", + "SSO & SAML authentication" : "Autenticación SSO & SAML", + "Open documentation" : "Abrir documentación", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Por favor selecciona si deseas autenticarte usando el proveedor integrado SAML de Nextcloud o si deseas autenticarte contra una variable de ambiente. ", + "Use built-in SAML authentication" : "Usar autenticación SAML integrada", + "Use environment variable" : "Usar la variable de ambiente", + "General" : "General", + "Service Provider Data" : "Datos del Proveedor de Servicio", + "If your Service Provider should use certificates you can optionally specify them here." : "Si tu Proveedor de Servicio debe usar certificados, puedes especificarlos opcionalmente desde aquí.", + "Show Service Provider settings…" : "Mostrar las configuraciones de Proveedor de Servicio...", + "Identity Provider Data" : "Datos del Proveedor de Identidad", + "Configure your IdP settings here." : "Configura las configuraciones de IdP aquí. ", + "Identifier of the IdP entity (must be a URI)" : "Identificador de la entidad IdP (debe ser un URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "URL Destino del IdP donde el SP enviará automaticamente el Mensaje de Solicitud de Autenticación", + "Show optional Identity Provider settings…" : "Mostrar las configuraciones opcionales del Proveedor de Identidad...", + "URL Location of the IdP where the SP will send the SLO Request" : "Ubicación del URL del IdP donde el SP enviará la Solicitud SLO", + "Public X.509 certificate of the IdP" : "Certificado X.509 público del IdP", + "Attribute mapping" : "Mapeo del atributo", + "If you want to optionally map attributes to the user you can configure these here." : "SI opcionalmente quieres mapear los atributos del usuario, puedes configurarlos aquí.", + "Show attribute mapping settings…" : "Mostrar las configuraciones del mapeo de atributos...", + "Security settings" : "Configuraciones de seguridad", + "For increased security we recommend enabling the following settings if supported by your environment." : "Para mayor seguridad te recomendamos habilitar las siguientes configuraciones si están soportados en tu ambiente.", + "Show security settings…" : "Mostrar las configuraciones de seguridad...", + "Signatures and encryption offered" : "Firmas y encripción disponibles", + "Signatures and encryption required" : "Firmas y encripción requeridos", + "Download metadata XML" : "Descargar metadatos XML", + "Metadata invalid" : "Metadatos inválidos", + "Metadata valid" : "Metadatos válidos", + "Error" : "Error", + "Account not provisioned." : "La cuenta no está aprovisionada. ", + "Your account is not provisioned, access to this service is thus not possible." : "Tu cuenta no ha sido aprovisionada, por lo cual el acceso a este servico no es posible. " +},"pluralForm" :"nplurals=2; plural=(n != 1);" +} \ No newline at end of file diff --git a/docker/nextcloud/user_saml/l10n/es_DO.js b/docker/nextcloud/user_saml/l10n/es_DO.js new file mode 100755 index 0000000..8d68fca --- /dev/null +++ b/docker/nextcloud/user_saml/l10n/es_DO.js @@ -0,0 +1,63 @@ +OC.L10N.register( + "user_saml", + { + "This user account is disabled, please contact your administrator." : "Esta cuenta de usuario se encuentra deshabilitada, por favor contacta a tu administrador.", + "Saved" : "Guardado", + "Unknown error, please check the log file for more details." : "Error desonocido, por favor revisa el archivo de bitácora para más detalles.", + "Direct log in" : "Inicio de sesión directo", + "SSO & SAML log in" : "Inicio de sesión SSO & SAML", + "X.509 certificate of the Service Provider" : "certificado X.509 del Proveedor de Servicio", + "Private key of the Service Provider" : "Llave privada del Proveedor de Servicio", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Indica que el nameID de enviado por este SP será encriptado. ", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Indica si los mensajes enviados por este SP serán firmados. [Los metadatos del SP proporcionarán esta información]", + "Indicates whether the messages sent by this SP will be signed." : "Indica si los mensjaes enviados por este SP serán firmados. ", + "Indicates whether the messages sent by this SP will be signed." : "Indica is los mensajes enviados por este SP serán firmados. ", + "Whether the metadata should be signed." : "Si los metadatos deben ser firmados o no. ", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Indica un requerimiento para que los elementos recibidos , y por este SP sean firmados. ", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Indica un requerimiento para que los elementos recibidos de este SP sean firmados. [Los metadatos del SP proporcionarán esta información]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Indica un requerimiento para que los elelemtnos recibidos de este SP sean encriptados. ", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Indica un requerimiento para que el elemento NameID en la SAMLResponse recibida por este SP esté presente. ", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Indica que un requerimiento para el NameID recibido por este SP está encriptado.", + "Indicates if the SP will validate all received XML." : "Indica si el SP validará todos el XML recibido. ", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS URL-Codifica los datos SAML como minúsculas, y el juego de herramientas usa mayúsculas por defecto. Habilita para tener compatibilidad con ADFS en la verificación de la firma.", + "Attribute to map the UID to." : "Atributo a mapear al UID.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Sólo permitir la autenticación si la cuenta exite en algún otro backend. (p. ej. LDAP)", + "Attribute to map the displayname to." : "Atributo a mapear a displayname. ", + "Attribute to map the email address to." : "Atributo a mapear a email address.", + "Attribute to map the quota to." : "Atributo al cual mapear la cuota. ", + "Attribute to map the users groups to." : "Atributo de correspondiencia de grupos de usuarios.", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Por favor usa autenticación SAML para los %s clientes de escritorio (se requiere volver a autenticar)", + "Optional display name of the identity provider (default: \"SSO & SAML log in\")" : "Nombre a desplegar opcional de la identidad del proveedor (valor por omisión: \"Inicio de sesión SSO & SAML\")", + "Allow the use of multiple user back-ends (e.g. LDAP)" : "Permitir el uso de múltiples sistemas de back-end de usuario (p. ej. LDAP)", + "SSO & SAML authentication" : "Autenticación SSO & SAML", + "Open documentation" : "Abrir documentación", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Por favor selecciona si deseas autenticarte usando el proveedor integrado SAML de Nextcloud o si deseas autenticarte contra una variable de ambiente. ", + "Use built-in SAML authentication" : "Usar autenticación SAML integrada", + "Use environment variable" : "Usar la variable de ambiente", + "General" : "General", + "Service Provider Data" : "Datos del Proveedor de Servicio", + "If your Service Provider should use certificates you can optionally specify them here." : "Si tu Proveedor de Servicio debe usar certificados, puedes especificarlos opcionalmente desde aquí.", + "Show Service Provider settings…" : "Mostrar las configuraciones de Proveedor de Servicio...", + "Identity Provider Data" : "Datos del Proveedor de Identidad", + "Configure your IdP settings here." : "Configura las configuraciones de IdP aquí. ", + "Identifier of the IdP entity (must be a URI)" : "Identificador de la entidad IdP (debe ser un URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "URL Destino del IdP donde el SP enviará automaticamente el Mensaje de Solicitud de Autenticación", + "Show optional Identity Provider settings…" : "Mostrar las configuraciones opcionales del Proveedor de Identidad...", + "URL Location of the IdP where the SP will send the SLO Request" : "Ubicación del URL del IdP donde el SP enviará la Solicitud SLO", + "Public X.509 certificate of the IdP" : "Certificado X.509 público del IdP", + "Attribute mapping" : "Mapeo del atributo", + "If you want to optionally map attributes to the user you can configure these here." : "SI opcionalmente quieres mapear los atributos del usuario, puedes configurarlos aquí.", + "Show attribute mapping settings…" : "Mostrar las configuraciones del mapeo de atributos...", + "Security settings" : "Configuraciones de seguridad", + "For increased security we recommend enabling the following settings if supported by your environment." : "Para mayor seguridad te recomendamos habilitar las siguientes configuraciones si están soportados en tu ambiente.", + "Show security settings…" : "Mostrar las configuraciones de seguridad...", + "Signatures and encryption offered" : "Firmas y encripción disponibles", + "Signatures and encryption required" : "Firmas y encripción requeridos", + "Download metadata XML" : "Descargar metadatos XML", + "Metadata invalid" : "Metadatos inválidos", + "Metadata valid" : "Metadatos válidos", + "Error" : "Error", + "Account not provisioned." : "La cuenta no está aprovisionada. ", + "Your account is not provisioned, access to this service is thus not possible." : "Tu cuenta no ha sido aprovisionada, por lo cual el acceso a este servico no es posible. " +}, +"nplurals=2; plural=(n != 1);"); diff --git a/docker/nextcloud/user_saml/l10n/es_DO.json b/docker/nextcloud/user_saml/l10n/es_DO.json new file mode 100755 index 0000000..37aa268 --- /dev/null +++ b/docker/nextcloud/user_saml/l10n/es_DO.json @@ -0,0 +1,61 @@ +{ "translations": { + "This user account is disabled, please contact your administrator." : "Esta cuenta de usuario se encuentra deshabilitada, por favor contacta a tu administrador.", + "Saved" : "Guardado", + "Unknown error, please check the log file for more details." : "Error desonocido, por favor revisa el archivo de bitácora para más detalles.", + "Direct log in" : "Inicio de sesión directo", + "SSO & SAML log in" : "Inicio de sesión SSO & SAML", + "X.509 certificate of the Service Provider" : "certificado X.509 del Proveedor de Servicio", + "Private key of the Service Provider" : "Llave privada del Proveedor de Servicio", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Indica que el nameID de enviado por este SP será encriptado. ", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Indica si los mensajes enviados por este SP serán firmados. [Los metadatos del SP proporcionarán esta información]", + "Indicates whether the messages sent by this SP will be signed." : "Indica si los mensjaes enviados por este SP serán firmados. ", + "Indicates whether the messages sent by this SP will be signed." : "Indica is los mensajes enviados por este SP serán firmados. ", + "Whether the metadata should be signed." : "Si los metadatos deben ser firmados o no. ", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Indica un requerimiento para que los elementos recibidos , y por este SP sean firmados. ", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Indica un requerimiento para que los elementos recibidos de este SP sean firmados. [Los metadatos del SP proporcionarán esta información]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Indica un requerimiento para que los elelemtnos recibidos de este SP sean encriptados. ", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Indica un requerimiento para que el elemento NameID en la SAMLResponse recibida por este SP esté presente. ", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Indica que un requerimiento para el NameID recibido por este SP está encriptado.", + "Indicates if the SP will validate all received XML." : "Indica si el SP validará todos el XML recibido. ", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS URL-Codifica los datos SAML como minúsculas, y el juego de herramientas usa mayúsculas por defecto. Habilita para tener compatibilidad con ADFS en la verificación de la firma.", + "Attribute to map the UID to." : "Atributo a mapear al UID.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Sólo permitir la autenticación si la cuenta exite en algún otro backend. (p. ej. LDAP)", + "Attribute to map the displayname to." : "Atributo a mapear a displayname. ", + "Attribute to map the email address to." : "Atributo a mapear a email address.", + "Attribute to map the quota to." : "Atributo al cual mapear la cuota. ", + "Attribute to map the users groups to." : "Atributo de correspondiencia de grupos de usuarios.", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Por favor usa autenticación SAML para los %s clientes de escritorio (se requiere volver a autenticar)", + "Optional display name of the identity provider (default: \"SSO & SAML log in\")" : "Nombre a desplegar opcional de la identidad del proveedor (valor por omisión: \"Inicio de sesión SSO & SAML\")", + "Allow the use of multiple user back-ends (e.g. LDAP)" : "Permitir el uso de múltiples sistemas de back-end de usuario (p. ej. LDAP)", + "SSO & SAML authentication" : "Autenticación SSO & SAML", + "Open documentation" : "Abrir documentación", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Por favor selecciona si deseas autenticarte usando el proveedor integrado SAML de Nextcloud o si deseas autenticarte contra una variable de ambiente. ", + "Use built-in SAML authentication" : "Usar autenticación SAML integrada", + "Use environment variable" : "Usar la variable de ambiente", + "General" : "General", + "Service Provider Data" : "Datos del Proveedor de Servicio", + "If your Service Provider should use certificates you can optionally specify them here." : "Si tu Proveedor de Servicio debe usar certificados, puedes especificarlos opcionalmente desde aquí.", + "Show Service Provider settings…" : "Mostrar las configuraciones de Proveedor de Servicio...", + "Identity Provider Data" : "Datos del Proveedor de Identidad", + "Configure your IdP settings here." : "Configura las configuraciones de IdP aquí. ", + "Identifier of the IdP entity (must be a URI)" : "Identificador de la entidad IdP (debe ser un URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "URL Destino del IdP donde el SP enviará automaticamente el Mensaje de Solicitud de Autenticación", + "Show optional Identity Provider settings…" : "Mostrar las configuraciones opcionales del Proveedor de Identidad...", + "URL Location of the IdP where the SP will send the SLO Request" : "Ubicación del URL del IdP donde el SP enviará la Solicitud SLO", + "Public X.509 certificate of the IdP" : "Certificado X.509 público del IdP", + "Attribute mapping" : "Mapeo del atributo", + "If you want to optionally map attributes to the user you can configure these here." : "SI opcionalmente quieres mapear los atributos del usuario, puedes configurarlos aquí.", + "Show attribute mapping settings…" : "Mostrar las configuraciones del mapeo de atributos...", + "Security settings" : "Configuraciones de seguridad", + "For increased security we recommend enabling the following settings if supported by your environment." : "Para mayor seguridad te recomendamos habilitar las siguientes configuraciones si están soportados en tu ambiente.", + "Show security settings…" : "Mostrar las configuraciones de seguridad...", + "Signatures and encryption offered" : "Firmas y encripción disponibles", + "Signatures and encryption required" : "Firmas y encripción requeridos", + "Download metadata XML" : "Descargar metadatos XML", + "Metadata invalid" : "Metadatos inválidos", + "Metadata valid" : "Metadatos válidos", + "Error" : "Error", + "Account not provisioned." : "La cuenta no está aprovisionada. ", + "Your account is not provisioned, access to this service is thus not possible." : "Tu cuenta no ha sido aprovisionada, por lo cual el acceso a este servico no es posible. " +},"pluralForm" :"nplurals=2; plural=(n != 1);" +} \ No newline at end of file diff --git a/docker/nextcloud/user_saml/l10n/es_EC.js b/docker/nextcloud/user_saml/l10n/es_EC.js new file mode 100755 index 0000000..8d68fca --- /dev/null +++ b/docker/nextcloud/user_saml/l10n/es_EC.js @@ -0,0 +1,63 @@ +OC.L10N.register( + "user_saml", + { + "This user account is disabled, please contact your administrator." : "Esta cuenta de usuario se encuentra deshabilitada, por favor contacta a tu administrador.", + "Saved" : "Guardado", + "Unknown error, please check the log file for more details." : "Error desonocido, por favor revisa el archivo de bitácora para más detalles.", + "Direct log in" : "Inicio de sesión directo", + "SSO & SAML log in" : "Inicio de sesión SSO & SAML", + "X.509 certificate of the Service Provider" : "certificado X.509 del Proveedor de Servicio", + "Private key of the Service Provider" : "Llave privada del Proveedor de Servicio", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Indica que el nameID de enviado por este SP será encriptado. ", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Indica si los mensajes enviados por este SP serán firmados. [Los metadatos del SP proporcionarán esta información]", + "Indicates whether the messages sent by this SP will be signed." : "Indica si los mensjaes enviados por este SP serán firmados. ", + "Indicates whether the messages sent by this SP will be signed." : "Indica is los mensajes enviados por este SP serán firmados. ", + "Whether the metadata should be signed." : "Si los metadatos deben ser firmados o no. ", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Indica un requerimiento para que los elementos recibidos , y por este SP sean firmados. ", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Indica un requerimiento para que los elementos recibidos de este SP sean firmados. [Los metadatos del SP proporcionarán esta información]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Indica un requerimiento para que los elelemtnos recibidos de este SP sean encriptados. ", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Indica un requerimiento para que el elemento NameID en la SAMLResponse recibida por este SP esté presente. ", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Indica que un requerimiento para el NameID recibido por este SP está encriptado.", + "Indicates if the SP will validate all received XML." : "Indica si el SP validará todos el XML recibido. ", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS URL-Codifica los datos SAML como minúsculas, y el juego de herramientas usa mayúsculas por defecto. Habilita para tener compatibilidad con ADFS en la verificación de la firma.", + "Attribute to map the UID to." : "Atributo a mapear al UID.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Sólo permitir la autenticación si la cuenta exite en algún otro backend. (p. ej. LDAP)", + "Attribute to map the displayname to." : "Atributo a mapear a displayname. ", + "Attribute to map the email address to." : "Atributo a mapear a email address.", + "Attribute to map the quota to." : "Atributo al cual mapear la cuota. ", + "Attribute to map the users groups to." : "Atributo de correspondiencia de grupos de usuarios.", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Por favor usa autenticación SAML para los %s clientes de escritorio (se requiere volver a autenticar)", + "Optional display name of the identity provider (default: \"SSO & SAML log in\")" : "Nombre a desplegar opcional de la identidad del proveedor (valor por omisión: \"Inicio de sesión SSO & SAML\")", + "Allow the use of multiple user back-ends (e.g. LDAP)" : "Permitir el uso de múltiples sistemas de back-end de usuario (p. ej. LDAP)", + "SSO & SAML authentication" : "Autenticación SSO & SAML", + "Open documentation" : "Abrir documentación", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Por favor selecciona si deseas autenticarte usando el proveedor integrado SAML de Nextcloud o si deseas autenticarte contra una variable de ambiente. ", + "Use built-in SAML authentication" : "Usar autenticación SAML integrada", + "Use environment variable" : "Usar la variable de ambiente", + "General" : "General", + "Service Provider Data" : "Datos del Proveedor de Servicio", + "If your Service Provider should use certificates you can optionally specify them here." : "Si tu Proveedor de Servicio debe usar certificados, puedes especificarlos opcionalmente desde aquí.", + "Show Service Provider settings…" : "Mostrar las configuraciones de Proveedor de Servicio...", + "Identity Provider Data" : "Datos del Proveedor de Identidad", + "Configure your IdP settings here." : "Configura las configuraciones de IdP aquí. ", + "Identifier of the IdP entity (must be a URI)" : "Identificador de la entidad IdP (debe ser un URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "URL Destino del IdP donde el SP enviará automaticamente el Mensaje de Solicitud de Autenticación", + "Show optional Identity Provider settings…" : "Mostrar las configuraciones opcionales del Proveedor de Identidad...", + "URL Location of the IdP where the SP will send the SLO Request" : "Ubicación del URL del IdP donde el SP enviará la Solicitud SLO", + "Public X.509 certificate of the IdP" : "Certificado X.509 público del IdP", + "Attribute mapping" : "Mapeo del atributo", + "If you want to optionally map attributes to the user you can configure these here." : "SI opcionalmente quieres mapear los atributos del usuario, puedes configurarlos aquí.", + "Show attribute mapping settings…" : "Mostrar las configuraciones del mapeo de atributos...", + "Security settings" : "Configuraciones de seguridad", + "For increased security we recommend enabling the following settings if supported by your environment." : "Para mayor seguridad te recomendamos habilitar las siguientes configuraciones si están soportados en tu ambiente.", + "Show security settings…" : "Mostrar las configuraciones de seguridad...", + "Signatures and encryption offered" : "Firmas y encripción disponibles", + "Signatures and encryption required" : "Firmas y encripción requeridos", + "Download metadata XML" : "Descargar metadatos XML", + "Metadata invalid" : "Metadatos inválidos", + "Metadata valid" : "Metadatos válidos", + "Error" : "Error", + "Account not provisioned." : "La cuenta no está aprovisionada. ", + "Your account is not provisioned, access to this service is thus not possible." : "Tu cuenta no ha sido aprovisionada, por lo cual el acceso a este servico no es posible. " +}, +"nplurals=2; plural=(n != 1);"); diff --git a/docker/nextcloud/user_saml/l10n/es_EC.json b/docker/nextcloud/user_saml/l10n/es_EC.json new file mode 100755 index 0000000..37aa268 --- /dev/null +++ b/docker/nextcloud/user_saml/l10n/es_EC.json @@ -0,0 +1,61 @@ +{ "translations": { + "This user account is disabled, please contact your administrator." : "Esta cuenta de usuario se encuentra deshabilitada, por favor contacta a tu administrador.", + "Saved" : "Guardado", + "Unknown error, please check the log file for more details." : "Error desonocido, por favor revisa el archivo de bitácora para más detalles.", + "Direct log in" : "Inicio de sesión directo", + "SSO & SAML log in" : "Inicio de sesión SSO & SAML", + "X.509 certificate of the Service Provider" : "certificado X.509 del Proveedor de Servicio", + "Private key of the Service Provider" : "Llave privada del Proveedor de Servicio", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Indica que el nameID de enviado por este SP será encriptado. ", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Indica si los mensajes enviados por este SP serán firmados. [Los metadatos del SP proporcionarán esta información]", + "Indicates whether the messages sent by this SP will be signed." : "Indica si los mensjaes enviados por este SP serán firmados. ", + "Indicates whether the messages sent by this SP will be signed." : "Indica is los mensajes enviados por este SP serán firmados. ", + "Whether the metadata should be signed." : "Si los metadatos deben ser firmados o no. ", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Indica un requerimiento para que los elementos recibidos , y por este SP sean firmados. ", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Indica un requerimiento para que los elementos recibidos de este SP sean firmados. [Los metadatos del SP proporcionarán esta información]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Indica un requerimiento para que los elelemtnos recibidos de este SP sean encriptados. ", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Indica un requerimiento para que el elemento NameID en la SAMLResponse recibida por este SP esté presente. ", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Indica que un requerimiento para el NameID recibido por este SP está encriptado.", + "Indicates if the SP will validate all received XML." : "Indica si el SP validará todos el XML recibido. ", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS URL-Codifica los datos SAML como minúsculas, y el juego de herramientas usa mayúsculas por defecto. Habilita para tener compatibilidad con ADFS en la verificación de la firma.", + "Attribute to map the UID to." : "Atributo a mapear al UID.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Sólo permitir la autenticación si la cuenta exite en algún otro backend. (p. ej. LDAP)", + "Attribute to map the displayname to." : "Atributo a mapear a displayname. ", + "Attribute to map the email address to." : "Atributo a mapear a email address.", + "Attribute to map the quota to." : "Atributo al cual mapear la cuota. ", + "Attribute to map the users groups to." : "Atributo de correspondiencia de grupos de usuarios.", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Por favor usa autenticación SAML para los %s clientes de escritorio (se requiere volver a autenticar)", + "Optional display name of the identity provider (default: \"SSO & SAML log in\")" : "Nombre a desplegar opcional de la identidad del proveedor (valor por omisión: \"Inicio de sesión SSO & SAML\")", + "Allow the use of multiple user back-ends (e.g. LDAP)" : "Permitir el uso de múltiples sistemas de back-end de usuario (p. ej. LDAP)", + "SSO & SAML authentication" : "Autenticación SSO & SAML", + "Open documentation" : "Abrir documentación", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Por favor selecciona si deseas autenticarte usando el proveedor integrado SAML de Nextcloud o si deseas autenticarte contra una variable de ambiente. ", + "Use built-in SAML authentication" : "Usar autenticación SAML integrada", + "Use environment variable" : "Usar la variable de ambiente", + "General" : "General", + "Service Provider Data" : "Datos del Proveedor de Servicio", + "If your Service Provider should use certificates you can optionally specify them here." : "Si tu Proveedor de Servicio debe usar certificados, puedes especificarlos opcionalmente desde aquí.", + "Show Service Provider settings…" : "Mostrar las configuraciones de Proveedor de Servicio...", + "Identity Provider Data" : "Datos del Proveedor de Identidad", + "Configure your IdP settings here." : "Configura las configuraciones de IdP aquí. ", + "Identifier of the IdP entity (must be a URI)" : "Identificador de la entidad IdP (debe ser un URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "URL Destino del IdP donde el SP enviará automaticamente el Mensaje de Solicitud de Autenticación", + "Show optional Identity Provider settings…" : "Mostrar las configuraciones opcionales del Proveedor de Identidad...", + "URL Location of the IdP where the SP will send the SLO Request" : "Ubicación del URL del IdP donde el SP enviará la Solicitud SLO", + "Public X.509 certificate of the IdP" : "Certificado X.509 público del IdP", + "Attribute mapping" : "Mapeo del atributo", + "If you want to optionally map attributes to the user you can configure these here." : "SI opcionalmente quieres mapear los atributos del usuario, puedes configurarlos aquí.", + "Show attribute mapping settings…" : "Mostrar las configuraciones del mapeo de atributos...", + "Security settings" : "Configuraciones de seguridad", + "For increased security we recommend enabling the following settings if supported by your environment." : "Para mayor seguridad te recomendamos habilitar las siguientes configuraciones si están soportados en tu ambiente.", + "Show security settings…" : "Mostrar las configuraciones de seguridad...", + "Signatures and encryption offered" : "Firmas y encripción disponibles", + "Signatures and encryption required" : "Firmas y encripción requeridos", + "Download metadata XML" : "Descargar metadatos XML", + "Metadata invalid" : "Metadatos inválidos", + "Metadata valid" : "Metadatos válidos", + "Error" : "Error", + "Account not provisioned." : "La cuenta no está aprovisionada. ", + "Your account is not provisioned, access to this service is thus not possible." : "Tu cuenta no ha sido aprovisionada, por lo cual el acceso a este servico no es posible. " +},"pluralForm" :"nplurals=2; plural=(n != 1);" +} \ No newline at end of file diff --git a/docker/nextcloud/user_saml/l10n/es_GT.js b/docker/nextcloud/user_saml/l10n/es_GT.js new file mode 100755 index 0000000..8d68fca --- /dev/null +++ b/docker/nextcloud/user_saml/l10n/es_GT.js @@ -0,0 +1,63 @@ +OC.L10N.register( + "user_saml", + { + "This user account is disabled, please contact your administrator." : "Esta cuenta de usuario se encuentra deshabilitada, por favor contacta a tu administrador.", + "Saved" : "Guardado", + "Unknown error, please check the log file for more details." : "Error desonocido, por favor revisa el archivo de bitácora para más detalles.", + "Direct log in" : "Inicio de sesión directo", + "SSO & SAML log in" : "Inicio de sesión SSO & SAML", + "X.509 certificate of the Service Provider" : "certificado X.509 del Proveedor de Servicio", + "Private key of the Service Provider" : "Llave privada del Proveedor de Servicio", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Indica que el nameID de enviado por este SP será encriptado. ", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Indica si los mensajes enviados por este SP serán firmados. [Los metadatos del SP proporcionarán esta información]", + "Indicates whether the messages sent by this SP will be signed." : "Indica si los mensjaes enviados por este SP serán firmados. ", + "Indicates whether the messages sent by this SP will be signed." : "Indica is los mensajes enviados por este SP serán firmados. ", + "Whether the metadata should be signed." : "Si los metadatos deben ser firmados o no. ", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Indica un requerimiento para que los elementos recibidos , y por este SP sean firmados. ", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Indica un requerimiento para que los elementos recibidos de este SP sean firmados. [Los metadatos del SP proporcionarán esta información]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Indica un requerimiento para que los elelemtnos recibidos de este SP sean encriptados. ", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Indica un requerimiento para que el elemento NameID en la SAMLResponse recibida por este SP esté presente. ", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Indica que un requerimiento para el NameID recibido por este SP está encriptado.", + "Indicates if the SP will validate all received XML." : "Indica si el SP validará todos el XML recibido. ", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS URL-Codifica los datos SAML como minúsculas, y el juego de herramientas usa mayúsculas por defecto. Habilita para tener compatibilidad con ADFS en la verificación de la firma.", + "Attribute to map the UID to." : "Atributo a mapear al UID.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Sólo permitir la autenticación si la cuenta exite en algún otro backend. (p. ej. LDAP)", + "Attribute to map the displayname to." : "Atributo a mapear a displayname. ", + "Attribute to map the email address to." : "Atributo a mapear a email address.", + "Attribute to map the quota to." : "Atributo al cual mapear la cuota. ", + "Attribute to map the users groups to." : "Atributo de correspondiencia de grupos de usuarios.", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Por favor usa autenticación SAML para los %s clientes de escritorio (se requiere volver a autenticar)", + "Optional display name of the identity provider (default: \"SSO & SAML log in\")" : "Nombre a desplegar opcional de la identidad del proveedor (valor por omisión: \"Inicio de sesión SSO & SAML\")", + "Allow the use of multiple user back-ends (e.g. LDAP)" : "Permitir el uso de múltiples sistemas de back-end de usuario (p. ej. LDAP)", + "SSO & SAML authentication" : "Autenticación SSO & SAML", + "Open documentation" : "Abrir documentación", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Por favor selecciona si deseas autenticarte usando el proveedor integrado SAML de Nextcloud o si deseas autenticarte contra una variable de ambiente. ", + "Use built-in SAML authentication" : "Usar autenticación SAML integrada", + "Use environment variable" : "Usar la variable de ambiente", + "General" : "General", + "Service Provider Data" : "Datos del Proveedor de Servicio", + "If your Service Provider should use certificates you can optionally specify them here." : "Si tu Proveedor de Servicio debe usar certificados, puedes especificarlos opcionalmente desde aquí.", + "Show Service Provider settings…" : "Mostrar las configuraciones de Proveedor de Servicio...", + "Identity Provider Data" : "Datos del Proveedor de Identidad", + "Configure your IdP settings here." : "Configura las configuraciones de IdP aquí. ", + "Identifier of the IdP entity (must be a URI)" : "Identificador de la entidad IdP (debe ser un URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "URL Destino del IdP donde el SP enviará automaticamente el Mensaje de Solicitud de Autenticación", + "Show optional Identity Provider settings…" : "Mostrar las configuraciones opcionales del Proveedor de Identidad...", + "URL Location of the IdP where the SP will send the SLO Request" : "Ubicación del URL del IdP donde el SP enviará la Solicitud SLO", + "Public X.509 certificate of the IdP" : "Certificado X.509 público del IdP", + "Attribute mapping" : "Mapeo del atributo", + "If you want to optionally map attributes to the user you can configure these here." : "SI opcionalmente quieres mapear los atributos del usuario, puedes configurarlos aquí.", + "Show attribute mapping settings…" : "Mostrar las configuraciones del mapeo de atributos...", + "Security settings" : "Configuraciones de seguridad", + "For increased security we recommend enabling the following settings if supported by your environment." : "Para mayor seguridad te recomendamos habilitar las siguientes configuraciones si están soportados en tu ambiente.", + "Show security settings…" : "Mostrar las configuraciones de seguridad...", + "Signatures and encryption offered" : "Firmas y encripción disponibles", + "Signatures and encryption required" : "Firmas y encripción requeridos", + "Download metadata XML" : "Descargar metadatos XML", + "Metadata invalid" : "Metadatos inválidos", + "Metadata valid" : "Metadatos válidos", + "Error" : "Error", + "Account not provisioned." : "La cuenta no está aprovisionada. ", + "Your account is not provisioned, access to this service is thus not possible." : "Tu cuenta no ha sido aprovisionada, por lo cual el acceso a este servico no es posible. " +}, +"nplurals=2; plural=(n != 1);"); diff --git a/docker/nextcloud/user_saml/l10n/es_GT.json b/docker/nextcloud/user_saml/l10n/es_GT.json new file mode 100755 index 0000000..37aa268 --- /dev/null +++ b/docker/nextcloud/user_saml/l10n/es_GT.json @@ -0,0 +1,61 @@ +{ "translations": { + "This user account is disabled, please contact your administrator." : "Esta cuenta de usuario se encuentra deshabilitada, por favor contacta a tu administrador.", + "Saved" : "Guardado", + "Unknown error, please check the log file for more details." : "Error desonocido, por favor revisa el archivo de bitácora para más detalles.", + "Direct log in" : "Inicio de sesión directo", + "SSO & SAML log in" : "Inicio de sesión SSO & SAML", + "X.509 certificate of the Service Provider" : "certificado X.509 del Proveedor de Servicio", + "Private key of the Service Provider" : "Llave privada del Proveedor de Servicio", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Indica que el nameID de enviado por este SP será encriptado. ", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Indica si los mensajes enviados por este SP serán firmados. [Los metadatos del SP proporcionarán esta información]", + "Indicates whether the messages sent by this SP will be signed." : "Indica si los mensjaes enviados por este SP serán firmados. ", + "Indicates whether the messages sent by this SP will be signed." : "Indica is los mensajes enviados por este SP serán firmados. ", + "Whether the metadata should be signed." : "Si los metadatos deben ser firmados o no. ", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Indica un requerimiento para que los elementos recibidos , y por este SP sean firmados. ", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Indica un requerimiento para que los elementos recibidos de este SP sean firmados. [Los metadatos del SP proporcionarán esta información]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Indica un requerimiento para que los elelemtnos recibidos de este SP sean encriptados. ", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Indica un requerimiento para que el elemento NameID en la SAMLResponse recibida por este SP esté presente. ", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Indica que un requerimiento para el NameID recibido por este SP está encriptado.", + "Indicates if the SP will validate all received XML." : "Indica si el SP validará todos el XML recibido. ", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS URL-Codifica los datos SAML como minúsculas, y el juego de herramientas usa mayúsculas por defecto. Habilita para tener compatibilidad con ADFS en la verificación de la firma.", + "Attribute to map the UID to." : "Atributo a mapear al UID.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Sólo permitir la autenticación si la cuenta exite en algún otro backend. (p. ej. LDAP)", + "Attribute to map the displayname to." : "Atributo a mapear a displayname. ", + "Attribute to map the email address to." : "Atributo a mapear a email address.", + "Attribute to map the quota to." : "Atributo al cual mapear la cuota. ", + "Attribute to map the users groups to." : "Atributo de correspondiencia de grupos de usuarios.", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Por favor usa autenticación SAML para los %s clientes de escritorio (se requiere volver a autenticar)", + "Optional display name of the identity provider (default: \"SSO & SAML log in\")" : "Nombre a desplegar opcional de la identidad del proveedor (valor por omisión: \"Inicio de sesión SSO & SAML\")", + "Allow the use of multiple user back-ends (e.g. LDAP)" : "Permitir el uso de múltiples sistemas de back-end de usuario (p. ej. LDAP)", + "SSO & SAML authentication" : "Autenticación SSO & SAML", + "Open documentation" : "Abrir documentación", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Por favor selecciona si deseas autenticarte usando el proveedor integrado SAML de Nextcloud o si deseas autenticarte contra una variable de ambiente. ", + "Use built-in SAML authentication" : "Usar autenticación SAML integrada", + "Use environment variable" : "Usar la variable de ambiente", + "General" : "General", + "Service Provider Data" : "Datos del Proveedor de Servicio", + "If your Service Provider should use certificates you can optionally specify them here." : "Si tu Proveedor de Servicio debe usar certificados, puedes especificarlos opcionalmente desde aquí.", + "Show Service Provider settings…" : "Mostrar las configuraciones de Proveedor de Servicio...", + "Identity Provider Data" : "Datos del Proveedor de Identidad", + "Configure your IdP settings here." : "Configura las configuraciones de IdP aquí. ", + "Identifier of the IdP entity (must be a URI)" : "Identificador de la entidad IdP (debe ser un URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "URL Destino del IdP donde el SP enviará automaticamente el Mensaje de Solicitud de Autenticación", + "Show optional Identity Provider settings…" : "Mostrar las configuraciones opcionales del Proveedor de Identidad...", + "URL Location of the IdP where the SP will send the SLO Request" : "Ubicación del URL del IdP donde el SP enviará la Solicitud SLO", + "Public X.509 certificate of the IdP" : "Certificado X.509 público del IdP", + "Attribute mapping" : "Mapeo del atributo", + "If you want to optionally map attributes to the user you can configure these here." : "SI opcionalmente quieres mapear los atributos del usuario, puedes configurarlos aquí.", + "Show attribute mapping settings…" : "Mostrar las configuraciones del mapeo de atributos...", + "Security settings" : "Configuraciones de seguridad", + "For increased security we recommend enabling the following settings if supported by your environment." : "Para mayor seguridad te recomendamos habilitar las siguientes configuraciones si están soportados en tu ambiente.", + "Show security settings…" : "Mostrar las configuraciones de seguridad...", + "Signatures and encryption offered" : "Firmas y encripción disponibles", + "Signatures and encryption required" : "Firmas y encripción requeridos", + "Download metadata XML" : "Descargar metadatos XML", + "Metadata invalid" : "Metadatos inválidos", + "Metadata valid" : "Metadatos válidos", + "Error" : "Error", + "Account not provisioned." : "La cuenta no está aprovisionada. ", + "Your account is not provisioned, access to this service is thus not possible." : "Tu cuenta no ha sido aprovisionada, por lo cual el acceso a este servico no es posible. " +},"pluralForm" :"nplurals=2; plural=(n != 1);" +} \ No newline at end of file diff --git a/docker/nextcloud/user_saml/l10n/es_HN.js b/docker/nextcloud/user_saml/l10n/es_HN.js new file mode 100755 index 0000000..1dd4add --- /dev/null +++ b/docker/nextcloud/user_saml/l10n/es_HN.js @@ -0,0 +1,55 @@ +OC.L10N.register( + "user_saml", + { + "Saved" : "Guardado", + "X.509 certificate of the Service Provider" : "certificado X.509 del Proveedor de Servicio", + "Private key of the Service Provider" : "Llave privada del Proveedor de Servicio", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Indica que el nameID de enviado por este SP será encriptado. ", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Indica si los mensajes enviados por este SP serán firmados. [Los metadatos del SP proporcionarán esta información]", + "Indicates whether the messages sent by this SP will be signed." : "Indica si los mensjaes enviados por este SP serán firmados. ", + "Indicates whether the messages sent by this SP will be signed." : "Indica is los mensajes enviados por este SP serán firmados. ", + "Whether the metadata should be signed." : "Si los metadatos deben ser firmados o no. ", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Indica un requerimiento para que los elementos recibidos , y por este SP sean firmados. ", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Indica un requerimiento para que los elementos recibidos de este SP sean firmados. [Los metadatos del SP proporcionarán esta información]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Indica un requerimiento para que los elelemtnos recibidos de este SP sean encriptados. ", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Indica un requerimiento para que el elemento NameID en la SAMLResponse recibida por este SP esté presente. ", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Indica que un requerimiento para el NameID recibido por este SP está encriptado.", + "Indicates if the SP will validate all received XML." : "Indica si el SP validará todos el XML recibido. ", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS URL-Codifica los datos SAML como minúsculas, y el juego de herramientas usa mayúsculas por defecto. Habilita para tener compatibilidad con ADFS en la verificación de la firma.", + "Attribute to map the UID to." : "Atributo a mapear al UID.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Sólo permitir la autenticación si la cuenta exite en algún otro backend. (p. ej. LDAP)", + "Attribute to map the displayname to." : "Atributo a mapear a displayname. ", + "Attribute to map the email address to." : "Atributo a mapear a email address.", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Por favor usa autenticación SAML para los %s clientes de escritorio (se requiere volver a autenticar)", + "SSO & SAML authentication" : "Autenticación SSO & SAML", + "Open documentation" : "Abrir documentación", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Por favor selecciona si deseas autenticarte usando el proveedor integrado SAML de Nextcloud o si deseas autenticarte contra una variable de ambiente. ", + "Use built-in SAML authentication" : "Usar autenticación SAML integrada", + "Use environment variable" : "Usar la variable de ambiente", + "General" : "General", + "Service Provider Data" : "Datos del Proveedor de Servicio", + "If your Service Provider should use certificates you can optionally specify them here." : "Si tu Proveedor de Servicio debe usar certificados, puedes especificarlos opcionalmente desde aquí.", + "Show Service Provider settings…" : "Mostrar las configuraciones de Proveedor de Servicio...", + "Identity Provider Data" : "Datos del Proveedor de Identidad", + "Configure your IdP settings here." : "Configura las configuraciones de IdP aquí. ", + "Identifier of the IdP entity (must be a URI)" : "Identificador de la entidad IdP (debe ser un URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "URL Destino del IdP donde el SP enviará automaticamente el Mensaje de Solicitud de Autenticación", + "Show optional Identity Provider settings…" : "Mostrar las configuraciones opcionales del Proveedor de Identidad...", + "URL Location of the IdP where the SP will send the SLO Request" : "Ubicación del URL del IdP donde el SP enviará la Solicitud SLO", + "Public X.509 certificate of the IdP" : "Certificado X.509 público del IdP", + "Attribute mapping" : "Mapeo del atributo", + "If you want to optionally map attributes to the user you can configure these here." : "SI opcionalmente quieres mapear los atributos del usuario, puedes configurarlos aquí.", + "Show attribute mapping settings…" : "Mostrar las configuraciones del mapeo de atributos...", + "Security settings" : "Configuraciones de seguridad", + "For increased security we recommend enabling the following settings if supported by your environment." : "Para mayor seguridad te recomendamos habilitar las siguientes configuraciones si están soportados en tu ambiente.", + "Show security settings…" : "Mostrar las configuraciones de seguridad...", + "Signatures and encryption offered" : "Firmas y encripción disponibles", + "Signatures and encryption required" : "Firmas y encripción requeridos", + "Download metadata XML" : "Descargar metadatos XML", + "Metadata invalid" : "Metadatos inválidos", + "Metadata valid" : "Metadatos válidos", + "Error" : "Error", + "Account not provisioned." : "La cuenta no está aprovisionada. ", + "Your account is not provisioned, access to this service is thus not possible." : "Tu cuenta no ha sido aprovisionada, por lo cual el acceso a este servico no es posible. " +}, +"nplurals=2; plural=(n != 1);"); diff --git a/docker/nextcloud/user_saml/l10n/es_HN.json b/docker/nextcloud/user_saml/l10n/es_HN.json new file mode 100755 index 0000000..d7b0780 --- /dev/null +++ b/docker/nextcloud/user_saml/l10n/es_HN.json @@ -0,0 +1,53 @@ +{ "translations": { + "Saved" : "Guardado", + "X.509 certificate of the Service Provider" : "certificado X.509 del Proveedor de Servicio", + "Private key of the Service Provider" : "Llave privada del Proveedor de Servicio", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Indica que el nameID de enviado por este SP será encriptado. ", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Indica si los mensajes enviados por este SP serán firmados. [Los metadatos del SP proporcionarán esta información]", + "Indicates whether the messages sent by this SP will be signed." : "Indica si los mensjaes enviados por este SP serán firmados. ", + "Indicates whether the messages sent by this SP will be signed." : "Indica is los mensajes enviados por este SP serán firmados. ", + "Whether the metadata should be signed." : "Si los metadatos deben ser firmados o no. ", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Indica un requerimiento para que los elementos recibidos , y por este SP sean firmados. ", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Indica un requerimiento para que los elementos recibidos de este SP sean firmados. [Los metadatos del SP proporcionarán esta información]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Indica un requerimiento para que los elelemtnos recibidos de este SP sean encriptados. ", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Indica un requerimiento para que el elemento NameID en la SAMLResponse recibida por este SP esté presente. ", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Indica que un requerimiento para el NameID recibido por este SP está encriptado.", + "Indicates if the SP will validate all received XML." : "Indica si el SP validará todos el XML recibido. ", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS URL-Codifica los datos SAML como minúsculas, y el juego de herramientas usa mayúsculas por defecto. Habilita para tener compatibilidad con ADFS en la verificación de la firma.", + "Attribute to map the UID to." : "Atributo a mapear al UID.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Sólo permitir la autenticación si la cuenta exite en algún otro backend. (p. ej. LDAP)", + "Attribute to map the displayname to." : "Atributo a mapear a displayname. ", + "Attribute to map the email address to." : "Atributo a mapear a email address.", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Por favor usa autenticación SAML para los %s clientes de escritorio (se requiere volver a autenticar)", + "SSO & SAML authentication" : "Autenticación SSO & SAML", + "Open documentation" : "Abrir documentación", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Por favor selecciona si deseas autenticarte usando el proveedor integrado SAML de Nextcloud o si deseas autenticarte contra una variable de ambiente. ", + "Use built-in SAML authentication" : "Usar autenticación SAML integrada", + "Use environment variable" : "Usar la variable de ambiente", + "General" : "General", + "Service Provider Data" : "Datos del Proveedor de Servicio", + "If your Service Provider should use certificates you can optionally specify them here." : "Si tu Proveedor de Servicio debe usar certificados, puedes especificarlos opcionalmente desde aquí.", + "Show Service Provider settings…" : "Mostrar las configuraciones de Proveedor de Servicio...", + "Identity Provider Data" : "Datos del Proveedor de Identidad", + "Configure your IdP settings here." : "Configura las configuraciones de IdP aquí. ", + "Identifier of the IdP entity (must be a URI)" : "Identificador de la entidad IdP (debe ser un URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "URL Destino del IdP donde el SP enviará automaticamente el Mensaje de Solicitud de Autenticación", + "Show optional Identity Provider settings…" : "Mostrar las configuraciones opcionales del Proveedor de Identidad...", + "URL Location of the IdP where the SP will send the SLO Request" : "Ubicación del URL del IdP donde el SP enviará la Solicitud SLO", + "Public X.509 certificate of the IdP" : "Certificado X.509 público del IdP", + "Attribute mapping" : "Mapeo del atributo", + "If you want to optionally map attributes to the user you can configure these here." : "SI opcionalmente quieres mapear los atributos del usuario, puedes configurarlos aquí.", + "Show attribute mapping settings…" : "Mostrar las configuraciones del mapeo de atributos...", + "Security settings" : "Configuraciones de seguridad", + "For increased security we recommend enabling the following settings if supported by your environment." : "Para mayor seguridad te recomendamos habilitar las siguientes configuraciones si están soportados en tu ambiente.", + "Show security settings…" : "Mostrar las configuraciones de seguridad...", + "Signatures and encryption offered" : "Firmas y encripción disponibles", + "Signatures and encryption required" : "Firmas y encripción requeridos", + "Download metadata XML" : "Descargar metadatos XML", + "Metadata invalid" : "Metadatos inválidos", + "Metadata valid" : "Metadatos válidos", + "Error" : "Error", + "Account not provisioned." : "La cuenta no está aprovisionada. ", + "Your account is not provisioned, access to this service is thus not possible." : "Tu cuenta no ha sido aprovisionada, por lo cual el acceso a este servico no es posible. " +},"pluralForm" :"nplurals=2; plural=(n != 1);" +} \ No newline at end of file diff --git a/docker/nextcloud/user_saml/l10n/es_MX.js b/docker/nextcloud/user_saml/l10n/es_MX.js new file mode 100755 index 0000000..84f1a28 --- /dev/null +++ b/docker/nextcloud/user_saml/l10n/es_MX.js @@ -0,0 +1,65 @@ +OC.L10N.register( + "user_saml", + { + "This user account is disabled, please contact your administrator." : "Esta cuenta de usuario se encuentra deshabilitada, por favor contacta a tu administrador.", + "Saved" : "Guardado", + "Unknown error, please check the log file for more details." : "Error desonocido, por favor revisa el archivo de bitácora para más detalles.", + "Direct log in" : "Inicio de sesión directo", + "SSO & SAML log in" : "Inicio de sesión SSO & SAML", + "X.509 certificate of the Service Provider" : "certificado X.509 del Proveedor de Servicio", + "Private key of the Service Provider" : "Llave privada del Proveedor de Servicio", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Indica que el nameID de enviado por este SP será encriptado. ", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Indica si los mensajes enviados por este SP serán firmados. [Los metadatos del SP proporcionarán esta información]", + "Indicates whether the messages sent by this SP will be signed." : "Indica si los mensjaes enviados por este SP serán firmados. ", + "Indicates whether the messages sent by this SP will be signed." : "Indica is los mensajes enviados por este SP serán firmados. ", + "Whether the metadata should be signed." : "Si los metadatos deben ser firmados o no. ", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Indica un requerimiento para que los elementos recibidos , y por este SP sean firmados. ", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Indica un requerimiento para que los elementos recibidos de este SP sean firmados. [Los metadatos del SP proporcionarán esta información]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Indica un requerimiento para que los elelemtnos recibidos de este SP sean encriptados. ", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Indica un requerimiento para que el elemento NameID en la SAMLResponse recibida por este SP esté presente. ", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Indica que un requerimiento para el NameID recibido por este SP está encriptado.", + "Indicates if the SP will validate all received XML." : "Indica si el SP validará todos el XML recibido. ", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS URL-Codifica los datos SAML como minúsculas, y el juego de herramientas usa mayúsculas por defecto. Habilita para tener compatibilidad con ADFS en la verificación de la firma.", + "Attribute to map the UID to." : "Atributo a mapear al UID.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Sólo permitir la autenticación si la cuenta exite en algún otro backend. (p. ej. LDAP)", + "Attribute to map the displayname to." : "Atributo a mapear a displayname. ", + "Attribute to map the email address to." : "Atributo a mapear a email address.", + "Attribute to map the quota to." : "Atributo al cual mapear la cuota. ", + "Attribute to map the users groups to." : "Atributo de correspondiencia de grupos de usuarios.", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Por favor usa autenticación SAML para los %s clientes de escritorio (se requiere volver a autenticar)", + "Optional display name of the identity provider (default: \"SSO & SAML log in\")" : "Nombre a desplegar opcional de la identidad del proveedor (valor por omisión: \"Inicio de sesión SSO & SAML\")", + "Allow the use of multiple user back-ends (e.g. LDAP)" : "Permitir el uso de múltiples sistemas de back-end de usuario (p. ej. LDAP)", + "SSO & SAML authentication" : "Autenticación SSO & SAML", + "Authenticate using single sign-on" : "Autenticar usando inicio de sesión único", + "Using the SSO & SAML app of your Nextcloud you can make it easily possible to integrate your existing Single-Sign-On solution with Nextcloud. In addition, you can use the Nextcloud LDAP user provider to keep the convenience for users. (e.g. when sharing)\nThe following providers are supported and tested at the moment:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Authentication via Environment Variable**\n\t* Kerberos (mod_auth_kerb)\n\t* Any other provider that authenticates using the environment variable\n\nWhile theoretically any other authentication provider implementing either one of those standards is compatible, we like to note that they are not part of any internal test matrix." : "Usando la aplicación de SSO & SAML de tu Nextcloud podrás hacer la integración de tu solución de Inicio de Sesión Única con Nextcloud de forma sencilla. Adicionalmente, podrás usar el proveedor de usuarios Nextcloud LDAP para la conveniencia de los usarios (p.e. al comparitr)\nLos siguientes porveedores están soportados y probados hasta este momento:\n\n* **SAML 2.0**\n* OneLogin\n* Shibboleth\n* Active Directory Federation Services (ADFS)\n\n* **Autentciación mediante Variable de Ambiente**\n* Kerberos (mod_auth_kerb)\n* Cualquier otro proveedor que autentica usando variable de ambiente\n\nMientras que teóricamente cualquier otro proveedor de autenticación que implemente cualquiera de esos estándares es compatible, nos gustaria hacer notar que no son parte de alguna matriz de pruebas interna. ", + "Open documentation" : "Abrir documentación", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Por favor selecciona si deseas autenticarte usando el proveedor integrado SAML de Nextcloud o si deseas autenticarte contra una variable de ambiente. ", + "Use built-in SAML authentication" : "Usar autenticación SAML integrada", + "Use environment variable" : "Usar la variable de ambiente", + "General" : "General", + "Service Provider Data" : "Datos del Proveedor de Servicio", + "If your Service Provider should use certificates you can optionally specify them here." : "Si tu Proveedor de Servicio debe usar certificados, puedes especificarlos opcionalmente desde aquí.", + "Show Service Provider settings…" : "Mostrar las configuraciones de Proveedor de Servicio...", + "Identity Provider Data" : "Datos del Proveedor de Identidad", + "Configure your IdP settings here." : "Configura las configuraciones de IdP aquí. ", + "Identifier of the IdP entity (must be a URI)" : "Identificador de la entidad IdP (debe ser un URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "URL Destino del IdP donde el SP enviará automaticamente el Mensaje de Solicitud de Autenticación", + "Show optional Identity Provider settings…" : "Mostrar las configuraciones opcionales del Proveedor de Identidad...", + "URL Location of the IdP where the SP will send the SLO Request" : "Ubicación del URL del IdP donde el SP enviará la Solicitud SLO", + "Public X.509 certificate of the IdP" : "Certificado X.509 público del IdP", + "Attribute mapping" : "Mapeo del atributo", + "If you want to optionally map attributes to the user you can configure these here." : "SI opcionalmente quieres mapear los atributos del usuario, puedes configurarlos aquí.", + "Show attribute mapping settings…" : "Mostrar las configuraciones del mapeo de atributos...", + "Security settings" : "Configuraciones de seguridad", + "For increased security we recommend enabling the following settings if supported by your environment." : "Para mayor seguridad te recomendamos habilitar las siguientes configuraciones si están soportados en tu ambiente.", + "Show security settings…" : "Mostrar las configuraciones de seguridad...", + "Signatures and encryption offered" : "Firmas y encripción disponibles", + "Signatures and encryption required" : "Firmas y encripción requeridos", + "Download metadata XML" : "Descargar metadatos XML", + "Metadata invalid" : "Metadatos inválidos", + "Metadata valid" : "Metadatos válidos", + "Error" : "Error", + "Account not provisioned." : "La cuenta no está aprovisionada. ", + "Your account is not provisioned, access to this service is thus not possible." : "Tu cuenta no ha sido aprovisionada, por lo cual el acceso a este servico no es posible. " +}, +"nplurals=2; plural=(n != 1);"); diff --git a/docker/nextcloud/user_saml/l10n/es_MX.json b/docker/nextcloud/user_saml/l10n/es_MX.json new file mode 100755 index 0000000..4ea4f9b --- /dev/null +++ b/docker/nextcloud/user_saml/l10n/es_MX.json @@ -0,0 +1,63 @@ +{ "translations": { + "This user account is disabled, please contact your administrator." : "Esta cuenta de usuario se encuentra deshabilitada, por favor contacta a tu administrador.", + "Saved" : "Guardado", + "Unknown error, please check the log file for more details." : "Error desonocido, por favor revisa el archivo de bitácora para más detalles.", + "Direct log in" : "Inicio de sesión directo", + "SSO & SAML log in" : "Inicio de sesión SSO & SAML", + "X.509 certificate of the Service Provider" : "certificado X.509 del Proveedor de Servicio", + "Private key of the Service Provider" : "Llave privada del Proveedor de Servicio", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Indica que el nameID de enviado por este SP será encriptado. ", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Indica si los mensajes enviados por este SP serán firmados. [Los metadatos del SP proporcionarán esta información]", + "Indicates whether the messages sent by this SP will be signed." : "Indica si los mensjaes enviados por este SP serán firmados. ", + "Indicates whether the messages sent by this SP will be signed." : "Indica is los mensajes enviados por este SP serán firmados. ", + "Whether the metadata should be signed." : "Si los metadatos deben ser firmados o no. ", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Indica un requerimiento para que los elementos recibidos , y por este SP sean firmados. ", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Indica un requerimiento para que los elementos recibidos de este SP sean firmados. [Los metadatos del SP proporcionarán esta información]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Indica un requerimiento para que los elelemtnos recibidos de este SP sean encriptados. ", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Indica un requerimiento para que el elemento NameID en la SAMLResponse recibida por este SP esté presente. ", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Indica que un requerimiento para el NameID recibido por este SP está encriptado.", + "Indicates if the SP will validate all received XML." : "Indica si el SP validará todos el XML recibido. ", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS URL-Codifica los datos SAML como minúsculas, y el juego de herramientas usa mayúsculas por defecto. Habilita para tener compatibilidad con ADFS en la verificación de la firma.", + "Attribute to map the UID to." : "Atributo a mapear al UID.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Sólo permitir la autenticación si la cuenta exite en algún otro backend. (p. ej. LDAP)", + "Attribute to map the displayname to." : "Atributo a mapear a displayname. ", + "Attribute to map the email address to." : "Atributo a mapear a email address.", + "Attribute to map the quota to." : "Atributo al cual mapear la cuota. ", + "Attribute to map the users groups to." : "Atributo de correspondiencia de grupos de usuarios.", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Por favor usa autenticación SAML para los %s clientes de escritorio (se requiere volver a autenticar)", + "Optional display name of the identity provider (default: \"SSO & SAML log in\")" : "Nombre a desplegar opcional de la identidad del proveedor (valor por omisión: \"Inicio de sesión SSO & SAML\")", + "Allow the use of multiple user back-ends (e.g. LDAP)" : "Permitir el uso de múltiples sistemas de back-end de usuario (p. ej. LDAP)", + "SSO & SAML authentication" : "Autenticación SSO & SAML", + "Authenticate using single sign-on" : "Autenticar usando inicio de sesión único", + "Using the SSO & SAML app of your Nextcloud you can make it easily possible to integrate your existing Single-Sign-On solution with Nextcloud. In addition, you can use the Nextcloud LDAP user provider to keep the convenience for users. (e.g. when sharing)\nThe following providers are supported and tested at the moment:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Authentication via Environment Variable**\n\t* Kerberos (mod_auth_kerb)\n\t* Any other provider that authenticates using the environment variable\n\nWhile theoretically any other authentication provider implementing either one of those standards is compatible, we like to note that they are not part of any internal test matrix." : "Usando la aplicación de SSO & SAML de tu Nextcloud podrás hacer la integración de tu solución de Inicio de Sesión Única con Nextcloud de forma sencilla. Adicionalmente, podrás usar el proveedor de usuarios Nextcloud LDAP para la conveniencia de los usarios (p.e. al comparitr)\nLos siguientes porveedores están soportados y probados hasta este momento:\n\n* **SAML 2.0**\n* OneLogin\n* Shibboleth\n* Active Directory Federation Services (ADFS)\n\n* **Autentciación mediante Variable de Ambiente**\n* Kerberos (mod_auth_kerb)\n* Cualquier otro proveedor que autentica usando variable de ambiente\n\nMientras que teóricamente cualquier otro proveedor de autenticación que implemente cualquiera de esos estándares es compatible, nos gustaria hacer notar que no son parte de alguna matriz de pruebas interna. ", + "Open documentation" : "Abrir documentación", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Por favor selecciona si deseas autenticarte usando el proveedor integrado SAML de Nextcloud o si deseas autenticarte contra una variable de ambiente. ", + "Use built-in SAML authentication" : "Usar autenticación SAML integrada", + "Use environment variable" : "Usar la variable de ambiente", + "General" : "General", + "Service Provider Data" : "Datos del Proveedor de Servicio", + "If your Service Provider should use certificates you can optionally specify them here." : "Si tu Proveedor de Servicio debe usar certificados, puedes especificarlos opcionalmente desde aquí.", + "Show Service Provider settings…" : "Mostrar las configuraciones de Proveedor de Servicio...", + "Identity Provider Data" : "Datos del Proveedor de Identidad", + "Configure your IdP settings here." : "Configura las configuraciones de IdP aquí. ", + "Identifier of the IdP entity (must be a URI)" : "Identificador de la entidad IdP (debe ser un URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "URL Destino del IdP donde el SP enviará automaticamente el Mensaje de Solicitud de Autenticación", + "Show optional Identity Provider settings…" : "Mostrar las configuraciones opcionales del Proveedor de Identidad...", + "URL Location of the IdP where the SP will send the SLO Request" : "Ubicación del URL del IdP donde el SP enviará la Solicitud SLO", + "Public X.509 certificate of the IdP" : "Certificado X.509 público del IdP", + "Attribute mapping" : "Mapeo del atributo", + "If you want to optionally map attributes to the user you can configure these here." : "SI opcionalmente quieres mapear los atributos del usuario, puedes configurarlos aquí.", + "Show attribute mapping settings…" : "Mostrar las configuraciones del mapeo de atributos...", + "Security settings" : "Configuraciones de seguridad", + "For increased security we recommend enabling the following settings if supported by your environment." : "Para mayor seguridad te recomendamos habilitar las siguientes configuraciones si están soportados en tu ambiente.", + "Show security settings…" : "Mostrar las configuraciones de seguridad...", + "Signatures and encryption offered" : "Firmas y encripción disponibles", + "Signatures and encryption required" : "Firmas y encripción requeridos", + "Download metadata XML" : "Descargar metadatos XML", + "Metadata invalid" : "Metadatos inválidos", + "Metadata valid" : "Metadatos válidos", + "Error" : "Error", + "Account not provisioned." : "La cuenta no está aprovisionada. ", + "Your account is not provisioned, access to this service is thus not possible." : "Tu cuenta no ha sido aprovisionada, por lo cual el acceso a este servico no es posible. " +},"pluralForm" :"nplurals=2; plural=(n != 1);" +} \ No newline at end of file diff --git a/docker/nextcloud/user_saml/l10n/es_NI.js b/docker/nextcloud/user_saml/l10n/es_NI.js new file mode 100755 index 0000000..1dd4add --- /dev/null +++ b/docker/nextcloud/user_saml/l10n/es_NI.js @@ -0,0 +1,55 @@ +OC.L10N.register( + "user_saml", + { + "Saved" : "Guardado", + "X.509 certificate of the Service Provider" : "certificado X.509 del Proveedor de Servicio", + "Private key of the Service Provider" : "Llave privada del Proveedor de Servicio", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Indica que el nameID de enviado por este SP será encriptado. ", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Indica si los mensajes enviados por este SP serán firmados. [Los metadatos del SP proporcionarán esta información]", + "Indicates whether the messages sent by this SP will be signed." : "Indica si los mensjaes enviados por este SP serán firmados. ", + "Indicates whether the messages sent by this SP will be signed." : "Indica is los mensajes enviados por este SP serán firmados. ", + "Whether the metadata should be signed." : "Si los metadatos deben ser firmados o no. ", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Indica un requerimiento para que los elementos recibidos , y por este SP sean firmados. ", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Indica un requerimiento para que los elementos recibidos de este SP sean firmados. [Los metadatos del SP proporcionarán esta información]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Indica un requerimiento para que los elelemtnos recibidos de este SP sean encriptados. ", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Indica un requerimiento para que el elemento NameID en la SAMLResponse recibida por este SP esté presente. ", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Indica que un requerimiento para el NameID recibido por este SP está encriptado.", + "Indicates if the SP will validate all received XML." : "Indica si el SP validará todos el XML recibido. ", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS URL-Codifica los datos SAML como minúsculas, y el juego de herramientas usa mayúsculas por defecto. Habilita para tener compatibilidad con ADFS en la verificación de la firma.", + "Attribute to map the UID to." : "Atributo a mapear al UID.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Sólo permitir la autenticación si la cuenta exite en algún otro backend. (p. ej. LDAP)", + "Attribute to map the displayname to." : "Atributo a mapear a displayname. ", + "Attribute to map the email address to." : "Atributo a mapear a email address.", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Por favor usa autenticación SAML para los %s clientes de escritorio (se requiere volver a autenticar)", + "SSO & SAML authentication" : "Autenticación SSO & SAML", + "Open documentation" : "Abrir documentación", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Por favor selecciona si deseas autenticarte usando el proveedor integrado SAML de Nextcloud o si deseas autenticarte contra una variable de ambiente. ", + "Use built-in SAML authentication" : "Usar autenticación SAML integrada", + "Use environment variable" : "Usar la variable de ambiente", + "General" : "General", + "Service Provider Data" : "Datos del Proveedor de Servicio", + "If your Service Provider should use certificates you can optionally specify them here." : "Si tu Proveedor de Servicio debe usar certificados, puedes especificarlos opcionalmente desde aquí.", + "Show Service Provider settings…" : "Mostrar las configuraciones de Proveedor de Servicio...", + "Identity Provider Data" : "Datos del Proveedor de Identidad", + "Configure your IdP settings here." : "Configura las configuraciones de IdP aquí. ", + "Identifier of the IdP entity (must be a URI)" : "Identificador de la entidad IdP (debe ser un URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "URL Destino del IdP donde el SP enviará automaticamente el Mensaje de Solicitud de Autenticación", + "Show optional Identity Provider settings…" : "Mostrar las configuraciones opcionales del Proveedor de Identidad...", + "URL Location of the IdP where the SP will send the SLO Request" : "Ubicación del URL del IdP donde el SP enviará la Solicitud SLO", + "Public X.509 certificate of the IdP" : "Certificado X.509 público del IdP", + "Attribute mapping" : "Mapeo del atributo", + "If you want to optionally map attributes to the user you can configure these here." : "SI opcionalmente quieres mapear los atributos del usuario, puedes configurarlos aquí.", + "Show attribute mapping settings…" : "Mostrar las configuraciones del mapeo de atributos...", + "Security settings" : "Configuraciones de seguridad", + "For increased security we recommend enabling the following settings if supported by your environment." : "Para mayor seguridad te recomendamos habilitar las siguientes configuraciones si están soportados en tu ambiente.", + "Show security settings…" : "Mostrar las configuraciones de seguridad...", + "Signatures and encryption offered" : "Firmas y encripción disponibles", + "Signatures and encryption required" : "Firmas y encripción requeridos", + "Download metadata XML" : "Descargar metadatos XML", + "Metadata invalid" : "Metadatos inválidos", + "Metadata valid" : "Metadatos válidos", + "Error" : "Error", + "Account not provisioned." : "La cuenta no está aprovisionada. ", + "Your account is not provisioned, access to this service is thus not possible." : "Tu cuenta no ha sido aprovisionada, por lo cual el acceso a este servico no es posible. " +}, +"nplurals=2; plural=(n != 1);"); diff --git a/docker/nextcloud/user_saml/l10n/es_NI.json b/docker/nextcloud/user_saml/l10n/es_NI.json new file mode 100755 index 0000000..d7b0780 --- /dev/null +++ b/docker/nextcloud/user_saml/l10n/es_NI.json @@ -0,0 +1,53 @@ +{ "translations": { + "Saved" : "Guardado", + "X.509 certificate of the Service Provider" : "certificado X.509 del Proveedor de Servicio", + "Private key of the Service Provider" : "Llave privada del Proveedor de Servicio", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Indica que el nameID de enviado por este SP será encriptado. ", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Indica si los mensajes enviados por este SP serán firmados. [Los metadatos del SP proporcionarán esta información]", + "Indicates whether the messages sent by this SP will be signed." : "Indica si los mensjaes enviados por este SP serán firmados. ", + "Indicates whether the messages sent by this SP will be signed." : "Indica is los mensajes enviados por este SP serán firmados. ", + "Whether the metadata should be signed." : "Si los metadatos deben ser firmados o no. ", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Indica un requerimiento para que los elementos recibidos , y por este SP sean firmados. ", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Indica un requerimiento para que los elementos recibidos de este SP sean firmados. [Los metadatos del SP proporcionarán esta información]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Indica un requerimiento para que los elelemtnos recibidos de este SP sean encriptados. ", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Indica un requerimiento para que el elemento NameID en la SAMLResponse recibida por este SP esté presente. ", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Indica que un requerimiento para el NameID recibido por este SP está encriptado.", + "Indicates if the SP will validate all received XML." : "Indica si el SP validará todos el XML recibido. ", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS URL-Codifica los datos SAML como minúsculas, y el juego de herramientas usa mayúsculas por defecto. Habilita para tener compatibilidad con ADFS en la verificación de la firma.", + "Attribute to map the UID to." : "Atributo a mapear al UID.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Sólo permitir la autenticación si la cuenta exite en algún otro backend. (p. ej. LDAP)", + "Attribute to map the displayname to." : "Atributo a mapear a displayname. ", + "Attribute to map the email address to." : "Atributo a mapear a email address.", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Por favor usa autenticación SAML para los %s clientes de escritorio (se requiere volver a autenticar)", + "SSO & SAML authentication" : "Autenticación SSO & SAML", + "Open documentation" : "Abrir documentación", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Por favor selecciona si deseas autenticarte usando el proveedor integrado SAML de Nextcloud o si deseas autenticarte contra una variable de ambiente. ", + "Use built-in SAML authentication" : "Usar autenticación SAML integrada", + "Use environment variable" : "Usar la variable de ambiente", + "General" : "General", + "Service Provider Data" : "Datos del Proveedor de Servicio", + "If your Service Provider should use certificates you can optionally specify them here." : "Si tu Proveedor de Servicio debe usar certificados, puedes especificarlos opcionalmente desde aquí.", + "Show Service Provider settings…" : "Mostrar las configuraciones de Proveedor de Servicio...", + "Identity Provider Data" : "Datos del Proveedor de Identidad", + "Configure your IdP settings here." : "Configura las configuraciones de IdP aquí. ", + "Identifier of the IdP entity (must be a URI)" : "Identificador de la entidad IdP (debe ser un URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "URL Destino del IdP donde el SP enviará automaticamente el Mensaje de Solicitud de Autenticación", + "Show optional Identity Provider settings…" : "Mostrar las configuraciones opcionales del Proveedor de Identidad...", + "URL Location of the IdP where the SP will send the SLO Request" : "Ubicación del URL del IdP donde el SP enviará la Solicitud SLO", + "Public X.509 certificate of the IdP" : "Certificado X.509 público del IdP", + "Attribute mapping" : "Mapeo del atributo", + "If you want to optionally map attributes to the user you can configure these here." : "SI opcionalmente quieres mapear los atributos del usuario, puedes configurarlos aquí.", + "Show attribute mapping settings…" : "Mostrar las configuraciones del mapeo de atributos...", + "Security settings" : "Configuraciones de seguridad", + "For increased security we recommend enabling the following settings if supported by your environment." : "Para mayor seguridad te recomendamos habilitar las siguientes configuraciones si están soportados en tu ambiente.", + "Show security settings…" : "Mostrar las configuraciones de seguridad...", + "Signatures and encryption offered" : "Firmas y encripción disponibles", + "Signatures and encryption required" : "Firmas y encripción requeridos", + "Download metadata XML" : "Descargar metadatos XML", + "Metadata invalid" : "Metadatos inválidos", + "Metadata valid" : "Metadatos válidos", + "Error" : "Error", + "Account not provisioned." : "La cuenta no está aprovisionada. ", + "Your account is not provisioned, access to this service is thus not possible." : "Tu cuenta no ha sido aprovisionada, por lo cual el acceso a este servico no es posible. " +},"pluralForm" :"nplurals=2; plural=(n != 1);" +} \ No newline at end of file diff --git a/docker/nextcloud/user_saml/l10n/es_PA.js b/docker/nextcloud/user_saml/l10n/es_PA.js new file mode 100755 index 0000000..1dd4add --- /dev/null +++ b/docker/nextcloud/user_saml/l10n/es_PA.js @@ -0,0 +1,55 @@ +OC.L10N.register( + "user_saml", + { + "Saved" : "Guardado", + "X.509 certificate of the Service Provider" : "certificado X.509 del Proveedor de Servicio", + "Private key of the Service Provider" : "Llave privada del Proveedor de Servicio", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Indica que el nameID de enviado por este SP será encriptado. ", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Indica si los mensajes enviados por este SP serán firmados. [Los metadatos del SP proporcionarán esta información]", + "Indicates whether the messages sent by this SP will be signed." : "Indica si los mensjaes enviados por este SP serán firmados. ", + "Indicates whether the messages sent by this SP will be signed." : "Indica is los mensajes enviados por este SP serán firmados. ", + "Whether the metadata should be signed." : "Si los metadatos deben ser firmados o no. ", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Indica un requerimiento para que los elementos recibidos , y por este SP sean firmados. ", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Indica un requerimiento para que los elementos recibidos de este SP sean firmados. [Los metadatos del SP proporcionarán esta información]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Indica un requerimiento para que los elelemtnos recibidos de este SP sean encriptados. ", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Indica un requerimiento para que el elemento NameID en la SAMLResponse recibida por este SP esté presente. ", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Indica que un requerimiento para el NameID recibido por este SP está encriptado.", + "Indicates if the SP will validate all received XML." : "Indica si el SP validará todos el XML recibido. ", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS URL-Codifica los datos SAML como minúsculas, y el juego de herramientas usa mayúsculas por defecto. Habilita para tener compatibilidad con ADFS en la verificación de la firma.", + "Attribute to map the UID to." : "Atributo a mapear al UID.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Sólo permitir la autenticación si la cuenta exite en algún otro backend. (p. ej. LDAP)", + "Attribute to map the displayname to." : "Atributo a mapear a displayname. ", + "Attribute to map the email address to." : "Atributo a mapear a email address.", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Por favor usa autenticación SAML para los %s clientes de escritorio (se requiere volver a autenticar)", + "SSO & SAML authentication" : "Autenticación SSO & SAML", + "Open documentation" : "Abrir documentación", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Por favor selecciona si deseas autenticarte usando el proveedor integrado SAML de Nextcloud o si deseas autenticarte contra una variable de ambiente. ", + "Use built-in SAML authentication" : "Usar autenticación SAML integrada", + "Use environment variable" : "Usar la variable de ambiente", + "General" : "General", + "Service Provider Data" : "Datos del Proveedor de Servicio", + "If your Service Provider should use certificates you can optionally specify them here." : "Si tu Proveedor de Servicio debe usar certificados, puedes especificarlos opcionalmente desde aquí.", + "Show Service Provider settings…" : "Mostrar las configuraciones de Proveedor de Servicio...", + "Identity Provider Data" : "Datos del Proveedor de Identidad", + "Configure your IdP settings here." : "Configura las configuraciones de IdP aquí. ", + "Identifier of the IdP entity (must be a URI)" : "Identificador de la entidad IdP (debe ser un URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "URL Destino del IdP donde el SP enviará automaticamente el Mensaje de Solicitud de Autenticación", + "Show optional Identity Provider settings…" : "Mostrar las configuraciones opcionales del Proveedor de Identidad...", + "URL Location of the IdP where the SP will send the SLO Request" : "Ubicación del URL del IdP donde el SP enviará la Solicitud SLO", + "Public X.509 certificate of the IdP" : "Certificado X.509 público del IdP", + "Attribute mapping" : "Mapeo del atributo", + "If you want to optionally map attributes to the user you can configure these here." : "SI opcionalmente quieres mapear los atributos del usuario, puedes configurarlos aquí.", + "Show attribute mapping settings…" : "Mostrar las configuraciones del mapeo de atributos...", + "Security settings" : "Configuraciones de seguridad", + "For increased security we recommend enabling the following settings if supported by your environment." : "Para mayor seguridad te recomendamos habilitar las siguientes configuraciones si están soportados en tu ambiente.", + "Show security settings…" : "Mostrar las configuraciones de seguridad...", + "Signatures and encryption offered" : "Firmas y encripción disponibles", + "Signatures and encryption required" : "Firmas y encripción requeridos", + "Download metadata XML" : "Descargar metadatos XML", + "Metadata invalid" : "Metadatos inválidos", + "Metadata valid" : "Metadatos válidos", + "Error" : "Error", + "Account not provisioned." : "La cuenta no está aprovisionada. ", + "Your account is not provisioned, access to this service is thus not possible." : "Tu cuenta no ha sido aprovisionada, por lo cual el acceso a este servico no es posible. " +}, +"nplurals=2; plural=(n != 1);"); diff --git a/docker/nextcloud/user_saml/l10n/es_PA.json b/docker/nextcloud/user_saml/l10n/es_PA.json new file mode 100755 index 0000000..d7b0780 --- /dev/null +++ b/docker/nextcloud/user_saml/l10n/es_PA.json @@ -0,0 +1,53 @@ +{ "translations": { + "Saved" : "Guardado", + "X.509 certificate of the Service Provider" : "certificado X.509 del Proveedor de Servicio", + "Private key of the Service Provider" : "Llave privada del Proveedor de Servicio", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Indica que el nameID de enviado por este SP será encriptado. ", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Indica si los mensajes enviados por este SP serán firmados. [Los metadatos del SP proporcionarán esta información]", + "Indicates whether the messages sent by this SP will be signed." : "Indica si los mensjaes enviados por este SP serán firmados. ", + "Indicates whether the messages sent by this SP will be signed." : "Indica is los mensajes enviados por este SP serán firmados. ", + "Whether the metadata should be signed." : "Si los metadatos deben ser firmados o no. ", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Indica un requerimiento para que los elementos recibidos , y por este SP sean firmados. ", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Indica un requerimiento para que los elementos recibidos de este SP sean firmados. [Los metadatos del SP proporcionarán esta información]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Indica un requerimiento para que los elelemtnos recibidos de este SP sean encriptados. ", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Indica un requerimiento para que el elemento NameID en la SAMLResponse recibida por este SP esté presente. ", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Indica que un requerimiento para el NameID recibido por este SP está encriptado.", + "Indicates if the SP will validate all received XML." : "Indica si el SP validará todos el XML recibido. ", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS URL-Codifica los datos SAML como minúsculas, y el juego de herramientas usa mayúsculas por defecto. Habilita para tener compatibilidad con ADFS en la verificación de la firma.", + "Attribute to map the UID to." : "Atributo a mapear al UID.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Sólo permitir la autenticación si la cuenta exite en algún otro backend. (p. ej. LDAP)", + "Attribute to map the displayname to." : "Atributo a mapear a displayname. ", + "Attribute to map the email address to." : "Atributo a mapear a email address.", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Por favor usa autenticación SAML para los %s clientes de escritorio (se requiere volver a autenticar)", + "SSO & SAML authentication" : "Autenticación SSO & SAML", + "Open documentation" : "Abrir documentación", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Por favor selecciona si deseas autenticarte usando el proveedor integrado SAML de Nextcloud o si deseas autenticarte contra una variable de ambiente. ", + "Use built-in SAML authentication" : "Usar autenticación SAML integrada", + "Use environment variable" : "Usar la variable de ambiente", + "General" : "General", + "Service Provider Data" : "Datos del Proveedor de Servicio", + "If your Service Provider should use certificates you can optionally specify them here." : "Si tu Proveedor de Servicio debe usar certificados, puedes especificarlos opcionalmente desde aquí.", + "Show Service Provider settings…" : "Mostrar las configuraciones de Proveedor de Servicio...", + "Identity Provider Data" : "Datos del Proveedor de Identidad", + "Configure your IdP settings here." : "Configura las configuraciones de IdP aquí. ", + "Identifier of the IdP entity (must be a URI)" : "Identificador de la entidad IdP (debe ser un URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "URL Destino del IdP donde el SP enviará automaticamente el Mensaje de Solicitud de Autenticación", + "Show optional Identity Provider settings…" : "Mostrar las configuraciones opcionales del Proveedor de Identidad...", + "URL Location of the IdP where the SP will send the SLO Request" : "Ubicación del URL del IdP donde el SP enviará la Solicitud SLO", + "Public X.509 certificate of the IdP" : "Certificado X.509 público del IdP", + "Attribute mapping" : "Mapeo del atributo", + "If you want to optionally map attributes to the user you can configure these here." : "SI opcionalmente quieres mapear los atributos del usuario, puedes configurarlos aquí.", + "Show attribute mapping settings…" : "Mostrar las configuraciones del mapeo de atributos...", + "Security settings" : "Configuraciones de seguridad", + "For increased security we recommend enabling the following settings if supported by your environment." : "Para mayor seguridad te recomendamos habilitar las siguientes configuraciones si están soportados en tu ambiente.", + "Show security settings…" : "Mostrar las configuraciones de seguridad...", + "Signatures and encryption offered" : "Firmas y encripción disponibles", + "Signatures and encryption required" : "Firmas y encripción requeridos", + "Download metadata XML" : "Descargar metadatos XML", + "Metadata invalid" : "Metadatos inválidos", + "Metadata valid" : "Metadatos válidos", + "Error" : "Error", + "Account not provisioned." : "La cuenta no está aprovisionada. ", + "Your account is not provisioned, access to this service is thus not possible." : "Tu cuenta no ha sido aprovisionada, por lo cual el acceso a este servico no es posible. " +},"pluralForm" :"nplurals=2; plural=(n != 1);" +} \ No newline at end of file diff --git a/docker/nextcloud/user_saml/l10n/es_PE.js b/docker/nextcloud/user_saml/l10n/es_PE.js new file mode 100755 index 0000000..1dd4add --- /dev/null +++ b/docker/nextcloud/user_saml/l10n/es_PE.js @@ -0,0 +1,55 @@ +OC.L10N.register( + "user_saml", + { + "Saved" : "Guardado", + "X.509 certificate of the Service Provider" : "certificado X.509 del Proveedor de Servicio", + "Private key of the Service Provider" : "Llave privada del Proveedor de Servicio", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Indica que el nameID de enviado por este SP será encriptado. ", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Indica si los mensajes enviados por este SP serán firmados. [Los metadatos del SP proporcionarán esta información]", + "Indicates whether the messages sent by this SP will be signed." : "Indica si los mensjaes enviados por este SP serán firmados. ", + "Indicates whether the messages sent by this SP will be signed." : "Indica is los mensajes enviados por este SP serán firmados. ", + "Whether the metadata should be signed." : "Si los metadatos deben ser firmados o no. ", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Indica un requerimiento para que los elementos recibidos , y por este SP sean firmados. ", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Indica un requerimiento para que los elementos recibidos de este SP sean firmados. [Los metadatos del SP proporcionarán esta información]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Indica un requerimiento para que los elelemtnos recibidos de este SP sean encriptados. ", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Indica un requerimiento para que el elemento NameID en la SAMLResponse recibida por este SP esté presente. ", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Indica que un requerimiento para el NameID recibido por este SP está encriptado.", + "Indicates if the SP will validate all received XML." : "Indica si el SP validará todos el XML recibido. ", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS URL-Codifica los datos SAML como minúsculas, y el juego de herramientas usa mayúsculas por defecto. Habilita para tener compatibilidad con ADFS en la verificación de la firma.", + "Attribute to map the UID to." : "Atributo a mapear al UID.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Sólo permitir la autenticación si la cuenta exite en algún otro backend. (p. ej. LDAP)", + "Attribute to map the displayname to." : "Atributo a mapear a displayname. ", + "Attribute to map the email address to." : "Atributo a mapear a email address.", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Por favor usa autenticación SAML para los %s clientes de escritorio (se requiere volver a autenticar)", + "SSO & SAML authentication" : "Autenticación SSO & SAML", + "Open documentation" : "Abrir documentación", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Por favor selecciona si deseas autenticarte usando el proveedor integrado SAML de Nextcloud o si deseas autenticarte contra una variable de ambiente. ", + "Use built-in SAML authentication" : "Usar autenticación SAML integrada", + "Use environment variable" : "Usar la variable de ambiente", + "General" : "General", + "Service Provider Data" : "Datos del Proveedor de Servicio", + "If your Service Provider should use certificates you can optionally specify them here." : "Si tu Proveedor de Servicio debe usar certificados, puedes especificarlos opcionalmente desde aquí.", + "Show Service Provider settings…" : "Mostrar las configuraciones de Proveedor de Servicio...", + "Identity Provider Data" : "Datos del Proveedor de Identidad", + "Configure your IdP settings here." : "Configura las configuraciones de IdP aquí. ", + "Identifier of the IdP entity (must be a URI)" : "Identificador de la entidad IdP (debe ser un URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "URL Destino del IdP donde el SP enviará automaticamente el Mensaje de Solicitud de Autenticación", + "Show optional Identity Provider settings…" : "Mostrar las configuraciones opcionales del Proveedor de Identidad...", + "URL Location of the IdP where the SP will send the SLO Request" : "Ubicación del URL del IdP donde el SP enviará la Solicitud SLO", + "Public X.509 certificate of the IdP" : "Certificado X.509 público del IdP", + "Attribute mapping" : "Mapeo del atributo", + "If you want to optionally map attributes to the user you can configure these here." : "SI opcionalmente quieres mapear los atributos del usuario, puedes configurarlos aquí.", + "Show attribute mapping settings…" : "Mostrar las configuraciones del mapeo de atributos...", + "Security settings" : "Configuraciones de seguridad", + "For increased security we recommend enabling the following settings if supported by your environment." : "Para mayor seguridad te recomendamos habilitar las siguientes configuraciones si están soportados en tu ambiente.", + "Show security settings…" : "Mostrar las configuraciones de seguridad...", + "Signatures and encryption offered" : "Firmas y encripción disponibles", + "Signatures and encryption required" : "Firmas y encripción requeridos", + "Download metadata XML" : "Descargar metadatos XML", + "Metadata invalid" : "Metadatos inválidos", + "Metadata valid" : "Metadatos válidos", + "Error" : "Error", + "Account not provisioned." : "La cuenta no está aprovisionada. ", + "Your account is not provisioned, access to this service is thus not possible." : "Tu cuenta no ha sido aprovisionada, por lo cual el acceso a este servico no es posible. " +}, +"nplurals=2; plural=(n != 1);"); diff --git a/docker/nextcloud/user_saml/l10n/es_PE.json b/docker/nextcloud/user_saml/l10n/es_PE.json new file mode 100755 index 0000000..d7b0780 --- /dev/null +++ b/docker/nextcloud/user_saml/l10n/es_PE.json @@ -0,0 +1,53 @@ +{ "translations": { + "Saved" : "Guardado", + "X.509 certificate of the Service Provider" : "certificado X.509 del Proveedor de Servicio", + "Private key of the Service Provider" : "Llave privada del Proveedor de Servicio", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Indica que el nameID de enviado por este SP será encriptado. ", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Indica si los mensajes enviados por este SP serán firmados. [Los metadatos del SP proporcionarán esta información]", + "Indicates whether the messages sent by this SP will be signed." : "Indica si los mensjaes enviados por este SP serán firmados. ", + "Indicates whether the messages sent by this SP will be signed." : "Indica is los mensajes enviados por este SP serán firmados. ", + "Whether the metadata should be signed." : "Si los metadatos deben ser firmados o no. ", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Indica un requerimiento para que los elementos recibidos , y por este SP sean firmados. ", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Indica un requerimiento para que los elementos recibidos de este SP sean firmados. [Los metadatos del SP proporcionarán esta información]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Indica un requerimiento para que los elelemtnos recibidos de este SP sean encriptados. ", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Indica un requerimiento para que el elemento NameID en la SAMLResponse recibida por este SP esté presente. ", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Indica que un requerimiento para el NameID recibido por este SP está encriptado.", + "Indicates if the SP will validate all received XML." : "Indica si el SP validará todos el XML recibido. ", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS URL-Codifica los datos SAML como minúsculas, y el juego de herramientas usa mayúsculas por defecto. Habilita para tener compatibilidad con ADFS en la verificación de la firma.", + "Attribute to map the UID to." : "Atributo a mapear al UID.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Sólo permitir la autenticación si la cuenta exite en algún otro backend. (p. ej. LDAP)", + "Attribute to map the displayname to." : "Atributo a mapear a displayname. ", + "Attribute to map the email address to." : "Atributo a mapear a email address.", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Por favor usa autenticación SAML para los %s clientes de escritorio (se requiere volver a autenticar)", + "SSO & SAML authentication" : "Autenticación SSO & SAML", + "Open documentation" : "Abrir documentación", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Por favor selecciona si deseas autenticarte usando el proveedor integrado SAML de Nextcloud o si deseas autenticarte contra una variable de ambiente. ", + "Use built-in SAML authentication" : "Usar autenticación SAML integrada", + "Use environment variable" : "Usar la variable de ambiente", + "General" : "General", + "Service Provider Data" : "Datos del Proveedor de Servicio", + "If your Service Provider should use certificates you can optionally specify them here." : "Si tu Proveedor de Servicio debe usar certificados, puedes especificarlos opcionalmente desde aquí.", + "Show Service Provider settings…" : "Mostrar las configuraciones de Proveedor de Servicio...", + "Identity Provider Data" : "Datos del Proveedor de Identidad", + "Configure your IdP settings here." : "Configura las configuraciones de IdP aquí. ", + "Identifier of the IdP entity (must be a URI)" : "Identificador de la entidad IdP (debe ser un URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "URL Destino del IdP donde el SP enviará automaticamente el Mensaje de Solicitud de Autenticación", + "Show optional Identity Provider settings…" : "Mostrar las configuraciones opcionales del Proveedor de Identidad...", + "URL Location of the IdP where the SP will send the SLO Request" : "Ubicación del URL del IdP donde el SP enviará la Solicitud SLO", + "Public X.509 certificate of the IdP" : "Certificado X.509 público del IdP", + "Attribute mapping" : "Mapeo del atributo", + "If you want to optionally map attributes to the user you can configure these here." : "SI opcionalmente quieres mapear los atributos del usuario, puedes configurarlos aquí.", + "Show attribute mapping settings…" : "Mostrar las configuraciones del mapeo de atributos...", + "Security settings" : "Configuraciones de seguridad", + "For increased security we recommend enabling the following settings if supported by your environment." : "Para mayor seguridad te recomendamos habilitar las siguientes configuraciones si están soportados en tu ambiente.", + "Show security settings…" : "Mostrar las configuraciones de seguridad...", + "Signatures and encryption offered" : "Firmas y encripción disponibles", + "Signatures and encryption required" : "Firmas y encripción requeridos", + "Download metadata XML" : "Descargar metadatos XML", + "Metadata invalid" : "Metadatos inválidos", + "Metadata valid" : "Metadatos válidos", + "Error" : "Error", + "Account not provisioned." : "La cuenta no está aprovisionada. ", + "Your account is not provisioned, access to this service is thus not possible." : "Tu cuenta no ha sido aprovisionada, por lo cual el acceso a este servico no es posible. " +},"pluralForm" :"nplurals=2; plural=(n != 1);" +} \ No newline at end of file diff --git a/docker/nextcloud/user_saml/l10n/es_PR.js b/docker/nextcloud/user_saml/l10n/es_PR.js new file mode 100755 index 0000000..1dd4add --- /dev/null +++ b/docker/nextcloud/user_saml/l10n/es_PR.js @@ -0,0 +1,55 @@ +OC.L10N.register( + "user_saml", + { + "Saved" : "Guardado", + "X.509 certificate of the Service Provider" : "certificado X.509 del Proveedor de Servicio", + "Private key of the Service Provider" : "Llave privada del Proveedor de Servicio", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Indica que el nameID de enviado por este SP será encriptado. ", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Indica si los mensajes enviados por este SP serán firmados. [Los metadatos del SP proporcionarán esta información]", + "Indicates whether the messages sent by this SP will be signed." : "Indica si los mensjaes enviados por este SP serán firmados. ", + "Indicates whether the messages sent by this SP will be signed." : "Indica is los mensajes enviados por este SP serán firmados. ", + "Whether the metadata should be signed." : "Si los metadatos deben ser firmados o no. ", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Indica un requerimiento para que los elementos recibidos , y por este SP sean firmados. ", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Indica un requerimiento para que los elementos recibidos de este SP sean firmados. [Los metadatos del SP proporcionarán esta información]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Indica un requerimiento para que los elelemtnos recibidos de este SP sean encriptados. ", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Indica un requerimiento para que el elemento NameID en la SAMLResponse recibida por este SP esté presente. ", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Indica que un requerimiento para el NameID recibido por este SP está encriptado.", + "Indicates if the SP will validate all received XML." : "Indica si el SP validará todos el XML recibido. ", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS URL-Codifica los datos SAML como minúsculas, y el juego de herramientas usa mayúsculas por defecto. Habilita para tener compatibilidad con ADFS en la verificación de la firma.", + "Attribute to map the UID to." : "Atributo a mapear al UID.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Sólo permitir la autenticación si la cuenta exite en algún otro backend. (p. ej. LDAP)", + "Attribute to map the displayname to." : "Atributo a mapear a displayname. ", + "Attribute to map the email address to." : "Atributo a mapear a email address.", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Por favor usa autenticación SAML para los %s clientes de escritorio (se requiere volver a autenticar)", + "SSO & SAML authentication" : "Autenticación SSO & SAML", + "Open documentation" : "Abrir documentación", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Por favor selecciona si deseas autenticarte usando el proveedor integrado SAML de Nextcloud o si deseas autenticarte contra una variable de ambiente. ", + "Use built-in SAML authentication" : "Usar autenticación SAML integrada", + "Use environment variable" : "Usar la variable de ambiente", + "General" : "General", + "Service Provider Data" : "Datos del Proveedor de Servicio", + "If your Service Provider should use certificates you can optionally specify them here." : "Si tu Proveedor de Servicio debe usar certificados, puedes especificarlos opcionalmente desde aquí.", + "Show Service Provider settings…" : "Mostrar las configuraciones de Proveedor de Servicio...", + "Identity Provider Data" : "Datos del Proveedor de Identidad", + "Configure your IdP settings here." : "Configura las configuraciones de IdP aquí. ", + "Identifier of the IdP entity (must be a URI)" : "Identificador de la entidad IdP (debe ser un URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "URL Destino del IdP donde el SP enviará automaticamente el Mensaje de Solicitud de Autenticación", + "Show optional Identity Provider settings…" : "Mostrar las configuraciones opcionales del Proveedor de Identidad...", + "URL Location of the IdP where the SP will send the SLO Request" : "Ubicación del URL del IdP donde el SP enviará la Solicitud SLO", + "Public X.509 certificate of the IdP" : "Certificado X.509 público del IdP", + "Attribute mapping" : "Mapeo del atributo", + "If you want to optionally map attributes to the user you can configure these here." : "SI opcionalmente quieres mapear los atributos del usuario, puedes configurarlos aquí.", + "Show attribute mapping settings…" : "Mostrar las configuraciones del mapeo de atributos...", + "Security settings" : "Configuraciones de seguridad", + "For increased security we recommend enabling the following settings if supported by your environment." : "Para mayor seguridad te recomendamos habilitar las siguientes configuraciones si están soportados en tu ambiente.", + "Show security settings…" : "Mostrar las configuraciones de seguridad...", + "Signatures and encryption offered" : "Firmas y encripción disponibles", + "Signatures and encryption required" : "Firmas y encripción requeridos", + "Download metadata XML" : "Descargar metadatos XML", + "Metadata invalid" : "Metadatos inválidos", + "Metadata valid" : "Metadatos válidos", + "Error" : "Error", + "Account not provisioned." : "La cuenta no está aprovisionada. ", + "Your account is not provisioned, access to this service is thus not possible." : "Tu cuenta no ha sido aprovisionada, por lo cual el acceso a este servico no es posible. " +}, +"nplurals=2; plural=(n != 1);"); diff --git a/docker/nextcloud/user_saml/l10n/es_PR.json b/docker/nextcloud/user_saml/l10n/es_PR.json new file mode 100755 index 0000000..d7b0780 --- /dev/null +++ b/docker/nextcloud/user_saml/l10n/es_PR.json @@ -0,0 +1,53 @@ +{ "translations": { + "Saved" : "Guardado", + "X.509 certificate of the Service Provider" : "certificado X.509 del Proveedor de Servicio", + "Private key of the Service Provider" : "Llave privada del Proveedor de Servicio", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Indica que el nameID de enviado por este SP será encriptado. ", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Indica si los mensajes enviados por este SP serán firmados. [Los metadatos del SP proporcionarán esta información]", + "Indicates whether the messages sent by this SP will be signed." : "Indica si los mensjaes enviados por este SP serán firmados. ", + "Indicates whether the messages sent by this SP will be signed." : "Indica is los mensajes enviados por este SP serán firmados. ", + "Whether the metadata should be signed." : "Si los metadatos deben ser firmados o no. ", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Indica un requerimiento para que los elementos recibidos , y por este SP sean firmados. ", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Indica un requerimiento para que los elementos recibidos de este SP sean firmados. [Los metadatos del SP proporcionarán esta información]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Indica un requerimiento para que los elelemtnos recibidos de este SP sean encriptados. ", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Indica un requerimiento para que el elemento NameID en la SAMLResponse recibida por este SP esté presente. ", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Indica que un requerimiento para el NameID recibido por este SP está encriptado.", + "Indicates if the SP will validate all received XML." : "Indica si el SP validará todos el XML recibido. ", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS URL-Codifica los datos SAML como minúsculas, y el juego de herramientas usa mayúsculas por defecto. Habilita para tener compatibilidad con ADFS en la verificación de la firma.", + "Attribute to map the UID to." : "Atributo a mapear al UID.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Sólo permitir la autenticación si la cuenta exite en algún otro backend. (p. ej. LDAP)", + "Attribute to map the displayname to." : "Atributo a mapear a displayname. ", + "Attribute to map the email address to." : "Atributo a mapear a email address.", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Por favor usa autenticación SAML para los %s clientes de escritorio (se requiere volver a autenticar)", + "SSO & SAML authentication" : "Autenticación SSO & SAML", + "Open documentation" : "Abrir documentación", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Por favor selecciona si deseas autenticarte usando el proveedor integrado SAML de Nextcloud o si deseas autenticarte contra una variable de ambiente. ", + "Use built-in SAML authentication" : "Usar autenticación SAML integrada", + "Use environment variable" : "Usar la variable de ambiente", + "General" : "General", + "Service Provider Data" : "Datos del Proveedor de Servicio", + "If your Service Provider should use certificates you can optionally specify them here." : "Si tu Proveedor de Servicio debe usar certificados, puedes especificarlos opcionalmente desde aquí.", + "Show Service Provider settings…" : "Mostrar las configuraciones de Proveedor de Servicio...", + "Identity Provider Data" : "Datos del Proveedor de Identidad", + "Configure your IdP settings here." : "Configura las configuraciones de IdP aquí. ", + "Identifier of the IdP entity (must be a URI)" : "Identificador de la entidad IdP (debe ser un URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "URL Destino del IdP donde el SP enviará automaticamente el Mensaje de Solicitud de Autenticación", + "Show optional Identity Provider settings…" : "Mostrar las configuraciones opcionales del Proveedor de Identidad...", + "URL Location of the IdP where the SP will send the SLO Request" : "Ubicación del URL del IdP donde el SP enviará la Solicitud SLO", + "Public X.509 certificate of the IdP" : "Certificado X.509 público del IdP", + "Attribute mapping" : "Mapeo del atributo", + "If you want to optionally map attributes to the user you can configure these here." : "SI opcionalmente quieres mapear los atributos del usuario, puedes configurarlos aquí.", + "Show attribute mapping settings…" : "Mostrar las configuraciones del mapeo de atributos...", + "Security settings" : "Configuraciones de seguridad", + "For increased security we recommend enabling the following settings if supported by your environment." : "Para mayor seguridad te recomendamos habilitar las siguientes configuraciones si están soportados en tu ambiente.", + "Show security settings…" : "Mostrar las configuraciones de seguridad...", + "Signatures and encryption offered" : "Firmas y encripción disponibles", + "Signatures and encryption required" : "Firmas y encripción requeridos", + "Download metadata XML" : "Descargar metadatos XML", + "Metadata invalid" : "Metadatos inválidos", + "Metadata valid" : "Metadatos válidos", + "Error" : "Error", + "Account not provisioned." : "La cuenta no está aprovisionada. ", + "Your account is not provisioned, access to this service is thus not possible." : "Tu cuenta no ha sido aprovisionada, por lo cual el acceso a este servico no es posible. " +},"pluralForm" :"nplurals=2; plural=(n != 1);" +} \ No newline at end of file diff --git a/docker/nextcloud/user_saml/l10n/es_PY.js b/docker/nextcloud/user_saml/l10n/es_PY.js new file mode 100755 index 0000000..1dd4add --- /dev/null +++ b/docker/nextcloud/user_saml/l10n/es_PY.js @@ -0,0 +1,55 @@ +OC.L10N.register( + "user_saml", + { + "Saved" : "Guardado", + "X.509 certificate of the Service Provider" : "certificado X.509 del Proveedor de Servicio", + "Private key of the Service Provider" : "Llave privada del Proveedor de Servicio", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Indica que el nameID de enviado por este SP será encriptado. ", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Indica si los mensajes enviados por este SP serán firmados. [Los metadatos del SP proporcionarán esta información]", + "Indicates whether the messages sent by this SP will be signed." : "Indica si los mensjaes enviados por este SP serán firmados. ", + "Indicates whether the messages sent by this SP will be signed." : "Indica is los mensajes enviados por este SP serán firmados. ", + "Whether the metadata should be signed." : "Si los metadatos deben ser firmados o no. ", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Indica un requerimiento para que los elementos recibidos , y por este SP sean firmados. ", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Indica un requerimiento para que los elementos recibidos de este SP sean firmados. [Los metadatos del SP proporcionarán esta información]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Indica un requerimiento para que los elelemtnos recibidos de este SP sean encriptados. ", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Indica un requerimiento para que el elemento NameID en la SAMLResponse recibida por este SP esté presente. ", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Indica que un requerimiento para el NameID recibido por este SP está encriptado.", + "Indicates if the SP will validate all received XML." : "Indica si el SP validará todos el XML recibido. ", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS URL-Codifica los datos SAML como minúsculas, y el juego de herramientas usa mayúsculas por defecto. Habilita para tener compatibilidad con ADFS en la verificación de la firma.", + "Attribute to map the UID to." : "Atributo a mapear al UID.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Sólo permitir la autenticación si la cuenta exite en algún otro backend. (p. ej. LDAP)", + "Attribute to map the displayname to." : "Atributo a mapear a displayname. ", + "Attribute to map the email address to." : "Atributo a mapear a email address.", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Por favor usa autenticación SAML para los %s clientes de escritorio (se requiere volver a autenticar)", + "SSO & SAML authentication" : "Autenticación SSO & SAML", + "Open documentation" : "Abrir documentación", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Por favor selecciona si deseas autenticarte usando el proveedor integrado SAML de Nextcloud o si deseas autenticarte contra una variable de ambiente. ", + "Use built-in SAML authentication" : "Usar autenticación SAML integrada", + "Use environment variable" : "Usar la variable de ambiente", + "General" : "General", + "Service Provider Data" : "Datos del Proveedor de Servicio", + "If your Service Provider should use certificates you can optionally specify them here." : "Si tu Proveedor de Servicio debe usar certificados, puedes especificarlos opcionalmente desde aquí.", + "Show Service Provider settings…" : "Mostrar las configuraciones de Proveedor de Servicio...", + "Identity Provider Data" : "Datos del Proveedor de Identidad", + "Configure your IdP settings here." : "Configura las configuraciones de IdP aquí. ", + "Identifier of the IdP entity (must be a URI)" : "Identificador de la entidad IdP (debe ser un URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "URL Destino del IdP donde el SP enviará automaticamente el Mensaje de Solicitud de Autenticación", + "Show optional Identity Provider settings…" : "Mostrar las configuraciones opcionales del Proveedor de Identidad...", + "URL Location of the IdP where the SP will send the SLO Request" : "Ubicación del URL del IdP donde el SP enviará la Solicitud SLO", + "Public X.509 certificate of the IdP" : "Certificado X.509 público del IdP", + "Attribute mapping" : "Mapeo del atributo", + "If you want to optionally map attributes to the user you can configure these here." : "SI opcionalmente quieres mapear los atributos del usuario, puedes configurarlos aquí.", + "Show attribute mapping settings…" : "Mostrar las configuraciones del mapeo de atributos...", + "Security settings" : "Configuraciones de seguridad", + "For increased security we recommend enabling the following settings if supported by your environment." : "Para mayor seguridad te recomendamos habilitar las siguientes configuraciones si están soportados en tu ambiente.", + "Show security settings…" : "Mostrar las configuraciones de seguridad...", + "Signatures and encryption offered" : "Firmas y encripción disponibles", + "Signatures and encryption required" : "Firmas y encripción requeridos", + "Download metadata XML" : "Descargar metadatos XML", + "Metadata invalid" : "Metadatos inválidos", + "Metadata valid" : "Metadatos válidos", + "Error" : "Error", + "Account not provisioned." : "La cuenta no está aprovisionada. ", + "Your account is not provisioned, access to this service is thus not possible." : "Tu cuenta no ha sido aprovisionada, por lo cual el acceso a este servico no es posible. " +}, +"nplurals=2; plural=(n != 1);"); diff --git a/docker/nextcloud/user_saml/l10n/es_PY.json b/docker/nextcloud/user_saml/l10n/es_PY.json new file mode 100755 index 0000000..d7b0780 --- /dev/null +++ b/docker/nextcloud/user_saml/l10n/es_PY.json @@ -0,0 +1,53 @@ +{ "translations": { + "Saved" : "Guardado", + "X.509 certificate of the Service Provider" : "certificado X.509 del Proveedor de Servicio", + "Private key of the Service Provider" : "Llave privada del Proveedor de Servicio", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Indica que el nameID de enviado por este SP será encriptado. ", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Indica si los mensajes enviados por este SP serán firmados. [Los metadatos del SP proporcionarán esta información]", + "Indicates whether the messages sent by this SP will be signed." : "Indica si los mensjaes enviados por este SP serán firmados. ", + "Indicates whether the messages sent by this SP will be signed." : "Indica is los mensajes enviados por este SP serán firmados. ", + "Whether the metadata should be signed." : "Si los metadatos deben ser firmados o no. ", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Indica un requerimiento para que los elementos recibidos , y por este SP sean firmados. ", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Indica un requerimiento para que los elementos recibidos de este SP sean firmados. [Los metadatos del SP proporcionarán esta información]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Indica un requerimiento para que los elelemtnos recibidos de este SP sean encriptados. ", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Indica un requerimiento para que el elemento NameID en la SAMLResponse recibida por este SP esté presente. ", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Indica que un requerimiento para el NameID recibido por este SP está encriptado.", + "Indicates if the SP will validate all received XML." : "Indica si el SP validará todos el XML recibido. ", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS URL-Codifica los datos SAML como minúsculas, y el juego de herramientas usa mayúsculas por defecto. Habilita para tener compatibilidad con ADFS en la verificación de la firma.", + "Attribute to map the UID to." : "Atributo a mapear al UID.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Sólo permitir la autenticación si la cuenta exite en algún otro backend. (p. ej. LDAP)", + "Attribute to map the displayname to." : "Atributo a mapear a displayname. ", + "Attribute to map the email address to." : "Atributo a mapear a email address.", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Por favor usa autenticación SAML para los %s clientes de escritorio (se requiere volver a autenticar)", + "SSO & SAML authentication" : "Autenticación SSO & SAML", + "Open documentation" : "Abrir documentación", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Por favor selecciona si deseas autenticarte usando el proveedor integrado SAML de Nextcloud o si deseas autenticarte contra una variable de ambiente. ", + "Use built-in SAML authentication" : "Usar autenticación SAML integrada", + "Use environment variable" : "Usar la variable de ambiente", + "General" : "General", + "Service Provider Data" : "Datos del Proveedor de Servicio", + "If your Service Provider should use certificates you can optionally specify them here." : "Si tu Proveedor de Servicio debe usar certificados, puedes especificarlos opcionalmente desde aquí.", + "Show Service Provider settings…" : "Mostrar las configuraciones de Proveedor de Servicio...", + "Identity Provider Data" : "Datos del Proveedor de Identidad", + "Configure your IdP settings here." : "Configura las configuraciones de IdP aquí. ", + "Identifier of the IdP entity (must be a URI)" : "Identificador de la entidad IdP (debe ser un URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "URL Destino del IdP donde el SP enviará automaticamente el Mensaje de Solicitud de Autenticación", + "Show optional Identity Provider settings…" : "Mostrar las configuraciones opcionales del Proveedor de Identidad...", + "URL Location of the IdP where the SP will send the SLO Request" : "Ubicación del URL del IdP donde el SP enviará la Solicitud SLO", + "Public X.509 certificate of the IdP" : "Certificado X.509 público del IdP", + "Attribute mapping" : "Mapeo del atributo", + "If you want to optionally map attributes to the user you can configure these here." : "SI opcionalmente quieres mapear los atributos del usuario, puedes configurarlos aquí.", + "Show attribute mapping settings…" : "Mostrar las configuraciones del mapeo de atributos...", + "Security settings" : "Configuraciones de seguridad", + "For increased security we recommend enabling the following settings if supported by your environment." : "Para mayor seguridad te recomendamos habilitar las siguientes configuraciones si están soportados en tu ambiente.", + "Show security settings…" : "Mostrar las configuraciones de seguridad...", + "Signatures and encryption offered" : "Firmas y encripción disponibles", + "Signatures and encryption required" : "Firmas y encripción requeridos", + "Download metadata XML" : "Descargar metadatos XML", + "Metadata invalid" : "Metadatos inválidos", + "Metadata valid" : "Metadatos válidos", + "Error" : "Error", + "Account not provisioned." : "La cuenta no está aprovisionada. ", + "Your account is not provisioned, access to this service is thus not possible." : "Tu cuenta no ha sido aprovisionada, por lo cual el acceso a este servico no es posible. " +},"pluralForm" :"nplurals=2; plural=(n != 1);" +} \ No newline at end of file diff --git a/docker/nextcloud/user_saml/l10n/es_SV.js b/docker/nextcloud/user_saml/l10n/es_SV.js new file mode 100755 index 0000000..8d68fca --- /dev/null +++ b/docker/nextcloud/user_saml/l10n/es_SV.js @@ -0,0 +1,63 @@ +OC.L10N.register( + "user_saml", + { + "This user account is disabled, please contact your administrator." : "Esta cuenta de usuario se encuentra deshabilitada, por favor contacta a tu administrador.", + "Saved" : "Guardado", + "Unknown error, please check the log file for more details." : "Error desonocido, por favor revisa el archivo de bitácora para más detalles.", + "Direct log in" : "Inicio de sesión directo", + "SSO & SAML log in" : "Inicio de sesión SSO & SAML", + "X.509 certificate of the Service Provider" : "certificado X.509 del Proveedor de Servicio", + "Private key of the Service Provider" : "Llave privada del Proveedor de Servicio", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Indica que el nameID de enviado por este SP será encriptado. ", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Indica si los mensajes enviados por este SP serán firmados. [Los metadatos del SP proporcionarán esta información]", + "Indicates whether the messages sent by this SP will be signed." : "Indica si los mensjaes enviados por este SP serán firmados. ", + "Indicates whether the messages sent by this SP will be signed." : "Indica is los mensajes enviados por este SP serán firmados. ", + "Whether the metadata should be signed." : "Si los metadatos deben ser firmados o no. ", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Indica un requerimiento para que los elementos recibidos , y por este SP sean firmados. ", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Indica un requerimiento para que los elementos recibidos de este SP sean firmados. [Los metadatos del SP proporcionarán esta información]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Indica un requerimiento para que los elelemtnos recibidos de este SP sean encriptados. ", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Indica un requerimiento para que el elemento NameID en la SAMLResponse recibida por este SP esté presente. ", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Indica que un requerimiento para el NameID recibido por este SP está encriptado.", + "Indicates if the SP will validate all received XML." : "Indica si el SP validará todos el XML recibido. ", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS URL-Codifica los datos SAML como minúsculas, y el juego de herramientas usa mayúsculas por defecto. Habilita para tener compatibilidad con ADFS en la verificación de la firma.", + "Attribute to map the UID to." : "Atributo a mapear al UID.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Sólo permitir la autenticación si la cuenta exite en algún otro backend. (p. ej. LDAP)", + "Attribute to map the displayname to." : "Atributo a mapear a displayname. ", + "Attribute to map the email address to." : "Atributo a mapear a email address.", + "Attribute to map the quota to." : "Atributo al cual mapear la cuota. ", + "Attribute to map the users groups to." : "Atributo de correspondiencia de grupos de usuarios.", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Por favor usa autenticación SAML para los %s clientes de escritorio (se requiere volver a autenticar)", + "Optional display name of the identity provider (default: \"SSO & SAML log in\")" : "Nombre a desplegar opcional de la identidad del proveedor (valor por omisión: \"Inicio de sesión SSO & SAML\")", + "Allow the use of multiple user back-ends (e.g. LDAP)" : "Permitir el uso de múltiples sistemas de back-end de usuario (p. ej. LDAP)", + "SSO & SAML authentication" : "Autenticación SSO & SAML", + "Open documentation" : "Abrir documentación", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Por favor selecciona si deseas autenticarte usando el proveedor integrado SAML de Nextcloud o si deseas autenticarte contra una variable de ambiente. ", + "Use built-in SAML authentication" : "Usar autenticación SAML integrada", + "Use environment variable" : "Usar la variable de ambiente", + "General" : "General", + "Service Provider Data" : "Datos del Proveedor de Servicio", + "If your Service Provider should use certificates you can optionally specify them here." : "Si tu Proveedor de Servicio debe usar certificados, puedes especificarlos opcionalmente desde aquí.", + "Show Service Provider settings…" : "Mostrar las configuraciones de Proveedor de Servicio...", + "Identity Provider Data" : "Datos del Proveedor de Identidad", + "Configure your IdP settings here." : "Configura las configuraciones de IdP aquí. ", + "Identifier of the IdP entity (must be a URI)" : "Identificador de la entidad IdP (debe ser un URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "URL Destino del IdP donde el SP enviará automaticamente el Mensaje de Solicitud de Autenticación", + "Show optional Identity Provider settings…" : "Mostrar las configuraciones opcionales del Proveedor de Identidad...", + "URL Location of the IdP where the SP will send the SLO Request" : "Ubicación del URL del IdP donde el SP enviará la Solicitud SLO", + "Public X.509 certificate of the IdP" : "Certificado X.509 público del IdP", + "Attribute mapping" : "Mapeo del atributo", + "If you want to optionally map attributes to the user you can configure these here." : "SI opcionalmente quieres mapear los atributos del usuario, puedes configurarlos aquí.", + "Show attribute mapping settings…" : "Mostrar las configuraciones del mapeo de atributos...", + "Security settings" : "Configuraciones de seguridad", + "For increased security we recommend enabling the following settings if supported by your environment." : "Para mayor seguridad te recomendamos habilitar las siguientes configuraciones si están soportados en tu ambiente.", + "Show security settings…" : "Mostrar las configuraciones de seguridad...", + "Signatures and encryption offered" : "Firmas y encripción disponibles", + "Signatures and encryption required" : "Firmas y encripción requeridos", + "Download metadata XML" : "Descargar metadatos XML", + "Metadata invalid" : "Metadatos inválidos", + "Metadata valid" : "Metadatos válidos", + "Error" : "Error", + "Account not provisioned." : "La cuenta no está aprovisionada. ", + "Your account is not provisioned, access to this service is thus not possible." : "Tu cuenta no ha sido aprovisionada, por lo cual el acceso a este servico no es posible. " +}, +"nplurals=2; plural=(n != 1);"); diff --git a/docker/nextcloud/user_saml/l10n/es_SV.json b/docker/nextcloud/user_saml/l10n/es_SV.json new file mode 100755 index 0000000..37aa268 --- /dev/null +++ b/docker/nextcloud/user_saml/l10n/es_SV.json @@ -0,0 +1,61 @@ +{ "translations": { + "This user account is disabled, please contact your administrator." : "Esta cuenta de usuario se encuentra deshabilitada, por favor contacta a tu administrador.", + "Saved" : "Guardado", + "Unknown error, please check the log file for more details." : "Error desonocido, por favor revisa el archivo de bitácora para más detalles.", + "Direct log in" : "Inicio de sesión directo", + "SSO & SAML log in" : "Inicio de sesión SSO & SAML", + "X.509 certificate of the Service Provider" : "certificado X.509 del Proveedor de Servicio", + "Private key of the Service Provider" : "Llave privada del Proveedor de Servicio", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Indica que el nameID de enviado por este SP será encriptado. ", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Indica si los mensajes enviados por este SP serán firmados. [Los metadatos del SP proporcionarán esta información]", + "Indicates whether the messages sent by this SP will be signed." : "Indica si los mensjaes enviados por este SP serán firmados. ", + "Indicates whether the messages sent by this SP will be signed." : "Indica is los mensajes enviados por este SP serán firmados. ", + "Whether the metadata should be signed." : "Si los metadatos deben ser firmados o no. ", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Indica un requerimiento para que los elementos recibidos , y por este SP sean firmados. ", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Indica un requerimiento para que los elementos recibidos de este SP sean firmados. [Los metadatos del SP proporcionarán esta información]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Indica un requerimiento para que los elelemtnos recibidos de este SP sean encriptados. ", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Indica un requerimiento para que el elemento NameID en la SAMLResponse recibida por este SP esté presente. ", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Indica que un requerimiento para el NameID recibido por este SP está encriptado.", + "Indicates if the SP will validate all received XML." : "Indica si el SP validará todos el XML recibido. ", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS URL-Codifica los datos SAML como minúsculas, y el juego de herramientas usa mayúsculas por defecto. Habilita para tener compatibilidad con ADFS en la verificación de la firma.", + "Attribute to map the UID to." : "Atributo a mapear al UID.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Sólo permitir la autenticación si la cuenta exite en algún otro backend. (p. ej. LDAP)", + "Attribute to map the displayname to." : "Atributo a mapear a displayname. ", + "Attribute to map the email address to." : "Atributo a mapear a email address.", + "Attribute to map the quota to." : "Atributo al cual mapear la cuota. ", + "Attribute to map the users groups to." : "Atributo de correspondiencia de grupos de usuarios.", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Por favor usa autenticación SAML para los %s clientes de escritorio (se requiere volver a autenticar)", + "Optional display name of the identity provider (default: \"SSO & SAML log in\")" : "Nombre a desplegar opcional de la identidad del proveedor (valor por omisión: \"Inicio de sesión SSO & SAML\")", + "Allow the use of multiple user back-ends (e.g. LDAP)" : "Permitir el uso de múltiples sistemas de back-end de usuario (p. ej. LDAP)", + "SSO & SAML authentication" : "Autenticación SSO & SAML", + "Open documentation" : "Abrir documentación", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Por favor selecciona si deseas autenticarte usando el proveedor integrado SAML de Nextcloud o si deseas autenticarte contra una variable de ambiente. ", + "Use built-in SAML authentication" : "Usar autenticación SAML integrada", + "Use environment variable" : "Usar la variable de ambiente", + "General" : "General", + "Service Provider Data" : "Datos del Proveedor de Servicio", + "If your Service Provider should use certificates you can optionally specify them here." : "Si tu Proveedor de Servicio debe usar certificados, puedes especificarlos opcionalmente desde aquí.", + "Show Service Provider settings…" : "Mostrar las configuraciones de Proveedor de Servicio...", + "Identity Provider Data" : "Datos del Proveedor de Identidad", + "Configure your IdP settings here." : "Configura las configuraciones de IdP aquí. ", + "Identifier of the IdP entity (must be a URI)" : "Identificador de la entidad IdP (debe ser un URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "URL Destino del IdP donde el SP enviará automaticamente el Mensaje de Solicitud de Autenticación", + "Show optional Identity Provider settings…" : "Mostrar las configuraciones opcionales del Proveedor de Identidad...", + "URL Location of the IdP where the SP will send the SLO Request" : "Ubicación del URL del IdP donde el SP enviará la Solicitud SLO", + "Public X.509 certificate of the IdP" : "Certificado X.509 público del IdP", + "Attribute mapping" : "Mapeo del atributo", + "If you want to optionally map attributes to the user you can configure these here." : "SI opcionalmente quieres mapear los atributos del usuario, puedes configurarlos aquí.", + "Show attribute mapping settings…" : "Mostrar las configuraciones del mapeo de atributos...", + "Security settings" : "Configuraciones de seguridad", + "For increased security we recommend enabling the following settings if supported by your environment." : "Para mayor seguridad te recomendamos habilitar las siguientes configuraciones si están soportados en tu ambiente.", + "Show security settings…" : "Mostrar las configuraciones de seguridad...", + "Signatures and encryption offered" : "Firmas y encripción disponibles", + "Signatures and encryption required" : "Firmas y encripción requeridos", + "Download metadata XML" : "Descargar metadatos XML", + "Metadata invalid" : "Metadatos inválidos", + "Metadata valid" : "Metadatos válidos", + "Error" : "Error", + "Account not provisioned." : "La cuenta no está aprovisionada. ", + "Your account is not provisioned, access to this service is thus not possible." : "Tu cuenta no ha sido aprovisionada, por lo cual el acceso a este servico no es posible. " +},"pluralForm" :"nplurals=2; plural=(n != 1);" +} \ No newline at end of file diff --git a/docker/nextcloud/user_saml/l10n/es_UY.js b/docker/nextcloud/user_saml/l10n/es_UY.js new file mode 100755 index 0000000..1dd4add --- /dev/null +++ b/docker/nextcloud/user_saml/l10n/es_UY.js @@ -0,0 +1,55 @@ +OC.L10N.register( + "user_saml", + { + "Saved" : "Guardado", + "X.509 certificate of the Service Provider" : "certificado X.509 del Proveedor de Servicio", + "Private key of the Service Provider" : "Llave privada del Proveedor de Servicio", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Indica que el nameID de enviado por este SP será encriptado. ", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Indica si los mensajes enviados por este SP serán firmados. [Los metadatos del SP proporcionarán esta información]", + "Indicates whether the messages sent by this SP will be signed." : "Indica si los mensjaes enviados por este SP serán firmados. ", + "Indicates whether the messages sent by this SP will be signed." : "Indica is los mensajes enviados por este SP serán firmados. ", + "Whether the metadata should be signed." : "Si los metadatos deben ser firmados o no. ", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Indica un requerimiento para que los elementos recibidos , y por este SP sean firmados. ", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Indica un requerimiento para que los elementos recibidos de este SP sean firmados. [Los metadatos del SP proporcionarán esta información]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Indica un requerimiento para que los elelemtnos recibidos de este SP sean encriptados. ", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Indica un requerimiento para que el elemento NameID en la SAMLResponse recibida por este SP esté presente. ", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Indica que un requerimiento para el NameID recibido por este SP está encriptado.", + "Indicates if the SP will validate all received XML." : "Indica si el SP validará todos el XML recibido. ", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS URL-Codifica los datos SAML como minúsculas, y el juego de herramientas usa mayúsculas por defecto. Habilita para tener compatibilidad con ADFS en la verificación de la firma.", + "Attribute to map the UID to." : "Atributo a mapear al UID.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Sólo permitir la autenticación si la cuenta exite en algún otro backend. (p. ej. LDAP)", + "Attribute to map the displayname to." : "Atributo a mapear a displayname. ", + "Attribute to map the email address to." : "Atributo a mapear a email address.", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Por favor usa autenticación SAML para los %s clientes de escritorio (se requiere volver a autenticar)", + "SSO & SAML authentication" : "Autenticación SSO & SAML", + "Open documentation" : "Abrir documentación", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Por favor selecciona si deseas autenticarte usando el proveedor integrado SAML de Nextcloud o si deseas autenticarte contra una variable de ambiente. ", + "Use built-in SAML authentication" : "Usar autenticación SAML integrada", + "Use environment variable" : "Usar la variable de ambiente", + "General" : "General", + "Service Provider Data" : "Datos del Proveedor de Servicio", + "If your Service Provider should use certificates you can optionally specify them here." : "Si tu Proveedor de Servicio debe usar certificados, puedes especificarlos opcionalmente desde aquí.", + "Show Service Provider settings…" : "Mostrar las configuraciones de Proveedor de Servicio...", + "Identity Provider Data" : "Datos del Proveedor de Identidad", + "Configure your IdP settings here." : "Configura las configuraciones de IdP aquí. ", + "Identifier of the IdP entity (must be a URI)" : "Identificador de la entidad IdP (debe ser un URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "URL Destino del IdP donde el SP enviará automaticamente el Mensaje de Solicitud de Autenticación", + "Show optional Identity Provider settings…" : "Mostrar las configuraciones opcionales del Proveedor de Identidad...", + "URL Location of the IdP where the SP will send the SLO Request" : "Ubicación del URL del IdP donde el SP enviará la Solicitud SLO", + "Public X.509 certificate of the IdP" : "Certificado X.509 público del IdP", + "Attribute mapping" : "Mapeo del atributo", + "If you want to optionally map attributes to the user you can configure these here." : "SI opcionalmente quieres mapear los atributos del usuario, puedes configurarlos aquí.", + "Show attribute mapping settings…" : "Mostrar las configuraciones del mapeo de atributos...", + "Security settings" : "Configuraciones de seguridad", + "For increased security we recommend enabling the following settings if supported by your environment." : "Para mayor seguridad te recomendamos habilitar las siguientes configuraciones si están soportados en tu ambiente.", + "Show security settings…" : "Mostrar las configuraciones de seguridad...", + "Signatures and encryption offered" : "Firmas y encripción disponibles", + "Signatures and encryption required" : "Firmas y encripción requeridos", + "Download metadata XML" : "Descargar metadatos XML", + "Metadata invalid" : "Metadatos inválidos", + "Metadata valid" : "Metadatos válidos", + "Error" : "Error", + "Account not provisioned." : "La cuenta no está aprovisionada. ", + "Your account is not provisioned, access to this service is thus not possible." : "Tu cuenta no ha sido aprovisionada, por lo cual el acceso a este servico no es posible. " +}, +"nplurals=2; plural=(n != 1);"); diff --git a/docker/nextcloud/user_saml/l10n/es_UY.json b/docker/nextcloud/user_saml/l10n/es_UY.json new file mode 100755 index 0000000..d7b0780 --- /dev/null +++ b/docker/nextcloud/user_saml/l10n/es_UY.json @@ -0,0 +1,53 @@ +{ "translations": { + "Saved" : "Guardado", + "X.509 certificate of the Service Provider" : "certificado X.509 del Proveedor de Servicio", + "Private key of the Service Provider" : "Llave privada del Proveedor de Servicio", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Indica que el nameID de enviado por este SP será encriptado. ", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Indica si los mensajes enviados por este SP serán firmados. [Los metadatos del SP proporcionarán esta información]", + "Indicates whether the messages sent by this SP will be signed." : "Indica si los mensjaes enviados por este SP serán firmados. ", + "Indicates whether the messages sent by this SP will be signed." : "Indica is los mensajes enviados por este SP serán firmados. ", + "Whether the metadata should be signed." : "Si los metadatos deben ser firmados o no. ", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Indica un requerimiento para que los elementos recibidos , y por este SP sean firmados. ", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Indica un requerimiento para que los elementos recibidos de este SP sean firmados. [Los metadatos del SP proporcionarán esta información]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Indica un requerimiento para que los elelemtnos recibidos de este SP sean encriptados. ", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Indica un requerimiento para que el elemento NameID en la SAMLResponse recibida por este SP esté presente. ", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Indica que un requerimiento para el NameID recibido por este SP está encriptado.", + "Indicates if the SP will validate all received XML." : "Indica si el SP validará todos el XML recibido. ", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS URL-Codifica los datos SAML como minúsculas, y el juego de herramientas usa mayúsculas por defecto. Habilita para tener compatibilidad con ADFS en la verificación de la firma.", + "Attribute to map the UID to." : "Atributo a mapear al UID.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Sólo permitir la autenticación si la cuenta exite en algún otro backend. (p. ej. LDAP)", + "Attribute to map the displayname to." : "Atributo a mapear a displayname. ", + "Attribute to map the email address to." : "Atributo a mapear a email address.", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Por favor usa autenticación SAML para los %s clientes de escritorio (se requiere volver a autenticar)", + "SSO & SAML authentication" : "Autenticación SSO & SAML", + "Open documentation" : "Abrir documentación", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Por favor selecciona si deseas autenticarte usando el proveedor integrado SAML de Nextcloud o si deseas autenticarte contra una variable de ambiente. ", + "Use built-in SAML authentication" : "Usar autenticación SAML integrada", + "Use environment variable" : "Usar la variable de ambiente", + "General" : "General", + "Service Provider Data" : "Datos del Proveedor de Servicio", + "If your Service Provider should use certificates you can optionally specify them here." : "Si tu Proveedor de Servicio debe usar certificados, puedes especificarlos opcionalmente desde aquí.", + "Show Service Provider settings…" : "Mostrar las configuraciones de Proveedor de Servicio...", + "Identity Provider Data" : "Datos del Proveedor de Identidad", + "Configure your IdP settings here." : "Configura las configuraciones de IdP aquí. ", + "Identifier of the IdP entity (must be a URI)" : "Identificador de la entidad IdP (debe ser un URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "URL Destino del IdP donde el SP enviará automaticamente el Mensaje de Solicitud de Autenticación", + "Show optional Identity Provider settings…" : "Mostrar las configuraciones opcionales del Proveedor de Identidad...", + "URL Location of the IdP where the SP will send the SLO Request" : "Ubicación del URL del IdP donde el SP enviará la Solicitud SLO", + "Public X.509 certificate of the IdP" : "Certificado X.509 público del IdP", + "Attribute mapping" : "Mapeo del atributo", + "If you want to optionally map attributes to the user you can configure these here." : "SI opcionalmente quieres mapear los atributos del usuario, puedes configurarlos aquí.", + "Show attribute mapping settings…" : "Mostrar las configuraciones del mapeo de atributos...", + "Security settings" : "Configuraciones de seguridad", + "For increased security we recommend enabling the following settings if supported by your environment." : "Para mayor seguridad te recomendamos habilitar las siguientes configuraciones si están soportados en tu ambiente.", + "Show security settings…" : "Mostrar las configuraciones de seguridad...", + "Signatures and encryption offered" : "Firmas y encripción disponibles", + "Signatures and encryption required" : "Firmas y encripción requeridos", + "Download metadata XML" : "Descargar metadatos XML", + "Metadata invalid" : "Metadatos inválidos", + "Metadata valid" : "Metadatos válidos", + "Error" : "Error", + "Account not provisioned." : "La cuenta no está aprovisionada. ", + "Your account is not provisioned, access to this service is thus not possible." : "Tu cuenta no ha sido aprovisionada, por lo cual el acceso a este servico no es posible. " +},"pluralForm" :"nplurals=2; plural=(n != 1);" +} \ No newline at end of file diff --git a/docker/nextcloud/user_saml/l10n/et_EE.js b/docker/nextcloud/user_saml/l10n/et_EE.js new file mode 100755 index 0000000..33d3f20 --- /dev/null +++ b/docker/nextcloud/user_saml/l10n/et_EE.js @@ -0,0 +1,16 @@ +OC.L10N.register( + "user_saml", + { + "Saved" : "Salvestatud", + "X.509 certificate of the Service Provider" : "Teenusepakkuja X.509 sertifikaat", + "Private key of the Service Provider" : "Teenusepakkuja privaatvõti", + "SSO & SAML authentication" : "SSO & SAML autentimine", + "Open documentation" : "Ava dokumentatsioon", + "Use built-in SAML authentication" : "Kasuta sisse-ehitatud SAML autentimist", + "Use environment variable" : "Kasuta keskonnamuutujat", + "General" : "Üldine", + "Service Provider Data" : "Teenusepakkuja andmed", + "Security settings" : "Turvaseaded", + "Error" : "Viga" +}, +"nplurals=2; plural=(n != 1);"); diff --git a/docker/nextcloud/user_saml/l10n/et_EE.json b/docker/nextcloud/user_saml/l10n/et_EE.json new file mode 100755 index 0000000..53ce63c --- /dev/null +++ b/docker/nextcloud/user_saml/l10n/et_EE.json @@ -0,0 +1,14 @@ +{ "translations": { + "Saved" : "Salvestatud", + "X.509 certificate of the Service Provider" : "Teenusepakkuja X.509 sertifikaat", + "Private key of the Service Provider" : "Teenusepakkuja privaatvõti", + "SSO & SAML authentication" : "SSO & SAML autentimine", + "Open documentation" : "Ava dokumentatsioon", + "Use built-in SAML authentication" : "Kasuta sisse-ehitatud SAML autentimist", + "Use environment variable" : "Kasuta keskonnamuutujat", + "General" : "Üldine", + "Service Provider Data" : "Teenusepakkuja andmed", + "Security settings" : "Turvaseaded", + "Error" : "Viga" +},"pluralForm" :"nplurals=2; plural=(n != 1);" +} \ No newline at end of file diff --git a/docker/nextcloud/user_saml/l10n/eu.js b/docker/nextcloud/user_saml/l10n/eu.js new file mode 100755 index 0000000..ec225c0 --- /dev/null +++ b/docker/nextcloud/user_saml/l10n/eu.js @@ -0,0 +1,56 @@ +OC.L10N.register( + "user_saml", + { + "This user account is disabled, please contact your administrator." : "Erabiltzaile-kontu hau desgaitua dago, mesedez, jarri harremanetan administratzailearekin", + "Saved" : "Gordeta", + "Provider" : "Hornitzailea", + "Unknown error, please check the log file for more details." : "Errore ezezaguna, mesedez egiaztatu egunkari fitxategia xehetasun gehiagorako.", + "Direct log in" : "Saio-hasiera zuzena", + "SSO & SAML log in" : "SSO eta SAML saio-hasiera", + "Provider " : "Hornitzailea", + "X.509 certificate of the Service Provider" : "Zerbitzu-hornitzailearen X.509 ziurtagiria", + "Private key of the Service Provider" : "Zerbitzu-hornitzaileraren gako pribatua", + "Indicates that the nameID of the sent by this SP will be encrypted." : "SP honek bidalitako nameID enkriptatuta egongo dela adierazten du.", + "Indicates whether the messages sent by this SP will be signed." : "SP honek bidalitako mezuak sinatu behar diren ala ez adierazten du.", + "Indicates whether the messages sent by this SP will be signed." : "SP honek bidalitako mezuak sinatu behar diren ala ez adierazten du.", + "Whether the metadata should be signed." : "Metadatuek sinatuta egon behar duten ala ez.", + "Email address" : "Posta helbidea", + "Encrypted" : "Zifratua", + "Entity" : "Entitatea", + "Kerberos" : "Kerberos", + "Persistent" : "Iraunkorra", + "Transient" : "Behin-behinekoa", + "Unspecified" : "Zehaztu gabea", + "X509 subject name" : "X509 gaia", + "Allow the use of multiple user back-ends (e.g. LDAP)" : "Baimendu erabiltzaile atzealde anitzen erabilpena (adib. LDAP)", + "SSO & SAML authentication" : "SSO eta SAML autentifikazioa", + "Open documentation" : "Ireki dokumentazioa", + "Use environment variable" : "Erabili inguruneko aldagaia", + "Global settings" : "Ezarpen orokorrak", + "Remove identity provider" : "Kendu identitate hornitzailea", + "Add identity provider" : "Gehitu identitate hornitzailea", + "General" : "Orokorra", + "Service Provider Data" : "Zerbitzu-hornitzailearen datuak", + "Show Service Provider settings…" : "Erakutsi zerbitzu hornitzailearen ezarpenak...", + "Identity Provider Data" : "Identitate-hornitzailearen datuak", + "Configure your IdP settings here." : "Konfiguratu zure IdP ezarpenak hemen.", + "Show optional Identity Provider settings…" : "Erakutsi identitate-hornitzailearen aukerako ezarpenak...", + "Public X.509 certificate of the IdP" : "IdP-aren X.509 ziurtagiri publikoa", + "Attribute mapping" : "Atributuen esleitzea", + "Show attribute mapping settings…" : "Erakutsi atributuen esleitze ezarpenak...", + "Security settings" : "Segurtasun ezarpenak", + "For increased security we recommend enabling the following settings if supported by your environment." : "Segurtasun gehiago izateko, gaitu honako ezarpenak, zure inguruneak onartzen baidtu.", + "Show security settings…" : "Erakutsi segurtasun ezarpenak", + "Signatures and encryption offered" : "Sinadurak eta zifratzea eskaini dira", + "Signatures and encryption required" : "Sinadurak eta zifratzea derrigorrezkoak dira", + "Download metadata XML" : "Deskargatu metadatuen XMLa", + "Reset settings" : "Leheneratu ezarpenak", + "Metadata invalid" : "Baliogabeko metadatuak", + "Metadata valid" : "Baliozko metadatuak", + "Error" : "Errorea", + "Account not provisioned." : "Kontua ez dago hornituta.", + "Your account is not provisioned, access to this service is thus not possible." : "Zure kontua ez dago hornituta. Zerbitzu honetara sarbidea, ondorioz, ez da posiblea.", + "Login options:" : "Saio-hasiera aukerak:", + "Choose a authentication provider" : "Aukeratu autentifikazio-hornitzailea" +}, +"nplurals=2; plural=(n != 1);"); diff --git a/docker/nextcloud/user_saml/l10n/eu.json b/docker/nextcloud/user_saml/l10n/eu.json new file mode 100755 index 0000000..5c68397 --- /dev/null +++ b/docker/nextcloud/user_saml/l10n/eu.json @@ -0,0 +1,54 @@ +{ "translations": { + "This user account is disabled, please contact your administrator." : "Erabiltzaile-kontu hau desgaitua dago, mesedez, jarri harremanetan administratzailearekin", + "Saved" : "Gordeta", + "Provider" : "Hornitzailea", + "Unknown error, please check the log file for more details." : "Errore ezezaguna, mesedez egiaztatu egunkari fitxategia xehetasun gehiagorako.", + "Direct log in" : "Saio-hasiera zuzena", + "SSO & SAML log in" : "SSO eta SAML saio-hasiera", + "Provider " : "Hornitzailea", + "X.509 certificate of the Service Provider" : "Zerbitzu-hornitzailearen X.509 ziurtagiria", + "Private key of the Service Provider" : "Zerbitzu-hornitzaileraren gako pribatua", + "Indicates that the nameID of the sent by this SP will be encrypted." : "SP honek bidalitako nameID enkriptatuta egongo dela adierazten du.", + "Indicates whether the messages sent by this SP will be signed." : "SP honek bidalitako mezuak sinatu behar diren ala ez adierazten du.", + "Indicates whether the messages sent by this SP will be signed." : "SP honek bidalitako mezuak sinatu behar diren ala ez adierazten du.", + "Whether the metadata should be signed." : "Metadatuek sinatuta egon behar duten ala ez.", + "Email address" : "Posta helbidea", + "Encrypted" : "Zifratua", + "Entity" : "Entitatea", + "Kerberos" : "Kerberos", + "Persistent" : "Iraunkorra", + "Transient" : "Behin-behinekoa", + "Unspecified" : "Zehaztu gabea", + "X509 subject name" : "X509 gaia", + "Allow the use of multiple user back-ends (e.g. LDAP)" : "Baimendu erabiltzaile atzealde anitzen erabilpena (adib. LDAP)", + "SSO & SAML authentication" : "SSO eta SAML autentifikazioa", + "Open documentation" : "Ireki dokumentazioa", + "Use environment variable" : "Erabili inguruneko aldagaia", + "Global settings" : "Ezarpen orokorrak", + "Remove identity provider" : "Kendu identitate hornitzailea", + "Add identity provider" : "Gehitu identitate hornitzailea", + "General" : "Orokorra", + "Service Provider Data" : "Zerbitzu-hornitzailearen datuak", + "Show Service Provider settings…" : "Erakutsi zerbitzu hornitzailearen ezarpenak...", + "Identity Provider Data" : "Identitate-hornitzailearen datuak", + "Configure your IdP settings here." : "Konfiguratu zure IdP ezarpenak hemen.", + "Show optional Identity Provider settings…" : "Erakutsi identitate-hornitzailearen aukerako ezarpenak...", + "Public X.509 certificate of the IdP" : "IdP-aren X.509 ziurtagiri publikoa", + "Attribute mapping" : "Atributuen esleitzea", + "Show attribute mapping settings…" : "Erakutsi atributuen esleitze ezarpenak...", + "Security settings" : "Segurtasun ezarpenak", + "For increased security we recommend enabling the following settings if supported by your environment." : "Segurtasun gehiago izateko, gaitu honako ezarpenak, zure inguruneak onartzen baidtu.", + "Show security settings…" : "Erakutsi segurtasun ezarpenak", + "Signatures and encryption offered" : "Sinadurak eta zifratzea eskaini dira", + "Signatures and encryption required" : "Sinadurak eta zifratzea derrigorrezkoak dira", + "Download metadata XML" : "Deskargatu metadatuen XMLa", + "Reset settings" : "Leheneratu ezarpenak", + "Metadata invalid" : "Baliogabeko metadatuak", + "Metadata valid" : "Baliozko metadatuak", + "Error" : "Errorea", + "Account not provisioned." : "Kontua ez dago hornituta.", + "Your account is not provisioned, access to this service is thus not possible." : "Zure kontua ez dago hornituta. Zerbitzu honetara sarbidea, ondorioz, ez da posiblea.", + "Login options:" : "Saio-hasiera aukerak:", + "Choose a authentication provider" : "Aukeratu autentifikazio-hornitzailea" +},"pluralForm" :"nplurals=2; plural=(n != 1);" +} \ No newline at end of file diff --git a/docker/nextcloud/user_saml/l10n/fa.js b/docker/nextcloud/user_saml/l10n/fa.js new file mode 100755 index 0000000..ec69236 --- /dev/null +++ b/docker/nextcloud/user_saml/l10n/fa.js @@ -0,0 +1,21 @@ +OC.L10N.register( + "user_saml", + { + "This user account is disabled, please contact your administrator." : "این حساب کاربری غیرفعال شده ، لطفاً با مدیر خود تماس بگیرید.", + "Saved" : "ذخیره شد", + "Provider" : "تامین کننده", + "Unknown error, please check the log file for more details." : "خطای ناشناخته ، لطفاً پرونده ورود را برای جزئیات بیشتر بررسی کنید.", + "Direct log in" : "جزئیات ورود", + "SSO & SAML log in" : " SSO و SAMLورود ", + "This page should not be visited directly." : "این صفحه نباید مستقیماً بازدید شود.", + "Provider " : "تامیین کننده", + "X.509 certificate of the Service Provider" : "گواهینامه X.509 ارائه دهنده خدمات", + "Private key of the Service Provider" : "کلید خصوصی ارائه دهنده خدمات", + "Indicates that the nameID of the sent by this SP will be encrypted." : "نشان می دهد که نامID از ارسال شده توسط این SP رمزگذاری می شود.", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "نشان می دهد که آیا پیام های ارسال شده توسط این SP امضا خواهد شد. [ابرداده SP این اطلاعات را ارائه می دهد]", + "Email address" : "آدرس ایمیل", + "Open documentation" : "مستندات باز", + "General" : "عمومی", + "Error" : "خطا" +}, +"nplurals=2; plural=(n > 1);"); diff --git a/docker/nextcloud/user_saml/l10n/fa.json b/docker/nextcloud/user_saml/l10n/fa.json new file mode 100755 index 0000000..99181e7 --- /dev/null +++ b/docker/nextcloud/user_saml/l10n/fa.json @@ -0,0 +1,19 @@ +{ "translations": { + "This user account is disabled, please contact your administrator." : "این حساب کاربری غیرفعال شده ، لطفاً با مدیر خود تماس بگیرید.", + "Saved" : "ذخیره شد", + "Provider" : "تامین کننده", + "Unknown error, please check the log file for more details." : "خطای ناشناخته ، لطفاً پرونده ورود را برای جزئیات بیشتر بررسی کنید.", + "Direct log in" : "جزئیات ورود", + "SSO & SAML log in" : " SSO و SAMLورود ", + "This page should not be visited directly." : "این صفحه نباید مستقیماً بازدید شود.", + "Provider " : "تامیین کننده", + "X.509 certificate of the Service Provider" : "گواهینامه X.509 ارائه دهنده خدمات", + "Private key of the Service Provider" : "کلید خصوصی ارائه دهنده خدمات", + "Indicates that the nameID of the sent by this SP will be encrypted." : "نشان می دهد که نامID از ارسال شده توسط این SP رمزگذاری می شود.", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "نشان می دهد که آیا پیام های ارسال شده توسط این SP امضا خواهد شد. [ابرداده SP این اطلاعات را ارائه می دهد]", + "Email address" : "آدرس ایمیل", + "Open documentation" : "مستندات باز", + "General" : "عمومی", + "Error" : "خطا" +},"pluralForm" :"nplurals=2; plural=(n > 1);" +} \ No newline at end of file diff --git a/docker/nextcloud/user_saml/l10n/fi.js b/docker/nextcloud/user_saml/l10n/fi.js new file mode 100755 index 0000000..b9226a7 --- /dev/null +++ b/docker/nextcloud/user_saml/l10n/fi.js @@ -0,0 +1,21 @@ +OC.L10N.register( + "user_saml", + { + "This user account is disabled, please contact your administrator." : "Tämä käyttäjätili ei ole käytössä. Ota yhteys ylläpitoon.", + "Saved" : "Tallennettu", + "Direct log in" : "Suora kirjautuminen", + "SSO & SAML log in" : "SSO- ja SAML-kirjautuminen", + "X.509 certificate of the Service Provider" : "Palveluntarjoajan X.509-varmenne", + "Private key of the Service Provider" : "Palveluntarjoajan yksityinen avain", + "Email address" : "Sähköpostiosoite", + "SSO & SAML authentication" : "SSO- ja SAML-tunnistautuminen", + "Open documentation" : "Avaa dokumentaatio", + "Use built-in SAML authentication" : "Käytä sisäänrakennettua SAML-tunnistautumista", + "Use environment variable" : "Käytä ympäristömuuttujaa", + "General" : "Yleiset", + "Show Service Provider settings…" : "Näytä palveluntarjoajan asetukset…", + "Security settings" : "Turvallisuusasetukset", + "Show security settings…" : "Näytä turvallisuusasetukset…", + "Error" : "Virhe" +}, +"nplurals=2; plural=(n != 1);"); diff --git a/docker/nextcloud/user_saml/l10n/fi.json b/docker/nextcloud/user_saml/l10n/fi.json new file mode 100755 index 0000000..87ade41 --- /dev/null +++ b/docker/nextcloud/user_saml/l10n/fi.json @@ -0,0 +1,19 @@ +{ "translations": { + "This user account is disabled, please contact your administrator." : "Tämä käyttäjätili ei ole käytössä. Ota yhteys ylläpitoon.", + "Saved" : "Tallennettu", + "Direct log in" : "Suora kirjautuminen", + "SSO & SAML log in" : "SSO- ja SAML-kirjautuminen", + "X.509 certificate of the Service Provider" : "Palveluntarjoajan X.509-varmenne", + "Private key of the Service Provider" : "Palveluntarjoajan yksityinen avain", + "Email address" : "Sähköpostiosoite", + "SSO & SAML authentication" : "SSO- ja SAML-tunnistautuminen", + "Open documentation" : "Avaa dokumentaatio", + "Use built-in SAML authentication" : "Käytä sisäänrakennettua SAML-tunnistautumista", + "Use environment variable" : "Käytä ympäristömuuttujaa", + "General" : "Yleiset", + "Show Service Provider settings…" : "Näytä palveluntarjoajan asetukset…", + "Security settings" : "Turvallisuusasetukset", + "Show security settings…" : "Näytä turvallisuusasetukset…", + "Error" : "Virhe" +},"pluralForm" :"nplurals=2; plural=(n != 1);" +} \ No newline at end of file diff --git a/docker/nextcloud/user_saml/l10n/fr.js b/docker/nextcloud/user_saml/l10n/fr.js new file mode 100755 index 0000000..b0a90b6 --- /dev/null +++ b/docker/nextcloud/user_saml/l10n/fr.js @@ -0,0 +1,89 @@ +OC.L10N.register( + "user_saml", + { + "This user account is disabled, please contact your administrator." : "Ce compte utilisateur est désactivé, veuillez contacter votre administrateur.", + "Saved" : "Sauvegardé", + "Provider" : "Fournisseur", + "Unknown error, please check the log file for more details." : "Erreur inconnue, veuillez vérifier le fichier journal pour plus de détails.", + "Direct log in" : "Connexion directe", + "SSO & SAML log in" : "Connexion SSO & SAML", + "This page should not be visited directly." : "Cette page ne devrait pas être accessible directement.", + "Provider " : "Fournisseur", + "X.509 certificate of the Service Provider" : "Certificat X.509 du fournisseur de service", + "Private key of the Service Provider" : "Clé privée du fournisseur de service", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Indique que le \"nameID\" de envoyé par ce SP sera chiffré.", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Indique que le de messages envoyé par SP va être signé. [Métadonnée du SP va donner cette info]", + "Indicates whether the messages sent by this SP will be signed." : "Indique si le message envoyé par ce SP sera signé.", + "Indicates whether the messages sent by this SP will be signed." : "Indique si le message envoyé par ce SP sera signé.", + "Whether the metadata should be signed." : "Si les méta-données peuvent-être signées.", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Indique que les éléments , et reçus par ce SP doivent être signés.", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Indique que les éléments reçus par ce SP doivent être signés.[Méta-données du SP offrent cette info]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Indique que les éléments reçus par ce SP doivent être chiffrés.", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Indique que l'élément NameID sur la réponse SAML reçu par ce SP doit être présent.", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Indique que l'élément NameID sur la réponse SAML reçu par ce SP doit être chiffré.", + "Indicates if the SP will validate all received XML." : "Indique si le SP validera tous les XML reçus.", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS encode les données du lien SAML en lettre minuscule alors que la boîte à outil utilise par défaut les lettres majuscules. Activez la compatibilité ADFS pour la vérification de la signature.", + "Algorithm that the toolkit will use on signing process." : "Algorithme que la boîte à outils utilisera lors du processus de signature.", + "Attribute to map the UID to." : "Attribut pour relier l'UID.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Ne permettre l'authentification d'un compte que s'il existe sur un autre système d'authentification. (ex : LDAP)", + "Attribute to map the displayname to." : "Attribut pour relier le nom d'utilisateur.", + "Attribute to map the email address to." : "Attribut pour relier l'adresse mail.", + "Attribute to map the quota to." : "Attribut pour relier le quota.", + "Attribute to map the users groups to." : "Attribut pour relier les groupes d'utilisateurs.", + "Attribute to map the users home to." : "Attribut pour relier le domicile des utilisateurs.", + "Email address" : "Adresse e-mail", + "Encrypted" : "Chiffré", + "Entity" : "Entité", + "Kerberos" : "Kerberos", + "Persistent" : "Persistant", + "Transient" : "En transit", + "Unspecified" : "Non spécifié", + "Windows domain qualified name" : "Nom de domaine Windows", + "X509 subject name" : "Nom du sujet X509", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Utiliser l'authentification SAML pour le client bureau de %s (requiert une ré-authentification de l'utilisateur)", + "Optional display name of the identity provider (default: \"SSO & SAML log in\")" : "Nom d'affichage facultatif du fournisseur d'identité (par défaut : \"Connexion SSO & SAML\")", + "Allow the use of multiple user back-ends (e.g. LDAP)" : "Autoriser l'utilisation de plusieurs systèmes d'authentification (ex: LDAP)", + "SSO & SAML authentication" : "Authentification SSO & SAML", + "Authenticate using single sign-on" : "Authentification SSO", + "Using the SSO & SAML app of your Nextcloud you can make it easily possible to integrate your existing Single-Sign-On solution with Nextcloud. In addition, you can use the Nextcloud LDAP user provider to keep the convenience for users. (e.g. when sharing)\nThe following providers are supported and tested at the moment:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Authentication via Environment Variable**\n\t* Kerberos (mod_auth_kerb)\n\t* Any other provider that authenticates using the environment variable\n\nWhile theoretically any other authentication provider implementing either one of those standards is compatible, we like to note that they are not part of any internal test matrix." : "\tEn utilisant l'application SSO & SAML de votre Nextcloud, vous pouvez facilement intégrer votre solution Single-Sign-On existante avec Nextcloud. En outre, vous pouvez utiliser le fournisseur d'utilisateurs LDAP Nextcloud pour conserver une meilleur simplicité pour les utilisateurs. (par exemple quand ils partageant)\nPour le moment, seuls les fournisseurs suivants sont testés et pris en charge. \n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Authentification via une variable d'environnement\n\t* Kerberos (mod_auth_kerb)\n\tTout autre fournisseur qui s'authentifie à l'aide d'une variable d'environnement\n\nBien que théoriquement, tout autre fournisseur d'authentification mettant en œuvre l'une ou l'autre de ces normes soit compatible, veuillez noter que leur compatibilité n'est pas garantie, car ils ne sont pas tester par nos équipes.", + "Open documentation" : "Voir la documentation", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you enabled \"%s\" or you go directly to the URL %s." : "Assurez-vous de configurer un utilisateur administratif qui peut accéder à l'instance par SSO. La connexion avec votre compte habituel %s ne sera plus possible, à moins que vous activiez \"%s\" ou que vous alliez directement à l'adresse URL %s.", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you go directly to the URL %s." : "Assurez-vous de configurer un utilisateur administratif qui peut accéder à l'instance par SSO. La connexion avec votre compte habituel %s ne sera plus possible, à moins que vous alliez directement à l'adresse URL %s.", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Veuillez choisir si vous voulez vous authentifier en utilisant le fournisseur SAML intégré à Nextcloud ou si vous voulez vous authentifier avec une variable d'environnement.", + "Use built-in SAML authentication" : "Utiliser l'authentification SAML intégrée", + "Use environment variable" : "Utiliser une variable d’environnement", + "Global settings" : "Paramètres généraux", + "Remove identity provider" : "Supprimer le fournisseur d'identité", + "Add identity provider" : "Ajouter le fournisseur d'identité", + "General" : "Général", + "Service Provider Data" : "Service du Fournisseur de Données", + "If your Service Provider should use certificates you can optionally specify them here." : "Si votre fournisseur de service utilise des certificats, vous pouvez les indiquer ici.", + "Show Service Provider settings…" : "Afficher les options du fournisseur de service...", + "Name ID format" : "Format de l'ID du nom", + "Identity Provider Data" : "Fournisseur de données d'identité", + "Configure your IdP settings here." : "Configurez vos options IdP ici.", + "Identifier of the IdP entity (must be a URI)" : "Identifiant de l'entité IdP (doit être une URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "URL cible du fournisseur d'identités à qui le fournisseur de service enverra la requête d'authentification", + "Show optional Identity Provider settings…" : "Afficher les paramètres optionnels du fournisseur d'identité...", + "URL Location of the IdP where the SP will send the SLO Request" : "URL du fournisseur d'identité où le fournisseur de service enverra la requête de déconnexion SLO", + "URL Location of the IDP's SLO Response" : "URL de la réponse SLO du fournisseur d’identité", + "Public X.509 certificate of the IdP" : "Certificat public X.509 de l'IdP", + "Attribute mapping" : "Mappage des attributs", + "If you want to optionally map attributes to the user you can configure these here." : "Si vous préférez relier les attributs à l'utilisateur, vous pouvez les configurer ici.", + "Show attribute mapping settings…" : "Montrer les paramètres du mappage des attributs...", + "Security settings" : "Paramètres de sécurité", + "For increased security we recommend enabling the following settings if supported by your environment." : "Pour augmenter la sécurité nous recommandons d'activer les paramètres suivants s'ils sont supportés par votre environnement.", + "Show security settings…" : "Afficher les paramètres de sécurité...", + "Signatures and encryption offered" : "Signatures et chiffrement proposés", + "Signatures and encryption required" : "Signatures et chiffrement obligatoire", + "Download metadata XML" : "Télécharger les méta-données XML", + "Reset settings" : "Réinitialiser les paramètres", + "Metadata invalid" : "Méta-données invalides", + "Metadata valid" : "Méta-données valides", + "Error" : "Erreur", + "Account not provisioned." : "Compte non approvisionné.", + "Your account is not provisioned, access to this service is thus not possible." : "Votre compte n'est pas approvisionné, l'accès à ce service n'est donc pas possible.", + "Login options:" : "Options de connexion :", + "Choose a authentication provider" : "Choisir un fournisseur d'authentification" +}, +"nplurals=2; plural=(n > 1);"); diff --git a/docker/nextcloud/user_saml/l10n/fr.json b/docker/nextcloud/user_saml/l10n/fr.json new file mode 100755 index 0000000..0977fe1 --- /dev/null +++ b/docker/nextcloud/user_saml/l10n/fr.json @@ -0,0 +1,87 @@ +{ "translations": { + "This user account is disabled, please contact your administrator." : "Ce compte utilisateur est désactivé, veuillez contacter votre administrateur.", + "Saved" : "Sauvegardé", + "Provider" : "Fournisseur", + "Unknown error, please check the log file for more details." : "Erreur inconnue, veuillez vérifier le fichier journal pour plus de détails.", + "Direct log in" : "Connexion directe", + "SSO & SAML log in" : "Connexion SSO & SAML", + "This page should not be visited directly." : "Cette page ne devrait pas être accessible directement.", + "Provider " : "Fournisseur", + "X.509 certificate of the Service Provider" : "Certificat X.509 du fournisseur de service", + "Private key of the Service Provider" : "Clé privée du fournisseur de service", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Indique que le \"nameID\" de envoyé par ce SP sera chiffré.", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Indique que le de messages envoyé par SP va être signé. [Métadonnée du SP va donner cette info]", + "Indicates whether the messages sent by this SP will be signed." : "Indique si le message envoyé par ce SP sera signé.", + "Indicates whether the messages sent by this SP will be signed." : "Indique si le message envoyé par ce SP sera signé.", + "Whether the metadata should be signed." : "Si les méta-données peuvent-être signées.", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Indique que les éléments , et reçus par ce SP doivent être signés.", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Indique que les éléments reçus par ce SP doivent être signés.[Méta-données du SP offrent cette info]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Indique que les éléments reçus par ce SP doivent être chiffrés.", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Indique que l'élément NameID sur la réponse SAML reçu par ce SP doit être présent.", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Indique que l'élément NameID sur la réponse SAML reçu par ce SP doit être chiffré.", + "Indicates if the SP will validate all received XML." : "Indique si le SP validera tous les XML reçus.", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS encode les données du lien SAML en lettre minuscule alors que la boîte à outil utilise par défaut les lettres majuscules. Activez la compatibilité ADFS pour la vérification de la signature.", + "Algorithm that the toolkit will use on signing process." : "Algorithme que la boîte à outils utilisera lors du processus de signature.", + "Attribute to map the UID to." : "Attribut pour relier l'UID.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Ne permettre l'authentification d'un compte que s'il existe sur un autre système d'authentification. (ex : LDAP)", + "Attribute to map the displayname to." : "Attribut pour relier le nom d'utilisateur.", + "Attribute to map the email address to." : "Attribut pour relier l'adresse mail.", + "Attribute to map the quota to." : "Attribut pour relier le quota.", + "Attribute to map the users groups to." : "Attribut pour relier les groupes d'utilisateurs.", + "Attribute to map the users home to." : "Attribut pour relier le domicile des utilisateurs.", + "Email address" : "Adresse e-mail", + "Encrypted" : "Chiffré", + "Entity" : "Entité", + "Kerberos" : "Kerberos", + "Persistent" : "Persistant", + "Transient" : "En transit", + "Unspecified" : "Non spécifié", + "Windows domain qualified name" : "Nom de domaine Windows", + "X509 subject name" : "Nom du sujet X509", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Utiliser l'authentification SAML pour le client bureau de %s (requiert une ré-authentification de l'utilisateur)", + "Optional display name of the identity provider (default: \"SSO & SAML log in\")" : "Nom d'affichage facultatif du fournisseur d'identité (par défaut : \"Connexion SSO & SAML\")", + "Allow the use of multiple user back-ends (e.g. LDAP)" : "Autoriser l'utilisation de plusieurs systèmes d'authentification (ex: LDAP)", + "SSO & SAML authentication" : "Authentification SSO & SAML", + "Authenticate using single sign-on" : "Authentification SSO", + "Using the SSO & SAML app of your Nextcloud you can make it easily possible to integrate your existing Single-Sign-On solution with Nextcloud. In addition, you can use the Nextcloud LDAP user provider to keep the convenience for users. (e.g. when sharing)\nThe following providers are supported and tested at the moment:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Authentication via Environment Variable**\n\t* Kerberos (mod_auth_kerb)\n\t* Any other provider that authenticates using the environment variable\n\nWhile theoretically any other authentication provider implementing either one of those standards is compatible, we like to note that they are not part of any internal test matrix." : "\tEn utilisant l'application SSO & SAML de votre Nextcloud, vous pouvez facilement intégrer votre solution Single-Sign-On existante avec Nextcloud. En outre, vous pouvez utiliser le fournisseur d'utilisateurs LDAP Nextcloud pour conserver une meilleur simplicité pour les utilisateurs. (par exemple quand ils partageant)\nPour le moment, seuls les fournisseurs suivants sont testés et pris en charge. \n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Authentification via une variable d'environnement\n\t* Kerberos (mod_auth_kerb)\n\tTout autre fournisseur qui s'authentifie à l'aide d'une variable d'environnement\n\nBien que théoriquement, tout autre fournisseur d'authentification mettant en œuvre l'une ou l'autre de ces normes soit compatible, veuillez noter que leur compatibilité n'est pas garantie, car ils ne sont pas tester par nos équipes.", + "Open documentation" : "Voir la documentation", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you enabled \"%s\" or you go directly to the URL %s." : "Assurez-vous de configurer un utilisateur administratif qui peut accéder à l'instance par SSO. La connexion avec votre compte habituel %s ne sera plus possible, à moins que vous activiez \"%s\" ou que vous alliez directement à l'adresse URL %s.", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you go directly to the URL %s." : "Assurez-vous de configurer un utilisateur administratif qui peut accéder à l'instance par SSO. La connexion avec votre compte habituel %s ne sera plus possible, à moins que vous alliez directement à l'adresse URL %s.", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Veuillez choisir si vous voulez vous authentifier en utilisant le fournisseur SAML intégré à Nextcloud ou si vous voulez vous authentifier avec une variable d'environnement.", + "Use built-in SAML authentication" : "Utiliser l'authentification SAML intégrée", + "Use environment variable" : "Utiliser une variable d’environnement", + "Global settings" : "Paramètres généraux", + "Remove identity provider" : "Supprimer le fournisseur d'identité", + "Add identity provider" : "Ajouter le fournisseur d'identité", + "General" : "Général", + "Service Provider Data" : "Service du Fournisseur de Données", + "If your Service Provider should use certificates you can optionally specify them here." : "Si votre fournisseur de service utilise des certificats, vous pouvez les indiquer ici.", + "Show Service Provider settings…" : "Afficher les options du fournisseur de service...", + "Name ID format" : "Format de l'ID du nom", + "Identity Provider Data" : "Fournisseur de données d'identité", + "Configure your IdP settings here." : "Configurez vos options IdP ici.", + "Identifier of the IdP entity (must be a URI)" : "Identifiant de l'entité IdP (doit être une URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "URL cible du fournisseur d'identités à qui le fournisseur de service enverra la requête d'authentification", + "Show optional Identity Provider settings…" : "Afficher les paramètres optionnels du fournisseur d'identité...", + "URL Location of the IdP where the SP will send the SLO Request" : "URL du fournisseur d'identité où le fournisseur de service enverra la requête de déconnexion SLO", + "URL Location of the IDP's SLO Response" : "URL de la réponse SLO du fournisseur d’identité", + "Public X.509 certificate of the IdP" : "Certificat public X.509 de l'IdP", + "Attribute mapping" : "Mappage des attributs", + "If you want to optionally map attributes to the user you can configure these here." : "Si vous préférez relier les attributs à l'utilisateur, vous pouvez les configurer ici.", + "Show attribute mapping settings…" : "Montrer les paramètres du mappage des attributs...", + "Security settings" : "Paramètres de sécurité", + "For increased security we recommend enabling the following settings if supported by your environment." : "Pour augmenter la sécurité nous recommandons d'activer les paramètres suivants s'ils sont supportés par votre environnement.", + "Show security settings…" : "Afficher les paramètres de sécurité...", + "Signatures and encryption offered" : "Signatures et chiffrement proposés", + "Signatures and encryption required" : "Signatures et chiffrement obligatoire", + "Download metadata XML" : "Télécharger les méta-données XML", + "Reset settings" : "Réinitialiser les paramètres", + "Metadata invalid" : "Méta-données invalides", + "Metadata valid" : "Méta-données valides", + "Error" : "Erreur", + "Account not provisioned." : "Compte non approvisionné.", + "Your account is not provisioned, access to this service is thus not possible." : "Votre compte n'est pas approvisionné, l'accès à ce service n'est donc pas possible.", + "Login options:" : "Options de connexion :", + "Choose a authentication provider" : "Choisir un fournisseur d'authentification" +},"pluralForm" :"nplurals=2; plural=(n > 1);" +} \ No newline at end of file diff --git a/docker/nextcloud/user_saml/l10n/gl.js b/docker/nextcloud/user_saml/l10n/gl.js new file mode 100755 index 0000000..068d0b2 --- /dev/null +++ b/docker/nextcloud/user_saml/l10n/gl.js @@ -0,0 +1,89 @@ +OC.L10N.register( + "user_saml", + { + "This user account is disabled, please contact your administrator." : "Esta conta de usuario está desactivada, póñase en contacto co administrador.", + "Saved" : "Gardado", + "Provider" : "Provedor", + "Unknown error, please check the log file for more details." : "Produciuse un erro descoñecido, revise o rexistro para obter máis información.", + "Direct log in" : "Acceso directo", + "SSO & SAML log in" : "Acceso SSO e SAML", + "This page should not be visited directly." : "Esta páxina non debe ser visitada directamente.", + "Provider " : "Provedor", + "X.509 certificate of the Service Provider" : "Certificado X.509 do provedor do servizo", + "Private key of the Service Provider" : "Clave privada do provedor do servizo", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Indica que o nameID do enviado por este SP vai ser cifrado.", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Indica se as mensaxes enviadas por este SP van seren asinadas. [Os metadatos do SP ofrecerán esta información]", + "Indicates whether the messages sent by this SP will be signed." : "Indica se as mensaxes enviadas por este SP van seren asinadas.", + "Indicates whether the messages sent by this SP will be signed." : "Indica se as mensaxes enviadas por este SP van seren asinadas.", + "Whether the metadata should be signed." : "Se os metadatos deben ser asinados.", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Indica un requisito para os elementos , e recibidos por este SP para seren asinados.", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Indica un requisito para os elementos recibidos por este SP para seren asinados. [Os metadatos do SP ofrecerán esta información]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Indica un requisito para os elementos recibidos por este SP para seren cifrados.", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Indica un requisito para que o elemento NameID no SAMLResponse recibido por este SP estea presente.", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Indica un requisito para que o NameID recibido por este SP estea cifrado.", + "Indicates if the SP will validate all received XML." : "Indica se o SP validará todos os XMLs recibidos.", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS URL-Cifra datos SAML en minúsculas, e, por omisión, o conxunto de ferramentas usa maiúsculas. Active ADFS para a compatibilidade na sinatura de verificación.", + "Algorithm that the toolkit will use on signing process." : "Algoritmo que o conxnto de ferramentas empregará no proceso de sinatura.", + "Attribute to map the UID to." : "Atributo para asignar o UID.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Permitir soamente se existe unha conta noutro sistema. (p. ex. LDAP)", + "Attribute to map the displayname to." : "Atributo para asignar o nome que amosar.", + "Attribute to map the email address to." : "Atributo para asignar o enderezo de correo que amosar.", + "Attribute to map the quota to." : "Atributo para asignar a cota.", + "Attribute to map the users groups to." : "Atributo para asignar os grupos de usuarios.", + "Attribute to map the users home to." : "Atributo para asignar o cartafol dos usuarios.", + "Email address" : "Enderezo de correo", + "Encrypted" : "Cifrado", + "Entity" : "Entidade", + "Kerberos" : "Kerberos", + "Persistent" : "Persistente", + "Transient" : "Transitorio", + "Unspecified" : "Sen especificar", + "Windows domain qualified name" : "Nome cualificado do dominio de Windows", + "X509 subject name" : "Nome do suxeito X509", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Usar a autenticación SAML para os clientes de escritorio %s (necesita unha re-autenticación do usuario)", + "Optional display name of the identity provider (default: \"SSO & SAML log in\")" : "Nome para amosar opcional do provedor de identidade (por omisión: «rexistro SSO e SAML»)", + "Allow the use of multiple user back-ends (e.g. LDAP)" : "Permitir o uso de várias infraestruturas de autenticación (p. ex. LDAP) ", + "SSO & SAML authentication" : "Autenticación SSO e SAML", + "Authenticate using single sign-on" : "Autenticación usando SSO (single sign-on)", + "Using the SSO & SAML app of your Nextcloud you can make it easily possible to integrate your existing Single-Sign-On solution with Nextcloud. In addition, you can use the Nextcloud LDAP user provider to keep the convenience for users. (e.g. when sharing)\nThe following providers are supported and tested at the moment:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Authentication via Environment Variable**\n\t* Kerberos (mod_auth_kerb)\n\t* Any other provider that authenticates using the environment variable\n\nWhile theoretically any other authentication provider implementing either one of those standards is compatible, we like to note that they are not part of any internal test matrix." : "Usando a aplicación SSO e SAML no seu NextCloud pode facer posíbel integrar a súa solución de «Inicio de sesión único» (Single-Sign-On) co Nextcloud. Ademaiss, pode empregar o provedor de usuarios LDAP do NextCloud para conservar a conveniencia para usuarios (p. ej., ao compartir).\nPolo momento foron omprobados e son compatíbeis os seguintes proveedores:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Autenticación mediante variábel de contorno**\n\t* Kerberos (mod_auth_kerb)\n\t* Calquera outro provedor que autentique usando a variábel de contorno\n\nAínda que teoricamente calquera outro provedor de autenticación que implemente calquera destes estándares é compatíbel, queremos facer notar que non forman parte de ningunha matriz de probas interna.", + "Open documentation" : "Abrir a documentación", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you enabled \"%s\" or you go directly to the URL %s." : "Asegúrese de configurar un usuario administrativo que poida acceder á instancia a través de SSO. Acceder coa súa conta normal %s xa non será posíbel, a non ser que teña activado «%s» ou que vaia directamente ao URL %s.", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you go directly to the URL %s." : "Asegúrese de configurar un usuario administrativo que poida acceder á instancia a través de SSO. Acceder coa súa conta normal %s xa non será posíbel, a non ser que vaia directamente ao URL %s.", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Escolla se quere autenticarse usando o provedor SAML integrado en Nextcloud ou se quere autenticarse nunha variábel de contorno.", + "Use built-in SAML authentication" : "Usar a autenticación integrada de SAML", + "Use environment variable" : "Usar variábel de contorno", + "Global settings" : "Axustes globais", + "Remove identity provider" : "Retirar o provedor de identidade", + "Add identity provider" : "Engadir un provedor de identidade", + "General" : "Xeral", + "Service Provider Data" : "Provedor do servizo de datos", + "If your Service Provider should use certificates you can optionally specify them here." : "Se o seu provedor do servizo usa certificados, pode, opcionalmente, especificalos aquí.", + "Show Service Provider settings…" : "Amosar os axustes do Proveedor dos Servizos...", + "Name ID format" : "Formato do ID de nome", + "Identity Provider Data" : "Identificación do provedor de datos", + "Configure your IdP settings here." : "Configure os axustes do seu IdP aquí.", + "Identifier of the IdP entity (must be a URI)" : "Identificador da entidade IdP (ten que ser un URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "URL obxectivo do IdP onde o SP enviará a mensaxe de solicitude de autenticación", + "Show optional Identity Provider settings…" : "Amosar axustes opcionais do Provedor de Identidade...", + "URL Location of the IdP where the SP will send the SLO Request" : "Enderezo URL do IdP onde o SP enviará as solicitudes SLO", + "URL Location of the IDP's SLO Response" : "Localización URL da resposta SLO do IDP", + "Public X.509 certificate of the IdP" : "Certificado público X.509 do IdP", + "Attribute mapping" : "Asignación de atributos", + "If you want to optionally map attributes to the user you can configure these here." : "Se queres asignar atributos opcionais ao usuario, podes configuralos aquí.", + "Show attribute mapping settings…" : "Amosar axustes de asignación de atributos...", + "Security settings" : "Axustes de seguridade", + "For increased security we recommend enabling the following settings if supported by your environment." : "Para incrementar a seguridade recomendámoslle que active os seguintes axustes se son admitidos polo seu contorno.", + "Show security settings…" : "Amosar os axustes de seguridade...", + "Signatures and encryption offered" : "Sinaturas e cifrado ofrecidos", + "Signatures and encryption required" : "Son ncesarios as sinaturas e o cifrado", + "Download metadata XML" : "Descargar metadatos en XML", + "Reset settings" : "Restabelecer os axustes", + "Metadata invalid" : "Metadatos incorrectos", + "Metadata valid" : "Metadatos correctos", + "Error" : "Erro", + "Account not provisioned." : "Conta non aprovisionada.", + "Your account is not provisioned, access to this service is thus not possible." : "A súa conta non esta aprovisionada, polo que non é posíbel o acceso a este servizo.", + "Login options:" : "Opcións de acceso", + "Choose a authentication provider" : "Escolla un provedor de autenticación" +}, +"nplurals=2; plural=(n != 1);"); diff --git a/docker/nextcloud/user_saml/l10n/gl.json b/docker/nextcloud/user_saml/l10n/gl.json new file mode 100755 index 0000000..ebd5326 --- /dev/null +++ b/docker/nextcloud/user_saml/l10n/gl.json @@ -0,0 +1,87 @@ +{ "translations": { + "This user account is disabled, please contact your administrator." : "Esta conta de usuario está desactivada, póñase en contacto co administrador.", + "Saved" : "Gardado", + "Provider" : "Provedor", + "Unknown error, please check the log file for more details." : "Produciuse un erro descoñecido, revise o rexistro para obter máis información.", + "Direct log in" : "Acceso directo", + "SSO & SAML log in" : "Acceso SSO e SAML", + "This page should not be visited directly." : "Esta páxina non debe ser visitada directamente.", + "Provider " : "Provedor", + "X.509 certificate of the Service Provider" : "Certificado X.509 do provedor do servizo", + "Private key of the Service Provider" : "Clave privada do provedor do servizo", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Indica que o nameID do enviado por este SP vai ser cifrado.", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Indica se as mensaxes enviadas por este SP van seren asinadas. [Os metadatos do SP ofrecerán esta información]", + "Indicates whether the messages sent by this SP will be signed." : "Indica se as mensaxes enviadas por este SP van seren asinadas.", + "Indicates whether the messages sent by this SP will be signed." : "Indica se as mensaxes enviadas por este SP van seren asinadas.", + "Whether the metadata should be signed." : "Se os metadatos deben ser asinados.", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Indica un requisito para os elementos , e recibidos por este SP para seren asinados.", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Indica un requisito para os elementos recibidos por este SP para seren asinados. [Os metadatos do SP ofrecerán esta información]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Indica un requisito para os elementos recibidos por este SP para seren cifrados.", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Indica un requisito para que o elemento NameID no SAMLResponse recibido por este SP estea presente.", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Indica un requisito para que o NameID recibido por este SP estea cifrado.", + "Indicates if the SP will validate all received XML." : "Indica se o SP validará todos os XMLs recibidos.", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS URL-Cifra datos SAML en minúsculas, e, por omisión, o conxunto de ferramentas usa maiúsculas. Active ADFS para a compatibilidade na sinatura de verificación.", + "Algorithm that the toolkit will use on signing process." : "Algoritmo que o conxnto de ferramentas empregará no proceso de sinatura.", + "Attribute to map the UID to." : "Atributo para asignar o UID.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Permitir soamente se existe unha conta noutro sistema. (p. ex. LDAP)", + "Attribute to map the displayname to." : "Atributo para asignar o nome que amosar.", + "Attribute to map the email address to." : "Atributo para asignar o enderezo de correo que amosar.", + "Attribute to map the quota to." : "Atributo para asignar a cota.", + "Attribute to map the users groups to." : "Atributo para asignar os grupos de usuarios.", + "Attribute to map the users home to." : "Atributo para asignar o cartafol dos usuarios.", + "Email address" : "Enderezo de correo", + "Encrypted" : "Cifrado", + "Entity" : "Entidade", + "Kerberos" : "Kerberos", + "Persistent" : "Persistente", + "Transient" : "Transitorio", + "Unspecified" : "Sen especificar", + "Windows domain qualified name" : "Nome cualificado do dominio de Windows", + "X509 subject name" : "Nome do suxeito X509", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Usar a autenticación SAML para os clientes de escritorio %s (necesita unha re-autenticación do usuario)", + "Optional display name of the identity provider (default: \"SSO & SAML log in\")" : "Nome para amosar opcional do provedor de identidade (por omisión: «rexistro SSO e SAML»)", + "Allow the use of multiple user back-ends (e.g. LDAP)" : "Permitir o uso de várias infraestruturas de autenticación (p. ex. LDAP) ", + "SSO & SAML authentication" : "Autenticación SSO e SAML", + "Authenticate using single sign-on" : "Autenticación usando SSO (single sign-on)", + "Using the SSO & SAML app of your Nextcloud you can make it easily possible to integrate your existing Single-Sign-On solution with Nextcloud. In addition, you can use the Nextcloud LDAP user provider to keep the convenience for users. (e.g. when sharing)\nThe following providers are supported and tested at the moment:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Authentication via Environment Variable**\n\t* Kerberos (mod_auth_kerb)\n\t* Any other provider that authenticates using the environment variable\n\nWhile theoretically any other authentication provider implementing either one of those standards is compatible, we like to note that they are not part of any internal test matrix." : "Usando a aplicación SSO e SAML no seu NextCloud pode facer posíbel integrar a súa solución de «Inicio de sesión único» (Single-Sign-On) co Nextcloud. Ademaiss, pode empregar o provedor de usuarios LDAP do NextCloud para conservar a conveniencia para usuarios (p. ej., ao compartir).\nPolo momento foron omprobados e son compatíbeis os seguintes proveedores:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Autenticación mediante variábel de contorno**\n\t* Kerberos (mod_auth_kerb)\n\t* Calquera outro provedor que autentique usando a variábel de contorno\n\nAínda que teoricamente calquera outro provedor de autenticación que implemente calquera destes estándares é compatíbel, queremos facer notar que non forman parte de ningunha matriz de probas interna.", + "Open documentation" : "Abrir a documentación", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you enabled \"%s\" or you go directly to the URL %s." : "Asegúrese de configurar un usuario administrativo que poida acceder á instancia a través de SSO. Acceder coa súa conta normal %s xa non será posíbel, a non ser que teña activado «%s» ou que vaia directamente ao URL %s.", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you go directly to the URL %s." : "Asegúrese de configurar un usuario administrativo que poida acceder á instancia a través de SSO. Acceder coa súa conta normal %s xa non será posíbel, a non ser que vaia directamente ao URL %s.", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Escolla se quere autenticarse usando o provedor SAML integrado en Nextcloud ou se quere autenticarse nunha variábel de contorno.", + "Use built-in SAML authentication" : "Usar a autenticación integrada de SAML", + "Use environment variable" : "Usar variábel de contorno", + "Global settings" : "Axustes globais", + "Remove identity provider" : "Retirar o provedor de identidade", + "Add identity provider" : "Engadir un provedor de identidade", + "General" : "Xeral", + "Service Provider Data" : "Provedor do servizo de datos", + "If your Service Provider should use certificates you can optionally specify them here." : "Se o seu provedor do servizo usa certificados, pode, opcionalmente, especificalos aquí.", + "Show Service Provider settings…" : "Amosar os axustes do Proveedor dos Servizos...", + "Name ID format" : "Formato do ID de nome", + "Identity Provider Data" : "Identificación do provedor de datos", + "Configure your IdP settings here." : "Configure os axustes do seu IdP aquí.", + "Identifier of the IdP entity (must be a URI)" : "Identificador da entidade IdP (ten que ser un URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "URL obxectivo do IdP onde o SP enviará a mensaxe de solicitude de autenticación", + "Show optional Identity Provider settings…" : "Amosar axustes opcionais do Provedor de Identidade...", + "URL Location of the IdP where the SP will send the SLO Request" : "Enderezo URL do IdP onde o SP enviará as solicitudes SLO", + "URL Location of the IDP's SLO Response" : "Localización URL da resposta SLO do IDP", + "Public X.509 certificate of the IdP" : "Certificado público X.509 do IdP", + "Attribute mapping" : "Asignación de atributos", + "If you want to optionally map attributes to the user you can configure these here." : "Se queres asignar atributos opcionais ao usuario, podes configuralos aquí.", + "Show attribute mapping settings…" : "Amosar axustes de asignación de atributos...", + "Security settings" : "Axustes de seguridade", + "For increased security we recommend enabling the following settings if supported by your environment." : "Para incrementar a seguridade recomendámoslle que active os seguintes axustes se son admitidos polo seu contorno.", + "Show security settings…" : "Amosar os axustes de seguridade...", + "Signatures and encryption offered" : "Sinaturas e cifrado ofrecidos", + "Signatures and encryption required" : "Son ncesarios as sinaturas e o cifrado", + "Download metadata XML" : "Descargar metadatos en XML", + "Reset settings" : "Restabelecer os axustes", + "Metadata invalid" : "Metadatos incorrectos", + "Metadata valid" : "Metadatos correctos", + "Error" : "Erro", + "Account not provisioned." : "Conta non aprovisionada.", + "Your account is not provisioned, access to this service is thus not possible." : "A súa conta non esta aprovisionada, polo que non é posíbel o acceso a este servizo.", + "Login options:" : "Opcións de acceso", + "Choose a authentication provider" : "Escolla un provedor de autenticación" +},"pluralForm" :"nplurals=2; plural=(n != 1);" +} \ No newline at end of file diff --git a/docker/nextcloud/user_saml/l10n/he.js b/docker/nextcloud/user_saml/l10n/he.js new file mode 100755 index 0000000..c3e2ebd --- /dev/null +++ b/docker/nextcloud/user_saml/l10n/he.js @@ -0,0 +1,61 @@ +OC.L10N.register( + "user_saml", + { + "This user account is disabled, please contact your administrator." : "החשבון הזה מושבת, נא ליצור קשר עם מנהל המערכת.", + "Saved" : "נשמר", + "Provider" : "ספק", + "Unknown error, please check the log file for more details." : "שגיאה בלתי ידועה, נא לעיין בקובץ הרישום לפרטים נוספים.", + "Direct log in" : "כניסה ישירה", + "SSO & SAML log in" : "כניסה עם SSO ו־SAML", + "This page should not be visited directly." : "אין סיבה להגיע לעמוד זה ישירות.", + "Provider " : "ספק", + "X.509 certificate of the Service Provider" : "אישור X.509 של ספק השירות", + "Private key of the Service Provider" : "מפתח פרטי של ספק השירות", + "Indicates that the nameID of the sent by this SP will be encrypted." : "מציין שה־nameID של ה־ שנשלח על ידי ספק השירות הזה יהיה מוצפן.", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "מציין האם הודעות מסוג שנשלחות על ידי ספק השירות הזה תהיינה חתומות. [נתוני העל של ספק השירות יציעו את המידע הזה]", + "Indicates whether the messages sent by this SP will be signed." : "מציין האם הודעות מסוג שנשלחות על ידי ספק השירות הזה תהיינה חתומות.", + "Indicates whether the messages sent by this SP will be signed." : "מציין האם הודעות מסוג שנשלחות על ידי ספק השירות הזה תהיינה חתומות.", + "Whether the metadata should be signed." : "האם לחתום על נתוני העל.", + "Indicates a requirement for the , and elements received by this SP to be signed." : "מציין דרישה לחתימה על הרכיבים , ו־ שהתקבלו על ידי ספק השירות הזה.", + "Indicates if the SP will validate all received XML." : "מציין אם ספק השירות יאמת את כל ה־XML שמתקבל", + "Algorithm that the toolkit will use on signing process." : "האלגוריתם בו תשתמש ערכת הכלים בתהליך החתימה.", + "Attribute to map the UID to." : "מאפיין למפות אליו את ה־UID (מזהה המשתמש).", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "לאפשר אימות רק אם קיים חשבון במנגנון אחר כלשהו (למשל LDAP)", + "Attribute to map the displayname to." : "מאפיין למפות אליו את displayname (שם התצוגה).", + "Attribute to map the email address to." : "מאפיין למפות אליו את email (כתובת הדוא״ל).", + "Attribute to map the quota to." : "מאפיין למפות אליו את quota (מיכסה).", + "Attribute to map the users groups to." : "מאפיין למפות אליו את קבוצות המשתמשים.", + "Attribute to map the users home to." : "מאפיין למפות אליו את תיקיות הבית של המשתמשים.", + "Email address" : "כתובת דוא״ל", + "Encrypted" : "מוצפן", + "Entity" : "יישות", + "Kerberos" : "Kerberos", + "X509 subject name" : "שם נושא X509", + "SSO & SAML authentication" : "אימות גישה אחודה (SSO) ו־SAML", + "Open documentation" : "פתיחת תיעוד", + "Use built-in SAML authentication" : "שימוש באימות SAML מובנה", + "Use environment variable" : "שימוש במשתני סביבה", + "Global settings" : "הגדרות גלובליות", + "Remove identity provider" : "הסרת ספק זהות", + "Add identity provider" : "הוספת ספק זהות", + "General" : "כללי", + "Service Provider Data" : "נתוני ספק שירות", + "If your Service Provider should use certificates you can optionally specify them here." : "אם ספק הזהות שלך אמור להשתמש באישורים ניתן לציין אותם כאן.", + "Show Service Provider settings…" : "הצגת הגדרות ספק שירות…", + "Identity Provider Data" : "נתוני ספק שירות", + "Configure your IdP settings here." : "הגדרת תצורת ספק השירות להלן.", + "Attribute mapping" : "מיפוי מאפיינים", + "Security settings" : "הגדרות אבטחה", + "Show security settings…" : "הצגת הגדרות אבטחה…", + "Signatures and encryption offered" : "הוצעו חתימות והצפנה", + "Signatures and encryption required" : "נדרשו חתימות והצפנה", + "Download metadata XML" : "הורדת XML של נתוני העל", + "Reset settings" : "איפוס הגדרות", + "Metadata invalid" : "נתוני העל שגויים", + "Metadata valid" : "נתוני העל תקינים", + "Error" : "שגיאה", + "Account not provisioned." : "החשבון לא מנוהל.", + "Your account is not provisioned, access to this service is thus not possible." : "החשבון שלך לא מנוהל, לכן הגישה לשירות הזה אינה אפשרות.", + "Choose a authentication provider" : "נא לבחור ספק אימות" +}, +"nplurals=4; plural=(n == 1 && n % 1 == 0) ? 0 : (n == 2 && n % 1 == 0) ? 1: (n % 10 == 0 && n % 1 == 0 && n > 10) ? 2 : 3;"); diff --git a/docker/nextcloud/user_saml/l10n/he.json b/docker/nextcloud/user_saml/l10n/he.json new file mode 100755 index 0000000..ae2fe12 --- /dev/null +++ b/docker/nextcloud/user_saml/l10n/he.json @@ -0,0 +1,59 @@ +{ "translations": { + "This user account is disabled, please contact your administrator." : "החשבון הזה מושבת, נא ליצור קשר עם מנהל המערכת.", + "Saved" : "נשמר", + "Provider" : "ספק", + "Unknown error, please check the log file for more details." : "שגיאה בלתי ידועה, נא לעיין בקובץ הרישום לפרטים נוספים.", + "Direct log in" : "כניסה ישירה", + "SSO & SAML log in" : "כניסה עם SSO ו־SAML", + "This page should not be visited directly." : "אין סיבה להגיע לעמוד זה ישירות.", + "Provider " : "ספק", + "X.509 certificate of the Service Provider" : "אישור X.509 של ספק השירות", + "Private key of the Service Provider" : "מפתח פרטי של ספק השירות", + "Indicates that the nameID of the sent by this SP will be encrypted." : "מציין שה־nameID של ה־ שנשלח על ידי ספק השירות הזה יהיה מוצפן.", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "מציין האם הודעות מסוג שנשלחות על ידי ספק השירות הזה תהיינה חתומות. [נתוני העל של ספק השירות יציעו את המידע הזה]", + "Indicates whether the messages sent by this SP will be signed." : "מציין האם הודעות מסוג שנשלחות על ידי ספק השירות הזה תהיינה חתומות.", + "Indicates whether the messages sent by this SP will be signed." : "מציין האם הודעות מסוג שנשלחות על ידי ספק השירות הזה תהיינה חתומות.", + "Whether the metadata should be signed." : "האם לחתום על נתוני העל.", + "Indicates a requirement for the , and elements received by this SP to be signed." : "מציין דרישה לחתימה על הרכיבים , ו־ שהתקבלו על ידי ספק השירות הזה.", + "Indicates if the SP will validate all received XML." : "מציין אם ספק השירות יאמת את כל ה־XML שמתקבל", + "Algorithm that the toolkit will use on signing process." : "האלגוריתם בו תשתמש ערכת הכלים בתהליך החתימה.", + "Attribute to map the UID to." : "מאפיין למפות אליו את ה־UID (מזהה המשתמש).", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "לאפשר אימות רק אם קיים חשבון במנגנון אחר כלשהו (למשל LDAP)", + "Attribute to map the displayname to." : "מאפיין למפות אליו את displayname (שם התצוגה).", + "Attribute to map the email address to." : "מאפיין למפות אליו את email (כתובת הדוא״ל).", + "Attribute to map the quota to." : "מאפיין למפות אליו את quota (מיכסה).", + "Attribute to map the users groups to." : "מאפיין למפות אליו את קבוצות המשתמשים.", + "Attribute to map the users home to." : "מאפיין למפות אליו את תיקיות הבית של המשתמשים.", + "Email address" : "כתובת דוא״ל", + "Encrypted" : "מוצפן", + "Entity" : "יישות", + "Kerberos" : "Kerberos", + "X509 subject name" : "שם נושא X509", + "SSO & SAML authentication" : "אימות גישה אחודה (SSO) ו־SAML", + "Open documentation" : "פתיחת תיעוד", + "Use built-in SAML authentication" : "שימוש באימות SAML מובנה", + "Use environment variable" : "שימוש במשתני סביבה", + "Global settings" : "הגדרות גלובליות", + "Remove identity provider" : "הסרת ספק זהות", + "Add identity provider" : "הוספת ספק זהות", + "General" : "כללי", + "Service Provider Data" : "נתוני ספק שירות", + "If your Service Provider should use certificates you can optionally specify them here." : "אם ספק הזהות שלך אמור להשתמש באישורים ניתן לציין אותם כאן.", + "Show Service Provider settings…" : "הצגת הגדרות ספק שירות…", + "Identity Provider Data" : "נתוני ספק שירות", + "Configure your IdP settings here." : "הגדרת תצורת ספק השירות להלן.", + "Attribute mapping" : "מיפוי מאפיינים", + "Security settings" : "הגדרות אבטחה", + "Show security settings…" : "הצגת הגדרות אבטחה…", + "Signatures and encryption offered" : "הוצעו חתימות והצפנה", + "Signatures and encryption required" : "נדרשו חתימות והצפנה", + "Download metadata XML" : "הורדת XML של נתוני העל", + "Reset settings" : "איפוס הגדרות", + "Metadata invalid" : "נתוני העל שגויים", + "Metadata valid" : "נתוני העל תקינים", + "Error" : "שגיאה", + "Account not provisioned." : "החשבון לא מנוהל.", + "Your account is not provisioned, access to this service is thus not possible." : "החשבון שלך לא מנוהל, לכן הגישה לשירות הזה אינה אפשרות.", + "Choose a authentication provider" : "נא לבחור ספק אימות" +},"pluralForm" :"nplurals=4; plural=(n == 1 && n % 1 == 0) ? 0 : (n == 2 && n % 1 == 0) ? 1: (n % 10 == 0 && n % 1 == 0 && n > 10) ? 2 : 3;" +} \ No newline at end of file diff --git a/docker/nextcloud/user_saml/l10n/hr.js b/docker/nextcloud/user_saml/l10n/hr.js new file mode 100755 index 0000000..31e573f --- /dev/null +++ b/docker/nextcloud/user_saml/l10n/hr.js @@ -0,0 +1,89 @@ +OC.L10N.register( + "user_saml", + { + "This user account is disabled, please contact your administrator." : "Ovaj je korisnički račun onemogućen, obratite se svom administratoru.", + "Saved" : "Spremljeno", + "Provider" : "Davatelj usluge", + "Unknown error, please check the log file for more details." : "Došlo je do nepoznate pogreške, provjerite datoteku sa zapisom.", + "Direct log in" : "Izravna prijava", + "SSO & SAML log in" : "Prijava SSO i SAML", + "This page should not be visited directly." : "Ovu stranicu ne bi trebalo izravno posjetiti.", + "Provider " : "Davatelj usluge ", + "X.509 certificate of the Service Provider" : "X.509 vjerodajnica davatelja usluge", + "Private key of the Service Provider" : "Privatni ključ davatelja usluge", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Označava da će se šifrirati nameID koje je poslao ovaj DU.", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Označava hoće li se potpisati poruke koje pošalje ovaj DU. [Informacije su sadržane u metapodacima DU-a]", + "Indicates whether the messages sent by this SP will be signed." : "Označava hoće li se potpisati poruke koje pošalje ovaj DU.", + "Indicates whether the messages sent by this SP will be signed." : "Označava hoće li se potpisati poruke koje pošalje ovaj DU.", + "Whether the metadata should be signed." : "Trebaju li biti potpisani metapodaci.", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Označava zahtjev za potpisivanjem elemenata , i koji primi ovaj DU.", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Označava zahtjev za potpisivanjem elementa koji primi ovaj DU. [Informacije su sadržane u metapodacima DU-a]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Označava zahtjev za šifriranjem elementa koji primi ovaj DU.", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : " Označava zahtjev da mora biti prisutan element NameID na SAMLResponse koji primi ovaj DU.", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Označava zahtjev za šifriranjem NameID-ja koji primi ovaj DU.", + "Indicates if the SP will validate all received XML." : "Označava hoće li DU potvrditi sve primljene XML-ove.", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS šifrira SAML podatke malim slovima, a alati prema zadanim postavkama koriste velika slova. Omogućite kako biste osigurali kompatibilnost s ADFS-om prilikom provjere potpisa.", + "Algorithm that the toolkit will use on signing process." : "Algoritam koji će primijeniti alat tijekom postupka potpisivanja.", + "Attribute to map the UID to." : "Atribut na koji se mapira UID.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Dopustite autentifikaciju samo ako račun postoji u nekom drugom pozadinskom sustavu. (npr. LDAP-u)", + "Attribute to map the displayname to." : "Atribut na koji se mapira ime za prikaz.", + "Attribute to map the email address to." : "Atribut na koji se mapira adresa e-pošte.", + "Attribute to map the quota to." : "Atribut na koji se mapira kvota.", + "Attribute to map the users groups to." : "Atribut na koji se mapiraju grupe korisnika.", + "Attribute to map the users home to." : "Atribut na koji se mapira početna mapa korisnika.", + "Email address" : "Adresa e-pošte", + "Encrypted" : "Šifrirano", + "Entity" : "Entitet", + "Kerberos" : "Kerberos", + "Persistent" : "Stalan", + "Transient" : "Prolazan", + "Unspecified" : "Neodređen", + "Windows domain qualified name" : "Naziv za Windows domenu", + "X509 subject name" : "Naziv subjekta X509", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Upotrijebite SAML auth za %s računalne klijente (zahtijeva ponovnu autentifikaciju korisnika)", + "Optional display name of the identity provider (default: \"SSO & SAML log in\")" : "Neobavezno ime za prikaz davatelja identiteta (zadano: „prijava SSO i SAML”)", + "Allow the use of multiple user back-ends (e.g. LDAP)" : "Dopusti korištenje višestrukih pozadinskih sustava (npr. LDAP-a)", + "SSO & SAML authentication" : "SSO i SAML autentifikacija", + "Authenticate using single sign-on" : "Autentifikacija jedinstvenom prijavom", + "Using the SSO & SAML app of your Nextcloud you can make it easily possible to integrate your existing Single-Sign-On solution with Nextcloud. In addition, you can use the Nextcloud LDAP user provider to keep the convenience for users. (e.g. when sharing)\nThe following providers are supported and tested at the moment:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Authentication via Environment Variable**\n\t* Kerberos (mod_auth_kerb)\n\t* Any other provider that authenticates using the environment variable\n\nWhile theoretically any other authentication provider implementing either one of those standards is compatible, we like to note that they are not part of any internal test matrix." : "Korištenjem aplikacije SSO i SAML u Nextcloudu možete lako integrirati svoje postojeće rješenje za jedinstvenu prijavu u Nextcloud. Također se možete koristiti Nextcloudovim pružateljem LDAP usluga kako biste zadržali praktičnost za korisnike. (npr. prilikom dijeljenja)\nSljedeći su davatelji usluge trenutno podržani i ispitani:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Autentifikacija putem varijable okoliša**\n\t* Kerberos (mod_auth_kerb)\n\t* Bilo koji drugi davatelj usluge koji provodi autentifikaciju putem varijable okoliša\n\nIako je teoretski kompatibilan bilo koji drugi davatelj usluge autentifikacije koji implementira bilo koji od tih standarda, naglašavamo da oni nisu dio nijedne unutarnje matrice ispitivanja.", + "Open documentation" : "Otvori dokumentaciju", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you enabled \"%s\" or you go directly to the URL %s." : "Obavezno konfigurirajte administrativnog korisnika koji može pristupiti instanci putem SSO-a. Prijava sa svojim redovnim %s računom više neće biti moguća, osim ako niste omogućili „%s” ili idete izravno na URL %s.", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you go directly to the URL %s." : "Obavezno konfigurirajte administrativnog korisnika koji može pristupiti instanci putem SSO-a. Prijava sa svojim redovnim %s računom više neće biti moguća, osim ako izravno ne otvorite URL %s.", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Odaberite želite li provoditi autentifikaciju putem davatelja usluge SAML-a ugrađenog u Nextcloud ili varijable okoliša.", + "Use built-in SAML authentication" : "Koristi ugrađenu SAML autentifikaciju", + "Use environment variable" : "Koristi varijablu okoliša", + "Global settings" : "Globalne postavke", + "Remove identity provider" : "Ukloni davatelja identiteta", + "Add identity provider" : "Dodaj davatelja identiteta", + "General" : "Općenito", + "Service Provider Data" : "Podaci davatelja usluga", + "If your Service Provider should use certificates you can optionally specify them here." : "Ako bi vaš pružatelj usluga trebao upotrebljavati vjerodajnice, možete ih ovdje navesti.", + "Show Service Provider settings…" : "Prikaži postavke davatelja usluga…", + "Name ID format" : "Format ID-ja imena", + "Identity Provider Data" : "Podaci davatelja identiteta", + "Configure your IdP settings here." : "Ovdje konfigurirajte svoje IdP postavke.", + "Identifier of the IdP entity (must be a URI)" : "Identifikator IdP identiteta (mora biti URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "Ciljni URL IdP-a za koji će DU poslati poruku zahtjeva za autentifikacijom", + "Show optional Identity Provider settings…" : "Prikaži neobvezne postavke davatelja identiteta...", + "URL Location of the IdP where the SP will send the SLO Request" : "Lokacija URL-a IdP-a gdje će DU poslati zahtjev za SLO", + "URL Location of the IDP's SLO Response" : "URL lokacija odgovora IDP SLO", + "Public X.509 certificate of the IdP" : "Javna X.509 vjerodajnica IdP-a", + "Attribute mapping" : "Mapiranje atributa", + "If you want to optionally map attributes to the user you can configure these here." : "Ako želite mapirati atribute korisniku, možete ih ovdje konfigurirati.", + "Show attribute mapping settings…" : "Prikaži postavke mapiranja atributa...", + "Security settings" : "Sigurnosne postavke", + "For increased security we recommend enabling the following settings if supported by your environment." : "Za veću sigurnost preporučujemo da omogućite sljedeće postavke ako ih okolina podržava.", + "Show security settings…" : "Prikaži sigurnosne postavke...", + "Signatures and encryption offered" : "Ponuđeni potpisi i šifriranje", + "Signatures and encryption required" : "Potrebni potpisi i šifriranje", + "Download metadata XML" : "Preuzmi XML metapodatke", + "Reset settings" : "Poništi postavke", + "Metadata invalid" : "Metapodaci nisu valjani", + "Metadata valid" : "Metapodaci su valjani", + "Error" : "Pogreška", + "Account not provisioned." : "Račun nije uspostavljen.", + "Your account is not provisioned, access to this service is thus not possible." : "Vaš račun nije uspostavljen, pristup ovoj usluzi nije moguć.", + "Login options:" : "Mogućnosti prijave:", + "Choose a authentication provider" : "Odaberi davatelja usluge autentifikacije" +}, +"nplurals=3; plural=n%10==1 && n%100!=11 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2;"); diff --git a/docker/nextcloud/user_saml/l10n/hr.json b/docker/nextcloud/user_saml/l10n/hr.json new file mode 100755 index 0000000..b3a7948 --- /dev/null +++ b/docker/nextcloud/user_saml/l10n/hr.json @@ -0,0 +1,87 @@ +{ "translations": { + "This user account is disabled, please contact your administrator." : "Ovaj je korisnički račun onemogućen, obratite se svom administratoru.", + "Saved" : "Spremljeno", + "Provider" : "Davatelj usluge", + "Unknown error, please check the log file for more details." : "Došlo je do nepoznate pogreške, provjerite datoteku sa zapisom.", + "Direct log in" : "Izravna prijava", + "SSO & SAML log in" : "Prijava SSO i SAML", + "This page should not be visited directly." : "Ovu stranicu ne bi trebalo izravno posjetiti.", + "Provider " : "Davatelj usluge ", + "X.509 certificate of the Service Provider" : "X.509 vjerodajnica davatelja usluge", + "Private key of the Service Provider" : "Privatni ključ davatelja usluge", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Označava da će se šifrirati nameID koje je poslao ovaj DU.", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Označava hoće li se potpisati poruke koje pošalje ovaj DU. [Informacije su sadržane u metapodacima DU-a]", + "Indicates whether the messages sent by this SP will be signed." : "Označava hoće li se potpisati poruke koje pošalje ovaj DU.", + "Indicates whether the messages sent by this SP will be signed." : "Označava hoće li se potpisati poruke koje pošalje ovaj DU.", + "Whether the metadata should be signed." : "Trebaju li biti potpisani metapodaci.", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Označava zahtjev za potpisivanjem elemenata , i koji primi ovaj DU.", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Označava zahtjev za potpisivanjem elementa koji primi ovaj DU. [Informacije su sadržane u metapodacima DU-a]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Označava zahtjev za šifriranjem elementa koji primi ovaj DU.", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : " Označava zahtjev da mora biti prisutan element NameID na SAMLResponse koji primi ovaj DU.", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Označava zahtjev za šifriranjem NameID-ja koji primi ovaj DU.", + "Indicates if the SP will validate all received XML." : "Označava hoće li DU potvrditi sve primljene XML-ove.", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS šifrira SAML podatke malim slovima, a alati prema zadanim postavkama koriste velika slova. Omogućite kako biste osigurali kompatibilnost s ADFS-om prilikom provjere potpisa.", + "Algorithm that the toolkit will use on signing process." : "Algoritam koji će primijeniti alat tijekom postupka potpisivanja.", + "Attribute to map the UID to." : "Atribut na koji se mapira UID.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Dopustite autentifikaciju samo ako račun postoji u nekom drugom pozadinskom sustavu. (npr. LDAP-u)", + "Attribute to map the displayname to." : "Atribut na koji se mapira ime za prikaz.", + "Attribute to map the email address to." : "Atribut na koji se mapira adresa e-pošte.", + "Attribute to map the quota to." : "Atribut na koji se mapira kvota.", + "Attribute to map the users groups to." : "Atribut na koji se mapiraju grupe korisnika.", + "Attribute to map the users home to." : "Atribut na koji se mapira početna mapa korisnika.", + "Email address" : "Adresa e-pošte", + "Encrypted" : "Šifrirano", + "Entity" : "Entitet", + "Kerberos" : "Kerberos", + "Persistent" : "Stalan", + "Transient" : "Prolazan", + "Unspecified" : "Neodređen", + "Windows domain qualified name" : "Naziv za Windows domenu", + "X509 subject name" : "Naziv subjekta X509", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Upotrijebite SAML auth za %s računalne klijente (zahtijeva ponovnu autentifikaciju korisnika)", + "Optional display name of the identity provider (default: \"SSO & SAML log in\")" : "Neobavezno ime za prikaz davatelja identiteta (zadano: „prijava SSO i SAML”)", + "Allow the use of multiple user back-ends (e.g. LDAP)" : "Dopusti korištenje višestrukih pozadinskih sustava (npr. LDAP-a)", + "SSO & SAML authentication" : "SSO i SAML autentifikacija", + "Authenticate using single sign-on" : "Autentifikacija jedinstvenom prijavom", + "Using the SSO & SAML app of your Nextcloud you can make it easily possible to integrate your existing Single-Sign-On solution with Nextcloud. In addition, you can use the Nextcloud LDAP user provider to keep the convenience for users. (e.g. when sharing)\nThe following providers are supported and tested at the moment:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Authentication via Environment Variable**\n\t* Kerberos (mod_auth_kerb)\n\t* Any other provider that authenticates using the environment variable\n\nWhile theoretically any other authentication provider implementing either one of those standards is compatible, we like to note that they are not part of any internal test matrix." : "Korištenjem aplikacije SSO i SAML u Nextcloudu možete lako integrirati svoje postojeće rješenje za jedinstvenu prijavu u Nextcloud. Također se možete koristiti Nextcloudovim pružateljem LDAP usluga kako biste zadržali praktičnost za korisnike. (npr. prilikom dijeljenja)\nSljedeći su davatelji usluge trenutno podržani i ispitani:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Autentifikacija putem varijable okoliša**\n\t* Kerberos (mod_auth_kerb)\n\t* Bilo koji drugi davatelj usluge koji provodi autentifikaciju putem varijable okoliša\n\nIako je teoretski kompatibilan bilo koji drugi davatelj usluge autentifikacije koji implementira bilo koji od tih standarda, naglašavamo da oni nisu dio nijedne unutarnje matrice ispitivanja.", + "Open documentation" : "Otvori dokumentaciju", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you enabled \"%s\" or you go directly to the URL %s." : "Obavezno konfigurirajte administrativnog korisnika koji može pristupiti instanci putem SSO-a. Prijava sa svojim redovnim %s računom više neće biti moguća, osim ako niste omogućili „%s” ili idete izravno na URL %s.", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you go directly to the URL %s." : "Obavezno konfigurirajte administrativnog korisnika koji može pristupiti instanci putem SSO-a. Prijava sa svojim redovnim %s računom više neće biti moguća, osim ako izravno ne otvorite URL %s.", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Odaberite želite li provoditi autentifikaciju putem davatelja usluge SAML-a ugrađenog u Nextcloud ili varijable okoliša.", + "Use built-in SAML authentication" : "Koristi ugrađenu SAML autentifikaciju", + "Use environment variable" : "Koristi varijablu okoliša", + "Global settings" : "Globalne postavke", + "Remove identity provider" : "Ukloni davatelja identiteta", + "Add identity provider" : "Dodaj davatelja identiteta", + "General" : "Općenito", + "Service Provider Data" : "Podaci davatelja usluga", + "If your Service Provider should use certificates you can optionally specify them here." : "Ako bi vaš pružatelj usluga trebao upotrebljavati vjerodajnice, možete ih ovdje navesti.", + "Show Service Provider settings…" : "Prikaži postavke davatelja usluga…", + "Name ID format" : "Format ID-ja imena", + "Identity Provider Data" : "Podaci davatelja identiteta", + "Configure your IdP settings here." : "Ovdje konfigurirajte svoje IdP postavke.", + "Identifier of the IdP entity (must be a URI)" : "Identifikator IdP identiteta (mora biti URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "Ciljni URL IdP-a za koji će DU poslati poruku zahtjeva za autentifikacijom", + "Show optional Identity Provider settings…" : "Prikaži neobvezne postavke davatelja identiteta...", + "URL Location of the IdP where the SP will send the SLO Request" : "Lokacija URL-a IdP-a gdje će DU poslati zahtjev za SLO", + "URL Location of the IDP's SLO Response" : "URL lokacija odgovora IDP SLO", + "Public X.509 certificate of the IdP" : "Javna X.509 vjerodajnica IdP-a", + "Attribute mapping" : "Mapiranje atributa", + "If you want to optionally map attributes to the user you can configure these here." : "Ako želite mapirati atribute korisniku, možete ih ovdje konfigurirati.", + "Show attribute mapping settings…" : "Prikaži postavke mapiranja atributa...", + "Security settings" : "Sigurnosne postavke", + "For increased security we recommend enabling the following settings if supported by your environment." : "Za veću sigurnost preporučujemo da omogućite sljedeće postavke ako ih okolina podržava.", + "Show security settings…" : "Prikaži sigurnosne postavke...", + "Signatures and encryption offered" : "Ponuđeni potpisi i šifriranje", + "Signatures and encryption required" : "Potrebni potpisi i šifriranje", + "Download metadata XML" : "Preuzmi XML metapodatke", + "Reset settings" : "Poništi postavke", + "Metadata invalid" : "Metapodaci nisu valjani", + "Metadata valid" : "Metapodaci su valjani", + "Error" : "Pogreška", + "Account not provisioned." : "Račun nije uspostavljen.", + "Your account is not provisioned, access to this service is thus not possible." : "Vaš račun nije uspostavljen, pristup ovoj usluzi nije moguć.", + "Login options:" : "Mogućnosti prijave:", + "Choose a authentication provider" : "Odaberi davatelja usluge autentifikacije" +},"pluralForm" :"nplurals=3; plural=n%10==1 && n%100!=11 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2;" +} \ No newline at end of file diff --git a/docker/nextcloud/user_saml/l10n/hu.js b/docker/nextcloud/user_saml/l10n/hu.js new file mode 100755 index 0000000..c45a8d4 --- /dev/null +++ b/docker/nextcloud/user_saml/l10n/hu.js @@ -0,0 +1,71 @@ +OC.L10N.register( + "user_saml", + { + "This user account is disabled, please contact your administrator." : "Ez a fiók le van tiltva, kérlek lépj kapcsolatba a rendszergazdával.", + "Saved" : "Elmentve", + "Provider" : "Szolgáltató", + "Unknown error, please check the log file for more details." : "Ismeretlen hiba, kérlek ellenőrizd a log fájlokat további részletekért.", + "Direct log in" : "Közvetlen belépés", + "SSO & SAML log in" : "SSO & SAML belépés", + "Provider " : "Szolgáltató", + "X.509 certificate of the Service Provider" : "Szolgáltató X.509 tanúsítványa", + "Private key of the Service Provider" : "Szolgáltató titkos kulcsa", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Jelzi, hogy a nameID-ja titkosítva lesz küldve ezen SP által.", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Jelzi, hogy a üzenetek ezen az SP-n keresztül küldve alá lesznek írva. [Az SP metaadatai megadják ezt az infót]", + "Indicates whether the messages sent by this SP will be signed." : "Jelzi, hogy a üzenetek ezen az SP-n keresztül küldve alá lesznek írva.", + "Indicates whether the messages sent by this SP will be signed." : "Jelzi, hogy a üzenetek ezen az SP-n keresztül küldve alá lesznek írva.", + "Whether the metadata should be signed." : "Metaadatok aláírása.", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Jelzi, hogy az SP által fogadott , és elemek kötelezően aláírtak.", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Jelzi, hogy az SP által fogadott elemek kötelezően aláírtak. [Az SP metaadatai felajánlják ezt az infót.]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Kényszeríti a elemek ezen SP által történő fogadáskori titkosítását.", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Jelzi, hogy az SP által fogadott SAMLResponse kötelezően tartalmazta a NameID-t.", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Jelzi, hogy az SP által fogadott NameID titkosítva lesznek-e.", + "Indicates if the SP will validate all received XML." : "Mutatja ha az SP validálja az összes fogadott XML-t.", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "Az ADFS kisbetűvel URL-kódolja a SAML adatokat, és az eszköz alapértelmezetten nagybetűket használ. Kapcsold be az ADFS kompatibilitáshoz az aláírás ellenőrzéskor.", + "Attribute to map the UID to." : "Attribútum melyre az UID leképeződik.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Csak akkor engedd a hitelesítést, ha egy másik háttérszolgáltatásban is létezik a fiók. (pl: LDAP)", + "Attribute to map the displayname to." : "Attribútum melyre az megjelenítendő név leképeződik.", + "Attribute to map the email address to." : "Attribútum melyre az e-mail leképeződik.", + "Attribute to map the quota to." : "Attribútum melyhez a kvóta hozzárendelődik.", + "Email address" : "E-mail cím", + "Encrypted" : "Tikosítva", + "Kerberos" : "Kerberos", + "Unspecified" : "Nem meghatározott", + "Windows domain qualified name" : "Windows tartományi név", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "SAML használata %s asztali kliens hitelesítés (felhasználók ismételt bejelentkezését igényli)", + "Allow the use of multiple user back-ends (e.g. LDAP)" : "Megengedi, hogy a felhasználó több back-endet is használjon (pl.: LDAP)", + "SSO & SAML authentication" : "SSO & SAML hitelesítés", + "Authenticate using single sign-on" : "Hitelesítés egyszeri belépéssel", + "Open documentation" : "Dokumentáció megnyitása", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Kélek válassz, hogy a Nextcloud-ba épített SAML szolgáltató vagy egy környezeti változó ellenében szeretnél bejelentkeztetni.", + "Use built-in SAML authentication" : "Használd a beépített SAML hitelesítés", + "Use environment variable" : "Használd a környezeti változót", + "Global settings" : "Globális beállítások", + "General" : "Általános", + "Service Provider Data" : "Szolgáltató adatok", + "If your Service Provider should use certificates you can optionally specify them here." : "Ha a szolgáltatód tanúsítványokat kellene használjon, megadhatod azokat.", + "Show Service Provider settings…" : "Szolgáltató beállításainak mutatása…", + "Identity Provider Data" : "Azonosítási szolgáltató adatai", + "Configure your IdP settings here." : "IdP beállításaid.", + "Identifier of the IdP entity (must be a URI)" : "IdP bejegyzés azonosítója (URI kell legyen)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "IdP URL célja ahova SP küldi a bejelentkezés kérési üzeneteit", + "Show optional Identity Provider settings…" : "Kiegészítő identitás szolgáltató beállításai…", + "URL Location of the IdP where the SP will send the SLO Request" : "Az IdP URL-je ahova az SP küldi az SLO kérést", + "Public X.509 certificate of the IdP" : " IdP nyilvános X.509 tanúsítványa", + "Attribute mapping" : "Attribútum összekötés", + "If you want to optionally map attributes to the user you can configure these here." : "Ha opcionális attribútumokat szeretnél rendelni a felhasználóhoz, itt megteheted.", + "Show attribute mapping settings…" : "Attribútum összerendelési beállítások mutatása…", + "Security settings" : "Biztonsági beállítások", + "For increased security we recommend enabling the following settings if supported by your environment." : "A nagyobb biztonság érdekében javasoljuk az alábbi bekapcsolását, ha a környezeted lehetővé teszi.", + "Show security settings…" : "Biztonsági beállítások mutatása…", + "Signatures and encryption offered" : "Aláírások és titkosítás ajánlott", + "Signatures and encryption required" : "Aláírások és titkosítás szükséges", + "Download metadata XML" : "XML metaadat letöltés", + "Reset settings" : "Beállítások visszaállítása", + "Metadata invalid" : "Érvénytelen metaadat", + "Metadata valid" : "Érvényes metaadat", + "Error" : "Hiba", + "Account not provisioned." : "Nem felügyelt fiók.", + "Your account is not provisioned, access to this service is thus not possible." : "A fiókod nincs engedélyezve, így ehhez a szolgáltatáshoz nem férhetsz hozzá." +}, +"nplurals=2; plural=(n != 1);"); diff --git a/docker/nextcloud/user_saml/l10n/hu.json b/docker/nextcloud/user_saml/l10n/hu.json new file mode 100755 index 0000000..6a781be --- /dev/null +++ b/docker/nextcloud/user_saml/l10n/hu.json @@ -0,0 +1,69 @@ +{ "translations": { + "This user account is disabled, please contact your administrator." : "Ez a fiók le van tiltva, kérlek lépj kapcsolatba a rendszergazdával.", + "Saved" : "Elmentve", + "Provider" : "Szolgáltató", + "Unknown error, please check the log file for more details." : "Ismeretlen hiba, kérlek ellenőrizd a log fájlokat további részletekért.", + "Direct log in" : "Közvetlen belépés", + "SSO & SAML log in" : "SSO & SAML belépés", + "Provider " : "Szolgáltató", + "X.509 certificate of the Service Provider" : "Szolgáltató X.509 tanúsítványa", + "Private key of the Service Provider" : "Szolgáltató titkos kulcsa", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Jelzi, hogy a nameID-ja titkosítva lesz küldve ezen SP által.", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Jelzi, hogy a üzenetek ezen az SP-n keresztül küldve alá lesznek írva. [Az SP metaadatai megadják ezt az infót]", + "Indicates whether the messages sent by this SP will be signed." : "Jelzi, hogy a üzenetek ezen az SP-n keresztül küldve alá lesznek írva.", + "Indicates whether the messages sent by this SP will be signed." : "Jelzi, hogy a üzenetek ezen az SP-n keresztül küldve alá lesznek írva.", + "Whether the metadata should be signed." : "Metaadatok aláírása.", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Jelzi, hogy az SP által fogadott , és elemek kötelezően aláírtak.", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Jelzi, hogy az SP által fogadott elemek kötelezően aláírtak. [Az SP metaadatai felajánlják ezt az infót.]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Kényszeríti a elemek ezen SP által történő fogadáskori titkosítását.", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Jelzi, hogy az SP által fogadott SAMLResponse kötelezően tartalmazta a NameID-t.", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Jelzi, hogy az SP által fogadott NameID titkosítva lesznek-e.", + "Indicates if the SP will validate all received XML." : "Mutatja ha az SP validálja az összes fogadott XML-t.", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "Az ADFS kisbetűvel URL-kódolja a SAML adatokat, és az eszköz alapértelmezetten nagybetűket használ. Kapcsold be az ADFS kompatibilitáshoz az aláírás ellenőrzéskor.", + "Attribute to map the UID to." : "Attribútum melyre az UID leképeződik.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Csak akkor engedd a hitelesítést, ha egy másik háttérszolgáltatásban is létezik a fiók. (pl: LDAP)", + "Attribute to map the displayname to." : "Attribútum melyre az megjelenítendő név leképeződik.", + "Attribute to map the email address to." : "Attribútum melyre az e-mail leképeződik.", + "Attribute to map the quota to." : "Attribútum melyhez a kvóta hozzárendelődik.", + "Email address" : "E-mail cím", + "Encrypted" : "Tikosítva", + "Kerberos" : "Kerberos", + "Unspecified" : "Nem meghatározott", + "Windows domain qualified name" : "Windows tartományi név", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "SAML használata %s asztali kliens hitelesítés (felhasználók ismételt bejelentkezését igényli)", + "Allow the use of multiple user back-ends (e.g. LDAP)" : "Megengedi, hogy a felhasználó több back-endet is használjon (pl.: LDAP)", + "SSO & SAML authentication" : "SSO & SAML hitelesítés", + "Authenticate using single sign-on" : "Hitelesítés egyszeri belépéssel", + "Open documentation" : "Dokumentáció megnyitása", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Kélek válassz, hogy a Nextcloud-ba épített SAML szolgáltató vagy egy környezeti változó ellenében szeretnél bejelentkeztetni.", + "Use built-in SAML authentication" : "Használd a beépített SAML hitelesítés", + "Use environment variable" : "Használd a környezeti változót", + "Global settings" : "Globális beállítások", + "General" : "Általános", + "Service Provider Data" : "Szolgáltató adatok", + "If your Service Provider should use certificates you can optionally specify them here." : "Ha a szolgáltatód tanúsítványokat kellene használjon, megadhatod azokat.", + "Show Service Provider settings…" : "Szolgáltató beállításainak mutatása…", + "Identity Provider Data" : "Azonosítási szolgáltató adatai", + "Configure your IdP settings here." : "IdP beállításaid.", + "Identifier of the IdP entity (must be a URI)" : "IdP bejegyzés azonosítója (URI kell legyen)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "IdP URL célja ahova SP küldi a bejelentkezés kérési üzeneteit", + "Show optional Identity Provider settings…" : "Kiegészítő identitás szolgáltató beállításai…", + "URL Location of the IdP where the SP will send the SLO Request" : "Az IdP URL-je ahova az SP küldi az SLO kérést", + "Public X.509 certificate of the IdP" : " IdP nyilvános X.509 tanúsítványa", + "Attribute mapping" : "Attribútum összekötés", + "If you want to optionally map attributes to the user you can configure these here." : "Ha opcionális attribútumokat szeretnél rendelni a felhasználóhoz, itt megteheted.", + "Show attribute mapping settings…" : "Attribútum összerendelési beállítások mutatása…", + "Security settings" : "Biztonsági beállítások", + "For increased security we recommend enabling the following settings if supported by your environment." : "A nagyobb biztonság érdekében javasoljuk az alábbi bekapcsolását, ha a környezeted lehetővé teszi.", + "Show security settings…" : "Biztonsági beállítások mutatása…", + "Signatures and encryption offered" : "Aláírások és titkosítás ajánlott", + "Signatures and encryption required" : "Aláírások és titkosítás szükséges", + "Download metadata XML" : "XML metaadat letöltés", + "Reset settings" : "Beállítások visszaállítása", + "Metadata invalid" : "Érvénytelen metaadat", + "Metadata valid" : "Érvényes metaadat", + "Error" : "Hiba", + "Account not provisioned." : "Nem felügyelt fiók.", + "Your account is not provisioned, access to this service is thus not possible." : "A fiókod nincs engedélyezve, így ehhez a szolgáltatáshoz nem férhetsz hozzá." +},"pluralForm" :"nplurals=2; plural=(n != 1);" +} \ No newline at end of file diff --git a/docker/nextcloud/user_saml/l10n/ia.js b/docker/nextcloud/user_saml/l10n/ia.js new file mode 100755 index 0000000..b10119c --- /dev/null +++ b/docker/nextcloud/user_saml/l10n/ia.js @@ -0,0 +1,12 @@ +OC.L10N.register( + "user_saml", + { + "Saved" : "Salveguardate", + "Open documentation" : "Aperir documentation", + "General" : "General", + "Security settings" : "Configurationes de securitate", + "Metadata invalid" : "Metadatos non valide", + "Metadata valid" : "Metadatos valide", + "Error" : "Error" +}, +"nplurals=2; plural=(n != 1);"); diff --git a/docker/nextcloud/user_saml/l10n/ia.json b/docker/nextcloud/user_saml/l10n/ia.json new file mode 100755 index 0000000..6043fcf --- /dev/null +++ b/docker/nextcloud/user_saml/l10n/ia.json @@ -0,0 +1,10 @@ +{ "translations": { + "Saved" : "Salveguardate", + "Open documentation" : "Aperir documentation", + "General" : "General", + "Security settings" : "Configurationes de securitate", + "Metadata invalid" : "Metadatos non valide", + "Metadata valid" : "Metadatos valide", + "Error" : "Error" +},"pluralForm" :"nplurals=2; plural=(n != 1);" +} \ No newline at end of file diff --git a/docker/nextcloud/user_saml/l10n/id.js b/docker/nextcloud/user_saml/l10n/id.js new file mode 100755 index 0000000..4e935a8 --- /dev/null +++ b/docker/nextcloud/user_saml/l10n/id.js @@ -0,0 +1,38 @@ +OC.L10N.register( + "user_saml", + { + "Saved" : "Tersimpan", + "X.509 certificate of the Service Provider" : "Sertifikat X.509 Penyedia Layanan", + "Private key of the Service Provider" : "Kunci pribadi Penyedia Layanan", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Mengindikasikan bahwa nameID dari dikirimkan oleh SP ini akan dienkripsi", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Mengindikasikan apabila pesan dikirim dari SP ini akan ditandai. [Metadata SP akan menawarkan informasi ini]", + "Indicates whether the messages sent by this SP will be signed." : "Mengindikasikan apabila pesan dikirim dari SP ini akan ditandai.", + "Indicates whether the messages sent by this SP will be signed." : "Mengindikasikan apabila pesan dikirim dari SP ini akan ditandai.", + "Whether the metadata should be signed." : "Apabila metadatanya harus ditandai.", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Mengindikasikan keharusan untuk elemen , dan diterima oleh SP ini ditandai.", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Mengindikasikan keharusan untuk elemen yang diterima SP ini untuk ditandai. [Metadata SP akan menawarkan informasi ini]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Mengindikasikan keharusan elemen yang diterima SP ini untuk dienkripsi.", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Mengindikasikan keharusan untuk elemen NameID di SAMLResponse yang diterima oleh SP ini untuk hadir.", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Mengindikasikan keharusan untuk elemen NameID yang diterima oleh SP ini untuk dienkripsi.", + "Open documentation" : "Buka dokumentasi", + "General" : "Umum", + "Service Provider Data" : "Data Penyedia Layanan", + "If your Service Provider should use certificates you can optionally specify them here." : "Apabila Penyedia Layanan Anda harus menggunakan sertifikat Anda dapat menentukannya disini secara opsional.", + "Identity Provider Data" : "Identitas Penyedia Data", + "Configure your IdP settings here." : "Konfigurasi pengaturan IdP Anda disini.", + "Identifier of the IdP entity (must be a URI)" : "Pengidentifikasian entitas IdP (harus berupa URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "Target URL IdP dimana SP akan mengirim Pesan Permintaan Otentikasi", + "URL Location of the IdP where the SP will send the SLO Request" : "Lokasi URL IdP dimana SP akan mengirim Permintaan SLO", + "Public X.509 certificate of the IdP" : "Sertifikat publik X.509 IdP", + "Security settings" : "Pengaturan keamanan", + "For increased security we recommend enabling the following settings if supported by your environment." : "Untuk menambah keamanan kami merekomendasikan mengaktifkan pengaturan berikut apabila lingkungan Anda mendukungnya.", + "Signatures and encryption offered" : "Tanda dan enkripsi ditawarkan", + "Signatures and encryption required" : "Tanda dan enkripsi diperlukan", + "Download metadata XML" : "Unduh metadata XML", + "Metadata invalid" : "Metadata tidak sah", + "Metadata valid" : "Metadata sah", + "Error" : "Kesalahan", + "Account not provisioned." : "Akun tidak ditetapkan.", + "Your account is not provisioned, access to this service is thus not possible." : "Akun Anda tidak ditetapkan, akses ke layanan tidak mungkin." +}, +"nplurals=1; plural=0;"); diff --git a/docker/nextcloud/user_saml/l10n/id.json b/docker/nextcloud/user_saml/l10n/id.json new file mode 100755 index 0000000..eeb9f7a --- /dev/null +++ b/docker/nextcloud/user_saml/l10n/id.json @@ -0,0 +1,36 @@ +{ "translations": { + "Saved" : "Tersimpan", + "X.509 certificate of the Service Provider" : "Sertifikat X.509 Penyedia Layanan", + "Private key of the Service Provider" : "Kunci pribadi Penyedia Layanan", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Mengindikasikan bahwa nameID dari dikirimkan oleh SP ini akan dienkripsi", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Mengindikasikan apabila pesan dikirim dari SP ini akan ditandai. [Metadata SP akan menawarkan informasi ini]", + "Indicates whether the messages sent by this SP will be signed." : "Mengindikasikan apabila pesan dikirim dari SP ini akan ditandai.", + "Indicates whether the messages sent by this SP will be signed." : "Mengindikasikan apabila pesan dikirim dari SP ini akan ditandai.", + "Whether the metadata should be signed." : "Apabila metadatanya harus ditandai.", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Mengindikasikan keharusan untuk elemen , dan diterima oleh SP ini ditandai.", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Mengindikasikan keharusan untuk elemen yang diterima SP ini untuk ditandai. [Metadata SP akan menawarkan informasi ini]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Mengindikasikan keharusan elemen yang diterima SP ini untuk dienkripsi.", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Mengindikasikan keharusan untuk elemen NameID di SAMLResponse yang diterima oleh SP ini untuk hadir.", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Mengindikasikan keharusan untuk elemen NameID yang diterima oleh SP ini untuk dienkripsi.", + "Open documentation" : "Buka dokumentasi", + "General" : "Umum", + "Service Provider Data" : "Data Penyedia Layanan", + "If your Service Provider should use certificates you can optionally specify them here." : "Apabila Penyedia Layanan Anda harus menggunakan sertifikat Anda dapat menentukannya disini secara opsional.", + "Identity Provider Data" : "Identitas Penyedia Data", + "Configure your IdP settings here." : "Konfigurasi pengaturan IdP Anda disini.", + "Identifier of the IdP entity (must be a URI)" : "Pengidentifikasian entitas IdP (harus berupa URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "Target URL IdP dimana SP akan mengirim Pesan Permintaan Otentikasi", + "URL Location of the IdP where the SP will send the SLO Request" : "Lokasi URL IdP dimana SP akan mengirim Permintaan SLO", + "Public X.509 certificate of the IdP" : "Sertifikat publik X.509 IdP", + "Security settings" : "Pengaturan keamanan", + "For increased security we recommend enabling the following settings if supported by your environment." : "Untuk menambah keamanan kami merekomendasikan mengaktifkan pengaturan berikut apabila lingkungan Anda mendukungnya.", + "Signatures and encryption offered" : "Tanda dan enkripsi ditawarkan", + "Signatures and encryption required" : "Tanda dan enkripsi diperlukan", + "Download metadata XML" : "Unduh metadata XML", + "Metadata invalid" : "Metadata tidak sah", + "Metadata valid" : "Metadata sah", + "Error" : "Kesalahan", + "Account not provisioned." : "Akun tidak ditetapkan.", + "Your account is not provisioned, access to this service is thus not possible." : "Akun Anda tidak ditetapkan, akses ke layanan tidak mungkin." +},"pluralForm" :"nplurals=1; plural=0;" +} \ No newline at end of file diff --git a/docker/nextcloud/user_saml/l10n/is.js b/docker/nextcloud/user_saml/l10n/is.js new file mode 100755 index 0000000..6b28ac1 --- /dev/null +++ b/docker/nextcloud/user_saml/l10n/is.js @@ -0,0 +1,47 @@ +OC.L10N.register( + "user_saml", + { + "This user account is disabled, please contact your administrator." : "Þessi notandaaðgangur er óvirkur; hafðu samband við kerfisstjóra.", + "Saved" : "Vistað", + "Provider" : "Þjónustuveita", + "Unknown error, please check the log file for more details." : "Óþekkt villa, skoðaðu atvikaskráninguna til að sjá nánari upplýsingar.", + "Direct log in" : "Bein innskráning", + "SSO & SAML log in" : "SSO & SAML innskráning", + "This page should not be visited directly." : "Þessa síðu ætti ekki að heimsækja beint.", + "Provider " : "Þjónustuveita ", + "X.509 certificate of the Service Provider" : "X.509 skilríki internetþjónustu", + "Private key of the Service Provider" : "Einkalykill internetþjónustu", + "Whether the metadata should be signed." : "Hvort undirrita eigi lýsigögnin.", + "Email address" : "Tölvupóstfang", + "Encrypted" : "Dulritað", + "Entity" : "Einindi", + "Kerberos" : "Kerberos", + "Persistent" : "Viðvarandi", + "Transient" : "Tímabundið", + "Unspecified" : "Óskilgreint", + "SSO & SAML authentication" : "SSO & SAML auðkenning", + "Open documentation" : "Opna hjálparskjöl", + "Use built-in SAML authentication" : "Nota innbyggða SAML-auðkenningu", + "Use environment variable" : "Nota umhverfisbreytu", + "Global settings" : "Víðværar stillingar", + "Remove identity provider" : "Fjarlægja auðkenningarþjónustu", + "Add identity provider" : "Bæta við auðkenningarþjónustu", + "General" : "Almennt", + "Service Provider Data" : "Gögn um internetþjónustu", + "Show Service Provider settings…" : "Birta stillingar internetþjónustu…", + "Identity Provider Data" : "Gögn um auðkenningarþjónustu", + "Public X.509 certificate of the IdP" : "Opinbert X.509-skilríki fyrir IdP", + "Attribute mapping" : "Vörpun eiginda", + "Security settings" : "Öryggisstillingar", + "Show security settings…" : "Birta öryggisstillingar…", + "Signatures and encryption offered" : "Undirritanir og dulritun í boði", + "Signatures and encryption required" : "Krafist er undirritunar og dulritununar", + "Download metadata XML" : "Sækja XML-lýsigögn", + "Reset settings" : "Frumstilla stillingar", + "Metadata invalid" : "Lýsigögn eru ógild", + "Metadata valid" : "Lýsigögn eru gild", + "Error" : "Villa", + "Account not provisioned." : "Aðgangur ekki tilbúinn.", + "Choose a authentication provider" : "Veldu auðkenningarþjónustu" +}, +"nplurals=2; plural=(n % 10 != 1 || n % 100 == 11);"); diff --git a/docker/nextcloud/user_saml/l10n/is.json b/docker/nextcloud/user_saml/l10n/is.json new file mode 100755 index 0000000..499a628 --- /dev/null +++ b/docker/nextcloud/user_saml/l10n/is.json @@ -0,0 +1,45 @@ +{ "translations": { + "This user account is disabled, please contact your administrator." : "Þessi notandaaðgangur er óvirkur; hafðu samband við kerfisstjóra.", + "Saved" : "Vistað", + "Provider" : "Þjónustuveita", + "Unknown error, please check the log file for more details." : "Óþekkt villa, skoðaðu atvikaskráninguna til að sjá nánari upplýsingar.", + "Direct log in" : "Bein innskráning", + "SSO & SAML log in" : "SSO & SAML innskráning", + "This page should not be visited directly." : "Þessa síðu ætti ekki að heimsækja beint.", + "Provider " : "Þjónustuveita ", + "X.509 certificate of the Service Provider" : "X.509 skilríki internetþjónustu", + "Private key of the Service Provider" : "Einkalykill internetþjónustu", + "Whether the metadata should be signed." : "Hvort undirrita eigi lýsigögnin.", + "Email address" : "Tölvupóstfang", + "Encrypted" : "Dulritað", + "Entity" : "Einindi", + "Kerberos" : "Kerberos", + "Persistent" : "Viðvarandi", + "Transient" : "Tímabundið", + "Unspecified" : "Óskilgreint", + "SSO & SAML authentication" : "SSO & SAML auðkenning", + "Open documentation" : "Opna hjálparskjöl", + "Use built-in SAML authentication" : "Nota innbyggða SAML-auðkenningu", + "Use environment variable" : "Nota umhverfisbreytu", + "Global settings" : "Víðværar stillingar", + "Remove identity provider" : "Fjarlægja auðkenningarþjónustu", + "Add identity provider" : "Bæta við auðkenningarþjónustu", + "General" : "Almennt", + "Service Provider Data" : "Gögn um internetþjónustu", + "Show Service Provider settings…" : "Birta stillingar internetþjónustu…", + "Identity Provider Data" : "Gögn um auðkenningarþjónustu", + "Public X.509 certificate of the IdP" : "Opinbert X.509-skilríki fyrir IdP", + "Attribute mapping" : "Vörpun eiginda", + "Security settings" : "Öryggisstillingar", + "Show security settings…" : "Birta öryggisstillingar…", + "Signatures and encryption offered" : "Undirritanir og dulritun í boði", + "Signatures and encryption required" : "Krafist er undirritunar og dulritununar", + "Download metadata XML" : "Sækja XML-lýsigögn", + "Reset settings" : "Frumstilla stillingar", + "Metadata invalid" : "Lýsigögn eru ógild", + "Metadata valid" : "Lýsigögn eru gild", + "Error" : "Villa", + "Account not provisioned." : "Aðgangur ekki tilbúinn.", + "Choose a authentication provider" : "Veldu auðkenningarþjónustu" +},"pluralForm" :"nplurals=2; plural=(n % 10 != 1 || n % 100 == 11);" +} \ No newline at end of file diff --git a/docker/nextcloud/user_saml/l10n/it.js b/docker/nextcloud/user_saml/l10n/it.js new file mode 100755 index 0000000..c1662fd --- /dev/null +++ b/docker/nextcloud/user_saml/l10n/it.js @@ -0,0 +1,89 @@ +OC.L10N.register( + "user_saml", + { + "This user account is disabled, please contact your administrator." : "Questo account utente è disabilitato, contatta il tuo amministratore.", + "Saved" : "Salvato", + "Provider" : "Fornitore", + "Unknown error, please check the log file for more details." : "Errore sconosciuto, controlla il file di log per ulteriori dettagli.", + "Direct log in" : "Accesso diretto", + "SSO & SAML log in" : "Accesso SSO e SAML", + "This page should not be visited directly." : "Questa pagina non dovrebbe essere visitata direttamente.", + "Provider " : "Fornitore", + "X.509 certificate of the Service Provider" : "Certificato X.509 del fornitore di servizi", + "Private key of the Service Provider" : "Chiave privata del fornitore di servizi", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Indica che il nameID della inviata da questo SP sarà cifrato.", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Indica se i messaggi inviati da questo SP saranno firmati. [I metadati del SP forniranno queste informazioni]", + "Indicates whether the messages sent by this SP will be signed." : "Indica se i messaggi inviati da questo SP saranno firmati.", + "Indicates whether the messages sent by this SP will be signed." : "Indica se i messaggi inviati da questo SP saranno firmati.", + "Whether the metadata should be signed." : "Decidi se firmare o meno i metadati.", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Indica la firma come requisiti per gli elementi , e ricevuti da questo SP.", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Indica la firma come requisito per gli elementi ricevuti da questo SP. [I metadati dello SP forniranno queste informazioni]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Indica la cifratura come requisito per gli elementi ricevuti da questo SP.", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Indica la presenza come requisito dell'elemento NameID nella SAMLResponse ricevuta da questo SP.", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Indica la cifratura come requisito per il NameID ricevuto da questo SP.", + "Indicates if the SP will validate all received XML." : "Indica se lo SP convaliderà tutti gli XML ricevuti.", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "URL ADFS-Codifica i dati SAML come lettere minuscole, mentre il sistema utilizza, in modo predefinito, le lettere maiuscole. Abilitata per compatibilità con ADFS sulla verifica della firma.", + "Algorithm that the toolkit will use on signing process." : "Algoritmo che il toolkit utilizzerà per il processo di firma.", + "Attribute to map the UID to." : "Attributo a cui associare l'UID.