<% # Copyright (C) 2015 - present Instructure, Inc. # # This file is part of Canvas. # # Canvas is free software: you can redistribute it and/or modify it under # the terms of the GNU Affero General Public License as published by the Free # Software Foundation, version 3 of the License. # # Canvas is distributed in the hope that it will be useful, but WITHOUT ANY # WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR # A PARTICULAR PURPOSE. See the GNU Affero General Public License for more # details. # # You should have received a copy of the GNU Affero General Public License along # with this program. If not, see . %>
" <%= hidden(true) if aac.new_record? %>>
<% url = aac.new_record? ? account_authentication_providers_url(account) : account_authentication_provider_url(account, aac) %> <%= form_for(aac, as: :authentication_provider, url: url, html: { id: "#{aac.new_record? ? 'new' : 'edit'}_#{presenter.id_suffix(aac)}", class: "ic-Form-group ic-Form-group--horizontal authentication_provider_form" }) do |f| %> <%= f.hidden_field :auth_type, value: aac.auth_type, id: nil %> <%= f.hidden_field :id, id: nil %>

<%= aac.class.display_name %>

<% if !aac.new_record? %>

<%= mt "You can log in directly with this provider by going to %{url}", url: url_for(presenter.login_url_options(aac)) %>

<% end %> <%= render partial: "#{aac.auth_type}_fields", locals: {aac: aac, presenter: presenter, f: f}%> <% if aac.class.recognized_federated_attributes != [] %> <%= render partial: "federated_attributes", locals: { aac: aac, presenter: presenter, f: f } %> <% end %> <% if !aac.new_record? && aac.class.supports_debugging? %> <%= render partial: "debugging", locals: { provider: aac } %> <% end %> <% if aac.account.mfa_settings != :disabled && (aac.auth_type != 'canvas' || aac.account.mfa_settings != :required) %>
<%= t('MFA Required') %>
<%# Make the value 'default' if MFA is required and this provider doesn't already require it so it doesn't become surprise sticky %> <%= f.radio_button :mfa_option, aac.account.mfa_settings != :required || !!aac.settings["mfa_required"] ? 'required' : 'default', id: "mfa_option_required_#{presenter.id_suffix(aac)}", checked: !!aac.settings["mfa_required"] || (!aac.skip_internal_mfa? && aac.account.mfa_settings == :required) %> <%= f.label :mfa_option, t('Canvas enforces MFA *When logging in through this Provider, Canvas will challenge the user with MFA, or require it to be configured.*', wrappers: ['
\1']), for: "mfa_option_required_#{presenter.id_suffix(aac)}", class: 'ic-Label' %>
<% if aac.auth_type != 'canvas' %>
<%= f.check_box :otp_via_sms, class: 'otp_via_sms_checkbox', id: "otp_via_sms_#{presenter.id_suffix(aac)}" %> <%= f.label :otp_via_sms, t('Send one-time passcodes via SMS (US carriers only)'), for: "otp_via_sms_#{presenter.id_suffix(aac)}", class: "ic-Label" %>
<% end %> <% if aac.auth_type != 'canvas' %>
<%= f.radio_button :mfa_option, 'bypass', id: "mfa_option_bypass_#{presenter.id_suffix(aac)}", checked: aac.skip_internal_mfa? %> <%= f.label :mfa_option, t('Provider enforces MFA *When logging in through this Provider, Canvas will explicitly skip MFA enforcement. This should only be used if the Provider has already guaranteed MFA before SSO into Canvas.*', wrappers: ['
\1']), for: "mfa_option_bypass_#{presenter.id_suffix(aac)}", class: 'ic-Label' %>
<%end%> <% if aac.account.mfa_settings != :required %>
<%= f.radio_button :mfa_option, 'optional', id: "mfa_option_optional_#{presenter.id_suffix(aac)}", checked: !aac.mfa_required? && !aac.skip_internal_mfa? %> <%= f.label :mfa_option, t('User can opt in to MFA *Canvas will only challenge the user with MFA if they have configured it previously.*', wrappers: ['
\1']), for: "mfa_option_optional_#{presenter.id_suffix(aac)}", class: 'ic-Label' %>
<%end%>
<% end %> <% if presenter.configs.length > 1 %>
<%= f.label(:position, t('Position'), class: 'ic-Label', for: "aac_position_#{presenter.id_suffix(aac)}") %> <%= f.select(:position, presenter.position_options(aac), {}, class: "ic-Input", id: "aac_position_#{presenter.id_suffix(aac)}") %>
<% end %>
<% if !aac.new_record? && aac.auth_type == "saml" && @current_pseudonym.authentication_provider != aac %> <%= link_to(account_authentication_provider_refresh_metadata_url(account, aac), method: "get", id: "refresh-metadata-#{aac.id}", data: { disable_with: t('refreshing...')}, class: 'Button') do %> <%= t("Refresh Metadata") %> <% end %> <% end %> <% if !aac.new_record? && @current_pseudonym.authentication_provider != aac %> <%= link_to(account_authentication_provider_url(account, aac), method: "delete", rel: 'nofollow', id: "delete-aac-#{aac.id}", data: { confirm: t('Are you sure?'), disable_with: t('deleting...') }, class: 'Button Button--danger') do %> <%= t("Delete") %> <% end %> <% end %> <%= f.button t('Save'), class: "Button Button--primary" %>
<% end %>