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Consenti l'autenticazione solo se un account esiste in un altro motore. (ad es. LDAP)", + "Attribute to map the displayname to." : "Attributo a cui associare il nome visualizzato.", + "Attribute to map the email address to." : "Attributo a cui associare l'indirizzo di posta elettronica.", + "Attribute to map the quota to." : "Attributo a cui associare la quota.", + "Attribute to map the users groups to." : "Attributo per associare i gruppi di utenti", + "Attribute to map the users home to." : ".Attributo per associare le home degli utenti.", + "Email address" : "Indirizzo email", + "Encrypted" : "Cifrato", + "Entity" : "Entità", + "Kerberos" : "Kerberos", + "Persistent" : "Persistente", + "Transient" : "Transitorio", + "Unspecified" : "Non specificato", + "Windows domain qualified name" : "Nome di dominio Windows qualificato", + "X509 subject name" : "Nome oggetto X509", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Utilizza autenticazione SAML per i client desktop di %s (richiede una nuova autenticazione degli utenti)", + "Optional display name of the identity provider (default: \"SSO & SAML log in\")" : "Nome visualizzato facoltativo del fornitore d'identità (predefinito: \"Accesso SSO e SAML\")", + "Allow the use of multiple user back-ends (e.g. LDAP)" : "Consenti l'utilizzo di più motori utente (ad es. LDAP)", + "SSO & SAML authentication" : "Autenticazione SSO e SAML", + "Authenticate using single sign-on" : "Autenticazione con single sign-on", + "Using the SSO & SAML app of your Nextcloud you can make it easily possible to integrate your existing Single-Sign-On solution with Nextcloud. In addition, you can use the Nextcloud LDAP user provider to keep the convenience for users. (e.g. when sharing)\nThe following providers are supported and tested at the moment:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Authentication via Environment Variable**\n\t* Kerberos (mod_auth_kerb)\n\t* Any other provider that authenticates using the environment variable\n\nWhile theoretically any other authentication provider implementing either one of those standards is compatible, we like to note that they are not part of any internal test matrix." : "Utilizzando l'applicazione SSO e SAML di Nextcloud, puoi rendere possibile l'integrazione della tua soluzione Single-Sign-On esistente con Nextcloud. In aggiunta, puoi utilizzare il fornitore di utenti LDAP di Nextcloud per mantenere la convenienza degli utenti. (ad es. quando si condivide)\nI seguenti fornitori sono supportati e verificati al momento:\n* ** SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS) \n\n* **Autenticazione tramite variabile d'ambiente**\n\t* Kerberos (mod_auth_kerb)\n\t* Qualsiasi altro fornitore che autentichi utilizzando una variabile d'ambiente\n\nSebbene teoricamente qualsiasi altro fornitore di autenticazione che implementi uno di questi standard sia compatibile, segnaliamo che essi non sono parte della matrice dei test interni.", + "Open documentation" : "Apri la documentazione", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you enabled \"%s\" or you go directly to the URL %s." : "Assicurati di configurare un utente amministrativo che possa accedere all'istanza tramite SSO. L'accesso con il tuo account normale %s non sarà più possibile a meno che tu abbia abilitato \"%s\" o che tu vada direttamente all'URL %s.", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you go directly to the URL %s." : "Assicurati di configurare un utente amministrativo che possa accedere all'istanza tramite SSO. L'accesso con il tuo account normale %s non sarà più possibile a meno che tu vada direttamente all'URL %s.", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Scegli se vuoi autenticarti utilizzando il fornitore SAML integratore in Nextcloud o se vuoi autenticarti utilizzando una variabile d'ambiente.", + "Use built-in SAML authentication" : "Usa autenticazione SAML integrata", + "Use environment variable" : "Usa variabile d'ambiente", + "Global settings" : "Impostazioni globali", + "Remove identity provider" : "Rimuovi fornitore di identità", + "Add identity provider" : "Aggiungi fornitore di identità", + "General" : "Generale", + "Service Provider Data" : "Dati del fornitore di servizi", + "If your Service Provider should use certificates you can optionally specify them here." : "Se il tuo fornitore di servizi utilizza i certificati, puoi specificarli qui.", + "Show Service Provider settings…" : "Mostra impostazioni fornitore di servizi...", + "Name ID format" : "Formato ID Nome", + "Identity Provider Data" : "Dati del fornitore di identità", + "Configure your IdP settings here." : "Configura qui le tue impostazioni IdP.", + "Identifier of the IdP entity (must be a URI)" : "Identificatore dell'entità IdP (deve essere un URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "Destinazione dell'URL dell'IdP dove lo SP invierà il messaggio di richiesta di autenticazione", + "Show optional Identity Provider settings…" : "Mostra impostazioni opzionali del fornitore di identità...", + "URL Location of the IdP where the SP will send the SLO Request" : "Posizione dell'URL dell'IdP dove lo SP invierà la richiesta SLO", + "URL Location of the IDP's SLO Response" : "Posizione dell'URL della risposta SLO dell'IDP", + "Public X.509 certificate of the IdP" : "Certificato X.509 dell'IdP", + "Attribute mapping" : "Associazione degli attributi", + "If you want to optionally map attributes to the user you can configure these here." : "Se vuoi associare, in modo facoltativo, gli attributi all'utente, puoi configurarli qui.", + "Show attribute mapping settings…" : "Mostra le impostazioni di associazione degli attributi...", + "Security settings" : "Impostazioni di sicurezza", + "For increased security we recommend enabling the following settings if supported by your environment." : "Per una maggiore sicurezza, consigliamo di abilitare le seguenti impostazioni, se supportate dal tuo ambiente.", + "Show security settings…" : "Mostra impostazioni di sicurezza...", + "Signatures and encryption offered" : "Firme e cifratura offerte", + "Signatures and encryption required" : "Firme e cifratura richieste", + "Download metadata XML" : "Scarica XML metadati", + "Reset settings" : "Ripristina impostazioni", + "Metadata invalid" : "Metadati non validi", + "Metadata valid" : "Metadati validi", + "Error" : "Errore", + "Account not provisioned." : "Account non generato.", + "Your account is not provisioned, access to this service is thus not possible." : "Il tuo account non è stato generato, l'accesso a questo servizio è perciò impossibile", + "Login options:" : "Opzioni di accesso:", + "Choose a authentication provider" : "Scegli un fornitore di autenticazione" +}, +"nplurals=2; plural=(n != 1);"); diff --git a/docker/nextcloud/user_saml/l10n/it.json b/docker/nextcloud/user_saml/l10n/it.json new file mode 100755 index 0000000..71a1f4b --- /dev/null +++ b/docker/nextcloud/user_saml/l10n/it.json @@ -0,0 +1,87 @@ +{ "translations": { + "This user account is disabled, please contact your administrator." : "Questo account utente è disabilitato, contatta il tuo amministratore.", + "Saved" : "Salvato", + "Provider" : "Fornitore", + "Unknown error, please check the log file for more details." : "Errore sconosciuto, controlla il file di log per ulteriori dettagli.", + "Direct log in" : "Accesso diretto", + "SSO & SAML log in" : "Accesso SSO e SAML", + "This page should not be visited directly." : "Questa pagina non dovrebbe essere visitata direttamente.", + "Provider " : "Fornitore", + "X.509 certificate of the Service Provider" : "Certificato X.509 del fornitore di servizi", + "Private key of the Service Provider" : "Chiave privata del fornitore di servizi", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Indica che il nameID della inviata da questo SP sarà cifrato.", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Indica se i messaggi inviati da questo SP saranno firmati. [I metadati del SP forniranno queste informazioni]", + "Indicates whether the messages sent by this SP will be signed." : "Indica se i messaggi inviati da questo SP saranno firmati.", + "Indicates whether the messages sent by this SP will be signed." : "Indica se i messaggi inviati da questo SP saranno firmati.", + "Whether the metadata should be signed." : "Decidi se firmare o meno i metadati.", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Indica la firma come requisiti per gli elementi , e ricevuti da questo SP.", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Indica la firma come requisito per gli elementi ricevuti da questo SP. [I metadati dello SP forniranno queste informazioni]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Indica la cifratura come requisito per gli elementi ricevuti da questo SP.", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Indica la presenza come requisito dell'elemento NameID nella SAMLResponse ricevuta da questo SP.", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Indica la cifratura come requisito per il NameID ricevuto da questo SP.", + "Indicates if the SP will validate all received XML." : "Indica se lo SP convaliderà tutti gli XML ricevuti.", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "URL ADFS-Codifica i dati SAML come lettere minuscole, mentre il sistema utilizza, in modo predefinito, le lettere maiuscole. Abilitata per compatibilità con ADFS sulla verifica della firma.", + "Algorithm that the toolkit will use on signing process." : "Algoritmo che il toolkit utilizzerà per il processo di firma.", + "Attribute to map the UID to." : "Attributo a cui associare l'UID.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Consenti l'autenticazione solo se un account esiste in un altro motore. (ad es. LDAP)", + "Attribute to map the displayname to." : "Attributo a cui associare il nome visualizzato.", + "Attribute to map the email address to." : "Attributo a cui associare l'indirizzo di posta elettronica.", + "Attribute to map the quota to." : "Attributo a cui associare la quota.", + "Attribute to map the users groups to." : "Attributo per associare i gruppi di utenti", + "Attribute to map the users home to." : ".Attributo per associare le home degli utenti.", + "Email address" : "Indirizzo email", + "Encrypted" : "Cifrato", + "Entity" : "Entità", + "Kerberos" : "Kerberos", + "Persistent" : "Persistente", + "Transient" : "Transitorio", + "Unspecified" : "Non specificato", + "Windows domain qualified name" : "Nome di dominio Windows qualificato", + "X509 subject name" : "Nome oggetto X509", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Utilizza autenticazione SAML per i client desktop di %s (richiede una nuova autenticazione degli utenti)", + "Optional display name of the identity provider (default: \"SSO & SAML log in\")" : "Nome visualizzato facoltativo del fornitore d'identità (predefinito: \"Accesso SSO e SAML\")", + "Allow the use of multiple user back-ends (e.g. LDAP)" : "Consenti l'utilizzo di più motori utente (ad es. LDAP)", + "SSO & SAML authentication" : "Autenticazione SSO e SAML", + "Authenticate using single sign-on" : "Autenticazione con single sign-on", + "Using the SSO & SAML app of your Nextcloud you can make it easily possible to integrate your existing Single-Sign-On solution with Nextcloud. In addition, you can use the Nextcloud LDAP user provider to keep the convenience for users. (e.g. when sharing)\nThe following providers are supported and tested at the moment:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Authentication via Environment Variable**\n\t* Kerberos (mod_auth_kerb)\n\t* Any other provider that authenticates using the environment variable\n\nWhile theoretically any other authentication provider implementing either one of those standards is compatible, we like to note that they are not part of any internal test matrix." : "Utilizzando l'applicazione SSO e SAML di Nextcloud, puoi rendere possibile l'integrazione della tua soluzione Single-Sign-On esistente con Nextcloud. In aggiunta, puoi utilizzare il fornitore di utenti LDAP di Nextcloud per mantenere la convenienza degli utenti. (ad es. quando si condivide)\nI seguenti fornitori sono supportati e verificati al momento:\n* ** SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS) \n\n* **Autenticazione tramite variabile d'ambiente**\n\t* Kerberos (mod_auth_kerb)\n\t* Qualsiasi altro fornitore che autentichi utilizzando una variabile d'ambiente\n\nSebbene teoricamente qualsiasi altro fornitore di autenticazione che implementi uno di questi standard sia compatibile, segnaliamo che essi non sono parte della matrice dei test interni.", + "Open documentation" : "Apri la documentazione", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you enabled \"%s\" or you go directly to the URL %s." : "Assicurati di configurare un utente amministrativo che possa accedere all'istanza tramite SSO. L'accesso con il tuo account normale %s non sarà più possibile a meno che tu abbia abilitato \"%s\" o che tu vada direttamente all'URL %s.", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you go directly to the URL %s." : "Assicurati di configurare un utente amministrativo che possa accedere all'istanza tramite SSO. L'accesso con il tuo account normale %s non sarà più possibile a meno che tu vada direttamente all'URL %s.", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Scegli se vuoi autenticarti utilizzando il fornitore SAML integratore in Nextcloud o se vuoi autenticarti utilizzando una variabile d'ambiente.", + "Use built-in SAML authentication" : "Usa autenticazione SAML integrata", + "Use environment variable" : "Usa variabile d'ambiente", + "Global settings" : "Impostazioni globali", + "Remove identity provider" : "Rimuovi fornitore di identità", + "Add identity provider" : "Aggiungi fornitore di identità", + "General" : "Generale", + "Service Provider Data" : "Dati del fornitore di servizi", + "If your Service Provider should use certificates you can optionally specify them here." : "Se il tuo fornitore di servizi utilizza i certificati, puoi specificarli qui.", + "Show Service Provider settings…" : "Mostra impostazioni fornitore di servizi...", + "Name ID format" : "Formato ID Nome", + "Identity Provider Data" : "Dati del fornitore di identità", + "Configure your IdP settings here." : "Configura qui le tue impostazioni IdP.", + "Identifier of the IdP entity (must be a URI)" : "Identificatore dell'entità IdP (deve essere un URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "Destinazione dell'URL dell'IdP dove lo SP invierà il messaggio di richiesta di autenticazione", + "Show optional Identity Provider settings…" : "Mostra impostazioni opzionali del fornitore di identità...", + "URL Location of the IdP where the SP will send the SLO Request" : "Posizione dell'URL dell'IdP dove lo SP invierà la richiesta SLO", + "URL Location of the IDP's SLO Response" : "Posizione dell'URL della risposta SLO dell'IDP", + "Public X.509 certificate of the IdP" : "Certificato X.509 dell'IdP", + "Attribute mapping" : "Associazione degli attributi", + "If you want to optionally map attributes to the user you can configure these here." : "Se vuoi associare, in modo facoltativo, gli attributi all'utente, puoi configurarli qui.", + "Show attribute mapping settings…" : "Mostra le impostazioni di associazione degli attributi...", + "Security settings" : "Impostazioni di sicurezza", + "For increased security we recommend enabling the following settings if supported by your environment." : "Per una maggiore sicurezza, consigliamo di abilitare le seguenti impostazioni, se supportate dal tuo ambiente.", + "Show security settings…" : "Mostra impostazioni di sicurezza...", + "Signatures and encryption offered" : "Firme e cifratura offerte", + "Signatures and encryption required" : "Firme e cifratura richieste", + "Download metadata XML" : "Scarica XML metadati", + "Reset settings" : "Ripristina impostazioni", + "Metadata invalid" : "Metadati non validi", + "Metadata valid" : "Metadati validi", + "Error" : "Errore", + "Account not provisioned." : "Account non generato.", + "Your account is not provisioned, access to this service is thus not possible." : "Il tuo account non è stato generato, l'accesso a questo servizio è perciò impossibile", + "Login options:" : "Opzioni di accesso:", + "Choose a authentication provider" : "Scegli un fornitore di autenticazione" +},"pluralForm" :"nplurals=2; plural=(n != 1);" +} \ No newline at end of file diff --git a/docker/nextcloud/user_saml/l10n/ja.js b/docker/nextcloud/user_saml/l10n/ja.js new file mode 100755 index 0000000..2627569 --- /dev/null +++ b/docker/nextcloud/user_saml/l10n/ja.js @@ -0,0 +1,87 @@ +OC.L10N.register( + "user_saml", + { + "This user account is disabled, please contact your administrator." : "このユーザーアカウントは無効です。管理者に連絡してください。", + "Saved" : "保存しました", + "Provider" : "プロバイダー", + "Unknown error, please check the log file for more details." : "不明なエラー、詳細はログファイルを確認してください。", + "Direct log in" : "ダイレクトログイン", + "SSO & SAML log in" : "SSO & SAML log in", + "This page should not be visited directly." : "このページには直接アクセスしないでください。", + "Provider " : "プロバイダー", + "X.509 certificate of the Service Provider" : "サービスプロバイダのX.509 証明書", + "Private key of the Service Provider" : "サービスプロバイダーの秘密鍵", + "Indicates that the nameID of the sent by this SP will be encrypted." : "このSPによって送信された のnameIDが暗号化されることを示します。", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "このSPによって送信された メッセージが署名されるかどうかを示します。[SPのメタデータがこの情報を提供する]", + "Indicates whether the messages sent by this SP will be signed." : "このSPによって送信された メッセージが署名されるかどうかを示します。", + "Indicates whether the messages sent by this SP will be signed." : "このSPによって送信された メッセージが署名されるかどうかを示します。", + "Whether the metadata should be signed." : "メタデータに署名する必要があるかどうか。", + "Indicates a requirement for the , and elements received by this SP to be signed." : "このSPが受信した、および要素が署名されるための要件を示します。", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "このSPによって受信された要素が署名されるための要件を示します。 [SPのメタデータはこの情報を提供する]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "このSPが受信した要素を暗号化するための要件を示します。", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "このSPによって受信されたSAMLResponse上のNameID要素が存在する必要があることを示します。", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "このSPによって受信されたNameIDが暗号化されるための要件を示します。", + "Indicates if the SP will validate all received XML." : "SPが受信したすべてのXMLを検証するかどうかを示します。", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS URL- SAMLデータを小文字で符号化し、ツールキットはデフォルトで大文字を使用します。 署名検証でADFSとの互換性を有効にする。", + "Algorithm that the toolkit will use on signing process." : "ツールキットが署名処理で使用するアルゴリズム。", + "Attribute to map the UID to." : "UIDをマップする属性。", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "ほかのバックエンドにアカウントが存在する場合のみ、認証を許可します。 (例えば、LDAP)", + "Attribute to map the displayname to." : "表示名をにマップする属性。", + "Attribute to map the email address to." : "電子メールアドレスをマップする属性。", + "Attribute to map the quota to." : "クオータをマップする属性。", + "Attribute to map the users groups to." : "ユーザーグループをマップする属性。", + "Attribute to map the users home to." : "ユーザーをホームにマップするための属性。", + "Email address" : "メールアドレス", + "Encrypted" : "暗号化", + "Entity" : "エンティティ", + "Kerberos" : "ケルベロス", + "Persistent" : "永続性", + "Transient" : "一時的", + "Unspecified" : "指定なし", + "Windows domain qualified name" : "Windowsドメイン修飾名", + "X509 subject name" : "X509の件名", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "%s デスクトップクライアントにSAML認証を使用する(ユーザーの再認証が必要)", + "Optional display name of the identity provider (default: \"SSO & SAML log in\")" : "IDプロバイダのオプションの表示名(デフォルト: \"SSO&SAMLログイン\")", + "Allow the use of multiple user back-ends (e.g. LDAP)" : "複数のユーザーのバックエンド(LDAPなど)の使用を許可する", + "SSO & SAML authentication" : "SSOとSAML認証", + "Authenticate using single sign-on" : "シングルサインオンを使用して認証する", + "Using the SSO & SAML app of your Nextcloud you can make it easily possible to integrate your existing Single-Sign-On solution with Nextcloud. In addition, you can use the Nextcloud LDAP user provider to keep the convenience for users. (e.g. when sharing)\nThe following providers are supported and tested at the moment:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Authentication via Environment Variable**\n\t* Kerberos (mod_auth_kerb)\n\t* Any other provider that authenticates using the environment variable\n\nWhile theoretically any other authentication provider implementing either one of those standards is compatible, we like to note that they are not part of any internal test matrix." : "NextcloudのSSO&SAMLアプリを使用すると、既存のシングルサインオンソリューションをNextcloudと簡単に統合することができます。 さらに、Nextcloud LDAPユーザープロバイダを使用して、ユーザーの利便性を保つことができます。 (例:共有時)\n現時点では、以下のプロバイダがサポートおよびテストされています。\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **環境変数による認証**\n\t* Kerberos (mod_auth_kerb)\n\t* Any other provider that authenticates using the environment variable\n\n理論的には、これらの規格のいずれかを実装している他の認証プロバイダにも互換性がありますが、それらは内部テストマトリックスの一部ではないことに注意してください。", + "Open documentation" : "ドキュメントを開く", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you enabled \"%s\" or you go directly to the URL %s." : "SSOを介してインスタンスにアクセスできる管理ユーザーを必ず作成してください。 \"%s\"を有効にしないか、直接URL %sにアクセスしない限り、もう通常の%sアカウントでログインすることはできません。", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you go directly to the URL %s." : "SSOを介してインスタンスにアクセスできる管理ユーザーを作成してください。URL %sに直接アクセスしないかぎり、もう通常の%sアカウントでログインすることはできません。", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Nextcloudに組み込まれているSAMLプロバイダを使用して認証するか、環境変数を使用して認証するかを選択してください。", + "Use built-in SAML authentication" : "組み込みのSAML認証を使用する", + "Use environment variable" : "環境変数を使用する", + "Global settings" : "グローバル設定", + "Remove identity provider" : "identity providerを削除する", + "Add identity provider" : "identity providerを追加する", + "General" : "一般", + "Service Provider Data" : "Service Providerデータ", + "If your Service Provider should use certificates you can optionally specify them here." : "サービスプロバイダが証明書を使用する必要がある場合は、オプションでここで指定することができます。", + "Show Service Provider settings…" : "サービスプロバイダの設定を表示しています...", + "Name ID format" : "名前IDの形式", + "Identity Provider Data" : "Identity Providerデータ", + "Configure your IdP settings here." : "IdP をここで設定します。", + "Identifier of the IdP entity (must be a URI)" : "IdPエンティティの識別子(URIでなければならない)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "SPが認証要求メッセージを送信するIdPのURLターゲット", + "Show optional Identity Provider settings…" : "オプションのIdentity Provider設定を表示する...", + "URL Location of the IdP where the SP will send the SLO Request" : "URL SPがSLO要求を送信するIdPの場所", + "Public X.509 certificate of the IdP" : "IdPの公開X.509証明書", + "Attribute mapping" : "属性マッピング", + "If you want to optionally map attributes to the user you can configure these here." : "オプションで属性をユーザーにマップする場合は、ここでそれらを構成できます。", + "Show attribute mapping settings…" : "属性マッピングの設定を表示する...", + "Security settings" : "セキュリティ設定", + "For increased security we recommend enabling the following settings if supported by your environment." : "セキュリティを強化するため、ご使用の環境でサポートされている場合は、次の設定を有効にすることをお勧めします", + "Show security settings…" : "セキュリティ設定を表示...", + "Signatures and encryption offered" : "署名と暗号化を提供", + "Signatures and encryption required" : "署名と暗号化が必要", + "Download metadata XML" : "メタデータXMLをダウンロード", + "Reset settings" : "設定をリセット", + "Metadata invalid" : "メタデータが無効です", + "Metadata valid" : "有効なメタデータ", + "Error" : "エラー", + "Account not provisioned." : "アカウントがプロビジョニングされていない", + "Your account is not provisioned, access to this service is thus not possible." : "アカウントにプロビジョニングされていないため、このサービスへのアクセスはできません。", + "Choose a authentication provider" : "認証プロバイダを選択する" +}, +"nplurals=1; plural=0;"); diff --git a/docker/nextcloud/user_saml/l10n/ja.json b/docker/nextcloud/user_saml/l10n/ja.json new file mode 100755 index 0000000..1a6c92e --- /dev/null +++ b/docker/nextcloud/user_saml/l10n/ja.json @@ -0,0 +1,85 @@ +{ "translations": { + "This user account is disabled, please contact your administrator." : "このユーザーアカウントは無効です。管理者に連絡してください。", + "Saved" : "保存しました", + "Provider" : "プロバイダー", + "Unknown error, please check the log file for more details." : "不明なエラー、詳細はログファイルを確認してください。", + "Direct log in" : "ダイレクトログイン", + "SSO & SAML log in" : "SSO & SAML log in", + "This page should not be visited directly." : "このページには直接アクセスしないでください。", + "Provider " : "プロバイダー", + "X.509 certificate of the Service Provider" : "サービスプロバイダのX.509 証明書", + "Private key of the Service Provider" : "サービスプロバイダーの秘密鍵", + "Indicates that the nameID of the sent by this SP will be encrypted." : "このSPによって送信された のnameIDが暗号化されることを示します。", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "このSPによって送信された メッセージが署名されるかどうかを示します。[SPのメタデータがこの情報を提供する]", + "Indicates whether the messages sent by this SP will be signed." : "このSPによって送信された メッセージが署名されるかどうかを示します。", + "Indicates whether the messages sent by this SP will be signed." : "このSPによって送信された メッセージが署名されるかどうかを示します。", + "Whether the metadata should be signed." : "メタデータに署名する必要があるかどうか。", + "Indicates a requirement for the , and elements received by this SP to be signed." : "このSPが受信した、および要素が署名されるための要件を示します。", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "このSPによって受信された要素が署名されるための要件を示します。 [SPのメタデータはこの情報を提供する]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "このSPが受信した要素を暗号化するための要件を示します。", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "このSPによって受信されたSAMLResponse上のNameID要素が存在する必要があることを示します。", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "このSPによって受信されたNameIDが暗号化されるための要件を示します。", + "Indicates if the SP will validate all received XML." : "SPが受信したすべてのXMLを検証するかどうかを示します。", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS URL- SAMLデータを小文字で符号化し、ツールキットはデフォルトで大文字を使用します。 署名検証でADFSとの互換性を有効にする。", + "Algorithm that the toolkit will use on signing process." : "ツールキットが署名処理で使用するアルゴリズム。", + "Attribute to map the UID to." : "UIDをマップする属性。", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "ほかのバックエンドにアカウントが存在する場合のみ、認証を許可します。 (例えば、LDAP)", + "Attribute to map the displayname to." : "表示名をにマップする属性。", + "Attribute to map the email address to." : "電子メールアドレスをマップする属性。", + "Attribute to map the quota to." : "クオータをマップする属性。", + "Attribute to map the users groups to." : "ユーザーグループをマップする属性。", + "Attribute to map the users home to." : "ユーザーをホームにマップするための属性。", + "Email address" : "メールアドレス", + "Encrypted" : "暗号化", + "Entity" : "エンティティ", + "Kerberos" : "ケルベロス", + "Persistent" : "永続性", + "Transient" : "一時的", + "Unspecified" : "指定なし", + "Windows domain qualified name" : "Windowsドメイン修飾名", + "X509 subject name" : "X509の件名", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "%s デスクトップクライアントにSAML認証を使用する(ユーザーの再認証が必要)", + "Optional display name of the identity provider (default: \"SSO & SAML log in\")" : "IDプロバイダのオプションの表示名(デフォルト: \"SSO&SAMLログイン\")", + "Allow the use of multiple user back-ends (e.g. LDAP)" : "複数のユーザーのバックエンド(LDAPなど)の使用を許可する", + "SSO & SAML authentication" : "SSOとSAML認証", + "Authenticate using single sign-on" : "シングルサインオンを使用して認証する", + "Using the SSO & SAML app of your Nextcloud you can make it easily possible to integrate your existing Single-Sign-On solution with Nextcloud. In addition, you can use the Nextcloud LDAP user provider to keep the convenience for users. (e.g. when sharing)\nThe following providers are supported and tested at the moment:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Authentication via Environment Variable**\n\t* Kerberos (mod_auth_kerb)\n\t* Any other provider that authenticates using the environment variable\n\nWhile theoretically any other authentication provider implementing either one of those standards is compatible, we like to note that they are not part of any internal test matrix." : "NextcloudのSSO&SAMLアプリを使用すると、既存のシングルサインオンソリューションをNextcloudと簡単に統合することができます。 さらに、Nextcloud LDAPユーザープロバイダを使用して、ユーザーの利便性を保つことができます。 (例:共有時)\n現時点では、以下のプロバイダがサポートおよびテストされています。\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **環境変数による認証**\n\t* Kerberos (mod_auth_kerb)\n\t* Any other provider that authenticates using the environment variable\n\n理論的には、これらの規格のいずれかを実装している他の認証プロバイダにも互換性がありますが、それらは内部テストマトリックスの一部ではないことに注意してください。", + "Open documentation" : "ドキュメントを開く", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you enabled \"%s\" or you go directly to the URL %s." : "SSOを介してインスタンスにアクセスできる管理ユーザーを必ず作成してください。 \"%s\"を有効にしないか、直接URL %sにアクセスしない限り、もう通常の%sアカウントでログインすることはできません。", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you go directly to the URL %s." : "SSOを介してインスタンスにアクセスできる管理ユーザーを作成してください。URL %sに直接アクセスしないかぎり、もう通常の%sアカウントでログインすることはできません。", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Nextcloudに組み込まれているSAMLプロバイダを使用して認証するか、環境変数を使用して認証するかを選択してください。", + "Use built-in SAML authentication" : "組み込みのSAML認証を使用する", + "Use environment variable" : "環境変数を使用する", + "Global settings" : "グローバル設定", + "Remove identity provider" : "identity providerを削除する", + "Add identity provider" : "identity providerを追加する", + "General" : "一般", + "Service Provider Data" : "Service Providerデータ", + "If your Service Provider should use certificates you can optionally specify them here." : "サービスプロバイダが証明書を使用する必要がある場合は、オプションでここで指定することができます。", + "Show Service Provider settings…" : "サービスプロバイダの設定を表示しています...", + "Name ID format" : "名前IDの形式", + "Identity Provider Data" : "Identity Providerデータ", + "Configure your IdP settings here." : "IdP をここで設定します。", + "Identifier of the IdP entity (must be a URI)" : "IdPエンティティの識別子(URIでなければならない)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "SPが認証要求メッセージを送信するIdPのURLターゲット", + "Show optional Identity Provider settings…" : "オプションのIdentity Provider設定を表示する...", + "URL Location of the IdP where the SP will send the SLO Request" : "URL SPがSLO要求を送信するIdPの場所", + "Public X.509 certificate of the IdP" : "IdPの公開X.509証明書", + "Attribute mapping" : "属性マッピング", + "If you want to optionally map attributes to the user you can configure these here." : "オプションで属性をユーザーにマップする場合は、ここでそれらを構成できます。", + "Show attribute mapping settings…" : "属性マッピングの設定を表示する...", + "Security settings" : "セキュリティ設定", + "For increased security we recommend enabling the following settings if supported by your environment." : "セキュリティを強化するため、ご使用の環境でサポートされている場合は、次の設定を有効にすることをお勧めします", + "Show security settings…" : "セキュリティ設定を表示...", + "Signatures and encryption offered" : "署名と暗号化を提供", + "Signatures and encryption required" : "署名と暗号化が必要", + "Download metadata XML" : "メタデータXMLをダウンロード", + "Reset settings" : "設定をリセット", + "Metadata invalid" : "メタデータが無効です", + "Metadata valid" : "有効なメタデータ", + "Error" : "エラー", + "Account not provisioned." : "アカウントがプロビジョニングされていない", + "Your account is not provisioned, access to this service is thus not possible." : "アカウントにプロビジョニングされていないため、このサービスへのアクセスはできません。", + "Choose a authentication provider" : "認証プロバイダを選択する" +},"pluralForm" :"nplurals=1; plural=0;" +} \ No newline at end of file diff --git a/docker/nextcloud/user_saml/l10n/ka_GE.js b/docker/nextcloud/user_saml/l10n/ka_GE.js new file mode 100755 index 0000000..d8d6b24 --- /dev/null +++ b/docker/nextcloud/user_saml/l10n/ka_GE.js @@ -0,0 +1,55 @@ +OC.L10N.register( + "user_saml", + { + "Saved" : "შენახულია", + "X.509 certificate of the Service Provider" : "სერვისის მომწოდებლის X.509 სერტიფიკატი", + "Private key of the Service Provider" : "სერვისის მომწოდებლის პირადი გასაღები", + "Indicates that the nameID of the sent by this SP will be encrypted." : "ანიშნებს რომ ამ SP-ს მეშვეობით გამოგზავნილი -ის nameID იქნება დაშიფრული.", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "ანიშნებს ამ SP-ს მეშვეობით გამოგზავნილი ხელმოწერილ იქნება თუ არა. [ამ ინფორმაციას მოგვაწოდებს SP-s მეტა მონაცემები]", + "Indicates whether the messages sent by this SP will be signed." : "ანიშნებს ამ SP-ს მეშვეობით გამოგზავნილი ხელმოწერილ იქნება თუ არა.", + "Indicates whether the messages sent by this SP will be signed." : "ანიშნებს ამ SP-ს მეშვეობით გამოგზავნილი ხელმოწერილ იქნება თუ არა.", + "Whether the metadata should be signed." : "უნდა მოეწეროს თუ არა მეტა-მონაცემებს ხელი.", + "Indicates a requirement for the , and elements received by this SP to be signed." : "ანიშნებს მოთხოვნილებას, ამ SP-ს საშუალებით მიღებულ , და ელემენტებს უნდა მოეწეროთ ხელი თუ არა.", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "ანიშნებს მოთხოვნილებას, ამ SP-ს საშუალებით მიღებულ ელემენტებს უნდა მოეწეროთ ხელი თუ არა. [ამ ინფორმაციას მოგვაწოდებს SP-s მეტა მონაცემები]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "ანიშნებს მოთხოვნილებას, ამ SP-ს საშუალებით მიღებული ელემენტები უნდა დაიშიფროს თუ არა.", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "ანიშნებს მოთხოვნილებას ამ SP-ს მეშვეობით მიღებულ SAMLResponse-ში უნდა იყოს თუ არა NameID ელემენტი.", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "ანიშნებს მოთხოვნილებას, ამ SP-ს საშუალებით მიღებული NameID უნდა დაიშიფროს თუ არა.", + "Indicates if the SP will validate all received XML." : "ანიშნებს გაუწევს თუ არა SP ვალიდაციას ყველა შემოსულ XML-ს.", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS URL უწევს SAML მონაცემებს კოდირებას პატარა ასოებით, ხელსაწყობის ნაკრები კი საწყისად იყენებს დიდ ასოებს. ჩართეთ ADFS თავსებადობა ხელმოწერის დამოწმებებზე.", + "Attribute to map the UID to." : "ატრიბუტი რომელსაც მიებმევა UID.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "აუტენტიფიკაციის უფლება დართეთ მხოლოდ მაშინ, თუ ანგარიში არსებობს რაიმე სხვა ბექენდზეც. (მაგ. LDAP-ზე)", + "Attribute to map the displayname to." : "ატრიბუტი რომელსაც მიებმევა დისპლეის სახელი.", + "Attribute to map the email address to." : "ატრიბუტი რომელსაც მიებმევა ელ-ფოსტის მისამართი.", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "გამოიყენეთ SAML აუტენტიფიკაცია %s დესკტოპ კლიენტებისთვის (საჭიროებს ხელახალ აუტენტიფიკაციას)", + "SSO & SAML authentication" : "SSO და SAML აუტენტიფიკაცია", + "Open documentation" : "ღია დოკუმენტაცია", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "გთხოვთ აირჩიოთ აუტენტიფიკაცია გსურთ Nextcloud-ში ჩაშენებული SAML მომწოდებელით თუ გსურთ აუტენტიფიკაცია სხვა გარემოს ცვლადის წინააღმდეგ.", + "Use built-in SAML authentication" : "ჩაშენებული SAML აუტენტიფიკაციის გამოყენება", + "Use environment variable" : "გარემოში არსებული ცვლადის გამოყენება", + "General" : "მთავარი", + "Service Provider Data" : "სერვისის მომწოდებლის მონაცემები", + "If your Service Provider should use certificates you can optionally specify them here." : "თუ თქვენი სერვის პროვაიდერი უნდა იყენებდეს სერტიფიკატებს, სურვილისამებრ შეგიძლიათ ისინი აქ ჩამოწეროთ.", + "Show Service Provider settings…" : "სერვისის მომწოდებლის პარამეტრების ჩვენება...", + "Identity Provider Data" : "იდენტობის მომწოდებლის მონაცემები", + "Configure your IdP settings here." : "დააყენეთ თქვენი IdP-ის პარამეტრები აქ.", + "Identifier of the IdP entity (must be a URI)" : "IdP შენატანის იდენტიფიკატორი (უნდა იყოს URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "IdP-s URL მისამართი სადაც SP გააგზავნის აუტენტიფიკაციის მოთხოვნის წერილს", + "Show optional Identity Provider settings…" : "არა-აუცილებელი იდენტობის პროვაიდერის პარამეტრების ჩვენება...", + "URL Location of the IdP where the SP will send the SLO Request" : "IdP-ს URL მისამართ სადაც SP გააგზავნის SLO მოთხოვნას", + "Public X.509 certificate of the IdP" : "IdP-ს ღია X.509 სერტიფიკატი", + "Attribute mapping" : "ატრიბუტების ბმები", + "If you want to optionally map attributes to the user you can configure these here." : "არაა აუცილებელი, მაგრამ თუ გსურთ ატრიბუტების მიბმა მომხმარებელთან, შეგიძლიათ კონფიგურაცია შეასრულოთ აქ.", + "Show attribute mapping settings…" : "ატრიბუტების მიბმის პარამეტრების ჩვენება...", + "Security settings" : "უსაფრთხოების პარამეტრები", + "For increased security we recommend enabling the following settings if supported by your environment." : "გაუმჯობესებული უსაფრთხოებისთვის, რეკომენდაციას გიწევთ, შესაძლებლობის შემთხვევაში, აამოქმედოთ შემდეგი პრამეტრები.", + "Show security settings…" : "უსაფრთხოების პარამეტრების ჩვენება...", + "Signatures and encryption offered" : "შემოთავაზებული ხელმოწერები და შიფრაციები", + "Signatures and encryption required" : "ხელმოწერები და შიფრაციები აუცილებელია", + "Download metadata XML" : "XML მეტა-მონაცემების გადმოწერა", + "Metadata invalid" : "მეტა-მონაცემი არასწორია", + "Metadata valid" : "მეტა-მონაცემი სწორია", + "Error" : "შეცდომა", + "Account not provisioned." : "ანგარიში არაა გათვალისწინებული.", + "Your account is not provisioned, access to this service is thus not possible." : "თქვენი ანგარიში არაა გათვალისწინებული, ამ სერვისისადმი წვდომა შესაბამისად შეუძლებელია." +}, +"nplurals=2; plural=(n!=1);"); diff --git a/docker/nextcloud/user_saml/l10n/ka_GE.json b/docker/nextcloud/user_saml/l10n/ka_GE.json new file mode 100755 index 0000000..1f388fa --- /dev/null +++ b/docker/nextcloud/user_saml/l10n/ka_GE.json @@ -0,0 +1,53 @@ +{ "translations": { + "Saved" : "შენახულია", + "X.509 certificate of the Service Provider" : "სერვისის მომწოდებლის X.509 სერტიფიკატი", + "Private key of the Service Provider" : "სერვისის მომწოდებლის პირადი გასაღები", + "Indicates that the nameID of the sent by this SP will be encrypted." : "ანიშნებს რომ ამ SP-ს მეშვეობით გამოგზავნილი -ის nameID იქნება დაშიფრული.", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "ანიშნებს ამ SP-ს მეშვეობით გამოგზავნილი ხელმოწერილ იქნება თუ არა. [ამ ინფორმაციას მოგვაწოდებს SP-s მეტა მონაცემები]", + "Indicates whether the messages sent by this SP will be signed." : "ანიშნებს ამ SP-ს მეშვეობით გამოგზავნილი ხელმოწერილ იქნება თუ არა.", + "Indicates whether the messages sent by this SP will be signed." : "ანიშნებს ამ SP-ს მეშვეობით გამოგზავნილი ხელმოწერილ იქნება თუ არა.", + "Whether the metadata should be signed." : "უნდა მოეწეროს თუ არა მეტა-მონაცემებს ხელი.", + "Indicates a requirement for the , and elements received by this SP to be signed." : "ანიშნებს მოთხოვნილებას, ამ SP-ს საშუალებით მიღებულ , და ელემენტებს უნდა მოეწეროთ ხელი თუ არა.", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "ანიშნებს მოთხოვნილებას, ამ SP-ს საშუალებით მიღებულ ელემენტებს უნდა მოეწეროთ ხელი თუ არა. [ამ ინფორმაციას მოგვაწოდებს SP-s მეტა მონაცემები]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "ანიშნებს მოთხოვნილებას, ამ SP-ს საშუალებით მიღებული ელემენტები უნდა დაიშიფროს თუ არა.", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "ანიშნებს მოთხოვნილებას ამ SP-ს მეშვეობით მიღებულ SAMLResponse-ში უნდა იყოს თუ არა NameID ელემენტი.", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "ანიშნებს მოთხოვნილებას, ამ SP-ს საშუალებით მიღებული NameID უნდა დაიშიფროს თუ არა.", + "Indicates if the SP will validate all received XML." : "ანიშნებს გაუწევს თუ არა SP ვალიდაციას ყველა შემოსულ XML-ს.", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS URL უწევს SAML მონაცემებს კოდირებას პატარა ასოებით, ხელსაწყობის ნაკრები კი საწყისად იყენებს დიდ ასოებს. ჩართეთ ADFS თავსებადობა ხელმოწერის დამოწმებებზე.", + "Attribute to map the UID to." : "ატრიბუტი რომელსაც მიებმევა UID.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "აუტენტიფიკაციის უფლება დართეთ მხოლოდ მაშინ, თუ ანგარიში არსებობს რაიმე სხვა ბექენდზეც. (მაგ. LDAP-ზე)", + "Attribute to map the displayname to." : "ატრიბუტი რომელსაც მიებმევა დისპლეის სახელი.", + "Attribute to map the email address to." : "ატრიბუტი რომელსაც მიებმევა ელ-ფოსტის მისამართი.", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "გამოიყენეთ SAML აუტენტიფიკაცია %s დესკტოპ კლიენტებისთვის (საჭიროებს ხელახალ აუტენტიფიკაციას)", + "SSO & SAML authentication" : "SSO და SAML აუტენტიფიკაცია", + "Open documentation" : "ღია დოკუმენტაცია", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "გთხოვთ აირჩიოთ აუტენტიფიკაცია გსურთ Nextcloud-ში ჩაშენებული SAML მომწოდებელით თუ გსურთ აუტენტიფიკაცია სხვა გარემოს ცვლადის წინააღმდეგ.", + "Use built-in SAML authentication" : "ჩაშენებული SAML აუტენტიფიკაციის გამოყენება", + "Use environment variable" : "გარემოში არსებული ცვლადის გამოყენება", + "General" : "მთავარი", + "Service Provider Data" : "სერვისის მომწოდებლის მონაცემები", + "If your Service Provider should use certificates you can optionally specify them here." : "თუ თქვენი სერვის პროვაიდერი უნდა იყენებდეს სერტიფიკატებს, სურვილისამებრ შეგიძლიათ ისინი აქ ჩამოწეროთ.", + "Show Service Provider settings…" : "სერვისის მომწოდებლის პარამეტრების ჩვენება...", + "Identity Provider Data" : "იდენტობის მომწოდებლის მონაცემები", + "Configure your IdP settings here." : "დააყენეთ თქვენი IdP-ის პარამეტრები აქ.", + "Identifier of the IdP entity (must be a URI)" : "IdP შენატანის იდენტიფიკატორი (უნდა იყოს URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "IdP-s URL მისამართი სადაც SP გააგზავნის აუტენტიფიკაციის მოთხოვნის წერილს", + "Show optional Identity Provider settings…" : "არა-აუცილებელი იდენტობის პროვაიდერის პარამეტრების ჩვენება...", + "URL Location of the IdP where the SP will send the SLO Request" : "IdP-ს URL მისამართ სადაც SP გააგზავნის SLO მოთხოვნას", + "Public X.509 certificate of the IdP" : "IdP-ს ღია X.509 სერტიფიკატი", + "Attribute mapping" : "ატრიბუტების ბმები", + "If you want to optionally map attributes to the user you can configure these here." : "არაა აუცილებელი, მაგრამ თუ გსურთ ატრიბუტების მიბმა მომხმარებელთან, შეგიძლიათ კონფიგურაცია შეასრულოთ აქ.", + "Show attribute mapping settings…" : "ატრიბუტების მიბმის პარამეტრების ჩვენება...", + "Security settings" : "უსაფრთხოების პარამეტრები", + "For increased security we recommend enabling the following settings if supported by your environment." : "გაუმჯობესებული უსაფრთხოებისთვის, რეკომენდაციას გიწევთ, შესაძლებლობის შემთხვევაში, აამოქმედოთ შემდეგი პრამეტრები.", + "Show security settings…" : "უსაფრთხოების პარამეტრების ჩვენება...", + "Signatures and encryption offered" : "შემოთავაზებული ხელმოწერები და შიფრაციები", + "Signatures and encryption required" : "ხელმოწერები და შიფრაციები აუცილებელია", + "Download metadata XML" : "XML მეტა-მონაცემების გადმოწერა", + "Metadata invalid" : "მეტა-მონაცემი არასწორია", + "Metadata valid" : "მეტა-მონაცემი სწორია", + "Error" : "შეცდომა", + "Account not provisioned." : "ანგარიში არაა გათვალისწინებული.", + "Your account is not provisioned, access to this service is thus not possible." : "თქვენი ანგარიში არაა გათვალისწინებული, ამ სერვისისადმი წვდომა შესაბამისად შეუძლებელია." +},"pluralForm" :"nplurals=2; plural=(n!=1);" +} \ No newline at end of file diff --git a/docker/nextcloud/user_saml/l10n/ko.js b/docker/nextcloud/user_saml/l10n/ko.js new file mode 100755 index 0000000..21bcfe5 --- /dev/null +++ b/docker/nextcloud/user_saml/l10n/ko.js @@ -0,0 +1,76 @@ +OC.L10N.register( + "user_saml", + { + "This user account is disabled, please contact your administrator." : "이 계정이 비활성화되었습니다. 관리자에게 연락해 주십시오.", + "Saved" : "저장됨", + "Provider" : "공급자", + "Unknown error, please check the log file for more details." : "알 수 없는 오류. 자세한 정보를 보려면 로그 파일을 참조하십시오.", + "Direct log in" : "직접 로그인", + "SSO & SAML log in" : "SSO 및 SAML 로그인", + "This page should not be visited directly." : "이 페이지를 직접 방문하면 안 됩니다.", + "Provider " : "공급자", + "X.509 certificate of the Service Provider" : "서비스 공급자의 X.509 인증서", + "Private key of the Service Provider" : "서비스 공급자의 개인 키", + "Indicates that the nameID of the sent by this SP will be encrypted." : "이 서비스 공급자가 보낸 의 nameID를 암호화할지 여부입니다.", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "이 서비스 공급자가 보낸 메시지를 서명할지 여부입니다. [서비스 공급자 메타데이터가 정보를 제공함]", + "Indicates whether the messages sent by this SP will be signed." : "이 서비스 공급자가 보낸 메시지를 서명할지 여부입니다.", + "Indicates whether the messages sent by this SP will be signed." : "이 서비스 공급자가 보낸 메시지를 서명할지 여부입니다.", + "Whether the metadata should be signed." : "메타데이터를 서명할지 여부입니다.", + "Indicates a requirement for the , and elements received by this SP to be signed." : "이 서비스 공급자가 받는 , 원소를 서명해야 할지 여부입니다.", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "이 서비스 공급자가 받는 메시지를 서명해야 할지 여부입니다. [서비스 공급자 메타데이터가 정보를 제공함]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "이 서비스 공급자가 받는 원소를 암호화해야 할지 여부입니다.", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "이 서비스 공급자가 받는 SAMLResponse의 NameID 원소가 존재해야 할지 여부입니다.", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "이 서비스 공급자가 받는 NameID를 암호화해야 할지 여부입니다.", + "Indicates if the SP will validate all received XML." : "SP에서 모든 수신 XML을 검증할지 여부입니다.", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS는 SAML 데이터를 소문자로 URL에 인코딩하며, 툴킷은 기본적으로 대문자를 사용합니다. 서명 검증 시 ADFS 호환성이 필요할 때 사용하십시오.", + "Attribute to map the UID to." : "UID를 매핑할 속성입니다.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "다른 백엔드(예: LDAP)에 계정이 있을 때에만 인증을 허용합니다.", + "Attribute to map the displayname to." : "표시 이름을 매핑할 속성입니다.", + "Attribute to map the email address to." : "이메일 주소를 매핑할 속성입니다.", + "Attribute to map the quota to." : "할당량을 매핑할 속성입니다.", + "Attribute to map the users groups to." : "사용자 그룹을 매핑할 속성입니다.", + "Attribute to map the users home to." : "사용자 홈 경로를 매핑할 속성입니다.", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "%s 데스크톱 클라이언트에 SAML 인증을 사용합니다(사용자 재인증이 필요함)", + "Optional display name of the identity provider (default: \"SSO & SAML log in\")" : "인증 공급자 표시 이름(선택 사항, 기본값: \"SSO 및 SAML 로그인\")", + "Allow the use of multiple user back-ends (e.g. LDAP)" : "다중 사용자 백엔드 허용(예: LDAP)", + "SSO & SAML authentication" : "SSO 및 SAML 인증", + "Authenticate using single sign-on" : "통합 로그인으로 인증", + "Using the SSO & SAML app of your Nextcloud you can make it easily possible to integrate your existing Single-Sign-On solution with Nextcloud. In addition, you can use the Nextcloud LDAP user provider to keep the convenience for users. (e.g. when sharing)\nThe following providers are supported and tested at the moment:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Authentication via Environment Variable**\n\t* Kerberos (mod_auth_kerb)\n\t* Any other provider that authenticates using the environment variable\n\nWhile theoretically any other authentication provider implementing either one of those standards is compatible, we like to note that they are not part of any internal test matrix." : "Nextcloud의 SSO 및 SAML 앱을 사용하면 기존 통합 로그인 솔루션과 Nextcloud를 통합할 수 있습니다. 추가적으로 사용자 편의성을 위해서(예: 공유 시) Nextcloud LDAP 사용자 공급자를 지정할 수 있습니다.\n현재 다음 공급자를 지원합니다:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services ADFS)\n\n* **환경 변수를 통한 인증**\n\t* Kerberos(mod_auth_kerb)\n\t* 기타 환경 변수를 사용하는 인증 공급자\n\n이론적으로 같은 표준을 사용하는 다른 인증 공급자를 사용할 수 있으나, 내부적으로 시험되지 않았습니다.", + "Open documentation" : "문서 열기", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you enabled \"%s\" or you go directly to the URL %s." : "인스턴스에 SSO로 접근할 수 있는 관리 사용자를 설정하십시오. 더 이상 일반 %s 계정으로 로그인할 수 없습니다. 일반 계정으로 로그인하려면 \"%s\"을(를) 활성화하거나 %s URL을 직접 방문해야 합니다.", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you go directly to the URL %s." : "인스턴스에 SSO로 접근할 수 있는 관리 사용자를 설정하십시오. 더 이상 일반 %s 계정으로 로그인할 수 없습니다. 일반 계정으로 로그인하려면 %s URL을 직접 방문해야 합니다.", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Nextcloud에 내장된 SAML 공급자로 인증할지, 환경 변수를 사용하여 인증할지를 선택하십시오.", + "Use built-in SAML authentication" : "내장 SAML 인증 사용", + "Use environment variable" : "환경 변수 사용", + "Global settings" : "전역 설정", + "Remove identity provider" : "인증 공급자 삭제", + "Add identity provider" : "인증 공급자 추가", + "General" : "일반", + "Service Provider Data" : "서비스 공급자 데이터", + "If your Service Provider should use certificates you can optionally specify them here." : "서비스 공급자가 인증서를 사용한다면 여기에 추가적으로 지정할 수 있습니다.", + "Show Service Provider settings…" : "서비스 공급자 설정 표시…", + "Identity Provider Data" : "인증 공급자 데이터", + "Configure your IdP settings here." : "IdP를 여기에서 설정할 수 있습니다.", + "Identifier of the IdP entity (must be a URI)" : "IdP 엔티티 식별자(URI여야 함)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "SP에서 인증 요청 메시지를 보낼 IdP 대상 URL", + "Show optional Identity Provider settings…" : "추가 인증 공급자 설정 표시…", + "URL Location of the IdP where the SP will send the SLO Request" : "SP에서 SLO 요청 메시지를 보낼 IdP 대상 URL", + "Public X.509 certificate of the IdP" : "IdP의 공개 X.509 인증서", + "Attribute mapping" : "속성 매핑", + "If you want to optionally map attributes to the user you can configure these here." : "추가 속성을 사용자에게 연결하려면 여기에서 설정하십시오.", + "Show attribute mapping settings…" : "속성 매핑 설정 표시…", + "Security settings" : "보안 설정", + "For increased security we recommend enabling the following settings if supported by your environment." : "보안을 강화하기 위해서 환경에서 지원하는 경우 다음 설정을 사용할 것을 추천합니다.", + "Show security settings…" : "보안 설정 표시…", + "Signatures and encryption offered" : "서명과 암호화 제공됨", + "Signatures and encryption required" : "서명과 암호화 필요함", + "Download metadata XML" : "메타데이터 XML 다운로드", + "Reset settings" : "설정 초기화", + "Metadata invalid" : "메타데이터 잘못됨", + "Metadata valid" : "메타데이터 올바름", + "Error" : "오류", + "Account not provisioned." : "계정이 프로비전되지 않았습니다.", + "Your account is not provisioned, access to this service is thus not possible." : "계정이 프로비전되지 않아서 이 서비스에 접근할 수 없습니다.", + "Choose a authentication provider" : "인증 공급자 선택" +}, +"nplurals=1; plural=0;"); diff --git a/docker/nextcloud/user_saml/l10n/ko.json b/docker/nextcloud/user_saml/l10n/ko.json new file mode 100755 index 0000000..0f8a06a --- /dev/null +++ b/docker/nextcloud/user_saml/l10n/ko.json @@ -0,0 +1,74 @@ +{ "translations": { + "This user account is disabled, please contact your administrator." : "이 계정이 비활성화되었습니다. 관리자에게 연락해 주십시오.", + "Saved" : "저장됨", + "Provider" : "공급자", + "Unknown error, please check the log file for more details." : "알 수 없는 오류. 자세한 정보를 보려면 로그 파일을 참조하십시오.", + "Direct log in" : "직접 로그인", + "SSO & SAML log in" : "SSO 및 SAML 로그인", + "This page should not be visited directly." : "이 페이지를 직접 방문하면 안 됩니다.", + "Provider " : "공급자", + "X.509 certificate of the Service Provider" : "서비스 공급자의 X.509 인증서", + "Private key of the Service Provider" : "서비스 공급자의 개인 키", + "Indicates that the nameID of the sent by this SP will be encrypted." : "이 서비스 공급자가 보낸 의 nameID를 암호화할지 여부입니다.", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "이 서비스 공급자가 보낸 메시지를 서명할지 여부입니다. [서비스 공급자 메타데이터가 정보를 제공함]", + "Indicates whether the messages sent by this SP will be signed." : "이 서비스 공급자가 보낸 메시지를 서명할지 여부입니다.", + "Indicates whether the messages sent by this SP will be signed." : "이 서비스 공급자가 보낸 메시지를 서명할지 여부입니다.", + "Whether the metadata should be signed." : "메타데이터를 서명할지 여부입니다.", + "Indicates a requirement for the , and elements received by this SP to be signed." : "이 서비스 공급자가 받는 , 원소를 서명해야 할지 여부입니다.", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "이 서비스 공급자가 받는 메시지를 서명해야 할지 여부입니다. [서비스 공급자 메타데이터가 정보를 제공함]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "이 서비스 공급자가 받는 원소를 암호화해야 할지 여부입니다.", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "이 서비스 공급자가 받는 SAMLResponse의 NameID 원소가 존재해야 할지 여부입니다.", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "이 서비스 공급자가 받는 NameID를 암호화해야 할지 여부입니다.", + "Indicates if the SP will validate all received XML." : "SP에서 모든 수신 XML을 검증할지 여부입니다.", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS는 SAML 데이터를 소문자로 URL에 인코딩하며, 툴킷은 기본적으로 대문자를 사용합니다. 서명 검증 시 ADFS 호환성이 필요할 때 사용하십시오.", + "Attribute to map the UID to." : "UID를 매핑할 속성입니다.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "다른 백엔드(예: LDAP)에 계정이 있을 때에만 인증을 허용합니다.", + "Attribute to map the displayname to." : "표시 이름을 매핑할 속성입니다.", + "Attribute to map the email address to." : "이메일 주소를 매핑할 속성입니다.", + "Attribute to map the quota to." : "할당량을 매핑할 속성입니다.", + "Attribute to map the users groups to." : "사용자 그룹을 매핑할 속성입니다.", + "Attribute to map the users home to." : "사용자 홈 경로를 매핑할 속성입니다.", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "%s 데스크톱 클라이언트에 SAML 인증을 사용합니다(사용자 재인증이 필요함)", + "Optional display name of the identity provider (default: \"SSO & SAML log in\")" : "인증 공급자 표시 이름(선택 사항, 기본값: \"SSO 및 SAML 로그인\")", + "Allow the use of multiple user back-ends (e.g. LDAP)" : "다중 사용자 백엔드 허용(예: LDAP)", + "SSO & SAML authentication" : "SSO 및 SAML 인증", + "Authenticate using single sign-on" : "통합 로그인으로 인증", + "Using the SSO & SAML app of your Nextcloud you can make it easily possible to integrate your existing Single-Sign-On solution with Nextcloud. In addition, you can use the Nextcloud LDAP user provider to keep the convenience for users. (e.g. when sharing)\nThe following providers are supported and tested at the moment:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Authentication via Environment Variable**\n\t* Kerberos (mod_auth_kerb)\n\t* Any other provider that authenticates using the environment variable\n\nWhile theoretically any other authentication provider implementing either one of those standards is compatible, we like to note that they are not part of any internal test matrix." : "Nextcloud의 SSO 및 SAML 앱을 사용하면 기존 통합 로그인 솔루션과 Nextcloud를 통합할 수 있습니다. 추가적으로 사용자 편의성을 위해서(예: 공유 시) Nextcloud LDAP 사용자 공급자를 지정할 수 있습니다.\n현재 다음 공급자를 지원합니다:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services ADFS)\n\n* **환경 변수를 통한 인증**\n\t* Kerberos(mod_auth_kerb)\n\t* 기타 환경 변수를 사용하는 인증 공급자\n\n이론적으로 같은 표준을 사용하는 다른 인증 공급자를 사용할 수 있으나, 내부적으로 시험되지 않았습니다.", + "Open documentation" : "문서 열기", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you enabled \"%s\" or you go directly to the URL %s." : "인스턴스에 SSO로 접근할 수 있는 관리 사용자를 설정하십시오. 더 이상 일반 %s 계정으로 로그인할 수 없습니다. 일반 계정으로 로그인하려면 \"%s\"을(를) 활성화하거나 %s URL을 직접 방문해야 합니다.", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you go directly to the URL %s." : "인스턴스에 SSO로 접근할 수 있는 관리 사용자를 설정하십시오. 더 이상 일반 %s 계정으로 로그인할 수 없습니다. 일반 계정으로 로그인하려면 %s URL을 직접 방문해야 합니다.", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Nextcloud에 내장된 SAML 공급자로 인증할지, 환경 변수를 사용하여 인증할지를 선택하십시오.", + "Use built-in SAML authentication" : "내장 SAML 인증 사용", + "Use environment variable" : "환경 변수 사용", + "Global settings" : "전역 설정", + "Remove identity provider" : "인증 공급자 삭제", + "Add identity provider" : "인증 공급자 추가", + "General" : "일반", + "Service Provider Data" : "서비스 공급자 데이터", + "If your Service Provider should use certificates you can optionally specify them here." : "서비스 공급자가 인증서를 사용한다면 여기에 추가적으로 지정할 수 있습니다.", + "Show Service Provider settings…" : "서비스 공급자 설정 표시…", + "Identity Provider Data" : "인증 공급자 데이터", + "Configure your IdP settings here." : "IdP를 여기에서 설정할 수 있습니다.", + "Identifier of the IdP entity (must be a URI)" : "IdP 엔티티 식별자(URI여야 함)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "SP에서 인증 요청 메시지를 보낼 IdP 대상 URL", + "Show optional Identity Provider settings…" : "추가 인증 공급자 설정 표시…", + "URL Location of the IdP where the SP will send the SLO Request" : "SP에서 SLO 요청 메시지를 보낼 IdP 대상 URL", + "Public X.509 certificate of the IdP" : "IdP의 공개 X.509 인증서", + "Attribute mapping" : "속성 매핑", + "If you want to optionally map attributes to the user you can configure these here." : "추가 속성을 사용자에게 연결하려면 여기에서 설정하십시오.", + "Show attribute mapping settings…" : "속성 매핑 설정 표시…", + "Security settings" : "보안 설정", + "For increased security we recommend enabling the following settings if supported by your environment." : "보안을 강화하기 위해서 환경에서 지원하는 경우 다음 설정을 사용할 것을 추천합니다.", + "Show security settings…" : "보안 설정 표시…", + "Signatures and encryption offered" : "서명과 암호화 제공됨", + "Signatures and encryption required" : "서명과 암호화 필요함", + "Download metadata XML" : "메타데이터 XML 다운로드", + "Reset settings" : "설정 초기화", + "Metadata invalid" : "메타데이터 잘못됨", + "Metadata valid" : "메타데이터 올바름", + "Error" : "오류", + "Account not provisioned." : "계정이 프로비전되지 않았습니다.", + "Your account is not provisioned, access to this service is thus not possible." : "계정이 프로비전되지 않아서 이 서비스에 접근할 수 없습니다.", + "Choose a authentication provider" : "인증 공급자 선택" +},"pluralForm" :"nplurals=1; plural=0;" +} \ No newline at end of file diff --git a/docker/nextcloud/user_saml/l10n/lb.js b/docker/nextcloud/user_saml/l10n/lb.js new file mode 100755 index 0000000..73fa215 --- /dev/null +++ b/docker/nextcloud/user_saml/l10n/lb.js @@ -0,0 +1,10 @@ +OC.L10N.register( + "user_saml", + { + "Saved" : "Gespäichert", + "Open documentation" : "Dokumentatioun opmaachen", + "General" : "Allgemeng", + "Metadata invalid" : "Falsch Metadata", + "Error" : "Fehler" +}, +"nplurals=2; plural=(n != 1);"); diff --git a/docker/nextcloud/user_saml/l10n/lb.json b/docker/nextcloud/user_saml/l10n/lb.json new file mode 100755 index 0000000..832d573 --- /dev/null +++ b/docker/nextcloud/user_saml/l10n/lb.json @@ -0,0 +1,8 @@ +{ "translations": { + "Saved" : "Gespäichert", + "Open documentation" : "Dokumentatioun opmaachen", + "General" : "Allgemeng", + "Metadata invalid" : "Falsch Metadata", + "Error" : "Fehler" +},"pluralForm" :"nplurals=2; plural=(n != 1);" +} \ No newline at end of file diff --git a/docker/nextcloud/user_saml/l10n/lt_LT.js b/docker/nextcloud/user_saml/l10n/lt_LT.js new file mode 100755 index 0000000..b356a05 --- /dev/null +++ b/docker/nextcloud/user_saml/l10n/lt_LT.js @@ -0,0 +1,35 @@ +OC.L10N.register( + "user_saml", + { + "This user account is disabled, please contact your administrator." : "Ši naudotojo paskyra yra išjungta, prašome susisiekti su savo administratoriumi.", + "Saved" : "Įrašyta", + "Unknown error, please check the log file for more details." : "Nežinoma klaida, išsamesnei informacijai žiūrėkite žurnalo failą.", + "Direct log in" : "Tiesioginis prisijungimas", + "X.509 certificate of the Service Provider" : "Paslaugų teikėjo X.509 liudijimas", + "Private key of the Service Provider" : "Paslaugų teikėjo privatusis raktas", + "Whether the metadata should be signed." : "Ar metaduomenys turėtų būti pasirašyti.", + "Email address" : "El. pašto adresas", + "Entity" : "Esybė", + "SSO & SAML authentication" : "SSO & SAML tapatybės nustatymas", + "Open documentation" : "Atverti dokumentaciją", + "Use built-in SAML authentication" : "Naudoti įtaisytąjį SAML tapatybės nustatymą", + "Use environment variable" : "Naudoti aplinkos kintamąjį", + "Global settings" : "Visuotiniai nustatymai", + "General" : "Bendra", + "Service Provider Data" : "Paslaugų teikėjo duomenys", + "If your Service Provider should use certificates you can optionally specify them here." : "Jeigu jūsų paslaugų teikėjas turėtų naudoti liudijimus, galite čia pasirinktinai juos nurodyti.", + "Show Service Provider settings…" : "Rodyti paslaugų teikėjo nustatymus…", + "Identity Provider Data" : "Tapatybės teikėjo duomenys", + "Configure your IdP settings here." : "Čia konfigūruokite savo IdP nustatymus.", + "Identifier of the IdP entity (must be a URI)" : "IdP esybės identifikatorius (privalo būti URI)", + "Security settings" : "Saugumo nustatymai", + "Show security settings…" : "Rodyti saugumo nustatymus…", + "Signatures and encryption offered" : "Siūlomi parašai ir šifravimas", + "Signatures and encryption required" : "Reikalingi parašai ir šifravimas", + "Download metadata XML" : "Atsisiųsti metaduomenų XML", + "Reset settings" : "Atstatyti nustatymus", + "Metadata invalid" : "Metaduomenys neteisingi", + "Metadata valid" : "Metaduomenys teisingi", + "Error" : "Klaida" +}, +"nplurals=4; plural=(n % 10 == 1 && (n % 100 > 19 || n % 100 < 11) ? 0 : (n % 10 >= 2 && n % 10 <=9) && (n % 100 > 19 || n % 100 < 11) ? 1 : n % 1 != 0 ? 2: 3);"); diff --git a/docker/nextcloud/user_saml/l10n/lt_LT.json b/docker/nextcloud/user_saml/l10n/lt_LT.json new file mode 100755 index 0000000..e29ab1c --- /dev/null +++ b/docker/nextcloud/user_saml/l10n/lt_LT.json @@ -0,0 +1,33 @@ +{ "translations": { + "This user account is disabled, please contact your administrator." : "Ši naudotojo paskyra yra išjungta, prašome susisiekti su savo administratoriumi.", + "Saved" : "Įrašyta", + "Unknown error, please check the log file for more details." : "Nežinoma klaida, išsamesnei informacijai žiūrėkite žurnalo failą.", + "Direct log in" : "Tiesioginis prisijungimas", + "X.509 certificate of the Service Provider" : "Paslaugų teikėjo X.509 liudijimas", + "Private key of the Service Provider" : "Paslaugų teikėjo privatusis raktas", + "Whether the metadata should be signed." : "Ar metaduomenys turėtų būti pasirašyti.", + "Email address" : "El. pašto adresas", + "Entity" : "Esybė", + "SSO & SAML authentication" : "SSO & SAML tapatybės nustatymas", + "Open documentation" : "Atverti dokumentaciją", + "Use built-in SAML authentication" : "Naudoti įtaisytąjį SAML tapatybės nustatymą", + "Use environment variable" : "Naudoti aplinkos kintamąjį", + "Global settings" : "Visuotiniai nustatymai", + "General" : "Bendra", + "Service Provider Data" : "Paslaugų teikėjo duomenys", + "If your Service Provider should use certificates you can optionally specify them here." : "Jeigu jūsų paslaugų teikėjas turėtų naudoti liudijimus, galite čia pasirinktinai juos nurodyti.", + "Show Service Provider settings…" : "Rodyti paslaugų teikėjo nustatymus…", + "Identity Provider Data" : "Tapatybės teikėjo duomenys", + "Configure your IdP settings here." : "Čia konfigūruokite savo IdP nustatymus.", + "Identifier of the IdP entity (must be a URI)" : "IdP esybės identifikatorius (privalo būti URI)", + "Security settings" : "Saugumo nustatymai", + "Show security settings…" : "Rodyti saugumo nustatymus…", + "Signatures and encryption offered" : "Siūlomi parašai ir šifravimas", + "Signatures and encryption required" : "Reikalingi parašai ir šifravimas", + "Download metadata XML" : "Atsisiųsti metaduomenų XML", + "Reset settings" : "Atstatyti nustatymus", + "Metadata invalid" : "Metaduomenys neteisingi", + "Metadata valid" : "Metaduomenys teisingi", + "Error" : "Klaida" +},"pluralForm" :"nplurals=4; plural=(n % 10 == 1 && (n % 100 > 19 || n % 100 < 11) ? 0 : (n % 10 >= 2 && n % 10 <=9) && (n % 100 > 19 || n % 100 < 11) ? 1 : n % 1 != 0 ? 2: 3);" +} \ No newline at end of file diff --git a/docker/nextcloud/user_saml/l10n/lv.js b/docker/nextcloud/user_saml/l10n/lv.js new file mode 100755 index 0000000..12ea872 --- /dev/null +++ b/docker/nextcloud/user_saml/l10n/lv.js @@ -0,0 +1,26 @@ +OC.L10N.register( + "user_saml", + { + "Saved" : "Saglabāts", + "X.509 certificate of the Service Provider" : "X.509 sertifikātu no pakalpojumu sniedzēja", + "Private key of the Service Provider" : "Privātā atslēga no pakalpojumu sniedzēja", + "SSO & SAML authentication" : "SSO & SAML autentifikācija", + "Open documentation" : "Atvērt dokumentāciju", + "Use built-in SAML authentication" : "Izmantot iebūvēto SAML autentifikācija", + "Use environment variable" : "Izmantot vides mainīgo", + "General" : "Vispārīgi", + "Service Provider Data" : "Pakalpojumu sniedzēja dati", + "If your Service Provider should use certificates you can optionally specify them here." : "Ja jūsu pakalpojumu sniedzējs izmanto sertifikātus, varat norādiet tos šeit.", + "Identity Provider Data" : "Identitātes nodrošinātāja dati", + "Configure your IdP settings here." : "Konfigurēt IdP iestatījumus šeit.", + "Security settings" : "Drošības iestatījumi", + "For increased security we recommend enabling the following settings if supported by your environment." : "Lai paaugstinātu drošību, iesakām iespējot šos iestatījumus, ja to atbalsta jūsu vidē.", + "Signatures and encryption required" : "Paraksti un šifrēšana ir nepieciešama", + "Download metadata XML" : "Lejupielādēt metadatu XML", + "Metadata invalid" : "Nederīgi metadati", + "Metadata valid" : "Derīgi metadati", + "Error" : "Kļūda", + "Account not provisioned." : "Konts nav nodrošināts.", + "Your account is not provisioned, access to this service is thus not possible." : "Jūsu konts netiek nodrošināts, tādējādi piekļuve šim pakalpojumam nav iespējama." +}, +"nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n != 0 ? 1 : 2);"); diff --git a/docker/nextcloud/user_saml/l10n/lv.json b/docker/nextcloud/user_saml/l10n/lv.json new file mode 100755 index 0000000..ac3b87c --- /dev/null +++ b/docker/nextcloud/user_saml/l10n/lv.json @@ -0,0 +1,24 @@ +{ "translations": { + "Saved" : "Saglabāts", + "X.509 certificate of the Service Provider" : "X.509 sertifikātu no pakalpojumu sniedzēja", + "Private key of the Service Provider" : "Privātā atslēga no pakalpojumu sniedzēja", + "SSO & SAML authentication" : "SSO & SAML autentifikācija", + "Open documentation" : "Atvērt dokumentāciju", + "Use built-in SAML authentication" : "Izmantot iebūvēto SAML autentifikācija", + "Use environment variable" : "Izmantot vides mainīgo", + "General" : "Vispārīgi", + "Service Provider Data" : "Pakalpojumu sniedzēja dati", + "If your Service Provider should use certificates you can optionally specify them here." : "Ja jūsu pakalpojumu sniedzējs izmanto sertifikātus, varat norādiet tos šeit.", + "Identity Provider Data" : "Identitātes nodrošinātāja dati", + "Configure your IdP settings here." : "Konfigurēt IdP iestatījumus šeit.", + "Security settings" : "Drošības iestatījumi", + "For increased security we recommend enabling the following settings if supported by your environment." : "Lai paaugstinātu drošību, iesakām iespējot šos iestatījumus, ja to atbalsta jūsu vidē.", + "Signatures and encryption required" : "Paraksti un šifrēšana ir nepieciešama", + "Download metadata XML" : "Lejupielādēt metadatu XML", + "Metadata invalid" : "Nederīgi metadati", + "Metadata valid" : "Derīgi metadati", + "Error" : "Kļūda", + "Account not provisioned." : "Konts nav nodrošināts.", + "Your account is not provisioned, access to this service is thus not possible." : "Jūsu konts netiek nodrošināts, tādējādi piekļuve šim pakalpojumam nav iespējama." +},"pluralForm" :"nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n != 0 ? 1 : 2);" +} \ No newline at end of file diff --git a/docker/nextcloud/user_saml/l10n/mk.js b/docker/nextcloud/user_saml/l10n/mk.js new file mode 100755 index 0000000..b6ea1e5 --- /dev/null +++ b/docker/nextcloud/user_saml/l10n/mk.js @@ -0,0 +1,10 @@ +OC.L10N.register( + "user_saml", + { + "Saved" : "Зачувано", + "Email address" : "Е-пошта адреси", + "Open documentation" : "Отвори ја документацијата", + "General" : "Општо", + "Error" : "Грешка" +}, +"nplurals=2; plural=(n % 10 == 1 && n % 100 != 11) ? 0 : 1;"); diff --git a/docker/nextcloud/user_saml/l10n/mk.json b/docker/nextcloud/user_saml/l10n/mk.json new file mode 100755 index 0000000..c12a24d --- /dev/null +++ b/docker/nextcloud/user_saml/l10n/mk.json @@ -0,0 +1,8 @@ +{ "translations": { + "Saved" : "Зачувано", + "Email address" : "Е-пошта адреси", + "Open documentation" : "Отвори ја документацијата", + "General" : "Општо", + "Error" : "Грешка" +},"pluralForm" :"nplurals=2; plural=(n % 10 == 1 && n % 100 != 11) ? 0 : 1;" +} \ No newline at end of file diff --git a/docker/nextcloud/user_saml/l10n/nb.js b/docker/nextcloud/user_saml/l10n/nb.js new file mode 100755 index 0000000..ab5b0be --- /dev/null +++ b/docker/nextcloud/user_saml/l10n/nb.js @@ -0,0 +1,88 @@ +OC.L10N.register( + "user_saml", + { + "This user account is disabled, please contact your administrator." : "Denne brukerkontoen er avskrudd, kontakt administratoren din.", + "Saved" : "Lagret", + "Provider" : "Tilbyder", + "Unknown error, please check the log file for more details." : "Ukjent feil, sjekk loggfilen for flere detaljer.", + "Direct log in" : "Direkte innlogging", + "SSO & SAML log in" : "SSO- og SAML -innlogging", + "This page should not be visited directly." : "Denne siden bør ikke besøkes direkte.", + "Provider " : "Tilbyder", + "X.509 certificate of the Service Provider" : "X.509-sertifikat for tjenesteleverandøren", + "Private key of the Service Provider" : "Privat nøkkel for tjenesteleverandøren", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Forteller om av denne SPen er kryptert.", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Forteller om -meldinger sendt av denne SP-en vil bli signert. [Metadataen til SP-en vil ha denne infoen å by på]", + "Indicates whether the messages sent by this SP will be signed." : "Forteller om av denne SPen er signert.", + "Indicates whether the messages sent by this SP will be signed." : "Forteller om av denne SP-en er signert.", + "Whether the metadata should be signed." : "Om metadataene skal være signert.", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Forteller om kravet om signering for , og -elementer mottatt av denne SP-en.", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Forteller om kravet om signering for -elementer mottatt av denne SP-en. [Metadataen til denne SP-en vil ha denne infoen å by på]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Forteller om kravet for om kryptering for -elementer mottatt av denne SP-en.", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Forteller om kravet om at dette NameID-elementet på SAMLResponse mottatt av denne SP-en skal være tilstede.", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Forteller om kravet om at NameID mottatt av denne SP-en skal være kryptert.", + "Indicates if the SP will validate all received XML." : "Forteller om SP-en skal validere all mottatt XML.", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS URL-koder SAML-data som små bokstaver, og verktøyssettet bruker store bokstaver som forvalg. Skru på for ADFS-kompabilitet for signaturbekreftelse.", + "Algorithm that the toolkit will use on signing process." : "Algoritme som verktøysettet skal bruke ved signeringsprosessen.", + "Attribute to map the UID to." : "Attributt å binde UID til.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Bare tillat autentisering hvis en konto finnes på en annen bakende. (f.eks. LDAP)", + "Attribute to map the displayname to." : "Attributt å binde visningsnavnet til.", + "Attribute to map the email address to." : "Attributt å binde e-postadressen til.", + "Attribute to map the quota to." : "Egenskap å tilordne kvoten til.", + "Attribute to map the users groups to." : "Egenskap for å tilordne brukergruppene til.", + "Attribute to map the users home to." : "Egenskap for å tilordne hjem for brukere til.", + "Email address" : "E-post adresse", + "Encrypted" : "Kryptert", + "Entity" : "Enhet", + "Kerberos" : "Kerberos", + "Persistent" : "Vedvarende", + "Transient" : "Flyktig", + "Unspecified" : "Uspesifisert", + "Windows domain qualified name" : "Windows-domenekvalifisert navn", + "X509 subject name" : "X509 emne navn", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Bruk SAML-auth for %s-skrivebordsklienter (krever ny autentisering av brukere)", + "Optional display name of the identity provider (default: \"SSO & SAML log in\")" : "Valgfritt visningsnavn for identitetsleverandøren (standard: \"SSO & SAML logg inn\")", + "Allow the use of multiple user back-ends (e.g. LDAP)" : "Tillat bruk av flere brukerbakgrunner (f.eks. LDAP)", + "SSO & SAML authentication" : "SSO- og SAML-autentisering", + "Authenticate using single sign-on" : "Autentiser med enkel pålogging", + "Using the SSO & SAML app of your Nextcloud you can make it easily possible to integrate your existing Single-Sign-On solution with Nextcloud. In addition, you can use the Nextcloud LDAP user provider to keep the convenience for users. (e.g. when sharing)\nThe following providers are supported and tested at the moment:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Authentication via Environment Variable**\n\t* Kerberos (mod_auth_kerb)\n\t* Any other provider that authenticates using the environment variable\n\nWhile theoretically any other authentication provider implementing either one of those standards is compatible, we like to note that they are not part of any internal test matrix." : "Ved å bruke SSO & SAML-appen til Nextcloud kan du enkelt gjøre det mulig å integrere din eksisterende Single Sign-On-løsning med Nextcloud. I tillegg kan du bruke Nextcloud LDAP-brukerleverandøren for å beholde brukerne. (f.eks. når du deler)\nFølgende leverandører støttes og testes for øyeblikket:\n\n* ** SAML 2.0 **\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* ** Autentisering via miljøvariabel **\n\t* Kerberos (mod_auth_kerb)\n\t* Enhver annen leverandør som autentiserer ved hjelp av miljøvariabelen\n\nMens teoretisk er alle andre godkjenningsleverandører som implementerer en av disse standardene kompatible, vil vi merke at de ikke er en del av noen intern testmatrise.", + "Open documentation" : "Åpne dokumentasjonen", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you enabled \"%s\" or you go directly to the URL %s." : "Sørg for å konfigurere en administrativ bruker som har tilgang til forekomsten via SSO. Innlogging med den vanlige %s kontoen din vil ikke være mulig lenger, med mindre du har aktivert \"%s\" eller du går direkte til URL-en %s.", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you go directly to the URL %s." : "Sørg for å konfigurere en administrativ bruker som har tilgang til forekomsten via SSO. Innlogging med den vanlige %s kontoen din vil ikke være mulig lenger, med mindre du går direkte til URL-en %s.", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Velg om du vil identifisere deg med SAML-tilbyderen som er innebygget i Nextcloud eller om du vil du vil identifisere deg mot en miljøvariabel.", + "Use built-in SAML authentication" : "Bruk innebygd SAML-autentisering", + "Use environment variable" : "Bruk miljøvariabel", + "Global settings" : "Globale innstillinger", + "Remove identity provider" : "Fjern identitetstilbyder.", + "Add identity provider" : "Legg til identitetstilbyder", + "General" : "Generelt", + "Service Provider Data" : "Tjenesteleverandørdata", + "If your Service Provider should use certificates you can optionally specify them here." : "Hvis din tjenesteleverandør skal bruke sertifikater kan du velge å spesifisere dem her.", + "Show Service Provider settings…" : "Vis tjenesteleverandørinnstillinger…", + "Name ID format" : "Navn ID format", + "Identity Provider Data" : "Identitetstilbyder-data", + "Configure your IdP settings here." : "Konfigurer dine IdP innstillinger her.", + "Identifier of the IdP entity (must be a URI)" : "Identifikator for IdP-enheten (må være en URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "URL-mål for IdP der SP vil sende autentiseringsforespørselsmeldingen", + "Show optional Identity Provider settings…" : "Vis valgfrie identitetstilbyderinnstillinger…", + "URL Location of the IdP where the SP will send the SLO Request" : "URL-plassering for IdP der SP vil sende SLO-forespørselen", + "Public X.509 certificate of the IdP" : "Offentlig X.509 sertificat for IdP", + "Attribute mapping" : "Attributt-binding", + "If you want to optionally map attributes to the user you can configure these here." : "Hvis du valgfritt ønsker å knytte attributter til brukeren kan du sette opp disse her.", + "Show attribute mapping settings…" : "Vis attributttilnytningsinnstillinger…", + "Security settings" : "Sikkerhetsinnstillinger", + "For increased security we recommend enabling the following settings if supported by your environment." : "For økt sikkerhet anbefaler vi at du aktiverer følgende innstillinger hvis det er støttet i ditt systemlandskap.", + "Show security settings…" : "Vis sikkerhetsinnstillinger …", + "Signatures and encryption offered" : "Signaturer og kryptering er tilbudt", + "Signatures and encryption required" : "Signaturer og kryptering er påkrevd", + "Download metadata XML" : "Last ned XML med metadata", + "Reset settings" : "Tilbakestill innstillinger", + "Metadata invalid" : "Ugyldige metadata", + "Metadata valid" : "Gyldige metadata", + "Error" : "Feil", + "Account not provisioned." : "Kontoen er ikke klargjort", + "Your account is not provisioned, access to this service is thus not possible." : "Din konto er ikke klargjort, tilgang til denne tjenesten er ikke mulig akkurat nå.", + "Login options:" : "Innloggingsinstillinger:", + "Choose a authentication provider" : "Velg en autentiseringstilbyder" +}, +"nplurals=2; plural=(n != 1);"); diff --git a/docker/nextcloud/user_saml/l10n/nb.json b/docker/nextcloud/user_saml/l10n/nb.json new file mode 100755 index 0000000..d0fba5d --- /dev/null +++ b/docker/nextcloud/user_saml/l10n/nb.json @@ -0,0 +1,86 @@ +{ "translations": { + "This user account is disabled, please contact your administrator." : "Denne brukerkontoen er avskrudd, kontakt administratoren din.", + "Saved" : "Lagret", + "Provider" : "Tilbyder", + "Unknown error, please check the log file for more details." : "Ukjent feil, sjekk loggfilen for flere detaljer.", + "Direct log in" : "Direkte innlogging", + "SSO & SAML log in" : "SSO- og SAML -innlogging", + "This page should not be visited directly." : "Denne siden bør ikke besøkes direkte.", + "Provider " : "Tilbyder", + "X.509 certificate of the Service Provider" : "X.509-sertifikat for tjenesteleverandøren", + "Private key of the Service Provider" : "Privat nøkkel for tjenesteleverandøren", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Forteller om av denne SPen er kryptert.", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Forteller om -meldinger sendt av denne SP-en vil bli signert. [Metadataen til SP-en vil ha denne infoen å by på]", + "Indicates whether the messages sent by this SP will be signed." : "Forteller om av denne SPen er signert.", + "Indicates whether the messages sent by this SP will be signed." : "Forteller om av denne SP-en er signert.", + "Whether the metadata should be signed." : "Om metadataene skal være signert.", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Forteller om kravet om signering for , og -elementer mottatt av denne SP-en.", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Forteller om kravet om signering for -elementer mottatt av denne SP-en. [Metadataen til denne SP-en vil ha denne infoen å by på]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Forteller om kravet for om kryptering for -elementer mottatt av denne SP-en.", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Forteller om kravet om at dette NameID-elementet på SAMLResponse mottatt av denne SP-en skal være tilstede.", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Forteller om kravet om at NameID mottatt av denne SP-en skal være kryptert.", + "Indicates if the SP will validate all received XML." : "Forteller om SP-en skal validere all mottatt XML.", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS URL-koder SAML-data som små bokstaver, og verktøyssettet bruker store bokstaver som forvalg. Skru på for ADFS-kompabilitet for signaturbekreftelse.", + "Algorithm that the toolkit will use on signing process." : "Algoritme som verktøysettet skal bruke ved signeringsprosessen.", + "Attribute to map the UID to." : "Attributt å binde UID til.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Bare tillat autentisering hvis en konto finnes på en annen bakende. (f.eks. LDAP)", + "Attribute to map the displayname to." : "Attributt å binde visningsnavnet til.", + "Attribute to map the email address to." : "Attributt å binde e-postadressen til.", + "Attribute to map the quota to." : "Egenskap å tilordne kvoten til.", + "Attribute to map the users groups to." : "Egenskap for å tilordne brukergruppene til.", + "Attribute to map the users home to." : "Egenskap for å tilordne hjem for brukere til.", + "Email address" : "E-post adresse", + "Encrypted" : "Kryptert", + "Entity" : "Enhet", + "Kerberos" : "Kerberos", + "Persistent" : "Vedvarende", + "Transient" : "Flyktig", + "Unspecified" : "Uspesifisert", + "Windows domain qualified name" : "Windows-domenekvalifisert navn", + "X509 subject name" : "X509 emne navn", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Bruk SAML-auth for %s-skrivebordsklienter (krever ny autentisering av brukere)", + "Optional display name of the identity provider (default: \"SSO & SAML log in\")" : "Valgfritt visningsnavn for identitetsleverandøren (standard: \"SSO & SAML logg inn\")", + "Allow the use of multiple user back-ends (e.g. LDAP)" : "Tillat bruk av flere brukerbakgrunner (f.eks. LDAP)", + "SSO & SAML authentication" : "SSO- og SAML-autentisering", + "Authenticate using single sign-on" : "Autentiser med enkel pålogging", + "Using the SSO & SAML app of your Nextcloud you can make it easily possible to integrate your existing Single-Sign-On solution with Nextcloud. In addition, you can use the Nextcloud LDAP user provider to keep the convenience for users. (e.g. when sharing)\nThe following providers are supported and tested at the moment:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Authentication via Environment Variable**\n\t* Kerberos (mod_auth_kerb)\n\t* Any other provider that authenticates using the environment variable\n\nWhile theoretically any other authentication provider implementing either one of those standards is compatible, we like to note that they are not part of any internal test matrix." : "Ved å bruke SSO & SAML-appen til Nextcloud kan du enkelt gjøre det mulig å integrere din eksisterende Single Sign-On-løsning med Nextcloud. I tillegg kan du bruke Nextcloud LDAP-brukerleverandøren for å beholde brukerne. (f.eks. når du deler)\nFølgende leverandører støttes og testes for øyeblikket:\n\n* ** SAML 2.0 **\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* ** Autentisering via miljøvariabel **\n\t* Kerberos (mod_auth_kerb)\n\t* Enhver annen leverandør som autentiserer ved hjelp av miljøvariabelen\n\nMens teoretisk er alle andre godkjenningsleverandører som implementerer en av disse standardene kompatible, vil vi merke at de ikke er en del av noen intern testmatrise.", + "Open documentation" : "Åpne dokumentasjonen", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you enabled \"%s\" or you go directly to the URL %s." : "Sørg for å konfigurere en administrativ bruker som har tilgang til forekomsten via SSO. Innlogging med den vanlige %s kontoen din vil ikke være mulig lenger, med mindre du har aktivert \"%s\" eller du går direkte til URL-en %s.", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you go directly to the URL %s." : "Sørg for å konfigurere en administrativ bruker som har tilgang til forekomsten via SSO. Innlogging med den vanlige %s kontoen din vil ikke være mulig lenger, med mindre du går direkte til URL-en %s.", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Velg om du vil identifisere deg med SAML-tilbyderen som er innebygget i Nextcloud eller om du vil du vil identifisere deg mot en miljøvariabel.", + "Use built-in SAML authentication" : "Bruk innebygd SAML-autentisering", + "Use environment variable" : "Bruk miljøvariabel", + "Global settings" : "Globale innstillinger", + "Remove identity provider" : "Fjern identitetstilbyder.", + "Add identity provider" : "Legg til identitetstilbyder", + "General" : "Generelt", + "Service Provider Data" : "Tjenesteleverandørdata", + "If your Service Provider should use certificates you can optionally specify them here." : "Hvis din tjenesteleverandør skal bruke sertifikater kan du velge å spesifisere dem her.", + "Show Service Provider settings…" : "Vis tjenesteleverandørinnstillinger…", + "Name ID format" : "Navn ID format", + "Identity Provider Data" : "Identitetstilbyder-data", + "Configure your IdP settings here." : "Konfigurer dine IdP innstillinger her.", + "Identifier of the IdP entity (must be a URI)" : "Identifikator for IdP-enheten (må være en URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "URL-mål for IdP der SP vil sende autentiseringsforespørselsmeldingen", + "Show optional Identity Provider settings…" : "Vis valgfrie identitetstilbyderinnstillinger…", + "URL Location of the IdP where the SP will send the SLO Request" : "URL-plassering for IdP der SP vil sende SLO-forespørselen", + "Public X.509 certificate of the IdP" : "Offentlig X.509 sertificat for IdP", + "Attribute mapping" : "Attributt-binding", + "If you want to optionally map attributes to the user you can configure these here." : "Hvis du valgfritt ønsker å knytte attributter til brukeren kan du sette opp disse her.", + "Show attribute mapping settings…" : "Vis attributttilnytningsinnstillinger…", + "Security settings" : "Sikkerhetsinnstillinger", + "For increased security we recommend enabling the following settings if supported by your environment." : "For økt sikkerhet anbefaler vi at du aktiverer følgende innstillinger hvis det er støttet i ditt systemlandskap.", + "Show security settings…" : "Vis sikkerhetsinnstillinger …", + "Signatures and encryption offered" : "Signaturer og kryptering er tilbudt", + "Signatures and encryption required" : "Signaturer og kryptering er påkrevd", + "Download metadata XML" : "Last ned XML med metadata", + "Reset settings" : "Tilbakestill innstillinger", + "Metadata invalid" : "Ugyldige metadata", + "Metadata valid" : "Gyldige metadata", + "Error" : "Feil", + "Account not provisioned." : "Kontoen er ikke klargjort", + "Your account is not provisioned, access to this service is thus not possible." : "Din konto er ikke klargjort, tilgang til denne tjenesten er ikke mulig akkurat nå.", + "Login options:" : "Innloggingsinstillinger:", + "Choose a authentication provider" : "Velg en autentiseringstilbyder" +},"pluralForm" :"nplurals=2; plural=(n != 1);" +} \ No newline at end of file diff --git a/docker/nextcloud/user_saml/l10n/nl.js b/docker/nextcloud/user_saml/l10n/nl.js new file mode 100755 index 0000000..1c15005 --- /dev/null +++ b/docker/nextcloud/user_saml/l10n/nl.js @@ -0,0 +1,89 @@ +OC.L10N.register( + "user_saml", + { + "This user account is disabled, please contact your administrator." : "Dit gebruikersaccount is uitgeschakeld, neem a.u.b. contact op met je beheerder.", + "Saved" : "Bewaard", + "Provider" : "Provider", + "Unknown error, please check the log file for more details." : "Onbekende fout, controleer de log voor meer details.", + "Direct log in" : "Directe log-in", + "SSO & SAML log in" : "SSO & SAML login", + "This page should not be visited directly." : "Deze pagina zou niet rechtstreeks bezocht moeten worden. ", + "Provider " : "Provider ", + "X.509 certificate of the Service Provider" : "X.509 certificaat ban de Service Provider", + "Private key of the Service Provider" : "Privésleutel van de Service Provider", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Geeft aan dat de nameID van de verzonden door deze SP zal worden versleuteld.", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Geeft aan of het bericht, verzonden door deze SP, zal worden ondertekend. [Metadata van de SP verschaft deze info]", + "Indicates whether the messages sent by this SP will be signed." : "Geeft aan of het bericht, verzonden door deze SP, zal worden ondertekend.", + "Indicates whether the messages sent by this SP will be signed." : "Geeft aan of het bericht, verzonden door deze SP, zal worden ondertekend.", + "Whether the metadata should be signed." : "Of de metadata moet worden ondertekend.", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Betekent de vereiste van de ondertekening van de , en elementen die door deze SP worden ontvangen.", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Betekent de vereiste van ondertekening van het element dat door deze SP wordt ontvangen.\n[Metadata van de SP geeft deze info]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Betekent de vereiste van versleuteling van het element dat door deze SP wordt ontvangen.", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Betekent dat het NameID element in het door deze SP ontvangen SAMLResponse aanwezig moet zijn.", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Betekent dat het NameID element dat wordt ontvangen door deze SP versleuteld moet zijn.", + "Indicates if the SP will validate all received XML." : "Geeft aan of de SP alle ontvangen XMLs zal valideren.", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS URL - codeert SAML gegevens als kleine letters en de toolkit gebruikt standaard hoofdletters. Inschakelen voor ADFS compatibiliteit voor handtekeningverificatie.", + "Algorithm that the toolkit will use on signing process." : "Algoritme dat de toolkit zal gebruiken bij het ondertekeningsproces.", + "Attribute to map the UID to." : "Attribuut om de UID op te mappen.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Sta alleen authenticatie toe als een account bestaat op een ander backend (bijv. LDAP).", + "Attribute to map the displayname to." : "weergavenaam toekennen om in kaart te brengen", + "Attribute to map the email address to." : "Email adres toekennen om in kaart te brengen", + "Attribute to map the quota to." : "Attribuut om de quota op te mappen.", + "Attribute to map the users groups to." : "Attribuut om de gebruikersgroep aan te koppelen.", + "Attribute to map the users home to." : "Attribuut om de startpagina van de gebruiekrs aan te koppelen.", + "Email address" : "E-mailadres", + "Encrypted" : "Versleuteld", + "Entity" : "Eenheid", + "Kerberos" : "Kerberos", + "Persistent" : "Blijvend", + "Transient" : "Tijdelijk", + "Unspecified" : "Ongedefinieerd", + "Windows domain qualified name" : "Windows domain qualified name", + "X509 subject name" : "X509 onderwerpnaam", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Gebruik SAML authenticatie voor de %s desktop clients (vereist gebruiker herauthenticatie)", + "Optional display name of the identity provider (default: \"SSO & SAML log in\")" : "Optionele weergave naam van de identity provider (standaard: \"SSO & SAML log-in\")", + "Allow the use of multiple user back-ends (e.g. LDAP)" : "Sta het gebruik van meerdere gebruikers back-ends toe (bijvoorbeeld LDAP)", + "SSO & SAML authentication" : "SSO & SAML authenticatie", + "Authenticate using single sign-on" : "Authenticeren via single sign-on", + "Using the SSO & SAML app of your Nextcloud you can make it easily possible to integrate your existing Single-Sign-On solution with Nextcloud. In addition, you can use the Nextcloud LDAP user provider to keep the convenience for users. (e.g. when sharing)\nThe following providers are supported and tested at the moment:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Authentication via Environment Variable**\n\t* Kerberos (mod_auth_kerb)\n\t* Any other provider that authenticates using the environment variable\n\nWhile theoretically any other authentication provider implementing either one of those standards is compatible, we like to note that they are not part of any internal test matrix." : "Door gebruik te maken van de SSO & SAML app van je Nextcloud kun je makkelijk je bestaande Single-Sign-On oplossing integreren met Nextcloud. En daarbij kun je ook de Nextcloud LDAP gebruikersbeheerfuncties gebruiken voor meer gebruiksgemak van de gebruikers (bijv nij delen)\nDe volgende providers worden momenteel ondersteund en getest :\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Authenticatie via Omgevingsvariabele**\n\t* Kerberos (mod_auth_kerb)\n\t* Elke andere provider die inloggen via de omgevingsvariabele biedt\n\nHoewel in theorie elke andere authenticatieprovider die deze standaarden hanteert ook compatible zou moeten zijn, moeten we opmerken dat deze geen onderdeel van de interne testmatrix zijn.", + "Open documentation" : "Open documentatie", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you enabled \"%s\" or you go directly to the URL %s." : "Zorg ervoor dat er een gebruiker is met administratieve toegang om de instantie te benaderen met SSO. Inloggen met een reguliere %s account is niet langer mogelijk, tenzij \"%s\" is ingeschakeld of je direct naar URL %skunt gaan.", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you go directly to the URL %s." : "Zorg ervoor dat er een gebruiker is met administratieve toegang om de instantie te benaderen met SSO. Inloggen met een reguliere account is niet langer mogelijk, tenzij %s is ingeschakeld of je direct naar URL %s kunt gaan.", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Kies of je wilt authenticeren via de in Nextcloud ingebouwde SAML provider, of dat je wilt authenticeren tegen een omgevingsvariabele", + "Use built-in SAML authentication" : "Ingebouwde SAML authenticatie gebruiken", + "Use environment variable" : "Gebruik een omgevingsvariabele", + "Global settings" : "Globale instellingen", + "Remove identity provider" : "Verwijderen identity provider", + "Add identity provider" : "Toevoegen identity provider", + "General" : "Algemeen", + "Service Provider Data" : "Service Provider gegevens", + "If your Service Provider should use certificates you can optionally specify them here." : "Als je Service Provider certificaten moet gebruiken, kun je die hier optioneel opgeven.", + "Show Service Provider settings…" : "Serviceverleners instellingen weergeven...", + "Name ID format" : "Naam ID formaat", + "Identity Provider Data" : "Identity Provider gegevens", + "Configure your IdP settings here." : "Configureer hier je IdP instellingen.", + "Identifier of the IdP entity (must be a URI)" : "Identificatie van de IdP (moet een URI zijn)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "URL doel van de IdP waar de SP het Authentication Request Message naartoe zal versturen", + "Show optional Identity Provider settings…" : "Optionele Identiteit serviceverleners instellingen weergeven...", + "URL Location of the IdP where the SP will send the SLO Request" : "URL locatie van de IdP waar de SP het SLO Request naartoe zal versturen", + "URL Location of the IDP's SLO Response" : "URL locatie van de IDP's SLO Response", + "Public X.509 certificate of the IdP" : "Publiek X.509 certificaat van de IdP", + "Attribute mapping" : "mapping toekennen", + "If you want to optionally map attributes to the user you can configure these here." : "Mocht je optionele kenmerken aan de gebruiker wilt koppelen, kun je deze hier instellen", + "Show attribute mapping settings…" : "Attribuut instellingen weergeven...", + "Security settings" : "Beveiligingsinstellingen", + "For increased security we recommend enabling the following settings if supported by your environment." : "Voor verhoogde beveiliging adviseren we om de volgende instellingen te activeren als die door jouw omgeving worden ondersteund.", + "Show security settings…" : "Beveiligingsinstellingen weergeven...", + "Signatures and encryption offered" : "Beschikbare handtekeningen en versleuteling", + "Signatures and encryption required" : "Vereiste handtekeningen en versleuteling", + "Download metadata XML" : "Downloaden metadata XML", + "Reset settings" : "Terugzetten instellingen", + "Metadata invalid" : "Metadata ongeldig", + "Metadata valid" : "Metadata geldig", + "Error" : "Fout", + "Account not provisioned." : "Account niet verstrekt.", + "Your account is not provisioned, access to this service is thus not possible." : "Je account is niet verstrekt, toegang tot deze dienst is dus niet mogelijk.", + "Login options:" : "Inlogopties:", + "Choose a authentication provider" : "Kies een authenticatieprovider" +}, +"nplurals=2; plural=(n != 1);"); diff --git a/docker/nextcloud/user_saml/l10n/nl.json b/docker/nextcloud/user_saml/l10n/nl.json new file mode 100755 index 0000000..98daf52 --- /dev/null +++ b/docker/nextcloud/user_saml/l10n/nl.json @@ -0,0 +1,87 @@ +{ "translations": { + "This user account is disabled, please contact your administrator." : "Dit gebruikersaccount is uitgeschakeld, neem a.u.b. contact op met je beheerder.", + "Saved" : "Bewaard", + "Provider" : "Provider", + "Unknown error, please check the log file for more details." : "Onbekende fout, controleer de log voor meer details.", + "Direct log in" : "Directe log-in", + "SSO & SAML log in" : "SSO & SAML login", + "This page should not be visited directly." : "Deze pagina zou niet rechtstreeks bezocht moeten worden. ", + "Provider " : "Provider ", + "X.509 certificate of the Service Provider" : "X.509 certificaat ban de Service Provider", + "Private key of the Service Provider" : "Privésleutel van de Service Provider", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Geeft aan dat de nameID van de verzonden door deze SP zal worden versleuteld.", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Geeft aan of het bericht, verzonden door deze SP, zal worden ondertekend. [Metadata van de SP verschaft deze info]", + "Indicates whether the messages sent by this SP will be signed." : "Geeft aan of het bericht, verzonden door deze SP, zal worden ondertekend.", + "Indicates whether the messages sent by this SP will be signed." : "Geeft aan of het bericht, verzonden door deze SP, zal worden ondertekend.", + "Whether the metadata should be signed." : "Of de metadata moet worden ondertekend.", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Betekent de vereiste van de ondertekening van de , en elementen die door deze SP worden ontvangen.", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Betekent de vereiste van ondertekening van het element dat door deze SP wordt ontvangen.\n[Metadata van de SP geeft deze info]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Betekent de vereiste van versleuteling van het element dat door deze SP wordt ontvangen.", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Betekent dat het NameID element in het door deze SP ontvangen SAMLResponse aanwezig moet zijn.", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Betekent dat het NameID element dat wordt ontvangen door deze SP versleuteld moet zijn.", + "Indicates if the SP will validate all received XML." : "Geeft aan of de SP alle ontvangen XMLs zal valideren.", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS URL - codeert SAML gegevens als kleine letters en de toolkit gebruikt standaard hoofdletters. Inschakelen voor ADFS compatibiliteit voor handtekeningverificatie.", + "Algorithm that the toolkit will use on signing process." : "Algoritme dat de toolkit zal gebruiken bij het ondertekeningsproces.", + "Attribute to map the UID to." : "Attribuut om de UID op te mappen.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Sta alleen authenticatie toe als een account bestaat op een ander backend (bijv. LDAP).", + "Attribute to map the displayname to." : "weergavenaam toekennen om in kaart te brengen", + "Attribute to map the email address to." : "Email adres toekennen om in kaart te brengen", + "Attribute to map the quota to." : "Attribuut om de quota op te mappen.", + "Attribute to map the users groups to." : "Attribuut om de gebruikersgroep aan te koppelen.", + "Attribute to map the users home to." : "Attribuut om de startpagina van de gebruiekrs aan te koppelen.", + "Email address" : "E-mailadres", + "Encrypted" : "Versleuteld", + "Entity" : "Eenheid", + "Kerberos" : "Kerberos", + "Persistent" : "Blijvend", + "Transient" : "Tijdelijk", + "Unspecified" : "Ongedefinieerd", + "Windows domain qualified name" : "Windows domain qualified name", + "X509 subject name" : "X509 onderwerpnaam", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Gebruik SAML authenticatie voor de %s desktop clients (vereist gebruiker herauthenticatie)", + "Optional display name of the identity provider (default: \"SSO & SAML log in\")" : "Optionele weergave naam van de identity provider (standaard: \"SSO & SAML log-in\")", + "Allow the use of multiple user back-ends (e.g. LDAP)" : "Sta het gebruik van meerdere gebruikers back-ends toe (bijvoorbeeld LDAP)", + "SSO & SAML authentication" : "SSO & SAML authenticatie", + "Authenticate using single sign-on" : "Authenticeren via single sign-on", + "Using the SSO & SAML app of your Nextcloud you can make it easily possible to integrate your existing Single-Sign-On solution with Nextcloud. In addition, you can use the Nextcloud LDAP user provider to keep the convenience for users. (e.g. when sharing)\nThe following providers are supported and tested at the moment:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Authentication via Environment Variable**\n\t* Kerberos (mod_auth_kerb)\n\t* Any other provider that authenticates using the environment variable\n\nWhile theoretically any other authentication provider implementing either one of those standards is compatible, we like to note that they are not part of any internal test matrix." : "Door gebruik te maken van de SSO & SAML app van je Nextcloud kun je makkelijk je bestaande Single-Sign-On oplossing integreren met Nextcloud. En daarbij kun je ook de Nextcloud LDAP gebruikersbeheerfuncties gebruiken voor meer gebruiksgemak van de gebruikers (bijv nij delen)\nDe volgende providers worden momenteel ondersteund en getest :\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Authenticatie via Omgevingsvariabele**\n\t* Kerberos (mod_auth_kerb)\n\t* Elke andere provider die inloggen via de omgevingsvariabele biedt\n\nHoewel in theorie elke andere authenticatieprovider die deze standaarden hanteert ook compatible zou moeten zijn, moeten we opmerken dat deze geen onderdeel van de interne testmatrix zijn.", + "Open documentation" : "Open documentatie", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you enabled \"%s\" or you go directly to the URL %s." : "Zorg ervoor dat er een gebruiker is met administratieve toegang om de instantie te benaderen met SSO. Inloggen met een reguliere %s account is niet langer mogelijk, tenzij \"%s\" is ingeschakeld of je direct naar URL %skunt gaan.", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you go directly to the URL %s." : "Zorg ervoor dat er een gebruiker is met administratieve toegang om de instantie te benaderen met SSO. Inloggen met een reguliere account is niet langer mogelijk, tenzij %s is ingeschakeld of je direct naar URL %s kunt gaan.", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Kies of je wilt authenticeren via de in Nextcloud ingebouwde SAML provider, of dat je wilt authenticeren tegen een omgevingsvariabele", + "Use built-in SAML authentication" : "Ingebouwde SAML authenticatie gebruiken", + "Use environment variable" : "Gebruik een omgevingsvariabele", + "Global settings" : "Globale instellingen", + "Remove identity provider" : "Verwijderen identity provider", + "Add identity provider" : "Toevoegen identity provider", + "General" : "Algemeen", + "Service Provider Data" : "Service Provider gegevens", + "If your Service Provider should use certificates you can optionally specify them here." : "Als je Service Provider certificaten moet gebruiken, kun je die hier optioneel opgeven.", + "Show Service Provider settings…" : "Serviceverleners instellingen weergeven...", + "Name ID format" : "Naam ID formaat", + "Identity Provider Data" : "Identity Provider gegevens", + "Configure your IdP settings here." : "Configureer hier je IdP instellingen.", + "Identifier of the IdP entity (must be a URI)" : "Identificatie van de IdP (moet een URI zijn)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "URL doel van de IdP waar de SP het Authentication Request Message naartoe zal versturen", + "Show optional Identity Provider settings…" : "Optionele Identiteit serviceverleners instellingen weergeven...", + "URL Location of the IdP where the SP will send the SLO Request" : "URL locatie van de IdP waar de SP het SLO Request naartoe zal versturen", + "URL Location of the IDP's SLO Response" : "URL locatie van de IDP's SLO Response", + "Public X.509 certificate of the IdP" : "Publiek X.509 certificaat van de IdP", + "Attribute mapping" : "mapping toekennen", + "If you want to optionally map attributes to the user you can configure these here." : "Mocht je optionele kenmerken aan de gebruiker wilt koppelen, kun je deze hier instellen", + "Show attribute mapping settings…" : "Attribuut instellingen weergeven...", + "Security settings" : "Beveiligingsinstellingen", + "For increased security we recommend enabling the following settings if supported by your environment." : "Voor verhoogde beveiliging adviseren we om de volgende instellingen te activeren als die door jouw omgeving worden ondersteund.", + "Show security settings…" : "Beveiligingsinstellingen weergeven...", + "Signatures and encryption offered" : "Beschikbare handtekeningen en versleuteling", + "Signatures and encryption required" : "Vereiste handtekeningen en versleuteling", + "Download metadata XML" : "Downloaden metadata XML", + "Reset settings" : "Terugzetten instellingen", + "Metadata invalid" : "Metadata ongeldig", + "Metadata valid" : "Metadata geldig", + "Error" : "Fout", + "Account not provisioned." : "Account niet verstrekt.", + "Your account is not provisioned, access to this service is thus not possible." : "Je account is niet verstrekt, toegang tot deze dienst is dus niet mogelijk.", + "Login options:" : "Inlogopties:", + "Choose a authentication provider" : "Kies een authenticatieprovider" +},"pluralForm" :"nplurals=2; plural=(n != 1);" +} \ No newline at end of file diff --git a/docker/nextcloud/user_saml/l10n/pl.js b/docker/nextcloud/user_saml/l10n/pl.js new file mode 100755 index 0000000..dd71c8a --- /dev/null +++ b/docker/nextcloud/user_saml/l10n/pl.js @@ -0,0 +1,89 @@ +OC.L10N.register( + "user_saml", + { + "This user account is disabled, please contact your administrator." : "To konto użytkownika jest wyłączone, skontaktuj się z administratorem.", + "Saved" : "Zapisano", + "Provider" : "Dostawca", + "Unknown error, please check the log file for more details." : "Nieznany błąd, sprawdź plik dziennika, aby dowiedzieć się więcej.", + "Direct log in" : "Bezpośrednie logowanie", + "SSO & SAML log in" : "Logowanie SSO i SAML", + "This page should not be visited directly." : "Ta strona nie powinna być odwiedzana bezpośrednio.", + "Provider " : "Dostawca", + "X.509 certificate of the Service Provider" : "Certyfikat X.509 dostawcy usługi", + "Private key of the Service Provider" : "Klucz prywatny dostawcy usługi", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Wskazuje, że nameID wysłany przez tego dostawcę usług będzie zaszyfrowany.", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Wskazuje, czy wiadomości wysłane przez tego dostawcę usług będą podpisane. [Metadane dostawcy usług będą przekazywały te informacje]", + "Indicates whether the messages sent by this SP will be signed." : "Wskazuje, czy wiadomości wysłane przez tego dostawcę usług będą podpisane.", + "Indicates whether the messages sent by this SP will be signed." : "Wskazuje, czy wiadomości wysłane przez tego dostawcę usług będą podpisane.", + "Whether the metadata should be signed." : "Określa, czy metadane powinny być podpisane.", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Wskazuje wymóg podpisania dla elementów , i otrzymanych przez tego dostawcę usług.", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Wskazuje wymóg podpisania dla elementów otrzymanych przez tego dostawcę usług. [Metadane dostawcy usług będą przekazywały te informacje]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Wskazuje wymóg szyfrowania dla elementów otrzymanych przez tego dostawcę usług.", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Wskazuje wymóg obecności elementu NameID przy SAMLResponse otrzymanego przez tego dostawcę usług.", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Wskazuje wymóg szyfrowania NameID otrzymanego przez tego dostawcę usług.", + "Indicates if the SP will validate all received XML." : "Wskazuje, czy dostawca usług zatwierdzi wszystkie odebrane XML.", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "Dane ADFS URL-Encodes SAML są małymi literami a narzędzie standardowo obsługuje duże litery. Włącz dla ADFS kompatybilność weryfikacji podpisu.", + "Algorithm that the toolkit will use on signing process." : "Algorytm, który zostanie użyty podczas procesu podpisywania.", + "Attribute to map the UID to." : "Atrybut do mapowania UID.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Zezwalaj na uwierzytelnienie tylko wtedy, jeśli konto istnieje na jakiejś innej platformie (np. LDAP)", + "Attribute to map the displayname to." : "Atrybut do mapowania wyświetlanej nazwy użytkownika.", + "Attribute to map the email address to." : "Atrybut do zamapowania adresu e-mail.", + "Attribute to map the quota to." : "Atrybut do mapowania przydziału.", + "Attribute to map the users groups to." : "Atrybut do mapowania grup użytkowników.", + "Attribute to map the users home to." : "Atrybut do mapowania katalogów domowych użytkowników.", + "Email address" : "Adres e-mail", + "Encrypted" : "Zaszyfrowane", + "Entity" : "Jednostka", + "Kerberos" : "Kerberos", + "Persistent" : "Stały", + "Transient" : "Przejściowy", + "Unspecified" : "Nieokreślony", + "Windows domain qualified name" : "Zakwalifikowana nazwa domeny Windows", + "X509 subject name" : "Nazwa X509", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Użyj uwierzytelnienia LDAP dla %s klienta desktopowego (wymaga ponownego uwierzytelnienia)", + "Optional display name of the identity provider (default: \"SSO & SAML log in\")" : "Opcjonalna wyświetlana nazwa dostawcy tożsamości (domyślnie: \"SSO & SAML log in\")", + "Allow the use of multiple user back-ends (e.g. LDAP)" : "Zezwalaj na korzystanie z zaplecza przez wielu użytkowników (np. LDAP)", + "SSO & SAML authentication" : "Uwierzytelenienie SSO i SAML", + "Authenticate using single sign-on" : "Uwierzytelniaj używając pojedynczego logowania (SSO)", + "Using the SSO & SAML app of your Nextcloud you can make it easily possible to integrate your existing Single-Sign-On solution with Nextcloud. In addition, you can use the Nextcloud LDAP user provider to keep the convenience for users. (e.g. when sharing)\nThe following providers are supported and tested at the moment:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Authentication via Environment Variable**\n\t* Kerberos (mod_auth_kerb)\n\t* Any other provider that authenticates using the environment variable\n\nWhile theoretically any other authentication provider implementing either one of those standards is compatible, we like to note that they are not part of any internal test matrix." : "Korzystając z aplikacji SSO & SAML w Nextcloud, możesz łatwo zintegrować istniejące rozwiązanie jednokrotnego logowania z Nextcloud. Ponadto możesz użyć LDAP w Nextcloud, jako dostawcy użytkownika, aby zachować wygodę dla użytkowników (np. podczas udostępniania).\nObecnie obsługiwani i testowani są dostawcy:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* ** Uwierzytelnianie za pomocą zmiennej środowiskowej **\n\t* Kerberos (mod_auth_kerb)\n\t* Każdy inny dostawca, który uwierzytelnia się przy użyciu zmiennej środowiskowej\n\nChociaż teoretycznie każdy inny dostawca wdrażający jeden z tych standardów uwierzytelniania jest zgodny, chcemy zwrócić uwagę, że nie są one częścią żadnej wewnętrznej macierzy testowej.", + "Open documentation" : "Otwórz dokumentację", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you enabled \"%s\" or you go directly to the URL %s." : "Upewnij się, że skonfigurowany został użytkownik administracyjny, który może zalogować się do instancji poprzez SSO. Logowanie za pomocą twojego zwykłego konta %s nie będzie już możliwe, chyba że włączone zostało \"%s\" lub wpiszesz bezpośrednio URL %s.", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you go directly to the URL %s." : "Upewnij się, że skonfigurowany został użytkownik administracyjny, który może zalogować się do instancji poprzez SSO. Logowanie za pomocą Twojego zwykłego konta %s nie będzie już możliwe, chyba że wpiszesz bezpośrednio adres URL %s.", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Wybierz czy chcesz uwierzytelniać używając wbudowanego w Nextcloud dostawcę SAML czy chcesz uwierzytelniać przez zmienne środowiskowe.", + "Use built-in SAML authentication" : "Użyj wbudowanego uwierzytelnienia SAML", + "Use environment variable" : "Użyj zmiennej środowiskowej", + "Global settings" : "Ustawienia globalne", + "Remove identity provider" : "Usuń dostawcę tożsamości", + "Add identity provider" : "Dodaj dostawcę tożsamości", + "General" : "Ogólne", + "Service Provider Data" : "Dane dostawcy usług", + "If your Service Provider should use certificates you can optionally specify them here." : "Jeśli Twój dostawca usług powinien używać certyfikatów, możesz opcjonalnie określić je tutaj.", + "Show Service Provider settings…" : "Pokaż ustawienia dostawcy usług…", + "Name ID format" : "Format nazwy ID", + "Identity Provider Data" : "Dane od dostawcy tożsamości", + "Configure your IdP settings here." : "Tutaj skonfiguruj swoje ustawienia IdP.", + "Identifier of the IdP entity (must be a URI)" : "Identyfikator jednostki IdP (musi być URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "Adres URL IdP, z którego dostawca usług wyśle wiadomość o żądaniu uwierzytelnienia", + "Show optional Identity Provider settings…" : "Pokaż opcjonalne ustawienia tożsamości dostawcy usług…", + "URL Location of the IdP where the SP will send the SLO Request" : "Adres URL IdP gdzie dostawca usług wyśle żądanie SLO", + "URL Location of the IDP's SLO Response" : "Adres URL lokalizacji odpowiedzi SLO IDP", + "Public X.509 certificate of the IdP" : "Publiczny certyfikat X.509 IdP", + "Attribute mapping" : "Atrybut mapowania", + "If you want to optionally map attributes to the user you can configure these here." : "Tutaj możesz opcjonalnie przypisać atrybuty użytkownikowi.", + "Show attribute mapping settings…" : "Wyświetl ustawienia atrybutów mapowania…", + "Security settings" : "Ustawienia bezpieczeństwa", + "For increased security we recommend enabling the following settings if supported by your environment." : "Dla zwiększenia bezpieczeństwa zalecamy włączenie kolejnych ustawień jeśli są wspierane przez twoje środowisko.", + "Show security settings…" : "Pokaż ustawienia bezpieczeństwa…", + "Signatures and encryption offered" : "Podpisy i szyfrowanie są oferowane", + "Signatures and encryption required" : "Podpisy i szyfrowanie są wymagane", + "Download metadata XML" : "Ściągnij metadane XML", + "Reset settings" : "Wyzeruj ustawienia", + "Metadata invalid" : "Nieprawidłowe metadane", + "Metadata valid" : "Prawidłowe metadane", + "Error" : "Błąd", + "Account not provisioned." : "Konto nie jest wspierane", + "Your account is not provisioned, access to this service is thus not possible." : "Twoje konto nie jest świadczone, dostęp do usługi jest po prostu niemożliwy.", + "Login options:" : "Opcje logowania:", + "Choose a authentication provider" : "Wybierz dostawcę uwierzytelniania" +}, +"nplurals=4; plural=(n==1 ? 0 : (n%10>=2 && n%10<=4) && (n%100<12 || n%100>14) ? 1 : n!=1 && (n%10>=0 && n%10<=1) || (n%10>=5 && n%10<=9) || (n%100>=12 && n%100<=14) ? 2 : 3);"); diff --git a/docker/nextcloud/user_saml/l10n/pl.json b/docker/nextcloud/user_saml/l10n/pl.json new file mode 100755 index 0000000..e51d00c --- /dev/null +++ b/docker/nextcloud/user_saml/l10n/pl.json @@ -0,0 +1,87 @@ +{ "translations": { + "This user account is disabled, please contact your administrator." : "To konto użytkownika jest wyłączone, skontaktuj się z administratorem.", + "Saved" : "Zapisano", + "Provider" : "Dostawca", + "Unknown error, please check the log file for more details." : "Nieznany błąd, sprawdź plik dziennika, aby dowiedzieć się więcej.", + "Direct log in" : "Bezpośrednie logowanie", + "SSO & SAML log in" : "Logowanie SSO i SAML", + "This page should not be visited directly." : "Ta strona nie powinna być odwiedzana bezpośrednio.", + "Provider " : "Dostawca", + "X.509 certificate of the Service Provider" : "Certyfikat X.509 dostawcy usługi", + "Private key of the Service Provider" : "Klucz prywatny dostawcy usługi", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Wskazuje, że nameID wysłany przez tego dostawcę usług będzie zaszyfrowany.", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Wskazuje, czy wiadomości wysłane przez tego dostawcę usług będą podpisane. [Metadane dostawcy usług będą przekazywały te informacje]", + "Indicates whether the messages sent by this SP will be signed." : "Wskazuje, czy wiadomości wysłane przez tego dostawcę usług będą podpisane.", + "Indicates whether the messages sent by this SP will be signed." : "Wskazuje, czy wiadomości wysłane przez tego dostawcę usług będą podpisane.", + "Whether the metadata should be signed." : "Określa, czy metadane powinny być podpisane.", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Wskazuje wymóg podpisania dla elementów , i otrzymanych przez tego dostawcę usług.", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Wskazuje wymóg podpisania dla elementów otrzymanych przez tego dostawcę usług. [Metadane dostawcy usług będą przekazywały te informacje]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Wskazuje wymóg szyfrowania dla elementów otrzymanych przez tego dostawcę usług.", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Wskazuje wymóg obecności elementu NameID przy SAMLResponse otrzymanego przez tego dostawcę usług.", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Wskazuje wymóg szyfrowania NameID otrzymanego przez tego dostawcę usług.", + "Indicates if the SP will validate all received XML." : "Wskazuje, czy dostawca usług zatwierdzi wszystkie odebrane XML.", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "Dane ADFS URL-Encodes SAML są małymi literami a narzędzie standardowo obsługuje duże litery. Włącz dla ADFS kompatybilność weryfikacji podpisu.", + "Algorithm that the toolkit will use on signing process." : "Algorytm, który zostanie użyty podczas procesu podpisywania.", + "Attribute to map the UID to." : "Atrybut do mapowania UID.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Zezwalaj na uwierzytelnienie tylko wtedy, jeśli konto istnieje na jakiejś innej platformie (np. LDAP)", + "Attribute to map the displayname to." : "Atrybut do mapowania wyświetlanej nazwy użytkownika.", + "Attribute to map the email address to." : "Atrybut do zamapowania adresu e-mail.", + "Attribute to map the quota to." : "Atrybut do mapowania przydziału.", + "Attribute to map the users groups to." : "Atrybut do mapowania grup użytkowników.", + "Attribute to map the users home to." : "Atrybut do mapowania katalogów domowych użytkowników.", + "Email address" : "Adres e-mail", + "Encrypted" : "Zaszyfrowane", + "Entity" : "Jednostka", + "Kerberos" : "Kerberos", + "Persistent" : "Stały", + "Transient" : "Przejściowy", + "Unspecified" : "Nieokreślony", + "Windows domain qualified name" : "Zakwalifikowana nazwa domeny Windows", + "X509 subject name" : "Nazwa X509", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Użyj uwierzytelnienia LDAP dla %s klienta desktopowego (wymaga ponownego uwierzytelnienia)", + "Optional display name of the identity provider (default: \"SSO & SAML log in\")" : "Opcjonalna wyświetlana nazwa dostawcy tożsamości (domyślnie: \"SSO & SAML log in\")", + "Allow the use of multiple user back-ends (e.g. LDAP)" : "Zezwalaj na korzystanie z zaplecza przez wielu użytkowników (np. LDAP)", + "SSO & SAML authentication" : "Uwierzytelenienie SSO i SAML", + "Authenticate using single sign-on" : "Uwierzytelniaj używając pojedynczego logowania (SSO)", + "Using the SSO & SAML app of your Nextcloud you can make it easily possible to integrate your existing Single-Sign-On solution with Nextcloud. In addition, you can use the Nextcloud LDAP user provider to keep the convenience for users. (e.g. when sharing)\nThe following providers are supported and tested at the moment:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Authentication via Environment Variable**\n\t* Kerberos (mod_auth_kerb)\n\t* Any other provider that authenticates using the environment variable\n\nWhile theoretically any other authentication provider implementing either one of those standards is compatible, we like to note that they are not part of any internal test matrix." : "Korzystając z aplikacji SSO & SAML w Nextcloud, możesz łatwo zintegrować istniejące rozwiązanie jednokrotnego logowania z Nextcloud. Ponadto możesz użyć LDAP w Nextcloud, jako dostawcy użytkownika, aby zachować wygodę dla użytkowników (np. podczas udostępniania).\nObecnie obsługiwani i testowani są dostawcy:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* ** Uwierzytelnianie za pomocą zmiennej środowiskowej **\n\t* Kerberos (mod_auth_kerb)\n\t* Każdy inny dostawca, który uwierzytelnia się przy użyciu zmiennej środowiskowej\n\nChociaż teoretycznie każdy inny dostawca wdrażający jeden z tych standardów uwierzytelniania jest zgodny, chcemy zwrócić uwagę, że nie są one częścią żadnej wewnętrznej macierzy testowej.", + "Open documentation" : "Otwórz dokumentację", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you enabled \"%s\" or you go directly to the URL %s." : "Upewnij się, że skonfigurowany został użytkownik administracyjny, który może zalogować się do instancji poprzez SSO. Logowanie za pomocą twojego zwykłego konta %s nie będzie już możliwe, chyba że włączone zostało \"%s\" lub wpiszesz bezpośrednio URL %s.", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you go directly to the URL %s." : "Upewnij się, że skonfigurowany został użytkownik administracyjny, który może zalogować się do instancji poprzez SSO. Logowanie za pomocą Twojego zwykłego konta %s nie będzie już możliwe, chyba że wpiszesz bezpośrednio adres URL %s.", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Wybierz czy chcesz uwierzytelniać używając wbudowanego w Nextcloud dostawcę SAML czy chcesz uwierzytelniać przez zmienne środowiskowe.", + "Use built-in SAML authentication" : "Użyj wbudowanego uwierzytelnienia SAML", + "Use environment variable" : "Użyj zmiennej środowiskowej", + "Global settings" : "Ustawienia globalne", + "Remove identity provider" : "Usuń dostawcę tożsamości", + "Add identity provider" : "Dodaj dostawcę tożsamości", + "General" : "Ogólne", + "Service Provider Data" : "Dane dostawcy usług", + "If your Service Provider should use certificates you can optionally specify them here." : "Jeśli Twój dostawca usług powinien używać certyfikatów, możesz opcjonalnie określić je tutaj.", + "Show Service Provider settings…" : "Pokaż ustawienia dostawcy usług…", + "Name ID format" : "Format nazwy ID", + "Identity Provider Data" : "Dane od dostawcy tożsamości", + "Configure your IdP settings here." : "Tutaj skonfiguruj swoje ustawienia IdP.", + "Identifier of the IdP entity (must be a URI)" : "Identyfikator jednostki IdP (musi być URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "Adres URL IdP, z którego dostawca usług wyśle wiadomość o żądaniu uwierzytelnienia", + "Show optional Identity Provider settings…" : "Pokaż opcjonalne ustawienia tożsamości dostawcy usług…", + "URL Location of the IdP where the SP will send the SLO Request" : "Adres URL IdP gdzie dostawca usług wyśle żądanie SLO", + "URL Location of the IDP's SLO Response" : "Adres URL lokalizacji odpowiedzi SLO IDP", + "Public X.509 certificate of the IdP" : "Publiczny certyfikat X.509 IdP", + "Attribute mapping" : "Atrybut mapowania", + "If you want to optionally map attributes to the user you can configure these here." : "Tutaj możesz opcjonalnie przypisać atrybuty użytkownikowi.", + "Show attribute mapping settings…" : "Wyświetl ustawienia atrybutów mapowania…", + "Security settings" : "Ustawienia bezpieczeństwa", + "For increased security we recommend enabling the following settings if supported by your environment." : "Dla zwiększenia bezpieczeństwa zalecamy włączenie kolejnych ustawień jeśli są wspierane przez twoje środowisko.", + "Show security settings…" : "Pokaż ustawienia bezpieczeństwa…", + "Signatures and encryption offered" : "Podpisy i szyfrowanie są oferowane", + "Signatures and encryption required" : "Podpisy i szyfrowanie są wymagane", + "Download metadata XML" : "Ściągnij metadane XML", + "Reset settings" : "Wyzeruj ustawienia", + "Metadata invalid" : "Nieprawidłowe metadane", + "Metadata valid" : "Prawidłowe metadane", + "Error" : "Błąd", + "Account not provisioned." : "Konto nie jest wspierane", + "Your account is not provisioned, access to this service is thus not possible." : "Twoje konto nie jest świadczone, dostęp do usługi jest po prostu niemożliwy.", + "Login options:" : "Opcje logowania:", + "Choose a authentication provider" : "Wybierz dostawcę uwierzytelniania" +},"pluralForm" :"nplurals=4; plural=(n==1 ? 0 : (n%10>=2 && n%10<=4) && (n%100<12 || n%100>14) ? 1 : n!=1 && (n%10>=0 && n%10<=1) || (n%10>=5 && n%10<=9) || (n%100>=12 && n%100<=14) ? 2 : 3);" +} \ No newline at end of file diff --git a/docker/nextcloud/user_saml/l10n/pt_BR.js b/docker/nextcloud/user_saml/l10n/pt_BR.js new file mode 100755 index 0000000..b0b7e98 --- /dev/null +++ b/docker/nextcloud/user_saml/l10n/pt_BR.js @@ -0,0 +1,89 @@ +OC.L10N.register( + "user_saml", + { + "This user account is disabled, please contact your administrator." : "Esta conta de usuário está desabilitada, contacte o administrador.", + "Saved" : "Salvo", + "Provider" : "Provedor", + "Unknown error, please check the log file for more details." : "Erro desconhecido, verifique o log para mais detalhes.", + "Direct log in" : "Login direto", + "SSO & SAML log in" : "Login SSO & SAML", + "This page should not be visited directly." : "Esta página não deve ser visitada diretamente.", + "Provider " : "Provedor", + "X.509 certificate of the Service Provider" : "Certificado X.509 do Provedor de Serviços", + "Private key of the Service Provider" : "Chave privada do Provedor de Serviços", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Indica que o ID do nome do enviado por este SP será criptografado.", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Indica se as mensagens enviadas por este SP serão assinadas. [Metadados do SP oferecerá esta informação]", + "Indicates whether the messages sent by this SP will be signed." : "Indica se as mensagens enviadas por este SP serão assinadas.", + "Indicates whether the messages sent by this SP will be signed." : "Indica se as mensagens enviadas por este SP serão assinadas.", + "Whether the metadata should be signed." : "Se os metadados devem ser assinados.", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Indica uma solicitação para os elementos , e recebidos por este SP a serem assinados.", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Indica uma solicitação para que os elementos recebidos por este SP sejam assinados. [Metadados do SP oferecerão esta informação]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Indica uma solicitação para os elementos recebidos por este SP serem criptografados.", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Indica uma solicitação para que o elemento NameID no SAMLResponse recebido por este SP esteja presente.", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Indica uma solicitação para que o NameID recebido por este SP seja criptografado.", + "Indicates if the SP will validate all received XML." : "Indica se o SP validará todos os XML recebidos.", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS URL - codifica os dados do SAML como minúsculas, e o kit de ferramentas por padrão usa letras maiúsculas. Habilite para compatibilidade do ADFS na verificação de assinaturas.", + "Algorithm that the toolkit will use on signing process." : "Algoritmo que o kit de ferramentas usará no processo de assinatura.", + "Attribute to map the UID to." : "Atributo para mapear o UID.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Apenas permitir a autenticação se uma conta existir em algum outro backend. (Por ex. LDAP)", + "Attribute to map the displayname to." : "Atributo para mapear o nome de exibição.", + "Attribute to map the email address to." : "Atributo para mapear o endereço de e-mail.", + "Attribute to map the quota to." : "Atribua a cota ao mapa.", + "Attribute to map the users groups to." : "Atributo para mapear os grupos de usuários.", + "Attribute to map the users home to." : "Atributo para mapear a localidade do usuários.", + "Email address" : "Endereço de e-mail", + "Encrypted" : "Criptografado", + "Entity" : "Entidade", + "Kerberos" : "Kerberos", + "Persistent" : "Permanente", + "Transient" : "Temporário", + "Unspecified" : "Não especificado", + "Windows domain qualified name" : "Nome qualificado do domínio do Windows", + "X509 subject name" : "Nome do tópico X509", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Usar autenticação SAML para os clientes desktop %s (a reautenticação do usuário é requerida)", + "Optional display name of the identity provider (default: \"SSO & SAML log in\")" : "Nome opcional do provedor de identidade (padrão: \"Login SSO & SAML\")", + "Allow the use of multiple user back-ends (e.g. LDAP)" : "Permitir o uso de vários backends de usuário (por ex. LDAP)", + "SSO & SAML authentication" : "Autenticação SSO & SAML", + "Authenticate using single sign-on" : "Autenticar usando logon único", + "Using the SSO & SAML app of your Nextcloud you can make it easily possible to integrate your existing Single-Sign-On solution with Nextcloud. In addition, you can use the Nextcloud LDAP user provider to keep the convenience for users. (e.g. when sharing)\nThe following providers are supported and tested at the moment:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Authentication via Environment Variable**\n\t* Kerberos (mod_auth_kerb)\n\t* Any other provider that authenticates using the environment variable\n\nWhile theoretically any other authentication provider implementing either one of those standards is compatible, we like to note that they are not part of any internal test matrix." : "Usando o aplicativo SSO & SAML do seu Nextcloud, você pode facilitar a integração da sua solução de logon único com o Nextcloud. Além disso, você pode usar o provedor de usuários LDAP do Nextcloud para facilidade dos usuários. (por exemplo, quando compartilhando)\nOs seguintes provedores são suportados e testados no momento:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Autenticação via Variáveis de Ambiente**\n\t* Kerberos (mod_auth_kerb)\n\t* Qualquer outro provedor que autentique usando variáveis de ambiente\n\nEmbora, teoricamente, qualquer outro provedor de autenticação que implemente qualquer um desses padrões seja compatível, gostaríamos de observar que eles não fazem parte de nenhuma matriz de teste interna.", + "Open documentation" : "Abrir documentação", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you enabled \"%s\" or you go directly to the URL %s." : "Certifique-se de configurar um usuário administrativo que possa acessar a instância via SSO. Fazer o login com sua conta %s normal não será mais possível, a menos que você tenha ativado \"%s\" ou você vai diretamente para a URL %s.", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you go directly to the URL %s." : "Certifique-se de configurar um usuário administrativo que possa acessar a instância via SSO. Fazer o login com sua conta %s normal não será mais possível, a menos que você vá diretamente para a URL %s.", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Por favor, escolha se deseja autenticar usando o provedor SAML integrado no Nextcloud ou se deseja autenticar com uma variável de ambiente.", + "Use built-in SAML authentication" : "Usar a autenticação built-in SAML", + "Use environment variable" : "Usar variável de ambiente", + "Global settings" : "Configurações globais", + "Remove identity provider" : "Remover provedor de identidade", + "Add identity provider" : "Adicionar provedor de identidade", + "General" : "Geral", + "Service Provider Data" : "Dados do Provedor de Serviços", + "If your Service Provider should use certificates you can optionally specify them here." : "Se o Provedor de Serviços usar certificados você pode especificá-los aqui.", + "Show Service Provider settings…" : "Exibir as configurações do Provedor de Serviços...", + "Name ID format" : "Formato do ID do nome", + "Identity Provider Data" : "Dados do Provedor de Identidade", + "Configure your IdP settings here." : "Defina suas configurações IdP aqui.", + "Identifier of the IdP entity (must be a URI)" : "Identificador da entidade IdP (deve ser uma URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "URL do IdP para onde o SP enviará a mensagem de solicitação de autenticação", + "Show optional Identity Provider settings…" : "Exibir configurações opcionais do Provedor de Identidade...", + "URL Location of the IdP where the SP will send the SLO Request" : "Localização da URL do IdP para onde o SP enviará a solicitação SLO", + "URL Location of the IDP's SLO Response" : "Localização da resposta da URL do SLO do IDP", + "Public X.509 certificate of the IdP" : "Certificado público X.509 do IdP", + "Attribute mapping" : "Mapeamento de atributo", + "If you want to optionally map attributes to the user you can configure these here." : "Aqui você pode opcionalmente mapear atributos aos usuários.", + "Show attribute mapping settings…" : "Exibir configurações de mapeamento de atributos...", + "Security settings" : "Configurações de segurança", + "For increased security we recommend enabling the following settings if supported by your environment." : "Para aumentar a segurança recomendamos ativar as seguinte configurações se seu ambiente suportar", + "Show security settings…" : "Exibir configurações de segurança...", + "Signatures and encryption offered" : "Assinaturas e criptografias oferecidas", + "Signatures and encryption required" : "Assinaturas e criptografia requeridas", + "Download metadata XML" : "Baixar metadata XML", + "Reset settings" : "Redefinir as configurações", + "Metadata invalid" : "Metadado inválido", + "Metadata valid" : "Metadado válido", + "Error" : "Erro", + "Account not provisioned." : "Conta não provisionada", + "Your account is not provisioned, access to this service is thus not possible." : "Seu conta não é provisionada. O acesso a esse serviço não é possível", + "Login options:" : "Opções de login:", + "Choose a authentication provider" : "Escolha um provedor de autenticação" +}, +"nplurals=2; plural=(n > 1);"); diff --git a/docker/nextcloud/user_saml/l10n/pt_BR.json b/docker/nextcloud/user_saml/l10n/pt_BR.json new file mode 100755 index 0000000..37d3ae0 --- /dev/null +++ b/docker/nextcloud/user_saml/l10n/pt_BR.json @@ -0,0 +1,87 @@ +{ "translations": { + "This user account is disabled, please contact your administrator." : "Esta conta de usuário está desabilitada, contacte o administrador.", + "Saved" : "Salvo", + "Provider" : "Provedor", + "Unknown error, please check the log file for more details." : "Erro desconhecido, verifique o log para mais detalhes.", + "Direct log in" : "Login direto", + "SSO & SAML log in" : "Login SSO & SAML", + "This page should not be visited directly." : "Esta página não deve ser visitada diretamente.", + "Provider " : "Provedor", + "X.509 certificate of the Service Provider" : "Certificado X.509 do Provedor de Serviços", + "Private key of the Service Provider" : "Chave privada do Provedor de Serviços", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Indica que o ID do nome do enviado por este SP será criptografado.", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Indica se as mensagens enviadas por este SP serão assinadas. [Metadados do SP oferecerá esta informação]", + "Indicates whether the messages sent by this SP will be signed." : "Indica se as mensagens enviadas por este SP serão assinadas.", + "Indicates whether the messages sent by this SP will be signed." : "Indica se as mensagens enviadas por este SP serão assinadas.", + "Whether the metadata should be signed." : "Se os metadados devem ser assinados.", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Indica uma solicitação para os elementos , e recebidos por este SP a serem assinados.", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Indica uma solicitação para que os elementos recebidos por este SP sejam assinados. [Metadados do SP oferecerão esta informação]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Indica uma solicitação para os elementos recebidos por este SP serem criptografados.", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Indica uma solicitação para que o elemento NameID no SAMLResponse recebido por este SP esteja presente.", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Indica uma solicitação para que o NameID recebido por este SP seja criptografado.", + "Indicates if the SP will validate all received XML." : "Indica se o SP validará todos os XML recebidos.", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS URL - codifica os dados do SAML como minúsculas, e o kit de ferramentas por padrão usa letras maiúsculas. Habilite para compatibilidade do ADFS na verificação de assinaturas.", + "Algorithm that the toolkit will use on signing process." : "Algoritmo que o kit de ferramentas usará no processo de assinatura.", + "Attribute to map the UID to." : "Atributo para mapear o UID.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Apenas permitir a autenticação se uma conta existir em algum outro backend. (Por ex. LDAP)", + "Attribute to map the displayname to." : "Atributo para mapear o nome de exibição.", + "Attribute to map the email address to." : "Atributo para mapear o endereço de e-mail.", + "Attribute to map the quota to." : "Atribua a cota ao mapa.", + "Attribute to map the users groups to." : "Atributo para mapear os grupos de usuários.", + "Attribute to map the users home to." : "Atributo para mapear a localidade do usuários.", + "Email address" : "Endereço de e-mail", + "Encrypted" : "Criptografado", + "Entity" : "Entidade", + "Kerberos" : "Kerberos", + "Persistent" : "Permanente", + "Transient" : "Temporário", + "Unspecified" : "Não especificado", + "Windows domain qualified name" : "Nome qualificado do domínio do Windows", + "X509 subject name" : "Nome do tópico X509", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Usar autenticação SAML para os clientes desktop %s (a reautenticação do usuário é requerida)", + "Optional display name of the identity provider (default: \"SSO & SAML log in\")" : "Nome opcional do provedor de identidade (padrão: \"Login SSO & SAML\")", + "Allow the use of multiple user back-ends (e.g. LDAP)" : "Permitir o uso de vários backends de usuário (por ex. LDAP)", + "SSO & SAML authentication" : "Autenticação SSO & SAML", + "Authenticate using single sign-on" : "Autenticar usando logon único", + "Using the SSO & SAML app of your Nextcloud you can make it easily possible to integrate your existing Single-Sign-On solution with Nextcloud. In addition, you can use the Nextcloud LDAP user provider to keep the convenience for users. (e.g. when sharing)\nThe following providers are supported and tested at the moment:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Authentication via Environment Variable**\n\t* Kerberos (mod_auth_kerb)\n\t* Any other provider that authenticates using the environment variable\n\nWhile theoretically any other authentication provider implementing either one of those standards is compatible, we like to note that they are not part of any internal test matrix." : "Usando o aplicativo SSO & SAML do seu Nextcloud, você pode facilitar a integração da sua solução de logon único com o Nextcloud. Além disso, você pode usar o provedor de usuários LDAP do Nextcloud para facilidade dos usuários. (por exemplo, quando compartilhando)\nOs seguintes provedores são suportados e testados no momento:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Autenticação via Variáveis de Ambiente**\n\t* Kerberos (mod_auth_kerb)\n\t* Qualquer outro provedor que autentique usando variáveis de ambiente\n\nEmbora, teoricamente, qualquer outro provedor de autenticação que implemente qualquer um desses padrões seja compatível, gostaríamos de observar que eles não fazem parte de nenhuma matriz de teste interna.", + "Open documentation" : "Abrir documentação", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you enabled \"%s\" or you go directly to the URL %s." : "Certifique-se de configurar um usuário administrativo que possa acessar a instância via SSO. Fazer o login com sua conta %s normal não será mais possível, a menos que você tenha ativado \"%s\" ou você vai diretamente para a URL %s.", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you go directly to the URL %s." : "Certifique-se de configurar um usuário administrativo que possa acessar a instância via SSO. Fazer o login com sua conta %s normal não será mais possível, a menos que você vá diretamente para a URL %s.", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Por favor, escolha se deseja autenticar usando o provedor SAML integrado no Nextcloud ou se deseja autenticar com uma variável de ambiente.", + "Use built-in SAML authentication" : "Usar a autenticação built-in SAML", + "Use environment variable" : "Usar variável de ambiente", + "Global settings" : "Configurações globais", + "Remove identity provider" : "Remover provedor de identidade", + "Add identity provider" : "Adicionar provedor de identidade", + "General" : "Geral", + "Service Provider Data" : "Dados do Provedor de Serviços", + "If your Service Provider should use certificates you can optionally specify them here." : "Se o Provedor de Serviços usar certificados você pode especificá-los aqui.", + "Show Service Provider settings…" : "Exibir as configurações do Provedor de Serviços...", + "Name ID format" : "Formato do ID do nome", + "Identity Provider Data" : "Dados do Provedor de Identidade", + "Configure your IdP settings here." : "Defina suas configurações IdP aqui.", + "Identifier of the IdP entity (must be a URI)" : "Identificador da entidade IdP (deve ser uma URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "URL do IdP para onde o SP enviará a mensagem de solicitação de autenticação", + "Show optional Identity Provider settings…" : "Exibir configurações opcionais do Provedor de Identidade...", + "URL Location of the IdP where the SP will send the SLO Request" : "Localização da URL do IdP para onde o SP enviará a solicitação SLO", + "URL Location of the IDP's SLO Response" : "Localização da resposta da URL do SLO do IDP", + "Public X.509 certificate of the IdP" : "Certificado público X.509 do IdP", + "Attribute mapping" : "Mapeamento de atributo", + "If you want to optionally map attributes to the user you can configure these here." : "Aqui você pode opcionalmente mapear atributos aos usuários.", + "Show attribute mapping settings…" : "Exibir configurações de mapeamento de atributos...", + "Security settings" : "Configurações de segurança", + "For increased security we recommend enabling the following settings if supported by your environment." : "Para aumentar a segurança recomendamos ativar as seguinte configurações se seu ambiente suportar", + "Show security settings…" : "Exibir configurações de segurança...", + "Signatures and encryption offered" : "Assinaturas e criptografias oferecidas", + "Signatures and encryption required" : "Assinaturas e criptografia requeridas", + "Download metadata XML" : "Baixar metadata XML", + "Reset settings" : "Redefinir as configurações", + "Metadata invalid" : "Metadado inválido", + "Metadata valid" : "Metadado válido", + "Error" : "Erro", + "Account not provisioned." : "Conta não provisionada", + "Your account is not provisioned, access to this service is thus not possible." : "Seu conta não é provisionada. O acesso a esse serviço não é possível", + "Login options:" : "Opções de login:", + "Choose a authentication provider" : "Escolha um provedor de autenticação" +},"pluralForm" :"nplurals=2; plural=(n > 1);" +} \ No newline at end of file diff --git a/docker/nextcloud/user_saml/l10n/pt_PT.js b/docker/nextcloud/user_saml/l10n/pt_PT.js new file mode 100755 index 0000000..85b6400 --- /dev/null +++ b/docker/nextcloud/user_saml/l10n/pt_PT.js @@ -0,0 +1,20 @@ +OC.L10N.register( + "user_saml", + { + "This user account is disabled, please contact your administrator." : "Esta conta do utilizador está desativada, por favor, contacte o seu administrador.", + "Saved" : "Guardado", + "Provider" : "Fornecedor", + "Provider " : "Fornecedor", + "SSO & SAML authentication" : "Autenticação SSO e SAML", + "Open documentation" : "Abrir documentação", + "Global settings" : "Definições globais", + "General" : "Geral", + "Security settings" : "Definições de segurança", + "Show security settings…" : "Mostrar definições de segurança...", + "Download metadata XML" : "Transferir metadados XML", + "Reset settings" : "Reiniciar definições", + "Metadata invalid" : "Metadados inválidos", + "Metadata valid" : "Metadados válidos", + "Error" : "Erro" +}, +"nplurals=2; plural=(n != 1);"); diff --git a/docker/nextcloud/user_saml/l10n/pt_PT.json b/docker/nextcloud/user_saml/l10n/pt_PT.json new file mode 100755 index 0000000..a2bf765 --- /dev/null +++ b/docker/nextcloud/user_saml/l10n/pt_PT.json @@ -0,0 +1,18 @@ +{ "translations": { + "This user account is disabled, please contact your administrator." : "Esta conta do utilizador está desativada, por favor, contacte o seu administrador.", + "Saved" : "Guardado", + "Provider" : "Fornecedor", + "Provider " : "Fornecedor", + "SSO & SAML authentication" : "Autenticação SSO e SAML", + "Open documentation" : "Abrir documentação", + "Global settings" : "Definições globais", + "General" : "Geral", + "Security settings" : "Definições de segurança", + "Show security settings…" : "Mostrar definições de segurança...", + "Download metadata XML" : "Transferir metadados XML", + "Reset settings" : "Reiniciar definições", + "Metadata invalid" : "Metadados inválidos", + "Metadata valid" : "Metadados válidos", + "Error" : "Erro" +},"pluralForm" :"nplurals=2; plural=(n != 1);" +} \ No newline at end of file diff --git a/docker/nextcloud/user_saml/l10n/ru.js b/docker/nextcloud/user_saml/l10n/ru.js new file mode 100755 index 0000000..42baad5 --- /dev/null +++ b/docker/nextcloud/user_saml/l10n/ru.js @@ -0,0 +1,89 @@ +OC.L10N.register( + "user_saml", + { + "This user account is disabled, please contact your administrator." : "Учётная запись пользователя отключена, свяжитесь с администратором сервера.", + "Saved" : "Сохранено", + "Provider" : "Поставщик услуги", + "Unknown error, please check the log file for more details." : "Неизвестная ошибка, обратитесь к файлу журнала для более подробных сведений.", + "Direct log in" : "Прямой вход в систему", + "SSO & SAML log in" : "Вход через SSO и SAML", + "This page should not be visited directly." : "Невозможен прямой переход на эту страницу.", + "Provider " : "Поставщик", + "X.509 certificate of the Service Provider" : "X.509-сертификат поставщика услуг", + "Private key of the Service Provider" : "Закрытый ключ поставщика услуг", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Указывает, что nameID , отправленное этим поставщиком услуг, будет зашифровано.", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Указывает, должны ли отправляемые этим SP сообщения , быть подписанными. [Метаданные SP предложат эту информацию]", + "Indicates whether the messages sent by this SP will be signed." : "Указывает, должны ли отправляемые этим SP сообщения , быть подписанными.", + "Indicates whether the messages sent by this SP will be signed." : "Указывает, должны ли отправляемые этим SP сообщения , быть подписанными.", + "Whether the metadata should be signed." : "Должны ли быть подписаны метаданные.", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Указывает, должны ли запрашиваемые этим SP элементы , и , быть подписанными.", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Указывает, должны ли запрашиваемые этим SP элементы , быть подписанными. [Метаданные SP предложат эту информацию]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Указывает, требуется ли шифрование полученных этим SP элементов .", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Указывает, должно ли NameID, полученное этим SP, быть текущим.", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Указывает, должно ли NameID, полученное этим SP, быть зашифрованным.", + "Indicates if the SP will validate all received XML." : "Указывает, будет ли SP проверять все полученные XML.", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS кодирует в формат URL-Encoded данные SAML в нижнем регистре, а тулкит умолчанию использует верхний регистр. Включите для совместимости ADFS на проверке подписи.", + "Algorithm that the toolkit will use on signing process." : "Алгоритм для подписания. ", + "Attribute to map the UID to." : "Атрибут для привязки UID.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Позволять аутентификацию только если учётная запись существует на другом внутреннем интерфейсе (например, LDAP).", + "Attribute to map the displayname to." : "Атрибут для привязки отображаемого имени.", + "Attribute to map the email address to." : "Атрибут для привязки email.", + "Attribute to map the quota to." : "Атрибут для сопоставления квоты.", + "Attribute to map the users groups to." : "Атрибут для отображения групп пользователей.", + "Attribute to map the users home to." : "Атрибут для привязки домашней директории пользователей.", + "Email address" : "Адрес электронной почты", + "Encrypted" : "Зашифровано", + "Entity" : "Записи", + "Kerberos" : "Kerberos", + "Persistent" : "Постоянный", + "Transient" : "Временный", + "Unspecified" : "Не указано", + "Windows domain qualified name" : "Квалифицированное имя домена Windows", + "X509 subject name" : "Имя субъекта X509", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Использовать SAML для настольных клиентов синхронизации %s (потребуется повторная аутентификация пользователей)", + "Optional display name of the identity provider (default: \"SSO & SAML log in\")" : "Дополнительное отображаемое имя поставщика удостоверений (по умолчанию: «SSO & SAML log in»)", + "Allow the use of multiple user back-ends (e.g. LDAP)" : "Разрешить использование нескольких пользовательских back-end (например, LDAP)", + "SSO & SAML authentication" : "Подтверждение подлинности SSO и SAML", + "Authenticate using single sign-on" : "Аутентификация с использованием единого входа", + "Using the SSO & SAML app of your Nextcloud you can make it easily possible to integrate your existing Single-Sign-On solution with Nextcloud. In addition, you can use the Nextcloud LDAP user provider to keep the convenience for users. (e.g. when sharing)\nThe following providers are supported and tested at the moment:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Authentication via Environment Variable**\n\t* Kerberos (mod_auth_kerb)\n\t* Any other provider that authenticates using the environment variable\n\nWhile theoretically any other authentication provider implementing either one of those standards is compatible, we like to note that they are not part of any internal test matrix." : "Используя приложение SSO & SAML вашего Nextcloud, вы можете легко интегрировать существующее решение Single Sign-On с Nextcloud. Кроме того, вы можете использовать службу Nextcloud LDAP для удобства пользователей. (например, при совместном использовании)\nНа данный момент поддерживаются и тестируются следующие поставщики:\n\n* ** SAML 2.0 **\n* OneLogin\n* Shibboleth\n* Active Directory Federation Services (ADFS)\n\n* ** Аутентификация через переменную окружения **\n* Kerberos (mod_auth_kerb)\n* Любая другая служба, которая проводит аутентификацию с использованием переменной среды\n\nХотя теоретически любая другая служба аутентификации, реализующая один из этих стандартов, совместима, мы хотели бы отметить, что они не являются частью какой-либо матрицей внутренних тестов.", + "Open documentation" : "Открыть документацию", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you enabled \"%s\" or you go directly to the URL %s." : "Убедитесь, что настроен пользователь с правами администратора, который может получить доступ к экземпляру через SSO. Вход в систему с вашей обычной учетной записью %s больше не будет возможен, если вы не включили \"%s\" или вы не идёте напрямую по адресу URL %s.", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you go directly to the URL %s." : "Убедитесь, что настроен пользователь с правами администратора, который может получить доступ к экземпляру через SSO. Вход в систему с вашей обычной учетной записью %s больше не будет возможен, если вы не идёте напрямую по адресу URL %s.", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Выберите, хотите ли вы проверять подлинность с помощью встроенного в Nextcloud провайдера SAML или же хотите использовать для этого переменные окружения.", + "Use built-in SAML authentication" : "Использовать встроенную SAML аутентификацию", + "Use environment variable" : "Использовать переменные окружения", + "Global settings" : "Общие настройки", + "Remove identity provider" : "Удалить поставщика удостоверений", + "Add identity provider" : "Добавить поставщика удостоверений", + "General" : "Основные", + "Service Provider Data" : "Данные поставщика услуг (SP)", + "If your Service Provider should use certificates you can optionally specify them here." : "Если вашему SP следует использовать сертификаты, вы сможете дополнительно указать их тут.", + "Show Service Provider settings…" : "Показать настройки поставщика услуг…", + "Name ID format" : "Формат ID имени", + "Identity Provider Data" : "Данные провайдера идентификации (IdP)", + "Configure your IdP settings here." : "Настройте тут параметры вашего IdP.", + "Identifier of the IdP entity (must be a URI)" : "Идентификатор записи IdP (в формате URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "URL провайдера идентификации (IdP), на который поставщик услуг (SP) будет отправлять запрос подтверждения подлинности", + "Show optional Identity Provider settings…" : "Показать дополнительные настройки провайдера идентификации", + "URL Location of the IdP where the SP will send the SLO Request" : "URL адрес IdP, куда SP будет оправлять запросы SLO.", + "URL Location of the IDP's SLO Response" : "URL адрес ответа IDP SLO", + "Public X.509 certificate of the IdP" : "Открытый сертификат X.509 ldP", + "Attribute mapping" : "Привязка атрибутов", + "If you want to optionally map attributes to the user you can configure these here." : "Здесь можно настроить дополнительную привязку атрибутов пользователю.", + "Show attribute mapping settings…" : "Показать настройки привязки атрибутов…", + "Security settings" : "Настройки безопасности", + "For increased security we recommend enabling the following settings if supported by your environment." : "Для повышения безопасности рекомендуем использовать следующие настройки, если они поддерживаются вашим окружением.", + "Show security settings…" : "Показать настройки безопасности…", + "Signatures and encryption offered" : "Предложены подписи и шихрование", + "Signatures and encryption required" : "Требуется подпись и шифрование", + "Download metadata XML" : "Скачать метаданные XML", + "Reset settings" : "Сбросить настройки", + "Metadata invalid" : "Метаданные не верны", + "Metadata valid" : "Метаданные верны", + "Error" : "Ошибка", + "Account not provisioned." : "Учётная запись не обслуживается.", + "Your account is not provisioned, access to this service is thus not possible." : "Ваша учётная запись не обслуживается. Доступ к этой услуге, таким образом, не представляется возможным.", + "Login options:" : "Варианты входа:", + "Choose a authentication provider" : "Выберите службу аутентификации" +}, +"nplurals=4; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n%10<=4 && (n%100<12 || n%100>14) ? 1 : n%10==0 || (n%10>=5 && n%10<=9) || (n%100>=11 && n%100<=14)? 2 : 3);"); diff --git a/docker/nextcloud/user_saml/l10n/ru.json b/docker/nextcloud/user_saml/l10n/ru.json new file mode 100755 index 0000000..2d2bf80 --- /dev/null +++ b/docker/nextcloud/user_saml/l10n/ru.json @@ -0,0 +1,87 @@ +{ "translations": { + "This user account is disabled, please contact your administrator." : "Учётная запись пользователя отключена, свяжитесь с администратором сервера.", + "Saved" : "Сохранено", + "Provider" : "Поставщик услуги", + "Unknown error, please check the log file for more details." : "Неизвестная ошибка, обратитесь к файлу журнала для более подробных сведений.", + "Direct log in" : "Прямой вход в систему", + "SSO & SAML log in" : "Вход через SSO и SAML", + "This page should not be visited directly." : "Невозможен прямой переход на эту страницу.", + "Provider " : "Поставщик", + "X.509 certificate of the Service Provider" : "X.509-сертификат поставщика услуг", + "Private key of the Service Provider" : "Закрытый ключ поставщика услуг", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Указывает, что nameID , отправленное этим поставщиком услуг, будет зашифровано.", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Указывает, должны ли отправляемые этим SP сообщения , быть подписанными. [Метаданные SP предложат эту информацию]", + "Indicates whether the messages sent by this SP will be signed." : "Указывает, должны ли отправляемые этим SP сообщения , быть подписанными.", + "Indicates whether the messages sent by this SP will be signed." : "Указывает, должны ли отправляемые этим SP сообщения , быть подписанными.", + "Whether the metadata should be signed." : "Должны ли быть подписаны метаданные.", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Указывает, должны ли запрашиваемые этим SP элементы , и , быть подписанными.", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Указывает, должны ли запрашиваемые этим SP элементы , быть подписанными. [Метаданные SP предложат эту информацию]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Указывает, требуется ли шифрование полученных этим SP элементов .", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Указывает, должно ли NameID, полученное этим SP, быть текущим.", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Указывает, должно ли NameID, полученное этим SP, быть зашифрованным.", + "Indicates if the SP will validate all received XML." : "Указывает, будет ли SP проверять все полученные XML.", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS кодирует в формат URL-Encoded данные SAML в нижнем регистре, а тулкит умолчанию использует верхний регистр. Включите для совместимости ADFS на проверке подписи.", + "Algorithm that the toolkit will use on signing process." : "Алгоритм для подписания. ", + "Attribute to map the UID to." : "Атрибут для привязки UID.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Позволять аутентификацию только если учётная запись существует на другом внутреннем интерфейсе (например, LDAP).", + "Attribute to map the displayname to." : "Атрибут для привязки отображаемого имени.", + "Attribute to map the email address to." : "Атрибут для привязки email.", + "Attribute to map the quota to." : "Атрибут для сопоставления квоты.", + "Attribute to map the users groups to." : "Атрибут для отображения групп пользователей.", + "Attribute to map the users home to." : "Атрибут для привязки домашней директории пользователей.", + "Email address" : "Адрес электронной почты", + "Encrypted" : "Зашифровано", + "Entity" : "Записи", + "Kerberos" : "Kerberos", + "Persistent" : "Постоянный", + "Transient" : "Временный", + "Unspecified" : "Не указано", + "Windows domain qualified name" : "Квалифицированное имя домена Windows", + "X509 subject name" : "Имя субъекта X509", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Использовать SAML для настольных клиентов синхронизации %s (потребуется повторная аутентификация пользователей)", + "Optional display name of the identity provider (default: \"SSO & SAML log in\")" : "Дополнительное отображаемое имя поставщика удостоверений (по умолчанию: «SSO & SAML log in»)", + "Allow the use of multiple user back-ends (e.g. LDAP)" : "Разрешить использование нескольких пользовательских back-end (например, LDAP)", + "SSO & SAML authentication" : "Подтверждение подлинности SSO и SAML", + "Authenticate using single sign-on" : "Аутентификация с использованием единого входа", + "Using the SSO & SAML app of your Nextcloud you can make it easily possible to integrate your existing Single-Sign-On solution with Nextcloud. In addition, you can use the Nextcloud LDAP user provider to keep the convenience for users. (e.g. when sharing)\nThe following providers are supported and tested at the moment:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Authentication via Environment Variable**\n\t* Kerberos (mod_auth_kerb)\n\t* Any other provider that authenticates using the environment variable\n\nWhile theoretically any other authentication provider implementing either one of those standards is compatible, we like to note that they are not part of any internal test matrix." : "Используя приложение SSO & SAML вашего Nextcloud, вы можете легко интегрировать существующее решение Single Sign-On с Nextcloud. Кроме того, вы можете использовать службу Nextcloud LDAP для удобства пользователей. (например, при совместном использовании)\nНа данный момент поддерживаются и тестируются следующие поставщики:\n\n* ** SAML 2.0 **\n* OneLogin\n* Shibboleth\n* Active Directory Federation Services (ADFS)\n\n* ** Аутентификация через переменную окружения **\n* Kerberos (mod_auth_kerb)\n* Любая другая служба, которая проводит аутентификацию с использованием переменной среды\n\nХотя теоретически любая другая служба аутентификации, реализующая один из этих стандартов, совместима, мы хотели бы отметить, что они не являются частью какой-либо матрицей внутренних тестов.", + "Open documentation" : "Открыть документацию", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you enabled \"%s\" or you go directly to the URL %s." : "Убедитесь, что настроен пользователь с правами администратора, который может получить доступ к экземпляру через SSO. Вход в систему с вашей обычной учетной записью %s больше не будет возможен, если вы не включили \"%s\" или вы не идёте напрямую по адресу URL %s.", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you go directly to the URL %s." : "Убедитесь, что настроен пользователь с правами администратора, который может получить доступ к экземпляру через SSO. Вход в систему с вашей обычной учетной записью %s больше не будет возможен, если вы не идёте напрямую по адресу URL %s.", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Выберите, хотите ли вы проверять подлинность с помощью встроенного в Nextcloud провайдера SAML или же хотите использовать для этого переменные окружения.", + "Use built-in SAML authentication" : "Использовать встроенную SAML аутентификацию", + "Use environment variable" : "Использовать переменные окружения", + "Global settings" : "Общие настройки", + "Remove identity provider" : "Удалить поставщика удостоверений", + "Add identity provider" : "Добавить поставщика удостоверений", + "General" : "Основные", + "Service Provider Data" : "Данные поставщика услуг (SP)", + "If your Service Provider should use certificates you can optionally specify them here." : "Если вашему SP следует использовать сертификаты, вы сможете дополнительно указать их тут.", + "Show Service Provider settings…" : "Показать настройки поставщика услуг…", + "Name ID format" : "Формат ID имени", + "Identity Provider Data" : "Данные провайдера идентификации (IdP)", + "Configure your IdP settings here." : "Настройте тут параметры вашего IdP.", + "Identifier of the IdP entity (must be a URI)" : "Идентификатор записи IdP (в формате URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "URL провайдера идентификации (IdP), на который поставщик услуг (SP) будет отправлять запрос подтверждения подлинности", + "Show optional Identity Provider settings…" : "Показать дополнительные настройки провайдера идентификации", + "URL Location of the IdP where the SP will send the SLO Request" : "URL адрес IdP, куда SP будет оправлять запросы SLO.", + "URL Location of the IDP's SLO Response" : "URL адрес ответа IDP SLO", + "Public X.509 certificate of the IdP" : "Открытый сертификат X.509 ldP", + "Attribute mapping" : "Привязка атрибутов", + "If you want to optionally map attributes to the user you can configure these here." : "Здесь можно настроить дополнительную привязку атрибутов пользователю.", + "Show attribute mapping settings…" : "Показать настройки привязки атрибутов…", + "Security settings" : "Настройки безопасности", + "For increased security we recommend enabling the following settings if supported by your environment." : "Для повышения безопасности рекомендуем использовать следующие настройки, если они поддерживаются вашим окружением.", + "Show security settings…" : "Показать настройки безопасности…", + "Signatures and encryption offered" : "Предложены подписи и шихрование", + "Signatures and encryption required" : "Требуется подпись и шифрование", + "Download metadata XML" : "Скачать метаданные XML", + "Reset settings" : "Сбросить настройки", + "Metadata invalid" : "Метаданные не верны", + "Metadata valid" : "Метаданные верны", + "Error" : "Ошибка", + "Account not provisioned." : "Учётная запись не обслуживается.", + "Your account is not provisioned, access to this service is thus not possible." : "Ваша учётная запись не обслуживается. Доступ к этой услуге, таким образом, не представляется возможным.", + "Login options:" : "Варианты входа:", + "Choose a authentication provider" : "Выберите службу аутентификации" +},"pluralForm" :"nplurals=4; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n%10<=4 && (n%100<12 || n%100>14) ? 1 : n%10==0 || (n%10>=5 && n%10<=9) || (n%100>=11 && n%100<=14)? 2 : 3);" +} \ No newline at end of file diff --git a/docker/nextcloud/user_saml/l10n/sk.js b/docker/nextcloud/user_saml/l10n/sk.js new file mode 100755 index 0000000..7e61c78 --- /dev/null +++ b/docker/nextcloud/user_saml/l10n/sk.js @@ -0,0 +1,89 @@ +OC.L10N.register( + "user_saml", + { + "This user account is disabled, please contact your administrator." : "Tento používateľský účet bol zakázaný, obráťte sa na správcu.", + "Saved" : "Uložené", + "Provider" : "Poskytovateľ", + "Unknown error, please check the log file for more details." : "Neznáma chyba. Pre viac informácií skontrolujte logy.", + "Direct log in" : "Priame prihlásenie", + "SSO & SAML log in" : "SSO a SAML prihlásenie", + "This page should not be visited directly." : "Táto stránka by nemala byť zobrazovaná napriamo.", + "Provider " : "Poskytovateľ", + "X.509 certificate of the Service Provider" : "X.509 certifikát poskytovateľa služby", + "Private key of the Service Provider" : "Privátny kľúč poskytovateľa služby", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Znamená, že nameID odoslané týmto poskytovateľom služieb bude šifrované.", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Ukazuje, či budú správy odoslané týmto SP podpísané. [Táto informácia bude uvedená v meta údajoch SP]", + "Indicates whether the messages sent by this SP will be signed." : "Ukazuje, či budú správy odoslané týmto SP podpísané.", + "Indicates whether the messages sent by this SP will be signed." : "Ukazuje, či budú správy odoslané týmto SP podpísané.", + "Whether the metadata should be signed." : "Či majú byť meta údaje podpisované.", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Označuje požiadavku na podpísanie prvkov , a prijatých týmto SP.", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Označuje požiadavku na podpísanie prvkov prijatých týmto SP. [Táto informácia bude uvedená v meta údajoch SP]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Označuje požiadavku na šifrovanie prvkov prijatých týmto SP.", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : " Označuje požiadavku, aby bol prítomný prvok NameID v SAMLResponse prijatý týmto SP.", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Označuje požiadavku na šifrovanie NameID prijatého týmto SP.", + "Indicates if the SP will validate all received XML." : "Označuje, či SP overí všetky prijaté XML.", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS URL-kóduje SAML malými písmenami a sada nástrojov predvolene používa veľké písmená. Povoliť kompatibilitu ADFS pri overovaní podpisu.", + "Algorithm that the toolkit will use on signing process." : "Algoritmus, ktorý sa použije v procese podpisovania.", + "Attribute to map the UID to." : "Atribút na priradenie UID.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Overenie totožnosti povoľte iba v prípade, že účet existuje na nejakom inom serveri. (napr. LDAP)", + "Attribute to map the displayname to." : "Atribút na priradenie zobrazovaného mena.", + "Attribute to map the email address to." : "Atribút na priradenie e-mailovej adresy.", + "Attribute to map the quota to." : "Atribút na priradenie kvóty.", + "Attribute to map the users groups to." : "Atribút na priradenie skupiny používateľov.", + "Attribute to map the users home to." : "Atribút na priradenie domovského priečinka používateľa.", + "Email address" : "E-mailová adresa", + "Encrypted" : "Šifrované", + "Entity" : "Entita", + "Kerberos" : "Kerberos", + "Persistent" : "Trvalé", + "Transient" : "Prechodné", + "Unspecified" : "Neurčené", + "Windows domain qualified name" : "Úplný názov domény Windows", + "X509 subject name" : "Názov subjektu pre X509", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Použiť overenie totožnosti SAML pre %s stolných klientov (vyžaduje opätovné overenie používateľa)", + "Optional display name of the identity provider (default: \"SSO & SAML log in\")" : "Voliteľný zobrazovaný názov poskytovateľa identity (predvolené nastavenie: „Prihlásenie SSO a SAML“)", + "Allow the use of multiple user back-ends (e.g. LDAP)" : "Povoliť použitie viacerých podporných vrstiev pre použivatelské účty (napr. LDAP)", + "SSO & SAML authentication" : "Overenie totožnosti SSO & SAML", + "Authenticate using single sign-on" : "Overenie totožnosti pomocou zjednoteného prihlásenia (sso)", + "Using the SSO & SAML app of your Nextcloud you can make it easily possible to integrate your existing Single-Sign-On solution with Nextcloud. In addition, you can use the Nextcloud LDAP user provider to keep the convenience for users. (e.g. when sharing)\nThe following providers are supported and tested at the moment:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Authentication via Environment Variable**\n\t* Kerberos (mod_auth_kerb)\n\t* Any other provider that authenticates using the environment variable\n\nWhile theoretically any other authentication provider implementing either one of those standards is compatible, we like to note that they are not part of any internal test matrix." : "Pomocou aplikácie SSO a SAML vášho Nextcloud môžete ľahko integrovať svoje existujúce riešenie zjednoteného prihlasovania s Nextcloud. Na zaistenie pohodlia pre používateľov môžete navyše použiť poskytovateľa používateľov Nextcloud LDAP. (napr. pri zdieľaní)\nV súčasnosti sú podporovaní a testovaní títo poskytovatelia:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Overovanie prostredníctvom premennej prostredia**\n\t* Kerberos (mod_auth_kerb)\n\t* Akýkoľvek iný poskytovateľ, ktorý overuje pomocou premennej prostredia\n\nAj keď teoreticky je akýkoľvek iný poskytovateľ overenia totožnosti využívajúci niektorý z týchto štandardov kompatibilný, radi by sme poznamenali, že neboli testované.", + "Open documentation" : "Otvoriť dokumentáciu", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you enabled \"%s\" or you go directly to the URL %s." : "Nezabudnite nastaviť používateľa-správcu, ktorý má prístup k inštancii prostredníctvom SSO. Prihlásenie pomocou bežného účtu %s už nebude možné, pokiaľ nepovolíte „%s“ alebo nezačnete priamo na URL %s.", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you go directly to the URL %s." : "Nezabudnite nastaviť používateľa-správcu, ktorý má prístup k inštancii prostredníctvom SSO. Prihlásenie pomocou bežného účtu %s už nebude možné, jedine ak začnete priamo na URL %s.", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Vyberte, či chcete overovať totožnosť pomocou poskytovateľa SAML zabudovaného v Nextcloud alebo pomocou premennej prostredia.", + "Use built-in SAML authentication" : "Použiť zabudované SAML overenie totožnosti", + "Use environment variable" : "Použiť premennú prostredia", + "Global settings" : "Globálne nastavenia", + "Remove identity provider" : "Vzdialený poskytovateľ identity", + "Add identity provider" : "Pridať poskytovateľa identity.", + "General" : "Všeobecné", + "Service Provider Data" : "Poskytovateľ dátových služieb", + "If your Service Provider should use certificates you can optionally specify them here." : "Ak by poskytovateľ služieb mal používať certifikáty, môžete ich tu špecifikovať.", + "Show Service Provider settings…" : "Zobraziť nastavenia poskytovateľa služieb...", + "Name ID format" : "Formát identifikátora názvu", + "Identity Provider Data" : "Poskytovateľ prihlasovacích údajov", + "Configure your IdP settings here." : "Tu nastavte poskytovateľa prihlasovacích údajov.", + "Identifier of the IdP entity (must be a URI)" : "Identifikátor položky poskytovateľa prihlasovacích údajov (musí byť URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "Cieľová URL IdP, kam SP zašle správu s požiadavkou na overenie totožnosti", + "Show optional Identity Provider settings…" : "Zobraziť voliteľné nastavenia poskytovateľa identity…", + "URL Location of the IdP where the SP will send the SLO Request" : "Umiestnenie URL IdP, kam SP zašle SLO požiadavku", + "URL Location of the IDP's SLO Response" : "Umiestnenie URL IDP, kam SLO pošle odpoveď", + "Public X.509 certificate of the IdP" : "Verejný certifikát X.509 poskytovateľa prihlasovacích údajov", + "Attribute mapping" : "Mapovanie atribútov", + "If you want to optionally map attributes to the user you can configure these here." : "Ak chcete voliteľne priradiť atribúty k používateľom, môžete ich nastaviť tu.", + "Show attribute mapping settings…" : "Zobraziť nastavenia priradzovania atribútov ...", + "Security settings" : "Nastavenia súkromia", + "For increased security we recommend enabling the following settings if supported by your environment." : "Ak to vaše prostredie podporuje, odporúčame povoliť nasledujúce nastavenia, aby sa zvýšila bezpečnosť.", + "Show security settings…" : "Zobraziť nastavenia zabezpečenia...", + "Signatures and encryption offered" : "Podpisy a šifrovanie ponúkané", + "Signatures and encryption required" : "Podpisy a šifrovanie vyžadované", + "Download metadata XML" : "Sťahovať metadáta XML", + "Reset settings" : "Resetovať nastavenia", + "Metadata invalid" : "Neplatné metadáta", + "Metadata valid" : "Metadáta sú platné", + "Error" : "Chyba", + "Account not provisioned." : "Účet nebol poskytnutý.", + "Your account is not provisioned, access to this service is thus not possible." : "Váš účet nie je poskytnutý, prístup k tejto službe preto nie je možný.", + "Login options:" : "Možnosti prihlásenia:", + "Choose a authentication provider" : "Vyberte poskytovateľa overovania" +}, +"nplurals=4; plural=(n % 1 == 0 && n == 1 ? 0 : n % 1 == 0 && n >= 2 && n <= 4 ? 1 : n % 1 != 0 ? 2: 3);"); diff --git a/docker/nextcloud/user_saml/l10n/sk.json b/docker/nextcloud/user_saml/l10n/sk.json new file mode 100755 index 0000000..9df42a3 --- /dev/null +++ b/docker/nextcloud/user_saml/l10n/sk.json @@ -0,0 +1,87 @@ +{ "translations": { + "This user account is disabled, please contact your administrator." : "Tento používateľský účet bol zakázaný, obráťte sa na správcu.", + "Saved" : "Uložené", + "Provider" : "Poskytovateľ", + "Unknown error, please check the log file for more details." : "Neznáma chyba. Pre viac informácií skontrolujte logy.", + "Direct log in" : "Priame prihlásenie", + "SSO & SAML log in" : "SSO a SAML prihlásenie", + "This page should not be visited directly." : "Táto stránka by nemala byť zobrazovaná napriamo.", + "Provider " : "Poskytovateľ", + "X.509 certificate of the Service Provider" : "X.509 certifikát poskytovateľa služby", + "Private key of the Service Provider" : "Privátny kľúč poskytovateľa služby", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Znamená, že nameID odoslané týmto poskytovateľom služieb bude šifrované.", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Ukazuje, či budú správy odoslané týmto SP podpísané. [Táto informácia bude uvedená v meta údajoch SP]", + "Indicates whether the messages sent by this SP will be signed." : "Ukazuje, či budú správy odoslané týmto SP podpísané.", + "Indicates whether the messages sent by this SP will be signed." : "Ukazuje, či budú správy odoslané týmto SP podpísané.", + "Whether the metadata should be signed." : "Či majú byť meta údaje podpisované.", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Označuje požiadavku na podpísanie prvkov , a prijatých týmto SP.", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Označuje požiadavku na podpísanie prvkov prijatých týmto SP. [Táto informácia bude uvedená v meta údajoch SP]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Označuje požiadavku na šifrovanie prvkov prijatých týmto SP.", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : " Označuje požiadavku, aby bol prítomný prvok NameID v SAMLResponse prijatý týmto SP.", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Označuje požiadavku na šifrovanie NameID prijatého týmto SP.", + "Indicates if the SP will validate all received XML." : "Označuje, či SP overí všetky prijaté XML.", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS URL-kóduje SAML malými písmenami a sada nástrojov predvolene používa veľké písmená. Povoliť kompatibilitu ADFS pri overovaní podpisu.", + "Algorithm that the toolkit will use on signing process." : "Algoritmus, ktorý sa použije v procese podpisovania.", + "Attribute to map the UID to." : "Atribút na priradenie UID.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Overenie totožnosti povoľte iba v prípade, že účet existuje na nejakom inom serveri. (napr. LDAP)", + "Attribute to map the displayname to." : "Atribút na priradenie zobrazovaného mena.", + "Attribute to map the email address to." : "Atribút na priradenie e-mailovej adresy.", + "Attribute to map the quota to." : "Atribút na priradenie kvóty.", + "Attribute to map the users groups to." : "Atribút na priradenie skupiny používateľov.", + "Attribute to map the users home to." : "Atribút na priradenie domovského priečinka používateľa.", + "Email address" : "E-mailová adresa", + "Encrypted" : "Šifrované", + "Entity" : "Entita", + "Kerberos" : "Kerberos", + "Persistent" : "Trvalé", + "Transient" : "Prechodné", + "Unspecified" : "Neurčené", + "Windows domain qualified name" : "Úplný názov domény Windows", + "X509 subject name" : "Názov subjektu pre X509", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Použiť overenie totožnosti SAML pre %s stolných klientov (vyžaduje opätovné overenie používateľa)", + "Optional display name of the identity provider (default: \"SSO & SAML log in\")" : "Voliteľný zobrazovaný názov poskytovateľa identity (predvolené nastavenie: „Prihlásenie SSO a SAML“)", + "Allow the use of multiple user back-ends (e.g. LDAP)" : "Povoliť použitie viacerých podporných vrstiev pre použivatelské účty (napr. LDAP)", + "SSO & SAML authentication" : "Overenie totožnosti SSO & SAML", + "Authenticate using single sign-on" : "Overenie totožnosti pomocou zjednoteného prihlásenia (sso)", + "Using the SSO & SAML app of your Nextcloud you can make it easily possible to integrate your existing Single-Sign-On solution with Nextcloud. In addition, you can use the Nextcloud LDAP user provider to keep the convenience for users. (e.g. when sharing)\nThe following providers are supported and tested at the moment:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Authentication via Environment Variable**\n\t* Kerberos (mod_auth_kerb)\n\t* Any other provider that authenticates using the environment variable\n\nWhile theoretically any other authentication provider implementing either one of those standards is compatible, we like to note that they are not part of any internal test matrix." : "Pomocou aplikácie SSO a SAML vášho Nextcloud môžete ľahko integrovať svoje existujúce riešenie zjednoteného prihlasovania s Nextcloud. Na zaistenie pohodlia pre používateľov môžete navyše použiť poskytovateľa používateľov Nextcloud LDAP. (napr. pri zdieľaní)\nV súčasnosti sú podporovaní a testovaní títo poskytovatelia:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Overovanie prostredníctvom premennej prostredia**\n\t* Kerberos (mod_auth_kerb)\n\t* Akýkoľvek iný poskytovateľ, ktorý overuje pomocou premennej prostredia\n\nAj keď teoreticky je akýkoľvek iný poskytovateľ overenia totožnosti využívajúci niektorý z týchto štandardov kompatibilný, radi by sme poznamenali, že neboli testované.", + "Open documentation" : "Otvoriť dokumentáciu", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you enabled \"%s\" or you go directly to the URL %s." : "Nezabudnite nastaviť používateľa-správcu, ktorý má prístup k inštancii prostredníctvom SSO. Prihlásenie pomocou bežného účtu %s už nebude možné, pokiaľ nepovolíte „%s“ alebo nezačnete priamo na URL %s.", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you go directly to the URL %s." : "Nezabudnite nastaviť používateľa-správcu, ktorý má prístup k inštancii prostredníctvom SSO. Prihlásenie pomocou bežného účtu %s už nebude možné, jedine ak začnete priamo na URL %s.", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Vyberte, či chcete overovať totožnosť pomocou poskytovateľa SAML zabudovaného v Nextcloud alebo pomocou premennej prostredia.", + "Use built-in SAML authentication" : "Použiť zabudované SAML overenie totožnosti", + "Use environment variable" : "Použiť premennú prostredia", + "Global settings" : "Globálne nastavenia", + "Remove identity provider" : "Vzdialený poskytovateľ identity", + "Add identity provider" : "Pridať poskytovateľa identity.", + "General" : "Všeobecné", + "Service Provider Data" : "Poskytovateľ dátových služieb", + "If your Service Provider should use certificates you can optionally specify them here." : "Ak by poskytovateľ služieb mal používať certifikáty, môžete ich tu špecifikovať.", + "Show Service Provider settings…" : "Zobraziť nastavenia poskytovateľa služieb...", + "Name ID format" : "Formát identifikátora názvu", + "Identity Provider Data" : "Poskytovateľ prihlasovacích údajov", + "Configure your IdP settings here." : "Tu nastavte poskytovateľa prihlasovacích údajov.", + "Identifier of the IdP entity (must be a URI)" : "Identifikátor položky poskytovateľa prihlasovacích údajov (musí byť URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "Cieľová URL IdP, kam SP zašle správu s požiadavkou na overenie totožnosti", + "Show optional Identity Provider settings…" : "Zobraziť voliteľné nastavenia poskytovateľa identity…", + "URL Location of the IdP where the SP will send the SLO Request" : "Umiestnenie URL IdP, kam SP zašle SLO požiadavku", + "URL Location of the IDP's SLO Response" : "Umiestnenie URL IDP, kam SLO pošle odpoveď", + "Public X.509 certificate of the IdP" : "Verejný certifikát X.509 poskytovateľa prihlasovacích údajov", + "Attribute mapping" : "Mapovanie atribútov", + "If you want to optionally map attributes to the user you can configure these here." : "Ak chcete voliteľne priradiť atribúty k používateľom, môžete ich nastaviť tu.", + "Show attribute mapping settings…" : "Zobraziť nastavenia priradzovania atribútov ...", + "Security settings" : "Nastavenia súkromia", + "For increased security we recommend enabling the following settings if supported by your environment." : "Ak to vaše prostredie podporuje, odporúčame povoliť nasledujúce nastavenia, aby sa zvýšila bezpečnosť.", + "Show security settings…" : "Zobraziť nastavenia zabezpečenia...", + "Signatures and encryption offered" : "Podpisy a šifrovanie ponúkané", + "Signatures and encryption required" : "Podpisy a šifrovanie vyžadované", + "Download metadata XML" : "Sťahovať metadáta XML", + "Reset settings" : "Resetovať nastavenia", + "Metadata invalid" : "Neplatné metadáta", + "Metadata valid" : "Metadáta sú platné", + "Error" : "Chyba", + "Account not provisioned." : "Účet nebol poskytnutý.", + "Your account is not provisioned, access to this service is thus not possible." : "Váš účet nie je poskytnutý, prístup k tejto službe preto nie je možný.", + "Login options:" : "Možnosti prihlásenia:", + "Choose a authentication provider" : "Vyberte poskytovateľa overovania" +},"pluralForm" :"nplurals=4; plural=(n % 1 == 0 && n == 1 ? 0 : n % 1 == 0 && n >= 2 && n <= 4 ? 1 : n % 1 != 0 ? 2: 3);" +} \ No newline at end of file diff --git a/docker/nextcloud/user_saml/l10n/sl.js b/docker/nextcloud/user_saml/l10n/sl.js new file mode 100755 index 0000000..926b81d --- /dev/null +++ b/docker/nextcloud/user_saml/l10n/sl.js @@ -0,0 +1,89 @@ +OC.L10N.register( + "user_saml", + { + "This user account is disabled, please contact your administrator." : "Ta uporabniški račun je onemogočen. Stopite v stik s skrbnikom sistema.", + "Saved" : "Shranjeno", + "Provider" : "Ponudnik", + "Unknown error, please check the log file for more details." : "Neznana napaka; več podrobnosti je zapisanih v dnevniški datoteki.", + "Direct log in" : "Račun ni zagotovljen", + "SSO & SAML log in" : "Prijava SSO in SAML", + "This page should not be visited directly." : "Ta strani naj ne bi bilo mogoče obiskati neposredno.", + "Provider " : "Ponudnik", + "X.509 certificate of the Service Provider" : "Potrdilo X.509 ponudnika storitev", + "Private key of the Service Provider" : "Zasebni ključ ponudnika storitev", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Določa, da bo ID imena poslan prek tega ponudnika storitev, šifriran.", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Določa, ali naj bodo sporočila, poslana prek tega spletnega ponudnika, podpisana. [Ponudnik omogoča pregled metapodatkov med podrobnostmi]", + "Indicates whether the messages sent by this SP will be signed." : "Določa, ali naj bodo sporočila, poslana prek tega spletnega ponudnika, podpisana.", + "Indicates whether the messages sent by this SP will be signed." : "Določa, ali naj bodo sporočila, poslana prek tega spletnega ponudnika, podpisana.", + "Whether the metadata should be signed." : "Ali naj bodo metapodatki podpisani.", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Določa zahtevo, da bodo predmeti , in , prejeti prek ponudnika storitev, podpisani.", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Določa zahtevo, da bodo predmeti, prejeti prek ponudnika storitev, šifrirani. [Podrobnosti so zavedene med metapodatki ponudnika.]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Določa zahtevo, da bodo predmeti, prejeti prek ponudnika storitev, šifrirani.", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Določa zahtevo, da bo ID imena, prejetega prek ponudnika storitev v okviru odziva SAML, obvezen podatek.", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Določa zahtevo, da bo ID imena, prejetega prek ponudnika storitev, šifrirani.", + "Indicates if the SP will validate all received XML." : "Določa, ali bo ponudnik storitev overil vse prejete datoteke XML.", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "Protokol ADFS URL kodira podatke SAML v malih črkah, orodja pa privzeto uporabljajo velike. Za overitev podpisa mora biti v primeru ADFS možnost omogočena.", + "Algorithm that the toolkit will use on signing process." : "Algoritem, ki ga uporabljajo orodja za postopek prijave.", + "Attribute to map the UID to." : "Atribut za preslikavo UID.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Overitev dovoli le, če račun obstaja na nekem drugem ozadnjem programu (npr. LDAP)", + "Attribute to map the displayname to." : "Atribut za preslikavo prikaznega imena.", + "Attribute to map the email address to." : "Atribut za preslikavo elektronskega naslova.", + "Attribute to map the quota to." : "Atribut za preslikavo količinske omejitve.", + "Attribute to map the users groups to." : "Atribut za preslikavo uporabniških skupin.", + "Attribute to map the users home to." : "Atribut za preslikavo uporabnikove osebne mape.", + "Email address" : "Elektronski naslov", + "Encrypted" : "Šifrirano", + "Entity" : "Entiteta", + "Kerberos" : "Kerberos", + "Persistent" : "Nenehno", + "Transient" : "Prehodno", + "Unspecified" : "Nedoločeno", + "Windows domain qualified name" : "Ime domene Windows", + "X509 subject name" : "Ime predmeta X509", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Uporabi overitev SAML za odjemalec %s (zahteva ponovno overitev uporabnika)", + "Optional display name of the identity provider (default: \"SSO & SAML log in\")" : "Izbirno prikazno ime ponudnika istovetnosti (privzeto: »Prijava SSO in SAML«)", + "Allow the use of multiple user back-ends (e.g. LDAP)" : "Dovoli uporabo več uporabniških računov (na primer LDAP)", + "SSO & SAML authentication" : "Overitev SSO in SAML", + "Authenticate using single sign-on" : "Overi z uporabo enojne prijave", + "Using the SSO & SAML app of your Nextcloud you can make it easily possible to integrate your existing Single-Sign-On solution with Nextcloud. In addition, you can use the Nextcloud LDAP user provider to keep the convenience for users. (e.g. when sharing)\nThe following providers are supported and tested at the moment:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Authentication via Environment Variable**\n\t* Kerberos (mod_auth_kerb)\n\t* Any other provider that authenticates using the environment variable\n\nWhile theoretically any other authentication provider implementing either one of those standards is compatible, we like to note that they are not part of any internal test matrix." : "Uporaba programa SSO & SAML omogoča uporabo obstoječih možnosti enkratne prijave tudi za okolje Nextcloud. Prav tako je mogoče uporabiti povezavo z Nextcloud LDAP za enostavnejše delo (npr. pri skupni rabi).\nTrenutno so podprte in preizkušene storitve:\n\n* ** SAML 2.0 **\n* OneLogin\n* Shibboleth\n* Active Directory Federation Services (ADFS)\n\n* ** Preverjanje pristnosti prek spremenljivke okolja **\n* Kerberos (mod_auth_kerb)\n* Katerikoli drug ponudnik, ki omogoča overjanje z uporabo spremenljivke okolja\n\nČeprav je za overjanje na razpolago takorekoč katerikoli drug ponudnik overjanja, ki podpira izvajanje navedenih standardov, je pomembno vedeti, da ti niso vključeni v nobeno uradno preizkusno okolje.", + "Open documentation" : "Odpri dokumentacijo", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you enabled \"%s\" or you go directly to the URL %s." : "Uporabniku s skrbniškimi dovoljenji je treba nastaviti dostop prek SSO. Prijava z običajnim računom %s bo mogoča le, če omogočite »%s« oziroma se povežete prek povezave URL %s.", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you go directly to the URL %s." : "Uporabniku s skrbniškimi dovoljenji je treba nastaviti dostop prek SSO. Prijava z običajnim računom %s bo mogoča izključno prek povezave URL %s.", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Izberite, ali naj se overitev izvede z uporabo vgrajene možnosti SAML v okolju Nextcloud ali pa bo overitev potekala prek okoljskih spremenljivk.", + "Use built-in SAML authentication" : "Uporabi vgrajeno overitev SAML", + "Use environment variable" : "Uporabi okoljsko spremenljivko", + "Global settings" : "Splošne nastavitve", + "Remove identity provider" : "Odstrani ponudnika istovetnosti", + "Add identity provider" : "Dodaj ponudnika istovetnosti", + "General" : "Splošno", + "Service Provider Data" : "Podatki ponudnika storitev", + "If your Service Provider should use certificates you can optionally specify them here." : "Če naj ponudnik storitve uporabi potrdilo, ga je izbirno mogoče določiti na tem mestu.", + "Show Service Provider settings…" : "Pokaži nastavitve ponudnika storitve ...", + "Name ID format" : "Zapis določila ID imena", + "Identity Provider Data" : "Podatki ponudnika istovetnosti", + "Configure your IdP settings here." : "Prilagoditev nastavitev IdP.", + "Identifier of the IdP entity (must be a URI)" : "Dololilo IdP (zapisano kot naslov URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "Ciljni naslov URL za IdP, kamor bo ponudnik storitev poslal sporočilo o zahtevi overitve.", + "Show optional Identity Provider settings…" : "Pokaži izbirne nastavitve IP (ponudnika istovetnosti) ...", + "URL Location of the IdP where the SP will send the SLO Request" : "Ciljni naslov URL za IdP, kamor bo ponudnik storitev poslal zahtevo SLO", + "URL Location of the IDP's SLO Response" : "Ciljni naslov URL za zahteve IDP SLO", + "Public X.509 certificate of the IdP" : "Javno potrdilo X.509 IdP", + "Attribute mapping" : "Preslikave atributov", + "If you want to optionally map attributes to the user you can configure these here." : "Če želite izbirno preslikati atribute na uporabnika, lahko to nastavite na tem mestu.", + "Show attribute mapping settings…" : "Pokaži nastavitve preslikave atributov ...", + "Security settings" : "Varnostne nastavitve", + "For increased security we recommend enabling the following settings if supported by your environment." : "Iz varnostnih razlogov je priporočljivo omogočiti nekatere nastavitve, če so te podprte znotraj zagnanega okolja.", + "Show security settings…" : "Pokaži varnostne nastavitve ...", + "Signatures and encryption offered" : "Ponujeno podpisovanje in šifriranje", + "Signatures and encryption required" : "Zahtevano podpisovanje in šifriranje", + "Download metadata XML" : "Prejmi datoteko metapodatkov XML", + "Reset settings" : "Ponastavi nastavitve", + "Metadata invalid" : "Neveljavni metapodatki", + "Metadata valid" : "Veljavni metapodatki", + "Error" : "Napaka", + "Account not provisioned." : "Račun ni pripravljen.", + "Your account is not provisioned, access to this service is thus not possible." : "Naveden račun ni pripravljen, zato dostop do te storitve mogoč.", + "Login options:" : "Možnosti prijave:", + "Choose a authentication provider" : "Izbor ponudnika overitve" +}, +"nplurals=4; plural=(n%100==1 ? 0 : n%100==2 ? 1 : n%100==3 || n%100==4 ? 2 : 3);"); diff --git a/docker/nextcloud/user_saml/l10n/sl.json b/docker/nextcloud/user_saml/l10n/sl.json new file mode 100755 index 0000000..ed5c49d --- /dev/null +++ b/docker/nextcloud/user_saml/l10n/sl.json @@ -0,0 +1,87 @@ +{ "translations": { + "This user account is disabled, please contact your administrator." : "Ta uporabniški račun je onemogočen. Stopite v stik s skrbnikom sistema.", + "Saved" : "Shranjeno", + "Provider" : "Ponudnik", + "Unknown error, please check the log file for more details." : "Neznana napaka; več podrobnosti je zapisanih v dnevniški datoteki.", + "Direct log in" : "Račun ni zagotovljen", + "SSO & SAML log in" : "Prijava SSO in SAML", + "This page should not be visited directly." : "Ta strani naj ne bi bilo mogoče obiskati neposredno.", + "Provider " : "Ponudnik", + "X.509 certificate of the Service Provider" : "Potrdilo X.509 ponudnika storitev", + "Private key of the Service Provider" : "Zasebni ključ ponudnika storitev", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Določa, da bo ID imena poslan prek tega ponudnika storitev, šifriran.", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Določa, ali naj bodo sporočila, poslana prek tega spletnega ponudnika, podpisana. [Ponudnik omogoča pregled metapodatkov med podrobnostmi]", + "Indicates whether the messages sent by this SP will be signed." : "Določa, ali naj bodo sporočila, poslana prek tega spletnega ponudnika, podpisana.", + "Indicates whether the messages sent by this SP will be signed." : "Določa, ali naj bodo sporočila, poslana prek tega spletnega ponudnika, podpisana.", + "Whether the metadata should be signed." : "Ali naj bodo metapodatki podpisani.", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Določa zahtevo, da bodo predmeti , in , prejeti prek ponudnika storitev, podpisani.", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Določa zahtevo, da bodo predmeti, prejeti prek ponudnika storitev, šifrirani. [Podrobnosti so zavedene med metapodatki ponudnika.]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Določa zahtevo, da bodo predmeti, prejeti prek ponudnika storitev, šifrirani.", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Določa zahtevo, da bo ID imena, prejetega prek ponudnika storitev v okviru odziva SAML, obvezen podatek.", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Določa zahtevo, da bo ID imena, prejetega prek ponudnika storitev, šifrirani.", + "Indicates if the SP will validate all received XML." : "Določa, ali bo ponudnik storitev overil vse prejete datoteke XML.", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "Protokol ADFS URL kodira podatke SAML v malih črkah, orodja pa privzeto uporabljajo velike. Za overitev podpisa mora biti v primeru ADFS možnost omogočena.", + "Algorithm that the toolkit will use on signing process." : "Algoritem, ki ga uporabljajo orodja za postopek prijave.", + "Attribute to map the UID to." : "Atribut za preslikavo UID.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Overitev dovoli le, če račun obstaja na nekem drugem ozadnjem programu (npr. LDAP)", + "Attribute to map the displayname to." : "Atribut za preslikavo prikaznega imena.", + "Attribute to map the email address to." : "Atribut za preslikavo elektronskega naslova.", + "Attribute to map the quota to." : "Atribut za preslikavo količinske omejitve.", + "Attribute to map the users groups to." : "Atribut za preslikavo uporabniških skupin.", + "Attribute to map the users home to." : "Atribut za preslikavo uporabnikove osebne mape.", + "Email address" : "Elektronski naslov", + "Encrypted" : "Šifrirano", + "Entity" : "Entiteta", + "Kerberos" : "Kerberos", + "Persistent" : "Nenehno", + "Transient" : "Prehodno", + "Unspecified" : "Nedoločeno", + "Windows domain qualified name" : "Ime domene Windows", + "X509 subject name" : "Ime predmeta X509", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Uporabi overitev SAML za odjemalec %s (zahteva ponovno overitev uporabnika)", + "Optional display name of the identity provider (default: \"SSO & SAML log in\")" : "Izbirno prikazno ime ponudnika istovetnosti (privzeto: »Prijava SSO in SAML«)", + "Allow the use of multiple user back-ends (e.g. LDAP)" : "Dovoli uporabo več uporabniških računov (na primer LDAP)", + "SSO & SAML authentication" : "Overitev SSO in SAML", + "Authenticate using single sign-on" : "Overi z uporabo enojne prijave", + "Using the SSO & SAML app of your Nextcloud you can make it easily possible to integrate your existing Single-Sign-On solution with Nextcloud. In addition, you can use the Nextcloud LDAP user provider to keep the convenience for users. (e.g. when sharing)\nThe following providers are supported and tested at the moment:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Authentication via Environment Variable**\n\t* Kerberos (mod_auth_kerb)\n\t* Any other provider that authenticates using the environment variable\n\nWhile theoretically any other authentication provider implementing either one of those standards is compatible, we like to note that they are not part of any internal test matrix." : "Uporaba programa SSO & SAML omogoča uporabo obstoječih možnosti enkratne prijave tudi za okolje Nextcloud. Prav tako je mogoče uporabiti povezavo z Nextcloud LDAP za enostavnejše delo (npr. pri skupni rabi).\nTrenutno so podprte in preizkušene storitve:\n\n* ** SAML 2.0 **\n* OneLogin\n* Shibboleth\n* Active Directory Federation Services (ADFS)\n\n* ** Preverjanje pristnosti prek spremenljivke okolja **\n* Kerberos (mod_auth_kerb)\n* Katerikoli drug ponudnik, ki omogoča overjanje z uporabo spremenljivke okolja\n\nČeprav je za overjanje na razpolago takorekoč katerikoli drug ponudnik overjanja, ki podpira izvajanje navedenih standardov, je pomembno vedeti, da ti niso vključeni v nobeno uradno preizkusno okolje.", + "Open documentation" : "Odpri dokumentacijo", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you enabled \"%s\" or you go directly to the URL %s." : "Uporabniku s skrbniškimi dovoljenji je treba nastaviti dostop prek SSO. Prijava z običajnim računom %s bo mogoča le, če omogočite »%s« oziroma se povežete prek povezave URL %s.", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you go directly to the URL %s." : "Uporabniku s skrbniškimi dovoljenji je treba nastaviti dostop prek SSO. Prijava z običajnim računom %s bo mogoča izključno prek povezave URL %s.", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Izberite, ali naj se overitev izvede z uporabo vgrajene možnosti SAML v okolju Nextcloud ali pa bo overitev potekala prek okoljskih spremenljivk.", + "Use built-in SAML authentication" : "Uporabi vgrajeno overitev SAML", + "Use environment variable" : "Uporabi okoljsko spremenljivko", + "Global settings" : "Splošne nastavitve", + "Remove identity provider" : "Odstrani ponudnika istovetnosti", + "Add identity provider" : "Dodaj ponudnika istovetnosti", + "General" : "Splošno", + "Service Provider Data" : "Podatki ponudnika storitev", + "If your Service Provider should use certificates you can optionally specify them here." : "Če naj ponudnik storitve uporabi potrdilo, ga je izbirno mogoče določiti na tem mestu.", + "Show Service Provider settings…" : "Pokaži nastavitve ponudnika storitve ...", + "Name ID format" : "Zapis določila ID imena", + "Identity Provider Data" : "Podatki ponudnika istovetnosti", + "Configure your IdP settings here." : "Prilagoditev nastavitev IdP.", + "Identifier of the IdP entity (must be a URI)" : "Dololilo IdP (zapisano kot naslov URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "Ciljni naslov URL za IdP, kamor bo ponudnik storitev poslal sporočilo o zahtevi overitve.", + "Show optional Identity Provider settings…" : "Pokaži izbirne nastavitve IP (ponudnika istovetnosti) ...", + "URL Location of the IdP where the SP will send the SLO Request" : "Ciljni naslov URL za IdP, kamor bo ponudnik storitev poslal zahtevo SLO", + "URL Location of the IDP's SLO Response" : "Ciljni naslov URL za zahteve IDP SLO", + "Public X.509 certificate of the IdP" : "Javno potrdilo X.509 IdP", + "Attribute mapping" : "Preslikave atributov", + "If you want to optionally map attributes to the user you can configure these here." : "Če želite izbirno preslikati atribute na uporabnika, lahko to nastavite na tem mestu.", + "Show attribute mapping settings…" : "Pokaži nastavitve preslikave atributov ...", + "Security settings" : "Varnostne nastavitve", + "For increased security we recommend enabling the following settings if supported by your environment." : "Iz varnostnih razlogov je priporočljivo omogočiti nekatere nastavitve, če so te podprte znotraj zagnanega okolja.", + "Show security settings…" : "Pokaži varnostne nastavitve ...", + "Signatures and encryption offered" : "Ponujeno podpisovanje in šifriranje", + "Signatures and encryption required" : "Zahtevano podpisovanje in šifriranje", + "Download metadata XML" : "Prejmi datoteko metapodatkov XML", + "Reset settings" : "Ponastavi nastavitve", + "Metadata invalid" : "Neveljavni metapodatki", + "Metadata valid" : "Veljavni metapodatki", + "Error" : "Napaka", + "Account not provisioned." : "Račun ni pripravljen.", + "Your account is not provisioned, access to this service is thus not possible." : "Naveden račun ni pripravljen, zato dostop do te storitve mogoč.", + "Login options:" : "Možnosti prijave:", + "Choose a authentication provider" : "Izbor ponudnika overitve" +},"pluralForm" :"nplurals=4; plural=(n%100==1 ? 0 : n%100==2 ? 1 : n%100==3 || n%100==4 ? 2 : 3);" +} \ No newline at end of file diff --git a/docker/nextcloud/user_saml/l10n/sq.js b/docker/nextcloud/user_saml/l10n/sq.js new file mode 100755 index 0000000..34f597b --- /dev/null +++ b/docker/nextcloud/user_saml/l10n/sq.js @@ -0,0 +1,55 @@ +OC.L10N.register( + "user_saml", + { + "Saved" : "U ruajt", + "X.509 certificate of the Service Provider" : "Çertifikata X.509 e ofruesit të shërbimit", + "Private key of the Service Provider" : "Çelësi privat i Ofruesit të Shërbimit", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Tregon se nameID i i dërguar nga kjo SP do të enkriptohet.", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Tregon nëse mesazhet  të dërguara nga kjo SP do të firmosen. [Metadata të kësaj SP do të ofrojnë këtë informacion]", + "Indicates whether the messages sent by this SP will be signed." : "Tregon nëse mesazhet të dëguara nga ky SP do të nënshkruhen.", + "Indicates whether the messages sent by this SP will be signed." : "Tregon nëse mesazhet   të dërguara nga kjo SP do të firmosen.", + "Whether the metadata should be signed." : "Nëse duhet të nënshkruhet metadata", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Tregon një nevojë për elementët , and të marra nga kjo SP për t'u nënshkruar.", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Tregon një nevojë për elementet të marra nga kjo SP për t'u nënshkruar. [Metadata të SP do të ofrojnë këtë informacion]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Tregon nje kërkesë të elementëve të marrë nga kjo SP për tu enkriptuar.", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Tregon një kërkesë për elementin NameID nëSAMLResponse e marrë nga kjo SP për tu prezantuar.", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Tregon një kërkesë për EmërID të marrë nga ky PS për t'u koduar.", + "Indicates if the SP will validate all received XML." : "Tregon nëse SP do të quaj të vlefshëm të gjitha XML e marra.", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS URL-Kodon të dhënat SAMP në shkronja të vogla, dhe toolkit sipas parapërzgjedhjes përdor shkronja të vogla. Aktivizo pajtueshmërinë e ADFS në verifikimin e firmës.", + "Attribute to map the UID to." : "Atributi për të identifikuar UID.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Lejo autentikimin vetëm nëse një llogari ekziston në një backend tjetër. (p.sh. LDAP)", + "Attribute to map the displayname to." : "Atributi për të mapuar emrin e shfaqjes në.", + "Attribute to map the email address to." : "Atributi për të hartuar adresën e postës elektronike në.", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Përdor vërtetimin SAML për desktopët klient %s( kërkon ri-vërtetimin e përdoruesit)", + "SSO & SAML authentication" : "Identifikim SSO & SAML", + "Open documentation" : "Dokumentacion i hapur", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Ju lutem zgjidhni nëse doni të vërtetoni përdorimin e ofruesit SAML të ndërtuar në Nextcloud ose nëse dëshironi të vërtetoni kundër një ndryshoreje mjedisi.", + "Use built-in SAML authentication" : "Përdor identifikimin me SAML", + "Use environment variable" : "Përdor variablin e mjedisit", + "General" : "Të përgjithshme", + "Service Provider Data" : "Të dhënat e ofruesit të shërbimit", + "If your Service Provider should use certificates you can optionally specify them here." : "Nëse Ofruesi i Shërbimit tuaj duhet të përdori çertifikata ju mund ti specifikoni ato këtu.", + "Show Service Provider settings…" : "Trego konfigurimet e Ofruesit të Shërbimit", + "Identity Provider Data" : "Identifiko Ofruesin e të Dhënave", + "Configure your IdP settings here." : "Konfiguroni rregullimet e IdP tuaj këtu", + "Identifier of the IdP entity (must be a URI)" : "Identifikues i ekzistencës së IdP(duhet të jetë një URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "Targeti URL i IdP ku PS do të dërgojë Mesazhin e Kërkesës së Autentifikimit", + "Show optional Identity Provider settings…" : "Trego konfigurimet opsionale të Dhënësit të Identitetit ...", + "URL Location of the IdP where the SP will send the SLO Request" : "Vendndodhja URL e IDP ku PS do të dërgojë Kërkesën SLO", + "Public X.509 certificate of the IdP" : "Çertifikatë publike X.509 e IdP", + "Attribute mapping" : "Përcaktimi i atributeve", + "If you want to optionally map attributes to the user you can configure these here." : "Nëse dëshironi të maponi atributet tek përdoruesi opsionalisht, ju mund t'i konfiguroni ato këtu.", + "Show attribute mapping settings…" : "Trego konfigurimet e përcaktimit të atributeve...", + "Security settings" : "Konfigurimet e sigurisë", + "For increased security we recommend enabling the following settings if supported by your environment." : "Për të rritur nivelin e sigurisë ne ju rekomandojmë të mundësoni konfigurimet në vijim nëse ato suportohen nga mjedisi juaj.", + "Show security settings…" : "Trego konfigurimet e sigurisë...", + "Signatures and encryption offered" : "Firmat dhe enkriptimi janë ofruara", + "Signatures and encryption required" : "Kërkohet firma dhe enkriptimi", + "Download metadata XML" : "Shkarko metadata XML", + "Metadata invalid" : "Metadata jo e vlefshme", + "Metadata valid" : "Metadata e vlefshme", + "Error" : "Error", + "Account not provisioned." : "Llogaria nuk është e provizionuar", + "Your account is not provisioned, access to this service is thus not possible." : "Llogaria juaj nuk është e provizionuar, prandaj aksesi në këtë pajisje nuk është i munduar." +}, +"nplurals=2; plural=(n != 1);"); diff --git a/docker/nextcloud/user_saml/l10n/sq.json b/docker/nextcloud/user_saml/l10n/sq.json new file mode 100755 index 0000000..7909f01 --- /dev/null +++ b/docker/nextcloud/user_saml/l10n/sq.json @@ -0,0 +1,53 @@ +{ "translations": { + "Saved" : "U ruajt", + "X.509 certificate of the Service Provider" : "Çertifikata X.509 e ofruesit të shërbimit", + "Private key of the Service Provider" : "Çelësi privat i Ofruesit të Shërbimit", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Tregon se nameID i i dërguar nga kjo SP do të enkriptohet.", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Tregon nëse mesazhet  të dërguara nga kjo SP do të firmosen. [Metadata të kësaj SP do të ofrojnë këtë informacion]", + "Indicates whether the messages sent by this SP will be signed." : "Tregon nëse mesazhet të dëguara nga ky SP do të nënshkruhen.", + "Indicates whether the messages sent by this SP will be signed." : "Tregon nëse mesazhet   të dërguara nga kjo SP do të firmosen.", + "Whether the metadata should be signed." : "Nëse duhet të nënshkruhet metadata", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Tregon një nevojë për elementët , and të marra nga kjo SP për t'u nënshkruar.", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Tregon një nevojë për elementet të marra nga kjo SP për t'u nënshkruar. [Metadata të SP do të ofrojnë këtë informacion]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Tregon nje kërkesë të elementëve të marrë nga kjo SP për tu enkriptuar.", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Tregon një kërkesë për elementin NameID nëSAMLResponse e marrë nga kjo SP për tu prezantuar.", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Tregon një kërkesë për EmërID të marrë nga ky PS për t'u koduar.", + "Indicates if the SP will validate all received XML." : "Tregon nëse SP do të quaj të vlefshëm të gjitha XML e marra.", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS URL-Kodon të dhënat SAMP në shkronja të vogla, dhe toolkit sipas parapërzgjedhjes përdor shkronja të vogla. Aktivizo pajtueshmërinë e ADFS në verifikimin e firmës.", + "Attribute to map the UID to." : "Atributi për të identifikuar UID.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Lejo autentikimin vetëm nëse një llogari ekziston në një backend tjetër. (p.sh. LDAP)", + "Attribute to map the displayname to." : "Atributi për të mapuar emrin e shfaqjes në.", + "Attribute to map the email address to." : "Atributi për të hartuar adresën e postës elektronike në.", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Përdor vërtetimin SAML për desktopët klient %s( kërkon ri-vërtetimin e përdoruesit)", + "SSO & SAML authentication" : "Identifikim SSO & SAML", + "Open documentation" : "Dokumentacion i hapur", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Ju lutem zgjidhni nëse doni të vërtetoni përdorimin e ofruesit SAML të ndërtuar në Nextcloud ose nëse dëshironi të vërtetoni kundër një ndryshoreje mjedisi.", + "Use built-in SAML authentication" : "Përdor identifikimin me SAML", + "Use environment variable" : "Përdor variablin e mjedisit", + "General" : "Të përgjithshme", + "Service Provider Data" : "Të dhënat e ofruesit të shërbimit", + "If your Service Provider should use certificates you can optionally specify them here." : "Nëse Ofruesi i Shërbimit tuaj duhet të përdori çertifikata ju mund ti specifikoni ato këtu.", + "Show Service Provider settings…" : "Trego konfigurimet e Ofruesit të Shërbimit", + "Identity Provider Data" : "Identifiko Ofruesin e të Dhënave", + "Configure your IdP settings here." : "Konfiguroni rregullimet e IdP tuaj këtu", + "Identifier of the IdP entity (must be a URI)" : "Identifikues i ekzistencës së IdP(duhet të jetë një URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "Targeti URL i IdP ku PS do të dërgojë Mesazhin e Kërkesës së Autentifikimit", + "Show optional Identity Provider settings…" : "Trego konfigurimet opsionale të Dhënësit të Identitetit ...", + "URL Location of the IdP where the SP will send the SLO Request" : "Vendndodhja URL e IDP ku PS do të dërgojë Kërkesën SLO", + "Public X.509 certificate of the IdP" : "Çertifikatë publike X.509 e IdP", + "Attribute mapping" : "Përcaktimi i atributeve", + "If you want to optionally map attributes to the user you can configure these here." : "Nëse dëshironi të maponi atributet tek përdoruesi opsionalisht, ju mund t'i konfiguroni ato këtu.", + "Show attribute mapping settings…" : "Trego konfigurimet e përcaktimit të atributeve...", + "Security settings" : "Konfigurimet e sigurisë", + "For increased security we recommend enabling the following settings if supported by your environment." : "Për të rritur nivelin e sigurisë ne ju rekomandojmë të mundësoni konfigurimet në vijim nëse ato suportohen nga mjedisi juaj.", + "Show security settings…" : "Trego konfigurimet e sigurisë...", + "Signatures and encryption offered" : "Firmat dhe enkriptimi janë ofruara", + "Signatures and encryption required" : "Kërkohet firma dhe enkriptimi", + "Download metadata XML" : "Shkarko metadata XML", + "Metadata invalid" : "Metadata jo e vlefshme", + "Metadata valid" : "Metadata e vlefshme", + "Error" : "Error", + "Account not provisioned." : "Llogaria nuk është e provizionuar", + "Your account is not provisioned, access to this service is thus not possible." : "Llogaria juaj nuk është e provizionuar, prandaj aksesi në këtë pajisje nuk është i munduar." +},"pluralForm" :"nplurals=2; plural=(n != 1);" +} \ No newline at end of file diff --git a/docker/nextcloud/user_saml/l10n/sr.js b/docker/nextcloud/user_saml/l10n/sr.js new file mode 100755 index 0000000..4498013 --- /dev/null +++ b/docker/nextcloud/user_saml/l10n/sr.js @@ -0,0 +1,89 @@ +OC.L10N.register( + "user_saml", + { + "This user account is disabled, please contact your administrator." : "Овај кориснички налог је искључен. Контактирајте администратора.", + "Saved" : "Сачувано", + "Provider" : "Провајдер", + "Unknown error, please check the log file for more details." : "Непозната грешка. Проверите дневнике за више детаља.", + "Direct log in" : "Директна пријава", + "SSO & SAML log in" : "SSO & SAML пријава", + "This page should not be visited directly." : "Ова страна не би требало да се посећује директно.", + "Provider " : "Провајдер", + "X.509 certificate of the Service Provider" : "X.509 сертификат провајдера услуга", + "Private key of the Service Provider" : "Приватни кључ провајдера услуга", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Назначава да ће се nameID од који шаље добављач услуга бити шифрован.", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Назначава да ли ће поруке које шаље добављач услуга бити потписане. [метаподаци овог добављача услуга ће понудити ову информацију]", + "Indicates whether the messages sent by this SP will be signed." : "Назначава да ли ће поруке које шаље добављач услуга бити потписане.", + "Indicates whether the messages sent by this SP will be signed." : "Назначава да ли ће поруке које шаље добављач услуга бити потписане.", + "Whether the metadata should be signed." : "Да ли метаподаци треба да буду потписани.", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Назначава захтев да , и елементи које прима овај добављач услуга буду потписани.", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Назначава захтев да елемент који прима овај добављач услуга буде потписан. [метаподаци овог добављача услуга ће понудити ову информацију]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Назначава захтев да елемент који прима овај добављач услуга буде шифрован.", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Назначава захтев да NameID елемент који прима овај добављач услуга буде у поруци.", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Назначава захтев да NameID елемент који прима овај добављач услуга буде шифрован.", + "Indicates if the SP will validate all received XML." : "Назначава да ли ће добављач услуга валидирати сав примљени XML.", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS URL-Енкодује SAML податке малим словима, а тулкит подразумевано користи велика слова. Укључити за ADFS компатибилност при верификацији потписа.", + "Algorithm that the toolkit will use on signing process." : "Алгоритам који ће комплет алатки користити код процеса регистрације.", + "Attribute to map the UID to." : "Атрибут на који се UID мапира.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Дозволи проверу идентитета само ако налог постоји на неком другом позадинском механизму (нпр. LDAP)", + "Attribute to map the displayname to." : "Атрибут на који се displayname мапира.", + "Attribute to map the email address to." : "Атрибут на који се мапира адреса е-поште.", + "Attribute to map the quota to." : "Атрибут на који се мапира квота.", + "Attribute to map the users groups to." : "Атрибут на који да се мапира корисничка група.", + "Attribute to map the users home to." : "Атрибут на који да се мапира кориснички директоријум.", + "Email address" : "Адреса е-поште", + "Encrypted" : "Шифровано", + "Entity" : "Ентитет", + "Kerberos" : "Керберос", + "Persistent" : "Трајно сачувано", + "Transient" : "Привремено", + "Unspecified" : "Неодређено", + "Windows domain qualified name" : "Квалификовано име Windows домена", + "X509 subject name" : "X509 име субјекта", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Користи SAML проверу идентитета за %s десктоп клијенте (захтева поновну проверу идентитета)", + "Optional display name of the identity provider (default: \"SSO & SAML log in\")" : "Опциони натпис за опслужиоца идентитета (подразумевано: „SSO & SAML log in“)", + "Allow the use of multiple user back-ends (e.g. LDAP)" : "Дозволи коришћење више позадинских механизама (нпр. LDAP)", + "SSO & SAML authentication" : "SSO & SAML провера идентитета", + "Authenticate using single sign-on" : "Идентификујте се користећи јединствену пријаву", + "Using the SSO & SAML app of your Nextcloud you can make it easily possible to integrate your existing Single-Sign-On solution with Nextcloud. In addition, you can use the Nextcloud LDAP user provider to keep the convenience for users. (e.g. when sharing)\nThe following providers are supported and tested at the moment:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Authentication via Environment Variable**\n\t* Kerberos (mod_auth_kerb)\n\t* Any other provider that authenticates using the environment variable\n\nWhile theoretically any other authentication provider implementing either one of those standards is compatible, we like to note that they are not part of any internal test matrix." : "Коришћењем SSO & SAML Некстклауд апликације, можете лако омогућити интеграцију у постојеће Single-Sign-On решење са Некстклаудом. Додатно, можете користити и Некстклауд LDAP добављача корисника да корисницима све буде једноставније (нпр. приликом дељења)\nСледећи добављачи су тренутно подржани и тестирани:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Идентификација преко променљивих окружења**\n\t* Kerberos (mod_auth_kerb)\n\t* Било који други провајдер који проверава идентитет преко променљивих окружења\n\nИако је, теоријски, сваки добављач провере идентитета који имплементира било који од стандарда изнад компатибилан, желели бисмо да нагласимо да они нису део интерне тест матрице.", + "Open documentation" : "Отвори документацију", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you enabled \"%s\" or you go directly to the URL %s." : "Постарајте се да подесите административног корисника који може да приступи инстанци преко SSO-а. Пријава преко обичног %s налога неће виши бити могућа, осим ако не укључите \"%s\" или одете директно на адресу %s.", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you go directly to the URL %s." : "Постарајте се да подесите административног корисника који може да приступи инстанци преко SSO-а. Пријава преко обичног %s налога неће виши бити могућа, осим ако не укључите \"%s\".", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Одаберите желите ли да обавите проверу идентитета користећи SAML добављача уграђеног у Некстклауд или преко променљиве окружења.", + "Use built-in SAML authentication" : "Користи уграђени SAML проверу идентитета", + "Use environment variable" : "Користи променљиву окружења", + "Global settings" : "Опште поставке", + "Remove identity provider" : "Уклони провајдера идентитета", + "Add identity provider" : "Додај провајдера идентитета", + "General" : "Опште", + "Service Provider Data" : "Подаци добављача услуга", + "If your Service Provider should use certificates you can optionally specify them here." : "Ако Ваш провајдер услуга користи сертификате, можете их опционо навести овде.", + "Show Service Provider settings…" : "Прикажи поставке провајдера услуга…", + "Name ID format" : "Name ID формат", + "Identity Provider Data" : "Подаци провајдера идентитета", + "Configure your IdP settings here." : "Подесите добављача идентитета овде.", + "Identifier of the IdP entity (must be a URI)" : "Идентификација ентитета добављача идентитета (мора бити URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "URL одредиште добављача идентитета где ће добављач услуга слати Authentication Request Message", + "Show optional Identity Provider settings…" : "Прикажи опционе поставке провајдера идентитета…", + "URL Location of the IdP where the SP will send the SLO Request" : "URL локација добављача идентитета где ће добављач услуга послати SLO захтев", + "URL Location of the IDP's SLO Response" : "URL адреса IDP SLO одговора", + "Public X.509 certificate of the IdP" : "Јавни X.509 сертификат добављача идентитета", + "Attribute mapping" : "Мапирање атрибута", + "If you want to optionally map attributes to the user you can configure these here." : "Ако желите да опционо мапирате атрибуте на корисника, то можете учинити овде.", + "Show attribute mapping settings…" : "Прикажи поставке мапирања атрибута…", + "Security settings" : "Безбедоносне поставке", + "For increased security we recommend enabling the following settings if supported by your environment." : "За повећану безбедност, препоручујемо да укључите следеће поставке, ако их Ваше окружење подржава.", + "Show security settings…" : "Прикажи безбедоносне поставке…", + "Signatures and encryption offered" : "Понуђено потписи и шифровање", + "Signatures and encryption required" : "Захтевани потписи и шифровање", + "Download metadata XML" : "Скини XML метаподатака", + "Reset settings" : "Ресетуј поставке", + "Metadata invalid" : "Метаподаци неисправни", + "Metadata valid" : "Метаподаци исправни", + "Error" : "Грешка", + "Account not provisioned." : "Налог није добављен.", + "Your account is not provisioned, access to this service is thus not possible." : "Ваш налог није добављен. Због тога није могућ приступ овом сервису.", + "Login options:" : "Опције пријаве:", + "Choose a authentication provider" : "Одаберите провајдера провере идентитета" +}, +"nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);"); diff --git a/docker/nextcloud/user_saml/l10n/sr.json b/docker/nextcloud/user_saml/l10n/sr.json new file mode 100755 index 0000000..5c4c4a9 --- /dev/null +++ b/docker/nextcloud/user_saml/l10n/sr.json @@ -0,0 +1,87 @@ +{ "translations": { + "This user account is disabled, please contact your administrator." : "Овај кориснички налог је искључен. Контактирајте администратора.", + "Saved" : "Сачувано", + "Provider" : "Провајдер", + "Unknown error, please check the log file for more details." : "Непозната грешка. Проверите дневнике за више детаља.", + "Direct log in" : "Директна пријава", + "SSO & SAML log in" : "SSO & SAML пријава", + "This page should not be visited directly." : "Ова страна не би требало да се посећује директно.", + "Provider " : "Провајдер", + "X.509 certificate of the Service Provider" : "X.509 сертификат провајдера услуга", + "Private key of the Service Provider" : "Приватни кључ провајдера услуга", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Назначава да ће се nameID од који шаље добављач услуга бити шифрован.", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Назначава да ли ће поруке које шаље добављач услуга бити потписане. [метаподаци овог добављача услуга ће понудити ову информацију]", + "Indicates whether the messages sent by this SP will be signed." : "Назначава да ли ће поруке које шаље добављач услуга бити потписане.", + "Indicates whether the messages sent by this SP will be signed." : "Назначава да ли ће поруке које шаље добављач услуга бити потписане.", + "Whether the metadata should be signed." : "Да ли метаподаци треба да буду потписани.", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Назначава захтев да , и елементи које прима овај добављач услуга буду потписани.", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Назначава захтев да елемент који прима овај добављач услуга буде потписан. [метаподаци овог добављача услуга ће понудити ову информацију]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Назначава захтев да елемент који прима овај добављач услуга буде шифрован.", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Назначава захтев да NameID елемент који прима овај добављач услуга буде у поруци.", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Назначава захтев да NameID елемент који прима овај добављач услуга буде шифрован.", + "Indicates if the SP will validate all received XML." : "Назначава да ли ће добављач услуга валидирати сав примљени XML.", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS URL-Енкодује SAML податке малим словима, а тулкит подразумевано користи велика слова. Укључити за ADFS компатибилност при верификацији потписа.", + "Algorithm that the toolkit will use on signing process." : "Алгоритам који ће комплет алатки користити код процеса регистрације.", + "Attribute to map the UID to." : "Атрибут на који се UID мапира.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Дозволи проверу идентитета само ако налог постоји на неком другом позадинском механизму (нпр. LDAP)", + "Attribute to map the displayname to." : "Атрибут на који се displayname мапира.", + "Attribute to map the email address to." : "Атрибут на који се мапира адреса е-поште.", + "Attribute to map the quota to." : "Атрибут на који се мапира квота.", + "Attribute to map the users groups to." : "Атрибут на који да се мапира корисничка група.", + "Attribute to map the users home to." : "Атрибут на који да се мапира кориснички директоријум.", + "Email address" : "Адреса е-поште", + "Encrypted" : "Шифровано", + "Entity" : "Ентитет", + "Kerberos" : "Керберос", + "Persistent" : "Трајно сачувано", + "Transient" : "Привремено", + "Unspecified" : "Неодређено", + "Windows domain qualified name" : "Квалификовано име Windows домена", + "X509 subject name" : "X509 име субјекта", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Користи SAML проверу идентитета за %s десктоп клијенте (захтева поновну проверу идентитета)", + "Optional display name of the identity provider (default: \"SSO & SAML log in\")" : "Опциони натпис за опслужиоца идентитета (подразумевано: „SSO & SAML log in“)", + "Allow the use of multiple user back-ends (e.g. LDAP)" : "Дозволи коришћење више позадинских механизама (нпр. LDAP)", + "SSO & SAML authentication" : "SSO & SAML провера идентитета", + "Authenticate using single sign-on" : "Идентификујте се користећи јединствену пријаву", + "Using the SSO & SAML app of your Nextcloud you can make it easily possible to integrate your existing Single-Sign-On solution with Nextcloud. In addition, you can use the Nextcloud LDAP user provider to keep the convenience for users. (e.g. when sharing)\nThe following providers are supported and tested at the moment:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Authentication via Environment Variable**\n\t* Kerberos (mod_auth_kerb)\n\t* Any other provider that authenticates using the environment variable\n\nWhile theoretically any other authentication provider implementing either one of those standards is compatible, we like to note that they are not part of any internal test matrix." : "Коришћењем SSO & SAML Некстклауд апликације, можете лако омогућити интеграцију у постојеће Single-Sign-On решење са Некстклаудом. Додатно, можете користити и Некстклауд LDAP добављача корисника да корисницима све буде једноставније (нпр. приликом дељења)\nСледећи добављачи су тренутно подржани и тестирани:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Идентификација преко променљивих окружења**\n\t* Kerberos (mod_auth_kerb)\n\t* Било који други провајдер који проверава идентитет преко променљивих окружења\n\nИако је, теоријски, сваки добављач провере идентитета који имплементира било који од стандарда изнад компатибилан, желели бисмо да нагласимо да они нису део интерне тест матрице.", + "Open documentation" : "Отвори документацију", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you enabled \"%s\" or you go directly to the URL %s." : "Постарајте се да подесите административног корисника који може да приступи инстанци преко SSO-а. Пријава преко обичног %s налога неће виши бити могућа, осим ако не укључите \"%s\" или одете директно на адресу %s.", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you go directly to the URL %s." : "Постарајте се да подесите административног корисника који може да приступи инстанци преко SSO-а. Пријава преко обичног %s налога неће виши бити могућа, осим ако не укључите \"%s\".", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Одаберите желите ли да обавите проверу идентитета користећи SAML добављача уграђеног у Некстклауд или преко променљиве окружења.", + "Use built-in SAML authentication" : "Користи уграђени SAML проверу идентитета", + "Use environment variable" : "Користи променљиву окружења", + "Global settings" : "Опште поставке", + "Remove identity provider" : "Уклони провајдера идентитета", + "Add identity provider" : "Додај провајдера идентитета", + "General" : "Опште", + "Service Provider Data" : "Подаци добављача услуга", + "If your Service Provider should use certificates you can optionally specify them here." : "Ако Ваш провајдер услуга користи сертификате, можете их опционо навести овде.", + "Show Service Provider settings…" : "Прикажи поставке провајдера услуга…", + "Name ID format" : "Name ID формат", + "Identity Provider Data" : "Подаци провајдера идентитета", + "Configure your IdP settings here." : "Подесите добављача идентитета овде.", + "Identifier of the IdP entity (must be a URI)" : "Идентификација ентитета добављача идентитета (мора бити URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "URL одредиште добављача идентитета где ће добављач услуга слати Authentication Request Message", + "Show optional Identity Provider settings…" : "Прикажи опционе поставке провајдера идентитета…", + "URL Location of the IdP where the SP will send the SLO Request" : "URL локација добављача идентитета где ће добављач услуга послати SLO захтев", + "URL Location of the IDP's SLO Response" : "URL адреса IDP SLO одговора", + "Public X.509 certificate of the IdP" : "Јавни X.509 сертификат добављача идентитета", + "Attribute mapping" : "Мапирање атрибута", + "If you want to optionally map attributes to the user you can configure these here." : "Ако желите да опционо мапирате атрибуте на корисника, то можете учинити овде.", + "Show attribute mapping settings…" : "Прикажи поставке мапирања атрибута…", + "Security settings" : "Безбедоносне поставке", + "For increased security we recommend enabling the following settings if supported by your environment." : "За повећану безбедност, препоручујемо да укључите следеће поставке, ако их Ваше окружење подржава.", + "Show security settings…" : "Прикажи безбедоносне поставке…", + "Signatures and encryption offered" : "Понуђено потписи и шифровање", + "Signatures and encryption required" : "Захтевани потписи и шифровање", + "Download metadata XML" : "Скини XML метаподатака", + "Reset settings" : "Ресетуј поставке", + "Metadata invalid" : "Метаподаци неисправни", + "Metadata valid" : "Метаподаци исправни", + "Error" : "Грешка", + "Account not provisioned." : "Налог није добављен.", + "Your account is not provisioned, access to this service is thus not possible." : "Ваш налог није добављен. Због тога није могућ приступ овом сервису.", + "Login options:" : "Опције пријаве:", + "Choose a authentication provider" : "Одаберите провајдера провере идентитета" +},"pluralForm" :"nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);" +} \ No newline at end of file diff --git a/docker/nextcloud/user_saml/l10n/sv.js b/docker/nextcloud/user_saml/l10n/sv.js new file mode 100755 index 0000000..1b3d84f --- /dev/null +++ b/docker/nextcloud/user_saml/l10n/sv.js @@ -0,0 +1,88 @@ +OC.L10N.register( + "user_saml", + { + "This user account is disabled, please contact your administrator." : "Detta användarkontot är avstängt, kontakta din administratör.", + "Saved" : "Sparad", + "Provider" : "Leverantör", + "Unknown error, please check the log file for more details." : "Okänt fel, vänligen kontrollera loggfilen för mer detaljer.", + "Direct log in" : "Direkt inloggning", + "SSO & SAML log in" : "SSO & SAML-inloggning", + "This page should not be visited directly." : "Den här sidan ska inte besökas direkt.", + "Provider " : "Leverantör", + "X.509 certificate of the Service Provider" : "X.509-certifikat av leverantören", + "Private key of the Service Provider" : "Privat nyckel från leverantören", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Indikerar att nameID av som skickats av SP kommer att krypteras.", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Indikerar om meddelanden från denna SP kommer att undertecknas. [Metadata av SP kommer att erbjuda denna information]", + "Indicates whether the messages sent by this SP will be signed." : "Indikerar om meddelanden från denna SP kommer att undertecknas.", + "Indicates whether the messages sent by this SP will be signed." : "Indikerar om meddelanden från denna SP kommer att undertecknas.", + "Whether the metadata should be signed." : "Huruvida metadata bör undertecknas.", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Indikerar ett krav för , och delar mottaget av denna SP signeras.", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Indikerar ett krav för de mottagna -objekten av denna SP att signeras. [Metadata av SP'n erbjuder denna information]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Indikerar ett krav för de mottagna -objekten från denna SP att krypteras.", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Indikerar ett krav för objektet NameID på SAMLResponse mottaget av denna SP ska finnas.", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Indikerar ett krav för NameID mottagen av denna SP att vara krypterad.", + "Indicates if the SP will validate all received XML." : "Indikerar om SP'n kommer validera alla mottagna XML.", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS webbadress avkodar SAML-data som små bokstäver och verktyget använder stora bokstäver som standard. Aktivera för ADFS-kompatibilitet för signaturverifiering.", + "Algorithm that the toolkit will use on signing process." : "Algoritm som kommer att användas vid signeringsprocessen.", + "Attribute to map the UID to." : "Attribut för att mappa UID till.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Tillåt bara tillgång om ett konto finns på någon annan backend. (t.ex. LDAP)", + "Attribute to map the displayname to." : "Attribut att mappa visningsnamnet till", + "Attribute to map the email address to." : "Attribut att mappa epost-adress till.", + "Attribute to map the quota to." : "Attribut att mappa quota till.", + "Attribute to map the users groups to." : "Attribut att mappa användargrupper till.", + "Attribute to map the users home to." : "Attribut att mappa hemkataloger till.", + "Email address" : "E-postadress", + "Encrypted" : "Krypterad", + "Entity" : "Entity", + "Kerberos" : "Kerberos", + "Persistent" : "Persistent", + "Transient" : "Transient", + "Unspecified" : "Unspecified", + "Windows domain qualified name" : "Windows domain qualified name", + "X509 subject name" : "X509 subject name", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Använd SAML-autentisering för %s skrivbordsklienter (kräver att användarna loggar in på nytt)", + "Optional display name of the identity provider (default: \"SSO & SAML log in\")" : "Frivilligt visningsnamn av den identifierande aktören (standard: \"SSO & SAML inloggning\")", + "Allow the use of multiple user back-ends (e.g. LDAP)" : "Tillåt användning av flera användarkataloger (t.ex. LDAP)", + "SSO & SAML authentication" : "SSO & SAML-autentisering", + "Authenticate using single sign-on" : "Autentisera med single sign-on", + "Using the SSO & SAML app of your Nextcloud you can make it easily possible to integrate your existing Single-Sign-On solution with Nextcloud. In addition, you can use the Nextcloud LDAP user provider to keep the convenience for users. (e.g. when sharing)\nThe following providers are supported and tested at the moment:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Authentication via Environment Variable**\n\t* Kerberos (mod_auth_kerb)\n\t* Any other provider that authenticates using the environment variable\n\nWhile theoretically any other authentication provider implementing either one of those standards is compatible, we like to note that they are not part of any internal test matrix." : "Med hjälp av SSO & SAML-appen i din Nextcloud kan du enkelt integrera din befintliga Single-Sign-On-lösning med Nextcloud. Dessutom kan du använda Nextcloud LDAP-användarleverantören för att hålla bekvämligheten för användarna. (t.ex. vid delning)\nFöljande leverantörer stöds och testas för tillfället:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Autentisering via miljövariabel**\n\t* Kerberos (mod_auth_kerb)\n\t* Alla andra leverantörer som autentiserar med hjälp av miljövariabeln\n\nMedan teoretiskt någon annan autentiseringsleverantör som implementerar någon av dessa standarder är kompatibel, vill vi notera att de inte ingår i någon intern testmatris.", + "Open documentation" : "Öppna dokumentationen", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you enabled \"%s\" or you go directly to the URL %s." : "Var säker på att konfigurera en administratörs-användare som kommer åt instansen via SSO. Inloggning med ditt vanliga %s konto kommer inte vara möjligt längre, om du inte aktiverat \"%s\" eller gå direkt till webbadressen %s.", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you go directly to the URL %s." : "Var säker på att konfigurera en administratörs-användare som kommer åt instansen via SSO. Inloggning med ditt vanliga %s konto kommer inte vara möjligt längre, om du inte går direkt till webbadressen %s.", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Vänligen välj om du vill autentisera med SAML-leverantören inbyggd i Nextcloud eller om du vill autentisera mot en miljövariabel.", + "Use built-in SAML authentication" : "Använd den inbyggda SAML-autentiseringen", + "Use environment variable" : "Använd miljövariabel", + "Global settings" : "Globala inställningar", + "Remove identity provider" : "Ta bort identity provider", + "Add identity provider" : "Lägg till identity provider", + "General" : "Allmänt", + "Service Provider Data" : "Leverantörsdata", + "If your Service Provider should use certificates you can optionally specify them here." : "Om din tjänstleverantör använder certifikat kan du välja att ange dem här.", + "Show Service Provider settings…" : "Visa leverantörsinställningar", + "Name ID format" : "Name ID format", + "Identity Provider Data" : "Identitetsleverantörsdata", + "Configure your IdP settings here." : "Konfigurera dina IdP-inställningar här.", + "Identifier of the IdP entity (must be a URI)" : "Identifierare av IdP'n (måste vara en URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "Webbadressmål av IdP där SP skickar autentiseringsförfrågningsmeddelandet", + "Show optional Identity Provider settings…" : "Visa valbara Identity Provider inställningar...", + "URL Location of the IdP where the SP will send the SLO Request" : "Webbadressplatsen för IdP där SP skickar SLO-förfrågan", + "Public X.509 certificate of the IdP" : "Publikt X.509-certifikat av IdP'n", + "Attribute mapping" : "Attributmappning", + "If you want to optionally map attributes to the user you can configure these here." : "Om du vill mappa attributen till användaren kan du konfigurera dessa här", + "Show attribute mapping settings…" : "Visa inställningar för attributmappning", + "Security settings" : "Säkerhetsinställningar", + "For increased security we recommend enabling the following settings if supported by your environment." : "För ökad säkerhet rekommenderar vi att följande inställningar aktiveras om de stöds av din miljö.", + "Show security settings…" : "Visa säkerhetsinställningar...", + "Signatures and encryption offered" : "Signatur och kryptering erbjuden", + "Signatures and encryption required" : "Signaturer och kryptering krävs", + "Download metadata XML" : "Hämta metadata XML-fil", + "Reset settings" : "Återställ inställningar", + "Metadata invalid" : "Metadata ogiltig", + "Metadata valid" : "Metadata giltig", + "Error" : "Fel", + "Account not provisioned." : "Konto inte förberett", + "Your account is not provisioned, access to this service is thus not possible." : "Ditt konto tillhandahålls inte, åtkomst till den här tjänsten är därför inte möjligt.", + "Login options:" : "Inloggningsalternativ:", + "Choose a authentication provider" : "Välj en autentiseringsleverantör" +}, +"nplurals=2; plural=(n != 1);"); diff --git a/docker/nextcloud/user_saml/l10n/sv.json b/docker/nextcloud/user_saml/l10n/sv.json new file mode 100755 index 0000000..a3becab --- /dev/null +++ b/docker/nextcloud/user_saml/l10n/sv.json @@ -0,0 +1,86 @@ +{ "translations": { + "This user account is disabled, please contact your administrator." : "Detta användarkontot är avstängt, kontakta din administratör.", + "Saved" : "Sparad", + "Provider" : "Leverantör", + "Unknown error, please check the log file for more details." : "Okänt fel, vänligen kontrollera loggfilen för mer detaljer.", + "Direct log in" : "Direkt inloggning", + "SSO & SAML log in" : "SSO & SAML-inloggning", + "This page should not be visited directly." : "Den här sidan ska inte besökas direkt.", + "Provider " : "Leverantör", + "X.509 certificate of the Service Provider" : "X.509-certifikat av leverantören", + "Private key of the Service Provider" : "Privat nyckel från leverantören", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Indikerar att nameID av som skickats av SP kommer att krypteras.", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Indikerar om meddelanden från denna SP kommer att undertecknas. [Metadata av SP kommer att erbjuda denna information]", + "Indicates whether the messages sent by this SP will be signed." : "Indikerar om meddelanden från denna SP kommer att undertecknas.", + "Indicates whether the messages sent by this SP will be signed." : "Indikerar om meddelanden från denna SP kommer att undertecknas.", + "Whether the metadata should be signed." : "Huruvida metadata bör undertecknas.", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Indikerar ett krav för , och delar mottaget av denna SP signeras.", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Indikerar ett krav för de mottagna -objekten av denna SP att signeras. [Metadata av SP'n erbjuder denna information]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Indikerar ett krav för de mottagna -objekten från denna SP att krypteras.", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Indikerar ett krav för objektet NameID på SAMLResponse mottaget av denna SP ska finnas.", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Indikerar ett krav för NameID mottagen av denna SP att vara krypterad.", + "Indicates if the SP will validate all received XML." : "Indikerar om SP'n kommer validera alla mottagna XML.", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS webbadress avkodar SAML-data som små bokstäver och verktyget använder stora bokstäver som standard. Aktivera för ADFS-kompatibilitet för signaturverifiering.", + "Algorithm that the toolkit will use on signing process." : "Algoritm som kommer att användas vid signeringsprocessen.", + "Attribute to map the UID to." : "Attribut för att mappa UID till.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Tillåt bara tillgång om ett konto finns på någon annan backend. (t.ex. LDAP)", + "Attribute to map the displayname to." : "Attribut att mappa visningsnamnet till", + "Attribute to map the email address to." : "Attribut att mappa epost-adress till.", + "Attribute to map the quota to." : "Attribut att mappa quota till.", + "Attribute to map the users groups to." : "Attribut att mappa användargrupper till.", + "Attribute to map the users home to." : "Attribut att mappa hemkataloger till.", + "Email address" : "E-postadress", + "Encrypted" : "Krypterad", + "Entity" : "Entity", + "Kerberos" : "Kerberos", + "Persistent" : "Persistent", + "Transient" : "Transient", + "Unspecified" : "Unspecified", + "Windows domain qualified name" : "Windows domain qualified name", + "X509 subject name" : "X509 subject name", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Använd SAML-autentisering för %s skrivbordsklienter (kräver att användarna loggar in på nytt)", + "Optional display name of the identity provider (default: \"SSO & SAML log in\")" : "Frivilligt visningsnamn av den identifierande aktören (standard: \"SSO & SAML inloggning\")", + "Allow the use of multiple user back-ends (e.g. LDAP)" : "Tillåt användning av flera användarkataloger (t.ex. LDAP)", + "SSO & SAML authentication" : "SSO & SAML-autentisering", + "Authenticate using single sign-on" : "Autentisera med single sign-on", + "Using the SSO & SAML app of your Nextcloud you can make it easily possible to integrate your existing Single-Sign-On solution with Nextcloud. In addition, you can use the Nextcloud LDAP user provider to keep the convenience for users. (e.g. when sharing)\nThe following providers are supported and tested at the moment:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Authentication via Environment Variable**\n\t* Kerberos (mod_auth_kerb)\n\t* Any other provider that authenticates using the environment variable\n\nWhile theoretically any other authentication provider implementing either one of those standards is compatible, we like to note that they are not part of any internal test matrix." : "Med hjälp av SSO & SAML-appen i din Nextcloud kan du enkelt integrera din befintliga Single-Sign-On-lösning med Nextcloud. Dessutom kan du använda Nextcloud LDAP-användarleverantören för att hålla bekvämligheten för användarna. (t.ex. vid delning)\nFöljande leverantörer stöds och testas för tillfället:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Autentisering via miljövariabel**\n\t* Kerberos (mod_auth_kerb)\n\t* Alla andra leverantörer som autentiserar med hjälp av miljövariabeln\n\nMedan teoretiskt någon annan autentiseringsleverantör som implementerar någon av dessa standarder är kompatibel, vill vi notera att de inte ingår i någon intern testmatris.", + "Open documentation" : "Öppna dokumentationen", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you enabled \"%s\" or you go directly to the URL %s." : "Var säker på att konfigurera en administratörs-användare som kommer åt instansen via SSO. Inloggning med ditt vanliga %s konto kommer inte vara möjligt längre, om du inte aktiverat \"%s\" eller gå direkt till webbadressen %s.", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you go directly to the URL %s." : "Var säker på att konfigurera en administratörs-användare som kommer åt instansen via SSO. Inloggning med ditt vanliga %s konto kommer inte vara möjligt längre, om du inte går direkt till webbadressen %s.", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Vänligen välj om du vill autentisera med SAML-leverantören inbyggd i Nextcloud eller om du vill autentisera mot en miljövariabel.", + "Use built-in SAML authentication" : "Använd den inbyggda SAML-autentiseringen", + "Use environment variable" : "Använd miljövariabel", + "Global settings" : "Globala inställningar", + "Remove identity provider" : "Ta bort identity provider", + "Add identity provider" : "Lägg till identity provider", + "General" : "Allmänt", + "Service Provider Data" : "Leverantörsdata", + "If your Service Provider should use certificates you can optionally specify them here." : "Om din tjänstleverantör använder certifikat kan du välja att ange dem här.", + "Show Service Provider settings…" : "Visa leverantörsinställningar", + "Name ID format" : "Name ID format", + "Identity Provider Data" : "Identitetsleverantörsdata", + "Configure your IdP settings here." : "Konfigurera dina IdP-inställningar här.", + "Identifier of the IdP entity (must be a URI)" : "Identifierare av IdP'n (måste vara en URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "Webbadressmål av IdP där SP skickar autentiseringsförfrågningsmeddelandet", + "Show optional Identity Provider settings…" : "Visa valbara Identity Provider inställningar...", + "URL Location of the IdP where the SP will send the SLO Request" : "Webbadressplatsen för IdP där SP skickar SLO-förfrågan", + "Public X.509 certificate of the IdP" : "Publikt X.509-certifikat av IdP'n", + "Attribute mapping" : "Attributmappning", + "If you want to optionally map attributes to the user you can configure these here." : "Om du vill mappa attributen till användaren kan du konfigurera dessa här", + "Show attribute mapping settings…" : "Visa inställningar för attributmappning", + "Security settings" : "Säkerhetsinställningar", + "For increased security we recommend enabling the following settings if supported by your environment." : "För ökad säkerhet rekommenderar vi att följande inställningar aktiveras om de stöds av din miljö.", + "Show security settings…" : "Visa säkerhetsinställningar...", + "Signatures and encryption offered" : "Signatur och kryptering erbjuden", + "Signatures and encryption required" : "Signaturer och kryptering krävs", + "Download metadata XML" : "Hämta metadata XML-fil", + "Reset settings" : "Återställ inställningar", + "Metadata invalid" : "Metadata ogiltig", + "Metadata valid" : "Metadata giltig", + "Error" : "Fel", + "Account not provisioned." : "Konto inte förberett", + "Your account is not provisioned, access to this service is thus not possible." : "Ditt konto tillhandahålls inte, åtkomst till den här tjänsten är därför inte möjligt.", + "Login options:" : "Inloggningsalternativ:", + "Choose a authentication provider" : "Välj en autentiseringsleverantör" +},"pluralForm" :"nplurals=2; plural=(n != 1);" +} \ No newline at end of file diff --git a/docker/nextcloud/user_saml/l10n/th.js b/docker/nextcloud/user_saml/l10n/th.js new file mode 100755 index 0000000..df7edf7 --- /dev/null +++ b/docker/nextcloud/user_saml/l10n/th.js @@ -0,0 +1,10 @@ +OC.L10N.register( + "user_saml", + { + "This user account is disabled, please contact your administrator." : "ผู้ใช้รายนี้ ถูกระงับ\nกรุณาติดต่อ ผู้ดูแลระบบ", + "Saved" : "บันทึกแล้ว", + "Open documentation" : "เปิดเอกสาร", + "General" : "ทั่วไป", + "Error" : "ข้อผิดพลาด" +}, +"nplurals=1; plural=0;"); diff --git a/docker/nextcloud/user_saml/l10n/th.json b/docker/nextcloud/user_saml/l10n/th.json new file mode 100755 index 0000000..f78bf7b --- /dev/null +++ b/docker/nextcloud/user_saml/l10n/th.json @@ -0,0 +1,8 @@ +{ "translations": { + "This user account is disabled, please contact your administrator." : "ผู้ใช้รายนี้ ถูกระงับ\nกรุณาติดต่อ ผู้ดูแลระบบ", + "Saved" : "บันทึกแล้ว", + "Open documentation" : "เปิดเอกสาร", + "General" : "ทั่วไป", + "Error" : "ข้อผิดพลาด" +},"pluralForm" :"nplurals=1; plural=0;" +} \ No newline at end of file diff --git a/docker/nextcloud/user_saml/l10n/tr.js b/docker/nextcloud/user_saml/l10n/tr.js new file mode 100755 index 0000000..bfba999 --- /dev/null +++ b/docker/nextcloud/user_saml/l10n/tr.js @@ -0,0 +1,89 @@ +OC.L10N.register( + "user_saml", + { + "This user account is disabled, please contact your administrator." : "Kullanıcı hesabı devre dışı bırakılmış. Lütfen yöneticiniz ile görüşün.", + "Saved" : "Kaydedildi", + "Provider" : "Hizmet Sağlayıcı", + "Unknown error, please check the log file for more details." : "Bilinmeyen bir sorun çıktı. Ayrıntılı bilgi almak için günlük dosyalarına bakabilirsiniz.", + "Direct log in" : "Doğrudan oturum açma", + "SSO & SAML log in" : "SSO ve SAML oturum açma", + "This page should not be visited directly." : "Bu sayfaya doğrudan erişilememelidir.", + "Provider " : "Hizmet Sağlayıcı", + "X.509 certificate of the Service Provider" : "Hizmet sağlayıcısının X.509 sertifikası", + "Private key of the Service Provider" : "Hizmet sağlayıcısının özel anahtarı", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Bu hizmet sağlayıcı tarafından gönderilen NameID değerinin şifrelenmiş olup olmayacağını gösterir.", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Bu hizmet sağlayıcı tarafından gönderilen iletilerinin imzalanmış olup olmayacağını gösterir [bu bilgi hizmet sağlayıcının üst verilerinde bulunur].", + "Indicates whether the messages sent by this SP will be signed." : "Bu hizmet sağlayıcı tarafından gönderilen iletilerinin imzalanmış olup olmayacağını gösterir.", + "Indicates whether the messages sent by this SP will be signed." : "Bu hizmet sağlayıcı tarafından gönderilen iletilerinin imzalanmış olup olmayacağını gösterir.", + "Whether the metadata should be signed." : "Üst verilerin imzalanmasının gerekip gerekmediği.", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Bu hizmet sağlayıcı tarafından alınan , ve bileşenleri için isteğin imzalanmış olup olmayacağını gösterir.", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Bu hizmet sağlayıcı tarafından alınan bileşenleri için isteğin imzalanmış olup olmayacağını gösterir [bu bilgi hizmet sağlayıcının üst verilerinde bulunur]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Bu hizmet sağlayıcı tarafından alınan bileşenlerinin şifrelenmiş olup olmayacağını gösterir.", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Bu hizmet sağlayıcı tarafından alınan SAMLResponse içindeki zorunlu NameID bileşeninin var olup olmayacağını gösterir.", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Bu hizmet sağlayıcı tarafından alınan zorunlu NameID şifrelenmiş olup olmayacağını gösterir.", + "Indicates if the SP will validate all received XML." : "Hizmet sağlayıcının alınan tüm XML kodlarını doğrulayacağını gösterir.", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS SAML verilerindeki adres kodlamalarını küçük harfler ile yaparken araç büyük harf kullanır. İmza doğrulaması bölümündeki ADFS uyumluluğunu etkinleştirin.", + "Algorithm that the toolkit will use on signing process." : "İmzalama işleminde araç takımı tarafından kullanılacak algoritma.", + "Attribute to map the UID to." : "UID değerinin eşleştirileceği öznitelik.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Kimlik yalnız, hesap başka bir arka sistemde varsa (LDAP gibi) doğrulansın", + "Attribute to map the displayname to." : "Görüntülenecek ad değerinin eşleştirileceği öznitelik.", + "Attribute to map the email address to." : "E-posta adresi değerinin eşleştirileceği özellik.", + "Attribute to map the quota to." : "Kime kotası değerinin eşleştirileceği öznitelik.", + "Attribute to map the users groups to." : "Kulanıcı grupları değerinin eşleştirileceği öznitelik.", + "Attribute to map the users home to." : "Kullanıcıların ev değerinin eşleştirileceği öznitelik.", + "Email address" : "E-posta adresi", + "Encrypted" : "Şifrelenmiş", + "Entity" : "Varlık", + "Kerberos" : "Kerberos", + "Persistent" : "Kalıcı", + "Transient" : "Geçici", + "Unspecified" : "Belirtilmemiş", + "Windows domain qualified name" : "Windows etki alanı tam adı", + "X509 subject name" : "X509 ögesi adı", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "%s masaüstü istemcileri için SAML kimlik doğrulaması kullanılsın (kullanıcının kimliğini yeniden doğrulaması gerekir)", + "Optional display name of the identity provider (default: \"SSO & SAML log in\")" : "İsteğe bağlı olarak görüntülenecek kimlik hizmeti sağlayıcısının adı (varsayılan: \"SSO ve SAML oturum açma\")", + "Allow the use of multiple user back-ends (e.g. LDAP)" : "Birden çok kullanıcı arka yüzü kullanılabilsin (LDAP gibi)", + "SSO & SAML authentication" : "SSO ve SAML kimlik doğrulaması", + "Authenticate using single sign-on" : "Bu uygulama, tek oturum açma ile kimlik doğrulaması yapılmasını sağlar.", + "Using the SSO & SAML app of your Nextcloud you can make it easily possible to integrate your existing Single-Sign-On solution with Nextcloud. In addition, you can use the Nextcloud LDAP user provider to keep the convenience for users. (e.g. when sharing)\nThe following providers are supported and tested at the moment:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Authentication via Environment Variable**\n\t* Kerberos (mod_auth_kerb)\n\t* Any other provider that authenticates using the environment variable\n\nWhile theoretically any other authentication provider implementing either one of those standards is compatible, we like to note that they are not part of any internal test matrix." : "Tek Oturum Açma ve SAML uygulaması var olan Tek Oturum Açma uygulamanız ile Nextcloud sunucunuzun bütünleşik çalışmasını sağlar. Ek olarak Kullanıcılarınıza kolaylık sağlamak için (paylaşım sırasında gibi) LDAP kullanıcı hizmeti sağlayıcısını da kullanabilirsiniz.
    Şu anda aşağıdaki hizmet sağlayıcılar denenmiş ve desteklenmektedir:

    * **SAML 2.0**
    * OneLogin
    * Shibboleth
    * Active Directory Federation Services (ADFS)

    * **Authentication via Environment Variable**
    * Kerberos (mod_auth_kerb)
    * Kimlik doğrulamasında ortam değişkeni kullanan diğer hizmet sağlayıcılar

    Teorik olarak bu standartlara uygun diğer hizmet sağlayıcıların da uyumlu olması gerekir. Denememizi istediğiniz diğer uygulamaları bize bildirirseniz seviniriz.", + "Open documentation" : "Belgeleri aç", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you enabled \"%s\" or you go directly to the URL %s." : "Kopyaya SSO üzerinden erişebilecek bir yönetici kullanıcı yapılandırdığınızdan emin olun. Bundan sonra normal %s hesabınızı kullanarak oturum açabilmeniz için \"%s\" seçeneğini etkinleştirmeniz ya da doğrudan %s adresine gitmeniz gerekir.", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you go directly to the URL %s." : "Kopyaya SSO üzerinden erişebilecek bir yönetici kullanıcı yapılandırdığınızdan emin olun. Bundan sonra normal %s hesabınızı kullanarak oturum açabilmeniz için doğrudan %s adresine gitmeniz gerekir.", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Kimlik doğrulamasının Nextcloud içindeki SAML hizmet sağlayıcısı mı ortam değişkeni mi kullanılarak mı yapılacağını seçin.", + "Use built-in SAML authentication" : "İç SAML kimlik doğrulaması kullanılsın", + "Use environment variable" : "Ortam değişkeni kullanılsın", + "Global settings" : "Genel ayarlar", + "Remove identity provider" : "Kimlik hizmeti sağlayıcısını sil", + "Add identity provider" : "Kimlik hizmeti sağlayıcı ekle", + "General" : "Genel", + "Service Provider Data" : "Hizmet Sağlayıcısı Verileri", + "If your Service Provider should use certificates you can optionally specify them here." : "Hizmet sağlayıcınızın kullandığı sertifikalar varsa buradan isteğinize göre belirtebilirsiniz.", + "Show Service Provider settings…" : "Hizmet Sağlayıcı ayarlarını görüntüle …", + "Name ID format" : "Ad kodu biçimi", + "Identity Provider Data" : "Kimlik Sağlayıcısı Verileri", + "Configure your IdP settings here." : "Buradan Kimlik Sağlayıcı ayarlarınızı yapılandırabilirsiniz.", + "Identifier of the IdP entity (must be a URI)" : "Kimlik Sağlayıcı varlığının belirteci (bir adres olmalı)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "Hizmet sağlayıcının Kimlik Doğrulama İsteği İletisini gödereceği Kimlik Sağlayıcı hedef adresini yazın", + "Show optional Identity Provider settings…" : "İsteğe bağlı ek Kimlik Sağlayıcısı ayarları …", + "URL Location of the IdP where the SP will send the SLO Request" : "Hizmet sağlayıcının SLO İsteğini gödereceği Kimlik Sağlayıcı adresini yazın", + "URL Location of the IDP's SLO Response" : "Kimlik hizmeti sağlayıcının SLO yanıtı adresi", + "Public X.509 certificate of the IdP" : "Kimlik Sağlayıcının herkese açık X.509 sertifikası", + "Attribute mapping" : "Öznitelik eşleştirme", + "If you want to optionally map attributes to the user you can configure these here." : "Öznitelikler isteğe bağlı olarak kullanıcı ile buradan eşleştirilebilir.", + "Show attribute mapping settings…" : "Öznitelik eşleştirme ayarlarını görüntüle …", + "Security settings" : "Güvenlik ayarları", + "For increased security we recommend enabling the following settings if supported by your environment." : "Arttırılmış güvenlik için ortamınız tarafından destekleniyorsa şu seçenekleri etkinleştirmeniz önerilir.", + "Show security settings…" : "Güvenlik ayarlarını görüntüle …", + "Signatures and encryption offered" : "Önerilen imza ve şifreleme", + "Signatures and encryption required" : "Gereken imza ve şifreleme", + "Download metadata XML" : "Üst veri XML dosyasını indir", + "Reset settings" : "Ayarları sıfırla", + "Metadata invalid" : "Üst veri geçersiz", + "Metadata valid" : "Üst veri geçerli", + "Error" : "Hata", + "Account not provisioned." : "Hesabınız hazır değil.", + "Your account is not provisioned, access to this service is thus not possible." : "Hesabınız hazır olmadığından bu hizmeti kullanamazsınız.", + "Login options:" : "Oturum açma seçenekleri:", + "Choose a authentication provider" : "Bir kimlik doğrulama hizmeti sağlayıcısı seçin" +}, +"nplurals=2; plural=(n > 1);"); diff --git a/docker/nextcloud/user_saml/l10n/tr.json b/docker/nextcloud/user_saml/l10n/tr.json new file mode 100755 index 0000000..bc06f80 --- /dev/null +++ b/docker/nextcloud/user_saml/l10n/tr.json @@ -0,0 +1,87 @@ +{ "translations": { + "This user account is disabled, please contact your administrator." : "Kullanıcı hesabı devre dışı bırakılmış. Lütfen yöneticiniz ile görüşün.", + "Saved" : "Kaydedildi", + "Provider" : "Hizmet Sağlayıcı", + "Unknown error, please check the log file for more details." : "Bilinmeyen bir sorun çıktı. Ayrıntılı bilgi almak için günlük dosyalarına bakabilirsiniz.", + "Direct log in" : "Doğrudan oturum açma", + "SSO & SAML log in" : "SSO ve SAML oturum açma", + "This page should not be visited directly." : "Bu sayfaya doğrudan erişilememelidir.", + "Provider " : "Hizmet Sağlayıcı", + "X.509 certificate of the Service Provider" : "Hizmet sağlayıcısının X.509 sertifikası", + "Private key of the Service Provider" : "Hizmet sağlayıcısının özel anahtarı", + "Indicates that the nameID of the sent by this SP will be encrypted." : "Bu hizmet sağlayıcı tarafından gönderilen NameID değerinin şifrelenmiş olup olmayacağını gösterir.", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Bu hizmet sağlayıcı tarafından gönderilen iletilerinin imzalanmış olup olmayacağını gösterir [bu bilgi hizmet sağlayıcının üst verilerinde bulunur].", + "Indicates whether the messages sent by this SP will be signed." : "Bu hizmet sağlayıcı tarafından gönderilen iletilerinin imzalanmış olup olmayacağını gösterir.", + "Indicates whether the messages sent by this SP will be signed." : "Bu hizmet sağlayıcı tarafından gönderilen iletilerinin imzalanmış olup olmayacağını gösterir.", + "Whether the metadata should be signed." : "Üst verilerin imzalanmasının gerekip gerekmediği.", + "Indicates a requirement for the , and elements received by this SP to be signed." : "Bu hizmet sağlayıcı tarafından alınan , ve bileşenleri için isteğin imzalanmış olup olmayacağını gösterir.", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Bu hizmet sağlayıcı tarafından alınan bileşenleri için isteğin imzalanmış olup olmayacağını gösterir [bu bilgi hizmet sağlayıcının üst verilerinde bulunur]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "Bu hizmet sağlayıcı tarafından alınan bileşenlerinin şifrelenmiş olup olmayacağını gösterir.", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Bu hizmet sağlayıcı tarafından alınan SAMLResponse içindeki zorunlu NameID bileşeninin var olup olmayacağını gösterir.", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "Bu hizmet sağlayıcı tarafından alınan zorunlu NameID şifrelenmiş olup olmayacağını gösterir.", + "Indicates if the SP will validate all received XML." : "Hizmet sağlayıcının alınan tüm XML kodlarını doğrulayacağını gösterir.", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS SAML verilerindeki adres kodlamalarını küçük harfler ile yaparken araç büyük harf kullanır. İmza doğrulaması bölümündeki ADFS uyumluluğunu etkinleştirin.", + "Algorithm that the toolkit will use on signing process." : "İmzalama işleminde araç takımı tarafından kullanılacak algoritma.", + "Attribute to map the UID to." : "UID değerinin eşleştirileceği öznitelik.", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Kimlik yalnız, hesap başka bir arka sistemde varsa (LDAP gibi) doğrulansın", + "Attribute to map the displayname to." : "Görüntülenecek ad değerinin eşleştirileceği öznitelik.", + "Attribute to map the email address to." : "E-posta adresi değerinin eşleştirileceği özellik.", + "Attribute to map the quota to." : "Kime kotası değerinin eşleştirileceği öznitelik.", + "Attribute to map the users groups to." : "Kulanıcı grupları değerinin eşleştirileceği öznitelik.", + "Attribute to map the users home to." : "Kullanıcıların ev değerinin eşleştirileceği öznitelik.", + "Email address" : "E-posta adresi", + "Encrypted" : "Şifrelenmiş", + "Entity" : "Varlık", + "Kerberos" : "Kerberos", + "Persistent" : "Kalıcı", + "Transient" : "Geçici", + "Unspecified" : "Belirtilmemiş", + "Windows domain qualified name" : "Windows etki alanı tam adı", + "X509 subject name" : "X509 ögesi adı", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "%s masaüstü istemcileri için SAML kimlik doğrulaması kullanılsın (kullanıcının kimliğini yeniden doğrulaması gerekir)", + "Optional display name of the identity provider (default: \"SSO & SAML log in\")" : "İsteğe bağlı olarak görüntülenecek kimlik hizmeti sağlayıcısının adı (varsayılan: \"SSO ve SAML oturum açma\")", + "Allow the use of multiple user back-ends (e.g. LDAP)" : "Birden çok kullanıcı arka yüzü kullanılabilsin (LDAP gibi)", + "SSO & SAML authentication" : "SSO ve SAML kimlik doğrulaması", + "Authenticate using single sign-on" : "Bu uygulama, tek oturum açma ile kimlik doğrulaması yapılmasını sağlar.", + "Using the SSO & SAML app of your Nextcloud you can make it easily possible to integrate your existing Single-Sign-On solution with Nextcloud. In addition, you can use the Nextcloud LDAP user provider to keep the convenience for users. (e.g. when sharing)\nThe following providers are supported and tested at the moment:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Authentication via Environment Variable**\n\t* Kerberos (mod_auth_kerb)\n\t* Any other provider that authenticates using the environment variable\n\nWhile theoretically any other authentication provider implementing either one of those standards is compatible, we like to note that they are not part of any internal test matrix." : "Tek Oturum Açma ve SAML uygulaması var olan Tek Oturum Açma uygulamanız ile Nextcloud sunucunuzun bütünleşik çalışmasını sağlar. Ek olarak Kullanıcılarınıza kolaylık sağlamak için (paylaşım sırasında gibi) LDAP kullanıcı hizmeti sağlayıcısını da kullanabilirsiniz.
    Şu anda aşağıdaki hizmet sağlayıcılar denenmiş ve desteklenmektedir:

    * **SAML 2.0**
    * OneLogin
    * Shibboleth
    * Active Directory Federation Services (ADFS)

    * **Authentication via Environment Variable**
    * Kerberos (mod_auth_kerb)
    * Kimlik doğrulamasında ortam değişkeni kullanan diğer hizmet sağlayıcılar

    Teorik olarak bu standartlara uygun diğer hizmet sağlayıcıların da uyumlu olması gerekir. Denememizi istediğiniz diğer uygulamaları bize bildirirseniz seviniriz.", + "Open documentation" : "Belgeleri aç", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you enabled \"%s\" or you go directly to the URL %s." : "Kopyaya SSO üzerinden erişebilecek bir yönetici kullanıcı yapılandırdığınızdan emin olun. Bundan sonra normal %s hesabınızı kullanarak oturum açabilmeniz için \"%s\" seçeneğini etkinleştirmeniz ya da doğrudan %s adresine gitmeniz gerekir.", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you go directly to the URL %s." : "Kopyaya SSO üzerinden erişebilecek bir yönetici kullanıcı yapılandırdığınızdan emin olun. Bundan sonra normal %s hesabınızı kullanarak oturum açabilmeniz için doğrudan %s adresine gitmeniz gerekir.", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Kimlik doğrulamasının Nextcloud içindeki SAML hizmet sağlayıcısı mı ortam değişkeni mi kullanılarak mı yapılacağını seçin.", + "Use built-in SAML authentication" : "İç SAML kimlik doğrulaması kullanılsın", + "Use environment variable" : "Ortam değişkeni kullanılsın", + "Global settings" : "Genel ayarlar", + "Remove identity provider" : "Kimlik hizmeti sağlayıcısını sil", + "Add identity provider" : "Kimlik hizmeti sağlayıcı ekle", + "General" : "Genel", + "Service Provider Data" : "Hizmet Sağlayıcısı Verileri", + "If your Service Provider should use certificates you can optionally specify them here." : "Hizmet sağlayıcınızın kullandığı sertifikalar varsa buradan isteğinize göre belirtebilirsiniz.", + "Show Service Provider settings…" : "Hizmet Sağlayıcı ayarlarını görüntüle …", + "Name ID format" : "Ad kodu biçimi", + "Identity Provider Data" : "Kimlik Sağlayıcısı Verileri", + "Configure your IdP settings here." : "Buradan Kimlik Sağlayıcı ayarlarınızı yapılandırabilirsiniz.", + "Identifier of the IdP entity (must be a URI)" : "Kimlik Sağlayıcı varlığının belirteci (bir adres olmalı)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "Hizmet sağlayıcının Kimlik Doğrulama İsteği İletisini gödereceği Kimlik Sağlayıcı hedef adresini yazın", + "Show optional Identity Provider settings…" : "İsteğe bağlı ek Kimlik Sağlayıcısı ayarları …", + "URL Location of the IdP where the SP will send the SLO Request" : "Hizmet sağlayıcının SLO İsteğini gödereceği Kimlik Sağlayıcı adresini yazın", + "URL Location of the IDP's SLO Response" : "Kimlik hizmeti sağlayıcının SLO yanıtı adresi", + "Public X.509 certificate of the IdP" : "Kimlik Sağlayıcının herkese açık X.509 sertifikası", + "Attribute mapping" : "Öznitelik eşleştirme", + "If you want to optionally map attributes to the user you can configure these here." : "Öznitelikler isteğe bağlı olarak kullanıcı ile buradan eşleştirilebilir.", + "Show attribute mapping settings…" : "Öznitelik eşleştirme ayarlarını görüntüle …", + "Security settings" : "Güvenlik ayarları", + "For increased security we recommend enabling the following settings if supported by your environment." : "Arttırılmış güvenlik için ortamınız tarafından destekleniyorsa şu seçenekleri etkinleştirmeniz önerilir.", + "Show security settings…" : "Güvenlik ayarlarını görüntüle …", + "Signatures and encryption offered" : "Önerilen imza ve şifreleme", + "Signatures and encryption required" : "Gereken imza ve şifreleme", + "Download metadata XML" : "Üst veri XML dosyasını indir", + "Reset settings" : "Ayarları sıfırla", + "Metadata invalid" : "Üst veri geçersiz", + "Metadata valid" : "Üst veri geçerli", + "Error" : "Hata", + "Account not provisioned." : "Hesabınız hazır değil.", + "Your account is not provisioned, access to this service is thus not possible." : "Hesabınız hazır olmadığından bu hizmeti kullanamazsınız.", + "Login options:" : "Oturum açma seçenekleri:", + "Choose a authentication provider" : "Bir kimlik doğrulama hizmeti sağlayıcısı seçin" +},"pluralForm" :"nplurals=2; plural=(n > 1);" +} \ No newline at end of file diff --git a/docker/nextcloud/user_saml/l10n/uk.js b/docker/nextcloud/user_saml/l10n/uk.js new file mode 100755 index 0000000..6c3aa2e --- /dev/null +++ b/docker/nextcloud/user_saml/l10n/uk.js @@ -0,0 +1,10 @@ +OC.L10N.register( + "user_saml", + { + "Saved" : "Збережено", + "Email address" : "Адреса ел.пошти", + "Open documentation" : "Відкрити документацію", + "General" : "Загальна", + "Error" : "Помилка" +}, +"nplurals=4; plural=(n % 1 == 0 && n % 10 == 1 && n % 100 != 11 ? 0 : n % 1 == 0 && n % 10 >= 2 && n % 10 <= 4 && (n % 100 < 12 || n % 100 > 14) ? 1 : n % 1 == 0 && (n % 10 ==0 || (n % 10 >=5 && n % 10 <=9) || (n % 100 >=11 && n % 100 <=14 )) ? 2: 3);"); diff --git a/docker/nextcloud/user_saml/l10n/uk.json b/docker/nextcloud/user_saml/l10n/uk.json new file mode 100755 index 0000000..4ba0ae5 --- /dev/null +++ b/docker/nextcloud/user_saml/l10n/uk.json @@ -0,0 +1,8 @@ +{ "translations": { + "Saved" : "Збережено", + "Email address" : "Адреса ел.пошти", + "Open documentation" : "Відкрити документацію", + "General" : "Загальна", + "Error" : "Помилка" +},"pluralForm" :"nplurals=4; plural=(n % 1 == 0 && n % 10 == 1 && n % 100 != 11 ? 0 : n % 1 == 0 && n % 10 >= 2 && n % 10 <= 4 && (n % 100 < 12 || n % 100 > 14) ? 1 : n % 1 == 0 && (n % 10 ==0 || (n % 10 >=5 && n % 10 <=9) || (n % 100 >=11 && n % 100 <=14 )) ? 2: 3);" +} \ No newline at end of file diff --git a/docker/nextcloud/user_saml/l10n/zh_CN.js b/docker/nextcloud/user_saml/l10n/zh_CN.js new file mode 100755 index 0000000..12f716d --- /dev/null +++ b/docker/nextcloud/user_saml/l10n/zh_CN.js @@ -0,0 +1,89 @@ +OC.L10N.register( + "user_saml", + { + "This user account is disabled, please contact your administrator." : "此用户账号已禁用,请联系管理员。", + "Saved" : "已保存", + "Provider" : "服务商", + "Unknown error, please check the log file for more details." : "未知错误,请在日志文件检查更多详情。", + "Direct log in" : "直接登录", + "SSO & SAML log in" : "SSO & SAML 登录", + "This page should not be visited directly." : "此页面不应被直接访问 。", + "Provider " : "服务商", + "X.509 certificate of the Service Provider" : "服务商 X.509 认证", + "Private key of the Service Provider" : "服务商私钥", + "Indicates that the nameID of the sent by this SP will be encrypted." : "表明 SP 发送的 nameID 将被加密。", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "指示此SP发送的消息是否将被签名。 [SP的元数据将提供此信息]", + "Indicates whether the messages sent by this SP will be signed." : "指示该 SP 发送的 消息是否将被签名。", + "Indicates whether the messages sent by this SP will be signed." : "指示该 SP 发送的 消息是否将被签名。", + "Whether the metadata should be signed." : "元数据是否将被签名。", + "Indicates a requirement for the , and elements received by this SP to be signed." : "表示此 SP 接收的 的要求。", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "表示此SP接收到的元素需要签名。 [SP的元数据将提供此信息]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "表示要对此SP接收到的元素进行加密。", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "表示此 SP 收到的 SAMLResponse 上的 NameID 元素的要求。", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "表示对此 SP 接收到的 NameID 进行加密的要求。", + "Indicates if the SP will validate all received XML." : "指定 SP 是否验证所有接收到的 XML。", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS URL - 将 SAML 数据编码为小写,默认情况下,该工具包使用大写。 在签名验证时启用 ADFS 兼容性。", + "Algorithm that the toolkit will use on signing process." : "该工具包将在签名过程中使用的算法。", + "Attribute to map the UID to." : "映射到 UID 的属性。", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "仅在其他后端存在账号时才允许身份验证。 (例如 LDAP)", + "Attribute to map the displayname to." : "映射到显示名称的属性。", + "Attribute to map the email address to." : "将电子邮件地址映射到的属性。", + "Attribute to map the quota to." : "要将配额映射到的属性。", + "Attribute to map the users groups to." : "要映射到用户分组的属性。", + "Attribute to map the users home to." : "要映射到用户家目录的属性。", + "Email address" : "电子邮箱地址", + "Encrypted" : "已加密", + "Entity" : "实体", + "Kerberos" : "Kerberos", + "Persistent" : "持久", + "Transient" : "临时", + "Unspecified" : "未明确的", + "Windows domain qualified name" : "Windows域限定名称", + "X509 subject name" : "X509主体名称", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "为 %s 桌面客户端使用 SAML 认证(需要重新验证用户)", + "Optional display name of the identity provider (default: \"SSO & SAML log in\")" : "可选的身份提供者的显示名称(默认:\"SSO及SAML登录\")", + "Allow the use of multiple user back-ends (e.g. LDAP)" : "允许使用多个用户后端(例如 LDAP)", + "SSO & SAML authentication" : "SSO & SAML 认证", + "Authenticate using single sign-on" : "使用单点登录认证", + "Using the SSO & SAML app of your Nextcloud you can make it easily possible to integrate your existing Single-Sign-On solution with Nextcloud. In addition, you can use the Nextcloud LDAP user provider to keep the convenience for users. (e.g. when sharing)\nThe following providers are supported and tested at the moment:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Authentication via Environment Variable**\n\t* Kerberos (mod_auth_kerb)\n\t* Any other provider that authenticates using the environment variable\n\nWhile theoretically any other authentication provider implementing either one of those standards is compatible, we like to note that they are not part of any internal test matrix." : "使用 Nextcloud 的SSO & SAML 应用您可以很容易地将 Nextcloud 与您现有的单点登录解决方案集成。此外,您可以使用 Nextcloud 用户提供者来为用户提供方便。(比如在共享时)\n以下提供者目前受到支持并已通过测试:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **通过环境变量认证**\n\t* Kerberos (mod_auth_kerb)\n\t* 其他任意使用环境变量认证的提供者\n\n虽然理论上来说实现了以上标准之一的任何其他认证提供者都能与此应用兼容,但我们还是要提醒您它们不在内部测试矩阵之中。", + "Open documentation" : "打开文档", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you enabled \"%s\" or you go directly to the URL %s." : "请确保设置一个能通过SSO访问实例的管理员用户。您将无法使用您的普通 %s 账号登录,除非您启用 \"%s\" 或直接访问URL %s。", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you go directly to the URL %s." : "请确保设置一个能通过SSO访问实例的管理员用户。您将无法使用您的普通 %s 账号登录,除非您直接访问URL %s。", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "请选择是否要使用 Nextcloud 内置的 SAML 提供商进行身份验证,还是要根据环境变量进行身份验证。", + "Use built-in SAML authentication" : "使用内置 SAML 认证", + "Use environment variable" : "使用环境变量", + "Global settings" : "全局设置", + "Remove identity provider" : "移除身份提供者", + "Add identity provider" : "添加身份提供者", + "General" : "常规", + "Service Provider Data" : "数据服务提供商", + "If your Service Provider should use certificates you can optionally specify them here." : "如果您的服务提供商使用证书,您可以在这里选择指定。", + "Show Service Provider settings…" : "显示服务器供应商设置...", + "Name ID format" : "名称ID格式", + "Identity Provider Data" : "身份提供者的数据", + "Configure your IdP settings here." : "在这里配置您的 ldP 设置。", + "Identifier of the IdP entity (must be a URI)" : "IdP 实体的标识符(必须是URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "URL 的目标,其中 SP 将发送验证请求消息", + "Show optional Identity Provider settings…" : "显示可选的身份提供者设置...", + "URL Location of the IdP where the SP will send the SLO Request" : "URL 在 SP 发送 SLO 请求的 IdP 的位置", + "URL Location of the IDP's SLO Response" : "IDP 的 SLO 响应的 URL 位置", + "Public X.509 certificate of the IdP" : "公共 X.509 证书的 IdP", + "Attribute mapping" : "属性映射", + "If you want to optionally map attributes to the user you can configure these here." : "如果要选择将属性映射到用户,可以在这里配置。", + "Show attribute mapping settings…" : "显示属性映射设置...", + "Security settings" : "安全设置", + "For increased security we recommend enabling the following settings if supported by your environment." : "为了提升安全性,如果您的环境支持,建议启用以下设置。", + "Show security settings…" : "显示安全设置...", + "Signatures and encryption offered" : "提供签名和加密", + "Signatures and encryption required" : "需要签名和加密", + "Download metadata XML" : "下载元数据 XML", + "Reset settings" : "重置设置", + "Metadata invalid" : "元数据无效", + "Metadata valid" : "元数据有效", + "Error" : "错误", + "Account not provisioned." : "账号未配置。", + "Your account is not provisioned, access to this service is thus not possible." : "您的账号未配置,因此无法访问此服务。", + "Login options:" : "登录选项:", + "Choose a authentication provider" : "选择一个认证提供者" +}, +"nplurals=1; plural=0;"); diff --git a/docker/nextcloud/user_saml/l10n/zh_CN.json b/docker/nextcloud/user_saml/l10n/zh_CN.json new file mode 100755 index 0000000..c830e50 --- /dev/null +++ b/docker/nextcloud/user_saml/l10n/zh_CN.json @@ -0,0 +1,87 @@ +{ "translations": { + "This user account is disabled, please contact your administrator." : "此用户账号已禁用,请联系管理员。", + "Saved" : "已保存", + "Provider" : "服务商", + "Unknown error, please check the log file for more details." : "未知错误,请在日志文件检查更多详情。", + "Direct log in" : "直接登录", + "SSO & SAML log in" : "SSO & SAML 登录", + "This page should not be visited directly." : "此页面不应被直接访问 。", + "Provider " : "服务商", + "X.509 certificate of the Service Provider" : "服务商 X.509 认证", + "Private key of the Service Provider" : "服务商私钥", + "Indicates that the nameID of the sent by this SP will be encrypted." : "表明 SP 发送的 nameID 将被加密。", + "Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "指示此SP发送的消息是否将被签名。 [SP的元数据将提供此信息]", + "Indicates whether the messages sent by this SP will be signed." : "指示该 SP 发送的 消息是否将被签名。", + "Indicates whether the messages sent by this SP will be signed." : "指示该 SP 发送的 消息是否将被签名。", + "Whether the metadata should be signed." : "元数据是否将被签名。", + "Indicates a requirement for the , and elements received by this SP to be signed." : "表示此 SP 接收的 的要求。", + "Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "表示此SP接收到的元素需要签名。 [SP的元数据将提供此信息]", + "Indicates a requirement for the elements received by this SP to be encrypted." : "表示要对此SP接收到的元素进行加密。", + " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "表示此 SP 收到的 SAMLResponse 上的 NameID 元素的要求。", + "Indicates a requirement for the NameID received by this SP to be encrypted." : "表示对此 SP 接收到的 NameID 进行加密的要求。", + "Indicates if the SP will validate all received XML." : "指定 SP 是否验证所有接收到的 XML。", + "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS URL - 将 SAML 数据编码为小写,默认情况下,该工具包使用大写。 在签名验证时启用 ADFS 兼容性。", + "Algorithm that the toolkit will use on signing process." : "该工具包将在签名过程中使用的算法。", + "Attribute to map the UID to." : "映射到 UID 的属性。", + "Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "仅在其他后端存在账号时才允许身份验证。 (例如 LDAP)", + "Attribute to map the displayname to." : "映射到显示名称的属性。", + "Attribute to map the email address to." : "将电子邮件地址映射到的属性。", + "Attribute to map the quota to." : "要将配额映射到的属性。", + "Attribute to map the users groups to." : "要映射到用户分组的属性。", + "Attribute to map the users home to." : "要映射到用户家目录的属性。", + "Email address" : "电子邮箱地址", + "Encrypted" : "已加密", + "Entity" : "实体", + "Kerberos" : "Kerberos", + "Persistent" : "持久", + "Transient" : "临时", + "Unspecified" : "未明确的", + "Windows domain qualified name" : "Windows域限定名称", + "X509 subject name" : "X509主体名称", + "Use SAML auth for the %s desktop clients (requires user re-authentication)" : "为 %s 桌面客户端使用 SAML 认证(需要重新验证用户)", + "Optional display name of the identity provider (default: \"SSO & SAML log in\")" : "可选的身份提供者的显示名称(默认:\"SSO及SAML登录\")", + "Allow the use of multiple user back-ends (e.g. LDAP)" : "允许使用多个用户后端(例如 LDAP)", + "SSO & SAML authentication" : "SSO & SAML 认证", + "Authenticate using single sign-on" : "使用单点登录认证", + "Using the SSO & SAML app of your Nextcloud you can make it easily possible to integrate your existing Single-Sign-On solution with Nextcloud. In addition, you can use the Nextcloud LDAP user provider to keep the convenience for users. (e.g. when sharing)\nThe following providers are supported and tested at the moment:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Authentication via Environment Variable**\n\t* Kerberos (mod_auth_kerb)\n\t* Any other provider that authenticates using the environment variable\n\nWhile theoretically any other authentication provider implementing either one of those standards is compatible, we like to note that they are not part of any internal test matrix." : "使用 Nextcloud 的SSO & SAML 应用您可以很容易地将 Nextcloud 与您现有的单点登录解决方案集成。此外,您可以使用 Nextcloud 用户提供者来为用户提供方便。(比如在共享时)\n以下提供者目前受到支持并已通过测试:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **通过环境变量认证**\n\t* Kerberos (mod_auth_kerb)\n\t* 其他任意使用环境变量认证的提供者\n\n虽然理论上来说实现了以上标准之一的任何其他认证提供者都能与此应用兼容,但我们还是要提醒您它们不在内部测试矩阵之中。", + "Open documentation" : "打开文档", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you enabled \"%s\" or you go directly to the URL %s." : "请确保设置一个能通过SSO访问实例的管理员用户。您将无法使用您的普通 %s 账号登录,除非您启用 \"%s\" 或直接访问URL %s。", + "Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you go directly to the URL %s." : "请确保设置一个能通过SSO访问实例的管理员用户。您将无法使用您的普通 %s 账号登录,除非您直接访问URL %s。", + "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "请选择是否要使用 Nextcloud 内置的 SAML 提供商进行身份验证,还是要根据环境变量进行身份验证。", + "Use built-in SAML authentication" : "使用内置 SAML 认证", + "Use environment variable" : "使用环境变量", + "Global settings" : "全局设置", + "Remove identity provider" : "移除身份提供者", + "Add identity provider" : "添加身份提供者", + "General" : "常规", + "Service Provider Data" : "数据服务提供商", + "If your Service Provider should use certificates you can optionally specify them here." : "如果您的服务提供商使用证书,您可以在这里选择指定。", + "Show Service Provider settings…" : "显示服务器供应商设置...", + "Name ID format" : "名称ID格式", + "Identity Provider Data" : "身份提供者的数据", + "Configure your IdP settings here." : "在这里配置您的 ldP 设置。", + "Identifier of the IdP entity (must be a URI)" : "IdP 实体的标识符(必须是URI)", + "URL Target of the IdP where the SP will send the Authentication Request Message" : "URL 的目标,其中 SP 将发送验证请求消息", + "Show optional Identity Provider settings…" : "显示可选的身份提供者设置...", + "URL Location of the IdP where the SP will send the SLO Request" : "URL 在 SP 发送 SLO 请求的 IdP 的位置", + "URL Location of the IDP's SLO Response" : "IDP 的 SLO 响应的 URL 位置", + "Public X.509 certificate of the IdP" : "公共 X.509 证书的 IdP", + "Attribute mapping" : "属性映射", + "If you want to optionally map attributes to the user you can configure these here." : "如果要选择将属性映射到用户,可以在这里配置。", + "Show attribute mapping settings…" : "显示属性映射设置...", + "Security settings" : "安全设置", + "For increased security we recommend enabling the following settings if supported by your environment." : "为了提升安全性,如果您的环境支持,建议启用以下设置。", + "Show security settings…" : "显示安全设置...", + "Signatures and encryption offered" : "提供签名和加密", + "Signatures and encryption required" : "需要签名和加密", + "Download metadata XML" : "下载元数据 XML", + "Reset settings" : "重置设置", + "Metadata invalid" : "元数据无效", + "Metadata valid" : "元数据有效", + "Error" : "错误", + "Account not provisioned." : "账号未配置。", + "Your account is not provisioned, access to this service is thus not possible." : "您的账号未配置,因此无法访问此服务。", + "Login options:" : "登录选项:", + "Choose a authentication provider" : "选择一个认证提供者" +},"pluralForm" :"nplurals=1; plural=0;" +} \ No newline at end of file diff --git a/docker/nextcloud/user_saml/l10n/zh_TW.js b/docker/nextcloud/user_saml/l10n/zh_TW.js new file mode 100755 index 0000000..9765076 --- /dev/null +++ b/docker/nextcloud/user_saml/l10n/zh_TW.js @@ -0,0 +1,24 @@ +OC.L10N.register( + "user_saml", + { + "This user account is disabled, please contact your administrator." : "您的使用者帳號已被停用,請聯繫系統管理員。", + "Saved" : "已儲存", + "Provider" : "提供者", + "Unknown error, please check the log file for more details." : "未知的錯誤,請檢查伺服器記錄檔案以獲取更多資訊。", + "Direct log in" : "直接登入", + "SSO & SAML log in" : "SSO 單一登入", + "Provider " : "提供者", + "X.509 certificate of the Service Provider" : "服務提供者 (SP) 的 X.509 憑證", + "Private key of the Service Provider" : "服務提供者 (SP) 的私鑰", + "Open documentation" : "開啟說明文件", + "General" : "一般", + "Service Provider Data" : "服務提供者 (Service Provider) 資料", + "If your Service Provider should use certificates you can optionally specify them here." : "如果您的服務提供者需要憑證,請在這邊指定", + "Identity Provider Data" : "身份提供者 (IdP) 資料", + "Show security settings…" : "顯示安全性設定", + "Download metadata XML" : "下載元數據XML", + "Metadata valid" : "元數據有效", + "Error" : "錯誤", + "Account not provisioned." : "帳號尚未配置" +}, +"nplurals=1; plural=0;"); diff --git a/docker/nextcloud/user_saml/l10n/zh_TW.json b/docker/nextcloud/user_saml/l10n/zh_TW.json new file mode 100755 index 0000000..9008f7c --- /dev/null +++ b/docker/nextcloud/user_saml/l10n/zh_TW.json @@ -0,0 +1,22 @@ +{ "translations": { + "This user account is disabled, please contact your administrator." : "您的使用者帳號已被停用,請聯繫系統管理員。", + "Saved" : "已儲存", + "Provider" : "提供者", + "Unknown error, please check the log file for more details." : "未知的錯誤,請檢查伺服器記錄檔案以獲取更多資訊。", + "Direct log in" : "直接登入", + "SSO & SAML log in" : "SSO 單一登入", + "Provider " : "提供者", + "X.509 certificate of the Service Provider" : "服務提供者 (SP) 的 X.509 憑證", + "Private key of the Service Provider" : "服務提供者 (SP) 的私鑰", + "Open documentation" : "開啟說明文件", + "General" : "一般", + "Service Provider Data" : "服務提供者 (Service Provider) 資料", + "If your Service Provider should use certificates you can optionally specify them here." : "如果您的服務提供者需要憑證,請在這邊指定", + "Identity Provider Data" : "身份提供者 (IdP) 資料", + "Show security settings…" : "顯示安全性設定", + "Download metadata XML" : "下載元數據XML", + "Metadata valid" : "元數據有效", + "Error" : "錯誤", + "Account not provisioned." : "帳號尚未配置" +},"pluralForm" :"nplurals=1; plural=0;" +} \ No newline at end of file diff --git a/docker/nextcloud/user_saml/lib/AppInfo/Application.php b/docker/nextcloud/user_saml/lib/AppInfo/Application.php new file mode 100755 index 0000000..a56671e --- /dev/null +++ b/docker/nextcloud/user_saml/lib/AppInfo/Application.php @@ -0,0 +1,90 @@ + + * + * @license GNU AGPL version 3 or any later version + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + * + */ + +namespace OCA\User_SAML\AppInfo; + +use OCA\User_SAML\DavPlugin; +use OCA\User_SAML\Middleware\OnlyLoggedInMiddleware; +use OCP\AppFramework\App; +use OCP\AppFramework\IAppContainer; +use OCP\SabrePluginEvent; + +class Application extends App { + public function __construct(array $urlParams = array()) { + parent::__construct('user_saml', $urlParams); + $container = $this->getContainer(); + + /** + * Middleware + */ + $container->registerService('OnlyLoggedInMiddleware', function (IAppContainer $c) { + return new OnlyLoggedInMiddleware( + $c->query('ControllerMethodReflector'), + $c->query('ServerContainer')->getUserSession(), + $c->query('ServerContainer')->getUrlGenerator() + ); + }); + + $container->registerService(DavPlugin::class, function (IAppContainer $c) { + $server = $c->getServer(); + return new DavPlugin( + $server->getSession(), + $server->getConfig(), + $_SERVER + ); + }); + + $container->registerMiddleWare('OnlyLoggedInMiddleware'); + $this->timezoneHandling(); + } + + public function registerDavAuth() { + + $container = $this->getContainer(); + + $dispatcher = $container->getServer()->getEventDispatcher(); + $dispatcher->addListener('OCA\DAV\Connector\Sabre::addPlugin', function (SabrePluginEvent $event) use ($container) { + $event->getServer()->addPlugin($container->query(DavPlugin::class)); + }); + } + + private function timezoneHandling() { + $container = $this->getContainer(); + + $userSession = $container->getServer()->getUserSession(); + $session = $container->getServer()->getSession(); + $config = $container->getServer()->getConfig(); + + $dispatcher = $container->getServer()->getEventDispatcher(); + $dispatcher->addListener('OCA\Files::loadAdditionalScripts', function() use ($session, $config, $userSession) { + if (!$userSession->isLoggedIn()) { + return; + } + + $user = $userSession->getUser(); + $timezoneDB = $config->getUserValue($user->getUID(), 'core', 'timezone', ''); + + if ($timezoneDB === '' || !$session->exists('timezone')) { + \OCP\Util::addScript('user_saml', 'timezone'); + } + }); + } +} diff --git a/docker/nextcloud/user_saml/lib/Command/GetMetadata.php b/docker/nextcloud/user_saml/lib/Command/GetMetadata.php new file mode 100755 index 0000000..f3a85e6 --- /dev/null +++ b/docker/nextcloud/user_saml/lib/Command/GetMetadata.php @@ -0,0 +1,83 @@ + + * + * @license GNU AGPL version 3 or any later version + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + * + */ + +namespace OCA\User_SAML\Command; + +use Symfony\Component\Console\Command\Command; +use Symfony\Component\Console\Input\InputArgument; +use Symfony\Component\Console\Input\InputInterface; +use Symfony\Component\Console\Output\OutputInterface; +use OCA\User_SAML\SAMLSettings; +use OneLogin\Saml2\Settings; + +class GetMetadata extends Command { + + /** @var SAMLSettings */ + private $SAMLSettings; + + public function __construct( + SAMLSettings $SAMLSettings + ) { + parent::__construct(); + $this->SAMLSettings = $SAMLSettings; + } + + protected function configure() { + $this + ->setName('saml:metadata') + ->setDescription('Get SAML Metadata') + ->setHelp(<<addArgument( + 'idp', + InputArgument::OPTIONAL, + 'ID of the IDP you want metadata for', + '1' + ) + ; + } + + /** + * @param InputInterface $input + * @param OutputInterface $output + * @return void + */ + protected function execute(InputInterface $input, OutputInterface $output) { + $idp = $input->getArgument('idp'); + $settings = new Settings($this->SAMLSettings->getOneLoginSettingsArray($idp)); + $metadata = $settings->getSPMetadata(); + $errors = $settings->validateMetadata($metadata); + if (empty($errors)) { + $output->writeln($metadata); + } else { + throw new Error( + 'Invalid SP metadata: '.implode(', ', $errors), + Error::METADATA_SP_INVALID + ); + } + } +} diff --git a/docker/nextcloud/user_saml/lib/Controller/SAMLController.php b/docker/nextcloud/user_saml/lib/Controller/SAMLController.php new file mode 100755 index 0000000..161e5ae --- /dev/null +++ b/docker/nextcloud/user_saml/lib/Controller/SAMLController.php @@ -0,0 +1,613 @@ + + * @copyright Copyright (c) 2018 Jean-Baptiste Pin + * + * @license GNU AGPL version 3 or any later version + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + * + */ + +namespace OCA\User_SAML\Controller; + +use Firebase\JWT\JWT; +use OC\Core\Controller\ClientFlowLoginController; +use OC\Core\Controller\ClientFlowLoginV2Controller; +use OCA\User_SAML\Exceptions\NoUserFoundException; +use OCA\User_SAML\SAMLSettings; +use OCA\User_SAML\UserBackend; +use OCP\AppFramework\Controller; +use OCP\AppFramework\Http; +use OCP\IConfig; +use OCP\IL10N; +use OCP\ILogger; +use OCP\IRequest; +use OCP\ISession; +use OCP\IURLGenerator; +use OCP\IUser; +use OCP\IUserManager; +use OCP\IUserSession; +use OCP\Security\ICrypto; +use OneLogin\Saml2\Auth; +use OneLogin\Saml2\Error; +use OneLogin\Saml2\Settings; +use OneLogin\Saml2\ValidationError; + +class SAMLController extends Controller { + /** @var ISession */ + private $session; + /** @var IUserSession */ + private $userSession; + /** @var SAMLSettings */ + private $SAMLSettings; + /** @var UserBackend */ + private $userBackend; + /** @var IConfig */ + private $config; + /** @var IURLGenerator */ + private $urlGenerator; + /** @var IUserManager */ + private $userManager; + /** @var ILogger */ + private $logger; + /** @var IL10N */ + private $l; + /** + * @var ICrypto + */ + private $crypto; + + /** + * @param string $appName + * @param IRequest $request + * @param ISession $session + * @param IUserSession $userSession + * @param SAMLSettings $SAMLSettings + * @param UserBackend $userBackend + * @param IConfig $config + * @param IURLGenerator $urlGenerator + * @param IUserManager $userManager + * @param ILogger $logger + * @param IL10N $l + */ + public function __construct($appName, + IRequest $request, + ISession $session, + IUserSession $userSession, + SAMLSettings $SAMLSettings, + UserBackend $userBackend, + IConfig $config, + IURLGenerator $urlGenerator, + IUserManager $userManager, + ILogger $logger, + IL10N $l, + ICrypto $crypto) { + parent::__construct($appName, $request); + $this->session = $session; + $this->userSession = $userSession; + $this->SAMLSettings = $SAMLSettings; + $this->userBackend = $userBackend; + $this->config = $config; + $this->urlGenerator = $urlGenerator; + $this->userManager = $userManager; + $this->logger = $logger; + $this->l = $l; + $this->crypto = $crypto; + } + + /** + * @param array $auth + * @throws NoUserFoundException + */ + private function autoprovisionIfPossible(array $auth) { + + $prefix = $this->SAMLSettings->getPrefix(); + $uidMapping = $this->config->getAppValue('user_saml', $prefix . 'general-uid_mapping'); + if(isset($auth[$uidMapping])) { + if(is_array($auth[$uidMapping])) { + $uid = $auth[$uidMapping][0]; + } else { + $uid = $auth[$uidMapping]; + } + + // make sure that a valid UID is given + if (empty($uid)) { + $this->logger->error('Uid "' . $uid . '" is not a valid uid please check your attribute mapping', ['app' => $this->appName]); + throw new \InvalidArgumentException('No valid uid given, please check your attribute mapping. Given uid: ' . $uid); + } + + $uid = $this->userBackend->testEncodedObjectGUID($uid); + + // if this server acts as a global scale master and the user is not + // a local admin of the server we just create the user and continue + // no need to update additional attributes + $isGsEnabled = $this->config->getSystemValue('gs.enabled', false); + $isGsMaster = $this->config->getSystemValue('gss.mode', 'slave') === 'master'; + $isGsMasterAdmin = in_array($uid, $this->config->getSystemValue('gss.master.admin', [])); + if ($isGsEnabled && $isGsMaster && !$isGsMasterAdmin) { + $this->userBackend->createUserIfNotExists($uid); + return; + } + $userExists = $this->userManager->userExists($uid); + $autoProvisioningAllowed = $this->userBackend->autoprovisionAllowed(); + if($userExists === true) { + if($autoProvisioningAllowed) { + $this->userBackend->updateAttributes($uid, $auth); + } + return; + } + + if(!$userExists && !$autoProvisioningAllowed) { + // it is possible that the user was not logged in before and + // thus is not known to the original backend. A search can + // help with it and make the user known + $this->userManager->search($uid); + if($this->userManager->userExists($uid)) { + return; + } + throw new NoUserFoundException('Auto provisioning not allowed and user ' . $uid . ' does not exist'); + } elseif(!$userExists && $autoProvisioningAllowed) { + $this->userBackend->createUserIfNotExists($uid, $auth); + $this->userBackend->updateAttributes($uid, $auth); + return; + } + } + + throw new NoUserFoundException('IDP parameter for the UID (' . $uidMapping . ') not found. Possible parameters are: ' . json_encode(array_keys($auth))); + } + + /** + * @PublicPage + * @UseSession + * @OnlyUnauthenticatedUsers + * @NoCSRFRequired + * + * @param int $idp id of the idp + * @return Http\RedirectResponse + * @throws \Exception + */ + public function login($idp) { + $type = $this->config->getAppValue($this->appName, 'type'); + switch($type) { + case 'saml': + $auth = new Auth($this->SAMLSettings->getOneLoginSettingsArray($idp)); + $ssoUrl = $auth->login(null, [], false, false, true); + $response = new Http\RedirectResponse($ssoUrl); + + // Small hack to make user_saml work with the loginflows + $flowData = []; + + if ($this->session->get(ClientFlowLoginController::STATE_NAME) !== null) { + $flowData['cf1'] = $this->session->get(ClientFlowLoginController::STATE_NAME); + } else if ($this->session->get(ClientFlowLoginV2Controller::TOKEN_NAME) !== null) { + $flowData['cf2'] = [ + 'token' => $this->session->get(ClientFlowLoginV2Controller::TOKEN_NAME), + 'state' => $this->session->get(ClientFlowLoginV2Controller::STATE_NAME), + ]; + } + + // Pack data as JSON so we can properly extract it later + $data = json_encode([ + 'AuthNRequestID' => $auth->getLastRequestID(), + 'OriginalUrl' => $this->request->getParam('originalUrl', ''), + 'Idp' => $idp, + 'flow' => $flowData, + ]); + + // Encrypt it + $data = $this->crypto->encrypt($data); + + // And base64 encode it + $data = base64_encode($data); + + $response->addCookie('saml_data', $data, null, 'None'); + break; + case 'environment-variable': + $ssoUrl = $this->request->getParam('originalUrl', ''); + if (empty($ssoUrl)) { + $ssoUrl = $this->urlGenerator->getAbsoluteURL('/'); + } + $this->session->set('user_saml.samlUserData', $_SERVER); + try { + $this->autoprovisionIfPossible($this->session->get('user_saml.samlUserData')); + $user = $this->userManager->get($this->userBackend->getCurrentUserId()); + if(!($user instanceof IUser)) { + throw new NoUserFoundException('User' . $this->userBackend->getCurrentUserId() . ' not valid or not found'); + } + $user->updateLastLoginTimestamp(); + } catch (NoUserFoundException $e) { + if ($e->getMessage()) { + $this->logger->warning('Error while trying to login using sso environment variable: ' . $e->getMessage(), ['app' => 'user_saml']); + } + $ssoUrl = $this->urlGenerator->linkToRouteAbsolute('user_saml.SAML.notProvisioned'); + } + $response = new Http\RedirectResponse($ssoUrl); + break; + default: + throw new \Exception( + sprintf( + 'Type of "%s" is not supported for user_saml', + $type + ) + ); + } + + return $response; + } + + /** + * @PublicPage + * @NoCSRFRequired + * @param int $idp + * @return Http\DataDownloadResponse + * @throws Error + */ + public function getMetadata($idp) { + $settings = new Settings($this->SAMLSettings->getOneLoginSettingsArray($idp)); + $metadata = $settings->getSPMetadata(); + $errors = $settings->validateMetadata($metadata); + if (empty($errors)) { + return new Http\DataDownloadResponse($metadata, 'metadata.xml', 'text/xml'); + } else { + throw new Error( + 'Invalid SP metadata: '.implode(', ', $errors), + Error::METADATA_SP_INVALID + ); + } + } + + /** + * @PublicPage + * @NoCSRFRequired + * @UseSession + * @OnlyUnauthenticatedUsers + * @NoSameSiteCookieRequired + * + * @return Http\RedirectResponse + * @throws Error + * @throws ValidationError + */ + public function assertionConsumerService(): Http\RedirectResponse { + // Fetch and decrypt the cookie + $cookie = $this->request->getCookie('saml_data'); + if ($cookie === null) { + $this->logger->debug('Cookie was not present', ['app' => 'user_saml']); + return new Http\RedirectResponse($this->urlGenerator->getAbsoluteURL('/')); + } + + // Base64 decode + $cookie = base64_decode($cookie); + + // Decrypt and deserialize + try { + $cookie = $this->crypto->decrypt($cookie); + } catch (\Exception $e) { + $this->logger->debug('Could not decrypt SAML cookie', ['app' => 'user_saml']); + return new Http\RedirectResponse($this->urlGenerator->getAbsoluteURL('/')); + } + $data = json_decode($cookie, true); + + if (isset($data['flow'])) { + if (isset($data['flow']['cf1'])) { + $this->session->set(ClientFlowLoginController::STATE_NAME, $data['flow']['cf1']); + } else if (isset($data['flow']['cf2'])) { + $this->session->set(ClientFlowLoginV2Controller::TOKEN_NAME, $data['flow']['cf2']['token']); + $this->session->set(ClientFlowLoginV2Controller::STATE_NAME, $data['flow']['cf2']['state']); + } + + } + + $AuthNRequestID = $data['AuthNRequestID']; + $idp = $data['Idp']; + // need to keep the IdP config ID during session lifetime (SAMLSettings::getPrefix) + $this->session->set('user_saml.Idp', $idp); + if(is_null($AuthNRequestID) || $AuthNRequestID === '' || is_null($idp)) { + $this->logger->debug('Invalid auth payload', ['app' => 'user_saml']); + return new Http\RedirectResponse($this->urlGenerator->getAbsoluteURL('/')); + } + + $auth = new Auth($this->SAMLSettings->getOneLoginSettingsArray($idp)); + $auth->processResponse($AuthNRequestID); + + $this->logger->debug('Attributes send by the IDP: ' . json_encode($auth->getAttributes())); + + $errors = $auth->getErrors(); + + if (!empty($errors)) { + foreach($errors as $error) { + $this->logger->error($error, ['app' => $this->appName]); + } + $this->logger->error($auth->getLastErrorReason(), ['app' => $this->appName]); + } + + if (!$auth->isAuthenticated()) { + $this->logger->info('Auth failed', ['app' => $this->appName]); + $response = new Http\RedirectResponse($this->urlGenerator->linkToRouteAbsolute('user_saml.SAML.notProvisioned')); + $response->invalidateCookie('saml_data'); + return $response; + } + + // Check whether the user actually exists, if not redirect to an error page + // explaining the issue. + try { + $this->autoprovisionIfPossible($auth->getAttributes()); + } catch (NoUserFoundException $e) { + $this->logger->error($e->getMessage(), ['app' => $this->appName]); + $response = new Http\RedirectResponse($this->urlGenerator->linkToRouteAbsolute('user_saml.SAML.notProvisioned')); + $response->invalidateCookie('saml_data'); + return $response; + } + + $this->session->set('user_saml.samlUserData', $auth->getAttributes()); + $this->session->set('user_saml.samlNameId', $auth->getNameId()); + $this->session->set('user_saml.samlNameIdFormat', $auth->getNameIdFormat()); + $this->session->set('user_saml.samlNameIdNameQualifier', $auth->getNameIdNameQualifier()); + $this->session->set('user_saml.samlNameIdSPNameQualifier', $auth->getNameIdSPNameQualifier()); + $this->session->set('user_saml.samlSessionIndex', $auth->getSessionIndex()); + $this->session->set('user_saml.samlSessionExpiration', $auth->getSessionExpiration()); + try { + $user = $this->userManager->get($this->userBackend->getCurrentUserId()); + if (!($user instanceof IUser)) { + throw new \InvalidArgumentException('User "' . $this->userBackend->getCurrentUserId() . '" is not valid'); + } + $firstLogin = $user->updateLastLoginTimestamp(); + if($firstLogin) { + $this->userBackend->initializeHomeDir($user->getUID()); + } + } catch (\Exception $e) { + $this->logger->logException($e, ['app' => $this->appName]); + $response = new Http\RedirectResponse($this->urlGenerator->linkToRouteAbsolute('user_saml.SAML.notProvisioned')); + $response->invalidateCookie('saml_data'); + return $response; + } + + $originalUrl = $data['OriginalUrl']; + if($originalUrl !== null && $originalUrl !== '') { + $response = new Http\RedirectResponse($originalUrl); + } else { + $response = new Http\RedirectResponse(\OC::$server->getURLGenerator()->getAbsoluteURL('/')); + } + // The Nextcloud desktop client expects a cookie with the key of "_shibsession" + // to be there. + if($this->request->isUserAgent(['/^.*(mirall|csyncoC)\/.*$/'])) { + $response->addCookie('_shibsession_', 'authenticated'); + } + + $response->invalidateCookie('saml_data'); + return $response; + } + + /** + * @PublicPage + * @NoAdminRequired + * @NoCSRFRequired + * + * @return Http\RedirectResponse + * @throws Error + */ + public function singleLogoutService() { + $isFromGS = ($this->config->getSystemValue('gs.enabled', false) && + $this->config->getSystemValue('gss.mode', '') === 'master'); + + // Some IDPs send the SLO request via POST, but OneLogin php-saml only handles GET. + // To hack around this issue we copy the request from _POST to _GET. + if(!empty($_POST['SAMLRequest'])) { + $_GET['SAMLRequest'] = $_POST['SAMLRequest']; + } + + $isFromIDP = !$isFromGS && !empty($_GET['SAMLRequest']); + + if($isFromIDP) { + // requests comes from the IDP so let it manage the logout + // (or raise Error if request is invalid) + $pass = True ; + } elseif($isFromGS) { + // Request is from master GlobalScale + // Request validity is check via a JSON Web Token + $jwt = $this->request->getParam('jwt', ''); + $pass = $this->isValidJwt($jwt); + } else { + // standard request : need read CRSF check + $pass = $this->request->passesCSRFCheck(); + } + + if($pass) { + $idp = $this->session->get('user_saml.Idp'); + $auth = new Auth($this->SAMLSettings->getOneLoginSettingsArray($idp)); + $stay = true ; // $auth will return the redirect URL but won't perform the redirect himself + if($isFromIDP){ + $keepLocalSession = true ; // do not let processSLO to delete the entire session. Let userSession->logout do the job + $targetUrl = $auth->processSLO($keepLocalSession, null, false, null, $stay); + } else { + // If request is not from IDP, we must send him the logout request + $parameters = array(); + $nameId = $this->session->get('user_saml.samlNameId'); + $nameIdFormat = $this->session->get('user_saml.samlNameIdFormat'); + $nameIdNameQualifier = $this->session->get('user_saml.samlNameIdNameQualifier'); + $nameIdSPNameQualifier = $this->session->get('user_saml.samlNameIdSPNameQualifier'); + $sessionIndex = $this->session->get('user_saml.samlSessionIndex'); + try { + $targetUrl = $auth->logout(null, [], $nameId, $sessionIndex, $stay, $nameIdFormat, $nameIdNameQualifier, $nameIdSPNameQualifier); + } catch (Error $e) { + $this->logger->logException($e, ['level' => ILogger::WARN]); + $this->userSession->logout(); + } + } + if(!empty($targetUrl) && !$auth->getLastErrorReason()){ + $this->userSession->logout(); + } + } + if(empty($targetUrl)){ + $targetUrl = $this->urlGenerator->getAbsoluteURL('/'); + } + + return new Http\RedirectResponse($targetUrl); + } + + /** + * @PublicPage + * @NoCSRFRequired + * @OnlyUnauthenticatedUsers + */ + public function notProvisioned() { + return new Http\TemplateResponse($this->appName, 'notProvisioned', [], 'guest'); + } + + + /** + * @PublicPage + * @NoCSRFRequired + * @OnlyUnauthenticatedUsers + * @param string $message + * @return Http\TemplateResponse + */ + public function genericError($message) { + if (empty($message)) { + $message = $this->l->t('Unknown error, please check the log file for more details.'); + } + return new Http\TemplateResponse($this->appName, 'error', ['message' => $message], 'guest'); + } + + /** + * @PublicPage + * @NoCSRFRequired + * @OnlyUnauthenticatedUsers + * @param string $redirectUrl + * @return Http\TemplateResponse + */ + public function selectUserBackEnd($redirectUrl) { + + $attributes = ['loginUrls' => []]; + + if ($this->SAMLSettings->allowMultipleUserBackEnds()) { + $displayName = $this->l->t('Direct log in'); + + $customDisplayName = $this->config->getAppValue('user_saml', 'directLoginName', ''); + if ($customDisplayName !== '') { + $displayName = $customDisplayName; + } + + $attributes['loginUrls']['directLogin'] = [ + 'url' => $this->getDirectLoginUrl($redirectUrl), + 'display-name' => $displayName, + ]; + } + + $attributes['loginUrls']['ssoLogin'] = $this->getIdps($redirectUrl); + + $attributes['useCombobox'] = count($attributes['loginUrls']['ssoLogin']) > 4 ? true : false; + + + return new Http\TemplateResponse($this->appName, 'selectUserBackEnd', $attributes, 'guest'); + } + + /** + * get the IdPs showed at the login page + * + * @param $redirectUrl + * @return array + */ + private function getIdps($redirectUrl) { + $result = []; + $idps = $this->SAMLSettings->getListOfIdps(); + foreach ($idps as $idpId => $displayName) { + $result[] = [ + 'url' => $this->getSSOUrl($redirectUrl, $idpId), + 'display-name' => $this->getSSODisplayName($displayName), + ]; + } + + return $result; + } + + /** + * get SSO URL + * + * @param $redirectUrl + * @param idp identifier + * @return string + */ + private function getSSOUrl($redirectUrl, $idp) { + + $originalUrl = ''; + if(!empty($redirectUrl)) { + $originalUrl = $this->urlGenerator->getAbsoluteURL($redirectUrl); + } + + + $csrfToken = \OC::$server->getCsrfTokenManager()->getToken(); + $ssoUrl = $this->urlGenerator->linkToRouteAbsolute( + 'user_saml.SAML.login', + [ + 'requesttoken' => $csrfToken->getEncryptedValue(), + 'originalUrl' => $originalUrl, + 'idp' => $idp + ] + ); + + return $ssoUrl; + + } + + /** + * return the display name of the SSO identity provider + * + * @param $displayName + * @return string + */ + protected function getSSODisplayName($displayName) { + if (empty($displayName)) { + $displayName = $this->l->t('SSO & SAML log in'); + } + + return $displayName; + } + + /** + * get Nextcloud login URL + * + * @return string + */ + private function getDirectLoginUrl($redirectUrl) { + $directUrl = $this->urlGenerator->linkToRouteAbsolute('core.login.tryLogin', [ + 'direct' => '1', + 'redirect_url' => $redirectUrl, + ]); + return $directUrl; + } + + private function isValidJwt($jwt) { + try { + $key = $this->config->getSystemValue('gss.jwt.key', ''); + JWT::decode($jwt, $key, ['HS256']); + } catch (\Exception $e) { + return false; + } + + return true; + } + + /** + * @PublicPage + * @NoCSRFRequired + * + * @return Http\TemplateResponse + */ + public function base() { + $message = $this->l->t('This page should not be visited directly.'); + return new Http\TemplateResponse($this->appName, 'error', ['message' => $message], 'guest'); + } + +} diff --git a/docker/nextcloud/user_saml/lib/Controller/SettingsController.php b/docker/nextcloud/user_saml/lib/Controller/SettingsController.php new file mode 100755 index 0000000..fb76ef5 --- /dev/null +++ b/docker/nextcloud/user_saml/lib/Controller/SettingsController.php @@ -0,0 +1,120 @@ + + * + * @author Julius Härtl + * + * @license GNU AGPL version 3 or any later version + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + * + */ + +namespace OCA\User_SAML\Controller; + +use OCA\User_SAML\Settings\Admin; +use OCP\AppFramework\Controller; +use OCP\AppFramework\Http\Response; +use OCP\IConfig; +use OCP\IRequest; + +class SettingsController extends Controller { + + /** @var IConfig */ + private $config; + /** @var Admin */ + private $admin; + + public function __construct($appName, + IRequest $request, + IConfig $config, + Admin $admin) { + parent::__construct($appName, $request); + $this->config = $config; + $this->admin = $admin; + } + + /** + * @param $providerId + * @return array of categories containing entries for each config parameter with their value + */ + public function getSamlProviderSettings($providerId) { + /** + * This uses the list of available config parameters from the admin section + * and extends it with fields that are not coming from \OCA\User_SAML\Settings\Admin + */ + $params = $this->admin->getForm()->getParams(); + $params['idp'] = [ + 'singleLogoutService.url' => ['required' => false], + 'singleLogoutService.responseUrl' => ['required' => false], + 'singleSignOnService.url' => ['required' => false], + 'entityId' => ['required' => false], + 'x509cert' => ['required' => false], + ]; + /* Fetch all config values for the given providerId */ + $settings = []; + foreach ($params as $category => $content) { + if (empty($content) || $category === 'providers' || $category === 'type') { + continue; + } + foreach ($content as $setting => $details) { + $prefix = $providerId === '1' ? '' : $providerId . '-'; + /* use security as category instead of security-* */ + if (strpos($category, 'security-') === 0) { + $category = 'security'; + } + // make sure we properly fetch the attribute mapping + // as this is the only category that has the saml- prefix on config keys + if (strpos($category, 'attribute-mapping') === 0) { + $category = 'attribute-mapping'; + $key = $prefix . 'saml-attribute-mapping' . '-' . $setting; + } else { + $key = $prefix . $category . '-' . $setting; + } + $settings[$category][$setting] = $this->config->getAppValue('user_saml', $key, ''); + } + } + return $settings; + } + + public function deleteSamlProviderSettings($providerId) { + $params = $this->admin->getForm()->getParams(); + $params['idp'] = [ + 'singleLogoutService.url' => null, + 'singleLogoutService.responseUrl' => null, + 'singleSignOnService.url' => null, + 'idp-entityId' => null, + ]; + /* Fetch all config values for the given providerId */ + foreach ($params as $category => $content) { + if (!is_array($content) || $category === 'providers') { + continue; + } + foreach ($content as $setting => $details) { + if (isset($details['global']) && $details['global'] === true) { + continue; + } + $prefix = $providerId === '1' ? '' : $providerId . '-'; + $key = $prefix . $category . '-' . $setting; + /* use security as category instead of security-* */ + if (strpos($category, 'security-') === 0) { + $category = 'security'; + } + $this->config->deleteAppValue('user_saml', $key); + } + } + return new Response(); + } + +} diff --git a/docker/nextcloud/user_saml/lib/Controller/TimezoneController.php b/docker/nextcloud/user_saml/lib/Controller/TimezoneController.php new file mode 100755 index 0000000..46218c7 --- /dev/null +++ b/docker/nextcloud/user_saml/lib/Controller/TimezoneController.php @@ -0,0 +1,68 @@ + + * + * @author Roeland Jago Douma + * + * @license GNU AGPL version 3 or any later version + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + * + */ + +namespace OCA\User_SAML\Controller; + +use OCP\AppFramework\Controller; +use OCP\AppFramework\Http\JSONResponse; +use OCP\IConfig; +use OCP\IRequest; +use OCP\ISession; + +class TimezoneController extends Controller { + + /** @var IConfig */ + private $config; + /** @var string */ + private $userId; + /** @var ISession */ + private $session; + + public function __construct($appName, + IRequest $request, + IConfig $config, + $userId, + ISession $session) { + parent::__construct($appName, $request); + $this->config = $config; + $this->userId = $userId; + $this->session = $session; + } + + /** + * @NoAdminRequired + * @UseSession + * + * @param string $timezone + * @param int $timezoneOffset + * @return JSONResponse + * @throws \OCP\PreConditionNotMetException + */ + public function setTimezone($timezone, $timezoneOffset) { + $this->config->setUserValue($this->userId, 'core', 'timezone', $timezone); + $this->session->set('timezone', $timezoneOffset); + + return new JSONResponse(); + } +} diff --git a/docker/nextcloud/user_saml/lib/DavPlugin.php b/docker/nextcloud/user_saml/lib/DavPlugin.php new file mode 100755 index 0000000..5340760 --- /dev/null +++ b/docker/nextcloud/user_saml/lib/DavPlugin.php @@ -0,0 +1,67 @@ + + * + * @license GNU AGPL version 3 or any later version + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + * + */ + +namespace OCA\User_SAML; + +use OCA\DAV\Connector\Sabre\Auth; +use OCP\IConfig; +use OCP\ISession; +use Sabre\DAV\CorePlugin; +use Sabre\DAV\FS\Directory; +use Sabre\DAV\Server; +use Sabre\DAV\ServerPlugin; +use Sabre\DAV\Tree; +use Sabre\HTTP\RequestInterface; +use Sabre\HTTP\ResponseInterface; + +class DavPlugin extends ServerPlugin { + private $session; + private $config; + private $auth; + /** @var Server */ + private $server; + + public function __construct(ISession $session, IConfig $config, array $auth) { + $this->session = $session; + $this->config = $config; + $this->auth = $auth; + } + + + public function initialize(Server $server) { + // before auth + $server->on('beforeMethod:*', [$this, 'beforeMethod'], 9); + $this->server = $server; + } + + public function beforeMethod(RequestInterface $request, ResponseInterface $response) { + if ( + $this->config->getAppValue('user_saml', 'type') === 'environment-variable' && + !$this->session->exists('user_saml.samlUserData') + ) { + $uidMapping = $this->config->getAppValue('user_saml', 'general-uid_mapping'); + if (isset($this->auth[$uidMapping])) { + $this->session->set(Auth::DAV_AUTHENTICATED, $this->auth[$uidMapping]); + $this->session->set('user_saml.samlUserData', $this->auth); + } + } + } +} diff --git a/docker/nextcloud/user_saml/lib/Exceptions/NoUserFoundException.php b/docker/nextcloud/user_saml/lib/Exceptions/NoUserFoundException.php new file mode 100755 index 0000000..19b4fc2 --- /dev/null +++ b/docker/nextcloud/user_saml/lib/Exceptions/NoUserFoundException.php @@ -0,0 +1,30 @@ + + * + * @license GNU AGPL version 3 or any later version + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + * + */ + +namespace OCA\User_SAML\Exceptions; + +/** + * Class NoUserFoundException is thrown when no user has been found + * + * @package OCA\User_SAML\Exceptions + */ +class NoUserFoundException extends \Exception { +} diff --git a/docker/nextcloud/user_saml/lib/Middleware/OnlyLoggedInMiddleware.php b/docker/nextcloud/user_saml/lib/Middleware/OnlyLoggedInMiddleware.php new file mode 100755 index 0000000..6a3bfdf --- /dev/null +++ b/docker/nextcloud/user_saml/lib/Middleware/OnlyLoggedInMiddleware.php @@ -0,0 +1,84 @@ + + * + * @license GNU AGPL version 3 or any later version + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + * + */ + +namespace OCA\User_SAML\Middleware; + +use OCP\AppFramework\Http\JSONResponse; +use OCP\AppFramework\Http\RedirectResponse; +use OCP\AppFramework\Middleware; +use OCP\AppFramework\Utility\IControllerMethodReflector; +use OCP\IURLGenerator; +use OCP\IUserSession; + +/** + * Class OnlyLoggedInMiddleware prevents access to a controller method if the user + * is already logged-in. + * + * @package OCA\User_SAML\MiddleWare + */ +class OnlyLoggedInMiddleware extends Middleware { + /** @var IControllerMethodReflector */ + private $reflector; + /** @var IUserSession */ + private $userSession; + /** @var IURLGenerator */ + private $urlGenerator; + + /** + * @param IControllerMethodReflector $reflector + * @param IUserSession $userSession + */ + public function __construct( + IControllerMethodReflector $reflector, + IUserSession $userSession, + IURLGenerator $urlGenerator + ) { + $this->reflector = $reflector; + $this->userSession = $userSession; + $this->urlGenerator = $urlGenerator; + } + + /** + * @param \OCP\AppFramework\Controller $controller + * @param string $methodName + * @throws \Exception + */ + public function beforeController($controller, $methodName){ + if($this->reflector->hasAnnotation('OnlyUnauthenticatedUsers') && $this->userSession->isLoggedIn()) { + throw new \Exception('User is already logged-in'); + } + } + + /** + * @param \OCP\AppFramework\Controller $controller + * @param string $methodName + * @param \Exception $exception + * @return RedirectResponse + * @throws \Exception + */ + public function afterException($controller, $methodName, \Exception $exception) { + if($exception->getMessage() === 'User is already logged-in') { + return new RedirectResponse($this->urlGenerator->getAbsoluteURL('/')); + } + + throw $exception; + } +} diff --git a/docker/nextcloud/user_saml/lib/Migration/Version3001Date20200630193443.php b/docker/nextcloud/user_saml/lib/Migration/Version3001Date20200630193443.php new file mode 100755 index 0000000..df1a2cc --- /dev/null +++ b/docker/nextcloud/user_saml/lib/Migration/Version3001Date20200630193443.php @@ -0,0 +1,91 @@ + + * + * @author Joas Schilling + * + * @license GNU AGPL version 3 or any later version + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + * + */ + +namespace OCA\User_SAML\Migration; + +use Closure; +use OCP\DB\ISchemaWrapper; +use OCP\DB\Types; +use OCP\Migration\IOutput; +use OCP\Migration\SimpleMigrationStep; + +class Version3001Date20200630193443 extends SimpleMigrationStep { + /** + * @param IOutput $output + * @param Closure $schemaClosure The `\Closure` returns a `ISchemaWrapper` + * @param array $options + * @return null|ISchemaWrapper + */ + public function changeSchema(IOutput $output, Closure $schemaClosure, array $options) { + /** @var ISchemaWrapper $schema */ + $schema = $schemaClosure(); + + if (!$schema->hasTable('user_saml_users')) { + $table = $schema->createTable('user_saml_users'); + $table->addColumn('uid', Types::STRING, [ + 'notnull' => true, + 'length' => 64, + 'default' => '', + ]); + $table->addColumn('displayname', Types::STRING, [ + 'notnull' => true, + 'length' => 255, + 'default' => '', + ]); + $table->addColumn('home', Types::STRING, [ + 'notnull' => true, + 'length' => 255, + 'default' => '', + ]); + $table->setPrimaryKey(['uid']); + } + + if (!$schema->hasTable('user_saml_auth_token')) { + $table = $schema->createTable('user_saml_auth_token'); + $table->addColumn('id', Types::INTEGER, [ + 'autoincrement' => true, + 'notnull' => true, + 'length' => 4, + 'unsigned' => true, + ]); + $table->addColumn('uid', Types::STRING, [ + 'notnull' => true, + 'length' => 64, + 'default' => '', + ]); + $table->addColumn('name', Types::TEXT, [ + 'notnull' => true, + 'default' => '', + ]); + $table->addColumn('token', Types::STRING, [ + 'notnull' => true, + 'length' => 200, + 'default' => '', + ]); + $table->setPrimaryKey(['id']); + } + return $schema; + } +} diff --git a/docker/nextcloud/user_saml/lib/SAMLSettings.php b/docker/nextcloud/user_saml/lib/SAMLSettings.php new file mode 100755 index 0000000..d25fa16 --- /dev/null +++ b/docker/nextcloud/user_saml/lib/SAMLSettings.php @@ -0,0 +1,192 @@ + + * + * @license GNU AGPL version 3 or any later version + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + * + */ + +namespace OCA\User_SAML; + +use OCP\AppFramework\Http; +use OCP\IConfig; +use OCP\IRequest; +use OCP\ISession; +use OCP\IURLGenerator; +use OneLogin\Saml2\Constants; + +class SAMLSettings { + /** @var IURLGenerator */ + private $urlGenerator; + /** @var IConfig */ + private $config; + /** @var IRequest */ + private $request; + /** @var ISession */ + private $session; + /** @var array list of global settings which are valid for every idp */ + private $globalSettings = ['general-require_provisioned_account', 'general-allow_multiple_user_back_ends', 'general-use_saml_auth_for_desktop']; + + /** + * @param IURLGenerator $urlGenerator + * @param IConfig $config + * @param IRequest $request + * @param ISession $session + */ + public function __construct(IURLGenerator $urlGenerator, + IConfig $config, + IRequest $request, + ISession $session) { + $this->urlGenerator = $urlGenerator; + $this->config = $config; + $this->request = $request; + $this->session = $session; + } + + /** + * get list of the configured IDPs + * + * @return array + */ + public function getListOfIdps() { + $result = []; + + $providerIds = explode(',', $this->config->getAppValue('user_saml', 'providerIds', '1')); + natsort($providerIds); + + foreach ($providerIds as $id) { + $prefix = $id === '1' ? '' : $id .'-'; + $result[$id] = $this->config->getAppValue('user_saml', $prefix . 'general-idp0_display_name', ''); + } + + asort($result); + + return $result; + } + + /** + * check if multiple user back ends are allowed + * + * @return bool + */ + public function allowMultipleUserBackEnds() { + $type = $this->config->getAppValue('user_saml', 'type'); + $setting = $this->config->getAppValue('user_saml', 'general-allow_multiple_user_back_ends', '0'); + return ($setting === '1' && $type === 'saml'); + } + + /** + * get config for given IDP + * + * @param int $idp + * @return array + */ + public function getOneLoginSettingsArray($idp) { + + $prefix = ''; + if ($idp > 1) { + $prefix = $idp . '-'; + } + + $settings = [ + 'strict' => true, + 'debug' => $this->config->getSystemValue('debug', false), + 'baseurl' => $this->urlGenerator->linkToRouteAbsolute('user_saml.SAML.base'), + 'security' => [ + 'nameIdEncrypted' => ($this->config->getAppValue('user_saml', $prefix . 'security-nameIdEncrypted', '0') === '1') ? true : false, + 'authnRequestsSigned' => ($this->config->getAppValue('user_saml', $prefix . 'security-authnRequestsSigned', '0') === '1') ? true : false, + 'logoutRequestSigned' => ($this->config->getAppValue('user_saml', $prefix . 'security-logoutRequestSigned', '0') === '1') ? true : false, + 'logoutResponseSigned' => ($this->config->getAppValue('user_saml', $prefix . 'security-logoutResponseSigned', '0') === '1') ? true : false, + 'signMetadata' => ($this->config->getAppValue('user_saml', $prefix . 'security-signMetadata', '0') === '1') ? true : false, + 'wantMessagesSigned' => ($this->config->getAppValue('user_saml', $prefix . 'security-wantMessagesSigned', '0') === '1') ? true : false, + 'wantAssertionsSigned' => ($this->config->getAppValue('user_saml', $prefix . 'security-wantAssertionsSigned', '0') === '1') ? true : false, + 'wantAssertionsEncrypted' => ($this->config->getAppValue('user_saml', $prefix . 'security-wantAssertionsEncrypted', '0') === '1') ? true : false, + 'wantNameId' => ($this->config->getAppValue('user_saml', $prefix . 'security-wantNameId', '0') === '1') ? true : false, + 'wantNameIdEncrypted' => ($this->config->getAppValue('user_saml', $prefix . 'security-wantNameIdEncrypted', '0') === '1') ? true : false, + 'wantXMLValidation' => ($this->config->getAppValue('user_saml', $prefix . 'security-wantXMLValidation', '0') === '1') ? true : false, + 'requestedAuthnContext' => false, + 'lowercaseUrlencoding' => ($this->config->getAppValue('user_saml', $prefix . 'security-lowercaseUrlencoding', '0') === '1') ? true : false, + 'signatureAlgorithm' => $this->config->getAppValue('user_saml', $prefix . 'security-signatureAlgorithm', null) + ], + 'sp' => [ + 'entityId' => $this->urlGenerator->linkToRouteAbsolute('user_saml.SAML.getMetadata'), + 'assertionConsumerService' => [ + 'url' => $this->urlGenerator->linkToRouteAbsolute('user_saml.SAML.assertionConsumerService'), + ], + 'NameIDFormat' => $this->config->getAppValue('user_saml', $prefix . 'sp-name-id-format', Constants::NAMEID_UNSPECIFIED) + ], + 'idp' => [ + 'entityId' => $this->config->getAppValue('user_saml', $prefix . 'idp-entityId', ''), + 'singleSignOnService' => [ + 'url' => $this->config->getAppValue('user_saml', $prefix . 'idp-singleSignOnService.url', ''), + ], + ], + ]; + + $spx509cert = $this->config->getAppValue('user_saml', $prefix . 'sp-x509cert', ''); + $spxprivateKey = $this->config->getAppValue('user_saml', $prefix . 'sp-privateKey', ''); + if($spx509cert !== '') { + $settings['sp']['x509cert'] = $spx509cert; + } + if($spxprivateKey !== '') { + $settings['sp']['privateKey'] = $spxprivateKey; + } + + $idpx509cert = $this->config->getAppValue('user_saml', $prefix . 'idp-x509cert', ''); + if($idpx509cert !== '') { + $settings['idp']['x509cert'] = $idpx509cert; + } + + $slo = $this->config->getAppValue('user_saml', $prefix . 'idp-singleLogoutService.url', ''); + if($slo !== '') { + $settings['idp']['singleLogoutService'] = [ + 'url' => $this->config->getAppValue('user_saml', $prefix . 'idp-singleLogoutService.url', ''), + ]; + $settings['sp']['singleLogoutService'] = [ + 'url' => $this->urlGenerator->linkToRouteAbsolute('user_saml.SAML.singleLogoutService'), + ]; + + $sloResponseUrl = $this->config->getAppValue('user_saml', $prefix . 'idp-singleLogoutService.responseUrl', ''); + if($sloResponseUrl !== '') { + $settings['idp']['singleLogoutService']['responseUrl'] = $sloResponseUrl; + } + } + + return $settings; + } + + /** + * calculate prefix for config values + * + * @param string name of the setting + * @return string + */ + public function getPrefix($setting = '') { + + $prefix = ''; + if (!empty($setting) && in_array($setting, $this->globalSettings)) { + return $prefix; + } + + $idp = $this->session->get('user_saml.Idp'); + if ((int)$idp > 1) { + $prefix = $idp . '-'; + } + + return $prefix; + } + +} diff --git a/docker/nextcloud/user_saml/lib/Settings/Admin.php b/docker/nextcloud/user_saml/lib/Settings/Admin.php new file mode 100755 index 0000000..6a7cf87 --- /dev/null +++ b/docker/nextcloud/user_saml/lib/Settings/Admin.php @@ -0,0 +1,229 @@ + + * + * @author Lukas Reschke + * + * @license GNU AGPL version 3 or any later version + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + * + */ + +namespace OCA\User_SAML\Settings; + +use OCP\AppFramework\Http\TemplateResponse; +use OCP\Defaults; +use OCP\IConfig; +use OCP\IL10N; +use OCP\Settings\ISettings; +use OneLogin\Saml2\Constants; + +class Admin implements ISettings { + /** @var IL10N */ + private $l10n; + /** @var Defaults */ + private $defaults; + /** @var IConfig */ + private $config; + + /** + * @param IL10N $l10n + * @param Defaults $defaults + * @param IConfig $config + */ + public function __construct(IL10N $l10n, + Defaults $defaults, + IConfig $config) { + $this->l10n = $l10n; + $this->defaults = $defaults; + $this->config = $config; + } + + /** + * @return TemplateResponse + */ + public function getForm() { + $providerIds = explode(',', $this->config->getAppValue('user_saml', 'providerIds', '1')); + natsort($providerIds); + $providers = []; + foreach ($providerIds as $id) { + $prefix = $id === '1' ? '' : $id .'-'; + $name = $this->config->getAppValue('user_saml', $prefix . 'general-idp0_display_name', ''); + $providers[] = [ + 'id' => $id, + 'name' => $name === '' ? $this->l10n->t('Provider ') . $id : $name + ]; + } + $serviceProviderFields = [ + 'x509cert' => $this->l10n->t('X.509 certificate of the Service Provider'), + 'privateKey' => $this->l10n->t('Private key of the Service Provider'), + ]; + $securityOfferFields = [ + 'nameIdEncrypted' => $this->l10n->t('Indicates that the nameID of the sent by this SP will be encrypted.'), + 'authnRequestsSigned' => $this->l10n->t('Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]'), + 'logoutRequestSigned' => $this->l10n->t('Indicates whether the messages sent by this SP will be signed.'), + 'logoutResponseSigned' => $this->l10n->t('Indicates whether the messages sent by this SP will be signed.'), + 'signMetadata' => $this->l10n->t('Whether the metadata should be signed.') + ]; + $securityRequiredFields = [ + 'wantMessagesSigned' => $this->l10n->t('Indicates a requirement for the , and elements received by this SP to be signed.'), + 'wantAssertionsSigned' => $this->l10n->t('Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]'), + 'wantAssertionsEncrypted' => $this->l10n->t('Indicates a requirement for the elements received by this SP to be encrypted.'), + 'wantNameId' => $this->l10n->t(' Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present.'), + 'wantNameIdEncrypted' => $this->l10n->t('Indicates a requirement for the NameID received by this SP to be encrypted.'), + 'wantXMLValidation' => $this->l10n->t('Indicates if the SP will validate all received XML.'), + ]; + $securityGeneral = [ + 'lowercaseUrlencoding' => $this->l10n->t('ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification.'), + 'signatureAlgorithm' => [ + 'type' => 'line', + 'text' => $this->l10n->t('Algorithm that the toolkit will use on signing process.') + ] + ]; + $generalSettings = [ + 'uid_mapping' => [ + 'text' => $this->l10n->t('Attribute to map the UID to.'), + 'type' => 'line', + 'required' => true, + ], + 'require_provisioned_account' => [ + 'text' => $this->l10n->t('Only allow authentication if an account exists on some other backend. (e.g. LDAP)'), + 'type' => 'checkbox', + 'global' => true, + ] + ]; + $attributeMappingSettings = [ + 'displayName_mapping' => [ + 'text' => $this->l10n->t('Attribute to map the displayname to.'), + 'type' => 'line', + 'required' => true, + ], + 'email_mapping' => [ + 'text' => $this->l10n->t('Attribute to map the email address to.'), + 'type' => 'line', + 'required' => true, + ], + 'quota_mapping' => [ + 'text' => $this->l10n->t('Attribute to map the quota to.'), + 'type' => 'line', + 'required' => false, + ], + 'group_mapping' => [ + 'text' => $this->l10n->t('Attribute to map the users groups to.'), + 'type' => 'line', + 'required' => true, + ], + 'home_mapping' => [ + 'text' => $this->l10n->t('Attribute to map the users home to.'), + 'type' => 'line', + 'required' => true, + ], + + ]; + + $selectedNameIdFormat = $this->config->getAppValue('user_saml', 'sp-name-id-format', Constants::NAMEID_UNSPECIFIED); + $nameIdFormats = [ + Constants::NAMEID_EMAIL_ADDRESS => [ + 'label' => $this->l10n->t('Email address'), + 'selected' => $selectedNameIdFormat === Constants::NAMEID_EMAIL_ADDRESS, + ], + Constants::NAMEID_ENCRYPTED => [ + 'label' => $this->l10n->t('Encrypted'), + 'selected' => $selectedNameIdFormat === Constants::NAMEID_ENCRYPTED, + ], + Constants::NAMEID_ENTITY => [ + 'label' => $this->l10n->t('Entity'), + 'selected' => $selectedNameIdFormat === Constants::NAMEID_ENTITY, + ], + Constants::NAMEID_KERBEROS => [ + 'label' => $this->l10n->t('Kerberos'), + 'selected' => $selectedNameIdFormat === Constants::NAMEID_KERBEROS, + ], + Constants::NAMEID_PERSISTENT => [ + 'label' => $this->l10n->t('Persistent'), + 'selected' => $selectedNameIdFormat === Constants::NAMEID_PERSISTENT, + ], + Constants::NAMEID_TRANSIENT => [ + 'label' => $this->l10n->t('Transient'), + 'selected' => $selectedNameIdFormat === Constants::NAMEID_TRANSIENT, + ], + Constants::NAMEID_UNSPECIFIED => [ + 'label' => $this->l10n->t('Unspecified'), + 'selected' => $selectedNameIdFormat === Constants::NAMEID_UNSPECIFIED, + ], + Constants::NAMEID_WINDOWS_DOMAIN_QUALIFIED_NAME => [ + 'label' => $this->l10n->t('Windows domain qualified name'), + 'selected' => $selectedNameIdFormat === Constants::NAMEID_WINDOWS_DOMAIN_QUALIFIED_NAME, + ], + Constants::NAMEID_X509_SUBJECT_NAME => [ + 'label' => $this->l10n->t('X509 subject name'), + 'selected' => $selectedNameIdFormat === Constants::NAMEID_X509_SUBJECT_NAME, + ], + ]; + + $type = $this->config->getAppValue('user_saml', 'type'); + if($type === 'saml') { + $generalSettings['use_saml_auth_for_desktop'] = [ + 'text' => $this->l10n->t('Use SAML auth for the %s desktop clients (requires user re-authentication)', [$this->defaults->getName()]), + 'type' => 'checkbox', + 'global' => true, + ]; + $generalSettings['idp0_display_name'] = [ + 'text' => $this->l10n->t('Optional display name of the identity provider (default: "SSO & SAML log in")'), + 'type' => 'line', + 'required' => false, + ]; + $generalSettings['allow_multiple_user_back_ends'] = [ + 'text' => $this->l10n->t('Allow the use of multiple user back-ends (e.g. LDAP)'), + 'type' => 'checkbox', + 'hideForEnv' => true, + 'global' => true, + ]; + } + + $params = [ + 'sp' => $serviceProviderFields, + 'security-offer' => $securityOfferFields, + 'security-required' => $securityRequiredFields, + 'security-general' => $securityGeneral, + 'general' => $generalSettings, + 'attribute-mapping' => $attributeMappingSettings, + 'name-id-formats' => $nameIdFormats, + 'type' => $type, + 'providers' => $providers + ]; + + return new TemplateResponse('user_saml', 'admin', $params); + } + + /** + * @return string the section ID, e.g. 'sharing' + */ + public function getSection() { + return 'saml'; + } + + /** + * @return int whether the form should be rather on the top or bottom of + * the admin section. The forms are arranged in ascending order of the + * priority values. It is required to return a value between 0 and 100. + * + * keep the server setting at the top, right after "server settings" + */ + public function getPriority() { + return 0; + } + +} diff --git a/docker/nextcloud/user_saml/lib/Settings/Section.php b/docker/nextcloud/user_saml/lib/Settings/Section.php new file mode 100755 index 0000000..5c267d3 --- /dev/null +++ b/docker/nextcloud/user_saml/lib/Settings/Section.php @@ -0,0 +1,73 @@ + + * + * @author Lukas Reschke + * + * @license GNU AGPL version 3 or any later version + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + * + */ + +namespace OCA\User_SAML\Settings; + +use OCP\IL10N; +use OCP\IURLGenerator; +use OCP\Settings\IIconSection; + +class Section implements IIconSection { + /** @var IL10N */ + private $l; + /** @var IURLGenerator */ + private $url; + + /** + * @param IL10N $l + * @param IURLGenerator $url + */ + public function __construct(IL10N $l, + IURLGenerator $url) { + $this->l = $l; + $this->url = $url; + } + + /** + * {@inheritdoc} + */ + public function getID() { + return 'saml'; + } + + /** + * {@inheritdoc} + */ + public function getName() { + return $this->l->t('SSO & SAML authentication'); + } + + /** + * {@inheritdoc} + */ + public function getPriority() { + return 75; + } + + /** + * {@inheritdoc} + */ + public function getIcon() { + return $this->url->imagePath('user_saml', 'app-dark.svg'); + } +} diff --git a/docker/nextcloud/user_saml/lib/UserBackend.php b/docker/nextcloud/user_saml/lib/UserBackend.php new file mode 100755 index 0000000..dcec830 --- /dev/null +++ b/docker/nextcloud/user_saml/lib/UserBackend.php @@ -0,0 +1,754 @@ + + * + * @license GNU AGPL version 3 or any later version + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + * + */ + +namespace OCA\User_SAML; + +use OCP\Authentication\IApacheBackend; +use OCP\DB\QueryBuilder\IQueryBuilder; +use OCP\Files\NotPermittedException; +use OCP\IDBConnection; +use OCP\ILogger; +use OCP\IUser; +use OCP\IUserManager; +use OCP\IGroupManager; +use OCP\UserInterface; +use OCP\IUserBackend; +use OCP\IConfig; +use OCP\IURLGenerator; +use OCP\ISession; +use Symfony\Component\EventDispatcher\GenericEvent; +use function base64_decode; + +class UserBackend implements IApacheBackend, UserInterface, IUserBackend { + /** @var IConfig */ + private $config; + /** @var IURLGenerator */ + private $urlGenerator; + /** @var ISession */ + private $session; + /** @var IDBConnection */ + private $db; + /** @var IUserManager */ + private $userManager; + /** @var IGroupManager */ + private $groupManager; + /** @var \OCP\UserInterface[] */ + private static $backends = []; + /** @var SAMLSettings */ + private $settings; + /** @var ILogger */ + private $logger; + + /** + * @param IConfig $config + * @param IURLGenerator $urlGenerator + * @param ISession $session + * @param IDBConnection $db + * @param IUserManager $userManager + * @param IGroupManager $groupManager + * @param SAMLSettings $settings + * @param ILogger $logger + */ + public function __construct(IConfig $config, + IURLGenerator $urlGenerator, + ISession $session, + IDBConnection $db, + IUserManager $userManager, + IGroupManager $groupManager, + SAMLSettings $settings, + ILogger $logger) { + $this->config = $config; + $this->urlGenerator = $urlGenerator; + $this->session = $session; + $this->db = $db; + $this->userManager = $userManager; + $this->groupManager = $groupManager; + $this->settings = $settings; + $this->logger = $logger; + } + + /** + * Whether $uid exists in the database + * + * @param string $uid + * @return bool + */ + protected function userExistsInDatabase($uid) { + /* @var $qb IQueryBuilder */ + $qb = $this->db->getQueryBuilder(); + $qb->select('uid') + ->from('user_saml_users') + ->where($qb->expr()->eq('uid', $qb->createNamedParameter($uid))) + ->setMaxResults(1); + $result = $qb->execute(); + $users = $result->fetchAll(); + $result->closeCursor(); + + return !empty($users); + } + + /** + * Creates a user if it does not exist. In case home directory mapping + * is enabled we also set up the user's home from $attributes. + * + * @param string $uid + * @param array $attributes + */ + public function createUserIfNotExists($uid, array $attributes = array()) { + if(!$this->userExistsInDatabase($uid)) { + $values = [ + 'uid' => $uid, + ]; + + // Try to get the mapped home directory of the user + try { + $home = $this->getAttributeValue('saml-attribute-mapping-home_mapping', $attributes); + } catch (\InvalidArgumentException $e) { + $home = ''; + } + + if ($home !== '') { + //if attribute's value is an absolute path take this, otherwise append it to data dir + //check for / at the beginning or pattern c:\ resp. c:/ + if( '/' !== $home[0] + && !(3 < strlen($home) && ctype_alpha($home[0]) + && $home[1] === ':' && ('\\' === $home[2] || '/' === $home[2])) + ) { + $home = $this->config->getSystemValue('datadirectory', + \OC::$SERVERROOT.'/data' ) . '/' . $home; + } + + $values['home'] = $home; + } + + /* @var $qb IQueryBuilder */ + $qb = $this->db->getQueryBuilder(); + $qb->insert('user_saml_users'); + foreach($values as $column => $value) { + $qb->setValue($column, $qb->createNamedParameter($value)); + } + $qb->execute(); + + $this->initializeHomeDir($uid); + + } + } + + /** + * @param string $uid + * @throws \OCP\Files\NotFoundException + */ + public function initializeHomeDir($uid) { + ### Code taken from lib/private/User/Session.php - function prepareUserLogin() ### + //trigger creation of user home and /files folder + $userFolder = \OC::$server->getUserFolder($uid); + try { + // copy skeleton + \OC_Util::copySkeleton($uid, $userFolder); + } catch (NotPermittedException $ex) { + // read only uses + } + // trigger any other initialization + $user = $this->userManager->get($uid); + \OC::$server->getEventDispatcher()->dispatch(IUser::class . '::firstLogin', new GenericEvent($user)); + } + + /** + * Check if backend implements actions + * @param int $actions bitwise-or'ed actions + * @return boolean + * + * Returns the supported actions as int to be + * compared with \OC\User\Backend::CREATE_USER etc. + * @since 4.5.0 + */ + public function implementsActions($actions) { + $availableActions = \OC\User\Backend::CHECK_PASSWORD; + $availableActions |= \OC\User\Backend::GET_DISPLAYNAME; + $availableActions |= \OC\User\Backend::GET_HOME; + $availableActions |= \OC\User\Backend::COUNT_USERS; + return (bool)($availableActions & $actions); + } + + /** + * Check if the provided token is correct + * @param string $uid The username + * @param string $password The password + * @return string + * + * Check if the password is correct without logging in the user + * returns the user id or false + */ + public function checkPassword($uid, $password) { + /* @var $qb IQueryBuilder */ + $qb = $this->db->getQueryBuilder(); + $qb->select('token') + ->from('user_saml_auth_token') + ->where($qb->expr()->eq('uid', $qb->createNamedParameter($uid))) + ->setMaxResults(1000); + $result = $qb->execute(); + $data = $result->fetchAll(); + $result->closeCursor(); + + foreach($data as $passwords) { + if(password_verify($password, $passwords['token'])) { + return $uid; + } + } + + return false; + } + + /** + * delete a user + * @param string $uid The username of the user to delete + * @return bool + * @since 4.5.0 + */ + public function deleteUser($uid) { + if($this->userExistsInDatabase($uid)) { + /* @var $qb IQueryBuilder */ + $qb = $this->db->getQueryBuilder(); + $qb->delete('user_saml_users') + ->where($qb->expr()->eq('uid', $qb->createNamedParameter($uid))) + ->execute(); + return true; + } + return false; + } + + /** + * Returns the user's home directory, if home directory mapping is set up. + * + * @param string $uid the username + * @return string + */ + public function getHome($uid) { + if($this->userExistsInDatabase($uid)) { + $qb = $this->db->getQueryBuilder(); + $qb->select('home') + ->from('user_saml_users') + ->where($qb->expr()->eq('uid', $qb->createNamedParameter($uid))) + ->setMaxResults(1); + $result = $qb->execute(); + $users = $result->fetchAll(); + if (isset($users[0]['home'])) { + return $users[0]['home']; + } + } + } + + /** + * Get a list of all users + * + * @param string $search + * @param null|int $limit + * @param null|int $offset + * @return string[] an array of all uids + * @since 4.5.0 + */ + public function getUsers($search = '', $limit = null, $offset = null) { + // shamelessly duplicated from \OC\User\Database + $users = $this->getDisplayNames($search, $limit, $offset); + $userIds = array_map(function ($uid) { + return (string)$uid; + }, array_keys($users)); + sort($userIds, SORT_STRING | SORT_FLAG_CASE); + return $userIds; + } + + /** + * check if a user exists + * @param string $uid the username + * @return boolean + * @since 4.5.0 + */ + public function userExists($uid) { + if($backend = $this->getActualUserBackend($uid)) { + return $backend->userExists($uid); + } else { + return $this->userExistsInDatabase($uid); + } + } + + public function setDisplayName($uid, $displayName) { + if($backend = $this->getActualUserBackend($uid)) { + return $backend->setDisplayName($uid, $displayName); + } + + if ($this->userExistsInDatabase($uid)) { + $qb = $this->db->getQueryBuilder(); + $qb->update('user_saml_users') + ->set('displayname', $qb->createNamedParameter($displayName)) + ->where($qb->expr()->eq('uid', $qb->createNamedParameter($uid))) + ->execute(); + return true; + } + + return false; + } + + /** + * Get display name of the user + * + * @param string $uid user ID of the user + * @return string display name + * @since 4.5.0 + */ + public function getDisplayName($uid) { + if($backend = $this->getActualUserBackend($uid)) { + return $backend->getDisplayName($uid); + } else { + if($this->userExistsInDatabase($uid)) { + $qb = $this->db->getQueryBuilder(); + $qb->select('displayname') + ->from('user_saml_users') + ->where($qb->expr()->eq('uid', $qb->createNamedParameter($uid))) + ->setMaxResults(1); + $result = $qb->execute(); + $users = $result->fetchAll(); + if (isset($users[0]['displayname'])) { + return $users[0]['displayname']; + } + } + } + + return false; + } + + /** + * Get a list of all display names and user ids. + * + * @param string $search + * @param string|null $limit + * @param string|null $offset + * @return array an array of all displayNames (value) and the corresponding uids (key) + * @since 4.5.0 + */ + public function getDisplayNames($search = '', $limit = null, $offset = null) { + // shamelessly duplicate from \OC\User\Database + $query = $this->db->getQueryBuilder(); + + $query->select('uid', 'displayname') + ->from('user_saml_users', 'u') + ->leftJoin('u', 'preferences', 'p', $query->expr()->andX( + $query->expr()->eq('userid', 'uid'), + $query->expr()->eq('appid', $query->expr()->literal('settings')), + $query->expr()->eq('configkey', $query->expr()->literal('email'))) + ) + // sqlite doesn't like re-using a single named parameter here + ->where($query->expr()->iLike('uid', $query->createPositionalParameter('%' . $this->db->escapeLikeParameter($search) . '%'))) + ->orWhere($query->expr()->iLike('displayname', $query->createPositionalParameter('%' . $this->db->escapeLikeParameter($search) . '%'))) + ->orWhere($query->expr()->iLike('configvalue', $query->createPositionalParameter('%' . $this->db->escapeLikeParameter($search) . '%'))) + ->orderBy($query->func()->lower('displayname'), 'ASC') + ->orderBy('uid', 'ASC') + ->setMaxResults($limit) + ->setFirstResult($offset); + + $result = $query->execute(); + $displayNames = []; + while ($row = $result->fetch()) { + $displayNames[(string)$row['uid']] = (string)$row['displayname']; + } + $result->closeCursor(); + + return $displayNames; + } + + /** + * Check if a user list is available or not + * @return boolean if users can be listed or not + * @since 4.5.0 + */ + public function hasUserListings() { + if($this->autoprovisionAllowed()) { + return true; + } + + return false; + } + + /** + * In case the user has been authenticated by Apache true is returned. + * + * @return boolean whether Apache reports a user as currently logged in. + * @since 6.0.0 + */ + public function isSessionActive() { + if($this->getCurrentUserId() !== '') { + return true; + } + return false; + } + + /** + * {@inheritdoc} + */ + public function getLogoutUrl() { + $prefix = $this->settings->getPrefix(); + $slo = $this->config->getAppValue('user_saml', $prefix . 'idp-singleLogoutService.url', ''); + if($slo === '') { + return ''; + } + + return $this->urlGenerator->linkToRouteAbsolute( + 'user_saml.SAML.singleLogoutService', + [ + 'requesttoken' => \OC::$server->getCsrfTokenManager()->getToken()->getEncryptedValue(), + ] + ); + } + + /** + * Logout attribute for Nextcloud < 12.0.3 + * + * @return string + */ + public function getLogoutAttribute() { + return 'style="display:none;"'; + } + + /** + * return user data from the idp + * + * @return mixed + */ + public function getUserData() { + $userData = $this->session->get('user_saml.samlUserData'); + $userData = $this->formatUserData($userData); + + // make sure that a valid UID is given + if (empty($userData['formatted']['uid'])) { + $this->logger->error('No valid uid given, please check your attribute mapping. Got uid: {uid}', ['app' => $this->appName, 'uid' => $userData['uid']]); + throw new \InvalidArgumentException('No valid uid given, please check your attribute mapping. Got uid: ' . $userData['uid']); + } + + + return $userData; + + } + + /** + * format user data and map them to the configured attributes + * + * @param $attributes + * @return array + */ + private function formatUserData($attributes) { + + $result = ['formatted' => [], 'raw' => $attributes]; + + try { + $result['formatted']['email'] = $this->getAttributeValue('saml-attribute-mapping-email_mapping', $attributes); + } catch (\InvalidArgumentException $e) { + $result['formatted']['email'] = null; + } + try { + $result['formatted']['displayName'] = $this->getAttributeValue('saml-attribute-mapping-displayName_mapping', $attributes); + } catch (\InvalidArgumentException $e) { + $result['formatted']['displayName'] = null; + } + try { + $result['formatted']['quota'] = $this->getAttributeValue('saml-attribute-mapping-quota_mapping', $attributes); + if ($result['formatted']['quota'] === '') { + $result['formatted']['quota'] = 'default'; + } + } catch (\InvalidArgumentException $e) { + $result['formatted']['quota'] = null; + } + + try { + $result['formatted']['groups'] = $this->getAttributeArrayValue('saml-attribute-mapping-group_mapping', $attributes); + } catch (\InvalidArgumentException $e) { + $result['formatted']['groups'] = null; + } + + $prefix = $this->settings->getPrefix(); + $uidMapping = $this->config->getAppValue('user_saml', $prefix . 'general-uid_mapping'); + $result['formatted']['uid'] = ''; + if (isset($attributes[$uidMapping])) { + $result['formatted']['uid'] = $attributes[$uidMapping][0]; + } + + return $result; + } + + /** + * Return the id of the current user + * @return string + * @since 6.0.0 + */ + public function getCurrentUserId() { + $samlData = $this->session->get('user_saml.samlUserData'); + $prefix = $this->settings->getPrefix(); + $uidMapping = $this->config->getAppValue('user_saml', $prefix . 'general-uid_mapping', ''); + + if($uidMapping !== '' && isset($samlData[$uidMapping])) { + if(is_array($samlData[$uidMapping])) { + $uid = $samlData[$uidMapping][0]; + } else { + $uid = $samlData[$uidMapping]; + } + $uid = $this->testEncodedObjectGUID($uid); + + if($this->userExists($uid)) { + $this->session->set('last-password-confirm', strtotime('+4 year', time())); + return $uid; + } + } + + return ''; + } + + + /** + * Backend name to be shown in user management + * @return string the name of the backend to be shown + * @since 8.0.0 + */ + public function getBackendName() { + return 'user_saml'; + } + + /** + * Whether autoprovisioning is enabled or not + * + * @return bool + */ + public function autoprovisionAllowed() { + return $this->config->getAppValue('user_saml', 'general-require_provisioned_account', '0') === '0'; + } + + /** + * Gets the actual user backend of the user + * + * @param string $uid + * @return null|UserInterface + */ + public function getActualUserBackend($uid) { + foreach(self::$backends as $backend) { + if($backend->userExists($uid)) { + return $backend; + } + } + + return null; + } + + /** + * Registers the used backends, used later to get the actual user backend + * of the user. + * + * @param \OCP\UserInterface[] $backends + */ + public function registerBackends(array $backends) { + self::$backends = $backends; + } + + private function getAttributeKeys($name) + { + $prefix = $this->settings->getPrefix($name); + $keys = explode(' ', $this->config->getAppValue('user_saml', $prefix . $name, '')); + + if (count($keys) === 1 && $keys[0] === '') { + throw new \InvalidArgumentException('Attribute is not configured'); + } + return $keys; + } + + private function getAttributeValue($name, array $attributes) { + $keys = $this->getAttributeKeys($name); + + $value = ''; + foreach($keys as $key) { + if (isset($attributes[$key])) { + if (is_array($attributes[$key])) { + foreach ($attributes[$key] as $attribute_part_value) { + if($value !== '') { + $value .= ' '; + } + $value .= $attribute_part_value; + } + } else { + if($value !== '') { + $value .= ' '; + } + $value .= $attributes[$key]; + } + } + } + + return $value; + } + + private function getAttributeArrayValue($name, array $attributes) { + $keys = $this->getAttributeKeys($name); + + $value = array(); + foreach($keys as $key) { + if (isset($attributes[$key])) { + if (is_array($attributes[$key])) { + $value = array_merge($value, array_values($attributes[$key])); + } else { + $value[] = $attributes[$key]; + } + } + } + + return $value; + } + + public function updateAttributes($uid, + array $attributes) { + $user = $this->userManager->get($uid); + try { + $newEmail = $this->getAttributeValue('saml-attribute-mapping-email_mapping', $attributes); + $this->logger->debug('Email attribute content: {email}', ['app' => 'user_saml', 'email' => $newEmail]); + } catch (\InvalidArgumentException $e) { + $this->logger->debug('Failed to fetch email attribute: {exception}', ['app' => 'user_saml', 'exception' => $e->getMessage()]); + $newEmail = null; + } + try { + $newDisplayname = $this->getAttributeValue('saml-attribute-mapping-displayName_mapping', $attributes); + $this->logger->debug('Display name attribute content: {displayName}', ['app' => 'user_saml', 'displayName' => $newDisplayname]); + } catch (\InvalidArgumentException $e) { + $this->logger->debug('Failed to fetch display name attribute: {exception}', ['app' => 'user_saml', 'exception' => $e->getMessage()]); + $newDisplayname = null; + } + try { + $newQuota = $this->getAttributeValue('saml-attribute-mapping-quota_mapping', $attributes); + $this->logger->debug('Quota attribute content: {quota}', ['app' => 'user_saml', 'quota' => $newQuota]); + if ($newQuota === '') { + $newQuota = 'default'; + } + } catch (\InvalidArgumentException $e) { + $this->logger->debug('Failed to fetch quota attribute: {exception}', ['app' => 'user_saml', 'exception' => $e->getMessage()]); + $newQuota = null; + } + + try { + $newGroups = $this->getAttributeArrayValue('saml-attribute-mapping-group_mapping', $attributes); + $this->logger->debug('Group attribute content: {groups}', ['app' => 'user_saml', 'groups' => json_encode($newGroups)]); + } catch (\InvalidArgumentException $e) { + $this->logger->debug('Failed to fetch group attribute: {exception}', ['app' => 'user_saml', 'exception' => $e->getMessage()]); + $newGroups = null; + } + + if ($user !== null) { + $currentEmail = (string)$user->getEMailAddress(); + if ($newEmail !== null + && $currentEmail !== $newEmail) { + $user->setEMailAddress($newEmail); + } + $currentDisplayname = (string)$this->getDisplayName($uid); + if ($newDisplayname !== null + && $currentDisplayname !== $newDisplayname) { + \OC_Hook::emit('OC_User', 'changeUser', + [ + 'user' => $user, + 'feature' => 'displayName', + 'value' => $newDisplayname + ] + ); + $this->setDisplayName($uid, $newDisplayname); + } + + if ($newQuota !== null) { + $user->setQuota($newQuota); + } + + if ($newGroups !== null) { + $groupManager = $this->groupManager; + $oldGroups = $groupManager->getUserGroupIds($user); + + $groupsToAdd = array_unique(array_diff($newGroups, $oldGroups)); + $groupsToRemove = array_diff($oldGroups, $newGroups); + + foreach ($groupsToAdd as $group) { + if (!($groupManager->groupExists($group))) { + $groupManager->createGroup($group); + } + $groupManager->get($group)->addUser($user); + } + + foreach ($groupsToRemove as $group) { + $groupManager->get($group)->removeUser($user); + } + } + } + } + + /** + * returns the plain text UUID if the provided $uid string is a + * base64-encoded binary string representing e.g. the objectGUID. Otherwise + * + */ + public function testEncodedObjectGUID(string $uid): string { + if (preg_match('/[^a-zA-Z0-9=+\/]/', $uid) !== 0) { + // certainly not encoded + return $uid; + } + + $candidate = base64_decode($uid, false); + if($candidate === false) { + return $uid; + } + $candidate = $this->convertObjectGUID2Str($candidate); + // the regex only matches the structure of the UUID, not its semantic + // (i.e. version or variant) simply to be future compatible + if(preg_match('/^[a-f0-9]{8}(-[a-f0-9]{4}){4}[a-f0-9]{8}$/i', $candidate) === 1) { + $uid = $candidate; + } + return $uid; + } + + /** + * @see \OCA\User_LDAP\Access::convertObjectGUID2Str + */ + protected function convertObjectGUID2Str($oguid) { + $hex_guid = bin2hex($oguid); + $hex_guid_to_guid_str = ''; + for($k = 1; $k <= 4; ++$k) { + $hex_guid_to_guid_str .= substr($hex_guid, 8 - 2 * $k, 2); + } + $hex_guid_to_guid_str .= '-'; + for($k = 1; $k <= 2; ++$k) { + $hex_guid_to_guid_str .= substr($hex_guid, 12 - 2 * $k, 2); + } + $hex_guid_to_guid_str .= '-'; + for($k = 1; $k <= 2; ++$k) { + $hex_guid_to_guid_str .= substr($hex_guid, 16 - 2 * $k, 2); + } + $hex_guid_to_guid_str .= '-' . substr($hex_guid, 16, 4); + $hex_guid_to_guid_str .= '-' . substr($hex_guid, 20); + + return strtoupper($hex_guid_to_guid_str); + } + + public function countUsers() { + $query = $this->db->getQueryBuilder(); + $query->select($query->func()->count('uid')) + ->from('user_saml_users'); + $result = $query->execute(); + + return $result->fetchColumn(); + } +} diff --git a/docker/nextcloud/user_saml/templates/admin.php b/docker/nextcloud/user_saml/templates/admin.php new file mode 100755 index 0000000..6d1b754 --- /dev/null +++ b/docker/nextcloud/user_saml/templates/admin.php @@ -0,0 +1,210 @@ + +
    +

    t('SSO & SAML authentication')); ?>

    + + + + + + + + + + + + + + + +
    diff --git a/docker/nextcloud/user_saml/templates/error.php b/docker/nextcloud/user_saml/templates/error.php new file mode 100755 index 0000000..680939a --- /dev/null +++ b/docker/nextcloud/user_saml/templates/error.php @@ -0,0 +1,4 @@ +
    +

    t('Error')) ?>

    +

    +
    diff --git a/docker/nextcloud/user_saml/templates/notProvisioned.php b/docker/nextcloud/user_saml/templates/notProvisioned.php new file mode 100755 index 0000000..04d7a1f --- /dev/null +++ b/docker/nextcloud/user_saml/templates/notProvisioned.php @@ -0,0 +1,6 @@ +
      +
    • + t('Account not provisioned.')) ?>
      +

      t('Your account is not provisioned, access to this service is thus not possible.')) ?>

      +
      • +
    diff --git a/docker/nextcloud/user_saml/templates/selectUserBackEnd.php b/docker/nextcloud/user_saml/templates/selectUserBackEnd.php new file mode 100755 index 0000000..7d29002 --- /dev/null +++ b/docker/nextcloud/user_saml/templates/selectUserBackEnd.php @@ -0,0 +1,41 @@ + + +
    + +

    t('Login options:')); ?>

    + + + + + + + + + + + + + + + + + +
    diff --git a/docker/onlyoffice/onlyoffice.yml b/docker/onlyoffice/onlyoffice.yml new file mode 100644 index 0000000..1973681 --- /dev/null +++ b/docker/onlyoffice/onlyoffice.yml @@ -0,0 +1,8 @@ +version: "3.7" +services: + onlyoffice: + container_name: onlyoffice + image: alehoho/oo-ce-docker-license + networks: + - isard_net + diff --git a/docker/onlyoffice/src b/docker/onlyoffice/src new file mode 160000 index 0000000..ce96de1 --- /dev/null +++ b/docker/onlyoffice/src @@ -0,0 +1 @@ +Subproject commit ce96de1d2b608ef0cc6cb8a9a08dcf341af64321 diff --git a/docker/postgresql/docker-entrypoint-initdb.d/etherpad.sh b/docker/postgresql/docker-entrypoint-initdb.d/etherpad.sh new file mode 100755 index 0000000..8ff2a22 --- /dev/null +++ b/docker/postgresql/docker-entrypoint-initdb.d/etherpad.sh @@ -0,0 +1,7 @@ +#!/bin/bash + +psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" <<-EOSQL + CREATE USER $ETHERPAD_POSTGRES_USER SUPERUSER PASSWORD '$ETHERPAD_POSTGRES_USER'; + CREATE DATABASE etherpad; + GRANT ALL PRIVILEGES ON DATABASE etherpad TO $ETHERPAD_POSTGRES_USER; +EOSQL diff --git a/docker/postgresql/docker-entrypoint-initdb.d/moodle.sh b/docker/postgresql/docker-entrypoint-initdb.d/moodle.sh new file mode 100755 index 0000000..69a7acb --- /dev/null +++ b/docker/postgresql/docker-entrypoint-initdb.d/moodle.sh @@ -0,0 +1,8 @@ +#!/bin/bash + +psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" <<-EOSQL + CREATE USER $MOODLE_POSTGRES_USER SUPERUSER PASSWORD '${MOODLE_POSTGRES_PASSWORD}'; + CREATE DATABASE moodle; + GRANT ALL PRIVILEGES ON DATABASE moodle TO ${MOODLE_POSTGRES_USER}; +EOSQL + diff --git a/docker/postgresql/docker-entrypoint-initdb.d/nextcloud.sh b/docker/postgresql/docker-entrypoint-initdb.d/nextcloud.sh new file mode 100755 index 0000000..e780daa --- /dev/null +++ b/docker/postgresql/docker-entrypoint-initdb.d/nextcloud.sh @@ -0,0 +1,7 @@ +#!/bin/bash + +psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" <<-EOSQL + CREATE USER $NEXTCLOUD_POSTGRES_USER SUPERUSER PASSWORD '$NEXTCLOUD_POSTGRES_PASSWORD'; + CREATE DATABASE nextcloud; + GRANT ALL PRIVILEGES ON DATABASE nextcloud TO $NEXTCLOUD_POSTGRES_USER; +EOSQL diff --git a/docker/postgresql/postgresql.yml b/docker/postgresql/postgresql.yml new file mode 100644 index 0000000..d2876e2 --- /dev/null +++ b/docker/postgresql/postgresql.yml @@ -0,0 +1,15 @@ +version: "3.7" +services: + isard-apps-postgresql: + image: postgres:alpine + container_name: isard-apps-postgresql + restart: unless-stopped + env_file: .env + environment: + - POSTGRES_PASSWORD=${POSTGRES_PASSWORD} + - POSTGRES_USER=${POSTGRES_USER} + volumes: + - ${DATA_FOLDER}/postgres:/var/lib/postgresql/data + - ${BUILD_ROOT_PATH}/docker/postgresql/docker-entrypoint-initdb.d:/docker-entrypoint-initdb.d + networks: + - isard_net \ No newline at end of file diff --git a/docker/redis/redis.yml b/docker/redis/redis.yml new file mode 100644 index 0000000..9c77358 --- /dev/null +++ b/docker/redis/redis.yml @@ -0,0 +1,9 @@ +version: '3.7' +services: + isard-apps-redis: + image: redis:6-alpine + container_name: isard-apps-redis + volumes: + - "${DATA_FOLDER}/redis:/data" + networks: + - isard_net \ No newline at end of file diff --git a/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/Assertion.php b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/Assertion.php new file mode 100644 index 0000000..86820bd --- /dev/null +++ b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/Assertion.php @@ -0,0 +1,1400 @@ +. + */ + +include_once 'Utilities.php'; +class SAML2_Assertion +{ + private $id; + private $issueInstant; + private $issuer; + private $nameId; + private $encryptedNameId; + private $encryptedAttribute; + private $encryptionKey; + private $notBefore; + private $notOnOrAfter; + private $validAudiences; + private $sessionNotOnOrAfter; + private $sessionIndex; + private $authnInstant; + private $authnContextClassRef; + private $authnContextDecl; + private $authnContextDeclRef; + private $AuthenticatingAuthority; + private $attributes; + private $nameFormat; + private $signatureKey; + private $certificates; + private $signatureData; + private $requiredEncAttributes; + private $SubjectConfirmation; + protected $wasSignedAtConstruction = FALSE; + + public function __construct(DOMElement $xml = NULL) + { + $this->id = Utilities::generateId(); + $this->issueInstant = Utilities::generateTimestamp(); + $this->issuer = ''; + $this->authnInstant = Utilities::generateTimestamp(); + $this->attributes = array(); + $this->nameFormat = 'urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified'; + $this->certificates = array(); + $this->AuthenticatingAuthority = array(); + $this->SubjectConfirmation = array(); + //$relayState=$_SESSION['mo_saml_relaystate']; + if ($xml === NULL) { + return; + } + + if($xml->localName === 'EncryptedAssertion'){ + + if($_POST['RelayState']=="testValidate"){ + echo '
    '; + echo + '
    ERROR
    +

    Error: Encrypted Assertions error.

    + +

    Possible Cause: Your IdP is sending encrypted assertion which is not supported in free version.

    +
    +
    + +
    '; + + exit; + } + else{ + wp_die("We could not sign you in. Please contact your administrator","Error: Assertion encryption not allowed in free trial"); + } + } + if (!$xml->hasAttribute('ID')) { + throw new Exception('Missing ID attribute on SAML assertion.'); + } + $this->id = $xml->getAttribute('ID'); + + if ($xml->getAttribute('Version') !== '2.0') { + /* Currently a very strict check. */ + throw new Exception('Unsupported version: ' . $xml->getAttribute('Version')); + } + + $this->issueInstant = Utilities::xsDateTimeToTimestamp($xml->getAttribute('IssueInstant')); + + $issuer = Utilities::xpQuery($xml, './saml_assertion:Issuer'); + if (empty($issuer)) { + throw new Exception('Missing in assertion.'); + } + $this->issuer = trim($issuer[0]->textContent); + + $this->parseConditions($xml); + $this->parseAuthnStatement($xml); + $this->parseAttributes($xml); + $this->parseEncryptedAttributes($xml); + $this->parseSignature($xml); + $this->parseSubject($xml); + //echo "Signature parsed"; + } + public function Return_base(){ + $url=get_site_url(); + Utilities::mo_saml_wp_remote_get($url); + exit; + } + /** + * Parse subject in assertion. + * + * @param DOMElement $xml The assertion XML element. + * @throws Exception + */ + private function parseSubject(DOMElement $xml) + { + $subject = Utilities::xpQuery($xml, './saml_assertion:Subject'); + if (empty($subject)) { + /* No Subject node. */ + + return; + } elseif (count($subject) > 1) { + throw new Exception('More than one in .'); + } + + $subject = $subject[0]; + + $nameId = Utilities::xpQuery( + $subject, + './saml_assertion:NameID | ./saml_assertion:EncryptedID/xenc:EncryptedData' + ); + if (empty($nameId)) { + // throw new Exception('Missing or in .'); + if($_POST['RelayState']=="testValidate"){ + echo '
    '; + echo + '
    ERROR
    +

    Error: Missing NameID or EncryptedID in SAML Response

    +

    Please contact your administrator and report the following error:

    +

    Possible Cause: NameID not found in SAML Response subject

    +
    +
    +
    '; + + exit; + } + else{ + wp_die("We could not sign you in. Please contact your administrator"); + } + } elseif (count($nameId) > 1) { + throw new Exception('More than one or in .'); + } + $nameId = $nameId[0]; + if ($nameId->localName === 'EncryptedData') { + /* The NameID element is encrypted. */ + $this->encryptedNameId = $nameId; + } else { + $this->nameId = Utilities::parseNameId($nameId); + } + //echo 'AssertionNameID: '. $this->nameId['Value']; + /*$subjectConfirmation = Utilities::xpQuery($subject, './saml_assertion:SubjectConfirmation'); + if (empty($subjectConfirmation)) { + throw new Exception('Missing in .'); + } + + foreach ($subjectConfirmation as $sc) { + $this->SubjectConfirmation[] = new SAML2_XML_saml_SubjectConfirmation($sc); + }*/ + } + + /** + * Parse conditions in assertion. + * + * @param DOMElement $xml The assertion XML element. + * @throws Exception + */ + private function parseConditions(DOMElement $xml) + { + $conditions = Utilities::xpQuery($xml, './saml_assertion:Conditions'); + if (empty($conditions)) { + /* No node. */ + + return; + } elseif (count($conditions) > 1) { + throw new Exception('More than one in .'); + } + $conditions = $conditions[0]; + + if ($conditions->hasAttribute('NotBefore')) { + $notBefore = Utilities::xsDateTimeToTimestamp($conditions->getAttribute('NotBefore')); + if ($this->notBefore === NULL || $this->notBefore < $notBefore) { + $this->notBefore = $notBefore; + } + } + if ($conditions->hasAttribute('NotOnOrAfter')) { + $notOnOrAfter = Utilities::xsDateTimeToTimestamp($conditions->getAttribute('NotOnOrAfter')); + if ($this->notOnOrAfter === NULL || $this->notOnOrAfter > $notOnOrAfter) { + $this->notOnOrAfter = $notOnOrAfter; + } + } + + for ($node = $conditions->firstChild; $node !== NULL; $node = $node->nextSibling) { + if ($node instanceof DOMText) { + continue; + } + if ($node->namespaceURI !== 'urn:oasis:names:tc:SAML:2.0:assertion') { + throw new Exception('Unknown namespace of condition: ' . var_export($node->namespaceURI, TRUE)); + } + switch ($node->localName) { + case 'AudienceRestriction': + $audiences = Utilities::extractStrings($node, 'urn:oasis:names:tc:SAML:2.0:assertion', 'Audience'); + if ($this->validAudiences === NULL) { + /* The first (and probably last) AudienceRestriction element. */ + $this->validAudiences = $audiences; + + } else { + /* + * The set of AudienceRestriction are ANDed together, so we need + * the subset that are present in all of them. + */ + $this->validAudiences = array_intersect($this->validAudiences, $audiences); + } + break; + case 'OneTimeUse': + /* Currently ignored. */ + break; + case 'ProxyRestriction': + /* Currently ignored. */ + break; + default: + throw new Exception('Unknown condition: ' . var_export($node->localName, TRUE)); + } + } + + } + + /** + * Parse AuthnStatement in assertion. + * + * @param DOMElement $xml The assertion XML element. + * @throws Exception + */ + private function parseAuthnStatement(DOMElement $xml) + { + $authnStatements = Utilities::xpQuery($xml, './saml_assertion:AuthnStatement'); + if (empty($authnStatements)) { + $this->authnInstant = NULL; + + return; + } elseif (count($authnStatements) > 1) { + throw new Exception('More that one in not supported.'); + } + $authnStatement = $authnStatements[0]; + + if (!$authnStatement->hasAttribute('AuthnInstant')) { + throw new Exception('Missing required AuthnInstant attribute on .'); + } + $this->authnInstant = Utilities::xsDateTimeToTimestamp($authnStatement->getAttribute('AuthnInstant')); + + if ($authnStatement->hasAttribute('SessionNotOnOrAfter')) { + $this->sessionNotOnOrAfter = Utilities::xsDateTimeToTimestamp($authnStatement->getAttribute('SessionNotOnOrAfter')); + } + + if ($authnStatement->hasAttribute('SessionIndex')) { + $this->sessionIndex = $authnStatement->getAttribute('SessionIndex'); + } + + $this->parseAuthnContext($authnStatement); + } + + /** + * Parse AuthnContext in AuthnStatement. + * + * @param DOMElement $authnStatementEl + * @throws Exception + */ + private function parseAuthnContext(DOMElement $authnStatementEl) + { + // Get the AuthnContext element + $authnContexts = Utilities::xpQuery($authnStatementEl, './saml_assertion:AuthnContext'); + if (count($authnContexts) > 1) { + throw new Exception('More than one in .'); + } elseif (empty($authnContexts)) { + throw new Exception('Missing required in .'); + } + $authnContextEl = $authnContexts[0]; + + // Get the AuthnContextDeclRef (if available) + $authnContextDeclRefs = Utilities::xpQuery($authnContextEl, './saml_assertion:AuthnContextDeclRef'); + if (count($authnContextDeclRefs) > 1) { + throw new Exception( + 'More than one found?' + ); + } elseif (count($authnContextDeclRefs) === 1) { + $this->setAuthnContextDeclRef(trim($authnContextDeclRefs[0]->textContent)); + } + + // Get the AuthnContextDecl (if available) + $authnContextDecls = Utilities::xpQuery($authnContextEl, './saml_assertion:AuthnContextDecl'); + if (count($authnContextDecls) > 1) { + throw new Exception( + 'More than one found?' + ); + } elseif (count($authnContextDecls) === 1) { + $this->setAuthnContextDecl(new SAML2_XML_Chunk($authnContextDecls[0])); + } + + // Get the AuthnContextClassRef (if available) + $authnContextClassRefs = Utilities::xpQuery($authnContextEl, './saml_assertion:AuthnContextClassRef'); + if (count($authnContextClassRefs) > 1) { + throw new Exception('More than one in .'); + } elseif (count($authnContextClassRefs) === 1) { + $this->setAuthnContextClassRef(trim($authnContextClassRefs[0]->textContent)); + } + + // Constraint from XSD: MUST have one of the three + if (empty($this->authnContextClassRef) && empty($this->authnContextDecl) && empty($this->authnContextDeclRef)) { + throw new Exception( + 'Missing either or or ' + ); + } + + $this->AuthenticatingAuthority = Utilities::extractStrings( + $authnContextEl, + 'urn:oasis:names:tc:SAML:2.0:assertion', + 'AuthenticatingAuthority' + ); + } + + /** + * Parse attribute statements in assertion. + * + * @param DOMElement $xml The XML element with the assertion. + * @throws Exception + */ + private function parseAttributes(DOMElement $xml) + { + $firstAttribute = TRUE; + $attributes = Utilities::xpQuery($xml, './saml_assertion:AttributeStatement/saml_assertion:Attribute'); + foreach ($attributes as $attribute) { + if (!$attribute->hasAttribute('Name')) { + throw new Exception('Missing name on element.'); + } + $name = $attribute->getAttribute('Name'); + + if ($attribute->hasAttribute('NameFormat')) { + $nameFormat = $attribute->getAttribute('NameFormat'); + } else { + $nameFormat = 'urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified'; + } + + if ($firstAttribute) { + $this->nameFormat = $nameFormat; + $firstAttribute = FALSE; + } else { + if ($this->nameFormat !== $nameFormat) { + $this->nameFormat = 'urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified'; + } + } + + if (!array_key_exists($name, $this->attributes)) { + $this->attributes[$name] = array(); + } + + $values = Utilities::xpQuery($attribute, './saml_assertion:AttributeValue'); + foreach ($values as $value) { + $this->attributes[$name][] = trim($value->textContent); + } + } + } + + /** + * Parse encrypted attribute statements in assertion. + * + * @param DOMElement $xml The XML element with the assertion. + */ + private function parseEncryptedAttributes(DOMElement $xml) + { + $this->encryptedAttribute = Utilities::xpQuery( + $xml, + './saml_assertion:AttributeStatement/saml_assertion:EncryptedAttribute' + ); + } + + /** + * Parse signature on assertion. + * + * @param DOMElement $xml The assertion XML element. + */ + private function parseSignature(DOMElement $xml) + { + /* Validate the signature element of the message. */ + $sig = Utilities::validateElement($xml); + if ($sig !== FALSE) { + $this->wasSignedAtConstruction = TRUE; + $this->certificates = $sig['Certificates']; + $this->signatureData = $sig; + } + } + + /** + * Validate this assertion against a public key. + * + * If no signature was present on the assertion, we will return FALSE. + * Otherwise, TRUE will be returned. An exception is thrown if the + * signature validation fails. + * + * @param XMLSecurityKey $key The key we should check against. + * @return boolean TRUE if successful, FALSE if it is unsigned. + */ + public function validate(XMLSecurityKey $key) + { + + if ($this->signatureData === NULL) { + return FALSE; + } + + Utilities::validateSignature($this->signatureData, $key); + + return TRUE; + } + + /** + * Retrieve the identifier of this assertion. + * + * @return string The identifier of this assertion. + */ + public function getId() + { + return $this->id; + } + + /** + * Set the identifier of this assertion. + * + * @param string $id The new identifier of this assertion. + */ + public function setId($id) + { + + + $this->id = $id; + } + + /** + * Retrieve the issue timestamp of this assertion. + * + * @return int The issue timestamp of this assertion, as an UNIX timestamp. + */ + public function getIssueInstant() + { + return $this->issueInstant; + } + + /** + * Set the issue timestamp of this assertion. + * + * @param int $issueInstant The new issue timestamp of this assertion, as an UNIX timestamp. + */ + public function setIssueInstant($issueInstant) + { + + + $this->issueInstant = $issueInstant; + } + + /** + * Retrieve the issuer if this assertion. + * + * @return string The issuer of this assertion. + */ + public function getIssuer() + { + return $this->issuer; + } + + /** + * Set the issuer of this message. + * + * @param string $issuer The new issuer of this assertion. + */ + public function setIssuer($issuer) + { + + + $this->issuer = $issuer; + } + + /** + * Retrieve the NameId of the subject in the assertion. + * + * The returned NameId is in the format used by Utilities::addNameId(). + * + * @see Utilities::addNameId() + * @return array|NULL The name identifier of the assertion. + * @throws Exception + */ + public function getNameId() + { + if ($this->encryptedNameId !== NULL) { + throw new Exception('Attempted to retrieve encrypted NameID without decrypting it first.'); + } + + return $this->nameId; + } + + /** + * Set the NameId of the subject in the assertion. + * + * The NameId must be in the format accepted by Utilities::addNameId(). + * + * @see Utilities::addNameId() + * @param array|NULL $nameId The name identifier of the assertion. + */ + public function setNameId($nameId) + { + + + $this->nameId = $nameId; + } + + /** + * Check whether the NameId is encrypted. + * + * @return TRUE if the NameId is encrypted, FALSE if not. + */ + public function isNameIdEncrypted() + { + if ($this->encryptedNameId !== NULL) { + return TRUE; + } + + return FALSE; + } + + /** + * Encrypt the NameID in the Assertion. + * + * @param XMLSecurityKey $key The encryption key. + */ + public function encryptNameId(XMLSecurityKey $key) + { + /* First create a XML representation of the NameID. */ + $doc = new DOMDocument(); + $root = $doc->createElement('root'); + $doc->appendChild($root); + Utilities::addNameId($root, $this->nameId); + $nameId = $root->firstChild; + + Utilities::getContainer()->debugMessage($nameId, 'encrypt'); + + /* Encrypt the NameID. */ + $enc = new XMLSecEnc(); + $enc->setNode($nameId); + // @codingStandardsIgnoreStart + $enc->type = XMLSecEnc::Element; + // @codingStandardsIgnoreEnd + + $symmetricKey = new XMLSecurityKey(XMLSecurityKey::AES128_CBC); + $symmetricKey->generateSessionKey(); + $enc->encryptKey($key, $symmetricKey); + + $this->encryptedNameId = $enc->encryptNode($symmetricKey); + $this->nameId = NULL; + } + + /** + * Decrypt the NameId of the subject in the assertion. + * + * @param XMLSecurityKey $key The decryption key. + * @param array $blacklist Blacklisted decryption algorithms. + */ + public function decryptNameId(XMLSecurityKey $key, array $blacklist = array()) + { + if ($this->encryptedNameId === NULL) { + /* No NameID to decrypt. */ + + return; + } + + $nameId = Utilities::decryptElement($this->encryptedNameId, $key, $blacklist); + Utilities::getContainer()->debugMessage($nameId, 'decrypt'); + $this->nameId = Utilities::parseNameId($nameId); + + $this->encryptedNameId = NULL; + } + + /** + * Decrypt the assertion attributes. + * + * @param XMLSecurityKey $key + * @param array $blacklist + * @throws Exception + */ + public function decryptAttributes(XMLSecurityKey $key, array $blacklist = array()) + { + if ($this->encryptedAttribute === NULL) { + return; + } + $firstAttribute = TRUE; + $attributes = $this->encryptedAttribute; + foreach ($attributes as $attributeEnc) { + /*Decrypt node */ + $attribute = Utilities::decryptElement( + $attributeEnc->getElementsByTagName('EncryptedData')->item(0), + $key, + $blacklist + ); + + if (!$attribute->hasAttribute('Name')) { + throw new Exception('Missing name on element.'); + } + $name = $attribute->getAttribute('Name'); + + if ($attribute->hasAttribute('NameFormat')) { + $nameFormat = $attribute->getAttribute('NameFormat'); + } else { + $nameFormat = 'urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified'; + } + + if ($firstAttribute) { + $this->nameFormat = $nameFormat; + $firstAttribute = FALSE; + } else { + if ($this->nameFormat !== $nameFormat) { + $this->nameFormat = 'urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified'; + } + } + + if (!array_key_exists($name, $this->attributes)) { + $this->attributes[$name] = array(); + } + + $values = Utilities::xpQuery($attribute, './saml_assertion:AttributeValue'); + foreach ($values as $value) { + $this->attributes[$name][] = trim($value->textContent); + } + } + } + + /** + * Retrieve the earliest timestamp this assertion is valid. + * + * This function returns NULL if there are no restrictions on how early the + * assertion can be used. + * + * @return int|NULL The earliest timestamp this assertion is valid. + */ + public function getNotBefore() + { + return $this->notBefore; + } + + /** + * Set the earliest timestamp this assertion can be used. + * + * Set this to NULL if no limit is required. + * + * @param int|NULL $notBefore The earliest timestamp this assertion is valid. + */ + public function setNotBefore($notBefore) + { + + + $this->notBefore = $notBefore; + } + + /** + * Retrieve the expiration timestamp of this assertion. + * + * This function returns NULL if there are no restrictions on how + * late the assertion can be used. + * + * @return int|NULL The latest timestamp this assertion is valid. + */ + public function getNotOnOrAfter() + { + return $this->notOnOrAfter; + } + + /** + * Set the expiration timestamp of this assertion. + * + * Set this to NULL if no limit is required. + * + * @param int|NULL $notOnOrAfter The latest timestamp this assertion is valid. + */ + public function setNotOnOrAfter($notOnOrAfter) + { + + + $this->notOnOrAfter = $notOnOrAfter; + } + + /** + * Set $EncryptedAttributes if attributes will send encrypted + * + * @param boolean $ea TRUE to encrypt attributes in the assertion. + */ + public function setEncryptedAttributes($ea) + { + $this->requiredEncAttributes = $ea; + } + + /** + * Retrieve the audiences that are allowed to receive this assertion. + * + * This may be NULL, in which case all audiences are allowed. + * + * @return array|NULL The allowed audiences. + */ + public function getValidAudiences() + { + return $this->validAudiences; + } + + /** + * Set the audiences that are allowed to receive this assertion. + * + * This may be NULL, in which case all audiences are allowed. + * + * @param array|NULL $validAudiences The allowed audiences. + */ + public function setValidAudiences(array $validAudiences = NULL) + { + $this->validAudiences = $validAudiences; + } + + /** + * Retrieve the AuthnInstant of the assertion. + * + * @return int|NULL The timestamp the user was authenticated, or NULL if the user isn't authenticated. + */ + public function getAuthnInstant() + { + return $this->authnInstant; + } + + + /** + * Set the AuthnInstant of the assertion. + * + * @param int|NULL $authnInstant Timestamp the user was authenticated, or NULL if we don't want an AuthnStatement. + */ + public function setAuthnInstant($authnInstant) + { + + + $this->authnInstant = $authnInstant; + } + + /** + * Retrieve the session expiration timestamp. + * + * This function returns NULL if there are no restrictions on the + * session lifetime. + * + * @return int|NULL The latest timestamp this session is valid. + */ + public function getSessionNotOnOrAfter() + { + return $this->sessionNotOnOrAfter; + } + + /** + * Set the session expiration timestamp. + * + * Set this to NULL if no limit is required. + * + * @param int|NULL $sessionNotOnOrAfter The latest timestamp this session is valid. + */ + public function setSessionNotOnOrAfter($sessionNotOnOrAfter) + { + + + $this->sessionNotOnOrAfter = $sessionNotOnOrAfter; + } + + /** + * Retrieve the session index of the user at the IdP. + * + * @return string|NULL The session index of the user at the IdP. + */ + public function getSessionIndex() + { + return $this->sessionIndex; + } + + /** + * Set the session index of the user at the IdP. + * + * Note that the authentication context must be set before the + * session index can be inluded in the assertion. + * + * @param string|NULL $sessionIndex The session index of the user at the IdP. + */ + public function setSessionIndex($sessionIndex) + { + + + $this->sessionIndex = $sessionIndex; + } + + /** + * Retrieve the authentication method used to authenticate the user. + * + * This will return NULL if no authentication statement was + * included in the assertion. + * + * Note that this returns either the AuthnContextClassRef or the AuthnConextDeclRef, whose definition overlaps + * but is slightly different (consult the specification for more information). + * This was done to work around an old bug of Shibboleth ( https://bugs.internet2.edu/jira/browse/SIDP-187 ). + * Should no longer be required, please use either getAuthnConextClassRef or getAuthnContextDeclRef. + * + * @deprecated use getAuthnContextClassRef + * @return string|NULL The authentication method. + */ + public function getAuthnContext() + { + if (!empty($this->authnContextClassRef)) { + return $this->authnContextClassRef; + } + if (!empty($this->authnContextDeclRef)) { + return $this->authnContextDeclRef; + } + return NULL; + } + + /** + * Set the authentication method used to authenticate the user. + * + * If this is set to NULL, no authentication statement will be + * included in the assertion. The default is NULL. + * + * @deprecated use setAuthnContextClassRef + * @param string|NULL $authnContext The authentication method. + */ + public function setAuthnContext($authnContext) + { + $this->setAuthnContextClassRef($authnContext); + } + + /** + * Retrieve the authentication method used to authenticate the user. + * + * This will return NULL if no authentication statement was + * included in the assertion. + * + * @return string|NULL The authentication method. + */ + public function getAuthnContextClassRef() + { + return $this->authnContextClassRef; + } + + /** + * Set the authentication method used to authenticate the user. + * + * If this is set to NULL, no authentication statement will be + * included in the assertion. The default is NULL. + * + * @param string|NULL $authnContextClassRef The authentication method. + */ + public function setAuthnContextClassRef($authnContextClassRef) + { + + + $this->authnContextClassRef = $authnContextClassRef; + } + + /** + * Set the authentication context declaration. + * + * @param \SAML2_XML_Chunk $authnContextDecl + * @throws Exception + */ + public function setAuthnContextDecl(SAML2_XML_Chunk $authnContextDecl) + { + if (!empty($this->authnContextDeclRef)) { + throw new Exception( + 'AuthnContextDeclRef is already registered! May only have either a Decl or a DeclRef, not both!' + ); + } + + $this->authnContextDecl = $authnContextDecl; + } + + /** + * Get the authentication context declaration. + * + * See: + * @url http://docs.oasis-open.org/security/saml/v2.0/saml-authn-context-2.0-os.pdf + * + * @return \SAML2_XML_Chunk|NULL + */ + public function getAuthnContextDecl() + { + return $this->authnContextDecl; + } + + /** + * Set the authentication context declaration reference. + * + * @param string $authnContextDeclRef + * @throws Exception + */ + public function setAuthnContextDeclRef($authnContextDeclRef) + { + if (!empty($this->authnContextDecl)) { + throw new Exception( + 'AuthnContextDecl is already registered! May only have either a Decl or a DeclRef, not both!' + ); + } + + $this->authnContextDeclRef = $authnContextDeclRef; + } + + /** + * Get the authentication context declaration reference. + * URI reference that identifies an authentication context declaration. + * + * The URI reference MAY directly resolve into an XML document containing the referenced declaration. + * + * @return string + */ + public function getAuthnContextDeclRef() + { + return $this->authnContextDeclRef; + } + + /** + * Retrieve the AuthenticatingAuthority. + * + * + * @return array + */ + public function getAuthenticatingAuthority() + { + return $this->AuthenticatingAuthority; + } + + /** + * Set the AuthenticatingAuthority + * + * + * @param array. + */ + public function setAuthenticatingAuthority($authenticatingAuthority) + { + $this->AuthenticatingAuthority = $authenticatingAuthority; + } + + /** + * Retrieve all attributes. + * + * @return array All attributes, as an associative array. + */ + public function getAttributes() + { + return $this->attributes; + } + + /** + * Replace all attributes. + * + * @param array $attributes All new attributes, as an associative array. + */ + public function setAttributes(array $attributes) + { + $this->attributes = $attributes; + } + + /** + * Retrieve the NameFormat used on all attributes. + * + * If more than one NameFormat is used in the received attributes, this + * returns the unspecified NameFormat. + * + * @return string The NameFormat used on all attributes. + */ + public function getAttributeNameFormat() + { + return $this->nameFormat; + } + + /** + * Set the NameFormat used on all attributes. + * + * @param string $nameFormat The NameFormat used on all attributes. + */ + public function setAttributeNameFormat($nameFormat) + { + + + $this->nameFormat = $nameFormat; + } + + /** + * Retrieve the SubjectConfirmation elements we have in our Subject element. + * + * @return array Array of SAML2_XML_saml_SubjectConfirmation elements. + */ + public function getSubjectConfirmation() + { + return $this->SubjectConfirmation; + } + + /** + * Set the SubjectConfirmation elements that should be included in the assertion. + * + * @param array $SubjectConfirmation Array of SAML2_XML_saml_SubjectConfirmation elements. + */ + public function setSubjectConfirmation(array $SubjectConfirmation) + { + $this->SubjectConfirmation = $SubjectConfirmation; + } + + /** + * Retrieve the private key we should use to sign the assertion. + * + * @return XMLSecurityKey|NULL The key, or NULL if no key is specified. + */ + public function getSignatureKey() + { + return $this->signatureKey; + } + + /** + * Set the private key we should use to sign the assertion. + * + * If the key is NULL, the assertion will be sent unsigned. + * + * @param XMLSecurityKey|NULL $signatureKey + */ + public function setSignatureKey(XMLsecurityKey $signatureKey = NULL) + { + $this->signatureKey = $signatureKey; + } + + /** + * Return the key we should use to encrypt the assertion. + * + * @return XMLSecurityKey|NULL The key, or NULL if no key is specified.. + * + */ + public function getEncryptionKey() + { + return $this->encryptionKey; + } + + /** + * Set the private key we should use to encrypt the attributes. + * + * @param XMLSecurityKey|NULL $Key + */ + public function setEncryptionKey(XMLSecurityKey $Key = NULL) + { + $this->encryptionKey = $Key; + } + + /** + * Set the certificates that should be included in the assertion. + * + * The certificates should be strings with the PEM encoded data. + * + * @param array $certificates An array of certificates. + */ + public function setCertificates(array $certificates) + { + $this->certificates = $certificates; + } + + /** + * Retrieve the certificates that are included in the assertion. + * + * @return array An array of certificates. + */ + public function getCertificates() + { + return $this->certificates; + } + + public function getSignatureData() + { + return $this->signatureData; + } + + /** + * @return bool + */ + public function getWasSignedAtConstruction() + { + return $this->wasSignedAtConstruction; + } + + /** + * Convert this assertion to an XML element. + * + * @param DOMNode|NULL $parentElement The DOM node the assertion should be created in. + * @return DOMElement This assertion. + */ + public function toXML(DOMNode $parentElement = NULL) + { + if ($parentElement === NULL) { + $document = new DOMDocument(); + $parentElement = $document; + } else { + $document = $parentElement->ownerDocument; + } + + $root = $document->createElementNS('urn:oasis:names:tc:SAML:2.0:assertion', 'saml:' . 'Assertion'); + $parentElement->appendChild($root); + + /* Ugly hack to add another namespace declaration to the root element. */ + $root->setAttributeNS('urn:oasis:names:tc:SAML:2.0:protocol', 'samlp:tmp', 'tmp'); + $root->removeAttributeNS('urn:oasis:names:tc:SAML:2.0:protocol', 'tmp'); + $root->setAttributeNS('http://www.w3.org/2001/XMLSchema-instance', 'xsi:tmp', 'tmp'); + $root->removeAttributeNS('http://www.w3.org/2001/XMLSchema-instance', 'tmp'); + $root->setAttributeNS('http://www.w3.org/2001/XMLSchema', 'xs:tmp', 'tmp'); + $root->removeAttributeNS('http://www.w3.org/2001/XMLSchema', 'tmp'); + + $root->setAttribute('ID', $this->id); + $root->setAttribute('Version', '2.0'); + $root->setAttribute('IssueInstant', gmdate('Y-m-d\TH:i:s\Z', $this->issueInstant)); + + $issuer = Utilities::addString($root, 'urn:oasis:names:tc:SAML:2.0:assertion', 'saml:Issuer', $this->issuer); + + $this->addSubject($root); + $this->addConditions($root); + $this->addAuthnStatement($root); + if ($this->requiredEncAttributes == FALSE) { + $this->addAttributeStatement($root); + } else { + $this->addEncryptedAttributeStatement($root); + } + + if ($this->signatureKey !== NULL) { + Utilities::insertSignature($this->signatureKey, $this->certificates, $root, $issuer->nextSibling); + } + + return $root; + } + + /** + * Add a Subject-node to the assertion. + * + * @param DOMElement $root The assertion element we should add the subject to. + */ + private function addSubject(DOMElement $root) + { + if ($this->nameId === NULL && $this->encryptedNameId === NULL) { + /* We don't have anything to create a Subject node for. */ + + return; + } + + $subject = $root->ownerDocument->createElementNS('urn:oasis:names:tc:SAML:2.0:assertion', 'saml:Subject'); + $root->appendChild($subject); + + if ($this->encryptedNameId === NULL) { + Utilities::addNameId($subject, $this->nameId); + } else { + $eid = $subject->ownerDocument->createElementNS('urn:oasis:names:tc:SAML:2.0:assertion', 'saml:' . 'EncryptedID'); + $subject->appendChild($eid); + $eid->appendChild($subject->ownerDocument->importNode($this->encryptedNameId, TRUE)); + } + + foreach ($this->SubjectConfirmation as $sc) { + $sc->toXML($subject); + } + } + + + /** + * Add a Conditions-node to the assertion. + * + * @param DOMElement $root The assertion element we should add the conditions to. + */ + private function addConditions(DOMElement $root) + { + $document = $root->ownerDocument; + + $conditions = $document->createElementNS('urn:oasis:names:tc:SAML:2.0:assertion', 'saml:Conditions'); + $root->appendChild($conditions); + + if ($this->notBefore !== NULL) { + $conditions->setAttribute('NotBefore', gmdate('Y-m-d\TH:i:s\Z', $this->notBefore)); + } + if ($this->notOnOrAfter !== NULL) { + $conditions->setAttribute('NotOnOrAfter', gmdate('Y-m-d\TH:i:s\Z', $this->notOnOrAfter)); + } + + if ($this->validAudiences !== NULL) { + $ar = $document->createElementNS('urn:oasis:names:tc:SAML:2.0:assertion', 'saml:AudienceRestriction'); + $conditions->appendChild($ar); + + Utilities::addStrings($ar, 'urn:oasis:names:tc:SAML:2.0:assertion', 'saml:Audience', FALSE, $this->validAudiences); + } + } + + + /** + * Add a AuthnStatement-node to the assertion. + * + * @param DOMElement $root The assertion element we should add the authentication statement to. + */ + private function addAuthnStatement(DOMElement $root) + { + if ($this->authnInstant === NULL || + ( + $this->authnContextClassRef === NULL && + $this->authnContextDecl === NULL && + $this->authnContextDeclRef === NULL + ) + ) { + /* No authentication context or AuthnInstant => no authentication statement. */ + + return; + } + + $document = $root->ownerDocument; + + $authnStatementEl = $document->createElementNS('urn:oasis:names:tc:SAML:2.0:assertion', 'saml:AuthnStatement'); + $root->appendChild($authnStatementEl); + + $authnStatementEl->setAttribute('AuthnInstant', gmdate('Y-m-d\TH:i:s\Z', $this->authnInstant)); + + if ($this->sessionNotOnOrAfter !== NULL) { + $authnStatementEl->setAttribute('SessionNotOnOrAfter', gmdate('Y-m-d\TH:i:s\Z', $this->sessionNotOnOrAfter)); + } + if ($this->sessionIndex !== NULL) { + $authnStatementEl->setAttribute('SessionIndex', $this->sessionIndex); + } + + $authnContextEl = $document->createElementNS('urn:oasis:names:tc:SAML:2.0:assertion', 'saml:AuthnContext'); + $authnStatementEl->appendChild($authnContextEl); + + if (!empty($this->authnContextClassRef)) { + Utilities::addString( + $authnContextEl, + 'urn:oasis:names:tc:SAML:2.0:assertion', + 'saml:AuthnContextClassRef', + $this->authnContextClassRef + ); + } + if (!empty($this->authnContextDecl)) { + $this->authnContextDecl->toXML($authnContextEl); + } + if (!empty($this->authnContextDeclRef)) { + Utilities::addString( + $authnContextEl, + 'urn:oasis:names:tc:SAML:2.0:assertion', + 'saml:AuthnContextDeclRef', + $this->authnContextDeclRef + ); + } + + Utilities::addStrings( + $authnContextEl, + 'urn:oasis:names:tc:SAML:2.0:assertion', + 'saml:AuthenticatingAuthority', + FALSE, + $this->AuthenticatingAuthority + ); + } + + + /** + * Add an AttributeStatement-node to the assertion. + * + * @param DOMElement $root The assertion element we should add the subject to. + */ + private function addAttributeStatement(DOMElement $root) + { + if (empty($this->attributes)) { + return; + } + + $document = $root->ownerDocument; + + $attributeStatement = $document->createElementNS('urn:oasis:names:tc:SAML:2.0:assertion', 'saml:AttributeStatement'); + $root->appendChild($attributeStatement); + + foreach ($this->attributes as $name => $values) { + $attribute = $document->createElementNS('urn:oasis:names:tc:SAML:2.0:assertion', 'saml:Attribute'); + $attributeStatement->appendChild($attribute); + $attribute->setAttribute('Name', $name); + + if ($this->nameFormat !== 'urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified') { + $attribute->setAttribute('NameFormat', $this->nameFormat); + } + + foreach ($values as $value) { + if (is_string($value)) { + $type = 'xs:string'; + } elseif (is_int($value)) { + $type = 'xs:integer'; + } else { + $type = NULL; + } + + $attributeValue = $document->createElementNS('urn:oasis:names:tc:SAML:2.0:assertion', 'saml:AttributeValue'); + $attribute->appendChild($attributeValue); + if ($type !== NULL) { + $attributeValue->setAttributeNS('http://www.w3.org/2001/XMLSchema-instance', 'xsi:type', $type); + } + if (is_null($value)) { + $attributeValue->setAttributeNS('http://www.w3.org/2001/XMLSchema-instance', 'xsi:nil', 'true'); + } + + if ($value instanceof DOMNodeList) { + for ($i = 0; $i < $value->length; $i++) { + $node = $document->importNode($value->item($i), TRUE); + $attributeValue->appendChild($node); + } + } else { + $attributeValue->appendChild($document->createTextNode($value)); + } + } + } + } + + + /** + * Add an EncryptedAttribute Statement-node to the assertion. + * + * @param DOMElement $root The assertion element we should add the Encrypted Attribute Statement to. + */ + private function addEncryptedAttributeStatement(DOMElement $root) + { + if ($this->requiredEncAttributes == FALSE) { + return; + } + + $document = $root->ownerDocument; + + $attributeStatement = $document->createElementNS('urn:oasis:names:tc:SAML:2.0:assertion', 'saml:AttributeStatement'); + $root->appendChild($attributeStatement); + + foreach ($this->attributes as $name => $values) { + $document2 = new DOMDocument(); + $attribute = $document2->createElementNS('urn:oasis:names:tc:SAML:2.0:assertion', 'saml:Attribute'); + $attribute->setAttribute('Name', $name); + $document2->appendChild($attribute); + + if ($this->nameFormat !== 'urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified') { + $attribute->setAttribute('NameFormat', $this->nameFormat); + } + + foreach ($values as $value) { + if (is_string($value)) { + $type = 'xs:string'; + } elseif (is_int($value)) { + $type = 'xs:integer'; + } else { + $type = NULL; + } + + $attributeValue = $document2->createElementNS('urn:oasis:names:tc:SAML:2.0:assertion', 'saml:AttributeValue'); + $attribute->appendChild($attributeValue); + if ($type !== NULL) { + $attributeValue->setAttributeNS('http://www.w3.org/2001/XMLSchema-instance', 'xsi:type', $type); + } + + if ($value instanceof DOMNodeList) { + for ($i = 0; $i < $value->length; $i++) { + $node = $document2->importNode($value->item($i), TRUE); + $attributeValue->appendChild($node); + } + } else { + $attributeValue->appendChild($document2->createTextNode($value)); + } + } + /*Once the attribute nodes are built, the are encrypted*/ + $EncAssert = new XMLSecEnc(); + $EncAssert->setNode($document2->documentElement); + $EncAssert->type = 'http://www.w3.org/2001/04/xmlenc#Element'; + /* + * Attributes are encrypted with a session key and this one with + * $EncryptionKey + */ + $symmetricKey = new XMLSecurityKey(XMLSecurityKey::AES256_CBC); + $symmetricKey->generateSessionKey(); + $EncAssert->encryptKey($this->encryptionKey, $symmetricKey); + $EncrNode = $EncAssert->encryptNode($symmetricKey); + + $EncAttribute = $document->createElementNS('urn:oasis:names:tc:SAML:2.0:assertion', 'saml:EncryptedAttribute'); + $attributeStatement->appendChild($EncAttribute); + $n = $document->importNode($EncrNode, TRUE); + $EncAttribute->appendChild($n); + } + } + +} \ No newline at end of file diff --git a/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/Import-export.php b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/Import-export.php new file mode 100644 index 0000000..606b211 --- /dev/null +++ b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/Import-export.php @@ -0,0 +1,151 @@ + 'mo_saml_options_enum_sso_loginMoSAML', + "Identity_Provider" => 'mo_saml_options_enum_identity_providerMoSAML', + "Service_Provider" => 'mo_saml_options_enum_service_providerMoSAML', + "Attribute_Mapping" => 'mo_saml_options_enum_attribute_mappingMoSAML', + "Role_Mapping" => 'mo_saml_options_enum_role_mappingMoSAML', + "Test_Configuration" => 'mo_saml_options_test_configuration' +) ) ); + +/** + *Function to display block of UI for export Import + */ +function mo_saml_miniorange_keep_configuration_saml() { + echo '
    +
    +

    ' . __('Keep configuration Intact','miniorange-saml-20-single-sign-on') . '

    +
    '; + + wp_nonce_field('mo_saml_keep_settings_on_deletion'); + echo ' + ' . + __('Enabling this would keep your settings intact when plugin is uninstalled','miniorange-saml-20-single-sign-on') . ' +

    ' . __('Please enable this option when you are updating to a Premium version.','miniorange-saml-20-single-sign-on') . '

    +
    +
    +

    +
    '; +} + +function mo_saml_display_add_ons_iframe($add_on_name){ + ?> + + + $value) { + $configuration_array[$key] = mo_saml_get_configuration_array($value); + } + $configuration_array["Version_dependencies"] = mo_saml_get_version_informations(); + $version = phpversion(); + if(substr($version,0 ,3) === '5.3'){ + $json_string=(json_encode($configuration_array, JSON_PRETTY_PRINT)); + } else { + $json_string=(json_encode($configuration_array, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES)); + } + + if($json_in_string) + return $json_string; + header("Content-Disposition: attachment; filename=miniorange-saml-config.json"); + echo $json_string; + exit; + } + } + else if($_POST['option']=='mo_saml_keep_settings_on_deletion' and check_admin_referer('mo_saml_keep_settings_on_deletion')) { + + if (array_key_exists('mo_saml_keep_settings_intact', $_POST)) + update_option('mo_saml_keep_settings_on_deletion', 'true'); + else + update_option('mo_saml_keep_settings_on_deletion', ''); + + } + + return; + + + } + + + + + +} + +function mo_saml_get_configuration_array($class_name ) { + $class_object = call_user_func( $class_name . '::getConstants' ); + $mo_array = array(); + foreach ( $class_object as $key => $value ) { + $mo_option_exists=get_option($value); + + if($mo_option_exists){ + $mo_option_exists = maybe_unserialize($mo_option_exists); + $mo_array[ $key ] = $mo_option_exists; + + } + + } + + return $mo_array; +} + +function mo_saml_update_configuration_array($configuration_array ) { + $tab_class_name = maybe_unserialize( Tab_Class_Names ); + foreach ( $tab_class_name as $tab_name => $class_name ) { + foreach ( $configuration_array[ $tab_name ] as $key => $value ) { + $option_string = constant( "$class_name::$key" ); + $mo_option_exists = get_option($option_string); + if ( $mo_option_exists) { + if(is_array($value)) + $value = serialize($value); + update_option( $option_string, $value ); + } + } + } + +} + +function mo_saml_get_version_informations(){ + $array_version = array(); + $array_version["Plugin_version"] = mo_saml_options_plugin_constants::Version; + $array_version["PHP_version"] = phpversion(); + $array_version["Wordpress_version"] = get_bloginfo('version'); + $array_version["OPEN_SSL"] = mo_saml_is_openssl_installed(); + $array_version["CURL"] = mo_saml_is_curl_installed(); + $array_version["ICONV"] = mo_saml_is_iconv_installed(); + $array_version["DOM"] = mo_saml_is_dom_installed(); + + return $array_version; + +} + diff --git a/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/MetadataReader.php b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/MetadataReader.php new file mode 100644 index 0000000..ef3a135 --- /dev/null +++ b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/MetadataReader.php @@ -0,0 +1,185 @@ +identityProviders = array(); + $this->serviceProviders = array(); + + $entitiesDescriptor = Utilities::xpQuery($xml, './saml_metadata:EntitiesDescriptor'); + + if(!empty($entitiesDescriptor)) + $entityDescriptors = Utilities::xpQuery($entitiesDescriptor[0], './saml_metadata:EntityDescriptor'); + else + $entityDescriptors = Utilities::xpQuery($xml, './saml_metadata:EntityDescriptor'); + + foreach ($entityDescriptors as $entityDescriptor) { + $idpSSODescriptor = Utilities::xpQuery($entityDescriptor, './saml_metadata:IDPSSODescriptor'); + + if(isset($idpSSODescriptor) && !empty($idpSSODescriptor)){ + array_push($this->identityProviders,new IdentityProviders($entityDescriptor)); + } + //TODO: add sp descriptor + } + } + + public function getIdentityProviders(){ + return $this->identityProviders; + } + + public function getServiceProviders(){ + return $this->serviceProviders; + } + +} + +class IdentityProviders{ + + private $idpName; + private $entityID; + private $loginDetails; + private $logoutDetails; + private $signingCertificate; + private $encryptionCertificate; + private $signedRequest; + + public function __construct(DOMElement $xml = NULL){ + + $this->idpName = ''; + $this->loginDetails = array(); + $this->logoutDetails = array(); + $this->signingCertificate = array(); + $this->encryptionCertificate = array(); + + if ($xml->hasAttribute('entityID')) { + $this->entityID = $xml->getAttribute('entityID'); + } + + if($xml->hasAttribute('WantAuthnRequestsSigned')){ + $this->signedRequest = $xml->getAttribute('WantAuthnRequestsSigned'); + } + + $idpSSODescriptor = Utilities::xpQuery($xml, './saml_metadata:IDPSSODescriptor'); + + if (count($idpSSODescriptor) > 1) { + throw new Exception('More than one in .'); + } elseif (empty($idpSSODescriptor)) { + throw new Exception('Missing required in .'); + } + $idpSSODescriptorEL = $idpSSODescriptor[0]; + + $info = Utilities::xpQuery($xml, './saml_metadata:Extensions'); + + if($info) + $this->parseInfo($idpSSODescriptorEL); + $this->parseSSOService($idpSSODescriptorEL); + $this->parseSLOService($idpSSODescriptorEL); + $this->parsex509Certificate($idpSSODescriptorEL); + + } + + private function parseInfo($xml){ + $displayNames = Utilities::xpQuery($xml, './mdui:UIInfo/mdui:DisplayName'); + foreach ($displayNames as $name) { + if($name->hasAttribute('xml:lang') && $name->getAttribute('xml:lang')=="en"){ + $this->idpName = $name->textContent; + } + } + } + + private function parseSSOService($xml){ + $ssoServices = Utilities::xpQuery($xml, './saml_metadata:SingleSignOnService'); + foreach ($ssoServices as $ssoService) { + $binding = str_replace("urn:oasis:names:tc:SAML:2.0:bindings:","",$ssoService->getAttribute('Binding')); + $this->loginDetails = array_merge( + $this->loginDetails, + array($binding => $ssoService->getAttribute('Location')) + ); + } + } + + private function parseSLOService($xml){ + $sloServices = Utilities::xpQuery($xml, './saml_metadata:SingleLogoutService'); + foreach ($sloServices as $sloService) { + $binding = str_replace("urn:oasis:names:tc:SAML:2.0:bindings:","",$sloService->getAttribute('Binding')); + $this->logoutDetails = array_merge( + $this->logoutDetails, + array($binding => $sloService->getAttribute('Location')) + ); + } + } + + private function parsex509Certificate($xml){ + foreach ( Utilities::xpQuery($xml, './saml_metadata:KeyDescriptor') as $KeyDescriptorNode ) { + if($KeyDescriptorNode->hasAttribute('use')){ + if($KeyDescriptorNode->getAttribute('use')=='encryption'){ + $this->parseEncryptionCertificate($KeyDescriptorNode); + }else{ + $this->parseSigningCertificate($KeyDescriptorNode); + } + }else{ + $this->parseSigningCertificate($KeyDescriptorNode); + } + } + } + + private function parseSigningCertificate($xml){ + $certNode = Utilities::xpQuery($xml, './ds:KeyInfo/ds:X509Data/ds:X509Certificate'); + $certData = trim($certNode[0]->textContent); + $certData = str_replace(array ( "\r", "\n", "\t", ' '), '', $certData); + if(!empty($certNode)) + array_push($this->signingCertificate, Utilities::sanitize_certificate( $certData )); + } + + + private function parseEncryptionCertificate($xml){ + $certNode = Utilities::xpQuery($xml, './ds:KeyInfo/ds:X509Data/ds:X509Certificate'); + $certData = trim($certNode[0]->textContent); + $certData = str_replace(array ( "\r", "\n", "\t", ' '), '', $certData); + if(!empty($certNode)) + array_push($this->encryptionCertificate, $certData); + } + + public function getIdpName(){ + return ""; + } + + public function getEntityID(){ + return $this->entityID; + } + + public function getLoginURL($binding){ + return $this->loginDetails[$binding]; + } + + public function getLogoutURL($binding){ + return $this->logoutDetails[$binding]; + } + + public function getLoginDetails(){ + return $this->loginDetails; + } + + public function getLogoutDetails(){ + return $this->logoutDetails; + } + + public function getSigningCertificate(){ + return $this->signingCertificate; + } + + public function getEncryptionCertificate(){ + return $this->encryptionCertificate[0]; + } + + public function isRequestSigned(){ + return $this->signedRequest; + } + +} + diff --git a/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/PointersManager.php b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/PointersManager.php new file mode 100644 index 0000000..08ba52a --- /dev/null +++ b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/PointersManager.php @@ -0,0 +1,51 @@ +pfile = file_exists( $file ) ? $file : FALSE; + $this->version = str_replace( '.', '_', $version ); + $this->prefix = $prefix; + } + + public function parse() { + if ( empty( $this->pfile ) ) return; + $pointers = (array) require_once $this->pfile; + if ( empty($pointers) ) return; + foreach ( $pointers as $i => $pointer ) { + if(is_array($pointer)){ + $pointer['id'] = "{$this->prefix}{$this->version}_{$i}"; + $this->pointers[$pointer['id']] = (object) $pointer; + } + } + } + + public function filter( $page ) { + if ( empty( $this->pointers ) ) return array(); + $uid = get_current_user_id(); + $no = explode( ',', (string) get_user_meta( $uid, 'dismissed_wp_pointers', TRUE ) ); + $active_ids = array_diff( array_keys( $this->pointers ), $no ); + $good = array(); + foreach( $this->pointers as $i => $pointer ) { + if ( + in_array( $i, $active_ids, TRUE ) // is active + && isset( $pointer->where ) // has where + && in_array( $page, (array) $pointer->where, TRUE ) // current page is in where + ) { + $good[] = $pointer; + } + } + $count = count( $good ); + if ( $good === 0 ) return array(); + foreach( array_values( $good ) as $i => $pointer ) { + $good[$i]->next = $i+1 < $count ? $good[$i+1]->id : ''; + } + + return $good; + } +} \ No newline at end of file diff --git a/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/Response.php b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/Response.php new file mode 100644 index 0000000..4899334 --- /dev/null +++ b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/Response.php @@ -0,0 +1,114 @@ +. + */ + +include 'Assertion.php'; + +/** + * Class for SAML2 Response messages. + * + */ +class SAML2_Response +{ + /** + * The assertions in this response. + */ + private $assertions; + + /** + * The destination URL in this response. + */ + private $destination; + + private $certificates; + private $signatureData; + + /** + * Constructor for SAML 2 response messages. + * + * @param DOMElement|NULL $xml The input message. + */ + public function __construct(DOMElement $xml = NULL) + { + //parent::__construct('Response', $xml); + + $this->assertions = array(); + $this->certificates = array(); + + if ($xml === NULL) { + return; + } + + $sig = Utilities::validateElement($xml); + if ($sig !== FALSE) { + $this->certificates = $sig['Certificates']; + $this->signatureData = $sig; + } + + /* set the destination from saml response */ + if ($xml->hasAttribute('Destination')) { + $this->destination = $xml->getAttribute('Destination'); + } + + for ($node = $xml->firstChild; $node !== NULL; $node = $node->nextSibling) { + if ($node->namespaceURI !== 'urn:oasis:names:tc:SAML:2.0:assertion') { + continue; + } + + if ($node->localName === 'Assertion' || $node->localName === 'EncryptedAssertion') { + $this->assertions[] = new SAML2_Assertion($node); + } + + } + } + + /** + * Retrieve the assertions in this response. + * + * @return SAML2_Assertion[]|SAML2_EncryptedAssertion[] + */ + public function getAssertions() + { + return $this->assertions; + } + + /** + * Set the assertions that should be included in this response. + * + * @param SAML2_Assertion[]|SAML2_EncryptedAssertion[] The assertions. + */ + public function setAssertions(array $assertions) + { + $this->assertions = $assertions; + } + + public function getDestination() + { + return $this->destination; + } + + + public function getCertificates() + { + return $this->certificates; + } + + public function getSignatureData() + { + return $this->signatureData; + } +} \ No newline at end of file diff --git a/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/Utilities.php b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/Utilities.php new file mode 100644 index 0000000..b2651d3 --- /dev/null +++ b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/Utilities.php @@ -0,0 +1,823 @@ +. + */ + +include_once 'xmlseclibs.php'; +use \RobRichards\XMLSecLibs\MoXMLSecurityKey; +use \RobRichards\XMLSecLibs\MoXMLSecurityDSig; +use \RobRichards\XMLSecLibs\MoXMLSecEnc; + +class Utilities { + + public static function generateID() { + return '_' . self::stringToHex(self::generateRandomBytes(21)); + } + + public static function stringToHex($bytes) { + $ret = ''; + for($i = 0; $i < strlen($bytes); $i++) { + $ret .= sprintf('%02x', ord($bytes[$i])); + } + return $ret; + } + + public static function generateRandomBytes($length, $fallback = TRUE) { + + return openssl_random_pseudo_bytes($length); + } + + public static function createAuthnRequest($acsUrl, $issuer, $force_authn = 'false') { + $requestXmlStr = '' . + '' . $issuer . ''; + $deflatedStr = gzdeflate($requestXmlStr); + $base64EncodedStr = base64_encode($deflatedStr); + $urlEncoded = urlencode($base64EncodedStr); + update_option('MO_SAML_REQUEST',$base64EncodedStr); + + return $urlEncoded; + } + + public static function createSAMLRequest($acsUrl, $issuer, $destination, $force_authn = 'false') { + + $requestXmlStr = '' . + '' . $issuer . ''; + $samlRequest = base64_encode($requestXmlStr); + update_option('MO_SAML_REQUEST',$samlRequest); + return $requestXmlStr; + } + + public static function generateTimestamp($instant = NULL) { + if($instant === NULL) { + $instant = time(); + } + return gmdate('Y-m-d\TH:i:s\Z', $instant); + } + + public static function xpQuery(DOMNode $node, $query) + { + + static $xpCache = NULL; + + if ($node instanceof DOMDocument) { + $doc = $node; + } else { + $doc = $node->ownerDocument; + } + + if ($xpCache === NULL || !$xpCache->document->isSameNode($doc)) { + $xpCache = new DOMXPath($doc); + $xpCache->registerNamespace('soap-env', 'http://schemas.xmlsoap.org/soap/envelope/'); + $xpCache->registerNamespace('saml_protocol', 'urn:oasis:names:tc:SAML:2.0:protocol'); + $xpCache->registerNamespace('saml_assertion', 'urn:oasis:names:tc:SAML:2.0:assertion'); + $xpCache->registerNamespace('saml_metadata', 'urn:oasis:names:tc:SAML:2.0:metadata'); + $xpCache->registerNamespace('ds', 'http://www.w3.org/2000/09/xmldsig#'); + $xpCache->registerNamespace('xenc', 'http://www.w3.org/2001/04/xmlenc#'); + } + + $results = $xpCache->query($query, $node); + $ret = array(); + for ($i = 0; $i < $results->length; $i++) { + $ret[$i] = $results->item($i); + } + + return $ret; + } + + public static function parseNameId(DOMElement $xml) + { + $ret = array('Value' => trim($xml->textContent)); + + foreach (array('NameQualifier', 'SPNameQualifier', 'Format') as $attr) { + if ($xml->hasAttribute($attr)) { + $ret[$attr] = $xml->getAttribute($attr); + } + } + + return $ret; + } + + public static function xsDateTimeToTimestamp($time) + { + $matches = array(); + + // We use a very strict regex to parse the timestamp. + $regex = '/^(\\d\\d\\d\\d)-(\\d\\d)-(\\d\\d)T(\\d\\d):(\\d\\d):(\\d\\d)(?:\\.\\d+)?Z$/D'; + if (preg_match($regex, $time, $matches) == 0) { + echo sprintf("Invalid SAML2 timestamp passed to xsDateTimeToTimestamp: ". htmlspecialchars($time)); + exit; + } + + // Extract the different components of the time from the matches in the regex. + // intval will ignore leading zeroes in the string. + $year = intval($matches[1]); + $month = intval($matches[2]); + $day = intval($matches[3]); + $hour = intval($matches[4]); + $minute = intval($matches[5]); + $second = intval($matches[6]); + + // We use gmmktime because the timestamp will always be given + //in UTC. + $ts = gmmktime($hour, $minute, $second, $month, $day, $year); + + return $ts; + } + + public static function extractStrings(DOMElement $parent, $namespaceURI, $localName) + { + + + + $ret = array(); + for ($node = $parent->firstChild; $node !== NULL; $node = $node->nextSibling) { + if ($node->namespaceURI !== $namespaceURI || $node->localName !== $localName) { + continue; + } + $ret[] = trim($node->textContent); + } + + return $ret; + } + + public static function validateElement(DOMElement $root) + { + //$data = $root->ownerDocument->saveXML($root); + //echo htmlspecialchars($data); + + /* Create an XML security object. */ + $objXMLSecDSig = new MoXMLSecurityDSig(); + + /* Both SAML messages and SAML assertions use the 'ID' attribute. */ + $objXMLSecDSig->idKeys[] = 'ID'; + + + /* Locate the XMLDSig Signature element to be used. */ + $signatureElement = self::xpQuery($root, './ds:Signature'); + //print_r($signatureElement); + + if (count($signatureElement) === 0) { + /* We don't have a signature element to validate. */ + return FALSE; + } elseif (count($signatureElement) > 1) { + echo sprintf("XMLSec: more than one signature element in root."); + exit; + }/* elseif ((in_array('Response', $signatureElement) && $ocurrence['Response'] > 1) || + (in_array('Assertion', $signatureElement) && $ocurrence['Assertion'] > 1) || + !in_array('Response', $signatureElement) && !in_array('Assertion', $signatureElement) + ) { + return false; + } */ + + $signatureElement = $signatureElement[0]; + $objXMLSecDSig->sigNode = $signatureElement; + + /* Canonicalize the XMLDSig SignedInfo element in the message. */ + $objXMLSecDSig->canonicalizeSignedInfo(); + + /* Validate referenced xml nodes. */ + if (!$objXMLSecDSig->validateReference()) { + echo sprintf("XMLSec: digest validation failed"); + exit; + } + + /* Check that $root is one of the signed nodes. */ + $rootSigned = FALSE; + /** @var DOMNode $signedNode */ + foreach ($objXMLSecDSig->getValidatedNodes() as $signedNode) { + if ($signedNode->isSameNode($root)) { + $rootSigned = TRUE; + break; + } elseif ($root->parentNode instanceof DOMDocument && $signedNode->isSameNode($root->ownerDocument)) { + /* $root is the root element of a signed document. */ + $rootSigned = TRUE; + break; + } + } + + if (!$rootSigned) { + echo sprintf("XMLSec: The root element is not signed."); + exit; + } + + /* Now we extract all available X509 certificates in the signature element. */ + $certificates = array(); + foreach (self::xpQuery($signatureElement, './ds:KeyInfo/ds:X509Data/ds:X509Certificate') as $certNode) { + $certData = trim($certNode->textContent); + $certData = str_replace(array("\r", "\n", "\t", ' '), '', $certData); + $certificates[] = $certData; + //echo "CertDate: " . $certData . "
    "; + } + + $ret = array( + 'Signature' => $objXMLSecDSig, + 'Certificates' => $certificates, + ); + + //echo "Signature validated"; + + + return $ret; + } + + + + public static function validateSignature(array $info, MoXMLSecurityKey $key) + { + + + /** @var MoXMLSecurityDSig $objXMLSecDSig */ + $objXMLSecDSig = $info['Signature']; + + $sigMethod = self::xpQuery($objXMLSecDSig->sigNode, './ds:SignedInfo/ds:SignatureMethod'); + if (empty($sigMethod)) { + echo sprintf('Missing SignatureMethod element'); + exit(); + } + $sigMethod = $sigMethod[0]; + if (!$sigMethod->hasAttribute('Algorithm')) { + echo sprintf('Missing Algorithm-attribute on SignatureMethod element.'); + exit; + } + $algo = $sigMethod->getAttribute('Algorithm'); + + if ($key->type === MoXMLSecurityKey::RSA_SHA1 && $algo !== $key->type) { + $key = self::castKey($key, $algo); + } + + /* Check the signature. */ + if (! $objXMLSecDSig->verify($key)) { + echo sprintf('Unable to validate Signature'); + exit; + } + } + + public static function castKey(MoXMLSecurityKey $key, $algorithm, $type = 'public') + { + + // do nothing if algorithm is already the type of the key + if ($key->type === $algorithm) { + return $key; + } + + $keyInfo = openssl_pkey_get_details($key->key); + if ($keyInfo === FALSE) { + echo sprintf('Unable to get key details from XMLSecurityKey.'); + exit; + } + if (!isset($keyInfo['key'])) { + echo sprintf('Missing key in public key details.'); + exit; + } + + $newKey = new MoXMLSecurityKey($algorithm, array('type'=>$type)); + $newKey->loadKey($keyInfo['key']); + + return $newKey; + } + + public static function processResponse($currentURL, $certFingerprint, $signatureData, + SAML2_Response $response, $certNumber,$relayState) { + + $assertion = current($response->getAssertions()); + + $notBefore = $assertion->getNotBefore(); + if ($notBefore !== NULL && $notBefore > time() + 60) { + wp_die('Received an assertion that is valid in the future. Check clock synchronization on IdP and SP.'); + } + + $notOnOrAfter = $assertion->getNotOnOrAfter(); + if ($notOnOrAfter !== NULL && $notOnOrAfter <= time() - 60) { + wp_die('Received an assertion that has expired. Check clock synchronization on IdP and SP.'); + } + + $sessionNotOnOrAfter = $assertion->getSessionNotOnOrAfter(); + if ($sessionNotOnOrAfter !== NULL && $sessionNotOnOrAfter <= time() - 60) { + wp_die('Received an assertion with a session that has expired. Check clock synchronization on IdP and SP.'); + } + + /* Validate Response-element destination. */ + $msgDestination = $response->getDestination(); + if(substr($msgDestination, -1) == '/') { + $msgDestination = substr($msgDestination, 0, -1); + } + if(substr($currentURL, -1) == '/') { + $currentURL = substr($currentURL, 0, -1); + } + + if ($msgDestination !== NULL && $msgDestination !== $currentURL) { + echo sprintf('Destination in response doesn\'t match the current URL. Destination is "' . + htmlspecialchars($msgDestination) . '", current URL is "' . htmlspecialchars($currentURL) . '".'); + exit; + } + + $responseSigned = self::checkSign($certFingerprint, $signatureData, $certNumber,$relayState); + + /* Returning boolean $responseSigned */ + return $responseSigned; + } + + + public static function checkSign($certFingerprint, $signatureData, $certNumber, $relayState) { + $certificates = $signatureData['Certificates']; + + if (count($certificates) === 0) { + $storedCerts = maybe_unserialize(get_option('saml_x509_certificate')); + $pemCert = $storedCerts[$certNumber]; + }else{ + $fpArray = array(); + $fpArray[] = $certFingerprint; + $pemCert = self::findCertificate($fpArray, $certificates, $relayState); + if($pemCert==false) + return false; + } + + $lastException = NULL; + + $key = new MoXMLSecurityKey(MoXMLSecurityKey::RSA_SHA1, array('type'=>'public')); + $key->loadKey($pemCert); + + try { + /* + * Make sure that we have a valid signature + */ + self::validateSignature($signatureData, $key); + return TRUE; + } catch (Exception $e) { + $lastException = $e; + } + + + /* We were unable to validate the signature with any of our keys. */ + if ($lastException !== NULL) { + throw $lastException; + } else { + return FALSE; + } + + } + + + public static function validateIssuerAndAudience($samlResponse, $spEntityId, $issuerToValidateAgainst, $relayState) { + $issuer = current($samlResponse->getAssertions())->getIssuer(); + $assertion = current($samlResponse->getAssertions()); + $audiences = $assertion->getValidAudiences(); + if(strcmp($issuerToValidateAgainst, $issuer) === 0) { + if(!empty($audiences)) { + if(in_array($spEntityId, $audiences, TRUE)) { + return TRUE; + } else { + if($relayState=='testValidate'){ + $Error_message=mo_saml_options_error_constants::Error_invalid_audience; + $Cause_message = mo_saml_options_error_constants::Cause_invalid_audience; + echo '
    '; + echo '
    ' . __('ERROR','miniorange-saml-20-single-sign-on') . '
    +

    ' . __('Error','miniorange-saml-20-single-sign-on') . ': '.$Error_message.'

    + +

    ' . __('Possible Cause','miniorange-saml-20-single-sign-on'). ': '.$Cause_message.'

    +

    ' . __('Expected one of the Audiences to be','miniorange-saml-20-single-sign-on'). ': '.$spEntityId.'

    +

    '; + mo_saml_download_logs($Error_message,$Cause_message); + exit; + } + else + { + wp_die(__("We could not sign you in. Please contact your administrator",'miniorange-saml-20-single-sign-on'),"Error: Invalid Audience URI"); + } + } + } + } else { + if($relayState=='testValidate'){ + + $Error_message=mo_saml_options_error_constants::Error_issuer_not_verfied; + $Cause_message = mo_saml_options_error_constants::Cause_issuer_not_verfied; + update_option('mo_saml_required_issuer',$issuer); + echo '
    '; + echo '
    ' . __('ERROR','miniorange-saml-20-single-sign-on') . '
    +

    ' . __('Error','miniorange-saml-20-single-sign-on'). ':'.$Error_message.'

    + +

    ' . __('Possible Cause','miniorange-saml-20-single-sign-on') . ':'.$Cause_message.'

    +
    +
      +
      '; + wp_nonce_field('mo_fix_entity_id'); + echo ' + +
      +
    +
    +
    +
    '; + + mo_saml_download_logs($Error_message,$Cause_message); + exit; + } + else + { + wp_die(__("We could not sign you in. Please contact your administrator",'miniorange-saml-20-single-sign-on'),"Error: Issuer cannot be verified"); + } + } +} + + private static function findCertificate(array $certFingerprints, array $certificates, $relayState) { + + $candidates = array(); + + //foreach ($certificates as $cert) { + $fp = strtolower(sha1(base64_decode($certificates[0]))); + if (!in_array($fp, $certFingerprints, TRUE)) { + $candidates[] = $fp; + return false; + //continue; + } + + /* We have found a matching fingerprint. */ + $pem = "-----BEGIN CERTIFICATE-----\n" . + chunk_split($certificates[0], 64) . + "-----END CERTIFICATE-----\n"; + + return $pem; + // } + + // if($relayState=='testValidate'){ + // $pem = "-----BEGIN CERTIFICATE-----
    " . + // chunk_split($cert, 64) . + // "
    -----END CERTIFICATE-----"; + + // echo '
    '; + // echo '
    ERROR
    + //

    Error: Unable to find a certificate matching the configured fingerprint.

    + //

    Please contact your administrator and report the following error:

    + //

    Possible Cause: Content of \'X.509 Certificate\' field in Service Provider Settings is incorrect. Please replace it with certificate given below.

    + //

    Certificate found in SAML Response:

    '.$pem.'

    + //
    + //
    + //
    + //
    '; + + // exit; + // } + // else{ + // wp_die("We could not sign you in. Please contact your administrator","Error: Invalid Certificate"); + // } + } + + /** + * Decrypt an encrypted element. + * + * This is an internal helper function. + * + * @param DOMElement $encryptedData The encrypted data. + * @param MoXMLSecurityKey $inputKey The decryption key. + * @param array &$blacklist Blacklisted decryption algorithms. + * @return DOMElement The decrypted element. + * @throws Exception + */ + private static function doDecryptElement(DOMElement $encryptedData, MoXMLSecurityKey $inputKey, array &$blacklist) + { + $enc = new MoXMLSecEnc(); + $enc->setNode($encryptedData); + + $enc->type = $encryptedData->getAttribute("Type"); + $symmetricKey = $enc->locateKey($encryptedData); + if (!$symmetricKey) { + echo sprintf(__('Could not locate key algorithm in encrypted data.','miniorange-saml-20-single-sign-on')); + exit; + } + + $symmetricKeyInfo = $enc->locateKeyInfo($symmetricKey); + if (!$symmetricKeyInfo) { + echo sprintf(__('Could not locate for the encrypted key.','miniorange-saml-20-single-sign-on')); + exit; + } + $inputKeyAlgo = $inputKey->getAlgorith(); + if ($symmetricKeyInfo->isEncrypted) { + $symKeyInfoAlgo = $symmetricKeyInfo->getAlgorith(); + if (in_array($symKeyInfoAlgo, $blacklist, TRUE)) { + echo sprintf('Algorithm disabled: ' . var_export($symKeyInfoAlgo, TRUE)); + exit; + } + if ($symKeyInfoAlgo === MoXMLSecurityKey::RSA_OAEP_MGF1P && $inputKeyAlgo === MoXMLSecurityKey::RSA_1_5) { + /* + * The RSA key formats are equal, so loading an RSA_1_5 key + * into an RSA_OAEP_MGF1P key can be done without problems. + * We therefore pretend that the input key is an + * RSA_OAEP_MGF1P key. + */ + $inputKeyAlgo = MoXMLSecurityKey::RSA_OAEP_MGF1P; + } + /* Make sure that the input key format is the same as the one used to encrypt the key. */ + if ($inputKeyAlgo !== $symKeyInfoAlgo) { + echo sprintf( 'Algorithm mismatch between input key and key used to encrypt ' . + ' the symmetric key for the message. Key was: ' . + var_export($inputKeyAlgo, TRUE) . '; message was: ' . + var_export($symKeyInfoAlgo, TRUE)); + exit; + } + /** @var MoXMLSecEnc $encKey */ + $encKey = $symmetricKeyInfo->encryptedCtx; + $symmetricKeyInfo->key = $inputKey->key; + $keySize = $symmetricKey->getSymmetricKeySize(); + if ($keySize === NULL) { + /* To protect against "key oracle" attacks, we need to be able to create a + * symmetric key, and for that we need to know the key size. + */ + echo sprintf('Unknown key size for encryption algorithm: ' . var_export($symmetricKey->type, TRUE)); + exit; + } + try { + $key = $encKey->decryptKey($symmetricKeyInfo); + if (strlen($key) != $keySize) { + echo sprintf('Unexpected key size (' . strlen($key) * 8 . 'bits) for encryption algorithm: ' . + var_export($symmetricKey->type, TRUE)); + exit; + } + } catch (Exception $e) { + /* We failed to decrypt this key. Log it, and substitute a "random" key. */ + + /* Create a replacement key, so that it looks like we fail in the same way as if the key was correctly padded. */ + /* We base the symmetric key on the encrypted key and private key, so that we always behave the + * same way for a given input key. + */ + $encryptedKey = $encKey->getCipherValue(); + $pkey = openssl_pkey_get_details($symmetricKeyInfo->key); + $pkey = sha1(serialize($pkey), TRUE); + $key = sha1($encryptedKey . $pkey, TRUE); + /* Make sure that the key has the correct length. */ + if (strlen($key) > $keySize) { + $key = substr($key, 0, $keySize); + } elseif (strlen($key) < $keySize) { + $key = str_pad($key, $keySize); + } + } + $symmetricKey->loadkey($key); + } else { + $symKeyAlgo = $symmetricKey->getAlgorith(); + /* Make sure that the input key has the correct format. */ + if ($inputKeyAlgo !== $symKeyAlgo) { + echo sprintf( 'Algorithm mismatch between input key and key in message. ' . + 'Key was: ' . var_export($inputKeyAlgo, TRUE) . '; message was: ' . + var_export($symKeyAlgo, TRUE)); + exit; + } + $symmetricKey = $inputKey; + } + $algorithm = $symmetricKey->getAlgorith(); + if (in_array($algorithm, $blacklist, TRUE)) { + echo sprintf('Algorithm disabled: ' . var_export($algorithm, TRUE)); + exit; + } + /** @var string $decrypted */ + $decrypted = $enc->decryptNode($symmetricKey, FALSE); + /* + * This is a workaround for the case where only a subset of the XML + * tree was serialized for encryption. In that case, we may miss the + * namespaces needed to parse the XML. + */ + $xml = '' . + $decrypted . + ''; + $newDoc = new DOMDocument(); + if (!@$newDoc->loadXML($xml)) { + echo sprintf('Failed to parse decrypted XML. Maybe the wrong sharedkey was used?'); + throw new Exception('Failed to parse decrypted XML. Maybe the wrong sharedkey was used?'); + } + $decryptedElement = $newDoc->firstChild->firstChild; + if ($decryptedElement === NULL) { + echo sprintf('Missing encrypted element.'); + throw new Exception('Missing encrypted element.'); + } + + if (!($decryptedElement instanceof DOMElement)) { + echo sprintf('Decrypted element was not actually a DOMElement.'); + } + + return $decryptedElement; + } + /** + * Decrypt an encrypted element. + * + * @param DOMElement $encryptedData The encrypted data. + * @param MoXMLSecurityKey $inputKey The decryption key. + * @param array $blacklist Blacklisted decryption algorithms. + * @return DOMElement The decrypted element. + * @throws Exception + */ + public static function decryptElement(DOMElement $encryptedData, MoXMLSecurityKey $inputKey, array $blacklist = array(), MoXMLSecurityKey $alternateKey = NULL) + { + try { + return self::doDecryptElement($encryptedData, $inputKey, $blacklist); + } catch (Exception $e) { + //Try with alternate key + try { + return self::doDecryptElement($encryptedData, $alternateKey, $blacklist); + } catch(Exception $t) { + + } + /* + * Something went wrong during decryption, but for security + * reasons we cannot tell the user what failed. + */ + //print_r($e->getMessage()); + echo sprintf('Failed to decrypt XML element.'); + exit; + } + } + + /** + * Generates the metadata of the SP based on the settings + * + * @param string $sp The SP data + * @param string $authnsign authnRequestsSigned attribute + * @param string $wsign wantAssertionsSigned attribute + * @param DateTime $validUntil Metadata's valid time + * @param Timestamp $cacheDuration Duration of the cache in seconds + * @param array $contacts Contacts info + * @param array $organization Organization ingo + * + * @return string SAML Metadata XML + */ + public static function metadata_builder($siteUrl) + { + $xml = new DOMDocument(); + $url = plugins_url().'/miniorange-saml-20-single-sign-on/sp-metadata.xml'; + + $xml->load($url); + + $xpath = new DOMXPath($xml); + $elements = $xpath->query('//md:EntityDescriptor[@entityID="http://{path-to-your-site}/wp-content/plugins/miniorange-saml-20-single-sign-on/"]'); + + if ($elements->length >= 1) { + $element = $elements->item(0); + $element->setAttribute('entityID', $siteUrl.'/wp-content/plugins/miniorange-saml-20-single-sign-on/'); + } + + $elements = $xpath->query('//md:AssertionConsumerService[@Location="http://{path-to-your-site}"]'); + if ($elements->length >= 1) { + $element = $elements->item(0); + $element->setAttribute('Location', $siteUrl.'/'); + } + + //re-save + $xml->save(plugins_url()."/miniorange-saml-20-single-sign-on/sp-metadata.xml"); + } + + public static function get_mapped_groups($saml_params, $saml_groups) + { + $groups = array(); + + if (!empty($saml_groups)) { + $saml_mapped_groups = array(); + $i=1; + while ($i < 10) { + $saml_mapped_groups_value = $saml_params->get('group'.$i.'_map'); + + $saml_mapped_groups[$i] = explode(';', $saml_mapped_groups_value); + $i++; + } + } + + foreach ($saml_groups as $saml_group) { + if (!empty($saml_group)) { + $i = 0; + $found = false; + + while ($i < 9 && !$found) { + if (!empty($saml_mapped_groups[$i]) && in_array($saml_group, $saml_mapped_groups[$i], TRUE)) { + $groups[] = $saml_params->get('group'.$i); + $found = true; + } + $i++; + } + } + } + + return array_unique($groups); + } + + + public static function getEncryptionAlgorithm($method){ + switch($method){ + case 'http://www.w3.org/2001/04/xmlenc#tripledes-cbc': + return MoXMLSecurityKey::TRIPLEDES_CBC; + break; + + case 'http://www.w3.org/2001/04/xmlenc#aes128-cbc': + return MoXMLSecurityKey::AES128_CBC; + + case 'http://www.w3.org/2001/04/xmlenc#aes192-cbc': + return MoXMLSecurityKey::AES192_CBC; + break; + + case 'http://www.w3.org/2001/04/xmlenc#aes256-cbc': + return MoXMLSecurityKey::AES256_CBC; + break; + + case 'http://www.w3.org/2001/04/xmlenc#rsa-1_5': + return MoXMLSecurityKey::RSA_1_5; + break; + + case 'http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p': + return MoXMLSecurityKey::RSA_OAEP_MGF1P; + break; + + case 'http://www.w3.org/2000/09/xmldsig#dsa-sha1': + return MoXMLSecurityKey::DSA_SHA1; + break; + + case 'http://www.w3.org/2000/09/xmldsig#rsa-sha1': + return MoXMLSecurityKey::RSA_SHA1; + break; + + case 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256': + return MoXMLSecurityKey::RSA_SHA256; + break; + + case 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha384': + return MoXMLSecurityKey::RSA_SHA384; + break; + + case 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha512': + return MoXMLSecurityKey::RSA_SHA512; + break; + + default: + echo sprintf('Invalid Encryption Method: '. htmlspecialchars($method)); + exit; + break; + } + } + + public static function sanitize_certificate( $certificate ) { + $certificate = preg_replace("/[\r\n]+/", "", $certificate); + $certificate = str_replace( "-", "", $certificate ); + $certificate = str_replace( "BEGIN CERTIFICATE", "", $certificate ); + $certificate = str_replace( "END CERTIFICATE", "", $certificate ); + $certificate = str_replace( " ", "", $certificate ); + $certificate = chunk_split($certificate, 64, "\r\n"); + $certificate = "-----BEGIN CERTIFICATE-----\r\n" . $certificate . "-----END CERTIFICATE-----"; + return $certificate; + } + + public static function desanitize_certificate( $certificate ) { + $certificate = preg_replace("/[\r\n]+/", "", $certificate); + //$certificate = str_replace( "-", "", $certificate ); + $certificate = str_replace( "-----BEGIN CERTIFICATE-----", "", $certificate ); + $certificate = str_replace( "-----END CERTIFICATE-----", "", $certificate ); + $certificate = str_replace( " ", "", $certificate ); + //$certificate = chunk_split($certificate, 64, "\r\n"); + //$certificate = "-----BEGIN CERTIFICATE-----\r\n" . $certificate . "-----END CERTIFICATE-----"; + return $certificate; + } + + public static function mo_saml_wp_remote_post($url, $args = array()){ + $response = wp_remote_post($url, $args); + if(!is_wp_error($response)){ + return $response; + } else { + $show_message = new saml_mo_login(); + update_option('mo_saml_message', __('Unable to connect to the Internet. Please try again.','miniorange-saml-20-single-sign-on')); + $show_message->mo_saml_show_error_message(); + } + } + + public static function mo_saml_wp_remote_get($url, $args = array()){ + $response = wp_remote_get($url, $args); + if(!is_wp_error($response)){ + return $response; + } else { + $show_message = new saml_mo_login(); + update_option('mo_saml_message', __('Unable to connect to the Internet. Please try again.','miniorange-saml-20-single-sign-on')); + $show_message->mo_saml_show_error_message(); + } + } + +} +?> \ No newline at end of file diff --git a/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/feedback_form.php b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/feedback_form.php new file mode 100644 index 0000000..071ccf0 --- /dev/null +++ b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/feedback_form.php @@ -0,0 +1,159 @@ + + + + + + +
    + +
    +

    × +

    +
    + + + + +
    +

    +


    + +
    + + + + + + + + + + + + + + + + +
    +

    +
    + user_email; + } + ?> +
    + +
    + + + + + +
    +

    + +

    + +
    +
    + +
    + +    + +
    +
    + + + +
    + + +
    + +
    + +
    + + \ No newline at end of file diff --git a/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/61456.png b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/61456.png new file mode 100644 index 0000000..8dc3f64 Binary files /dev/null and b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/61456.png differ diff --git a/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/addons_logos/attribute_based_redirection.png b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/addons_logos/attribute_based_redirection.png new file mode 100644 index 0000000..446d559 Binary files /dev/null and b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/addons_logos/attribute_based_redirection.png differ diff --git a/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/addons_logos/buddypress.png b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/addons_logos/buddypress.png new file mode 100644 index 0000000..7bb0b8c Binary files /dev/null and b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/addons_logos/buddypress.png differ diff --git a/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/addons_logos/file_prevention.png b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/addons_logos/file_prevention.png new file mode 100644 index 0000000..8dc3f64 Binary files /dev/null and b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/addons_logos/file_prevention.png differ diff --git a/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/addons_logos/fsso.png b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/addons_logos/fsso.png new file mode 100644 index 0000000..878cc63 Binary files /dev/null and b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/addons_logos/fsso.png differ diff --git a/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/addons_logos/guest_login.png b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/addons_logos/guest_login.png new file mode 100644 index 0000000..878cc63 Binary files /dev/null and b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/addons_logos/guest_login.png differ diff --git a/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/addons_logos/learndash.png b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/addons_logos/learndash.png new file mode 100644 index 0000000..5256ace Binary files /dev/null and b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/addons_logos/learndash.png differ diff --git a/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/addons_logos/memberpress.png b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/addons_logos/memberpress.png new file mode 100644 index 0000000..23446ea Binary files /dev/null and b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/addons_logos/memberpress.png differ diff --git a/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/addons_logos/page_restriction.png b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/addons_logos/page_restriction.png new file mode 100644 index 0000000..c068355 Binary files /dev/null and b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/addons_logos/page_restriction.png differ diff --git a/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/addons_logos/paid_mem_pro.png b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/addons_logos/paid_mem_pro.png new file mode 100644 index 0000000..3acf6f1 Binary files /dev/null and b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/addons_logos/paid_mem_pro.png differ diff --git a/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/addons_logos/profile_picture_add_on.png b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/addons_logos/profile_picture_add_on.png new file mode 100644 index 0000000..878cc63 Binary files /dev/null and b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/addons_logos/profile_picture_add_on.png differ diff --git a/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/addons_logos/scim.png b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/addons_logos/scim.png new file mode 100644 index 0000000..8c59b4b Binary files /dev/null and b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/addons_logos/scim.png differ diff --git a/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/addons_logos/ssologin.png b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/addons_logos/ssologin.png new file mode 100644 index 0000000..36bd363 Binary files /dev/null and b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/addons_logos/ssologin.png differ diff --git a/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/addons_logos/ssosession.png b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/addons_logos/ssosession.png new file mode 100644 index 0000000..878cc63 Binary files /dev/null and b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/addons_logos/ssosession.png differ diff --git a/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/addons_logos/woocommerce.png b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/addons_logos/woocommerce.png new file mode 100644 index 0000000..a2e6fd6 Binary files /dev/null and b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/addons_logos/woocommerce.png differ diff --git a/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/addons_logos/wp_members.png b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/addons_logos/wp_members.png new file mode 100644 index 0000000..56914a4 Binary files /dev/null and b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/addons_logos/wp_members.png differ diff --git a/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/angry.png b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/angry.png new file mode 100644 index 0000000..443b0d5 Binary files /dev/null and b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/angry.png differ diff --git a/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/flags16.png b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/flags16.png new file mode 100644 index 0000000..1535827 Binary files /dev/null and b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/flags16.png differ diff --git a/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/green_check.png b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/green_check.png new file mode 100644 index 0000000..e9d7def Binary files /dev/null and b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/green_check.png differ diff --git a/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/happy.png b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/happy.png new file mode 100644 index 0000000..b1f1e31 Binary files /dev/null and b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/happy.png differ diff --git a/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/idp-guides-logos/absorb-lms.png b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/idp-guides-logos/absorb-lms.png new file mode 100644 index 0000000..0425d6d Binary files /dev/null and b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/idp-guides-logos/absorb-lms.png differ diff --git a/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/idp-guides-logos/adfs.png b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/idp-guides-logos/adfs.png new file mode 100644 index 0000000..88a4d22 Binary files /dev/null and b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/idp-guides-logos/adfs.png differ diff --git a/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/idp-guides-logos/auth0.png b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/idp-guides-logos/auth0.png new file mode 100644 index 0000000..b7b9189 Binary files /dev/null and b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/idp-guides-logos/auth0.png differ diff --git a/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/idp-guides-logos/authanvil.png b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/idp-guides-logos/authanvil.png new file mode 100644 index 0000000..35953ac Binary files /dev/null and b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/idp-guides-logos/authanvil.png differ diff --git a/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/idp-guides-logos/azure-ad.png b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/idp-guides-logos/azure-ad.png new file mode 100644 index 0000000..727d084 Binary files /dev/null and b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/idp-guides-logos/azure-ad.png differ diff --git a/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/idp-guides-logos/azure-b2c.png b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/idp-guides-logos/azure-b2c.png new file mode 100644 index 0000000..727d084 Binary files /dev/null and b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/idp-guides-logos/azure-b2c.png differ diff --git a/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/idp-guides-logos/bitium.png b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/idp-guides-logos/bitium.png new file mode 100644 index 0000000..2095ff6 Binary files /dev/null and b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/idp-guides-logos/bitium.png differ diff --git a/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/idp-guides-logos/ca-identity.png b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/idp-guides-logos/ca-identity.png new file mode 100644 index 0000000..881d5bd Binary files /dev/null and b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/idp-guides-logos/ca-identity.png differ diff --git a/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/idp-guides-logos/centrify.png b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/idp-guides-logos/centrify.png new file mode 100644 index 0000000..e2ff6eb Binary files /dev/null and b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/idp-guides-logos/centrify.png differ diff --git a/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/idp-guides-logos/custom-idp.png b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/idp-guides-logos/custom-idp.png new file mode 100644 index 0000000..ca34882 Binary files /dev/null and b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/idp-guides-logos/custom-idp.png differ diff --git a/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/idp-guides-logos/degreed.png b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/idp-guides-logos/degreed.png new file mode 100644 index 0000000..0cfe279 Binary files /dev/null and b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/idp-guides-logos/degreed.png differ diff --git a/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/idp-guides-logos/gluu-server.png b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/idp-guides-logos/gluu-server.png new file mode 100644 index 0000000..c2feae2 Binary files /dev/null and b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/idp-guides-logos/gluu-server.png differ diff --git a/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/idp-guides-logos/google-apps.png b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/idp-guides-logos/google-apps.png new file mode 100644 index 0000000..b1a1566 Binary files /dev/null and b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/idp-guides-logos/google-apps.png differ diff --git a/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/idp-guides-logos/jboss-keycloak.png b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/idp-guides-logos/jboss-keycloak.png new file mode 100644 index 0000000..e013a46 Binary files /dev/null and b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/idp-guides-logos/jboss-keycloak.png differ diff --git a/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/idp-guides-logos/jumpcloud.png b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/idp-guides-logos/jumpcloud.png new file mode 100644 index 0000000..b49752b Binary files /dev/null and b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/idp-guides-logos/jumpcloud.png differ diff --git a/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/idp-guides-logos/miniorange.png b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/idp-guides-logos/miniorange.png new file mode 100644 index 0000000..ca34882 Binary files /dev/null and b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/idp-guides-logos/miniorange.png differ diff --git a/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/idp-guides-logos/okta.png b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/idp-guides-logos/okta.png new file mode 100644 index 0000000..e9dfdd6 Binary files /dev/null and b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/idp-guides-logos/okta.png differ diff --git a/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/idp-guides-logos/onelogin.png b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/idp-guides-logos/onelogin.png new file mode 100644 index 0000000..ae2990c Binary files /dev/null and b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/idp-guides-logos/onelogin.png differ diff --git a/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/idp-guides-logos/openam.png b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/idp-guides-logos/openam.png new file mode 100644 index 0000000..c79d561 Binary files /dev/null and b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/idp-guides-logos/openam.png differ diff --git a/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/idp-guides-logos/oracle-enterprise-manager.png b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/idp-guides-logos/oracle-enterprise-manager.png new file mode 100644 index 0000000..37e91e5 Binary files /dev/null and b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/idp-guides-logos/oracle-enterprise-manager.png differ diff --git a/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/idp-guides-logos/pingfederate.png b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/idp-guides-logos/pingfederate.png new file mode 100644 index 0000000..eef2f9c Binary files /dev/null and b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/idp-guides-logos/pingfederate.png differ diff --git a/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/idp-guides-logos/pingone.png b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/idp-guides-logos/pingone.png new file mode 100644 index 0000000..e40fdcb Binary files /dev/null and b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/idp-guides-logos/pingone.png differ diff --git a/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/idp-guides-logos/rsa-secureid.png b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/idp-guides-logos/rsa-secureid.png new file mode 100644 index 0000000..9ec0873 Binary files /dev/null and b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/idp-guides-logos/rsa-secureid.png differ diff --git a/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/idp-guides-logos/salesforce.png b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/idp-guides-logos/salesforce.png new file mode 100644 index 0000000..02b4f0d Binary files /dev/null and b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/idp-guides-logos/salesforce.png differ diff --git a/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/idp-guides-logos/shibboleth2.png b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/idp-guides-logos/shibboleth2.png new file mode 100644 index 0000000..2aa8d8e Binary files /dev/null and b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/idp-guides-logos/shibboleth2.png differ diff --git a/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/idp-guides-logos/shibboleth3.png b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/idp-guides-logos/shibboleth3.png new file mode 100644 index 0000000..2aa8d8e Binary files /dev/null and b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/idp-guides-logos/shibboleth3.png differ diff --git a/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/idp-guides-logos/simplesaml.png b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/idp-guides-logos/simplesaml.png new file mode 100644 index 0000000..ac4b3a6 Binary files /dev/null and b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/idp-guides-logos/simplesaml.png differ diff --git a/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/idp-guides-logos/wso2.png b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/idp-guides-logos/wso2.png new file mode 100644 index 0000000..d3b4a64 Binary files /dev/null and b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/idp-guides-logos/wso2.png differ diff --git a/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/loadingbar.gif b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/loadingbar.gif new file mode 100644 index 0000000..0424aa4 Binary files /dev/null and b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/loadingbar.gif differ diff --git a/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/miniorange.png b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/miniorange.png new file mode 100644 index 0000000..593801f Binary files /dev/null and b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/miniorange.png differ diff --git a/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/miniorange_logo.svg b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/miniorange_logo.svg new file mode 100644 index 0000000..163ba19 --- /dev/null +++ b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/miniorange_logo.svg @@ -0,0 +1,758 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + image/svg+xml + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/normal.png b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/normal.png new file mode 100644 index 0000000..f4c5075 Binary files /dev/null and b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/normal.png differ diff --git a/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/phone.svg b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/phone.svg new file mode 100644 index 0000000..8297805 --- /dev/null +++ b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/phone.svg @@ -0,0 +1,4 @@ + + + + diff --git a/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/sad.png b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/sad.png new file mode 100644 index 0000000..f794a1f Binary files /dev/null and b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/sad.png differ diff --git a/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/saml_working.png b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/saml_working.png new file mode 100644 index 0000000..d4d2969 Binary files /dev/null and b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/saml_working.png differ diff --git a/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/saml_working_womo.png b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/saml_working_womo.png new file mode 100644 index 0000000..ef0a58a Binary files /dev/null and b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/saml_working_womo.png differ diff --git a/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/saml_working_womo1.png b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/saml_working_womo1.png new file mode 100644 index 0000000..ea765c1 Binary files /dev/null and b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/saml_working_womo1.png differ diff --git a/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/smile.png b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/smile.png new file mode 100644 index 0000000..3dda96f Binary files /dev/null and b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/smile.png differ diff --git a/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/wrong.png b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/wrong.png new file mode 100644 index 0000000..c6d020e Binary files /dev/null and b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/images/wrong.png differ diff --git a/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/includes/css/all.min.css b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/includes/css/all.min.css new file mode 100644 index 0000000..1ea1b18 --- /dev/null +++ b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/includes/css/all.min.css @@ -0,0 +1,5 @@ +/*! + * Font Awesome Free 5.12.0 by @fontawesome - https://fontawesome.com + * License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) + */ +.fa,.fab,.fad,.fal,.far,.fas{-moz-osx-font-smoothing:grayscale;-webkit-font-smoothing:antialiased;display:inline-block;font-style:normal;font-variant:normal;text-rendering:auto;line-height:1}.fa-lg{font-size:1.33333em;line-height:.75em;vertical-align:-.0667em}.fa-xs{font-size:.75em}.fa-sm{font-size:.875em}.fa-1x{font-size:1em}.fa-2x{font-size:2em}.fa-3x{font-size:3em}.fa-4x{font-size:4em}.fa-5x{font-size:5em}.fa-6x{font-size:6em}.fa-7x{font-size:7em}.fa-8x{font-size:8em}.fa-9x{font-size:9em}.fa-10x{font-size:10em}.fa-fw{text-align:center;width:1.25em}.fa-ul{list-style-type:none;margin-left:2.5em;padding-left:0}.fa-ul>li{position:relative}.fa-li{left:-2em;position:absolute;text-align:center;width:2em;line-height:inherit}.fa-border{border:.08em solid #eee;border-radius:.1em;padding:.2em .25em .15em}.fa-pull-left{float:left}.fa-pull-right{float:right}.fa.fa-pull-left,.fab.fa-pull-left,.fal.fa-pull-left,.far.fa-pull-left,.fas.fa-pull-left{margin-right:.3em}.fa.fa-pull-right,.fab.fa-pull-right,.fal.fa-pull-right,.far.fa-pull-right,.fas.fa-pull-right{margin-left:.3em}.fa-spin{-webkit-animation:fa-spin 2s linear infinite;animation:fa-spin 2s linear infinite}.fa-pulse{-webkit-animation:fa-spin 1s steps(8) infinite;animation:fa-spin 1s steps(8) infinite}@-webkit-keyframes fa-spin{0%{-webkit-transform:rotate(0deg);transform:rotate(0deg)}to{-webkit-transform:rotate(1turn);transform:rotate(1turn)}}@keyframes fa-spin{0%{-webkit-transform:rotate(0deg);transform:rotate(0deg)}to{-webkit-transform:rotate(1turn);transform:rotate(1turn)}}.fa-rotate-90{-ms-filter:"progid:DXImageTransform.Microsoft.BasicImage(rotation=1)";-webkit-transform:rotate(90deg);transform:rotate(90deg)}.fa-rotate-180{-ms-filter:"progid:DXImageTransform.Microsoft.BasicImage(rotation=2)";-webkit-transform:rotate(180deg);transform:rotate(180deg)}.fa-rotate-270{-ms-filter:"progid:DXImageTransform.Microsoft.BasicImage(rotation=3)";-webkit-transform:rotate(270deg);transform:rotate(270deg)}.fa-flip-horizontal{-ms-filter:"progid:DXImageTransform.Microsoft.BasicImage(rotation=0, mirror=1)";-webkit-transform:scaleX(-1);transform:scaleX(-1)}.fa-flip-vertical{-webkit-transform:scaleY(-1);transform:scaleY(-1)}.fa-flip-both,.fa-flip-horizontal.fa-flip-vertical,.fa-flip-vertical{-ms-filter:"progid:DXImageTransform.Microsoft.BasicImage(rotation=2, mirror=1)"}.fa-flip-both,.fa-flip-horizontal.fa-flip-vertical{-webkit-transform:scale(-1);transform:scale(-1)}:root .fa-flip-both,:root .fa-flip-horizontal,:root .fa-flip-vertical,:root .fa-rotate-90,:root .fa-rotate-180,:root .fa-rotate-270{-webkit-filter:none;filter:none}.fa-stack{display:inline-block;height:2em;line-height:2em;position:relative;vertical-align:middle;width:2.5em}.fa-stack-1x,.fa-stack-2x{left:0;position:absolute;text-align:center;width:100%}.fa-stack-1x{line-height:inherit}.fa-stack-2x{font-size:2em}.fa-inverse{color:#fff}.fa-500px:before{content:"\f26e"}.fa-accessible-icon:before{content:"\f368"}.fa-accusoft:before{content:"\f369"}.fa-acquisitions-incorporated:before{content:"\f6af"}.fa-ad:before{content:"\f641"}.fa-address-book:before{content:"\f2b9"}.fa-address-card:before{content:"\f2bb"}.fa-adjust:before{content:"\f042"}.fa-adn:before{content:"\f170"}.fa-adobe:before{content:"\f778"}.fa-adversal:before{content:"\f36a"}.fa-affiliatetheme:before{content:"\f36b"}.fa-air-freshener:before{content:"\f5d0"}.fa-airbnb:before{content:"\f834"}.fa-algolia:before{content:"\f36c"}.fa-align-center:before{content:"\f037"}.fa-align-justify:before{content:"\f039"}.fa-align-left:before{content:"\f036"}.fa-align-right:before{content:"\f038"}.fa-alipay:before{content:"\f642"}.fa-allergies:before{content:"\f461"}.fa-amazon:before{content:"\f270"}.fa-amazon-pay:before{content:"\f42c"}.fa-ambulance:before{content:"\f0f9"}.fa-american-sign-language-interpreting:before{content:"\f2a3"}.fa-amilia:before{content:"\f36d"}.fa-anchor:before{content:"\f13d"}.fa-android:before{content:"\f17b"}.fa-angellist:before{content:"\f209"}.fa-angle-double-down:before{content:"\f103"}.fa-angle-double-left:before{content:"\f100"}.fa-angle-double-right:before{content:"\f101"}.fa-angle-double-up:before{content:"\f102"}.fa-angle-down:before{content:"\f107"}.fa-angle-left:before{content:"\f104"}.fa-angle-right:before{content:"\f105"}.fa-angle-up:before{content:"\f106"}.fa-angry:before{content:"\f556"}.fa-angrycreative:before{content:"\f36e"}.fa-angular:before{content:"\f420"}.fa-ankh:before{content:"\f644"}.fa-app-store:before{content:"\f36f"}.fa-app-store-ios:before{content:"\f370"}.fa-apper:before{content:"\f371"}.fa-apple:before{content:"\f179"}.fa-apple-alt:before{content:"\f5d1"}.fa-apple-pay:before{content:"\f415"}.fa-archive:before{content:"\f187"}.fa-archway:before{content:"\f557"}.fa-arrow-alt-circle-down:before{content:"\f358"}.fa-arrow-alt-circle-left:before{content:"\f359"}.fa-arrow-alt-circle-right:before{content:"\f35a"}.fa-arrow-alt-circle-up:before{content:"\f35b"}.fa-arrow-circle-down:before{content:"\f0ab"}.fa-arrow-circle-left:before{content:"\f0a8"}.fa-arrow-circle-right:before{content:"\f0a9"}.fa-arrow-circle-up:before{content:"\f0aa"}.fa-arrow-down:before{content:"\f063"}.fa-arrow-left:before{content:"\f060"}.fa-arrow-right:before{content:"\f061"}.fa-arrow-up:before{content:"\f062"}.fa-arrows-alt:before{content:"\f0b2"}.fa-arrows-alt-h:before{content:"\f337"}.fa-arrows-alt-v:before{content:"\f338"}.fa-artstation:before{content:"\f77a"}.fa-assistive-listening-systems:before{content:"\f2a2"}.fa-asterisk:before{content:"\f069"}.fa-asymmetrik:before{content:"\f372"}.fa-at:before{content:"\f1fa"}.fa-atlas:before{content:"\f558"}.fa-atlassian:before{content:"\f77b"}.fa-atom:before{content:"\f5d2"}.fa-audible:before{content:"\f373"}.fa-audio-description:before{content:"\f29e"}.fa-autoprefixer:before{content:"\f41c"}.fa-avianex:before{content:"\f374"}.fa-aviato:before{content:"\f421"}.fa-award:before{content:"\f559"}.fa-aws:before{content:"\f375"}.fa-baby:before{content:"\f77c"}.fa-baby-carriage:before{content:"\f77d"}.fa-backspace:before{content:"\f55a"}.fa-backward:before{content:"\f04a"}.fa-bacon:before{content:"\f7e5"}.fa-bahai:before{content:"\f666"}.fa-balance-scale:before{content:"\f24e"}.fa-balance-scale-left:before{content:"\f515"}.fa-balance-scale-right:before{content:"\f516"}.fa-ban:before{content:"\f05e"}.fa-band-aid:before{content:"\f462"}.fa-bandcamp:before{content:"\f2d5"}.fa-barcode:before{content:"\f02a"}.fa-bars:before{content:"\f0c9"}.fa-baseball-ball:before{content:"\f433"}.fa-basketball-ball:before{content:"\f434"}.fa-bath:before{content:"\f2cd"}.fa-battery-empty:before{content:"\f244"}.fa-battery-full:before{content:"\f240"}.fa-battery-half:before{content:"\f242"}.fa-battery-quarter:before{content:"\f243"}.fa-battery-three-quarters:before{content:"\f241"}.fa-battle-net:before{content:"\f835"}.fa-bed:before{content:"\f236"}.fa-beer:before{content:"\f0fc"}.fa-behance:before{content:"\f1b4"}.fa-behance-square:before{content:"\f1b5"}.fa-bell:before{content:"\f0f3"}.fa-bell-slash:before{content:"\f1f6"}.fa-bezier-curve:before{content:"\f55b"}.fa-bible:before{content:"\f647"}.fa-bicycle:before{content:"\f206"}.fa-biking:before{content:"\f84a"}.fa-bimobject:before{content:"\f378"}.fa-binoculars:before{content:"\f1e5"}.fa-biohazard:before{content:"\f780"}.fa-birthday-cake:before{content:"\f1fd"}.fa-bitbucket:before{content:"\f171"}.fa-bitcoin:before{content:"\f379"}.fa-bity:before{content:"\f37a"}.fa-black-tie:before{content:"\f27e"}.fa-blackberry:before{content:"\f37b"}.fa-blender:before{content:"\f517"}.fa-blender-phone:before{content:"\f6b6"}.fa-blind:before{content:"\f29d"}.fa-blog:before{content:"\f781"}.fa-blogger:before{content:"\f37c"}.fa-blogger-b:before{content:"\f37d"}.fa-bluetooth:before{content:"\f293"}.fa-bluetooth-b:before{content:"\f294"}.fa-bold:before{content:"\f032"}.fa-bolt:before{content:"\f0e7"}.fa-bomb:before{content:"\f1e2"}.fa-bone:before{content:"\f5d7"}.fa-bong:before{content:"\f55c"}.fa-book:before{content:"\f02d"}.fa-book-dead:before{content:"\f6b7"}.fa-book-medical:before{content:"\f7e6"}.fa-book-open:before{content:"\f518"}.fa-book-reader:before{content:"\f5da"}.fa-bookmark:before{content:"\f02e"}.fa-bootstrap:before{content:"\f836"}.fa-border-all:before{content:"\f84c"}.fa-border-none:before{content:"\f850"}.fa-border-style:before{content:"\f853"}.fa-bowling-ball:before{content:"\f436"}.fa-box:before{content:"\f466"}.fa-box-open:before{content:"\f49e"}.fa-boxes:before{content:"\f468"}.fa-braille:before{content:"\f2a1"}.fa-brain:before{content:"\f5dc"}.fa-bread-slice:before{content:"\f7ec"}.fa-briefcase:before{content:"\f0b1"}.fa-briefcase-medical:before{content:"\f469"}.fa-broadcast-tower:before{content:"\f519"}.fa-broom:before{content:"\f51a"}.fa-brush:before{content:"\f55d"}.fa-btc:before{content:"\f15a"}.fa-buffer:before{content:"\f837"}.fa-bug:before{content:"\f188"}.fa-building:before{content:"\f1ad"}.fa-bullhorn:before{content:"\f0a1"}.fa-bullseye:before{content:"\f140"}.fa-burn:before{content:"\f46a"}.fa-buromobelexperte:before{content:"\f37f"}.fa-bus:before{content:"\f207"}.fa-bus-alt:before{content:"\f55e"}.fa-business-time:before{content:"\f64a"}.fa-buy-n-large:before{content:"\f8a6"}.fa-buysellads:before{content:"\f20d"}.fa-calculator:before{content:"\f1ec"}.fa-calendar:before{content:"\f133"}.fa-calendar-alt:before{content:"\f073"}.fa-calendar-check:before{content:"\f274"}.fa-calendar-day:before{content:"\f783"}.fa-calendar-minus:before{content:"\f272"}.fa-calendar-plus:before{content:"\f271"}.fa-calendar-times:before{content:"\f273"}.fa-calendar-week:before{content:"\f784"}.fa-camera:before{content:"\f030"}.fa-camera-retro:before{content:"\f083"}.fa-campground:before{content:"\f6bb"}.fa-canadian-maple-leaf:before{content:"\f785"}.fa-candy-cane:before{content:"\f786"}.fa-cannabis:before{content:"\f55f"}.fa-capsules:before{content:"\f46b"}.fa-car:before{content:"\f1b9"}.fa-car-alt:before{content:"\f5de"}.fa-car-battery:before{content:"\f5df"}.fa-car-crash:before{content:"\f5e1"}.fa-car-side:before{content:"\f5e4"}.fa-caravan:before{content:"\f8ff"}.fa-caret-down:before{content:"\f0d7"}.fa-caret-left:before{content:"\f0d9"}.fa-caret-right:before{content:"\f0da"}.fa-caret-square-down:before{content:"\f150"}.fa-caret-square-left:before{content:"\f191"}.fa-caret-square-right:before{content:"\f152"}.fa-caret-square-up:before{content:"\f151"}.fa-caret-up:before{content:"\f0d8"}.fa-carrot:before{content:"\f787"}.fa-cart-arrow-down:before{content:"\f218"}.fa-cart-plus:before{content:"\f217"}.fa-cash-register:before{content:"\f788"}.fa-cat:before{content:"\f6be"}.fa-cc-amazon-pay:before{content:"\f42d"}.fa-cc-amex:before{content:"\f1f3"}.fa-cc-apple-pay:before{content:"\f416"}.fa-cc-diners-club:before{content:"\f24c"}.fa-cc-discover:before{content:"\f1f2"}.fa-cc-jcb:before{content:"\f24b"}.fa-cc-mastercard:before{content:"\f1f1"}.fa-cc-paypal:before{content:"\f1f4"}.fa-cc-stripe:before{content:"\f1f5"}.fa-cc-visa:before{content:"\f1f0"}.fa-centercode:before{content:"\f380"}.fa-centos:before{content:"\f789"}.fa-certificate:before{content:"\f0a3"}.fa-chair:before{content:"\f6c0"}.fa-chalkboard:before{content:"\f51b"}.fa-chalkboard-teacher:before{content:"\f51c"}.fa-charging-station:before{content:"\f5e7"}.fa-chart-area:before{content:"\f1fe"}.fa-chart-bar:before{content:"\f080"}.fa-chart-line:before{content:"\f201"}.fa-chart-pie:before{content:"\f200"}.fa-check:before{content:"\f00c"}.fa-check-circle:before{content:"\f058"}.fa-check-double:before{content:"\f560"}.fa-check-square:before{content:"\f14a"}.fa-cheese:before{content:"\f7ef"}.fa-chess:before{content:"\f439"}.fa-chess-bishop:before{content:"\f43a"}.fa-chess-board:before{content:"\f43c"}.fa-chess-king:before{content:"\f43f"}.fa-chess-knight:before{content:"\f441"}.fa-chess-pawn:before{content:"\f443"}.fa-chess-queen:before{content:"\f445"}.fa-chess-rook:before{content:"\f447"}.fa-chevron-circle-down:before{content:"\f13a"}.fa-chevron-circle-left:before{content:"\f137"}.fa-chevron-circle-right:before{content:"\f138"}.fa-chevron-circle-up:before{content:"\f139"}.fa-chevron-down:before{content:"\f078"}.fa-chevron-left:before{content:"\f053"}.fa-chevron-right:before{content:"\f054"}.fa-chevron-up:before{content:"\f077"}.fa-child:before{content:"\f1ae"}.fa-chrome:before{content:"\f268"}.fa-chromecast:before{content:"\f838"}.fa-church:before{content:"\f51d"}.fa-circle:before{content:"\f111"}.fa-circle-notch:before{content:"\f1ce"}.fa-city:before{content:"\f64f"}.fa-clinic-medical:before{content:"\f7f2"}.fa-clipboard:before{content:"\f328"}.fa-clipboard-check:before{content:"\f46c"}.fa-clipboard-list:before{content:"\f46d"}.fa-clock:before{content:"\f017"}.fa-clone:before{content:"\f24d"}.fa-closed-captioning:before{content:"\f20a"}.fa-cloud:before{content:"\f0c2"}.fa-cloud-download-alt:before{content:"\f381"}.fa-cloud-meatball:before{content:"\f73b"}.fa-cloud-moon:before{content:"\f6c3"}.fa-cloud-moon-rain:before{content:"\f73c"}.fa-cloud-rain:before{content:"\f73d"}.fa-cloud-showers-heavy:before{content:"\f740"}.fa-cloud-sun:before{content:"\f6c4"}.fa-cloud-sun-rain:before{content:"\f743"}.fa-cloud-upload-alt:before{content:"\f382"}.fa-cloudscale:before{content:"\f383"}.fa-cloudsmith:before{content:"\f384"}.fa-cloudversify:before{content:"\f385"}.fa-cocktail:before{content:"\f561"}.fa-code:before{content:"\f121"}.fa-code-branch:before{content:"\f126"}.fa-codepen:before{content:"\f1cb"}.fa-codiepie:before{content:"\f284"}.fa-coffee:before{content:"\f0f4"}.fa-cog:before{content:"\f013"}.fa-cogs:before{content:"\f085"}.fa-coins:before{content:"\f51e"}.fa-columns:before{content:"\f0db"}.fa-comment:before{content:"\f075"}.fa-comment-alt:before{content:"\f27a"}.fa-comment-dollar:before{content:"\f651"}.fa-comment-dots:before{content:"\f4ad"}.fa-comment-medical:before{content:"\f7f5"}.fa-comment-slash:before{content:"\f4b3"}.fa-comments:before{content:"\f086"}.fa-comments-dollar:before{content:"\f653"}.fa-compact-disc:before{content:"\f51f"}.fa-compass:before{content:"\f14e"}.fa-compress:before{content:"\f066"}.fa-compress-alt:before{content:"\f422"}.fa-compress-arrows-alt:before{content:"\f78c"}.fa-concierge-bell:before{content:"\f562"}.fa-confluence:before{content:"\f78d"}.fa-connectdevelop:before{content:"\f20e"}.fa-contao:before{content:"\f26d"}.fa-cookie:before{content:"\f563"}.fa-cookie-bite:before{content:"\f564"}.fa-copy:before{content:"\f0c5"}.fa-copyright:before{content:"\f1f9"}.fa-cotton-bureau:before{content:"\f89e"}.fa-couch:before{content:"\f4b8"}.fa-cpanel:before{content:"\f388"}.fa-creative-commons:before{content:"\f25e"}.fa-creative-commons-by:before{content:"\f4e7"}.fa-creative-commons-nc:before{content:"\f4e8"}.fa-creative-commons-nc-eu:before{content:"\f4e9"}.fa-creative-commons-nc-jp:before{content:"\f4ea"}.fa-creative-commons-nd:before{content:"\f4eb"}.fa-creative-commons-pd:before{content:"\f4ec"}.fa-creative-commons-pd-alt:before{content:"\f4ed"}.fa-creative-commons-remix:before{content:"\f4ee"}.fa-creative-commons-sa:before{content:"\f4ef"}.fa-creative-commons-sampling:before{content:"\f4f0"}.fa-creative-commons-sampling-plus:before{content:"\f4f1"}.fa-creative-commons-share:before{content:"\f4f2"}.fa-creative-commons-zero:before{content:"\f4f3"}.fa-credit-card:before{content:"\f09d"}.fa-critical-role:before{content:"\f6c9"}.fa-crop:before{content:"\f125"}.fa-crop-alt:before{content:"\f565"}.fa-cross:before{content:"\f654"}.fa-crosshairs:before{content:"\f05b"}.fa-crow:before{content:"\f520"}.fa-crown:before{content:"\f521"}.fa-crutch:before{content:"\f7f7"}.fa-css3:before{content:"\f13c"}.fa-css3-alt:before{content:"\f38b"}.fa-cube:before{content:"\f1b2"}.fa-cubes:before{content:"\f1b3"}.fa-cut:before{content:"\f0c4"}.fa-cuttlefish:before{content:"\f38c"}.fa-d-and-d:before{content:"\f38d"}.fa-d-and-d-beyond:before{content:"\f6ca"}.fa-dashcube:before{content:"\f210"}.fa-database:before{content:"\f1c0"}.fa-deaf:before{content:"\f2a4"}.fa-delicious:before{content:"\f1a5"}.fa-democrat:before{content:"\f747"}.fa-deploydog:before{content:"\f38e"}.fa-deskpro:before{content:"\f38f"}.fa-desktop:before{content:"\f108"}.fa-dev:before{content:"\f6cc"}.fa-deviantart:before{content:"\f1bd"}.fa-dharmachakra:before{content:"\f655"}.fa-dhl:before{content:"\f790"}.fa-diagnoses:before{content:"\f470"}.fa-diaspora:before{content:"\f791"}.fa-dice:before{content:"\f522"}.fa-dice-d20:before{content:"\f6cf"}.fa-dice-d6:before{content:"\f6d1"}.fa-dice-five:before{content:"\f523"}.fa-dice-four:before{content:"\f524"}.fa-dice-one:before{content:"\f525"}.fa-dice-six:before{content:"\f526"}.fa-dice-three:before{content:"\f527"}.fa-dice-two:before{content:"\f528"}.fa-digg:before{content:"\f1a6"}.fa-digital-ocean:before{content:"\f391"}.fa-digital-tachograph:before{content:"\f566"}.fa-directions:before{content:"\f5eb"}.fa-discord:before{content:"\f392"}.fa-discourse:before{content:"\f393"}.fa-divide:before{content:"\f529"}.fa-dizzy:before{content:"\f567"}.fa-dna:before{content:"\f471"}.fa-dochub:before{content:"\f394"}.fa-docker:before{content:"\f395"}.fa-dog:before{content:"\f6d3"}.fa-dollar-sign:before{content:"\f155"}.fa-dolly:before{content:"\f472"}.fa-dolly-flatbed:before{content:"\f474"}.fa-donate:before{content:"\f4b9"}.fa-door-closed:before{content:"\f52a"}.fa-door-open:before{content:"\f52b"}.fa-dot-circle:before{content:"\f192"}.fa-dove:before{content:"\f4ba"}.fa-download:before{content:"\f019"}.fa-draft2digital:before{content:"\f396"}.fa-drafting-compass:before{content:"\f568"}.fa-dragon:before{content:"\f6d5"}.fa-draw-polygon:before{content:"\f5ee"}.fa-dribbble:before{content:"\f17d"}.fa-dribbble-square:before{content:"\f397"}.fa-dropbox:before{content:"\f16b"}.fa-drum:before{content:"\f569"}.fa-drum-steelpan:before{content:"\f56a"}.fa-drumstick-bite:before{content:"\f6d7"}.fa-drupal:before{content:"\f1a9"}.fa-dumbbell:before{content:"\f44b"}.fa-dumpster:before{content:"\f793"}.fa-dumpster-fire:before{content:"\f794"}.fa-dungeon:before{content:"\f6d9"}.fa-dyalog:before{content:"\f399"}.fa-earlybirds:before{content:"\f39a"}.fa-ebay:before{content:"\f4f4"}.fa-edge:before{content:"\f282"}.fa-edit:before{content:"\f044"}.fa-egg:before{content:"\f7fb"}.fa-eject:before{content:"\f052"}.fa-elementor:before{content:"\f430"}.fa-ellipsis-h:before{content:"\f141"}.fa-ellipsis-v:before{content:"\f142"}.fa-ello:before{content:"\f5f1"}.fa-ember:before{content:"\f423"}.fa-empire:before{content:"\f1d1"}.fa-envelope:before{content:"\f0e0"}.fa-envelope-open:before{content:"\f2b6"}.fa-envelope-open-text:before{content:"\f658"}.fa-envelope-square:before{content:"\f199"}.fa-envira:before{content:"\f299"}.fa-equals:before{content:"\f52c"}.fa-eraser:before{content:"\f12d"}.fa-erlang:before{content:"\f39d"}.fa-ethereum:before{content:"\f42e"}.fa-ethernet:before{content:"\f796"}.fa-etsy:before{content:"\f2d7"}.fa-euro-sign:before{content:"\f153"}.fa-evernote:before{content:"\f839"}.fa-exchange-alt:before{content:"\f362"}.fa-exclamation:before{content:"\f12a"}.fa-exclamation-circle:before{content:"\f06a"}.fa-exclamation-triangle:before{content:"\f071"}.fa-expand:before{content:"\f065"}.fa-expand-alt:before{content:"\f424"}.fa-expand-arrows-alt:before{content:"\f31e"}.fa-expeditedssl:before{content:"\f23e"}.fa-external-link-alt:before{content:"\f35d"}.fa-external-link-square-alt:before{content:"\f360"}.fa-eye:before{content:"\f06e"}.fa-eye-dropper:before{content:"\f1fb"}.fa-eye-slash:before{content:"\f070"}.fa-facebook:before{content:"\f09a"}.fa-facebook-f:before{content:"\f39e"}.fa-facebook-messenger:before{content:"\f39f"}.fa-facebook-square:before{content:"\f082"}.fa-fan:before{content:"\f863"}.fa-fantasy-flight-games:before{content:"\f6dc"}.fa-fast-backward:before{content:"\f049"}.fa-fast-forward:before{content:"\f050"}.fa-fax:before{content:"\f1ac"}.fa-feather:before{content:"\f52d"}.fa-feather-alt:before{content:"\f56b"}.fa-fedex:before{content:"\f797"}.fa-fedora:before{content:"\f798"}.fa-female:before{content:"\f182"}.fa-fighter-jet:before{content:"\f0fb"}.fa-figma:before{content:"\f799"}.fa-file:before{content:"\f15b"}.fa-file-alt:before{content:"\f15c"}.fa-file-archive:before{content:"\f1c6"}.fa-file-audio:before{content:"\f1c7"}.fa-file-code:before{content:"\f1c9"}.fa-file-contract:before{content:"\f56c"}.fa-file-csv:before{content:"\f6dd"}.fa-file-download:before{content:"\f56d"}.fa-file-excel:before{content:"\f1c3"}.fa-file-export:before{content:"\f56e"}.fa-file-image:before{content:"\f1c5"}.fa-file-import:before{content:"\f56f"}.fa-file-invoice:before{content:"\f570"}.fa-file-invoice-dollar:before{content:"\f571"}.fa-file-medical:before{content:"\f477"}.fa-file-medical-alt:before{content:"\f478"}.fa-file-pdf:before{content:"\f1c1"}.fa-file-powerpoint:before{content:"\f1c4"}.fa-file-prescription:before{content:"\f572"}.fa-file-signature:before{content:"\f573"}.fa-file-upload:before{content:"\f574"}.fa-file-video:before{content:"\f1c8"}.fa-file-word:before{content:"\f1c2"}.fa-fill:before{content:"\f575"}.fa-fill-drip:before{content:"\f576"}.fa-film:before{content:"\f008"}.fa-filter:before{content:"\f0b0"}.fa-fingerprint:before{content:"\f577"}.fa-fire:before{content:"\f06d"}.fa-fire-alt:before{content:"\f7e4"}.fa-fire-extinguisher:before{content:"\f134"}.fa-firefox:before{content:"\f269"}.fa-firefox-browser:before{content:"\f907"}.fa-first-aid:before{content:"\f479"}.fa-first-order:before{content:"\f2b0"}.fa-first-order-alt:before{content:"\f50a"}.fa-firstdraft:before{content:"\f3a1"}.fa-fish:before{content:"\f578"}.fa-fist-raised:before{content:"\f6de"}.fa-flag:before{content:"\f024"}.fa-flag-checkered:before{content:"\f11e"}.fa-flag-usa:before{content:"\f74d"}.fa-flask:before{content:"\f0c3"}.fa-flickr:before{content:"\f16e"}.fa-flipboard:before{content:"\f44d"}.fa-flushed:before{content:"\f579"}.fa-fly:before{content:"\f417"}.fa-folder:before{content:"\f07b"}.fa-folder-minus:before{content:"\f65d"}.fa-folder-open:before{content:"\f07c"}.fa-folder-plus:before{content:"\f65e"}.fa-font:before{content:"\f031"}.fa-font-awesome:before{content:"\f2b4"}.fa-font-awesome-alt:before{content:"\f35c"}.fa-font-awesome-flag:before{content:"\f425"}.fa-font-awesome-logo-full:before{content:"\f4e6"}.fa-fonticons:before{content:"\f280"}.fa-fonticons-fi:before{content:"\f3a2"}.fa-football-ball:before{content:"\f44e"}.fa-fort-awesome:before{content:"\f286"}.fa-fort-awesome-alt:before{content:"\f3a3"}.fa-forumbee:before{content:"\f211"}.fa-forward:before{content:"\f04e"}.fa-foursquare:before{content:"\f180"}.fa-free-code-camp:before{content:"\f2c5"}.fa-freebsd:before{content:"\f3a4"}.fa-frog:before{content:"\f52e"}.fa-frown:before{content:"\f119"}.fa-frown-open:before{content:"\f57a"}.fa-fulcrum:before{content:"\f50b"}.fa-funnel-dollar:before{content:"\f662"}.fa-futbol:before{content:"\f1e3"}.fa-galactic-republic:before{content:"\f50c"}.fa-galactic-senate:before{content:"\f50d"}.fa-gamepad:before{content:"\f11b"}.fa-gas-pump:before{content:"\f52f"}.fa-gavel:before{content:"\f0e3"}.fa-gem:before{content:"\f3a5"}.fa-genderless:before{content:"\f22d"}.fa-get-pocket:before{content:"\f265"}.fa-gg:before{content:"\f260"}.fa-gg-circle:before{content:"\f261"}.fa-ghost:before{content:"\f6e2"}.fa-gift:before{content:"\f06b"}.fa-gifts:before{content:"\f79c"}.fa-git:before{content:"\f1d3"}.fa-git-alt:before{content:"\f841"}.fa-git-square:before{content:"\f1d2"}.fa-github:before{content:"\f09b"}.fa-github-alt:before{content:"\f113"}.fa-github-square:before{content:"\f092"}.fa-gitkraken:before{content:"\f3a6"}.fa-gitlab:before{content:"\f296"}.fa-gitter:before{content:"\f426"}.fa-glass-cheers:before{content:"\f79f"}.fa-glass-martini:before{content:"\f000"}.fa-glass-martini-alt:before{content:"\f57b"}.fa-glass-whiskey:before{content:"\f7a0"}.fa-glasses:before{content:"\f530"}.fa-glide:before{content:"\f2a5"}.fa-glide-g:before{content:"\f2a6"}.fa-globe:before{content:"\f0ac"}.fa-globe-africa:before{content:"\f57c"}.fa-globe-americas:before{content:"\f57d"}.fa-globe-asia:before{content:"\f57e"}.fa-globe-europe:before{content:"\f7a2"}.fa-gofore:before{content:"\f3a7"}.fa-golf-ball:before{content:"\f450"}.fa-goodreads:before{content:"\f3a8"}.fa-goodreads-g:before{content:"\f3a9"}.fa-google:before{content:"\f1a0"}.fa-google-drive:before{content:"\f3aa"}.fa-google-play:before{content:"\f3ab"}.fa-google-plus:before{content:"\f2b3"}.fa-google-plus-g:before{content:"\f0d5"}.fa-google-plus-square:before{content:"\f0d4"}.fa-google-wallet:before{content:"\f1ee"}.fa-gopuram:before{content:"\f664"}.fa-graduation-cap:before{content:"\f19d"}.fa-gratipay:before{content:"\f184"}.fa-grav:before{content:"\f2d6"}.fa-greater-than:before{content:"\f531"}.fa-greater-than-equal:before{content:"\f532"}.fa-grimace:before{content:"\f57f"}.fa-grin:before{content:"\f580"}.fa-grin-alt:before{content:"\f581"}.fa-grin-beam:before{content:"\f582"}.fa-grin-beam-sweat:before{content:"\f583"}.fa-grin-hearts:before{content:"\f584"}.fa-grin-squint:before{content:"\f585"}.fa-grin-squint-tears:before{content:"\f586"}.fa-grin-stars:before{content:"\f587"}.fa-grin-tears:before{content:"\f588"}.fa-grin-tongue:before{content:"\f589"}.fa-grin-tongue-squint:before{content:"\f58a"}.fa-grin-tongue-wink:before{content:"\f58b"}.fa-grin-wink:before{content:"\f58c"}.fa-grip-horizontal:before{content:"\f58d"}.fa-grip-lines:before{content:"\f7a4"}.fa-grip-lines-vertical:before{content:"\f7a5"}.fa-grip-vertical:before{content:"\f58e"}.fa-gripfire:before{content:"\f3ac"}.fa-grunt:before{content:"\f3ad"}.fa-guitar:before{content:"\f7a6"}.fa-gulp:before{content:"\f3ae"}.fa-h-square:before{content:"\f0fd"}.fa-hacker-news:before{content:"\f1d4"}.fa-hacker-news-square:before{content:"\f3af"}.fa-hackerrank:before{content:"\f5f7"}.fa-hamburger:before{content:"\f805"}.fa-hammer:before{content:"\f6e3"}.fa-hamsa:before{content:"\f665"}.fa-hand-holding:before{content:"\f4bd"}.fa-hand-holding-heart:before{content:"\f4be"}.fa-hand-holding-usd:before{content:"\f4c0"}.fa-hand-lizard:before{content:"\f258"}.fa-hand-middle-finger:before{content:"\f806"}.fa-hand-paper:before{content:"\f256"}.fa-hand-peace:before{content:"\f25b"}.fa-hand-point-down:before{content:"\f0a7"}.fa-hand-point-left:before{content:"\f0a5"}.fa-hand-point-right:before{content:"\f0a4"}.fa-hand-point-up:before{content:"\f0a6"}.fa-hand-pointer:before{content:"\f25a"}.fa-hand-rock:before{content:"\f255"}.fa-hand-scissors:before{content:"\f257"}.fa-hand-spock:before{content:"\f259"}.fa-hands:before{content:"\f4c2"}.fa-hands-helping:before{content:"\f4c4"}.fa-handshake:before{content:"\f2b5"}.fa-hanukiah:before{content:"\f6e6"}.fa-hard-hat:before{content:"\f807"}.fa-hashtag:before{content:"\f292"}.fa-hat-cowboy:before{content:"\f8c0"}.fa-hat-cowboy-side:before{content:"\f8c1"}.fa-hat-wizard:before{content:"\f6e8"}.fa-hdd:before{content:"\f0a0"}.fa-heading:before{content:"\f1dc"}.fa-headphones:before{content:"\f025"}.fa-headphones-alt:before{content:"\f58f"}.fa-headset:before{content:"\f590"}.fa-heart:before{content:"\f004"}.fa-heart-broken:before{content:"\f7a9"}.fa-heartbeat:before{content:"\f21e"}.fa-helicopter:before{content:"\f533"}.fa-highlighter:before{content:"\f591"}.fa-hiking:before{content:"\f6ec"}.fa-hippo:before{content:"\f6ed"}.fa-hips:before{content:"\f452"}.fa-hire-a-helper:before{content:"\f3b0"}.fa-history:before{content:"\f1da"}.fa-hockey-puck:before{content:"\f453"}.fa-holly-berry:before{content:"\f7aa"}.fa-home:before{content:"\f015"}.fa-hooli:before{content:"\f427"}.fa-hornbill:before{content:"\f592"}.fa-horse:before{content:"\f6f0"}.fa-horse-head:before{content:"\f7ab"}.fa-hospital:before{content:"\f0f8"}.fa-hospital-alt:before{content:"\f47d"}.fa-hospital-symbol:before{content:"\f47e"}.fa-hot-tub:before{content:"\f593"}.fa-hotdog:before{content:"\f80f"}.fa-hotel:before{content:"\f594"}.fa-hotjar:before{content:"\f3b1"}.fa-hourglass:before{content:"\f254"}.fa-hourglass-end:before{content:"\f253"}.fa-hourglass-half:before{content:"\f252"}.fa-hourglass-start:before{content:"\f251"}.fa-house-damage:before{content:"\f6f1"}.fa-houzz:before{content:"\f27c"}.fa-hryvnia:before{content:"\f6f2"}.fa-html5:before{content:"\f13b"}.fa-hubspot:before{content:"\f3b2"}.fa-i-cursor:before{content:"\f246"}.fa-ice-cream:before{content:"\f810"}.fa-icicles:before{content:"\f7ad"}.fa-icons:before{content:"\f86d"}.fa-id-badge:before{content:"\f2c1"}.fa-id-card:before{content:"\f2c2"}.fa-id-card-alt:before{content:"\f47f"}.fa-ideal:before{content:"\f913"}.fa-igloo:before{content:"\f7ae"}.fa-image:before{content:"\f03e"}.fa-images:before{content:"\f302"}.fa-imdb:before{content:"\f2d8"}.fa-inbox:before{content:"\f01c"}.fa-indent:before{content:"\f03c"}.fa-industry:before{content:"\f275"}.fa-infinity:before{content:"\f534"}.fa-info:before{content:"\f129"}.fa-info-circle:before{content:"\f05a"}.fa-instagram:before{content:"\f16d"}.fa-intercom:before{content:"\f7af"}.fa-internet-explorer:before{content:"\f26b"}.fa-invision:before{content:"\f7b0"}.fa-ioxhost:before{content:"\f208"}.fa-italic:before{content:"\f033"}.fa-itch-io:before{content:"\f83a"}.fa-itunes:before{content:"\f3b4"}.fa-itunes-note:before{content:"\f3b5"}.fa-java:before{content:"\f4e4"}.fa-jedi:before{content:"\f669"}.fa-jedi-order:before{content:"\f50e"}.fa-jenkins:before{content:"\f3b6"}.fa-jira:before{content:"\f7b1"}.fa-joget:before{content:"\f3b7"}.fa-joint:before{content:"\f595"}.fa-joomla:before{content:"\f1aa"}.fa-journal-whills:before{content:"\f66a"}.fa-js:before{content:"\f3b8"}.fa-js-square:before{content:"\f3b9"}.fa-jsfiddle:before{content:"\f1cc"}.fa-kaaba:before{content:"\f66b"}.fa-kaggle:before{content:"\f5fa"}.fa-key:before{content:"\f084"}.fa-keybase:before{content:"\f4f5"}.fa-keyboard:before{content:"\f11c"}.fa-keycdn:before{content:"\f3ba"}.fa-khanda:before{content:"\f66d"}.fa-kickstarter:before{content:"\f3bb"}.fa-kickstarter-k:before{content:"\f3bc"}.fa-kiss:before{content:"\f596"}.fa-kiss-beam:before{content:"\f597"}.fa-kiss-wink-heart:before{content:"\f598"}.fa-kiwi-bird:before{content:"\f535"}.fa-korvue:before{content:"\f42f"}.fa-landmark:before{content:"\f66f"}.fa-language:before{content:"\f1ab"}.fa-laptop:before{content:"\f109"}.fa-laptop-code:before{content:"\f5fc"}.fa-laptop-medical:before{content:"\f812"}.fa-laravel:before{content:"\f3bd"}.fa-lastfm:before{content:"\f202"}.fa-lastfm-square:before{content:"\f203"}.fa-laugh:before{content:"\f599"}.fa-laugh-beam:before{content:"\f59a"}.fa-laugh-squint:before{content:"\f59b"}.fa-laugh-wink:before{content:"\f59c"}.fa-layer-group:before{content:"\f5fd"}.fa-leaf:before{content:"\f06c"}.fa-leanpub:before{content:"\f212"}.fa-lemon:before{content:"\f094"}.fa-less:before{content:"\f41d"}.fa-less-than:before{content:"\f536"}.fa-less-than-equal:before{content:"\f537"}.fa-level-down-alt:before{content:"\f3be"}.fa-level-up-alt:before{content:"\f3bf"}.fa-life-ring:before{content:"\f1cd"}.fa-lightbulb:before{content:"\f0eb"}.fa-line:before{content:"\f3c0"}.fa-link:before{content:"\f0c1"}.fa-linkedin:before{content:"\f08c"}.fa-linkedin-in:before{content:"\f0e1"}.fa-linode:before{content:"\f2b8"}.fa-linux:before{content:"\f17c"}.fa-lira-sign:before{content:"\f195"}.fa-list:before{content:"\f03a"}.fa-list-alt:before{content:"\f022"}.fa-list-ol:before{content:"\f0cb"}.fa-list-ul:before{content:"\f0ca"}.fa-location-arrow:before{content:"\f124"}.fa-lock:before{content:"\f023"}.fa-lock-open:before{content:"\f3c1"}.fa-long-arrow-alt-down:before{content:"\f309"}.fa-long-arrow-alt-left:before{content:"\f30a"}.fa-long-arrow-alt-right:before{content:"\f30b"}.fa-long-arrow-alt-up:before{content:"\f30c"}.fa-low-vision:before{content:"\f2a8"}.fa-luggage-cart:before{content:"\f59d"}.fa-lyft:before{content:"\f3c3"}.fa-magento:before{content:"\f3c4"}.fa-magic:before{content:"\f0d0"}.fa-magnet:before{content:"\f076"}.fa-mail-bulk:before{content:"\f674"}.fa-mailchimp:before{content:"\f59e"}.fa-male:before{content:"\f183"}.fa-mandalorian:before{content:"\f50f"}.fa-map:before{content:"\f279"}.fa-map-marked:before{content:"\f59f"}.fa-map-marked-alt:before{content:"\f5a0"}.fa-map-marker:before{content:"\f041"}.fa-map-marker-alt:before{content:"\f3c5"}.fa-map-pin:before{content:"\f276"}.fa-map-signs:before{content:"\f277"}.fa-markdown:before{content:"\f60f"}.fa-marker:before{content:"\f5a1"}.fa-mars:before{content:"\f222"}.fa-mars-double:before{content:"\f227"}.fa-mars-stroke:before{content:"\f229"}.fa-mars-stroke-h:before{content:"\f22b"}.fa-mars-stroke-v:before{content:"\f22a"}.fa-mask:before{content:"\f6fa"}.fa-mastodon:before{content:"\f4f6"}.fa-maxcdn:before{content:"\f136"}.fa-mdb:before{content:"\f8ca"}.fa-medal:before{content:"\f5a2"}.fa-medapps:before{content:"\f3c6"}.fa-medium:before{content:"\f23a"}.fa-medium-m:before{content:"\f3c7"}.fa-medkit:before{content:"\f0fa"}.fa-medrt:before{content:"\f3c8"}.fa-meetup:before{content:"\f2e0"}.fa-megaport:before{content:"\f5a3"}.fa-meh:before{content:"\f11a"}.fa-meh-blank:before{content:"\f5a4"}.fa-meh-rolling-eyes:before{content:"\f5a5"}.fa-memory:before{content:"\f538"}.fa-mendeley:before{content:"\f7b3"}.fa-menorah:before{content:"\f676"}.fa-mercury:before{content:"\f223"}.fa-meteor:before{content:"\f753"}.fa-microblog:before{content:"\f91a"}.fa-microchip:before{content:"\f2db"}.fa-microphone:before{content:"\f130"}.fa-microphone-alt:before{content:"\f3c9"}.fa-microphone-alt-slash:before{content:"\f539"}.fa-microphone-slash:before{content:"\f131"}.fa-microscope:before{content:"\f610"}.fa-microsoft:before{content:"\f3ca"}.fa-minus:before{content:"\f068"}.fa-minus-circle:before{content:"\f056"}.fa-minus-square:before{content:"\f146"}.fa-mitten:before{content:"\f7b5"}.fa-mix:before{content:"\f3cb"}.fa-mixcloud:before{content:"\f289"}.fa-mizuni:before{content:"\f3cc"}.fa-mobile:before{content:"\f10b"}.fa-mobile-alt:before{content:"\f3cd"}.fa-modx:before{content:"\f285"}.fa-monero:before{content:"\f3d0"}.fa-money-bill:before{content:"\f0d6"}.fa-money-bill-alt:before{content:"\f3d1"}.fa-money-bill-wave:before{content:"\f53a"}.fa-money-bill-wave-alt:before{content:"\f53b"}.fa-money-check:before{content:"\f53c"}.fa-money-check-alt:before{content:"\f53d"}.fa-monument:before{content:"\f5a6"}.fa-moon:before{content:"\f186"}.fa-mortar-pestle:before{content:"\f5a7"}.fa-mosque:before{content:"\f678"}.fa-motorcycle:before{content:"\f21c"}.fa-mountain:before{content:"\f6fc"}.fa-mouse:before{content:"\f8cc"}.fa-mouse-pointer:before{content:"\f245"}.fa-mug-hot:before{content:"\f7b6"}.fa-music:before{content:"\f001"}.fa-napster:before{content:"\f3d2"}.fa-neos:before{content:"\f612"}.fa-network-wired:before{content:"\f6ff"}.fa-neuter:before{content:"\f22c"}.fa-newspaper:before{content:"\f1ea"}.fa-nimblr:before{content:"\f5a8"}.fa-node:before{content:"\f419"}.fa-node-js:before{content:"\f3d3"}.fa-not-equal:before{content:"\f53e"}.fa-notes-medical:before{content:"\f481"}.fa-npm:before{content:"\f3d4"}.fa-ns8:before{content:"\f3d5"}.fa-nutritionix:before{content:"\f3d6"}.fa-object-group:before{content:"\f247"}.fa-object-ungroup:before{content:"\f248"}.fa-odnoklassniki:before{content:"\f263"}.fa-odnoklassniki-square:before{content:"\f264"}.fa-oil-can:before{content:"\f613"}.fa-old-republic:before{content:"\f510"}.fa-om:before{content:"\f679"}.fa-opencart:before{content:"\f23d"}.fa-openid:before{content:"\f19b"}.fa-opera:before{content:"\f26a"}.fa-optin-monster:before{content:"\f23c"}.fa-orcid:before{content:"\f8d2"}.fa-osi:before{content:"\f41a"}.fa-otter:before{content:"\f700"}.fa-outdent:before{content:"\f03b"}.fa-page4:before{content:"\f3d7"}.fa-pagelines:before{content:"\f18c"}.fa-pager:before{content:"\f815"}.fa-paint-brush:before{content:"\f1fc"}.fa-paint-roller:before{content:"\f5aa"}.fa-palette:before{content:"\f53f"}.fa-palfed:before{content:"\f3d8"}.fa-pallet:before{content:"\f482"}.fa-paper-plane:before{content:"\f1d8"}.fa-paperclip:before{content:"\f0c6"}.fa-parachute-box:before{content:"\f4cd"}.fa-paragraph:before{content:"\f1dd"}.fa-parking:before{content:"\f540"}.fa-passport:before{content:"\f5ab"}.fa-pastafarianism:before{content:"\f67b"}.fa-paste:before{content:"\f0ea"}.fa-patreon:before{content:"\f3d9"}.fa-pause:before{content:"\f04c"}.fa-pause-circle:before{content:"\f28b"}.fa-paw:before{content:"\f1b0"}.fa-paypal:before{content:"\f1ed"}.fa-peace:before{content:"\f67c"}.fa-pen:before{content:"\f304"}.fa-pen-alt:before{content:"\f305"}.fa-pen-fancy:before{content:"\f5ac"}.fa-pen-nib:before{content:"\f5ad"}.fa-pen-square:before{content:"\f14b"}.fa-pencil-alt:before{content:"\f303"}.fa-pencil-ruler:before{content:"\f5ae"}.fa-penny-arcade:before{content:"\f704"}.fa-people-carry:before{content:"\f4ce"}.fa-pepper-hot:before{content:"\f816"}.fa-percent:before{content:"\f295"}.fa-percentage:before{content:"\f541"}.fa-periscope:before{content:"\f3da"}.fa-person-booth:before{content:"\f756"}.fa-phabricator:before{content:"\f3db"}.fa-phoenix-framework:before{content:"\f3dc"}.fa-phoenix-squadron:before{content:"\f511"}.fa-phone:before{content:"\f095"}.fa-phone-alt:before{content:"\f879"}.fa-phone-slash:before{content:"\f3dd"}.fa-phone-square:before{content:"\f098"}.fa-phone-square-alt:before{content:"\f87b"}.fa-phone-volume:before{content:"\f2a0"}.fa-photo-video:before{content:"\f87c"}.fa-php:before{content:"\f457"}.fa-pied-piper:before{content:"\f2ae"}.fa-pied-piper-alt:before{content:"\f1a8"}.fa-pied-piper-hat:before{content:"\f4e5"}.fa-pied-piper-pp:before{content:"\f1a7"}.fa-pied-piper-square:before{content:"\f91e"}.fa-piggy-bank:before{content:"\f4d3"}.fa-pills:before{content:"\f484"}.fa-pinterest:before{content:"\f0d2"}.fa-pinterest-p:before{content:"\f231"}.fa-pinterest-square:before{content:"\f0d3"}.fa-pizza-slice:before{content:"\f818"}.fa-place-of-worship:before{content:"\f67f"}.fa-plane:before{content:"\f072"}.fa-plane-arrival:before{content:"\f5af"}.fa-plane-departure:before{content:"\f5b0"}.fa-play:before{content:"\f04b"}.fa-play-circle:before{content:"\f144"}.fa-playstation:before{content:"\f3df"}.fa-plug:before{content:"\f1e6"}.fa-plus:before{content:"\f067"}.fa-plus-circle:before{content:"\f055"}.fa-plus-square:before{content:"\f0fe"}.fa-podcast:before{content:"\f2ce"}.fa-poll:before{content:"\f681"}.fa-poll-h:before{content:"\f682"}.fa-poo:before{content:"\f2fe"}.fa-poo-storm:before{content:"\f75a"}.fa-poop:before{content:"\f619"}.fa-portrait:before{content:"\f3e0"}.fa-pound-sign:before{content:"\f154"}.fa-power-off:before{content:"\f011"}.fa-pray:before{content:"\f683"}.fa-praying-hands:before{content:"\f684"}.fa-prescription:before{content:"\f5b1"}.fa-prescription-bottle:before{content:"\f485"}.fa-prescription-bottle-alt:before{content:"\f486"}.fa-print:before{content:"\f02f"}.fa-procedures:before{content:"\f487"}.fa-product-hunt:before{content:"\f288"}.fa-project-diagram:before{content:"\f542"}.fa-pushed:before{content:"\f3e1"}.fa-puzzle-piece:before{content:"\f12e"}.fa-python:before{content:"\f3e2"}.fa-qq:before{content:"\f1d6"}.fa-qrcode:before{content:"\f029"}.fa-question:before{content:"\f128"}.fa-question-circle:before{content:"\f059"}.fa-quidditch:before{content:"\f458"}.fa-quinscape:before{content:"\f459"}.fa-quora:before{content:"\f2c4"}.fa-quote-left:before{content:"\f10d"}.fa-quote-right:before{content:"\f10e"}.fa-quran:before{content:"\f687"}.fa-r-project:before{content:"\f4f7"}.fa-radiation:before{content:"\f7b9"}.fa-radiation-alt:before{content:"\f7ba"}.fa-rainbow:before{content:"\f75b"}.fa-random:before{content:"\f074"}.fa-raspberry-pi:before{content:"\f7bb"}.fa-ravelry:before{content:"\f2d9"}.fa-react:before{content:"\f41b"}.fa-reacteurope:before{content:"\f75d"}.fa-readme:before{content:"\f4d5"}.fa-rebel:before{content:"\f1d0"}.fa-receipt:before{content:"\f543"}.fa-record-vinyl:before{content:"\f8d9"}.fa-recycle:before{content:"\f1b8"}.fa-red-river:before{content:"\f3e3"}.fa-reddit:before{content:"\f1a1"}.fa-reddit-alien:before{content:"\f281"}.fa-reddit-square:before{content:"\f1a2"}.fa-redhat:before{content:"\f7bc"}.fa-redo:before{content:"\f01e"}.fa-redo-alt:before{content:"\f2f9"}.fa-registered:before{content:"\f25d"}.fa-remove-format:before{content:"\f87d"}.fa-renren:before{content:"\f18b"}.fa-reply:before{content:"\f3e5"}.fa-reply-all:before{content:"\f122"}.fa-replyd:before{content:"\f3e6"}.fa-republican:before{content:"\f75e"}.fa-researchgate:before{content:"\f4f8"}.fa-resolving:before{content:"\f3e7"}.fa-restroom:before{content:"\f7bd"}.fa-retweet:before{content:"\f079"}.fa-rev:before{content:"\f5b2"}.fa-ribbon:before{content:"\f4d6"}.fa-ring:before{content:"\f70b"}.fa-road:before{content:"\f018"}.fa-robot:before{content:"\f544"}.fa-rocket:before{content:"\f135"}.fa-rocketchat:before{content:"\f3e8"}.fa-rockrms:before{content:"\f3e9"}.fa-route:before{content:"\f4d7"}.fa-rss:before{content:"\f09e"}.fa-rss-square:before{content:"\f143"}.fa-ruble-sign:before{content:"\f158"}.fa-ruler:before{content:"\f545"}.fa-ruler-combined:before{content:"\f546"}.fa-ruler-horizontal:before{content:"\f547"}.fa-ruler-vertical:before{content:"\f548"}.fa-running:before{content:"\f70c"}.fa-rupee-sign:before{content:"\f156"}.fa-sad-cry:before{content:"\f5b3"}.fa-sad-tear:before{content:"\f5b4"}.fa-safari:before{content:"\f267"}.fa-salesforce:before{content:"\f83b"}.fa-sass:before{content:"\f41e"}.fa-satellite:before{content:"\f7bf"}.fa-satellite-dish:before{content:"\f7c0"}.fa-save:before{content:"\f0c7"}.fa-schlix:before{content:"\f3ea"}.fa-school:before{content:"\f549"}.fa-screwdriver:before{content:"\f54a"}.fa-scribd:before{content:"\f28a"}.fa-scroll:before{content:"\f70e"}.fa-sd-card:before{content:"\f7c2"}.fa-search:before{content:"\f002"}.fa-search-dollar:before{content:"\f688"}.fa-search-location:before{content:"\f689"}.fa-search-minus:before{content:"\f010"}.fa-search-plus:before{content:"\f00e"}.fa-searchengin:before{content:"\f3eb"}.fa-seedling:before{content:"\f4d8"}.fa-sellcast:before{content:"\f2da"}.fa-sellsy:before{content:"\f213"}.fa-server:before{content:"\f233"}.fa-servicestack:before{content:"\f3ec"}.fa-shapes:before{content:"\f61f"}.fa-share:before{content:"\f064"}.fa-share-alt:before{content:"\f1e0"}.fa-share-alt-square:before{content:"\f1e1"}.fa-share-square:before{content:"\f14d"}.fa-shekel-sign:before{content:"\f20b"}.fa-shield-alt:before{content:"\f3ed"}.fa-ship:before{content:"\f21a"}.fa-shipping-fast:before{content:"\f48b"}.fa-shirtsinbulk:before{content:"\f214"}.fa-shoe-prints:before{content:"\f54b"}.fa-shopping-bag:before{content:"\f290"}.fa-shopping-basket:before{content:"\f291"}.fa-shopping-cart:before{content:"\f07a"}.fa-shopware:before{content:"\f5b5"}.fa-shower:before{content:"\f2cc"}.fa-shuttle-van:before{content:"\f5b6"}.fa-sign:before{content:"\f4d9"}.fa-sign-in-alt:before{content:"\f2f6"}.fa-sign-language:before{content:"\f2a7"}.fa-sign-out-alt:before{content:"\f2f5"}.fa-signal:before{content:"\f012"}.fa-signature:before{content:"\f5b7"}.fa-sim-card:before{content:"\f7c4"}.fa-simplybuilt:before{content:"\f215"}.fa-sistrix:before{content:"\f3ee"}.fa-sitemap:before{content:"\f0e8"}.fa-sith:before{content:"\f512"}.fa-skating:before{content:"\f7c5"}.fa-sketch:before{content:"\f7c6"}.fa-skiing:before{content:"\f7c9"}.fa-skiing-nordic:before{content:"\f7ca"}.fa-skull:before{content:"\f54c"}.fa-skull-crossbones:before{content:"\f714"}.fa-skyatlas:before{content:"\f216"}.fa-skype:before{content:"\f17e"}.fa-slack:before{content:"\f198"}.fa-slack-hash:before{content:"\f3ef"}.fa-slash:before{content:"\f715"}.fa-sleigh:before{content:"\f7cc"}.fa-sliders-h:before{content:"\f1de"}.fa-slideshare:before{content:"\f1e7"}.fa-smile:before{content:"\f118"}.fa-smile-beam:before{content:"\f5b8"}.fa-smile-wink:before{content:"\f4da"}.fa-smog:before{content:"\f75f"}.fa-smoking:before{content:"\f48d"}.fa-smoking-ban:before{content:"\f54d"}.fa-sms:before{content:"\f7cd"}.fa-snapchat:before{content:"\f2ab"}.fa-snapchat-ghost:before{content:"\f2ac"}.fa-snapchat-square:before{content:"\f2ad"}.fa-snowboarding:before{content:"\f7ce"}.fa-snowflake:before{content:"\f2dc"}.fa-snowman:before{content:"\f7d0"}.fa-snowplow:before{content:"\f7d2"}.fa-socks:before{content:"\f696"}.fa-solar-panel:before{content:"\f5ba"}.fa-sort:before{content:"\f0dc"}.fa-sort-alpha-down:before{content:"\f15d"}.fa-sort-alpha-down-alt:before{content:"\f881"}.fa-sort-alpha-up:before{content:"\f15e"}.fa-sort-alpha-up-alt:before{content:"\f882"}.fa-sort-amount-down:before{content:"\f160"}.fa-sort-amount-down-alt:before{content:"\f884"}.fa-sort-amount-up:before{content:"\f161"}.fa-sort-amount-up-alt:before{content:"\f885"}.fa-sort-down:before{content:"\f0dd"}.fa-sort-numeric-down:before{content:"\f162"}.fa-sort-numeric-down-alt:before{content:"\f886"}.fa-sort-numeric-up:before{content:"\f163"}.fa-sort-numeric-up-alt:before{content:"\f887"}.fa-sort-up:before{content:"\f0de"}.fa-soundcloud:before{content:"\f1be"}.fa-sourcetree:before{content:"\f7d3"}.fa-spa:before{content:"\f5bb"}.fa-space-shuttle:before{content:"\f197"}.fa-speakap:before{content:"\f3f3"}.fa-speaker-deck:before{content:"\f83c"}.fa-spell-check:before{content:"\f891"}.fa-spider:before{content:"\f717"}.fa-spinner:before{content:"\f110"}.fa-splotch:before{content:"\f5bc"}.fa-spotify:before{content:"\f1bc"}.fa-spray-can:before{content:"\f5bd"}.fa-square:before{content:"\f0c8"}.fa-square-full:before{content:"\f45c"}.fa-square-root-alt:before{content:"\f698"}.fa-squarespace:before{content:"\f5be"}.fa-stack-exchange:before{content:"\f18d"}.fa-stack-overflow:before{content:"\f16c"}.fa-stackpath:before{content:"\f842"}.fa-stamp:before{content:"\f5bf"}.fa-star:before{content:"\f005"}.fa-star-and-crescent:before{content:"\f699"}.fa-star-half:before{content:"\f089"}.fa-star-half-alt:before{content:"\f5c0"}.fa-star-of-david:before{content:"\f69a"}.fa-star-of-life:before{content:"\f621"}.fa-staylinked:before{content:"\f3f5"}.fa-steam:before{content:"\f1b6"}.fa-steam-square:before{content:"\f1b7"}.fa-steam-symbol:before{content:"\f3f6"}.fa-step-backward:before{content:"\f048"}.fa-step-forward:before{content:"\f051"}.fa-stethoscope:before{content:"\f0f1"}.fa-sticker-mule:before{content:"\f3f7"}.fa-sticky-note:before{content:"\f249"}.fa-stop:before{content:"\f04d"}.fa-stop-circle:before{content:"\f28d"}.fa-stopwatch:before{content:"\f2f2"}.fa-store:before{content:"\f54e"}.fa-store-alt:before{content:"\f54f"}.fa-strava:before{content:"\f428"}.fa-stream:before{content:"\f550"}.fa-street-view:before{content:"\f21d"}.fa-strikethrough:before{content:"\f0cc"}.fa-stripe:before{content:"\f429"}.fa-stripe-s:before{content:"\f42a"}.fa-stroopwafel:before{content:"\f551"}.fa-studiovinari:before{content:"\f3f8"}.fa-stumbleupon:before{content:"\f1a4"}.fa-stumbleupon-circle:before{content:"\f1a3"}.fa-subscript:before{content:"\f12c"}.fa-subway:before{content:"\f239"}.fa-suitcase:before{content:"\f0f2"}.fa-suitcase-rolling:before{content:"\f5c1"}.fa-sun:before{content:"\f185"}.fa-superpowers:before{content:"\f2dd"}.fa-superscript:before{content:"\f12b"}.fa-supple:before{content:"\f3f9"}.fa-surprise:before{content:"\f5c2"}.fa-suse:before{content:"\f7d6"}.fa-swatchbook:before{content:"\f5c3"}.fa-swift:before{content:"\f8e1"}.fa-swimmer:before{content:"\f5c4"}.fa-swimming-pool:before{content:"\f5c5"}.fa-symfony:before{content:"\f83d"}.fa-synagogue:before{content:"\f69b"}.fa-sync:before{content:"\f021"}.fa-sync-alt:before{content:"\f2f1"}.fa-syringe:before{content:"\f48e"}.fa-table:before{content:"\f0ce"}.fa-table-tennis:before{content:"\f45d"}.fa-tablet:before{content:"\f10a"}.fa-tablet-alt:before{content:"\f3fa"}.fa-tablets:before{content:"\f490"}.fa-tachometer-alt:before{content:"\f3fd"}.fa-tag:before{content:"\f02b"}.fa-tags:before{content:"\f02c"}.fa-tape:before{content:"\f4db"}.fa-tasks:before{content:"\f0ae"}.fa-taxi:before{content:"\f1ba"}.fa-teamspeak:before{content:"\f4f9"}.fa-teeth:before{content:"\f62e"}.fa-teeth-open:before{content:"\f62f"}.fa-telegram:before{content:"\f2c6"}.fa-telegram-plane:before{content:"\f3fe"}.fa-temperature-high:before{content:"\f769"}.fa-temperature-low:before{content:"\f76b"}.fa-tencent-weibo:before{content:"\f1d5"}.fa-tenge:before{content:"\f7d7"}.fa-terminal:before{content:"\f120"}.fa-text-height:before{content:"\f034"}.fa-text-width:before{content:"\f035"}.fa-th:before{content:"\f00a"}.fa-th-large:before{content:"\f009"}.fa-th-list:before{content:"\f00b"}.fa-the-red-yeti:before{content:"\f69d"}.fa-theater-masks:before{content:"\f630"}.fa-themeco:before{content:"\f5c6"}.fa-themeisle:before{content:"\f2b2"}.fa-thermometer:before{content:"\f491"}.fa-thermometer-empty:before{content:"\f2cb"}.fa-thermometer-full:before{content:"\f2c7"}.fa-thermometer-half:before{content:"\f2c9"}.fa-thermometer-quarter:before{content:"\f2ca"}.fa-thermometer-three-quarters:before{content:"\f2c8"}.fa-think-peaks:before{content:"\f731"}.fa-thumbs-down:before{content:"\f165"}.fa-thumbs-up:before{content:"\f164"}.fa-thumbtack:before{content:"\f08d"}.fa-ticket-alt:before{content:"\f3ff"}.fa-times:before{content:"\f00d"}.fa-times-circle:before{content:"\f057"}.fa-tint:before{content:"\f043"}.fa-tint-slash:before{content:"\f5c7"}.fa-tired:before{content:"\f5c8"}.fa-toggle-off:before{content:"\f204"}.fa-toggle-on:before{content:"\f205"}.fa-toilet:before{content:"\f7d8"}.fa-toilet-paper:before{content:"\f71e"}.fa-toolbox:before{content:"\f552"}.fa-tools:before{content:"\f7d9"}.fa-tooth:before{content:"\f5c9"}.fa-torah:before{content:"\f6a0"}.fa-torii-gate:before{content:"\f6a1"}.fa-tractor:before{content:"\f722"}.fa-trade-federation:before{content:"\f513"}.fa-trademark:before{content:"\f25c"}.fa-traffic-light:before{content:"\f637"}.fa-trailer:before{content:"\f941"}.fa-train:before{content:"\f238"}.fa-tram:before{content:"\f7da"}.fa-transgender:before{content:"\f224"}.fa-transgender-alt:before{content:"\f225"}.fa-trash:before{content:"\f1f8"}.fa-trash-alt:before{content:"\f2ed"}.fa-trash-restore:before{content:"\f829"}.fa-trash-restore-alt:before{content:"\f82a"}.fa-tree:before{content:"\f1bb"}.fa-trello:before{content:"\f181"}.fa-tripadvisor:before{content:"\f262"}.fa-trophy:before{content:"\f091"}.fa-truck:before{content:"\f0d1"}.fa-truck-loading:before{content:"\f4de"}.fa-truck-monster:before{content:"\f63b"}.fa-truck-moving:before{content:"\f4df"}.fa-truck-pickup:before{content:"\f63c"}.fa-tshirt:before{content:"\f553"}.fa-tty:before{content:"\f1e4"}.fa-tumblr:before{content:"\f173"}.fa-tumblr-square:before{content:"\f174"}.fa-tv:before{content:"\f26c"}.fa-twitch:before{content:"\f1e8"}.fa-twitter:before{content:"\f099"}.fa-twitter-square:before{content:"\f081"}.fa-typo3:before{content:"\f42b"}.fa-uber:before{content:"\f402"}.fa-ubuntu:before{content:"\f7df"}.fa-uikit:before{content:"\f403"}.fa-umbraco:before{content:"\f8e8"}.fa-umbrella:before{content:"\f0e9"}.fa-umbrella-beach:before{content:"\f5ca"}.fa-underline:before{content:"\f0cd"}.fa-undo:before{content:"\f0e2"}.fa-undo-alt:before{content:"\f2ea"}.fa-uniregistry:before{content:"\f404"}.fa-unity:before{content:"\f949"}.fa-universal-access:before{content:"\f29a"}.fa-university:before{content:"\f19c"}.fa-unlink:before{content:"\f127"}.fa-unlock:before{content:"\f09c"}.fa-unlock-alt:before{content:"\f13e"}.fa-untappd:before{content:"\f405"}.fa-upload:before{content:"\f093"}.fa-ups:before{content:"\f7e0"}.fa-usb:before{content:"\f287"}.fa-user:before{content:"\f007"}.fa-user-alt:before{content:"\f406"}.fa-user-alt-slash:before{content:"\f4fa"}.fa-user-astronaut:before{content:"\f4fb"}.fa-user-check:before{content:"\f4fc"}.fa-user-circle:before{content:"\f2bd"}.fa-user-clock:before{content:"\f4fd"}.fa-user-cog:before{content:"\f4fe"}.fa-user-edit:before{content:"\f4ff"}.fa-user-friends:before{content:"\f500"}.fa-user-graduate:before{content:"\f501"}.fa-user-injured:before{content:"\f728"}.fa-user-lock:before{content:"\f502"}.fa-user-md:before{content:"\f0f0"}.fa-user-minus:before{content:"\f503"}.fa-user-ninja:before{content:"\f504"}.fa-user-nurse:before{content:"\f82f"}.fa-user-plus:before{content:"\f234"}.fa-user-secret:before{content:"\f21b"}.fa-user-shield:before{content:"\f505"}.fa-user-slash:before{content:"\f506"}.fa-user-tag:before{content:"\f507"}.fa-user-tie:before{content:"\f508"}.fa-user-times:before{content:"\f235"}.fa-users:before{content:"\f0c0"}.fa-users-cog:before{content:"\f509"}.fa-usps:before{content:"\f7e1"}.fa-ussunnah:before{content:"\f407"}.fa-utensil-spoon:before{content:"\f2e5"}.fa-utensils:before{content:"\f2e7"}.fa-vaadin:before{content:"\f408"}.fa-vector-square:before{content:"\f5cb"}.fa-venus:before{content:"\f221"}.fa-venus-double:before{content:"\f226"}.fa-venus-mars:before{content:"\f228"}.fa-viacoin:before{content:"\f237"}.fa-viadeo:before{content:"\f2a9"}.fa-viadeo-square:before{content:"\f2aa"}.fa-vial:before{content:"\f492"}.fa-vials:before{content:"\f493"}.fa-viber:before{content:"\f409"}.fa-video:before{content:"\f03d"}.fa-video-slash:before{content:"\f4e2"}.fa-vihara:before{content:"\f6a7"}.fa-vimeo:before{content:"\f40a"}.fa-vimeo-square:before{content:"\f194"}.fa-vimeo-v:before{content:"\f27d"}.fa-vine:before{content:"\f1ca"}.fa-vk:before{content:"\f189"}.fa-vnv:before{content:"\f40b"}.fa-voicemail:before{content:"\f897"}.fa-volleyball-ball:before{content:"\f45f"}.fa-volume-down:before{content:"\f027"}.fa-volume-mute:before{content:"\f6a9"}.fa-volume-off:before{content:"\f026"}.fa-volume-up:before{content:"\f028"}.fa-vote-yea:before{content:"\f772"}.fa-vr-cardboard:before{content:"\f729"}.fa-vuejs:before{content:"\f41f"}.fa-walking:before{content:"\f554"}.fa-wallet:before{content:"\f555"}.fa-warehouse:before{content:"\f494"}.fa-water:before{content:"\f773"}.fa-wave-square:before{content:"\f83e"}.fa-waze:before{content:"\f83f"}.fa-weebly:before{content:"\f5cc"}.fa-weibo:before{content:"\f18a"}.fa-weight:before{content:"\f496"}.fa-weight-hanging:before{content:"\f5cd"}.fa-weixin:before{content:"\f1d7"}.fa-whatsapp:before{content:"\f232"}.fa-whatsapp-square:before{content:"\f40c"}.fa-wheelchair:before{content:"\f193"}.fa-whmcs:before{content:"\f40d"}.fa-wifi:before{content:"\f1eb"}.fa-wikipedia-w:before{content:"\f266"}.fa-wind:before{content:"\f72e"}.fa-window-close:before{content:"\f410"}.fa-window-maximize:before{content:"\f2d0"}.fa-window-minimize:before{content:"\f2d1"}.fa-window-restore:before{content:"\f2d2"}.fa-windows:before{content:"\f17a"}.fa-wine-bottle:before{content:"\f72f"}.fa-wine-glass:before{content:"\f4e3"}.fa-wine-glass-alt:before{content:"\f5ce"}.fa-wix:before{content:"\f5cf"}.fa-wizards-of-the-coast:before{content:"\f730"}.fa-wolf-pack-battalion:before{content:"\f514"}.fa-won-sign:before{content:"\f159"}.fa-wordpress:before{content:"\f19a"}.fa-wordpress-simple:before{content:"\f411"}.fa-wpbeginner:before{content:"\f297"}.fa-wpexplorer:before{content:"\f2de"}.fa-wpforms:before{content:"\f298"}.fa-wpressr:before{content:"\f3e4"}.fa-wrench:before{content:"\f0ad"}.fa-x-ray:before{content:"\f497"}.fa-xbox:before{content:"\f412"}.fa-xing:before{content:"\f168"}.fa-xing-square:before{content:"\f169"}.fa-y-combinator:before{content:"\f23b"}.fa-yahoo:before{content:"\f19e"}.fa-yammer:before{content:"\f840"}.fa-yandex:before{content:"\f413"}.fa-yandex-international:before{content:"\f414"}.fa-yarn:before{content:"\f7e3"}.fa-yelp:before{content:"\f1e9"}.fa-yen-sign:before{content:"\f157"}.fa-yin-yang:before{content:"\f6ad"}.fa-yoast:before{content:"\f2b1"}.fa-youtube:before{content:"\f167"}.fa-youtube-square:before{content:"\f431"}.fa-zhihu:before{content:"\f63f"}.sr-only{border:0;clip:rect(0,0,0,0);height:1px;margin:-1px;overflow:hidden;padding:0;position:absolute;width:1px}.sr-only-focusable:active,.sr-only-focusable:focus{clip:auto;height:auto;margin:0;overflow:visible;position:static;width:auto}@font-face{font-family:"Font Awesome 5 Brands";font-style:normal;font-weight:normal;font-display:auto;src:url(../webfonts/fa-brands-400.eot);src:url(../webfonts/fa-brands-400.eot?#iefix) format("embedded-opentype"),url(../webfonts/fa-brands-400.woff2) format("woff2"),url(../webfonts/fa-brands-400.woff) format("woff"),url(../webfonts/fa-brands-400.ttf) format("truetype"),url(../webfonts/fa-brands-400.svg#fontawesome) format("svg")}.fab{font-family:"Font Awesome 5 Brands"}@font-face{font-family:"Font Awesome 5 Free";font-style:normal;font-weight:400;font-display:auto;src:url(../webfonts/fa-regular-400.eot);src:url(../webfonts/fa-regular-400.eot?#iefix) format("embedded-opentype"),url(../webfonts/fa-regular-400.woff2) format("woff2"),url(../webfonts/fa-regular-400.woff) format("woff"),url(../webfonts/fa-regular-400.ttf) format("truetype"),url(../webfonts/fa-regular-400.svg#fontawesome) format("svg")}.far{font-weight:400}@font-face{font-family:"Font Awesome 5 Free";font-style:normal;font-weight:900;font-display:auto;src:url(../webfonts/fa-solid-900.eot);src:url(../webfonts/fa-solid-900.eot?#iefix) format("embedded-opentype"),url(../webfonts/fa-solid-900.woff2) format("woff2"),url(../webfonts/fa-solid-900.woff) format("woff"),url(../webfonts/fa-solid-900.ttf) format("truetype"),url(../webfonts/fa-solid-900.svg#fontawesome) format("svg")}.fa,.far,.fas{font-family:"Font Awesome 5 Free"}.fa,.fas{font-weight:900} \ No newline at end of file diff --git a/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/includes/css/bootstrap/bootstrap.min.css b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/includes/css/bootstrap/bootstrap.min.css new file mode 100644 index 0000000..6a4480b --- /dev/null +++ b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/includes/css/bootstrap/bootstrap.min.css @@ -0,0 +1,7 @@ +/*! + * Bootstrap v4.0.0 (https://getbootstrap.com) + * Copyright 2011-2018 The Bootstrap Authors + * Copyright 2011-2018 Twitter, Inc. + * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE) + */:root{--blue:#007bff;--indigo:#6610f2;--purple:#6f42c1;--pink:#e83e8c;--red:#dc3545;--orange:#fd7e14;--yellow:#ffc107;--green:#28a745;--teal:#20c997;--cyan:#17a2b8;--white:#fff;--gray:#6c757d;--gray-dark:#343a40;--primary:#007bff;--secondary:#6c757d;--success:#28a745;--info:#17a2b8;--warning:#ffc107;--danger:#dc3545;--light:#f8f9fa;--dark:#343a40;--breakpoint-xs:0;--breakpoint-sm:576px;--breakpoint-md:768px;--breakpoint-lg:992px;--breakpoint-xl:1200px;--font-family-sans-serif:-apple-system,BlinkMacSystemFont,"Segoe UI",Roboto,"Helvetica Neue",Arial,sans-serif,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol";--font-family-monospace:SFMono-Regular,Menlo,Monaco,Consolas,"Liberation Mono","Courier New",monospace}*,::after,::before{box-sizing:border-box}html{font-family:sans-serif;line-height:1.15;-webkit-text-size-adjust:100%;-ms-text-size-adjust:100%;-ms-overflow-style:scrollbar;-webkit-tap-highlight-color:transparent}@-ms-viewport{width:device-width}article,aside,dialog,figcaption,figure,footer,header,hgroup,main,nav,section{display:block}body{margin:0;font-family:-apple-system,BlinkMacSystemFont,"Segoe UI",Roboto,"Helvetica Neue",Arial,sans-serif,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol";font-size:1rem;font-weight:400;line-height:1.5;color:#212529;text-align:left;background-color:#fff}[tabindex="-1"]:focus{outline:0!important}hr{box-sizing:content-box;height:0;overflow:visible}h1,h2,h3,h4,h5,h6{margin-top:0;margin-bottom:.5rem}p{margin-top:0;margin-bottom:1rem}abbr[data-original-title],abbr[title]{text-decoration:underline;-webkit-text-decoration:underline dotted;text-decoration:underline dotted;cursor:help;border-bottom:0}address{margin-bottom:1rem;font-style:normal;line-height:inherit}dl,ol,ul{margin-top:0;margin-bottom:1rem}ol ol,ol ul,ul ol,ul ul{margin-bottom:0}dt{font-weight:700}dd{margin-bottom:.5rem;margin-left:0}blockquote{margin:0 0 1rem}dfn{font-style:italic}b,strong{font-weight:bolder}small{font-size:80%}sub,sup{position:relative;font-size:75%;line-height:0;vertical-align:baseline}sub{bottom:-.25em}sup{top:-.5em}a{color:#007bff;text-decoration:none;background-color:transparent;-webkit-text-decoration-skip:objects}a:hover{color:#0056b3;text-decoration:underline}a:not([href]):not([tabindex]){color:inherit;text-decoration:none}a:not([href]):not([tabindex]):focus,a:not([href]):not([tabindex]):hover{color:inherit;text-decoration:none}a:not([href]):not([tabindex]):focus{outline:0}code,kbd,pre,samp{font-family:monospace,monospace;font-size:1em}pre{margin-top:0;margin-bottom:1rem;overflow:auto;-ms-overflow-style:scrollbar}figure{margin:0 0 1rem}img{vertical-align:middle;border-style:none}svg:not(:root){overflow:hidden}table{border-collapse:collapse}caption{padding-top:.75rem;padding-bottom:.75rem;color:#6c757d;text-align:left;caption-side:bottom}th{text-align:inherit}label{display:inline-block;margin-bottom:.5rem}button{border-radius:0}button:focus{outline:1px dotted;outline:5px auto -webkit-focus-ring-color}button,input,optgroup,select,textarea{margin:0;font-family:inherit;font-size:inherit;line-height:inherit}button,input{overflow:visible}button,select{text-transform:none}[type=reset],[type=submit],button,html [type=button]{-webkit-appearance:button}[type=button]::-moz-focus-inner,[type=reset]::-moz-focus-inner,[type=submit]::-moz-focus-inner,button::-moz-focus-inner{padding:0;border-style:none}input[type=checkbox],input[type=radio]{box-sizing:border-box;padding:0}input[type=date],input[type=datetime-local],input[type=month],input[type=time]{-webkit-appearance:listbox}textarea{overflow:auto;resize:vertical}fieldset{min-width:0;padding:0;margin:0;border:0}legend{display:block;width:100%;max-width:100%;padding:0;margin-bottom:.5rem;font-size:1.5rem;line-height:inherit;color:inherit;white-space:normal}progress{vertical-align:baseline}[type=number]::-webkit-inner-spin-button,[type=number]::-webkit-outer-spin-button{height:auto}[type=search]{outline-offset:-2px;-webkit-appearance:none}[type=search]::-webkit-search-cancel-button,[type=search]::-webkit-search-decoration{-webkit-appearance:none}::-webkit-file-upload-button{font:inherit;-webkit-appearance:button}output{display:inline-block}summary{display:list-item;cursor:pointer}template{display:none}[hidden]{display:none!important}.h1,.h2,.h3,.h4,.h5,.h6,h1,h2,h3,h4,h5,h6{margin-bottom:.5rem;font-family:inherit;font-weight:500;line-height:1.2;color:inherit}.h1,h1{font-size:2.5rem}.h2,h2{font-size:2rem}.h3,h3{font-size:1.75rem}.h4,h4{font-size:1.5rem}.h5,h5{font-size:1.25rem}.h6,h6{font-size:1rem}.lead{font-size:1.25rem;font-weight:300}.display-1{font-size:6rem;font-weight:300;line-height:1.2}.display-2{font-size:5.5rem;font-weight:300;line-height:1.2}.display-3{font-size:4.5rem;font-weight:300;line-height:1.2}.display-4{font-size:3.5rem;font-weight:300;line-height:1.2}hr{margin-top:1rem;margin-bottom:1rem;border:0;border-top:1px solid rgba(0,0,0,.1)}.small,small{font-size:80%;font-weight:400}.mark,mark{padding:.2em;background-color:#fcf8e3}.list-unstyled{padding-left:0;list-style:none}.list-inline{padding-left:0;list-style:none}.list-inline-item{display:inline-block}.list-inline-item:not(:last-child){margin-right:.5rem}.initialism{font-size:90%;text-transform:uppercase}.blockquote{margin-bottom:1rem;font-size:1.25rem}.blockquote-footer{display:block;font-size:80%;color:#6c757d}.blockquote-footer::before{content:"\2014 \00A0"}.img-fluid{max-width:100%;height:auto}.img-thumbnail{padding:.25rem;background-color:#fff;border:1px solid #dee2e6;border-radius:.25rem;max-width:100%;height:auto}.figure{display:inline-block}.figure-img{margin-bottom:.5rem;line-height:1}.figure-caption{font-size:90%;color:#6c757d}code,kbd,pre,samp{font-family:SFMono-Regular,Menlo,Monaco,Consolas,"Liberation Mono","Courier New",monospace}code{font-size:87.5%;color:#e83e8c;word-break:break-word}a>code{color:inherit}kbd{padding:.2rem .4rem;font-size:87.5%;color:#fff;background-color:#212529;border-radius:.2rem}kbd kbd{padding:0;font-size:100%;font-weight:700}pre{display:block;font-size:87.5%;color:#212529}pre code{font-size:inherit;color:inherit;word-break:normal}.pre-scrollable{max-height:340px;overflow-y:scroll}.container{width:100%;padding-right:15px;padding-left:15px;margin-right:auto;margin-left:auto}@media (min-width:576px){.container{max-width:540px}}@media (min-width:768px){.container{max-width:720px}}@media (min-width:992px){.container{max-width:960px}}@media (min-width:1200px){.container{max-width:1140px}}.container-fluid{width:100%;padding-right:15px;padding-left:15px;margin-right:auto;margin-left:auto}.row{display:-webkit-box;display:-ms-flexbox;display:flex;-ms-flex-wrap:wrap;flex-wrap:wrap;margin-right:-15px;margin-left:-15px}.no-gutters{margin-right:0;margin-left:0}.no-gutters>.col,.no-gutters>[class*=col-]{padding-right:0;padding-left:0}.col,.col-1,.col-10,.col-11,.col-12,.col-2,.col-3,.col-4,.col-5,.col-6,.col-7,.col-8,.col-9,.col-auto,.col-lg,.col-lg-1,.col-lg-10,.col-lg-11,.col-lg-12,.col-lg-2,.col-lg-3,.col-lg-4,.col-lg-5,.col-lg-6,.col-lg-7,.col-lg-8,.col-lg-9,.col-lg-auto,.col-md,.col-md-1,.col-md-10,.col-md-11,.col-md-12,.col-md-2,.col-md-3,.col-md-4,.col-md-5,.col-md-6,.col-md-7,.col-md-8,.col-md-9,.col-md-auto,.col-sm,.col-sm-1,.col-sm-10,.col-sm-11,.col-sm-12,.col-sm-2,.col-sm-3,.col-sm-4,.col-sm-5,.col-sm-6,.col-sm-7,.col-sm-8,.col-sm-9,.col-sm-auto,.col-xl,.col-xl-1,.col-xl-10,.col-xl-11,.col-xl-12,.col-xl-2,.col-xl-3,.col-xl-4,.col-xl-5,.col-xl-6,.col-xl-7,.col-xl-8,.col-xl-9,.col-xl-auto{position:relative;width:100%;min-height:1px;padding-right:15px;padding-left:15px}.col{-ms-flex-preferred-size:0;flex-basis:0;-webkit-box-flex:1;-ms-flex-positive:1;flex-grow:1;max-width:100%}.col-auto{-webkit-box-flex:0;-ms-flex:0 0 auto;flex:0 0 auto;width:auto;max-width:none}.col-1{-webkit-box-flex:0;-ms-flex:0 0 8.333333%;flex:0 0 8.333333%;max-width:8.333333%}.col-2{-webkit-box-flex:0;-ms-flex:0 0 16.666667%;flex:0 0 16.666667%;max-width:16.666667%}.col-3{-webkit-box-flex:0;-ms-flex:0 0 25%;flex:0 0 25%;max-width:25%}.col-4{-webkit-box-flex:0;-ms-flex:0 0 33.333333%;flex:0 0 33.333333%;max-width:33.333333%}.col-5{-webkit-box-flex:0;-ms-flex:0 0 41.666667%;flex:0 0 41.666667%;max-width:41.666667%}.col-6{-webkit-box-flex:0;-ms-flex:0 0 50%;flex:0 0 50%;max-width:50%}.col-7{-webkit-box-flex:0;-ms-flex:0 0 58.333333%;flex:0 0 58.333333%;max-width:58.333333%}.col-8{-webkit-box-flex:0;-ms-flex:0 0 66.666667%;flex:0 0 66.666667%;max-width:66.666667%}.col-9{-webkit-box-flex:0;-ms-flex:0 0 75%;flex:0 0 75%;max-width:75%}.col-10{-webkit-box-flex:0;-ms-flex:0 0 83.333333%;flex:0 0 83.333333%;max-width:83.333333%}.col-11{-webkit-box-flex:0;-ms-flex:0 0 91.666667%;flex:0 0 91.666667%;max-width:91.666667%}.col-12{-webkit-box-flex:0;-ms-flex:0 0 100%;flex:0 0 100%;max-width:100%}.order-first{-webkit-box-ordinal-group:0;-ms-flex-order:-1;order:-1}.order-last{-webkit-box-ordinal-group:14;-ms-flex-order:13;order:13}.order-0{-webkit-box-ordinal-group:1;-ms-flex-order:0;order:0}.order-1{-webkit-box-ordinal-group:2;-ms-flex-order:1;order:1}.order-2{-webkit-box-ordinal-group:3;-ms-flex-order:2;order:2}.order-3{-webkit-box-ordinal-group:4;-ms-flex-order:3;order:3}.order-4{-webkit-box-ordinal-group:5;-ms-flex-order:4;order:4}.order-5{-webkit-box-ordinal-group:6;-ms-flex-order:5;order:5}.order-6{-webkit-box-ordinal-group:7;-ms-flex-order:6;order:6}.order-7{-webkit-box-ordinal-group:8;-ms-flex-order:7;order:7}.order-8{-webkit-box-ordinal-group:9;-ms-flex-order:8;order:8}.order-9{-webkit-box-ordinal-group:10;-ms-flex-order:9;order:9}.order-10{-webkit-box-ordinal-group:11;-ms-flex-order:10;order:10}.order-11{-webkit-box-ordinal-group:12;-ms-flex-order:11;order:11}.order-12{-webkit-box-ordinal-group:13;-ms-flex-order:12;order:12}.offset-1{margin-left:8.333333%}.offset-2{margin-left:16.666667%}.offset-3{margin-left:25%}.offset-4{margin-left:33.333333%}.offset-5{margin-left:41.666667%}.offset-6{margin-left:50%}.offset-7{margin-left:58.333333%}.offset-8{margin-left:66.666667%}.offset-9{margin-left:75%}.offset-10{margin-left:83.333333%}.offset-11{margin-left:91.666667%}@media (min-width:576px){.col-sm{-ms-flex-preferred-size:0;flex-basis:0;-webkit-box-flex:1;-ms-flex-positive:1;flex-grow:1;max-width:100%}.col-sm-auto{-webkit-box-flex:0;-ms-flex:0 0 auto;flex:0 0 auto;width:auto;max-width:none}.col-sm-1{-webkit-box-flex:0;-ms-flex:0 0 8.333333%;flex:0 0 8.333333%;max-width:8.333333%}.col-sm-2{-webkit-box-flex:0;-ms-flex:0 0 16.666667%;flex:0 0 16.666667%;max-width:16.666667%}.col-sm-3{-webkit-box-flex:0;-ms-flex:0 0 25%;flex:0 0 25%;max-width:25%}.col-sm-4{-webkit-box-flex:0;-ms-flex:0 0 33.333333%;flex:0 0 33.333333%;max-width:33.333333%}.col-sm-5{-webkit-box-flex:0;-ms-flex:0 0 41.666667%;flex:0 0 41.666667%;max-width:41.666667%}.col-sm-6{-webkit-box-flex:0;-ms-flex:0 0 50%;flex:0 0 50%;max-width:50%}.col-sm-7{-webkit-box-flex:0;-ms-flex:0 0 58.333333%;flex:0 0 58.333333%;max-width:58.333333%}.col-sm-8{-webkit-box-flex:0;-ms-flex:0 0 66.666667%;flex:0 0 66.666667%;max-width:66.666667%}.col-sm-9{-webkit-box-flex:0;-ms-flex:0 0 75%;flex:0 0 75%;max-width:75%}.col-sm-10{-webkit-box-flex:0;-ms-flex:0 0 83.333333%;flex:0 0 83.333333%;max-width:83.333333%}.col-sm-11{-webkit-box-flex:0;-ms-flex:0 0 91.666667%;flex:0 0 91.666667%;max-width:91.666667%}.col-sm-12{-webkit-box-flex:0;-ms-flex:0 0 100%;flex:0 0 100%;max-width:100%}.order-sm-first{-webkit-box-ordinal-group:0;-ms-flex-order:-1;order:-1}.order-sm-last{-webkit-box-ordinal-group:14;-ms-flex-order:13;order:13}.order-sm-0{-webkit-box-ordinal-group:1;-ms-flex-order:0;order:0}.order-sm-1{-webkit-box-ordinal-group:2;-ms-flex-order:1;order:1}.order-sm-2{-webkit-box-ordinal-group:3;-ms-flex-order:2;order:2}.order-sm-3{-webkit-box-ordinal-group:4;-ms-flex-order:3;order:3}.order-sm-4{-webkit-box-ordinal-group:5;-ms-flex-order:4;order:4}.order-sm-5{-webkit-box-ordinal-group:6;-ms-flex-order:5;order:5}.order-sm-6{-webkit-box-ordinal-group:7;-ms-flex-order:6;order:6}.order-sm-7{-webkit-box-ordinal-group:8;-ms-flex-order:7;order:7}.order-sm-8{-webkit-box-ordinal-group:9;-ms-flex-order:8;order:8}.order-sm-9{-webkit-box-ordinal-group:10;-ms-flex-order:9;order:9}.order-sm-10{-webkit-box-ordinal-group:11;-ms-flex-order:10;order:10}.order-sm-11{-webkit-box-ordinal-group:12;-ms-flex-order:11;order:11}.order-sm-12{-webkit-box-ordinal-group:13;-ms-flex-order:12;order:12}.offset-sm-0{margin-left:0}.offset-sm-1{margin-left:8.333333%}.offset-sm-2{margin-left:16.666667%}.offset-sm-3{margin-left:25%}.offset-sm-4{margin-left:33.333333%}.offset-sm-5{margin-left:41.666667%}.offset-sm-6{margin-left:50%}.offset-sm-7{margin-left:58.333333%}.offset-sm-8{margin-left:66.666667%}.offset-sm-9{margin-left:75%}.offset-sm-10{margin-left:83.333333%}.offset-sm-11{margin-left:91.666667%}}@media (min-width:768px){.col-md{-ms-flex-preferred-size:0;flex-basis:0;-webkit-box-flex:1;-ms-flex-positive:1;flex-grow:1;max-width:100%}.col-md-auto{-webkit-box-flex:0;-ms-flex:0 0 auto;flex:0 0 auto;width:auto;max-width:none}.col-md-1{-webkit-box-flex:0;-ms-flex:0 0 8.333333%;flex:0 0 8.333333%;max-width:8.333333%}.col-md-2{-webkit-box-flex:0;-ms-flex:0 0 16.666667%;flex:0 0 16.666667%;max-width:16.666667%}.col-md-3{-webkit-box-flex:0;-ms-flex:0 0 25%;flex:0 0 25%;max-width:25%}.col-md-4{-webkit-box-flex:0;-ms-flex:0 0 33.333333%;flex:0 0 33.333333%;max-width:33.333333%}.col-md-5{-webkit-box-flex:0;-ms-flex:0 0 41.666667%;flex:0 0 41.666667%;max-width:41.666667%}.col-md-6{-webkit-box-flex:0;-ms-flex:0 0 50%;flex:0 0 50%;max-width:50%}.col-md-7{-webkit-box-flex:0;-ms-flex:0 0 58.333333%;flex:0 0 58.333333%;max-width:58.333333%}.col-md-8{-webkit-box-flex:0;-ms-flex:0 0 66.666667%;flex:0 0 66.666667%;max-width:66.666667%}.col-md-9{-webkit-box-flex:0;-ms-flex:0 0 75%;flex:0 0 75%;max-width:75%}.col-md-10{-webkit-box-flex:0;-ms-flex:0 0 83.333333%;flex:0 0 83.333333%;max-width:83.333333%}.col-md-11{-webkit-box-flex:0;-ms-flex:0 0 91.666667%;flex:0 0 91.666667%;max-width:91.666667%}.col-md-12{-webkit-box-flex:0;-ms-flex:0 0 100%;flex:0 0 100%;max-width:100%}.order-md-first{-webkit-box-ordinal-group:0;-ms-flex-order:-1;order:-1}.order-md-last{-webkit-box-ordinal-group:14;-ms-flex-order:13;order:13}.order-md-0{-webkit-box-ordinal-group:1;-ms-flex-order:0;order:0}.order-md-1{-webkit-box-ordinal-group:2;-ms-flex-order:1;order:1}.order-md-2{-webkit-box-ordinal-group:3;-ms-flex-order:2;order:2}.order-md-3{-webkit-box-ordinal-group:4;-ms-flex-order:3;order:3}.order-md-4{-webkit-box-ordinal-group:5;-ms-flex-order:4;order:4}.order-md-5{-webkit-box-ordinal-group:6;-ms-flex-order:5;order:5}.order-md-6{-webkit-box-ordinal-group:7;-ms-flex-order:6;order:6}.order-md-7{-webkit-box-ordinal-group:8;-ms-flex-order:7;order:7}.order-md-8{-webkit-box-ordinal-group:9;-ms-flex-order:8;order:8}.order-md-9{-webkit-box-ordinal-group:10;-ms-flex-order:9;order:9}.order-md-10{-webkit-box-ordinal-group:11;-ms-flex-order:10;order:10}.order-md-11{-webkit-box-ordinal-group:12;-ms-flex-order:11;order:11}.order-md-12{-webkit-box-ordinal-group:13;-ms-flex-order:12;order:12}.offset-md-0{margin-left:0}.offset-md-1{margin-left:8.333333%}.offset-md-2{margin-left:16.666667%}.offset-md-3{margin-left:25%}.offset-md-4{margin-left:33.333333%}.offset-md-5{margin-left:41.666667%}.offset-md-6{margin-left:50%}.offset-md-7{margin-left:58.333333%}.offset-md-8{margin-left:66.666667%}.offset-md-9{margin-left:75%}.offset-md-10{margin-left:83.333333%}.offset-md-11{margin-left:91.666667%}}@media (min-width:992px){.col-lg{-ms-flex-preferred-size:0;flex-basis:0;-webkit-box-flex:1;-ms-flex-positive:1;flex-grow:1;max-width:100%}.col-lg-auto{-webkit-box-flex:0;-ms-flex:0 0 auto;flex:0 0 auto;width:auto;max-width:none}.col-lg-1{-webkit-box-flex:0;-ms-flex:0 0 8.333333%;flex:0 0 8.333333%;max-width:8.333333%}.col-lg-2{-webkit-box-flex:0;-ms-flex:0 0 16.666667%;flex:0 0 16.666667%;max-width:16.666667%}.col-lg-3{-webkit-box-flex:0;-ms-flex:0 0 25%;flex:0 0 25%;max-width:25%}.col-lg-4{-webkit-box-flex:0;-ms-flex:0 0 33.333333%;flex:0 0 33.333333%;max-width:33.333333%}.col-lg-5{-webkit-box-flex:0;-ms-flex:0 0 41.666667%;flex:0 0 41.666667%;max-width:41.666667%}.col-lg-6{-webkit-box-flex:0;-ms-flex:0 0 50%;flex:0 0 50%;max-width:50%}.col-lg-7{-webkit-box-flex:0;-ms-flex:0 0 58.333333%;flex:0 0 58.333333%;max-width:58.333333%}.col-lg-8{-webkit-box-flex:0;-ms-flex:0 0 66.666667%;flex:0 0 66.666667%;max-width:66.666667%}.col-lg-9{-webkit-box-flex:0;-ms-flex:0 0 75%;flex:0 0 75%;max-width:75%}.col-lg-10{-webkit-box-flex:0;-ms-flex:0 0 83.333333%;flex:0 0 83.333333%;max-width:83.333333%}.col-lg-11{-webkit-box-flex:0;-ms-flex:0 0 91.666667%;flex:0 0 91.666667%;max-width:91.666667%}.col-lg-12{-webkit-box-flex:0;-ms-flex:0 0 100%;flex:0 0 100%;max-width:100%}.order-lg-first{-webkit-box-ordinal-group:0;-ms-flex-order:-1;order:-1}.order-lg-last{-webkit-box-ordinal-group:14;-ms-flex-order:13;order:13}.order-lg-0{-webkit-box-ordinal-group:1;-ms-flex-order:0;order:0}.order-lg-1{-webkit-box-ordinal-group:2;-ms-flex-order:1;order:1}.order-lg-2{-webkit-box-ordinal-group:3;-ms-flex-order:2;order:2}.order-lg-3{-webkit-box-ordinal-group:4;-ms-flex-order:3;order:3}.order-lg-4{-webkit-box-ordinal-group:5;-ms-flex-order:4;order:4}.order-lg-5{-webkit-box-ordinal-group:6;-ms-flex-order:5;order:5}.order-lg-6{-webkit-box-ordinal-group:7;-ms-flex-order:6;order:6}.order-lg-7{-webkit-box-ordinal-group:8;-ms-flex-order:7;order:7}.order-lg-8{-webkit-box-ordinal-group:9;-ms-flex-order:8;order:8}.order-lg-9{-webkit-box-ordinal-group:10;-ms-flex-order:9;order:9}.order-lg-10{-webkit-box-ordinal-group:11;-ms-flex-order:10;order:10}.order-lg-11{-webkit-box-ordinal-group:12;-ms-flex-order:11;order:11}.order-lg-12{-webkit-box-ordinal-group:13;-ms-flex-order:12;order:12}.offset-lg-0{margin-left:0}.offset-lg-1{margin-left:8.333333%}.offset-lg-2{margin-left:16.666667%}.offset-lg-3{margin-left:25%}.offset-lg-4{margin-left:33.333333%}.offset-lg-5{margin-left:41.666667%}.offset-lg-6{margin-left:50%}.offset-lg-7{margin-left:58.333333%}.offset-lg-8{margin-left:66.666667%}.offset-lg-9{margin-left:75%}.offset-lg-10{margin-left:83.333333%}.offset-lg-11{margin-left:91.666667%}}@media (min-width:1200px){.col-xl{-ms-flex-preferred-size:0;flex-basis:0;-webkit-box-flex:1;-ms-flex-positive:1;flex-grow:1;max-width:100%}.col-xl-auto{-webkit-box-flex:0;-ms-flex:0 0 auto;flex:0 0 auto;width:auto;max-width:none}.col-xl-1{-webkit-box-flex:0;-ms-flex:0 0 8.333333%;flex:0 0 8.333333%;max-width:8.333333%}.col-xl-2{-webkit-box-flex:0;-ms-flex:0 0 16.666667%;flex:0 0 16.666667%;max-width:16.666667%}.col-xl-3{-webkit-box-flex:0;-ms-flex:0 0 25%;flex:0 0 25%;max-width:25%}.col-xl-4{-webkit-box-flex:0;-ms-flex:0 0 33.333333%;flex:0 0 33.333333%;max-width:33.333333%}.col-xl-5{-webkit-box-flex:0;-ms-flex:0 0 41.666667%;flex:0 0 41.666667%;max-width:41.666667%}.col-xl-6{-webkit-box-flex:0;-ms-flex:0 0 50%;flex:0 0 50%;max-width:50%}.col-xl-7{-webkit-box-flex:0;-ms-flex:0 0 58.333333%;flex:0 0 58.333333%;max-width:58.333333%}.col-xl-8{-webkit-box-flex:0;-ms-flex:0 0 66.666667%;flex:0 0 66.666667%;max-width:66.666667%}.col-xl-9{-webkit-box-flex:0;-ms-flex:0 0 75%;flex:0 0 75%;max-width:75%}.col-xl-10{-webkit-box-flex:0;-ms-flex:0 0 83.333333%;flex:0 0 83.333333%;max-width:83.333333%}.col-xl-11{-webkit-box-flex:0;-ms-flex:0 0 91.666667%;flex:0 0 91.666667%;max-width:91.666667%}.col-xl-12{-webkit-box-flex:0;-ms-flex:0 0 100%;flex:0 0 100%;max-width:100%}.order-xl-first{-webkit-box-ordinal-group:0;-ms-flex-order:-1;order:-1}.order-xl-last{-webkit-box-ordinal-group:14;-ms-flex-order:13;order:13}.order-xl-0{-webkit-box-ordinal-group:1;-ms-flex-order:0;order:0}.order-xl-1{-webkit-box-ordinal-group:2;-ms-flex-order:1;order:1}.order-xl-2{-webkit-box-ordinal-group:3;-ms-flex-order:2;order:2}.order-xl-3{-webkit-box-ordinal-group:4;-ms-flex-order:3;order:3}.order-xl-4{-webkit-box-ordinal-group:5;-ms-flex-order:4;order:4}.order-xl-5{-webkit-box-ordinal-group:6;-ms-flex-order:5;order:5}.order-xl-6{-webkit-box-ordinal-group:7;-ms-flex-order:6;order:6}.order-xl-7{-webkit-box-ordinal-group:8;-ms-flex-order:7;order:7}.order-xl-8{-webkit-box-ordinal-group:9;-ms-flex-order:8;order:8}.order-xl-9{-webkit-box-ordinal-group:10;-ms-flex-order:9;order:9}.order-xl-10{-webkit-box-ordinal-group:11;-ms-flex-order:10;order:10}.order-xl-11{-webkit-box-ordinal-group:12;-ms-flex-order:11;order:11}.order-xl-12{-webkit-box-ordinal-group:13;-ms-flex-order:12;order:12}.offset-xl-0{margin-left:0}.offset-xl-1{margin-left:8.333333%}.offset-xl-2{margin-left:16.666667%}.offset-xl-3{margin-left:25%}.offset-xl-4{margin-left:33.333333%}.offset-xl-5{margin-left:41.666667%}.offset-xl-6{margin-left:50%}.offset-xl-7{margin-left:58.333333%}.offset-xl-8{margin-left:66.666667%}.offset-xl-9{margin-left:75%}.offset-xl-10{margin-left:83.333333%}.offset-xl-11{margin-left:91.666667%}}.table{width:100%;max-width:100%;margin-bottom:1rem;background-color:transparent}.table td,.table th{padding:.75rem;vertical-align:top;border-top:1px solid #dee2e6}.table thead th{vertical-align:bottom;border-bottom:2px solid #dee2e6}.table tbody+tbody{border-top:2px solid #dee2e6}.table .table{background-color:#fff}.table-sm td,.table-sm th{padding:.3rem}.table-bordered{border:1px solid #dee2e6}.table-bordered td,.table-bordered th{border:1px solid #dee2e6}.table-bordered thead td,.table-bordered thead th{border-bottom-width:2px}.table-striped tbody tr:nth-of-type(odd){background-color:rgba(0,0,0,.05)}.table-hover tbody tr:hover{background-color:rgba(0,0,0,.075)}.table-primary,.table-primary>td,.table-primary>th{background-color:#b8daff}.table-hover .table-primary:hover{background-color:#9fcdff}.table-hover .table-primary:hover>td,.table-hover .table-primary:hover>th{background-color:#9fcdff}.table-secondary,.table-secondary>td,.table-secondary>th{background-color:#d6d8db}.table-hover .table-secondary:hover{background-color:#c8cbcf}.table-hover .table-secondary:hover>td,.table-hover .table-secondary:hover>th{background-color:#c8cbcf}.table-success,.table-success>td,.table-success>th{background-color:#c3e6cb}.table-hover .table-success:hover{background-color:#b1dfbb}.table-hover .table-success:hover>td,.table-hover .table-success:hover>th{background-color:#b1dfbb}.table-info,.table-info>td,.table-info>th{background-color:#bee5eb}.table-hover .table-info:hover{background-color:#abdde5}.table-hover .table-info:hover>td,.table-hover .table-info:hover>th{background-color:#abdde5}.table-warning,.table-warning>td,.table-warning>th{background-color:#ffeeba}.table-hover .table-warning:hover{background-color:#ffe8a1}.table-hover .table-warning:hover>td,.table-hover .table-warning:hover>th{background-color:#ffe8a1}.table-danger,.table-danger>td,.table-danger>th{background-color:#f5c6cb}.table-hover .table-danger:hover{background-color:#f1b0b7}.table-hover .table-danger:hover>td,.table-hover .table-danger:hover>th{background-color:#f1b0b7}.table-light,.table-light>td,.table-light>th{background-color:#fdfdfe}.table-hover .table-light:hover{background-color:#ececf6}.table-hover .table-light:hover>td,.table-hover .table-light:hover>th{background-color:#ececf6}.table-dark,.table-dark>td,.table-dark>th{background-color:#c6c8ca}.table-hover .table-dark:hover{background-color:#b9bbbe}.table-hover .table-dark:hover>td,.table-hover .table-dark:hover>th{background-color:#b9bbbe}.table-active,.table-active>td,.table-active>th{background-color:rgba(0,0,0,.075)}.table-hover .table-active:hover{background-color:rgba(0,0,0,.075)}.table-hover .table-active:hover>td,.table-hover .table-active:hover>th{background-color:rgba(0,0,0,.075)}.table .thead-dark th{color:#fff;background-color:#212529;border-color:#32383e}.table .thead-light th{color:#495057;background-color:#e9ecef;border-color:#dee2e6}.table-dark{color:#fff;background-color:#212529}.table-dark td,.table-dark th,.table-dark thead th{border-color:#32383e}.table-dark.table-bordered{border:0}.table-dark.table-striped tbody tr:nth-of-type(odd){background-color:rgba(255,255,255,.05)}.table-dark.table-hover tbody tr:hover{background-color:rgba(255,255,255,.075)}@media (max-width:575.98px){.table-responsive-sm{display:block;width:100%;overflow-x:auto;-webkit-overflow-scrolling:touch;-ms-overflow-style:-ms-autohiding-scrollbar}.table-responsive-sm>.table-bordered{border:0}}@media (max-width:767.98px){.table-responsive-md{display:block;width:100%;overflow-x:auto;-webkit-overflow-scrolling:touch;-ms-overflow-style:-ms-autohiding-scrollbar}.table-responsive-md>.table-bordered{border:0}}@media (max-width:991.98px){.table-responsive-lg{display:block;width:100%;overflow-x:auto;-webkit-overflow-scrolling:touch;-ms-overflow-style:-ms-autohiding-scrollbar}.table-responsive-lg>.table-bordered{border:0}}@media (max-width:1199.98px){.table-responsive-xl{display:block;width:100%;overflow-x:auto;-webkit-overflow-scrolling:touch;-ms-overflow-style:-ms-autohiding-scrollbar}.table-responsive-xl>.table-bordered{border:0}}.table-responsive{display:block;width:100%;overflow-x:auto;-webkit-overflow-scrolling:touch;-ms-overflow-style:-ms-autohiding-scrollbar}.table-responsive>.table-bordered{border:0}.form-control{display:block;width:100%;padding:.375rem .75rem;font-size:1rem;line-height:1.5;color:#495057;background-color:#fff;background-clip:padding-box;border:1px solid #ced4da;border-radius:.25rem;transition:border-color .15s ease-in-out,box-shadow .15s ease-in-out}.form-control::-ms-expand{background-color:transparent;border:0}.form-control:focus{color:#495057;background-color:#fff;border-color:#80bdff;outline:0;box-shadow:0 0 0 .2rem rgba(0,123,255,.25)}.form-control::-webkit-input-placeholder{color:#6c757d;opacity:1}.form-control::-moz-placeholder{color:#6c757d;opacity:1}.form-control:-ms-input-placeholder{color:#6c757d;opacity:1}.form-control::-ms-input-placeholder{color:#6c757d;opacity:1}.form-control::placeholder{color:#6c757d;opacity:1}.form-control:disabled,.form-control[readonly]{background-color:#e9ecef;opacity:1}select.form-control:not([size]):not([multiple]){height:calc(2.25rem + 2px)}select.form-control:focus::-ms-value{color:#495057;background-color:#fff}.form-control-file,.form-control-range{display:block;width:100%}.col-form-label{padding-top:calc(.375rem + 1px);padding-bottom:calc(.375rem + 1px);margin-bottom:0;font-size:inherit;line-height:1.5}.col-form-label-lg{padding-top:calc(.5rem + 1px);padding-bottom:calc(.5rem + 1px);font-size:1.25rem;line-height:1.5}.col-form-label-sm{padding-top:calc(.25rem + 1px);padding-bottom:calc(.25rem + 1px);font-size:.875rem;line-height:1.5}.form-control-plaintext{display:block;width:100%;padding-top:.375rem;padding-bottom:.375rem;margin-bottom:0;line-height:1.5;background-color:transparent;border:solid transparent;border-width:1px 0}.form-control-plaintext.form-control-lg,.form-control-plaintext.form-control-sm,.input-group-lg>.form-control-plaintext.form-control,.input-group-lg>.input-group-append>.form-control-plaintext.btn,.input-group-lg>.input-group-append>.form-control-plaintext.input-group-text,.input-group-lg>.input-group-prepend>.form-control-plaintext.btn,.input-group-lg>.input-group-prepend>.form-control-plaintext.input-group-text,.input-group-sm>.form-control-plaintext.form-control,.input-group-sm>.input-group-append>.form-control-plaintext.btn,.input-group-sm>.input-group-append>.form-control-plaintext.input-group-text,.input-group-sm>.input-group-prepend>.form-control-plaintext.btn,.input-group-sm>.input-group-prepend>.form-control-plaintext.input-group-text{padding-right:0;padding-left:0}.form-control-sm,.input-group-sm>.form-control,.input-group-sm>.input-group-append>.btn,.input-group-sm>.input-group-append>.input-group-text,.input-group-sm>.input-group-prepend>.btn,.input-group-sm>.input-group-prepend>.input-group-text{padding:.25rem .5rem;font-size:.875rem;line-height:1.5;border-radius:.2rem}.input-group-sm>.input-group-append>select.btn:not([size]):not([multiple]),.input-group-sm>.input-group-append>select.input-group-text:not([size]):not([multiple]),.input-group-sm>.input-group-prepend>select.btn:not([size]):not([multiple]),.input-group-sm>.input-group-prepend>select.input-group-text:not([size]):not([multiple]),.input-group-sm>select.form-control:not([size]):not([multiple]),select.form-control-sm:not([size]):not([multiple]){height:calc(1.8125rem + 2px)}.form-control-lg,.input-group-lg>.form-control,.input-group-lg>.input-group-append>.btn,.input-group-lg>.input-group-append>.input-group-text,.input-group-lg>.input-group-prepend>.btn,.input-group-lg>.input-group-prepend>.input-group-text{padding:.5rem 1rem;font-size:1.25rem;line-height:1.5;border-radius:.3rem}.input-group-lg>.input-group-append>select.btn:not([size]):not([multiple]),.input-group-lg>.input-group-append>select.input-group-text:not([size]):not([multiple]),.input-group-lg>.input-group-prepend>select.btn:not([size]):not([multiple]),.input-group-lg>.input-group-prepend>select.input-group-text:not([size]):not([multiple]),.input-group-lg>select.form-control:not([size]):not([multiple]),select.form-control-lg:not([size]):not([multiple]){height:calc(2.875rem + 2px)}.form-group{margin-bottom:1rem}.form-text{display:block;margin-top:.25rem}.form-row{display:-webkit-box;display:-ms-flexbox;display:flex;-ms-flex-wrap:wrap;flex-wrap:wrap;margin-right:-5px;margin-left:-5px}.form-row>.col,.form-row>[class*=col-]{padding-right:5px;padding-left:5px}.form-check{position:relative;display:block;padding-left:1.25rem}.form-check-input{position:absolute;margin-top:.3rem;margin-left:-1.25rem}.form-check-input:disabled~.form-check-label{color:#6c757d}.form-check-label{margin-bottom:0}.form-check-inline{display:-webkit-inline-box;display:-ms-inline-flexbox;display:inline-flex;-webkit-box-align:center;-ms-flex-align:center;align-items:center;padding-left:0;margin-right:.75rem}.form-check-inline .form-check-input{position:static;margin-top:0;margin-right:.3125rem;margin-left:0}.valid-feedback{display:none;width:100%;margin-top:.25rem;font-size:80%;color:#28a745}.valid-tooltip{position:absolute;top:100%;z-index:5;display:none;max-width:100%;padding:.5rem;margin-top:.1rem;font-size:.875rem;line-height:1;color:#fff;background-color:rgba(40,167,69,.8);border-radius:.2rem}.custom-select.is-valid,.form-control.is-valid,.was-validated .custom-select:valid,.was-validated .form-control:valid{border-color:#28a745}.custom-select.is-valid:focus,.form-control.is-valid:focus,.was-validated .custom-select:valid:focus,.was-validated .form-control:valid:focus{border-color:#28a745;box-shadow:0 0 0 .2rem rgba(40,167,69,.25)}.custom-select.is-valid~.valid-feedback,.custom-select.is-valid~.valid-tooltip,.form-control.is-valid~.valid-feedback,.form-control.is-valid~.valid-tooltip,.was-validated .custom-select:valid~.valid-feedback,.was-validated .custom-select:valid~.valid-tooltip,.was-validated .form-control:valid~.valid-feedback,.was-validated .form-control:valid~.valid-tooltip{display:block}.form-check-input.is-valid~.form-check-label,.was-validated .form-check-input:valid~.form-check-label{color:#28a745}.form-check-input.is-valid~.valid-feedback,.form-check-input.is-valid~.valid-tooltip,.was-validated .form-check-input:valid~.valid-feedback,.was-validated .form-check-input:valid~.valid-tooltip{display:block}.custom-control-input.is-valid~.custom-control-label,.was-validated .custom-control-input:valid~.custom-control-label{color:#28a745}.custom-control-input.is-valid~.custom-control-label::before,.was-validated .custom-control-input:valid~.custom-control-label::before{background-color:#71dd8a}.custom-control-input.is-valid~.valid-feedback,.custom-control-input.is-valid~.valid-tooltip,.was-validated .custom-control-input:valid~.valid-feedback,.was-validated .custom-control-input:valid~.valid-tooltip{display:block}.custom-control-input.is-valid:checked~.custom-control-label::before,.was-validated .custom-control-input:valid:checked~.custom-control-label::before{background-color:#34ce57}.custom-control-input.is-valid:focus~.custom-control-label::before,.was-validated .custom-control-input:valid:focus~.custom-control-label::before{box-shadow:0 0 0 1px #fff,0 0 0 .2rem rgba(40,167,69,.25)}.custom-file-input.is-valid~.custom-file-label,.was-validated .custom-file-input:valid~.custom-file-label{border-color:#28a745}.custom-file-input.is-valid~.custom-file-label::before,.was-validated .custom-file-input:valid~.custom-file-label::before{border-color:inherit}.custom-file-input.is-valid~.valid-feedback,.custom-file-input.is-valid~.valid-tooltip,.was-validated .custom-file-input:valid~.valid-feedback,.was-validated .custom-file-input:valid~.valid-tooltip{display:block}.custom-file-input.is-valid:focus~.custom-file-label,.was-validated .custom-file-input:valid:focus~.custom-file-label{box-shadow:0 0 0 .2rem rgba(40,167,69,.25)}.invalid-feedback{display:none;width:100%;margin-top:.25rem;font-size:80%;color:#dc3545}.invalid-tooltip{position:absolute;top:100%;z-index:5;display:none;max-width:100%;padding:.5rem;margin-top:.1rem;font-size:.875rem;line-height:1;color:#fff;background-color:rgba(220,53,69,.8);border-radius:.2rem}.custom-select.is-invalid,.form-control.is-invalid,.was-validated .custom-select:invalid,.was-validated .form-control:invalid{border-color:#dc3545}.custom-select.is-invalid:focus,.form-control.is-invalid:focus,.was-validated .custom-select:invalid:focus,.was-validated .form-control:invalid:focus{border-color:#dc3545;box-shadow:0 0 0 .2rem rgba(220,53,69,.25)}.custom-select.is-invalid~.invalid-feedback,.custom-select.is-invalid~.invalid-tooltip,.form-control.is-invalid~.invalid-feedback,.form-control.is-invalid~.invalid-tooltip,.was-validated .custom-select:invalid~.invalid-feedback,.was-validated .custom-select:invalid~.invalid-tooltip,.was-validated .form-control:invalid~.invalid-feedback,.was-validated .form-control:invalid~.invalid-tooltip{display:block}.form-check-input.is-invalid~.form-check-label,.was-validated .form-check-input:invalid~.form-check-label{color:#dc3545}.form-check-input.is-invalid~.invalid-feedback,.form-check-input.is-invalid~.invalid-tooltip,.was-validated .form-check-input:invalid~.invalid-feedback,.was-validated .form-check-input:invalid~.invalid-tooltip{display:block}.custom-control-input.is-invalid~.custom-control-label,.was-validated .custom-control-input:invalid~.custom-control-label{color:#dc3545}.custom-control-input.is-invalid~.custom-control-label::before,.was-validated .custom-control-input:invalid~.custom-control-label::before{background-color:#efa2a9}.custom-control-input.is-invalid~.invalid-feedback,.custom-control-input.is-invalid~.invalid-tooltip,.was-validated .custom-control-input:invalid~.invalid-feedback,.was-validated .custom-control-input:invalid~.invalid-tooltip{display:block}.custom-control-input.is-invalid:checked~.custom-control-label::before,.was-validated .custom-control-input:invalid:checked~.custom-control-label::before{background-color:#e4606d}.custom-control-input.is-invalid:focus~.custom-control-label::before,.was-validated .custom-control-input:invalid:focus~.custom-control-label::before{box-shadow:0 0 0 1px #fff,0 0 0 .2rem rgba(220,53,69,.25)}.custom-file-input.is-invalid~.custom-file-label,.was-validated .custom-file-input:invalid~.custom-file-label{border-color:#dc3545}.custom-file-input.is-invalid~.custom-file-label::before,.was-validated .custom-file-input:invalid~.custom-file-label::before{border-color:inherit}.custom-file-input.is-invalid~.invalid-feedback,.custom-file-input.is-invalid~.invalid-tooltip,.was-validated .custom-file-input:invalid~.invalid-feedback,.was-validated .custom-file-input:invalid~.invalid-tooltip{display:block}.custom-file-input.is-invalid:focus~.custom-file-label,.was-validated .custom-file-input:invalid:focus~.custom-file-label{box-shadow:0 0 0 .2rem rgba(220,53,69,.25)}.form-inline{display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-orient:horizontal;-webkit-box-direction:normal;-ms-flex-flow:row wrap;flex-flow:row wrap;-webkit-box-align:center;-ms-flex-align:center;align-items:center}.form-inline .form-check{width:100%}@media (min-width:576px){.form-inline label{display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-align:center;-ms-flex-align:center;align-items:center;-webkit-box-pack:center;-ms-flex-pack:center;justify-content:center;margin-bottom:0}.form-inline .form-group{display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-flex:0;-ms-flex:0 0 auto;flex:0 0 auto;-webkit-box-orient:horizontal;-webkit-box-direction:normal;-ms-flex-flow:row wrap;flex-flow:row wrap;-webkit-box-align:center;-ms-flex-align:center;align-items:center;margin-bottom:0}.form-inline .form-control{display:inline-block;width:auto;vertical-align:middle}.form-inline .form-control-plaintext{display:inline-block}.form-inline .input-group{width:auto}.form-inline .form-check{display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-align:center;-ms-flex-align:center;align-items:center;-webkit-box-pack:center;-ms-flex-pack:center;justify-content:center;width:auto;padding-left:0}.form-inline .form-check-input{position:relative;margin-top:0;margin-right:.25rem;margin-left:0}.form-inline .custom-control{-webkit-box-align:center;-ms-flex-align:center;align-items:center;-webkit-box-pack:center;-ms-flex-pack:center;justify-content:center}.form-inline .custom-control-label{margin-bottom:0}}.btn{display:inline-block;font-weight:400;text-align:center;white-space:nowrap;vertical-align:middle;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none;border:1px solid transparent;padding:.375rem .75rem;font-size:1rem;line-height:1.5;border-radius:.25rem;transition:color .15s ease-in-out,background-color .15s ease-in-out,border-color .15s ease-in-out,box-shadow .15s ease-in-out}.btn:focus,.btn:hover{text-decoration:none}.btn.focus,.btn:focus{outline:0;box-shadow:0 0 0 .2rem rgba(0,123,255,.25)}.btn.disabled,.btn:disabled{opacity:.65}.btn:not(:disabled):not(.disabled){cursor:pointer}.btn:not(:disabled):not(.disabled).active,.btn:not(:disabled):not(.disabled):active{background-image:none}a.btn.disabled,fieldset:disabled a.btn{pointer-events:none}.btn-primary{color:#fff;background-color:#007bff;border-color:#007bff}.btn-primary:hover{color:#fff;background-color:#0069d9;border-color:#0062cc}.btn-primary.focus,.btn-primary:focus{box-shadow:0 0 0 .2rem rgba(0,123,255,.5)}.btn-primary.disabled,.btn-primary:disabled{color:#fff;background-color:#007bff;border-color:#007bff}.btn-primary:not(:disabled):not(.disabled).active,.btn-primary:not(:disabled):not(.disabled):active,.show>.btn-primary.dropdown-toggle{color:#fff;background-color:#0062cc;border-color:#005cbf}.btn-primary:not(:disabled):not(.disabled).active:focus,.btn-primary:not(:disabled):not(.disabled):active:focus,.show>.btn-primary.dropdown-toggle:focus{box-shadow:0 0 0 .2rem rgba(0,123,255,.5)}.btn-secondary{color:#fff;background-color:#6c757d;border-color:#6c757d}.btn-secondary:hover{color:#fff;background-color:#5a6268;border-color:#545b62}.btn-secondary.focus,.btn-secondary:focus{box-shadow:0 0 0 .2rem rgba(108,117,125,.5)}.btn-secondary.disabled,.btn-secondary:disabled{color:#fff;background-color:#6c757d;border-color:#6c757d}.btn-secondary:not(:disabled):not(.disabled).active,.btn-secondary:not(:disabled):not(.disabled):active,.show>.btn-secondary.dropdown-toggle{color:#fff;background-color:#545b62;border-color:#4e555b}.btn-secondary:not(:disabled):not(.disabled).active:focus,.btn-secondary:not(:disabled):not(.disabled):active:focus,.show>.btn-secondary.dropdown-toggle:focus{box-shadow:0 0 0 .2rem rgba(108,117,125,.5)}.btn-success{color:#fff;background-color:#28a745;border-color:#28a745}.btn-success:hover{color:#fff;background-color:#218838;border-color:#1e7e34}.btn-success.focus,.btn-success:focus{box-shadow:0 0 0 .2rem rgba(40,167,69,.5)}.btn-success.disabled,.btn-success:disabled{color:#fff;background-color:#28a745;border-color:#28a745}.btn-success:not(:disabled):not(.disabled).active,.btn-success:not(:disabled):not(.disabled):active,.show>.btn-success.dropdown-toggle{color:#fff;background-color:#1e7e34;border-color:#1c7430}.btn-success:not(:disabled):not(.disabled).active:focus,.btn-success:not(:disabled):not(.disabled):active:focus,.show>.btn-success.dropdown-toggle:focus{box-shadow:0 0 0 .2rem rgba(40,167,69,.5)}.btn-info{color:#fff;background-color:#17a2b8;border-color:#17a2b8}.btn-info:hover{color:#fff;background-color:#138496;border-color:#117a8b}.btn-info.focus,.btn-info:focus{box-shadow:0 0 0 .2rem rgba(23,162,184,.5)}.btn-info.disabled,.btn-info:disabled{color:#fff;background-color:#17a2b8;border-color:#17a2b8}.btn-info:not(:disabled):not(.disabled).active,.btn-info:not(:disabled):not(.disabled):active,.show>.btn-info.dropdown-toggle{color:#fff;background-color:#117a8b;border-color:#10707f}.btn-info:not(:disabled):not(.disabled).active:focus,.btn-info:not(:disabled):not(.disabled):active:focus,.show>.btn-info.dropdown-toggle:focus{box-shadow:0 0 0 .2rem rgba(23,162,184,.5)}.btn-warning{color:#212529;background-color:#ffc107;border-color:#ffc107}.btn-warning:hover{color:#212529;background-color:#e0a800;border-color:#d39e00}.btn-warning.focus,.btn-warning:focus{box-shadow:0 0 0 .2rem rgba(255,193,7,.5)}.btn-warning.disabled,.btn-warning:disabled{color:#212529;background-color:#ffc107;border-color:#ffc107}.btn-warning:not(:disabled):not(.disabled).active,.btn-warning:not(:disabled):not(.disabled):active,.show>.btn-warning.dropdown-toggle{color:#212529;background-color:#d39e00;border-color:#c69500}.btn-warning:not(:disabled):not(.disabled).active:focus,.btn-warning:not(:disabled):not(.disabled):active:focus,.show>.btn-warning.dropdown-toggle:focus{box-shadow:0 0 0 .2rem rgba(255,193,7,.5)}.btn-danger{color:#fff;background-color:#dc3545;border-color:#dc3545}.btn-danger:hover{color:#fff;background-color:#c82333;border-color:#bd2130}.btn-danger.focus,.btn-danger:focus{box-shadow:0 0 0 .2rem rgba(220,53,69,.5)}.btn-danger.disabled,.btn-danger:disabled{color:#fff;background-color:#dc3545;border-color:#dc3545}.btn-danger:not(:disabled):not(.disabled).active,.btn-danger:not(:disabled):not(.disabled):active,.show>.btn-danger.dropdown-toggle{color:#fff;background-color:#bd2130;border-color:#b21f2d}.btn-danger:not(:disabled):not(.disabled).active:focus,.btn-danger:not(:disabled):not(.disabled):active:focus,.show>.btn-danger.dropdown-toggle:focus{box-shadow:0 0 0 .2rem rgba(220,53,69,.5)}.btn-light{color:#212529;background-color:#f8f9fa;border-color:#f8f9fa}.btn-light:hover{color:#212529;background-color:#e2e6ea;border-color:#dae0e5}.btn-light.focus,.btn-light:focus{box-shadow:0 0 0 .2rem rgba(248,249,250,.5)}.btn-light.disabled,.btn-light:disabled{color:#212529;background-color:#f8f9fa;border-color:#f8f9fa}.btn-light:not(:disabled):not(.disabled).active,.btn-light:not(:disabled):not(.disabled):active,.show>.btn-light.dropdown-toggle{color:#212529;background-color:#dae0e5;border-color:#d3d9df}.btn-light:not(:disabled):not(.disabled).active:focus,.btn-light:not(:disabled):not(.disabled):active:focus,.show>.btn-light.dropdown-toggle:focus{box-shadow:0 0 0 .2rem rgba(248,249,250,.5)}.btn-dark{color:#fff;background-color:#343a40;border-color:#343a40}.btn-dark:hover{color:#fff;background-color:#23272b;border-color:#1d2124}.btn-dark.focus,.btn-dark:focus{box-shadow:0 0 0 .2rem rgba(52,58,64,.5)}.btn-dark.disabled,.btn-dark:disabled{color:#fff;background-color:#343a40;border-color:#343a40}.btn-dark:not(:disabled):not(.disabled).active,.btn-dark:not(:disabled):not(.disabled):active,.show>.btn-dark.dropdown-toggle{color:#fff;background-color:#1d2124;border-color:#171a1d}.btn-dark:not(:disabled):not(.disabled).active:focus,.btn-dark:not(:disabled):not(.disabled):active:focus,.show>.btn-dark.dropdown-toggle:focus{box-shadow:0 0 0 .2rem rgba(52,58,64,.5)}.btn-outline-primary{color:#007bff;background-color:transparent;background-image:none;border-color:#007bff}.btn-outline-primary:hover{color:#fff;background-color:#007bff;border-color:#007bff}.btn-outline-primary.focus,.btn-outline-primary:focus{box-shadow:0 0 0 .2rem rgba(0,123,255,.5)}.btn-outline-primary.disabled,.btn-outline-primary:disabled{color:#007bff;background-color:transparent}.btn-outline-primary:not(:disabled):not(.disabled).active,.btn-outline-primary:not(:disabled):not(.disabled):active,.show>.btn-outline-primary.dropdown-toggle{color:#fff;background-color:#007bff;border-color:#007bff}.btn-outline-primary:not(:disabled):not(.disabled).active:focus,.btn-outline-primary:not(:disabled):not(.disabled):active:focus,.show>.btn-outline-primary.dropdown-toggle:focus{box-shadow:0 0 0 .2rem rgba(0,123,255,.5)}.btn-outline-secondary{color:#6c757d;background-color:transparent;background-image:none;border-color:#6c757d}.btn-outline-secondary:hover{color:#fff;background-color:#6c757d;border-color:#6c757d}.btn-outline-secondary.focus,.btn-outline-secondary:focus{box-shadow:0 0 0 .2rem rgba(108,117,125,.5)}.btn-outline-secondary.disabled,.btn-outline-secondary:disabled{color:#6c757d;background-color:transparent}.btn-outline-secondary:not(:disabled):not(.disabled).active,.btn-outline-secondary:not(:disabled):not(.disabled):active,.show>.btn-outline-secondary.dropdown-toggle{color:#fff;background-color:#6c757d;border-color:#6c757d}.btn-outline-secondary:not(:disabled):not(.disabled).active:focus,.btn-outline-secondary:not(:disabled):not(.disabled):active:focus,.show>.btn-outline-secondary.dropdown-toggle:focus{box-shadow:0 0 0 .2rem rgba(108,117,125,.5)}.btn-outline-success{color:#28a745;background-color:transparent;background-image:none;border-color:#28a745}.btn-outline-success:hover{color:#fff;background-color:#28a745;border-color:#28a745}.btn-outline-success.focus,.btn-outline-success:focus{box-shadow:0 0 0 .2rem rgba(40,167,69,.5)}.btn-outline-success.disabled,.btn-outline-success:disabled{color:#28a745;background-color:transparent}.btn-outline-success:not(:disabled):not(.disabled).active,.btn-outline-success:not(:disabled):not(.disabled):active,.show>.btn-outline-success.dropdown-toggle{color:#fff;background-color:#28a745;border-color:#28a745}.btn-outline-success:not(:disabled):not(.disabled).active:focus,.btn-outline-success:not(:disabled):not(.disabled):active:focus,.show>.btn-outline-success.dropdown-toggle:focus{box-shadow:0 0 0 .2rem rgba(40,167,69,.5)}.btn-outline-info{color:#17a2b8;background-color:transparent;background-image:none;border-color:#17a2b8}.btn-outline-info:hover{color:#fff;background-color:#17a2b8;border-color:#17a2b8}.btn-outline-info.focus,.btn-outline-info:focus{box-shadow:0 0 0 .2rem rgba(23,162,184,.5)}.btn-outline-info.disabled,.btn-outline-info:disabled{color:#17a2b8;background-color:transparent}.btn-outline-info:not(:disabled):not(.disabled).active,.btn-outline-info:not(:disabled):not(.disabled):active,.show>.btn-outline-info.dropdown-toggle{color:#fff;background-color:#17a2b8;border-color:#17a2b8}.btn-outline-info:not(:disabled):not(.disabled).active:focus,.btn-outline-info:not(:disabled):not(.disabled):active:focus,.show>.btn-outline-info.dropdown-toggle:focus{box-shadow:0 0 0 .2rem rgba(23,162,184,.5)}.btn-outline-warning{color:#ffc107;background-color:transparent;background-image:none;border-color:#ffc107}.btn-outline-warning:hover{color:#212529;background-color:#ffc107;border-color:#ffc107}.btn-outline-warning.focus,.btn-outline-warning:focus{box-shadow:0 0 0 .2rem rgba(255,193,7,.5)}.btn-outline-warning.disabled,.btn-outline-warning:disabled{color:#ffc107;background-color:transparent}.btn-outline-warning:not(:disabled):not(.disabled).active,.btn-outline-warning:not(:disabled):not(.disabled):active,.show>.btn-outline-warning.dropdown-toggle{color:#212529;background-color:#ffc107;border-color:#ffc107}.btn-outline-warning:not(:disabled):not(.disabled).active:focus,.btn-outline-warning:not(:disabled):not(.disabled):active:focus,.show>.btn-outline-warning.dropdown-toggle:focus{box-shadow:0 0 0 .2rem rgba(255,193,7,.5)}.btn-outline-danger{color:#dc3545;background-color:transparent;background-image:none;border-color:#dc3545}.btn-outline-danger:hover{color:#fff;background-color:#dc3545;border-color:#dc3545}.btn-outline-danger.focus,.btn-outline-danger:focus{box-shadow:0 0 0 .2rem rgba(220,53,69,.5)}.btn-outline-danger.disabled,.btn-outline-danger:disabled{color:#dc3545;background-color:transparent}.btn-outline-danger:not(:disabled):not(.disabled).active,.btn-outline-danger:not(:disabled):not(.disabled):active,.show>.btn-outline-danger.dropdown-toggle{color:#fff;background-color:#dc3545;border-color:#dc3545}.btn-outline-danger:not(:disabled):not(.disabled).active:focus,.btn-outline-danger:not(:disabled):not(.disabled):active:focus,.show>.btn-outline-danger.dropdown-toggle:focus{box-shadow:0 0 0 .2rem rgba(220,53,69,.5)}.btn-outline-light{color:#f8f9fa;background-color:transparent;background-image:none;border-color:#f8f9fa}.btn-outline-light:hover{color:#212529;background-color:#f8f9fa;border-color:#f8f9fa}.btn-outline-light.focus,.btn-outline-light:focus{box-shadow:0 0 0 .2rem rgba(248,249,250,.5)}.btn-outline-light.disabled,.btn-outline-light:disabled{color:#f8f9fa;background-color:transparent}.btn-outline-light:not(:disabled):not(.disabled).active,.btn-outline-light:not(:disabled):not(.disabled):active,.show>.btn-outline-light.dropdown-toggle{color:#212529;background-color:#f8f9fa;border-color:#f8f9fa}.btn-outline-light:not(:disabled):not(.disabled).active:focus,.btn-outline-light:not(:disabled):not(.disabled):active:focus,.show>.btn-outline-light.dropdown-toggle:focus{box-shadow:0 0 0 .2rem rgba(248,249,250,.5)}.btn-outline-dark{color:#343a40;background-color:transparent;background-image:none;border-color:#343a40}.btn-outline-dark:hover{color:#fff;background-color:#343a40;border-color:#343a40}.btn-outline-dark.focus,.btn-outline-dark:focus{box-shadow:0 0 0 .2rem rgba(52,58,64,.5)}.btn-outline-dark.disabled,.btn-outline-dark:disabled{color:#343a40;background-color:transparent}.btn-outline-dark:not(:disabled):not(.disabled).active,.btn-outline-dark:not(:disabled):not(.disabled):active,.show>.btn-outline-dark.dropdown-toggle{color:#fff;background-color:#343a40;border-color:#343a40}.btn-outline-dark:not(:disabled):not(.disabled).active:focus,.btn-outline-dark:not(:disabled):not(.disabled):active:focus,.show>.btn-outline-dark.dropdown-toggle:focus{box-shadow:0 0 0 .2rem rgba(52,58,64,.5)}.btn-link{font-weight:400;color:#007bff;background-color:transparent}.btn-link:hover{color:#0056b3;text-decoration:underline;background-color:transparent;border-color:transparent}.btn-link.focus,.btn-link:focus{text-decoration:underline;border-color:transparent;box-shadow:none}.btn-link.disabled,.btn-link:disabled{color:#6c757d}.btn-group-lg>.btn,.btn-lg{padding:.5rem 1rem;font-size:1.25rem;line-height:1.5;border-radius:.3rem}.btn-group-sm>.btn,.btn-sm{padding:.25rem .5rem;font-size:.875rem;line-height:1.5;border-radius:.2rem}.btn-block{display:block;width:100%}.btn-block+.btn-block{margin-top:.5rem}input[type=button].btn-block,input[type=reset].btn-block,input[type=submit].btn-block{width:100%}.fade{opacity:0;transition:opacity .15s linear}.fade.show{opacity:1}.collapse{display:none}.collapse.show{display:block}tr.collapse.show{display:table-row}tbody.collapse.show{display:table-row-group}.collapsing{position:relative;height:0;overflow:hidden;transition:height .35s ease}.dropdown,.dropup{position:relative}.dropdown-toggle::after{display:inline-block;width:0;height:0;margin-left:.255em;vertical-align:.255em;content:"";border-top:.3em solid;border-right:.3em solid transparent;border-bottom:0;border-left:.3em solid transparent}.dropdown-toggle:empty::after{margin-left:0}.dropdown-menu{position:absolute;top:100%;left:0;z-index:1000;display:none;float:left;min-width:10rem;padding:.5rem 0;margin:.125rem 0 0;font-size:1rem;color:#212529;text-align:left;list-style:none;background-color:#fff;background-clip:padding-box;border:1px solid rgba(0,0,0,.15);border-radius:.25rem}.dropup .dropdown-menu{margin-top:0;margin-bottom:.125rem}.dropup .dropdown-toggle::after{display:inline-block;width:0;height:0;margin-left:.255em;vertical-align:.255em;content:"";border-top:0;border-right:.3em solid transparent;border-bottom:.3em solid;border-left:.3em solid transparent}.dropup .dropdown-toggle:empty::after{margin-left:0}.dropright .dropdown-menu{margin-top:0;margin-left:.125rem}.dropright .dropdown-toggle::after{display:inline-block;width:0;height:0;margin-left:.255em;vertical-align:.255em;content:"";border-top:.3em solid transparent;border-bottom:.3em solid transparent;border-left:.3em solid}.dropright .dropdown-toggle:empty::after{margin-left:0}.dropright .dropdown-toggle::after{vertical-align:0}.dropleft .dropdown-menu{margin-top:0;margin-right:.125rem}.dropleft .dropdown-toggle::after{display:inline-block;width:0;height:0;margin-left:.255em;vertical-align:.255em;content:""}.dropleft .dropdown-toggle::after{display:none}.dropleft .dropdown-toggle::before{display:inline-block;width:0;height:0;margin-right:.255em;vertical-align:.255em;content:"";border-top:.3em solid transparent;border-right:.3em solid;border-bottom:.3em solid transparent}.dropleft .dropdown-toggle:empty::after{margin-left:0}.dropleft .dropdown-toggle::before{vertical-align:0}.dropdown-divider{height:0;margin:.5rem 0;overflow:hidden;border-top:1px solid #e9ecef}.dropdown-item{display:block;width:100%;padding:.25rem 1.5rem;clear:both;font-weight:400;color:#212529;text-align:inherit;white-space:nowrap;background-color:transparent;border:0}.dropdown-item:focus,.dropdown-item:hover{color:#16181b;text-decoration:none;background-color:#f8f9fa}.dropdown-item.active,.dropdown-item:active{color:#fff;text-decoration:none;background-color:#007bff}.dropdown-item.disabled,.dropdown-item:disabled{color:#6c757d;background-color:transparent}.dropdown-menu.show{display:block}.dropdown-header{display:block;padding:.5rem 1.5rem;margin-bottom:0;font-size:.875rem;color:#6c757d;white-space:nowrap}.btn-group,.btn-group-vertical{position:relative;display:-webkit-inline-box;display:-ms-inline-flexbox;display:inline-flex;vertical-align:middle}.btn-group-vertical>.btn,.btn-group>.btn{position:relative;-webkit-box-flex:0;-ms-flex:0 1 auto;flex:0 1 auto}.btn-group-vertical>.btn:hover,.btn-group>.btn:hover{z-index:1}.btn-group-vertical>.btn.active,.btn-group-vertical>.btn:active,.btn-group-vertical>.btn:focus,.btn-group>.btn.active,.btn-group>.btn:active,.btn-group>.btn:focus{z-index:1}.btn-group .btn+.btn,.btn-group .btn+.btn-group,.btn-group .btn-group+.btn,.btn-group .btn-group+.btn-group,.btn-group-vertical .btn+.btn,.btn-group-vertical .btn+.btn-group,.btn-group-vertical .btn-group+.btn,.btn-group-vertical .btn-group+.btn-group{margin-left:-1px}.btn-toolbar{display:-webkit-box;display:-ms-flexbox;display:flex;-ms-flex-wrap:wrap;flex-wrap:wrap;-webkit-box-pack:start;-ms-flex-pack:start;justify-content:flex-start}.btn-toolbar .input-group{width:auto}.btn-group>.btn:first-child{margin-left:0}.btn-group>.btn-group:not(:last-child)>.btn,.btn-group>.btn:not(:last-child):not(.dropdown-toggle){border-top-right-radius:0;border-bottom-right-radius:0}.btn-group>.btn-group:not(:first-child)>.btn,.btn-group>.btn:not(:first-child){border-top-left-radius:0;border-bottom-left-radius:0}.dropdown-toggle-split{padding-right:.5625rem;padding-left:.5625rem}.dropdown-toggle-split::after{margin-left:0}.btn-group-sm>.btn+.dropdown-toggle-split,.btn-sm+.dropdown-toggle-split{padding-right:.375rem;padding-left:.375rem}.btn-group-lg>.btn+.dropdown-toggle-split,.btn-lg+.dropdown-toggle-split{padding-right:.75rem;padding-left:.75rem}.btn-group-vertical{-webkit-box-orient:vertical;-webkit-box-direction:normal;-ms-flex-direction:column;flex-direction:column;-webkit-box-align:start;-ms-flex-align:start;align-items:flex-start;-webkit-box-pack:center;-ms-flex-pack:center;justify-content:center}.btn-group-vertical .btn,.btn-group-vertical .btn-group{width:100%}.btn-group-vertical>.btn+.btn,.btn-group-vertical>.btn+.btn-group,.btn-group-vertical>.btn-group+.btn,.btn-group-vertical>.btn-group+.btn-group{margin-top:-1px;margin-left:0}.btn-group-vertical>.btn-group:not(:last-child)>.btn,.btn-group-vertical>.btn:not(:last-child):not(.dropdown-toggle){border-bottom-right-radius:0;border-bottom-left-radius:0}.btn-group-vertical>.btn-group:not(:first-child)>.btn,.btn-group-vertical>.btn:not(:first-child){border-top-left-radius:0;border-top-right-radius:0}.btn-group-toggle>.btn,.btn-group-toggle>.btn-group>.btn{margin-bottom:0}.btn-group-toggle>.btn input[type=checkbox],.btn-group-toggle>.btn input[type=radio],.btn-group-toggle>.btn-group>.btn input[type=checkbox],.btn-group-toggle>.btn-group>.btn input[type=radio]{position:absolute;clip:rect(0,0,0,0);pointer-events:none}.input-group{position:relative;display:-webkit-box;display:-ms-flexbox;display:flex;-ms-flex-wrap:wrap;flex-wrap:wrap;-webkit-box-align:stretch;-ms-flex-align:stretch;align-items:stretch;width:100%}.input-group>.custom-file,.input-group>.custom-select,.input-group>.form-control{position:relative;-webkit-box-flex:1;-ms-flex:1 1 auto;flex:1 1 auto;width:1%;margin-bottom:0}.input-group>.custom-file:focus,.input-group>.custom-select:focus,.input-group>.form-control:focus{z-index:3}.input-group>.custom-file+.custom-file,.input-group>.custom-file+.custom-select,.input-group>.custom-file+.form-control,.input-group>.custom-select+.custom-file,.input-group>.custom-select+.custom-select,.input-group>.custom-select+.form-control,.input-group>.form-control+.custom-file,.input-group>.form-control+.custom-select,.input-group>.form-control+.form-control{margin-left:-1px}.input-group>.custom-select:not(:last-child),.input-group>.form-control:not(:last-child){border-top-right-radius:0;border-bottom-right-radius:0}.input-group>.custom-select:not(:first-child),.input-group>.form-control:not(:first-child){border-top-left-radius:0;border-bottom-left-radius:0}.input-group>.custom-file{display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-align:center;-ms-flex-align:center;align-items:center}.input-group>.custom-file:not(:last-child) .custom-file-label,.input-group>.custom-file:not(:last-child) .custom-file-label::before{border-top-right-radius:0;border-bottom-right-radius:0}.input-group>.custom-file:not(:first-child) .custom-file-label,.input-group>.custom-file:not(:first-child) .custom-file-label::before{border-top-left-radius:0;border-bottom-left-radius:0}.input-group-append,.input-group-prepend{display:-webkit-box;display:-ms-flexbox;display:flex}.input-group-append .btn,.input-group-prepend .btn{position:relative;z-index:2}.input-group-append .btn+.btn,.input-group-append .btn+.input-group-text,.input-group-append .input-group-text+.btn,.input-group-append .input-group-text+.input-group-text,.input-group-prepend .btn+.btn,.input-group-prepend .btn+.input-group-text,.input-group-prepend .input-group-text+.btn,.input-group-prepend .input-group-text+.input-group-text{margin-left:-1px}.input-group-prepend{margin-right:-1px}.input-group-append{margin-left:-1px}.input-group-text{display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-align:center;-ms-flex-align:center;align-items:center;padding:.375rem .75rem;margin-bottom:0;font-size:1rem;font-weight:400;line-height:1.5;color:#495057;text-align:center;white-space:nowrap;background-color:#e9ecef;border:1px solid #ced4da;border-radius:.25rem}.input-group-text input[type=checkbox],.input-group-text input[type=radio]{margin-top:0}.input-group>.input-group-append:last-child>.btn:not(:last-child):not(.dropdown-toggle),.input-group>.input-group-append:last-child>.input-group-text:not(:last-child),.input-group>.input-group-append:not(:last-child)>.btn,.input-group>.input-group-append:not(:last-child)>.input-group-text,.input-group>.input-group-prepend>.btn,.input-group>.input-group-prepend>.input-group-text{border-top-right-radius:0;border-bottom-right-radius:0}.input-group>.input-group-append>.btn,.input-group>.input-group-append>.input-group-text,.input-group>.input-group-prepend:first-child>.btn:not(:first-child),.input-group>.input-group-prepend:first-child>.input-group-text:not(:first-child),.input-group>.input-group-prepend:not(:first-child)>.btn,.input-group>.input-group-prepend:not(:first-child)>.input-group-text{border-top-left-radius:0;border-bottom-left-radius:0}.custom-control{position:relative;display:block;min-height:1.5rem;padding-left:1.5rem}.custom-control-inline{display:-webkit-inline-box;display:-ms-inline-flexbox;display:inline-flex;margin-right:1rem}.custom-control-input{position:absolute;z-index:-1;opacity:0}.custom-control-input:checked~.custom-control-label::before{color:#fff;background-color:#007bff}.custom-control-input:focus~.custom-control-label::before{box-shadow:0 0 0 1px #fff,0 0 0 .2rem rgba(0,123,255,.25)}.custom-control-input:active~.custom-control-label::before{color:#fff;background-color:#b3d7ff}.custom-control-input:disabled~.custom-control-label{color:#6c757d}.custom-control-input:disabled~.custom-control-label::before{background-color:#e9ecef}.custom-control-label{margin-bottom:0}.custom-control-label::before{position:absolute;top:.25rem;left:0;display:block;width:1rem;height:1rem;pointer-events:none;content:"";-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none;background-color:#dee2e6}.custom-control-label::after{position:absolute;top:.25rem;left:0;display:block;width:1rem;height:1rem;content:"";background-repeat:no-repeat;background-position:center center;background-size:50% 50%}.custom-checkbox .custom-control-label::before{border-radius:.25rem}.custom-checkbox .custom-control-input:checked~.custom-control-label::before{background-color:#007bff}.custom-checkbox .custom-control-input:checked~.custom-control-label::after{background-image:url("data:image/svg+xml;charset=utf8,%3Csvg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 8 8'%3E%3Cpath fill='%23fff' d='M6.564.75l-3.59 3.612-1.538-1.55L0 4.26 2.974 7.25 8 2.193z'/%3E%3C/svg%3E")}.custom-checkbox .custom-control-input:indeterminate~.custom-control-label::before{background-color:#007bff}.custom-checkbox .custom-control-input:indeterminate~.custom-control-label::after{background-image:url("data:image/svg+xml;charset=utf8,%3Csvg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 4 4'%3E%3Cpath stroke='%23fff' d='M0 2h4'/%3E%3C/svg%3E")}.custom-checkbox .custom-control-input:disabled:checked~.custom-control-label::before{background-color:rgba(0,123,255,.5)}.custom-checkbox .custom-control-input:disabled:indeterminate~.custom-control-label::before{background-color:rgba(0,123,255,.5)}.custom-radio .custom-control-label::before{border-radius:50%}.custom-radio .custom-control-input:checked~.custom-control-label::before{background-color:#007bff}.custom-radio .custom-control-input:checked~.custom-control-label::after{background-image:url("data:image/svg+xml;charset=utf8,%3Csvg xmlns='http://www.w3.org/2000/svg' viewBox='-4 -4 8 8'%3E%3Ccircle r='3' fill='%23fff'/%3E%3C/svg%3E")}.custom-radio .custom-control-input:disabled:checked~.custom-control-label::before{background-color:rgba(0,123,255,.5)}.custom-select{display:inline-block;width:100%;height:calc(2.25rem + 2px);padding:.375rem 1.75rem .375rem .75rem;line-height:1.5;color:#495057;vertical-align:middle;background:#fff url("data:image/svg+xml;charset=utf8,%3Csvg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 4 5'%3E%3Cpath fill='%23343a40' d='M2 0L0 2h4zm0 5L0 3h4z'/%3E%3C/svg%3E") no-repeat right .75rem center;background-size:8px 10px;border:1px solid #ced4da;border-radius:.25rem;-webkit-appearance:none;-moz-appearance:none;appearance:none}.custom-select:focus{border-color:#80bdff;outline:0;box-shadow:inset 0 1px 2px rgba(0,0,0,.075),0 0 5px rgba(128,189,255,.5)}.custom-select:focus::-ms-value{color:#495057;background-color:#fff}.custom-select[multiple],.custom-select[size]:not([size="1"]){height:auto;padding-right:.75rem;background-image:none}.custom-select:disabled{color:#6c757d;background-color:#e9ecef}.custom-select::-ms-expand{opacity:0}.custom-select-sm{height:calc(1.8125rem + 2px);padding-top:.375rem;padding-bottom:.375rem;font-size:75%}.custom-select-lg{height:calc(2.875rem + 2px);padding-top:.375rem;padding-bottom:.375rem;font-size:125%}.custom-file{position:relative;display:inline-block;width:100%;height:calc(2.25rem + 2px);margin-bottom:0}.custom-file-input{position:relative;z-index:2;width:100%;height:calc(2.25rem + 2px);margin:0;opacity:0}.custom-file-input:focus~.custom-file-control{border-color:#80bdff;box-shadow:0 0 0 .2rem rgba(0,123,255,.25)}.custom-file-input:focus~.custom-file-control::before{border-color:#80bdff}.custom-file-input:lang(en)~.custom-file-label::after{content:"Browse"}.custom-file-label{position:absolute;top:0;right:0;left:0;z-index:1;height:calc(2.25rem + 2px);padding:.375rem .75rem;line-height:1.5;color:#495057;background-color:#fff;border:1px solid #ced4da;border-radius:.25rem}.custom-file-label::after{position:absolute;top:0;right:0;bottom:0;z-index:3;display:block;height:calc(calc(2.25rem + 2px) - 1px * 2);padding:.375rem .75rem;line-height:1.5;color:#495057;content:"Browse";background-color:#e9ecef;border-left:1px solid #ced4da;border-radius:0 .25rem .25rem 0}.nav{display:-webkit-box;display:-ms-flexbox;display:flex;-ms-flex-wrap:wrap;flex-wrap:wrap;padding-left:0;margin-bottom:0;list-style:none}.nav-link{display:block;padding:.5rem 1rem}.nav-link:focus,.nav-link:hover{text-decoration:none}.nav-link.disabled{color:#6c757d}.nav-tabs{border-bottom:1px solid #dee2e6}.nav-tabs .nav-item{margin-bottom:-1px}.nav-tabs .nav-link{border:1px solid transparent;border-top-left-radius:.25rem;border-top-right-radius:.25rem}.nav-tabs .nav-link:focus,.nav-tabs .nav-link:hover{border-color:#e9ecef #e9ecef #dee2e6}.nav-tabs .nav-link.disabled{color:#6c757d;background-color:transparent;border-color:transparent}.nav-tabs .nav-item.show .nav-link,.nav-tabs .nav-link.active{color:#495057;background-color:#fff;border-color:#dee2e6 #dee2e6 #fff}.nav-tabs .dropdown-menu{margin-top:-1px;border-top-left-radius:0;border-top-right-radius:0}.nav-pills .nav-link{border-radius:.25rem}.nav-pills .nav-link.active,.nav-pills .show>.nav-link{color:#fff;background-color:#007bff}.nav-fill .nav-item{-webkit-box-flex:1;-ms-flex:1 1 auto;flex:1 1 auto;text-align:center}.nav-justified .nav-item{-ms-flex-preferred-size:0;flex-basis:0;-webkit-box-flex:1;-ms-flex-positive:1;flex-grow:1;text-align:center}.tab-content>.tab-pane{display:none}.tab-content>.active{display:block}.navbar{position:relative;display:-webkit-box;display:-ms-flexbox;display:flex;-ms-flex-wrap:wrap;flex-wrap:wrap;-webkit-box-align:center;-ms-flex-align:center;align-items:center;-webkit-box-pack:justify;-ms-flex-pack:justify;justify-content:space-between;padding:.5rem 1rem}.navbar>.container,.navbar>.container-fluid{display:-webkit-box;display:-ms-flexbox;display:flex;-ms-flex-wrap:wrap;flex-wrap:wrap;-webkit-box-align:center;-ms-flex-align:center;align-items:center;-webkit-box-pack:justify;-ms-flex-pack:justify;justify-content:space-between}.navbar-brand{display:inline-block;padding-top:.3125rem;padding-bottom:.3125rem;margin-right:1rem;font-size:1.25rem;line-height:inherit;white-space:nowrap}.navbar-brand:focus,.navbar-brand:hover{text-decoration:none}.navbar-nav{display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-orient:vertical;-webkit-box-direction:normal;-ms-flex-direction:column;flex-direction:column;padding-left:0;margin-bottom:0;list-style:none}.navbar-nav .nav-link{padding-right:0;padding-left:0}.navbar-nav .dropdown-menu{position:static;float:none}.navbar-text{display:inline-block;padding-top:.5rem;padding-bottom:.5rem}.navbar-collapse{-ms-flex-preferred-size:100%;flex-basis:100%;-webkit-box-flex:1;-ms-flex-positive:1;flex-grow:1;-webkit-box-align:center;-ms-flex-align:center;align-items:center}.navbar-toggler{padding:.25rem .75rem;font-size:1.25rem;line-height:1;background-color:transparent;border:1px solid transparent;border-radius:.25rem}.navbar-toggler:focus,.navbar-toggler:hover{text-decoration:none}.navbar-toggler:not(:disabled):not(.disabled){cursor:pointer}.navbar-toggler-icon{display:inline-block;width:1.5em;height:1.5em;vertical-align:middle;content:"";background:no-repeat center center;background-size:100% 100%}@media (max-width:575.98px){.navbar-expand-sm>.container,.navbar-expand-sm>.container-fluid{padding-right:0;padding-left:0}}@media (min-width:576px){.navbar-expand-sm{-webkit-box-orient:horizontal;-webkit-box-direction:normal;-ms-flex-flow:row nowrap;flex-flow:row nowrap;-webkit-box-pack:start;-ms-flex-pack:start;justify-content:flex-start}.navbar-expand-sm .navbar-nav{-webkit-box-orient:horizontal;-webkit-box-direction:normal;-ms-flex-direction:row;flex-direction:row}.navbar-expand-sm .navbar-nav .dropdown-menu{position:absolute}.navbar-expand-sm .navbar-nav .dropdown-menu-right{right:0;left:auto}.navbar-expand-sm .navbar-nav .nav-link{padding-right:.5rem;padding-left:.5rem}.navbar-expand-sm>.container,.navbar-expand-sm>.container-fluid{-ms-flex-wrap:nowrap;flex-wrap:nowrap}.navbar-expand-sm .navbar-collapse{display:-webkit-box!important;display:-ms-flexbox!important;display:flex!important;-ms-flex-preferred-size:auto;flex-basis:auto}.navbar-expand-sm .navbar-toggler{display:none}.navbar-expand-sm .dropup .dropdown-menu{top:auto;bottom:100%}}@media (max-width:767.98px){.navbar-expand-md>.container,.navbar-expand-md>.container-fluid{padding-right:0;padding-left:0}}@media (min-width:768px){.navbar-expand-md{-webkit-box-orient:horizontal;-webkit-box-direction:normal;-ms-flex-flow:row nowrap;flex-flow:row nowrap;-webkit-box-pack:start;-ms-flex-pack:start;justify-content:flex-start}.navbar-expand-md .navbar-nav{-webkit-box-orient:horizontal;-webkit-box-direction:normal;-ms-flex-direction:row;flex-direction:row}.navbar-expand-md .navbar-nav .dropdown-menu{position:absolute}.navbar-expand-md .navbar-nav .dropdown-menu-right{right:0;left:auto}.navbar-expand-md .navbar-nav .nav-link{padding-right:.5rem;padding-left:.5rem}.navbar-expand-md>.container,.navbar-expand-md>.container-fluid{-ms-flex-wrap:nowrap;flex-wrap:nowrap}.navbar-expand-md .navbar-collapse{display:-webkit-box!important;display:-ms-flexbox!important;display:flex!important;-ms-flex-preferred-size:auto;flex-basis:auto}.navbar-expand-md .navbar-toggler{display:none}.navbar-expand-md .dropup .dropdown-menu{top:auto;bottom:100%}}@media (max-width:991.98px){.navbar-expand-lg>.container,.navbar-expand-lg>.container-fluid{padding-right:0;padding-left:0}}@media (min-width:992px){.navbar-expand-lg{-webkit-box-orient:horizontal;-webkit-box-direction:normal;-ms-flex-flow:row nowrap;flex-flow:row nowrap;-webkit-box-pack:start;-ms-flex-pack:start;justify-content:flex-start}.navbar-expand-lg .navbar-nav{-webkit-box-orient:horizontal;-webkit-box-direction:normal;-ms-flex-direction:row;flex-direction:row}.navbar-expand-lg .navbar-nav .dropdown-menu{position:absolute}.navbar-expand-lg .navbar-nav .dropdown-menu-right{right:0;left:auto}.navbar-expand-lg .navbar-nav .nav-link{padding-right:.5rem;padding-left:.5rem}.navbar-expand-lg>.container,.navbar-expand-lg>.container-fluid{-ms-flex-wrap:nowrap;flex-wrap:nowrap}.navbar-expand-lg .navbar-collapse{display:-webkit-box!important;display:-ms-flexbox!important;display:flex!important;-ms-flex-preferred-size:auto;flex-basis:auto}.navbar-expand-lg .navbar-toggler{display:none}.navbar-expand-lg .dropup .dropdown-menu{top:auto;bottom:100%}}@media (max-width:1199.98px){.navbar-expand-xl>.container,.navbar-expand-xl>.container-fluid{padding-right:0;padding-left:0}}@media (min-width:1200px){.navbar-expand-xl{-webkit-box-orient:horizontal;-webkit-box-direction:normal;-ms-flex-flow:row nowrap;flex-flow:row nowrap;-webkit-box-pack:start;-ms-flex-pack:start;justify-content:flex-start}.navbar-expand-xl .navbar-nav{-webkit-box-orient:horizontal;-webkit-box-direction:normal;-ms-flex-direction:row;flex-direction:row}.navbar-expand-xl .navbar-nav .dropdown-menu{position:absolute}.navbar-expand-xl .navbar-nav .dropdown-menu-right{right:0;left:auto}.navbar-expand-xl .navbar-nav .nav-link{padding-right:.5rem;padding-left:.5rem}.navbar-expand-xl>.container,.navbar-expand-xl>.container-fluid{-ms-flex-wrap:nowrap;flex-wrap:nowrap}.navbar-expand-xl .navbar-collapse{display:-webkit-box!important;display:-ms-flexbox!important;display:flex!important;-ms-flex-preferred-size:auto;flex-basis:auto}.navbar-expand-xl .navbar-toggler{display:none}.navbar-expand-xl .dropup .dropdown-menu{top:auto;bottom:100%}}.navbar-expand{-webkit-box-orient:horizontal;-webkit-box-direction:normal;-ms-flex-flow:row nowrap;flex-flow:row nowrap;-webkit-box-pack:start;-ms-flex-pack:start;justify-content:flex-start}.navbar-expand>.container,.navbar-expand>.container-fluid{padding-right:0;padding-left:0}.navbar-expand .navbar-nav{-webkit-box-orient:horizontal;-webkit-box-direction:normal;-ms-flex-direction:row;flex-direction:row}.navbar-expand .navbar-nav .dropdown-menu{position:absolute}.navbar-expand .navbar-nav .dropdown-menu-right{right:0;left:auto}.navbar-expand .navbar-nav .nav-link{padding-right:.5rem;padding-left:.5rem}.navbar-expand>.container,.navbar-expand>.container-fluid{-ms-flex-wrap:nowrap;flex-wrap:nowrap}.navbar-expand .navbar-collapse{display:-webkit-box!important;display:-ms-flexbox!important;display:flex!important;-ms-flex-preferred-size:auto;flex-basis:auto}.navbar-expand .navbar-toggler{display:none}.navbar-expand .dropup .dropdown-menu{top:auto;bottom:100%}.navbar-light .navbar-brand{color:rgba(0,0,0,.9)}.navbar-light .navbar-brand:focus,.navbar-light .navbar-brand:hover{color:rgba(0,0,0,.9)}.navbar-light .navbar-nav .nav-link{color:rgba(0,0,0,.5)}.navbar-light .navbar-nav .nav-link:focus,.navbar-light .navbar-nav .nav-link:hover{color:rgba(0,0,0,.7)}.navbar-light .navbar-nav .nav-link.disabled{color:rgba(0,0,0,.3)}.navbar-light .navbar-nav .active>.nav-link,.navbar-light .navbar-nav .nav-link.active,.navbar-light .navbar-nav .nav-link.show,.navbar-light .navbar-nav .show>.nav-link{color:rgba(0,0,0,.9)}.navbar-light .navbar-toggler{color:rgba(0,0,0,.5);border-color:rgba(0,0,0,.1)}.navbar-light .navbar-toggler-icon{background-image:url("data:image/svg+xml;charset=utf8,%3Csvg viewBox='0 0 30 30' xmlns='http://www.w3.org/2000/svg'%3E%3Cpath stroke='rgba(0, 0, 0, 0.5)' stroke-width='2' stroke-linecap='round' stroke-miterlimit='10' d='M4 7h22M4 15h22M4 23h22'/%3E%3C/svg%3E")}.navbar-light .navbar-text{color:rgba(0,0,0,.5)}.navbar-light .navbar-text a{color:rgba(0,0,0,.9)}.navbar-light .navbar-text a:focus,.navbar-light .navbar-text a:hover{color:rgba(0,0,0,.9)}.navbar-dark .navbar-brand{color:#fff}.navbar-dark .navbar-brand:focus,.navbar-dark .navbar-brand:hover{color:#fff}.navbar-dark .navbar-nav .nav-link{color:rgba(255,255,255,.5)}.navbar-dark .navbar-nav .nav-link:focus,.navbar-dark .navbar-nav .nav-link:hover{color:rgba(255,255,255,.75)}.navbar-dark .navbar-nav .nav-link.disabled{color:rgba(255,255,255,.25)}.navbar-dark .navbar-nav .active>.nav-link,.navbar-dark .navbar-nav .nav-link.active,.navbar-dark .navbar-nav .nav-link.show,.navbar-dark .navbar-nav .show>.nav-link{color:#fff}.navbar-dark .navbar-toggler{color:rgba(255,255,255,.5);border-color:rgba(255,255,255,.1)}.navbar-dark .navbar-toggler-icon{background-image:url("data:image/svg+xml;charset=utf8,%3Csvg viewBox='0 0 30 30' xmlns='http://www.w3.org/2000/svg'%3E%3Cpath stroke='rgba(255, 255, 255, 0.5)' stroke-width='2' stroke-linecap='round' stroke-miterlimit='10' d='M4 7h22M4 15h22M4 23h22'/%3E%3C/svg%3E")}.navbar-dark .navbar-text{color:rgba(255,255,255,.5)}.navbar-dark .navbar-text a{color:#fff}.navbar-dark .navbar-text a:focus,.navbar-dark .navbar-text a:hover{color:#fff}.card{position:relative;display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-orient:vertical;-webkit-box-direction:normal;-ms-flex-direction:column;flex-direction:column;min-width:0;word-wrap:break-word;background-color:#fff;background-clip:border-box;border:1px solid rgba(0,0,0,.125);border-radius:.25rem}.card>hr{margin-right:0;margin-left:0}.card>.list-group:first-child .list-group-item:first-child{border-top-left-radius:.25rem;border-top-right-radius:.25rem}.card>.list-group:last-child .list-group-item:last-child{border-bottom-right-radius:.25rem;border-bottom-left-radius:.25rem}.card-body{-webkit-box-flex:1;-ms-flex:1 1 auto;flex:1 1 auto;padding:1.25rem}.card-title{margin-bottom:.75rem}.card-subtitle{margin-top:-.375rem;margin-bottom:0}.card-text:last-child{margin-bottom:0}.card-link:hover{text-decoration:none}.card-link+.card-link{margin-left:1.25rem}.card-header{padding:.75rem 1.25rem;margin-bottom:0;background-color:rgba(0,0,0,.03);border-bottom:1px solid rgba(0,0,0,.125)}.card-header:first-child{border-radius:calc(.25rem - 1px) calc(.25rem - 1px) 0 0}.card-header+.list-group .list-group-item:first-child{border-top:0}.card-footer{padding:.75rem 1.25rem;background-color:rgba(0,0,0,.03);border-top:1px solid rgba(0,0,0,.125)}.card-footer:last-child{border-radius:0 0 calc(.25rem - 1px) calc(.25rem - 1px)}.card-header-tabs{margin-right:-.625rem;margin-bottom:-.75rem;margin-left:-.625rem;border-bottom:0}.card-header-pills{margin-right:-.625rem;margin-left:-.625rem}.card-img-overlay{position:absolute;top:0;right:0;bottom:0;left:0;padding:1.25rem}.card-img{width:100%;border-radius:calc(.25rem - 1px)}.card-img-top{width:100%;border-top-left-radius:calc(.25rem - 1px);border-top-right-radius:calc(.25rem - 1px)}.card-img-bottom{width:100%;border-bottom-right-radius:calc(.25rem - 1px);border-bottom-left-radius:calc(.25rem - 1px)}.card-deck{display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-orient:vertical;-webkit-box-direction:normal;-ms-flex-direction:column;flex-direction:column}.card-deck .card{margin-bottom:15px}@media (min-width:576px){.card-deck{-webkit-box-orient:horizontal;-webkit-box-direction:normal;-ms-flex-flow:row wrap;flex-flow:row wrap;margin-right:-15px;margin-left:-15px}.card-deck .card{display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-flex:1;-ms-flex:1 0 0%;flex:1 0 0%;-webkit-box-orient:vertical;-webkit-box-direction:normal;-ms-flex-direction:column;flex-direction:column;margin-right:15px;margin-bottom:0;margin-left:15px}}.card-group{display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-orient:vertical;-webkit-box-direction:normal;-ms-flex-direction:column;flex-direction:column}.card-group>.card{margin-bottom:15px}@media (min-width:576px){.card-group{-webkit-box-orient:horizontal;-webkit-box-direction:normal;-ms-flex-flow:row wrap;flex-flow:row wrap}.card-group>.card{-webkit-box-flex:1;-ms-flex:1 0 0%;flex:1 0 0%;margin-bottom:0}.card-group>.card+.card{margin-left:0;border-left:0}.card-group>.card:first-child{border-top-right-radius:0;border-bottom-right-radius:0}.card-group>.card:first-child .card-header,.card-group>.card:first-child .card-img-top{border-top-right-radius:0}.card-group>.card:first-child .card-footer,.card-group>.card:first-child .card-img-bottom{border-bottom-right-radius:0}.card-group>.card:last-child{border-top-left-radius:0;border-bottom-left-radius:0}.card-group>.card:last-child .card-header,.card-group>.card:last-child .card-img-top{border-top-left-radius:0}.card-group>.card:last-child .card-footer,.card-group>.card:last-child .card-img-bottom{border-bottom-left-radius:0}.card-group>.card:only-child{border-radius:.25rem}.card-group>.card:only-child .card-header,.card-group>.card:only-child .card-img-top{border-top-left-radius:.25rem;border-top-right-radius:.25rem}.card-group>.card:only-child .card-footer,.card-group>.card:only-child .card-img-bottom{border-bottom-right-radius:.25rem;border-bottom-left-radius:.25rem}.card-group>.card:not(:first-child):not(:last-child):not(:only-child){border-radius:0}.card-group>.card:not(:first-child):not(:last-child):not(:only-child) .card-footer,.card-group>.card:not(:first-child):not(:last-child):not(:only-child) .card-header,.card-group>.card:not(:first-child):not(:last-child):not(:only-child) .card-img-bottom,.card-group>.card:not(:first-child):not(:last-child):not(:only-child) .card-img-top{border-radius:0}}.card-columns .card{margin-bottom:.75rem}@media (min-width:576px){.card-columns{-webkit-column-count:3;-moz-column-count:3;column-count:3;-webkit-column-gap:1.25rem;-moz-column-gap:1.25rem;column-gap:1.25rem}.card-columns .card{display:inline-block;width:100%}}.breadcrumb{display:-webkit-box;display:-ms-flexbox;display:flex;-ms-flex-wrap:wrap;flex-wrap:wrap;padding:.75rem 1rem;margin-bottom:1rem;list-style:none;background-color:#e9ecef;border-radius:.25rem}.breadcrumb-item+.breadcrumb-item::before{display:inline-block;padding-right:.5rem;padding-left:.5rem;color:#6c757d;content:"/"}.breadcrumb-item+.breadcrumb-item:hover::before{text-decoration:underline}.breadcrumb-item+.breadcrumb-item:hover::before{text-decoration:none}.breadcrumb-item.active{color:#6c757d}.pagination{display:-webkit-box;display:-ms-flexbox;display:flex;padding-left:0;list-style:none;border-radius:.25rem}.page-link{position:relative;display:block;padding:.5rem .75rem;margin-left:-1px;line-height:1.25;color:#007bff;background-color:#fff;border:1px solid #dee2e6}.page-link:hover{color:#0056b3;text-decoration:none;background-color:#e9ecef;border-color:#dee2e6}.page-link:focus{z-index:2;outline:0;box-shadow:0 0 0 .2rem rgba(0,123,255,.25)}.page-link:not(:disabled):not(.disabled){cursor:pointer}.page-item:first-child .page-link{margin-left:0;border-top-left-radius:.25rem;border-bottom-left-radius:.25rem}.page-item:last-child .page-link{border-top-right-radius:.25rem;border-bottom-right-radius:.25rem}.page-item.active .page-link{z-index:1;color:#fff;background-color:#007bff;border-color:#007bff}.page-item.disabled .page-link{color:#6c757d;pointer-events:none;cursor:auto;background-color:#fff;border-color:#dee2e6}.pagination-lg .page-link{padding:.75rem 1.5rem;font-size:1.25rem;line-height:1.5}.pagination-lg .page-item:first-child .page-link{border-top-left-radius:.3rem;border-bottom-left-radius:.3rem}.pagination-lg .page-item:last-child .page-link{border-top-right-radius:.3rem;border-bottom-right-radius:.3rem}.pagination-sm .page-link{padding:.25rem .5rem;font-size:.875rem;line-height:1.5}.pagination-sm .page-item:first-child .page-link{border-top-left-radius:.2rem;border-bottom-left-radius:.2rem}.pagination-sm .page-item:last-child .page-link{border-top-right-radius:.2rem;border-bottom-right-radius:.2rem}.badge{display:inline-block;padding:.25em .4em;font-size:75%;font-weight:700;line-height:1;text-align:center;white-space:nowrap;vertical-align:baseline;border-radius:.25rem}.badge:empty{display:none}.btn .badge{position:relative;top:-1px}.badge-pill{padding-right:.6em;padding-left:.6em;border-radius:10rem}.badge-primary{color:#fff;background-color:#007bff}.badge-primary[href]:focus,.badge-primary[href]:hover{color:#fff;text-decoration:none;background-color:#0062cc}.badge-secondary{color:#fff;background-color:#6c757d}.badge-secondary[href]:focus,.badge-secondary[href]:hover{color:#fff;text-decoration:none;background-color:#545b62}.badge-success{color:#fff;background-color:#28a745}.badge-success[href]:focus,.badge-success[href]:hover{color:#fff;text-decoration:none;background-color:#1e7e34}.badge-info{color:#fff;background-color:#17a2b8}.badge-info[href]:focus,.badge-info[href]:hover{color:#fff;text-decoration:none;background-color:#117a8b}.badge-warning{color:#212529;background-color:#ffc107}.badge-warning[href]:focus,.badge-warning[href]:hover{color:#212529;text-decoration:none;background-color:#d39e00}.badge-danger{color:#fff;background-color:#dc3545}.badge-danger[href]:focus,.badge-danger[href]:hover{color:#fff;text-decoration:none;background-color:#bd2130}.badge-light{color:#212529;background-color:#f8f9fa}.badge-light[href]:focus,.badge-light[href]:hover{color:#212529;text-decoration:none;background-color:#dae0e5}.badge-dark{color:#fff;background-color:#343a40}.badge-dark[href]:focus,.badge-dark[href]:hover{color:#fff;text-decoration:none;background-color:#1d2124}.jumbotron{padding:2rem 1rem;margin-bottom:2rem;background-color:#e9ecef;border-radius:.3rem}@media (min-width:576px){.jumbotron{padding:4rem 2rem}}.jumbotron-fluid{padding-right:0;padding-left:0;border-radius:0}.alert{position:relative;padding:.75rem 1.25rem;margin-bottom:1rem;border:1px solid transparent;border-radius:.25rem}.alert-heading{color:inherit}.alert-link{font-weight:700}.alert-dismissible{padding-right:4rem}.alert-dismissible .close{position:absolute;top:0;right:0;padding:.75rem 1.25rem;color:inherit}.alert-primary{color:#004085;background-color:#cce5ff;border-color:#b8daff}.alert-primary hr{border-top-color:#9fcdff}.alert-primary .alert-link{color:#002752}.alert-secondary{color:#383d41;background-color:#e2e3e5;border-color:#d6d8db}.alert-secondary hr{border-top-color:#c8cbcf}.alert-secondary .alert-link{color:#202326}.alert-success{color:#155724;background-color:#d4edda;border-color:#c3e6cb}.alert-success hr{border-top-color:#b1dfbb}.alert-success .alert-link{color:#0b2e13}.alert-info{color:#0c5460;background-color:#d1ecf1;border-color:#bee5eb}.alert-info hr{border-top-color:#abdde5}.alert-info .alert-link{color:#062c33}.alert-warning{color:#856404;background-color:#fff3cd;border-color:#ffeeba}.alert-warning hr{border-top-color:#ffe8a1}.alert-warning .alert-link{color:#533f03}.alert-danger{color:#721c24;background-color:#f8d7da;border-color:#f5c6cb}.alert-danger hr{border-top-color:#f1b0b7}.alert-danger .alert-link{color:#491217}.alert-light{color:#818182;background-color:#fefefe;border-color:#fdfdfe}.alert-light hr{border-top-color:#ececf6}.alert-light .alert-link{color:#686868}.alert-dark{color:#1b1e21;background-color:#d6d8d9;border-color:#c6c8ca}.alert-dark hr{border-top-color:#b9bbbe}.alert-dark .alert-link{color:#040505}@-webkit-keyframes progress-bar-stripes{from{background-position:1rem 0}to{background-position:0 0}}@keyframes progress-bar-stripes{from{background-position:1rem 0}to{background-position:0 0}}.progress{display:-webkit-box;display:-ms-flexbox;display:flex;height:1rem;overflow:hidden;font-size:.75rem;background-color:#e9ecef;border-radius:.25rem}.progress-bar{display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-orient:vertical;-webkit-box-direction:normal;-ms-flex-direction:column;flex-direction:column;-webkit-box-pack:center;-ms-flex-pack:center;justify-content:center;color:#fff;text-align:center;background-color:#007bff;transition:width .6s ease}.progress-bar-striped{background-image:linear-gradient(45deg,rgba(255,255,255,.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,.15) 50%,rgba(255,255,255,.15) 75%,transparent 75%,transparent);background-size:1rem 1rem}.progress-bar-animated{-webkit-animation:progress-bar-stripes 1s linear infinite;animation:progress-bar-stripes 1s linear infinite}.media{display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-align:start;-ms-flex-align:start;align-items:flex-start}.media-body{-webkit-box-flex:1;-ms-flex:1;flex:1}.list-group{display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-orient:vertical;-webkit-box-direction:normal;-ms-flex-direction:column;flex-direction:column;padding-left:0;margin-bottom:0}.list-group-item-action{width:100%;color:#495057;text-align:inherit}.list-group-item-action:focus,.list-group-item-action:hover{color:#495057;text-decoration:none;background-color:#f8f9fa}.list-group-item-action:active{color:#212529;background-color:#e9ecef}.list-group-item{position:relative;display:block;padding:.75rem 1.25rem;margin-bottom:-1px;background-color:#fff;border:1px solid rgba(0,0,0,.125)}.list-group-item:first-child{border-top-left-radius:.25rem;border-top-right-radius:.25rem}.list-group-item:last-child{margin-bottom:0;border-bottom-right-radius:.25rem;border-bottom-left-radius:.25rem}.list-group-item:focus,.list-group-item:hover{z-index:1;text-decoration:none}.list-group-item.disabled,.list-group-item:disabled{color:#6c757d;background-color:#fff}.list-group-item.active{z-index:2;color:#fff;background-color:#007bff;border-color:#007bff}.list-group-flush .list-group-item{border-right:0;border-left:0;border-radius:0}.list-group-flush:first-child .list-group-item:first-child{border-top:0}.list-group-flush:last-child .list-group-item:last-child{border-bottom:0}.list-group-item-primary{color:#004085;background-color:#b8daff}.list-group-item-primary.list-group-item-action:focus,.list-group-item-primary.list-group-item-action:hover{color:#004085;background-color:#9fcdff}.list-group-item-primary.list-group-item-action.active{color:#fff;background-color:#004085;border-color:#004085}.list-group-item-secondary{color:#383d41;background-color:#d6d8db}.list-group-item-secondary.list-group-item-action:focus,.list-group-item-secondary.list-group-item-action:hover{color:#383d41;background-color:#c8cbcf}.list-group-item-secondary.list-group-item-action.active{color:#fff;background-color:#383d41;border-color:#383d41}.list-group-item-success{color:#155724;background-color:#c3e6cb}.list-group-item-success.list-group-item-action:focus,.list-group-item-success.list-group-item-action:hover{color:#155724;background-color:#b1dfbb}.list-group-item-success.list-group-item-action.active{color:#fff;background-color:#155724;border-color:#155724}.list-group-item-info{color:#0c5460;background-color:#bee5eb}.list-group-item-info.list-group-item-action:focus,.list-group-item-info.list-group-item-action:hover{color:#0c5460;background-color:#abdde5}.list-group-item-info.list-group-item-action.active{color:#fff;background-color:#0c5460;border-color:#0c5460}.list-group-item-warning{color:#856404;background-color:#ffeeba}.list-group-item-warning.list-group-item-action:focus,.list-group-item-warning.list-group-item-action:hover{color:#856404;background-color:#ffe8a1}.list-group-item-warning.list-group-item-action.active{color:#fff;background-color:#856404;border-color:#856404}.list-group-item-danger{color:#721c24;background-color:#f5c6cb}.list-group-item-danger.list-group-item-action:focus,.list-group-item-danger.list-group-item-action:hover{color:#721c24;background-color:#f1b0b7}.list-group-item-danger.list-group-item-action.active{color:#fff;background-color:#721c24;border-color:#721c24}.list-group-item-light{color:#818182;background-color:#fdfdfe}.list-group-item-light.list-group-item-action:focus,.list-group-item-light.list-group-item-action:hover{color:#818182;background-color:#ececf6}.list-group-item-light.list-group-item-action.active{color:#fff;background-color:#818182;border-color:#818182}.list-group-item-dark{color:#1b1e21;background-color:#c6c8ca}.list-group-item-dark.list-group-item-action:focus,.list-group-item-dark.list-group-item-action:hover{color:#1b1e21;background-color:#b9bbbe}.list-group-item-dark.list-group-item-action.active{color:#fff;background-color:#1b1e21;border-color:#1b1e21}.close{float:right;font-size:1.5rem;font-weight:700;line-height:1;color:#000;text-shadow:0 1px 0 #fff;opacity:.5}.close:focus,.close:hover{color:#000;text-decoration:none;opacity:.75}.close:not(:disabled):not(.disabled){cursor:pointer}button.close{padding:0;background-color:transparent;border:0;-webkit-appearance:none}.modal-open{overflow:hidden}.modal{position:fixed;top:0;right:0;bottom:0;left:0;z-index:1050;display:none;overflow:hidden;outline:0}.modal-open .modal{overflow-x:hidden;overflow-y:hidden}.modal-dialog{position:relative;width:auto;margin:.5rem;pointer-events:none}.modal.fade .modal-dialog{transition:-webkit-transform .3s ease-out;transition:transform .3s ease-out;transition:transform .3s ease-out,-webkit-transform .3s ease-out;-webkit-transform:translate(0,-25%);transform:translate(0,-25%)}.modal.show .modal-dialog{-webkit-transform:translate(0,0);transform:translate(0,0)}.modal-dialog-centered{display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-align:center;-ms-flex-align:center;align-items:center;min-height:calc(100% - (.5rem * 2))}.modal-content{position:relative;height: 700px;display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-orient:vertical;-webkit-box-direction:normal;-ms-flex-direction:column;flex-direction:column;width:100%;pointer-events:auto;background-color:#fff;background-clip:padding-box;border:1px solid rgba(0,0,0,.2);border-radius:.3rem;outline:0}.modal-backdrop{position:fixed;top:0;right:0;bottom:0;left:0;z-index:1040;background-color:#000}.modal-backdrop.fade{opacity:0}.modal-backdrop.show{opacity:.5}.modal-header{display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-align:start;-ms-flex-align:start;align-items:flex-start;-webkit-box-pack:justify;-ms-flex-pack:justify;justify-content:space-between;padding:1rem;border-bottom:1px solid #e9ecef;border-top-left-radius:.3rem;border-top-right-radius:.3rem}.modal-header .close{padding:1rem;margin:-1rem -1rem -1rem auto}.modal-title{margin-bottom:0;line-height:1.5}.modal-body{position:relative;-webkit-box-flex:1;-ms-flex:1 1 auto;flex:1 1 auto;padding:1rem}.modal-footer{display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-align:center;-ms-flex-align:center;align-items:center;-webkit-box-pack:end;-ms-flex-pack:end;justify-content:flex-end;padding:1rem;border-top:1px solid #e9ecef}.modal-footer>:not(:first-child){margin-left:.25rem}.modal-footer>:not(:last-child){margin-right:.25rem}.modal-scrollbar-measure{position:absolute;top:-9999px;width:50px;height:50px;overflow:scroll}@media (min-width:576px){.modal-dialog{max-width:500px;margin:1.75rem auto}.modal-dialog-centered{min-height:calc(100% - (1.75rem * 2))}.modal-sm{max-width:300px}}@media (min-width:992px){.modal-lg{max-width:800px}}.tooltip{position:absolute;z-index:1070;display:block;margin:0;font-family:-apple-system,BlinkMacSystemFont,"Segoe UI",Roboto,"Helvetica Neue",Arial,sans-serif,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol";font-style:normal;font-weight:400;line-height:1.5;text-align:left;text-align:start;text-decoration:none;text-shadow:none;text-transform:none;letter-spacing:normal;word-break:normal;word-spacing:normal;white-space:normal;line-break:auto;font-size:.875rem;word-wrap:break-word;opacity:0}.tooltip.show{opacity:.9}.tooltip .arrow{position:absolute;display:block;width:.8rem;height:.4rem}.tooltip .arrow::before{position:absolute;content:"";border-color:transparent;border-style:solid}.bs-tooltip-auto[x-placement^=top],.bs-tooltip-top{padding:.4rem 0}.bs-tooltip-auto[x-placement^=top] .arrow,.bs-tooltip-top .arrow{bottom:0}.bs-tooltip-auto[x-placement^=top] .arrow::before,.bs-tooltip-top .arrow::before{top:0;border-width:.4rem .4rem 0;border-top-color:#000}.bs-tooltip-auto[x-placement^=right],.bs-tooltip-right{padding:0 .4rem}.bs-tooltip-auto[x-placement^=right] .arrow,.bs-tooltip-right .arrow{left:0;width:.4rem;height:.8rem}.bs-tooltip-auto[x-placement^=right] .arrow::before,.bs-tooltip-right .arrow::before{right:0;border-width:.4rem .4rem .4rem 0;border-right-color:#000}.bs-tooltip-auto[x-placement^=bottom],.bs-tooltip-bottom{padding:.4rem 0}.bs-tooltip-auto[x-placement^=bottom] .arrow,.bs-tooltip-bottom .arrow{top:0}.bs-tooltip-auto[x-placement^=bottom] .arrow::before,.bs-tooltip-bottom .arrow::before{bottom:0;border-width:0 .4rem .4rem;border-bottom-color:#000}.bs-tooltip-auto[x-placement^=left],.bs-tooltip-left{padding:0 .4rem}.bs-tooltip-auto[x-placement^=left] .arrow,.bs-tooltip-left .arrow{right:0;width:.4rem;height:.8rem}.bs-tooltip-auto[x-placement^=left] .arrow::before,.bs-tooltip-left .arrow::before{left:0;border-width:.4rem 0 .4rem .4rem;border-left-color:#000}.tooltip-inner{max-width:200px;padding:.25rem .5rem;color:#fff;text-align:center;background-color:#000;border-radius:.25rem}.popover{position:absolute;top:0;left:0;z-index:1060;display:block;max-width:276px;font-family:-apple-system,BlinkMacSystemFont,"Segoe UI",Roboto,"Helvetica Neue",Arial,sans-serif,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol";font-style:normal;font-weight:400;line-height:1.5;text-align:left;text-align:start;text-decoration:none;text-shadow:none;text-transform:none;letter-spacing:normal;word-break:normal;word-spacing:normal;white-space:normal;line-break:auto;font-size:.875rem;word-wrap:break-word;background-color:#fff;background-clip:padding-box;border:1px solid rgba(0,0,0,.2);border-radius:.3rem}.popover .arrow{position:absolute;display:block;width:1rem;height:.5rem;margin:0 .3rem}.popover .arrow::after,.popover .arrow::before{position:absolute;display:block;content:"";border-color:transparent;border-style:solid}.bs-popover-auto[x-placement^=top],.bs-popover-top{margin-bottom:.5rem}.bs-popover-auto[x-placement^=top] .arrow,.bs-popover-top .arrow{bottom:calc((.5rem + 1px) * -1)}.bs-popover-auto[x-placement^=top] .arrow::after,.bs-popover-auto[x-placement^=top] .arrow::before,.bs-popover-top .arrow::after,.bs-popover-top .arrow::before{border-width:.5rem .5rem 0}.bs-popover-auto[x-placement^=top] .arrow::before,.bs-popover-top .arrow::before{bottom:0;border-top-color:rgba(0,0,0,.25)}.bs-popover-auto[x-placement^=top] .arrow::after,.bs-popover-top .arrow::after{bottom:1px;border-top-color:#fff}.bs-popover-auto[x-placement^=right],.bs-popover-right{margin-left:.5rem}.bs-popover-auto[x-placement^=right] .arrow,.bs-popover-right .arrow{left:calc((.5rem + 1px) * -1);width:.5rem;height:1rem;margin:.3rem 0}.bs-popover-auto[x-placement^=right] .arrow::after,.bs-popover-auto[x-placement^=right] .arrow::before,.bs-popover-right .arrow::after,.bs-popover-right .arrow::before{border-width:.5rem .5rem .5rem 0}.bs-popover-auto[x-placement^=right] .arrow::before,.bs-popover-right .arrow::before{left:0;border-right-color:rgba(0,0,0,.25)}.bs-popover-auto[x-placement^=right] .arrow::after,.bs-popover-right .arrow::after{left:1px;border-right-color:#fff}.bs-popover-auto[x-placement^=bottom],.bs-popover-bottom{margin-top:.5rem}.bs-popover-auto[x-placement^=bottom] .arrow,.bs-popover-bottom .arrow{top:calc((.5rem + 1px) * -1)}.bs-popover-auto[x-placement^=bottom] .arrow::after,.bs-popover-auto[x-placement^=bottom] .arrow::before,.bs-popover-bottom .arrow::after,.bs-popover-bottom .arrow::before{border-width:0 .5rem .5rem .5rem}.bs-popover-auto[x-placement^=bottom] .arrow::before,.bs-popover-bottom .arrow::before{top:0;border-bottom-color:rgba(0,0,0,.25)}.bs-popover-auto[x-placement^=bottom] .arrow::after,.bs-popover-bottom .arrow::after{top:1px;border-bottom-color:#fff}.bs-popover-auto[x-placement^=bottom] .popover-header::before,.bs-popover-bottom .popover-header::before{position:absolute;top:0;left:50%;display:block;width:1rem;margin-left:-.5rem;content:"";border-bottom:1px solid #f7f7f7}.bs-popover-auto[x-placement^=left],.bs-popover-left{margin-right:.5rem}.bs-popover-auto[x-placement^=left] .arrow,.bs-popover-left .arrow{right:calc((.5rem + 1px) * -1);width:.5rem;height:1rem;margin:.3rem 0}.bs-popover-auto[x-placement^=left] .arrow::after,.bs-popover-auto[x-placement^=left] .arrow::before,.bs-popover-left .arrow::after,.bs-popover-left .arrow::before{border-width:.5rem 0 .5rem .5rem}.bs-popover-auto[x-placement^=left] .arrow::before,.bs-popover-left .arrow::before{right:0;border-left-color:rgba(0,0,0,.25)}.bs-popover-auto[x-placement^=left] .arrow::after,.bs-popover-left .arrow::after{right:1px;border-left-color:#fff}.popover-header{padding:.5rem .75rem;margin-bottom:0;font-size:1rem;color:inherit;background-color:#f7f7f7;border-bottom:1px solid #ebebeb;border-top-left-radius:calc(.3rem - 1px);border-top-right-radius:calc(.3rem - 1px)}.popover-header:empty{display:none}.popover-body{padding:.5rem .75rem;color:#212529}.carousel{position:relative}.carousel-inner{position:relative;width:100%;overflow:hidden}.carousel-item{position:relative;display:none;-webkit-box-align:center;-ms-flex-align:center;align-items:center;width:100%;transition:-webkit-transform .6s ease;transition:transform .6s ease;transition:transform .6s ease,-webkit-transform .6s ease;-webkit-backface-visibility:hidden;backface-visibility:hidden;-webkit-perspective:1000px;perspective:1000px}.carousel-item-next,.carousel-item-prev,.carousel-item.active{display:block}.carousel-item-next,.carousel-item-prev{position:absolute;top:0}.carousel-item-next.carousel-item-left,.carousel-item-prev.carousel-item-right{-webkit-transform:translateX(0);transform:translateX(0)}@supports ((-webkit-transform-style:preserve-3d) or (transform-style:preserve-3d)){.carousel-item-next.carousel-item-left,.carousel-item-prev.carousel-item-right{-webkit-transform:translate3d(0,0,0);transform:translate3d(0,0,0)}}.active.carousel-item-right,.carousel-item-next{-webkit-transform:translateX(100%);transform:translateX(100%)}@supports ((-webkit-transform-style:preserve-3d) or (transform-style:preserve-3d)){.active.carousel-item-right,.carousel-item-next{-webkit-transform:translate3d(100%,0,0);transform:translate3d(100%,0,0)}}.active.carousel-item-left,.carousel-item-prev{-webkit-transform:translateX(-100%);transform:translateX(-100%)}@supports ((-webkit-transform-style:preserve-3d) or (transform-style:preserve-3d)){.active.carousel-item-left,.carousel-item-prev{-webkit-transform:translate3d(-100%,0,0);transform:translate3d(-100%,0,0)}}.carousel-control-next,.carousel-control-prev{position:absolute;top:0;bottom:0;display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-align:center;-ms-flex-align:center;align-items:center;-webkit-box-pack:center;-ms-flex-pack:center;justify-content:center;width:15%;color:#fff;text-align:center;opacity:.5}.carousel-control-next:focus,.carousel-control-next:hover,.carousel-control-prev:focus,.carousel-control-prev:hover{color:#fff;text-decoration:none;outline:0;opacity:.9}.carousel-control-prev{left:0}.carousel-control-next{right:0}.carousel-control-next-icon,.carousel-control-prev-icon{display:inline-block;width:20px;height:20px;background:transparent no-repeat center center;background-size:100% 100%}.carousel-control-prev-icon{background-image:url("data:image/svg+xml;charset=utf8,%3Csvg xmlns='http://www.w3.org/2000/svg' fill='%23fff' viewBox='0 0 8 8'%3E%3Cpath d='M5.25 0l-4 4 4 4 1.5-1.5-2.5-2.5 2.5-2.5-1.5-1.5z'/%3E%3C/svg%3E")}.carousel-control-next-icon{background-image:url("data:image/svg+xml;charset=utf8,%3Csvg xmlns='http://www.w3.org/2000/svg' fill='%23fff' viewBox='0 0 8 8'%3E%3Cpath d='M2.75 0l-1.5 1.5 2.5 2.5-2.5 2.5 1.5 1.5 4-4-4-4z'/%3E%3C/svg%3E")}.carousel-indicators{position:absolute;right:0;bottom:10px;left:0;z-index:15;display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-pack:center;-ms-flex-pack:center;justify-content:center;padding-left:0;margin-right:15%;margin-left:15%;list-style:none}.carousel-indicators li{position:relative;-webkit-box-flex:0;-ms-flex:0 1 auto;flex:0 1 auto;width:30px;height:3px;margin-right:3px;margin-left:3px;text-indent:-999px;background-color:rgba(255,255,255,.5)}.carousel-indicators li::before{position:absolute;top:-10px;left:0;display:inline-block;width:100%;height:10px;content:""}.carousel-indicators li::after{position:absolute;bottom:-10px;left:0;display:inline-block;width:100%;height:10px;content:""}.carousel-indicators .active{background-color:#fff}.carousel-caption{position:absolute;right:15%;bottom:20px;left:15%;z-index:10;padding-top:20px;padding-bottom:20px;color:#fff;text-align:center}.align-baseline{vertical-align:baseline!important}.align-top{vertical-align:top!important}.align-middle{vertical-align:middle!important}.align-bottom{vertical-align:bottom!important}.align-text-bottom{vertical-align:text-bottom!important}.align-text-top{vertical-align:text-top!important}.bg-primary{background-color:#007bff!important}a.bg-primary:focus,a.bg-primary:hover,button.bg-primary:focus,button.bg-primary:hover{background-color:#0062cc!important}.bg-secondary{background-color:#6c757d!important}a.bg-secondary:focus,a.bg-secondary:hover,button.bg-secondary:focus,button.bg-secondary:hover{background-color:#545b62!important}.bg-success{background-color:#28a745!important}a.bg-success:focus,a.bg-success:hover,button.bg-success:focus,button.bg-success:hover{background-color:#1e7e34!important}.bg-info{background-color:#17a2b8!important}a.bg-info:focus,a.bg-info:hover,button.bg-info:focus,button.bg-info:hover{background-color:#117a8b!important}.bg-warning{background-color:#ffc107!important}a.bg-warning:focus,a.bg-warning:hover,button.bg-warning:focus,button.bg-warning:hover{background-color:#d39e00!important}.bg-danger{background-color:#dc3545!important}a.bg-danger:focus,a.bg-danger:hover,button.bg-danger:focus,button.bg-danger:hover{background-color:#bd2130!important}.bg-light{background-color:#f8f9fa!important}a.bg-light:focus,a.bg-light:hover,button.bg-light:focus,button.bg-light:hover{background-color:#dae0e5!important}.bg-dark{background-color:#343a40!important}a.bg-dark:focus,a.bg-dark:hover,button.bg-dark:focus,button.bg-dark:hover{background-color:#1d2124!important}.bg-white{background-color:#fff!important}.bg-transparent{background-color:transparent!important}.border{border:1px solid #dee2e6!important}.border-top{border-top:1px solid #dee2e6!important}.border-right{border-right:1px solid #dee2e6!important}.border-bottom{border-bottom:1px solid #dee2e6!important}.border-left{border-left:1px solid #dee2e6!important}.border-0{border:0!important}.border-top-0{border-top:0!important}.border-right-0{border-right:0!important}.border-bottom-0{border-bottom:0!important}.border-left-0{border-left:0!important}.border-primary{border-color:#007bff!important}.border-secondary{border-color:#6c757d!important}.border-success{border-color:#28a745!important}.border-info{border-color:#17a2b8!important}.border-warning{border-color:#ffc107!important}.border-danger{border-color:#dc3545!important}.border-light{border-color:#f8f9fa!important}.border-dark{border-color:#343a40!important}.border-white{border-color:#fff!important}.rounded{border-radius:.25rem!important}.rounded-top{border-top-left-radius:.25rem!important;border-top-right-radius:.25rem!important}.rounded-right{border-top-right-radius:.25rem!important;border-bottom-right-radius:.25rem!important}.rounded-bottom{border-bottom-right-radius:.25rem!important;border-bottom-left-radius:.25rem!important}.rounded-left{border-top-left-radius:.25rem!important;border-bottom-left-radius:.25rem!important}.rounded-circle{border-radius:50%!important}.rounded-0{border-radius:0!important}.clearfix::after{display:block;clear:both;content:""}.d-none{display:none!important}.d-inline{display:inline!important}.d-inline-block{display:inline-block!important}.d-block{display:block!important}.d-table{display:table!important}.d-table-row{display:table-row!important}.d-table-cell{display:table-cell!important}.d-flex{display:-webkit-box!important;display:-ms-flexbox!important;display:flex!important}.d-inline-flex{display:-webkit-inline-box!important;display:-ms-inline-flexbox!important;display:inline-flex!important}@media (min-width:576px){.d-sm-none{display:none!important}.d-sm-inline{display:inline!important}.d-sm-inline-block{display:inline-block!important}.d-sm-block{display:block!important}.d-sm-table{display:table!important}.d-sm-table-row{display:table-row!important}.d-sm-table-cell{display:table-cell!important}.d-sm-flex{display:-webkit-box!important;display:-ms-flexbox!important;display:flex!important}.d-sm-inline-flex{display:-webkit-inline-box!important;display:-ms-inline-flexbox!important;display:inline-flex!important}}@media (min-width:768px){.d-md-none{display:none!important}.d-md-inline{display:inline!important}.d-md-inline-block{display:inline-block!important}.d-md-block{display:block!important}.d-md-table{display:table!important}.d-md-table-row{display:table-row!important}.d-md-table-cell{display:table-cell!important}.d-md-flex{display:-webkit-box!important;display:-ms-flexbox!important;display:flex!important}.d-md-inline-flex{display:-webkit-inline-box!important;display:-ms-inline-flexbox!important;display:inline-flex!important}}@media (min-width:992px){.d-lg-none{display:none!important}.d-lg-inline{display:inline!important}.d-lg-inline-block{display:inline-block!important}.d-lg-block{display:block!important}.d-lg-table{display:table!important}.d-lg-table-row{display:table-row!important}.d-lg-table-cell{display:table-cell!important}.d-lg-flex{display:-webkit-box!important;display:-ms-flexbox!important;display:flex!important}.d-lg-inline-flex{display:-webkit-inline-box!important;display:-ms-inline-flexbox!important;display:inline-flex!important}}@media (min-width:1200px){.d-xl-none{display:none!important}.d-xl-inline{display:inline!important}.d-xl-inline-block{display:inline-block!important}.d-xl-block{display:block!important}.d-xl-table{display:table!important}.d-xl-table-row{display:table-row!important}.d-xl-table-cell{display:table-cell!important}.d-xl-flex{display:-webkit-box!important;display:-ms-flexbox!important;display:flex!important}.d-xl-inline-flex{display:-webkit-inline-box!important;display:-ms-inline-flexbox!important;display:inline-flex!important}}@media print{.d-print-none{display:none!important}.d-print-inline{display:inline!important}.d-print-inline-block{display:inline-block!important}.d-print-block{display:block!important}.d-print-table{display:table!important}.d-print-table-row{display:table-row!important}.d-print-table-cell{display:table-cell!important}.d-print-flex{display:-webkit-box!important;display:-ms-flexbox!important;display:flex!important}.d-print-inline-flex{display:-webkit-inline-box!important;display:-ms-inline-flexbox!important;display:inline-flex!important}}.embed-responsive{position:relative;display:block;width:100%;padding:0;overflow:hidden}.embed-responsive::before{display:block;content:""}.embed-responsive .embed-responsive-item,.embed-responsive embed,.embed-responsive iframe,.embed-responsive object,.embed-responsive video{position:absolute;top:0;bottom:0;left:0;width:100%;height:100%;border:0}.embed-responsive-21by9::before{padding-top:42.857143%}.embed-responsive-16by9::before{padding-top:56.25%}.embed-responsive-4by3::before{padding-top:75%}.embed-responsive-1by1::before{padding-top:100%}.flex-row{-webkit-box-orient:horizontal!important;-webkit-box-direction:normal!important;-ms-flex-direction:row!important;flex-direction:row!important}.flex-column{-webkit-box-orient:vertical!important;-webkit-box-direction:normal!important;-ms-flex-direction:column!important;flex-direction:column!important}.flex-row-reverse{-webkit-box-orient:horizontal!important;-webkit-box-direction:reverse!important;-ms-flex-direction:row-reverse!important;flex-direction:row-reverse!important}.flex-column-reverse{-webkit-box-orient:vertical!important;-webkit-box-direction:reverse!important;-ms-flex-direction:column-reverse!important;flex-direction:column-reverse!important}.flex-wrap{-ms-flex-wrap:wrap!important;flex-wrap:wrap!important}.flex-nowrap{-ms-flex-wrap:nowrap!important;flex-wrap:nowrap!important}.flex-wrap-reverse{-ms-flex-wrap:wrap-reverse!important;flex-wrap:wrap-reverse!important}.justify-content-start{-webkit-box-pack:start!important;-ms-flex-pack:start!important;justify-content:flex-start!important}.justify-content-end{-webkit-box-pack:end!important;-ms-flex-pack:end!important;justify-content:flex-end!important}.justify-content-center{-webkit-box-pack:center!important;-ms-flex-pack:center!important;justify-content:center!important}.justify-content-between{-webkit-box-pack:justify!important;-ms-flex-pack:justify!important;justify-content:space-between!important}.justify-content-around{-ms-flex-pack:distribute!important;justify-content:space-around!important}.align-items-start{-webkit-box-align:start!important;-ms-flex-align:start!important;align-items:flex-start!important}.align-items-end{-webkit-box-align:end!important;-ms-flex-align:end!important;align-items:flex-end!important}.align-items-center{-webkit-box-align:center!important;-ms-flex-align:center!important;align-items:center!important}.align-items-baseline{-webkit-box-align:baseline!important;-ms-flex-align:baseline!important;align-items:baseline!important}.align-items-stretch{-webkit-box-align:stretch!important;-ms-flex-align:stretch!important;align-items:stretch!important}.align-content-start{-ms-flex-line-pack:start!important;align-content:flex-start!important}.align-content-end{-ms-flex-line-pack:end!important;align-content:flex-end!important}.align-content-center{-ms-flex-line-pack:center!important;align-content:center!important}.align-content-between{-ms-flex-line-pack:justify!important;align-content:space-between!important}.align-content-around{-ms-flex-line-pack:distribute!important;align-content:space-around!important}.align-content-stretch{-ms-flex-line-pack:stretch!important;align-content:stretch!important}.align-self-auto{-ms-flex-item-align:auto!important;align-self:auto!important}.align-self-start{-ms-flex-item-align:start!important;align-self:flex-start!important}.align-self-end{-ms-flex-item-align:end!important;align-self:flex-end!important}.align-self-center{-ms-flex-item-align:center!important;align-self:center!important}.align-self-baseline{-ms-flex-item-align:baseline!important;align-self:baseline!important}.align-self-stretch{-ms-flex-item-align:stretch!important;align-self:stretch!important}@media (min-width:576px){.flex-sm-row{-webkit-box-orient:horizontal!important;-webkit-box-direction:normal!important;-ms-flex-direction:row!important;flex-direction:row!important}.flex-sm-column{-webkit-box-orient:vertical!important;-webkit-box-direction:normal!important;-ms-flex-direction:column!important;flex-direction:column!important}.flex-sm-row-reverse{-webkit-box-orient:horizontal!important;-webkit-box-direction:reverse!important;-ms-flex-direction:row-reverse!important;flex-direction:row-reverse!important}.flex-sm-column-reverse{-webkit-box-orient:vertical!important;-webkit-box-direction:reverse!important;-ms-flex-direction:column-reverse!important;flex-direction:column-reverse!important}.flex-sm-wrap{-ms-flex-wrap:wrap!important;flex-wrap:wrap!important}.flex-sm-nowrap{-ms-flex-wrap:nowrap!important;flex-wrap:nowrap!important}.flex-sm-wrap-reverse{-ms-flex-wrap:wrap-reverse!important;flex-wrap:wrap-reverse!important}.justify-content-sm-start{-webkit-box-pack:start!important;-ms-flex-pack:start!important;justify-content:flex-start!important}.justify-content-sm-end{-webkit-box-pack:end!important;-ms-flex-pack:end!important;justify-content:flex-end!important}.justify-content-sm-center{-webkit-box-pack:center!important;-ms-flex-pack:center!important;justify-content:center!important}.justify-content-sm-between{-webkit-box-pack:justify!important;-ms-flex-pack:justify!important;justify-content:space-between!important}.justify-content-sm-around{-ms-flex-pack:distribute!important;justify-content:space-around!important}.align-items-sm-start{-webkit-box-align:start!important;-ms-flex-align:start!important;align-items:flex-start!important}.align-items-sm-end{-webkit-box-align:end!important;-ms-flex-align:end!important;align-items:flex-end!important}.align-items-sm-center{-webkit-box-align:center!important;-ms-flex-align:center!important;align-items:center!important}.align-items-sm-baseline{-webkit-box-align:baseline!important;-ms-flex-align:baseline!important;align-items:baseline!important}.align-items-sm-stretch{-webkit-box-align:stretch!important;-ms-flex-align:stretch!important;align-items:stretch!important}.align-content-sm-start{-ms-flex-line-pack:start!important;align-content:flex-start!important}.align-content-sm-end{-ms-flex-line-pack:end!important;align-content:flex-end!important}.align-content-sm-center{-ms-flex-line-pack:center!important;align-content:center!important}.align-content-sm-between{-ms-flex-line-pack:justify!important;align-content:space-between!important}.align-content-sm-around{-ms-flex-line-pack:distribute!important;align-content:space-around!important}.align-content-sm-stretch{-ms-flex-line-pack:stretch!important;align-content:stretch!important}.align-self-sm-auto{-ms-flex-item-align:auto!important;align-self:auto!important}.align-self-sm-start{-ms-flex-item-align:start!important;align-self:flex-start!important}.align-self-sm-end{-ms-flex-item-align:end!important;align-self:flex-end!important}.align-self-sm-center{-ms-flex-item-align:center!important;align-self:center!important}.align-self-sm-baseline{-ms-flex-item-align:baseline!important;align-self:baseline!important}.align-self-sm-stretch{-ms-flex-item-align:stretch!important;align-self:stretch!important}}@media (min-width:768px){.flex-md-row{-webkit-box-orient:horizontal!important;-webkit-box-direction:normal!important;-ms-flex-direction:row!important;flex-direction:row!important}.flex-md-column{-webkit-box-orient:vertical!important;-webkit-box-direction:normal!important;-ms-flex-direction:column!important;flex-direction:column!important}.flex-md-row-reverse{-webkit-box-orient:horizontal!important;-webkit-box-direction:reverse!important;-ms-flex-direction:row-reverse!important;flex-direction:row-reverse!important}.flex-md-column-reverse{-webkit-box-orient:vertical!important;-webkit-box-direction:reverse!important;-ms-flex-direction:column-reverse!important;flex-direction:column-reverse!important}.flex-md-wrap{-ms-flex-wrap:wrap!important;flex-wrap:wrap!important}.flex-md-nowrap{-ms-flex-wrap:nowrap!important;flex-wrap:nowrap!important}.flex-md-wrap-reverse{-ms-flex-wrap:wrap-reverse!important;flex-wrap:wrap-reverse!important}.justify-content-md-start{-webkit-box-pack:start!important;-ms-flex-pack:start!important;justify-content:flex-start!important}.justify-content-md-end{-webkit-box-pack:end!important;-ms-flex-pack:end!important;justify-content:flex-end!important}.justify-content-md-center{-webkit-box-pack:center!important;-ms-flex-pack:center!important;justify-content:center!important}.justify-content-md-between{-webkit-box-pack:justify!important;-ms-flex-pack:justify!important;justify-content:space-between!important}.justify-content-md-around{-ms-flex-pack:distribute!important;justify-content:space-around!important}.align-items-md-start{-webkit-box-align:start!important;-ms-flex-align:start!important;align-items:flex-start!important}.align-items-md-end{-webkit-box-align:end!important;-ms-flex-align:end!important;align-items:flex-end!important}.align-items-md-center{-webkit-box-align:center!important;-ms-flex-align:center!important;align-items:center!important}.align-items-md-baseline{-webkit-box-align:baseline!important;-ms-flex-align:baseline!important;align-items:baseline!important}.align-items-md-stretch{-webkit-box-align:stretch!important;-ms-flex-align:stretch!important;align-items:stretch!important}.align-content-md-start{-ms-flex-line-pack:start!important;align-content:flex-start!important}.align-content-md-end{-ms-flex-line-pack:end!important;align-content:flex-end!important}.align-content-md-center{-ms-flex-line-pack:center!important;align-content:center!important}.align-content-md-between{-ms-flex-line-pack:justify!important;align-content:space-between!important}.align-content-md-around{-ms-flex-line-pack:distribute!important;align-content:space-around!important}.align-content-md-stretch{-ms-flex-line-pack:stretch!important;align-content:stretch!important}.align-self-md-auto{-ms-flex-item-align:auto!important;align-self:auto!important}.align-self-md-start{-ms-flex-item-align:start!important;align-self:flex-start!important}.align-self-md-end{-ms-flex-item-align:end!important;align-self:flex-end!important}.align-self-md-center{-ms-flex-item-align:center!important;align-self:center!important}.align-self-md-baseline{-ms-flex-item-align:baseline!important;align-self:baseline!important}.align-self-md-stretch{-ms-flex-item-align:stretch!important;align-self:stretch!important}}@media (min-width:992px){.flex-lg-row{-webkit-box-orient:horizontal!important;-webkit-box-direction:normal!important;-ms-flex-direction:row!important;flex-direction:row!important}.flex-lg-column{-webkit-box-orient:vertical!important;-webkit-box-direction:normal!important;-ms-flex-direction:column!important;flex-direction:column!important}.flex-lg-row-reverse{-webkit-box-orient:horizontal!important;-webkit-box-direction:reverse!important;-ms-flex-direction:row-reverse!important;flex-direction:row-reverse!important}.flex-lg-column-reverse{-webkit-box-orient:vertical!important;-webkit-box-direction:reverse!important;-ms-flex-direction:column-reverse!important;flex-direction:column-reverse!important}.flex-lg-wrap{-ms-flex-wrap:wrap!important;flex-wrap:wrap!important}.flex-lg-nowrap{-ms-flex-wrap:nowrap!important;flex-wrap:nowrap!important}.flex-lg-wrap-reverse{-ms-flex-wrap:wrap-reverse!important;flex-wrap:wrap-reverse!important}.justify-content-lg-start{-webkit-box-pack:start!important;-ms-flex-pack:start!important;justify-content:flex-start!important}.justify-content-lg-end{-webkit-box-pack:end!important;-ms-flex-pack:end!important;justify-content:flex-end!important}.justify-content-lg-center{-webkit-box-pack:center!important;-ms-flex-pack:center!important;justify-content:center!important}.justify-content-lg-between{-webkit-box-pack:justify!important;-ms-flex-pack:justify!important;justify-content:space-between!important}.justify-content-lg-around{-ms-flex-pack:distribute!important;justify-content:space-around!important}.align-items-lg-start{-webkit-box-align:start!important;-ms-flex-align:start!important;align-items:flex-start!important}.align-items-lg-end{-webkit-box-align:end!important;-ms-flex-align:end!important;align-items:flex-end!important}.align-items-lg-center{-webkit-box-align:center!important;-ms-flex-align:center!important;align-items:center!important}.align-items-lg-baseline{-webkit-box-align:baseline!important;-ms-flex-align:baseline!important;align-items:baseline!important}.align-items-lg-stretch{-webkit-box-align:stretch!important;-ms-flex-align:stretch!important;align-items:stretch!important}.align-content-lg-start{-ms-flex-line-pack:start!important;align-content:flex-start!important}.align-content-lg-end{-ms-flex-line-pack:end!important;align-content:flex-end!important}.align-content-lg-center{-ms-flex-line-pack:center!important;align-content:center!important}.align-content-lg-between{-ms-flex-line-pack:justify!important;align-content:space-between!important}.align-content-lg-around{-ms-flex-line-pack:distribute!important;align-content:space-around!important}.align-content-lg-stretch{-ms-flex-line-pack:stretch!important;align-content:stretch!important}.align-self-lg-auto{-ms-flex-item-align:auto!important;align-self:auto!important}.align-self-lg-start{-ms-flex-item-align:start!important;align-self:flex-start!important}.align-self-lg-end{-ms-flex-item-align:end!important;align-self:flex-end!important}.align-self-lg-center{-ms-flex-item-align:center!important;align-self:center!important}.align-self-lg-baseline{-ms-flex-item-align:baseline!important;align-self:baseline!important}.align-self-lg-stretch{-ms-flex-item-align:stretch!important;align-self:stretch!important}}@media (min-width:1200px){.flex-xl-row{-webkit-box-orient:horizontal!important;-webkit-box-direction:normal!important;-ms-flex-direction:row!important;flex-direction:row!important}.flex-xl-column{-webkit-box-orient:vertical!important;-webkit-box-direction:normal!important;-ms-flex-direction:column!important;flex-direction:column!important}.flex-xl-row-reverse{-webkit-box-orient:horizontal!important;-webkit-box-direction:reverse!important;-ms-flex-direction:row-reverse!important;flex-direction:row-reverse!important}.flex-xl-column-reverse{-webkit-box-orient:vertical!important;-webkit-box-direction:reverse!important;-ms-flex-direction:column-reverse!important;flex-direction:column-reverse!important}.flex-xl-wrap{-ms-flex-wrap:wrap!important;flex-wrap:wrap!important}.flex-xl-nowrap{-ms-flex-wrap:nowrap!important;flex-wrap:nowrap!important}.flex-xl-wrap-reverse{-ms-flex-wrap:wrap-reverse!important;flex-wrap:wrap-reverse!important}.justify-content-xl-start{-webkit-box-pack:start!important;-ms-flex-pack:start!important;justify-content:flex-start!important}.justify-content-xl-end{-webkit-box-pack:end!important;-ms-flex-pack:end!important;justify-content:flex-end!important}.justify-content-xl-center{-webkit-box-pack:center!important;-ms-flex-pack:center!important;justify-content:center!important}.justify-content-xl-between{-webkit-box-pack:justify!important;-ms-flex-pack:justify!important;justify-content:space-between!important}.justify-content-xl-around{-ms-flex-pack:distribute!important;justify-content:space-around!important}.align-items-xl-start{-webkit-box-align:start!important;-ms-flex-align:start!important;align-items:flex-start!important}.align-items-xl-end{-webkit-box-align:end!important;-ms-flex-align:end!important;align-items:flex-end!important}.align-items-xl-center{-webkit-box-align:center!important;-ms-flex-align:center!important;align-items:center!important}.align-items-xl-baseline{-webkit-box-align:baseline!important;-ms-flex-align:baseline!important;align-items:baseline!important}.align-items-xl-stretch{-webkit-box-align:stretch!important;-ms-flex-align:stretch!important;align-items:stretch!important}.align-content-xl-start{-ms-flex-line-pack:start!important;align-content:flex-start!important}.align-content-xl-end{-ms-flex-line-pack:end!important;align-content:flex-end!important}.align-content-xl-center{-ms-flex-line-pack:center!important;align-content:center!important}.align-content-xl-between{-ms-flex-line-pack:justify!important;align-content:space-between!important}.align-content-xl-around{-ms-flex-line-pack:distribute!important;align-content:space-around!important}.align-content-xl-stretch{-ms-flex-line-pack:stretch!important;align-content:stretch!important}.align-self-xl-auto{-ms-flex-item-align:auto!important;align-self:auto!important}.align-self-xl-start{-ms-flex-item-align:start!important;align-self:flex-start!important}.align-self-xl-end{-ms-flex-item-align:end!important;align-self:flex-end!important}.align-self-xl-center{-ms-flex-item-align:center!important;align-self:center!important}.align-self-xl-baseline{-ms-flex-item-align:baseline!important;align-self:baseline!important}.align-self-xl-stretch{-ms-flex-item-align:stretch!important;align-self:stretch!important}}.float-left{float:left!important}.float-right{float:right!important}.float-none{float:none!important}@media (min-width:576px){.float-sm-left{float:left!important}.float-sm-right{float:right!important}.float-sm-none{float:none!important}}@media (min-width:768px){.float-md-left{float:left!important}.float-md-right{float:right!important}.float-md-none{float:none!important}}@media (min-width:992px){.float-lg-left{float:left!important}.float-lg-right{float:right!important}.float-lg-none{float:none!important}}@media (min-width:1200px){.float-xl-left{float:left!important}.float-xl-right{float:right!important}.float-xl-none{float:none!important}}.position-static{position:static!important}.position-relative{position:relative!important}.position-absolute{position:absolute!important}.position-fixed{position:fixed!important}.position-sticky{position:-webkit-sticky!important;position:sticky!important}.fixed-top{position:fixed;top:0;right:0;left:0;z-index:1030}.fixed-bottom{position:fixed;right:0;bottom:0;left:0;z-index:1030}@supports ((position:-webkit-sticky) or (position:sticky)){.sticky-top{position:-webkit-sticky;position:sticky;top:0;z-index:1020}}.sr-only{position:absolute;width:1px;height:1px;padding:0;overflow:hidden;clip:rect(0,0,0,0);white-space:nowrap;-webkit-clip-path:inset(50%);clip-path:inset(50%);border:0}.sr-only-focusable:active,.sr-only-focusable:focus{position:static;width:auto;height:auto;overflow:visible;clip:auto;white-space:normal;-webkit-clip-path:none;clip-path:none}.w-25{width:25%!important}.w-50{width:50%!important}.w-75{width:75%!important}.w-100{width:100%!important}.h-25{height:25%!important}.h-50{height:50%!important}.h-75{height:75%!important}.h-100{height:100%!important}.mw-100{max-width:100%!important}.mh-100{max-height:100%!important}.m-0{margin:0!important}.mt-0,.my-0{margin-top:0!important}.mr-0,.mx-0{margin-right:0!important}.mb-0,.my-0{margin-bottom:0!important}.ml-0,.mx-0{margin-left:0!important}.m-1{margin:.25rem!important}.mt-1,.my-1{margin-top:.25rem!important}.mr-1,.mx-1{margin-right:.25rem!important}.mb-1,.my-1{margin-bottom:.25rem!important}.ml-1,.mx-1{margin-left:.25rem!important}.m-2{margin:.5rem!important}.mt-2,.my-2{margin-top:.5rem!important}.mr-2,.mx-2{margin-right:.5rem!important}.mb-2,.my-2{margin-bottom:.5rem!important}.ml-2,.mx-2{margin-left:.5rem!important}.m-3{margin:1rem!important}.mt-3,.my-3{margin-top:1rem!important}.mr-3,.mx-3{margin-right:1rem!important}.mb-3,.my-3{margin-bottom:1rem!important}.ml-3,.mx-3{margin-left:1rem!important}.m-4{margin:1.5rem!important}.mt-4,.my-4{margin-top:1.5rem!important}.mr-4,.mx-4{margin-right:1.5rem!important}.mb-4,.my-4{margin-bottom:1.5rem!important}.ml-4,.mx-4{margin-left:1.5rem!important}.m-5{margin:3rem!important}.mt-5,.my-5{margin-top:3rem!important}.mr-5,.mx-5{margin-right:3rem!important}.mb-5,.my-5{margin-bottom:3rem!important}.ml-5,.mx-5{margin-left:3rem!important}.p-0{padding:0!important}.pt-0,.py-0{padding-top:0!important}.pr-0,.px-0{padding-right:0!important}.pb-0,.py-0{padding-bottom:0!important}.pl-0,.px-0{padding-left:0!important}.p-1{padding:.25rem!important}.pt-1,.py-1{padding-top:.25rem!important}.pr-1,.px-1{padding-right:.25rem!important}.pb-1,.py-1{padding-bottom:.25rem!important}.pl-1,.px-1{padding-left:.25rem!important}.p-2{padding:.5rem!important}.pt-2,.py-2{padding-top:.5rem!important}.pr-2,.px-2{padding-right:.5rem!important}.pb-2,.py-2{padding-bottom:.5rem!important}.pl-2,.px-2{padding-left:.5rem!important}.p-3{padding:1rem!important}.pt-3,.py-3{padding-top:1rem!important}.pr-3,.px-3{padding-right:1rem!important}.pb-3,.py-3{padding-bottom:1rem!important}.pl-3,.px-3{padding-left:1rem!important}.p-4{padding:1.5rem!important}.pt-4,.py-4{padding-top:1.5rem!important}.pr-4,.px-4{padding-right:1.5rem!important}.pb-4,.py-4{padding-bottom:1.5rem!important}.pl-4,.px-4{padding-left:1.5rem!important}.p-5{padding:3rem!important}.pt-5,.py-5{padding-top:3rem!important}.pr-5,.px-5{padding-right:3rem!important}.pb-5,.py-5{padding-bottom:3rem!important}.pl-5,.px-5{padding-left:3rem!important}.m-auto{margin:auto!important}.mt-auto,.my-auto{margin-top:auto!important}.mr-auto,.mx-auto{margin-right:auto!important}.mb-auto,.my-auto{margin-bottom:auto!important}.ml-auto,.mx-auto{margin-left:auto!important}@media (min-width:576px){.m-sm-0{margin:0!important}.mt-sm-0,.my-sm-0{margin-top:0!important}.mr-sm-0,.mx-sm-0{margin-right:0!important}.mb-sm-0,.my-sm-0{margin-bottom:0!important}.ml-sm-0,.mx-sm-0{margin-left:0!important}.m-sm-1{margin:.25rem!important}.mt-sm-1,.my-sm-1{margin-top:.25rem!important}.mr-sm-1,.mx-sm-1{margin-right:.25rem!important}.mb-sm-1,.my-sm-1{margin-bottom:.25rem!important}.ml-sm-1,.mx-sm-1{margin-left:.25rem!important}.m-sm-2{margin:.5rem!important}.mt-sm-2,.my-sm-2{margin-top:.5rem!important}.mr-sm-2,.mx-sm-2{margin-right:.5rem!important}.mb-sm-2,.my-sm-2{margin-bottom:.5rem!important}.ml-sm-2,.mx-sm-2{margin-left:.5rem!important}.m-sm-3{margin:1rem!important}.mt-sm-3,.my-sm-3{margin-top:1rem!important}.mr-sm-3,.mx-sm-3{margin-right:1rem!important}.mb-sm-3,.my-sm-3{margin-bottom:1rem!important}.ml-sm-3,.mx-sm-3{margin-left:1rem!important}.m-sm-4{margin:1.5rem!important}.mt-sm-4,.my-sm-4{margin-top:1.5rem!important}.mr-sm-4,.mx-sm-4{margin-right:1.5rem!important}.mb-sm-4,.my-sm-4{margin-bottom:1.5rem!important}.ml-sm-4,.mx-sm-4{margin-left:1.5rem!important}.m-sm-5{margin:3rem!important}.mt-sm-5,.my-sm-5{margin-top:3rem!important}.mr-sm-5,.mx-sm-5{margin-right:3rem!important}.mb-sm-5,.my-sm-5{margin-bottom:3rem!important}.ml-sm-5,.mx-sm-5{margin-left:3rem!important}.p-sm-0{padding:0!important}.pt-sm-0,.py-sm-0{padding-top:0!important}.pr-sm-0,.px-sm-0{padding-right:0!important}.pb-sm-0,.py-sm-0{padding-bottom:0!important}.pl-sm-0,.px-sm-0{padding-left:0!important}.p-sm-1{padding:.25rem!important}.pt-sm-1,.py-sm-1{padding-top:.25rem!important}.pr-sm-1,.px-sm-1{padding-right:.25rem!important}.pb-sm-1,.py-sm-1{padding-bottom:.25rem!important}.pl-sm-1,.px-sm-1{padding-left:.25rem!important}.p-sm-2{padding:.5rem!important}.pt-sm-2,.py-sm-2{padding-top:.5rem!important}.pr-sm-2,.px-sm-2{padding-right:.5rem!important}.pb-sm-2,.py-sm-2{padding-bottom:.5rem!important}.pl-sm-2,.px-sm-2{padding-left:.5rem!important}.p-sm-3{padding:1rem!important}.pt-sm-3,.py-sm-3{padding-top:1rem!important}.pr-sm-3,.px-sm-3{padding-right:1rem!important}.pb-sm-3,.py-sm-3{padding-bottom:1rem!important}.pl-sm-3,.px-sm-3{padding-left:1rem!important}.p-sm-4{padding:1.5rem!important}.pt-sm-4,.py-sm-4{padding-top:1.5rem!important}.pr-sm-4,.px-sm-4{padding-right:1.5rem!important}.pb-sm-4,.py-sm-4{padding-bottom:1.5rem!important}.pl-sm-4,.px-sm-4{padding-left:1.5rem!important}.p-sm-5{padding:3rem!important}.pt-sm-5,.py-sm-5{padding-top:3rem!important}.pr-sm-5,.px-sm-5{padding-right:3rem!important}.pb-sm-5,.py-sm-5{padding-bottom:3rem!important}.pl-sm-5,.px-sm-5{padding-left:3rem!important}.m-sm-auto{margin:auto!important}.mt-sm-auto,.my-sm-auto{margin-top:auto!important}.mr-sm-auto,.mx-sm-auto{margin-right:auto!important}.mb-sm-auto,.my-sm-auto{margin-bottom:auto!important}.ml-sm-auto,.mx-sm-auto{margin-left:auto!important}}@media (min-width:768px){.m-md-0{margin:0!important}.mt-md-0,.my-md-0{margin-top:0!important}.mr-md-0,.mx-md-0{margin-right:0!important}.mb-md-0,.my-md-0{margin-bottom:0!important}.ml-md-0,.mx-md-0{margin-left:0!important}.m-md-1{margin:.25rem!important}.mt-md-1,.my-md-1{margin-top:.25rem!important}.mr-md-1,.mx-md-1{margin-right:.25rem!important}.mb-md-1,.my-md-1{margin-bottom:.25rem!important}.ml-md-1,.mx-md-1{margin-left:.25rem!important}.m-md-2{margin:.5rem!important}.mt-md-2,.my-md-2{margin-top:.5rem!important}.mr-md-2,.mx-md-2{margin-right:.5rem!important}.mb-md-2,.my-md-2{margin-bottom:.5rem!important}.ml-md-2,.mx-md-2{margin-left:.5rem!important}.m-md-3{margin:1rem!important}.mt-md-3,.my-md-3{margin-top:1rem!important}.mr-md-3,.mx-md-3{margin-right:1rem!important}.mb-md-3,.my-md-3{margin-bottom:1rem!important}.ml-md-3,.mx-md-3{margin-left:1rem!important}.m-md-4{margin:1.5rem!important}.mt-md-4,.my-md-4{margin-top:1.5rem!important}.mr-md-4,.mx-md-4{margin-right:1.5rem!important}.mb-md-4,.my-md-4{margin-bottom:1.5rem!important}.ml-md-4,.mx-md-4{margin-left:1.5rem!important}.m-md-5{margin:3rem!important}.mt-md-5,.my-md-5{margin-top:3rem!important}.mr-md-5,.mx-md-5{margin-right:3rem!important}.mb-md-5,.my-md-5{margin-bottom:3rem!important}.ml-md-5,.mx-md-5{margin-left:3rem!important}.p-md-0{padding:0!important}.pt-md-0,.py-md-0{padding-top:0!important}.pr-md-0,.px-md-0{padding-right:0!important}.pb-md-0,.py-md-0{padding-bottom:0!important}.pl-md-0,.px-md-0{padding-left:0!important}.p-md-1{padding:.25rem!important}.pt-md-1,.py-md-1{padding-top:.25rem!important}.pr-md-1,.px-md-1{padding-right:.25rem!important}.pb-md-1,.py-md-1{padding-bottom:.25rem!important}.pl-md-1,.px-md-1{padding-left:.25rem!important}.p-md-2{padding:.5rem!important}.pt-md-2,.py-md-2{padding-top:.5rem!important}.pr-md-2,.px-md-2{padding-right:.5rem!important}.pb-md-2,.py-md-2{padding-bottom:.5rem!important}.pl-md-2,.px-md-2{padding-left:.5rem!important}.p-md-3{padding:1rem!important}.pt-md-3,.py-md-3{padding-top:1rem!important}.pr-md-3,.px-md-3{padding-right:1rem!important}.pb-md-3,.py-md-3{padding-bottom:1rem!important}.pl-md-3,.px-md-3{padding-left:1rem!important}.p-md-4{padding:1.5rem!important}.pt-md-4,.py-md-4{padding-top:1.5rem!important}.pr-md-4,.px-md-4{padding-right:1.5rem!important}.pb-md-4,.py-md-4{padding-bottom:1.5rem!important}.pl-md-4,.px-md-4{padding-left:1.5rem!important}.p-md-5{padding:3rem!important}.pt-md-5,.py-md-5{padding-top:3rem!important}.pr-md-5,.px-md-5{padding-right:3rem!important}.pb-md-5,.py-md-5{padding-bottom:3rem!important}.pl-md-5,.px-md-5{padding-left:3rem!important}.m-md-auto{margin:auto!important}.mt-md-auto,.my-md-auto{margin-top:auto!important}.mr-md-auto,.mx-md-auto{margin-right:auto!important}.mb-md-auto,.my-md-auto{margin-bottom:auto!important}.ml-md-auto,.mx-md-auto{margin-left:auto!important}}@media (min-width:992px){.m-lg-0{margin:0!important}.mt-lg-0,.my-lg-0{margin-top:0!important}.mr-lg-0,.mx-lg-0{margin-right:0!important}.mb-lg-0,.my-lg-0{margin-bottom:0!important}.ml-lg-0,.mx-lg-0{margin-left:0!important}.m-lg-1{margin:.25rem!important}.mt-lg-1,.my-lg-1{margin-top:.25rem!important}.mr-lg-1,.mx-lg-1{margin-right:.25rem!important}.mb-lg-1,.my-lg-1{margin-bottom:.25rem!important}.ml-lg-1,.mx-lg-1{margin-left:.25rem!important}.m-lg-2{margin:.5rem!important}.mt-lg-2,.my-lg-2{margin-top:.5rem!important}.mr-lg-2,.mx-lg-2{margin-right:.5rem!important}.mb-lg-2,.my-lg-2{margin-bottom:.5rem!important}.ml-lg-2,.mx-lg-2{margin-left:.5rem!important}.m-lg-3{margin:1rem!important}.mt-lg-3,.my-lg-3{margin-top:1rem!important}.mr-lg-3,.mx-lg-3{margin-right:1rem!important}.mb-lg-3,.my-lg-3{margin-bottom:1rem!important}.ml-lg-3,.mx-lg-3{margin-left:1rem!important}.m-lg-4{margin:1.5rem!important}.mt-lg-4,.my-lg-4{margin-top:1.5rem!important}.mr-lg-4,.mx-lg-4{margin-right:1.5rem!important}.mb-lg-4,.my-lg-4{margin-bottom:1.5rem!important}.ml-lg-4,.mx-lg-4{margin-left:1.5rem!important}.m-lg-5{margin:3rem!important}.mt-lg-5,.my-lg-5{margin-top:3rem!important}.mr-lg-5,.mx-lg-5{margin-right:3rem!important}.mb-lg-5,.my-lg-5{margin-bottom:3rem!important}.ml-lg-5,.mx-lg-5{margin-left:3rem!important}.p-lg-0{padding:0!important}.pt-lg-0,.py-lg-0{padding-top:0!important}.pr-lg-0,.px-lg-0{padding-right:0!important}.pb-lg-0,.py-lg-0{padding-bottom:0!important}.pl-lg-0,.px-lg-0{padding-left:0!important}.p-lg-1{padding:.25rem!important}.pt-lg-1,.py-lg-1{padding-top:.25rem!important}.pr-lg-1,.px-lg-1{padding-right:.25rem!important}.pb-lg-1,.py-lg-1{padding-bottom:.25rem!important}.pl-lg-1,.px-lg-1{padding-left:.25rem!important}.p-lg-2{padding:.5rem!important}.pt-lg-2,.py-lg-2{padding-top:.5rem!important}.pr-lg-2,.px-lg-2{padding-right:.5rem!important}.pb-lg-2,.py-lg-2{padding-bottom:.5rem!important}.pl-lg-2,.px-lg-2{padding-left:.5rem!important}.p-lg-3{padding:1rem!important}.pt-lg-3,.py-lg-3{padding-top:1rem!important}.pr-lg-3,.px-lg-3{padding-right:1rem!important}.pb-lg-3,.py-lg-3{padding-bottom:1rem!important}.pl-lg-3,.px-lg-3{padding-left:1rem!important}.p-lg-4{padding:1.5rem!important}.pt-lg-4,.py-lg-4{padding-top:1.5rem!important}.pr-lg-4,.px-lg-4{padding-right:1.5rem!important}.pb-lg-4,.py-lg-4{padding-bottom:1.5rem!important}.pl-lg-4,.px-lg-4{padding-left:1.5rem!important}.p-lg-5{padding:3rem!important}.pt-lg-5,.py-lg-5{padding-top:3rem!important}.pr-lg-5,.px-lg-5{padding-right:3rem!important}.pb-lg-5,.py-lg-5{padding-bottom:3rem!important}.pl-lg-5,.px-lg-5{padding-left:3rem!important}.m-lg-auto{margin:auto!important}.mt-lg-auto,.my-lg-auto{margin-top:auto!important}.mr-lg-auto,.mx-lg-auto{margin-right:auto!important}.mb-lg-auto,.my-lg-auto{margin-bottom:auto!important}.ml-lg-auto,.mx-lg-auto{margin-left:auto!important}}@media (min-width:1200px){.m-xl-0{margin:0!important}.mt-xl-0,.my-xl-0{margin-top:0!important}.mr-xl-0,.mx-xl-0{margin-right:0!important}.mb-xl-0,.my-xl-0{margin-bottom:0!important}.ml-xl-0,.mx-xl-0{margin-left:0!important}.m-xl-1{margin:.25rem!important}.mt-xl-1,.my-xl-1{margin-top:.25rem!important}.mr-xl-1,.mx-xl-1{margin-right:.25rem!important}.mb-xl-1,.my-xl-1{margin-bottom:.25rem!important}.ml-xl-1,.mx-xl-1{margin-left:.25rem!important}.m-xl-2{margin:.5rem!important}.mt-xl-2,.my-xl-2{margin-top:.5rem!important}.mr-xl-2,.mx-xl-2{margin-right:.5rem!important}.mb-xl-2,.my-xl-2{margin-bottom:.5rem!important}.ml-xl-2,.mx-xl-2{margin-left:.5rem!important}.m-xl-3{margin:1rem!important}.mt-xl-3,.my-xl-3{margin-top:1rem!important}.mr-xl-3,.mx-xl-3{margin-right:1rem!important}.mb-xl-3,.my-xl-3{margin-bottom:1rem!important}.ml-xl-3,.mx-xl-3{margin-left:1rem!important}.m-xl-4{margin:1.5rem!important}.mt-xl-4,.my-xl-4{margin-top:1.5rem!important}.mr-xl-4,.mx-xl-4{margin-right:1.5rem!important}.mb-xl-4,.my-xl-4{margin-bottom:1.5rem!important}.ml-xl-4,.mx-xl-4{margin-left:1.5rem!important}.m-xl-5{margin:3rem!important}.mt-xl-5,.my-xl-5{margin-top:3rem!important}.mr-xl-5,.mx-xl-5{margin-right:3rem!important}.mb-xl-5,.my-xl-5{margin-bottom:3rem!important}.ml-xl-5,.mx-xl-5{margin-left:3rem!important}.p-xl-0{padding:0!important}.pt-xl-0,.py-xl-0{padding-top:0!important}.pr-xl-0,.px-xl-0{padding-right:0!important}.pb-xl-0,.py-xl-0{padding-bottom:0!important}.pl-xl-0,.px-xl-0{padding-left:0!important}.p-xl-1{padding:.25rem!important}.pt-xl-1,.py-xl-1{padding-top:.25rem!important}.pr-xl-1,.px-xl-1{padding-right:.25rem!important}.pb-xl-1,.py-xl-1{padding-bottom:.25rem!important}.pl-xl-1,.px-xl-1{padding-left:.25rem!important}.p-xl-2{padding:.5rem!important}.pt-xl-2,.py-xl-2{padding-top:.5rem!important}.pr-xl-2,.px-xl-2{padding-right:.5rem!important}.pb-xl-2,.py-xl-2{padding-bottom:.5rem!important}.pl-xl-2,.px-xl-2{padding-left:.5rem!important}.p-xl-3{padding:1rem!important}.pt-xl-3,.py-xl-3{padding-top:1rem!important}.pr-xl-3,.px-xl-3{padding-right:1rem!important}.pb-xl-3,.py-xl-3{padding-bottom:1rem!important}.pl-xl-3,.px-xl-3{padding-left:1rem!important}.p-xl-4{padding:1.5rem!important}.pt-xl-4,.py-xl-4{padding-top:1.5rem!important}.pr-xl-4,.px-xl-4{padding-right:1.5rem!important}.pb-xl-4,.py-xl-4{padding-bottom:1.5rem!important}.pl-xl-4,.px-xl-4{padding-left:1.5rem!important}.p-xl-5{padding:3rem!important}.pt-xl-5,.py-xl-5{padding-top:3rem!important}.pr-xl-5,.px-xl-5{padding-right:3rem!important}.pb-xl-5,.py-xl-5{padding-bottom:3rem!important}.pl-xl-5,.px-xl-5{padding-left:3rem!important}.m-xl-auto{margin:auto!important}.mt-xl-auto,.my-xl-auto{margin-top:auto!important}.mr-xl-auto,.mx-xl-auto{margin-right:auto!important}.mb-xl-auto,.my-xl-auto{margin-bottom:auto!important}.ml-xl-auto,.mx-xl-auto{margin-left:auto!important}}.text-justify{text-align:justify!important}.text-nowrap{white-space:nowrap!important}.text-truncate{overflow:hidden;text-overflow:ellipsis;white-space:nowrap}.text-left{text-align:left!important}.text-right{text-align:right!important}.text-center{text-align:center!important}@media (min-width:576px){.text-sm-left{text-align:left!important}.text-sm-right{text-align:right!important}.text-sm-center{text-align:center!important}}@media (min-width:768px){.text-md-left{text-align:left!important}.text-md-right{text-align:right!important}.text-md-center{text-align:center!important}}@media (min-width:992px){.text-lg-left{text-align:left!important}.text-lg-right{text-align:right!important}.text-lg-center{text-align:center!important}}@media (min-width:1200px){.text-xl-left{text-align:left!important}.text-xl-right{text-align:right!important}.text-xl-center{text-align:center!important}}.text-lowercase{text-transform:lowercase!important}.text-uppercase{text-transform:uppercase!important}.text-capitalize{text-transform:capitalize!important}.font-weight-light{font-weight:300!important}.font-weight-normal{font-weight:400!important}.font-weight-bold{font-weight:700!important}.font-italic{font-style:italic!important}.text-white{color:#fff!important}.text-primary{color:#007bff!important}a.text-primary:focus,a.text-primary:hover{color:#0062cc!important}.text-secondary{color:#6c757d!important}a.text-secondary:focus,a.text-secondary:hover{color:#545b62!important}.text-success{color:#28a745!important}a.text-success:focus,a.text-success:hover{color:#1e7e34!important}.text-info{color:#17a2b8!important}a.text-info:focus,a.text-info:hover{color:#117a8b!important}.text-warning{color:#ffc107!important}a.text-warning:focus,a.text-warning:hover{color:#d39e00!important}.text-danger{color:#dc3545!important}a.text-danger:focus,a.text-danger:hover{color:#bd2130!important}.text-light{color:#f8f9fa!important}a.text-light:focus,a.text-light:hover{color:#dae0e5!important}.text-dark{color:#343a40!important}a.text-dark:focus,a.text-dark:hover{color:#1d2124!important}.text-muted{color:#6c757d!important}.text-hide{font:0/0 a;color:transparent;text-shadow:none;background-color:transparent;border:0}.visible{visibility:visible!important}.invisible{visibility:hidden!important}@media print{*,::after,::before{text-shadow:none!important;box-shadow:none!important}a:not(.btn){text-decoration:underline}abbr[title]::after{content:" (" attr(title) ")"}pre{white-space:pre-wrap!important}blockquote,pre{border:1px solid #999;page-break-inside:avoid}thead{display:table-header-group}img,tr{page-break-inside:avoid}h2,h3,p{orphans:3;widows:3}h2,h3{page-break-after:avoid}@page{size:a3}body{min-width:992px!important}.container{min-width:992px!important}.navbar{display:none}.badge{border:1px solid #000}.table{border-collapse:collapse!important}.table td,.table th{background-color:#fff!important}.table-bordered td,.table-bordered th{border:1px solid #ddd!important}} +/*# sourceMappingURL=bootstrap.min.css.map */ \ No newline at end of file diff --git a/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/includes/css/datetime-style-settings.css b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/includes/css/datetime-style-settings.css new file mode 100644 index 0000000..f7d83ce --- /dev/null +++ b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/includes/css/datetime-style-settings.css @@ -0,0 +1,576 @@ +/** + * jQuery Timepicker + * http://timepicker.co + * https://cdnjs.cloudflare.com/ajax/libs/timepicker/1.3.5/jquery.timepicker.min.css + * Enhances standard form input fields helping users to select (or type) times. + * + * Copyright (c) 2016 Willington Vega; Licensed MIT, GPL + */ + +.ui-timepicker-container { + position: absolute; + overflow: hidden; + box-sizing: border-box; +} + +.ui-timepicker { + box-sizing: content-box; + display: block; + height: 205px; + list-style: none outside none; + margin: 0; + padding: 0 1px; + text-align: center; +} + +.ui-timepicker-viewport { + box-sizing: content-box; + display: block; + height: 148px; + margin: 0; + padding: 0; + overflow: auto; + overflow-x: hidden; /* IE */ +} + +.ui-timepicker-standard { + /* overwrites .ui-widget */ + font-family: Verdana,Arial,sans-serif; + font-size: 1.1em; + /* overwrites .ui-widget-content */ + background-color: #FFF; + border: 1px solid #AAA; + color: #222; + /* overwrites .ui-menu */ + margin: 0; + padding: 2px; + height: 155px !important; +} +.ui-timepicker-standard a { + border: 1px solid transparent; + color: #222; + display: block; + padding: 0.2em 0.4em; + text-decoration: none; +} +.ui-timepicker-standard .ui-state-hover { + /* overwrites .ui-state-hover */ + background-color: #DADADA; + border: 1px solid #999; + font-weight: normal; + color: #212121; +} +.ui-timepicker-standard .ui-menu-item { + /* overwrites .ui-menu and .ui-menu-item */ + /*clear: left; + float: left;*/ + margin: 0; + padding: 0; +} + +.ui-timepicker-corners, +.ui-timepicker-corners .ui-corner-all { + -moz-border-radius: 4px; + -webkit-border-radius: 4px; + border-radius: 4px; +} + +.ui-timepicker-hidden { + /* overwrites .ui-helper-hidden */ + display: none; +} + +.ui-timepicker-no-scrollbar .ui-timepicker { + border: none; +} + + + +/* ADDED FOR TIMEZONE DROPDOWN - https://cdnjs.cloudflare.com/ajax/libs/select2/4.0.3/css/select2.min.css */ + +.select2-container { + box-sizing: border-box; + display: inline-block; + margin: 0; + width: 90% !important; + position: relative; + vertical-align: middle; } +.select2-container .select2-selection--single { + box-sizing: border-box; + cursor: pointer; + display: block; + height: 28px; + user-select: none; + -webkit-user-select: none; } +.select2-container .select2-selection--single .select2-selection__rendered { + display: block; + padding-left: 8px; + padding-right: 20px; + overflow: hidden; + text-overflow: ellipsis; + white-space: nowrap; } +.select2-container .select2-selection--single .select2-selection__clear { + position: relative; } +.select2-container[dir="rtl"] .select2-selection--single .select2-selection__rendered { + padding-right: 8px; + padding-left: 20px; } +.select2-container .select2-selection--multiple { + box-sizing: border-box; + cursor: pointer; + display: block; + min-height: 32px; + user-select: none; + -webkit-user-select: none; } +.select2-container .select2-selection--multiple .select2-selection__rendered { + display: inline-block; + overflow: hidden; + padding-left: 8px; + text-overflow: ellipsis; + white-space: nowrap; } +.select2-container .select2-search--inline { + float: left; } +.select2-container .select2-search--inline .select2-search__field { + box-sizing: border-box; + border: none; + font-size: 100%; + margin-top: 5px; + padding: 0; } +.select2-container .select2-search--inline .select2-search__field::-webkit-search-cancel-button { + -webkit-appearance: none; } + +.select2-dropdown { + background-color: white; + border: 1px solid #aaa; + border-radius: 4px; + box-sizing: border-box; + display: block; + position: absolute; + left: -100000px; + width: 100%; + z-index: 1051; } + +.select2-results { + display: block; } + +.select2-results__options { + list-style: none; + margin: 0; + padding: 0; } + +.select2-results__option { + padding: 6px; + user-select: none; + -webkit-user-select: none; } +.select2-results__option[aria-selected] { + cursor: pointer; } + +.select2-container--open .select2-dropdown { + left: 0; } + +.select2-container--open .select2-dropdown--above { + border-bottom: none; + border-bottom-left-radius: 0; + border-bottom-right-radius: 0; } + +.select2-container--open .select2-dropdown--below { + border-top: none; + border-top-left-radius: 0; + border-top-right-radius: 0; } + +.select2-search--dropdown { + display: block; + padding: 4px; } +.select2-search--dropdown .select2-search__field { + padding: 4px; + width: 100%; + box-sizing: border-box; } +.select2-search--dropdown .select2-search__field::-webkit-search-cancel-button { + -webkit-appearance: none; } +.select2-search--dropdown.select2-search--hide { + display: none; } + +.select2-close-mask { + border: 0; + margin: 0; + padding: 0; + display: block; + position: fixed; + left: 0; + top: 0; + min-height: 100%; + min-width: 100%; + height: auto; + width: auto; + opacity: 0; + z-index: 99; + background-color: #fff; + filter: alpha(opacity=0); } + +.select2-hidden-accessible { + border: 0 !important; + clip: rect(0 0 0 0) !important; + height: 1px !important; + margin: -1px !important; + overflow: hidden !important; + padding: 0 !important; + position: absolute !important; + width: 1px !important; } + +.select2-container--default .select2-selection--single { + background-color: #fff; + border: 1px solid #aaa; + border-radius: 4px; } +.select2-container--default .select2-selection--single .select2-selection__rendered { + color: #444; + line-height: 28px; } +.select2-container--default .select2-selection--single .select2-selection__clear { + cursor: pointer; + float: right; + font-weight: bold; } +.select2-container--default .select2-selection--single .select2-selection__placeholder { + color: #999; } +.select2-container--default .select2-selection--single .select2-selection__arrow { + height: 26px; + position: absolute; + top: 1px; + right: 1px; + width: 20px; } +.select2-container--default .select2-selection--single .select2-selection__arrow b { + border-color: #888 transparent transparent transparent; + border-style: solid; + border-width: 5px 4px 0 4px; + height: 0; + left: 50%; + margin-left: -4px; + margin-top: -2px; + position: absolute; + top: 50%; + width: 0; } + +.select2-container--default[dir="rtl"] .select2-selection--single .select2-selection__clear { + float: left; } + +.select2-container--default[dir="rtl"] .select2-selection--single .select2-selection__arrow { + left: 1px; + right: auto; } + +.select2-container--default.select2-container--disabled .select2-selection--single { + background-color: #eee; + cursor: default; } +.select2-container--default.select2-container--disabled .select2-selection--single .select2-selection__clear { + display: none; } + +.select2-container--default.select2-container--open .select2-selection--single .select2-selection__arrow b { + border-color: transparent transparent #888 transparent; + border-width: 0 4px 5px 4px; } + +.select2-container--default .select2-selection--multiple { + background-color: white; + border: 1px solid #aaa; + border-radius: 4px; + cursor: text; } +.select2-container--default .select2-selection--multiple .select2-selection__rendered { + box-sizing: border-box; + list-style: none; + margin: 0; + padding: 0 5px; + width: 100%; } +.select2-container--default .select2-selection--multiple .select2-selection__rendered li { + list-style: none; } +.select2-container--default .select2-selection--multiple .select2-selection__placeholder { + color: #999; + margin-top: 5px; + float: left; } +.select2-container--default .select2-selection--multiple .select2-selection__clear { + cursor: pointer; + float: right; + font-weight: bold; + margin-top: 5px; + margin-right: 10px; } +.select2-container--default .select2-selection--multiple .select2-selection__choice { + background-color: #e4e4e4; + border: 1px solid #aaa; + border-radius: 4px; + cursor: default; + float: left; + margin-right: 5px; + margin-top: 5px; + padding: 0 5px; } +.select2-container--default .select2-selection--multiple .select2-selection__choice__remove { + color: #999; + cursor: pointer; + display: inline-block; + font-weight: bold; + margin-right: 2px; } +.select2-container--default .select2-selection--multiple .select2-selection__choice__remove:hover { + color: #333; } + +.select2-container--default[dir="rtl"] .select2-selection--multiple .select2-selection__choice, .select2-container--default[dir="rtl"] .select2-selection--multiple .select2-selection__placeholder, .select2-container--default[dir="rtl"] .select2-selection--multiple .select2-search--inline { + float: right; } + +.select2-container--default[dir="rtl"] .select2-selection--multiple .select2-selection__choice { + margin-left: 5px; + margin-right: auto; } + +.select2-container--default[dir="rtl"] .select2-selection--multiple .select2-selection__choice__remove { + margin-left: 2px; + margin-right: auto; } + +.select2-container--default.select2-container--focus .select2-selection--multiple { + border: solid black 1px; + outline: 0; } + +.select2-container--default.select2-container--disabled .select2-selection--multiple { + background-color: #eee; + cursor: default; } + +.select2-container--default.select2-container--disabled .select2-selection__choice__remove { + display: none; } + +.select2-container--default.select2-container--open.select2-container--above .select2-selection--single, .select2-container--default.select2-container--open.select2-container--above .select2-selection--multiple { + border-top-left-radius: 0; + border-top-right-radius: 0; } + +.select2-container--default.select2-container--open.select2-container--below .select2-selection--single, .select2-container--default.select2-container--open.select2-container--below .select2-selection--multiple { + border-bottom-left-radius: 0; + border-bottom-right-radius: 0; } + +.select2-container--default .select2-search--dropdown .select2-search__field { + border: 1px solid #aaa; } + +.select2-container--default .select2-search--inline .select2-search__field { + background: transparent; + border: none; + outline: 0; + box-shadow: none; + -webkit-appearance: textfield; } + +.select2-container--default .select2-results > .select2-results__options { + max-height: 200px; + overflow-y: auto; } + +.select2-container--default .select2-results__option[role=group] { + padding: 0; } + +.select2-container--default .select2-results__option[aria-disabled=true] { + color: #999; } + +.select2-container--default .select2-results__option[aria-selected=true] { + background-color: #ddd; } + +.select2-container--default .select2-results__option .select2-results__option { + padding-left: 1em; } +.select2-container--default .select2-results__option .select2-results__option .select2-results__group { + padding-left: 0; } +.select2-container--default .select2-results__option .select2-results__option .select2-results__option { + margin-left: -1em; + padding-left: 2em; } +.select2-container--default .select2-results__option .select2-results__option .select2-results__option .select2-results__option { + margin-left: -2em; + padding-left: 3em; } +.select2-container--default .select2-results__option .select2-results__option .select2-results__option .select2-results__option .select2-results__option { + margin-left: -3em; + padding-left: 4em; } +.select2-container--default .select2-results__option .select2-results__option .select2-results__option .select2-results__option .select2-results__option .select2-results__option { + margin-left: -4em; + padding-left: 5em; } +.select2-container--default .select2-results__option .select2-results__option .select2-results__option .select2-results__option .select2-results__option .select2-results__option .select2-results__option { + margin-left: -5em; + padding-left: 6em; } + +.select2-container--default .select2-results__option--highlighted[aria-selected] { + background-color: #5897fb; + color: white; } + +.select2-container--default .select2-results__group { + cursor: default; + display: block; + padding: 6px; } + +.select2-container--classic .select2-selection--single { + background-color: #f7f7f7; + border: 1px solid #aaa; + border-radius: 4px; + outline: 0; + background-image: -webkit-linear-gradient(top, white 50%, #eeeeee 100%); + background-image: -o-linear-gradient(top, white 50%, #eeeeee 100%); + background-image: linear-gradient(to bottom, white 50%, #eeeeee 100%); + background-repeat: repeat-x; + filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#FFFFFFFF', endColorstr='#FFEEEEEE', GradientType=0); } +.select2-container--classic .select2-selection--single:focus { + border: 1px solid #5897fb; } +.select2-container--classic .select2-selection--single .select2-selection__rendered { + color: #444; + line-height: 28px; } +.select2-container--classic .select2-selection--single .select2-selection__clear { + cursor: pointer; + float: right; + font-weight: bold; + margin-right: 10px; } +.select2-container--classic .select2-selection--single .select2-selection__placeholder { + color: #999; } +.select2-container--classic .select2-selection--single .select2-selection__arrow { + background-color: #ddd; + border: none; + border-left: 1px solid #aaa; + border-top-right-radius: 4px; + border-bottom-right-radius: 4px; + height: 26px; + position: absolute; + top: 1px; + right: 1px; + width: 20px; + background-image: -webkit-linear-gradient(top, #eeeeee 50%, #cccccc 100%); + background-image: -o-linear-gradient(top, #eeeeee 50%, #cccccc 100%); + background-image: linear-gradient(to bottom, #eeeeee 50%, #cccccc 100%); + background-repeat: repeat-x; + filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#FFEEEEEE', endColorstr='#FFCCCCCC', GradientType=0); } +.select2-container--classic .select2-selection--single .select2-selection__arrow b { + border-color: #888 transparent transparent transparent; + border-style: solid; + border-width: 5px 4px 0 4px; + height: 0; + left: 50%; + margin-left: -4px; + margin-top: -2px; + position: absolute; + top: 50%; + width: 0; } + +.select2-container--classic[dir="rtl"] .select2-selection--single .select2-selection__clear { + float: left; } + +.select2-container--classic[dir="rtl"] .select2-selection--single .select2-selection__arrow { + border: none; + border-right: 1px solid #aaa; + border-radius: 0; + border-top-left-radius: 4px; + border-bottom-left-radius: 4px; + left: 1px; + right: auto; } + +.select2-container--classic.select2-container--open .select2-selection--single { + border: 1px solid #5897fb; } +.select2-container--classic.select2-container--open .select2-selection--single .select2-selection__arrow { + background: transparent; + border: none; } +.select2-container--classic.select2-container--open .select2-selection--single .select2-selection__arrow b { + border-color: transparent transparent #888 transparent; + border-width: 0 4px 5px 4px; } + +.select2-container--classic.select2-container--open.select2-container--above .select2-selection--single { + border-top: none; + border-top-left-radius: 0; + border-top-right-radius: 0; + background-image: -webkit-linear-gradient(top, white 0%, #eeeeee 50%); + background-image: -o-linear-gradient(top, white 0%, #eeeeee 50%); + background-image: linear-gradient(to bottom, white 0%, #eeeeee 50%); + background-repeat: repeat-x; + filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#FFFFFFFF', endColorstr='#FFEEEEEE', GradientType=0); } + +.select2-container--classic.select2-container--open.select2-container--below .select2-selection--single { + border-bottom: none; + border-bottom-left-radius: 0; + border-bottom-right-radius: 0; + background-image: -webkit-linear-gradient(top, #eeeeee 50%, white 100%); + background-image: -o-linear-gradient(top, #eeeeee 50%, white 100%); + background-image: linear-gradient(to bottom, #eeeeee 50%, white 100%); + background-repeat: repeat-x; + filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#FFEEEEEE', endColorstr='#FFFFFFFF', GradientType=0); } + +.select2-container--classic .select2-selection--multiple { + background-color: white; + border: 1px solid #aaa; + border-radius: 4px; + cursor: text; + outline: 0; } +.select2-container--classic .select2-selection--multiple:focus { + border: 1px solid #5897fb; } +.select2-container--classic .select2-selection--multiple .select2-selection__rendered { + list-style: none; + margin: 0; + padding: 0 5px; } +.select2-container--classic .select2-selection--multiple .select2-selection__clear { + display: none; } +.select2-container--classic .select2-selection--multiple .select2-selection__choice { + background-color: #e4e4e4; + border: 1px solid #aaa; + border-radius: 4px; + cursor: default; + float: left; + margin-right: 5px; + margin-top: 5px; + padding: 0 5px; } +.select2-container--classic .select2-selection--multiple .select2-selection__choice__remove { + color: #888; + cursor: pointer; + display: inline-block; + font-weight: bold; + margin-right: 2px; } +.select2-container--classic .select2-selection--multiple .select2-selection__choice__remove:hover { + color: #555; } + +.select2-container--classic[dir="rtl"] .select2-selection--multiple .select2-selection__choice { + float: right; } + +.select2-container--classic[dir="rtl"] .select2-selection--multiple .select2-selection__choice { + margin-left: 5px; + margin-right: auto; } + +.select2-container--classic[dir="rtl"] .select2-selection--multiple .select2-selection__choice__remove { + margin-left: 2px; + margin-right: auto; } + +.select2-container--classic.select2-container--open .select2-selection--multiple { + border: 1px solid #5897fb; } + +.select2-container--classic.select2-container--open.select2-container--above .select2-selection--multiple { + border-top: none; + border-top-left-radius: 0; + border-top-right-radius: 0; } + +.select2-container--classic.select2-container--open.select2-container--below .select2-selection--multiple { + border-bottom: none; + border-bottom-left-radius: 0; + border-bottom-right-radius: 0; } + +.select2-container--classic .select2-search--dropdown .select2-search__field { + border: 1px solid #aaa; + outline: 0; } + +.select2-container--classic .select2-search--inline .select2-search__field { + outline: 0; + box-shadow: none; } + +.select2-container--classic .select2-dropdown { + background-color: white; + border: 1px solid transparent; } + +.select2-container--classic .select2-dropdown--above { + border-bottom: none; } + +.select2-container--classic .select2-dropdown--below { + border-top: none; } + +.select2-container--classic .select2-results > .select2-results__options { + max-height: 200px; + overflow-y: auto; } + +.select2-container--classic .select2-results__option[role=group] { + padding: 0; } + +.select2-container--classic .select2-results__option[aria-disabled=true] { + color: grey; } + +.select2-container--classic .select2-results__option--highlighted[aria-selected] { + background-color: #3875d7; + color: white; } + +.select2-container--classic .select2-results__group { + cursor: default; + display: block; + padding: 6px; } + +.select2-container--classic.select2-container--open .select2-dropdown { + border-color: #5897fb; } + diff --git a/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/includes/css/datetime-style-settings.min.css b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/includes/css/datetime-style-settings.min.css new file mode 100644 index 0000000..0d2288f --- /dev/null +++ b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/includes/css/datetime-style-settings.min.css @@ -0,0 +1 @@ +.ui-timepicker-container{position:absolute;overflow:hidden;box-sizing:border-box}.ui-timepicker{box-sizing:content-box;display:block;height:205px;list-style:none outside none;margin:0;padding:0 1px;text-align:center}.ui-timepicker-viewport{box-sizing:content-box;display:block;height:148px;margin:0;padding:0;overflow:auto;overflow-x:hidden}.ui-timepicker-standard{font-family:Verdana,Arial,sans-serif;font-size:1.1em;background-color:#fff;border:1px solid #aaa;color:#222;margin:0;padding:2px;height:155px!important}.ui-timepicker-standard a{border:1px solid transparent;color:#222;display:block;padding:.2em .4em;text-decoration:none}.ui-timepicker-standard .ui-state-hover{background-color:#dadada;border:1px solid #999;font-weight:400;color:#212121}.ui-timepicker-standard .ui-menu-item{margin:0;padding:0}.ui-timepicker-corners,.ui-timepicker-corners .ui-corner-all{-moz-border-radius:4px;-webkit-border-radius:4px;border-radius:4px}.ui-timepicker-hidden{display:none}.ui-timepicker-no-scrollbar .ui-timepicker{border:none}.select2-container{box-sizing:border-box;display:inline-block;margin:0;width:90%!important;position:relative;vertical-align:middle}.select2-container .select2-selection--single{box-sizing:border-box;cursor:pointer;display:block;height:28px;user-select:none;-webkit-user-select:none}.select2-container .select2-selection--single .select2-selection__rendered{display:block;padding-left:8px;padding-right:20px;overflow:hidden;text-overflow:ellipsis;white-space:nowrap}.select2-container .select2-selection--single .select2-selection__clear{position:relative}.select2-container[dir=rtl] .select2-selection--single .select2-selection__rendered{padding-right:8px;padding-left:20px}.select2-container .select2-selection--multiple{box-sizing:border-box;cursor:pointer;display:block;min-height:32px;user-select:none;-webkit-user-select:none}.select2-container .select2-selection--multiple .select2-selection__rendered{display:inline-block;overflow:hidden;padding-left:8px;text-overflow:ellipsis;white-space:nowrap}.select2-container .select2-search--inline{float:left}.select2-container .select2-search--inline .select2-search__field{box-sizing:border-box;border:none;font-size:100%;margin-top:5px;padding:0}.select2-container .select2-search--inline .select2-search__field::-webkit-search-cancel-button{-webkit-appearance:none}.select2-dropdown{background-color:#fff;border:1px solid #aaa;border-radius:4px;box-sizing:border-box;display:block;position:absolute;left:-100000px;width:100%;z-index:1051}.select2-results{display:block}.select2-results__options{list-style:none;margin:0;padding:0}.select2-results__option{padding:6px;user-select:none;-webkit-user-select:none}.select2-results__option[aria-selected]{cursor:pointer}.select2-container--open .select2-dropdown{left:0}.select2-container--open .select2-dropdown--above{border-bottom:none;border-bottom-left-radius:0;border-bottom-right-radius:0}.select2-container--open .select2-dropdown--below{border-top:none;border-top-left-radius:0;border-top-right-radius:0}.select2-search--dropdown{display:block;padding:4px}.select2-search--dropdown .select2-search__field{padding:4px;width:100%;box-sizing:border-box}.select2-search--dropdown .select2-search__field::-webkit-search-cancel-button{-webkit-appearance:none}.select2-search--dropdown.select2-search--hide{display:none}.select2-close-mask{border:0;margin:0;padding:0;display:block;position:fixed;left:0;top:0;min-height:100%;min-width:100%;height:auto;width:auto;opacity:0;z-index:99;background-color:#fff}.select2-hidden-accessible{border:0!important;clip:rect(0 0 0 0)!important;height:1px!important;margin:-1px!important;overflow:hidden!important;padding:0!important;position:absolute!important;width:1px!important}.select2-container--default .select2-selection--single{background-color:#fff;border:1px solid #aaa;border-radius:4px}.select2-container--default .select2-selection--single .select2-selection__rendered{color:#444;line-height:28px}.select2-container--default .select2-selection--single .select2-selection__clear{cursor:pointer;float:right;font-weight:700}.select2-container--default .select2-selection--single .select2-selection__placeholder{color:#999}.select2-container--default .select2-selection--single .select2-selection__arrow{height:26px;position:absolute;top:1px;right:1px;width:20px}.select2-container--default .select2-selection--single .select2-selection__arrow b{border-color:#888 transparent transparent transparent;border-style:solid;border-width:5px 4px 0 4px;height:0;left:50%;margin-left:-4px;margin-top:-2px;position:absolute;top:50%;width:0}.select2-container--default[dir=rtl] .select2-selection--single .select2-selection__clear{float:left}.select2-container--default[dir=rtl] .select2-selection--single .select2-selection__arrow{left:1px;right:auto}.select2-container--default.select2-container--disabled .select2-selection--single{background-color:#eee;cursor:default}.select2-container--default.select2-container--disabled .select2-selection--single .select2-selection__clear{display:none}.select2-container--default.select2-container--open .select2-selection--single .select2-selection__arrow b{border-color:transparent transparent #888 transparent;border-width:0 4px 5px 4px}.select2-container--default .select2-selection--multiple{background-color:#fff;border:1px solid #aaa;border-radius:4px;cursor:text}.select2-container--default .select2-selection--multiple .select2-selection__rendered{box-sizing:border-box;list-style:none;margin:0;padding:0 5px;width:100%}.select2-container--default .select2-selection--multiple .select2-selection__rendered li{list-style:none}.select2-container--default .select2-selection--multiple .select2-selection__placeholder{color:#999;margin-top:5px;float:left}.select2-container--default .select2-selection--multiple .select2-selection__clear{cursor:pointer;float:right;font-weight:700;margin-top:5px;margin-right:10px}.select2-container--default .select2-selection--multiple .select2-selection__choice{background-color:#e4e4e4;border:1px solid #aaa;border-radius:4px;cursor:default;float:left;margin-right:5px;margin-top:5px;padding:0 5px}.select2-container--default .select2-selection--multiple .select2-selection__choice__remove{color:#999;cursor:pointer;display:inline-block;font-weight:700;margin-right:2px}.select2-container--default .select2-selection--multiple .select2-selection__choice__remove:hover{color:#333}.select2-container--default[dir=rtl] .select2-selection--multiple .select2-search--inline,.select2-container--default[dir=rtl] .select2-selection--multiple .select2-selection__choice,.select2-container--default[dir=rtl] .select2-selection--multiple .select2-selection__placeholder{float:right}.select2-container--default[dir=rtl] .select2-selection--multiple .select2-selection__choice{margin-left:5px;margin-right:auto}.select2-container--default[dir=rtl] .select2-selection--multiple .select2-selection__choice__remove{margin-left:2px;margin-right:auto}.select2-container--default.select2-container--focus .select2-selection--multiple{border:solid #000 1px;outline:0}.select2-container--default.select2-container--disabled .select2-selection--multiple{background-color:#eee;cursor:default}.select2-container--default.select2-container--disabled .select2-selection__choice__remove{display:none}.select2-container--default.select2-container--open.select2-container--above .select2-selection--multiple,.select2-container--default.select2-container--open.select2-container--above .select2-selection--single{border-top-left-radius:0;border-top-right-radius:0}.select2-container--default.select2-container--open.select2-container--below .select2-selection--multiple,.select2-container--default.select2-container--open.select2-container--below .select2-selection--single{border-bottom-left-radius:0;border-bottom-right-radius:0}.select2-container--default .select2-search--dropdown .select2-search__field{border:1px solid #aaa}.select2-container--default .select2-search--inline .select2-search__field{background:0 0;border:none;outline:0;box-shadow:none;-webkit-appearance:textfield}.select2-container--default .select2-results>.select2-results__options{max-height:200px;overflow-y:auto}.select2-container--default .select2-results__option[role=group]{padding:0}.select2-container--default .select2-results__option[aria-disabled=true]{color:#999}.select2-container--default .select2-results__option[aria-selected=true]{background-color:#ddd}.select2-container--default .select2-results__option .select2-results__option{padding-left:1em}.select2-container--default .select2-results__option .select2-results__option .select2-results__group{padding-left:0}.select2-container--default .select2-results__option .select2-results__option .select2-results__option{margin-left:-1em;padding-left:2em}.select2-container--default .select2-results__option .select2-results__option .select2-results__option .select2-results__option{margin-left:-2em;padding-left:3em}.select2-container--default .select2-results__option .select2-results__option .select2-results__option .select2-results__option .select2-results__option{margin-left:-3em;padding-left:4em}.select2-container--default .select2-results__option .select2-results__option .select2-results__option .select2-results__option .select2-results__option .select2-results__option{margin-left:-4em;padding-left:5em}.select2-container--default .select2-results__option .select2-results__option .select2-results__option .select2-results__option .select2-results__option .select2-results__option .select2-results__option{margin-left:-5em;padding-left:6em}.select2-container--default .select2-results__option--highlighted[aria-selected]{background-color:#5897fb;color:#fff}.select2-container--default .select2-results__group{cursor:default;display:block;padding:6px}.select2-container--classic .select2-selection--single{background-color:#f7f7f7;border:1px solid #aaa;border-radius:4px;outline:0;background-image:-webkit-linear-gradient(top,#fff 50%,#eee 100%);background-image:-o-linear-gradient(top,#fff 50%,#eee 100%);background-image:linear-gradient(to bottom,#fff 50%,#eee 100%);background-repeat:repeat-x}.select2-container--classic .select2-selection--single:focus{border:1px solid #5897fb}.select2-container--classic .select2-selection--single .select2-selection__rendered{color:#444;line-height:28px}.select2-container--classic .select2-selection--single .select2-selection__clear{cursor:pointer;float:right;font-weight:700;margin-right:10px}.select2-container--classic .select2-selection--single .select2-selection__placeholder{color:#999}.select2-container--classic .select2-selection--single .select2-selection__arrow{background-color:#ddd;border:none;border-left:1px solid #aaa;border-top-right-radius:4px;border-bottom-right-radius:4px;height:26px;position:absolute;top:1px;right:1px;width:20px;background-image:-webkit-linear-gradient(top,#eee 50%,#ccc 100%);background-image:-o-linear-gradient(top,#eee 50%,#ccc 100%);background-image:linear-gradient(to bottom,#eee 50%,#ccc 100%);background-repeat:repeat-x}.select2-container--classic .select2-selection--single .select2-selection__arrow b{border-color:#888 transparent transparent transparent;border-style:solid;border-width:5px 4px 0 4px;height:0;left:50%;margin-left:-4px;margin-top:-2px;position:absolute;top:50%;width:0}.select2-container--classic[dir=rtl] .select2-selection--single .select2-selection__clear{float:left}.select2-container--classic[dir=rtl] .select2-selection--single .select2-selection__arrow{border:none;border-right:1px solid #aaa;border-radius:0;border-top-left-radius:4px;border-bottom-left-radius:4px;left:1px;right:auto}.select2-container--classic.select2-container--open .select2-selection--single{border:1px solid #5897fb}.select2-container--classic.select2-container--open .select2-selection--single .select2-selection__arrow{background:0 0;border:none}.select2-container--classic.select2-container--open .select2-selection--single .select2-selection__arrow b{border-color:transparent transparent #888 transparent;border-width:0 4px 5px 4px}.select2-container--classic.select2-container--open.select2-container--above .select2-selection--single{border-top:none;border-top-left-radius:0;border-top-right-radius:0;background-image:-webkit-linear-gradient(top,#fff 0,#eee 50%);background-image:-o-linear-gradient(top,#fff 0,#eee 50%);background-image:linear-gradient(to bottom,#fff 0,#eee 50%);background-repeat:repeat-x}.select2-container--classic.select2-container--open.select2-container--below .select2-selection--single{border-bottom:none;border-bottom-left-radius:0;border-bottom-right-radius:0;background-image:-webkit-linear-gradient(top,#eee 50%,#fff 100%);background-image:-o-linear-gradient(top,#eee 50%,#fff 100%);background-image:linear-gradient(to bottom,#eee 50%,#fff 100%);background-repeat:repeat-x}.select2-container--classic .select2-selection--multiple{background-color:#fff;border:1px solid #aaa;border-radius:4px;cursor:text;outline:0}.select2-container--classic .select2-selection--multiple:focus{border:1px solid #5897fb}.select2-container--classic .select2-selection--multiple .select2-selection__rendered{list-style:none;margin:0;padding:0 5px}.select2-container--classic .select2-selection--multiple .select2-selection__clear{display:none}.select2-container--classic .select2-selection--multiple .select2-selection__choice{background-color:#e4e4e4;border:1px solid #aaa;border-radius:4px;cursor:default;float:left;margin-right:5px;margin-top:5px;padding:0 5px}.select2-container--classic .select2-selection--multiple .select2-selection__choice__remove{color:#888;cursor:pointer;display:inline-block;font-weight:700;margin-right:2px}.select2-container--classic .select2-selection--multiple .select2-selection__choice__remove:hover{color:#555}.select2-container--classic[dir=rtl] .select2-selection--multiple .select2-selection__choice{float:right}.select2-container--classic[dir=rtl] .select2-selection--multiple .select2-selection__choice{margin-left:5px;margin-right:auto}.select2-container--classic[dir=rtl] .select2-selection--multiple .select2-selection__choice__remove{margin-left:2px;margin-right:auto}.select2-container--classic.select2-container--open .select2-selection--multiple{border:1px solid #5897fb}.select2-container--classic.select2-container--open.select2-container--above .select2-selection--multiple{border-top:none;border-top-left-radius:0;border-top-right-radius:0}.select2-container--classic.select2-container--open.select2-container--below .select2-selection--multiple{border-bottom:none;border-bottom-left-radius:0;border-bottom-right-radius:0}.select2-container--classic .select2-search--dropdown .select2-search__field{border:1px solid #aaa;outline:0}.select2-container--classic .select2-search--inline .select2-search__field{outline:0;box-shadow:none}.select2-container--classic .select2-dropdown{background-color:#fff;border:1px solid transparent}.select2-container--classic .select2-dropdown--above{border-bottom:none}.select2-container--classic .select2-dropdown--below{border-top:none}.select2-container--classic .select2-results>.select2-results__options{max-height:200px;overflow-y:auto}.select2-container--classic .select2-results__option[role=group]{padding:0}.select2-container--classic .select2-results__option[aria-disabled=true]{color:grey}.select2-container--classic .select2-results__option--highlighted[aria-selected]{background-color:#3875d7;color:#fff}.select2-container--classic .select2-results__group{cursor:default;display:block;padding:6px}.select2-container--classic.select2-container--open .select2-dropdown{border-color:#5897fb} \ No newline at end of file diff --git a/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/includes/css/images/flags16.png b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/includes/css/images/flags16.png new file mode 100644 index 0000000..1535827 Binary files /dev/null and b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/includes/css/images/flags16.png differ diff --git a/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/includes/css/images/ui-bg_flat_75_ffffff_40x100.png b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/includes/css/images/ui-bg_flat_75_ffffff_40x100.png new file mode 100644 index 0000000..ac8b229 Binary files /dev/null and b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/includes/css/images/ui-bg_flat_75_ffffff_40x100.png differ diff --git a/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/includes/css/images/ui-icons_222222_256x240.png b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/includes/css/images/ui-icons_222222_256x240.png new file mode 100644 index 0000000..e9c8e16 Binary files /dev/null and b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/includes/css/images/ui-icons_222222_256x240.png differ diff --git a/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/includes/css/images/ui-icons_2e83ff_256x240.png b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/includes/css/images/ui-icons_2e83ff_256x240.png new file mode 100644 index 0000000..f2bf838 Binary files /dev/null and b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/includes/css/images/ui-icons_2e83ff_256x240.png differ diff --git a/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/includes/css/images/ui-icons_444444_256x240.png b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/includes/css/images/ui-icons_444444_256x240.png new file mode 100644 index 0000000..e68e41a Binary files /dev/null and b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/includes/css/images/ui-icons_444444_256x240.png differ diff --git a/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/includes/css/images/ui-icons_454545_256x240.png b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/includes/css/images/ui-icons_454545_256x240.png new file mode 100644 index 0000000..d6169e8 Binary files /dev/null and b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/includes/css/images/ui-icons_454545_256x240.png differ diff --git a/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/includes/css/images/ui-icons_555555_256x240.png b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/includes/css/images/ui-icons_555555_256x240.png new file mode 100644 index 0000000..9afb53a Binary files /dev/null and b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/includes/css/images/ui-icons_555555_256x240.png differ diff --git a/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/includes/css/images/ui-icons_888888_256x240.png b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/includes/css/images/ui-icons_888888_256x240.png new file mode 100644 index 0000000..d3e6e02 Binary files /dev/null and b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/includes/css/images/ui-icons_888888_256x240.png differ diff --git a/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/includes/css/images/ui-icons_cd0a0a_256x240.png b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/includes/css/images/ui-icons_cd0a0a_256x240.png new file mode 100644 index 0000000..4937018 Binary files /dev/null and b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/includes/css/images/ui-icons_cd0a0a_256x240.png differ diff --git a/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/includes/css/images/window-close-regular.svg b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/includes/css/images/window-close-regular.svg new file mode 100644 index 0000000..93ff381 --- /dev/null +++ b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/includes/css/images/window-close-regular.svg @@ -0,0 +1 @@ + \ No newline at end of file diff --git a/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/includes/css/jquery-ui.css b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/includes/css/jquery-ui.css new file mode 100644 index 0000000..a22ecb0 --- /dev/null +++ b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/includes/css/jquery-ui.css @@ -0,0 +1,1311 @@ +/*! jQuery UI - v1.12.1 - 2016-09-14 +* http://jqueryui.com +* Includes: core.css, accordion.css, autocomplete.css, menu.css, button.css, controlgroup.css, checkboxradio.css, datepicker.css, dialog.css, draggable.css, resizable.css, progressbar.css, selectable.css, selectmenu.css, slider.css, sortable.css, spinner.css, tabs.css, tooltip.css, theme.css +* To view and modify this theme, visit http://jqueryui.com/themeroller/?ffDefault=Arial%2CHelvetica%2Csans-serif&fsDefault=1em&fwDefault=normal&cornerRadius=3px&bgColorHeader=e9e9e9&bgTextureHeader=flat&borderColorHeader=dddddd&fcHeader=333333&iconColorHeader=444444&bgColorContent=ffffff&bgTextureContent=flat&borderColorContent=dddddd&fcContent=333333&iconColorContent=444444&bgColorDefault=f6f6f6&bgTextureDefault=flat&borderColorDefault=c5c5c5&fcDefault=454545&iconColorDefault=777777&bgColorHover=ededed&bgTextureHover=flat&borderColorHover=cccccc&fcHover=2b2b2b&iconColorHover=555555&bgColorActive=007fff&bgTextureActive=flat&borderColorActive=003eff&fcActive=ffffff&iconColorActive=ffffff&bgColorHighlight=fffa90&bgTextureHighlight=flat&borderColorHighlight=dad55e&fcHighlight=777620&iconColorHighlight=777620&bgColorError=fddfdf&bgTextureError=flat&borderColorError=f1a899&fcError=5f3f3f&iconColorError=cc0000&bgColorOverlay=aaaaaa&bgTextureOverlay=flat&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=666666&bgTextureShadow=flat&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=5px&offsetTopShadow=0px&offsetLeftShadow=0px&cornerRadiusShadow=8px +* Copyright jQuery Foundation and other contributors; Licensed MIT */ + +/* Layout helpers +----------------------------------*/ +.ui-helper-hidden { + display: none; +} +.ui-helper-hidden-accessible { + border: 0; + clip: rect(0 0 0 0); + height: 1px; + margin: -1px; + overflow: hidden; + padding: 0; + position: absolute; + width: 1px; +} +.ui-helper-reset { + margin: 0; + padding: 0; + border: 0; + outline: 0; + line-height: 1.3; + text-decoration: none; + font-size: 100%; + list-style: none; +} +.ui-helper-clearfix:before, +.ui-helper-clearfix:after { + content: ""; + display: table; + border-collapse: collapse; +} +.ui-helper-clearfix:after { + clear: both; +} +.ui-helper-zfix { + width: 100%; + height: 100%; + top: 0; + left: 0; + position: absolute; + opacity: 0; + filter:Alpha(Opacity=0); /* support: IE8 */ +} + +.ui-front { + z-index: 100; +} + + +/* Interaction Cues +----------------------------------*/ +.ui-state-disabled { + cursor: default !important; + pointer-events: none; +} + + +/* Icons +----------------------------------*/ +.ui-icon { + display: inline-block; + vertical-align: middle; + margin-top: -.25em; + position: relative; + text-indent: -99999px; + overflow: hidden; + background-repeat: no-repeat; +} + +.ui-widget-icon-block { + left: 50%; + margin-left: -8px; + display: block; +} + +/* Misc visuals +----------------------------------*/ + +/* Overlays */ +.ui-widget-overlay { + position: fixed; + top: 0; + left: 0; + width: 100%; + height: 100%; +} +.ui-accordion .ui-accordion-header { + display: block; + cursor: pointer; + position: relative; + margin: 2px 0 0 0; + padding: .5em .5em .5em .7em; + font-size: 100%; +} +.ui-accordion .ui-accordion-content { + padding: 1em 2.2em; + border-top: 0; + overflow: auto; +} +.ui-autocomplete { + position: absolute; + top: 0; + left: 0; + cursor: default; +} +.ui-menu { + list-style: none; + padding: 0; + margin: 0; + display: block; + outline: 0; +} +.ui-menu .ui-menu { + position: absolute; +} +.ui-menu .ui-menu-item { + margin: 0; + cursor: pointer; + /* support: IE10, see #8844 */ + list-style-image: url("data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7"); +} +.ui-menu .ui-menu-item-wrapper { + position: relative; + padding: 3px 1em 3px .4em; +} +.ui-menu .ui-menu-divider { + margin: 5px 0; + height: 0; + font-size: 0; + line-height: 0; + border-width: 1px 0 0 0; +} +.ui-menu .ui-state-focus, +.ui-menu .ui-state-active { + margin: -1px; +} + +/* icon support */ +.ui-menu-icons { + position: relative; +} +.ui-menu-icons .ui-menu-item-wrapper { + padding-left: 2em; +} + +/* left-aligned */ +.ui-menu .ui-icon { + position: absolute; + top: 0; + bottom: 0; + left: .2em; + margin: auto 0; +} + +/* right-aligned */ +.ui-menu .ui-menu-icon { + left: auto; + right: 0; +} +.ui-button { + padding: .4em 1em; + display: inline-block; + position: relative; + line-height: normal; + margin-right: .1em; + cursor: pointer; + vertical-align: middle; + text-align: center; + -webkit-user-select: none; + -moz-user-select: none; + -ms-user-select: none; + user-select: none; + + /* Support: IE <= 11 */ + overflow: visible; +} + +.ui-button, +.ui-button:link, +.ui-button:visited, +.ui-button:hover, +.ui-button:active { + text-decoration: none; +} + +/* to make room for the icon, a width needs to be set here */ +.ui-button-icon-only { + width: 2em; + box-sizing: border-box; + text-indent: -9999px; + white-space: nowrap; +} + +/* no icon support for input elements */ +input.ui-button.ui-button-icon-only { + text-indent: 0; +} + +/* button icon element(s) */ +.ui-button-icon-only .ui-icon { + position: absolute; + top: 50%; + left: 50%; + margin-top: -8px; + margin-left: -8px; +} + +.ui-button.ui-icon-notext .ui-icon { + padding: 0; + width: 2.1em; + height: 2.1em; + text-indent: -9999px; + white-space: nowrap; + +} + +input.ui-button.ui-icon-notext .ui-icon { + width: auto; + height: auto; + text-indent: 0; + white-space: normal; + padding: .4em 1em; +} + +/* workarounds */ +/* Support: Firefox 5 - 40 */ +input.ui-button::-moz-focus-inner, +button.ui-button::-moz-focus-inner { + border: 0; + padding: 0; +} +.ui-controlgroup { + vertical-align: middle; + display: inline-block; +} +.ui-controlgroup > .ui-controlgroup-item { + float: left; + margin-left: 0; + margin-right: 0; +} +.ui-controlgroup > .ui-controlgroup-item:focus, +.ui-controlgroup > .ui-controlgroup-item.ui-visual-focus { + z-index: 9999; +} +.ui-controlgroup-vertical > .ui-controlgroup-item { + display: block; + float: none; + width: 100%; + margin-top: 0; + margin-bottom: 0; + text-align: left; +} +.ui-controlgroup-vertical .ui-controlgroup-item { + box-sizing: border-box; +} +.ui-controlgroup .ui-controlgroup-label { + padding: .4em 1em; +} +.ui-controlgroup .ui-controlgroup-label span { + font-size: 80%; +} +.ui-controlgroup-horizontal .ui-controlgroup-label + .ui-controlgroup-item { + border-left: none; +} +.ui-controlgroup-vertical .ui-controlgroup-label + .ui-controlgroup-item { + border-top: none; +} +.ui-controlgroup-horizontal .ui-controlgroup-label.ui-widget-content { + border-right: none; +} +.ui-controlgroup-vertical .ui-controlgroup-label.ui-widget-content { + border-bottom: none; +} + +/* Spinner specific style fixes */ +.ui-controlgroup-vertical .ui-spinner-input { + + /* Support: IE8 only, Android < 4.4 only */ + width: 75%; + width: calc( 100% - 2.4em ); +} +.ui-controlgroup-vertical .ui-spinner .ui-spinner-up { + border-top-style: solid; +} + +.ui-checkboxradio-label .ui-icon-background { + box-shadow: inset 1px 1px 1px #ccc; + border-radius: .12em; + border: none; +} +.ui-checkboxradio-radio-label .ui-icon-background { + width: 16px; + height: 16px; + border-radius: 1em; + overflow: visible; + border: none; +} +.ui-checkboxradio-radio-label.ui-checkboxradio-checked .ui-icon, +.ui-checkboxradio-radio-label.ui-checkboxradio-checked:hover .ui-icon { + background-image: none; + width: 8px; + height: 8px; + border-width: 4px; + border-style: solid; +} +.ui-checkboxradio-disabled { + pointer-events: none; +} +.ui-datepicker { + width: 17em; + padding: .2em .2em 0; + display: none; +} +.ui-datepicker .ui-datepicker-header { + position: relative; + padding: .2em 0; +} +.ui-datepicker .ui-datepicker-prev, +.ui-datepicker .ui-datepicker-next { + position: absolute; + top: 2px; + width: 1.8em; + height: 1.8em; +} +.ui-datepicker .ui-datepicker-prev-hover, +.ui-datepicker .ui-datepicker-next-hover { + top: 1px; +} +.ui-datepicker .ui-datepicker-prev { + left: 2px; +} +.ui-datepicker .ui-datepicker-next { + right: 2px; +} +.ui-datepicker .ui-datepicker-prev-hover { + left: 1px; +} +.ui-datepicker .ui-datepicker-next-hover { + right: 1px; +} +.ui-datepicker .ui-datepicker-prev span, +.ui-datepicker .ui-datepicker-next span { + display: block; + position: absolute; + left: 50%; + margin-left: -8px; + top: 50%; + margin-top: -8px; +} +.ui-datepicker .ui-datepicker-title { + margin: 0 2.3em; + line-height: 1.8em; + text-align: center; +} +.ui-datepicker .ui-datepicker-title select { + font-size: 1em; + margin: 1px 0; +} +.ui-datepicker select.ui-datepicker-month, +.ui-datepicker select.ui-datepicker-year { + width: 45%; +} +.ui-datepicker table { + width: 100%; + font-size: .9em; + border-collapse: collapse; + margin: 0 0 .4em; +} +.ui-datepicker th { + padding: .7em .3em; + text-align: center; + font-weight: bold; + border: 0; +} +.ui-datepicker td { + border: 0; + padding: 1px; +} +.ui-datepicker td span, +.ui-datepicker td a { + display: block; + padding: .2em; + text-align: right; + text-decoration: none; +} +.ui-datepicker .ui-datepicker-buttonpane { + background-image: none; + margin: .7em 0 0 0; + padding: 0 .2em; + border-left: 0; + border-right: 0; + border-bottom: 0; +} +.ui-datepicker .ui-datepicker-buttonpane button { + float: right; + margin: .5em .2em .4em; + cursor: pointer; + padding: .2em .6em .3em .6em; + width: auto; + overflow: visible; +} +.ui-datepicker .ui-datepicker-buttonpane button.ui-datepicker-current { + float: left; +} + +/* with multiple calendars */ +.ui-datepicker.ui-datepicker-multi { + width: auto; +} +.ui-datepicker-multi .ui-datepicker-group { + float: left; +} +.ui-datepicker-multi .ui-datepicker-group table { + width: 95%; + margin: 0 auto .4em; +} +.ui-datepicker-multi-2 .ui-datepicker-group { + width: 50%; +} +.ui-datepicker-multi-3 .ui-datepicker-group { + width: 33.3%; +} +.ui-datepicker-multi-4 .ui-datepicker-group { + width: 25%; +} +.ui-datepicker-multi .ui-datepicker-group-last .ui-datepicker-header, +.ui-datepicker-multi .ui-datepicker-group-middle .ui-datepicker-header { + border-left-width: 0; +} +.ui-datepicker-multi .ui-datepicker-buttonpane { + clear: left; +} +.ui-datepicker-row-break { + clear: both; + width: 100%; + font-size: 0; +} + +/* RTL support */ +.ui-datepicker-rtl { + direction: rtl; +} +.ui-datepicker-rtl .ui-datepicker-prev { + right: 2px; + left: auto; +} +.ui-datepicker-rtl .ui-datepicker-next { + left: 2px; + right: auto; +} +.ui-datepicker-rtl .ui-datepicker-prev:hover { + right: 1px; + left: auto; +} +.ui-datepicker-rtl .ui-datepicker-next:hover { + left: 1px; + right: auto; +} +.ui-datepicker-rtl .ui-datepicker-buttonpane { + clear: right; +} +.ui-datepicker-rtl .ui-datepicker-buttonpane button { + float: left; +} +.ui-datepicker-rtl .ui-datepicker-buttonpane button.ui-datepicker-current, +.ui-datepicker-rtl .ui-datepicker-group { + float: right; +} +.ui-datepicker-rtl .ui-datepicker-group-last .ui-datepicker-header, +.ui-datepicker-rtl .ui-datepicker-group-middle .ui-datepicker-header { + border-right-width: 0; + border-left-width: 1px; +} + +/* Icons */ +.ui-datepicker .ui-icon { + display: block; + text-indent: -99999px; + overflow: hidden; + background-repeat: no-repeat; + left: .5em; + top: .3em; +} +.ui-dialog { + position: absolute; + top: 0; + left: 0; + padding: .2em; + outline: 0; +} +.ui-dialog .ui-dialog-titlebar { + padding: .4em 1em; + position: relative; +} +.ui-dialog .ui-dialog-title { + float: left; + margin: .1em 0; + white-space: nowrap; + width: 90%; + overflow: hidden; + text-overflow: ellipsis; +} +.ui-dialog .ui-dialog-titlebar-close { + position: absolute; + right: .3em; + top: 50%; + width: 20px; + margin: -10px 0 0 0; + padding: 1px; + height: 20px; +} +.ui-dialog .ui-dialog-content { + position: relative; + border: 0; + padding: .5em 1em; + background: none; + overflow: auto; +} +.ui-dialog .ui-dialog-buttonpane { + text-align: left; + border-width: 1px 0 0 0; + background-image: none; + margin-top: .5em; + padding: .3em 1em .5em .4em; +} +.ui-dialog .ui-dialog-buttonpane .ui-dialog-buttonset { + float: right; +} +.ui-dialog .ui-dialog-buttonpane button { + margin: .5em .4em .5em 0; + cursor: pointer; +} +.ui-dialog .ui-resizable-n { + height: 2px; + top: 0; +} +.ui-dialog .ui-resizable-e { + width: 2px; + right: 0; +} +.ui-dialog .ui-resizable-s { + height: 2px; + bottom: 0; +} +.ui-dialog .ui-resizable-w { + width: 2px; + left: 0; +} +.ui-dialog .ui-resizable-se, +.ui-dialog .ui-resizable-sw, +.ui-dialog .ui-resizable-ne, +.ui-dialog .ui-resizable-nw { + width: 7px; + height: 7px; +} +.ui-dialog .ui-resizable-se { + right: 0; + bottom: 0; +} +.ui-dialog .ui-resizable-sw { + left: 0; + bottom: 0; +} +.ui-dialog .ui-resizable-ne { + right: 0; + top: 0; +} +.ui-dialog .ui-resizable-nw { + left: 0; + top: 0; +} +.ui-draggable .ui-dialog-titlebar { + cursor: move; +} +.ui-draggable-handle { + -ms-touch-action: none; + touch-action: none; +} +.ui-resizable { + position: relative; +} +.ui-resizable-handle { + position: absolute; + font-size: 0.1px; + display: block; + -ms-touch-action: none; + touch-action: none; +} +.ui-resizable-disabled .ui-resizable-handle, +.ui-resizable-autohide .ui-resizable-handle { + display: none; +} +.ui-resizable-n { + cursor: n-resize; + height: 7px; + width: 100%; + top: -5px; + left: 0; +} +.ui-resizable-s { + cursor: s-resize; + height: 7px; + width: 100%; + bottom: -5px; + left: 0; +} +.ui-resizable-e { + cursor: e-resize; + width: 7px; + right: -5px; + top: 0; + height: 100%; +} +.ui-resizable-w { + cursor: w-resize; + width: 7px; + left: -5px; + top: 0; + height: 100%; +} +.ui-resizable-se { + cursor: se-resize; + width: 12px; + height: 12px; + right: 1px; + bottom: 1px; +} +.ui-resizable-sw { + cursor: sw-resize; + width: 9px; + height: 9px; + left: -5px; + bottom: -5px; +} +.ui-resizable-nw { + cursor: nw-resize; + width: 9px; + height: 9px; + left: -5px; + top: -5px; +} +.ui-resizable-ne { + cursor: ne-resize; + width: 9px; + height: 9px; + right: -5px; + top: -5px; +} +.ui-progressbar { + height: 2em; + text-align: left; + overflow: hidden; +} +.ui-progressbar .ui-progressbar-value { + margin: -1px; + height: 100%; +} +.ui-progressbar .ui-progressbar-overlay { + background: url("data:image/gif;base64,R0lGODlhKAAoAIABAAAAAP///yH/C05FVFNDQVBFMi4wAwEAAAAh+QQJAQABACwAAAAAKAAoAAACkYwNqXrdC52DS06a7MFZI+4FHBCKoDeWKXqymPqGqxvJrXZbMx7Ttc+w9XgU2FB3lOyQRWET2IFGiU9m1frDVpxZZc6bfHwv4c1YXP6k1Vdy292Fb6UkuvFtXpvWSzA+HycXJHUXiGYIiMg2R6W459gnWGfHNdjIqDWVqemH2ekpObkpOlppWUqZiqr6edqqWQAAIfkECQEAAQAsAAAAACgAKAAAApSMgZnGfaqcg1E2uuzDmmHUBR8Qil95hiPKqWn3aqtLsS18y7G1SzNeowWBENtQd+T1JktP05nzPTdJZlR6vUxNWWjV+vUWhWNkWFwxl9VpZRedYcflIOLafaa28XdsH/ynlcc1uPVDZxQIR0K25+cICCmoqCe5mGhZOfeYSUh5yJcJyrkZWWpaR8doJ2o4NYq62lAAACH5BAkBAAEALAAAAAAoACgAAAKVDI4Yy22ZnINRNqosw0Bv7i1gyHUkFj7oSaWlu3ovC8GxNso5fluz3qLVhBVeT/Lz7ZTHyxL5dDalQWPVOsQWtRnuwXaFTj9jVVh8pma9JjZ4zYSj5ZOyma7uuolffh+IR5aW97cHuBUXKGKXlKjn+DiHWMcYJah4N0lYCMlJOXipGRr5qdgoSTrqWSq6WFl2ypoaUAAAIfkECQEAAQAsAAAAACgAKAAAApaEb6HLgd/iO7FNWtcFWe+ufODGjRfoiJ2akShbueb0wtI50zm02pbvwfWEMWBQ1zKGlLIhskiEPm9R6vRXxV4ZzWT2yHOGpWMyorblKlNp8HmHEb/lCXjcW7bmtXP8Xt229OVWR1fod2eWqNfHuMjXCPkIGNileOiImVmCOEmoSfn3yXlJWmoHGhqp6ilYuWYpmTqKUgAAIfkECQEAAQAsAAAAACgAKAAAApiEH6kb58biQ3FNWtMFWW3eNVcojuFGfqnZqSebuS06w5V80/X02pKe8zFwP6EFWOT1lDFk8rGERh1TTNOocQ61Hm4Xm2VexUHpzjymViHrFbiELsefVrn6XKfnt2Q9G/+Xdie499XHd2g4h7ioOGhXGJboGAnXSBnoBwKYyfioubZJ2Hn0RuRZaflZOil56Zp6iioKSXpUAAAh+QQJAQABACwAAAAAKAAoAAACkoQRqRvnxuI7kU1a1UU5bd5tnSeOZXhmn5lWK3qNTWvRdQxP8qvaC+/yaYQzXO7BMvaUEmJRd3TsiMAgswmNYrSgZdYrTX6tSHGZO73ezuAw2uxuQ+BbeZfMxsexY35+/Qe4J1inV0g4x3WHuMhIl2jXOKT2Q+VU5fgoSUI52VfZyfkJGkha6jmY+aaYdirq+lQAACH5BAkBAAEALAAAAAAoACgAAAKWBIKpYe0L3YNKToqswUlvznigd4wiR4KhZrKt9Upqip61i9E3vMvxRdHlbEFiEXfk9YARYxOZZD6VQ2pUunBmtRXo1Lf8hMVVcNl8JafV38aM2/Fu5V16Bn63r6xt97j09+MXSFi4BniGFae3hzbH9+hYBzkpuUh5aZmHuanZOZgIuvbGiNeomCnaxxap2upaCZsq+1kAACH5BAkBAAEALAAAAAAoACgAAAKXjI8By5zf4kOxTVrXNVlv1X0d8IGZGKLnNpYtm8Lr9cqVeuOSvfOW79D9aDHizNhDJidFZhNydEahOaDH6nomtJjp1tutKoNWkvA6JqfRVLHU/QUfau9l2x7G54d1fl995xcIGAdXqMfBNadoYrhH+Mg2KBlpVpbluCiXmMnZ2Sh4GBqJ+ckIOqqJ6LmKSllZmsoq6wpQAAAh+QQJAQABACwAAAAAKAAoAAAClYx/oLvoxuJDkU1a1YUZbJ59nSd2ZXhWqbRa2/gF8Gu2DY3iqs7yrq+xBYEkYvFSM8aSSObE+ZgRl1BHFZNr7pRCavZ5BW2142hY3AN/zWtsmf12p9XxxFl2lpLn1rseztfXZjdIWIf2s5dItwjYKBgo9yg5pHgzJXTEeGlZuenpyPmpGQoKOWkYmSpaSnqKileI2FAAACH5BAkBAAEALAAAAAAoACgAAAKVjB+gu+jG4kORTVrVhRlsnn2dJ3ZleFaptFrb+CXmO9OozeL5VfP99HvAWhpiUdcwkpBH3825AwYdU8xTqlLGhtCosArKMpvfa1mMRae9VvWZfeB2XfPkeLmm18lUcBj+p5dnN8jXZ3YIGEhYuOUn45aoCDkp16hl5IjYJvjWKcnoGQpqyPlpOhr3aElaqrq56Bq7VAAAOw=="); + height: 100%; + filter: alpha(opacity=25); /* support: IE8 */ + opacity: 0.25; +} +.ui-progressbar-indeterminate .ui-progressbar-value { + background-image: none; +} +.ui-selectable { + -ms-touch-action: none; + touch-action: none; +} +.ui-selectable-helper { + position: absolute; + z-index: 100; + border: 1px dotted black; +} +.ui-selectmenu-menu { + padding: 0; + margin: 0; + position: absolute; + top: 0; + left: 0; + display: none; +} +.ui-selectmenu-menu .ui-menu { + overflow: auto; + overflow-x: hidden; + padding-bottom: 1px; +} +.ui-selectmenu-menu .ui-menu .ui-selectmenu-optgroup { + font-size: 1em; + font-weight: bold; + line-height: 1.5; + padding: 2px 0.4em; + margin: 0.5em 0 0 0; + height: auto; + border: 0; +} +.ui-selectmenu-open { + display: block; +} +.ui-selectmenu-text { + display: block; + margin-right: 20px; + overflow: hidden; + text-overflow: ellipsis; +} +.ui-selectmenu-button.ui-button { + text-align: left; + white-space: nowrap; + width: 14em; +} +.ui-selectmenu-icon.ui-icon { + float: right; + margin-top: 0; +} +.ui-slider { + position: relative; + text-align: left; +} +.ui-slider .ui-slider-handle { + position: absolute; + z-index: 2; + width: 1.2em; + height: 1.2em; + cursor: default; + -ms-touch-action: none; + touch-action: none; +} +.ui-slider .ui-slider-range { + position: absolute; + z-index: 1; + font-size: .7em; + display: block; + border: 0; + background-position: 0 0; +} + +/* support: IE8 - See #6727 */ +.ui-slider.ui-state-disabled .ui-slider-handle, +.ui-slider.ui-state-disabled .ui-slider-range { + filter: inherit; +} + +.ui-slider-horizontal { + height: .8em; +} +.ui-slider-horizontal .ui-slider-handle { + top: -.3em; + margin-left: -.6em; +} +.ui-slider-horizontal .ui-slider-range { + top: 0; + height: 100%; +} +.ui-slider-horizontal .ui-slider-range-min { + left: 0; +} +.ui-slider-horizontal .ui-slider-range-max { + right: 0; +} + +.ui-slider-vertical { + width: .8em; + height: 100px; +} +.ui-slider-vertical .ui-slider-handle { + left: -.3em; + margin-left: 0; + margin-bottom: -.6em; +} +.ui-slider-vertical .ui-slider-range { + left: 0; + width: 100%; +} +.ui-slider-vertical .ui-slider-range-min { + bottom: 0; +} +.ui-slider-vertical .ui-slider-range-max { + top: 0; +} +.ui-sortable-handle { + -ms-touch-action: none; + touch-action: none; +} +.ui-spinner { + position: relative; + display: inline-block; + overflow: hidden; + padding: 0; + vertical-align: middle; +} +.ui-spinner-input { + border: none; + background: none; + color: inherit; + padding: .222em 0; + margin: .2em 0; + vertical-align: middle; + margin-left: .4em; + margin-right: 2em; +} +.ui-spinner-button { + width: 1.6em; + height: 50%; + font-size: .5em; + padding: 0; + margin: 0; + text-align: center; + position: absolute; + cursor: default; + display: block; + overflow: hidden; + right: 0; +} +/* more specificity required here to override default borders */ +.ui-spinner a.ui-spinner-button { + border-top-style: none; + border-bottom-style: none; + border-right-style: none; +} +.ui-spinner-up { + top: 0; +} +.ui-spinner-down { + bottom: 0; +} +.ui-tabs { + position: relative;/* position: relative prevents IE scroll bug (element with position: relative inside container with overflow: auto appear as "fixed") */ + padding: .2em; +} +.ui-tabs .ui-tabs-nav { + margin: 0; + padding: .2em .2em 0; +} +.ui-tabs .ui-tabs-nav li { + list-style: none; + float: left; + position: relative; + top: 0; + margin: 1px .2em 0 0; + border-bottom-width: 0; + padding: 0; + white-space: nowrap; +} +.ui-tabs .ui-tabs-nav .ui-tabs-anchor { + float: left; + padding: .5em 1em; + text-decoration: none; +} +.ui-tabs .ui-tabs-nav li.ui-tabs-active { + margin-bottom: -1px; + padding-bottom: 1px; +} +.ui-tabs .ui-tabs-nav li.ui-tabs-active .ui-tabs-anchor, +.ui-tabs .ui-tabs-nav li.ui-state-disabled .ui-tabs-anchor, +.ui-tabs .ui-tabs-nav li.ui-tabs-loading .ui-tabs-anchor { + cursor: text; +} +.ui-tabs-collapsible .ui-tabs-nav li.ui-tabs-active .ui-tabs-anchor { + cursor: pointer; +} +.ui-tabs .ui-tabs-panel { + display: block; + border-width: 0; + padding: 1em 1.4em; + background: none; +} +.ui-tooltip { + padding: 8px; + position: absolute; + z-index: 9999; + max-width: 300px; +} +body .ui-tooltip { + border-width: 2px; +} +/* Component containers +----------------------------------*/ +.ui-widget { + font-family: Arial,Helvetica,sans-serif; + font-size: 1em; +} +.ui-widget .ui-widget { + font-size: 1em; +} +.ui-widget input, +.ui-widget select, +.ui-widget textarea, +.ui-widget button { + font-family: Arial,Helvetica,sans-serif; + font-size: 1em; +} +.ui-widget.ui-widget-content { + border: 1px solid #c5c5c5; +} +.ui-widget-content { + border: 1px solid #dddddd; + background: #ffffff; + color: #333333; +} +.ui-widget-content a { + color: #333333; +} +.ui-widget-header { + border: 1px solid #dddddd; + background: #e9e9e9; + color: #333333; + font-weight: bold; +} +.ui-widget-header a { + color: #333333; +} + +/* Interaction states +----------------------------------*/ +.ui-state-default, +.ui-widget-content .ui-state-default, +.ui-widget-header .ui-state-default, +.ui-button, + +/* We use html here because we need a greater specificity to make sure disabled +works properly when clicked or hovered */ +html .ui-button.ui-state-disabled:hover, +html .ui-button.ui-state-disabled:active { + border: 1px solid #c5c5c5; + background: #f6f6f6; + font-weight: normal; + color: #454545; +} +.ui-state-default a, +.ui-state-default a:link, +.ui-state-default a:visited, +a.ui-button, +a:link.ui-button, +a:visited.ui-button, +.ui-button { + color: #454545; + text-decoration: none; +} +.ui-state-hover, +.ui-widget-content .ui-state-hover, +.ui-widget-header .ui-state-hover, +.ui-state-focus, +.ui-widget-content .ui-state-focus, +.ui-widget-header .ui-state-focus, +.ui-button:hover, +.ui-button:focus { + border: 1px solid #cccccc; + background: #ededed; + font-weight: normal; + color: #2b2b2b; +} +.ui-state-hover a, +.ui-state-hover a:hover, +.ui-state-hover a:link, +.ui-state-hover a:visited, +.ui-state-focus a, +.ui-state-focus a:hover, +.ui-state-focus a:link, +.ui-state-focus a:visited, +a.ui-button:hover, +a.ui-button:focus { + color: #2b2b2b; + text-decoration: none; +} + +.ui-visual-focus { + box-shadow: 0 0 3px 1px rgb(94, 158, 214); +} +.ui-state-active, +.ui-widget-content .ui-state-active, +.ui-widget-header .ui-state-active, +a.ui-button:active, +.ui-button:active, +.ui-button.ui-state-active:hover { + border: 1px solid #003eff; + background: #007fff; + font-weight: normal; + color: #ffffff; +} +.ui-icon-background, +.ui-state-active .ui-icon-background { + border: #003eff; + background-color: #ffffff; +} +.ui-state-active a, +.ui-state-active a:link, +.ui-state-active a:visited { + color: #ffffff; + text-decoration: none; +} + +/* Interaction Cues +----------------------------------*/ +.ui-state-highlight, +.ui-widget-content .ui-state-highlight, +.ui-widget-header .ui-state-highlight { + border: 1px solid #dad55e; + background: #fffa90; + color: #777620; +} +.ui-state-checked { + border: 1px solid #dad55e; + background: #fffa90; +} +.ui-state-highlight a, +.ui-widget-content .ui-state-highlight a, +.ui-widget-header .ui-state-highlight a { + color: #777620; +} +.ui-state-error, +.ui-widget-content .ui-state-error, +.ui-widget-header .ui-state-error { + border: 1px solid #f1a899; + background: #fddfdf; + color: #5f3f3f; +} +.ui-state-error a, +.ui-widget-content .ui-state-error a, +.ui-widget-header .ui-state-error a { + color: #5f3f3f; +} +.ui-state-error-text, +.ui-widget-content .ui-state-error-text, +.ui-widget-header .ui-state-error-text { + color: #5f3f3f; +} +.ui-priority-primary, +.ui-widget-content .ui-priority-primary, +.ui-widget-header .ui-priority-primary { + font-weight: bold; +} +.ui-priority-secondary, +.ui-widget-content .ui-priority-secondary, +.ui-widget-header .ui-priority-secondary { + opacity: .7; + filter:Alpha(Opacity=70); /* support: IE8 */ + font-weight: normal; +} +.ui-state-disabled, +.ui-widget-content .ui-state-disabled, +.ui-widget-header .ui-state-disabled { + opacity: .35; + filter:Alpha(Opacity=35); /* support: IE8 */ + background-image: none; +} +.ui-state-disabled .ui-icon { + filter:Alpha(Opacity=35); /* support: IE8 - See #6059 */ +} + +/* Icons +----------------------------------*/ + +/* states and images */ +.ui-icon { + width: 16px; + height: 16px; +} +.ui-icon, +.ui-widget-content .ui-icon { + background-image: url("images/ui-icons_444444_256x240.png"); +} +.ui-widget-header .ui-icon { + background-image: url("images/ui-icons_444444_256x240.png"); +} +.ui-state-hover .ui-icon, +.ui-state-focus .ui-icon, +.ui-button:hover .ui-icon, +.ui-button:focus .ui-icon { + background-image: url("images/ui-icons_555555_256x240.png"); +} +.ui-state-active .ui-icon, +.ui-button:active .ui-icon { + background-image: url("images/ui-icons_ffffff_256x240.png"); +} +.ui-state-highlight .ui-icon, +.ui-button .ui-state-highlight.ui-icon { + background-image: url("images/ui-icons_777620_256x240.png"); +} +.ui-state-error .ui-icon, +.ui-state-error-text .ui-icon { + background-image: url("images/ui-icons_cc0000_256x240.png"); +} +.ui-button .ui-icon { + background-image: url("images/ui-icons_777777_256x240.png"); +} + +/* positioning */ +.ui-icon-blank { background-position: 16px 16px; } +.ui-icon-caret-1-n { background-position: 0 0; } +.ui-icon-caret-1-ne { background-position: -16px 0; } +.ui-icon-caret-1-e { background-position: -32px 0; } +.ui-icon-caret-1-se { background-position: -48px 0; } +.ui-icon-caret-1-s { background-position: -65px 0; } +.ui-icon-caret-1-sw { background-position: -80px 0; } +.ui-icon-caret-1-w { background-position: -96px 0; } +.ui-icon-caret-1-nw { background-position: -112px 0; } +.ui-icon-caret-2-n-s { background-position: -128px 0; } +.ui-icon-caret-2-e-w { background-position: -144px 0; } +.ui-icon-triangle-1-n { background-position: 0 -16px; } +.ui-icon-triangle-1-ne { background-position: -16px -16px; } +.ui-icon-triangle-1-e { background-position: -32px -16px; } +.ui-icon-triangle-1-se { background-position: -48px -16px; } +.ui-icon-triangle-1-s { background-position: -65px -16px; } +.ui-icon-triangle-1-sw { background-position: -80px -16px; } +.ui-icon-triangle-1-w { background-position: -96px -16px; } +.ui-icon-triangle-1-nw { background-position: -112px -16px; } +.ui-icon-triangle-2-n-s { background-position: -128px -16px; } +.ui-icon-triangle-2-e-w { background-position: -144px -16px; } +.ui-icon-arrow-1-n { background-position: 0 -32px; } +.ui-icon-arrow-1-ne { background-position: -16px -32px; } +.ui-icon-arrow-1-e { background-position: -32px -32px; } +.ui-icon-arrow-1-se { background-position: -48px -32px; } +.ui-icon-arrow-1-s { background-position: -65px -32px; } +.ui-icon-arrow-1-sw { background-position: -80px -32px; } +.ui-icon-arrow-1-w { background-position: -96px -32px; } +.ui-icon-arrow-1-nw { background-position: -112px -32px; } +.ui-icon-arrow-2-n-s { background-position: -128px -32px; } +.ui-icon-arrow-2-ne-sw { background-position: -144px -32px; } +.ui-icon-arrow-2-e-w { background-position: -160px -32px; } +.ui-icon-arrow-2-se-nw { background-position: -176px -32px; } +.ui-icon-arrowstop-1-n { background-position: -192px -32px; } +.ui-icon-arrowstop-1-e { background-position: -208px -32px; } +.ui-icon-arrowstop-1-s { background-position: -224px -32px; } +.ui-icon-arrowstop-1-w { background-position: -240px -32px; } +.ui-icon-arrowthick-1-n { background-position: 1px -48px; } +.ui-icon-arrowthick-1-ne { background-position: -16px -48px; } +.ui-icon-arrowthick-1-e { background-position: -32px -48px; } +.ui-icon-arrowthick-1-se { background-position: -48px -48px; } +.ui-icon-arrowthick-1-s { background-position: -64px -48px; } +.ui-icon-arrowthick-1-sw { background-position: -80px -48px; } +.ui-icon-arrowthick-1-w { background-position: -96px -48px; } +.ui-icon-arrowthick-1-nw { background-position: -112px -48px; } +.ui-icon-arrowthick-2-n-s { background-position: -128px -48px; } +.ui-icon-arrowthick-2-ne-sw { background-position: -144px -48px; } +.ui-icon-arrowthick-2-e-w { background-position: -160px -48px; } +.ui-icon-arrowthick-2-se-nw { background-position: -176px -48px; } +.ui-icon-arrowthickstop-1-n { background-position: -192px -48px; } +.ui-icon-arrowthickstop-1-e { background-position: -208px -48px; } +.ui-icon-arrowthickstop-1-s { background-position: -224px -48px; } +.ui-icon-arrowthickstop-1-w { background-position: -240px -48px; } +.ui-icon-arrowreturnthick-1-w { background-position: 0 -64px; } +.ui-icon-arrowreturnthick-1-n { background-position: -16px -64px; } +.ui-icon-arrowreturnthick-1-e { background-position: -32px -64px; } +.ui-icon-arrowreturnthick-1-s { background-position: -48px -64px; } +.ui-icon-arrowreturn-1-w { background-position: -64px -64px; } +.ui-icon-arrowreturn-1-n { background-position: -80px -64px; } +.ui-icon-arrowreturn-1-e { background-position: -96px -64px; } +.ui-icon-arrowreturn-1-s { background-position: -112px -64px; } +.ui-icon-arrowrefresh-1-w { background-position: -128px -64px; } +.ui-icon-arrowrefresh-1-n { background-position: -144px -64px; } +.ui-icon-arrowrefresh-1-e { background-position: -160px -64px; } +.ui-icon-arrowrefresh-1-s { background-position: -176px -64px; } +.ui-icon-arrow-4 { background-position: 0 -80px; } +.ui-icon-arrow-4-diag { background-position: -16px -80px; } +.ui-icon-extlink { background-position: -32px -80px; } +.ui-icon-newwin { background-position: -48px -80px; } +.ui-icon-refresh { background-position: -64px -80px; } +.ui-icon-shuffle { background-position: -80px -80px; } +.ui-icon-transfer-e-w { background-position: -96px -80px; } +.ui-icon-transferthick-e-w { background-position: -112px -80px; } +.ui-icon-folder-collapsed { background-position: 0 -96px; } +.ui-icon-folder-open { background-position: -16px -96px; } +.ui-icon-document { background-position: -32px -96px; } +.ui-icon-document-b { background-position: -48px -96px; } +.ui-icon-note { background-position: -64px -96px; } +.ui-icon-mail-closed { background-position: -80px -96px; } +.ui-icon-mail-open { background-position: -96px -96px; } +.ui-icon-suitcase { background-position: -112px -96px; } +.ui-icon-comment { background-position: -128px -96px; } +.ui-icon-person { background-position: -144px -96px; } +.ui-icon-print { background-position: -160px -96px; } +.ui-icon-trash { background-position: -176px -96px; } +.ui-icon-locked { background-position: -192px -96px; } +.ui-icon-unlocked { background-position: -208px -96px; } +.ui-icon-bookmark { background-position: -224px -96px; } +.ui-icon-tag { background-position: -240px -96px; } +.ui-icon-home { background-position: 0 -112px; } +.ui-icon-flag { background-position: -16px -112px; } +.ui-icon-calendar { background-position: -32px -112px; } +.ui-icon-cart { background-position: -48px -112px; } +.ui-icon-pencil { background-position: -64px -112px; } +.ui-icon-clock { background-position: -80px -112px; } +.ui-icon-disk { background-position: -96px -112px; } +.ui-icon-calculator { background-position: -112px -112px; } +.ui-icon-zoomin { background-position: -128px -112px; } +.ui-icon-zoomout { background-position: -144px -112px; } +.ui-icon-search { background-position: -160px -112px; } +.ui-icon-wrench { background-position: -176px -112px; } +.ui-icon-gear { background-position: -192px -112px; } +.ui-icon-heart { background-position: -208px -112px; } +.ui-icon-star { background-position: -224px -112px; } +.ui-icon-link { background-position: -240px -112px; } +.ui-icon-cancel { background-position: 0 -128px; } +.ui-icon-plus { background-position: -16px -128px; } +.ui-icon-plusthick { background-position: -32px -128px; } +.ui-icon-minus { background-position: -48px -128px; } +.ui-icon-minusthick { background-position: -64px -128px; } +.ui-icon-close { background-position: -80px -128px; } +.ui-icon-closethick { background-position: -96px -128px; } +.ui-icon-key { background-position: -112px -128px; } +.ui-icon-lightbulb { background-position: -128px -128px; } +.ui-icon-scissors { background-position: -144px -128px; } +.ui-icon-clipboard { background-position: -160px -128px; } +.ui-icon-copy { background-position: -176px -128px; } +.ui-icon-contact { background-position: -192px -128px; } +.ui-icon-image { background-position: -208px -128px; } +.ui-icon-video { background-position: -224px -128px; } +.ui-icon-script { background-position: -240px -128px; } +.ui-icon-alert { background-position: 0 -144px; } +.ui-icon-info { background-position: -16px -144px; } +.ui-icon-notice { background-position: -32px -144px; } +.ui-icon-help { background-position: -48px -144px; } +.ui-icon-check { background-position: -64px -144px; } +.ui-icon-bullet { background-position: -80px -144px; } +.ui-icon-radio-on { background-position: -96px -144px; } +.ui-icon-radio-off { background-position: -112px -144px; } +.ui-icon-pin-w { background-position: -128px -144px; } +.ui-icon-pin-s { background-position: -144px -144px; } +.ui-icon-play { background-position: 0 -160px; } +.ui-icon-pause { background-position: -16px -160px; } +.ui-icon-seek-next { background-position: -32px -160px; } +.ui-icon-seek-prev { background-position: -48px -160px; } +.ui-icon-seek-end { background-position: -64px -160px; } +.ui-icon-seek-start { background-position: -80px -160px; } +/* ui-icon-seek-first is deprecated, use ui-icon-seek-start instead */ +.ui-icon-seek-first { background-position: -80px -160px; } +.ui-icon-stop { background-position: -96px -160px; } +.ui-icon-eject { background-position: -112px -160px; } +.ui-icon-volume-off { background-position: -128px -160px; } +.ui-icon-volume-on { background-position: -144px -160px; } +.ui-icon-power { background-position: 0 -176px; } +.ui-icon-signal-diag { background-position: -16px -176px; } +.ui-icon-signal { background-position: -32px -176px; } +.ui-icon-battery-0 { background-position: -48px -176px; } +.ui-icon-battery-1 { background-position: -64px -176px; } +.ui-icon-battery-2 { background-position: -80px -176px; } +.ui-icon-battery-3 { background-position: -96px -176px; } +.ui-icon-circle-plus { background-position: 0 -192px; } +.ui-icon-circle-minus { background-position: -16px -192px; } +.ui-icon-circle-close { background-position: -32px -192px; } +.ui-icon-circle-triangle-e { background-position: -48px -192px; } +.ui-icon-circle-triangle-s { background-position: -64px -192px; } +.ui-icon-circle-triangle-w { background-position: -80px -192px; } +.ui-icon-circle-triangle-n { background-position: -96px -192px; } +.ui-icon-circle-arrow-e { background-position: -112px -192px; } +.ui-icon-circle-arrow-s { background-position: -128px -192px; } +.ui-icon-circle-arrow-w { background-position: -144px -192px; } +.ui-icon-circle-arrow-n { background-position: -160px -192px; } +.ui-icon-circle-zoomin { background-position: -176px -192px; } +.ui-icon-circle-zoomout { background-position: -192px -192px; } +.ui-icon-circle-check { background-position: -208px -192px; } +.ui-icon-circlesmall-plus { background-position: 0 -208px; } +.ui-icon-circlesmall-minus { background-position: -16px -208px; } +.ui-icon-circlesmall-close { background-position: -32px -208px; } +.ui-icon-squaresmall-plus { background-position: -48px -208px; } +.ui-icon-squaresmall-minus { background-position: -64px -208px; } +.ui-icon-squaresmall-close { background-position: -80px -208px; } +.ui-icon-grip-dotted-vertical { background-position: 0 -224px; } +.ui-icon-grip-dotted-horizontal { background-position: -16px -224px; } +.ui-icon-grip-solid-vertical { background-position: -32px -224px; } +.ui-icon-grip-solid-horizontal { background-position: -48px -224px; } +.ui-icon-gripsmall-diagonal-se { background-position: -64px -224px; } +.ui-icon-grip-diagonal-se { background-position: -80px -224px; } + + +/* Misc visuals +----------------------------------*/ + +/* Corner radius */ +.ui-corner-all, +.ui-corner-top, +.ui-corner-left, +.ui-corner-tl { + border-top-left-radius: 3px; +} +.ui-corner-all, +.ui-corner-top, +.ui-corner-right, +.ui-corner-tr { + border-top-right-radius: 3px; +} +.ui-corner-all, +.ui-corner-bottom, +.ui-corner-left, +.ui-corner-bl { + border-bottom-left-radius: 3px; +} +.ui-corner-all, +.ui-corner-bottom, +.ui-corner-right, +.ui-corner-br { + border-bottom-right-radius: 3px; +} + +/* Overlays */ +.ui-widget-overlay { + background: #aaaaaa; + opacity: .3; + filter: Alpha(Opacity=30); /* support: IE8 */ +} +.ui-widget-shadow { + -webkit-box-shadow: 0px 0px 5px #666666; + box-shadow: 0px 0px 5px #666666; +} diff --git a/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/includes/css/jquery-ui.min.css b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/includes/css/jquery-ui.min.css new file mode 100644 index 0000000..121f222 --- /dev/null +++ b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/includes/css/jquery-ui.min.css @@ -0,0 +1,7 @@ +/*! jQuery UI - v1.12.1 - 2016-09-14 +* http://jqueryui.com +* Includes: core.css, accordion.css, autocomplete.css, menu.css, button.css, controlgroup.css, checkboxradio.css, datepicker.css, dialog.css, draggable.css, resizable.css, progressbar.css, selectable.css, selectmenu.css, slider.css, sortable.css, spinner.css, tabs.css, tooltip.css, theme.css +* To view and modify this theme, visit http://jqueryui.com/themeroller/?ffDefault=Arial%2CHelvetica%2Csans-serif&fsDefault=1em&fwDefault=normal&cornerRadius=3px&bgColorHeader=e9e9e9&bgTextureHeader=flat&borderColorHeader=dddddd&fcHeader=333333&iconColorHeader=444444&bgColorContent=ffffff&bgTextureContent=flat&borderColorContent=dddddd&fcContent=333333&iconColorContent=444444&bgColorDefault=f6f6f6&bgTextureDefault=flat&borderColorDefault=c5c5c5&fcDefault=454545&iconColorDefault=777777&bgColorHover=ededed&bgTextureHover=flat&borderColorHover=cccccc&fcHover=2b2b2b&iconColorHover=555555&bgColorActive=007fff&bgTextureActive=flat&borderColorActive=003eff&fcActive=ffffff&iconColorActive=ffffff&bgColorHighlight=fffa90&bgTextureHighlight=flat&borderColorHighlight=dad55e&fcHighlight=777620&iconColorHighlight=777620&bgColorError=fddfdf&bgTextureError=flat&borderColorError=f1a899&fcError=5f3f3f&iconColorError=cc0000&bgColorOverlay=aaaaaa&bgTextureOverlay=flat&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=666666&bgTextureShadow=flat&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=5px&offsetTopShadow=0px&offsetLeftShadow=0px&cornerRadiusShadow=8px +* Copyright jQuery Foundation and other contributors; Licensed MIT */ + +.ui-helper-hidden{display:none}.ui-helper-hidden-accessible{border:0;clip:rect(0 0 0 0);height:1px;margin:-1px;overflow:hidden;padding:0;position:absolute;width:1px}.ui-helper-reset{margin:0;padding:0;border:0;outline:0;line-height:1.3;text-decoration:none;font-size:100%;list-style:none}.ui-helper-clearfix:before,.ui-helper-clearfix:after{content:"";display:table;border-collapse:collapse}.ui-helper-clearfix:after{clear:both}.ui-helper-zfix{width:100%;height:100%;top:0;left:0;position:absolute;opacity:0;filter:Alpha(Opacity=0)}.ui-front{z-index:100}.ui-state-disabled{cursor:default!important;pointer-events:none}.ui-icon{display:inline-block;vertical-align:middle;margin-top:-.25em;position:relative;text-indent:-99999px;overflow:hidden;background-repeat:no-repeat}.ui-widget-icon-block{left:50%;margin-left:-8px;display:block}.ui-widget-overlay{position:fixed;top:0;left:0;width:100%;height:100%}.ui-accordion .ui-accordion-header{display:block;cursor:pointer;position:relative;margin:2px 0 0 0;padding:.5em .5em .5em .7em;font-size:100%}.ui-accordion .ui-accordion-content{padding:1em 2.2em;border-top:0;overflow:auto}.ui-autocomplete{position:absolute;top:0;left:0;cursor:default}.ui-menu{list-style:none;padding:0;margin:0;display:block;outline:0}.ui-menu .ui-menu{position:absolute}.ui-menu .ui-menu-item{margin:0;cursor:pointer;list-style-image:url("data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7")}.ui-menu .ui-menu-item-wrapper{position:relative;padding:3px 1em 3px .4em}.ui-menu .ui-menu-divider{margin:5px 0;height:0;font-size:0;line-height:0;border-width:1px 0 0 0}.ui-menu .ui-state-focus,.ui-menu .ui-state-active{margin:-1px}.ui-menu-icons{position:relative}.ui-menu-icons .ui-menu-item-wrapper{padding-left:2em}.ui-menu .ui-icon{position:absolute;top:0;bottom:0;left:.2em;margin:auto 0}.ui-menu .ui-menu-icon{left:auto;right:0}.ui-button{padding:.4em 1em;display:inline-block;position:relative;line-height:normal;margin-right:.1em;cursor:pointer;vertical-align:middle;text-align:center;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none;overflow:visible}.ui-button,.ui-button:link,.ui-button:visited,.ui-button:hover,.ui-button:active{text-decoration:none}.ui-button-icon-only{width:2em;box-sizing:border-box;text-indent:-9999px;white-space:nowrap}input.ui-button.ui-button-icon-only{text-indent:0}.ui-button-icon-only .ui-icon{position:absolute;top:50%;left:50%;margin-top:-8px;margin-left:-8px}.ui-button.ui-icon-notext .ui-icon{padding:0;width:2.1em;height:2.1em;text-indent:-9999px;white-space:nowrap}input.ui-button.ui-icon-notext .ui-icon{width:auto;height:auto;text-indent:0;white-space:normal;padding:.4em 1em}input.ui-button::-moz-focus-inner,button.ui-button::-moz-focus-inner{border:0;padding:0}.ui-controlgroup{vertical-align:middle;display:inline-block}.ui-controlgroup > .ui-controlgroup-item{float:left;margin-left:0;margin-right:0}.ui-controlgroup > .ui-controlgroup-item:focus,.ui-controlgroup > .ui-controlgroup-item.ui-visual-focus{z-index:9999}.ui-controlgroup-vertical > .ui-controlgroup-item{display:block;float:none;width:100%;margin-top:0;margin-bottom:0;text-align:left}.ui-controlgroup-vertical .ui-controlgroup-item{box-sizing:border-box}.ui-controlgroup .ui-controlgroup-label{padding:.4em 1em}.ui-controlgroup .ui-controlgroup-label span{font-size:80%}.ui-controlgroup-horizontal .ui-controlgroup-label + .ui-controlgroup-item{border-left:none}.ui-controlgroup-vertical .ui-controlgroup-label + .ui-controlgroup-item{border-top:none}.ui-controlgroup-horizontal .ui-controlgroup-label.ui-widget-content{border-right:none}.ui-controlgroup-vertical .ui-controlgroup-label.ui-widget-content{border-bottom:none}.ui-controlgroup-vertical .ui-spinner-input{width:75%;width:calc( 100% - 2.4em )}.ui-controlgroup-vertical .ui-spinner .ui-spinner-up{border-top-style:solid}.ui-checkboxradio-label .ui-icon-background{box-shadow:inset 1px 1px 1px #ccc;border-radius:.12em;border:none}.ui-checkboxradio-radio-label .ui-icon-background{width:16px;height:16px;border-radius:1em;overflow:visible;border:none}.ui-checkboxradio-radio-label.ui-checkboxradio-checked .ui-icon,.ui-checkboxradio-radio-label.ui-checkboxradio-checked:hover .ui-icon{background-image:none;width:8px;height:8px;border-width:4px;border-style:solid}.ui-checkboxradio-disabled{pointer-events:none}.ui-datepicker{width:17em;padding:.2em .2em 0;display:none}.ui-datepicker .ui-datepicker-header{position:relative;padding:.2em 0}.ui-datepicker .ui-datepicker-prev,.ui-datepicker .ui-datepicker-next{position:absolute;top:2px;width:1.8em;height:1.8em}.ui-datepicker .ui-datepicker-prev-hover,.ui-datepicker .ui-datepicker-next-hover{top:1px}.ui-datepicker .ui-datepicker-prev{left:2px}.ui-datepicker .ui-datepicker-next{right:2px}.ui-datepicker .ui-datepicker-prev-hover{left:1px}.ui-datepicker .ui-datepicker-next-hover{right:1px}.ui-datepicker .ui-datepicker-prev span,.ui-datepicker .ui-datepicker-next span{display:block;position:absolute;left:50%;margin-left:-8px;top:50%;margin-top:-8px}.ui-datepicker .ui-datepicker-title{margin:0 2.3em;line-height:1.8em;text-align:center}.ui-datepicker .ui-datepicker-title select{font-size:1em;margin:1px 0}.ui-datepicker select.ui-datepicker-month,.ui-datepicker select.ui-datepicker-year{width:45%}.ui-datepicker table{width:100%;font-size:.9em;border-collapse:collapse;margin:0 0 .4em}.ui-datepicker th{padding:.7em .3em;text-align:center;font-weight:bold;border:0}.ui-datepicker td{border:0;padding:1px}.ui-datepicker td span,.ui-datepicker td a{display:block;padding:.2em;text-align:right;text-decoration:none}.ui-datepicker .ui-datepicker-buttonpane{background-image:none;margin:.7em 0 0 0;padding:0 .2em;border-left:0;border-right:0;border-bottom:0}.ui-datepicker .ui-datepicker-buttonpane button{float:right;margin:.5em .2em .4em;cursor:pointer;padding:.2em .6em .3em .6em;width:auto;overflow:visible}.ui-datepicker .ui-datepicker-buttonpane button.ui-datepicker-current{float:left}.ui-datepicker.ui-datepicker-multi{width:auto}.ui-datepicker-multi .ui-datepicker-group{float:left}.ui-datepicker-multi .ui-datepicker-group table{width:95%;margin:0 auto .4em}.ui-datepicker-multi-2 .ui-datepicker-group{width:50%}.ui-datepicker-multi-3 .ui-datepicker-group{width:33.3%}.ui-datepicker-multi-4 .ui-datepicker-group{width:25%}.ui-datepicker-multi .ui-datepicker-group-last .ui-datepicker-header,.ui-datepicker-multi .ui-datepicker-group-middle .ui-datepicker-header{border-left-width:0}.ui-datepicker-multi .ui-datepicker-buttonpane{clear:left}.ui-datepicker-row-break{clear:both;width:100%;font-size:0}.ui-datepicker-rtl{direction:rtl}.ui-datepicker-rtl .ui-datepicker-prev{right:2px;left:auto}.ui-datepicker-rtl .ui-datepicker-next{left:2px;right:auto}.ui-datepicker-rtl .ui-datepicker-prev:hover{right:1px;left:auto}.ui-datepicker-rtl .ui-datepicker-next:hover{left:1px;right:auto}.ui-datepicker-rtl .ui-datepicker-buttonpane{clear:right}.ui-datepicker-rtl .ui-datepicker-buttonpane button{float:left}.ui-datepicker-rtl .ui-datepicker-buttonpane button.ui-datepicker-current,.ui-datepicker-rtl .ui-datepicker-group{float:right}.ui-datepicker-rtl .ui-datepicker-group-last .ui-datepicker-header,.ui-datepicker-rtl .ui-datepicker-group-middle .ui-datepicker-header{border-right-width:0;border-left-width:1px}.ui-datepicker .ui-icon{display:block;text-indent:-99999px;overflow:hidden;background-repeat:no-repeat;left:.5em;top:.3em}.ui-dialog{position:absolute;top:0;left:0;padding:.2em;outline:0}.ui-dialog .ui-dialog-titlebar{padding:.4em 1em;position:relative}.ui-dialog .ui-dialog-title{float:left;margin:.1em 0;white-space:nowrap;width:90%;overflow:hidden;text-overflow:ellipsis}.ui-dialog .ui-dialog-titlebar-close{position:absolute;right:.3em;top:50%;width:20px;margin:-10px 0 0 0;padding:1px;height:20px}.ui-dialog .ui-dialog-content{position:relative;border:0;padding:.5em 1em;background:none;overflow:auto}.ui-dialog .ui-dialog-buttonpane{text-align:left;border-width:1px 0 0 0;background-image:none;margin-top:.5em;padding:.3em 1em .5em .4em}.ui-dialog .ui-dialog-buttonpane .ui-dialog-buttonset{float:right}.ui-dialog .ui-dialog-buttonpane button{margin:.5em .4em .5em 0;cursor:pointer}.ui-dialog .ui-resizable-n{height:2px;top:0}.ui-dialog .ui-resizable-e{width:2px;right:0}.ui-dialog .ui-resizable-s{height:2px;bottom:0}.ui-dialog .ui-resizable-w{width:2px;left:0}.ui-dialog .ui-resizable-se,.ui-dialog .ui-resizable-sw,.ui-dialog .ui-resizable-ne,.ui-dialog .ui-resizable-nw{width:7px;height:7px}.ui-dialog .ui-resizable-se{right:0;bottom:0}.ui-dialog .ui-resizable-sw{left:0;bottom:0}.ui-dialog .ui-resizable-ne{right:0;top:0}.ui-dialog .ui-resizable-nw{left:0;top:0}.ui-draggable .ui-dialog-titlebar{cursor:move}.ui-draggable-handle{-ms-touch-action:none;touch-action:none}.ui-resizable{position:relative}.ui-resizable-handle{position:absolute;font-size:0.1px;display:block;-ms-touch-action:none;touch-action:none}.ui-resizable-disabled .ui-resizable-handle,.ui-resizable-autohide .ui-resizable-handle{display:none}.ui-resizable-n{cursor:n-resize;height:7px;width:100%;top:-5px;left:0}.ui-resizable-s{cursor:s-resize;height:7px;width:100%;bottom:-5px;left:0}.ui-resizable-e{cursor:e-resize;width:7px;right:-5px;top:0;height:100%}.ui-resizable-w{cursor:w-resize;width:7px;left:-5px;top:0;height:100%}.ui-resizable-se{cursor:se-resize;width:12px;height:12px;right:1px;bottom:1px}.ui-resizable-sw{cursor:sw-resize;width:9px;height:9px;left:-5px;bottom:-5px}.ui-resizable-nw{cursor:nw-resize;width:9px;height:9px;left:-5px;top:-5px}.ui-resizable-ne{cursor:ne-resize;width:9px;height:9px;right:-5px;top:-5px}.ui-progressbar{height:2em;text-align:left;overflow:hidden}.ui-progressbar .ui-progressbar-value{margin:-1px;height:100%}.ui-progressbar .ui-progressbar-overlay{background:url("data:image/gif;base64,R0lGODlhKAAoAIABAAAAAP///yH/C05FVFNDQVBFMi4wAwEAAAAh+QQJAQABACwAAAAAKAAoAAACkYwNqXrdC52DS06a7MFZI+4FHBCKoDeWKXqymPqGqxvJrXZbMx7Ttc+w9XgU2FB3lOyQRWET2IFGiU9m1frDVpxZZc6bfHwv4c1YXP6k1Vdy292Fb6UkuvFtXpvWSzA+HycXJHUXiGYIiMg2R6W459gnWGfHNdjIqDWVqemH2ekpObkpOlppWUqZiqr6edqqWQAAIfkECQEAAQAsAAAAACgAKAAAApSMgZnGfaqcg1E2uuzDmmHUBR8Qil95hiPKqWn3aqtLsS18y7G1SzNeowWBENtQd+T1JktP05nzPTdJZlR6vUxNWWjV+vUWhWNkWFwxl9VpZRedYcflIOLafaa28XdsH/ynlcc1uPVDZxQIR0K25+cICCmoqCe5mGhZOfeYSUh5yJcJyrkZWWpaR8doJ2o4NYq62lAAACH5BAkBAAEALAAAAAAoACgAAAKVDI4Yy22ZnINRNqosw0Bv7i1gyHUkFj7oSaWlu3ovC8GxNso5fluz3qLVhBVeT/Lz7ZTHyxL5dDalQWPVOsQWtRnuwXaFTj9jVVh8pma9JjZ4zYSj5ZOyma7uuolffh+IR5aW97cHuBUXKGKXlKjn+DiHWMcYJah4N0lYCMlJOXipGRr5qdgoSTrqWSq6WFl2ypoaUAAAIfkECQEAAQAsAAAAACgAKAAAApaEb6HLgd/iO7FNWtcFWe+ufODGjRfoiJ2akShbueb0wtI50zm02pbvwfWEMWBQ1zKGlLIhskiEPm9R6vRXxV4ZzWT2yHOGpWMyorblKlNp8HmHEb/lCXjcW7bmtXP8Xt229OVWR1fod2eWqNfHuMjXCPkIGNileOiImVmCOEmoSfn3yXlJWmoHGhqp6ilYuWYpmTqKUgAAIfkECQEAAQAsAAAAACgAKAAAApiEH6kb58biQ3FNWtMFWW3eNVcojuFGfqnZqSebuS06w5V80/X02pKe8zFwP6EFWOT1lDFk8rGERh1TTNOocQ61Hm4Xm2VexUHpzjymViHrFbiELsefVrn6XKfnt2Q9G/+Xdie499XHd2g4h7ioOGhXGJboGAnXSBnoBwKYyfioubZJ2Hn0RuRZaflZOil56Zp6iioKSXpUAAAh+QQJAQABACwAAAAAKAAoAAACkoQRqRvnxuI7kU1a1UU5bd5tnSeOZXhmn5lWK3qNTWvRdQxP8qvaC+/yaYQzXO7BMvaUEmJRd3TsiMAgswmNYrSgZdYrTX6tSHGZO73ezuAw2uxuQ+BbeZfMxsexY35+/Qe4J1inV0g4x3WHuMhIl2jXOKT2Q+VU5fgoSUI52VfZyfkJGkha6jmY+aaYdirq+lQAACH5BAkBAAEALAAAAAAoACgAAAKWBIKpYe0L3YNKToqswUlvznigd4wiR4KhZrKt9Upqip61i9E3vMvxRdHlbEFiEXfk9YARYxOZZD6VQ2pUunBmtRXo1Lf8hMVVcNl8JafV38aM2/Fu5V16Bn63r6xt97j09+MXSFi4BniGFae3hzbH9+hYBzkpuUh5aZmHuanZOZgIuvbGiNeomCnaxxap2upaCZsq+1kAACH5BAkBAAEALAAAAAAoACgAAAKXjI8By5zf4kOxTVrXNVlv1X0d8IGZGKLnNpYtm8Lr9cqVeuOSvfOW79D9aDHizNhDJidFZhNydEahOaDH6nomtJjp1tutKoNWkvA6JqfRVLHU/QUfau9l2x7G54d1fl995xcIGAdXqMfBNadoYrhH+Mg2KBlpVpbluCiXmMnZ2Sh4GBqJ+ckIOqqJ6LmKSllZmsoq6wpQAAAh+QQJAQABACwAAAAAKAAoAAAClYx/oLvoxuJDkU1a1YUZbJ59nSd2ZXhWqbRa2/gF8Gu2DY3iqs7yrq+xBYEkYvFSM8aSSObE+ZgRl1BHFZNr7pRCavZ5BW2142hY3AN/zWtsmf12p9XxxFl2lpLn1rseztfXZjdIWIf2s5dItwjYKBgo9yg5pHgzJXTEeGlZuenpyPmpGQoKOWkYmSpaSnqKileI2FAAACH5BAkBAAEALAAAAAAoACgAAAKVjB+gu+jG4kORTVrVhRlsnn2dJ3ZleFaptFrb+CXmO9OozeL5VfP99HvAWhpiUdcwkpBH3825AwYdU8xTqlLGhtCosArKMpvfa1mMRae9VvWZfeB2XfPkeLmm18lUcBj+p5dnN8jXZ3YIGEhYuOUn45aoCDkp16hl5IjYJvjWKcnoGQpqyPlpOhr3aElaqrq56Bq7VAAAOw==");height:100%;filter:alpha(opacity=25);opacity:0.25}.ui-progressbar-indeterminate .ui-progressbar-value{background-image:none}.ui-selectable{-ms-touch-action:none;touch-action:none}.ui-selectable-helper{position:absolute;z-index:100;border:1px dotted black}.ui-selectmenu-menu{padding:0;margin:0;position:absolute;top:0;left:0;display:none}.ui-selectmenu-menu .ui-menu{overflow:auto;overflow-x:hidden;padding-bottom:1px}.ui-selectmenu-menu .ui-menu .ui-selectmenu-optgroup{font-size:1em;font-weight:bold;line-height:1.5;padding:2px 0.4em;margin:0.5em 0 0 0;height:auto;border:0}.ui-selectmenu-open{display:block}.ui-selectmenu-text{display:block;margin-right:20px;overflow:hidden;text-overflow:ellipsis}.ui-selectmenu-button.ui-button{text-align:left;white-space:nowrap;width:14em}.ui-selectmenu-icon.ui-icon{float:right;margin-top:0}.ui-slider{position:relative;text-align:left}.ui-slider .ui-slider-handle{position:absolute;z-index:2;width:1.2em;height:1.2em;cursor:default;-ms-touch-action:none;touch-action:none}.ui-slider .ui-slider-range{position:absolute;z-index:1;font-size:.7em;display:block;border:0;background-position:0 0}.ui-slider.ui-state-disabled .ui-slider-handle,.ui-slider.ui-state-disabled .ui-slider-range{filter:inherit}.ui-slider-horizontal{height:.8em}.ui-slider-horizontal .ui-slider-handle{top:-.3em;margin-left:-.6em}.ui-slider-horizontal .ui-slider-range{top:0;height:100%}.ui-slider-horizontal .ui-slider-range-min{left:0}.ui-slider-horizontal .ui-slider-range-max{right:0}.ui-slider-vertical{width:.8em;height:100px}.ui-slider-vertical .ui-slider-handle{left:-.3em;margin-left:0;margin-bottom:-.6em}.ui-slider-vertical .ui-slider-range{left:0;width:100%}.ui-slider-vertical .ui-slider-range-min{bottom:0}.ui-slider-vertical .ui-slider-range-max{top:0}.ui-sortable-handle{-ms-touch-action:none;touch-action:none}.ui-spinner{position:relative;display:inline-block;overflow:hidden;padding:0;vertical-align:middle}.ui-spinner-input{border:none;background:none;color:inherit;padding:.222em 0;margin:.2em 0;vertical-align:middle;margin-left:.4em;margin-right:2em}.ui-spinner-button{width:1.6em;height:50%;font-size:.5em;padding:0;margin:0;text-align:center;position:absolute;cursor:default;display:block;overflow:hidden;right:0}.ui-spinner a.ui-spinner-button{border-top-style:none;border-bottom-style:none;border-right-style:none}.ui-spinner-up{top:0}.ui-spinner-down{bottom:0}.ui-tabs{position:relative;padding:.2em}.ui-tabs .ui-tabs-nav{margin:0;padding:.2em .2em 0}.ui-tabs .ui-tabs-nav li{list-style:none;float:left;position:relative;top:0;margin:1px .2em 0 0;border-bottom-width:0;padding:0;white-space:nowrap}.ui-tabs .ui-tabs-nav .ui-tabs-anchor{float:left;padding:.5em 1em;text-decoration:none}.ui-tabs .ui-tabs-nav li.ui-tabs-active{margin-bottom:-1px;padding-bottom:1px}.ui-tabs .ui-tabs-nav li.ui-tabs-active .ui-tabs-anchor,.ui-tabs .ui-tabs-nav li.ui-state-disabled .ui-tabs-anchor,.ui-tabs .ui-tabs-nav li.ui-tabs-loading .ui-tabs-anchor{cursor:text}.ui-tabs-collapsible .ui-tabs-nav li.ui-tabs-active .ui-tabs-anchor{cursor:pointer}.ui-tabs .ui-tabs-panel{display:block;border-width:0;padding:1em 1.4em;background:none}.ui-tooltip{padding:8px;position:absolute;z-index:9999;max-width:300px}body .ui-tooltip{border-width:2px}.ui-widget{font-family:Arial,Helvetica,sans-serif;font-size:1em}.ui-widget .ui-widget{font-size:1em}.ui-widget input,.ui-widget select,.ui-widget textarea,.ui-widget button{font-family:Arial,Helvetica,sans-serif;font-size:1em}.ui-widget.ui-widget-content{border:1px solid #c5c5c5}.ui-widget-content{border:1px solid #ddd;background:#fff;color:#333}.ui-widget-content a{color:#333}.ui-widget-header{border:1px solid #ddd;background:#e9e9e9;color:#333;font-weight:bold}.ui-widget-header a{color:#333}.ui-state-default,.ui-widget-content .ui-state-default,.ui-widget-header .ui-state-default,.ui-button,html .ui-button.ui-state-disabled:hover,html .ui-button.ui-state-disabled:active{border:1px solid #c5c5c5;background:#f6f6f6;font-weight:normal;color:#454545}.ui-state-default a,.ui-state-default a:link,.ui-state-default a:visited,a.ui-button,a:link.ui-button,a:visited.ui-button,.ui-button{color:#454545;text-decoration:none}.ui-state-hover,.ui-widget-content .ui-state-hover,.ui-widget-header .ui-state-hover,.ui-state-focus,.ui-widget-content .ui-state-focus,.ui-widget-header .ui-state-focus,.ui-button:hover,.ui-button:focus{border:1px solid #ccc;background:#ededed;font-weight:normal;color:#2b2b2b}.ui-state-hover a,.ui-state-hover a:hover,.ui-state-hover a:link,.ui-state-hover a:visited,.ui-state-focus a,.ui-state-focus a:hover,.ui-state-focus a:link,.ui-state-focus a:visited,a.ui-button:hover,a.ui-button:focus{color:#2b2b2b;text-decoration:none}.ui-visual-focus{box-shadow:0 0 3px 1px rgb(94,158,214)}.ui-state-active,.ui-widget-content .ui-state-active,.ui-widget-header .ui-state-active,a.ui-button:active,.ui-button:active,.ui-button.ui-state-active:hover{border:1px solid #003eff;background:#007fff;font-weight:normal;color:#fff}.ui-icon-background,.ui-state-active .ui-icon-background{border:#003eff;background-color:#fff}.ui-state-active a,.ui-state-active a:link,.ui-state-active a:visited{color:#fff;text-decoration:none}.ui-state-highlight,.ui-widget-content .ui-state-highlight,.ui-widget-header .ui-state-highlight{border:1px solid #dad55e;background:#fffa90;color:#777620}.ui-state-checked{border:1px solid #dad55e;background:#fffa90}.ui-state-highlight a,.ui-widget-content .ui-state-highlight a,.ui-widget-header .ui-state-highlight a{color:#777620}.ui-state-error,.ui-widget-content .ui-state-error,.ui-widget-header .ui-state-error{border:1px solid #f1a899;background:#fddfdf;color:#5f3f3f}.ui-state-error a,.ui-widget-content .ui-state-error a,.ui-widget-header .ui-state-error a{color:#5f3f3f}.ui-state-error-text,.ui-widget-content .ui-state-error-text,.ui-widget-header .ui-state-error-text{color:#5f3f3f}.ui-priority-primary,.ui-widget-content .ui-priority-primary,.ui-widget-header .ui-priority-primary{font-weight:bold}.ui-priority-secondary,.ui-widget-content .ui-priority-secondary,.ui-widget-header .ui-priority-secondary{opacity:.7;filter:Alpha(Opacity=70);font-weight:normal}.ui-state-disabled,.ui-widget-content .ui-state-disabled,.ui-widget-header .ui-state-disabled{opacity:.35;filter:Alpha(Opacity=35);background-image:none}.ui-state-disabled .ui-icon{filter:Alpha(Opacity=35)}.ui-icon{width:16px;height:16px}.ui-icon,.ui-widget-content .ui-icon{background-image:url("images/ui-icons_444444_256x240.png")}.ui-widget-header .ui-icon{background-image:url("images/ui-icons_444444_256x240.png")}.ui-state-hover .ui-icon,.ui-state-focus .ui-icon,.ui-button:hover .ui-icon,.ui-button:focus .ui-icon{background-image:url("images/ui-icons_555555_256x240.png")}.ui-state-active .ui-icon,.ui-button:active .ui-icon{background-image:url("images/ui-icons_ffffff_256x240.png")}.ui-state-highlight .ui-icon,.ui-button .ui-state-highlight.ui-icon{background-image:url("images/ui-icons_777620_256x240.png")}.ui-state-error .ui-icon,.ui-state-error-text .ui-icon{background-image:url("images/ui-icons_cc0000_256x240.png")}.ui-button .ui-icon{background-image:url("images/ui-icons_777777_256x240.png")}.ui-icon-blank{background-position:16px 16px}.ui-icon-caret-1-n{background-position:0 0}.ui-icon-caret-1-ne{background-position:-16px 0}.ui-icon-caret-1-e{background-position:-32px 0}.ui-icon-caret-1-se{background-position:-48px 0}.ui-icon-caret-1-s{background-position:-65px 0}.ui-icon-caret-1-sw{background-position:-80px 0}.ui-icon-caret-1-w{background-position:-96px 0}.ui-icon-caret-1-nw{background-position:-112px 0}.ui-icon-caret-2-n-s{background-position:-128px 0}.ui-icon-caret-2-e-w{background-position:-144px 0}.ui-icon-triangle-1-n{background-position:0 -16px}.ui-icon-triangle-1-ne{background-position:-16px -16px}.ui-icon-triangle-1-e{background-position:-32px -16px}.ui-icon-triangle-1-se{background-position:-48px -16px}.ui-icon-triangle-1-s{background-position:-65px -16px}.ui-icon-triangle-1-sw{background-position:-80px -16px}.ui-icon-triangle-1-w{background-position:-96px -16px}.ui-icon-triangle-1-nw{background-position:-112px -16px}.ui-icon-triangle-2-n-s{background-position:-128px -16px}.ui-icon-triangle-2-e-w{background-position:-144px -16px}.ui-icon-arrow-1-n{background-position:0 -32px}.ui-icon-arrow-1-ne{background-position:-16px -32px}.ui-icon-arrow-1-e{background-position:-32px -32px}.ui-icon-arrow-1-se{background-position:-48px -32px}.ui-icon-arrow-1-s{background-position:-65px -32px}.ui-icon-arrow-1-sw{background-position:-80px -32px}.ui-icon-arrow-1-w{background-position:-96px -32px}.ui-icon-arrow-1-nw{background-position:-112px -32px}.ui-icon-arrow-2-n-s{background-position:-128px -32px}.ui-icon-arrow-2-ne-sw{background-position:-144px -32px}.ui-icon-arrow-2-e-w{background-position:-160px -32px}.ui-icon-arrow-2-se-nw{background-position:-176px -32px}.ui-icon-arrowstop-1-n{background-position:-192px -32px}.ui-icon-arrowstop-1-e{background-position:-208px -32px}.ui-icon-arrowstop-1-s{background-position:-224px -32px}.ui-icon-arrowstop-1-w{background-position:-240px -32px}.ui-icon-arrowthick-1-n{background-position:1px -48px}.ui-icon-arrowthick-1-ne{background-position:-16px -48px}.ui-icon-arrowthick-1-e{background-position:-32px -48px}.ui-icon-arrowthick-1-se{background-position:-48px -48px}.ui-icon-arrowthick-1-s{background-position:-64px -48px}.ui-icon-arrowthick-1-sw{background-position:-80px -48px}.ui-icon-arrowthick-1-w{background-position:-96px -48px}.ui-icon-arrowthick-1-nw{background-position:-112px -48px}.ui-icon-arrowthick-2-n-s{background-position:-128px -48px}.ui-icon-arrowthick-2-ne-sw{background-position:-144px -48px}.ui-icon-arrowthick-2-e-w{background-position:-160px -48px}.ui-icon-arrowthick-2-se-nw{background-position:-176px -48px}.ui-icon-arrowthickstop-1-n{background-position:-192px -48px}.ui-icon-arrowthickstop-1-e{background-position:-208px -48px}.ui-icon-arrowthickstop-1-s{background-position:-224px -48px}.ui-icon-arrowthickstop-1-w{background-position:-240px -48px}.ui-icon-arrowreturnthick-1-w{background-position:0 -64px}.ui-icon-arrowreturnthick-1-n{background-position:-16px -64px}.ui-icon-arrowreturnthick-1-e{background-position:-32px -64px}.ui-icon-arrowreturnthick-1-s{background-position:-48px -64px}.ui-icon-arrowreturn-1-w{background-position:-64px -64px}.ui-icon-arrowreturn-1-n{background-position:-80px -64px}.ui-icon-arrowreturn-1-e{background-position:-96px -64px}.ui-icon-arrowreturn-1-s{background-position:-112px -64px}.ui-icon-arrowrefresh-1-w{background-position:-128px -64px}.ui-icon-arrowrefresh-1-n{background-position:-144px -64px}.ui-icon-arrowrefresh-1-e{background-position:-160px -64px}.ui-icon-arrowrefresh-1-s{background-position:-176px -64px}.ui-icon-arrow-4{background-position:0 -80px}.ui-icon-arrow-4-diag{background-position:-16px -80px}.ui-icon-extlink{background-position:-32px -80px}.ui-icon-newwin{background-position:-48px -80px}.ui-icon-refresh{background-position:-64px -80px}.ui-icon-shuffle{background-position:-80px -80px}.ui-icon-transfer-e-w{background-position:-96px -80px}.ui-icon-transferthick-e-w{background-position:-112px -80px}.ui-icon-folder-collapsed{background-position:0 -96px}.ui-icon-folder-open{background-position:-16px -96px}.ui-icon-document{background-position:-32px -96px}.ui-icon-document-b{background-position:-48px -96px}.ui-icon-note{background-position:-64px -96px}.ui-icon-mail-closed{background-position:-80px -96px}.ui-icon-mail-open{background-position:-96px -96px}.ui-icon-suitcase{background-position:-112px -96px}.ui-icon-comment{background-position:-128px -96px}.ui-icon-person{background-position:-144px -96px}.ui-icon-print{background-position:-160px -96px}.ui-icon-trash{background-position:-176px -96px}.ui-icon-locked{background-position:-192px -96px}.ui-icon-unlocked{background-position:-208px -96px}.ui-icon-bookmark{background-position:-224px -96px}.ui-icon-tag{background-position:-240px -96px}.ui-icon-home{background-position:0 -112px}.ui-icon-flag{background-position:-16px -112px}.ui-icon-calendar{background-position:-32px -112px}.ui-icon-cart{background-position:-48px -112px}.ui-icon-pencil{background-position:-64px -112px}.ui-icon-clock{background-position:-80px -112px}.ui-icon-disk{background-position:-96px -112px}.ui-icon-calculator{background-position:-112px -112px}.ui-icon-zoomin{background-position:-128px -112px}.ui-icon-zoomout{background-position:-144px -112px}.ui-icon-search{background-position:-160px -112px}.ui-icon-wrench{background-position:-176px -112px}.ui-icon-gear{background-position:-192px -112px}.ui-icon-heart{background-position:-208px -112px}.ui-icon-star{background-position:-224px -112px}.ui-icon-link{background-position:-240px -112px}.ui-icon-cancel{background-position:0 -128px}.ui-icon-plus{background-position:-16px -128px}.ui-icon-plusthick{background-position:-32px -128px}.ui-icon-minus{background-position:-48px -128px}.ui-icon-minusthick{background-position:-64px -128px}.ui-icon-close{background-position:-80px -128px}.ui-icon-closethick{background-position:-96px -128px}.ui-icon-key{background-position:-112px -128px}.ui-icon-lightbulb{background-position:-128px -128px}.ui-icon-scissors{background-position:-144px -128px}.ui-icon-clipboard{background-position:-160px -128px}.ui-icon-copy{background-position:-176px -128px}.ui-icon-contact{background-position:-192px -128px}.ui-icon-image{background-position:-208px -128px}.ui-icon-video{background-position:-224px -128px}.ui-icon-script{background-position:-240px -128px}.ui-icon-alert{background-position:0 -144px}.ui-icon-info{background-position:-16px -144px}.ui-icon-notice{background-position:-32px -144px}.ui-icon-help{background-position:-48px -144px}.ui-icon-check{background-position:-64px -144px}.ui-icon-bullet{background-position:-80px -144px}.ui-icon-radio-on{background-position:-96px -144px}.ui-icon-radio-off{background-position:-112px -144px}.ui-icon-pin-w{background-position:-128px -144px}.ui-icon-pin-s{background-position:-144px -144px}.ui-icon-play{background-position:0 -160px}.ui-icon-pause{background-position:-16px -160px}.ui-icon-seek-next{background-position:-32px -160px}.ui-icon-seek-prev{background-position:-48px -160px}.ui-icon-seek-end{background-position:-64px -160px}.ui-icon-seek-start{background-position:-80px -160px}.ui-icon-seek-first{background-position:-80px -160px}.ui-icon-stop{background-position:-96px -160px}.ui-icon-eject{background-position:-112px -160px}.ui-icon-volume-off{background-position:-128px -160px}.ui-icon-volume-on{background-position:-144px -160px}.ui-icon-power{background-position:0 -176px}.ui-icon-signal-diag{background-position:-16px -176px}.ui-icon-signal{background-position:-32px -176px}.ui-icon-battery-0{background-position:-48px -176px}.ui-icon-battery-1{background-position:-64px -176px}.ui-icon-battery-2{background-position:-80px -176px}.ui-icon-battery-3{background-position:-96px -176px}.ui-icon-circle-plus{background-position:0 -192px}.ui-icon-circle-minus{background-position:-16px -192px}.ui-icon-circle-close{background-position:-32px -192px}.ui-icon-circle-triangle-e{background-position:-48px -192px}.ui-icon-circle-triangle-s{background-position:-64px -192px}.ui-icon-circle-triangle-w{background-position:-80px -192px}.ui-icon-circle-triangle-n{background-position:-96px -192px}.ui-icon-circle-arrow-e{background-position:-112px -192px}.ui-icon-circle-arrow-s{background-position:-128px -192px}.ui-icon-circle-arrow-w{background-position:-144px -192px}.ui-icon-circle-arrow-n{background-position:-160px -192px}.ui-icon-circle-zoomin{background-position:-176px -192px}.ui-icon-circle-zoomout{background-position:-192px -192px}.ui-icon-circle-check{background-position:-208px -192px}.ui-icon-circlesmall-plus{background-position:0 -208px}.ui-icon-circlesmall-minus{background-position:-16px -208px}.ui-icon-circlesmall-close{background-position:-32px -208px}.ui-icon-squaresmall-plus{background-position:-48px -208px}.ui-icon-squaresmall-minus{background-position:-64px -208px}.ui-icon-squaresmall-close{background-position:-80px -208px}.ui-icon-grip-dotted-vertical{background-position:0 -224px}.ui-icon-grip-dotted-horizontal{background-position:-16px -224px}.ui-icon-grip-solid-vertical{background-position:-32px -224px}.ui-icon-grip-solid-horizontal{background-position:-48px -224px}.ui-icon-gripsmall-diagonal-se{background-position:-64px -224px}.ui-icon-grip-diagonal-se{background-position:-80px -224px}.ui-corner-all,.ui-corner-top,.ui-corner-left,.ui-corner-tl{border-top-left-radius:3px}.ui-corner-all,.ui-corner-top,.ui-corner-right,.ui-corner-tr{border-top-right-radius:3px}.ui-corner-all,.ui-corner-bottom,.ui-corner-left,.ui-corner-bl{border-bottom-left-radius:3px}.ui-corner-all,.ui-corner-bottom,.ui-corner-right,.ui-corner-br{border-bottom-right-radius:3px}.ui-widget-overlay{background:#aaa;opacity:.3;filter:Alpha(Opacity=30)}.ui-widget-shadow{-webkit-box-shadow:0 0 5px #666;box-shadow:0 0 5px #666} \ No newline at end of file diff --git a/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/includes/css/phone.css b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/includes/css/phone.css new file mode 100644 index 0000000..4e8dfdc --- /dev/null +++ b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/includes/css/phone.css @@ -0,0 +1,268 @@ +.intl-number-input { position: inherit; } +.intl-number-input .hide { display: none; } +.intl-number-input .flag-dropdown { position: absolute; cursor: pointer; } +.intl-number-input .flag-dropdown .selected-flag { margin: 1px; padding: 8px 16px 6px 7px; } +.intl-number-input .flag-dropdown .selected-flag:hover { background-color: rgba(0, 0, 0, 0.05); } +.intl-number-input .flag-dropdown .selected-flag .down-arrow { top: 5px; position: relative; left: 20px; width: 0; height: 0; border-left: 4px solid transparent; border-right: 4px solid transparent; border-top: 4px solid black; } +.intl-number-input .flag-dropdown .country-list {list-style: none; padding: 0; margin: 0; z-index: 1; overflow-y: scroll; box-shadow: 1px 1px 4px rgba(0, 0, 0, 0.2); background-color: white; border: 1px solid #cccccc; position: absolute; top: 33px; width: 196px; height: 200px; font-size:12px; } +.intl-number-input .flag-dropdown .country-list .divider { padding-bottom: 5px; margin-bottom: 5px; border-bottom: 1px solid #cccccc; } +.intl-number-input .flag-dropdown .country-list .country { line-height: 20px; padding: 4px 10px; } +.intl-number-input .flag-dropdown .country-list .country .dial-code { color: #999999; } +.intl-number-input .flag-dropdown .country-list .country.highlight { background-color: rgba(0, 0, 0, 0.05); } +.intl-number-input .flag-dropdown .country-list .flag { display: inline-block; vertical-align: bottom; } +.intl-number-input .flag-dropdown .country-list .flag, .intl-number-input .flag-dropdown .country-list .country-name { margin-right:2px; } +.intl-number-input input { box-sizing: border-box; -moz-box-sizing: border-box; height: 30px; padding-left: 40px; } + +/* originally from https://github.com/lafeber/world-flags-sprite */ +.f16 .flag { width: 16px; height: 16px; background: url("images/flags16.png") no-repeat; } +.f16 ._African_Union { background-position: 0 -16px; } +.f16 ._Arab_League { background-position: 0 -32px; } +.f16 ._ASEAN { background-position: 0 -48px; } +.f16 ._CARICOM { background-position: 0 -64px; } +.f16 ._CIS { background-position: 0 -80px; } +.f16 ._Commonwealth { background-position: 0 -96px; } +.f16 ._England { background-position: 0 -112px; } +.f16 ._European_Union { background-position: 0 -128px; } +.f16 ._Islamic_Conference { background-position: 0 -144px; } +.f16 ._Kosovo { background-position: 0 -160px; } +.f16 ._NATO { background-position: 0 -176px; } +.f16 ._Northern_Cyprus { background-position: 0 -192px; } +.f16 ._Northern_Ireland { background-position: 0 -208px; } +.f16 ._Olimpic_Movement { background-position: 0 -224px; } +.f16 ._OPEC { background-position: 0 -240px; } +.f16 ._Red_Cross { background-position: 0 -256px; } +.f16 ._Scotland { background-position: 0 -272px; } +.f16 ._Somaliland { background-position: 0 -288px; } +.f16 ._Tibet { background-position: 0 -304px; } +.f16 ._United_Nations { background-position: 0 -320px; } +.f16 ._Wales { background-position: 0 -336px; } +.f16 .ad { background-position: 0 -352px; } +.f16 .ae { background-position: 0 -368px; } +.f16 .af { background-position: 0 -384px; } +.f16 .ag { background-position: 0 -400px; } +.f16 .ai { background-position: 0 -416px; } +.f16 .al { background-position: 0 -432px; } +.f16 .am { background-position: 0 -448px; } +.f16 .an { background-position: 0 -464px; } +.f16 .ao { background-position: 0 -480px; } +.f16 .aq { background-position: 0 -496px; } +.f16 .ar { background-position: 0 -512px; } +.f16 .as { background-position: 0 -528px; } +.f16 .at { background-position: 0 -544px; } +.f16 .au { background-position: 0 -560px; } +.f16 .aw { background-position: 0 -576px; } +.f16 .az { background-position: 0 -592px; } +.f16 .ba { background-position: 0 -608px; } +.f16 .bb { background-position: 0 -624px; } +.f16 .bd { background-position: 0 -640px; } +.f16 .be { background-position: 0 -656px; } +.f16 .bf { background-position: 0 -672px; } +.f16 .bg { background-position: 0 -688px; } +.f16 .bh { background-position: 0 -704px; } +.f16 .bi { background-position: 0 -720px; } +.f16 .bj { background-position: 0 -736px; } +.f16 .bm { background-position: 0 -752px; } +.f16 .bn { background-position: 0 -768px; } +.f16 .bo { background-position: 0 -784px; } +.f16 .br { background-position: 0 -800px; } +.f16 .bs { background-position: 0 -816px; } +.f16 .bt { background-position: 0 -832px; } +.f16 .bw { background-position: 0 -848px; } +.f16 .by { background-position: 0 -864px; } +.f16 .bz { background-position: 0 -880px; } +.f16 .ca { background-position: 0 -896px; } +.f16 .cg { background-position: 0 -912px; } +.f16 .cf { background-position: 0 -928px; } +.f16 .cd { background-position: 0 -944px; } +.f16 .ch { background-position: 0 -960px; } +.f16 .ci { background-position: 0 -976px; } +.f16 .ck { background-position: 0 -992px; } +.f16 .cl { background-position: 0 -1008px; } +.f16 .cm { background-position: 0 -1024px; } +.f16 .cn { background-position: 0 -1040px; } +.f16 .co { background-position: 0 -1056px; } +.f16 .cr { background-position: 0 -1072px; } +.f16 .cu { background-position: 0 -1088px; } +.f16 .cv { background-position: 0 -1104px; } +.f16 .cy { background-position: 0 -1120px; } +.f16 .cz { background-position: 0 -1136px; } +.f16 .de { background-position: 0 -1152px; } +.f16 .dj { background-position: 0 -1168px; } +.f16 .dk { background-position: 0 -1184px; } +.f16 .dm { background-position: 0 -1200px; } +.f16 .do { background-position: 0 -1216px; } +.f16 .dz { background-position: 0 -1232px; } +.f16 .ec { background-position: 0 -1248px; } +.f16 .ee { background-position: 0 -1264px; } +.f16 .eg { background-position: 0 -1280px; } +.f16 .eh { background-position: 0 -1296px; } +.f16 .er { background-position: 0 -1312px; } +.f16 .es { background-position: 0 -1328px; } +.f16 .et { background-position: 0 -1344px; } +.f16 .fi { background-position: 0 -1360px; } +.f16 .fj { background-position: 0 -1376px; } +.f16 .fm { background-position: 0 -1392px; } +.f16 .fo { background-position: 0 -1408px; } +.f16 .fr { background-position: 0 -1424px; } +.f16 .ga { background-position: 0 -1440px; } +.f16 .gb { background-position: 0 -1456px; } +.f16 .gd { background-position: 0 -1472px; } +.f16 .ge { background-position: 0 -1488px; } +.f16 .gg { background-position: 0 -1504px; } +.f16 .gh { background-position: 0 -1520px; } +.f16 .gi { background-position: 0 -1536px; } +.f16 .gl { background-position: 0 -1552px; } +.f16 .gm { background-position: 0 -1568px; } +.f16 .gn { background-position: 0 -1584px; } +.f16 .gp { background-position: 0 -1600px; } +.f16 .gq { background-position: 0 -1616px; } +.f16 .gr { background-position: 0 -1632px; } +.f16 .gt { background-position: 0 -1648px; } +.f16 .gu { background-position: 0 -1664px; } +.f16 .gw { background-position: 0 -1680px; } +.f16 .gy { background-position: 0 -1696px; } +.f16 .hk { background-position: 0 -1712px; } +.f16 .hn { background-position: 0 -1728px; } +.f16 .hr { background-position: 0 -1744px; } +.f16 .ht { background-position: 0 -1760px; } +.f16 .hu { background-position: 0 -1776px; } +.f16 .id { background-position: 0 -1792px; } +.f16 .mc { background-position: 0 -1792px; } +.f16 .ie { background-position: 0 -1808px; } +.f16 .il { background-position: 0 -1824px; } +.f16 .im { background-position: 0 -1840px; } +.f16 .in { background-position: 0 -1856px; } +.f16 .iq { background-position: 0 -1872px; } +.f16 .ir { background-position: 0 -1888px; } +.f16 .is { background-position: 0 -1904px; } +.f16 .it { background-position: 0 -1920px; } +.f16 .je { background-position: 0 -1936px; } +.f16 .jm { background-position: 0 -1952px; } +.f16 .jo { background-position: 0 -1968px; } +.f16 .jp { background-position: 0 -1984px; } +.f16 .ke { background-position: 0 -2000px; } +.f16 .kg { background-position: 0 -2016px; } +.f16 .kh { background-position: 0 -2032px; } +.f16 .ki { background-position: 0 -2048px; } +.f16 .km { background-position: 0 -2064px; } +.f16 .kn { background-position: 0 -2080px; } +.f16 .kp { background-position: 0 -2096px; } +.f16 .kr { background-position: 0 -2112px; } +.f16 .kw { background-position: 0 -2128px; } +.f16 .ky { background-position: 0 -2144px; } +.f16 .kz { background-position: 0 -2160px; } +.f16 .la { background-position: 0 -2176px; } +.f16 .lb { background-position: 0 -2192px; } +.f16 .lc { background-position: 0 -2208px; } +.f16 .li { background-position: 0 -2224px; } +.f16 .lk { background-position: 0 -2240px; } +.f16 .lr { background-position: 0 -2256px; } +.f16 .ls { background-position: 0 -2272px; } +.f16 .lt { background-position: 0 -2288px; } +.f16 .lu { background-position: 0 -2304px; } +.f16 .lv { background-position: 0 -2320px; } +.f16 .ly { background-position: 0 -2336px; } +.f16 .ma { background-position: 0 -2352px; } +.f16 .md { background-position: 0 -2368px; } +.f16 .me { background-position: 0 -2384px; } +.f16 .mg { background-position: 0 -2400px; } +.f16 .mh { background-position: 0 -2416px; } +.f16 .mk { background-position: 0 -2432px; } +.f16 .ml { background-position: 0 -2448px; } +.f16 .mm { background-position: 0 -2464px; } +.f16 .mn { background-position: 0 -2480px; } +.f16 .mo { background-position: 0 -2496px; } +.f16 .mq { background-position: 0 -2512px; } +.f16 .mr { background-position: 0 -2528px; } +.f16 .ms { background-position: 0 -2544px; } +.f16 .mt { background-position: 0 -2560px; } +.f16 .mu { background-position: 0 -2576px; } +.f16 .mv { background-position: 0 -2592px; } +.f16 .mw { background-position: 0 -2608px; } +.f16 .mx { background-position: 0 -2624px; } +.f16 .my { background-position: 0 -2640px; } +.f16 .mz { background-position: 0 -2656px; } +.f16 .na { background-position: 0 -2672px; } +.f16 .nc { background-position: 0 -2688px; } +.f16 .ne { background-position: 0 -2704px; } +.f16 .ng { background-position: 0 -2720px; } +.f16 .ni { background-position: 0 -2736px; } +.f16 .nl { background-position: 0 -2752px; } +.f16 .no { background-position: 0 -2768px; } +.f16 .np { background-position: 0 -2784px; } +.f16 .nr { background-position: 0 -2800px; } +.f16 .nz { background-position: 0 -2816px; } +.f16 .om { background-position: 0 -2832px; } +.f16 .pa { background-position: 0 -2848px; } +.f16 .pe { background-position: 0 -2864px; } +.f16 .pf { background-position: 0 -2880px; } +.f16 .pg { background-position: 0 -2896px; } +.f16 .ph { background-position: 0 -2912px; } +.f16 .pk { background-position: 0 -2928px; } +.f16 .pl { background-position: 0 -2944px; } +.f16 .pr { background-position: 0 -2960px; } +.f16 .ps { background-position: 0 -2976px; } +.f16 .pt { background-position: 0 -2992px; } +.f16 .pw { background-position: 0 -3008px; } +.f16 .py { background-position: 0 -3024px; } +.f16 .qa { background-position: 0 -3040px; } +.f16 .re { background-position: 0 -3056px; } +.f16 .ro { background-position: 0 -3072px; } +.f16 .rs { background-position: 0 -3088px; } +.f16 .ru { background-position: 0 -3104px; } +.f16 .rw { background-position: 0 -3120px; } +.f16 .sa { background-position: 0 -3136px; } +.f16 .sb { background-position: 0 -3152px; } +.f16 .sc { background-position: 0 -3168px; } +.f16 .sd { background-position: 0 -3184px; } +.f16 .se { background-position: 0 -3200px; } +.f16 .sg { background-position: 0 -3216px; } +.f16 .si { background-position: 0 -3232px; } +.f16 .sk { background-position: 0 -3248px; } +.f16 .sl { background-position: 0 -3264px; } +.f16 .sm { background-position: 0 -3280px; } +.f16 .sn { background-position: 0 -3296px; } +.f16 .so { background-position: 0 -3312px; } +.f16 .sr { background-position: 0 -3328px; } +.f16 .st { background-position: 0 -3344px; } +.f16 .sv { background-position: 0 -3360px; } +.f16 .sy { background-position: 0 -3376px; } +.f16 .sz { background-position: 0 -3392px; } +.f16 .tc { background-position: 0 -3408px; } +.f16 .td { background-position: 0 -3424px; } +.f16 .tg { background-position: 0 -3440px; } +.f16 .th { background-position: 0 -3456px; } +.f16 .tj { background-position: 0 -3472px; } +.f16 .tl { background-position: 0 -3488px; } +.f16 .tm { background-position: 0 -3504px; } +.f16 .tn { background-position: 0 -3520px; } +.f16 .to { background-position: 0 -3536px; } +.f16 .tr { background-position: 0 -3552px; } +.f16 .tt { background-position: 0 -3568px; } +.f16 .tv { background-position: 0 -3584px; } +.f16 .tw { background-position: 0 -3600px; } +.f16 .tz { background-position: 0 -3616px; } +.f16 .ua { background-position: 0 -3632px; } +.f16 .ug { background-position: 0 -3648px; } +.f16 .us { background-position: 0 -3664px; } +.f16 .uy { background-position: 0 -3680px; } +.f16 .uz { background-position: 0 -3696px; } +.f16 .va { background-position: 0 -3712px; } +.f16 .vc { background-position: 0 -3728px; } +.f16 .ve { background-position: 0 -3744px; } +.f16 .vg { background-position: 0 -3760px; } +.f16 .vi { background-position: 0 -3776px; } +.f16 .vn { background-position: 0 -3792px; } +.f16 .vu { background-position: 0 -3808px; } +.f16 .ws { background-position: 0 -3824px; } +.f16 .ye { background-position: 0 -3840px; } +.f16 .za { background-position: 0 -3856px; } +.f16 .zm { background-position: 0 -3872px; } +.f16 .zw { background-position: 0 -3888px; } + +.intl-number-input input { + border-radius: 0 !important; +} +.actions { + margin-top: 20px; +} \ No newline at end of file diff --git a/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/includes/css/phone.min.css b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/includes/css/phone.min.css new file mode 100644 index 0000000..5820c16 --- /dev/null +++ b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/includes/css/phone.min.css @@ -0,0 +1 @@ +.intl-number-input{position:inherit}.intl-number-input .hide{display:none}.intl-number-input .flag-dropdown{position:absolute;cursor:pointer}.intl-number-input .flag-dropdown .selected-flag{margin:1px;padding:8px 16px 6px 7px}.intl-number-input .flag-dropdown .selected-flag:hover{background-color:rgba(0,0,0,.05)}.intl-number-input .flag-dropdown .selected-flag .down-arrow{top:5px;position:relative;left:20px;width:0;height:0;border-left:4px solid transparent;border-right:4px solid transparent;border-top:4px solid #000}.intl-number-input .flag-dropdown .country-list{list-style:none;padding:0;margin:0;z-index:1;overflow-y:scroll;box-shadow:1px 1px 4px rgba(0,0,0,.2);background-color:#fff;border:1px solid #ccc;position:absolute;top:33px;width:196px;height:200px;font-size:12px}.intl-number-input .flag-dropdown .country-list .divider{padding-bottom:5px;margin-bottom:5px;border-bottom:1px solid #ccc}.intl-number-input .flag-dropdown .country-list .country{line-height:20px;padding:4px 10px}.intl-number-input .flag-dropdown .country-list .country .dial-code{color:#999}.intl-number-input .flag-dropdown .country-list .country.highlight{background-color:rgba(0,0,0,.05)}.intl-number-input .flag-dropdown .country-list .flag{display:inline-block;vertical-align:bottom}.intl-number-input .flag-dropdown .country-list .country-name,.intl-number-input .flag-dropdown .country-list .flag{margin-right:2px}.intl-number-input input{box-sizing:border-box;-moz-box-sizing:border-box;height:30px;padding-left:40px;border-radius:0!important}.f16 .flag{width:16px;height:16px;background:url(images/flags16.png) no-repeat}.f16 ._African_Union{background-position:0 -16px}.f16 ._Arab_League{background-position:0 -32px}.f16 ._ASEAN{background-position:0 -48px}.f16 ._CARICOM{background-position:0 -64px}.f16 ._CIS{background-position:0 -80px}.f16 ._Commonwealth{background-position:0 -96px}.f16 ._England{background-position:0 -112px}.f16 ._European_Union{background-position:0 -128px}.f16 ._Islamic_Conference{background-position:0 -144px}.f16 ._Kosovo{background-position:0 -160px}.f16 ._NATO{background-position:0 -176px}.f16 ._Northern_Cyprus{background-position:0 -192px}.f16 ._Northern_Ireland{background-position:0 -208px}.f16 ._Olimpic_Movement{background-position:0 -224px}.f16 ._OPEC{background-position:0 -240px}.f16 ._Red_Cross{background-position:0 -256px}.f16 ._Scotland{background-position:0 -272px}.f16 ._Somaliland{background-position:0 -288px}.f16 ._Tibet{background-position:0 -304px}.f16 ._United_Nations{background-position:0 -320px}.f16 ._Wales{background-position:0 -336px}.f16 .ad{background-position:0 -352px}.f16 .ae{background-position:0 -368px}.f16 .af{background-position:0 -384px}.f16 .ag{background-position:0 -400px}.f16 .ai{background-position:0 -416px}.f16 .al{background-position:0 -432px}.f16 .am{background-position:0 -448px}.f16 .an{background-position:0 -464px}.f16 .ao{background-position:0 -480px}.f16 .aq{background-position:0 -496px}.f16 .ar{background-position:0 -512px}.f16 .as{background-position:0 -528px}.f16 .at{background-position:0 -544px}.f16 .au{background-position:0 -560px}.f16 .aw{background-position:0 -576px}.f16 .az{background-position:0 -592px}.f16 .ba{background-position:0 -608px}.f16 .bb{background-position:0 -624px}.f16 .bd{background-position:0 -640px}.f16 .be{background-position:0 -656px}.f16 .bf{background-position:0 -672px}.f16 .bg{background-position:0 -688px}.f16 .bh{background-position:0 -704px}.f16 .bi{background-position:0 -720px}.f16 .bj{background-position:0 -736px}.f16 .bm{background-position:0 -752px}.f16 .bn{background-position:0 -768px}.f16 .bo{background-position:0 -784px}.f16 .br{background-position:0 -800px}.f16 .bs{background-position:0 -816px}.f16 .bt{background-position:0 -832px}.f16 .bw{background-position:0 -848px}.f16 .by{background-position:0 -864px}.f16 .bz{background-position:0 -880px}.f16 .ca{background-position:0 -896px}.f16 .cg{background-position:0 -912px}.f16 .cf{background-position:0 -928px}.f16 .cd{background-position:0 -944px}.f16 .ch{background-position:0 -960px}.f16 .ci{background-position:0 -976px}.f16 .ck{background-position:0 -992px}.f16 .cl{background-position:0 -1008px}.f16 .cm{background-position:0 -1024px}.f16 .cn{background-position:0 -1040px}.f16 .co{background-position:0 -1056px}.f16 .cr{background-position:0 -1072px}.f16 .cu{background-position:0 -1088px}.f16 .cv{background-position:0 -1104px}.f16 .cy{background-position:0 -1120px}.f16 .cz{background-position:0 -1136px}.f16 .de{background-position:0 -1152px}.f16 .dj{background-position:0 -1168px}.f16 .dk{background-position:0 -1184px}.f16 .dm{background-position:0 -1200px}.f16 .do{background-position:0 -1216px}.f16 .dz{background-position:0 -1232px}.f16 .ec{background-position:0 -1248px}.f16 .ee{background-position:0 -1264px}.f16 .eg{background-position:0 -1280px}.f16 .eh{background-position:0 -1296px}.f16 .er{background-position:0 -1312px}.f16 .es{background-position:0 -1328px}.f16 .et{background-position:0 -1344px}.f16 .fi{background-position:0 -1360px}.f16 .fj{background-position:0 -1376px}.f16 .fm{background-position:0 -1392px}.f16 .fo{background-position:0 -1408px}.f16 .fr{background-position:0 -1424px}.f16 .ga{background-position:0 -1440px}.f16 .gb{background-position:0 -1456px}.f16 .gd{background-position:0 -1472px}.f16 .ge{background-position:0 -1488px}.f16 .gg{background-position:0 -1504px}.f16 .gh{background-position:0 -1520px}.f16 .gi{background-position:0 -1536px}.f16 .gl{background-position:0 -1552px}.f16 .gm{background-position:0 -1568px}.f16 .gn{background-position:0 -1584px}.f16 .gp{background-position:0 -1600px}.f16 .gq{background-position:0 -1616px}.f16 .gr{background-position:0 -1632px}.f16 .gt{background-position:0 -1648px}.f16 .gu{background-position:0 -1664px}.f16 .gw{background-position:0 -1680px}.f16 .gy{background-position:0 -1696px}.f16 .hk{background-position:0 -1712px}.f16 .hn{background-position:0 -1728px}.f16 .hr{background-position:0 -1744px}.f16 .ht{background-position:0 -1760px}.f16 .hu{background-position:0 -1776px}.f16 .id,.f16 .mc{background-position:0 -1792px}.f16 .ie{background-position:0 -1808px}.f16 .il{background-position:0 -1824px}.f16 .im{background-position:0 -1840px}.f16 .in{background-position:0 -1856px}.f16 .iq{background-position:0 -1872px}.f16 .ir{background-position:0 -1888px}.f16 .is{background-position:0 -1904px}.f16 .it{background-position:0 -1920px}.f16 .je{background-position:0 -1936px}.f16 .jm{background-position:0 -1952px}.f16 .jo{background-position:0 -1968px}.f16 .jp{background-position:0 -1984px}.f16 .ke{background-position:0 -2000px}.f16 .kg{background-position:0 -2016px}.f16 .kh{background-position:0 -2032px}.f16 .ki{background-position:0 -2048px}.f16 .km{background-position:0 -2064px}.f16 .kn{background-position:0 -2080px}.f16 .kp{background-position:0 -2096px}.f16 .kr{background-position:0 -2112px}.f16 .kw{background-position:0 -2128px}.f16 .ky{background-position:0 -2144px}.f16 .kz{background-position:0 -2160px}.f16 .la{background-position:0 -2176px}.f16 .lb{background-position:0 -2192px}.f16 .lc{background-position:0 -2208px}.f16 .li{background-position:0 -2224px}.f16 .lk{background-position:0 -2240px}.f16 .lr{background-position:0 -2256px}.f16 .ls{background-position:0 -2272px}.f16 .lt{background-position:0 -2288px}.f16 .lu{background-position:0 -2304px}.f16 .lv{background-position:0 -2320px}.f16 .ly{background-position:0 -2336px}.f16 .ma{background-position:0 -2352px}.f16 .md{background-position:0 -2368px}.f16 .me{background-position:0 -2384px}.f16 .mg{background-position:0 -2400px}.f16 .mh{background-position:0 -2416px}.f16 .mk{background-position:0 -2432px}.f16 .ml{background-position:0 -2448px}.f16 .mm{background-position:0 -2464px}.f16 .mn{background-position:0 -2480px}.f16 .mo{background-position:0 -2496px}.f16 .mq{background-position:0 -2512px}.f16 .mr{background-position:0 -2528px}.f16 .ms{background-position:0 -2544px}.f16 .mt{background-position:0 -2560px}.f16 .mu{background-position:0 -2576px}.f16 .mv{background-position:0 -2592px}.f16 .mw{background-position:0 -2608px}.f16 .mx{background-position:0 -2624px}.f16 .my{background-position:0 -2640px}.f16 .mz{background-position:0 -2656px}.f16 .na{background-position:0 -2672px}.f16 .nc{background-position:0 -2688px}.f16 .ne{background-position:0 -2704px}.f16 .ng{background-position:0 -2720px}.f16 .ni{background-position:0 -2736px}.f16 .nl{background-position:0 -2752px}.f16 .no{background-position:0 -2768px}.f16 .np{background-position:0 -2784px}.f16 .nr{background-position:0 -2800px}.f16 .nz{background-position:0 -2816px}.f16 .om{background-position:0 -2832px}.f16 .pa{background-position:0 -2848px}.f16 .pe{background-position:0 -2864px}.f16 .pf{background-position:0 -2880px}.f16 .pg{background-position:0 -2896px}.f16 .ph{background-position:0 -2912px}.f16 .pk{background-position:0 -2928px}.f16 .pl{background-position:0 -2944px}.f16 .pr{background-position:0 -2960px}.f16 .ps{background-position:0 -2976px}.f16 .pt{background-position:0 -2992px}.f16 .pw{background-position:0 -3008px}.f16 .py{background-position:0 -3024px}.f16 .qa{background-position:0 -3040px}.f16 .re{background-position:0 -3056px}.f16 .ro{background-position:0 -3072px}.f16 .rs{background-position:0 -3088px}.f16 .ru{background-position:0 -3104px}.f16 .rw{background-position:0 -3120px}.f16 .sa{background-position:0 -3136px}.f16 .sb{background-position:0 -3152px}.f16 .sc{background-position:0 -3168px}.f16 .sd{background-position:0 -3184px}.f16 .se{background-position:0 -3200px}.f16 .sg{background-position:0 -3216px}.f16 .si{background-position:0 -3232px}.f16 .sk{background-position:0 -3248px}.f16 .sl{background-position:0 -3264px}.f16 .sm{background-position:0 -3280px}.f16 .sn{background-position:0 -3296px}.f16 .so{background-position:0 -3312px}.f16 .sr{background-position:0 -3328px}.f16 .st{background-position:0 -3344px}.f16 .sv{background-position:0 -3360px}.f16 .sy{background-position:0 -3376px}.f16 .sz{background-position:0 -3392px}.f16 .tc{background-position:0 -3408px}.f16 .td{background-position:0 -3424px}.f16 .tg{background-position:0 -3440px}.f16 .th{background-position:0 -3456px}.f16 .tj{background-position:0 -3472px}.f16 .tl{background-position:0 -3488px}.f16 .tm{background-position:0 -3504px}.f16 .tn{background-position:0 -3520px}.f16 .to{background-position:0 -3536px}.f16 .tr{background-position:0 -3552px}.f16 .tt{background-position:0 -3568px}.f16 .tv{background-position:0 -3584px}.f16 .tw{background-position:0 -3600px}.f16 .tz{background-position:0 -3616px}.f16 .ua{background-position:0 -3632px}.f16 .ug{background-position:0 -3648px}.f16 .us{background-position:0 -3664px}.f16 .uy{background-position:0 -3680px}.f16 .uz{background-position:0 -3696px}.f16 .va{background-position:0 -3712px}.f16 .vc{background-position:0 -3728px}.f16 .ve{background-position:0 -3744px}.f16 .vg{background-position:0 -3760px}.f16 .vi{background-position:0 -3776px}.f16 .vn{background-position:0 -3792px}.f16 .vu{background-position:0 -3808px}.f16 .ws{background-position:0 -3824px}.f16 .ye{background-position:0 -3840px}.f16 .za{background-position:0 -3856px}.f16 .zm{background-position:0 -3872px}.f16 .zw{background-position:0 -3888px}.actions{margin-top:20px} \ No newline at end of file diff --git a/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/includes/css/style-icon.css b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/includes/css/style-icon.css new file mode 100644 index 0000000..a684664 --- /dev/null +++ b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/includes/css/style-icon.css @@ -0,0 +1,45 @@ +@font-face { + font-family: 'icomoon'; + src: url('../fonts/miniorange.eot?kiz9jo'); + src: url('../fonts/miniorange.eot?kiz9jo#iefix') format('embedded-opentype'), + url('../fonts/miniorange.ttf?kiz9jo') format('truetype'), + url('../fonts/miniorange.woff?kiz9jo') format('woff'), + url('../fonts/miniorange.svg?kiz9jo#icomoon') format('svg'); + font-weight: normal; + font-style: normal; + font-display: block; +} + +[class^="icon-"], [class*=" icon-"] { + /* use !important to prevent issues with browser extensions that change fonts */ + font-family: 'icomoon' !important; + speak: never; + font-style: normal; + font-weight: normal; + font-variant: normal; + text-transform: none; + line-height: 1; + + /* Better Font Rendering =========== */ + -webkit-font-smoothing: antialiased; + -moz-osx-font-smoothing: grayscale; +} + +.icon-close:before { + content: "\f00d"; +} +.icon-remove:before { + content: "\f00d"; +} +.icon-times:before { + content: "\f00d"; +} +.icon-refresh:before { + content: "\f021"; +} +.icon-copy:before { + content: "\f0c5"; +} +.icon-files-o:before { + content: "\f0c5"; +} diff --git a/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/includes/css/style_login_widget.css b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/includes/css/style_login_widget.css new file mode 100644 index 0000000..a266f28 --- /dev/null +++ b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/includes/css/style_login_widget.css @@ -0,0 +1,40 @@ +.error_wid_login { + background-color: #FFEBE8; + border: 1px dashed #FF0000; + color: #FF0000; + float: left; + font-family: Verdana,Arial,Helvetica,sans-serif; + font-weight: 500; + padding: 6px; + width: 97%; + clear:both !important; +} + +.login_wid li{ + margin:5px; +} + +.login_wid{ + list-style-type:none; + border: 1px dashed #999999; + width:98%; + float:left; + padding:5%; + + } + .login_wid li{ + width:48%; + float:left; + margin:2px; + } + .openid_social_login{ + padding:5px 0px 0px 0px; + clear:both; + width:100% !important; + } + + .login_wid li input{ + width:85%; + float:left; + margin:2px; + } \ No newline at end of file diff --git a/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/includes/css/style_settings.css b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/includes/css/style_settings.css new file mode 100644 index 0000000..81ad192 --- /dev/null +++ b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/includes/css/style_settings.css @@ -0,0 +1,801 @@ +.mo_saml_help_title { + font-size:17px; + width:100%; + color:#1B79AE; + cursor:pointer; + font-weight: bold; +} +.mo_saml_help_desc { + font-size:13px; + border-left:solid 2px rgba(128, 128, 128, 0.65); + margin-top:10px; + padding-left:10px; +} +.mo_saml_help { + border-top: solid 1px grey; + width: 95%; +} +.mo_saml_help_cell { + padding: 20px; + border-bottom: solid 1px grey; +} +.mo_saml_support_layout{ + width: 93%; + background-color:white; + border:1px solid #CCCCCC; + padding-left:20px; +} +.mo_saml_table_layout { + background-color:#FFFFFF; + border:1px solid #CCCCCC; + padding:0px 10px 10px 10px; + margin-bottom: 10px; +} +.mo_saml_table_layout td { + +} +.mo_saml_table_layout input['type=text'] { + width: 80%; +} +.mo_saml_table_layout td strong { + margin-left: 10px; +} +.panel_toggle { + cursor: pointer; +} +.panel_toggle:hover { + text-decoration: underline; +} +.mo_saml_table_textbox { + width: 80%; +} +.mo_saml_settings_table { + width: 100%; +} +.mo_saml_settings_table tr td:first-child { + width: 30%; +} +.mo_saml_heading_margin { + margin-left: 0px; +} +.error_wid_login { + background-color: #FFEBE8; + border: 1px dashed #FF0000; + color: #FF0000; + float: left; + font-family: Verdana,Arial,Helvetica,sans-serif; + font-weight: 500; + padding: 6px; + margin-left: 200px; + width: 80%; + clear:both !important; +} + +.login_wid li{ + margin:5px; +} + +.login_wid{ + list-style-type:none; + border: 1px dashed #999999; + width:98%; + float:left; + padding:5%; + +} +.login_wid li{ + width:48%; + float:left; + margin:2px; +} +.openid_social_login{ + padding:5px 0px 0px 0px; + clear:both; + width:100% !important; +} + +.login_wid li input{ + width:85%; + float:left; + margin:2px; +} +.mo_saml_local_pricing_free_tab{ + background-color: rgba(34, 153, 221, 0.82)!important; +} +.mo_saml_local_pricing_paid_tab{ + background-color: #1a71a4 !important; +} +.mo_saml_local_pricing_text{ + font-size: 14px !important; + color: #fff !important; + font-weight: 600 !important; + +} +.mo_saml_local_pricing_sub_header{ + margin: 2px !important; + color: #fff !important; +} +.mo_saml_local_pricing_header{ + color: #fff !important; + margin: 4px !important; +} +.mo_saml_local_pricing_table{ + text-align:center; + font-size: 15px !important; + background-color:#FFFFFF; +} + +.mo_saml_premium_thumbnail{ + width: 350px; + padding: 4px; + margin-bottom: 10px; + line-height: 1.42857143; + background-color: #fff; + border: 1px solid #ddd; + border-radius: 4px; + -webkit-transition: border .2s ease-in-out; + -o-transition: border .2s ease-in-out; + transition: border .2s ease-in-out; +} + +.mo-fa-icon>tr>td>i.fa{ + color:#5b8a0f; + +} + +.mo_align-center>tr>td{ + text-align:center !important; +} + +.mo_table-bordered, .mo_table-bordered>tbody>tr>td{ + border: 1px solid #ddd; +} + +.mo_table-striped>tbody>tr:nth-of-type(odd) { + background-color: #f9f9f9; +} + +.mo_table-bordered>thead>tr>th{ + vertical-align:top !important; +} + +.mo_plan-desc{ + font-size:14px !important; +} +.mo-display-logs{ + color: #3c763d; + background-color: #dff0d8; + padding:2%; + margin-bottom:20px; + text-align:center; + border:1px solid #AEDB9A; + font-size:18pt; +} +.mo-display-block { + color: #050505; + width: -moz-available; + min-height: 300px !important; + overflow: auto; + display: inline-block; + background-color: #f6f6f6; + padding: 2%; + margin-bottom: 20px; + text-align: left; + border: 1px solid #AEDB9A; + font-size: 12pt; +} +.mo_divider{ + width:5px; + height:auto; + display:inline-block; +} +/* Tooltip container */ +.tooltip { + position: relative; + display: inline-block; + size: letter; + /* If you want dots under the hoverable text */ +} + +/* Tooltip text */ +.tooltip .tooltiptext { + visibility: hidden; + width: 120px; + + background-color:grey; + color: white; + text-align: center; + padding: 5px 0; + border-radius: 6px; + font-size: 12px; + /* Position the tooltip text */ + position: absolute; + z-index: 1; + bottom: 125%; + left: 50%; + margin-left: -60px; + font-size: small; + /* Fade in tooltip */ + opacity: 50; + transition: opacity 0.3s; +} + +/* Tooltip arrow */ +.tooltip .tooltiptext::after { + content: ""; + position: absolute; + top: 100%; + left: 50%; + margin-left: -5px; + border-width: 5px; + border-style: solid; + border-color: #555 transparent transparent transparent; +} + +/* Show the tooltip text when you mouse over the tooltip container */ +.tooltip:hover .tooltiptext { + visibility: visible; + opacity: 1; +} + +/*Included for the feedback form*/ +.mo_modal { + display: none; + overflow: hidden; + position: fixed; + top: 0; + right: 0; + bottom: 0; + left: 0; + z-index: 1050; + -webkit-overflow-scrolling: touch; + outline: 0; + +} + + +.mo_modal-content { + position: relative; + background-color: #ffffff; + border: 1px solid #999999; + border: 1px solid rgba(0, 0, 0, 0.2); + border-radius: 6px; + -webkit-box-shadow: 0 3px 9px rgba(0, 0, 0, 0.5); + box-shadow: 0 3px 9px rgba(0, 0, 0, 0.5); + -webkit-background-clip: padding-box; + background-clip: padding-box; + outline: 0; + margin-left: 20%; + margin-right: 24%; + margin-top:6%; +} + +.mo_close { + color: #aaaaaa; + float: right; + font-size: 28px; + font-weight: bold; +} +.overlay{ + position: fixed; + top: 0; + left: 0; + right: 0; + bottom: 0; + width: 100%; + height: 100%; + background: #000; + opacity: .5; + z-index: 0; + +} +.fade { + opacity: 0; + -webkit-transition: opacity 0.15s linear; + -o-transition: opacity 0.15s linear; + transition: opacity 0.15s linear; +} +.fade.in { + opacity: 1; +} +.modal-header { + padding: 15px; + border-bottom: 1px solid #e5e5e5; +} +.modal-header .close { + margin-top: -2px; +} +.modal-title { + margin: 0; + line-height: 1.42857143; + font-size: large; +} +.modal-body { + position: relative; + padding: 15px; +} +.modal-dialog { + position: relative; + width: auto; + margin: 10px; +} +.modal.fade .modal-dialog { + -webkit-transform: translate(0, -25%); + -ms-transform: translate(0, -25%); + -o-transform: translate(0, -25%); + transform: translate(0, -25%); + -webkit-transition: -webkit-transform 0.3s ease-out; + -o-transition: -o-transform 0.3s ease-out; + transition: transform 0.3s ease-out; +} +.modal.in .modal-dialog { + -webkit-transform: translate(0, 0); + -ms-transform: translate(0, 0); + -o-transform: translate(0, 0); + transform: translate(0, 0); +} +.modal-footer { + padding: 15px; + text-align: center; + border-top: 1px solid #e5e5e5; + position: relative; + margin: 220px; + margin-top: 35%; +} +.modal-footer .btn + .btn { + margin-left: 5px; + margin-bottom: 0; +} +.modal-footer .btn-group .btn + .btn { + margin-left: -1px; +} +.modal-footer .btn-block + .btn-block { + margin-left: 0; +} +.close { + float: right; + font-size: 21px; + font-weight: bold; + line-height: 1; + color: #000000; + text-shadow: 0 1px 0 #ffffff; + opacity: 0.2; + filter: alpha(opacity=20); +} +.close:hover, +.close:focus { + color: #000000; + text-decoration: none; + cursor: pointer; + opacity: 0.5; + filter: alpha(opacity=50); +} +button.close { + padding: 0; + cursor: pointer; + background: transparent; + border: 0; + -webkit-appearance: none; +} + +.mo-span-circle{ + display: inline-block; + padding: 15px; + line-height: 100%; + + -moz-border-radius: 50%; + border-radius: 50%; + + background-color: black; + color: white; + text-align: center; + font-size: 2em; + +} +.nav-tab-active{ + margin-bottom: -1px; + background: white; + border-bottom: white; + border-bottom: 3px solid white; +} +.nav-tab-active:hover{ + color: black; + background: white; + border-bottom: white; + border-bottom: 3px solid white; +} +/* The switch - the box around the slider */ +.switch { + position: relative; + display: inline-block; + width: 40px; + height: 24px; +} + +/* Hide default HTML checkbox */ +.switch input { + opacity: 0; + width: 0; + height: 0; +} + +/* The slider */ +.slider { + position: absolute; + cursor: pointer; + top: 0; + left: 0; + right: 0; + bottom: 0; + background-color: #ccc; + -webkit-transition: .4s; + transition: .4s; +} + +input:disabled + .slider{ + background-color: #ebebeb; + cursor: default; +} + +.slider:before { + position: absolute; + content: ""; + height: 20px; + width: 20px; + left: 2px; + bottom: 2px; + background-color: white; + -webkit-transition: .4s; + transition: .4s; +} + +input:checked + .slider { + background-color: #0085ba; +} + +input:focus + .slider { + box-shadow: 0 0 1px #0085ba; +} + +input:checked + .slider:before { + -webkit-transform: translateX(15px); + -ms-transform: translateX(15px); + transform: translateX(15px); +} + + +/* Rounded sliders */ +.slider.round { + border-radius: 24px; +} + +.slider.round:before { + border-radius: 50%; +} + +.mo_copy{ + border: 1px solid #CCCCCC; + padding:8px; + background-color:#FBFBFB; + cursor: pointer; +} + +.mo_copy:active{ + background-color:#CCCCCC; +} + +/* Tooltip container */ +.copytooltip { + position: relative; + display: inline-block; + size: letter; + /* If you want dots under the hoverable text */ +} + +/* Tooltip text */ +.copytooltip .copytooltiptext { + visibility: hidden; + width: 120px; + + background-color:grey; + color: white; + text-align: center; + padding: 5px 0; + border-radius: 6px; + font-size: 12px; + /* Position the tooltip text */ + position: absolute; + z-index: 1; + bottom: 125%; + left: 50%; + margin-left: -60px; + font-size: small; + /* Fade in tooltip */ + opacity: 50; + transition: opacity 0.3s; +} + +/* Tooltip arrow */ +.copytooltip .copytooltiptext::after { + content: ""; + position: absolute; + top: 100%; + left: 50%; + margin-left: -5px; + border-width: 5px; + border-style: solid; + border-color: #555 transparent transparent transparent; +} + +/* Show the tooltip text when you mouse over the tooltip container */ +.copytooltip:hover .copytooltiptext { + visibility: visible; + opacity: 1; +} + +.mo_demo_layout { + margin-bottom: 10px; + padding-left: 100px; + padding-right: 100px; + border: none; +} + +.idp-guides-btns{ + width: 105%; + text-align:center; + padding:0.5em 0 0.5em 0; +} + +.guide-btn{ + background-color: #fff; + border: 1px solid #007cba; + padding: .5em 1em .5em 1em; + margin-right: 2em; + color: #007cba; + font-weight: 600; + font-size: 13px; + border-radius: 4px; + box-shadow: 2px 2px 5px rgba(0,0,0,.25); + width: 11em; + letter-spacing: .4px; + cursor: pointer; + height: 40px; +} + +.idp-guides-logo.SimpleSAMLphp{ + width: 18px; + height: 25px; + margin-left: -9px; + margin-right: 2px; + float: left; +} + +.idp-guides-logo { + height: 25px; + width: 24px; + margin-right: 2px; + margin-left: -4px; + float: left; +} + +.guide-btn:hover{ + background-color: #007cba; + color:#fff; +} +/* The Modal (background) */ +.modal { + display: none; /* Hidden by default */ + position: fixed; /* Stay in place */ + z-index: 3; /* Sit on top */ + padding-top: 100px; /* Location of the box */ + left: 0; + top: 0; + width: 100%; /* Full width */ + height: 100%; /* Full height */ + /*overflow: auto; Enable scroll if needed */ + background-color: rgb(0,0,0); /* Fallback color */ + background-color: rgba(0,0,0,0.4); /* Black w/ opacity */ + transition: all 1s; +} + +/* Modal Content */ +.modal-content { + background-color: #FFFFFF; + margin: 0; + padding: 20px; + border: 1px solid #888; + width: 70%; + border-radius: 20px; + box-shadow: 5px 5px 5px rgba(0, 0, 0, 0.25); + + position: fixed; + top: 50%; + left: 50%; + margin-right: -50%; + transform: translate(-50%, -50%); + height: 700px; +} + +.modal-button { + width: 15%; + height: 50px; + font-size: 20px !important; +} +.add-new-hover:hover{ + color: white !important; +} + +.editable{ + text-align:center; + width:1em; + height:1em; +} +.sm { + text-align:center; + width: 2vw; + height: 2vw; + padding: 1vw; +} + +input[type=radio] { + display: none; +} + +.sm:hover { + opacity:0.6; + cursor: pointer; +} + +.sm:active { + opacity:0.4; + cursor: pointer; +} + +input[type=radio]:checked + label > .sm { + border: 2px solid #21ecdc; +} + +/** CSS for Add-ons tab **/ +@media (min-width: 768px) { + .grid_view { + width: 33.33%; + float: left; + } +} +@media screen and (max-width: 1000px) { + .grid_view { + float: left; + width: 100%; + } +} +@media screen and (max-width: 1400px) { + .grid_view { + float: left; + width: 50%; + } +} +@keyframes fadeInScale { + 0% { + transform: scale(0.9); + opacity: 0; + } + + 100% { + transform: scale(1); + opacity: 1; + } +} +.card { + border: 0; + margin:10px; + transition: all .3s ease-in-out; + padding: 1.5rem 1rem; + text-align:center; + will-change: transform; + border-radius: 8px; + box-shadow: 0 20px 35px 0 rgba(0, 0, 0, 0.08); + max-height: 100%; + min-height: 260px; +} +.card:after { + content: ''; + position: absolute; + top: 0; + left: 0; + width: 0%; + height: 5px; + background-color: #3473b4; + transition: 0.5s; +} +.card:hover { + cursor: default; + transform: scale(1.05); + -webkit-box-shadow: 0 20px 35px 0 rgba(0, 0, 0, 0.08); + box-shadow: 0 20px 35px 0 rgba(0, 0, 0, 0.18); +} +.card:hover:after { + width: 100%; +} +.addon-img{ + float:right; + width: 40px; + height: 40px; + align-self: center; +} +.card .card-title { + font-size: 1.3rem; + font-weight: 600; + text-align: left; + padding-left: 10px; +} +.addon-heading{ + float:left; + width:90%; + text-align: center; +} +.addon-header{ + display:flex; + line-height: 1.2; + text-align: center; +} +.card-text{ + padding:0px 5px; + min-height: 100px; +} +.btn-addon { + text-transform: uppercase; + font-size: 10px; + font-weight: bold; + color: #fff; + border:0px; + border-radius: 3px; + padding: .65rem 1.15rem; + letter-spacing: 1px; +} +.btn-addon-grad { + background-color: #3473b4; + transition: background .3s ease-in-out; +} +.btn-addon-grad:hover { + color: white; + cursor: pointer; + background-color: #3473b4cc; +} + +/** CSS for Call Setup Section **/ +.call-setup-div{ + background: #F2F5FB; + border-radius: 5px; + margin-top: 10px; + margin-right: 20px; + padding-top: 10px; + border-style: solid; + border-color: #2f6062; + padding-left: 10px; +} +.call-setup-heading { + margin-top: 0px; + margin-left: 5px; +} +.call-setup-label{ + padding-left:5px; + font-size: 15px; +} +.call-setup-details{ + margin-left: 5px; + margin-top: 5px; +} +.call-setup-datetime{ + width: 50%; + float: left; + position: relative; + height: auto; + min-height: 100% !important; +} +.call-setup-textbox{ + width: 90% !important; +} +.call-setup-notice{ + margin: 15px 25px 10px 10px; +} + diff --git a/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/includes/css/style_settings.min.css b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/includes/css/style_settings.min.css new file mode 100644 index 0000000..8676155 --- /dev/null +++ b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/includes/css/style_settings.min.css @@ -0,0 +1 @@ +.mo_saml_help_title{font-size:17px;width:100%;color:#1b79ae;cursor:pointer;font-weight:bold}.mo_saml_help_desc{font-size:13px;border-left:solid 2px rgba(128,128,128,0.65);margin-top:10px;padding-left:10px}.mo_saml_help{border-top:solid 1px grey;width:95%}.mo_saml_help_cell{padding:20px;border-bottom:solid 1px grey}.mo_saml_support_layout{width:93%;background-color:white;border:1px solid #ccc;padding-left:20px}.mo_saml_table_layout{background-color:#fff;border:1px solid #ccc;padding:0 10px 10px 10px;margin-bottom:10px}.mo_saml_table_layout input['type=text']{width:80%}.mo_saml_table_layout td strong{margin-left:10px}.panel_toggle{cursor:pointer}.panel_toggle:hover{text-decoration:underline}.mo_saml_table_textbox{width:80%}.mo_saml_settings_table{width:100%}.mo_saml_settings_table tr td:first-child{width:30%}.mo_saml_heading_margin{margin-left:0}.error_wid_login{background-color:#ffebe8;border:1px dashed #f00;color:#f00;float:left;font-family:Verdana,Arial,Helvetica,sans-serif;font-weight:500;padding:6px;margin-left:200px;width:80%;clear:both!important}.login_wid li{margin:5px}.login_wid{list-style-type:none;border:1px dashed #999;width:98%;float:left;padding:5%}.login_wid li{width:48%;float:left;margin:2px}.openid_social_login{padding:5px 0 0 0;clear:both;width:100%!important}.login_wid li input{width:85%;float:left;margin:2px}.mo_saml_local_pricing_free_tab{background-color:rgba(34,153,221,0.82)!important}.mo_saml_local_pricing_paid_tab{background-color:#1a71a4!important}.mo_saml_local_pricing_text{font-size:14px!important;color:#fff!important;font-weight:600!important}.mo_saml_local_pricing_sub_header{margin:2px!important;color:#fff!important}.mo_saml_local_pricing_header{color:#fff!important;margin:4px!important}.mo_saml_local_pricing_table{text-align:center;font-size:15px!important;background-color:#fff}.mo_saml_premium_thumbnail{width:350px;padding:4px;margin-bottom:10px;line-height:1.42857143;background-color:#fff;border:1px solid #ddd;border-radius:4px;-webkit-transition:border .2s ease-in-out;-o-transition:border .2s ease-in-out;transition:border .2s ease-in-out}.mo-fa-icon>tr>td>i.fa{color:#5b8a0f}.mo_align-center>tr>td{text-align:center!important}.mo_table-bordered,.mo_table-bordered>tbody>tr>td{border:1px solid #ddd}.mo_table-striped>tbody>tr:nth-of-type(odd){background-color:#f9f9f9}.mo_table-bordered>thead>tr>th{vertical-align:top!important}.mo_plan-desc{font-size:14px!important}.mo-display-logs{color:#3c763d;background-color:#dff0d8;padding:2%;margin-bottom:20px;text-align:center;border:1px solid #aedb9a;font-size:18pt}.mo-display-block{color:#050505;width:-moz-available;min-height:300px!important;overflow:auto;display:inline-block;background-color:#f6f6f6;padding:2%;margin-bottom:20px;text-align:left;border:1px solid #aedb9a;font-size:12pt}.mo_divider{width:5px;height:auto;display:inline-block}.tooltip{position:relative;display:inline-block;size:letter}.tooltip .tooltiptext{visibility:hidden;width:120px;background-color:grey;color:white;text-align:center;padding:5px 0;border-radius:6px;font-size:12px;position:absolute;z-index:1;bottom:125%;left:50%;margin-left:-60px;font-size:small;opacity:50;transition:opacity .3s}.tooltip .tooltiptext::after{content:"";position:absolute;top:100%;left:50%;margin-left:-5px;border-width:5px;border-style:solid;border-color:#555 transparent transparent transparent}.tooltip:hover .tooltiptext{visibility:visible;opacity:1}.mo_modal{display:none;overflow:hidden;position:fixed;top:0;right:0;bottom:0;left:0;z-index:1050;-webkit-overflow-scrolling:touch;outline:0}.mo_modal-content{position:relative;background-color:#fff;border:1px solid #999;border:1px solid rgba(0,0,0,0.2);border-radius:6px;-webkit-box-shadow:0 3px 9px rgba(0,0,0,0.5);box-shadow:0 3px 9px rgba(0,0,0,0.5);-webkit-background-clip:padding-box;background-clip:padding-box;outline:0;margin-left:20%;margin-right:24%;margin-top:6%}.mo_close{color:#aaa;float:right;font-size:28px;font-weight:bold}.overlay{position:fixed;top:0;left:0;right:0;bottom:0;width:100%;height:100%;background:#000;opacity:.5;z-index:0}.fade{opacity:0;-webkit-transition:opacity .15s linear;-o-transition:opacity .15s linear;transition:opacity .15s linear}.fade.in{opacity:1}.modal-header{padding:15px;border-bottom:1px solid #e5e5e5}.modal-header .close{margin-top:-2px}.modal-title{margin:0;line-height:1.42857143;font-size:large}.modal-body{position:relative;padding:15px}.modal-dialog{position:relative;width:auto;margin:10px}.modal.fade .modal-dialog{-webkit-transform:translate(0,-25%);-ms-transform:translate(0,-25%);-o-transform:translate(0,-25%);transform:translate(0,-25%);-webkit-transition:-webkit-transform .3s ease-out;-o-transition:-o-transform .3s ease-out;transition:transform .3s ease-out}.modal.in .modal-dialog{-webkit-transform:translate(0,0);-ms-transform:translate(0,0);-o-transform:translate(0,0);transform:translate(0,0)}.modal-footer{padding:15px;text-align:center;border-top:1px solid #e5e5e5;position:relative;margin:220px;margin-top:35%}.modal-footer .btn+.btn{margin-left:5px;margin-bottom:0}.modal-footer .btn-group .btn+.btn{margin-left:-1px}.modal-footer .btn-block+.btn-block{margin-left:0}.close{float:right;font-size:21px;font-weight:bold;line-height:1;color:#000;text-shadow:0 1px 0 #fff;opacity:.2;filter:alpha(opacity=20)}.close:hover,.close:focus{color:#000;text-decoration:none;cursor:pointer;opacity:.5;filter:alpha(opacity=50)}button.close{padding:0;cursor:pointer;background:transparent;border:0;-webkit-appearance:none}.mo-span-circle{display:inline-block;padding:15px;line-height:100%;-moz-border-radius:50%;border-radius:50%;background-color:black;color:white;text-align:center;font-size:2em}.nav-tab-active{margin-bottom:-1px;background:white;border-bottom:white;border-bottom:3px solid white}.nav-tab-active:hover{color:black;background:white;border-bottom:white;border-bottom:3px solid white}.switch{position:relative;display:inline-block;width:40px;height:24px}.switch input{opacity:0;width:0;height:0}.slider{position:absolute;cursor:pointer;top:0;left:0;right:0;bottom:0;background-color:#ccc;-webkit-transition:.4s;transition:.4s}input:disabled+.slider{background-color:#ebebeb;cursor:default}.slider:before{position:absolute;content:"";height:20px;width:20px;left:2px;bottom:2px;background-color:white;-webkit-transition:.4s;transition:.4s}input:checked+.slider{background-color:#0085ba}input:focus+.slider{box-shadow:0 0 1px #0085ba}input:checked+.slider:before{-webkit-transform:translateX(15px);-ms-transform:translateX(15px);transform:translateX(15px)}.slider.round{border-radius:24px}.slider.round:before{border-radius:50%}.mo_copy{border:1px solid #ccc;padding:8px;background-color:#fbfbfb;cursor:pointer}.mo_copy:active{background-color:#ccc}.copytooltip{position:relative;display:inline-block;size:letter}.copytooltip .copytooltiptext{visibility:hidden;width:120px;background-color:grey;color:white;text-align:center;padding:5px 0;border-radius:6px;font-size:12px;position:absolute;z-index:1;bottom:125%;left:50%;margin-left:-60px;font-size:small;opacity:50;transition:opacity .3s}.copytooltip .copytooltiptext::after{content:"";position:absolute;top:100%;left:50%;margin-left:-5px;border-width:5px;border-style:solid;border-color:#555 transparent transparent transparent}.copytooltip:hover .copytooltiptext{visibility:visible;opacity:1}.mo_demo_layout{margin-bottom:10px;padding-left:100px;padding-right:100px;border:0}.idp-guides-btns{width:105%;text-align:center;padding:.5em 0 .5em 0}.guide-btn{background-color:#fff;border:1px solid #007cba;padding:.5em 1em .5em 1em;margin-right:2em;color:#007cba;font-weight:600;font-size:13px;border-radius:4px;box-shadow:2px 2px 5px rgba(0,0,0,.25);width:11em;letter-spacing:.4px;cursor:pointer;height:40px}.idp-guides-logo.SimpleSAMLphp{width:18px;height:25px;margin-left:-9px;margin-right:2px;float:left}.idp-guides-logo{height:25px;width:24px;margin-right:2px;margin-left:-4px;float:left}.guide-btn:hover{background-color:#007cba;color:#fff}.modal{display:none;position:fixed;z-index:3;padding-top:100px;left:0;top:0;width:100%;height:100%;background-color:#000;background-color:rgba(0,0,0,0.4);transition:all 1s}.modal-content{background-color:#fff;margin:0;padding:20px;border:1px solid #888;width:70%;border-radius:20px;box-shadow:5px 5px 5px rgba(0,0,0,0.25);position:fixed;top:50%;left:50%;margin-right:-50%;transform:translate(-50%,-50%);height:700px}.modal-button{width:15%;height:50px;font-size:20px!important}.add-new-hover:hover{color:white!important}.editable{text-align:center;width:1em;height:1em}.sm{text-align:center;width:2vw;height:2vw;padding:1vw}input[type=radio]{display:none}.sm:hover{opacity:.6;cursor:pointer}.sm:active{opacity:.4;cursor:pointer}input[type=radio]:checked+label>.sm{border:2px solid #21ecdc}@media(min-width:768px){.grid_view{width:33.33%;float:left}}@media screen and (max-width:1000px){.grid_view{float:left;width:100%}}@media screen and (max-width:1400px){.grid_view{float:left;width:50%}}@keyframes fadeInScale{0%{transform:scale(0.9);opacity:0}100%{transform:scale(1);opacity:1}}.card{border:0;margin:10px;transition:all .3s ease-in-out;padding:1.5rem 1rem;text-align:center;will-change:transform;border-radius:8px;box-shadow:0 20px 35px 0 rgba(0,0,0,0.08);max-height:100%;min-height:260px}.card:after{content:'';position:absolute;top:0;left:0;width:0;height:5px;background-color:#3473b4;transition:.5s}.card:hover{cursor:default;transform:scale(1.05);-webkit-box-shadow:0 20px 35px 0 rgba(0,0,0,0.08);box-shadow:0 20px 35px 0 rgba(0,0,0,0.18)}.card:hover:after{width:100%}.addon-img{float:right;width:40px;height:40px;align-self:center}.card .card-title{font-size:1.3rem;font-weight:600;text-align:left;padding-left:10px}.addon-heading{float:left;width:90%;text-align:center}.addon-header{display:flex;line-height:1.2;text-align:center}.card-text{padding:0 5px;min-height:100px}.btn-addon{text-transform:uppercase;font-size:10px;font-weight:bold;color:#fff;border:0;border-radius:3px;padding:.65rem 1.15rem;letter-spacing:1px}.btn-addon-grad{background-color:#3473b4;transition:background .3s ease-in-out}.btn-addon-grad:hover{color:white;cursor:pointer;background-color:#3473b4cc}.call-setup-div{background:#f2f5fb;border-radius:5px;margin-top:10px;margin-right:20px;padding-top:10px;border-style:solid;border-color:#2f6062;padding-left:10px}.call-setup-heading{margin-top:0;margin-left:5px}.call-setup-label{padding-left:5px;font-size:15px}.call-setup-details{margin-left:5px;margin-top:5px}.call-setup-datetime{width:50%;float:left;position:relative;height:auto;min-height:100%!important}.call-setup-textbox{width:90%!important}.call-setup-notice{margin:15px 25px 10px 10px} \ No newline at end of file diff --git a/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/includes/fonts/miniorange.eot b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/includes/fonts/miniorange.eot new file mode 100644 index 0000000..28dc2bc Binary files /dev/null and b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/includes/fonts/miniorange.eot differ diff --git a/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/includes/fonts/miniorange.svg b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/includes/fonts/miniorange.svg new file mode 100644 index 0000000..9185214 --- /dev/null +++ b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/includes/fonts/miniorange.svg @@ -0,0 +1,13 @@ + + + +Generated by IcoMoon + + + + + + + + + \ No newline at end of file diff --git a/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/includes/fonts/miniorange.ttf b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/includes/fonts/miniorange.ttf new file mode 100644 index 0000000..0429be6 Binary files /dev/null and b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/includes/fonts/miniorange.ttf differ diff --git a/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/includes/fonts/miniorange.woff b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/includes/fonts/miniorange.woff new file mode 100644 index 0000000..f207803 Binary files /dev/null and b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/includes/fonts/miniorange.woff differ diff --git a/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/includes/js/bootstrap/bootstrap.min.js b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/includes/js/bootstrap/bootstrap.min.js new file mode 100644 index 0000000..534d533 --- /dev/null +++ b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/includes/js/bootstrap/bootstrap.min.js @@ -0,0 +1,7 @@ +/*! + * Bootstrap v4.0.0 (https://getbootstrap.com) + * Copyright 2011-2018 The Bootstrap Authors (https://github.com/twbs/bootstrap/graphs/contributors) + * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE) + */ +!function(t,e){"object"==typeof exports&&"undefined"!=typeof module?e(exports,require("jquery"),require("popper.js")):"function"==typeof define&&define.amd?define(["exports","jquery","popper.js"],e):e(t.bootstrap={},t.jQuery,t.Popper)}(this,function(t,e,n){"use strict";function i(t,e){for(var n=0;n0?i:null}catch(t){return null}},reflow:function(t){return t.offsetHeight},triggerTransitionEnd:function(n){t(n).trigger(e.end)},supportsTransitionEnd:function(){return Boolean(e)},isElement:function(t){return(t[0]||t).nodeType},typeCheckConfig:function(t,e,n){for(var s in n)if(Object.prototype.hasOwnProperty.call(n,s)){var r=n[s],o=e[s],a=o&&i.isElement(o)?"element":(l=o,{}.toString.call(l).match(/\s([a-zA-Z]+)/)[1].toLowerCase());if(!new RegExp(r).test(a))throw new Error(t.toUpperCase()+': Option "'+s+'" provided type "'+a+'" but expected type "'+r+'".')}var l}};return e=("undefined"==typeof window||!window.QUnit)&&{end:"transitionend"},t.fn.emulateTransitionEnd=n,i.supportsTransitionEnd()&&(t.event.special[i.TRANSITION_END]={bindType:e.end,delegateType:e.end,handle:function(e){if(t(e.target).is(this))return e.handleObj.handler.apply(this,arguments)}}),i}(e),L=(a="alert",h="."+(l="bs.alert"),c=(o=e).fn[a],u={CLOSE:"close"+h,CLOSED:"closed"+h,CLICK_DATA_API:"click"+h+".data-api"},f="alert",d="fade",_="show",g=function(){function t(t){this._element=t}var e=t.prototype;return e.close=function(t){t=t||this._element;var e=this._getRootElement(t);this._triggerCloseEvent(e).isDefaultPrevented()||this._removeElement(e)},e.dispose=function(){o.removeData(this._element,l),this._element=null},e._getRootElement=function(t){var e=P.getSelectorFromElement(t),n=!1;return e&&(n=o(e)[0]),n||(n=o(t).closest("."+f)[0]),n},e._triggerCloseEvent=function(t){var e=o.Event(u.CLOSE);return o(t).trigger(e),e},e._removeElement=function(t){var e=this;o(t).removeClass(_),P.supportsTransitionEnd()&&o(t).hasClass(d)?o(t).one(P.TRANSITION_END,function(n){return e._destroyElement(t,n)}).emulateTransitionEnd(150):this._destroyElement(t)},e._destroyElement=function(t){o(t).detach().trigger(u.CLOSED).remove()},t._jQueryInterface=function(e){return this.each(function(){var n=o(this),i=n.data(l);i||(i=new t(this),n.data(l,i)),"close"===e&&i[e](this)})},t._handleDismiss=function(t){return function(e){e&&e.preventDefault(),t.close(this)}},s(t,null,[{key:"VERSION",get:function(){return"4.0.0"}}]),t}(),o(document).on(u.CLICK_DATA_API,'[data-dismiss="alert"]',g._handleDismiss(new g)),o.fn[a]=g._jQueryInterface,o.fn[a].Constructor=g,o.fn[a].noConflict=function(){return o.fn[a]=c,g._jQueryInterface},g),R=(m="button",E="."+(v="bs.button"),T=".data-api",y=(p=e).fn[m],C="active",I="btn",A="focus",b='[data-toggle^="button"]',D='[data-toggle="buttons"]',S="input",w=".active",N=".btn",O={CLICK_DATA_API:"click"+E+T,FOCUS_BLUR_DATA_API:"focus"+E+T+" blur"+E+T},k=function(){function t(t){this._element=t}var e=t.prototype;return e.toggle=function(){var t=!0,e=!0,n=p(this._element).closest(D)[0];if(n){var i=p(this._element).find(S)[0];if(i){if("radio"===i.type)if(i.checked&&p(this._element).hasClass(C))t=!1;else{var s=p(n).find(w)[0];s&&p(s).removeClass(C)}if(t){if(i.hasAttribute("disabled")||n.hasAttribute("disabled")||i.classList.contains("disabled")||n.classList.contains("disabled"))return;i.checked=!p(this._element).hasClass(C),p(i).trigger("change")}i.focus(),e=!1}}e&&this._element.setAttribute("aria-pressed",!p(this._element).hasClass(C)),t&&p(this._element).toggleClass(C)},e.dispose=function(){p.removeData(this._element,v),this._element=null},t._jQueryInterface=function(e){return this.each(function(){var n=p(this).data(v);n||(n=new t(this),p(this).data(v,n)),"toggle"===e&&n[e]()})},s(t,null,[{key:"VERSION",get:function(){return"4.0.0"}}]),t}(),p(document).on(O.CLICK_DATA_API,b,function(t){t.preventDefault();var e=t.target;p(e).hasClass(I)||(e=p(e).closest(N)),k._jQueryInterface.call(p(e),"toggle")}).on(O.FOCUS_BLUR_DATA_API,b,function(t){var e=p(t.target).closest(N)[0];p(e).toggleClass(A,/^focus(in)?$/.test(t.type))}),p.fn[m]=k._jQueryInterface,p.fn[m].Constructor=k,p.fn[m].noConflict=function(){return p.fn[m]=y,k._jQueryInterface},k),j=function(t){var e="carousel",n="bs.carousel",i="."+n,o=t.fn[e],a={interval:5e3,keyboard:!0,slide:!1,pause:"hover",wrap:!0},l={interval:"(number|boolean)",keyboard:"boolean",slide:"(boolean|string)",pause:"(string|boolean)",wrap:"boolean"},h="next",c="prev",u="left",f="right",d={SLIDE:"slide"+i,SLID:"slid"+i,KEYDOWN:"keydown"+i,MOUSEENTER:"mouseenter"+i,MOUSELEAVE:"mouseleave"+i,TOUCHEND:"touchend"+i,LOAD_DATA_API:"load"+i+".data-api",CLICK_DATA_API:"click"+i+".data-api"},_="carousel",g="active",p="slide",m="carousel-item-right",v="carousel-item-left",E="carousel-item-next",T="carousel-item-prev",y={ACTIVE:".active",ACTIVE_ITEM:".active.carousel-item",ITEM:".carousel-item",NEXT_PREV:".carousel-item-next, .carousel-item-prev",INDICATORS:".carousel-indicators",DATA_SLIDE:"[data-slide], [data-slide-to]",DATA_RIDE:'[data-ride="carousel"]'},C=function(){function o(e,n){this._items=null,this._interval=null,this._activeElement=null,this._isPaused=!1,this._isSliding=!1,this.touchTimeout=null,this._config=this._getConfig(n),this._element=t(e)[0],this._indicatorsElement=t(this._element).find(y.INDICATORS)[0],this._addEventListeners()}var C=o.prototype;return C.next=function(){this._isSliding||this._slide(h)},C.nextWhenVisible=function(){!document.hidden&&t(this._element).is(":visible")&&"hidden"!==t(this._element).css("visibility")&&this.next()},C.prev=function(){this._isSliding||this._slide(c)},C.pause=function(e){e||(this._isPaused=!0),t(this._element).find(y.NEXT_PREV)[0]&&P.supportsTransitionEnd()&&(P.triggerTransitionEnd(this._element),this.cycle(!0)),clearInterval(this._interval),this._interval=null},C.cycle=function(t){t||(this._isPaused=!1),this._interval&&(clearInterval(this._interval),this._interval=null),this._config.interval&&!this._isPaused&&(this._interval=setInterval((document.visibilityState?this.nextWhenVisible:this.next).bind(this),this._config.interval))},C.to=function(e){var n=this;this._activeElement=t(this._element).find(y.ACTIVE_ITEM)[0];var i=this._getItemIndex(this._activeElement);if(!(e>this._items.length-1||e<0))if(this._isSliding)t(this._element).one(d.SLID,function(){return n.to(e)});else{if(i===e)return this.pause(),void this.cycle();var s=e>i?h:c;this._slide(s,this._items[e])}},C.dispose=function(){t(this._element).off(i),t.removeData(this._element,n),this._items=null,this._config=null,this._element=null,this._interval=null,this._isPaused=null,this._isSliding=null,this._activeElement=null,this._indicatorsElement=null},C._getConfig=function(t){return t=r({},a,t),P.typeCheckConfig(e,t,l),t},C._addEventListeners=function(){var e=this;this._config.keyboard&&t(this._element).on(d.KEYDOWN,function(t){return e._keydown(t)}),"hover"===this._config.pause&&(t(this._element).on(d.MOUSEENTER,function(t){return e.pause(t)}).on(d.MOUSELEAVE,function(t){return e.cycle(t)}),"ontouchstart"in document.documentElement&&t(this._element).on(d.TOUCHEND,function(){e.pause(),e.touchTimeout&&clearTimeout(e.touchTimeout),e.touchTimeout=setTimeout(function(t){return e.cycle(t)},500+e._config.interval)}))},C._keydown=function(t){if(!/input|textarea/i.test(t.target.tagName))switch(t.which){case 37:t.preventDefault(),this.prev();break;case 39:t.preventDefault(),this.next()}},C._getItemIndex=function(e){return this._items=t.makeArray(t(e).parent().find(y.ITEM)),this._items.indexOf(e)},C._getItemByDirection=function(t,e){var n=t===h,i=t===c,s=this._getItemIndex(e),r=this._items.length-1;if((i&&0===s||n&&s===r)&&!this._config.wrap)return e;var o=(s+(t===c?-1:1))%this._items.length;return-1===o?this._items[this._items.length-1]:this._items[o]},C._triggerSlideEvent=function(e,n){var i=this._getItemIndex(e),s=this._getItemIndex(t(this._element).find(y.ACTIVE_ITEM)[0]),r=t.Event(d.SLIDE,{relatedTarget:e,direction:n,from:s,to:i});return t(this._element).trigger(r),r},C._setActiveIndicatorElement=function(e){if(this._indicatorsElement){t(this._indicatorsElement).find(y.ACTIVE).removeClass(g);var n=this._indicatorsElement.children[this._getItemIndex(e)];n&&t(n).addClass(g)}},C._slide=function(e,n){var i,s,r,o=this,a=t(this._element).find(y.ACTIVE_ITEM)[0],l=this._getItemIndex(a),c=n||a&&this._getItemByDirection(e,a),_=this._getItemIndex(c),C=Boolean(this._interval);if(e===h?(i=v,s=E,r=u):(i=m,s=T,r=f),c&&t(c).hasClass(g))this._isSliding=!1;else if(!this._triggerSlideEvent(c,r).isDefaultPrevented()&&a&&c){this._isSliding=!0,C&&this.pause(),this._setActiveIndicatorElement(c);var I=t.Event(d.SLID,{relatedTarget:c,direction:r,from:l,to:_});P.supportsTransitionEnd()&&t(this._element).hasClass(p)?(t(c).addClass(s),P.reflow(c),t(a).addClass(i),t(c).addClass(i),t(a).one(P.TRANSITION_END,function(){t(c).removeClass(i+" "+s).addClass(g),t(a).removeClass(g+" "+s+" "+i),o._isSliding=!1,setTimeout(function(){return t(o._element).trigger(I)},0)}).emulateTransitionEnd(600)):(t(a).removeClass(g),t(c).addClass(g),this._isSliding=!1,t(this._element).trigger(I)),C&&this.cycle()}},o._jQueryInterface=function(e){return this.each(function(){var i=t(this).data(n),s=r({},a,t(this).data());"object"==typeof e&&(s=r({},s,e));var l="string"==typeof e?e:s.slide;if(i||(i=new o(this,s),t(this).data(n,i)),"number"==typeof e)i.to(e);else if("string"==typeof l){if("undefined"==typeof i[l])throw new TypeError('No method named "'+l+'"');i[l]()}else s.interval&&(i.pause(),i.cycle())})},o._dataApiClickHandler=function(e){var i=P.getSelectorFromElement(this);if(i){var s=t(i)[0];if(s&&t(s).hasClass(_)){var a=r({},t(s).data(),t(this).data()),l=this.getAttribute("data-slide-to");l&&(a.interval=!1),o._jQueryInterface.call(t(s),a),l&&t(s).data(n).to(l),e.preventDefault()}}},s(o,null,[{key:"VERSION",get:function(){return"4.0.0"}},{key:"Default",get:function(){return a}}]),o}();return t(document).on(d.CLICK_DATA_API,y.DATA_SLIDE,C._dataApiClickHandler),t(window).on(d.LOAD_DATA_API,function(){t(y.DATA_RIDE).each(function(){var e=t(this);C._jQueryInterface.call(e,e.data())})}),t.fn[e]=C._jQueryInterface,t.fn[e].Constructor=C,t.fn[e].noConflict=function(){return t.fn[e]=o,C._jQueryInterface},C}(e),H=function(t){var e="collapse",n="bs.collapse",i="."+n,o=t.fn[e],a={toggle:!0,parent:""},l={toggle:"boolean",parent:"(string|element)"},h={SHOW:"show"+i,SHOWN:"shown"+i,HIDE:"hide"+i,HIDDEN:"hidden"+i,CLICK_DATA_API:"click"+i+".data-api"},c="show",u="collapse",f="collapsing",d="collapsed",_="width",g="height",p={ACTIVES:".show, .collapsing",DATA_TOGGLE:'[data-toggle="collapse"]'},m=function(){function i(e,n){this._isTransitioning=!1,this._element=e,this._config=this._getConfig(n),this._triggerArray=t.makeArray(t('[data-toggle="collapse"][href="#'+e.id+'"],[data-toggle="collapse"][data-target="#'+e.id+'"]'));for(var i=t(p.DATA_TOGGLE),s=0;s0&&(this._selector=o,this._triggerArray.push(r))}this._parent=this._config.parent?this._getParent():null,this._config.parent||this._addAriaAndCollapsedClass(this._element,this._triggerArray),this._config.toggle&&this.toggle()}var o=i.prototype;return o.toggle=function(){t(this._element).hasClass(c)?this.hide():this.show()},o.show=function(){var e,s,r=this;if(!this._isTransitioning&&!t(this._element).hasClass(c)&&(this._parent&&0===(e=t.makeArray(t(this._parent).find(p.ACTIVES).filter('[data-parent="'+this._config.parent+'"]'))).length&&(e=null),!(e&&(s=t(e).not(this._selector).data(n))&&s._isTransitioning))){var o=t.Event(h.SHOW);if(t(this._element).trigger(o),!o.isDefaultPrevented()){e&&(i._jQueryInterface.call(t(e).not(this._selector),"hide"),s||t(e).data(n,null));var a=this._getDimension();t(this._element).removeClass(u).addClass(f),this._element.style[a]=0,this._triggerArray.length>0&&t(this._triggerArray).removeClass(d).attr("aria-expanded",!0),this.setTransitioning(!0);var l=function(){t(r._element).removeClass(f).addClass(u).addClass(c),r._element.style[a]="",r.setTransitioning(!1),t(r._element).trigger(h.SHOWN)};if(P.supportsTransitionEnd()){var _="scroll"+(a[0].toUpperCase()+a.slice(1));t(this._element).one(P.TRANSITION_END,l).emulateTransitionEnd(600),this._element.style[a]=this._element[_]+"px"}else l()}}},o.hide=function(){var e=this;if(!this._isTransitioning&&t(this._element).hasClass(c)){var n=t.Event(h.HIDE);if(t(this._element).trigger(n),!n.isDefaultPrevented()){var i=this._getDimension();if(this._element.style[i]=this._element.getBoundingClientRect()[i]+"px",P.reflow(this._element),t(this._element).addClass(f).removeClass(u).removeClass(c),this._triggerArray.length>0)for(var s=0;s0&&t(n).toggleClass(d,!i).attr("aria-expanded",i)}},i._getTargetFromElement=function(e){var n=P.getSelectorFromElement(e);return n?t(n)[0]:null},i._jQueryInterface=function(e){return this.each(function(){var s=t(this),o=s.data(n),l=r({},a,s.data(),"object"==typeof e&&e);if(!o&&l.toggle&&/show|hide/.test(e)&&(l.toggle=!1),o||(o=new i(this,l),s.data(n,o)),"string"==typeof e){if("undefined"==typeof o[e])throw new TypeError('No method named "'+e+'"');o[e]()}})},s(i,null,[{key:"VERSION",get:function(){return"4.0.0"}},{key:"Default",get:function(){return a}}]),i}();return t(document).on(h.CLICK_DATA_API,p.DATA_TOGGLE,function(e){"A"===e.currentTarget.tagName&&e.preventDefault();var i=t(this),s=P.getSelectorFromElement(this);t(s).each(function(){var e=t(this),s=e.data(n)?"toggle":i.data();m._jQueryInterface.call(e,s)})}),t.fn[e]=m._jQueryInterface,t.fn[e].Constructor=m,t.fn[e].noConflict=function(){return t.fn[e]=o,m._jQueryInterface},m}(e),W=function(t){var e="dropdown",i="bs.dropdown",o="."+i,a=".data-api",l=t.fn[e],h=new RegExp("38|40|27"),c={HIDE:"hide"+o,HIDDEN:"hidden"+o,SHOW:"show"+o,SHOWN:"shown"+o,CLICK:"click"+o,CLICK_DATA_API:"click"+o+a,KEYDOWN_DATA_API:"keydown"+o+a,KEYUP_DATA_API:"keyup"+o+a},u="disabled",f="show",d="dropup",_="dropright",g="dropleft",p="dropdown-menu-right",m="dropdown-menu-left",v="position-static",E='[data-toggle="dropdown"]',T=".dropdown form",y=".dropdown-menu",C=".navbar-nav",I=".dropdown-menu .dropdown-item:not(.disabled)",A="top-start",b="top-end",D="bottom-start",S="bottom-end",w="right-start",N="left-start",O={offset:0,flip:!0,boundary:"scrollParent"},k={offset:"(number|string|function)",flip:"boolean",boundary:"(string|element)"},L=function(){function a(t,e){this._element=t,this._popper=null,this._config=this._getConfig(e),this._menu=this._getMenuElement(),this._inNavbar=this._detectNavbar(),this._addEventListeners()}var l=a.prototype;return l.toggle=function(){if(!this._element.disabled&&!t(this._element).hasClass(u)){var e=a._getParentFromElement(this._element),i=t(this._menu).hasClass(f);if(a._clearMenus(),!i){var s={relatedTarget:this._element},r=t.Event(c.SHOW,s);if(t(e).trigger(r),!r.isDefaultPrevented()){if(!this._inNavbar){if("undefined"==typeof n)throw new TypeError("Bootstrap dropdown require Popper.js (https://popper.js.org)");var o=this._element;t(e).hasClass(d)&&(t(this._menu).hasClass(m)||t(this._menu).hasClass(p))&&(o=e),"scrollParent"!==this._config.boundary&&t(e).addClass(v),this._popper=new n(o,this._menu,this._getPopperConfig())}"ontouchstart"in document.documentElement&&0===t(e).closest(C).length&&t("body").children().on("mouseover",null,t.noop),this._element.focus(),this._element.setAttribute("aria-expanded",!0),t(this._menu).toggleClass(f),t(e).toggleClass(f).trigger(t.Event(c.SHOWN,s))}}}},l.dispose=function(){t.removeData(this._element,i),t(this._element).off(o),this._element=null,this._menu=null,null!==this._popper&&(this._popper.destroy(),this._popper=null)},l.update=function(){this._inNavbar=this._detectNavbar(),null!==this._popper&&this._popper.scheduleUpdate()},l._addEventListeners=function(){var e=this;t(this._element).on(c.CLICK,function(t){t.preventDefault(),t.stopPropagation(),e.toggle()})},l._getConfig=function(n){return n=r({},this.constructor.Default,t(this._element).data(),n),P.typeCheckConfig(e,n,this.constructor.DefaultType),n},l._getMenuElement=function(){if(!this._menu){var e=a._getParentFromElement(this._element);this._menu=t(e).find(y)[0]}return this._menu},l._getPlacement=function(){var e=t(this._element).parent(),n=D;return e.hasClass(d)?(n=A,t(this._menu).hasClass(p)&&(n=b)):e.hasClass(_)?n=w:e.hasClass(g)?n=N:t(this._menu).hasClass(p)&&(n=S),n},l._detectNavbar=function(){return t(this._element).closest(".navbar").length>0},l._getPopperConfig=function(){var t=this,e={};return"function"==typeof this._config.offset?e.fn=function(e){return e.offsets=r({},e.offsets,t._config.offset(e.offsets)||{}),e}:e.offset=this._config.offset,{placement:this._getPlacement(),modifiers:{offset:e,flip:{enabled:this._config.flip},preventOverflow:{boundariesElement:this._config.boundary}}}},a._jQueryInterface=function(e){return this.each(function(){var n=t(this).data(i);if(n||(n=new a(this,"object"==typeof e?e:null),t(this).data(i,n)),"string"==typeof e){if("undefined"==typeof n[e])throw new TypeError('No method named "'+e+'"');n[e]()}})},a._clearMenus=function(e){if(!e||3!==e.which&&("keyup"!==e.type||9===e.which))for(var n=t.makeArray(t(E)),s=0;s0&&r--,40===e.which&&rdocument.documentElement.clientHeight;!this._isBodyOverflowing&&t&&(this._element.style.paddingLeft=this._scrollbarWidth+"px"),this._isBodyOverflowing&&!t&&(this._element.style.paddingRight=this._scrollbarWidth+"px")},p._resetAdjustments=function(){this._element.style.paddingLeft="",this._element.style.paddingRight=""},p._checkScrollbar=function(){var t=document.body.getBoundingClientRect();this._isBodyOverflowing=t.left+t.right
    ',trigger:"hover focus",title:"",delay:0,html:!1,selector:!1,placement:"top",offset:0,container:!1,fallbackPlacement:"flip",boundary:"scrollParent"},f="show",d="out",_={HIDE:"hide"+o,HIDDEN:"hidden"+o,SHOW:"show"+o,SHOWN:"shown"+o,INSERTED:"inserted"+o,CLICK:"click"+o,FOCUSIN:"focusin"+o,FOCUSOUT:"focusout"+o,MOUSEENTER:"mouseenter"+o,MOUSELEAVE:"mouseleave"+o},g="fade",p="show",m=".tooltip-inner",v=".arrow",E="hover",T="focus",y="click",C="manual",I=function(){function a(t,e){if("undefined"==typeof n)throw new TypeError("Bootstrap tooltips require Popper.js (https://popper.js.org)");this._isEnabled=!0,this._timeout=0,this._hoverState="",this._activeTrigger={},this._popper=null,this.element=t,this.config=this._getConfig(e),this.tip=null,this._setListeners()}var I=a.prototype;return I.enable=function(){this._isEnabled=!0},I.disable=function(){this._isEnabled=!1},I.toggleEnabled=function(){this._isEnabled=!this._isEnabled},I.toggle=function(e){if(this._isEnabled)if(e){var n=this.constructor.DATA_KEY,i=t(e.currentTarget).data(n);i||(i=new this.constructor(e.currentTarget,this._getDelegateConfig()),t(e.currentTarget).data(n,i)),i._activeTrigger.click=!i._activeTrigger.click,i._isWithActiveTrigger()?i._enter(null,i):i._leave(null,i)}else{if(t(this.getTipElement()).hasClass(p))return void this._leave(null,this);this._enter(null,this)}},I.dispose=function(){clearTimeout(this._timeout),t.removeData(this.element,this.constructor.DATA_KEY),t(this.element).off(this.constructor.EVENT_KEY),t(this.element).closest(".modal").off("hide.bs.modal"),this.tip&&t(this.tip).remove(),this._isEnabled=null,this._timeout=null,this._hoverState=null,this._activeTrigger=null,null!==this._popper&&this._popper.destroy(),this._popper=null,this.element=null,this.config=null,this.tip=null},I.show=function(){var e=this;if("none"===t(this.element).css("display"))throw new Error("Please use show on visible elements");var i=t.Event(this.constructor.Event.SHOW);if(this.isWithContent()&&this._isEnabled){t(this.element).trigger(i);var s=t.contains(this.element.ownerDocument.documentElement,this.element);if(i.isDefaultPrevented()||!s)return;var r=this.getTipElement(),o=P.getUID(this.constructor.NAME);r.setAttribute("id",o),this.element.setAttribute("aria-describedby",o),this.setContent(),this.config.animation&&t(r).addClass(g);var l="function"==typeof this.config.placement?this.config.placement.call(this,r,this.element):this.config.placement,h=this._getAttachment(l);this.addAttachmentClass(h);var c=!1===this.config.container?document.body:t(this.config.container);t(r).data(this.constructor.DATA_KEY,this),t.contains(this.element.ownerDocument.documentElement,this.tip)||t(r).appendTo(c),t(this.element).trigger(this.constructor.Event.INSERTED),this._popper=new n(this.element,r,{placement:h,modifiers:{offset:{offset:this.config.offset},flip:{behavior:this.config.fallbackPlacement},arrow:{element:v},preventOverflow:{boundariesElement:this.config.boundary}},onCreate:function(t){t.originalPlacement!==t.placement&&e._handlePopperPlacementChange(t)},onUpdate:function(t){e._handlePopperPlacementChange(t)}}),t(r).addClass(p),"ontouchstart"in document.documentElement&&t("body").children().on("mouseover",null,t.noop);var u=function(){e.config.animation&&e._fixTransition();var n=e._hoverState;e._hoverState=null,t(e.element).trigger(e.constructor.Event.SHOWN),n===d&&e._leave(null,e)};P.supportsTransitionEnd()&&t(this.tip).hasClass(g)?t(this.tip).one(P.TRANSITION_END,u).emulateTransitionEnd(a._TRANSITION_DURATION):u()}},I.hide=function(e){var n=this,i=this.getTipElement(),s=t.Event(this.constructor.Event.HIDE),r=function(){n._hoverState!==f&&i.parentNode&&i.parentNode.removeChild(i),n._cleanTipClass(),n.element.removeAttribute("aria-describedby"),t(n.element).trigger(n.constructor.Event.HIDDEN),null!==n._popper&&n._popper.destroy(),e&&e()};t(this.element).trigger(s),s.isDefaultPrevented()||(t(i).removeClass(p),"ontouchstart"in document.documentElement&&t("body").children().off("mouseover",null,t.noop),this._activeTrigger[y]=!1,this._activeTrigger[T]=!1,this._activeTrigger[E]=!1,P.supportsTransitionEnd()&&t(this.tip).hasClass(g)?t(i).one(P.TRANSITION_END,r).emulateTransitionEnd(150):r(),this._hoverState="")},I.update=function(){null!==this._popper&&this._popper.scheduleUpdate()},I.isWithContent=function(){return Boolean(this.getTitle())},I.addAttachmentClass=function(e){t(this.getTipElement()).addClass("bs-tooltip-"+e)},I.getTipElement=function(){return this.tip=this.tip||t(this.config.template)[0],this.tip},I.setContent=function(){var e=t(this.getTipElement());this.setElementContent(e.find(m),this.getTitle()),e.removeClass(g+" "+p)},I.setElementContent=function(e,n){var i=this.config.html;"object"==typeof n&&(n.nodeType||n.jquery)?i?t(n).parent().is(e)||e.empty().append(n):e.text(t(n).text()):e[i?"html":"text"](n)},I.getTitle=function(){var t=this.element.getAttribute("data-original-title");return t||(t="function"==typeof this.config.title?this.config.title.call(this.element):this.config.title),t},I._getAttachment=function(t){return c[t.toUpperCase()]},I._setListeners=function(){var e=this;this.config.trigger.split(" ").forEach(function(n){if("click"===n)t(e.element).on(e.constructor.Event.CLICK,e.config.selector,function(t){return e.toggle(t)});else if(n!==C){var i=n===E?e.constructor.Event.MOUSEENTER:e.constructor.Event.FOCUSIN,s=n===E?e.constructor.Event.MOUSELEAVE:e.constructor.Event.FOCUSOUT;t(e.element).on(i,e.config.selector,function(t){return e._enter(t)}).on(s,e.config.selector,function(t){return e._leave(t)})}t(e.element).closest(".modal").on("hide.bs.modal",function(){return e.hide()})}),this.config.selector?this.config=r({},this.config,{trigger:"manual",selector:""}):this._fixTitle()},I._fixTitle=function(){var t=typeof this.element.getAttribute("data-original-title");(this.element.getAttribute("title")||"string"!==t)&&(this.element.setAttribute("data-original-title",this.element.getAttribute("title")||""),this.element.setAttribute("title",""))},I._enter=function(e,n){var i=this.constructor.DATA_KEY;(n=n||t(e.currentTarget).data(i))||(n=new this.constructor(e.currentTarget,this._getDelegateConfig()),t(e.currentTarget).data(i,n)),e&&(n._activeTrigger["focusin"===e.type?T:E]=!0),t(n.getTipElement()).hasClass(p)||n._hoverState===f?n._hoverState=f:(clearTimeout(n._timeout),n._hoverState=f,n.config.delay&&n.config.delay.show?n._timeout=setTimeout(function(){n._hoverState===f&&n.show()},n.config.delay.show):n.show())},I._leave=function(e,n){var i=this.constructor.DATA_KEY;(n=n||t(e.currentTarget).data(i))||(n=new this.constructor(e.currentTarget,this._getDelegateConfig()),t(e.currentTarget).data(i,n)),e&&(n._activeTrigger["focusout"===e.type?T:E]=!1),n._isWithActiveTrigger()||(clearTimeout(n._timeout),n._hoverState=d,n.config.delay&&n.config.delay.hide?n._timeout=setTimeout(function(){n._hoverState===d&&n.hide()},n.config.delay.hide):n.hide())},I._isWithActiveTrigger=function(){for(var t in this._activeTrigger)if(this._activeTrigger[t])return!0;return!1},I._getConfig=function(n){return"number"==typeof(n=r({},this.constructor.Default,t(this.element).data(),n)).delay&&(n.delay={show:n.delay,hide:n.delay}),"number"==typeof n.title&&(n.title=n.title.toString()),"number"==typeof n.content&&(n.content=n.content.toString()),P.typeCheckConfig(e,n,this.constructor.DefaultType),n},I._getDelegateConfig=function(){var t={};if(this.config)for(var e in this.config)this.constructor.Default[e]!==this.config[e]&&(t[e]=this.config[e]);return t},I._cleanTipClass=function(){var e=t(this.getTipElement()),n=e.attr("class").match(l);null!==n&&n.length>0&&e.removeClass(n.join(""))},I._handlePopperPlacementChange=function(t){this._cleanTipClass(),this.addAttachmentClass(this._getAttachment(t.placement))},I._fixTransition=function(){var e=this.getTipElement(),n=this.config.animation;null===e.getAttribute("x-placement")&&(t(e).removeClass(g),this.config.animation=!1,this.hide(),this.show(),this.config.animation=n)},a._jQueryInterface=function(e){return this.each(function(){var n=t(this).data(i),s="object"==typeof e&&e;if((n||!/dispose|hide/.test(e))&&(n||(n=new a(this,s),t(this).data(i,n)),"string"==typeof e)){if("undefined"==typeof n[e])throw new TypeError('No method named "'+e+'"');n[e]()}})},s(a,null,[{key:"VERSION",get:function(){return"4.0.0"}},{key:"Default",get:function(){return u}},{key:"NAME",get:function(){return e}},{key:"DATA_KEY",get:function(){return i}},{key:"Event",get:function(){return _}},{key:"EVENT_KEY",get:function(){return o}},{key:"DefaultType",get:function(){return h}}]),a}();return t.fn[e]=I._jQueryInterface,t.fn[e].Constructor=I,t.fn[e].noConflict=function(){return t.fn[e]=a,I._jQueryInterface},I}(e),x=function(t){var e="popover",n="bs.popover",i="."+n,o=t.fn[e],a=new RegExp("(^|\\s)bs-popover\\S+","g"),l=r({},U.Default,{placement:"right",trigger:"click",content:"",template:''}),h=r({},U.DefaultType,{content:"(string|element|function)"}),c="fade",u="show",f=".popover-header",d=".popover-body",_={HIDE:"hide"+i,HIDDEN:"hidden"+i,SHOW:"show"+i,SHOWN:"shown"+i,INSERTED:"inserted"+i,CLICK:"click"+i,FOCUSIN:"focusin"+i,FOCUSOUT:"focusout"+i,MOUSEENTER:"mouseenter"+i,MOUSELEAVE:"mouseleave"+i},g=function(r){var o,g;function p(){return r.apply(this,arguments)||this}g=r,(o=p).prototype=Object.create(g.prototype),o.prototype.constructor=o,o.__proto__=g;var m=p.prototype;return m.isWithContent=function(){return this.getTitle()||this._getContent()},m.addAttachmentClass=function(e){t(this.getTipElement()).addClass("bs-popover-"+e)},m.getTipElement=function(){return this.tip=this.tip||t(this.config.template)[0],this.tip},m.setContent=function(){var e=t(this.getTipElement());this.setElementContent(e.find(f),this.getTitle());var n=this._getContent();"function"==typeof n&&(n=n.call(this.element)),this.setElementContent(e.find(d),n),e.removeClass(c+" "+u)},m._getContent=function(){return this.element.getAttribute("data-content")||this.config.content},m._cleanTipClass=function(){var e=t(this.getTipElement()),n=e.attr("class").match(a);null!==n&&n.length>0&&e.removeClass(n.join(""))},p._jQueryInterface=function(e){return this.each(function(){var i=t(this).data(n),s="object"==typeof e?e:null;if((i||!/destroy|hide/.test(e))&&(i||(i=new p(this,s),t(this).data(n,i)),"string"==typeof e)){if("undefined"==typeof i[e])throw new TypeError('No method named "'+e+'"');i[e]()}})},s(p,null,[{key:"VERSION",get:function(){return"4.0.0"}},{key:"Default",get:function(){return l}},{key:"NAME",get:function(){return e}},{key:"DATA_KEY",get:function(){return n}},{key:"Event",get:function(){return _}},{key:"EVENT_KEY",get:function(){return i}},{key:"DefaultType",get:function(){return h}}]),p}(U);return t.fn[e]=g._jQueryInterface,t.fn[e].Constructor=g,t.fn[e].noConflict=function(){return t.fn[e]=o,g._jQueryInterface},g}(e),K=function(t){var e="scrollspy",n="bs.scrollspy",i="."+n,o=t.fn[e],a={offset:10,method:"auto",target:""},l={offset:"number",method:"string",target:"(string|element)"},h={ACTIVATE:"activate"+i,SCROLL:"scroll"+i,LOAD_DATA_API:"load"+i+".data-api"},c="dropdown-item",u="active",f={DATA_SPY:'[data-spy="scroll"]',ACTIVE:".active",NAV_LIST_GROUP:".nav, .list-group",NAV_LINKS:".nav-link",NAV_ITEMS:".nav-item",LIST_ITEMS:".list-group-item",DROPDOWN:".dropdown",DROPDOWN_ITEMS:".dropdown-item",DROPDOWN_TOGGLE:".dropdown-toggle"},d="offset",_="position",g=function(){function o(e,n){var i=this;this._element=e,this._scrollElement="BODY"===e.tagName?window:e,this._config=this._getConfig(n),this._selector=this._config.target+" "+f.NAV_LINKS+","+this._config.target+" "+f.LIST_ITEMS+","+this._config.target+" "+f.DROPDOWN_ITEMS,this._offsets=[],this._targets=[],this._activeTarget=null,this._scrollHeight=0,t(this._scrollElement).on(h.SCROLL,function(t){return i._process(t)}),this.refresh(),this._process()}var g=o.prototype;return g.refresh=function(){var e=this,n=this._scrollElement===this._scrollElement.window?d:_,i="auto"===this._config.method?n:this._config.method,s=i===_?this._getScrollTop():0;this._offsets=[],this._targets=[],this._scrollHeight=this._getScrollHeight(),t.makeArray(t(this._selector)).map(function(e){var n,r=P.getSelectorFromElement(e);if(r&&(n=t(r)[0]),n){var o=n.getBoundingClientRect();if(o.width||o.height)return[t(n)[i]().top+s,r]}return null}).filter(function(t){return t}).sort(function(t,e){return t[0]-e[0]}).forEach(function(t){e._offsets.push(t[0]),e._targets.push(t[1])})},g.dispose=function(){t.removeData(this._element,n),t(this._scrollElement).off(i),this._element=null,this._scrollElement=null,this._config=null,this._selector=null,this._offsets=null,this._targets=null,this._activeTarget=null,this._scrollHeight=null},g._getConfig=function(n){if("string"!=typeof(n=r({},a,n)).target){var i=t(n.target).attr("id");i||(i=P.getUID(e),t(n.target).attr("id",i)),n.target="#"+i}return P.typeCheckConfig(e,n,l),n},g._getScrollTop=function(){return this._scrollElement===window?this._scrollElement.pageYOffset:this._scrollElement.scrollTop},g._getScrollHeight=function(){return this._scrollElement.scrollHeight||Math.max(document.body.scrollHeight,document.documentElement.scrollHeight)},g._getOffsetHeight=function(){return this._scrollElement===window?window.innerHeight:this._scrollElement.getBoundingClientRect().height},g._process=function(){var t=this._getScrollTop()+this._config.offset,e=this._getScrollHeight(),n=this._config.offset+e-this._getOffsetHeight();if(this._scrollHeight!==e&&this.refresh(),t>=n){var i=this._targets[this._targets.length-1];this._activeTarget!==i&&this._activate(i)}else{if(this._activeTarget&&t0)return this._activeTarget=null,void this._clear();for(var s=this._offsets.length;s--;){this._activeTarget!==this._targets[s]&&t>=this._offsets[s]&&("undefined"==typeof this._offsets[s+1]||t=4)throw new Error("Bootstrap's JavaScript requires at least jQuery v1.9.1 but less than v4.0.0")}(e),t.Util=P,t.Alert=L,t.Button=R,t.Carousel=j,t.Collapse=H,t.Dropdown=W,t.Modal=M,t.Popover=x,t.Scrollspy=K,t.Tab=V,t.Tooltip=U,Object.defineProperty(t,"__esModule",{value:!0})}); +//# sourceMappingURL=bootstrap.min.js.map \ No newline at end of file diff --git a/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/includes/js/bootstrap/popper.min.js b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/includes/js/bootstrap/popper.min.js new file mode 100644 index 0000000..0f20d2a --- /dev/null +++ b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/includes/js/bootstrap/popper.min.js @@ -0,0 +1,5 @@ +/* + Copyright (C) Federico Zivolo 2017 + Distributed under the MIT License (license terms are at http://opensource.org/licenses/MIT). + */(function(e,t){'object'==typeof exports&&'undefined'!=typeof module?module.exports=t():'function'==typeof define&&define.amd?define(t):e.Popper=t()})(this,function(){'use strict';function e(e){return e&&'[object Function]'==={}.toString.call(e)}function t(e,t){if(1!==e.nodeType)return[];var o=getComputedStyle(e,null);return t?o[t]:o}function o(e){return'HTML'===e.nodeName?e:e.parentNode||e.host}function n(e){if(!e)return document.body;switch(e.nodeName){case'HTML':case'BODY':return e.ownerDocument.body;case'#document':return e.body;}var i=t(e),r=i.overflow,p=i.overflowX,s=i.overflowY;return /(auto|scroll)/.test(r+s+p)?e:n(o(e))}function r(e){var o=e&&e.offsetParent,i=o&&o.nodeName;return i&&'BODY'!==i&&'HTML'!==i?-1!==['TD','TABLE'].indexOf(o.nodeName)&&'static'===t(o,'position')?r(o):o:e?e.ownerDocument.documentElement:document.documentElement}function p(e){var t=e.nodeName;return'BODY'!==t&&('HTML'===t||r(e.firstElementChild)===e)}function s(e){return null===e.parentNode?e:s(e.parentNode)}function d(e,t){if(!e||!e.nodeType||!t||!t.nodeType)return document.documentElement;var o=e.compareDocumentPosition(t)&Node.DOCUMENT_POSITION_FOLLOWING,i=o?e:t,n=o?t:e,a=document.createRange();a.setStart(i,0),a.setEnd(n,0);var l=a.commonAncestorContainer;if(e!==l&&t!==l||i.contains(n))return p(l)?l:r(l);var f=s(e);return f.host?d(f.host,t):d(e,s(t).host)}function a(e){var t=1=o.clientWidth&&i>=o.clientHeight}),l=0i[e]&&!t.escapeWithReference&&(n=_(p[o],i[e]-('right'===e?p.width:p.height))),pe({},o,n)}};return n.forEach(function(e){var t=-1===['left','top'].indexOf(e)?'secondary':'primary';p=se({},p,s[t](e))}),e.offsets.popper=p,e},priority:['left','right','top','bottom'],padding:5,boundariesElement:'scrollParent'},keepTogether:{order:400,enabled:!0,fn:function(e){var t=e.offsets,o=t.popper,i=t.reference,n=e.placement.split('-')[0],r=X,p=-1!==['top','bottom'].indexOf(n),s=p?'right':'bottom',d=p?'left':'top',a=p?'width':'height';return o[s]r(i[s])&&(e.offsets.popper[d]=r(i[s])),e}},arrow:{order:500,enabled:!0,fn:function(e,o){var i;if(!F(e.instance.modifiers,'arrow','keepTogether'))return e;var n=o.element;if('string'==typeof n){if(n=e.instance.popper.querySelector(n),!n)return e;}else if(!e.instance.popper.contains(n))return console.warn('WARNING: `arrow.element` must be child of its popper element!'),e;var r=e.placement.split('-')[0],p=e.offsets,s=p.popper,d=p.reference,a=-1!==['left','right'].indexOf(r),l=a?'height':'width',f=a?'Top':'Left',m=f.toLowerCase(),h=a?'left':'top',g=a?'bottom':'right',u=L(n)[l];d[g]-us[g]&&(e.offsets.popper[m]+=d[m]+u-s[g]),e.offsets.popper=c(e.offsets.popper);var b=d[m]+d[l]/2-u/2,w=t(e.instance.popper),y=parseFloat(w['margin'+f],10),E=parseFloat(w['border'+f+'Width'],10),v=b-e.offsets.popper[m]-y-E;return v=J(_(s[l]-u,v),0),e.arrowElement=n,e.offsets.arrow=(i={},pe(i,m,Math.round(v)),pe(i,h,''),i),e},element:'[x-arrow]'},flip:{order:600,enabled:!0,fn:function(e,t){if(k(e.instance.modifiers,'inner'))return e;if(e.flipped&&e.placement===e.originalPlacement)return e;var o=y(e.instance.popper,e.instance.reference,t.padding,t.boundariesElement),i=e.placement.split('-')[0],n=x(i),r=e.placement.split('-')[1]||'',p=[];switch(t.behavior){case le.FLIP:p=[i,n];break;case le.CLOCKWISE:p=q(i);break;case le.COUNTERCLOCKWISE:p=q(i,!0);break;default:p=t.behavior;}return p.forEach(function(s,d){if(i!==s||p.length===d+1)return e;i=e.placement.split('-')[0],n=x(i);var a=e.offsets.popper,l=e.offsets.reference,f=X,m='left'===i&&f(a.right)>f(l.left)||'right'===i&&f(a.left)f(l.top)||'bottom'===i&&f(a.top)f(o.right),g=f(a.top)f(o.bottom),b='left'===i&&h||'right'===i&&c||'top'===i&&g||'bottom'===i&&u,w=-1!==['top','bottom'].indexOf(i),y=!!t.flipVariations&&(w&&'start'===r&&h||w&&'end'===r&&c||!w&&'start'===r&&g||!w&&'end'===r&&u);(m||b||y)&&(e.flipped=!0,(m||b)&&(i=p[d+1]),y&&(r=K(r)),e.placement=i+(r?'-'+r:''),e.offsets.popper=se({},e.offsets.popper,S(e.instance.popper,e.offsets.reference,e.placement)),e=C(e.instance.modifiers,e,'flip'))}),e},behavior:'flip',padding:5,boundariesElement:'viewport'},inner:{order:700,enabled:!1,fn:function(e){var t=e.placement,o=t.split('-')[0],i=e.offsets,n=i.popper,r=i.reference,p=-1!==['left','right'].indexOf(o),s=-1===['top','left'].indexOf(o);return n[p?'left':'top']=r[o]-(s?n[p?'width':'height']:0),e.placement=x(t),e.offsets.popper=c(n),e}},hide:{order:800,enabled:!0,fn:function(e){if(!F(e.instance.modifiers,'hide','preventOverflow'))return e;var t=e.offsets.reference,o=T(e.instance.modifiers,function(e){return'preventOverflow'===e.name}).boundaries;if(t.bottomo.right||t.top>o.bottom||t.right',a,""].join(""),l.id=h,(m?l:n).innerHTML+=f,n.appendChild(l),m||(n.style.background="",n.style.overflow="hidden",k=g.style.overflow,g.style.overflow="hidden",g.appendChild(n)),i=c(l,a),m?l.parentNode.removeChild(l):(n.parentNode.removeChild(n),g.style.overflow=k),!!i},z=function(){function d(d,e){e=e||b.createElement(a[d]||"div"),d="on"+d;var f=d in e;return f||(e.setAttribute||(e=b.createElement("div")),e.setAttribute&&e.removeAttribute&&(e.setAttribute(d,""),f=E(e[d],"function"),E(e[d],"undefined")||(e[d]=c),e.removeAttribute(d))),e=null,f}var a={select:"input",change:"input",submit:"form",reset:"form",error:"img",load:"img",abort:"img"};return d}(),A={}.hasOwnProperty,B;!E(A,"undefined")&&!E(A.call,"undefined")?B=function(a,b){return A.call(a,b)}:B=function(a,b){return b in a&&E(a.constructor.prototype[b],"undefined")},Function.prototype.bind||(Function.prototype.bind=function(b){var c=this;if(typeof c!="function")throw new TypeError;var d=w.call(arguments,1),e=function(){if(this instanceof e){var a=function(){};a.prototype=c.prototype;var f=new a,g=c.apply(f,d.concat(w.call(arguments)));return Object(g)===g?g:f}return c.apply(b,d.concat(w.call(arguments)))};return e}),s.flexbox=function(){return I("flexWrap")},s.canvas=function(){var a=b.createElement("canvas");return!!a.getContext&&!!a.getContext("2d")},s.canvastext=function(){return!!e.canvas&&!!E(b.createElement("canvas").getContext("2d").fillText,"function")},s.webgl=function(){return!!a.WebGLRenderingContext},s.touch=function(){var c;return"ontouchstart"in a||a.DocumentTouch&&b instanceof DocumentTouch?c=!0:y(["@media (",n.join("touch-enabled),("),h,")","{#modernizr{top:9px;position:absolute}}"].join(""),function(a){c=a.offsetTop===9}),c},s.geolocation=function(){return"geolocation"in navigator},s.postmessage=function(){return!!a.postMessage},s.websqldatabase=function(){return!!a.openDatabase},s.indexedDB=function(){return!!I("indexedDB",a)},s.hashchange=function(){return z("hashchange",a)&&(b.documentMode===c||b.documentMode>7)},s.history=function(){return!!a.history&&!!history.pushState},s.draganddrop=function(){var a=b.createElement("div");return"draggable"in a||"ondragstart"in a&&"ondrop"in a},s.websockets=function(){return"WebSocket"in a||"MozWebSocket"in a},s.rgba=function(){return C("background-color:rgba(150,255,150,.5)"),F(j.backgroundColor,"rgba")},s.hsla=function(){return C("background-color:hsla(120,40%,100%,.5)"),F(j.backgroundColor,"rgba")||F(j.backgroundColor,"hsla")},s.multiplebgs=function(){return C("background:url(https://),url(https://),red url(https://)"),/(url\s*\(.*?){3}/.test(j.background)},s.backgroundsize=function(){return I("backgroundSize")},s.borderimage=function(){return I("borderImage")},s.borderradius=function(){return I("borderRadius")},s.boxshadow=function(){return I("boxShadow")},s.textshadow=function(){return b.createElement("div").style.textShadow===""},s.opacity=function(){return D("opacity:.55"),/^0.55$/.test(j.opacity)},s.cssanimations=function(){return I("animationName")},s.csscolumns=function(){return I("columnCount")},s.cssgradients=function(){var a="background-image:",b="gradient(linear,left top,right bottom,from(#9f9),to(white));",c="linear-gradient(left top,#9f9, white);";return C((a+"-webkit- ".split(" ").join(b+a)+n.join(c+a)).slice(0,-a.length)),F(j.backgroundImage,"gradient")},s.cssreflections=function(){return I("boxReflect")},s.csstransforms=function(){return!!I("transform")},s.csstransforms3d=function(){var a=!!I("perspective");return a&&"webkitPerspective"in g.style&&y("@media (transform-3d),(-webkit-transform-3d){#modernizr{left:9px;position:absolute;height:3px;}}",function(b,c){a=b.offsetLeft===9&&b.offsetHeight===3}),a},s.csstransitions=function(){return I("transition")},s.fontface=function(){var a;return y('@font-face {font-family:"font";src:url("https://")}',function(c,d){var e=b.getElementById("smodernizr"),f=e.sheet||e.styleSheet,g=f?f.cssRules&&f.cssRules[0]?f.cssRules[0].cssText:f.cssText||"":"";a=/src/i.test(g)&&g.indexOf(d.split(" ")[0])===0}),a},s.generatedcontent=function(){var a;return y(["#",h,"{font:0/0 a}#",h,':after{content:"',l,'";visibility:hidden;font:3px/1 a}'].join(""),function(b){a=b.offsetHeight>=3}),a},s.video=function(){var a=b.createElement("video"),c=!1;try{if(c=!!a.canPlayType)c=new Boolean(c),c.ogg=a.canPlayType('video/ogg; codecs="theora"').replace(/^no$/,""),c.h264=a.canPlayType('video/mp4; codecs="avc1.42E01E"').replace(/^no$/,""),c.webm=a.canPlayType('video/webm; codecs="vp8, vorbis"').replace(/^no$/,"")}catch(d){}return c},s.audio=function(){var a=b.createElement("audio"),c=!1;try{if(c=!!a.canPlayType)c=new Boolean(c),c.ogg=a.canPlayType('audio/ogg; codecs="vorbis"').replace(/^no$/,""),c.mp3=a.canPlayType("audio/mpeg;").replace(/^no$/,""),c.wav=a.canPlayType('audio/wav; codecs="1"').replace(/^no$/,""),c.m4a=(a.canPlayType("audio/x-m4a;")||a.canPlayType("audio/aac;")).replace(/^no$/,"")}catch(d){}return c},s.localstorage=function(){try{return localStorage.setItem(h,h),localStorage.removeItem(h),!0}catch(a){return!1}},s.sessionstorage=function(){try{return sessionStorage.setItem(h,h),sessionStorage.removeItem(h),!0}catch(a){return!1}},s.webworkers=function(){return!!a.Worker},s.applicationcache=function(){return!!a.applicationCache},s.svg=function(){return!!b.createElementNS&&!!b.createElementNS(r.svg,"svg").createSVGRect},s.inlinesvg=function(){var a=b.createElement("div");return a.innerHTML="",(a.firstChild&&a.firstChild.namespaceURI)==r.svg},s.smil=function(){return!!b.createElementNS&&/SVGAnimate/.test(m.call(b.createElementNS(r.svg,"animate")))},s.svgclippaths=function(){return!!b.createElementNS&&/SVGClipPath/.test(m.call(b.createElementNS(r.svg,"clipPath")))};for(var K in s)B(s,K)&&(x=K.toLowerCase(),e[x]=s[K](),v.push((e[x]?"":"no-")+x));return e.input||J(),e.addTest=function(a,b){if(typeof a=="object")for(var d in a)B(a,d)&&e.addTest(d,a[d]);else{a=a.toLowerCase();if(e[a]!==c)return e;b=typeof b=="function"?b():b,typeof f!="undefined"&&f&&(g.className+=" "+(b?"":"no-")+a),e[a]=b}return e},C(""),i=k=null,function(a,b){function l(a,b){var c=a.createElement("p"),d=a.getElementsByTagName("head")[0]||a.documentElement;return c.innerHTML="x",d.insertBefore(c.lastChild,d.firstChild)}function m(){var a=s.elements;return typeof a=="string"?a.split(" "):a}function n(a){var b=j[a[h]];return b||(b={},i++,a[h]=i,j[i]=b),b}function o(a,c,d){c||(c=b);if(k)return c.createElement(a);d||(d=n(c));var g;return d.cache[a]?g=d.cache[a].cloneNode():f.test(a)?g=(d.cache[a]=d.createElem(a)).cloneNode():g=d.createElem(a),g.canHaveChildren&&!e.test(a)&&!g.tagUrn?d.frag.appendChild(g):g}function p(a,c){a||(a=b);if(k)return a.createDocumentFragment();c=c||n(a);var d=c.frag.cloneNode(),e=0,f=m(),g=f.length;for(;e",g="hidden"in a,k=a.childNodes.length==1||function(){b.createElement("a");var a=b.createDocumentFragment();return typeof a.cloneNode=="undefined"||typeof a.createDocumentFragment=="undefined"||typeof a.createElement=="undefined"}()}catch(c){g=!0,k=!0}})();var s={elements:d.elements||"abbr article aside audio bdi canvas data datalist details dialog figcaption figure footer header hgroup main mark meter nav output progress section summary template time video",version:c,shivCSS:d.shivCSS!==!1,supportsUnknownElements:k,shivMethods:d.shivMethods!==!1,type:"default",shivDocument:r,createElement:o,createDocumentFragment:p};a.html5=s,r(b)}(this,b),e._version=d,e._prefixes=n,e._domPrefixes=q,e._cssomPrefixes=p,e.hasEvent=z,e.testProp=function(a){return G([a])},e.testAllProps=I,e.testStyles=y,e.prefixed=function(a,b,c){return b?I(a,b,c):I(a,"pfx")},g.className=g.className.replace(/(^|\s)no-js(\s|$)/,"$1$2")+(f?" js "+v.join(" "):""),e}(this,this.document),function(a,b,c){function d(a){return"[object Function]"==o.call(a)}function e(a){return"string"==typeof a}function f(){}function g(a){return!a||"loaded"==a||"complete"==a||"uninitialized"==a}function h(){var a=p.shift();q=1,a?a.t?m(function(){("c"==a.t?B.injectCss:B.injectJs)(a.s,0,a.a,a.x,a.e,1)},0):(a(),h()):q=0}function i(a,c,d,e,f,i,j){function k(b){if(!o&&g(l.readyState)&&(u.r=o=1,!q&&h(),l.onload=l.onreadystatechange=null,b)){"img"!=a&&m(function(){t.removeChild(l)},50);for(var d in y[c])y[c].hasOwnProperty(d)&&y[c][d].onload()}}var j=j||B.errorTimeout,l=b.createElement(a),o=0,r=0,u={t:d,s:c,e:f,a:i,x:j};1===y[c]&&(r=1,y[c]=[]),"object"==a?l.data=c:(l.src=c,l.type=a),l.width=l.height="0",l.onerror=l.onload=l.onreadystatechange=function(){k.call(this,r)},p.splice(e,0,u),"img"!=a&&(r||2===y[c]?(t.insertBefore(l,s?null:n),m(k,j)):y[c].push(l))}function j(a,b,c,d,f){return q=0,b=b||"j",e(a)?i("c"==b?v:u,a,b,this.i++,c,d,f):(p.splice(this.i++,0,a),1==p.length&&h()),this}function k(){var a=B;return a.loader={load:j,i:0},a}var l=b.documentElement,m=a.setTimeout,n=b.getElementsByTagName("script")[0],o={}.toString,p=[],q=0,r="MozAppearance"in l.style,s=r&&!!b.createRange().compareNode,t=s?l:n.parentNode,l=a.opera&&"[object Opera]"==o.call(a.opera),l=!!b.attachEvent&&!l,u=r?"object":l?"script":"img",v=l?"script":u,w=Array.isArray||function(a){return"[object Array]"==o.call(a)},x=[],y={},z={timeout:function(a,b){return b.length&&(a.timeout=b[0]),a}},A,B;B=function(a){function b(a){var a=a.split("!"),b=x.length,c=a.pop(),d=a.length,c={url:c,origUrl:c,prefixes:a},e,f,g;for(f=0;f",{"class":"intl-number-input"}));var f=a("
    ",{"class":"flag-dropdown f16"}).insertBefore(e),g=a("
    ",{"class":"selected-flag"}).appendTo(f),h=d[0].cca2.toLowerCase(),i=a("
    ",{"class":"flag "+h}).appendTo(g);a("
    ",{"class":"down-arrow"}).appendTo(i);var j=a("
      ",{"class":"country-list hide"}).appendTo(f);this.appendListItems(d,j),a("
    • ",{"class":"divider"}).appendTo(j),this.appendListItems(intlTelInput.countries,j);var k=j.children(".country");k.first().addClass("active"),e.keyup(function(){var c=b.getDialCode(e.val())||"1",d=intlTelInput.countryCodes[c],f=!1;if(a.each(d,function(a,b){i.hasClass(b.toLowerCase())&&(f=!0)}),!f){var g=intlTelInput.countryCodes[c][0].toLowerCase();i.attr("class","flag "+g),k.removeClass("active"),k.children(".flag."+g).parent().addClass("active")}}),e.keyup(),g.click(function(d){if(d.stopPropagation(),j.hasClass("hide")){k.removeClass("highlight");var f=j.children(".active").addClass("highlight");b.scrollTo(f,j),j.removeClass("hide"),a(c).bind("keydown.intlTelInput",function(c){if(38==c.which||40==c.which){var d=j.children(".highlight").first(),f=38==c.which?d.prev():d.next();f&&(f.hasClass("divider")&&(f=38==c.which?f.prev():f.next()),k.removeClass("highlight"),f.addClass("highlight"),b.scrollTo(f,j))}else if(13==c.which){var h=j.children(".highlight").first();h.length&&b.selectCountry(h,g,e,j)}else if(9==c.which||27==c.which)b.closeDropdown(j);else if(c.which>=97&&c.which<=122||c.which>=65&&c.which<=90){var i=String.fromCharCode(c.which),l=k.filter(function(){return a(this).text().charAt(0)==i});if(l.length){var m,n=l.filter(".highlight").first();m=n&&n.next()&&n.next().text().charAt(0)==i?n.next():l.first(),k.removeClass("highlight"),m.addClass("highlight"),b.scrollTo(m,j)}}})}else b.closeDropdown(j)}),k.mouseover(function(){k.removeClass("highlight"),a(this).addClass("highlight")}),k.click(function(c){var d=a(c.currentTarget);b.selectCountry(d,g,e,j)}),a("html").click(function(c){a(c.target).closest(".country-list").length||b.closeDropdown(j)})},selectCountry:function(a,b,c,d){var e=a.attr("data-country-code").toLowerCase();b.find(".flag").attr("class","flag "+e);var f=this.updateNumber(c.val(),a.attr("data-dial-code"));c.val(f),this.closeDropdown(d),c.focus(),d.children(".country").removeClass("active highlight"),a.addClass("active")},closeDropdown:function(b){b.addClass("hide"),a(c).unbind("keydown.intlTelInput")},scrollTo:function(a,b){var c=b.height(),d=b.offset().top,e=d+c,f=a.outerHeight(),g=a.offset().top,h=g+f,i=g-d+b.scrollTop();if(d>g)b.scrollTop(i);else if(h>e){var j=c-f;b.scrollTop(i-j)}},updateNumber:function(a,b){var c,d="+"+this.getDialCode(a),e="+"+b;return d.length>1?(c=a.replace(d,e),a==d&&(c+=" ")):c=a.length&&"+"!=a.substr(0,1)?e+" "+a.trim():e+" ",this.options.americaMode&&"+1 "==c.substring(0,3)&&(c=c.substring(3)),c},getDialCode:function(a){var b=a.trim().split(" ")[0];if("+"==b.substring(0,1))for(var c=b.replace(/\D/g,"").substring(0,4),d=c.length;d>0;d--)if(c=c.substring(0,d),intlTelInput.countryCodes[c])return c;return""},appendListItems:function(b,c){var d="";a.each(b,function(a,b){d+="
    • ",d+="
      ",d+=""+b.name+"",d+="+"+b["calling-code"]+"",d+="
      • "}),c.append(d)}},a.fn[e]=function(b){return this.each(function(){a.data(this,"plugin_"+e)||a.data(this,"plugin_"+e,new d(this,b))})}}(jQuery,window,document);var intlTelInput={countries:[{name:"Afghanistan",cca2:"AF","calling-code":"93"},{name:"Albania",cca2:"AL","calling-code":"355"},{name:"Algeria",cca2:"DZ","calling-code":"213"},{name:"American Samoa",cca2:"AS","calling-code":"1684"},{name:"Andorra",cca2:"AD","calling-code":"376"},{name:"Angola",cca2:"AO","calling-code":"244"},{name:"Anguilla",cca2:"AI","calling-code":"1264"},{name:"Antigua and Barbuda",cca2:"AG","calling-code":"1268"},{name:"Argentina",cca2:"AR","calling-code":"54"},{name:"Armenia",cca2:"AM","calling-code":"374"},{name:"Aruba",cca2:"AW","calling-code":"297"},{name:"Australia",cca2:"AU","calling-code":"61"},{name:"Austria",cca2:"AT","calling-code":"43"},{name:"Azerbaijan",cca2:"AZ","calling-code":"994"},{name:"Bahamas",cca2:"BS","calling-code":"1242"},{name:"Bahrain",cca2:"BH","calling-code":"973"},{name:"Bangladesh",cca2:"BD","calling-code":"880"},{name:"Barbados",cca2:"BB","calling-code":"1246"},{name:"Belarus",cca2:"BY","calling-code":"375"},{name:"Belgium",cca2:"BE","calling-code":"32"},{name:"Belize",cca2:"BZ","calling-code":"501"},{name:"Benin",cca2:"BJ","calling-code":"229"},{name:"Bermuda",cca2:"BM","calling-code":"1441"},{name:"Bhutan",cca2:"BT","calling-code":"975"},{name:"Bolivia",cca2:"BO","calling-code":"591"},{name:"Bosnia and Herzegovina",cca2:"BA","calling-code":"387"},{name:"Botswana",cca2:"BW","calling-code":"267"},{name:"Brazil",cca2:"BR","calling-code":"55"},{name:"Brunei Darussalam",cca2:"BN","calling-code":"673"},{name:"Bulgaria",cca2:"BG","calling-code":"359"},{name:"Burkina Faso",cca2:"BF","calling-code":"226"},{name:"Burundi",cca2:"BI","calling-code":"257"},{name:"Cambodia",cca2:"KH","calling-code":"855"},{name:"Cameroon",cca2:"CM","calling-code":"237"},{name:"Canada",cca2:"CA","calling-code":"1"},{name:"Cape Verde",cca2:"CV","calling-code":"238"},{name:"Cayman Islands",cca2:"KY","calling-code":"1345"},{name:"Central African Republic",cca2:"CF","calling-code":"236"},{name:"Chad",cca2:"TD","calling-code":"235"},{name:"Chile",cca2:"CL","calling-code":"56"},{name:"China",cca2:"CN","calling-code":"86"},{name:"Colombia",cca2:"CO","calling-code":"57"},{name:"Comoros",cca2:"KM","calling-code":"269"},{name:"Congo (DRC)",cca2:"CD","calling-code":"243"},{name:"Congo (Republic)",cca2:"CG","calling-code":"242"},{name:"Cook Islands",cca2:"CK","calling-code":"682"},{name:"Costa Rica",cca2:"CR","calling-code":"506"},{name:"Côte d'Ivoire",cca2:"CI","calling-code":"225"},{name:"Croatia",cca2:"HR","calling-code":"385"},{name:"Cuba",cca2:"CU","calling-code":"53"},{name:"Cyprus",cca2:"CY","calling-code":"357"},{name:"Czech Republic",cca2:"CZ","calling-code":"420"},{name:"Denmark",cca2:"DK","calling-code":"45"},{name:"Djibouti",cca2:"DJ","calling-code":"253"},{name:"Dominica",cca2:"DM","calling-code":"1767"},{name:"Dominican Republic",cca2:"DO","calling-code":"1809"},{name:"Ecuador",cca2:"EC","calling-code":"593"},{name:"Egypt",cca2:"EG","calling-code":"20"},{name:"El Salvador",cca2:"SV","calling-code":"503"},{name:"Equatorial Guinea",cca2:"GQ","calling-code":"240"},{name:"Eritrea",cca2:"ER","calling-code":"291"},{name:"Estonia",cca2:"EE","calling-code":"372"},{name:"Ethiopia",cca2:"ET","calling-code":"251"},{name:"Faroe Islands",cca2:"FO","calling-code":"298"},{name:"Fiji",cca2:"FJ","calling-code":"679"},{name:"Finland",cca2:"FI","calling-code":"358"},{name:"France",cca2:"FR","calling-code":"33"},{name:"French Polynesia",cca2:"PF","calling-code":"689"},{name:"Gabon",cca2:"GA","calling-code":"241"},{name:"Gambia",cca2:"GM","calling-code":"220"},{name:"Georgia",cca2:"GE","calling-code":"995"},{name:"Germany",cca2:"DE","calling-code":"49"},{name:"Ghana",cca2:"GH","calling-code":"233"},{name:"Gibraltar",cca2:"GI","calling-code":"350"},{name:"Greece",cca2:"GR","calling-code":"30"},{name:"Greenland",cca2:"GL","calling-code":"299"},{name:"Grenada",cca2:"GD","calling-code":"1473"},{name:"Guadeloupe",cca2:"GP","calling-code":"590"},{name:"Guam",cca2:"GU","calling-code":"1671"},{name:"Guatemala",cca2:"GT","calling-code":"502"},{name:"Guernsey",cca2:"GG","calling-code":"44"},{name:"Guinea",cca2:"GN","calling-code":"224"},{name:"Guinea-Bissau",cca2:"GW","calling-code":"245"},{name:"Guyana",cca2:"GY","calling-code":"592"},{name:"Haiti",cca2:"HT","calling-code":"509"},{name:"Honduras",cca2:"HN","calling-code":"504"},{name:"Hong Kong",cca2:"HK","calling-code":"852"},{name:"Hungary",cca2:"HU","calling-code":"36"},{name:"Iceland",cca2:"IS","calling-code":"354"},{name:"India",cca2:"IN","calling-code":"91"},{name:"Indonesia",cca2:"ID","calling-code":"62"},{name:"Iran",cca2:"IR","calling-code":"98"},{name:"Iraq",cca2:"IQ","calling-code":"964"},{name:"Ireland",cca2:"IE","calling-code":"353"},{name:"Isle of Man",cca2:"IM","calling-code":"44"},{name:"Israel",cca2:"IL","calling-code":"972"},{name:"Italy",cca2:"IT","calling-code":"39"},{name:"Jamaica",cca2:"JM","calling-code":"1876"},{name:"Japan",cca2:"JP","calling-code":"81"},{name:"Jersey",cca2:"JE","calling-code":"44"},{name:"Jordan",cca2:"JO","calling-code":"962"},{name:"Kazakhstan",cca2:"KZ","calling-code":"7"},{name:"Kenya",cca2:"KE","calling-code":"254"},{name:"Kiribati",cca2:"KI","calling-code":"686"},{name:"Kuwait",cca2:"KW","calling-code":"965"},{name:"Kyrgyzstan",cca2:"KG","calling-code":"996"},{name:"Laos",cca2:"LA","calling-code":"856"},{name:"Latvia",cca2:"LV","calling-code":"371"},{name:"Lebanon",cca2:"LB","calling-code":"961"},{name:"Lesotho",cca2:"LS","calling-code":"266"},{name:"Liberia",cca2:"LR","calling-code":"231"},{name:"Libya",cca2:"LY","calling-code":"218"},{name:"Liechtenstein",cca2:"LI","calling-code":"423"},{name:"Lithuania",cca2:"LT","calling-code":"370"},{name:"Luxembourg",cca2:"LU","calling-code":"352"},{name:"Macao",cca2:"MO","calling-code":"853"},{name:"Macedonia",cca2:"MK","calling-code":"389"},{name:"Madagascar",cca2:"MG","calling-code":"261"},{name:"Malawi",cca2:"MW","calling-code":"265"},{name:"Malaysia",cca2:"MY","calling-code":"60"},{name:"Maldives",cca2:"MV","calling-code":"960"},{name:"Mali",cca2:"ML","calling-code":"223"},{name:"Malta",cca2:"MT","calling-code":"356"},{name:"Marshall Islands",cca2:"MH","calling-code":"692"},{name:"Martinique",cca2:"MQ","calling-code":"596"},{name:"Mauritania",cca2:"MR","calling-code":"222"},{name:"Mauritius",cca2:"MU","calling-code":"230"},{name:"Mexico",cca2:"MX","calling-code":"52"},{name:"Micronesia",cca2:"FM","calling-code":"691"},{name:"Moldova",cca2:"MD","calling-code":"373"},{name:"Monaco",cca2:"MC","calling-code":"377"},{name:"Mongolia",cca2:"MN","calling-code":"976"},{name:"Montenegro",cca2:"ME","calling-code":"382"},{name:"Montserrat",cca2:"MS","calling-code":"1664"},{name:"Morocco",cca2:"MA","calling-code":"212"},{name:"Mozambique",cca2:"MZ","calling-code":"258"},{name:"Myanmar (Burma)",cca2:"MM","calling-code":"95"},{name:"Namibia",cca2:"NA","calling-code":"264"},{name:"Nauru",cca2:"NR","calling-code":"674"},{name:"Nepal",cca2:"NP","calling-code":"977"},{name:"Netherlands",cca2:"NL","calling-code":"31"},{name:"New Caledonia",cca2:"NC","calling-code":"687"},{name:"New Zealand",cca2:"NZ","calling-code":"64"},{name:"Nicaragua",cca2:"NI","calling-code":"505"},{name:"Niger",cca2:"NE","calling-code":"227"},{name:"Nigeria",cca2:"NG","calling-code":"234"},{name:"North Korea",cca2:"KP","calling-code":"850"},{name:"Norway",cca2:"NO","calling-code":"47"},{name:"Oman",cca2:"OM","calling-code":"968"},{name:"Pakistan",cca2:"PK","calling-code":"92"},{name:"Palau",cca2:"PW","calling-code":"680"},{name:"Palestinian Territory",cca2:"PS","calling-code":"970"},{name:"Panama",cca2:"PA","calling-code":"507"},{name:"Papua New Guinea",cca2:"PG","calling-code":"675"},{name:"Paraguay",cca2:"PY","calling-code":"595"},{name:"Peru",cca2:"PE","calling-code":"51"},{name:"Philippines",cca2:"PH","calling-code":"63"},{name:"Poland",cca2:"PL","calling-code":"48"},{name:"Portugal",cca2:"PT","calling-code":"351"},{name:"Puerto Rico",cca2:"PR","calling-code":"1787"},{name:"Qatar",cca2:"QA","calling-code":"974"},{name:"Réunion",cca2:"RE","calling-code":"262"},{name:"Romania",cca2:"RO","calling-code":"40"},{name:"Russian Federation",cca2:"RU","calling-code":"7"},{name:"Rwanda",cca2:"RW","calling-code":"250"},{name:"Saint Kitts and Nevis",cca2:"KN","calling-code":"1869"},{name:"Saint Lucia",cca2:"LC","calling-code":"1758"},{name:"Saint Vincent and the Grenadines",cca2:"VC","calling-code":"1784"},{name:"Samoa",cca2:"WS","calling-code":"685"},{name:"San Marino",cca2:"SM","calling-code":"378"},{name:"São Tomé and Príncipe",cca2:"ST","calling-code":"239"},{name:"Saudi Arabia",cca2:"SA","calling-code":"966"},{name:"Senegal",cca2:"SN","calling-code":"221"},{name:"Serbia",cca2:"RS","calling-code":"381"},{name:"Seychelles",cca2:"SC","calling-code":"248"},{name:"Sierra Leone",cca2:"SL","calling-code":"232"},{name:"Singapore",cca2:"SG","calling-code":"65"},{name:"Slovakia",cca2:"SK","calling-code":"421"},{name:"Slovenia",cca2:"SI","calling-code":"386"},{name:"Solomon Islands",cca2:"SB","calling-code":"677"},{name:"Somalia",cca2:"SO","calling-code":"252"},{name:"South Africa",cca2:"ZA","calling-code":"27"},{name:"South Korea",cca2:"KR","calling-code":"82"},{name:"Spain",cca2:"ES","calling-code":"34"},{name:"Sri Lanka",cca2:"LK","calling-code":"94"},{name:"Sudan",cca2:"SD","calling-code":"249"},{name:"Suriname",cca2:"SR","calling-code":"597"},{name:"Swaziland",cca2:"SZ","calling-code":"268"},{name:"Sweden",cca2:"SE","calling-code":"46"},{name:"Switzerland",cca2:"CH","calling-code":"41"},{name:"Syrian Arab Republic",cca2:"SY","calling-code":"963"},{name:"Taiwan, Province of China",cca2:"TW","calling-code":"886"},{name:"Tajikistan",cca2:"TJ","calling-code":"992"},{name:"Tanzania",cca2:"TZ","calling-code":"255"},{name:"Thailand",cca2:"TH","calling-code":"66"},{name:"Timor-Leste",cca2:"TL","calling-code":"670"},{name:"Togo",cca2:"TG","calling-code":"228"},{name:"Tonga",cca2:"TO","calling-code":"676"},{name:"Trinidad and Tobago",cca2:"TT","calling-code":"1868"},{name:"Tunisia",cca2:"TN","calling-code":"216"},{name:"Turkey",cca2:"TR","calling-code":"90"},{name:"Turkmenistan",cca2:"TM","calling-code":"993"},{name:"Turks and Caicos Islands",cca2:"TC","calling-code":"1649"},{name:"Tuvalu",cca2:"TV","calling-code":"688"},{name:"Uganda",cca2:"UG","calling-code":"256"},{name:"Ukraine",cca2:"UA","calling-code":"380"},{name:"United Arab Emirates",cca2:"AE","calling-code":"971"},{name:"United Kingdom",cca2:"GB","calling-code":"44"},{name:"United States",cca2:"US","calling-code":"1"},{name:"Uruguay",cca2:"UY","calling-code":"598"},{name:"Uzbekistan",cca2:"UZ","calling-code":"998"},{name:"Vanuatu",cca2:"VU","calling-code":"678"},{name:"Vatican City",cca2:"VA","calling-code":"379"},{name:"Venezuela",cca2:"VE","calling-code":"58"},{name:"Viet Nam",cca2:"VN","calling-code":"84"},{name:"Virgin Islands (British)",cca2:"VG","calling-code":"1284"},{name:"Virgin Islands (U.S.)",cca2:"VI","calling-code":"1340"},{name:"Western Sahara",cca2:"EH","calling-code":"212"},{name:"Yemen",cca2:"YE","calling-code":"967"},{name:"Zambia",cca2:"ZM","calling-code":"260"},{name:"Zimbabwe",cca2:"ZW","calling-code":"263"}],countryCodes:{1:["US"],7:["RU","KZ"],20:["EG"],27:["ZA"],30:["GR"],31:["NL"],32:["BE"],33:["FR"],34:["ES"],36:["HU"],39:["IT"],40:["RO"],41:["CH"],43:["AT"],44:["GB","GG","IM","JE"],45:["DK"],46:["SE"],47:["NO","SJ"],48:["PL"],49:["DE"],51:["PE"],52:["MX"],53:["CU"],54:["AR"],55:["BR"],56:["CL"],57:["CO"],58:["VE"],60:["MY"],61:["AU","CC","CX"],62:["ID"],63:["PH"],64:["NZ"],65:["SG"],66:["TH"],81:["JP"],82:["KR"],84:["VN"],86:["CN"],90:["TR"],91:["IN"],92:["PK"],93:["AF"],94:["LK"],95:["MM"],98:["IR"],211:["SS"],212:["MA","EH"],213:["DZ"],216:["TN"],218:["LY"],220:["GM"],221:["SN"],222:["MR"],223:["ML"],224:["GN"],225:["CI"],226:["BF"],227:["NE"],228:["TG"],229:["BJ"],230:["MU"],231:["LR"],232:["SL"],233:["GH"],234:["NG"],235:["TD"],236:["CF"],237:["CM"],238:["CV"],239:["ST"],240:["GQ"],241:["GA"],242:["CG"],243:["CD"],244:["AO"],245:["GW"],246:["IO"],247:["AC"],248:["SC"],249:["SD"],250:["RW"],251:["ET"],252:["SO"],253:["DJ"],254:["KE"],255:["TZ"],256:["UG"],257:["BI"],258:["MZ"],260:["ZM"],261:["MG"],262:["RE","YT"],263:["ZW"],264:["NA"],265:["MW"],266:["LS"],267:["BW"],268:["SZ"],269:["KM"],290:["SH"],291:["ER"],297:["AW"],298:["FO"],299:["GL"],350:["GI"],351:["PT"],352:["LU"],353:["IE"],354:["IS"],355:["AL"],356:["MT"],357:["CY"],358:["FI","AX"],359:["BG"],370:["LT"],371:["LV"],372:["EE"],373:["MD"],374:["AM"],375:["BY"],376:["AD"],377:["MC"],378:["SM"],379:["VA"],380:["UA"],381:["RS"],382:["ME"],385:["HR"],386:["SI"],387:["BA"],389:["MK"],420:["CZ"],421:["SK"],423:["LI"],500:["FK"],501:["BZ"],502:["GT"],503:["SV"],504:["HN"],505:["NI"],506:["CR"],507:["PA"],508:["PM"],509:["HT"],590:["GP","BL","MF"],591:["BO"],592:["GY"],593:["EC"],594:["GF"],595:["PY"],596:["MQ"],597:["SR"],598:["UY"],599:["CW","BQ"],670:["TL"],672:["NF"],673:["BN"],674:["NR"],675:["PG"],676:["TO"],677:["SB"],678:["VU"],679:["FJ"],680:["PW"],681:["WF"],682:["CK"],683:["NU"],685:["WS"],686:["KI"],687:["NC"],688:["TV"],689:["PF"],690:["TK"],691:["FM"],692:["MH"],850:["KP"],852:["HK"],853:["MO"],855:["KH"],856:["LA"],880:["BD"],886:["TW"],960:["MV"],961:["LB"],962:["JO"],963:["SY"],964:["IQ"],965:["KW"],966:["SA"],967:["YE"],968:["OM"],970:["PS"],971:["AE"],972:["IL"],973:["BH"],974:["QA"],975:["BT"],976:["MN"],977:["NP"],992:["TJ"],993:["TM"],994:["AZ"],995:["GE"],996:["KG"],998:["UZ"],1242:["BS"],1246:["BB"],1264:["AI"],1268:["AG"],1284:["VG"],1340:["VI"],1345:["KY"],1441:["BM"],1473:["GD"],1649:["TC"],1664:["MS"],1671:["GU"],1684:["AS"],1758:["LC"],1767:["DM"],1784:["VC"],1787:["PR"],1809:["DO"],1868:["TT"],1869:["KN"],1876:["JM"]}}; \ No newline at end of file diff --git a/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/includes/js/phone.min.js b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/includes/js/phone.min.js new file mode 100644 index 0000000..1bf7841 --- /dev/null +++ b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/includes/js/phone.min.js @@ -0,0 +1 @@ +!function(a,c,e){function n(c,e){this.element=c,this.options=a.extend({},i,e),this._defaults=i,this._name=l,this.init()}var l="intlTelInput",i={preferredCountries:["IN","US"],americaMode:!1};n.prototype={init:function(){var c=this,n=[];a.each(this.options.preferredCountries,function(c,e){var l=a.grep(intlTelInput.countries,function(a){return a.cca2==e});l.length&&n.push(l[0])});var l=a(this.element);""!==l.val()||this.options.americaMode||l.val("+1 "),l.wrap(a("
      ",{"class":"intl-number-input"}));var i=a("
      ",{"class":"flag-dropdown f16"}).insertBefore(l),o=a("
      ",{"class":"selected-flag"}).appendTo(i),d=n[0].cca2.toLowerCase(),g=a("
      ",{"class":"flag "+d}).appendTo(o);a("
      ",{"class":"down-arrow"}).appendTo(g);var m=a("
        ",{"class":"country-list hide"}).appendTo(i);this.appendListItems(n,m),a("
      • ",{"class":"divider"}).appendTo(m),this.appendListItems(intlTelInput.countries,m);var t=m.children(".country");t.first().addClass("active"),l.keyup(function(){var e=c.getDialCode(l.val())||"1",n=intlTelInput.countryCodes[e],i=!1;if(a.each(n,function(a,c){g.hasClass(c.toLowerCase())&&(i=!0)}),!i){var o=intlTelInput.countryCodes[e][0].toLowerCase();g.attr("class","flag "+o),t.removeClass("active"),t.children(".flag."+o).parent().addClass("active")}}),l.keyup(),o.click(function(n){if(n.stopPropagation(),m.hasClass("hide")){t.removeClass("highlight");var i=m.children(".active").addClass("highlight");c.scrollTo(i,m),m.removeClass("hide"),a(e).bind("keydown.intlTelInput",function(e){if(38==e.which||40==e.which){var n=m.children(".highlight").first(),i=38==e.which?n.prev():n.next();i&&(i.hasClass("divider")&&(i=38==e.which?i.prev():i.next()),t.removeClass("highlight"),i.addClass("highlight"),c.scrollTo(i,m))}else if(13==e.which){var d=m.children(".highlight").first();d.length&&c.selectCountry(d,o,l,m)}else if(9==e.which||27==e.which)c.closeDropdown(m);else if(e.which>=97&&e.which<=122||e.which>=65&&e.which<=90){var g=String.fromCharCode(e.which),r=t.filter(function(){return a(this).text().charAt(0)==g});if(r.length){var s,u=r.filter(".highlight").first();s=u&&u.next()&&u.next().text().charAt(0)==g?u.next():r.first(),t.removeClass("highlight"),s.addClass("highlight"),c.scrollTo(s,m)}}})}else c.closeDropdown(m)}),t.mouseover(function(){t.removeClass("highlight"),a(this).addClass("highlight")}),t.click(function(e){var n=a(e.currentTarget);c.selectCountry(n,o,l,m)}),a("html").click(function(e){a(e.target).closest(".country-list").length||c.closeDropdown(m)})},selectCountry:function(a,c,e,n){var l=a.attr("data-country-code").toLowerCase();c.find(".flag").attr("class","flag "+l);var i=this.updateNumber(e.val(),a.attr("data-dial-code"));e.val(i),this.closeDropdown(n),e.focus(),n.children(".country").removeClass("active highlight"),a.addClass("active")},closeDropdown:function(c){c.addClass("hide"),a(e).unbind("keydown.intlTelInput")},scrollTo:function(a,c){var e=c.height(),n=c.offset().top,l=n+e,i=a.outerHeight(),o=a.offset().top,d=o+i,g=o-n+c.scrollTop();if(n>o)c.scrollTop(g);else if(d>l){var m=e-i;c.scrollTop(g-m)}},updateNumber:function(a,c){var e,n="+"+this.getDialCode(a),l="+"+c;return n.length>1?(e=a.replace(n,l),a==n&&(e+=" ")):e=a.length&&"+"!=a.substr(0,1)?l+" "+a.trim():l+" ",this.options.americaMode&&"+1 "==e.substring(0,3)&&(e=e.substring(3)),e},getDialCode:function(a){var c=a.trim().split(" ")[0];if("+"==c.substring(0,1))for(var e=c.replace(/\D/g,"").substring(0,4),n=e.length;n>0;n--)if(e=e.substring(0,n),intlTelInput.countryCodes[e])return e;return""},appendListItems:function(c,e){var n="";a.each(c,function(a,c){n+="
      • ",n+="
        ",n+=""+c.name+"",n+="+"+c["calling-code"]+"",n+="
        • "}),e.append(n)}},a.fn[l]=function(c){return this.each(function(){a.data(this,"plugin_"+l)||a.data(this,"plugin_"+l,new n(this,c))})}}(jQuery,window,document);var intlTelInput={countries:[{name:"Afghanistan",cca2:"AF","calling-code":"93"},{name:"Albania",cca2:"AL","calling-code":"355"},{name:"Algeria",cca2:"DZ","calling-code":"213"},{name:"American Samoa",cca2:"AS","calling-code":"1684"},{name:"Andorra",cca2:"AD","calling-code":"376"},{name:"Angola",cca2:"AO","calling-code":"244"},{name:"Anguilla",cca2:"AI","calling-code":"1264"},{name:"Antigua and Barbuda",cca2:"AG","calling-code":"1268"},{name:"Argentina",cca2:"AR","calling-code":"54"},{name:"Armenia",cca2:"AM","calling-code":"374"},{name:"Aruba",cca2:"AW","calling-code":"297"},{name:"Australia",cca2:"AU","calling-code":"61"},{name:"Austria",cca2:"AT","calling-code":"43"},{name:"Azerbaijan",cca2:"AZ","calling-code":"994"},{name:"Bahamas",cca2:"BS","calling-code":"1242"},{name:"Bahrain",cca2:"BH","calling-code":"973"},{name:"Bangladesh",cca2:"BD","calling-code":"880"},{name:"Barbados",cca2:"BB","calling-code":"1246"},{name:"Belarus",cca2:"BY","calling-code":"375"},{name:"Belgium",cca2:"BE","calling-code":"32"},{name:"Belize",cca2:"BZ","calling-code":"501"},{name:"Benin",cca2:"BJ","calling-code":"229"},{name:"Bermuda",cca2:"BM","calling-code":"1441"},{name:"Bhutan",cca2:"BT","calling-code":"975"},{name:"Bolivia",cca2:"BO","calling-code":"591"},{name:"Bosnia and Herzegovina",cca2:"BA","calling-code":"387"},{name:"Botswana",cca2:"BW","calling-code":"267"},{name:"Brazil",cca2:"BR","calling-code":"55"},{name:"Brunei Darussalam",cca2:"BN","calling-code":"673"},{name:"Bulgaria",cca2:"BG","calling-code":"359"},{name:"Burkina Faso",cca2:"BF","calling-code":"226"},{name:"Burundi",cca2:"BI","calling-code":"257"},{name:"Cambodia",cca2:"KH","calling-code":"855"},{name:"Cameroon",cca2:"CM","calling-code":"237"},{name:"Canada",cca2:"CA","calling-code":"1"},{name:"Cape Verde",cca2:"CV","calling-code":"238"},{name:"Cayman Islands",cca2:"KY","calling-code":"1345"},{name:"Central African Republic",cca2:"CF","calling-code":"236"},{name:"Chad",cca2:"TD","calling-code":"235"},{name:"Chile",cca2:"CL","calling-code":"56"},{name:"China",cca2:"CN","calling-code":"86"},{name:"Colombia",cca2:"CO","calling-code":"57"},{name:"Comoros",cca2:"KM","calling-code":"269"},{name:"Congo (DRC)",cca2:"CD","calling-code":"243"},{name:"Congo (Republic)",cca2:"CG","calling-code":"242"},{name:"Cook Islands",cca2:"CK","calling-code":"682"},{name:"Costa Rica",cca2:"CR","calling-code":"506"},{name:"Côte d'Ivoire",cca2:"CI","calling-code":"225"},{name:"Croatia",cca2:"HR","calling-code":"385"},{name:"Cuba",cca2:"CU","calling-code":"53"},{name:"Cyprus",cca2:"CY","calling-code":"357"},{name:"Czech Republic",cca2:"CZ","calling-code":"420"},{name:"Denmark",cca2:"DK","calling-code":"45"},{name:"Djibouti",cca2:"DJ","calling-code":"253"},{name:"Dominica",cca2:"DM","calling-code":"1767"},{name:"Dominican Republic",cca2:"DO","calling-code":"1809"},{name:"Ecuador",cca2:"EC","calling-code":"593"},{name:"Egypt",cca2:"EG","calling-code":"20"},{name:"El Salvador",cca2:"SV","calling-code":"503"},{name:"Equatorial Guinea",cca2:"GQ","calling-code":"240"},{name:"Eritrea",cca2:"ER","calling-code":"291"},{name:"Estonia",cca2:"EE","calling-code":"372"},{name:"Ethiopia",cca2:"ET","calling-code":"251"},{name:"Faroe Islands",cca2:"FO","calling-code":"298"},{name:"Fiji",cca2:"FJ","calling-code":"679"},{name:"Finland",cca2:"FI","calling-code":"358"},{name:"France",cca2:"FR","calling-code":"33"},{name:"French Polynesia",cca2:"PF","calling-code":"689"},{name:"Gabon",cca2:"GA","calling-code":"241"},{name:"Gambia",cca2:"GM","calling-code":"220"},{name:"Georgia",cca2:"GE","calling-code":"995"},{name:"Germany",cca2:"DE","calling-code":"49"},{name:"Ghana",cca2:"GH","calling-code":"233"},{name:"Gibraltar",cca2:"GI","calling-code":"350"},{name:"Greece",cca2:"GR","calling-code":"30"},{name:"Greenland",cca2:"GL","calling-code":"299"},{name:"Grenada",cca2:"GD","calling-code":"1473"},{name:"Guadeloupe",cca2:"GP","calling-code":"590"},{name:"Guam",cca2:"GU","calling-code":"1671"},{name:"Guatemala",cca2:"GT","calling-code":"502"},{name:"Guernsey",cca2:"GG","calling-code":"44"},{name:"Guinea",cca2:"GN","calling-code":"224"},{name:"Guinea-Bissau",cca2:"GW","calling-code":"245"},{name:"Guyana",cca2:"GY","calling-code":"592"},{name:"Haiti",cca2:"HT","calling-code":"509"},{name:"Honduras",cca2:"HN","calling-code":"504"},{name:"Hong Kong",cca2:"HK","calling-code":"852"},{name:"Hungary",cca2:"HU","calling-code":"36"},{name:"Iceland",cca2:"IS","calling-code":"354"},{name:"India",cca2:"IN","calling-code":"91"},{name:"Indonesia",cca2:"ID","calling-code":"62"},{name:"Iran",cca2:"IR","calling-code":"98"},{name:"Iraq",cca2:"IQ","calling-code":"964"},{name:"Ireland",cca2:"IE","calling-code":"353"},{name:"Isle of Man",cca2:"IM","calling-code":"44"},{name:"Israel",cca2:"IL","calling-code":"972"},{name:"Italy",cca2:"IT","calling-code":"39"},{name:"Jamaica",cca2:"JM","calling-code":"1876"},{name:"Japan",cca2:"JP","calling-code":"81"},{name:"Jersey",cca2:"JE","calling-code":"44"},{name:"Jordan",cca2:"JO","calling-code":"962"},{name:"Kazakhstan",cca2:"KZ","calling-code":"7"},{name:"Kenya",cca2:"KE","calling-code":"254"},{name:"Kiribati",cca2:"KI","calling-code":"686"},{name:"Kuwait",cca2:"KW","calling-code":"965"},{name:"Kyrgyzstan",cca2:"KG","calling-code":"996"},{name:"Laos",cca2:"LA","calling-code":"856"},{name:"Latvia",cca2:"LV","calling-code":"371"},{name:"Lebanon",cca2:"LB","calling-code":"961"},{name:"Lesotho",cca2:"LS","calling-code":"266"},{name:"Liberia",cca2:"LR","calling-code":"231"},{name:"Libya",cca2:"LY","calling-code":"218"},{name:"Liechtenstein",cca2:"LI","calling-code":"423"},{name:"Lithuania",cca2:"LT","calling-code":"370"},{name:"Luxembourg",cca2:"LU","calling-code":"352"},{name:"Macao",cca2:"MO","calling-code":"853"},{name:"Macedonia",cca2:"MK","calling-code":"389"},{name:"Madagascar",cca2:"MG","calling-code":"261"},{name:"Malawi",cca2:"MW","calling-code":"265"},{name:"Malaysia",cca2:"MY","calling-code":"60"},{name:"Maldives",cca2:"MV","calling-code":"960"},{name:"Mali",cca2:"ML","calling-code":"223"},{name:"Malta",cca2:"MT","calling-code":"356"},{name:"Marshall Islands",cca2:"MH","calling-code":"692"},{name:"Martinique",cca2:"MQ","calling-code":"596"},{name:"Mauritania",cca2:"MR","calling-code":"222"},{name:"Mauritius",cca2:"MU","calling-code":"230"},{name:"Mexico",cca2:"MX","calling-code":"52"},{name:"Micronesia",cca2:"FM","calling-code":"691"},{name:"Moldova",cca2:"MD","calling-code":"373"},{name:"Monaco",cca2:"MC","calling-code":"377"},{name:"Mongolia",cca2:"MN","calling-code":"976"},{name:"Montenegro",cca2:"ME","calling-code":"382"},{name:"Montserrat",cca2:"MS","calling-code":"1664"},{name:"Morocco",cca2:"MA","calling-code":"212"},{name:"Mozambique",cca2:"MZ","calling-code":"258"},{name:"Myanmar (Burma)",cca2:"MM","calling-code":"95"},{name:"Namibia",cca2:"NA","calling-code":"264"},{name:"Nauru",cca2:"NR","calling-code":"674"},{name:"Nepal",cca2:"NP","calling-code":"977"},{name:"Netherlands",cca2:"NL","calling-code":"31"},{name:"New Caledonia",cca2:"NC","calling-code":"687"},{name:"New Zealand",cca2:"NZ","calling-code":"64"},{name:"Nicaragua",cca2:"NI","calling-code":"505"},{name:"Niger",cca2:"NE","calling-code":"227"},{name:"Nigeria",cca2:"NG","calling-code":"234"},{name:"North Korea",cca2:"KP","calling-code":"850"},{name:"Norway",cca2:"NO","calling-code":"47"},{name:"Oman",cca2:"OM","calling-code":"968"},{name:"Pakistan",cca2:"PK","calling-code":"92"},{name:"Palau",cca2:"PW","calling-code":"680"},{name:"Palestinian Territory",cca2:"PS","calling-code":"970"},{name:"Panama",cca2:"PA","calling-code":"507"},{name:"Papua New Guinea",cca2:"PG","calling-code":"675"},{name:"Paraguay",cca2:"PY","calling-code":"595"},{name:"Peru",cca2:"PE","calling-code":"51"},{name:"Philippines",cca2:"PH","calling-code":"63"},{name:"Poland",cca2:"PL","calling-code":"48"},{name:"Portugal",cca2:"PT","calling-code":"351"},{name:"Puerto Rico",cca2:"PR","calling-code":"1787"},{name:"Qatar",cca2:"QA","calling-code":"974"},{name:"Réunion",cca2:"RE","calling-code":"262"},{name:"Romania",cca2:"RO","calling-code":"40"},{name:"Russian Federation",cca2:"RU","calling-code":"7"},{name:"Rwanda",cca2:"RW","calling-code":"250"},{name:"Saint Kitts and Nevis",cca2:"KN","calling-code":"1869"},{name:"Saint Lucia",cca2:"LC","calling-code":"1758"},{name:"Saint Vincent and the Grenadines",cca2:"VC","calling-code":"1784"},{name:"Samoa",cca2:"WS","calling-code":"685"},{name:"San Marino",cca2:"SM","calling-code":"378"},{name:"São Tomé and Príncipe",cca2:"ST","calling-code":"239"},{name:"Saudi Arabia",cca2:"SA","calling-code":"966"},{name:"Senegal",cca2:"SN","calling-code":"221"},{name:"Serbia",cca2:"RS","calling-code":"381"},{name:"Seychelles",cca2:"SC","calling-code":"248"},{name:"Sierra Leone",cca2:"SL","calling-code":"232"},{name:"Singapore",cca2:"SG","calling-code":"65"},{name:"Slovakia",cca2:"SK","calling-code":"421"},{name:"Slovenia",cca2:"SI","calling-code":"386"},{name:"Solomon Islands",cca2:"SB","calling-code":"677"},{name:"Somalia",cca2:"SO","calling-code":"252"},{name:"South Africa",cca2:"ZA","calling-code":"27"},{name:"South Korea",cca2:"KR","calling-code":"82"},{name:"Spain",cca2:"ES","calling-code":"34"},{name:"Sri Lanka",cca2:"LK","calling-code":"94"},{name:"Sudan",cca2:"SD","calling-code":"249"},{name:"Suriname",cca2:"SR","calling-code":"597"},{name:"Swaziland",cca2:"SZ","calling-code":"268"},{name:"Sweden",cca2:"SE","calling-code":"46"},{name:"Switzerland",cca2:"CH","calling-code":"41"},{name:"Syrian Arab Republic",cca2:"SY","calling-code":"963"},{name:"Taiwan, Province of China",cca2:"TW","calling-code":"886"},{name:"Tajikistan",cca2:"TJ","calling-code":"992"},{name:"Tanzania",cca2:"TZ","calling-code":"255"},{name:"Thailand",cca2:"TH","calling-code":"66"},{name:"Timor-Leste",cca2:"TL","calling-code":"670"},{name:"Togo",cca2:"TG","calling-code":"228"},{name:"Tonga",cca2:"TO","calling-code":"676"},{name:"Trinidad and Tobago",cca2:"TT","calling-code":"1868"},{name:"Tunisia",cca2:"TN","calling-code":"216"},{name:"Turkey",cca2:"TR","calling-code":"90"},{name:"Turkmenistan",cca2:"TM","calling-code":"993"},{name:"Turks and Caicos Islands",cca2:"TC","calling-code":"1649"},{name:"Tuvalu",cca2:"TV","calling-code":"688"},{name:"Uganda",cca2:"UG","calling-code":"256"},{name:"Ukraine",cca2:"UA","calling-code":"380"},{name:"United Arab Emirates",cca2:"AE","calling-code":"971"},{name:"United Kingdom",cca2:"GB","calling-code":"44"},{name:"United States",cca2:"US","calling-code":"1"},{name:"Uruguay",cca2:"UY","calling-code":"598"},{name:"Uzbekistan",cca2:"UZ","calling-code":"998"},{name:"Vanuatu",cca2:"VU","calling-code":"678"},{name:"Vatican City",cca2:"VA","calling-code":"379"},{name:"Venezuela",cca2:"VE","calling-code":"58"},{name:"Viet Nam",cca2:"VN","calling-code":"84"},{name:"Virgin Islands (British)",cca2:"VG","calling-code":"1284"},{name:"Virgin Islands (U.S.)",cca2:"VI","calling-code":"1340"},{name:"Western Sahara",cca2:"EH","calling-code":"212"},{name:"Yemen",cca2:"YE","calling-code":"967"},{name:"Zambia",cca2:"ZM","calling-code":"260"},{name:"Zimbabwe",cca2:"ZW","calling-code":"263"}],countryCodes:{1:["US"],7:["RU","KZ"],20:["EG"],27:["ZA"],30:["GR"],31:["NL"],32:["BE"],33:["FR"],34:["ES"],36:["HU"],39:["IT"],40:["RO"],41:["CH"],43:["AT"],44:["GB","GG","IM","JE"],45:["DK"],46:["SE"],47:["NO","SJ"],48:["PL"],49:["DE"],51:["PE"],52:["MX"],53:["CU"],54:["AR"],55:["BR"],56:["CL"],57:["CO"],58:["VE"],60:["MY"],61:["AU","CC","CX"],62:["ID"],63:["PH"],64:["NZ"],65:["SG"],66:["TH"],81:["JP"],82:["KR"],84:["VN"],86:["CN"],90:["TR"],91:["IN"],92:["PK"],93:["AF"],94:["LK"],95:["MM"],98:["IR"],211:["SS"],212:["MA","EH"],213:["DZ"],216:["TN"],218:["LY"],220:["GM"],221:["SN"],222:["MR"],223:["ML"],224:["GN"],225:["CI"],226:["BF"],227:["NE"],228:["TG"],229:["BJ"],230:["MU"],231:["LR"],232:["SL"],233:["GH"],234:["NG"],235:["TD"],236:["CF"],237:["CM"],238:["CV"],239:["ST"],240:["GQ"],241:["GA"],242:["CG"],243:["CD"],244:["AO"],245:["GW"],246:["IO"],247:["AC"],248:["SC"],249:["SD"],250:["RW"],251:["ET"],252:["SO"],253:["DJ"],254:["KE"],255:["TZ"],256:["UG"],257:["BI"],258:["MZ"],260:["ZM"],261:["MG"],262:["RE","YT"],263:["ZW"],264:["NA"],265:["MW"],266:["LS"],267:["BW"],268:["SZ"],269:["KM"],290:["SH"],291:["ER"],297:["AW"],298:["FO"],299:["GL"],350:["GI"],351:["PT"],352:["LU"],353:["IE"],354:["IS"],355:["AL"],356:["MT"],357:["CY"],358:["FI","AX"],359:["BG"],370:["LT"],371:["LV"],372:["EE"],373:["MD"],374:["AM"],375:["BY"],376:["AD"],377:["MC"],378:["SM"],379:["VA"],380:["UA"],381:["RS"],382:["ME"],385:["HR"],386:["SI"],387:["BA"],389:["MK"],420:["CZ"],421:["SK"],423:["LI"],500:["FK"],501:["BZ"],502:["GT"],503:["SV"],504:["HN"],505:["NI"],506:["CR"],507:["PA"],508:["PM"],509:["HT"],590:["GP","BL","MF"],591:["BO"],592:["GY"],593:["EC"],594:["GF"],595:["PY"],596:["MQ"],597:["SR"],598:["UY"],599:["CW","BQ"],670:["TL"],672:["NF"],673:["BN"],674:["NR"],675:["PG"],676:["TO"],677:["SB"],678:["VU"],679:["FJ"],680:["PW"],681:["WF"],682:["CK"],683:["NU"],685:["WS"],686:["KI"],687:["NC"],688:["TV"],689:["PF"],690:["TK"],691:["FM"],692:["MH"],850:["KP"],852:["HK"],853:["MO"],855:["KH"],856:["LA"],880:["BD"],886:["TW"],960:["MV"],961:["LB"],962:["JO"],963:["SY"],964:["IQ"],965:["KW"],966:["SA"],967:["YE"],968:["OM"],970:["PS"],971:["AE"],972:["IL"],973:["BH"],974:["QA"],975:["BT"],976:["MN"],977:["NP"],992:["TJ"],993:["TM"],994:["AZ"],995:["GE"],996:["KG"],998:["UZ"],1242:["BS"],1246:["BB"],1264:["AI"],1268:["AG"],1284:["VG"],1340:["VI"],1345:["KY"],1441:["BM"],1473:["GD"],1649:["TC"],1664:["MS"],1671:["GU"],1684:["AS"],1758:["LC"],1767:["DM"],1784:["VC"],1787:["PR"],1809:["DO"],1868:["TT"],1869:["KN"],1876:["JM"]}}; \ No newline at end of file diff --git a/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/includes/js/pointers.js b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/includes/js/pointers.js new file mode 100644 index 0000000..e10bbd0 --- /dev/null +++ b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/includes/js/pointers.js @@ -0,0 +1,205 @@ +( function($, MAP) { + + $(document).on( 'MOAdminPointers.setup_done', function( e, data ) { + e.stopImmediatePropagation(); + MAP.setPlugin( data ); // open first popup + } ); + + $(document).on( 'MOAdminPointers.current_ready', function( e ) { + e.stopImmediatePropagation(); + MAP.openPointer(); // open a popup + } ); + + MAP.js_pointers = {}; // contain js-parsed pointer objects + MAP.first_pointer = false; // contain first pointer anchor jQuery object + MAP.current_pointer = false; // contain current pointer jQuery object + MAP.last_pointer = false; // contain last pointer jQuery object + MAP.visible_pointers = []; // contain ids of pointers whose anchors are visible + + MAP.hasNext = function( data ) { // check if a given pointer has valid next property + return typeof data.next === 'string' + && data.next !== '' + && typeof MAP.js_pointers[data.next].data !== 'undefined' + && typeof MAP.js_pointers[data.next].data.id === 'string'; + }; + + MAP.isVisible = function( data ) { // check if anchor for given pointer is visible + return $.inArray( data.id, MAP.visible_pointers ) !== -1; + }; + + // given a pointer object, return its the anchor jQuery object if available + // otherwise return first available, lookin at next property of subsequent pointers + MAP.getPointerData = function( data ) { + var $target = $( data.anchor_id ); + if ( $.inArray(data.id, MAP.visible_pointers) !== -1 ) { + return { target: $target, data: data }; + } + $target = false; + while( MAP.hasNext( data ) && ! MAP.isVisible( data ) ) { + data = MAP.js_pointers[data.next].data; + if ( MAP.isVisible( data ) ) { + $target = $(data.anchor_id); + } + } + return MAP.isVisible( data ) + ? { target: $target, data: data } + : { target: false, data: false }; + }; + + // take pointer data and setup pointer plugin for anchor element + MAP.setPlugin = function( data ) { + jQuery('#overlay').show(); + + if ( typeof MAP.last_pointer === 'object') { + MAP.last_pointer.pointer('destroy'); + MAP.last_pointer = false; + } + jQuery(data.anchor_id).css('z-index','2'); + + + MAP.current_pointer = false; + var pointer_data = MAP.getPointerData( data ); + if ( ! pointer_data.target || ! pointer_data.data ) { + return; + } + $target = pointer_data.target; + data = pointer_data.data; + $pointer = $target.pointer({ + content: data.title + data.content, + position: { edge: data.edge, align: data.align }, + close: function() { + jQuery(data.anchor_id).css('z-index','0'); + jQuery('#overlay').hide(); + $.post( ajaxurl, { pointer: data.id, action: 'dismiss-wp-pointer' } ); + } + }); + MAP.current_pointer = { pointer: $pointer, data: data }; + $(document).trigger( 'MOAdminPointers.current_ready' ); + }; + + // scroll the page to current pointer then open it + MAP.openPointer = function() { + var $pointer = MAP.current_pointer.pointer; + if ( ! typeof $pointer === 'object' ) { + return; + } + $('html, body').animate({ // scroll page to pointer + scrollTop: $pointer.offset().top-120 + }, 300, function() { // when scroll complete + MAP.last_pointer = $pointer; + var $widget = $pointer.pointer('widget'); + MAP.setNext( $widget, MAP.current_pointer.data ); + $pointer.pointer( 'open' ); // open + }); + + + }; + + // if there is a next pointer set button label to "Next", to "Close" otherwise + MAP.setNext = function( $widget, data ) { + if ( typeof $widget === 'object' ) { + var $buttons = $widget.find('.wp-pointer-buttons').eq(0); + var $close = $buttons.find('a.close').eq(0); + $button = $close.clone(true, true).removeClass('close'); + $close_button = $close.clone(true, true).removeClass('close'); + $buttons.find('a.close').remove(); + $button.addClass('button').addClass('button-primary'); + $close_button.addClass('button').addClass('button-primary'); + + has_next = false; + if ( MAP.hasNext( data ) ) { + has_next_data = MAP.getPointerData(MAP.js_pointers[data.next].data); + has_next = has_next_data.target && has_next_data.data; + $button.html(MAP.next_label).appendTo($buttons); + $close_button.html(MAP.close_label).appendTo($buttons); + jQuery($close_button).css('margin-right','10px'); + + jQuery($close_button).click(function (e) { + jQuery('#overlay').hide(); + setTimeout(function () { + jQuery('#dismiss_pointers').submit(); + }, 1000); + }); + } + else + { + var label = has_next ? MAP.next_label : MAP.close_label; + jQuery($button).css('margin-right','10px'); + $button.html(label).appendTo($buttons); + } + jQuery($button).click(function () { + if(data.isdefault ==='yes') + { + + switch(data.anchor_id){ + case '#mo_saml_idps_grid_div': + document.getElementById('sp-setup-tab').className = 'nav-tab'; + document.getElementById('sp-meta-tab').className = 'nav-tab nav-tab-active'; + document.getElementById('save_tab').style.display = 'none'; + document.getElementById('config_tab').style.display='block'; + break; + case '#selected_idp_div': + document.getElementById('sp-setup-tab').className = 'nav-tab'; + document.getElementById('sp-meta-tab').className = 'nav-tab nav-tab-active'; + document.getElementById('save_tab').style.display = 'none'; + document.getElementById('config_tab').style.display='block'; + break; + case '#metadata_url': + document.getElementById('sp-setup-tab').className = 'nav-tab nav-tab-active'; + document.getElementById('sp-meta-tab').className = 'nav-tab'; + document.getElementById('save_tab').style.display = 'block'; + document.getElementById('config_tab').style.display = 'none'; + document.getElementById('selected_idp_div').style.zIndex = 0; + break; + case '#test_config': + document.getElementById('sp-setup-tab').className = 'nav-tab'; + document.getElementById('attr-role-tab').className = 'nav-tab nav-tab-active'; + document.getElementById('save_tab').style.display = 'none'; + document.getElementById('opt_tab').style.display = 'block'; + break; + case '#miniorange-role-mapping': + document.getElementById('attr-role-tab').className = 'nav-tab'; + document.getElementById('redir-sso-tab').className = 'nav-tab nav-tab-active'; + document.getElementById('opt_tab').style.display = 'none'; + document.getElementById('redir_sso_tab').style.display = 'block'; + break; + case '#minorange-use-widget': + document.getElementById('redir-sso-tab').className = 'nav-tab'; + document.getElementById('addon-tab').className = 'nav-tab nav-tab-active'; + document.getElementById('redir_sso_tab').style.display = 'none'; + document.getElementById('addons_tab').style.display = 'block'; + document.getElementById('support-form').style.display = 'block'; + break; + case '#miniorange-addons': + document.getElementById('addon-tab').className = 'nav-tab'; + document.getElementById('sp-setup-tab').className = 'nav-tab nav-tab-active'; + document.getElementById('addons_tab').style.display = 'none'; + document.getElementById('save_tab').style.display = 'block'; + document.getElementById('support-form').style.display = 'block'; + break; + } + } + + if ( MAP.hasNext( data ) ) { + MAP.setPlugin( MAP.js_pointers[data.next].data ); + } + }); + } + }; + + $(MAP.pointers).each(function(index, pointer) { // loop pointers data + if( ! $().pointer ) return; // do nothing if pointer plugin isn't available + MAP.js_pointers[pointer.id] = { data: pointer }; + var $target = $(pointer.anchor_id); + if ( $target.length) { // anchor exists and is visible? + MAP.visible_pointers.push(pointer.id); + if ( ! MAP.first_pointer ) { + MAP.first_pointer = pointer; + } + } + if ( index === ( MAP.pointers.length - 1 ) && MAP.first_pointer ) { + $(document).trigger( 'MOAdminPointers.setup_done', MAP.first_pointer ); + } + }); + +} )(jQuery, MOAdminPointers); // MOAdminPointers is passed by `wp_localize_script` \ No newline at end of file diff --git a/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/includes/js/settings.js b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/includes/js/settings.js new file mode 100644 index 0000000..78ce5c2 --- /dev/null +++ b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/includes/js/settings.js @@ -0,0 +1,164 @@ +jQuery(document).ready(function () { + //show and hide attribute mapping instructions + + jQuery("#toggle_am_content").click(function () { + jQuery("#show_am_content").toggle(); + }); + jQuery("#dont_allow_unlisted_user_role").change(function() { + if(jQuery(this).is(":checked")) { + jQuery("#saml_am_default_user_role").attr('disabled', true); + } else { + jQuery("#saml_am_default_user_role").attr('disabled', false); + } + }); + if(jQuery("#dont_allow_unlisted_user_role").is(":checked")) { + jQuery("#saml_am_default_user_role").attr('disabled', true); + } else if(!jQuery("#dont_allow_unlisted_user_role").is(":disabled")){ + jQuery("#saml_am_default_user_role").attr('disabled', false); + } + /* + * Identity Provider help + + jQuery("#user_selected_idp").change(function() { + var idp = this.value; + if(idp == 'adfs') { + var content = "Click here to see the guide" + } else if(idp == 'simplesaml') { + var content = "Click here to see the guide" + } else if(idp == 'salesforce') { + var content = "Click here to see the guide" + } else if(idp == 'okta') { + var content = "Click here to see the guide" + }else if(idp == 'shibboleth') { + var content = "Click here to see the guide" + } else { + jQuery("#idp_guide_link").html(""); + } + jQuery("#idp_guide_link").html(content); + });*/ + + /* + * Help & Troubleshooting + */ + + //Enable cURL + jQuery("#help_curl_enable_title").click(function () { + jQuery("#help_curl_enable_desc").slideToggle(400); + }); + + //enable openssl + jQuery("#help_openssl_enable_title").click(function () { + jQuery("#help_openssl_enable_desc").slideToggle(400); + }); + + //attribute mapping + jQuery("#attribute_mapping").click(function () { + jQuery("#attribute_mapping_desc").slideToggle(400); + }); + + //role mapping + jQuery("#role_mapping").click(function (e) { + e.preventDefault(); + jQuery("#role_mapping_desc").slideToggle(400); + }); + + //idp details + jQuery("#idp_details_link").click(function (e) { + e.preventDefault(); + jQuery("#idp_details_desc").slideToggle(400); + }); + + //add widget + jQuery("#mo_saml_add_widget").change(function () { + jQuery("#mo_saml_add_widget_steps").slideToggle(400); + }); + + //add shorcut + jQuery("#mo_saml_add_shortcode").change(function () { + jQuery("#mo_saml_add_shortcode_steps").slideToggle(400); + }); + + //registration + jQuery("#help_register_link").click(function (e) { + e.preventDefault(); + jQuery("#help_register_desc").slideToggle(400); + }); + + + //Widget steps + jQuery("#help_widget_steps_title").click(function () { + jQuery("#help_widget_steps_desc").slideToggle(400); + }); + + //redirect to idp + jQuery("#redirect_to_idp").click(function (e) { + e.preventDefault; + jQuery("#redirect_to_idp_desc").slideToggle(400); + }); + + //redirect to idp + jQuery("#registered_only_access").click(function (e) { + e.preventDefault; + jQuery("#registered_only_access_desc").slideToggle(400); + }); + + //redirect to idp + jQuery("#force_authentication_with_idp").click(function (e) { + e.preventDefault; + jQuery("#force_authentication_with_idp_desc").slideToggle(400); + }); + + //Instructions + jQuery("#help_steps_title").click(function () { + jQuery("#help_steps_desc").slideToggle(400); + }); + + //Working of plugin + jQuery("#help_working_title1").click(function () { + jQuery("#help_working_desc2").hide(); + jQuery("#help_working_desc3").hide(); + jQuery("#help_working_desc1").slideToggle(400); + }); + + jQuery("#help_working_title2").click(function () { + jQuery("#help_working_desc1").hide(); + jQuery("#help_working_desc3").hide(); + jQuery("#help_working_desc2").slideToggle(400); + }); + + jQuery("#help_working_title3").click(function () { + jQuery("#help_working_desc1").hide(); + jQuery("#help_working_desc2").hide(); + jQuery("#help_working_desc3").slideToggle(400); + }); + + //What is SAML + jQuery("#help_saml_title").click(function () { + jQuery("#help_saml_desc").slideToggle(400); + }); + + //SAML flows + jQuery("#help_saml_flow_title").click(function () { + jQuery("#help_saml_flow_desc").slideToggle(400); + }); + + //FAQ - certificate + jQuery("#help_faq_cert_title").click(function () { + jQuery("#help_faq_cert_desc").slideToggle(400); + }); + + //FAQ - 404 error + jQuery("#help_faq_404_title").click(function () { + jQuery("#help_faq_404_desc").slideToggle(400); + }); + + //FAQ - idp not configured properly issue + jQuery("#help_faq_idp_config_title").click(function () { + jQuery("#help_faq_idp_config_desc").slideToggle(400); + }); + + //FAQ - redirect to idp issue + jQuery("#help_faq_idp_redirect_title").click(function () { + jQuery("#help_faq_idp_redirect_desc").slideToggle(400); + }); +}); \ No newline at end of file diff --git a/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/includes/js/settings.min.js b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/includes/js/settings.min.js new file mode 100644 index 0000000..3595f96 --- /dev/null +++ b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/includes/js/settings.min.js @@ -0,0 +1 @@ +jQuery(document).ready(function(){jQuery("#toggle_am_content").click(function(){jQuery("#show_am_content").toggle()}),jQuery("#dont_allow_unlisted_user_role").change(function(){jQuery(this).is(":checked")?jQuery("#saml_am_default_user_role").attr("disabled",!0):jQuery("#saml_am_default_user_role").attr("disabled",!1)}),jQuery("#dont_allow_unlisted_user_role").is(":checked")?jQuery("#saml_am_default_user_role").attr("disabled",!0):jQuery("#dont_allow_unlisted_user_role").is(":disabled")||jQuery("#saml_am_default_user_role").attr("disabled",!1),jQuery("#help_curl_enable_title").click(function(){jQuery("#help_curl_enable_desc").slideToggle(400)}),jQuery("#help_openssl_enable_title").click(function(){jQuery("#help_openssl_enable_desc").slideToggle(400)}),jQuery("#attribute_mapping").click(function(){jQuery("#attribute_mapping_desc").slideToggle(400)}),jQuery("#role_mapping").click(function(e){e.preventDefault(),jQuery("#role_mapping_desc").slideToggle(400)}),jQuery("#idp_details_link").click(function(e){e.preventDefault(),jQuery("#idp_details_desc").slideToggle(400)}),jQuery("#mo_saml_add_widget").change(function(){jQuery("#mo_saml_add_widget_steps").slideToggle(400)}),jQuery("#mo_saml_add_shortcode").change(function(){jQuery("#mo_saml_add_shortcode_steps").slideToggle(400)}),jQuery("#help_register_link").click(function(e){e.preventDefault(),jQuery("#help_register_desc").slideToggle(400)}),jQuery("#help_widget_steps_title").click(function(){jQuery("#help_widget_steps_desc").slideToggle(400)}),jQuery("#redirect_to_idp").click(function(e){e.preventDefault,jQuery("#redirect_to_idp_desc").slideToggle(400)}),jQuery("#registered_only_access").click(function(e){e.preventDefault,jQuery("#registered_only_access_desc").slideToggle(400)}),jQuery("#force_authentication_with_idp").click(function(e){e.preventDefault,jQuery("#force_authentication_with_idp_desc").slideToggle(400)}),jQuery("#help_steps_title").click(function(){jQuery("#help_steps_desc").slideToggle(400)}),jQuery("#help_working_title1").click(function(){jQuery("#help_working_desc2").hide(),jQuery("#help_working_desc1").slideToggle(400)}),jQuery("#help_working_title2").click(function(){jQuery("#help_working_desc1").hide(),jQuery("#help_working_desc2").slideToggle(400)}),jQuery("#help_saml_title").click(function(){jQuery("#help_saml_desc").slideToggle(400)}),jQuery("#help_saml_flow_title").click(function(){jQuery("#help_saml_flow_desc").slideToggle(400)}),jQuery("#help_faq_cert_title").click(function(){jQuery("#help_faq_cert_desc").slideToggle(400)}),jQuery("#help_faq_404_title").click(function(){jQuery("#help_faq_404_desc").slideToggle(400)}),jQuery("#help_faq_idp_config_title").click(function(){jQuery("#help_faq_idp_config_desc").slideToggle(400)}),jQuery("#help_faq_idp_redirect_title").click(function(){jQuery("#help_faq_idp_redirect_desc").slideToggle(400)})}); \ No newline at end of file diff --git a/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/includes/js/skip_tour.js b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/includes/js/skip_tour.js new file mode 100644 index 0000000..8de5423 --- /dev/null +++ b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/includes/js/skip_tour.js @@ -0,0 +1,18 @@ +jQuery(document).ready( function(){ + jQuery('#skip-plugin-tour').onclick(function(e) { + e.preventDefault(); + var rml_post_id = jQuery(this).data( 'id' ); + jQuery.ajax({ + url : readmelater_ajax.ajax_url, + type : 'post', + data : { + action : 'read_me_later', + post_id : rml_post_id + }, + success : function( response ) { + jQuery('.rml_contents').html(response); + } + }); + jQuery(this).hide(); + }); +}); \ No newline at end of file diff --git a/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/includes/js/wp-pointer.dev.js b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/includes/js/wp-pointer.dev.js new file mode 100644 index 0000000..23b0e43 --- /dev/null +++ b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/includes/js/wp-pointer.dev.js @@ -0,0 +1,281 @@ +/** + * Pointer jQuery widget. + */ +(function($){ + var identifier = 0, + zindex = 9999; + + $.widget("wp.pointer", { + options: { + pointerClass: 'wp-pointer', + pointerWidth: 320, + content: function( respond, event, t ) { + return $(this).text(); + }, + buttons: function( event, t ) { + var close = ( wpPointerL10n ) ? wpPointerL10n.dismiss : 'Dismiss', + button = $('' + close + ''); + + return button.bind( 'click.pointer', function(e) { + e.preventDefault(); + t.element.pointer('close'); + }); + }, + position: 'top', + show: function( event, t ) { + t.pointer.show(); + t.opened(); + }, + hide: function( event, t ) { + t.pointer.hide(); + t.closed(); + }, + document: document + }, + + _create: function() { + var positioning, + family; + + this.content = $('
        '); + this.arrow = $('
        '); + + family = this.element.parents().add( this.element ); + positioning = 'absolute'; + + if ( family.filter(function(){ return 'fixed' === $(this).css('position'); }).length ) + positioning = 'fixed'; + + this.pointer = $('
        ') + .append( this.content ) + .append( this.arrow ) + .attr('id', 'wp-pointer-' + identifier++) + .addClass( this.options.pointerClass ) + .css({'position': positioning, 'width': this.options.pointerWidth+'px', 'display': 'none'}) + .appendTo( this.options.document.body ); + }, + + _setOption: function( key, value ) { + var o = this.options, + tip = this.pointer; + + // Handle document transfer + if ( key === "document" && value !== o.document ) { + tip.detach().appendTo( value.body ); + + // Handle class change + } else if ( key === "pointerClass" ) { + tip.removeClass( o.pointerClass ).addClass( value ); + } + + // Call super method. + $.Widget.prototype._setOption.apply( this, arguments ); + + // Reposition automatically + if ( key === "position" ) { + this.reposition(); + + // Update content automatically if pointer is open + } else if ( key === "content" && this.active ) { + this.update(); + } + }, + + destroy: function() { + this.pointer.remove(); + $.Widget.prototype.destroy.call( this ); + }, + + widget: function() { + return this.pointer; + }, + + update: function( event ) { + var self = this, + o = this.options, + dfd = $.Deferred(), + content; + + if ( o.disabled ) + return; + + dfd.done( function( content ) { + self._update( event, content ); + }) + + // Either o.content is a string... + if ( typeof o.content === 'string' ) { + content = o.content; + + // ...or o.content is a callback. + } else { + content = o.content.call( this.element[0], dfd.resolve, event, this._handoff() ); + } + + // If content is set, then complete the update. + if ( content ) + dfd.resolve( content ); + + return dfd.promise(); + }, + + /** + * Update is separated into two functions to allow events to defer + * updating the pointer (e.g. fetch content with ajax, etc). + */ + _update: function( event, content ) { + var buttons, + o = this.options; + + if ( ! content ) + return; + + this.pointer.stop(); // Kill any animations on the pointer. + this.content.html( content ); + + buttons = o.buttons.call( this.element[0], event, this._handoff() ); + if ( buttons ) { + buttons.wrap('
        ').parent().appendTo( this.content ); + } + + this.reposition(); + }, + + reposition: function() { + var position; + + if ( this.options.disabled ) + return; + + position = this._processPosition( this.options.position ); + + // Reposition pointer. + this.pointer.css({ + top: 0, + left: 0, + zIndex: zindex++ // Increment the z-index so that it shows above other opened pointers. + }).show().position($.extend({ + of: this.element, + collision: 'fit none' + }, position )); // the object comes before this.options.position so the user can override position.of. + + this.repoint(); + }, + + repoint: function() { + var o = this.options, + edge; + + if ( o.disabled ) + return; + + edge = ( typeof o.position == 'string' ) ? o.position : o.position.edge; + + // Remove arrow classes. + this.pointer[0].className = this.pointer[0].className.replace( /wp-pointer-[^\s'"]*/, '' ); + + // Add arrow class. + this.pointer.addClass( 'wp-pointer-' + edge ); + }, + + _processPosition: function( position ) { + var opposite = { + top: 'bottom', + bottom: 'top', + left: 'right', + right: 'left' + }, + result; + + // If the position object is a string, it is shorthand for position.edge. + if ( typeof position == 'string' ) { + result = { + edge: position + '' + }; + } else { + result = $.extend( {}, position ); + } + + if ( ! result.edge ) + return result; + + if ( result.edge == 'top' || result.edge == 'bottom' ) { + result.align = result.align || 'left'; + + result.at = result.at || result.align + ' ' + opposite[ result.edge ]; + result.my = result.my || result.align + ' ' + result.edge; + } else { + result.align = result.align || 'top'; + + result.at = result.at || opposite[ result.edge ] + ' ' + result.align; + result.my = result.my || result.edge + ' ' + result.align; + } + + return result; + }, + + open: function( event ) { + var self = this, + o = this.options; + + if ( this.active || o.disabled || this.element.is(':hidden') ) + return; + + this.update().done( function() { + self._open( event ); + }); + }, + + _open: function( event ) { + var self = this, + o = this.options; + + if ( this.active || o.disabled || this.element.is(':hidden') ) + return; + + this.active = true; + + this._trigger( "open", event, this._handoff() ); + + this._trigger( "show", event, this._handoff({ + opened: function() { + self._trigger( "opened", event, self._handoff() ); + } + })); + }, + + close: function( event ) { + if ( !this.active || this.options.disabled ) + return; + + var self = this; + this.active = false; + + this._trigger( "close", event, this._handoff() ); + this._trigger( "hide", event, this._handoff({ + closed: function() { + self._trigger( "closed", event, self._handoff() ); + } + })); + }, + + sendToTop: function( event ) { + if ( this.active ) + this.pointer.css( 'z-index', zindex++ ); + }, + + toggle: function( event ) { + if ( this.pointer.is(':hidden') ) + this.open( event ); + else + this.close( event ); + }, + + _handoff: function( extend ) { + return $.extend({ + pointer: this.pointer, + element: this.element + }, extend); + } + }); +})(jQuery); diff --git a/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/includes/lib/MoSAMLBasicEnum.php b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/includes/lib/MoSAMLBasicEnum.php new file mode 100644 index 0000000..88926e1 --- /dev/null +++ b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/includes/lib/MoSAMLBasicEnum.php @@ -0,0 +1,33 @@ +getConstants(); + } + return self::$constCacheArray[$calledClass]; + } + + public static function isValidName($name, $strict = false) { + $constants = self::getConstants(); + + if ($strict) { + return array_key_exists($name, $constants); + } + + $keys = array_map('strtolower', array_keys($constants)); + return in_array(strtolower($name), $keys); + } + + public static function isValidValue($value, $strict = true) { + $values = array_values(self::getConstants()); + return in_array($value, $values, $strict); + } +} \ No newline at end of file diff --git a/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/includes/lib/MoSAMLPointer.php b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/includes/lib/MoSAMLPointer.php new file mode 100644 index 0000000..c3206a2 --- /dev/null +++ b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/includes/lib/MoSAMLPointer.php @@ -0,0 +1,109 @@ +content = '

        '.$header.'

        '; + $this->content .= '

        ' .$body . '

        '; + $this-> anchor_id = $anchor_id; + $this->edge = $edge; + $this->align = $align; + $this->active = $active; + $this->pointer_name = 'miniorange_admin_pointer_'.$prefix; + + + } + + + function return_array(){ + return array( + // The content needs to point to what we created above in the $new_pointer_content variable + 'content' => $this->content, + + // In order for the custom pointer to appear in the right location we need to specify the ID + // of the element we want it to appear next to + 'anchor_id' => $this->anchor_id, + + // On what edge do we want the pointer to appear. Options are 'top', 'left', 'right', 'bottom' + 'edge' => $this->edge, + + // How do we want out custom pointer to align to the element it is attached to. Options are + // 'left', 'right', 'center' + 'align' => $this->align, + + // This is how we tell the pointer to be dismissed or not. Make sure that the 'new_items' + // string matches the string at the beginning of the array item + 'active' => $this->active + ); + } + + /** + * @return mixed + */ + public function getContent() + { + return $this->content; + } + + /** + * @param mixed $content + */ + public function setContent($content) + { + $this->content = $content; + } + + /** + * @return mixed + */ + public function getAnchorId() + { + return $this->anchor_id; + } + + + /** + * @return mixed + */ + public function getEdge() + { + return $this->edge; + } + + + /** + * @return mixed + */ + public function getActive() + { + return $this->active; + } + + /** + * @param mixed $active + */ + public function setActive($active) + { + $this->active = $active; + } + + /** + * @return mixed + */ + public function getPointerName() + { + return $this->pointer_name; + } + + +} \ No newline at end of file diff --git a/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/includes/lib/SAML2Core/MoXMLSecEnc.php b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/includes/lib/SAML2Core/MoXMLSecEnc.php new file mode 100644 index 0000000..caadbab --- /dev/null +++ b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/includes/lib/SAML2Core/MoXMLSecEnc.php @@ -0,0 +1,511 @@ +. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * * Neither the name of Robert Richards nor the names of his + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER + * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN + * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + * + * @author Robert Richards + * @copyright 2007-2020 Robert Richards + * @license http://www.opensource.org/licenses/bsd-license.php BSD License + */ + +class MoXMLSecEnc +{ + const template = " + + + +"; + + const Element = 'http://www.w3.org/2001/04/xmlenc#Element'; + const Content = 'http://www.w3.org/2001/04/xmlenc#Content'; + const URI = 3; + const XMLENCNS = 'http://www.w3.org/2001/04/xmlenc#'; + + /** @var null|DOMDocument */ + private $encdoc = null; + + /** @var null|DOMNode */ + private $rawNode = null; + + /** @var null|string */ + public $type = null; + + /** @var null|DOMElement */ + public $encKey = null; + + /** @var array */ + private $references = array(); + + public function __construct() + { + $this->_resetTemplate(); + } + + private function _resetTemplate() + { + $this->encdoc = new DOMDocument(); + $this->encdoc->loadXML(self::template); + } + + /** + * @param string $name + * @param DOMNode $node + * @param string $type + * @throws Exception + */ + public function addReference($name, $node, $type) + { + if (! $node instanceOf DOMNode) { + throw new Exception('$node is not of type DOMNode'); + } + $curencdoc = $this->encdoc; + $this->_resetTemplate(); + $encdoc = $this->encdoc; + $this->encdoc = $curencdoc; + $refuri = MoXMLSecurityDSig::generateGUID(); + $element = $encdoc->documentElement; + $element->setAttribute("Id", $refuri); + $this->references[$name] = array("node" => $node, "type" => $type, "encnode" => $encdoc, "refuri" => $refuri); + } + + /** + * @param DOMNode $node + */ + public function setNode($node) + { + $this->rawNode = $node; + } + + /** + * Encrypt the selected node with the given key. + * + * @param MoXMLSecurityKey $objKey The encryption key and algorithm. + * @param bool $replace Whether the encrypted node should be replaced in the original tree. Default is true. + * @return DOMElement The -element. + *@throws Exception + * + */ + public function encryptNode($objKey, $replace = true) + { + $data = ''; + if (empty($this->rawNode)) { + throw new Exception('Node to encrypt has not been set'); + } + if (! $objKey instanceof MoXMLSecurityKey) { + throw new Exception('Invalid Key'); + } + $doc = $this->rawNode->ownerDocument; + $xPath = new DOMXPath($this->encdoc); + $objList = $xPath->query('/xenc:EncryptedData/xenc:CipherData/xenc:CipherValue'); + $cipherValue = $objList->item(0); + if ($cipherValue == null) { + throw new Exception('Error locating CipherValue element within template'); + } + switch ($this->type) { + case (self::Element): + $data = $doc->saveXML($this->rawNode); + $this->encdoc->documentElement->setAttribute('Type', self::Element); + break; + case (self::Content): + $children = $this->rawNode->childNodes; + foreach ($children AS $child) { + $data .= $doc->saveXML($child); + } + $this->encdoc->documentElement->setAttribute('Type', self::Content); + break; + default: + throw new Exception('Type is currently not supported'); + } + + $encMethod = $this->encdoc->documentElement->appendChild($this->encdoc->createElementNS(self::XMLENCNS, 'xenc:EncryptionMethod')); + $encMethod->setAttribute('Algorithm', $objKey->getAlgorithm()); + $cipherValue->parentNode->parentNode->insertBefore($encMethod, $cipherValue->parentNode->parentNode->firstChild); + + $strEncrypt = base64_encode($objKey->encryptData($data)); + $value = $this->encdoc->createTextNode($strEncrypt); + $cipherValue->appendChild($value); + + if ($replace) { + switch ($this->type) { + case (self::Element): + if ($this->rawNode->nodeType == XML_DOCUMENT_NODE) { + return $this->encdoc; + } + $importEnc = $this->rawNode->ownerDocument->importNode($this->encdoc->documentElement, true); + $this->rawNode->parentNode->replaceChild($importEnc, $this->rawNode); + return $importEnc; + case (self::Content): + $importEnc = $this->rawNode->ownerDocument->importNode($this->encdoc->documentElement, true); + while ($this->rawNode->firstChild) { + $this->rawNode->removeChild($this->rawNode->firstChild); + } + $this->rawNode->appendChild($importEnc); + return $importEnc; + } + } else { + return $this->encdoc->documentElement; + } + } + + /** + * @param MoXMLSecurityKey $objKey + * @throws Exception + */ + public function encryptReferences($objKey) + { + $curRawNode = $this->rawNode; + $curType = $this->type; + foreach ($this->references AS $name => $reference) { + $this->encdoc = $reference["encnode"]; + $this->rawNode = $reference["node"]; + $this->type = $reference["type"]; + try { + $encNode = $this->encryptNode($objKey); + $this->references[$name]["encnode"] = $encNode; + } catch (Exception $e) { + $this->rawNode = $curRawNode; + $this->type = $curType; + throw $e; + } + } + $this->rawNode = $curRawNode; + $this->type = $curType; + } + + /** + * Retrieve the CipherValue text from this encrypted node. + * + * @throws Exception + * @return string|null The Ciphervalue text, or null if no CipherValue is found. + */ + public function getCipherValue() + { + if (empty($this->rawNode)) { + throw new Exception('Node to decrypt has not been set'); + } + + $doc = $this->rawNode->ownerDocument; + $xPath = new DOMXPath($doc); + $xPath->registerNamespace('xmlencr', self::XMLENCNS); + /* Only handles embedded content right now and not a reference */ + $query = "./xmlencr:CipherData/xmlencr:CipherValue"; + $nodeset = $xPath->query($query, $this->rawNode); + $node = $nodeset->item(0); + + if (!$node) { + return null; + } + + return base64_decode($node->nodeValue); + } + + /** + * Decrypt this encrypted node. + * + * The behaviour of this function depends on the value of $replace. + * If $replace is false, we will return the decrypted data as a string. + * If $replace is true, we will insert the decrypted element(s) into the + * document, and return the decrypted element(s). + * + * @param MoXMLSecurityKey $objKey The decryption key that should be used when decrypting the node. + * @param boolean $replace Whether we should replace the encrypted node in the XML document with the decrypted data. The default is true. + * + * @return string|DOMElement The decrypted data. + */ + public function decryptNode($objKey, $replace=true) + { + if (! $objKey instanceof MoXMLSecurityKey) { + throw new Exception('Invalid Key'); + } + + $encryptedData = $this->getCipherValue(); + if ($encryptedData) { + $decrypted = $objKey->decryptData($encryptedData); + if ($replace) { + switch ($this->type) { + case (self::Element): + $newdoc = new DOMDocument(); + $newdoc->loadXML($decrypted); + if ($this->rawNode->nodeType == XML_DOCUMENT_NODE) { + return $newdoc; + } + $importEnc = $this->rawNode->ownerDocument->importNode($newdoc->documentElement, true); + $this->rawNode->parentNode->replaceChild($importEnc, $this->rawNode); + return $importEnc; + case (self::Content): + if ($this->rawNode->nodeType == XML_DOCUMENT_NODE) { + $doc = $this->rawNode; + } else { + $doc = $this->rawNode->ownerDocument; + } + $newFrag = $doc->createDocumentFragment(); + $newFrag->appendXML($decrypted); + $parent = $this->rawNode->parentNode; + $parent->replaceChild($newFrag, $this->rawNode); + return $parent; + default: + return $decrypted; + } + } else { + return $decrypted; + } + } else { + throw new Exception("Cannot locate encrypted data"); + } + } + + /** + * Encrypt the XMLSecurityKey + * + * @param MoXMLSecurityKey $srcKey + * @param MoXMLSecurityKey $rawKey + * @param bool $append + * @throws Exception + */ + public function encryptKey($srcKey, $rawKey, $append=true) + { + if ((! $srcKey instanceof MoXMLSecurityKey) || (! $rawKey instanceof MoXMLSecurityKey)) { + throw new Exception('Invalid Key'); + } + $strEncKey = base64_encode($srcKey->encryptData($rawKey->key)); + $root = $this->encdoc->documentElement; + $encKey = $this->encdoc->createElementNS(self::XMLENCNS, 'xenc:EncryptedKey'); + if ($append) { + $keyInfo = $root->insertBefore($this->encdoc->createElementNS('http://www.w3.org/2000/09/xmldsig#', 'dsig:KeyInfo'), $root->firstChild); + $keyInfo->appendChild($encKey); + } else { + $this->encKey = $encKey; + } + $encMethod = $encKey->appendChild($this->encdoc->createElementNS(self::XMLENCNS, 'xenc:EncryptionMethod')); + $encMethod->setAttribute('Algorithm', $srcKey->getAlgorith()); + if (! empty($srcKey->name)) { + $keyInfo = $encKey->appendChild($this->encdoc->createElementNS('http://www.w3.org/2000/09/xmldsig#', 'dsig:KeyInfo')); + $keyInfo->appendChild($this->encdoc->createElementNS('http://www.w3.org/2000/09/xmldsig#', 'dsig:KeyName', $srcKey->name)); + } + $cipherData = $encKey->appendChild($this->encdoc->createElementNS(self::XMLENCNS, 'xenc:CipherData')); + $cipherData->appendChild($this->encdoc->createElementNS(self::XMLENCNS, 'xenc:CipherValue', $strEncKey)); + if (is_array($this->references) && count($this->references) > 0) { + $refList = $encKey->appendChild($this->encdoc->createElementNS(self::XMLENCNS, 'xenc:ReferenceList')); + foreach ($this->references AS $name => $reference) { + $refuri = $reference["refuri"]; + $dataRef = $refList->appendChild($this->encdoc->createElementNS(self::XMLENCNS, 'xenc:DataReference')); + $dataRef->setAttribute("URI", '#' . $refuri); + } + } + return; + } + + /** + * @param MoXMLSecurityKey $encKey + * @return DOMElement|string + * @throws Exception + */ + public function decryptKey($encKey) + { + if (! $encKey->isEncrypted) { + throw new Exception("Key is not Encrypted"); + } + if (empty($encKey->key)) { + throw new Exception("Key is missing data to perform the decryption"); + } + return $this->decryptNode($encKey, false); + } + + /** + * @param DOMDocument $element + * @return DOMNode|null + */ + public function locateEncryptedData($element) + { + if ($element instanceof DOMDocument) { + $doc = $element; + } else { + $doc = $element->ownerDocument; + } + if ($doc) { + $xpath = new DOMXPath($doc); + $query = "//*[local-name()='EncryptedData' and namespace-uri()='".self::XMLENCNS."']"; + $nodeset = $xpath->query($query); + return $nodeset->item(0); + } + return null; + } + + /** + * Returns the key from the DOM + * @param null|DOMNode $node + * @return null|MoXMLSecurityKey + */ + public function locateKey($node=null) + { + if (empty($node)) { + $node = $this->rawNode; + } + if (! $node instanceof DOMNode) { + return null; + } + if ($doc = $node->ownerDocument) { + $xpath = new DOMXPath($doc); + $xpath->registerNamespace('xmlsecenc', self::XMLENCNS); + $query = ".//xmlsecenc:EncryptionMethod"; + $nodeset = $xpath->query($query, $node); + if ($encmeth = $nodeset->item(0)) { + $attrAlgorithm = $encmeth->getAttribute("Algorithm"); + try { + $objKey = new MoXMLSecurityKey($attrAlgorithm, array('type' => 'private')); + } catch (Exception $e) { + return null; + } + return $objKey; + } + } + return null; + } + + /** + * @param null|MoXMLSecurityKey $objBaseKey + * @param null|DOMNode $node + * @return null|MoXMLSecurityKey + * @throws Exception + */ + public static function staticLocateKeyInfo($objBaseKey=null, $node=null) + { + if (empty($node) || (! $node instanceof DOMNode)) { + return null; + } + $doc = $node->ownerDocument; + if (!$doc) { + return null; + } + + $xpath = new DOMXPath($doc); + $xpath->registerNamespace('xmlsecenc', self::XMLENCNS); + $xpath->registerNamespace('xmlsecdsig', MoXMLSecurityDSig::XMLDSIGNS); + $query = "./xmlsecdsig:KeyInfo"; + $nodeset = $xpath->query($query, $node); + $encmeth = $nodeset->item(0); + if (!$encmeth) { + /* No KeyInfo in EncryptedData / EncryptedKey. */ + return $objBaseKey; + } + + foreach ($encmeth->childNodes AS $child) { + switch ($child->localName) { + case 'KeyName': + if (! empty($objBaseKey)) { + $objBaseKey->name = $child->nodeValue; + } + break; + case 'KeyValue': + foreach ($child->childNodes AS $keyval) { + switch ($keyval->localName) { + case 'DSAKeyValue': + throw new Exception("DSAKeyValue currently not supported"); + case 'RSAKeyValue': + $modulus = null; + $exponent = null; + if ($modulusNode = $keyval->getElementsByTagName('Modulus')->item(0)) { + $modulus = base64_decode($modulusNode->nodeValue); + } + if ($exponentNode = $keyval->getElementsByTagName('Exponent')->item(0)) { + $exponent = base64_decode($exponentNode->nodeValue); + } + if (empty($modulus) || empty($exponent)) { + throw new Exception("Missing Modulus or Exponent"); + } + $publicKey = MoXMLSecurityKey::convertRSA($modulus, $exponent); + $objBaseKey->loadKey($publicKey); + break; + } + } + break; + case 'RetrievalMethod': + $type = $child->getAttribute('Type'); + if ($type !== 'http://www.w3.org/2001/04/xmlenc#EncryptedKey') { + /* Unsupported key type. */ + break; + } + $uri = $child->getAttribute('URI'); + if ($uri[0] !== '#') { + /* URI not a reference - unsupported. */ + break; + } + $id = substr($uri, 1); + + $query = '//xmlsecenc:EncryptedKey[@Id="'.MoXPath::filterAttrValue($id, MoXPath::DOUBLE_QUOTE).'"]'; + $keyElement = $xpath->query($query)->item(0); + if (!$keyElement) { + throw new Exception("Unable to locate EncryptedKey with @Id='$id'."); + } + + return MoXMLSecurityKey::fromEncryptedKeyElement($keyElement); + case 'EncryptedKey': + return MoXMLSecurityKey::fromEncryptedKeyElement($child); + case 'X509Data': + if ($x509certNodes = $child->getElementsByTagName('X509Certificate')) { + if ($x509certNodes->length > 0) { + $x509cert = $x509certNodes->item(0)->textContent; + $x509cert = str_replace(array("\r", "\n", " "), "", $x509cert); + $x509cert = "-----BEGIN CERTIFICATE-----\n".chunk_split($x509cert, 64, "\n")."-----END CERTIFICATE-----\n"; + $objBaseKey->loadKey($x509cert, false, true); + } + } + break; + } + } + return $objBaseKey; + } + + /** + * @param null|MoXMLSecurityKey $objBaseKey + * @param null|DOMNode $node + * @return null|MoXMLSecurityKey + */ + public function locateKeyInfo($objBaseKey=null, $node=null) + { + if (empty($node)) { + $node = $this->rawNode; + } + return self::staticLocateKeyInfo($objBaseKey, $node); + } +} diff --git a/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/includes/lib/SAML2Core/MoXMLSecurityDSig.php b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/includes/lib/SAML2Core/MoXMLSecurityDSig.php new file mode 100644 index 0000000..aa8071b --- /dev/null +++ b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/includes/lib/SAML2Core/MoXMLSecurityDSig.php @@ -0,0 +1,1162 @@ +. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * * Neither the name of Robert Richards nor the names of his + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER + * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN + * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + * + * @author Robert Richards + * @copyright 2007-2020 Robert Richards + * @license http://www.opensource.org/licenses/bsd-license.php BSD License + */ + +class MoXMLSecurityDSig +{ + const XMLDSIGNS = 'http://www.w3.org/2000/09/xmldsig#'; + const SHA1 = 'http://www.w3.org/2000/09/xmldsig#sha1'; + const SHA256 = 'http://www.w3.org/2001/04/xmlenc#sha256'; + const SHA384 = 'http://www.w3.org/2001/04/xmldsig-more#sha384'; + const SHA512 = 'http://www.w3.org/2001/04/xmlenc#sha512'; + const RIPEMD160 = 'http://www.w3.org/2001/04/xmlenc#ripemd160'; + + const C14N = 'http://www.w3.org/TR/2001/REC-xml-c14n-20010315'; + const C14N_COMMENTS = 'http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments'; + const EXC_C14N = 'http://www.w3.org/2001/10/xml-exc-c14n#'; + const EXC_C14N_COMMENTS = 'http://www.w3.org/2001/10/xml-exc-c14n#WithComments'; + + const template = ' + + + +'; + + const BASE_TEMPLATE = ' + + + +'; + + /** @var DOMElement|null */ + public $sigNode = null; + + /** @var array */ + public $idKeys = array(); + + /** @var array */ + public $idNS = array(); + + /** @var string|null */ + private $signedInfo = null; + + /** @var DomXPath|null */ + private $xPathCtx = null; + + /** @var string|null */ + private $canonicalMethod = null; + + /** @var string */ + private $prefix = ''; + + /** @var string */ + private $searchpfx = 'secdsig'; + + /** + * This variable contains an associative array of validated nodes. + * @var array|null + */ + private $validatedNodes = null; + + /** + * @param string $prefix + */ + public function __construct($prefix='ds') + { + $template = self::BASE_TEMPLATE; + if (! empty($prefix)) { + $this->prefix = $prefix.':'; + $search = array("ownerDocument; + } + if ($doc) { + $xpath = new DOMXPath($doc); + $xpath->registerNamespace('secdsig', self::XMLDSIGNS); + $query = ".//secdsig:Signature"; + $nodeset = $xpath->query($query, $objDoc); + $this->sigNode = $nodeset->item($pos); + $query = "./secdsig:SignedInfo"; + $nodeset = $xpath->query($query, $this->sigNode); + if ($nodeset->length > 1) { + throw new Exception("Invalid structure - Too many SignedInfo elements found"); + } + return $this->sigNode; + } + return null; + } + + /** + * @param string $name + * @param null|string $value + * @return DOMElement + */ + public function createNewSignNode($name, $value=null) + { + $doc = $this->sigNode->ownerDocument; + if (! is_null($value)) { + $node = $doc->createElementNS(self::XMLDSIGNS, $this->prefix.$name, $value); + } else { + $node = $doc->createElementNS(self::XMLDSIGNS, $this->prefix.$name); + } + return $node; + } + + /** + * @param string $method + * @throws Exception + */ + public function setCanonicalMethod($method) + { + switch ($method) { + case 'http://www.w3.org/TR/2001/REC-xml-c14n-20010315': + case 'http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments': + case 'http://www.w3.org/2001/10/xml-exc-c14n#': + case 'http://www.w3.org/2001/10/xml-exc-c14n#WithComments': + $this->canonicalMethod = $method; + break; + default: + throw new Exception('Invalid Canonical Method'); + } + if ($xpath = $this->getXPathObj()) { + $query = './'.$this->searchpfx.':SignedInfo'; + $nodeset = $xpath->query($query, $this->sigNode); + if ($sinfo = $nodeset->item(0)) { + $query = './'.$this->searchpfx.'CanonicalizationMethod'; + $nodeset = $xpath->query($query, $sinfo); + if (! ($canonNode = $nodeset->item(0))) { + $canonNode = $this->createNewSignNode('CanonicalizationMethod'); + $sinfo->insertBefore($canonNode, $sinfo->firstChild); + } + $canonNode->setAttribute('Algorithm', $this->canonicalMethod); + } + } + } + + /** + * @param DOMNode $node + * @param string $canonicalmethod + * @param null|array $arXPath + * @param null|array $prefixList + * @return string + */ + private function canonicalizeData($node, $canonicalmethod, $arXPath=null, $prefixList=null) + { + $exclusive = false; + $withComments = false; + switch ($canonicalmethod) { + case 'http://www.w3.org/TR/2001/REC-xml-c14n-20010315': + $exclusive = false; + $withComments = false; + break; + case 'http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments': + $withComments = true; + break; + case 'http://www.w3.org/2001/10/xml-exc-c14n#': + $exclusive = true; + break; + case 'http://www.w3.org/2001/10/xml-exc-c14n#WithComments': + $exclusive = true; + $withComments = true; + break; + } + + if (is_null($arXPath) && ($node instanceof DOMNode) && ($node->ownerDocument !== null) && $node->isSameNode($node->ownerDocument->documentElement)) { + /* Check for any PI or comments as they would have been excluded */ + $element = $node; + while ($refnode = $element->previousSibling) { + if ($refnode->nodeType == XML_PI_NODE || (($refnode->nodeType == XML_COMMENT_NODE) && $withComments)) { + break; + } + $element = $refnode; + } + if ($refnode == null) { + $node = $node->ownerDocument; + } + } + + return $node->C14N($exclusive, $withComments, $arXPath, $prefixList); + } + + /** + * @return null|string + */ + public function canonicalizeSignedInfo() + { + + $doc = $this->sigNode->ownerDocument; + $canonicalmethod = null; + if ($doc) { + $xpath = $this->getXPathObj(); + $query = "./secdsig:SignedInfo"; + $nodeset = $xpath->query($query, $this->sigNode); + if ($nodeset->length > 1) { + throw new Exception("Invalid structure - Too many SignedInfo elements found"); + } + if ($signInfoNode = $nodeset->item(0)) { + $query = "./secdsig:CanonicalizationMethod"; + $nodeset = $xpath->query($query, $signInfoNode); + $prefixList = null; + if ($canonNode = $nodeset->item(0)) { + $canonicalmethod = $canonNode->getAttribute('Algorithm'); + foreach ($canonNode->childNodes as $node) + { + if ($node->localName == 'InclusiveNamespaces') { + if ($pfx = $node->getAttribute('PrefixList')) { + $arpfx = array_filter(explode(' ', $pfx)); + if (count($arpfx) > 0) { + $prefixList = array_merge($prefixList ? $prefixList : array(), $arpfx); + } + } + } + } + } + $this->signedInfo = $this->canonicalizeData($signInfoNode, $canonicalmethod, null, $prefixList); + return $this->signedInfo; + } + } + return null; + } + + /** + * @param string $digestAlgorithm + * @param string $data + * @param bool $encode + * @return string + * @throws Exception + */ + public function calculateDigest($digestAlgorithm, $data, $encode = true) + { + switch ($digestAlgorithm) { + case self::SHA1: + $alg = 'sha1'; + break; + case self::SHA256: + $alg = 'sha256'; + break; + case self::SHA384: + $alg = 'sha384'; + break; + case self::SHA512: + $alg = 'sha512'; + break; + case self::RIPEMD160: + $alg = 'ripemd160'; + break; + default: + throw new Exception("Cannot validate digest: Unsupported Algorithm <$digestAlgorithm>"); + } + + $digest = hash($alg, $data, true); + if ($encode) { + $digest = base64_encode($digest); + } + return $digest; + + } + + /** + * @param $refNode + * @param string $data + * @return bool + */ + public function validateDigest($refNode, $data) + { + $xpath = new DOMXPath($refNode->ownerDocument); + $xpath->registerNamespace('secdsig', self::XMLDSIGNS); + $query = 'string(./secdsig:DigestMethod/@Algorithm)'; + $digestAlgorithm = $xpath->evaluate($query, $refNode); + $digValue = $this->calculateDigest($digestAlgorithm, $data, false); + $query = 'string(./secdsig:DigestValue)'; + $digestValue = $xpath->evaluate($query, $refNode); + return ($digValue === base64_decode($digestValue)); + } + + /** + * @param $refNode + * @param DOMNode $objData + * @param bool $includeCommentNodes + * @return string + */ + public function processTransforms($refNode, $objData, $includeCommentNodes = true) + { + $data = $objData; + $xpath = new DOMXPath($refNode->ownerDocument); + $xpath->registerNamespace('secdsig', self::XMLDSIGNS); + $query = './secdsig:Transforms/secdsig:Transform'; + $nodelist = $xpath->query($query, $refNode); + $canonicalMethod = 'http://www.w3.org/TR/2001/REC-xml-c14n-20010315'; + $arXPath = null; + $prefixList = null; + foreach ($nodelist AS $transform) { + $algorithm = $transform->getAttribute("Algorithm"); + switch ($algorithm) { + case 'http://www.w3.org/2001/10/xml-exc-c14n#': + case 'http://www.w3.org/2001/10/xml-exc-c14n#WithComments': + + if (!$includeCommentNodes) { + /* We remove comment nodes by forcing it to use a canonicalization + * without comments. + */ + $canonicalMethod = 'http://www.w3.org/2001/10/xml-exc-c14n#'; + } else { + $canonicalMethod = $algorithm; + } + + $node = $transform->firstChild; + while ($node) { + if ($node->localName == 'InclusiveNamespaces') { + if ($pfx = $node->getAttribute('PrefixList')) { + $arpfx = array(); + $pfxlist = explode(" ", $pfx); + foreach ($pfxlist AS $pfx) { + $val = trim($pfx); + if (! empty($val)) { + $arpfx[] = $val; + } + } + if (count($arpfx) > 0) { + $prefixList = $arpfx; + } + } + break; + } + $node = $node->nextSibling; + } + break; + case 'http://www.w3.org/TR/2001/REC-xml-c14n-20010315': + case 'http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments': + if (!$includeCommentNodes) { + /* We remove comment nodes by forcing it to use a canonicalization + * without comments. + */ + $canonicalMethod = 'http://www.w3.org/TR/2001/REC-xml-c14n-20010315'; + } else { + $canonicalMethod = $algorithm; + } + + break; + case 'http://www.w3.org/TR/1999/REC-xpath-19991116': + $node = $transform->firstChild; + while ($node) { + if ($node->localName == 'MoXPath') { + $arXPath = array(); + $arXPath['query'] = '(.//. | .//@* | .//namespace::*)['.$node->nodeValue.']'; + $arXPath['namespaces'] = array(); + $nslist = $xpath->query('./namespace::*', $node); + foreach ($nslist AS $nsnode) { + if ($nsnode->localName != "xml") { + $arXPath['namespaces'][$nsnode->localName] = $nsnode->nodeValue; + } + } + break; + } + $node = $node->nextSibling; + } + break; + } + } + if ($data instanceof DOMNode) { + $data = $this->canonicalizeData($objData, $canonicalMethod, $arXPath, $prefixList); + } + return $data; + } + + /** + * @param DOMNode $refNode + * @return bool + */ + public function processRefNode($refNode) + { + $dataObject = null; + + /* + * Depending on the URI, we may not want to include comments in the result + * See: http://www.w3.org/TR/xmldsig-core/#sec-ReferenceProcessingModel + */ + $includeCommentNodes = true; + + if ($uri = $refNode->getAttribute("URI")) { + $arUrl = parse_url($uri); + if (empty($arUrl['path'])) { + if ($identifier = $arUrl['fragment']) { + + /* This reference identifies a node with the given id by using + * a URI on the form "#identifier". This should not include comments. + */ + $includeCommentNodes = false; + + $xPath = new DOMXPath($refNode->ownerDocument); + if ($this->idNS && is_array($this->idNS)) { + foreach ($this->idNS as $nspf => $ns) { + $xPath->registerNamespace($nspf, $ns); + } + } + $iDlist = '@Id="'.MoXPath::filterAttrValue($identifier, MoXPath::DOUBLE_QUOTE).'"'; + if (is_array($this->idKeys)) { + foreach ($this->idKeys as $idKey) { + $iDlist .= " or @".MoXPath::filterAttrName($idKey).'="'. + MoXPath::filterAttrValue($identifier, MoXPath::DOUBLE_QUOTE).'"'; + } + } + $query = '//*['.$iDlist.']'; + $dataObject = $xPath->query($query)->item(0); + } else { + $dataObject = $refNode->ownerDocument; + } + } + } else { + /* This reference identifies the root node with an empty URI. This should + * not include comments. + */ + $includeCommentNodes = false; + + $dataObject = $refNode->ownerDocument; + } + $data = $this->processTransforms($refNode, $dataObject, $includeCommentNodes); + if (!$this->validateDigest($refNode, $data)) { + return false; + } + + if ($dataObject instanceof DOMNode) { + /* Add this node to the list of validated nodes. */ + if (! empty($identifier)) { + $this->validatedNodes[$identifier] = $dataObject; + } else { + $this->validatedNodes[] = $dataObject; + } + } + + return true; + } + + /** + * @param DOMNode $refNode + * @return null + */ + public function getRefNodeID($refNode) + { + if ($uri = $refNode->getAttribute("URI")) { + $arUrl = parse_url($uri); + if (empty($arUrl['path'])) { + if ($identifier = $arUrl['fragment']) { + return $identifier; + } + } + } + return null; + } + + /** + * @return array + * @throws Exception + */ + public function getRefIDs() + { + $refids = array(); + + $xpath = $this->getXPathObj(); + $query = "./secdsig:SignedInfo[1]/secdsig:Reference"; + $nodeset = $xpath->query($query, $this->sigNode); + if ($nodeset->length == 0) { + throw new Exception("Reference nodes not found"); + } + foreach ($nodeset AS $refNode) { + $refids[] = $this->getRefNodeID($refNode); + } + return $refids; + } + + /** + * @return bool + * @throws Exception + */ + public function validateReference() + { + $docElem = $this->sigNode->ownerDocument->documentElement; + if (! $docElem->isSameNode($this->sigNode)) { + if ($this->sigNode->parentNode != null) { + $this->sigNode->parentNode->removeChild($this->sigNode); + } + } + $xpath = $this->getXPathObj(); + $query = "./secdsig:SignedInfo[1]/secdsig:Reference"; + $nodeset = $xpath->query($query, $this->sigNode); + if ($nodeset->length == 0) { + throw new Exception("Reference nodes not found"); + } + + /* Initialize/reset the list of validated nodes. */ + $this->validatedNodes = array(); + + foreach ($nodeset AS $refNode) { + if (! $this->processRefNode($refNode)) { + /* Clear the list of validated nodes. */ + $this->validatedNodes = null; + throw new Exception("Reference validation failed"); + } + } + return true; + } + + /** + * @param DOMNode $sinfoNode + * @param DOMDocument $node + * @param string $algorithm + * @param null|array $arTransforms + * @param null|array $options + */ + private function addRefInternal($sinfoNode, $node, $algorithm, $arTransforms=null, $options=null) + { + $prefix = null; + $prefix_ns = null; + $id_name = 'Id'; + $overwrite_id = true; + $force_uri = false; + + if (is_array($options)) { + $prefix = empty($options['prefix']) ? null : $options['prefix']; + $prefix_ns = empty($options['prefix_ns']) ? null : $options['prefix_ns']; + $id_name = empty($options['id_name']) ? 'Id' : $options['id_name']; + $overwrite_id = !isset($options['overwrite']) ? true : (bool) $options['overwrite']; + $force_uri = !isset($options['force_uri']) ? false : (bool) $options['force_uri']; + } + + $attname = $id_name; + if (! empty($prefix)) { + $attname = $prefix.':'.$attname; + } + + $refNode = $this->createNewSignNode('Reference'); + $sinfoNode->appendChild($refNode); + + if (! $node instanceof DOMDocument) { + $uri = null; + if (! $overwrite_id) { + $uri = $prefix_ns ? $node->getAttributeNS($prefix_ns, $id_name) : $node->getAttribute($id_name); + } + if (empty($uri)) { + $uri = self::generateGUID(); + $node->setAttributeNS($prefix_ns, $attname, $uri); + } + $refNode->setAttribute("URI", '#'.$uri); + } elseif ($force_uri) { + $refNode->setAttribute("URI", ''); + } + + $transNodes = $this->createNewSignNode('Transforms'); + $refNode->appendChild($transNodes); + + if (is_array($arTransforms)) { + foreach ($arTransforms AS $transform) { + $transNode = $this->createNewSignNode('Transform'); + $transNodes->appendChild($transNode); + if (is_array($transform) && + (! empty($transform['http://www.w3.org/TR/1999/REC-xpath-19991116'])) && + (! empty($transform['http://www.w3.org/TR/1999/REC-xpath-19991116']['query']))) { + $transNode->setAttribute('Algorithm', 'http://www.w3.org/TR/1999/REC-xpath-19991116'); + $XPathNode = $this->createNewSignNode('XPath', $transform['http://www.w3.org/TR/1999/REC-xpath-19991116']['query']); + $transNode->appendChild($XPathNode); + if (! empty($transform['http://www.w3.org/TR/1999/REC-xpath-19991116']['namespaces'])) { + foreach ($transform['http://www.w3.org/TR/1999/REC-xpath-19991116']['namespaces'] AS $prefix => $namespace) { + $XPathNode->setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:$prefix", $namespace); + } + } + } else { + $transNode->setAttribute('Algorithm', $transform); + } + } + } elseif (! empty($this->canonicalMethod)) { + $transNode = $this->createNewSignNode('Transform'); + $transNodes->appendChild($transNode); + $transNode->setAttribute('Algorithm', $this->canonicalMethod); + } + + $canonicalData = $this->processTransforms($refNode, $node); + $digValue = $this->calculateDigest($algorithm, $canonicalData); + + $digestMethod = $this->createNewSignNode('DigestMethod'); + $refNode->appendChild($digestMethod); + $digestMethod->setAttribute('Algorithm', $algorithm); + + $digestValue = $this->createNewSignNode('DigestValue', $digValue); + $refNode->appendChild($digestValue); + } + + /** + * @param DOMDocument $node + * @param string $algorithm + * @param null|array $arTransforms + * @param null|array $options + */ + public function addReference($node, $algorithm, $arTransforms=null, $options=null) + { + if ($xpath = $this->getXPathObj()) { + $query = "./secdsig:SignedInfo"; + $nodeset = $xpath->query($query, $this->sigNode); + if ($sInfo = $nodeset->item(0)) { + $this->addRefInternal($sInfo, $node, $algorithm, $arTransforms, $options); + } + } + } + + /** + * @param array $arNodes + * @param string $algorithm + * @param null|array $arTransforms + * @param null|array $options + */ + public function addReferenceList($arNodes, $algorithm, $arTransforms=null, $options=null) + { + if ($xpath = $this->getXPathObj()) { + $query = "./secdsig:SignedInfo"; + $nodeset = $xpath->query($query, $this->sigNode); + if ($sInfo = $nodeset->item(0)) { + foreach ($arNodes AS $node) { + $this->addRefInternal($sInfo, $node, $algorithm, $arTransforms, $options); + } + } + } + } + + /** + * @param DOMElement|string $data + * @param null|string $mimetype + * @param null|string $encoding + * @return DOMElement + */ + public function addObject($data, $mimetype=null, $encoding=null) + { + $objNode = $this->createNewSignNode('Object'); + $this->sigNode->appendChild($objNode); + if (! empty($mimetype)) { + $objNode->setAttribute('MimeType', $mimetype); + } + if (! empty($encoding)) { + $objNode->setAttribute('Encoding', $encoding); + } + + if ($data instanceof DOMElement) { + $newData = $this->sigNode->ownerDocument->importNode($data, true); + } else { + $newData = $this->sigNode->ownerDocument->createTextNode($data); + } + $objNode->appendChild($newData); + + return $objNode; + } + + /** + * @param null|DOMNode $node + * @return null|MoXMLSecurityKey + */ + public function locateKey($node=null) + { + if (empty($node)) { + $node = $this->sigNode; + } + if (! $node instanceof DOMNode) { + return null; + } + if ($doc = $node->ownerDocument) { + $xpath = new DOMXPath($doc); + $xpath->registerNamespace('secdsig', self::XMLDSIGNS); + $query = "string(./secdsig:SignedInfo/secdsig:SignatureMethod/@Algorithm)"; + $algorithm = $xpath->evaluate($query, $node); + if ($algorithm) { + try { + $objKey = new MoXMLSecurityKey($algorithm, array('type' => 'public')); + } catch (Exception $e) { + return null; + } + return $objKey; + } + } + return null; + } + + /** + * Returns: + * Bool when verifying HMAC_SHA1; + * Int otherwise, with following meanings: + * 1 on succesful signature verification, + * 0 when signature verification failed, + * -1 if an error occurred during processing. + * + * NOTE: be very careful when checking the int return value, because in + * PHP, -1 will be cast to True when in boolean context. Always check the + * return value in a strictly typed way, e.g. "$obj->verify(...) === 1". + * + * @param MoXMLSecurityKey $objKey + * @return bool|int + * @throws Exception + */ + public function verify($objKey) + { + $doc = $this->sigNode->ownerDocument; + $xpath = new DOMXPath($doc); + $xpath->registerNamespace('secdsig', self::XMLDSIGNS); + $query = "string(./secdsig:SignatureValue)"; + $sigValue = $xpath->evaluate($query, $this->sigNode); + if (empty($sigValue)) { + throw new Exception("Unable to locate SignatureValue"); + } + return $objKey->verifySignature($this->signedInfo, base64_decode($sigValue)); + } + + /** + * @param MoXMLSecurityKey $objKey + * @param string $data + * @return mixed|string + */ + public function signData($objKey, $data) + { + return $objKey->signData($data); + } + + /** + * @param MoXMLSecurityKey $objKey + * @param null|DOMNode $appendToNode + */ + public function sign($objKey, $appendToNode = null) + { + // If we have a parent node append it now so C14N properly works + if ($appendToNode != null) { + $this->resetXPathObj(); + $this->appendSignature($appendToNode); + $this->sigNode = $appendToNode->lastChild; + } + if ($xpath = $this->getXPathObj()) { + $query = "./secdsig:SignedInfo"; + $nodeset = $xpath->query($query, $this->sigNode); + if ($sInfo = $nodeset->item(0)) { + $query = "./secdsig:SignatureMethod"; + $nodeset = $xpath->query($query, $sInfo); + $sMethod = $nodeset->item(0); + $sMethod->setAttribute('Algorithm', $objKey->type); + $data = $this->canonicalizeData($sInfo, $this->canonicalMethod); + $sigValue = base64_encode($this->signData($objKey, $data)); + $sigValueNode = $this->createNewSignNode('SignatureValue', $sigValue); + if ($infoSibling = $sInfo->nextSibling) { + $infoSibling->parentNode->insertBefore($sigValueNode, $infoSibling); + } else { + $this->sigNode->appendChild($sigValueNode); + } + } + } + } + + public function appendCert() + { + + } + + /** + * @param MoXMLSecurityKey $objKey + * @param null|DOMNode $parent + */ + public function appendKey($objKey, $parent=null) + { + $objKey->serializeKey($parent); + } + + + /** + * This function inserts the signature element. + * + * The signature element will be appended to the element, unless $beforeNode is specified. If $beforeNode + * is specified, the signature element will be inserted as the last element before $beforeNode. + * + * @param DOMNode $node The node the signature element should be inserted into. + * @param DOMNode $beforeNode The node the signature element should be located before. + * + * @return DOMNode The signature element node + */ + public function insertSignature($node, $beforeNode = null) + { + + $document = $node->ownerDocument; + $signatureElement = $document->importNode($this->sigNode, true); + + if ($beforeNode == null) { + return $node->insertBefore($signatureElement); + } else { + return $node->insertBefore($signatureElement, $beforeNode); + } + } + + /** + * @param DOMNode $parentNode + * @param bool $insertBefore + * @return DOMNode + */ + public function appendSignature($parentNode, $insertBefore = false) + { + $beforeNode = $insertBefore ? $parentNode->firstChild : null; + return $this->insertSignature($parentNode, $beforeNode); + } + + /** + * @param string $cert + * @param bool $isPEMFormat + * @return string + */ + public static function get509XCert($cert, $isPEMFormat=true) + { + $certs = self::staticGet509XCerts($cert, $isPEMFormat); + if (! empty($certs)) { + return $certs[0]; + } + return ''; + } + + /** + * @param string $certs + * @param bool $isPEMFormat + * @return array + */ + public static function staticGet509XCerts($certs, $isPEMFormat=true) + { + if ($isPEMFormat) { + $data = ''; + $certlist = array(); + $arCert = explode("\n", $certs); + $inData = false; + foreach ($arCert AS $curData) { + if (! $inData) { + if (strncmp($curData, '-----BEGIN CERTIFICATE', 22) == 0) { + $inData = true; + } + } else { + if (strncmp($curData, '-----END CERTIFICATE', 20) == 0) { + $inData = false; + $certlist[] = $data; + $data = ''; + continue; + } + $data .= trim($curData); + } + } + return $certlist; + } else { + return array($certs); + } + } + + /** + * @param DOMElement $parentRef + * @param string $cert + * @param bool $isPEMFormat + * @param bool $isURL + * @param null|DOMXPath $xpath + * @param null|array $options + * @throws Exception + */ + public static function staticAdd509Cert($parentRef, $cert, $isPEMFormat=true, $isURL=false, $xpath=null, $options=null) + { + if ($isURL) { + $cert = file_get_contents($cert); + } + if (! $parentRef instanceof DOMElement) { + throw new Exception('Invalid parent Node parameter'); + } + $baseDoc = $parentRef->ownerDocument; + + if (empty($xpath)) { + $xpath = new DOMXPath($parentRef->ownerDocument); + $xpath->registerNamespace('secdsig', self::XMLDSIGNS); + } + + $query = "./secdsig:KeyInfo"; + $nodeset = $xpath->query($query, $parentRef); + $keyInfo = $nodeset->item(0); + $dsig_pfx = ''; + if (! $keyInfo) { + $pfx = $parentRef->lookupPrefix(self::XMLDSIGNS); + if (! empty($pfx)) { + $dsig_pfx = $pfx.":"; + } + $inserted = false; + $keyInfo = $baseDoc->createElementNS(self::XMLDSIGNS, $dsig_pfx.'KeyInfo'); + + $query = "./secdsig:Object"; + $nodeset = $xpath->query($query, $parentRef); + if ($sObject = $nodeset->item(0)) { + $sObject->parentNode->insertBefore($keyInfo, $sObject); + $inserted = true; + } + + if (! $inserted) { + $parentRef->appendChild($keyInfo); + } + } else { + $pfx = $keyInfo->lookupPrefix(self::XMLDSIGNS); + if (! empty($pfx)) { + $dsig_pfx = $pfx.":"; + } + } + + // Add all certs if there are more than one + $certs = self::staticGet509XCerts($cert, $isPEMFormat); + + // Attach X509 data node + $x509DataNode = $baseDoc->createElementNS(self::XMLDSIGNS, $dsig_pfx.'X509Data'); + $keyInfo->appendChild($x509DataNode); + + $issuerSerial = false; + $subjectName = false; + if (is_array($options)) { + if (! empty($options['issuerSerial'])) { + $issuerSerial = true; + } + if (! empty($options['subjectName'])) { + $subjectName = true; + } + } + + // Attach all certificate nodes and any additional data + foreach ($certs as $X509Cert) { + if ($issuerSerial || $subjectName) { + if ($certData = openssl_x509_parse("-----BEGIN CERTIFICATE-----\n".chunk_split($X509Cert, 64, "\n")."-----END CERTIFICATE-----\n")) { + if ($subjectName && ! empty($certData['subject'])) { + if (is_array($certData['subject'])) { + $parts = array(); + foreach ($certData['subject'] AS $key => $value) { + if (is_array($value)) { + foreach ($value as $valueElement) { + array_unshift($parts, "$key=$valueElement"); + } + } else { + array_unshift($parts, "$key=$value"); + } + } + $subjectNameValue = implode(',', $parts); + } else { + $subjectNameValue = $certData['issuer']; + } + $x509SubjectNode = $baseDoc->createElementNS(self::XMLDSIGNS, $dsig_pfx.'X509SubjectName', $subjectNameValue); + $x509DataNode->appendChild($x509SubjectNode); + } + if ($issuerSerial && ! empty($certData['issuer']) && ! empty($certData['serialNumber'])) { + if (is_array($certData['issuer'])) { + $parts = array(); + foreach ($certData['issuer'] AS $key => $value) { + array_unshift($parts, "$key=$value"); + } + $issuerName = implode(',', $parts); + } else { + $issuerName = $certData['issuer']; + } + + $x509IssuerNode = $baseDoc->createElementNS(self::XMLDSIGNS, $dsig_pfx.'X509IssuerSerial'); + $x509DataNode->appendChild($x509IssuerNode); + + $x509Node = $baseDoc->createElementNS(self::XMLDSIGNS, $dsig_pfx.'X509IssuerName', $issuerName); + $x509IssuerNode->appendChild($x509Node); + $x509Node = $baseDoc->createElementNS(self::XMLDSIGNS, $dsig_pfx.'X509SerialNumber', $certData['serialNumber']); + $x509IssuerNode->appendChild($x509Node); + } + } + + } + $x509CertNode = $baseDoc->createElementNS(self::XMLDSIGNS, $dsig_pfx.'X509Certificate', $X509Cert); + $x509DataNode->appendChild($x509CertNode); + } + } + + /** + * @param string $cert + * @param bool $isPEMFormat + * @param bool $isURL + * @param null|array $options + */ + public function add509Cert($cert, $isPEMFormat=true, $isURL=false, $options=null) + { + if ($xpath = $this->getXPathObj()) { + self::staticAdd509Cert($this->sigNode, $cert, $isPEMFormat, $isURL, $xpath, $options); + } + } + + /** + * This function appends a node to the KeyInfo. + * + * The KeyInfo element will be created if one does not exist in the document. + * + * @param DOMNode $node The node to append to the KeyInfo. + * + * @return DOMNode The KeyInfo element node + */ + public function appendToKeyInfo($node) + { + $parentRef = $this->sigNode; + $baseDoc = $parentRef->ownerDocument; + + $xpath = $this->getXPathObj(); + if (empty($xpath)) { + $xpath = new DOMXPath($parentRef->ownerDocument); + $xpath->registerNamespace('secdsig', self::XMLDSIGNS); + } + + $query = "./secdsig:KeyInfo"; + $nodeset = $xpath->query($query, $parentRef); + $keyInfo = $nodeset->item(0); + if (! $keyInfo) { + $dsig_pfx = ''; + $pfx = $parentRef->lookupPrefix(self::XMLDSIGNS); + if (! empty($pfx)) { + $dsig_pfx = $pfx.":"; + } + $inserted = false; + $keyInfo = $baseDoc->createElementNS(self::XMLDSIGNS, $dsig_pfx.'KeyInfo'); + + $query = "./secdsig:Object"; + $nodeset = $xpath->query($query, $parentRef); + if ($sObject = $nodeset->item(0)) { + $sObject->parentNode->insertBefore($keyInfo, $sObject); + $inserted = true; + } + + if (! $inserted) { + $parentRef->appendChild($keyInfo); + } + } + + $keyInfo->appendChild($node); + + return $keyInfo; + } + + /** + * This function retrieves an associative array of the validated nodes. + * + * The array will contain the id of the referenced node as the key and the node itself + * as the value. + * + * Returns: + * An associative array of validated nodes or null if no nodes have been validated. + * + * @return array Associative array of validated nodes + */ + public function getValidatedNodes() + { + return $this->validatedNodes; + } +} diff --git a/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/includes/lib/SAML2Core/MoXMLSecurityKey.php b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/includes/lib/SAML2Core/MoXMLSecurityKey.php new file mode 100644 index 0000000..b62de78 --- /dev/null +++ b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/includes/lib/SAML2Core/MoXMLSecurityKey.php @@ -0,0 +1,800 @@ +. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * * Neither the name of Robert Richards nor the names of his + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER + * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN + * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + * + * @author Robert Richards + * @copyright 2007-2020 Robert Richards + * @license http://www.opensource.org/licenses/bsd-license.php BSD License + */ + +class MoXMLSecurityKey +{ + const TRIPLEDES_CBC = 'http://www.w3.org/2001/04/xmlenc#tripledes-cbc'; + const AES128_CBC = 'http://www.w3.org/2001/04/xmlenc#aes128-cbc'; + const AES192_CBC = 'http://www.w3.org/2001/04/xmlenc#aes192-cbc'; + const AES256_CBC = 'http://www.w3.org/2001/04/xmlenc#aes256-cbc'; + const AES128_GCM = 'http://www.w3.org/2009/xmlenc11#aes128-gcm'; + const AES192_GCM = 'http://www.w3.org/2009/xmlenc11#aes192-gcm'; + const AES256_GCM = 'http://www.w3.org/2009/xmlenc11#aes256-gcm'; + const RSA_1_5 = 'http://www.w3.org/2001/04/xmlenc#rsa-1_5'; + const RSA_OAEP_MGF1P = 'http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p'; + const DSA_SHA1 = 'http://www.w3.org/2000/09/xmldsig#dsa-sha1'; + const RSA_SHA1 = 'http://www.w3.org/2000/09/xmldsig#rsa-sha1'; + const RSA_SHA256 = 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256'; + const RSA_SHA384 = 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha384'; + const RSA_SHA512 = 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha512'; + const HMAC_SHA1 = 'http://www.w3.org/2000/09/xmldsig#hmac-sha1'; + const AUTHTAG_LENGTH = 16; + + /** @var array */ + private $cryptParams = array(); + + /** @var int|string */ + public $type = 0; + + /** @var mixed|null */ + public $key = null; + + /** @var string */ + public $passphrase = ""; + + /** @var string|null */ + public $iv = null; + + /** @var string|null */ + public $name = null; + + /** @var mixed|null */ + public $keyChain = null; + + /** @var bool */ + public $isEncrypted = false; + + /** @var MoXMLSecEnc|null */ + public $encryptedCtx = null; + + /** @var mixed|null */ + public $guid = null; + + /** + * This variable contains the certificate as a string if this key represents an X509-certificate. + * If this key doesn't represent a certificate, this will be null. + * @var string|null + */ + private $x509Certificate = null; + + /** + * This variable contains the certificate thumbprint if we have loaded an X509-certificate. + * @var string|null + */ + private $X509Thumbprint = null; + + /** + * @param string $type + * @param null|array $params + * @throws Exception + */ + public function __construct($type, $params=null) + { + switch ($type) { + case (self::TRIPLEDES_CBC): + $this->cryptParams['library'] = 'openssl'; + $this->cryptParams['cipher'] = 'des-ede3-cbc'; + $this->cryptParams['type'] = 'symmetric'; + $this->cryptParams['method'] = 'http://www.w3.org/2001/04/xmlenc#tripledes-cbc'; + $this->cryptParams['keysize'] = 24; + $this->cryptParams['blocksize'] = 8; + break; + case (self::AES128_CBC): + $this->cryptParams['library'] = 'openssl'; + $this->cryptParams['cipher'] = 'aes-128-cbc'; + $this->cryptParams['type'] = 'symmetric'; + $this->cryptParams['method'] = 'http://www.w3.org/2001/04/xmlenc#aes128-cbc'; + $this->cryptParams['keysize'] = 16; + $this->cryptParams['blocksize'] = 16; + break; + case (self::AES192_CBC): + $this->cryptParams['library'] = 'openssl'; + $this->cryptParams['cipher'] = 'aes-192-cbc'; + $this->cryptParams['type'] = 'symmetric'; + $this->cryptParams['method'] = 'http://www.w3.org/2001/04/xmlenc#aes192-cbc'; + $this->cryptParams['keysize'] = 24; + $this->cryptParams['blocksize'] = 16; + break; + case (self::AES256_CBC): + $this->cryptParams['library'] = 'openssl'; + $this->cryptParams['cipher'] = 'aes-256-cbc'; + $this->cryptParams['type'] = 'symmetric'; + $this->cryptParams['method'] = 'http://www.w3.org/2001/04/xmlenc#aes256-cbc'; + $this->cryptParams['keysize'] = 32; + $this->cryptParams['blocksize'] = 16; + break; + case (self::AES128_GCM): + $this->cryptParams['library'] = 'openssl'; + $this->cryptParams['cipher'] = 'aes-128-gcm'; + $this->cryptParams['type'] = 'symmetric'; + $this->cryptParams['method'] = 'http://www.w3.org/2009/xmlenc11#aes128-gcm'; + $this->cryptParams['keysize'] = 32; + $this->cryptParams['blocksize'] = 16; + break; + case (self::AES192_GCM): + $this->cryptParams['library'] = 'openssl'; + $this->cryptParams['cipher'] = 'aes-192-gcm'; + $this->cryptParams['type'] = 'symmetric'; + $this->cryptParams['method'] = 'http://www.w3.org/2009/xmlenc11#aes192-gcm'; + $this->cryptParams['keysize'] = 32; + $this->cryptParams['blocksize'] = 16; + break; + case (self::AES256_GCM): + $this->cryptParams['library'] = 'openssl'; + $this->cryptParams['cipher'] = 'aes-256-gcm'; + $this->cryptParams['type'] = 'symmetric'; + $this->cryptParams['method'] = 'http://www.w3.org/2009/xmlenc11#aes256-gcm'; + $this->cryptParams['keysize'] = 32; + $this->cryptParams['blocksize'] = 16; + break; + case (self::RSA_1_5): + $this->cryptParams['library'] = 'openssl'; + $this->cryptParams['padding'] = OPENSSL_PKCS1_PADDING; + $this->cryptParams['method'] = 'http://www.w3.org/2001/04/xmlenc#rsa-1_5'; + if (is_array($params) && ! empty($params['type'])) { + if ($params['type'] == 'public' || $params['type'] == 'private') { + $this->cryptParams['type'] = $params['type']; + break; + } + } + throw new Exception('Certificate "type" (private/public) must be passed via parameters'); + case (self::RSA_OAEP_MGF1P): + $this->cryptParams['library'] = 'openssl'; + $this->cryptParams['padding'] = OPENSSL_PKCS1_OAEP_PADDING; + $this->cryptParams['method'] = 'http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p'; + $this->cryptParams['hash'] = null; + if (is_array($params) && ! empty($params['type'])) { + if ($params['type'] == 'public' || $params['type'] == 'private') { + $this->cryptParams['type'] = $params['type']; + break; + } + } + throw new Exception('Certificate "type" (private/public) must be passed via parameters'); + case (self::RSA_SHA1): + $this->cryptParams['library'] = 'openssl'; + $this->cryptParams['method'] = 'http://www.w3.org/2000/09/xmldsig#rsa-sha1'; + $this->cryptParams['padding'] = OPENSSL_PKCS1_PADDING; + if (is_array($params) && ! empty($params['type'])) { + if ($params['type'] == 'public' || $params['type'] == 'private') { + $this->cryptParams['type'] = $params['type']; + break; + } + } + throw new Exception('Certificate "type" (private/public) must be passed via parameters'); + case (self::RSA_SHA256): + $this->cryptParams['library'] = 'openssl'; + $this->cryptParams['method'] = 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256'; + $this->cryptParams['padding'] = OPENSSL_PKCS1_PADDING; + $this->cryptParams['digest'] = 'SHA256'; + if (is_array($params) && ! empty($params['type'])) { + if ($params['type'] == 'public' || $params['type'] == 'private') { + $this->cryptParams['type'] = $params['type']; + break; + } + } + throw new Exception('Certificate "type" (private/public) must be passed via parameters'); + case (self::RSA_SHA384): + $this->cryptParams['library'] = 'openssl'; + $this->cryptParams['method'] = 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha384'; + $this->cryptParams['padding'] = OPENSSL_PKCS1_PADDING; + $this->cryptParams['digest'] = 'SHA384'; + if (is_array($params) && ! empty($params['type'])) { + if ($params['type'] == 'public' || $params['type'] == 'private') { + $this->cryptParams['type'] = $params['type']; + break; + } + } + throw new Exception('Certificate "type" (private/public) must be passed via parameters'); + case (self::RSA_SHA512): + $this->cryptParams['library'] = 'openssl'; + $this->cryptParams['method'] = 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha512'; + $this->cryptParams['padding'] = OPENSSL_PKCS1_PADDING; + $this->cryptParams['digest'] = 'SHA512'; + if (is_array($params) && ! empty($params['type'])) { + if ($params['type'] == 'public' || $params['type'] == 'private') { + $this->cryptParams['type'] = $params['type']; + break; + } + } + throw new Exception('Certificate "type" (private/public) must be passed via parameters'); + case (self::HMAC_SHA1): + $this->cryptParams['library'] = $type; + $this->cryptParams['method'] = 'http://www.w3.org/2000/09/xmldsig#hmac-sha1'; + break; + default: + throw new Exception('Invalid Key Type'); + } + $this->type = $type; + } + + /** + * Retrieve the key size for the symmetric encryption algorithm.. + * + * If the key size is unknown, or this isn't a symmetric encryption algorithm, + * null is returned. + * + * @return int|null The number of bytes in the key. + */ + public function getSymmetricKeySize() + { + if (! isset($this->cryptParams['keysize'])) { + return null; + } + return $this->cryptParams['keysize']; + } + + /** + * Generates a session key using the openssl-extension. + * In case of using DES3-CBC the key is checked for a proper parity bits set. + * @return string + * @throws Exception + */ + public function generateSessionKey() + { + if (!isset($this->cryptParams['keysize'])) { + throw new Exception('Unknown key size for type "' . $this->type . '".'); + } + $keysize = $this->cryptParams['keysize']; + + $key = openssl_random_pseudo_bytes($keysize); + + if ($this->type === self::TRIPLEDES_CBC) { + /* Make sure that the generated key has the proper parity bits set. + * Mcrypt doesn't care about the parity bits, but others may care. + */ + for ($i = 0; $i < strlen($key); $i++) { + $byte = ord($key[$i]) & 0xfe; + $parity = 1; + for ($j = 1; $j < 8; $j++) { + $parity ^= ($byte >> $j) & 1; + } + $byte |= $parity; + $key[$i] = chr($byte); + } + } + + $this->key = $key; + return $key; + } + + /** + * Get the raw thumbprint of a certificate + * + * @param string $cert + * @return null|string + */ + public static function getRawThumbprint($cert) + { + + $arCert = explode("\n", $cert); + $data = ''; + $inData = false; + + foreach ($arCert AS $curData) { + if (! $inData) { + if (strncmp($curData, '-----BEGIN CERTIFICATE', 22) == 0) { + $inData = true; + } + } else { + if (strncmp($curData, '-----END CERTIFICATE', 20) == 0) { + break; + } + $data .= trim($curData); + } + } + + if (! empty($data)) { + return strtolower(sha1(base64_decode($data))); + } + + return null; + } + + /** + * Loads the given key, or - with isFile set true - the key from the keyfile. + * + * @param string $key + * @param bool $isFile + * @param bool $isCert + * @throws Exception + */ + public function loadKey($key, $isFile=false, $isCert = false) + { + if ($isFile) { + $this->key = file_get_contents($key); + } else { + $this->key = $key; + } + if ($isCert) { + $this->key = openssl_x509_read($this->key); + openssl_x509_export($this->key, $str_cert); + $this->x509Certificate = $str_cert; + $this->key = $str_cert; + } else { + $this->x509Certificate = null; + } + if ($this->cryptParams['library'] == 'openssl') { + switch ($this->cryptParams['type']) { + case 'public': + if ($isCert) { + /* Load the thumbprint if this is an X509 certificate. */ + $this->X509Thumbprint = self::getRawThumbprint($this->key); + } + $this->key = openssl_get_publickey($this->key); + if (! $this->key) { + throw new Exception('Unable to extract public key'); + } + break; + + case 'private': + $this->key = openssl_get_privatekey($this->key, $this->passphrase); + break; + + case'symmetric': + if (strlen($this->key) < $this->cryptParams['keysize']) { + throw new Exception('Key must contain at least 25 characters for this cipher'); + } + break; + + default: + throw new Exception('Unknown type'); + } + } + } + + /** + * ISO 10126 Padding + * + * @param string $data + * @param integer $blockSize + * @throws Exception + * @return string + */ + private function padISO10126($data, $blockSize) + { + if ($blockSize > 256) { + throw new Exception('Block size higher than 256 not allowed'); + } + $padChr = $blockSize - (strlen($data) % $blockSize); + $pattern = chr($padChr); + return $data . str_repeat($pattern, $padChr); + } + + /** + * Remove ISO 10126 Padding + * + * @param string $data + * @return string + */ + private function unpadISO10126($data) + { + $padChr = substr($data, -1); + $padLen = ord($padChr); + return substr($data, 0, -$padLen); + } + + /** + * Encrypts the given data (string) using the openssl-extension + * + * @param string $data + * @return string + */ + private function encryptSymmetric($data) + { + $this->iv = openssl_random_pseudo_bytes(openssl_cipher_iv_length($this->cryptParams['cipher'])); + $authTag = null; + if(in_array($this->cryptParams['cipher'], ['aes-128-gcm', 'aes-192-gcm', 'aes-256-gcm'])) { + if (version_compare(PHP_VERSION, '7.1.0') < 0) { + throw new Exception('PHP 7.1.0 is required to use AES GCM algorithms'); + } + $authTag = openssl_random_pseudo_bytes(self::AUTHTAG_LENGTH); + $encrypted = openssl_encrypt($data, $this->cryptParams['cipher'], $this->key, OPENSSL_RAW_DATA, $this->iv, $authTag); + } else { + $data = $this->padISO10126($data, $this->cryptParams['blocksize']); + $encrypted = openssl_encrypt($data, $this->cryptParams['cipher'], $this->key, OPENSSL_RAW_DATA | OPENSSL_ZERO_PADDING, $this->iv); + } + + if (false === $encrypted) { + throw new Exception('Failure encrypting Data (openssl symmetric) - ' . openssl_error_string()); + } + return $this->iv . $encrypted . $authTag; + } + + /** + * Decrypts the given data (string) using the openssl-extension + * + * @param string $data + * @return string + */ + private function decryptSymmetric($data) + { + $iv_length = openssl_cipher_iv_length($this->cryptParams['cipher']); + $this->iv = substr($data, 0, $iv_length); + $data = substr($data, $iv_length); + $authTag = null; + if(in_array($this->cryptParams['cipher'], ['aes-128-gcm', 'aes-192-gcm', 'aes-256-gcm'])) { + if (version_compare(PHP_VERSION, '7.1.0') < 0) { + throw new Exception('PHP 7.1.0 is required to use AES GCM algorithms'); + } + // obtain and remove the authentication tag + $offset = 0 - self::AUTHTAG_LENGTH; + $authTag = substr($data, $offset); + $data = substr($data, 0, $offset); + $decrypted = openssl_decrypt($data, $this->cryptParams['cipher'], $this->key, OPENSSL_RAW_DATA, $this->iv, $authTag); + } else { + $decrypted = openssl_decrypt($data, $this->cryptParams['cipher'], $this->key, OPENSSL_RAW_DATA | OPENSSL_ZERO_PADDING, $this->iv); + } + + if (false === $decrypted) { + throw new Exception('Failure decrypting Data (openssl symmetric) - ' . openssl_error_string()); + } + return null !== $authTag ? $decrypted : $this->unpadISO10126($decrypted); + } + + /** + * Encrypts the given public data (string) using the openssl-extension + * + * @param string $data + * @return string + * @throws Exception + */ + private function encryptPublic($data) + { + if (! openssl_public_encrypt($data, $encrypted, $this->key, $this->cryptParams['padding'])) { + throw new Exception('Failure encrypting Data (openssl public) - ' . openssl_error_string()); + } + return $encrypted; + } + + /** + * Decrypts the given public data (string) using the openssl-extension + * + * @param string $data + * @return string + * @throws Exception + */ + private function decryptPublic($data) + { + if (! openssl_public_decrypt($data, $decrypted, $this->key, $this->cryptParams['padding'])) { + throw new Exception('Failure decrypting Data (openssl public) - ' . openssl_error_string()); + } + return $decrypted; + } + + /** + * Encrypts the given private data (string) using the openssl-extension + * + * @param string $data + * @return string + * @throws Exception + */ + private function encryptPrivate($data) + { + if (! openssl_private_encrypt($data, $encrypted, $this->key, $this->cryptParams['padding'])) { + throw new Exception('Failure encrypting Data (openssl private) - ' . openssl_error_string()); + } + return $encrypted; + } + + /** + * Decrypts the given private data (string) using the openssl-extension + * + * @param string $data + * @return string + * @throws Exception + */ + private function decryptPrivate($data) + { + if (! openssl_private_decrypt($data, $decrypted, $this->key, $this->cryptParams['padding'])) { + throw new Exception('Failure decrypting Data (openssl private) - ' . openssl_error_string()); + } + return $decrypted; + } + + /** + * Signs the given data (string) using the openssl-extension + * + * @param string $data + * @return string + * @throws Exception + */ + private function signOpenSSL($data) + { + $algo = OPENSSL_ALGO_SHA1; + if (! empty($this->cryptParams['digest'])) { + $algo = $this->cryptParams['digest']; + } + if (! openssl_sign($data, $signature, $this->key, $algo)) { + throw new Exception('Failure Signing Data: ' . openssl_error_string() . ' - ' . $algo); + } + return $signature; + } + + /** + * Verifies the given data (string) belonging to the given signature using the openssl-extension + * + * Returns: + * 1 on succesful signature verification, + * 0 when signature verification failed, + * -1 if an error occurred during processing. + * + * NOTE: be very careful when checking the return value, because in PHP, + * -1 will be cast to True when in boolean context. So always check the + * return value in a strictly typed way, e.g. "$obj->verify(...) === 1". + * + * @param string $data + * @param string $signature + * @return int + */ + private function verifyOpenSSL($data, $signature) + { + $algo = OPENSSL_ALGO_SHA1; + if (! empty($this->cryptParams['digest'])) { + $algo = $this->cryptParams['digest']; + } + return openssl_verify($data, $signature, $this->key, $algo); + } + + /** + * Encrypts the given data (string) using the regarding php-extension, depending on the library assigned to algorithm in the contructor. + * + * @param string $data + * @return mixed|string + */ + public function encryptData($data) + { + if ($this->cryptParams['library'] === 'openssl') { + switch ($this->cryptParams['type']) { + case 'symmetric': + return $this->encryptSymmetric($data); + case 'public': + return $this->encryptPublic($data); + case 'private': + return $this->encryptPrivate($data); + } + } + } + + /** + * Decrypts the given data (string) using the regarding php-extension, depending on the library assigned to algorithm in the contructor. + * + * @param string $data + * @return mixed|string + */ + public function decryptData($data) + { + if ($this->cryptParams['library'] === 'openssl') { + switch ($this->cryptParams['type']) { + case 'symmetric': + return $this->decryptSymmetric($data); + case 'public': + return $this->decryptPublic($data); + case 'private': + return $this->decryptPrivate($data); + } + } + } + + /** + * Signs the data (string) using the extension assigned to the type in the constructor. + * + * @param string $data + * @return mixed|string + */ + public function signData($data) + { + switch ($this->cryptParams['library']) { + case 'openssl': + return $this->signOpenSSL($data); + case (self::HMAC_SHA1): + return hash_hmac("sha1", $data, $this->key, true); + } + } + + /** + * Verifies the data (string) against the given signature using the extension assigned to the type in the constructor. + * + * Returns in case of openSSL: + * 1 on succesful signature verification, + * 0 when signature verification failed, + * -1 if an error occurred during processing. + * + * NOTE: be very careful when checking the return value, because in PHP, + * -1 will be cast to True when in boolean context. So always check the + * return value in a strictly typed way, e.g. "$obj->verify(...) === 1". + * + * @param string $data + * @param string $signature + * @return bool|int + */ + public function verifySignature($data, $signature) + { + switch ($this->cryptParams['library']) { + case 'openssl': + return $this->verifyOpenSSL($data, $signature); + case (self::HMAC_SHA1): + $expectedSignature = hash_hmac("sha1", $data, $this->key, true); + return strcmp($signature, $expectedSignature) == 0; + } + } + + /** + * @deprecated + * @see getAlgorithm() + * @return mixed + */ + public function getAlgorith() + { + return $this->getAlgorithm(); + } + + /** + * @return mixed + */ + public function getAlgorithm() + { + return $this->cryptParams['method']; + } + + /** + * + * @param int $type + * @param string $string + * @return null|string + */ + public static function makeAsnSegment($type, $string) + { + switch ($type) { + case 0x02: + if (ord($string) > 0x7f) + $string = chr(0).$string; + break; + case 0x03: + $string = chr(0).$string; + break; + } + + $length = strlen($string); + + if ($length < 128) { + $output = sprintf("%c%c%s", $type, $length, $string); + } else if ($length < 0x0100) { + $output = sprintf("%c%c%c%s", $type, 0x81, $length, $string); + } else if ($length < 0x010000) { + $output = sprintf("%c%c%c%c%s", $type, 0x82, $length / 0x0100, $length % 0x0100, $string); + } else { + $output = null; + } + return $output; + } + + /** + * + * Hint: Modulus and Exponent must already be base64 decoded + * @param string $modulus + * @param string $exponent + * @return string + */ + public static function convertRSA($modulus, $exponent) + { + /* make an ASN publicKeyInfo */ + $exponentEncoding = self::makeAsnSegment(0x02, $exponent); + $modulusEncoding = self::makeAsnSegment(0x02, $modulus); + $sequenceEncoding = self::makeAsnSegment(0x30, $modulusEncoding.$exponentEncoding); + $bitstringEncoding = self::makeAsnSegment(0x03, $sequenceEncoding); + $rsaAlgorithmIdentifier = pack("H*", "300D06092A864886F70D0101010500"); + $publicKeyInfo = self::makeAsnSegment(0x30, $rsaAlgorithmIdentifier.$bitstringEncoding); + + /* encode the publicKeyInfo in base64 and add PEM brackets */ + $publicKeyInfoBase64 = base64_encode($publicKeyInfo); + $encoding = "-----BEGIN PUBLIC KEY-----\n"; + $offset = 0; + while ($segment = substr($publicKeyInfoBase64, $offset, 64)) { + $encoding = $encoding.$segment."\n"; + $offset += 64; + } + return $encoding."-----END PUBLIC KEY-----\n"; + } + + /** + * @param mixed $parent + */ + public function serializeKey($parent) + { + + } + + /** + * Retrieve the X509 certificate this key represents. + * + * Will return the X509 certificate in PEM-format if this key represents + * an X509 certificate. + * + * @return string The X509 certificate or null if this key doesn't represent an X509-certificate. + */ + public function getX509Certificate() + { + return $this->x509Certificate; + } + + /** + * Get the thumbprint of this X509 certificate. + * + * Returns: + * The thumbprint as a lowercase 40-character hexadecimal number, or null + * if this isn't a X509 certificate. + * + * @return string Lowercase 40-character hexadecimal number of thumbprint + */ + public function getX509Thumbprint() + { + return $this->X509Thumbprint; + } + + + /** + * Create key from an EncryptedKey-element. + * + * @param DOMElement $element The EncryptedKey-element. + * @return MoXMLSecurityKey The new key. + * @throws Exception + * + */ + public static function fromEncryptedKeyElement(DOMElement $element) + { + + $objenc = new MoXMLSecEnc(); + $objenc->setNode($element); + if (! $objKey = $objenc->locateKey()) { + throw new Exception("Unable to locate algorithm for this Encrypted Key"); + } + $objKey->isEncrypted = true; + $objKey->encryptedCtx = $objenc; + MoXMLSecEnc::staticLocateKeyInfo($objKey, $element); + return $objKey; + } + +} diff --git a/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/includes/lib/SAML2Core/Utils/MoXPath.php b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/includes/lib/SAML2Core/Utils/MoXPath.php new file mode 100644 index 0000000..1e80cb2 --- /dev/null +++ b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/includes/lib/SAML2Core/Utils/MoXPath.php @@ -0,0 +1,44 @@ + \ No newline at end of file diff --git a/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/includes/lib/mo-saml-options-enum.php b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/includes/lib/mo-saml-options-enum.php new file mode 100644 index 0000000..29c9784 --- /dev/null +++ b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/includes/lib/mo-saml-options-enum.php @@ -0,0 +1,640 @@ + "azure-ad", + "Azure B2C" => "azure-b2c", + "ADFS" => "adfs", + "Okta" => "okta", + "SalesForce" => "salesforce", + "Google Apps" => "google-apps", + "OneLogin" => "onelogin", + "MiniOrange" => "miniorange", + "Keycloak" => "jboss-keycloak", + "AbsorbLMS" => "absorb-lms", + "Degreed" => "degreed", + "JumpCloud" => "jumpcloud", + "PingFederate" => "pingfederate", + "PingOne" => "pingone", + "Centrify" => "centrify", + "Oracle" => "oracle-enterprise-manager", + "Bitium" => "bitium", + "Shibboleth 2" => "shibboleth2", + "Shibboleth 3" => "shibboleth3", + "Gluu Server" => "gluu-server", + "SimpleSAMLphp" => "simplesaml", + "OpenAM" => "openam", + "Authanvil"=>"authanvil", + "Auth0"=>"auth0", + "CA Identity"=>"ca-identity", + "WSO2"=>"wso2", + "RSA SecureID"=>"rsa-secureid", + "Custom IDP"=>"custom-idp" + ); +} + +class mo_saml_options_plugin_idp_videos extends MoSAMLBasicEnum{ + public static $IDP_VIDEOS = array( + "azure-ad"=> "eHen4aiflFU", + "azure-b2c"=> "", + "adfs"=> "rLBHbRbrY5E", + "okta"=> "YHE8iYojUqM", + "salesforce"=> "LRQrmgr255Q", + "google-apps"=> "5BwzEjgZiu4", + "onelogin"=> "_Hsot_RG9YY", + "miniorange"=> "eamf9s6JpbA", + "jboss-keycloak"=> "Io6x1fTNWHI", + "absorb-lms"=> "", + "degreed"=> "", + "jumpcloud"=> "", + "pingfederate"=> "", + "pingone"=> "", + "centrify"=> "", + "oracle-enterprise-manager"=> "", + "bitium"=> "", + "shibboleth2"=> "", + "shibboleth3"=> "", + "gluu-server"=> "", + "simplesaml"=> "", + "openam"=> "", + "authanvil"=> "", + "auth0"=> "54pz6m5h9mk", + "ca-identity" => "", + "wso2" => "", + "rsa-secureid" => "", + "custom-idp" => "gilfhNFYsgc" + ); +} + +class mo_saml_options_addons extends MoSAMLBasicEnum{ + + public static $ADDON_URL = array( + + 'scim' => 'https://plugins.miniorange.com/wordpress-user-provisioning', + 'page_restriction' => 'https://plugins.miniorange.com/wordpress-page-restriction', + 'file_prevention' => 'https://plugins.miniorange.com/wordpress-media-restriction', + 'ssologin' => 'https://plugins.miniorange.com/wordpress-sso-login-audit', + 'buddypress' => 'https://plugins.miniorange.com/wordpress-buddypress-integrator', + 'learndash' => 'https://plugins.miniorange.com/wordpress-learndash-integrator', + 'attribute_based_redirection' => 'https://plugins.miniorange.com/wordpress-attribute-based-redirection-restriction', + 'ssosession' => 'https://plugins.miniorange.com/sso-session-management', + 'fsso' => 'https://plugins.miniorange.com/incommon-federation-single-sign-on-sso', + 'paid_mem_pro' => 'https://plugins.miniorange.com/paid-membership-pro-integrator', + 'memberpress' => 'https://plugins.miniorange.com/wordpress-memberpress-integrator', + 'wp_members' => 'https://plugins.miniorange.com/wordpress-members-integrator', + 'woocommerce' => 'https://plugins.miniorange.com/wordpress-woocommerce-integrator', + 'guest_login' => 'https://plugins.miniorange.com/guest-user-login', + 'profile_picture_add_on' => 'https://plugins.miniorange.com/wordpress-profile-picture-map' + + ); + + public static $WP_ADDON_URL = array( + 'page-restriction' => 'https://wordpress.org/plugins/page-and-post-restriction/embed/', + 'scim-user-sync'=> 'https://wordpress.org/plugins/scim-user-provisioning/embed/' + ); + + public static $ADDON_TITLE = array( + + 'scim' => 'SCIM User Provisioning', + 'page_restriction' => 'Page and Post Restriction', + 'file_prevention' => 'Prevent File Access', + 'ssologin' => 'SSO Login Audit', + 'buddypress' => 'BuddyPress Integrator', + 'learndash' => 'Learndash Integrator', + 'attribute_based_redirection' => 'Attribute Based Redirection', + 'ssosession' => 'SSO Session Management', + 'fsso' => 'Federation Single Sign-On', + 'memberpress' => 'MemberPress Integrator', + 'wp_members' => 'WP-Members Integrator', + 'woocommerce' => 'WooCommerce Integrator', + 'guest_login' => 'Guest Login', + 'profile_picture_add_on' => 'Profile Picture Add-on', + 'paid_mem_pro' => 'PaidMembership Pro Integrator' + ); + + public static $RECOMMENDED_ADDONS_PATH = array( + + "learndash" => "sfwd-lms/sfwd_lms.php", + "buddypress" => "buddypress/bp-loader.php", + "paid_mem_pro" => "paid-memberships-pro/paid-memberships-pro.php", + "memberpress" => "memberpress/memberpress.php", + "wp_members" => "wp-members/wp-members.php", + "woocommerce" => "woocommerce/woocommerce.php" + ); + +} + +class mo_saml_license_plans extends MoSAMLBasicEnum { + + public static $license_plans = array ( + 'standard' => 'WP SAML SSO Standard Plan', + 'premium' => 'WP SAML SSO Premium Plan', + 'enterprise' => 'WP SAML SSO Enterprise Plan', + 'enterprise-multiple-idp' => 'WP SAML SSO Enterprise Multiple-IDP Plan', + 'all-inclusive' => 'WP SAML SSO All Inclusive Plan', + 'premium-multisite' => 'WP SAML SSO Premium Multisite Plan', + 'enterprise-multisite' => 'WP SAML SSO Enterprise Multisite Plan', + 'all-inclusive-multisite' => 'WP SAML SSO All Inclusive Multisite Plan', + 'help' => 'Not Sure' + ); + + public static $license_plans_slug = array ( + 'standard' => '16.0.2@16.0.2', + 'premium' => '12.0.2@12.0.2', + 'enterprise' => '12.0.2@12.0.2', + 'enterprise-multiple-idp' => '25.0.1@25.0.1', + 'all-inclusive' => '25.0.1@25.0.1', + ); +} + +class mo_saml_time_zones extends MoSAMLBasicEnum { + + public static $time_zones = array( + "(GMT-11:00) Niue Time" => "Pacific/Niue", + "(GMT-11:00) Samoa Standard Time" => "Pacific/Pago_Pago", + "(GMT-10:00) Cook Islands Standard Time" => "Pacific/Rarotonga", + "(GMT-10:00) Hawaii-Aleutian Standard Time" => "Pacific/Honolulu", + "(GMT-10:00) Tahiti Time" => "Pacific/Tahiti", + "(GMT-09:30) Marquesas Time" => "Pacific/Marquesas", + "(GMT-09:00) Gambier Time" => "Pacific/Gambier", + "(GMT-09:00) Hawaii-Aleutian Time (Adak)" => "America/Adak", + "(GMT-08:00) Alaska Time - Anchorage" => "America/Anchorage", + "(GMT-08:00) Alaska Time - Juneau" => "America/Juneau", + "(GMT-08:00) Alaska Time - Metlakatla" => "America/Metlakatla", + "(GMT-08:00) Alaska Time - Nome" => "America/Nome", + "(GMT-08:00) Alaska Time - Sitka" => "America/Sitka", + "(GMT-08:00) Alaska Time - Yakutat" => "America/Yakutat", + "(GMT-08:00) Pitcairn Time" => "Pacific/Pitcairn", + "(GMT-07:00) Mexican Pacific Standard Time" => "America/Hermosillo", + "(GMT-07:00) Mountain Standard Time - Creston" => "America/Creston", + "(GMT-07:00) Mountain Standard Time - Dawson" => "America/Dawson", + "(GMT-07:00) Mountain Standard Time - Dawson Creek" => "America/Dawson_Creek", + "(GMT-07:00) Mountain Standard Time - Fort Nelson" => "America/Fort_Nelson", + "(GMT-07:00) Mountain Standard Time - Phoenix" => "America/Phoenix", + "(GMT-07:00) Mountain Standard Time - Whitehorse" => "America/Whitehorse", + "(GMT-07:00) Pacific Time - Los Angeles" => "America/Los_Angeles", + "(GMT-07:00) Pacific Time - Tijuana" => "America/Tijuana", + "(GMT-07:00) Pacific Time - Vancouver" => "America/Vancouver", + "(GMT-06:00) Central Standard Time - Belize" => "America/Belize", + "(GMT-06:00) Central Standard Time - Costa Rica" => "America/Costa_Rica", + "(GMT-06:00) Central Standard Time - El Salvador" => "America/El_Salvador", + "(GMT-06:00) Central Standard Time - Guatemala" => "America/Guatemala", + "(GMT-06:00) Central Standard Time - Managua" => "America/Managua", + "(GMT-06:00) Central Standard Time - Regina" => "America/Regina", + "(GMT-06:00) Central Standard Time - Swift Current" => "America/Swift_Current", + "(GMT-06:00) Central Standard Time - Tegucigalpa" => "America/Tegucigalpa", + "(GMT-06:00) Easter Island Time" => "Pacific/Easter", + "(GMT-06:00) Galapagos Time" => "Pacific/Galapagos", + "(GMT-06:00) Mexican Pacific Time - Chihuahua" => "America/Chihuahua", + "(GMT-06:00) Mexican Pacific Time - Mazatlan" => "America/Mazatlan", + "(GMT-06:00) Mountain Time - Boise" => "America/Boise", + "(GMT-06:00) Mountain Time - Cambridge Bay" => "America/Cambridge_Bay", + "(GMT-06:00) Mountain Time - Denver" => "America/Denver", + "(GMT-06:00) Mountain Time - Edmonton" => "America/Edmonton", + "(GMT-06:00) Mountain Time - Inuvik" => "America/Inuvik", + "(GMT-06:00) Mountain Time - Ojinaga" => "America/Ojinaga", + "(GMT-06:00) Mountain Time - Yellowknife" => "America/Yellowknife", + "(GMT-05:00) Acre Standard Time - Eirunepe" => "America/Eirunepe", + "(GMT-05:00) Acre Standard Time - Rio Branco" => "America/Rio_Branco", + "(GMT-05:00) Central Time - Bahia Banderas" => "America/Bahia_Banderas", + "(GMT-05:00) Central Time - Beulah, North Dakota" => "America/North_Dakota/Beulah", + "(GMT-05:00) Central Time - Center, North Dakota" => "America/North_Dakota/Center", + "(GMT-05:00) Central Time - Chicago" => "America/Chicago", + "(GMT-05:00) Central Time - Knox, Indiana" => "America/Indiana/Knox", + "(GMT-05:00) Central Time - Matamoros" => "America/Matamoros", + "(GMT-05:00) Central Time - Menominee" => "America/Menominee", + "(GMT-05:00) Central Time - Merida" => "America/Merida", + "(GMT-05:00) Central Time - Mexico City" => "America/Mexico_City", + "(GMT-05:00) Central Time - Monterrey" => "America/Monterrey", + "(GMT-05:00) Central Time - New Salem, North Dakota" => "America/North_Dakota/New_Salem", + "(GMT-05:00) Central Time - Rainy River" => "America/Rainy_River", + "(GMT-05:00) Central Time - Rankin Inlet" => "America/Rankin_Inlet", + "(GMT-05:00) Central Time - Resolute" => "America/Resolute", + "(GMT-05:00) Central Time - Tell City, Indiana" => "America/Indiana/Tell_City", + "(GMT-05:00) Central Time - Winnipeg" => "America/Winnipeg", + "(GMT-05:00) Colombia Standard Time" => "America/Bogota", + "(GMT-05:00) Eastern Standard Time - Atikokan" => "America/Atikokan", + "(GMT-05:00) Eastern Standard Time - Cancun" => "America/Cancun", + "(GMT-05:00) Eastern Standard Time - Jamaica" => "America/Jamaica", + "(GMT-05:00) Eastern Standard Time - Panama" => "America/Panama", + "(GMT-05:00) Ecuador Time" => "America/Guayaquil", + "(GMT-05:00) Peru Standard Time" => "America/Lima", + "(GMT-04:00) Amazon Standard Time - Boa Vista" => "America/Boa_Vista", + "(GMT-04:00) Amazon Standard Time - Campo Grande" => "America/Campo_Grande", + "(GMT-04:00) Amazon Standard Time - Cuiaba" => "America/Cuiaba", + "(GMT-04:00) Amazon Standard Time - Manaus" => "America/Manaus", + "(GMT-04:00) Amazon Standard Time - Porto Velho" => "America/Porto_Velho", + "(GMT-04:00) Atlantic Standard Time - Barbados" => "America/Barbados", + "(GMT-04:00) Atlantic Standard Time - Blanc-Sablon" => "America/Blanc-Sablon", + "(GMT-04:00) Atlantic Standard Time - Curaçao" => "America/Curacao", + "(GMT-04:00) Atlantic Standard Time - Martinique" => "America/Martinique", + "(GMT-04:00) Atlantic Standard Time - Port of Spain" => "America/Port_of_Spain", + "(GMT-04:00) Atlantic Standard Time - Puerto Rico" => "America/Puerto_Rico", + "(GMT-04:00) Atlantic Standard Time - Santo Domingo" => "America/Santo_Domingo", + "(GMT-04:00) Bolivia Time" => "America/La_Paz", + "(GMT-04:00) Chile Time" => "America/Santiago", + "(GMT-04:00) Cuba Time" => "America/Havana", + "(GMT-04:00) Eastern Time - Detroit" => "America/Detroit", + "(GMT-04:00) Eastern Time - Grand Turk" => "America/Grand_Turk", + "(GMT-04:00) Eastern Time - Indianapolis" => "America/Indiana/Indianapolis", + "(GMT-04:00) Eastern Time - Iqaluit" => "America/Iqaluit", + "(GMT-04:00) Eastern Time - Louisville" => "America/Kentucky/Louisville", + "(GMT-04:00) Eastern Time - Marengo, Indiana" => "America/Indiana/Marengo", + "(GMT-04:00) Eastern Time - Monticello, Kentucky" => "America/Kentucky/Monticello", + "(GMT-04:00) Eastern Time - Nassau" => "America/Nassau", + "(GMT-04:00) Eastern Time - New York" => "America/New_York", + "(GMT-04:00) Eastern Time - Nipigon" => "America/Nipigon", + "(GMT-04:00) Eastern Time - Pangnirtung" => "America/Pangnirtung", + "(GMT-04:00) Eastern Time - Petersburg, Indiana" => "America/Indiana/Petersburg", + "(GMT-04:00) Eastern Time - Port-au-Prince" => "America/Port-au-Prince", + "(GMT-04:00) Eastern Time - Thunder Bay" => "America/Thunder_Bay", + "(GMT-04:00) Eastern Time - Toronto" => "America/Toronto", + "(GMT-04:00) Eastern Time - Vevay, Indiana" => "America/Indiana/Vevay", + "(GMT-04:00) Eastern Time - Vincennes, Indiana" => "America/Indiana/Vincennes", + "(GMT-04:00) Eastern Time - Winamac, Indiana" => "America/Indiana/Winamac", + "(GMT-04:00) Guyana Time" => "America/Guyana", + "(GMT-04:00) Paraguay Time" => "America/Asuncion", + "(GMT-04:00) Venezuela Time" => "America/Caracas", + "(GMT-03:00) Argentina Standard Time - Buenos Aires" => "America/Argentina/Buenos_Aires", + "(GMT-03:00) Argentina Standard Time - Catamarca" => "America/Argentina/Catamarca", + "(GMT-03:00) Argentina Standard Time - Cordoba" => "America/Argentina/Cordoba", + "(GMT-03:00) Argentina Standard Time - Jujuy" => "America/Argentina/Jujuy", + "(GMT-03:00) Argentina Standard Time - La Rioja" => "America/Argentina/La_Rioja", + "(GMT-03:00) Argentina Standard Time - Mendoza" => "America/Argentina/Mendoza", + "(GMT-03:00) Argentina Standard Time - Rio Gallegos" => "America/Argentina/Rio_Gallegos", + "(GMT-03:00) Argentina Standard Time - Salta" => "America/Argentina/Salta", + "(GMT-03:00) Argentina Standard Time - San Juan" => "America/Argentina/San_Juan", + "(GMT-03:00) Argentina Standard Time - San Luis" => "America/Argentina/San_Luis", + "(GMT-03:00) Argentina Standard Time - Tucuman" => "America/Argentina/Tucuman", + "(GMT-03:00) Argentina Standard Time - Ushuaia" => "America/Argentina/Ushuaia", + "(GMT-03:00) Atlantic Time - Bermuda" => "Atlantic/Bermuda", + "(GMT-03:00) Atlantic Time - Glace Bay" => "America/Glace_Bay", + "(GMT-03:00) Atlantic Time - Goose Bay" => "America/Goose_Bay", + "(GMT-03:00) Atlantic Time - Halifax" => "America/Halifax", + "(GMT-03:00) Atlantic Time - Moncton" => "America/Moncton", + "(GMT-03:00) Atlantic Time - Thule" => "America/Thule", + "(GMT-03:00) Brasilia Standard Time - Araguaina" => "America/Araguaina", + "(GMT-03:00) Brasilia Standard Time - Bahia" => "America/Bahia", + "(GMT-03:00) Brasilia Standard Time - Belem" => "America/Belem", + "(GMT-03:00) Brasilia Standard Time - Fortaleza" => "America/Fortaleza", + "(GMT-03:00) Brasilia Standard Time - Maceio" => "America/Maceio", + "(GMT-03:00) Brasilia Standard Time - Recife" => "America/Recife", + "(GMT-03:00) Brasilia Standard Time - Santarem" => "America/Santarem", + "(GMT-03:00) Brasilia Standard Time - Sao Paulo" => "America/Sao_Paulo", + "(GMT-03:00) Chile Time" => "America/Santiago", + "(GMT-03:00) Falkland Islands Standard Time" => "Atlantic/Stanley", + "(GMT-03:00) French Guiana Time" => "America/Cayenne", + "(GMT-03:00) Palmer Time" => "Antarctica/Palmer", + "(GMT-03:00) Punta Arenas Time" => "America/Punta_Arenas", + "(GMT-03:00) Rothera Time" => "Antarctica/Rothera", + "(GMT-03:00) Suriname Time" => "America/Paramaribo", + "(GMT-03:00) Uruguay Standard Time" => "America/Montevideo", + "(GMT-02:30) Newfoundland Time" => "America/St_Johns", + "(GMT-02:00) Fernando de Noronha Standard Time" => "America/Noronha", + "(GMT-02:00) South Georgia Time" => "Atlantic/South_Georgia", + "(GMT-02:00) St. Pierre & Miquelon Time" => "America/Miquelon", + "(GMT-02:00) West Greenland Time" => "America/Nuuk", + "(GMT-01:00) Cape Verde Standard Time" => "Atlantic/Cape_Verde", + "(GMT+00:00) Azores Time" => "Atlantic/Azores", + "(GMT+00:00) Coordinated Universal Time" => "UTC", + "(GMT+00:00) East Greenland Time" => "America/Scoresbysund", + "(GMT+00:00) Greenwich Mean Time" => "Etc/GMT", + "(GMT+00:00) Greenwich Mean Time - Abidjan" => "Africa/Abidjan", + "(GMT+00:00) Greenwich Mean Time - Accra" => "Africa/Accra", + "(GMT+00:00) Greenwich Mean Time - Bissau" => "Africa/Bissau", + "(GMT+00:00) Greenwich Mean Time - Danmarkshavn" => "America/Danmarkshavn", + "(GMT+00:00) Greenwich Mean Time - Monrovia" => "Africa/Monrovia", + "(GMT+00:00) Greenwich Mean Time - Reykjavik" => "Atlantic/Reykjavik", + "(GMT+00:00) Greenwich Mean Time - São Tomé" => "Africa/Sao_Tome", + "(GMT+01:00) Central European Standard Time - Algiers" => "Africa/Algiers", + "(GMT+01:00) Central European Standard Time - Tunis" => "Africa/Tunis", + "(GMT+01:00) Ireland Time" => "Europe/Dublin", + "(GMT+01:00) Morocco Time" => "Africa/Casablanca", + "(GMT+01:00) United Kingdom Time" => "Europe/London", + "(GMT+01:00) West Africa Standard Time - Lagos" => "Africa/Lagos", + "(GMT+01:00) West Africa Standard Time - Ndjamena" => "Africa/Ndjamena", + "(GMT+01:00) Western European Time - Canary" => "Atlantic/Canary", + "(GMT+01:00) Western European Time - Faroe" => "Atlantic/Faroe", + "(GMT+01:00) Western European Time - Lisbon" => "Europe/Lisbon", + "(GMT+01:00) Western European Time - Madeira" => "Atlantic/Madeira", + "(GMT+01:00) Western Sahara Time" => "Africa/El_Aaiun", + "(GMT+02:00) Central Africa Time - Khartoum" => "Africa/Khartoum", + "(GMT+02:00) Central Africa Time - Maputo" => "Africa/Maputo", + "(GMT+02:00) Central Africa Time - Windhoek" => "Africa/Windhoek", + "(GMT+02:00) Central European Time - Amsterdam" => "Europe/Amsterdam", + "(GMT+02:00) Central European Time - Andorra" => "Europe/Andorra", + "(GMT+02:00) Central European Time - Belgrade" => "Europe/Belgrade", + "(GMT+02:00) Central European Time - Berlin" => "Europe/Berlin", + "(GMT+02:00) Central European Time - Brussels" => "Europe/Brussels", + "(GMT+02:00) Central European Time - Budapest" => "Europe/Budapest", + "(GMT+02:00) Central European Time - Ceuta" => "Africa/Ceuta", + "(GMT+02:00) Central European Time - Copenhagen" => "Europe/Copenhagen", + "(GMT+02:00) Central European Time - Gibraltar" => "Europe/Gibraltar", + "(GMT+02:00) Central European Time - Luxembourg" => "Europe/Luxembourg", + "(GMT+02:00) Central European Time - Madrid" => "Europe/Madrid", + "(GMT+02:00) Central European Time - Malta" => "Europe/Malta", + "(GMT+02:00) Central European Time - Monaco" => "Europe/Monaco", + "(GMT+02:00) Central European Time - Oslo" => "Europe/Oslo", + "(GMT+02:00) Central European Time - Paris" => "Europe/Paris", + "(GMT+02:00) Central European Time - Prague" => "Europe/Prague", + "(GMT+02:00) Central European Time - Rome" => "Europe/Rome", + "(GMT+02:00) Central European Time - Stockholm" => "Europe/Stockholm", + "(GMT+02:00) Central European Time - Tirane" => "Europe/Tirane", + "(GMT+02:00) Central European Time - Vienna" => "Europe/Vienna", + "(GMT+02:00) Central European Time - Warsaw" => "Europe/Warsaw", + "(GMT+02:00) Central European Time - Zurich" => "Europe/Zurich", + "(GMT+02:00) Eastern European Standard Time - Cairo" => "Africa/Cairo", + "(GMT+02:00) Eastern European Standard Time - Kaliningrad" => "Europe/Kaliningrad", + "(GMT+02:00) Eastern European Standard Time - Tripoli" => "Africa/Tripoli", + "(GMT+02:00) South Africa Standard Time" => "Africa/Johannesburg", + "(GMT+02:00) Troll Time" => "Antarctica/Troll", + "(GMT+03:00) Arabian Standard Time - Baghdad" => "Asia/Baghdad", + "(GMT+03:00) Arabian Standard Time - Qatar" => "Asia/Qatar", + "(GMT+03:00) Arabian Standard Time - Riyadh" => "Asia/Riyadh", + "(GMT+03:00) East Africa Time - Juba" => "Africa/Juba", + "(GMT+03:00) East Africa Time - Nairobi" => "Africa/Nairobi", + "(GMT+03:00) Eastern European Time - Amman" => "Asia/Amman", + "(GMT+03:00) Eastern European Time - Athens" => "Europe/Athens", + "(GMT+03:00) Eastern European Time - Beirut" => "Asia/Beirut", + "(GMT+03:00) Eastern European Time - Bucharest" => "Europe/Bucharest", + "(GMT+03:00) Eastern European Time - Chisinau" => "Europe/Chisinau", + "(GMT+03:00) Eastern European Time - Damascus" => "Asia/Damascus", + "(GMT+03:00) Eastern European Time - Gaza" => "Asia/Gaza", + "(GMT+03:00) Eastern European Time - Hebron" => "Asia/Hebron", + "(GMT+03:00) Eastern European Time - Helsinki" => "Europe/Helsinki", + "(GMT+03:00) Eastern European Time - Kiev" => "Europe/Kiev", + "(GMT+03:00) Eastern European Time - Nicosia" => "Asia/Nicosia", + "(GMT+03:00) Eastern European Time - Riga" => "Europe/Riga", + "(GMT+03:00) Eastern European Time - Sofia" => "Europe/Sofia", + "(GMT+03:00) Eastern European Time - Tallinn" => "Europe/Tallinn", + "(GMT+03:00) Eastern European Time - Uzhhorod" => "Europe/Uzhgorod", + "(GMT+03:00) Eastern European Time - Vilnius" => "Europe/Vilnius", + "(GMT+03:00) Eastern European Time - Zaporozhye" => "Europe/Zaporozhye", + "(GMT+03:00) Famagusta Time" => "Asia/Famagusta", + "(GMT+03:00) Israel Time" => "Asia/Jerusalem", + "(GMT+03:00) Kirov Time" => "Europe/Kirov", + "(GMT+03:00) Moscow Standard Time - Minsk" => "Europe/Minsk", + "(GMT+03:00) Moscow Standard Time - Moscow" => "Europe/Moscow", + "(GMT+03:00) Moscow Standard Time - Simferopol" => "Europe/Simferopol", + "(GMT+03:00) Syowa Time" => "Antarctica/Syowa", + "(GMT+03:00) Turkey Time" => "Europe/Istanbul", + "(GMT+04:00) Armenia Standard Time" => "Asia/Yerevan", + "(GMT+04:00) Astrakhan Time" => "Europe/Astrakhan", + "(GMT+04:00) Azerbaijan Standard Time" => "Asia/Baku", + "(GMT+04:00) Georgia Standard Time" => "Asia/Tbilisi", + "(GMT+04:00) Gulf Standard Time" => "Asia/Dubai", + "(GMT+04:00) Mauritius Standard Time" => "Indian/Mauritius", + "(GMT+04:00) Réunion Time" => "Indian/Reunion", + "(GMT+04:00) Samara Standard Time" => "Europe/Samara", + "(GMT+04:00) Saratov Time" => "Europe/Saratov", + "(GMT+04:00) Seychelles Time" => "Indian/Mahe", + "(GMT+04:00) Ulyanovsk Time" => "Europe/Ulyanovsk", + "(GMT+04:00) Volgograd Standard Time" => "Europe/Volgograd", + "(GMT+04:30) Afghanistan Time" => "Asia/Kabul", + "(GMT+04:30) Iran Time" => "Asia/Tehran", + "(GMT+05:00) French Southern & Antarctic Time" => "Indian/Kerguelen", + "(GMT+05:00) Maldives Time" => "Indian/Maldives", + "(GMT+05:00) Mawson Time" => "Antarctica/Mawson", + "(GMT+05:00) Pakistan Standard Time" => "Asia/Karachi", + "(GMT+05:00) Tajikistan Time" => "Asia/Dushanbe", + "(GMT+05:00) Turkmenistan Standard Time" => "Asia/Ashgabat", + "(GMT+05:00) Uzbekistan Standard Time - Samarkand" => "Asia/Samarkand", + "(GMT+05:00) Uzbekistan Standard Time - Tashkent" => "Asia/Tashkent", + "(GMT+05:00) West Kazakhstan Time - Aqtau" => "Asia/Aqtau", + "(GMT+05:00) West Kazakhstan Time - Aqtobe" => "Asia/Aqtobe", + "(GMT+05:00) West Kazakhstan Time - Atyrau" => "Asia/Atyrau", + "(GMT+05:00) West Kazakhstan Time - Oral" => "Asia/Oral", + "(GMT+05:00) West Kazakhstan Time - Qyzylorda" => "Asia/Qyzylorda", + "(GMT+05:00) Yekaterinburg Standard Time" => "Asia/Yekaterinburg", + "(GMT+05:30) Indian Standard Time - Colombo" => "Asia/Colombo", + "(GMT+05:30) Indian Standard Time - Kolkata" => "Asia/Kolkata", + "(GMT+05:45) Nepal Time" => "Asia/Kathmandu", + "(GMT+06:00) Bangladesh Standard Time" => "Asia/Dhaka", + "(GMT+06:00) Bhutan Time" => "Asia/Thimphu", + "(GMT+06:00) East Kazakhstan Time - Almaty" => "Asia/Almaty", + "(GMT+06:00) East Kazakhstan Time - Kostanay" => "Asia/Qostanay", + "(GMT+06:00) Indian Ocean Time" => "Indian/Chagos", + "(GMT+06:00) Kyrgyzstan Time" => "Asia/Bishkek", + "(GMT+06:00) Omsk Standard Time" => "Asia/Omsk", + "(GMT+06:00) Urumqi Time" => "Asia/Urumqi", + "(GMT+06:00) Vostok Time" => "Antarctica/Vostok", + "(GMT+06:30) Cocos Islands Time" => "Indian/Cocos", + "(GMT+06:30) Myanmar Time" => "Asia/Yangon", + "(GMT+07:00) Barnaul Time" => "Asia/Barnaul", + "(GMT+07:00) Christmas Island Time" => "Indian/Christmas", + "(GMT+07:00) Davis Time" => "Antarctica/Davis", + "(GMT+07:00) Hovd Standard Time" => "Asia/Hovd", + "(GMT+07:00) Indochina Time - Bangkok" => "Asia/Bangkok", + "(GMT+07:00) Indochina Time - Ho Chi Minh City" => "Asia/Ho_Chi_Minh", + "(GMT+07:00) Krasnoyarsk Standard Time - Krasnoyarsk" => "Asia/Krasnoyarsk", + "(GMT+07:00) Krasnoyarsk Standard Time - Novokuznetsk" => "Asia/Novokuznetsk", + "(GMT+07:00) Novosibirsk Standard Time" => "Asia/Novosibirsk", + "(GMT+07:00) Tomsk Time" => "Asia/Tomsk", + "(GMT+07:00) Western Indonesia Time - Jakarta" => "Asia/Jakarta", + "(GMT+07:00) Western Indonesia Time - Pontianak" => "Asia/Pontianak", + "(GMT+08:00) Australian Western Standard Time - Casey" => "Antarctica/Casey", + "(GMT+08:00) Australian Western Standard Time - Perth" => "Australia/Perth", + "(GMT+08:00) Brunei Darussalam Time" => "Asia/Brunei", + "(GMT+08:00) Central Indonesia Time" => "Asia/Makassar", + "(GMT+08:00) China Standard Time - Macao" => "Asia/Macau", + "(GMT+08:00) China Standard Time - Shanghai" => "Asia/Shanghai", + "(GMT+08:00) Hong Kong Standard Time" => "Asia/Hong_Kong", + "(GMT+08:00) Irkutsk Standard Time" => "Asia/Irkutsk", + "(GMT+08:00) Malaysia Time - Kuala Lumpur" => "Asia/Kuala_Lumpur", + "(GMT+08:00) Malaysia Time - Kuching" => "Asia/Kuching", + "(GMT+08:00) Philippine Standard Time" => "Asia/Manila", + "(GMT+08:00) Singapore Standard Time" => "Asia/Singapore", + "(GMT+08:00) Taipei Standard Time" => "Asia/Taipei", + "(GMT+08:00) Ulaanbaatar Standard Time - Choibalsan" => "Asia/Choibalsan", + "(GMT+08:00) Ulaanbaatar Standard Time - Ulaanbaatar" => "Asia/Ulaanbaatar", + "(GMT+08:45) Australian Central Western Standard Time" => "Australia/Eucla", + "(GMT+09:00) East Timor Time" => "Asia/Dili", + "(GMT+09:00) Eastern Indonesia Time" => "Asia/Jayapura", + "(GMT+09:00) Japan Standard Time" => "Asia/Tokyo", + "(GMT+09:00) Korean Standard Time - Pyongyang" => "Asia/Pyongyang", + "(GMT+09:00) Korean Standard Time - Seoul" => "Asia/Seoul", + "(GMT+09:00) Palau Time" => "Pacific/Palau", + "(GMT+09:00) Yakutsk Standard Time - Chita" => "Asia/Chita", + "(GMT+09:00) Yakutsk Standard Time - Khandyga" => "Asia/Khandyga", + "(GMT+09:00) Yakutsk Standard Time - Yakutsk" => "Asia/Yakutsk", + "(GMT+09:30) Australian Central Standard Time" => "Australia/Darwin", + "(GMT+09:30) Central Australia Time - Adelaide" => "Australia/Adelaide", + "(GMT+09:30) Central Australia Time - Broken Hill" => "Australia/Broken_Hill", + "(GMT+10:00) Australian Eastern Standard Time - Brisbane" => "Australia/Brisbane", + "(GMT+10:00) Australian Eastern Standard Time - Lindeman" => "Australia/Lindeman", + "(GMT+10:00) Chamorro Standard Time" => "Pacific/Guam", + "(GMT+10:00) Chuuk Time" => "Pacific/Chuuk", + "(GMT+10:00) Dumont-d’Urville Time" => "Antarctica/DumontDUrville", + "(GMT+10:00) Eastern Australia Time - Currie" => "Australia/Currie", + "(GMT+10:00) Eastern Australia Time - Hobart" => "Australia/Hobart", + "(GMT+10:00) Eastern Australia Time - Melbourne" => "Australia/Melbourne", + "(GMT+10:00) Eastern Australia Time - Sydney" => "Australia/Sydney", + "(GMT+10:00) Papua New Guinea Time" => "Pacific/Port_Moresby", + "(GMT+10:00) Vladivostok Standard Time - Ust-Nera" => "Asia/Ust-Nera", + "(GMT+10:00) Vladivostok Standard Time - Vladivostok" => "Asia/Vladivostok", + "(GMT+10:30) Lord Howe Time" => "Australia/Lord_Howe", + "(GMT+11:00) Bougainville Time" => "Pacific/Bougainville", + "(GMT+11:00) Kosrae Time" => "Pacific/Kosrae", + "(GMT+11:00) Macquarie Island Time" => "Antarctica/Macquarie", + "(GMT+11:00) Magadan Standard Time" => "Asia/Magadan", + "(GMT+11:00) New Caledonia Standard Time" => "Pacific/Noumea", + "(GMT+11:00) Norfolk Island Time" => "Pacific/Norfolk", + "(GMT+11:00) Ponape Time" => "Pacific/Pohnpei", + "(GMT+11:00) Sakhalin Standard Time" => "Asia/Sakhalin", + "(GMT+11:00) Solomon Islands Time" => "Pacific/Guadalcanal", + "(GMT+11:00) Srednekolymsk Time" => "Asia/Srednekolymsk", + "(GMT+11:00) Vanuatu Standard Time" => "Pacific/Efate", + "(GMT+12:00) Anadyr Standard Time" => "Asia/Anadyr", + "(GMT+12:00) Fiji Time" => "Pacific/Fiji", + "(GMT+12:00) Gilbert Islands Time" => "Pacific/Tarawa", + "(GMT+12:00) Marshall Islands Time - Kwajalein" => "Pacific/Kwajalein", + "(GMT+12:00) Marshall Islands Time - Majuro" => "Pacific/Majuro", + "(GMT+12:00) Nauru Time" => "Pacific/Nauru", + "(GMT+12:00) New Zealand Time" => "Pacific/Auckland", + "(GMT+12:00) Petropavlovsk-Kamchatski Standard Time" => "Asia/Kamchatka", + "(GMT+12:00) Tuvalu Time" => "Pacific/Funafuti", + "(GMT+12:00) Wake Island Time" => "Pacific/Wake", + "(GMT+12:00) Wallis & Futuna Time" => "Pacific/Wallis", + "(GMT+12:45) Chatham Time" => "Pacific/Chatham", + "(GMT+13:00) Apia Time" => "Pacific/Apia", + "(GMT+13:00) Phoenix Islands Time" => "Pacific/Enderbury", + "(GMT+13:00) Tokelau Time" => "Pacific/Fakaofo", + "(GMT+13:00) Tonga Standard Time" => "Pacific/Tongatapu", + "(GMT+14:00) Line Islands Time" => "Pacific/Kiritimati" + ); +} diff --git a/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/login.php b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/login.php new file mode 100644 index 0000000..c4ab09e --- /dev/null +++ b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/login.php @@ -0,0 +1,1352 @@ +merge_all_pointers()); + update_option('plugin_wise_tour_initiated',true); + $array_dissmised_pointers = array_merge($array_dissmised_pointers,$this->merge_all_pointers()); + update_user_meta($uid,'dismissed_wp_pointers',implode(",",$array_dissmised_pointers)); + exit; + } + + function merge_all_pointers(){ + + $array = array(); + return array_merge($array, mo_saml_options_enum_pointersMoSAML::$ATTRIBUTE_MAPPING, + mo_saml_options_enum_pointersMoSAML::$DEFAULT_SKIP, + mo_saml_options_enum_pointersMoSAML::$IDENTITY_PROVIDER, + mo_saml_options_enum_pointersMoSAML::$REDIRECTION_LINK, + mo_saml_options_enum_pointersMoSAML::$SERVICE_PROVIDER); + + } + + + + + function feedback_request() { + + mo_saml_display_saml_feedback_form(); + } + + function mo_login_widget_saml_options() { + global $wpdb; + + mo_saml_register_saml_sso(); + } + + + function mo_saml_success_message() { + $class = "error"; + $message = get_option( 'mo_saml_message' ); + echo "

        " . $message . "

        "; + } + + function mo_saml_error_message() { + $class = "updated"; + $message = get_option( 'mo_saml_message' ); + echo "

        " . $message . "

        "; + } + + public function mo_saml_deactivate(){ + + if(mo_saml_is_customer_registered_saml(false)) + return; + if(!mo_saml_is_curl_installed()) + return; + wp_redirect('plugins.php'); + + } + + public function mo_saml_remove_account() { + if ( ! is_multisite() ) { + //delete all customer related key-value pairs + delete_option( 'mo_saml_host_name' ); + delete_option( 'mo_saml_new_registration' ); + delete_option( 'mo_saml_admin_phone' ); + delete_option( 'mo_saml_admin_password' ); + delete_option( 'mo_saml_verify_customer' ); + delete_option( 'mo_saml_admin_customer_key' ); + delete_option( 'mo_saml_admin_api_key' ); + delete_option( 'mo_saml_customer_token' ); + delete_option('mo_saml_admin_email'); + delete_option( 'mo_saml_message' ); + delete_option( 'mo_saml_registration_status' ); + delete_option( 'mo_saml_idp_config_complete' ); + delete_option( 'mo_saml_transactionId' ); + delete_option( 'mo_proxy_host' ); + delete_option( 'mo_proxy_username' ); + delete_option( 'mo_proxy_port' ); + delete_option( 'mo_proxy_password' ); + delete_option( 'mo_saml_show_mo_idp_message' ); + + + } else { + global $wpdb; + $blog_ids = $wpdb->get_col( "SELECT blog_id FROM $wpdb->blogs" ); + $original_blog_id = get_current_blog_id(); + + foreach ( $blog_ids as $blog_id ) { + switch_to_blog( $blog_id ); + //delete all your options + //E.g: delete_option( {option name} ); + delete_option( 'mo_saml_host_name' ); + delete_option( 'mo_saml_new_registration' ); + delete_option( 'mo_saml_admin_phone' ); + delete_option( 'mo_saml_admin_password' ); + delete_option( 'mo_saml_verify_customer' ); + delete_option( 'mo_saml_admin_customer_key' ); + delete_option( 'mo_saml_admin_api_key' ); + delete_option( 'mo_saml_customer_token' ); + delete_option( 'mo_saml_message' ); + delete_option( 'mo_saml_registration_status' ); + delete_option( 'mo_saml_idp_config_complete' ); + delete_option( 'mo_saml_transactionId' ); + delete_option( 'mo_saml_show_mo_idp_message' ); + delete_option('mo_saml_admin_email'); + delete_option('mo_is_new_user'); + } + switch_to_blog( $original_blog_id ); + } + } + + function plugin_settings_style( $page) { + if ( $page != 'toplevel_page_mo_saml_settings' && !(isset($_REQUEST['page']) && $_REQUEST['page'] == 'mo_saml_licensing')) { + return; + } + if((isset($_REQUEST['tab']) && $_REQUEST['tab'] == 'licensing') || (isset($_REQUEST['page']) && $_REQUEST['page'] == 'mo_saml_licensing')){ + wp_enqueue_style( 'mo_saml_bootstrap_css', plugins_url( 'includes/css/bootstrap/bootstrap.min.css', __FILE__ ) ); + } + + wp_enqueue_style('mo_saml_jquery_ui_style',plugins_url('includes/css/jquery-ui.min.css', __FILE__), array(), mo_saml_options_plugin_constants::Version, 'all'); + wp_enqueue_style( 'mo_saml_admin_settings_style', plugins_url( 'includes/css/style_settings.min.css', __FILE__ ), array(), mo_saml_options_plugin_constants::Version, 'all' ); + wp_enqueue_style( 'mo_saml_admin_settings_phone_style', plugins_url( 'includes/css/phone.css', __FILE__ ) ); + wp_enqueue_style( 'mo_saml_time_settings_style', plugins_url( 'includes/css/datetime-style-settings.min.css', __FILE__ ), array(),mo_saml_options_plugin_constants::Version, 'all' ); + wp_enqueue_style( 'mo_saml_wpb-fa', plugins_url( 'includes/css/style-icon.css', __FILE__ ) ); + $file = plugin_dir_path( __FILE__ ) . 'pointers.php'; + $manager = new MoSAMLPointersManager( $file, '4.8.52', 'custom_admin_pointers' ); + $manager->parse(); + $pointers = $manager->filter( $page ); + if ( empty( $pointers ) ) { + return; + } + wp_enqueue_style( 'wp-pointer' ); + $js_url = plugins_url( 'includes\js\pointers.js', __FILE__ ); + wp_enqueue_script( 'custom_admin_pointers', $js_url, array('wp-pointer'), NULL, TRUE ); + $data = array( + 'close_label' => __('Close','miniorange-saml-20-single-sign-on'), + 'next_label' => __( 'Next','miniorange-saml-20-single-sign-on' ), + 'pointers' => $pointers + ); + wp_localize_script( 'custom_admin_pointers', 'MOAdminPointers', $data ); + + + } + + function plugin_settings_script( $page ) { + + if ( $page != 'toplevel_page_mo_saml_settings' && !(isset($_REQUEST['page']) && $_REQUEST['page'] == 'mo_saml_licensing')) { + return; + } + wp_register_script( 'rml-script', plugins_url( 'includes/js/skip_tour.js',__FILE__), array('jquery'), null, true ); + wp_localize_script( 'rml-script', 'readmelater_ajax', array( 'ajax_url' => admin_url('admin-ajax.php')) ); + + + wp_enqueue_script('jquery-ui-core'); + wp_enqueue_script('jquery-ui-autocomplete'); + wp_enqueue_script('jquery-ui-datepicker'); + wp_enqueue_script('mo_saml_select2_script', 'https://cdnjs.cloudflare.com/ajax/libs/select2/4.0.3/js/select2.min.js'); + wp_enqueue_script('mo_saml_timepicker_script', 'https://cdnjs.cloudflare.com/ajax/libs/timepicker/1.3.5/jquery.timepicker.min.js'); + wp_enqueue_script( 'mo_saml_admin_settings_script', plugins_url( 'includes/js/settings.js', __FILE__ ) ); + wp_enqueue_script( 'mo_saml_admin_settings_phone_script', plugins_url( 'includes/js/phone.js', __FILE__ ) ); + + if((isset($_REQUEST['tab']) && $_REQUEST['tab'] == 'licensing') || (isset($_REQUEST['page']) && $_REQUEST['page'] == 'mo_saml_licensing')){ + wp_enqueue_script( 'mo_saml_modernizr_script', plugins_url( 'includes/js/modernizr.js', __FILE__ ) ); + wp_enqueue_script( 'mo_saml_popover_script', plugins_url( 'includes/js/bootstrap/popper.min.js', __FILE__ ) ); + wp_enqueue_script( 'mo_saml_bootstrap_script', plugins_url( 'includes/js/bootstrap/bootstrap.min.js', __FILE__ ) ); + } + + + } + + + + public function plugin_activate(){ + if(is_multisite()){ + global $wpdb; + $blog_ids = $wpdb->get_col("SELECT blog_id FROM $wpdb->blogs"); + $original_blog_id = get_current_blog_id(); + + foreach($blog_ids as $blog_id){ + switch_to_blog($blog_id); + update_option('mo_saml_guest_log',true); + update_option('mo_saml_guest_enabled',true); + update_option( 'mo_saml_free_version', 1 ); + $uid = get_current_user_id(); + $array_dissmised_pointers = explode( ',', (string) get_user_meta( $uid, 'dismissed_wp_pointers', TRUE ) ); + $array_dissmised_pointers = array_merge($array_dissmised_pointers,mo_saml_options_enum_pointersMoSAML::$DEFAULT); + $array_dissmised_pointers = array_merge($array_dissmised_pointers,mo_saml_options_enum_pointersMoSAML::$DEFAULT_SKIP); + update_user_meta($uid,'dismissed_wp_pointers',implode(",",$array_dissmised_pointers)); + + } + switch_to_blog($original_blog_id); + } else { + update_option('mo_saml_guest_log',true); + update_option('mo_saml_guest_enabled',true); + update_option( 'mo_saml_free_version', 1 ); + $uid = get_current_user_id(); + $array_dissmised_pointers = explode( ',', (string) get_user_meta( $uid, 'dismissed_wp_pointers', TRUE ) ); + $array_dissmised_pointers = array_merge($array_dissmised_pointers,mo_saml_options_enum_pointersMoSAML::$DEFAULT); + $array_dissmised_pointers = array_merge($array_dissmised_pointers,mo_saml_options_enum_pointersMoSAML::$DEFAULT); + update_user_meta($uid,'dismissed_wp_pointers',implode(",",$array_dissmised_pointers)); + } + update_option('mo_plugin_do_activation_redirect', true); + } + + static function mo_check_option_admin_referer($option_name){ + return (isset($_POST['option']) and $_POST['option']==$option_name and check_admin_referer($option_name)); + } + + function miniorange_login_widget_saml_save_settings() { + + if (get_option('mo_plugin_do_activation_redirect')) { + delete_option('mo_plugin_do_activation_redirect'); + + if(!isset($_GET['activate-multi'])) + { + wp_redirect(admin_url() . 'admin.php?page=mo_saml_settings'); + exit; + } + } + if ( current_user_can( 'manage_options' ) ) { + + if(self::mo_check_option_admin_referer('dismiss_pointers')) + { + + $uid = get_current_user_id(); + $array_dissmised_pointers = explode( ',', (string) get_user_meta( $uid, 'dismissed_wp_pointers', TRUE ) ); + if ( isset( $_GET['tab'] ) ) { + $active_tab = $_GET['tab']; + if($active_tab == 'save') + $array_dissmised_pointers=array_merge($array_dissmised_pointers,mo_saml_options_enum_pointersMoSAML::$SERVICE_PROVIDER); + elseif($active_tab == 'config') + $array_dissmised_pointers=array_merge($array_dissmised_pointers,mo_saml_options_enum_pointersMoSAML::$IDENTITY_PROVIDER); + elseif ($active_tab == 'opt') + $array_dissmised_pointers=array_merge($array_dissmised_pointers,mo_saml_options_enum_pointersMoSAML::$ATTRIBUTE_MAPPING); + elseif ($active_tab == 'general') + $array_dissmised_pointers=array_merge($array_dissmised_pointers,mo_saml_options_enum_pointersMoSAML::$REDIRECTION_LINK); + + }else { + $array_dissmised_pointers=array_merge($array_dissmised_pointers,mo_saml_options_enum_pointersMoSAML::$DEFAULT,mo_saml_options_enum_pointersMoSAML::$SERVICE_PROVIDER,mo_saml_options_enum_pointersMoSAML::$ATTRIBUTE_MAPPING, + mo_saml_options_enum_pointersMoSAML::$IDENTITY_PROVIDER, mo_saml_options_enum_pointersMoSAML::$REDIRECTION_LINK); + } + + update_user_meta($uid,'dismissed_wp_pointers',implode(",",$array_dissmised_pointers)); + return; + + + } + + if(self::mo_check_option_admin_referer('restart_plugin_tour')) + { + + update_option('mo_is_new_user',1); + + $uid = get_current_user_id(); + $array_dissmised_pointers = explode( ',', (string) get_user_meta( $uid, 'dismissed_wp_pointers', TRUE ) ); + $array_dissmised_pointers=array_diff($array_dissmised_pointers,mo_saml_options_enum_pointersMoSAML::$DEFAULT); + update_user_meta($uid,'dismissed_wp_pointers',implode(",",$array_dissmised_pointers)); + update_option('plugin_wise_tour_initiated',true); + $request_uri = $_SERVER['REQUEST_URI']; + $redirect_array=explode('&',htmlentities($request_uri)); + $redirect= $redirect_array[0]; + header("Location: ".$redirect); + return; + + + } + + if(self::mo_check_option_admin_referer('skip_plugin_tour')) + { + + update_option('mo_is_new_user',1); + + $uid = get_current_user_id(); + $array_dissmised_pointers = explode( ',', (string) get_user_meta( $uid, 'dismissed_wp_pointers', TRUE ) ); + $array_dissmised_pointers = array_diff($array_dissmised_pointers,mo_saml_options_enum_pointersMoSAML::$DEFAULT); + update_option('plugin_wise_tour_initiated',true); + + $array_dissmised_pointers = array_merge($array_dissmised_pointers,mo_saml_options_enum_pointersMoSAML::$DEFAULT_SKIP); + + update_user_meta($uid,'dismissed_wp_pointers',implode(",",$array_dissmised_pointers)); + $redirect_array =explode('&',htmlentities($_SERVER['REQUEST_URI'])); + $redirect=$redirect_array[0]; + + header("Location: ".$redirect); + return; + + + } + + + if(self::mo_check_option_admin_referer("clear_attrs_list")){ + delete_option("mo_saml_test_config_attrs"); + update_option('mo_saml_message',__('List of attributes cleared','miniorange-saml-20-single-sign-on')); + $this->mo_saml_show_success_message(); + } + + if ( self::mo_check_option_admin_referer("clear_pointers")) { + + $uid = get_current_user_id(); + $array_dissmised_pointers = explode( ',', (string) get_user_meta( $uid, 'dismissed_wp_pointers', TRUE ) ); + + + switch ($_POST['button_name']){ + case mo_saml_options_tab_names::Entire_plugin_tour: + $array_dissmised_pointers = array_diff($array_dissmised_pointers,mo_saml_options_enum_pointersMoSAML::$DEFAULT); + break; + case mo_saml_options_tab_names::Attribute_role_mapping: + $array_dissmised_pointers = array_diff($array_dissmised_pointers,mo_saml_options_enum_pointersMoSAML::$ATTRIBUTE_MAPPING); + break; + case mo_saml_options_tab_names::Identity_provider_settting: + $array_dissmised_pointers = array_diff($array_dissmised_pointers,mo_saml_options_enum_pointersMoSAML::$IDENTITY_PROVIDER); + break; + case mo_saml_options_tab_names::Redirection_sso_links: + $array_dissmised_pointers = array_diff($array_dissmised_pointers,mo_saml_options_enum_pointersMoSAML::$REDIRECTION_LINK); + break; + case mo_saml_options_tab_names::Service_provider_settings: + update_option('service_provider_setup_tour_initiated',true); + $array_dissmised_pointers = array_diff($array_dissmised_pointers,mo_saml_options_enum_pointersMoSAML::$SERVICE_PROVIDER); + break; + + } + + + update_user_meta($uid,'dismissed_wp_pointers',implode(",",$array_dissmised_pointers)); + return; + } + if ( isset( $_POST['option'] ) and $_POST['option'] == "mo_saml_mo_idp_message" ) { + update_option( 'mo_saml_show_mo_idp_message', 1 ); + + return; + } + if( self::mo_check_option_admin_referer("change_miniorange")){ + self::mo_saml_remove_account(); + update_option('mo_saml_guest_enabled',true); + //update_option( 'mo_saml_message', 'Logged out of miniOrange account' ); + //$this->mo_saml_show_success_message(); + return; + } + + if ( self::mo_check_option_admin_referer("login_widget_saml_save_settings")) { + if ( ! mo_saml_is_curl_installed() ) { + update_option( 'mo_saml_message', 'ERROR: PHP cURL extension is not installed or disabled. Save Identity Provider Configuration failed.' ); + $this->mo_saml_show_error_message(); + + return; + } + + + if (( $this->mo_saml_check_empty_or_null( $_POST['saml_identity_name'] ) || $this->mo_saml_check_empty_or_null( $_POST['saml_login_url'] ) || $this->mo_saml_check_empty_or_null( $_POST['saml_issuer'] )) && $this->mo_saml_check_empty_or_null($_POST['saml_b2c_tenant_id'])) { + update_option( 'mo_saml_message', __('All the fields are required. Please enter valid entries.','miniorange-saml-20-single-sign-on' )); + $this->mo_saml_show_error_message(); + + return; + } else if ( ! preg_match( "/^\w*$/", $_POST['saml_identity_name'] ) ) { + update_option( 'mo_saml_message', __('Please match the requested format for Identity Provider Name. Only alphabets, numbers and underscore is allowed.','miniorange-saml-20-single-sign-on') ); + $this->mo_saml_show_error_message(); + + return; + } else if(isset($_POST['saml_identity_name']) and !empty($_POST['saml_identity_name'])) { + $saml_identity_name = htmlspecialchars(trim( $_POST['saml_identity_name'] )); + $saml_login_url = htmlspecialchars(trim( $_POST['saml_login_url'] )); + $saml_issuer = htmlspecialchars(trim( $_POST['saml_issuer'] )); + $saml_x509_certificate = $_POST['saml_x509_certificate']; + $saml_identity_provider_identifier = htmlspecialchars(trim($_POST['mo_saml_identity_provider_identifier_name'])); + + update_option( 'saml_identity_name', $saml_identity_name ); + update_option( 'saml_login_url', $saml_login_url ); + update_option( 'saml_issuer', $saml_issuer ); + update_option( 'mo_saml_identity_provider_identifier_name',$saml_identity_provider_identifier); + if ( isset( $_POST['saml_response_signed'] ) ) { + update_option( 'saml_response_signed', 'checked' ); + } else { + update_option( 'saml_response_signed', 'Yes' ); + } + + + foreach ( $saml_x509_certificate as $key => $value ) { + if ( empty( $value ) ) { + unset( $saml_x509_certificate[ $key ] ); + } else { + $saml_x509_certificate[ $key ] = Utilities::sanitize_certificate( $value ); + + if ( ! @openssl_x509_read( $saml_x509_certificate[ $key ] ) ) { + update_option( 'mo_saml_message', __('Invalid certificate: Please provide a valid certificate.','miniorange-saml-20-single-sign-on') ); + $this->mo_saml_show_error_message(); + delete_option( 'saml_x509_certificate' ); + + return; + } + } + } + if ( empty( $saml_x509_certificate ) ) { + update_option( "mo_saml_message", __('Invalid Certificate: Please provide a certificate' ,'miniorange-saml-20-single-sign-on')); + $this->mo_saml_show_error_message(); + + return; + } + update_option( 'saml_x509_certificate', maybe_serialize( $saml_x509_certificate ) ); + if ( isset( $_POST['saml_assertion_signed'] ) ) { + update_option( 'saml_assertion_signed', 'checked' ); + } + else { + update_option( 'saml_assertion_signed', 'Yes' ); + } + if(array_key_exists('enable_iconv',$_POST)) + update_option('mo_saml_encoding_enabled','checked'); + else + update_option('mo_saml_encoding_enabled',''); + + + } + + + if(isset($_POST['saml_b2c_tenant_id']) and !empty($_POST['saml_b2c_tenant_id'])){ + $b2c_tenant_id = htmlspecialchars($_POST['saml_b2c_tenant_id']); + $b2c_tenant_id_postfix = strpos($b2c_tenant_id, ".onmicrosoft.com"); + if($b2c_tenant_id_postfix !== false) + $b2c_tenant_id = substr($b2c_tenant_id, 0, $b2c_tenant_id_postfix); + update_option('saml_b2c_tenant_id', $b2c_tenant_id); + } + if(isset($_POST['saml_IdentityExperienceFramework_id']) and !empty($_POST['saml_IdentityExperienceFramework_id'])){ + $saml_IdentityExperienceFramework_id = htmlspecialchars($_POST['saml_IdentityExperienceFramework_id']); + update_option('saml_IdentityExperienceFramework_id', $saml_IdentityExperienceFramework_id); + } + if(isset($_POST['saml_ProxyIdentityExperienceFramework_id']) and !empty($_POST['saml_ProxyIdentityExperienceFramework_id'])){ + $saml_ProxyIdentityExperienceFramework_id = htmlspecialchars($_POST['saml_ProxyIdentityExperienceFramework_id']); + update_option('saml_ProxyIdentityExperienceFramework_id', $saml_ProxyIdentityExperienceFramework_id); + } + + + if(isset($_POST['mo_saml_identity_provider_identifier_name'])){ + $mo_saml_identity_provider_identifier_name = htmlspecialchars($_POST['mo_saml_identity_provider_identifier_name']); + update_option('mo_saml_identity_provider_identifier_name',$mo_saml_identity_provider_identifier_name); + } + update_option( 'mo_saml_message', __('Identity Provider details saved successfully.','miniorange-saml-20-single-sign-on' )); + $this->mo_saml_show_success_message(); + + } + + if(self::mo_check_option_admin_referer('generate_b2c_policies')){ + $this->mo_saml_generate_b2c_policies(); + } + + if(self::mo_check_option_admin_referer('update_sso_config')){ + $metadata_url = 'https://tenant-name.b2clogin.com/tenant-name.onmicrosoft.com/B2C_1A_signup_signin_saml/Samlp/metadata'; + $b2c_tenant_id = get_option('saml_b2c_tenant_id'); + $metadata_url = str_replace('tenant-name', $b2c_tenant_id, $metadata_url); + $this->_handle_upload_metadata($metadata_url); + + } + + //Update SP Entity ID + if(self::mo_check_option_admin_referer('mo_saml_update_idp_settings_option')){ + if(isset($_POST['mo_saml_sp_entity_id'])) { + $sp_entity_id = htmlspecialchars($_POST['mo_saml_sp_entity_id']); + update_option('mo_saml_sp_entity_id', $sp_entity_id); + } + update_option('mo_saml_message', __('Settings updated successfully.','miniorange-saml-20-single-sign-on')); + $this->mo_saml_show_success_message(); + } + //Save Attribute Mapping + if (self::mo_check_option_admin_referer("login_widget_saml_attribute_mapping") ) { + + if ( ! mo_saml_is_curl_installed() ) { + update_option( 'mo_saml_message', __('ERROR: PHP cURL extension is not installed or disabled. Save Attribute Mapping failed.','miniorange-saml-20-single-sign-on') ); + $this->mo_saml_show_error_message(); + + return; + } + + + update_option( 'mo_saml_message', __('Attribute Mapping details saved successfully','miniorange-saml-20-single-sign-on' )); + $this->mo_saml_show_success_message(); + + } + //Save Role Mapping + if (self::mo_check_option_admin_referer("login_widget_saml_role_mapping")) { + + if ( ! mo_saml_is_curl_installed() ) { + update_option( 'mo_saml_message', __('ERROR: PHP cURL extension is not installed or disabled. Save Role Mapping failed.','miniorange-saml-20-single-sign-on') ); + $this->mo_saml_show_error_message(); + + return; + } + + + update_option( 'saml_am_default_user_role', htmlspecialchars($_POST['saml_am_default_user_role']) ); + + update_option( 'mo_saml_message', __('Role Mapping details saved successfully.','miniorange-saml-20-single-sign-on' )); + $this->mo_saml_show_success_message(); + } + + if(self::mo_check_option_admin_referer("mo_saml_demo_request_option")){ + if(isset($_POST['mo_saml_demo_email'])) + $demo_email = htmlspecialchars($_POST['mo_saml_demo_email']); + + if(isset($_POST['mo_saml_demo_plan'])) + $demo_plan_selected = htmlspecialchars($_POST['mo_saml_demo_plan']); + + if(isset($_POST['mo_saml_demo_description'])) + $demo_description = htmlspecialchars($_POST['mo_saml_demo_description']); + + $license_plans = mo_saml_license_plans::$license_plans; + if(isset($license_plans[$demo_plan_selected])) + $demo_plan = $license_plans[$demo_plan_selected]; + + $addons = mo_saml_options_addons::$ADDON_TITLE; + + $addons_selected = array(); + foreach($addons as $key => $value){ + if(isset($_POST[$key]) && $_POST[$key] == "true") + $addons_selected[$key] = $value; + } + $status = ""; + if(empty($demo_email)){ + $demo_email = get_option('mo_saml_admin_email'); + $status = "Error :" ."Email address for Demo is Empty."; + }else{ + $license_plans_slugs = mo_saml_license_plans::$license_plans_slug; + if(array_key_exists($demo_plan_selected,$license_plans_slugs)){ + $url = 'https://demo.miniorange.com/wordpress-saml-demo/'; + $headers = array( 'Content-Type' => 'application/x-www-form-urlencoded', 'charset' => 'UTF - 8'); + $args = array( + 'method' =>'POST', + 'body' => array( + 'option' => 'mo_auto_create_demosite', + 'mo_auto_create_demosite_email' => $demo_email, + 'mo_auto_create_demosite_usecase' => $demo_description, + 'mo_auto_create_demosite_demo_plan' => $license_plans_slugs[$demo_plan_selected], + ), + 'timeout' => '20', + 'redirection' => '5', + 'httpversion' => '1.0', + 'blocking' => true, + 'headers' => $headers, + ); + + $response = wp_remote_post( $url, $args ); + if ( is_wp_error( $response ) ) { + $error_message = $response->get_error_message(); + echo "Something went wrong: $error_message"; + exit(); + } + $output = wp_remote_retrieve_body($response); + $output = json_decode($output); + if(is_null($output)){ + update_option('mo_saml_message', __('Something went wrong. Please reach out to us using the Support/Contact Us form to get help with the demo.','miniorange-saml-20-single-sign-on')); + $status = __('Error :','miniorange-saml-20-single-sign-on') . __('Something went wrong while setting up demo.','miniorange-saml-20-single-sign-on'); + } + + if($output->status == 'SUCCESS'){ + update_option('mo_saml_message', $output->message); + $status = __('Success :','miniorange-saml-20-single-sign-on').$output->message; + }else{ + update_option('mo_saml_message', $output->message); + $status = __('Error :','miniorange-saml-20-single-sign-on') .$output->message; + } + }else{ + $status = __('Please setup manual demo.','miniorange-saml-20-single-sign-on'); + } + } + + $message = "[Demo For Customer] : " . $demo_email; + if(!empty($demo_plan)) + $message .= "
        [Selected Plan] : " . $demo_plan; + if(!empty($demo_description)) + $message .= "
        [Requirements] : " . $demo_description; + + $message .= "
        [Status] : " .$status; + if(!empty($addons_selected)){ + $message .= "
        [Addons] : "; + foreach($addons_selected as $key => $value){ + $message .= $value; + if(next($addons_selected)) + $message .= ", "; + } + } + + $user = wp_get_current_user(); + $customer = new Customersaml(); + $email = get_option( "mo_saml_admin_email" ); + if ( $email == '' ) { + $email = $user->user_email; + } + $phone = get_option( 'mo_saml_admin_phone' ); + $submited = json_decode( $customer->send_email_alert( $email, $phone, $message, true ), true ); + if ( json_last_error() == JSON_ERROR_NONE ) { + if ( is_array( $submited ) && array_key_exists( 'status', $submited ) && $submited['status'] == 'ERROR' ) { + update_option( 'mo_saml_message', $submited['message'] ); + $this->mo_saml_show_error_message(); + + } + else { + $demo_status = strpos($status,"Error"); + if ( $submited == false || $demo_status !== false ) { + + update_option( 'mo_saml_message', $status ); + $this->mo_saml_show_error_message(); + } else { + update_option( 'mo_saml_message', __('Thanks! We have received your request and will shortly get in touch with you.','miniorange-saml-20-single-sign-on')); + $this->mo_saml_show_success_message(); + } + } + } + + } + + if (self::mo_check_option_admin_referer("saml_upload_metadata")) { + if ( ! function_exists( 'wp_handle_upload' ) ) { + require_once( ABSPATH . 'wp-admin/includes/file.php' ); + } + $this->_handle_upload_metadata(); + } + if ( self::mo_check_option_admin_referer("mo_saml_register_customer")) { + + //register the admin to miniOrange + $user = wp_get_current_user(); + if ( ! mo_saml_is_curl_installed() ) { + update_option( 'mo_saml_message', __('ERROR: PHP cURL extension is not installed or disabled. Registration failed.' ,'miniorange-saml-20-single-sign-on')); + $this->mo_saml_show_error_message(); + + return; + } + + //validation and sanitization + $email = ''; + $password = ''; + $confirmPassword = ''; + + if ( $this->mo_saml_check_empty_or_null( $_POST['email'] ) || $this->mo_saml_check_empty_or_null( $_POST['password'] ) || $this->mo_saml_check_empty_or_null( $_POST['confirmPassword'] ) ) { + + update_option( 'mo_saml_message', __('Please enter the required fields.','miniorange-saml-20-single-sign-on' )); + $this->mo_saml_show_error_message(); + + return; + } else if (!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) { + update_option( 'mo_saml_message', __('Please enter a valid email address.','miniorange-saml-20-single-sign-on' )); + $this->mo_saml_show_error_message(); + return; + } + else if($this->checkPasswordpattern(htmlspecialchars($_POST['password']))){ + update_option( 'mo_saml_message', __('Minimum 6 characters should be present. Maximum 15 characters should be present. Only following symbols (!@#.$%^&*-_) should be present.','miniorange-saml-20-single-sign-on' )); + $this->mo_saml_show_error_message(); + return; + } + else { + + $email = sanitize_email( $_POST['email'] ); + $password = stripslashes( htmlspecialchars($_POST['password'] )); + $confirmPassword = stripslashes( htmlspecialchars($_POST['confirmPassword'] )); + } + update_option( 'mo_saml_admin_email', $email ); + + if ( strcmp( $password, $confirmPassword ) == 0 ) { + update_option( 'mo_saml_admin_password', $password ); + $email = get_option( 'mo_saml_admin_email' ); + $customer = new CustomerSaml(); + $content = json_decode( $customer->check_customer(), true ); + if(!is_null($content)){ + if ( strcasecmp( $content['status'], 'CUSTOMER_NOT_FOUND' ) == 0 ) { + + $response = $this->create_customer(); + if(is_array($response) && array_key_exists('status', $response) && $response['status'] == 'success'){ + wp_redirect( admin_url( '/admin.php?page=mo_saml_settings&tab=licensing' ), 301 ); + exit; + } + } else { + $response = $this-> get_current_customer(); + if(is_array($response) && array_key_exists('status', $response) && $response['status'] == 'success'){ + wp_redirect( admin_url( '/admin.php?page=mo_saml_settings&tab=licensing' ), 301 ); + exit; + } + //$this->mo_saml_show_error_message(); + } + } + + } else { + update_option( 'mo_saml_message', __('Passwords do not match.','miniorange-saml-20-single-sign-on' )); + delete_option( 'mo_saml_verify_customer' ); + $this->mo_saml_show_error_message(); + } + return; + //new starts here + + } + else if( self::mo_check_option_admin_referer("mosaml_metadata_download")){ + mo_saml_miniorange_generate_metadata(true); + } + if ( self::mo_check_option_admin_referer("mo_saml_verify_customer") ) { //register the admin to miniOrange + + if ( ! mo_saml_is_curl_installed() ) { + update_option( 'mo_saml_message', __('ERROR: PHP cURL extension is not installed or disabled. Login failed.','miniorange-saml-20-single-sign-on' )); + $this->mo_saml_show_error_message(); + + return; + } + + //validation and sanitization + $email = ''; + $password = ''; + if ( $this->mo_saml_check_empty_or_null( $_POST['email'] ) || $this->mo_saml_check_empty_or_null( $_POST['password'] ) ) { + update_option( 'mo_saml_message', __('All the fields are required. Please enter valid entries.','miniorange-saml-20-single-sign-on' )); + $this->mo_saml_show_error_message(); + + return; + } else if($this->checkPasswordpattern(htmlspecialchars($_POST['password']))){ + update_option( 'mo_saml_message', __('Minimum 6 characters should be present. Maximum 15 characters should be present. Only following symbols (!@#.$%^&*-_) should be present.' ,'miniorange-saml-20-single-sign-on')); + $this->mo_saml_show_error_message(); + return; + }else { + $email = sanitize_email( $_POST['email'] ); + $password = stripslashes( htmlspecialchars($_POST['password'] )); + } + + update_option( 'mo_saml_admin_email', $email ); + update_option( 'mo_saml_admin_password', $password ); + $customer = new Customersaml(); + $content = $customer->get_customer_key(); + if(!is_null($content)){ + $customerKey = json_decode( $content, true ); + if ( json_last_error() == JSON_ERROR_NONE ) { + update_option( 'mo_saml_admin_customer_key', $customerKey['id'] ); + update_option( 'mo_saml_admin_api_key', $customerKey['apiKey'] ); + update_option( 'mo_saml_customer_token', $customerKey['token'] ); + $certificate = get_option( 'saml_x509_certificate' ); + if ( empty( $certificate ) ) { + update_option( 'mo_saml_free_version', 1 ); + } + update_option( 'mo_saml_admin_password', '' ); + update_option( 'mo_saml_message', __('Customer retrieved successfully','miniorange-saml-20-single-sign-on' )); + update_option( 'mo_saml_registration_status', 'Existing User' ); + delete_option( 'mo_saml_verify_customer' ); + $this->mo_saml_show_success_message(); + //if(is_array($response) && array_key_exists('status', $response) && $response['status'] == 'success'){ + wp_redirect( admin_url( '/admin.php?page=mo_saml_settings&tab=licensing' ), 301 ); + exit; + //} + } else { + update_option( 'mo_saml_message', __('Invalid username or password. Please try again.','miniorange-saml-20-single-sign-on' )); + $this->mo_saml_show_error_message(); + } + update_option( 'mo_saml_admin_password', '' ); + } + } + else if ( self::mo_check_option_admin_referer("mo_saml_contact_us_query_option") ) { + + if ( ! mo_saml_is_curl_installed() ) { + update_option( 'mo_saml_message', __('ERROR: PHP cURL extension is not installed or disabled. Query submit failed.' ,'miniorange-saml-20-single-sign-on')); + $this->mo_saml_show_error_message(); + return; + } + + $call_setup = false; + // Contact Us query + $email = sanitize_email($_POST['mo_saml_contact_us_email']); + $phone = htmlspecialchars($_POST['mo_saml_contact_us_phone']); + $query = htmlspecialchars($_POST['mo_saml_contact_us_query']); + if(array_key_exists('saml_setup_call',$_POST)===true){ + $time_zone = $_POST['mo_saml_setup_call_timezone']; + $call_date = $_POST['mo_saml_setup_call_date']; + $call_time = $_POST['mo_saml_setup_call_time']; + $call_setup = true; + } + + $plugin_config_json = mo_saml_miniorange_import_export(true, true); + $customer = new CustomerSaml(); + + if($call_setup == false) { + $query = $query.'

        '.'Plugin Configuration: '.$plugin_config_json; + if ( $this->mo_saml_check_empty_or_null( $email ) || $this->mo_saml_check_empty_or_null( $query ) ) { + update_option( 'mo_saml_message', __('Please fill up Email and Query fields to submit your query.','miniorange-saml-20-single-sign-on' )); + $this->mo_saml_show_error_message(); + } else if (!filter_var($email, FILTER_VALIDATE_EMAIL)) { + update_option( 'mo_saml_message', __('Please enter a valid email address.' ,'miniorange-saml-20-single-sign-on')); + $this->mo_saml_show_error_message(); + } else { + $submited = $customer->submit_contact_us( $email, $phone, $query, false); + if(!is_null($submited)){ + if ( $submited == false ) { + update_option( 'mo_saml_message', __('Your query could not be submitted. Please try again.','miniorange-saml-20-single-sign-on' )); + $this->mo_saml_show_error_message(); + } else { + update_option( 'mo_saml_message', __('Thanks for getting in touch! We shall get back to you shortly.' ,'miniorange-saml-20-single-sign-on')); + $this->mo_saml_show_success_message(); + } + } + } + } else { + if ( $this->mo_saml_check_empty_or_null( $email )) { + update_option('mo_saml_message', __('Please fill up Email fields to submit your query.','miniorange-saml-20-single-sign-on')); + $this->mo_saml_show_error_message(); + } else if ($this->mo_saml_check_empty_or_null($call_date) || $this->mo_saml_check_empty_or_null($call_time) || $this->mo_saml_check_empty_or_null($time_zone) ) { + update_option('mo_saml_message', __('Please fill up Schedule Call Details to submit your query.','miniorange-saml-20-single-sign-on')); + $this->mo_saml_show_error_message(); + } + else if (!filter_var($email, FILTER_VALIDATE_EMAIL)) { + update_option( 'mo_saml_message', __('Please enter a valid email address.','miniorange-saml-20-single-sign-on' )); + $this->mo_saml_show_error_message(); + } else { + + $local_timezone='Asia/Kolkata'; + $call_datetime=$call_date.$call_time; + $convert_datetime = strtotime ( $call_datetime ); + $ist_date = new DateTime(date ( 'Y-m-d H:i:s' , $convert_datetime ), new DateTimeZone($time_zone)); + $ist_date->setTimezone(new DateTimeZone($local_timezone)); + + + $query = $query . '

        ' .'Meeting Details: '.'('.$time_zone.') '. date('d M, Y H:i',$convert_datetime). ' [IST Time -> '. $ist_date->format('d M, Y H:i').']'.'

        '.'Plugin Config: '.$plugin_config_json; + $response = $customer->submit_contact_us( $email, $phone, $query, true); + + if(!is_null($response)){ + if ( $response == false ) { + update_option( 'mo_saml_message', __('Your query could not be submitted. Please try again.','miniorange-saml-20-single-sign-on' )); + $this->mo_saml_show_error_message(); + } else { + update_option('mo_saml_message', __('Thanks for getting in touch! You will receive the call details on your email shortly.','miniorange-saml-20-single-sign-on')); + $this->mo_saml_show_success_message(); + } + } + } + } + } + else if ( self::mo_check_option_admin_referer("mo_saml_go_back") ) { + update_option( 'mo_saml_registration_status', '' ); + update_option( 'mo_saml_verify_customer', '' ); + delete_option( 'mo_saml_new_registration' ); + delete_option( 'mo_saml_admin_email' ); + delete_option( 'mo_saml_admin_phone' ); + } + else if ( self::mo_check_option_admin_referer("mo_saml_goto_login") ) { + delete_option( 'mo_saml_new_registration' ); + update_option( 'mo_saml_verify_customer', 'true' ); + } + else if ( self::mo_check_option_admin_referer("mo_saml_forgot_password_form_option") ) { + if ( ! mo_saml_is_curl_installed() ) { + update_option( 'mo_saml_message', __('ERROR: PHP cURL extension is not installed or disabled. Resend OTP failed.','miniorange-saml-20-single-sign-on' )); + $this->mo_saml_show_error_message(); + + return; + } + + $email = get_option( 'mo_saml_admin_email' ); + + $customer = new Customersaml(); + $content = json_decode( $customer->mo_saml_forgot_password( $email ), true ); + if(!is_null($content)){ + if ( strcasecmp( $content['status'], 'SUCCESS' ) == 0 ) { + update_option( 'mo_saml_message', sprintf(__('Your password has been reset successfully. Please enter the new password sent to %s','miniorange-saml-20-single-sign-on') , $email) . '.' ); + $this->mo_saml_show_success_message(); + } else { + update_option( 'mo_saml_message', __('An error occurred while processing your request. Please Try again.','miniorange-saml-20-single-sign-on') ); + $this->mo_saml_show_error_message(); + } + } + } + /** + * Added for feedback mechanisms + */ + if ( self::mo_check_option_admin_referer("mo_skip_feedback") ) { + update_option( 'mo_saml_message', __('Plugin deactivated successfully','miniorange-saml-20-single-sign-on') ); + $this->mo_saml_show_success_message(); + deactivate_plugins( __FILE__ ); + + + } + if ( self::mo_check_option_admin_referer("mo_feedback") ) { + $user = wp_get_current_user(); + + $message = 'Plugin Deactivated'; + + $deactivate_reason_message = array_key_exists( 'query_feedback', $_POST ) ? htmlspecialchars($_POST['query_feedback']) : false; + + + $reply_required = ''; + if(isset($_POST['get_reply'])) + $reply_required = htmlspecialchars($_POST['get_reply']); + if(empty($reply_required)){ + $reply_required = "don't reply"; + $message.='   [Reply :'.$reply_required.']'; + }else{ + $reply_required = "yes"; + $message.='[Reply :'.$reply_required.']'; + } + + if(is_multisite()) + $multisite_enabled = 'True'; + else + $multisite_enabled = 'False'; + + $message.= ', [Multisite enabled: ' . $multisite_enabled .']'; + + $message.= ', Feedback : '.$deactivate_reason_message.''; + + if (isset($_POST['rate'])) + $rate_value = htmlspecialchars($_POST['rate']); + + $message.= ', [Rating :'.$rate_value.']'; + + $email = $_POST['query_mail']; + if(!filter_var($email, FILTER_VALIDATE_EMAIL)){ + $email = get_option('mo_saml_admin_email'); + if(empty($email)) + $email = $user->user_email; + } + $phone = get_option( 'mo_saml_admin_phone' ); + $feedback_reasons = new Customersaml(); + if(!is_null($feedback_reasons)){ + if(!mo_saml_is_curl_installed()){ + deactivate_plugins( __FILE__ ); + wp_redirect('plugins.php'); + } else { + $submited = json_decode( $feedback_reasons->send_email_alert( $email, $phone, $message ), true ); + if ( json_last_error() == JSON_ERROR_NONE ) { + if ( is_array( $submited ) && array_key_exists( 'status', $submited ) && $submited['status'] == 'ERROR' ) { + update_option( 'mo_saml_message', $submited['message'] ); + $this->mo_saml_show_error_message(); + + } + else { + if ( $submited == false ) { + + update_option( 'mo_saml_message', __('Error while submitting the query.','miniorange-saml-20-single-sign-on') ); + $this->mo_saml_show_error_message(); + } + } + } + + deactivate_plugins( __FILE__ ); + update_option( 'mo_saml_message', __('Thank you for the feedback.','miniorange-saml-20-single-sign-on' )); + $this->mo_saml_show_success_message(); + } + } + } + + if ( self::mo_check_option_admin_referer("molicensingplanselection") ) { + $env_type = htmlspecialchars($_POST['envtype']); + $idp_num = htmlspecialchars($_POST['idpnum']); + $auto_redirect = htmlspecialchars($_POST['autoredirect']); + $attr_map = htmlspecialchars($_POST['attrmap']); + $role_map = htmlspecialchars($_POST['rolemap']); + $slo = htmlspecialchars($_POST['slo']); + $addon = htmlspecialchars($_POST['addon']); + + $licensing_plan = "Single Site - Standard"; + if($env_type == 'multisite'){ + $licensing_plan = "Multisite Network - Premium"; + if($addon == 'yes' && $idp_num == '1+'){ + $licensing_plan = "Multisite Network - Business"; + }else if($idp_num == '1+'){ + $licensing_plan = "Multisite Network - Business"; + }else if($addon == 'yes'){ + $licensing_plan = "Multisite Network - Enterprise"; + } + }else{ + if($addon == 'yes' || $idp_num == '1+'){ + $licensing_plan = "Single Site - Enterprise"; + }else{ + if($slo == 'yes' || $role_map == 'yes' || $auto_redirect == 'yes' || $attr_map == 'yes'){ + $licensing_plan = "Single Site - Premium"; + } + } + } + update_option('mo_license_plan_from_feedback', $licensing_plan); + update_option( 'mo_saml_license_message', $licensing_plan . __(' Plan (highlighted with red border) will be the best suitable licensing plan as per the SSO details provided by you. If you still have any concern, please write us at info@xecurify.com.','miniorange-saml-20-single-sign-on') ); + } + } + } + + function mo_saml_show_error_message() { + remove_action( 'admin_notices', array( $this, 'mo_saml_error_message' ) ); + add_action( 'admin_notices', array( $this, 'mo_saml_success_message' ) ); + } + + public function mo_saml_check_empty_or_null( $value ) { + if ( ! isset( $value ) || empty( $value ) ) { + return true; + } + + return false; + } + + private function mo_saml_show_success_message() { + remove_action( 'admin_notices', array( $this, 'mo_saml_success_message' ) ); + add_action( 'admin_notices', array( $this, 'mo_saml_error_message' ) ); + } + + function _handle_upload_metadata($metadata_url = '') { + if ( isset( $_FILES['metadata_file'] ) || isset( $_POST['metadata_url'] ) || !empty($metadata_url)) { + if ( ! empty( $_FILES['metadata_file']['tmp_name'] ) ) { + $file = @file_get_contents( $_FILES['metadata_file']['tmp_name'] ); + } else { + if(!mo_saml_is_curl_installed()){ + update_option( 'mo_saml_message', __('PHP cURL extension is not installed or disabled. Cannot fetch metadata from URL.','miniorange-saml-20-single-sign-on' )); + $this->mo_saml_show_error_message(); + return; + } + if(isset( $_POST['metadata_url'] )) + $url = filter_var( $_POST['metadata_url'], FILTER_SANITIZE_URL ); + else + $url = $metadata_url; + + $response = Utilities::mo_saml_wp_remote_get($url, array('sslverify'=>false)); + if(!is_null($response)) + $file = $response['body']; + else + $file = null; + + } + if(!is_null($file)) + $this->upload_metadata( $file, $metadata_url ); + } + } + + function upload_metadata( $file, $metadata_url='' ) { + + $old_error_handler = set_error_handler( array( $this, 'handleXmlError' ) ); + $document = new DOMDocument(); + $document->loadXML( $file ); + restore_error_handler(); + $first_child = $document->firstChild; + if ( ! empty( $first_child ) ) { + $metadata = new IDPMetadataReader( $document ); + $identity_providers = $metadata->getIdentityProviders(); + if ( ! preg_match( "/^\w*$/", $_POST['saml_identity_metadata_provider'] ) ) { + update_option( 'mo_saml_message', __('Please match the requested format for Identity Provider Name. Only alphabets, numbers and underscore is allowed.','miniorange-saml-20-single-sign-on') ); + $this->mo_saml_show_error_message(); + + return; + } + if ( empty( $identity_providers ) && !empty( $_FILES['metadata_file']['tmp_name']) ) { + update_option( 'mo_saml_message', __('Please provide a valid metadata file.' ,'miniorange-saml-20-single-sign-on')); + $this->mo_saml_show_error_message(); + + return; + } + if ( empty( $identity_providers ) && !empty($_POST['metadata_url']) ) { + update_option( 'mo_saml_message', __('Please provide a valid metadata URL.','miniorange-saml-20-single-sign-on') ); + $this->mo_saml_show_error_message(); + + return; + } + if(empty($identity_providers) && !empty($metadata_url)){ + update_option( 'mo_saml_message', __('Unable to fetch Metadata. Please check your IDP configuration again.','miniorange-saml-20-single-sign-on' )); + $this->mo_saml_show_error_message(); + + return; + } + foreach ( $identity_providers as $key => $idp ) { + //$saml_identity_name = preg_match("/^[a-zA-Z0-9-\._ ]+/", $idp->getIdpName()) ? $idp->getIdpName() : ""; + $saml_identity_name = htmlspecialchars($_POST['saml_identity_metadata_provider']); + + $saml_login_url = $idp->getLoginURL( 'HTTP-Redirect' ); + + $saml_issuer = $idp->getEntityID(); + $saml_x509_certificate = $idp->getSigningCertificate(); + + update_option( 'saml_identity_name', $saml_identity_name ); + + update_option( 'saml_login_url', $saml_login_url ); + + + update_option( 'saml_issuer', $saml_issuer ); + //certs already sanitized in Metadata Reader + update_option( 'saml_x509_certificate', maybe_serialize( $saml_x509_certificate ) ); + break; + } + update_option( 'mo_saml_message', __('Identity Provider details saved successfully.','miniorange-saml-20-single-sign-on' )); + $this->mo_saml_show_success_message(); + } else { + if(!empty( $_FILES['metadata_file']['tmp_name'])) + { + update_option( 'mo_saml_message', __('Please provide a valid metadata file.','miniorange-saml-20-single-sign-on' )); + $this->mo_saml_show_error_message(); + } + if(!empty($_POST['metadata_url'])) + { + update_option( 'mo_saml_message', __('Please provide a valid metadata URL.','miniorange-saml-20-single-sign-on' )); + $this->mo_saml_show_error_message(); + } + } + } + + function get_current_customer() { + $customer = new CustomerSaml(); + $content = $customer->get_customer_key(); + if(!is_null($content)){ + $customerKey = json_decode( $content, true ); + + $response = array(); + if ( json_last_error() == JSON_ERROR_NONE ) { + update_option( 'mo_saml_admin_customer_key', $customerKey['id'] ); + update_option( 'mo_saml_admin_api_key', $customerKey['apiKey'] ); + update_option( 'mo_saml_customer_token', $customerKey['token'] ); + update_option( 'mo_saml_admin_password', '' ); + $certificate = get_option( 'saml_x509_certificate' ); + if ( empty( $certificate ) ) { + update_option( 'mo_saml_free_version', 1 ); + } + + delete_option( 'mo_saml_verify_customer' ); + delete_option( 'mo_saml_new_registration' ); + $response['status'] = "success"; + return $response; + } else { + + update_option( 'mo_saml_message', __('You already have an account with miniOrange. Please enter a valid password.','miniorange-saml-20-single-sign-on' )); + $this->mo_saml_show_error_message(); + //update_option( 'mo_saml_verify_customer', 'true' ); + //delete_option( 'mo_saml_new_registration' ); + $response['status'] = "error"; + return $response; + } + } + } + + function create_customer() { + $customer = new CustomerSaml(); + $customerKey = json_decode( $customer->create_customer(), true ); + if(!is_null($customerKey)){ + $response = array(); + //print_r($customerKey); + if ( strcasecmp( $customerKey['status'], 'CUSTOMER_USERNAME_ALREADY_EXISTS' ) == 0 ) { + $api_response = $this->get_current_customer(); + //print_r($api_response);exit; + if($api_response){ + $response['status'] = "success"; + } + else + $response['status'] = "error"; + + } else if ( strcasecmp( $customerKey['status'], 'SUCCESS' ) == 0 ) { + update_option( 'mo_saml_admin_customer_key', $customerKey['id'] ); + update_option( 'mo_saml_admin_api_key', $customerKey['apiKey'] ); + update_option( 'mo_saml_customer_token', $customerKey['token'] ); + update_option( 'mo_saml_free_version', 1 ); + update_option( 'mo_saml_admin_password', '' ); + update_option( 'mo_saml_message', __('Thank you for registering with miniOrange.','miniorange-saml-20-single-sign-on') ); + update_option( 'mo_saml_registration_status', '' ); + delete_option( 'mo_saml_verify_customer' ); + delete_option( 'mo_saml_new_registration' ); + $response['status']="success"; + return $response; + } + + update_option( 'mo_saml_admin_password', '' ); + return $response; + } + } + + + function miniorange_sso_menu() { + //Add miniOrange SAML SSO + $slug = 'mo_saml_settings'; + add_menu_page( 'MO SAML Settings ' . __( 'Configure SAML Identity Provider for SSO','miniorange-saml-20-single-sign-on'), 'miniOrange SAML 2.0 SSO', 'administrator', $slug, array( + $this, + 'mo_login_widget_saml_options' + ), plugin_dir_url( __FILE__ ) . 'images/miniorange.png' ); + add_submenu_page( $slug ,'miniOrange SAML 2.0 SSO' ,__('Plugin Configuration','miniorange-saml-20-single-sign-on'),'manage_options','mo_saml_settings' + , array( $this, 'mo_login_widget_saml_options')); + add_submenu_page( $slug ,'miniOrange SAML 2.0 SSO' ,__('Premium Plans','miniorange-saml-20-single-sign-on'),'manage_options','mo_saml_licensing' + , array( $this, 'mo_login_widget_saml_options')); + add_submenu_page( $slug ,'miniOrange SAML 2.0 SSO' ,__('Add-Ons','miniorange-saml-20-single-sign-on'),'manage_options','mo_saml_settings&tab=addons' + , array( $this, 'mo_login_widget_saml_options')); + + } + + function mo_saml_authenticate() { + $redirect_to = ''; + if ( isset( $_REQUEST['redirect_to'] ) ) { + $redirect_to = htmlentities( $_REQUEST['redirect_to'] ); + } + + if ( is_user_logged_in() ) { + $this->mo_saml_login_redirect($redirect_to); + } + } + + function mo_saml_login_redirect($redirect_to){ + $is_admin_url = false; + + if(strcmp(admin_url(),$redirect_to) == 0 || strcmp(wp_login_url(),$redirect_to) == 0 ){ + $is_admin_url = true; + } + + if ( ! empty( $redirect_to ) && !$is_admin_url ) { + header( 'Location: ' . $redirect_to ); + } else { + header( 'Location: ' . site_url() ); + } + exit(); + } + + + function handleXmlError( $errno, $errstr, $errfile, $errline ) { + if ( $errno == E_WARNING && ( substr_count( $errstr, "DOMDocument::loadXML()" ) > 0 ) ) { + return; + } else { + return false; + } + } + + function mo_saml_plugin_action_links( $links ) { + $links = array_merge( array( + '' . __( 'Settings','miniorange-saml-20-single-sign-on' ) . '' + ), $links ); + return $links; + } + + function checkPasswordpattern($password){ + $pattern = '/^[(\w)*(\!\@\#\$\%\^\&\*\.\-\_)*]+$/'; + + return !preg_match($pattern,$password); + } + + function mo_saml_generate_b2c_policies(){ + $b2c_tenant_id_placeholder = 'b2c-tenant-name'; + $saml_ProxyIdentityExperienceFramework_id_placeholder = 'ProxyIdentityExperienceFramework-app-id'; + $saml_IdentityExperienceFramework_id_placeholder = 'IdentityExperienceFramework-app-id'; + + $b2c_tenant_id = get_option('saml_b2c_tenant_id'); + $saml_ProxyIdentityExperienceFramework_id = get_option('saml_ProxyIdentityExperienceFramework_id'); + $saml_IdentityExperienceFramework_id = get_option('saml_IdentityExperienceFramework_id'); + + $dir = plugin_dir_path( __FILE__ ); + $dir = rtrim($dir, '/'); + $dir = rtrim($dir, '\\'); + + $source_dir = $dir . DIRECTORY_SEPARATOR . 'resources' . DIRECTORY_SEPARATOR . 'azure-b2c-policies'; + $destination = $dir . DIRECTORY_SEPARATOR . 'resources' . DIRECTORY_SEPARATOR . 'mo-azure-b2c-policies.zip'; + $custom_policies_dir = $source_dir . DIRECTORY_SEPARATOR . $b2c_tenant_id . '-policies'; + if(!is_dir($custom_policies_dir)) + mkdir($custom_policies_dir, 0777, true); + + if(is_dir($source_dir)){ + $files = new DirectoryIterator($source_dir); + foreach ($files as $file){ + $file = $file->getPathname(); + if(is_file($file)){ + $custom_policy_file = $custom_policies_dir . DIRECTORY_SEPARATOR . basename($file); + file_put_contents($custom_policy_file, str_replace($b2c_tenant_id_placeholder, $b2c_tenant_id, file_get_contents($file))); + file_put_contents($custom_policy_file, str_replace($saml_ProxyIdentityExperienceFramework_id_placeholder, $saml_ProxyIdentityExperienceFramework_id, file_get_contents($custom_policy_file))); + file_put_contents($custom_policy_file, str_replace($saml_IdentityExperienceFramework_id_placeholder, $saml_IdentityExperienceFramework_id, file_get_contents($custom_policy_file))); + + } + } + $this->generateB2CCert($custom_policies_dir, $b2c_tenant_id); + + } + + $this->zipData($custom_policies_dir,$destination); + + header("Content-type: application/zip"); + header("Content-Disposition: attachment; filename=mo-azure-b2c-policies.zip"); + header("Content-length: " . filesize($destination)); + header("Pragma: no-cache"); + header("Expires: 0"); + readfile("$destination"); + + } + + function generateB2CCert($custom_policies_dir, $b2c_tenant_id){ + $dn = array( + "CN" => "app." . $b2c_tenant_id . ".onmicrosoft.com" + ); + $privkey = openssl_pkey_new(array( + "private_key_bits" => 2048, + "private_key_type" => OPENSSL_KEYTYPE_RSA, + )); + $csr = openssl_csr_new($dn, $privkey, array('digest_alg' => 'sha256')); + $x509 = openssl_csr_sign($csr, null, $privkey, $days=365, array('digest_alg' => 'sha256')); + + $certFile = $custom_policies_dir . DIRECTORY_SEPARATOR . $b2c_tenant_id . '-cert.pfx'; + openssl_pkcs12_export_to_file($x509, $certFile, $privkey, $b2c_tenant_id); + } + + function zipData($source, $destination) { + if(file_exists($destination)) + unlink($destination); + if (extension_loaded('zip') && file_exists($source) && count(glob($source . DIRECTORY_SEPARATOR . '*')) !== 0) { + $zip = new ZipArchive(); + if ($zip->open($destination, ZIPARCHIVE::CREATE)) { + $source = realpath($source); + if (is_dir($source) === true) { + $iterator = new RecursiveDirectoryIterator($source); + // skip dot files while iterating + $iterator->setFlags(RecursiveDirectoryIterator::SKIP_DOTS); + $files = new RecursiveIteratorIterator($iterator, RecursiveIteratorIterator::SELF_FIRST); + + foreach ($files as $file) { + $file = realpath($file); + if (is_file($file) === true) { + $zip->addFromString(str_replace($source . DIRECTORY_SEPARATOR, '', $file), file_get_contents($file)); + } + } + } else if (is_file($source)) { + $zip->addFromString(basename($source), file_get_contents($source)); + } + } + return $zip->close(); + } + return false; + } +} +new saml_mo_login; \ No newline at end of file diff --git a/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/mo-saml-class-customer.php b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/mo-saml-class-customer.php new file mode 100644 index 0000000..c9b2df1 --- /dev/null +++ b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/mo-saml-class-customer.php @@ -0,0 +1,302 @@ + + * @package miniOrange SAML 2.0 SSO + * @license http://www.gnu.org/copyleft/gpl.html GNU/GPL, see LICENSE.php + */ +/** + * This library is miniOrange Authentication Service. + * + * Contains Request Calls to Customer service. + * + * + * wp_remote_post($url, $args) : Retrieve the raw response from the HTTP request using the POST method. + * @param string $url Site URL to retrieve. + * @param array $args Optional. Request arguments. Default empty array. + * @return WP_Error|array The response or WP_Error on failure. + * + * $args : Array or string of HTTP request arguments. + * @type string method Request method. Accepts 'GET', 'POST', 'HEAD', or 'PUT'. + * Some transports technically allow others, but should not be + * assumed. Default 'GET'. + * @type string|array body Body to send with the request. Default null. + * @type int timeout How long the connection should stay open in seconds. Default 5. + * @type int redirection Number of allowed redirects. Not supported by all transports + * Default 5. + * @type string httpversion Version of the HTTP protocol to use. Accepts '1.0' and '1.1'. + * Default '1.0'. + * @type bool blocking Whether the calling code requires the result of the request. + * If set to false, the request will be sent to the remote server, + * and processing returned to the calling code immediately, the caller + * will know if the request succeeded or failed, but will not receive + * any response from the remote server. Default true. + * @type string|array headers Array or string of headers to send with the request. + * Default empty array + */ +require_once dirname(__FILE__) . '/includes/lib/mo-saml-options-enum.php'; +include_once 'Utilities.php'; + +class Customersaml { + public $email; + public $phone; + + /* + * * Initial values are hardcoded to support the miniOrange framework to generate OTP for email. + * * We need the default value for creating the first time, + * * As we don't have the Default keys available before registering the user to our server. + * * This default values are only required for sending an One Time Passcode at the user provided email address. + */ + private $defaultCustomerKey = "16555"; + private $defaultApiKey = "fFd2XcvTGDemZvbw1bcUesNJWEqKbbUq"; + + function create_customer() { + $url = mo_saml_options_plugin_constants::HOSTNAME . '/moas/rest/customer/add'; + + $current_user = wp_get_current_user(); + $this->email = get_option ( 'mo_saml_admin_email' ); + $password = get_option ( 'mo_saml_admin_password' ); + + $fields = array ( + 'areaOfInterest' => 'WP miniOrange SAML 2.0 SSO Plugin', + 'email' => $this->email, + 'password' => $password + ); + $field_string = json_encode ( $fields ); + + $headers = array("Content-Type"=>"application/json","charset"=>"UTF-8","Authorization"=>"Basic"); + + $args = array( + 'method' => 'POST', + 'body' => $field_string, + 'timeout' => '5', + 'redirection' => '5', + 'httpversion' => '1.0', + 'blocking' => true, + 'headers' => $headers + ); + $response = Utilities::mo_saml_wp_remote_post($url, $args); + return $response['body']; + + } + + function get_customer_key() { + $url = mo_saml_options_plugin_constants::HOSTNAME . "/moas/rest/customer/key"; + + $email = get_option ( "mo_saml_admin_email" ); + + $password = get_option ( "mo_saml_admin_password" ); + + $fields = array ( + 'email' => $email, + 'password' => $password + ); + $field_string = json_encode ( $fields ); + + $headers = array("Content-Type"=>"application/json","charset"=>"UTF-8","Authorization"=>"Basic"); + $args = array( + 'method' => 'POST', + 'body' => $field_string, + 'timeout' => '5', + 'redirection' => '5', + 'httpversion' => '1.0', + 'blocking' => true, + 'headers' => $headers + ); + $response = Utilities::mo_saml_wp_remote_post($url, $args); + return $response['body']; + + } + function check_customer() { + $url = mo_saml_options_plugin_constants::HOSTNAME . "/moas/rest/customer/check-if-exists"; + + $email = get_option ( "mo_saml_admin_email" ); + + $fields = array ( + 'email' => $email + ); + $field_string = json_encode ( $fields ); + + $headers = array("Content-Type"=>"application/json","charset"=>"UTF-8","Authorization"=>"Basic"); + $args = array( + 'method' => 'POST', + 'body' => $field_string, + 'timeout' => '5', + 'redirection' => '5', + 'httpversion' => '1.0', + 'blocking' => true, + 'headers' => $headers + ); + $response = Utilities::mo_saml_wp_remote_post($url, $args); + return $response['body']; + + } + + function submit_contact_us($email, $phone, $query, $call_setup) { + $url = mo_saml_options_plugin_constants::HOSTNAME. '/moas/rest/customer/contact-us'; + $current_user = wp_get_current_user(); + + if($call_setup) + $query = '[Call Request - WP SAML SP SSO Plugin] ' . $query ; + else + $query = '[WP SAML 2.0 SP SSO Plugin] ' . $query; + + $fields = array ( + 'firstName' => $current_user->user_firstname, + 'lastName' => $current_user->user_lastname, + 'company' => $_SERVER ['SERVER_NAME'], + 'email' => $email, + 'ccEmail'=>'samlsupport@xecurify.com', + 'phone' => $phone, + 'query' => $query + ); + + $field_string = json_encode ( $fields ); + + $headers = array("Content-Type"=>"application/json","charset"=>"UTF-8","Authorization"=>"Basic"); + $args = array( + 'method' => 'POST', + 'body' => $field_string, + 'timeout' => '5', + 'redirection' => '5', + 'httpversion' => '1.0', + 'blocking' => true, + 'headers' => $headers + ); + $response = Utilities::mo_saml_wp_remote_post($url, $args); + return $response['body']; + + } + + function send_email_alert($email,$phone,$message, $demo_request=false){ + + $url = mo_saml_options_plugin_constants::HOSTNAME . '/moas/api/notify/send'; + + $customerKey = $this->defaultCustomerKey; + $apiKey = $this->defaultApiKey; + + $currentTimeInMillis = self::get_timestamp(); + $currentTimeInMillis = number_format ( $currentTimeInMillis, 0, '', '' ); + $stringToHash = $customerKey . $currentTimeInMillis . $apiKey; + $hashValue = hash("sha512", $stringToHash); + $fromEmail = 'no-reply@xecurify.com'; + $subject = "Feedback: WordPress SAML 2.0 SSO Plugin"; + if($demo_request) + $subject = "DEMO REQUEST: WordPress SAML 2.0 SSO"; + $site_url=site_url(); + + global $user; + $user = wp_get_current_user(); + + + $query = '[WordPress SAML SSO 2.0 Plugin: ]: ' . $message; + + + $content='
        Hello,

        First Name :'.$user->user_firstname.'

        Last Name :'.$user->user_lastname.'

        Company :'.$_SERVER['SERVER_NAME'].'

        Phone Number :'.$phone.'

        Email :'.$email.'

        Query :'.$query.'
        '; + + + $fields = array( + 'customerKey' => $customerKey, + 'sendEmail' => true, + 'email' => array( + 'customerKey' => $customerKey, + 'fromEmail' => $fromEmail, + 'bccEmail' => $fromEmail, + 'fromName' => 'Xecurify', + 'toEmail' => 'info@xecurify.com', + 'toName' => 'samlsupport@xecurify.com', + 'bccEmail' => 'samlsupport@xecurify.com', + 'subject' => $subject, + 'content' => $content + ), + ); + $field_string = json_encode($fields); + + $headers = array( + "Content-Type" => "application/json", + "Customer-Key" => $customerKey, + "Timestamp" => $currentTimeInMillis, + "Authorization" => $hashValue + ); + $args = array( + 'method' => 'POST', + 'body' => $field_string, + 'timeout' => '5', + 'redirection' => '5', + 'httpversion' => '1.0', + 'blocking' => true, + 'headers' => $headers + ); + $response = Utilities::mo_saml_wp_remote_post($url, $args); + return $response['body']; + + } + function mo_saml_forgot_password($email) { + $url = mo_saml_options_plugin_constants::HOSTNAME . '/moas/rest/customer/password-reset'; + + /* The customer Key provided to you */ + $customerKey = get_option ( 'mo_saml_admin_customer_key' ); + + /* The customer API Key provided to you */ + $apiKey = get_option ( 'mo_saml_admin_api_key' ); + + /* Current time in milliseconds since midnight, January 1, 1970 UTC. */ + $currentTimeInMillis = round ( microtime ( true ) * 1000 ); + + /* Creating the Hash using SHA-512 algorithm */ + $stringToHash = $customerKey . number_format ( $currentTimeInMillis, 0, '', '' ) . $apiKey; + $hashValue = hash ( "sha512", $stringToHash ); + + $fields = ''; + + // *check for otp over sms/email + $fields = array ( + 'email' => $email + ); + + $field_string = json_encode ( $fields ); + $headers = array( + "Content-Type" => "application/json", + "Customer-Key" => $customerKey, + "Timestamp" => $currentTimeInMillis, + "Authorization" => $hashValue + ); + $args = array( + 'method' => 'POST', + 'body' => $field_string, + 'timeout' => '5', + 'redirection' => '5', + 'httpversion' => '1.0', + 'blocking' => true, + 'headers' => $headers + ); + $response = Utilities::mo_saml_wp_remote_post($url, $args); + return $response['body']; + + } + function get_timestamp() { + $url = mo_saml_options_plugin_constants::HOSTNAME . '/moas/rest/mobile/get-timestamp'; + $response = Utilities::mo_saml_wp_remote_post($url); + return $response['body']; + + } + + + + + + +} +?> \ No newline at end of file diff --git a/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/mo_login_saml_sso_widget.php b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/mo_login_saml_sso_widget.php new file mode 100644 index 0000000..b23481d --- /dev/null +++ b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/mo_login_saml_sso_widget.php @@ -0,0 +1,829 @@ + __( 'This is a miniOrange SAML login widget.','miniorange-saml-20-single-sign-on' ), + 'customize_selective_refresh' => true, + ) + ); + } + + + public function widget( $args, $instance ) { + extract( $args ); + + $wid_title = apply_filters( 'widget_title', $instance['wid_title'] ); + + echo $args['before_widget']; + if ( ! empty( $wid_title ) ) + echo $args['before_title'] . $wid_title . $args['after_title']; + $this->loginForm(); + echo $args['after_widget']; + } + + public function update( $new_instance, $old_instance ) { + $instance = array(); + $instance['wid_title'] = htmlspecialchars( $new_instance['wid_title'] ); + return $instance; + } + + + public function form( $instance ) { + $wid_title = ''; + if(array_key_exists('wid_title', $instance)) + $wid_title = $instance[ 'wid_title' ]; + ?> +

        + +

        + + +
        + + + Login with ' . $identity_provider . '
        '; + }else + _e('Please configure the miniOrange SAML Plugin first.','miniorange-saml-20-single-sign-on'); + + if( ! $this->mo_saml_check_empty_or_null_val(get_option('mo_saml_redirect_error_code'))) + { + + echo '
        ' . __('We could not sign you in. Please contact your Administrator.','miniorange-saml-20-single-sign-on') . '
        '; + + delete_option('mo_saml_redirect_error_code'); + delete_option('mo_saml_redirect_error_reason'); + } + + ?> + + + +
      + + display_name); + ?> + | + loadXML($samlResponse); + $samlResponseXml = $document->firstChild; + + $doc = $document->documentElement; + $xpath = new DOMXpath($document); + $xpath->registerNamespace('samlp', 'urn:oasis:names:tc:SAML:2.0:protocol'); + $xpath->registerNamespace('saml', 'urn:oasis:names:tc:SAML:2.0:assertion'); + + $status = $xpath->query('/samlp:Response/samlp:Status/samlp:StatusCode', $doc); + $statusString = $status->item(0)->getAttribute('Value'); + $StatusMessage=$xpath->query('/samlp:Response/samlp:Status/samlp:StatusMessage', $doc)->item(0); + if(!empty($StatusMessage)) + $StatusMessage = $StatusMessage->nodeValue; + + $statusArray = explode(':',$statusString); + if(array_key_exists(7, $statusArray)){ + $status = $statusArray[7]; + } + if($relayState=='displaySAMLResponse'){ + mo_saml_show_SAML_log($samlResponse,$relayState); + } + + if($status!="Success"){ + mo_saml_show_status_error($status,$relayState,$StatusMessage); + } + + $certFromPlugin = maybe_unserialize(get_option('saml_x509_certificate')); + + $acsUrl = site_url() .'/'; + $samlResponse = new SAML2_Response($samlResponseXml); + $responseSignatureData = $samlResponse-> getSignatureData(); + $assertionSignatureData = current($samlResponse->getAssertions())->getSignatureData(); + + if(empty($assertionSignatureData) && empty($responseSignatureData) ) { + + if($relayState=='testValidate'){ + + $Error_message=mo_saml_options_error_constants::Error_no_certificate; + $Cause_message = mo_saml_options_error_constants::Cause_no_certificate; + echo '
      +
      ' . __( 'ERROR','miniorange-saml-20-single-sign-on') . '
      +

      ' . __('Error','miniorange-saml-20-single-sign-on') . ': '.$Error_message.'

      + +

      '. __('Possible Cause','miniorange-saml-20-single-sign-on') . ': '.$Cause_message.'

      + +
      '; + mo_saml_download_logs($Error_message,$Cause_message); + + exit; + } + else + { + wp_die(__('We could not sign you in. Please contact administrator','miniorange-saml-20-single-sign-on'),'Error: Invalid SAML Response'); + } + } + if(is_array($certFromPlugin)) { + foreach ($certFromPlugin as $key => $value) { + $certfpFromPlugin = MoXMLSecurityKey::getRawThumbprint($value); + + $certfpFromPlugin = mo_saml_convert_to_windows_iconv($certfpFromPlugin); + $certfpFromPlugin = preg_replace('/\s+/', '', $certfpFromPlugin); + if(!empty($responseSignatureData)) { + $validSignature = Utilities::processResponse($acsUrl, $certfpFromPlugin, $responseSignatureData, $samlResponse, $key, $relayState); + } + if(!empty($assertionSignatureData)) { + $validSignature = Utilities::processResponse($acsUrl, $certfpFromPlugin, $assertionSignatureData, $samlResponse, $key, $relayState); + } + if($validSignature) + break; + } + } else { + $certfpFromPlugin = MoXMLSecurityKey::getRawThumbprint($certFromPlugin); + $certfpFromPlugin = mo_saml_convert_to_windows_iconv($certfpFromPlugin); + $certfpFromPlugin = preg_replace('/\s+/', '', $certfpFromPlugin); + if(!empty($responseSignatureData)) { + $validSignature = Utilities::processResponse($acsUrl, $certfpFromPlugin, $responseSignatureData, $samlResponse, 0, $relayState); + } + + if(!empty($assertionSignatureData)) { + $validSignature = Utilities::processResponse($acsUrl, $certfpFromPlugin, $assertionSignatureData, $samlResponse, 0, $relayState); + } + } + + if($responseSignatureData) + $saml_required_certificate=$responseSignatureData['Certificates'][0]; + elseif($assertionSignatureData) + $saml_required_certificate=$assertionSignatureData['Certificates'][0]; + update_option('mo_saml_required_certificate',$saml_required_certificate); + if(!$validSignature) { + if($relayState=='testValidate'){ + + $Error_message=mo_saml_options_error_constants::Error_wrong_certificate; + $Cause_message = mo_saml_options_error_constants::Cause_wrong_certificate; + $pem = "-----BEGIN CERTIFICATE-----
      " . + chunk_split($saml_required_certificate, 64) . + "
      -----END CERTIFICATE-----"; + echo '
      '; + echo '
      ERROR
      +

      ' . __('Error','miniorange-saml-20-single-sign-on') . ': '.$Error_message.'

      + +

      ' . __('Possible Cause','miniorange-saml-20-single-sign-on'). ': '.$Cause_message.'

      +
      +
        +
        '; + wp_nonce_field('mo_fix_certificate'); + echo ' + +
        +
      +
      + +
      +
      '; + mo_saml_download_logs($Error_message,$Cause_message); + exit; + } + else + { + wp_die(__('We could not sign you in. Please contact administrator','miniorange-saml-20-single-sign-on'),'Error: Invalid SAML Response'); + } + } + + $sp_base_url = get_option( 'mo_saml_sp_base_url' ); + if ( empty( $sp_base_url ) ) { + $sp_base_url = site_url(); + } + // verify the issuer and audience from saml response + $issuer = get_option('saml_issuer'); + $spEntityId = get_option('mo_saml_sp_entity_id'); + if(empty($spEntityId)) { + $spEntityId = $sp_base_url.'/wp-content/plugins/miniorange-saml-20-single-sign-on/'; + } + Utilities::validateIssuerAndAudience($samlResponse,$spEntityId, $issuer, $relayState); + + $ssoemail = current(current($samlResponse->getAssertions())->getNameId()); + $attrs = current($samlResponse->getAssertions())->getAttributes(); + $attrs['NameID'] = array("0" => $ssoemail); + $sessionIndex = current($samlResponse->getAssertions())->getSessionIndex(); + + mo_saml_checkMapping($attrs,$relayState,$sessionIndex); + } + + if( isset( $_REQUEST['option'] ) and strpos( $_REQUEST['option'], 'readsamllogin' ) !== false ) { + require_once dirname(__FILE__) . '/includes/lib/encryption.php'; + + if(isset($_POST['STATUS']) && $_POST['STATUS'] == 'ERROR') + { + update_option('mo_saml_redirect_error_code', htmlspecialchars($_POST['ERROR_REASON'])); + update_option('mo_saml_redirect_error_reason' , htmlspecialchars($_POST['ERROR_MESSAGE'])); + } + else if(isset($_POST['STATUS']) && $_POST['STATUS'] == 'SUCCESS'){ + $redirect_to = ''; + if(isset($_REQUEST['redirect_to']) && !empty($_REQUEST['redirect_to']) && $_REQUEST['redirect_to'] != '/') { + $redirect_to = htmlentities($_REQUEST['redirect_to']); + } + + delete_option('mo_saml_redirect_error_code'); + delete_option('mo_saml_redirect_error_reason'); + + try { + + $emailAttribute = get_option('saml_am_email'); + $usernameAttribute = get_option('saml_am_username'); + $firstName = get_option('saml_am_first_name'); + $lastName = get_option('saml_am_last_name'); + $groupName = get_option('saml_am_group_name'); + $defaultRole = get_option('saml_am_default_user_role'); + $dontAllowUnlistedUserRole = get_option('saml_am_dont_allow_unlisted_user_role'); + $checkIfMatchBy = get_option('saml_am_account_matcher'); + + $firstName = str_replace(".", "_", $firstName); + $firstName = str_replace(" ", "_", $firstName); + if(!empty($firstName) && array_key_exists($firstName, $_POST) ) { + $firstName = htmlspecialchars($_POST[$firstName]); + } + + $lastName = str_replace(".", "_", $lastName); + $lastName = str_replace(" ", "_", $lastName); + if(!empty($lastName) && array_key_exists($lastName, $_POST) ) { + $lastName = htmlspecialchars($_POST[$lastName]); + } + + $usernameAttribute = str_replace(".", "_", $usernameAttribute); + $usernameAttribute = str_replace(" ", "_", $usernameAttribute); + if(!empty($usernameAttribute) && array_key_exists($usernameAttribute, $_POST)) { + $userName = htmlspecialchars($_POST[$usernameAttribute]); + } else { + $userName = htmlspecialchars($_POST['NameID']); + } + + $user_email = str_replace(".", "_", $emailAttribute); + $user_email = str_replace(" ", "_", $emailAttribute); + if(!empty($emailAttribute) && array_key_exists($emailAttribute, $_POST)) { + $user_email = htmlspecialchars($_POST[$emailAttribute]); + } else { + $user_email = htmlspecialchars($_POST['NameID']); + } + + $groupName = str_replace(".", "_", $groupName); + $groupName = str_replace(" ", "_", $groupName); + if(!empty($groupName) && array_key_exists($groupName, $_POST) ) { + $groupName = htmlspecialchars($_POST[$groupName]); + } + + if(empty($checkIfMatchBy)) { + $checkIfMatchBy = "email"; + } + + //Decrypt email now. + + //Get customer token as a key to decrypt email + $key = get_option('mo_saml_customer_token'); + + if(isset($key) || trim($key) != '') + { + $deciphertext = AESEncryption::decrypt_data($user_email, $key); + $user_email = $deciphertext; + } + + //Decrypt firstname and lastName and username + + if(!empty($firstName) && !empty($key)) + { + $decipherFirstName = AESEncryption::decrypt_data($firstName, $key); + $firstName = $decipherFirstName; + } + if(!empty($lastName) && !empty($key)) + { + $decipherLastName = AESEncryption::decrypt_data($lastName, $key); + $lastName = $decipherLastName; + } + if(!empty($userName) && !empty($key)) + { + $decipherUserName = AESEncryption::decrypt_data($userName, $key); + $userName = $decipherUserName; + } + if(!empty($groupName) && !empty($key)) + { + $decipherGroupName = AESEncryption::decrypt_data($groupName, $key); + $groupName = $decipherGroupName; + } + } + catch (Exception $e) { + echo sprintf("An error occurred while processing the SAML Response."); + exit; + } + $groupArray = array ( $groupName ); + mo_saml_login_user($user_email,$firstName,$lastName,$userName, $groupArray, $dontAllowUnlistedUserRole, $defaultRole,$redirect_to, $checkIfMatchBy); + } + + } +} + +function mo_saml_checkMapping($attrs,$relayState,$sessionIndex){ + try { + //Get enrypted user_email + $emailAttribute = get_option('saml_am_email'); + $mo_saml_identity_provider_identifier_name = get_option('mo_saml_identity_provider_identifier_name')?get_option('mo_saml_identity_provider_identifier_name'):""; + if(!empty($mo_saml_identity_provider_identifier_name) and $mo_saml_identity_provider_identifier_name == 'Azure B2C'){ + $emailAttribute = 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress'; + } + $usernameAttribute = get_option('saml_am_username'); + $firstName = get_option('saml_am_first_name'); + $lastName = get_option('saml_am_last_name'); + $groupName = get_option('saml_am_group_name'); + $defaultRole = get_option('saml_am_default_user_role'); + $dontAllowUnlistedUserRole = get_option('saml_am_dont_allow_unlisted_user_role'); + $checkIfMatchBy = get_option('saml_am_account_matcher'); + $user_email = ''; + $userName = ''; + + //Attribute mapping. Check if Match/Create user is by username/email: + if(!empty($attrs)){ + if(!empty($firstName) && array_key_exists($firstName, $attrs)) + $firstName = $attrs[$firstName][0]; + else + $firstName = ''; + + if(!empty($lastName) && array_key_exists($lastName, $attrs)) + $lastName = $attrs[$lastName][0]; + else + $lastName = ''; + + if(!empty($usernameAttribute) && array_key_exists($usernameAttribute, $attrs)) + $userName = $attrs[$usernameAttribute][0]; + else + $userName = $attrs['NameID'][0]; + + if(!empty($emailAttribute) && array_key_exists($emailAttribute, $attrs)) + $user_email = $attrs[$emailAttribute][0]; + else + $user_email = $attrs['NameID'][0]; + + if(!empty($groupName) && array_key_exists($groupName, $attrs)) + $groupName = $attrs[$groupName]; + else + $groupName = array(); + + if(empty($checkIfMatchBy)) { + $checkIfMatchBy = "email"; + } + + } + + + if($relayState=='testValidate'){ + update_option('MO_SAML_TEST',"Test successful"); + update_option('MO_SAML_TEST_STATUS',1); + mo_saml_show_test_result($firstName,$lastName,$user_email,$groupName,$attrs); + }else{ + mo_saml_login_user($user_email, $firstName, $lastName, $userName, $groupName, $dontAllowUnlistedUserRole, $defaultRole, $relayState, $checkIfMatchBy, $sessionIndex, $attrs['NameID'][0]); + } + + } + catch (Exception $e) { + echo sprintf("An error occurred while processing the SAML Response."); + exit; + } +} + + + +function mo_saml_show_test_result($firstName,$lastName,$user_email,$groupName,$attrs){ + if(ob_get_contents()) + ob_end_clean(); + echo '
      '; + $name_id = $attrs['NameID'][0]; + if(!empty($user_email)){ + update_option('mo_saml_test_config_attrs', $attrs); + echo '
      TEST SUCCESSFUL
      +
      '; + }else{ + echo '
      TEST FAILED
      +
      WARNING: Some Attributes Did Not Match.
      +
      '; + } + + if(strlen($name_id) > 60){ + echo '

      Warning: The NameID value is longer than 60 characters. User will not be created during SSO.

      '; + } + $matchAccountBy = get_option('saml_am_account_matcher')?get_option('saml_am_account_matcher'):'email'; + if($matchAccountBy=='email' && !filter_var($name_id, FILTER_VALIDATE_EMAIL)) + { + echo '

      Warning: The NameID value is not a valid Email ID

      '; + } + echo 'Hello, '.$user_email.''; + + + echo'

      ATTRIBUTES RECEIVED:

      + + '; + + if(!empty($attrs)){ + foreach ($attrs as $key => $value) + + echo ""; + } + else + echo "No Attributes Received."; + echo '
      ATTRIBUTE NAMEATTRIBUTE VALUE
      " .$key . "" .implode("
      ",$value). "
      '; + echo '
      +   +
      + + '; + exit; +} + + +/** + * @Author:Shubham Gupta + * + */ +function mo_saml_convert_to_windows_iconv($certfpFromPlugin){ + $encoding_enabled = get_option('mo_saml_encoding_enabled'); + + if($encoding_enabled==='' || !mo_saml_is_iconv_installed()) + return $certfpFromPlugin; + return iconv("UTF-8", "CP1252//IGNORE", $certfpFromPlugin); + +} + +function mo_saml_login_user($user_email, $firstName, $lastName, $userName, $groupName, $dontAllowUnlistedUserRole, $defaultRole, $relayState, $checkIfMatchBy, $sessionIndex = '', $nameId = ''){ + $user_id = null; + if(($checkIfMatchBy == 'username' && username_exists( $userName )) || username_exists( $userName) ) { + $user = get_user_by('login', $userName); + $user_id = $user->ID; + + + } elseif(email_exists( $user_email )) { + + $user = get_user_by('email', $user_email ); + $user_id = $user->ID; + + + } elseif ( !username_exists( $userName ) && !email_exists( $user_email ) ) { + $random_password = wp_generate_password( 10, false ); + if(!empty($userName)) + { + $user_id = wp_create_user( $userName, $random_password, $user_email ); + } + else + { + $user_id = wp_create_user( $user_email, $random_password, $user_email ); + } + if(is_wp_error($user_id)){ + wp_die('We couldn\'t sign you in. Please contact your administrator.', 'Error: User not created'); + exit(); + } + + if (!get_option('mo_saml_free_version')) { + // Assign role + $current_user = get_user_by('id', $user_id); + $role_mapping = get_option('saml_am_role_mapping'); + if(!empty($groupName) && !empty($role_mapping)) { + $role_to_assign = ''; + $found = false; + foreach ($role_mapping as $role_value => $group_names) { + $groups = explode(";", $group_names); + foreach ($groups as $group) { + if(in_array($group, $groupName, TRUE)) { + $found = true; + $current_user->add_role($role_value); + } + } + } + + if($found !== true && !empty($dontAllowUnlistedUserRole) && $dontAllowUnlistedUserRole == 'checked') { + $user_id = wp_update_user( array( 'ID' => $user_id, 'role' => false ) ); + } elseif($found !== true && !empty($defaultRole)) { + $user_id = wp_update_user( array( 'ID' => $user_id, 'role' => $defaultRole ) ); + } + } elseif (!empty($dontAllowUnlistedUserRole) && strcmp( $dontAllowUnlistedUserRole, 'checked') == 0) { + $user_id = wp_update_user( array( 'ID' => $user_id, 'role' => false ) ); + } elseif(!empty($defaultRole)) { + $user_id = wp_update_user( array( 'ID' => $user_id, 'role' => $defaultRole ) ); + } else { + $defaultRole = get_option('default_role'); + $user_id = wp_update_user( array( 'ID' => $user_id, 'role' => $defaultRole ) ); + } + } else { + if(!empty($defaultRole)) { + $user_id = wp_update_user( array( 'ID' => $user_id, 'role' => $defaultRole ) ); + } + } + + } + elseif ( username_exists( $userName ) && !email_exists( $user_email ) ){ + wp_die("Registration has failed as a user with the same username already exists in WordPress. Please ask your administrator to create an account for you with a unique username.","Error"); + } + mo_saml_add_firstlast_name($user_id,$firstName,$lastName,$relayState); + + +} + +function mo_saml_add_firstlast_name($user_id,$first_name,$last_name,$relay_state){ + if( !empty($first_name) ) + { + $user_id = wp_update_user( array( 'ID' => $user_id, 'first_name' => $first_name ) ); + } + if( !empty($last_name) ) + { + $user_id = wp_update_user( array( 'ID' => $user_id, 'last_name' => $last_name ) ); + } + + wp_set_auth_cookie( $user_id, true ); + + if(!empty($relay_state)) + wp_redirect( $relay_state ); + else + wp_redirect( site_url() ); + exit; +} + + +function mo_saml_show_status_error($statusCode, $relayState, $statusmessage){ + $statusCode = htmlspecialchars($statusCode); + $statusmessage = htmlspecialchars($statusmessage); + if($relayState=='testValidate'){ + + echo '
      '; + echo '
      ERROR
      +

      Error: Invalid SAML Response Status.

      +

      Causes: Identity Provider has sent \''.$statusCode.'\' status code in SAML Response. Please check IdP logs.

      +

      Reason: '.mo_saml_get_status_message($statusCode).'

      '; + if(!empty($statusmessage)) + echo '

      Status Message in the SAML Response:
      '.$statusmessage.'


      '; + echo ' +
      + +
      +
      '; + exit; + } + else{ + wp_die('We could not sign you in. Please contact your Administrator','Error:Invalid SAML Response Status'); + } + +} + +function mo_saml_get_status_message($statusCode){ + switch($statusCode){ + case 'Requester': + return 'The request could not be performed due to an error on the part of the requester.'; + break; + case 'Responder': + return 'The request could not be performed due to an error on the part of the SAML responder or SAML authority.'; + break; + case 'VersionMismatch': + return 'The SAML responder could not process the request because the version of the request message was incorrect.'; + break; + default: + return 'Unknown'; + } +} +function mo_saml_show_SAML_log($samlRequestXML,$type){ + + header("Content-Type: text/html"); + $doc = new DOMDocument(); + $doc->preserveWhiteSpace = false; + $doc->formatOutput = true; + $doc->loadXML($samlRequestXML); + if($type=='displaySAMLRequest') + $show_value='SAML Request'; + else + $show_value='SAML Response'; + $out = $doc->saveXML(); + + $out1 = htmlentities($out); + $out1 = rtrim($out1); + + $xml = simplexml_load_string( $out ); + + $json = json_encode( $xml ); + + $array = json_decode( $json ); + $url = plugins_url( 'includes/css/style_settings.css?ver=4.8.60', __FILE__ ) ; + + + echo ' + +

      '.$show_value.'

      + + 
      '.$out1.'
      +
      +
      + +
      + +
      + +   + +
      +
      + + + '; + + ob_end_flush();?> + + + \ No newline at end of file diff --git a/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/mo_saml_addons.php b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/mo_saml_addons.php new file mode 100644 index 0000000..016ca18 --- /dev/null +++ b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/mo_saml_addons.php @@ -0,0 +1,83 @@ + __('Allows real-time user sync (automatic user create, delete, and update) from your Identity Provider such as Azure, Okta, Onelogin into your WordPress site.','miniorange-saml-20-single-sign-on'), + 'page_restriction' => __('Restrict access to WordPress pages/posts based on user roles and their login status, thereby protecting these pages/posts from unauthorized access.','miniorange-saml-20-single-sign-on'), + 'file_prevention' => __('Restrict any kind of media files such as images, audio, videos, documents, etc, and any extension (configurable) such as png, pdf, jpeg, jpg, bmp, gif, etc.','miniorange-saml-20-single-sign-on'), + 'ssologin' => __('SSO Login Audit tracks all the SSO users and generates detailed reports. The advanced search filters in audit reports makes it easy to find and keep track of your users.','miniorange-saml-20-single-sign-on'), + 'buddypress' => __('Integrate user information sent by the SAML Identity Provider in SAML Assertion with the BuddyPress profile fields.','miniorange-saml-20-single-sign-on'), + 'learndash' => __('Allows mapping your users to different LearnDash LMS plugin groups as per their group information sent by configured SAML Identity Provider.','miniorange-saml-20-single-sign-on'), + 'attribute_based_redirection' => __('Enables you to redirect your users to different pages after they log into your site, based on the attributes sent by your Identity Provider.','miniorange-saml-20-single-sign-on'), + 'ssosession' => __('Helps you in managing the login session time of your users based on their WordPress roles. Session time for roles can be specified.','miniorange-saml-20-single-sign-on'), + 'fsso' => __('Allows secure access to the site using various federations such as InCommon, HAKA, HKAF, etc. Users can log into the WordPress site using their university credentials.','miniorange-saml-20-single-sign-on'), + 'memberpress' => __('Map users to different membership levels created by the MemberPress plugin using the group information sent by your Identity Provider.','miniorange-saml-20-single-sign-on'), + 'wp_members' => __('Integrate WP-members fields using the attributes sent by your SAML Identity Provider in the SAML Assertion.','miniorange-saml-20-single-sign-on'), + 'woocommerce' => __('Map WooCommerce checkout page fields using the attributes sent by your IDP. This also allows you to map the users in different WooCommerce roles based on their IDP groups.','miniorange-saml-20-single-sign-on'), + 'guest_login' => __('Allows users to SSO into your site without creating a user account for them. This is useful when you dont want to manage the user accounts at the WordPress site.','miniorange-saml-20-single-sign-on'), + 'paid_mem_pro' => __('Map your users to different Paid MembershipPro membership levels as per the group information sent by your Identity Provider.','miniorange-saml-20-single-sign-on'), + 'profile_picture_add_on' => __('Maps raw image data or URL received from your Identity Provider into Gravatar for the user.','miniorange-saml-20-single-sign-on') + ); + ?> +
      + + + $value){ + if (is_plugin_active($value)) { + $addon = $key; + $addons_displayed[$addon] = $addon; + echo get_addon_tile($addon, mo_saml_options_addons::$ADDON_TITLE[$addon],$addon_desc[$addon], mo_saml_options_addons::$ADDON_URL[$addon], true); + } + } + if(!empty($addons_displayed)){ + ?> + + +
      + +

      :

      + + $value) { + if(!in_array($key, $addons_displayed)) + echo get_addon_tile($key, mo_saml_options_addons::$ADDON_TITLE[$key],$value, mo_saml_options_addons::$ADDON_URL[$key], false); + } + ?> +
      +
      +
      +
      +
      +
      + +
      +
      +
      +
      +
      +

      +
      +
      +
      +
      +
      + \ No newline at end of file diff --git a/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/mo_saml_licensing_plans.php b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/mo_saml_licensing_plans.php new file mode 100644 index 0000000..c9469f8 --- /dev/null +++ b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/mo_saml_licensing_plans.php @@ -0,0 +1,1910 @@ +.update-nag, .updated, .error, .is-dismissible, .notice, .notice-error { display: none; }'; + ?> + + + +
      + +
      +
      + +

      +

      +
      +

      + + + + + +

      +
      +
      + + info@xecurify.com for bulk discounts.','miniorange-saml-20-single-sign-on');?> +
      + + + + + + + + + +
      +
      +

      -

      +

      +

      +

      + +

      + +

      *

      +
      +
    • -
      • +

      *

      + +
    • -
      • +

      *

      +
      +

      + : +

      + +

      -

      + info@xecurify.com + for any queries regarding the return policy.','miniorange-saml-20-single-sign-on');?> + +
      +
      + + + + + +
      + + + + + + + +

      (Warning: PHP + cURL extension is not installed or disabled)

      + +

      (Warning: PHP + openssl extension is not installed or disabled)

      + +

      (Warning: PHP + dom extension is not installed or disabled)

      + +
      + +
      + + + +
      + +
      + + +
      + +
      + + +
      + + +
      +

      + + +
      + +
      +
    • + +
      +
      • + + +   + + + + + + + + + +

      + +
      + + + +" id="mo_modal_value"> + + + +
      + + + +
      + + + + +

      +
      + + + + + + + + + + + + +

      + + + + +
      + "> + +
      + +
      + + + + + + +       		+ +
      + + + + + +
      + + + + 'opt'), $_SERVER['REQUEST_URI'] ); + } + + function mo_saml_get_service_provider_url(){ + + return add_query_arg( array('tab' => 'save'), $_SERVER['REQUEST_URI'] ); + + + } + + function mo_saml_show_customer_details(){ + ?> +
      +

      + + + + + + + + + + +
      +

      + + + + + +
      +
      + + + +
      +       		+ +
      + +
      +
      + + +
      + + +
      + + +

      + +
      +

      +
      + + +
      +

      + + + + + + + + + + + + + + + + + +
      *: +
      *:
      *:
       
             +    + +
      +
      +
      +
      +
      + + +
      + + + +
      + + +
      +
      +

      +
      +
      +


      +
      + + + + + + + + + + + + +
      *:
      *:
        +          + +
      +
      +
      +
      +
      + + +
      +
      + + +
      + + + +
      + +

      [] + + + + + +

      +
      +

      +
      +
        +
      1. > .
        2. +
      2. ". +
        3. +
      +
      +
      +
      +
      +
      +

      + []

      + +

      + *   [] +
      +
      + +

      + * +
      +
      +
      +
      +

      + []

      + : +
      +

      + * +

      + + +

      + + *
      +
      (: /wp-login.php?saml_sso=false ) +

      +
      +
      +
      +

      + []

      + * +
      +
      +
      + + class="button button-primary button-large" value=""> +
      + + * + +

      + +
      +
      + + + +
      + + + + + + + + + + + + + + + + + +
      +

          + + + +

      +
      +
      +

      +
      + + + + + + + + + + + + + + +
      SP EntityID / Issuer:
      + + NOT change SP EntityID. It might break your existing login flow.','miniorange-saml-20-single-sign-on');?> +

      + + + +
      + +

      + '; + echo '

      ' . __('Provide this metadata URL to your Identity Provider or download the .xml file to upload it in your idp','miniorange-saml-20-single-sign-on') . ':

      +

      ' . __('Metadata URL','miniorange-saml-20-single-sign-on') . ': '. $sp_base_url.'/?option=mosaml_metadata + + ' . __('Copy to Clipboard','miniorange-saml-20-single-sign-on') . ' +

      +

      ' . __('Metadata XML File','miniorange-saml-20-single-sign-on') . ':   ' . __('Download','miniorange-saml-20-single-sign-on') . '

      '; + + echo '

      ' . __('OR','miniorange-saml-20-single-sign-on') . '

      ';?> + +
      +

      : +

      :

      + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      +
      +
      +
      +
      +
      +
      +
      + urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress +
      +
      +
      +
      +
      +
      +
      +
      ( +
      + +
      + +
      +
      + + + +

      + +
      + + + +
      + + + + + + + '; + + echo ' + + + + + + + + + '; + + echo ' + '; + wp_nonce_field("saml_upload_metadata"); + echo' + + + + '; + echo ' + + '; + echo ' + + + + + + + + + '; + echo '
      +

      ' . __('Upload IDP Metadata','miniorange-saml-20-single-sign-on') . ' + + + +

      +
      ' . __('Identity Provider Name','miniorange-saml-20-single-sign-on') . '*:
      ' . __('Upload Metadata','miniorange-saml-20-single-sign-on') . ' : +

      ' . __('OR','miniorange-saml-20-single-sign-on') . '

      ' . __('Enter metadata URL','miniorange-saml-20-single-sign-on') . ':  

      '; + + + } else { + global $wpdb; + $entity_id = get_option( 'entity_id' ); + if ( ! $entity_id ) { + $entity_id = 'https://auth.miniorange.com/moas'; + } + $sso_url = get_option( 'sso_url' ); + $cert_fp = get_option( 'cert_fp' ); + + //Broker Service + $saml_identity_name = get_option( 'saml_identity_name' ); + $saml_login_url = get_option( 'saml_login_url' ); + $saml_issuer = get_option( 'saml_issuer' ); + $saml_x509_certificate = maybe_unserialize( get_option( 'saml_x509_certificate' ) ); + $saml_x509_certificate = ! is_array( $saml_x509_certificate ) ? array( 0 => $saml_x509_certificate ) : $saml_x509_certificate; + $saml_response_signed = get_option( 'saml_response_signed' ); + $mo_saml_identity_provider_identifier_name = get_option('mo_saml_identity_provider_identifier_name')?get_option('mo_saml_identity_provider_identifier_name'):""; + + $saml_is_encoding_enabled = get_option('mo_saml_encoding_enabled')!==false?get_option('mo_saml_encoding_enabled'):'checked'; + + $saml_b2c_tenant = get_option('saml_b2c_tenant_id'); + $saml_IdentityExperienceFramework_id = get_option('saml_IdentityExperienceFramework_id'); + $saml_ProxyIdentityExperienceFramework_id = get_option('saml_ProxyIdentityExperienceFramework_id'); + if ( $saml_response_signed == null ) { + $saml_response_signed = 'checked'; + } + $saml_assertion_signed = get_option( 'saml_assertion_signed' ); + if ( $saml_assertion_signed == null ) { + $saml_assertion_signed = 'Yes'; + } + + $idp_config = get_option( 'mo_saml_idp_config_complete' ); + ?> +
      +
      + + + + + + + + + + + + + + + + + + + + + + +

      + + + +

      +
      + +


      +
      +
        + $value){ + $idp_videos = mo_saml_options_plugin_idp_videos::$IDP_VIDEOS; + $idp_video_index = $idp_videos[$value]; + ?> +
      • + + +

        +         +
        • + + +
      +
      +
      +
      +
      +
      +
      + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + $value ) { + echo ' + + + + + + '; + } + + + ?> + + + + + + + + + + + + + + + + + + + + + + + + + +
      +

          + + + + + + + />    +

      +
      +
      +
      : +
      +
      +
      + + + + + +
      +
      + +
      +
      *: />

      *: />

      *: />

      *: + title=" pattern="\w+"/>
       
      *:/>
      : EntityID in Your IdP-Metadata XML file enclosed in EntityDescriptor tag having attribute as entityID','miniorange-saml-20-single-sign-on');?>
       
      *:/>
      : SAML Login URL in Your IdP-Metadata XML file enclosed in SingleSignOnService tag (Binding type: HTTP-Redirect)','miniorange-saml-20-single-sign-on');?> + + +
       
      ' . __('X.509 Certificate','miniorange-saml-20-single-sign-on') . ' *:
       ' . __('NOTE','miniorange-saml-20-single-sign-on') . ':' . __('Format of the certificate','miniorange-saml-20-single-sign-on') . ':
      -----BEGIN CERTIFICATE-----
      XXXXXXXXXXXXXXXXXXXXXXXXXXX
      -----END CERTIFICATE-----
      +
       
      + +
       :
       
      /> + value="" class="button button-primary button-large" + style="margin-right: 3%;width: 150px;position: absolute"/> +
      +
      + + + style="width:320px;position: relative" onclick="jQuery('#genetateB2CPolicies').submit();"> + + + + style="margin-right: 3%;width: 150px;position: absolute" onclick="jQuery('#updateConfig').submit();" + > + +

      value="" class="button button-primary button-large" style="width:320px;position: relative" + onclick="jQuery('#mo_export').submit();"/>
      +
      +
      +
      +
      + + + +
      +
      + + +
      +
      + +
      + + + +
      + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      +

      + + + +

      +
      [ ] + +

      + +
      + Enable this option if you want to allow users to login to the WordPress site without creating a WordPress user account for them.

      : NameID if Identity is in the NameIdentifier element of the subject statement in SAML Response.','miniorange-saml-20-single-sign-on');?>

      *:NameID
      *:NameID
      *:/>
      *:/>
      *:
      +
      * +
      +

      + usermeta table of your database.','miniorange-saml-20-single-sign-on');?>
      +

      +
      +
      +
      +
      + + + + + + + + + + + + + + + + + + + + + + + + + get_names(); + $roles_configured = get_option( 'saml_am_role_mapping' ); + foreach ( $roles as $role_value => $role_name ) { + if ( ! get_option( 'mo_saml_free_version' ) ) { + echo ''; + } else { + echo ''; + } + } + ?> + + + + + + + + + +
      +

      +
      [ ] + +

      :

      + *
      + *

      : + + +      +
      ' . $role_name . '
      *' . $role_name . '

      * + +
      +
       
      />   +

      +
      +
      + enabled "; + } + return " disabled "; +} + +function mo_saml_is_sp_configured() { + $saml_login_url = get_option( 'saml_login_url' ); + + + if ( empty( $saml_login_url ) ) { + return 0; + } else { + return 1; + } +} + +function mo_saml_download_logs($error_msg,$cause_msg) { + + echo '
      '; + echo '
      '; + echo '

      ' . __('Please try the solution given above.If the problem persists,download the plugin configuration by clicking on Export Plugin Configuration and mail us at info@xecurify.com','miniorange-saml-20-single-sign-on') . '.

      +

      ' . __('We will get back to you soon!','miniorange-saml-20-single-sign-on') . '

      +

      +
      +
      +
      '; + wp_nonce_field('mo_saml_export'); + echo ' + +
      + + '; + echo '  '; + + $samlResponse = htmlspecialchars($_POST['SAMLResponse']); + update_option('MO_SAML_RESPONSE',$samlResponse); + $error_array = array("Error"=>$error_msg,"Cause"=>$cause_msg); + update_option('MO_SAML_TEST',$error_array); + update_option('MO_SAML_TEST_STATUS',0); + ?> + + +
      +

      +
      +
      +
      +
      +

      +
      +

      + +
      + + + + + + + + + + + + +
      +
      +
      +
      + +
      +

      + + +

      +       + +
      +
      +
      *:
      +
      + +
      +
      +


      + +
      + *:
      + +
      +
      + *:
      + +



      +
      +

      + +

      +
      +
      +
      +
      + +
      +
      +

      + + + + + +
      +

      :

      +
      + + + + $values){ ?> + + + + + +
      ",$values); ?>
      +
      +

      +
      +

      :
      + Test configuration in Service Provider Setup tab to populate the list again.','miniorange-saml-20-single-sign-on');?>

      +
      +
      + + +
      +
      +
      + +
      +

      + +

      +
      + +
      + + + + + + + + + + + + + + + + + + + + + + + +

      *

      :

      *

      :
      :
      +

      :

      +

      (: )

      +
      + $value){?> +
      + +

      +
      +
      +
      + + + + urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress + + + + miniOrange + miniOrange + http://miniorange.com + + + miniOrange + info@xecurify.com + + + miniOrange + info@xecurify.com + +'; + exit; + +} + +?> \ No newline at end of file diff --git a/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/pointers.php b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/pointers.php new file mode 100644 index 0000000..20440e0 --- /dev/null +++ b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/pointers.php @@ -0,0 +1,274 @@ + sprintf( '

      %s

      ', esc_html__( 'Select ADFS as IDP (Step 1 of 9)','miniorange-saml-20-single-sign-on' ) ), + 'content' => sprintf( '

      %s

      ', esc_html__( 'Choose ADFS as your IDP, and refer to the setup guide for complete instructions.','miniorange-saml-20-single-sign-on' ) ), + 'anchor_id' => $guide_pointer_div, + 'isdefault' => 'yes', + 'edge' => 'left', + 'align' => 'left', + 'where' => array( 'toplevel_page_mo_saml_settings' ) // <-- Please note this + ); + $pointers['default-miniorange-sp-metadata-url'] = array( + 'title' => sprintf( '

      %s

      ', esc_html__( 'Service Provider Metadata URL (Step 2 of 9)','miniorange-saml-20-single-sign-on' ) ), + 'content' => sprintf( '

      %s

      ', esc_html__( 'Use this Metadata URL or file to configure ADFS.','miniorange-saml-20-single-sign-on' ) ), + 'anchor_id' => '#metadata_url', + 'isdefault' => 'yes', + 'edge' => 'left', + 'align' => 'left', + 'where' => array( 'toplevel_page_mo_saml_settings' ) // <-- Please note this + ); + $pointers['default-miniorange-upload-metadata'] = array( + 'title' => sprintf( '

      %s

      ', esc_html__( 'Upload your metadata (Step 3 of 9)','miniorange-saml-20-single-sign-on' ) ), + 'content' => sprintf( '

      %s

      ', esc_html__( 'Once you have configured ADFS, you can use this button to upload the metadata received from ADFS.','miniorange-saml-20-single-sign-on' ) ), + 'anchor_id' => '#upload-metadata', + 'isdefault' => 'yes', + 'edge' => 'left', + 'align' => 'left', + 'where' => array( 'toplevel_page_mo_saml_settings' ) // <-- Please note this + ); + $pointers['default-miniorange-test-configuration'] = array( + 'title' => sprintf( '

      %s

      ', esc_html__( 'Check your configurations (Step 4 of 9)' ,'miniorange-saml-20-single-sign-on') ), + 'content' => sprintf( '

      %s

      ', esc_html__( 'After uploading the metadata from ADFS, use this button to test the configurations between ADFS and WordPress.' ,'miniorange-saml-20-single-sign-on') ), + 'anchor_id' => '#test_config', + 'isdefault' => 'yes', + 'edge' => 'left', + 'align' => 'left', + 'where' => array( 'toplevel_page_mo_saml_settings' ) // <-- Please note this + ); + $pointers['default-miniorange-attribute-mapping'] = array( + 'title' => sprintf( '

      %s

      ', esc_html__( 'Configure Attribute Mapping (Step 5 of 9)','miniorange-saml-20-single-sign-on' ) ), + 'content' => sprintf( '

      %s

      ', esc_html__( 'While auto registering the users in your WordPress site these attributes will automatically get mapped to your WordPress user details.' ,'miniorange-saml-20-single-sign-on') ), + 'anchor_id' => '#miniorange-attribute-mapping', + 'isdefault' => 'yes', + 'edge' => 'left', + 'align' => 'left', + 'where' => array( 'toplevel_page_mo_saml_settings' ) // <-- Please note this + ); + + $pointers['default-miniorange-role-mapping'] = array( + 'title' => sprintf( '

      %s

      ', esc_html__( 'Configure Role Mapping (Step 6 of 9)','miniorange-saml-20-single-sign-on' ) ), + 'content' => sprintf( '

      %s

      ', esc_html__( 'Select roles to be assigned to users when they are created in Wordpress.','miniorange-saml-20-single-sign-on' ) ), + 'anchor_id' => '#miniorange-role-mapping', + 'isdefault' => 'yes', + 'edge' => 'left', + 'align' => 'left', + 'where' => array( 'toplevel_page_mo_saml_settings' ) // <-- Please note this + ); + $pointers['default-minorange-use-widget'] = array( + 'title' => sprintf( '

      %s

      ', esc_html__( 'Available with this version (Step 7 of 9)','miniorange-saml-20-single-sign-on' ) ), + 'content' => sprintf( '

      %s

      ', esc_html__( 'Add a widget to your Wordpress page and test out the SSO.','miniorange-saml-20-single-sign-on' ) ), + 'anchor_id' => '#minorange-use-widget', + 'isdefault' => 'yes', + 'edge' => 'left', + 'align' => 'left', + 'where' => array( 'toplevel_page_mo_saml_settings' ) // <-- Please note this + ); + $pointers['default-miniorange-addons'] = array( + 'title' => sprintf( '

      %s

      ', esc_html__( 'Add-Ons (Step 8 of 9)' ,'miniorange-saml-20-single-sign-on') ), + 'content' => sprintf( '

      %s

      ', esc_html__( 'Checkout all our add-ons to extend the SSO functionality.' ,'miniorange-saml-20-single-sign-on') ), + 'anchor_id' => '#miniorange-addons', + 'isdefault' => 'yes', + 'edge' => 'left', + 'align' => 'left', + 'where' => array( 'toplevel_page_mo_saml_settings' ) // <-- Please note this + ); + $pointers['default-miniorange-support-pointer'] = array( + 'title' => sprintf( '

      %s

      ', esc_html__( 'We are here!!' ,'miniorange-saml-20-single-sign-on') ), + 'content' => sprintf( '

      %s

      ', esc_html__( 'Get in touch with us and we will help you setup the plugin in no time.','miniorange-saml-20-single-sign-on' ) ), + 'anchor_id' => '#mo_saml_support_layout', + 'isdefault' => 'yes', + 'edge' => 'right', + 'align' => 'left', + 'where' => array( 'toplevel_page_mo_saml_settings' ) // <-- Please note this + ); +} +if(get_option('service_provider_setup_tour_initiated')){ + delete_option('service_provider_setup_tour_initiated'); + + $guide_pointer_div = get_option('mo_saml_identity_provider_identifier_name')?'#selected_idp_div':'#mo_saml_idps_grid_div'; + + + $pointers['miniorange-select-your-idp'] = array( + 'title' => sprintf( '

      %s

      ', esc_html__( 'Select your IDP','miniorange-saml-20-single-sign-on' ) ), + 'content' => sprintf( '

      %s

      ', esc_html__( 'Choose your IDP from the list of IDPs, and refer to the setup guides to proceed further' ,'miniorange-saml-20-single-sign-on') ), + 'anchor_id' => $guide_pointer_div, + 'edge' => 'left', + 'align' => 'left', + 'where' => array( 'toplevel_page_mo_saml_settings' ) // <-- Please note this + ); + $pointers['miniorange-upload-metadata'] = array( + 'title' => sprintf( '

      %s

      ', esc_html__( 'Upload your metadata' ,'miniorange-saml-20-single-sign-on') ), + 'content' => sprintf( '

      %s

      ', esc_html__( 'If you have a metadata URL or file provided by your IDP, click on this button.' ,'miniorange-saml-20-single-sign-on') ), + 'anchor_id' => '#upload-metadata', + 'edge' => 'left', + 'align' => 'left', + 'where' => array( 'toplevel_page_mo_saml_settings' ) // <-- Please note this + ); + $pointers['miniorange-upload-metadata'] = array( + 'title' => sprintf( '

      %s

      ', esc_html__( 'Upload your metadata' ,'miniorange-saml-20-single-sign-on') ), + 'content' => sprintf( '

      %s

      ', esc_html__( 'If you have a metadata URL or file provided by your IDP, click on this button. You can configure the plugin manually as well' ,'miniorange-saml-20-single-sign-on') ), + 'anchor_id' => '#upload-metadata', + 'edge' => 'left', + 'align' => 'left', + 'where' => array( 'toplevel_page_mo_saml_settings' ) // <-- Please note this + ); + + if(mo_saml_is_sp_configured() || get_option('saml_x509_certificate')){ + $pointers['miniorange-test-configuration'] = array( + 'title' => sprintf( '

      %s

      ', esc_html__( 'Check your configurations' ,'miniorange-saml-20-single-sign-on') ), + 'content' => sprintf( '

      %s

      ', esc_html__( 'This will test if the configurations on IDP and SP are correct' ,'miniorange-saml-20-single-sign-on') ), + 'anchor_id' => '#test_config', + 'edge' => 'left', + 'align' => 'left', + 'where' => array( 'toplevel_page_mo_saml_settings' ) // <-- Please note this + ); + $pointers['export-import-config'] = array( + 'title' => sprintf( '

      %s

      ', esc_html__( 'Export Configuration' ,'miniorange-saml-20-single-sign-on') ), + 'content' => sprintf( '

      %s

      ', esc_html__( 'If you are having trouble setting up the plugin, Export the configurations and mail us at info@xecurify.com.' ,'miniorange-saml-20-single-sign-on') ), + 'anchor_id' => '#export-import-config', + 'edge' => 'left', + 'align' => 'left', + 'where' => array( 'toplevel_page_mo_saml_settings' ) // <-- Please note this + ); + } + + $pointers['configure-service-restart-tour'] = array( + 'title' => sprintf( '

      %s

      ', esc_html__( 'Click when you need me!' ,'miniorange-saml-20-single-sign-on') ), + 'content' => sprintf( '

      %s

      ', esc_html__( 'Revisit tour' ,'miniorange-saml-20-single-sign-on') ), + 'anchor_id' => '#configure-service-restart-tour', + 'edge' => 'left', + 'align' => 'left', + 'where' => array( 'toplevel_page_mo_saml_settings' ) // <-- Please note this + ); + +} +if($tab == 'config'){ + + $pointers['miniorange-sp-metadata-url'] = array( + 'title' => sprintf( '

      %s

      ', esc_html__( 'Service Provider Metadata URL' ,'miniorange-saml-20-single-sign-on') ), + 'content' => sprintf( '

      %s

      ', esc_html__( 'Use this Metadata URL or file to configure your IDP.' ,'miniorange-saml-20-single-sign-on') ), + 'anchor_id' => '#metadata_url', + 'edge' => 'left', + 'align' => 'left', + 'where' => array( 'toplevel_page_mo_saml_settings' ) // <-- Please note this + ); + $pointers['metadata_manual'] = array( + 'title' => sprintf( '

      %s

      ', esc_html__( 'Service Provider Metadata URLs' ,'miniorange-saml-20-single-sign-on') ), + 'content' => sprintf( '

      %s

      ', esc_html__( 'If your IDP does not support metadata URL or file, you can even manually configure your IDP using the information given here' ,'miniorange-saml-20-single-sign-on') ), + 'anchor_id' => '#metadata_manual', + 'edge' => 'left', + 'align' => 'left', + 'where' => array( 'toplevel_page_mo_saml_settings' ) // <-- Please note this + ); + + + $pointers['identity-provider-restart-tour'] = array( + 'title' => sprintf( '

      %s

      ', esc_html__( 'Click when you need me!' ,'miniorange-saml-20-single-sign-on') ), + 'content' => sprintf( '

      %s

      ', esc_html__( 'Revisit tour' ,'miniorange-saml-20-single-sign-on') ), + 'anchor_id' => '#identity-provider-restart-tour', + 'edge' => 'left', + 'align' => 'left', + 'where' => array( 'toplevel_page_mo_saml_settings' ) // <-- Please note this + ); + +} +if($tab == 'opt'){ + + $pointers['miniorange-attribute-mapping'] = array( + 'title' => sprintf( '

      %s

      ', esc_html__( 'Configure Attribute Mapping' ,'miniorange-saml-20-single-sign-on') ), + 'content' => sprintf( '

      %s

      ', esc_html__( 'While auto registering the users in your WordPress site these attributes will automatically get mapped to your WordPress user details.' ,'miniorange-saml-20-single-sign-on') ), + 'anchor_id' => '#miniorange-attribute-mapping', + 'edge' => 'left', + 'align' => 'left', + 'where' => array( 'toplevel_page_mo_saml_settings' ) // <-- Please note this + ); + + $pointers['miniorange-role-mapping'] = array( + 'title' => sprintf( '

      %s

      ', esc_html__( 'Configure Role Mapping' ,'miniorange-saml-20-single-sign-on') ), + 'content' => sprintf( '

      %s

      ', esc_html__( 'Select roles to be assigned to users when they are created in Wordpress.' ,'miniorange-saml-20-single-sign-on') ), + 'anchor_id' => '#miniorange-role-mapping', + 'edge' => 'left', + 'align' => 'left', + 'where' => array( 'toplevel_page_mo_saml_settings' ) // <-- Please note this + ); + + + $pointers['attribute-mapping-restart-tour'] = array( + 'title' => sprintf( '

      %s

      ', esc_html__( 'Click when you need me!' ,'miniorange-saml-20-single-sign-on') ), + 'content' => sprintf( '

      %s

      ', esc_html__( 'Revisit tour' ,'miniorange-saml-20-single-sign-on') ), + 'anchor_id' => '#attribute-mapping-restart-tour', + 'edge' => 'left', + 'align' => 'left', + 'where' => array( 'toplevel_page_mo_saml_settings' ) // <-- Please note this + ); + + +} + +if( $tab =='general'){ + $pointers['minorange-use-widget'] = array( + 'title' => sprintf( '

      %s

      ', esc_html__( 'Available with this version' ,'miniorange-saml-20-single-sign-on') ), + 'content' => sprintf( '

      %s

      ', esc_html__( 'Add a widget to your Wordpress page and test out the SSO.' ,'miniorange-saml-20-single-sign-on') ), + 'anchor_id' => '#minorange-use-widget', + 'edge' => 'left', + 'align' => 'left', + 'where' => array( 'toplevel_page_mo_saml_settings' ) // <-- Please note this + ); + $pointers['miniorange-auto-redirect'] = array( + 'title' => sprintf( '

      %s

      ', esc_html__( 'Premium Feature' ,'miniorange-saml-20-single-sign-on') ), + 'content' => sprintf( '

      %s

      ', esc_html__( 'Redirect the users to your IdP if user not logged in.Protects your complete site from not logged in Users' ,'miniorange-saml-20-single-sign-on') ), + 'anchor_id' => '#miniorange-auto-redirect', + 'edge' => 'left', + 'align' => 'left', + 'where' => array( 'toplevel_page_mo_saml_settings' ) // <-- Please note this + ); + + + $pointers['miniorange-auto-redirect-login-page'] = array( + 'title' => sprintf( '

      %s

      ', esc_html__( 'Premium Feature' ,'miniorange-saml-20-single-sign-on') ), + 'content' => sprintf( '

      %s

      ', esc_html__( 'Automatically redirect the user to the Identity Provider when they land on the WordPress Login Page.' ,'miniorange-saml-20-single-sign-on') ), + 'anchor_id' => '#miniorange-auto-redirect-login-page', + 'edge' => 'left', + 'align' => 'left', + 'where' => array( 'toplevel_page_mo_saml_settings' ) // <-- Please note this + ); + + $pointers['miniorange-short-code'] = array( + 'title' => sprintf( '

      %s

      ', esc_html__( 'Premium Feature' ,'miniorange-saml-20-single-sign-on') ), + 'content' => sprintf( '

      %s

      ', esc_html__( 'Add a shortcode to any page and SSO into your website' ,'miniorange-saml-20-single-sign-on') ), + 'anchor_id' => '#miniorange-short-code', + 'edge' => 'left', + 'align' => 'left', + 'where' => array( 'toplevel_page_mo_saml_settings' ) // <-- Please note this + ); + + $pointers['miniorange-redirection-sso-restart-tour'] = array( + 'title' => sprintf( '

      %s

      ', esc_html__( 'Click when you need me!' ,'miniorange-saml-20-single-sign-on') ), + 'content' => sprintf( '

      %s

      ', esc_html__( 'Revisit tour' ,'miniorange-saml-20-single-sign-on') ), + 'anchor_id' => '#miniorange-redirection-sso-restart-tour', + 'edge' => 'left', + 'align' => 'left', + 'where' => array( 'toplevel_page_mo_saml_settings' ) // <-- Please note this + ); +} + + + + + + +return $pointers; \ No newline at end of file diff --git a/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/readme.txt b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/readme.txt new file mode 100644 index 0000000..2d295c9 --- /dev/null +++ b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/readme.txt @@ -0,0 +1,808 @@ +=== SAML Single Sign On – SAML SSO Login === +Contributors: miniOrange +Donate link: http://miniorange.com +Tags: SAML,WordPress SSO, login, Azure AD, Single sign on +Requires at least: 3.7 +Tested up to: 5.7 +Requires PHP: 5.4 +Stable tag: 4.9.05 +License: MIT/Expat +License URI: https://docs.miniorange.com/mit-license + +WordPress Single Sign On SSO login with Azure, Azure B2C, Okta, ADFS, Keycloak, Ping, Onelogin, Gsuite, Shibboleth & many SAML IdPs [24/7 SUPPORT] + +== Description == + +WordPress Single Sign On SSO with our SAML Single Sign On – SSO Login plugin allows SSO with Azure AD, Azure AD B2C, Keycloak, ADFS, Okta, Shibboleth, Salesforce, GSuite / Google Apps, Office 365, SimpleSAMLphp, OpenAM, Centrify, Ping, RSA, IBM, Oracle, OneLogin, Bitium, WSO2, NetIQ and all SAML 2.0 capable Identity Providers into your WordPress site. + +You can checkout the following video to configure the plugin with your Identity Provider: + +[youtube https://youtu.be/gilfhNFYsgc] + +SAML SP Single Sign On (SSO) provides SAML authentication for WordPress allowing your users to login to the WP site. + += List of Supported IdPs = +* **Azure AD** (supports SAML SSO for WordPress login) +* **Azure AD B2C** (supports SAML SSO for WordPress login) +* **Keycloak** (supports SAML SSO for WordPress login) +* **ADFS** (supports SAML SSO for WordPress login) +* **Okta** (supports SAML SSO for WordPress login) +* **Salesforce** (supports SAML SSO for WordPress login) +* **Office 365** (supports SAML SSO for WordPress login) +* **Shibboleth** (supports SAML SSO for WordPress login) +* **GSuite / Google Apps** (supports SAML SSO for WordPress login) +* **miniOrange** (supports SAML SSO for WordPress login) +* **OneLogin** (supports SAML SSO for WordPress login) +* **Centrify** (supports SAML SSO for WordPress login) +* **Gluu Server** (supports SAML SSO for WordPress login) +* **SimpleSAMLphp** (supports SAML SSO for WordPress login) +* **OpenAM** (supports SAML SSO for WordPress login) +* **Ping** (supports SAML SSO for WordPress login) +* **RSA** (supports SAML SSO for WordPress login) +* **IBM** (supports SAML SSO for WordPress login) +* **Oracle** (supports SAML SSO for WordPress login) +* **Bitium** (supports SAML SSO for WordPress login) +* **WSO2** (supports SAML SSO for WordPress login) +* **NetIQ** (supports SAML SSO for WordPress login) +and practically any SAML compliant Identity Provider. + += WordPress Single Sign On (SSO) = + +WordPress Single Sign-On (SSO) is an authentication process in which a user can login to multiple applications and/or websites by using only a single set of login credentials (such as username and password). This prevents the need for the user to login separately into the different applications. WordPress Single Sign-On addresses the challenge of maintaining the credentials for each application separately, streamlining the process of signing-on without need to re-enter the password. + +WordPress Single Sign On allows your users to login to your WordPress site by authenticating with their IDP. If your users first login to some other application connected to your IDP, they can seamlessly login to WordPress without being prompted for login again. + +This SAML WordPress Single Sign On SSO solution provides SAML SSO capability to your WordPress site, converting it to a SAML compliant Service Provider which can be configured with any SAML compliant Identity Provider, allowing your users to login to your WP site. + +WordPress Single Sign on also allows you to manage login and achieve Single Sign On on your WordPress membership site using Azure AD, Azure B2C, ADFS, Keycloak, GSuite / Google Apps, Okta, Salesforce, Office 365, Shibboleth, or any SAML compliant Identity Provider so that you can allow your users to login to WordPress as a member via using their IDP credentials. + +miniOrange WordPress Single Sign on(SAML SSO) Plugin acts as a SAML 2.0 Service Provider which can be configured to establish the trust between the plugin and a SAML 2.0 capable Identity Providers to securely authenticate the user to the Wordpress site. This allows your users to securely login to the WP site. +WordPress Multi-Site Environment and ability to configure Multiple SAML IDPs against wordpress as SAML service provider is also supported in premium SAML SP Single Sign On plugin. + +WordPress SAML Single Sign On supports all kinds of SSO use cases such as Azure login into WordPress, Azure AD login into WordPress, Azure AD SSO(Azure AD Single Sign-On), Login with Azure AD, Login using Azure AD, Login with Office 365, Office 365 login, Office 365 Single Sign On, Login using Office 365, ADFS login into WordPress, Login with ADFS, Okta login, OneLogin SSO, Salesforce login, Login using Salesforce, Google Apps login, Google Apps Single Sign On, Login with Google Apps, Login using Google Apps, Login using Gsuite, Gsuite login into WordPress, Keycloak login, Auth0 login, Shibboleth login, Login with Shibboleth, Login using Shibboleth, PingFederate login, etc. allowing your users to securely login to the WordPress site. + +WordPress SAML Single Sign On provides Anonymous Login(Guest User Login) for your WordPress site so that your users can login to the WordPress site using the IdP credentials without creating the users in the site. + += WORDPRESS SINGLE SIGN-ON (SSO) USE-CASES: = + +**Azure SSO** +The WordPress SAML Single Sign On plugin supports Azure SSO use cases such as AzureAD SSO(Azure AD Single Sign-On), Azure B2C SSO, Azure login into WordPress, Login with Azure AD, Login using Azure AD, Office 365 SSO(Office 365 Single Sign On), Login with Office 365, Login using Office 365, Office 365 Login, PowerBI SSO,etc. +You can also enable SSO with multiple Azure tenants using our Azure multi-tenant add-on (Available with the All-Inclusive license of WordPress Single Sign On (SAML SSO) plugin). Using this you can allow users in multiple Azure tenant or Office 365 tenant to login to your WordPress site. + +Azure AD Login / Azure AD SSO(Azure AD Single Sign-On) / Azure login allows your users to authenticate with their Azure Active Directory credentials on the Microsoft login page in order to log into the WordPress site. +We provide deep integration between WordPress Single Sign On and Azure AD Login in which you can also map the users' information such as givenname, surname, email, groups, etc from your Azure AD to the WordPress site. This allows your users to securely achieve Login with Azure AD / Login using Azure AD / Azure AD SSO / Azure login / for you WordPress site. +This also allows your Office 365 users to achieve WordPress Single Sign On(Login with office 365 credentials / Office 365 Login / Login using Office 365) by authenticating via their Office 365 credentials. Our plugin allows you to map user information from Office 365 to your WordPress site in order to seamlessly achieve Office 365 Login / login with office 365 credentials / Office 365 SSO / Login using Office 365. + +The WordPress SAML Single Sign On plugin allows your users present in any of the Azure AD tenant to login to the WordPress site. Multi-tenancy for Azure AD can be seamlessly achieved using our Azure AD multi-tenant SSO add-on. This allows SSO with multiple Azure AD tenants in your WordPress site. + +**Google Apps SSO** +The WordPress SAML Single Sign On SSO plugin supports SSO with GSuite / Google Apps(Google Apps Login / Login using Gsuite / Login with Google Apps / Login using Google Apps / Gsuite login), allowing the users in your organization to login to your WordPress site using their organization Google Apps credentials. +You can use the WordPress Single Sign On plugin to map the user information such as first name, last name, employee details, etc from Google Apps to your WordPress site in order to achieve Google Apps Login / SSO with GSuite / Login using Gsuite / Login with Google Apps / Login using Google Apps / Gsuite login into WordPress. +We also support WordPress Single Sign On with multiple Google Apps organization on the same site using our All-Inclusive plan. +We provide seamless integration between WordPress Single Sign On and Google Apps Login(Login with Google Apps) in which you can provide Role controls to your users based on Google Groups or Organizational Unit membership. +This allows your users to seamlessly achieve Google Apps Login / Login with Google Apps / Login using Google Apps(Google Apps Single Sign On) for your WordPress site. +WordPress SAML Single Sign On SSO is a leading enterprise grade plugin trusted by thousands of organizations from schools to large public companies, for enabling SSO with GSuite / Google Apps(Google Apps Login / Login using Gsuite / Login with Google Apps / Login using Google Apps / Gsuite login). +Our plugin enables displaying user's Google Profile photo in place of their avatars through out the site(available with Custom integration) in addition to Google Apps Login / SSO with GSuite / Login using Gsuite / Login with Google Apps / Login using Google Apps / Gsuite login. + +**Federation SSO** +The WordPress SAML Single Sign On plugin is compatible with Federation use cases allowing your students or staffs to login the WordPress site using their university credentials that is affiliated with any federation such as InCommon, HAKA, HKAF, etc. +To enable Federation SSO, you will need to get the Federation SSO add-on. + +**Salesforce Community SSO** +The WordPress SAML Single Sign On plugin allows your Salesforce community users to login to the WordPress site by authenticating with their Salesforce credentials(Login using Salesforce / Salesforce Login). +You can also enable SSO with multiple Salesforce communities using our Salesforce Community add-on. +Our WordPress Single Sign-On(SAML SSO) plugin supports all the Salesforce SSO use cases such as Salesforce Login, Salesforce Single Sign-On, Salesforce Community SSO, Salesforce Login(Single Sign-On) into WordPress, Login using Salesforce, Login with Salesforce. +This allows you to seamlessly achieve Login using Salesforce, Salesforce Login, Salesforce Community SSO, Login with Salesforce, Salesforce Single Sign-On for your WordPress site. + +The WordPress SAML Single Sign On SSO plugin is equipped with an ever-increasing list of very detailed SAML SSO guides which can be used to configure the plugin with SAML compliant Identity Providers such as Azure AD, Keycloak, ADFS, Okta, Shibboleth, Salesforce, GSuite / Google Apps, Office 365, SimpleSAMLphp, OpenAM, Centrify, Ping, Oracle, OneLogin, and many more SAML Identity Providers, allowing your users to securely login to the WP site. WordPress Single Sign On SSO plugin is trusted by thousands of Enterprise Customers across the World to seamlessly achieve WordPress SSO with any SAML compliant Identity Provider. + +WordPress Single Sign On SSO plugin provides an Easy migration feature in the Enterprise and All-Inclusive plan suited to hosting providers like WP Engine, Pantheon, etc. This allows you to configure the plugin for your production and pre-production environments at once and easily switch between your environments without overwriting the configurations. + +WordPress Single Sign On SSO plugin provides a support for plugin configuration using WP-CLI Commands. This ensures you can seamlessly achieve WordPress Single Sign On using any SAML compliant Identity Provider. + +If you require any Single Sign On (SSO) application or need any help with installing this plugin, please feel free to email us at info@xecurify.com or Contact us. + +The plugin is compatible with all kinds of enterprise WordPress SAML Single Sign On SSO use cases where the users existing in Azure AD, Azure AD B2C, ADFS, Keycloak, GSuite / Google Apps, Okta, Salesforce, Office 365, Shibboleth, or any SAML compliant Identity Provider can securely login to the WordPress site by authenticating via the IDP that is configured in the plugin. + +That means the WordPress Single Sign On can be used to achieve Azure login into WordPress, Azure AD login, Azure AD SSO(Azure AD Single Sign-On), Login with Azure AD, Login using Azure AD, Office 365 login, Office 365 Single Sign On, Login using Office 365, Login with Office 365, ADFS login, Login with ADFS, Okta login, OneLogin SSO, Salesforce login, Login using Salesforce, Google Apps login, Google Apps Single Sign On, Login with Google Apps, Login using Google Apps, Login using Gsuite, Gsuite login into WordPress, Keycloak login, Auth0 login, Shibboleth login, Login with Shibboleth, Login using Shibboleth, PingFederate login, etc. on your WP site using SAML SSO. + +The plugin can also support WordPress Single Sign On with any Identity Provider including OAuth, OpenID Connect, Active Directory, database using miniOrange IDP allowing your users to login to the WP site via authenticating with their user store. + += Free Version Features = +* WordPress SAML Single Sign On supports SSO with any 3rd party SAML supported Identity Providers like ADFS, Azure AD, Azure AD B2C, Keycloak, Okta, Salesforce, GSuite / Google Apps, O365, Shibboleth, SimpleSAMLphp, OpenAM, Centrify, Ping, RSA, IBM, Oracle, OneLogin, Bitium, WSO2, NetIQ etc. +* **Auto Create Users** - Users will be auto-created in WordPress after SAML SSO using our WordPress Single Sign On(SAML SSO) plugin. +* **Login Widgets** - Use SAML Login Widgets to easily integrate the SAML SSO link with your Wordpress site. +* **Attribute Mapping** - The NameID value sent by your SAML compliant Identity Provider will be mapped to the Username and Email of your WordPress users. +* **Role Mapping** - Select default role to assign to SAML SSO users on auto registration during WordPress Single Sign On. + += Standard Version Features = +* **Unlimited Authentications** - Unlimited authentication with your SAML 2.0 compliant Identity Providers like ADFS, Azure AD, Azure B2C, Keycloak, Okta, Salesforce, GSuite / Google Apps, O365, Shibboleth, SimpleSAMLphp, OpenAM, Centrify, Ping, RSA, IBM, Oracle, OneLogin, Bitium, WSO2, NetIQ or any SAML compliant Identity Provider with our WordPress Single Sign On(SAML SSO) plugin. +* **Advanced Attribute Mapping** - WordPress SAML SP Single Sign On SSO provides the feature to map your SAML IDP attributes to your WordPress site attributes like Username, Email, First Name, Last Name, Group/Role, Display Name. +* **Login Widgets and Short Code** - Use Widgets to easily integrate the SAML SSO link with your Wordpress site. Use Short Code (PHP or HTML) generated by SAML SP Single Sign On to place the SAML login link wherever you want on the site. +* **Step-by-step Guides** - Use step-by-step guide provided in our WordPress Single Sign On(SAML SSO) plugin to configure your SAML compliant Identity Provider like ADFS, Centrify, GSuite / Google Apps, O365, Okta, OneLogin, Salesforce, SimpleSAMLphp, Shibboleth, WSO2, JBoss Keycloak, Oracle. +* **Auto-redirect to IDP** - Users will be redirected to SAML compliant IdP for SSO when trying to access the WordPress login page. +* **Protect Site** - Users trying to access Wordpress will be redirected to the SAML compliant Identity Provider for SSO. +* **Customize SP Configuration** - Change SAML Service Provider endpoints such as SP base URL and SP Entity ID with our WordPress Single Sign On SSO plugin. +* **Select Binding Type** - Select HTTP-Post or HTTP-Redirect binding type to use for sending SAML Requests with our WordPress Single Sign On(SAML SSO) plugin. +* **Integrated Windows Authentication** - Support for Integrated Windows Authentication (IWA) in SAML SP Single Sign On Standard plugin. += Premium Version Features = +* Includes all the SAML STANDARD version features. +* **SAML Single Logout** - Support for SAML Single Logout (Works only if your SAML IDP supports SLO). +* **Auto-redirect to IDP** - Users will be redirected to SAML compliant IdP for SSO when trying to access the WordPress login page. +* **Protect Site** - Users trying to access Wordpress will be redirected to the SAML compliant Identity Provider for SSO using our WordPress Single Sign On(SAML SSO) plugin. +* **Advanced Role Mapping** - WordPress SAML SP Single Sign On SSO provides the feature to assign WordPress roles to your users based on the group/role sent by your SAML compliant IDP. +* **Reverse-proxy Support** - Support for sites behind a reverse-proxy in WordPress SAML SP Single Sign On Premium plugin. +* **Multiple Certificates** - WordPress Single Sign On(SAML SSO) plugin allows you to store Multiple SAML IdP Certificates. +* **Custom Certificate** - Add your own custom X.509 Certificate for sending signed SAML Request and verification of encrypted SAML Response using our WordPress Single Sign On SSO plugin. +* **WordPress Multi-site Support** - Multi-Site environment is one which allows multiple subdomains / subdirectories to share a single installation. With multisite WordPress SAML premium plugin, you can configure the SAML compliant IDP in minutes for all your sites in a network. While, if you have basic SAML premium plugin, you have to do plugin configuration on each site individually as well as multiple SAML service provider configurations in the SAML compliant IDP. + + For Example - If you have 1 main site with 3 subsites. Then, you have to configure the plugin 3 times on each site as well as 3 SAML service provider configurations in your IDP. Instead, with multisite SAML premium plugin. You have to configure the plugin only once on main network site as well as only 1 SAML service provider configuration in the SAML compliant IDP. + += Enterprise Version Features = +* Includes all the SAML STANDARD version features. +* **SAML Single Logout** - Support for SAML Single Logout (Works only if your SAML IDP supports SLO). +* **Auto-redirect to IDP** - Users will be redirected to SAML compliant IdP for SSO when trying to access the WordPress login page using our WordPress Single Sign On(SAML SSO) plugin. +* **Protect Site** - Users trying to access Wordpress will be redirected to the SAML compliant Identity Provider for SSO. +* **Advanced Role Mapping** - WordPress SAML SP Single Sign On SSO provides the feature to assign WordPress roles to your users based on the group/role sent by your SAML compliant IDP. +* **Reverse-proxy Support** - Support for sites behind a reverse-proxy in WordPress SAML SP Single Sign On Premium plugin. +* **Multiple Certificates** - WordPress Single Sign On(SAML SSO) plugin allows you to store Multiple SAML IdP Certificates. +* **Custom Certificate** - Add your own custom X.509 Certificate for sending signed SAML Request and verification of encrypted SAML Response using our WordPress Single Sign On SSO plugin. +* **WordPress Multi-site Support** - Multi-Site environment is one which allows multiple subdomains / subdirectories to share a single installation. With multisite SAML premium plugin, you can configure the SAML compliant IDP in minutes for all your sites in a network. While, if you have basic SAML premium plugin, you have to do plugin configuration on each site individually as well as multiple SAML service provider configurations in the SAML compliant IDP. +* **Multiple SAML IDPs Support** - We now support configuration of Multiple SAML compliant IDPs in our WordPress Single Sign On SSO plugin to authenticate the different group of users with different SAML IDPs. You can give access to users by users to IDP mapping (which SAML compliant IDP to use to authenticate a user) is done based on the domain name in the user's email. (This is a **PREMIUM** feature with separate licensing. Contact us at info@xecurify.com to get licensing plans for this feature.) + + += All-Inclusive Version Features = +* Includes all the SAML ENTERPRISE version features +* Recommended for most use cases such as login using Azure AD, Azure AD B2C, ADFS, Keycloak, Okta, Salesforce, GSuite / Google Apps, O365, Shibboleth, SimpleSAMLphp, OpenAM, Centrify, Ping, RSA, IBM, Oracle, OneLogin, Bitium, WSO2, NetIQ etc. +* **Anonymous Login** - WordPress Single Sign On plugin allow your users to login to the WordPress site without creating a WordPress user account for them.(Guest User Login). +* **Salesforce Community SSO** - WordPress Single Sign On plugin allows your users from multiple Salesforce communities to login to the WordPress site by authenticating with their Salesforce credentials. +* **Azure AD Multi-tenant SSO** - WordPress Single Sign On plugin allows your users to seamlessly login into the WordPress site with multiple Azure AD tenants. +* All SAML add-ons included. + +If you are looking for a SAML compliant Identity Provider, you can try out miniOrange On-Premise IdP. + += WORDPRESS SINGLE SIGN-ON (SSO) SUPPORTED ADD-ONS = +We have a variety of add-ons that can be integrated with the WordPress SAML SP Single Sign On SSO plugin to improve the SAML SSO functionality of your WordPress site. + +* **Page Restriction** - This add-on is basically used to protect the pages/posts of your site with SAML compliant IDP login page and also, restrict the access to pages/posts of the site based on the user roles. +* **BuddyPress Integration** - This add-on maps the attributes fetched from the SAML compliant IdP with BuddyPress attributes. +* **LearnDash Integration** - This add-on will map the SAML SSO user to LearnDash groups as per the attributes sent by your SAML compliant Identity Provider. +* **SSO Login Audit** - SSO Login Audit captures all the SAML SSO users and will generate the reports. +* **Attribute Based Redirection** - ABR add-on helps you to redirect your users to different pages after they authenticate via SAML SSO into your site, based on the attributes sent by your SAML compliant Identity Provider. + += Real Time User Provisioning using SCIM = +Provides real time user-provisioning from your IDP to your WordPress using SCIM standard. You can refer our WordPress User Provisioning using SCIM plugin. + +Contact us at info@xecurify.com to get SAML add-ons. + += Website - = +Check out our website for other plugins http://miniorange.com/plugins or click here to see all our listed WordPress plugins. +For more support or info email us at info@xecurify.com or Contact us. You can also submit your query from plugin's configuration page. + +== Installation == + += From your WordPress dashboard = +1. Visit `Plugins > Add New`. +2. Search for `SAML SP Single Sign On`. Find and Install `SAML SP Single Sign On – SSO login`. +3. Activate the plugin from your Plugins page. + += From WordPress.org = +1. Download SAML SP Single Sign On – SSO login plugin. +2. Unzip and upload the `miniorange-saml-20-single-sign-on` directory to your `/wp-content/plugins/` directory. +3. Activate miniOrange SSO using SAML 2.0 from your Plugins page. + +== Frequently Asked Questions == + += I am not able to configure the Identity Provider with the provided settings = +Please email us at info@xecurify.com or Contact us. You can also submit your app request from plugin's configuration page. + += For any query/problem/request = +Visit Help & FAQ section in the plugin OR email us at info@xecurify.com or Contact us. You can also submit your query from plugin's configuration page. + +== Screenshots == + +1. Connect your WordPress site with any SAML-compliant Identity Provider. +2. Configure your Wordpress as SAML Service Provider. +3. Gather Metadata for your SAML Identity Provider. +4. Configure Attribute/Role Mapping for Users in Wordpress. +5. Add widget to enable SAML Single Sign-on. +6. Plugin-tour which guides you through entire plugin setup. +7. Addons which extend plugin functionality. + +== Changelog == + += 4.9.05 = +* UI changes and fixes +* WordPress 5.7 Compatibility + += 4.9.04 = +* Licensing Update + += 4.9.03 = +* Added video plugin guides + += 4.9.02 = +* Welcome page fixes + += 4.9.01 = +* Added support of Localization +* WordPress 5.6 Loop back issue fix +* PHP 8 Compatibility +* Fixed SAML Login URL query parameters bug +* Removed end of year sale + += 4.9.00 = +* Rolled out end of year sale + += 4.8.99 = +* Added new Add-on description + += 4.8.98 = +* SP Metadata Update + += 4.8.97 = +* Call setup fixes +* Added contact phone number + += 4.8.96 = +* Added new IDP guides: Azure B2C and Gluu server +* Updated XMLSecLibs + += 4.8.95 = +* Added Setup call feature + += 4.8.94 = +* Revamped add-ons tab + += 4.8.93 = +* Updated description for add-ons + += 4.8.92 = +* Security patches + += 4.8.91 = +* Added a new licensing plan + += 4.8.90 = +* Plugin tour fixes + += 4.8.89 = +* Adding more guides in SAML plugin + += 4.8.88 = +* Bug fixes + += 4.8.87 = +* Bug fixes in SAML SSO widget +* Compatibility with WordPress 5.4 + += 4.8.86 = +* Compatibility fixes with PHP5 + += 4.8.85 = +* Visual Tour fixes +* Fixed Telephone number input + += 4.8.84 = +* Security patches + += 4.8.83 = +* Nomenclature changes +* Compatibility with PHP 7.4 + += 4.8.82 = +* Added new SAML-compliant IdP guides +* Bug fixes + += 4.8.81 = +* Updated SAML-compliant IdP guides + += 4.8.80 = +* Bug fixes + += 4.8.79 = +* Added Plugin-wide tour + += 4.8.78 = +* Request a demo feature. + += 4.8.77 = +* Bug Fixes + += 4.8.76 = +* Security Patches + += 4.8.75 = +* Visual-tour fixes + += 4.8.74 = +* Feedback form bug fix + += 4.8.73 = +* Security patches. + += 4.8.72 = +* Security patch. + += 4.8.71 = +* Security fixes. + += 4.8.70 = +* Bug fixes +* Option to send plugin configuration with request + += 4.8.69 = +* Tested upto Wordpress 5.1.0 +* Replaced CURL calls with HTTP API calls. + += 4.8.68 = +* Tested upto Wordpress 5.0.2. +* Updated to Latest XMLSeclibs library. +* Compatibility with PHP 7.3. + += 4.8.67 = +* Description changes. + += 4.8.66 = +* Tested upto Wordpress 5.0.0. +* Added option to disable character encoding. + += 4.8.65 = +* Bug Fixes + += 4.8.64 = +* Compatibility with PHP version 5.3+ upto latest version of PHP +* Activation Issue Fixes + += 4.8.63 = +* Code enhancements. + += 4.8.62 = +* Fixed issues on plugin activation. + += 4.8.61 = +* Bug fixes. + += 4.8.60 = +* Updated to latest XMLSeclibs SAML library (version 3.0.1). +* Added the visual tour to get familiar with plugin features and support. +* Revamped the plugin UI. +* Added the Add-On and their description. +* Export plugin configurations. +* SAML-compliant IdP guides. + += 4.8.52 = +* Tested upto Wordpress 4.9.8 + += 4.8.51 = +* Added support for guest login +* Added SAML-compliant IDP guide links + + += 4.8.50 = +* Added feedback form. + += 4.8.44 = +* Tested upto WordPress 4.9.6 + += 4.8.43 = +* Compatibility issue with PHP 7.2(Removed deprecated asserts ) + += 4.8.42 = +* Input validation fixes. + += 4.8.41 = +* Support for PHP version 5.3 and above. + += 4.8.40 = +* Added feature for Exporting plugin configuration. +* Added View SAML Request and Response + += 4.8.35 = +* Fixed the Entity ID/Issuer issues for AzureAD Idp. + += 4.8.34 = +* Introducing miniOrange on-premise IDP + += 4.8.33 = +* Compatibilty with Wordpress 4.9 + += 4.8.32 = +* Introducing Standard version of SAML Plugin for small sized customers. +* Fixed Registration issue. + += 4.8.31 = +* Introducing Standard version of SAML Plugin for small sized customers. Check Licensing Plans for more details. + += 4.8.30 = +* Fix the CSS and JS inclusion only in the plugin pages, removed it from frontend and backend of WordPress. + += 4.8.28 = +* Bug fix for PHP 5.4.x version. + += 4.8.27 = +* Support for Multiple Certificate via Metadata + += 4.8.26 = +* SAML Configuration by Uploading metadata. +* Descriptive Error Messages. +* Use miniorange as IdP feature. +* More verbose instructions. +* Compatibility with WordPress 4.8 + += 4.8.25 = +Updating Licensing Plans + += 4.8.24 = +Updating Plugin Title : SAML SP Single Sign On + += 3.8.14 = +Pattern change on OTP Verification page + += 3.8.12 = +Major security fixes. It is recommended to update to this version. + += 3.8.7 = +Fixes for WordPress 4.5 + += 3.8.6 = +Added features: Support for WordPress Multi-site (Network setup), support for Multiple SAML-compliant IDPs and some fixes for WordPress 4.5 + += 3.8.4 = +Introducing Free Trial for the premium version. + += 3.8.2 = +Security fix for preventing non-admin users from changing the settings. + += 3.8 = +Security fix for SAML-compliant IDPs that signs only Assertion and not the complete SAML Response XML. + += 3.7 = +Support for Integrated Windows Authentication - contact info@xecurify.com if interested + += 3.5 = +Decrypt assertion bug fix + += 3.4 = +Added some requested features and some bug fixes. + += 3.3 = +Added support for Google Apps as an Identity Provider. + += 3.2 = +Some bug fixes in role mapping. + += 3.1 = +Some bug fixes in auto registration. + += 3.0 = +Added option to use miniOrange Single Sign On Service +Made it simple to setup SAML authentication with your IdP. + += 2.3 = +Fixed forgot password bug for some users. + += 2.2 = +Added guides for configuring common Identity Providers like ADFS, SimpleSAMLphp, Salesforce, Okta and some bug fixes. + += 2.1 = +Removed unwanted JS files. + += 2.0 = +Added new feature like role mapping and auto redirect user to your SAML-compliant IdP. + += 1.7.0 = +Resolved UI issues for some users + += 1.6.0 = +Added help and troubleshooting guide. + += 1.5.0 = +Added error messaging. + += 1.4.0 = +Added fixes. + += 1.3.0 = +Added validations and fixes. +UI Improvements. + += 1.2.0 = +* this is the third release. + += 1.1.0 = +* this is the second release. + += 1.0.0 = +* this is the first release. + +== Upgrade Notice == + += 4.9.05 = +* UI changes and fixes +* WordPress 5.7 Compatibility + += 4.9.04 = +* Licensing Update + += 4.9.03 = +* Added video plugin guides + += 4.9.02 = +* Welcome page fixes + += 4.9.01 = +* Added support of Localization +* WordPress 5.6 Loop back issue fix +* PHP 8 Compatibility +* Fixed SAML Login URL query parameters bug +* Removed end of year sale + += 4.9.00 = +* Rolled out end of year sale + += 4.8.99 = +* Added new Add-on description + += 4.8.98 = +* SP Metadata Update + += 4.8.97 = +* Call setup fixes +* Added contact phone number + += 4.8.96 = +* Added new IDP guides: Azure B2C and Gluu server +* Updated XMLSecLibs + += 4.8.95 = +* Added Setup call feature + += 4.8.94 = +* Revamped add-ons tab + += 4.8.93 = +* Updated description for add-ons + += 4.8.92 = +* Security patches + += 4.8.91 = +* Added a new licensing plan + += 4.8.90 = +* Plugin tour fixes + += 4.8.89 = +* Adding more guides in SAML plugin + += 4.8.88 = +* Bug fixes + += 4.8.87 = +* Bug fixes in SAML SSO widget +* Compatibility with WordPress 5.4 + += 4.8.86 = +* Compatibility fixes with PHP5 + += 4.8.85 = +* Visual Tour fixes +* Fixed Telephone number input + += 4.8.84 = +* Security patches + += 4.8.83 = +* Nomenclature changes +* Compatibility with PHP 7.4 + += 4.8.82 = +* Added new SAML-compliant IdP guides +* Bug fixes + += 4.8.81 = +* Updated SAML-compliant IdP guides + += 4.8.80 = +* Bug fixes + += 4.8.79 = +* Added Plugin-wide tour + += 4.8.78 = +* Request a demo feature. + += 4.8.77 = +* Bug Fixes + += 4.8.76 = +* Security Patches + += 4.8.75 = +* Visual-tour fixes + += 4.8.74 = +* Feedback form bug fix + += 4.8.73 = +* Security patches. + += 4.8.72 = +* Security patch. + += 4.8.71 = +* Security fixes. + += 4.8.70 = +* Bug fixes +* Option to send plugin configuration with request + += 4.8.69 = +* Tested upto Wordpress 5.1.0 +* Replaced CURL calls with HTTP API calls. + += 4.8.68 = +* Tested upto Wordpress 5.0.2. +* Updated to Latest XMLSeclibs library. +* Compatibility with PHP 7.3. + += 4.8.67 = +* Description changes. + += 4.8.66 = +* Tested upto Wordpress 5.0.0. +* Added option to disable character encoding. + += 4.8.65 = +* Bug Fixes + += 4.8.64 = +* Compatibility with PHP version 5.3+ upto latest version of PHP +* Activation Issue Fixes + += 4.8.63 = +* Code enhancements. + += 4.8.62 = +* Fixed issues on SAML SP SSO plugin activation. + += 4.8.61 = +* Bug fixes. + += 4.8.60 = +* Updated to latest XMLSeclibs SAML library (version 3.0.1). +* Added the visual tour to get familiar with plugin features and support. +* Revamped the plugin UI. +* Added the Add-On and their description. +* Export plugin configurations. +* IdP guides. + += 4.8.52 = +* Tested upto Wordpress 4.9.8 + += 4.8.51 = +* Added support for guest login +* Added IDP guide links + += 4.8.50 = +* Added feedback form. + += 4.8.44 = +* Tested upto WordPress 4.9.6 + += 4.8.43 = +* Compatibility issue with PHP 7.2(Removed deprecated asserts ) + += 4.8.42 = +* Input validation fixes. + += 4.8.41 = +* Support for PHP version 5.3 and above. + += 4.8.40 = +* Added feature for Exporting plugin configuration. +* Added View SAML Request and Response + += 4.8.35 = +* Fixed the Entity ID/Issuer issues for AzureAD Idp. + += 4.8.34 = +* Introducing miniOrange on-premise IDP + += 4.8.33 = +* Compatibilty with Wordpress 4.9 + += 4.8.32 = +* Introducing Standard version of SAML Plugin for small sized customers. +* Fixed Registration issue. + += 4.8.31 = +* Introducing Standard version of SAML Plugin for small sized customers.Check Licensing Plans for more details. + += 4.8.30 = +* Fix the CSS and JS inclusion only in the plugin pages, removed it from frontend and backend of wordpress. + += 4.8.28 = +* Bug fix for PHP 5.4.x version. + += 4.8.27 = +* Support for Multiple Certificate via Metadata + += 4.8.26 = +* SAML Configuration by Uploading metadata. +* Descriptive Error Messages. +* Use miniorange as IdP feature. +* More verbose instructions. +* Compatibility with WordPress 4.8 + += 4.8.25 = +Updating Licensing Plans + + += 4.8.24 = +Updating Plugin Title + += 3.8.14 = +Pattern change on OTP Verification page + += 3.8.12 = +Major security fixes. It is recommended to update to this version. + += 3.8.7 = +Fixes for WordPress 4.5 + += 3.8.6 = +Added features: Support for WordPress Multi-site (Network setup), support for Multiple IDPs and some fixes for WordPress 4.5 + += 3.8.4 = +Introducing Free Trial for the premium version. + += 3.8.2 = +Security fix for preventing non-admin users from changing the settings. + += 3.8 = +Security fix for IDPs that signs only Assertion and not the complete SAML Response XML. + += 3.7 = +Support for Integrated Windows Authentication - contact info@xecurify.com if interested + += 3.5 = +Decrypt assertion bug fix + += 3.4 = +Added some requested features and some bug fixes. + += 3.0 = +Major Update. We have taken ut-most care to make sure that your existing login flow doesn't break. If you have issues after this update then please contact us. We will get back to you very soon. + += 2.1 = +Removed unwanted JS files. + += 2.0 = +Added new feature like role mapping and auto redirect user to your IdP. + += 1.7 = +Resolved UI issues for some users + += 1.6 = +Added help and troubleshooting guide. + += 1.5 = +Added error messaging. + += 1.4 = +Added fixes. + += 1.3 = +Added validations and fixes. +UI Improvements. + += 1.2 = +Some UI improvements. + += 1.1 = +Added Attribute mapping / Role mapping and test application. + += 1.0 = +I will update this plugin when ever it is required. diff --git a/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/resources/azure-b2c-policies/PasswordReset.xml b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/resources/azure-b2c-policies/PasswordReset.xml new file mode 100644 index 0000000..45bf8e4 --- /dev/null +++ b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/resources/azure-b2c-policies/PasswordReset.xml @@ -0,0 +1,31 @@ + + + + + b2c-tenant-name.onmicrosoft.com + B2C_1A_TrustFrameworkExtensions + + + + + + PolicyProfile + + + + + + + + + + + + diff --git a/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/resources/azure-b2c-policies/ProfileEdit.xml b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/resources/azure-b2c-policies/ProfileEdit.xml new file mode 100644 index 0000000..5898d80 --- /dev/null +++ b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/resources/azure-b2c-policies/ProfileEdit.xml @@ -0,0 +1,30 @@ + + + + + b2c-tenant-name.onmicrosoft.com + B2C_1A_TrustFrameworkExtensions + + + + + + PolicyProfile + + + + + + + + + + + diff --git a/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/resources/azure-b2c-policies/SignUpOrSignin.xml b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/resources/azure-b2c-policies/SignUpOrSignin.xml new file mode 100644 index 0000000..2d31c24 --- /dev/null +++ b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/resources/azure-b2c-policies/SignUpOrSignin.xml @@ -0,0 +1,36 @@ + + + + + b2c-tenant-name.onmicrosoft.com + B2C_1A_TrustFrameworkExtensions + + + + + + PolicyProfile + + + + + + + + + + + + + + + + + diff --git a/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/resources/azure-b2c-policies/SignUpOrSigninSAML.xml b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/resources/azure-b2c-policies/SignUpOrSigninSAML.xml new file mode 100644 index 0000000..406bd6a --- /dev/null +++ b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/resources/azure-b2c-policies/SignUpOrSigninSAML.xml @@ -0,0 +1,44 @@ + + + + + b2c-tenant-name.onmicrosoft.com + B2C_1A_TrustFrameworkExtensions + + + + + + + + + + + + + + PolicyProfile + + + + + + + + + + + + + + + + + diff --git a/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/resources/azure-b2c-policies/TrustFrameworkBase.xml b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/resources/azure-b2c-policies/TrustFrameworkBase.xml new file mode 100644 index 0000000..f521b53 --- /dev/null +++ b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/resources/azure-b2c-policies/TrustFrameworkBase.xml @@ -0,0 +1,1195 @@ + + + + + + + + + + + + + + Username + string + + TextBox + + + + + + + User's Object's Tenant ID + string + + + + + + Tenant identifier (ID) of the user object in Azure AD. + + + + User's Object ID + string + + + + + + Object identifier (ID) of the user object in Azure AD. + + + + + Sign in name + string + + TextBox + + + + Email Address + string + Email address to use for signing in. + TextBox + + + + Account Enabled + boolean + Specifies whether the user's account is enabled. + Specifies whether your account is enabled. + + + + Password + string + Enter password + Password + + + + + New Password + string + Enter new password + Password + + + + + + + + Confirm New Password + string + Confirm new password + Password + + + + + + + Password Policies + string + Password policies used by Azure AD to determine password strength, expiry etc. + + + + client_id + string + Special parameter passed to EvoSTS. + Special parameter passed to EvoSTS. + + + + resource_id + string + Special parameter passed to EvoSTS. + Special parameter passed to EvoSTS. + + + + Subject + string + + + + + + + + AlternativeSecurityId + string + + + + + MailNickName + string + Your mail nick name as stored in the Azure Active Directory. + + + + Identity Provider + string + + + + + + + + + + Display Name + string + + + + + + Your display name. + TextBox + + + + Email Address + string + + + + + Email address that can be used to contact you. + TextBox + + + + + + + Alternate Email Addresses + stringCollection + Email addresses that can be used to contact the user. + + + + UserPrincipalName + string + + + + + + Your user name as stored in the Azure Active Directory. + + + + UPN User Name + string + The user name for creating user principal name. + + + + User is new + boolean + + + + + Executed-SelfAsserted-Input + string + A claim that specifies whether attributes were collected from the user. + + + + AuthenticationSource + string + Specifies whether the user was authenticated at Social IDP or local account. + + + + + + nca + string + Special parameter passed for local account authentication to login.microsoftonline.com. + + + + grant_type + string + Special parameter passed for local account authentication to login.microsoftonline.com. + + + + scope + string + Special parameter passed for local account authentication to login.microsoftonline.com. + + + + objectIdFromSession + boolean + Parameter provided by the default session management provider to indicate that the object id has been retrieved from an SSO session. + + + + isActiveMFASession + boolean + Parameter provided by the MFA session management to indicate that the user has an active MFA session. + + + + + + Given Name + string + + + + + + Your given name (also known as first name). + TextBox + + + + Surname + string + + + + + + Your surname (also known as family name or last name). + TextBox + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + LineMarkers, MetaRefresh + + + + + + + + ~/tenant/templates/AzureBlue/exception.cshtml + ~/common/default_page_error.html + urn:com:microsoft:aad:b2c:elements:globalexception:1.1.0 + + Error page + + + + + ~/tenant/templates/AzureBlue/idpSelector.cshtml + ~/common/default_page_error.html + urn:com:microsoft:aad:b2c:elements:idpselection:1.0.0 + + Idp selection page + Sign in + + + + + ~/tenant/templates/AzureBlue/idpSelector.cshtml + ~/common/default_page_error.html + urn:com:microsoft:aad:b2c:elements:idpselection:1.0.0 + + Idp selection page + Sign up + + + + + ~/tenant/templates/AzureBlue/unified.cshtml + ~/common/default_page_error.html + urn:com:microsoft:aad:b2c:elements:unifiedssp:1.0.0 + + Signin and Signup + + + + + ~/tenant/templates/AzureBlue/selfAsserted.cshtml + ~/common/default_page_error.html + urn:com:microsoft:aad:b2c:elements:selfasserted:1.1.0 + + Collect information from user page + + + + + ~/tenant/templates/AzureBlue/selfAsserted.cshtml + ~/common/default_page_error.html + urn:com:microsoft:aad:b2c:elements:selfasserted:1.1.0 + + Collect information from user page + + + + + ~/tenant/templates/AzureBlue/selfAsserted.cshtml + ~/common/default_page_error.html + urn:com:microsoft:aad:b2c:elements:selfasserted:1.1.0 + + Local account sign up page + + + + + ~/tenant/templates/AzureBlue/selfAsserted.cshtml + ~/common/default_page_error.html + urn:com:microsoft:aad:b2c:elements:selfasserted:1.1.0 + + Local account change password page + + + + + + + + + + + + facebook.com + Facebook + + + + AzureAD B2C + + + facebook + https://www.facebook.com/dialog/oauth + https://graph.facebook.com/oauth/access_token + GET + 0 + + + json + + + + + + + + + + + + + + + + + + + + + + + Local Account SignIn + + + Local Account SignIn + + + We can't seem to find your account + Your password is incorrect + Looks like you used an old password + + https://sts.windows.net/ + https://login.microsoftonline.com/{tenant}/.well-known/openid-configuration + https://login.microsoftonline.com/{tenant}/oauth2/token + id_token + query + email openid + + + false + POST + + + + + + + + + + + + + + + + + + + + + + + Azure Active Directory + + + + Azure Active Directory + + + + + + + + false + + + + + + + + Write + true + You are already registered, please press the back button and sign in instead. + + false + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Read + true + User does not exist. Please sign up before you can sign in. + + + + + + + + + + + + + + + + + + + + + + false + + + + + + + + + Write + true + + false + + + + + + + + + + + + + + + + + + + + + + + + + + + + Read + true + An account could not be found for the provided user ID. + + false + + + + + + + + + + + + + + + + + + + + + + + + Write + true + + false + + + + + + + + + + + + + + + + Write + false + true + + false + + + + + + + + + + + + + + + + + + Read + true + + false + + + + + + + + + + + + + + + + + + + + + Self Asserted + + + + User ID signup + + + api.selfasserted + + + + + + + + + + + + + + + + + + + + + + + + + + + + + User ID signup + + + api.selfasserted.profileupdate + + false + + + + + + + + + + + + + + + + + + + + + + + + + + + Local Account + + + + Email signup + + + IpAddress + api.localaccountsignup + Create + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Local Account Signin + + + SignUpWithLogonEmailExchange + Email + api.selfasserted + + false + + + + + + + + + + + + + + + + + + Reset password using email address + + + IpAddress + api.localaccountpasswordreset + Your account has been locked. Contact your support person to unlock it, then try again. + + + + + false + + + + + + + + + + + + + + Change password (username) + + + api.localaccountpasswordreset + + + + + + + + + + + + + + + + + + + + + + Session Management + + + Noop Session Management Provider + + + + + Session Mananagement Provider + + + + + + + + + + + + + + + + + + + + + Session Mananagement Provider + + + true + + + + + + + + + + + Trustframework Policy Engine TechnicalProfiles + + + Trustframework Policy Engine Default Technical Profile + + + {service:te} + + + + + + + Token Issuer + + + JWT Issuer + + JWT + + {service:te} + objectId + true + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + objectId + SkipThisOrchestrationStep + + + + + + + + + + + + authenticationSource + localAccountAuthentication + SkipThisOrchestrationStep + + + + + + + + + + + + objectId + SkipThisOrchestrationStep + + + + + + + + + + + + authenticationSource + socialIdpAuthentication + SkipThisOrchestrationStep + + + + + + + + + + + objectId + SkipThisOrchestrationStep + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + authenticationSource + localAccountAuthentication + SkipThisOrchestrationStep + + + + + + + + + + authenticationSource + socialIdpAuthentication + SkipThisOrchestrationStep + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/resources/azure-b2c-policies/TrustFrameworkExtensions.xml b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/resources/azure-b2c-policies/TrustFrameworkExtensions.xml new file mode 100644 index 0000000..da6a42c --- /dev/null +++ b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/resources/azure-b2c-policies/TrustFrameworkExtensions.xml @@ -0,0 +1,89 @@ + + + + + b2c-tenant-name.onmicrosoft.com + B2C_1A_TrustFrameworkBase + + + + + + + + + Token Issuer + + + + + Token Issuer + + SAML2 + + + https://b2c-tenant-name.b2clogin.com/b2c-tenant-name.onmicrosoft.com/B2C_1A_signup_signin_SAML + + + + + + + + + + + + + + Session Management Provider + + + + + + + + Facebook + + + + 570025740555166 + email public_profile + https://graph.facebook.com/me?fields=id,first_name,last_name,name,email + + + + + + + + Local Account SignIn + + + + ProxyIdentityExperienceFramework-app-id + IdentityExperienceFramework-app-id + + + + + + + + + + + + + + diff --git a/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/resources/lang/miniorange-saml-20-single-sign-on.pot b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/resources/lang/miniorange-saml-20-single-sign-on.pot new file mode 100644 index 0000000..873d2ca --- /dev/null +++ b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/resources/lang/miniorange-saml-20-single-sign-on.pot @@ -0,0 +1,2173 @@ +msgid "" +msgstr "" +"Project-Id-Version: \n" +"POT-Creation-Date: 2021-01-06 16:08+0530\n" +"PO-Revision-Date: 2021-01-06 16:09+0530\n" +"Last-Translator: \n" +"Language-Team: \n" +"Language: en\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: Poedit 2.2\n" +"X-Poedit-Basepath: .\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" +"X-Poedit-KeywordsList: __;_e;esc_html__;esc_html_e\n" +"X-Poedit-SearchPath-0: .\n" + +#: Import-export.php:19 +msgid "Keep configuration Intact" +msgstr "" + +#: Import-export.php:30 +msgid "" +"Enabling this would keep your settings intact when plugin is uninstalled" +msgstr "" + +#: Import-export.php:31 +msgid "Please enable this option when you are updating to a Premium version." +msgstr "" + +#: Utilities.php:400 Utilities.php:422 mo_login_saml_sso_widget.php:230 +msgid "ERROR" +msgstr "" + +#: Utilities.php:401 Utilities.php:423 mo_login_saml_sso_widget.php:231 +#: mo_login_saml_sso_widget.php:288 +msgid "Error" +msgstr "" + +#: Utilities.php:403 Utilities.php:425 mo_login_saml_sso_widget.php:233 +#: mo_login_saml_sso_widget.php:290 +msgid "Possible Cause" +msgstr "" + +#: Utilities.php:404 +msgid "Expected one of the Audiences to be" +msgstr "" + +#: Utilities.php:411 Utilities.php:443 +msgid "We could not sign you in. Please contact your administrator" +msgstr "" + +#: Utilities.php:431 +msgid "Fix Issue" +msgstr "" + +#: Utilities.php:510 +msgid "Could not locate key algorithm in encrypted data." +msgstr "" + +#: Utilities.php:516 +msgid "Could not locate for the encrypted key." +msgstr "" + +#: Utilities.php:806 Utilities.php:817 +msgid "Unable to connect to the Internet. Please try again." +msgstr "" + +#: feedback_form.php:22 +msgid "Your feedback" +msgstr "" + +#: feedback_form.php:31 +msgid "Please help us to improve our plugin by giving your opinion." +msgstr "" + +#: feedback_form.php:56 feedback_form.php:140 feedback_form.php:150 +msgid "Thank you for appreciating our work" +msgstr "" + +#: feedback_form.php:69 +msgid "Please enter your email address" +msgstr "" + +#: feedback_form.php:78 +msgid "Tell us what happened!" +msgstr "" + +#: feedback_form.php:80 +msgid "" +"miniOrange representative will reach out to you at the email-address entered " +"above." +msgstr "" + +#: feedback_form.php:86 +msgid "Send" +msgstr "" + +#: feedback_form.php:89 +msgid "Skip" +msgstr "" + +#: feedback_form.php:142 +msgid "Not happy with our plugin? Let us know what went wrong" +msgstr "" + +#: feedback_form.php:144 +msgid "Found any issues? Let us know and we'll fix it ASAP" +msgstr "" + +#: feedback_form.php:146 +msgid "Let us know if you need any help" +msgstr "" + +#: feedback_form.php:148 +msgid "We're glad that you are happy with our plugin" +msgstr "" + +#: login.php:182 mo_saml_settings_page.php:1717 +msgid "Close" +msgstr "" + +#: login.php:183 +msgid "Next" +msgstr "" + +#: login.php:339 +msgid "List of attributes cleared" +msgstr "" + +#: login.php:396 login.php:748 +msgid "All the fields are required. Please enter valid entries." +msgstr "" + +#: login.php:401 login.php:1071 +msgid "" +"Please match the requested format for Identity Provider Name. Only " +"alphabets, numbers and underscore is allowed." +msgstr "" + +#: login.php:430 +msgid "Invalid certificate: Please provide a valid certificate." +msgstr "" + +#: login.php:439 +msgid "Invalid Certificate: Please provide a certificate" +msgstr "" + +#: login.php:481 login.php:1113 +msgid "Identity Provider details saved successfully." +msgstr "" + +#: login.php:504 +msgid "Settings updated successfully." +msgstr "" + +#: login.php:511 +msgid "" +"ERROR: PHP cURL extension is not installed or disabled. Save " +"Attribute Mapping failed." +msgstr "" + +#: login.php:518 +msgid "Attribute Mapping details saved successfully" +msgstr "" + +#: login.php:526 +msgid "" +"ERROR: PHP cURL extension is not installed or disabled. Save Role " +"Mapping failed." +msgstr "" + +#: login.php:535 +msgid "Role Mapping details saved successfully." +msgstr "" + +#: login.php:593 +msgid "" +"Something went wrong. Please reach out to us using the Support/Contact Us " +"form to get help with the demo." +msgstr "" + +#: login.php:594 login.php:602 +msgid "Error :" +msgstr "" + +#: login.php:594 +msgid "Something went wrong while setting up demo." +msgstr "" + +#: login.php:599 +msgid "Success :" +msgstr "" + +#: login.php:605 +msgid "Please setup manual demo." +msgstr "" + +#: login.php:646 +msgid "" +"Thanks! We have received your request and will shortly get in touch with you." +msgstr "" + +#: login.php:665 +msgid "" +"ERROR: PHP cURL extension is not installed or disabled. Registration " +"failed." +msgstr "" + +#: login.php:678 +msgid "Please enter the required fields." +msgstr "" + +#: login.php:683 login.php:820 login.php:843 +msgid "Please enter a valid email address." +msgstr "" + +#: login.php:688 login.php:753 +msgid "" +"Minimum 6 characters should be present. Maximum 15 characters should be " +"present. Only following symbols (!@#.$%^&*-_) should be present." +msgstr "" + +#: login.php:724 +msgid "Passwords do not match." +msgstr "" + +#: login.php:738 +msgid "" +"ERROR: PHP cURL extension is not installed or disabled. Login failed." +msgstr "" + +#: login.php:776 +msgid "Customer retrieved successfully" +msgstr "" + +#: login.php:785 +msgid "Invalid username or password. Please try again." +msgstr "" + +#: login.php:794 +msgid "" +"ERROR: PHP cURL extension is not installed or disabled. Query submit " +"failed." +msgstr "" + +#: login.php:817 +msgid "Please fill up Email and Query fields to submit your query." +msgstr "" + +#: login.php:826 login.php:859 +msgid "Your query could not be submitted. Please try again." +msgstr "" + +#: login.php:829 +msgid "Thanks for getting in touch! We shall get back to you shortly." +msgstr "" + +#: login.php:836 +msgid "Please fill up Email fields to submit your query." +msgstr "" + +#: login.php:839 +msgid "Please fill up Schedule Call Details to submit your query." +msgstr "" + +#: login.php:862 +msgid "" +"Thanks for getting in touch! You will receive the call details on your email " +"shortly." +msgstr "" + +#: login.php:882 +msgid "" +"ERROR: PHP cURL extension is not installed or disabled. Resend OTP " +"failed." +msgstr "" + +#: login.php:894 +#, php-format +msgid "" +"Your password has been reset successfully. Please enter the new password " +"sent to %s" +msgstr "" + +#: login.php:897 +msgid "An error occurred while processing your request. Please Try again." +msgstr "" + +#: login.php:906 +msgid "Plugin deactivated successfully" +msgstr "" + +#: login.php:968 +msgid "Error while submitting the query." +msgstr "" + +#: login.php:975 +msgid "Thank you for the feedback." +msgstr "" + +#: login.php:1010 +msgid "" +" Plan (highlighted with red border) will be the best suitable licensing plan " +"as per the SSO details provided by you. If you still have any concern, " +"please write us at info@xecurify.com." +msgstr "" + +#: login.php:1039 +msgid "" +"PHP cURL extension is not installed or disabled. Cannot fetch metadata from " +"URL." +msgstr "" + +#: login.php:1077 login.php:1118 +msgid "Please provide a valid metadata file." +msgstr "" + +#: login.php:1083 login.php:1123 +msgid "Please provide a valid metadata URL." +msgstr "" + +#: login.php:1089 +msgid "Unable to fetch Metadata. Please check your IDP configuration again." +msgstr "" + +#: login.php:1152 +msgid "" +"You already have an account with miniOrange. Please enter a valid password." +msgstr "" + +#: login.php:1183 mo_saml_settings_page.php:377 +msgid "Thank you for registering with miniOrange." +msgstr "" + +#: login.php:1200 +msgid "Configure SAML Identity Provider for SSO" +msgstr "" + +#: login.php:1204 +msgid "Plugin Configuration" +msgstr "" + +#: login.php:1206 +msgid "Premium Plans" +msgstr "" + +#: login.php:1247 +msgid "Settings" +msgstr "" + +#: mo_login_saml_sso_widget.php:16 +msgid "This is a miniOrange SAML login widget." +msgstr "" + +#: mo_login_saml_sso_widget.php:47 +msgid "Title:" +msgstr "" + +#: mo_login_saml_sso_widget.php:68 +msgid "Please configure the miniOrange SAML Plugin first." +msgstr "" + +#: mo_login_saml_sso_widget.php:73 +msgid "We could not sign you in. Please contact your Administrator." +msgstr "" + +#: mo_login_saml_sso_widget.php:88 +#, php-format +msgid "Hello, %s" +msgstr "" + +#: mo_login_saml_sso_widget.php:90 +msgid "Logout" +msgstr "" + +#: mo_login_saml_sso_widget.php:242 mo_login_saml_sso_widget.php:308 +msgid "We could not sign you in. Please contact administrator" +msgstr "" + +#: mo_saml_addons.php:7 +msgid "" +"Allows real-time user sync (automatic user create, delete, and update) from " +"your Identity Provider such as Azure, Okta, Onelogin into your WordPress " +"site." +msgstr "" + +#: mo_saml_addons.php:8 +msgid "" +"Restrict access to WordPress pages/posts based on user roles and their login " +"status, thereby protecting these pages/posts from unauthorized access." +msgstr "" + +#: mo_saml_addons.php:9 +msgid "" +"Restrict any kind of media files such as images, audio, videos, documents, " +"etc, and any extension (configurable) such as png, pdf, jpeg, jpg, bmp, gif, " +"etc." +msgstr "" + +#: mo_saml_addons.php:10 +msgid "" +"SSO Login Audit tracks all the SSO users and generates detailed reports. The " +"advanced search filters in audit reports makes it easy to find and keep " +"track of your users." +msgstr "" + +#: mo_saml_addons.php:11 +msgid "" +"Integrate user information sent by the SAML Identity Provider in SAML " +"Assertion with the BuddyPress profile fields." +msgstr "" + +#: mo_saml_addons.php:12 +msgid "" +"Allows mapping your users to different LearnDash LMS plugin groups as per " +"their group information sent by configured SAML Identity Provider." +msgstr "" + +#: mo_saml_addons.php:13 +msgid "" +"Enables you to redirect your users to different pages after they log into " +"your site, based on the attributes sent by your Identity Provider." +msgstr "" + +#: mo_saml_addons.php:14 +msgid "" +"Helps you in managing the login session time of your users based on their " +"WordPress roles. Session time for roles can be specified." +msgstr "" + +#: mo_saml_addons.php:15 +msgid "" +"Allows secure access to the site using various federations such as InCommon, " +"HAKA, HKAF, etc. Users can log into the WordPress site using their " +"university credentials." +msgstr "" + +#: mo_saml_addons.php:16 +msgid "" +"Map users to different membership levels created by the MemberPress plugin " +"using the group information sent by your Identity Provider." +msgstr "" + +#: mo_saml_addons.php:17 +msgid "" +"Integrate WP-members fields using the attributes sent by your SAML Identity " +"Provider in the SAML Assertion." +msgstr "" + +#: mo_saml_addons.php:18 +msgid "" +"Map WooCommerce checkout page fields using the attributes sent by your IDP. " +"This also allows you to map the users in different WooCommerce roles based " +"on their IDP groups." +msgstr "" + +#: mo_saml_addons.php:19 +msgid "" +"Allows users to SSO into your site without creating a user account for them. " +"This is useful when you dont want to manage the user accounts at the " +"WordPress site." +msgstr "" + +#: mo_saml_addons.php:20 +msgid "" +"Map your users to different Paid MembershipPro membership levels as per the " +"group information sent by your Identity Provider." +msgstr "" + +#: mo_saml_addons.php:21 +msgid "" +"Maps raw image data or URL received from your Identity Provider into " +"Gravatar for the user." +msgstr "" + +#: mo_saml_addons.php:25 +msgid "Recommended Add-ons for you" +msgstr "" + +#: mo_saml_addons.php:45 +msgid "Check out all our add-ons" +msgstr "" + +#: mo_saml_addons.php:76 +msgid "Learn More" +msgstr "" + +#: mo_saml_licensing_plans.php:1163 +msgid "Choose Your Licensing Plan" +msgstr "" + +#: mo_saml_licensing_plans.php:1167 +msgid "Single Site" +msgstr "" + +#: mo_saml_licensing_plans.php:1169 +msgid "Multisite Network" +msgstr "" + +#: mo_saml_licensing_plans.php:1175 +msgid "" +"License is linked to the domain of the Wordpress instance, so if you have " +"dev-staging-prod type of environment then you will require 3 licenses of the " +"plugin (with discounts applicable on pre-production environments)." +msgstr "" + +#: mo_saml_licensing_plans.php:1176 +msgid "" +"Contact us at info@xecurify.com for bulk discounts." +msgstr "" + +#: mo_saml_licensing_plans.php:1203 mo_saml_licensing_plans.php:1254 +#: mo_saml_licensing_plans.php:1316 mo_saml_licensing_plans.php:1370 +#: mo_saml_licensing_plans.php:1437 mo_saml_licensing_plans.php:1490 +#: mo_saml_licensing_plans.php:1555 +msgid "Why should I choose this plan?" +msgstr "" + +#: mo_saml_licensing_plans.php:1204 mo_saml_licensing_plans.php:1317 +msgid "Choose this plan if you are looking for the features like " +msgstr "" + +#: mo_saml_licensing_plans.php:1206 mo_saml_licensing_plans.php:1213 +#: mo_saml_licensing_plans.php:1257 mo_saml_licensing_plans.php:1265 +#: mo_saml_licensing_plans.php:1376 +msgid "Auto-Redirect to IdP" +msgstr "" + +#: mo_saml_licensing_plans.php:1207 +msgid "" +"Basic Attribute Mapping (Username, Email, First Name, Last Name, Display " +"Name)" +msgstr "" + +#: mo_saml_licensing_plans.php:1208 mo_saml_licensing_plans.php:1261 +#: mo_saml_licensing_plans.php:1323 mo_saml_licensing_plans.php:1446 +#: mo_saml_licensing_plans.php:1559 mo_saml_settings_page.php:679 +#: mo_saml_settings_page.php:1088 +msgid "Note:" +msgstr "" + +#: mo_saml_licensing_plans.php:1209 +msgid "Single Logout & Role Mapping is not a part of this plan." +msgstr "" + +#: mo_saml_licensing_plans.php:1212 +msgid "Standard" +msgstr "" + +#: mo_saml_licensing_plans.php:1223 mo_saml_licensing_plans.php:1276 +#: mo_saml_licensing_plans.php:1340 mo_saml_licensing_plans.php:1396 +#: mo_saml_licensing_plans.php:1458 mo_saml_licensing_plans.php:1505 +#: mo_saml_licensing_plans.php:1572 mo_saml_settings_page.php:75 +msgid "Upgrade Now" +msgstr "" + +#: mo_saml_licensing_plans.php:1225 +msgid "See the Standard Plugin features list below" +msgstr "" + +#: mo_saml_licensing_plans.php:1228 mo_saml_licensing_plans.php:1282 +#: mo_saml_licensing_plans.php:1345 mo_saml_licensing_plans.php:1401 +#: mo_saml_licensing_plans.php:1463 mo_saml_licensing_plans.php:1510 +#: mo_saml_licensing_plans.php:1577 +msgid "Unlimited Authentications" +msgstr "" + +#: mo_saml_licensing_plans.php:1229 mo_saml_licensing_plans.php:1283 +#: mo_saml_licensing_plans.php:1346 mo_saml_licensing_plans.php:1402 +#: mo_saml_licensing_plans.php:1464 mo_saml_licensing_plans.php:1511 +#: mo_saml_licensing_plans.php:1578 +msgid "" +"Basic Attribute Mapping (Username, Email, First Name, Last Name,Display Name)" +msgstr "" + +#: mo_saml_licensing_plans.php:1230 +msgid "Widget, Shortcode to add IdP Login Link on your site" +msgstr "" + +#: mo_saml_licensing_plans.php:1231 mo_saml_licensing_plans.php:1285 +#: mo_saml_licensing_plans.php:1348 mo_saml_licensing_plans.php:1404 +#: mo_saml_licensing_plans.php:1466 mo_saml_licensing_plans.php:1513 +#: mo_saml_licensing_plans.php:1580 +msgid "Step-by-step guide to setup IdP" +msgstr "" + +#: mo_saml_licensing_plans.php:1232 mo_saml_licensing_plans.php:1286 +#: mo_saml_licensing_plans.php:1349 mo_saml_licensing_plans.php:1405 +#: mo_saml_licensing_plans.php:1467 mo_saml_licensing_plans.php:1514 +#: mo_saml_licensing_plans.php:1581 +msgid "Auto-Redirect to IdP from login page" +msgstr "" + +#: mo_saml_licensing_plans.php:1233 mo_saml_licensing_plans.php:1287 +#: mo_saml_licensing_plans.php:1350 mo_saml_licensing_plans.php:1406 +#: mo_saml_licensing_plans.php:1468 mo_saml_licensing_plans.php:1515 +#: mo_saml_licensing_plans.php:1582 +msgid "Protect your complete site (Auto-Redirect to IdP from any page)" +msgstr "" + +#: mo_saml_licensing_plans.php:1234 mo_saml_licensing_plans.php:1288 +#: mo_saml_licensing_plans.php:1351 mo_saml_licensing_plans.php:1407 +#: mo_saml_licensing_plans.php:1469 mo_saml_licensing_plans.php:1516 +#: mo_saml_licensing_plans.php:1583 +msgid "Change SP base Url and SP Entity ID" +msgstr "" + +#: mo_saml_licensing_plans.php:1235 mo_saml_licensing_plans.php:1289 +#: mo_saml_licensing_plans.php:1352 mo_saml_licensing_plans.php:1408 +#: mo_saml_licensing_plans.php:1470 mo_saml_licensing_plans.php:1517 +#: mo_saml_licensing_plans.php:1584 +msgid "Options to select SAML Request binding type" +msgstr "" + +#: mo_saml_licensing_plans.php:1236 mo_saml_licensing_plans.php:1291 +#: mo_saml_licensing_plans.php:1353 mo_saml_licensing_plans.php:1410 +#: mo_saml_licensing_plans.php:1471 mo_saml_licensing_plans.php:1519 +#: mo_saml_licensing_plans.php:1585 +msgid "Integrated Windows Authentication (supported with AD FS)" +msgstr "" + +#: mo_saml_licensing_plans.php:1247 mo_saml_licensing_plans.php:1305 +#: mo_saml_licensing_plans.php:1364 mo_saml_licensing_plans.php:1424 +#: mo_saml_licensing_plans.php:1482 mo_saml_licensing_plans.php:1533 +#: mo_saml_licensing_plans.php:1596 mo_saml_settings_page.php:226 +msgid "Add-Ons" +msgstr "" + +#: mo_saml_licensing_plans.php:1247 mo_saml_licensing_plans.php:1305 +#: mo_saml_licensing_plans.php:1364 +msgid "Purchase Separately" +msgstr "" + +#: mo_saml_licensing_plans.php:1247 mo_saml_licensing_plans.php:1305 +#: mo_saml_licensing_plans.php:1364 mo_saml_licensing_plans.php:1424 +#: mo_saml_licensing_plans.php:1482 +msgid "Contact us" +msgstr "" + +#: mo_saml_licensing_plans.php:1255 +msgid "" +"Choose this plan if you have Multisite Network Installation and are looking " +"for the features like " +msgstr "" + +#: mo_saml_licensing_plans.php:1256 mo_saml_licensing_plans.php:1375 +msgid "Subsite Specific SSO" +msgstr "" + +#: mo_saml_licensing_plans.php:1258 mo_saml_licensing_plans.php:1318 +#: mo_saml_licensing_plans.php:1377 mo_saml_licensing_plans.php:1442 +msgid "Advance Attribute Mapping" +msgstr "" + +#: mo_saml_licensing_plans.php:1259 mo_saml_licensing_plans.php:1319 +#: mo_saml_licensing_plans.php:1378 mo_saml_licensing_plans.php:1443 +msgid "Role Mapping" +msgstr "" + +#: mo_saml_licensing_plans.php:1260 mo_saml_licensing_plans.php:1321 +#: mo_saml_licensing_plans.php:1379 mo_saml_licensing_plans.php:1444 +msgid "IdP metadata sync" +msgstr "" + +#: mo_saml_licensing_plans.php:1261 mo_saml_licensing_plans.php:1322 +#: mo_saml_licensing_plans.php:1380 mo_saml_licensing_plans.php:1445 +msgid "Support of custom SP and IdP certificate" +msgstr "" + +#: mo_saml_licensing_plans.php:1261 +msgid "Add-ons are not a part of this plan." +msgstr "" + +#: mo_saml_licensing_plans.php:1264 mo_saml_licensing_plans.php:1327 +msgid "Premium" +msgstr "" + +#: mo_saml_licensing_plans.php:1265 +msgid "Attribute and Role Management" +msgstr "" + +#: mo_saml_licensing_plans.php:1265 +msgid "Connect all subsites to same IdP" +msgstr "" + +#: mo_saml_licensing_plans.php:1265 mo_saml_licensing_plans.php:1320 +#: mo_saml_licensing_plans.php:1328 +msgid "Single Logout" +msgstr "" + +#: mo_saml_licensing_plans.php:1278 +msgid "See the Multisite Premium Plugin features list below" +msgstr "" + +#: mo_saml_licensing_plans.php:1284 mo_saml_licensing_plans.php:1347 +#: mo_saml_licensing_plans.php:1403 mo_saml_licensing_plans.php:1465 +#: mo_saml_licensing_plans.php:1512 mo_saml_licensing_plans.php:1579 +msgid "Widget,Shortcode to add IdP Login Link on your site" +msgstr "" + +#: mo_saml_licensing_plans.php:1290 mo_saml_licensing_plans.php:1354 +#: mo_saml_licensing_plans.php:1409 mo_saml_licensing_plans.php:1472 +#: mo_saml_licensing_plans.php:1518 mo_saml_licensing_plans.php:1586 +msgid "SAML Single Logout" +msgstr "" + +#: mo_saml_licensing_plans.php:1292 mo_saml_licensing_plans.php:1355 +#: mo_saml_licensing_plans.php:1411 mo_saml_licensing_plans.php:1473 +#: mo_saml_licensing_plans.php:1520 mo_saml_licensing_plans.php:1587 +msgid "Customized Role Mapping" +msgstr "" + +#: mo_saml_licensing_plans.php:1293 mo_saml_licensing_plans.php:1356 +#: mo_saml_licensing_plans.php:1412 mo_saml_licensing_plans.php:1474 +#: mo_saml_licensing_plans.php:1521 mo_saml_licensing_plans.php:1588 +msgid "Auto-sync IdP Configuration from metadata" +msgstr "" + +#: mo_saml_licensing_plans.php:1294 mo_saml_licensing_plans.php:1357 +#: mo_saml_licensing_plans.php:1413 mo_saml_licensing_plans.php:1475 +#: mo_saml_licensing_plans.php:1522 mo_saml_licensing_plans.php:1589 +msgid "" +"Custom Attribute Mapping (Any attribute which is stored in user-meta table)" +msgstr "" + +#: mo_saml_licensing_plans.php:1295 mo_saml_licensing_plans.php:1358 +#: mo_saml_licensing_plans.php:1414 mo_saml_licensing_plans.php:1476 +#: mo_saml_licensing_plans.php:1523 mo_saml_licensing_plans.php:1590 +msgid "Store Multiple IdP Certificates" +msgstr "" + +#: mo_saml_licensing_plans.php:1296 mo_saml_licensing_plans.php:1359 +#: mo_saml_licensing_plans.php:1415 mo_saml_licensing_plans.php:1477 +#: mo_saml_licensing_plans.php:1524 mo_saml_licensing_plans.php:1591 +msgid "Custom SP Certificate" +msgstr "" + +#: mo_saml_licensing_plans.php:1297 mo_saml_licensing_plans.php:1416 +#: mo_saml_licensing_plans.php:1525 +msgid "Multi-Site Support" +msgstr "" + +#: mo_saml_licensing_plans.php:1298 mo_saml_licensing_plans.php:1417 +#: mo_saml_licensing_plans.php:1526 +msgid "Sub-site specific SSO for Multisite" +msgstr "" + +#: mo_saml_licensing_plans.php:1299 mo_saml_licensing_plans.php:1418 +#: mo_saml_licensing_plans.php:1527 +msgid "Auto-Redirection from specific subsites" +msgstr "" + +#: mo_saml_licensing_plans.php:1324 +msgid "" +"Add-ons are not a part of this plan. All features of Standard Plan are " +"included here." +msgstr "" + +#: mo_saml_licensing_plans.php:1328 +msgid "Attribute & Role Management" +msgstr "" + +#: mo_saml_licensing_plans.php:1342 +msgid "See the Premium Plugin features list below" +msgstr "" + +#: mo_saml_licensing_plans.php:1371 +msgid "" +"Choose this plan if you have Multisite Network installation and are looking " +"for features like " +msgstr "" + +#: mo_saml_licensing_plans.php:1372 mo_saml_licensing_plans.php:1385 +#: mo_saml_licensing_plans.php:1419 mo_saml_licensing_plans.php:1528 +msgid "Mu Domain Mapping Support" +msgstr "" + +#: mo_saml_licensing_plans.php:1373 mo_saml_licensing_plans.php:1385 +msgid "Easy migration from staging to prod" +msgstr "" + +#: mo_saml_licensing_plans.php:1374 mo_saml_licensing_plans.php:1385 +msgid "Setup SSO with multiple IdPs" +msgstr "" + +#: mo_saml_licensing_plans.php:1383 mo_saml_licensing_plans.php:1448 +msgid "Enterprise" +msgstr "" + +#: mo_saml_licensing_plans.php:1398 +msgid "See the Multisite Enterprise Plugin features list below" +msgstr "" + +#: mo_saml_licensing_plans.php:1420 mo_saml_licensing_plans.php:1449 +#: mo_saml_licensing_plans.php:1478 mo_saml_licensing_plans.php:1529 +#: mo_saml_licensing_plans.php:1592 +msgid "Multiple IdP Support" +msgstr "" + +#: mo_saml_licensing_plans.php:1421 mo_saml_licensing_plans.php:1479 +#: mo_saml_licensing_plans.php:1530 mo_saml_licensing_plans.php:1593 +msgid "" +"Compatible with multiple environments in a hosting provider like Pantheon, " +"WP-Engine, Wordpress VIP" +msgstr "" + +#: mo_saml_licensing_plans.php:1424 mo_saml_licensing_plans.php:1441 +#: mo_saml_licensing_plans.php:1449 mo_saml_licensing_plans.php:1482 +#: mo_saml_licensing_plans.php:1542 mo_saml_licensing_plans.php:1605 +msgid "SSO Login Audit" +msgstr "" + +#: mo_saml_licensing_plans.php:1424 mo_saml_licensing_plans.php:1482 +msgid "Purchase Separately (Remaining)" +msgstr "" + +#: mo_saml_licensing_plans.php:1438 +msgid "Choose this plan if you are looking for features like " +msgstr "" + +#: mo_saml_licensing_plans.php:1439 mo_saml_licensing_plans.php:1449 +msgid "Easy migration from dev to prod" +msgstr "" + +#: mo_saml_licensing_plans.php:1440 +msgid "Support of multiple IdPs" +msgstr "" + +#: mo_saml_licensing_plans.php:1446 +msgid "" +"Add-ons are not a part of this plan. All features of Premium Plan are " +"included here." +msgstr "" + +#: mo_saml_licensing_plans.php:1460 +msgid "See the Enterprise Plugin features list below" +msgstr "" + +#: mo_saml_licensing_plans.php:1491 mo_saml_licensing_plans.php:1556 +msgid "Choose this plan if you are looking for " +msgstr "" + +#: mo_saml_licensing_plans.php:1492 mo_saml_licensing_plans.php:1557 +msgid "All exclusive features included" +msgstr "" + +#: mo_saml_licensing_plans.php:1493 mo_saml_licensing_plans.php:1558 +msgid "" +"Add-ons (Page Restriction, BuddyPress Attribute Mapping, LearnDash Attribute " +"Mapping, Media Restriction, Attribute based Redirection, Federation SSO, " +"SCIM-User Provisioning, SSO Session Management, SSO Login Audit,)." +msgstr "" + +#: mo_saml_licensing_plans.php:1493 mo_saml_licensing_plans.php:1641 +#: mo_saml_settings_page.php:1314 mo_saml_settings_page.php:1334 +#: mo_saml_settings_page.php:1995 +msgid "Note" +msgstr "" + +#: mo_saml_licensing_plans.php:1493 +msgid "" +"All the Add-ons are packaged with this plan. All features of all the " +"Multisite Plans are included here." +msgstr "" + +#: mo_saml_licensing_plans.php:1495 mo_saml_licensing_plans.php:1562 +msgid "All-Inclusive" +msgstr "" + +#: mo_saml_licensing_plans.php:1496 +msgid "Multisite Network SSO with all features and all the Add-ons" +msgstr "" + +#: mo_saml_licensing_plans.php:1507 +msgid "See the multisite All-Inclusive Plan features list below" +msgstr "" + +#: mo_saml_licensing_plans.php:1531 mo_saml_licensing_plans.php:1594 +msgid "Customize the metadata contact information" +msgstr "" + +#: mo_saml_licensing_plans.php:1532 mo_saml_licensing_plans.php:1595 +msgid "Configuring plugin using APIs" +msgstr "" + +#: mo_saml_licensing_plans.php:1534 mo_saml_licensing_plans.php:1597 +msgid "Page Restriction Add-On" +msgstr "" + +#: mo_saml_licensing_plans.php:1535 mo_saml_licensing_plans.php:1598 +msgid "Buddypress Attribute Mapping Add-On" +msgstr "" + +#: mo_saml_licensing_plans.php:1536 mo_saml_licensing_plans.php:1599 +msgid "LearnDash Attribute Integration Add-On" +msgstr "" + +#: mo_saml_licensing_plans.php:1537 mo_saml_licensing_plans.php:1600 +msgid "Media Restriction Add-On" +msgstr "" + +#: mo_saml_licensing_plans.php:1538 mo_saml_licensing_plans.php:1601 +msgid "Attribute based Redirection" +msgstr "" + +#: mo_saml_licensing_plans.php:1539 mo_saml_licensing_plans.php:1602 +msgid "Federation SSO Add-On" +msgstr "" + +#: mo_saml_licensing_plans.php:1540 mo_saml_licensing_plans.php:1603 +msgid "SCIM-User Provisioning" +msgstr "" + +#: mo_saml_licensing_plans.php:1541 mo_saml_licensing_plans.php:1604 +msgid "SSO Session Management" +msgstr "" + +#: mo_saml_licensing_plans.php:1560 +msgid "" +"All the Add-ons are packaged with this plan. All features of all the Plans " +"are included here." +msgstr "" + +#: mo_saml_licensing_plans.php:1563 +msgid "All features along
      with all Add-ons" +msgstr "" + +#: mo_saml_licensing_plans.php:1574 +msgid "See the All-inclusive Plugin features list below" +msgstr "" + +#: mo_saml_licensing_plans.php:1623 +msgid "Steps to Upgrade to Premium Plugin" +msgstr "" + +#: mo_saml_licensing_plans.php:1624 +msgid "" +"1. Click on 'Upgrade now' button of the required licensing plan. You will be " +"redirected to miniOrange Login Console. Enter your password with which you " +"created an account\n" +" with us. After that you will be redirected to payment page." +msgstr "" + +#: mo_saml_licensing_plans.php:1626 +msgid "" +"2. Enter your card details and complete the payment. On successful payment " +"completion, you will see the link\n" +" to download the premium plugin." +msgstr "" + +#: mo_saml_licensing_plans.php:1628 +msgid "" +"3. To install the premium plugin, first deactivate and delete the free " +"version of the plugin. Enable the \"Keep Configuration Intact\" checkbox " +"before deactivating and deleting the plugin. By doing so, your saved " +"configurations of the plugin will not get lost." +msgstr "" + +#: mo_saml_licensing_plans.php:1630 +msgid "" +"4. From this point on, do not update the premium plugin from the Wordpress " +"store." +msgstr "" + +#: mo_saml_licensing_plans.php:1632 +#, php-format +msgid "" +"Cost applicable for one instance only. Licenses are perpetual and the " +"Support Plan includes 12 months of maintenance (support and version " +"updates). You can renew maintenance after 12 months at 50% of the current " +"license cost." +msgstr "" + +#: mo_saml_licensing_plans.php:1634 +msgid "MultiSite Network Support" +msgstr "" + +#: mo_saml_licensing_plans.php:1635 +msgid "" +"There is an additional cost for the number of subsites in Multisite Network." +msgstr "" + +#: mo_saml_licensing_plans.php:1637 +msgid "Multiple IdPs Supported" +msgstr "" + +#: mo_saml_licensing_plans.php:1638 +msgid "" +"There is an additional cost for the IdPs if the number of IdP is more than 1." +msgstr "" + +#: mo_saml_licensing_plans.php:1641 +msgid "" +"miniOrange does not store or transfer any data which is coming from the " +"Identity Provider to the WordPress. All the data remains within your " +"premises / server. We do not provide the developer license for our paid " +"plugins and the source code is protected. It is strictly prohibited to make " +"any changes in the code without having written permission from miniOrange. " +"There are hooks provided in the plugin which can be used by the developers " +"to extend the plugin's functionality." +msgstr "" + +#: mo_saml_licensing_plans.php:1644 +msgid "10 Days Return Policy" +msgstr "" + +#: mo_saml_licensing_plans.php:1645 +msgid "" +"At miniOrange, we want to ensure you are 100% happy with your purchase. If " +"the premium plugin you purchased is\n" +" not working as advertised and you've attempted to resolve any " +"issues with our support team, which couldn't get\n" +" resolved. We will refund the whole amount within 10 days of the " +"purchase." +msgstr "" + +#: mo_saml_licensing_plans.php:1648 +msgid "" +"Please email us at info@xecurify." +"com\n" +" for any queries regarding the return policy." +msgstr "" + +#: mo_saml_licensing_plans.php:1668 mo_saml_settings_page.php:517 +msgid "Back" +msgstr "" + +#: mo_saml_settings_page.php:61 mo_saml_settings_page.php:74 +msgid "miniOrange SSO using SAML 2.0" +msgstr "" + +#: mo_saml_settings_page.php:63 +msgid "You are currently on the Free version of the plugin" +msgstr "" + +#: mo_saml_settings_page.php:65 +msgid "Why should I upgrade to premium plugin?" +msgstr "" + +#: mo_saml_settings_page.php:66 +msgid "You should upgrade to seek the support of our SSO expert team." +msgstr "" + +#: mo_saml_settings_page.php:66 +msgid "" +"Free version does not support attribute mapping, role mapping, single logout " +"features and Multisite Network Installation." +msgstr "" + +#: mo_saml_settings_page.php:66 +msgid "" +"Premium version support Signed SAML Request and Encrypted Assertion which " +"are recommended from security point of view." +msgstr "" + +#: mo_saml_settings_page.php:66 +msgid "" +"Auto-Redirect to IdP which protect your site with IdP login is a part of " +"premium version of the plugin." +msgstr "" + +#: mo_saml_settings_page.php:66 +msgid "Check the features given in the Licensing Plans for more detail." +msgstr "" + +#: mo_saml_settings_page.php:67 +msgid "Why should I upgrade?" +msgstr "" + +#: mo_saml_settings_page.php:76 +msgid "FAQs" +msgstr "" + +#: mo_saml_settings_page.php:77 +msgid "Ask questions on our forum" +msgstr "" + +#: mo_saml_settings_page.php:80 +msgid "Restart Plugin Tour" +msgstr "" + +#: mo_saml_settings_page.php:99 +msgid "Let's get started!" +msgstr "" + +#: mo_saml_settings_page.php:108 +msgid "" +"Hey, Thank you for installing miniOrange SSO " +"using SAML 2.0 plugin" +msgstr "" + +#: mo_saml_settings_page.php:109 +msgid "We support all SAML 2.0 compliant Identity Providers." +msgstr "" + +#: mo_saml_settings_page.php:111 +msgid "" +"Please find some of the well-known IdP configuration guides below." +msgstr "" + +#: mo_saml_settings_page.php:112 +msgid "" +"If you do not find your IDP guide here, don't worry! mail us at info@xecurify.com" +msgstr "" + +#: mo_saml_settings_page.php:113 +msgid "" +"Make sure to check out the list of supported add-ons to increase the " +"functionality of your WordPress site." +msgstr "" + +#: mo_saml_settings_page.php:136 +msgid "Take a quick tour of setting up the plugin with ADFS" +msgstr "" + +#: mo_saml_settings_page.php:136 +msgid "Press Esc to skip" +msgstr "" + +#: mo_saml_settings_page.php:140 +msgid "Start tour" +msgstr "" + +#: mo_saml_settings_page.php:141 +msgid "Skip the tour" +msgstr "" + +#: mo_saml_settings_page.php:216 +msgid "Service Provider Setup" +msgstr "" + +#: mo_saml_settings_page.php:218 +msgid "Service Provider Metadata" +msgstr "" + +#: mo_saml_settings_page.php:220 +msgid "Attribute/Role Mapping" +msgstr "" + +#: mo_saml_settings_page.php:222 +msgid "Premium plans" +msgstr "" + +#: mo_saml_settings_page.php:224 +msgid "Redirection & SSO Links" +msgstr "" + +#: mo_saml_settings_page.php:228 +msgid "Demo Request" +msgstr "" + +#: mo_saml_settings_page.php:230 +msgid "Account Setup" +msgstr "" + +#: mo_saml_settings_page.php:382 +msgid "miniOrange Account Email" +msgstr "" + +#: mo_saml_settings_page.php:386 +msgid "Customer ID" +msgstr "" + +#: mo_saml_settings_page.php:398 +msgid "Change Email Address" +msgstr "" + +#: mo_saml_settings_page.php:401 +msgid "Check Licensing Plans" +msgstr "" + +#: mo_saml_settings_page.php:422 +msgid "Register with miniOrange" +msgstr "" + +#: mo_saml_settings_page.php:425 +msgid "Why should I register?" +msgstr "" + +#: mo_saml_settings_page.php:427 +msgid "" +"You should register so that in case you need help, we can help you with step " +"by step instructions. We support all known IdPs - ADFS, Okta, Salesforce, " +"Shibboleth, SimpleSAMLphp, OpenAM, Centrify, Ping, RSA, IBM, Oracle, " +"OneLogin, Bitium, WSO2 etc." +msgstr "" + +#: mo_saml_settings_page.php:428 +msgid "" +"You will also need a miniOrange account to upgrade to the premium version of " +"the plugins." +msgstr "" + +#: mo_saml_settings_page.php:428 +msgid "" +" We do not store any information except the email that you will use to " +"register with us." +msgstr "" + +#: mo_saml_settings_page.php:433 mo_saml_settings_page.php:498 +#: mo_saml_settings_page.php:1965 +msgid "Email" +msgstr "" + +#: mo_saml_settings_page.php:440 mo_saml_settings_page.php:504 +msgid "Password" +msgstr "" + +#: mo_saml_settings_page.php:442 +msgid "Choose your password (Min. length 6)" +msgstr "" + +#: mo_saml_settings_page.php:444 mo_saml_settings_page.php:452 +#: mo_saml_settings_page.php:508 +msgid "" +"Minimum 6 characters should be present. Maximum 15 characters should be " +"present. Only following symbols (!@#.$%^&*) should be present." +msgstr "" + +#: mo_saml_settings_page.php:448 +msgid "Confirm Password" +msgstr "" + +#: mo_saml_settings_page.php:450 +msgid "Confirm your password" +msgstr "" + +#: mo_saml_settings_page.php:458 +msgid "Register" +msgstr "" + +#: mo_saml_settings_page.php:461 +msgid "Already have an account?" +msgstr "" + +#: mo_saml_settings_page.php:490 +msgid "Login with miniOrange" +msgstr "" + +#: mo_saml_settings_page.php:493 +msgid "" +"It seems you already have an account with miniOrange. Please enter your " +"miniOrange email and password." +msgstr "" + +#: mo_saml_settings_page.php:494 +msgid "Click here if you forgot your password?" +msgstr "" + +#: mo_saml_settings_page.php:506 +msgid "Enter your password" +msgstr "" + +#: mo_saml_settings_page.php:515 +msgid "Login" +msgstr "" + +#: mo_saml_settings_page.php:550 +msgid "Option 1: Use a Widget" +msgstr "" + +#: mo_saml_settings_page.php:550 +msgid "Available in current version of the plugin" +msgstr "" + +#: mo_saml_settings_page.php:552 +msgid "Take Tab-Tour" +msgstr "" + +#: mo_saml_settings_page.php:558 +msgid "" +"Add the SSO Widget by following the instructions below. This will add the " +"SSO link on your site." +msgstr "" + +#: mo_saml_settings_page.php:561 +msgid "Go to Appearances" +msgstr "" + +#: mo_saml_settings_page.php:561 +msgid "Widgets" +msgstr "" + +#: mo_saml_settings_page.php:562 +#, php-format +msgid "Select \"Login with %s" +msgstr "" + +#: mo_saml_settings_page.php:562 +msgid "Drag and drop to your favourite location and save." +msgstr "" + +#: mo_saml_settings_page.php:570 +msgid "Option 2: Auto-Redirection from site" +msgstr "" + +#: mo_saml_settings_page.php:571 mo_saml_settings_page.php:593 +#: mo_saml_settings_page.php:616 +msgid "Available in Standard, Premium, Enterprise and All-Inclusive plans" +msgstr "" + +#: mo_saml_settings_page.php:572 +msgid "" +"1. Select this option if you want to restrict your site to only logged in " +"users." +msgstr "" + +#: mo_saml_settings_page.php:573 +msgid "" +"Selecting this option will redirect the users to your IdP if logged in " +"session is not found." +msgstr "" + +#: mo_saml_settings_page.php:578 +msgid "Redirect to IdP if user not logged in" +msgstr "" + +#: mo_saml_settings_page.php:578 +msgid "PROTECT COMPLETE SITE" +msgstr "" + +#: mo_saml_settings_page.php:581 +msgid "" +"2. It will force user to provide credentials on your IdP on each login " +"attempt even if the user is already logged in to IdP." +msgstr "" + +#: mo_saml_settings_page.php:582 +msgid "" +"This option may require some additional setting in your IdP to force it " +"depending on your Identity Provider." +msgstr "" + +#: mo_saml_settings_page.php:587 +msgid "Force authentication with your IdP on each login attempt" +msgstr "" + +#: mo_saml_settings_page.php:592 +msgid "Option 3: Auto-Redirection from WordPress Login" +msgstr "" + +#: mo_saml_settings_page.php:594 +msgid "" +"1. Select this option if you want the users visiting any of the following " +"URLs to get redirected to your configured IdP for authentication" +msgstr "" + +#: mo_saml_settings_page.php:595 +msgid "or" +msgstr "" + +#: mo_saml_settings_page.php:600 +msgid "Redirect to IdP from WordPress Login Page" +msgstr "" + +#: mo_saml_settings_page.php:603 +msgid "" +"2. Select this option to enable backdoor login if auto-redirect from " +"WordPress Login is enabled." +msgstr "" + +#: mo_saml_settings_page.php:609 +msgid "" +"Checking this option creates a backdoor to login to your Website using " +"WordPress credentials incase you get locked out of your IdP" +msgstr "" + +#: mo_saml_settings_page.php:610 +msgid "Note down this URL" +msgstr "" + +#: mo_saml_settings_page.php:615 +msgid "Option 4: Use a ShortCode" +msgstr "" + +#: mo_saml_settings_page.php:620 mo_saml_settings_page.php:629 +msgid "Disabled. Configure your Service Provider" +msgstr "" + +#: mo_saml_settings_page.php:623 +msgid "Check this option if you want to add a shortcode to your page" +msgstr "" + +#: mo_saml_settings_page.php:630 +msgid "Log Out and Test" +msgstr "" + +#: mo_saml_settings_page.php:634 +msgid "" +"These options are configurable in the Standard, Premium, Enterprise and All-" +"Inclusive version of the plugin." +msgstr "" + +#: mo_saml_settings_page.php:652 +msgid "Gather Metadata for IDP" +msgstr "" + +#: mo_saml_settings_page.php:654 mo_saml_settings_page.php:942 +#: mo_saml_settings_page.php:1503 +msgid "Take Tab-tour" +msgstr "" + +#: mo_saml_settings_page.php:666 +msgid "Service Provider Endpoints" +msgstr "" + +#: mo_saml_settings_page.php:673 +msgid "Enter Service Provider Entity ID" +msgstr "" + +#: mo_saml_settings_page.php:679 +msgid "" +"If you have already shared the below URLs or Metadata with your IdP, do " +"NOT change SP EntityID. It might break your existing login flow." +msgstr "" + +#: mo_saml_settings_page.php:683 +msgid "Update" +msgstr "" + +#: mo_saml_settings_page.php:696 +msgid "" +"Provide this metadata URL to your Identity Provider or download the .xml " +"file to upload it in your idp" +msgstr "" + +#: mo_saml_settings_page.php:697 +msgid "Metadata URL" +msgstr "" + +#: mo_saml_settings_page.php:699 mo_saml_settings_page.php:715 +#: mo_saml_settings_page.php:725 mo_saml_settings_page.php:735 +#: mo_saml_settings_page.php:747 mo_saml_settings_page.php:757 +#: mo_saml_settings_page.php:767 mo_saml_settings_page.php:778 +#: mo_saml_settings_page.php:833 +msgid "Copy to Clipboard" +msgstr "" + +#: mo_saml_settings_page.php:701 +msgid "Metadata XML File" +msgstr "" + +#: mo_saml_settings_page.php:701 mo_saml_settings_page.php:786 +#: mo_saml_settings_page.php:789 +msgid "Download" +msgstr "" + +#: mo_saml_settings_page.php:703 mo_saml_settings_page.php:884 +msgid "OR" +msgstr "" + +#: mo_saml_settings_page.php:706 +msgid "Link to Configure the Plug in" +msgstr "" + +#: mo_saml_settings_page.php:707 +msgid "Click Here to see the Guide for Configuring the plugin" +msgstr "" + +#: mo_saml_settings_page.php:707 +msgid "" +"You will need the following information to configure your IdP. Copy it and " +"keep it handy" +msgstr "" + +#: mo_saml_settings_page.php:712 +msgid "SP-EntityID / Issuer" +msgstr "" + +#: mo_saml_settings_page.php:722 +msgid "ACS (AssertionConsumerService) URL" +msgstr "" + +#: mo_saml_settings_page.php:732 +msgid "Audience URI" +msgstr "" + +#: mo_saml_settings_page.php:742 +msgid "NameID format" +msgstr "" + +#: mo_saml_settings_page.php:754 +msgid "Recipient URL" +msgstr "" + +#: mo_saml_settings_page.php:764 +msgid "Destination URL" +msgstr "" + +#: mo_saml_settings_page.php:775 mo_saml_settings_page.php:796 +msgid "Default Relay State (Optional)" +msgstr "" + +#: mo_saml_settings_page.php:784 mo_saml_settings_page.php:803 +msgid "Certificate (Optional)" +msgstr "" + +#: mo_saml_settings_page.php:786 +msgid "Register to download the certificate" +msgstr "" + +#: mo_saml_settings_page.php:798 mo_saml_settings_page.php:805 +msgid "" +"Available in the Standard, Premium, Enterprise and All-Inclusive plans of " +"the plugin." +msgstr "" + +#: mo_saml_settings_page.php:830 +msgid "Copied" +msgstr "" + +#: mo_saml_settings_page.php:853 +msgid "Upload IDP Metadata" +msgstr "" + +#: mo_saml_settings_page.php:855 +msgid "Cancel" +msgstr "" + +#: mo_saml_settings_page.php:868 mo_saml_settings_page.php:1292 +msgid "Identity Provider Name" +msgstr "" + +#: mo_saml_settings_page.php:869 +msgid "Identity Provider name like ADFS, SimpleSAML" +msgstr "" + +#: mo_saml_settings_page.php:869 mo_saml_settings_page.php:1298 +msgid "Only alphabets, numbers and underscore is allowed" +msgstr "" + +#: mo_saml_settings_page.php:879 +msgid "Upload Metadata" +msgstr "" + +#: mo_saml_settings_page.php:881 +msgid "Upload" +msgstr "" + +#: mo_saml_settings_page.php:891 +msgid "Enter metadata URL" +msgstr "" + +#: mo_saml_settings_page.php:892 +msgid "Enter metadata URL of your IdP." +msgstr "" + +#: mo_saml_settings_page.php:893 +msgid "Fetch Metadata" +msgstr "" + +#: mo_saml_settings_page.php:939 +msgid "Select your Identity Provider" +msgstr "" + +#: mo_saml_settings_page.php:1088 +msgid "" +"Please feel free to reach out to us in case of any issues for setting up the " +"Custom IDP using the Contact Us dialog." +msgstr "" + +#: mo_saml_settings_page.php:1172 +msgid "" +"Select your Identity Provider from the list below, and you can find the link " +"to the guide for setting up SAML below." +msgstr "" + +#: mo_saml_settings_page.php:1173 +msgid "Please contact us if you don't find your IDP in the list." +msgstr "" + +#: mo_saml_settings_page.php:1178 +msgid "Start typing your identity provider name here.." +msgstr "" + +#: mo_saml_settings_page.php:1181 +msgid "" +"It looks like your identity provider is not listed below, you can " +"select Custom IDP to configure the plugin. Please send us " +"query using support form given aside for more details." +msgstr "" + +#: mo_saml_settings_page.php:1221 +msgid "Configure Service Provider" +msgstr "" + +#: mo_saml_settings_page.php:1227 +msgid "Upload IDP Metadata File/XML" +msgstr "" + +#: mo_saml_settings_page.php:1243 +msgid "Identity Provider" +msgstr "" + +#: mo_saml_settings_page.php:1248 +msgid "Click here to open Guide" +msgstr "" + +#: mo_saml_settings_page.php:1252 +msgid "Change Identity Provider" +msgstr "" + +#: mo_saml_settings_page.php:1265 +msgid "Azure B2C tenant Name" +msgstr "" + +#: mo_saml_settings_page.php:1267 +msgid "Enter your Azure B2C tenant Name. Example: xyb2c.onmicrosoft.com" +msgstr "" + +#: mo_saml_settings_page.php:1274 +msgid "IdentityExperienceFramework app ID" +msgstr "" + +#: mo_saml_settings_page.php:1276 +msgid "Enter the application ID for the IdentityExperienceFramework app" +msgstr "" + +#: mo_saml_settings_page.php:1283 +msgid "ProxyIdentityExperienceFramework app ID" +msgstr "" + +#: mo_saml_settings_page.php:1285 +msgid "Enter the application ID for the ProxyIdentityExperienceFramework app" +msgstr "" + +#: mo_saml_settings_page.php:1295 +msgid "Identity Provider name like ADFS, SimpleSAML, Salesforce" +msgstr "" + +#: mo_saml_settings_page.php:1305 +msgid "IdP Entity ID or Issuer" +msgstr "" + +#: mo_saml_settings_page.php:1306 +msgid "Identity Provider Entity ID or Issuer" +msgstr "" + +#: mo_saml_settings_page.php:1314 +msgid "" +"You can find the EntityID in Your IdP-Metadata XML file enclosed in " +"EntityDescriptor tag having attribute as entityID" +msgstr "" + +#: mo_saml_settings_page.php:1323 +msgid "SAML Login URL" +msgstr "" + +#: mo_saml_settings_page.php:1325 +msgid "Single Sign On Service URL (HTTP-Redirect binding) of your IdP" +msgstr "" + +#: mo_saml_settings_page.php:1334 +msgid "" +"You can find the SAML Login URL in Your IdP-Metadata XML file " +"enclosed in SingleSignOnService tag (Binding type: HTTP-" +"Redirect)" +msgstr "" + +#: mo_saml_settings_page.php:1345 +msgid "X.509 Certificate" +msgstr "" + +#: mo_saml_settings_page.php:1346 +msgid "" +"Copy and Paste the content from the downloaded certificate or copy the " +"content enclosed in X509Certificate tag (has parent tag KeyDescriptor " +"use=signing) in IdP-Metadata XML file" +msgstr "" + +#: mo_saml_settings_page.php:1351 mo_saml_settings_page.php:1371 +#: mo_saml_settings_page.php:1516 mo_saml_settings_page.php:1578 +#: mo_saml_settings_page.php:1938 +msgid "NOTE" +msgstr "" + +#: mo_saml_settings_page.php:1351 +msgid "Format of the certificate" +msgstr "" + +#: mo_saml_settings_page.php:1361 +msgid "Character encoding" +msgstr "" + +#: mo_saml_settings_page.php:1371 +msgid "Uses iconv encoding to convert X509 certificate into correct encoding." +msgstr "" + +#: mo_saml_settings_page.php:1375 mo_saml_settings_page.php:1646 +msgid "Save" +msgstr "" + +#: mo_saml_settings_page.php:1380 +msgid "Enable openssl extension to test your configuration." +msgstr "" + +#: mo_saml_settings_page.php:1383 +msgid "" +"You can only test your Configuration after saving your Service Provider " +"Settings." +msgstr "" + +#: mo_saml_settings_page.php:1385 +msgid "Test configuration" +msgstr "" + +#: mo_saml_settings_page.php:1394 +msgid "Generate Azure B2C SSO Policies" +msgstr "" + +#: mo_saml_settings_page.php:1394 +msgid "Generate SSO Policies" +msgstr "" + +#: mo_saml_settings_page.php:1405 +msgid "Update SSO Configuration" +msgstr "" + +#: mo_saml_settings_page.php:1405 +msgid "Update Configuration" +msgstr "" + +#: mo_saml_settings_page.php:1423 mo_saml_settings_page.php:1426 +#: mo_saml_settings_page.php:1716 +msgid "Export Plugin Configuration" +msgstr "" + +#: mo_saml_settings_page.php:1501 +msgid "Attribute Mapping (Optional)" +msgstr "" + +#: mo_saml_settings_page.php:1511 mo_saml_settings_page.php:1573 +msgid "Click Here to know how this is useful." +msgstr "" + +#: mo_saml_settings_page.php:1516 +msgid "" +"Use attribute name NameID if Identity is in the " +"NameIdentifier element of the subject statement in SAML Response." +msgstr "" + +#: mo_saml_settings_page.php:1520 +msgid "Username (required)" +msgstr "" + +#: mo_saml_settings_page.php:1524 +msgid "Email (required)" +msgstr "" + +#: mo_saml_settings_page.php:1529 +msgid "First Name" +msgstr "" + +#: mo_saml_settings_page.php:1530 +msgid "Enter attribute name for First Name" +msgstr "" + +#: mo_saml_settings_page.php:1536 +msgid "Last Name" +msgstr "" + +#: mo_saml_settings_page.php:1537 +msgid "Enter attribute name for Last Name" +msgstr "" + +#: mo_saml_settings_page.php:1544 +msgid "Group/Role" +msgstr "" + +#: mo_saml_settings_page.php:1545 +msgid "Enter attribute name for Group/Role" +msgstr "" + +#: mo_saml_settings_page.php:1551 +msgid "" +"These attributes are configurable in Standard, Premium, Enterprise and All-" +"Inclusive versions of the plugin." +msgstr "" + +#: mo_saml_settings_page.php:1552 +msgid "Map Custom Attributes" +msgstr "" + +#: mo_saml_settings_page.php:1553 +msgid "" +"Customized Attribute Mapping means you can map any attribute of the IDP to " +"the usermeta table of your database." +msgstr "" + +#: mo_saml_settings_page.php:1554 +msgid "" +"Customized Attribute Mapping is configurable in the Premium, Enterprise and " +"All-Inclusive versions of the plugin." +msgstr "" + +#: mo_saml_settings_page.php:1569 +msgid "Role Mapping (Optional)" +msgstr "" + +#: mo_saml_settings_page.php:1578 +msgid "" +"Role will be assigned only to new users. Existing Wordpress users' role " +"remains same." +msgstr "" + +#: mo_saml_settings_page.php:1586 +msgid "Do not auto create users if roles are not mapped here" +msgstr "" + +#: mo_saml_settings_page.php:1595 +msgid "Do not assign role to unlisted users" +msgstr "" + +#: mo_saml_settings_page.php:1599 +msgid "Default Role" +msgstr "" + +#: mo_saml_settings_page.php:1617 +msgid "Select the default role to assign to Users." +msgstr "" + +#: mo_saml_settings_page.php:1630 mo_saml_settings_page.php:1632 +#, php-format +msgid "Semi-colon(;) separated Group/Role value for %s" +msgstr "" + +#: mo_saml_settings_page.php:1639 +msgid "" +"Customized Role Mapping options are configurable in the Premium, Enterprise " +"and All-Inclusive versions of the plugin." +msgstr "" + +#: mo_saml_settings_page.php:1640 +msgid "" +"In the standard version, you can only assign the default role to the user." +msgstr "" + +#: mo_saml_settings_page.php:1708 +msgid "" +"Please try the solution given above.If the problem persists,download the " +"plugin configuration by clicking on Export Plugin Configuration and mail us " +"at info@xecurify.com" +msgstr "" + +#: mo_saml_settings_page.php:1709 +msgid "We will get back to you soon!" +msgstr "" + +#: mo_saml_settings_page.php:1753 +msgid "Feature Request/Contact Us (24*7 Support)" +msgstr "" + +#: mo_saml_settings_page.php:1756 +msgid "Need any help? Just give us a call at +1 978 658 9387" +msgstr "" + +#: mo_saml_settings_page.php:1759 +msgid "" +"We can help you with configuring your Identity Provider. Just send us a " +"query and we will get back to you soon." +msgstr "" + +#: mo_saml_settings_page.php:1768 +msgid "Enter your email" +msgstr "" + +#: mo_saml_settings_page.php:1780 +msgid "Enter your phone" +msgstr "" + +#: mo_saml_settings_page.php:1787 +msgid "Write your query here" +msgstr "" + +#: mo_saml_settings_page.php:1793 +msgid "Setup a Call / Screen-share session with miniOrange Technical Team" +msgstr "" + +#: mo_saml_settings_page.php:1799 +msgid "Enable this option to setup a call" +msgstr "" + +#: mo_saml_settings_page.php:1804 +msgid "TimeZone" +msgstr "" + +#: mo_saml_settings_page.php:1808 +msgid "Select your timezone" +msgstr "" + +#: mo_saml_settings_page.php:1825 +msgid "Date" +msgstr "" + +#: mo_saml_settings_page.php:1826 +msgid "Select Meeting Date" +msgstr "" + +#: mo_saml_settings_page.php:1829 +msgid "Time (24-hour)" +msgstr "" + +#: mo_saml_settings_page.php:1830 +msgid "Select Meeting Time" +msgstr "" + +#: mo_saml_settings_page.php:1834 +msgid "" +"Call and Meeting details will be sent to your email. Please verify the email " +"before submitting your query." +msgstr "" + +#: mo_saml_settings_page.php:1923 +msgid "Attributes sent by the Identity Provider" +msgstr "" + +#: mo_saml_settings_page.php:1926 +msgid "ATTRIBUTE NAME" +msgstr "" + +#: mo_saml_settings_page.php:1926 +msgid "ATTRIBUTE VALUE" +msgstr "" + +#: mo_saml_settings_page.php:1936 +msgid "Clear Attributes List" +msgstr "" + +#: mo_saml_settings_page.php:1938 +msgid "" +"Please clear this list after configuring the plugin to hide your " +"confidential attributes." +msgstr "" + +#: mo_saml_settings_page.php:1939 +msgid "" +"Click on Test configuration in Service Provider Setup tab to " +"populate the list again." +msgstr "" + +#: mo_saml_settings_page.php:1955 +msgid "Request for Demo" +msgstr "" + +#: mo_saml_settings_page.php:1956 +msgid "" +"Want to try out the paid features before purchasing the license? Just let us " +"know which plan you're interested in and we will setup a demo for you." +msgstr "" + +#: mo_saml_settings_page.php:1966 +msgid "We will use this email to setup the demo for you" +msgstr "" + +#: mo_saml_settings_page.php:1973 +msgid "Request a demo for" +msgstr "" + +#: mo_saml_settings_page.php:1975 +msgid "Select a license plan" +msgstr "" + +#: mo_saml_settings_page.php:1986 +msgid "Description" +msgstr "" + +#: mo_saml_settings_page.php:1987 +msgid "Write us about your requirement." +msgstr "" + +#: mo_saml_settings_page.php:1994 +msgid "Select the Add-ons you are interested in (Optional)" +msgstr "" + +#: mo_saml_settings_page.php:1995 +msgid "All-Inclusive plan entitles all the addons in the license cost itself." +msgstr "" + +#: mo_saml_settings_page.php:2006 +msgid "Send Request" +msgstr "" + +#: pointers.php:17 +msgid "Select ADFS as IDP (Step 1 of 9)" +msgstr "" + +#: pointers.php:18 +msgid "" +"Choose ADFS as your IDP, and refer to the setup guide for complete " +"instructions." +msgstr "" + +#: pointers.php:26 +msgid "Service Provider Metadata URL (Step 2 of 9)" +msgstr "" + +#: pointers.php:27 +msgid "Use this Metadata URL or file to configure ADFS." +msgstr "" + +#: pointers.php:35 +msgid "Upload your metadata (Step 3 of 9)" +msgstr "" + +#: pointers.php:36 +msgid "" +"Once you have configured ADFS, you can use this button to upload the " +"metadata received from ADFS." +msgstr "" + +#: pointers.php:44 +msgid "Check your configurations (Step 4 of 9)" +msgstr "" + +#: pointers.php:45 +msgid "" +"After uploading the metadata from ADFS, use this button to test the " +"configurations between ADFS and WordPress." +msgstr "" + +#: pointers.php:53 +msgid "Configure Attribute Mapping (Step 5 of 9)" +msgstr "" + +#: pointers.php:54 pointers.php:193 +msgid "" +"While auto registering the users in your WordPress site these attributes " +"will automatically get mapped to your WordPress user details." +msgstr "" + +#: pointers.php:63 +msgid "Configure Role Mapping (Step 6 of 9)" +msgstr "" + +#: pointers.php:64 pointers.php:202 +msgid "" +"Select roles to be assigned to users when they are created in Wordpress." +msgstr "" + +#: pointers.php:72 +msgid "Available with this version (Step 7 of 9)" +msgstr "" + +#: pointers.php:73 pointers.php:225 +msgid "Add a widget to your Wordpress page and test out the SSO." +msgstr "" + +#: pointers.php:81 +msgid "Add-Ons (Step 8 of 9)" +msgstr "" + +#: pointers.php:82 +msgid "Checkout all our add-ons to extend the SSO functionality." +msgstr "" + +#: pointers.php:90 +msgid "We are here!!" +msgstr "" + +#: pointers.php:91 +msgid "Get in touch with us and we will help you setup the plugin in no time." +msgstr "" + +#: pointers.php:106 +msgid "Select your IDP" +msgstr "" + +#: pointers.php:107 +msgid "" +"Choose your IDP from the list of IDPs, and refer to the setup guides to " +"proceed further" +msgstr "" + +#: pointers.php:114 pointers.php:122 +msgid "Upload your metadata" +msgstr "" + +#: pointers.php:115 +msgid "" +"If you have a metadata URL or file provided by your IDP, click on this " +"button." +msgstr "" + +#: pointers.php:123 +msgid "" +"If you have a metadata URL or file provided by your IDP, click on this " +"button. You can configure the plugin manually as well" +msgstr "" + +#: pointers.php:132 +msgid "Check your configurations" +msgstr "" + +#: pointers.php:133 +msgid "This will test if the configurations on IDP and SP are correct" +msgstr "" + +#: pointers.php:140 +msgid "Export Configuration" +msgstr "" + +#: pointers.php:141 +msgid "" +"If you are having trouble setting up the plugin, Export the configurations " +"and mail us at info@xecurify.com." +msgstr "" + +#: pointers.php:150 pointers.php:180 pointers.php:211 pointers.php:260 +msgid "Click when you need me!" +msgstr "" + +#: pointers.php:151 pointers.php:181 pointers.php:212 pointers.php:261 +msgid "Revisit tour" +msgstr "" + +#: pointers.php:162 +msgid "Service Provider Metadata URL" +msgstr "" + +#: pointers.php:163 +msgid "Use this Metadata URL or file to configure your IDP." +msgstr "" + +#: pointers.php:170 +msgid "Service Provider Metadata URLs" +msgstr "" + +#: pointers.php:171 +msgid "" +"If your IDP does not support metadata URL or file, you can even manually " +"configure your IDP using the information given here" +msgstr "" + +#: pointers.php:192 +msgid "Configure Attribute Mapping" +msgstr "" + +#: pointers.php:201 +msgid "Configure Role Mapping" +msgstr "" + +#: pointers.php:224 +msgid "Available with this version" +msgstr "" + +#: pointers.php:232 pointers.php:242 pointers.php:251 +msgid "Premium Feature" +msgstr "" + +#: pointers.php:233 +msgid "" +"Redirect the users to your IdP if user not logged in.Protects your complete " +"site from not logged in Users" +msgstr "" + +#: pointers.php:243 +msgid "" +"Automatically redirect the user to the Identity Provider when they land on " +"the WordPress Login Page." +msgstr "" + +#: pointers.php:252 +msgid "Add a shortcode to any page and SSO into your website" +msgstr "" diff --git a/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/uninstall.php b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/uninstall.php new file mode 100644 index 0000000..66c0ffd --- /dev/null +++ b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/uninstall.php @@ -0,0 +1,122 @@ +ID, 'mo_saml_session_index'); + delete_user_meta($user->ID, 'mo_saml_name_id'); + } + } else { + global $wpdb; + $blog_ids = $wpdb->get_col("SELECT blog_id FROM $wpdb->blogs"); + $original_blog_id = get_current_blog_id(); + + foreach ($blog_ids as $blog_id) { + switch_to_blog($blog_id); + // delete all your options + // E.g: delete_option( {option name} ); + delete_option('mo_saml_host_name'); + delete_option('mo_saml_enable_cloud_broker'); + delete_option('mo_saml_new_registration'); + delete_option('mo_saml_admin_phone'); + delete_option('mo_saml_admin_email'); + delete_option('mo_saml_admin_password'); + delete_option('mo_saml_verify_customer'); + delete_option('mo_saml_admin_customer_key'); + delete_option('mo_saml_admin_api_key'); + delete_option('mo_saml_customer_token'); + delete_option('mo_saml_message'); + delete_option('mo_saml_registration_status'); + delete_option('saml_idp_config_id'); + delete_option('saml_identity_name'); + delete_option('saml_login_url'); + delete_option('saml_logout_url'); + delete_option('saml_issuer'); + delete_option('saml_x509_certificate'); + delete_option('saml_response_signed'); + delete_option('saml_assertion_signed'); + delete_option('saml_am_first_name'); + delete_option('saml_am_username'); + delete_option('saml_am_email'); + delete_option('saml_am_last_name'); + delete_option('saml_am_default_user_role'); + delete_option('saml_am_role_mapping'); + delete_option('saml_am_group_name'); + delete_option('mo_saml_idp_config_complete'); + delete_option('mo_saml_enable_login_redirect'); + delete_option('mo_saml_allow_wp_signin'); + delete_option('saml_am_account_matcher'); + delete_option('mo_saml_transactionId'); + delete_option('mo_saml_force_authentication'); + delete_option('saml_am_dont_allow_unlisted_user_role'); + delete_option('mo_saml_free_version'); + delete_option('mo_saml_show_mo_idp_message'); + delete_option('mo_saml_guest_log'); + delete_option('mo_saml_guest_enabled'); + delete_option('mo_license_plan_from_feedback'); + delete_option('mo_saml_license_message'); + delete_option('MO_SAML_REQUEST'); + delete_option('MO_SAML_RESPONSE'); + delete_option('MO_SAML_TEST'); + delete_option('mo_saml_encoding_enabled'); + $users = get_users(array()); + foreach ($users as $user) { + delete_user_meta($user->ID, 'mo_saml_session_index'); + delete_user_meta($user->ID, 'mo_saml_name_id'); + } + } + switch_to_blog($original_blog_id); + } +} +?> \ No newline at end of file diff --git a/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/xmlseclibs.php b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/xmlseclibs.php new file mode 100644 index 0000000..b234bf1 --- /dev/null +++ b/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/xmlseclibs.php @@ -0,0 +1,47 @@ +. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * * Neither the name of Robert Richards nor the names of his + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER + * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN + * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + * + * @author Robert Richards + * @copyright 2007-2017 Robert Richards + * @license http://www.opensource.org/licenses/bsd-license.php BSD License + * @version 3.0.1 + */ + +$xmlseclibs_srcdir = dirname(__FILE__) . '/includes/lib/SAML2Core'; +require $xmlseclibs_srcdir . '/MoXMLSecurityKey.php'; +require $xmlseclibs_srcdir . '/MoXMLSecurityDSig.php'; +require $xmlseclibs_srcdir . '/MoXMLSecEnc.php'; +require $xmlseclibs_srcdir . '/Utils/MoXPath.php'; diff --git a/docker/wordpress/src b/docker/wordpress/src new file mode 160000 index 0000000..a331467 --- /dev/null +++ b/docker/wordpress/src @@ -0,0 +1 @@ +Subproject commit a3314672f30af2c0d9a214931976e3769a0cd8c2 diff --git a/docker/wordpress/wordpress.yml b/docker/wordpress/wordpress.yml new file mode 100644 index 0000000..d495ebb --- /dev/null +++ b/docker/wordpress/wordpress.yml @@ -0,0 +1,47 @@ +version: '3.7' +services: + isard-apps-wordpress: + image: wordpress:latest # https://hub.docker.com/_/wordpress/ + container_name: isard-apps-wordpress +# ports: +# - ${IP}:80:80 # change ip if required + volumes: + - ${BUILD_ROOT_PATH}/docker/wordpress/src/config/php.conf.ini:/usr/local/etc/php/conf.d/conf.ini + - ${DATA_FOLDER}/wordpress/html:/var/www/html # Full wordpress project + - ${BUILD_ROOT_PATH}/docker/wordpress/plugins/miniorange-saml-20-single-sign-on/:/var/www/html/wp-content/plugins/miniorange-saml-20-single-sign-on + #- ./plugin-name/trunk/:/var/www/html/wp-content/plugins/plugin-name # Plugin development + #- ./theme-name/trunk/:/var/www/html/wp-content/themes/theme-name # Theme development + environment: + WORDPRESS_DB_HOST: isard-apps-mariadb + WORDPRESS_DB_NAME: "wordpress" + WORDPRESS_DB_USER: ${WORDPRESS_MARIADB_USER} + WORDPRESS_DB_PASSWORD: ${WORDPRESS_MARIADB_PASSWORD} + depends_on: + - isard-apps-mariadb + links: + - isard-apps-mariadb + networks: + - isard_net + + isard-apps-wordpress-cli: + image: wordpress:cli + container_name: isard-apps-wordpress-cli + volumes_from: + - isard-apps-wordpress + # volumes: + # #- ${BUILD_ROOT_PATH}/docker/wordpress/src/config/php.conf.ini:/usr/local/etc/php/conf.d/conf.ini + # - ${DATA_FOLDER}/wordpress/html:/var/www/html + command: wp core install --path="/var/www/html" --url=wp.${DOMAIN} --title="Digital Democratic pages" --admin_user=${WORDPRESS_ADMIN_USER} --admin_password=${WORDPRESS_ADMIN_PASSWORD} --admin_email=foo@bar.com + depends_on: + - isard-apps-mariadb + - isard-apps-wordpress + networks: + - isard_net + restart: on-failure + environment: + WORDPRESS_DB_HOST: isard-apps-mariadb + WORDPRESS_DB_NAME: "wordpress" + WORDPRESS_DB_USER: ${WORDPRESS_MARIADB_USER} + WORDPRESS_DB_PASSWORD: ${WORDPRESS_MARIADB_PASSWORD} + + diff --git a/main.conf.example b/main.conf.example new file mode 100644 index 0000000..f108b03 --- /dev/null +++ b/main.conf.example @@ -0,0 +1,59 @@ +## GLOBALS + +DOMAIN=mydomain.com +LETSENCRYPT_DNS= +LETSENCRYPT_EMAIL= + +DATA_FOLDER=/opt/isard-apps +LANG=es_ES.UTF-8 +LANGUAGE=es_ES:ca + +SMTP_HOST=smtp.mymailserver.com +SMTP_PORT=587 +SMTP_USER=your_email@mymailserver.com +SMTP_PASSWORD=SuperSecret +SMTP_PROTOCOL=tls + +## POSTGRES ADMIN +POSTGRES_USER=admin +POSTGRES_PASSWORD=SuperSecret + +## MARIADB ADMIN +###MARIADB_USER=root +MARIADB_PASSWORD=SuperSecret + +## MOODLE +MOODLE_POSTGRES_USER=moodle +MOODLE_POSTGRES_PASSWORD=M00dl3 + +MOODLE_ADMIN_USER=admin +MOODLE_ADMIN_PASSWORD=M00dl3 + +MOODLE_SITENAME="Digital Democratic" + +MOODLE_EMAIL=moodle-info@mymailserver.com +MOODLE_MAIL_NOREPLY_ADDRESS=noreply@mymailserver.com +MOODLE_MAIL_PREFIX=[moodle] + +## NEXTCLOUD +NEXTCLOUD_POSTGRES_USER=nextcloud +NEXTCLOUD_POSTGRES_PASSWORD=N3xtcl0ud + +NEXTCLOUD_ADMIN_USER=admin +NEXTCLOUD_ADMIN_PASSWORD=N3xtcl0ud + +## ETHERPAD +ETHERPAD_POSTGRES_USER=etherpad +ETHERPAD_POSTGRES_PASSWORD=3th3rpad + +ADMIN_USER=admin +ADMIN_PWD=SuperSecret +DB_PWD=T4CCTC9UHFPIUDHF9m384c9 + +## WORDPRESS +WORDPRESS_MARIADB_USER=wordpress +WORDPRESS_MARIADB_PASSWORD=W0rdpr3ss + +WORDPRESS_ADMIN_USER=admin +WORDPRESS_ADMIN_PASSWORD=W0rdpr3ss + diff --git a/sysadm/base.sh b/sysadm/base.sh new file mode 100644 index 0000000..4e8263a --- /dev/null +++ b/sysadm/base.sh @@ -0,0 +1,9 @@ +apt install git htop iftop nano -y + +echo "deb http://deb.debian.org/debian buster-backports main" >> /etc/apt/sources.list +apt update +apt install -y iptables -t buster-backports +### Install this packages on debian base image to accelerate cluster preinstall +apt install -y rsync +apt install -y network-manager + diff --git a/sysadm/kvm.sh b/sysadm/kvm.sh new file mode 100644 index 0000000..d220321 --- /dev/null +++ b/sysadm/kvm.sh @@ -0,0 +1,3 @@ +apt install -y --no-install-recommends qemu-system libvirt-clients libvirt-daemon-system libguestfs-tools virtinst netcat-openbsd +virsh net-start default +virsh net-autostart default