Merge pull request #513 from simplesamlphp/feature/deprecate-attributerealm

Deprecate AttributeRealm authproc filter

config-templates/config.php

@@ -767,9 +767,6 @@ $config = array(
         // Adopts language from attribute to use in UI
         30 => 'core:LanguageAdaptor',
 
-        /* Add a realm attribute from edupersonprincipalname
-        40 => 'core:AttributeRealm',
-         */
         45 => array(
             'class'         => 'core:StatisticsWithAttribute',
             'attributename' => 'realm',

docs/simplesamlphp-authproc.md

@@ -50,7 +50,6 @@ The configuration of *Auth Proc Filters* is a list of filters with priority as *
 			'addurnprefix'
 		),
 		20 => 'core:TargetedID',
-		40 => 'core:AttributeRealm',
 		50 => 'core:AttributeLimit',
 		90 => array(
 			'class' 	=> 'consent:Consent', 
@@ -112,7 +111,7 @@ Filters can be added both in `hosted` and `remote` metadata. Here is an example
 		'certificate'		=>	'example.org.crt',
 		'auth'				=>	'feide',
 		'authproc' => array(
-			40 => 'core:AttributeRealm',
+			40 => 'preprodwarning:Warning',
 		),
 	)
 
@@ -132,7 +131,7 @@ The following filters are included in the SimpleSAMLphp distribution:
 - [`core:AttributeAlter`](./core:authproc_attributealter): Do search-and-replace on attributevalues.
 - [`core:AttributeLimit`](./core:authproc_attributelimit): Limit the attributes in the response.
 - [`core:AttributeMap`](./core:authproc_attributemap): Change the name of the attributes.
-- [`core:AttributeRealm`](./core:authproc_attributerealm): Create an attribute with the realm of the user.
+- [`core:AttributeRealm`](./core:authproc_attributerealm): (deprecated) Create an attribute with the realm of the user.
 - [`core:GenerateGroups`](./core:authproc_generategroups): Generate a `group` attribute for the user.
 - [`core:LanguageAdaptor`](./core:authproc_languageadaptor): Transfering language setting from IdP to SP.
 - [`core:PHP`](./core:authproc_php): Modify attributes with custom PHP code.

modules/core/docs/authproc_attributerealm.md

 `core:AttributeRealm`
 =====================
 
+*NOTE:* This filter has been deprecated and will be removed in a future release. Please use
+`core:ScopeFromAttribute` instead.
+
 This filter creates a new attribute with the realm of the user.
 
 The new attribute is names `realm` by default, but can be controlled by the `attributename` option.

modules/core/lib/Auth/Process/AttributeRealm.php

@@ -6,49 +6,48 @@
  *
  * @author Andreas Åkre Solberg, UNINETT AS.
  * @package SimpleSAMLphp
+ * @deprecated Use ScopeFromAttribute instead.
  */
 class sspmod_core_Auth_Process_AttributeRealm extends SimpleSAML_Auth_ProcessingFilter {
 
-	private $attributename = 'realm';
-
-	/**
-	 * Initialize this filter.
-	 *
-	 * @param array $config  Configuration information about this filter.
-	 * @param mixed $reserved  For future use.
-	 */
-	public function __construct($config, $reserved) {
-		parent::__construct($config, $reserved);
-		assert('is_array($config)');
-		
-		if (array_key_exists('attributename', $config))
-			$this->attributename = $config['attributename'];
-
-	}
-
-
-	/**
-	 * Apply filter to add or replace attributes.
-	 *
-	 * Add or replace existing attributes with the configured values.
-	 *
-	 * @param array &$request  The current request
-	 */
-	public function process(&$request) {
-		assert('is_array($request)');
-		assert('array_key_exists("Attributes", $request)');
-
-		$attributes =& $request['Attributes'];
-
-		if (!array_key_exists('UserID', $request)) {
-			throw new Exception('core:AttributeRealm: Missing UserID for this user. Please' .
-				' check the \'userid.attribute\' option in the metadata against the' .
-				' attributes provided by the authentication source.');
-		}
-		$userID = $request['UserID'];
-		$decomposed = explode('@', $userID);
-		if (count($decomposed) !== 2) return;
-		$request['Attributes'][$this->attributename] = array($decomposed[1]);
-	}
-
+    private $attributename = 'realm';
+
+    /**
+     * Initialize this filter.
+     *
+     * @param array $config  Configuration information about this filter.
+     * @param mixed $reserved  For future use.
+     */
+    public function __construct($config, $reserved) {
+        parent::__construct($config, $reserved);
+        assert('is_array($config)');
+
+        if (array_key_exists('attributename', $config))
+            $this->attributename = $config['attributename'];
+
+    }
+
+    /**
+     * Apply filter to add or replace attributes.
+     *
+     * Add or replace existing attributes with the configured values.
+     *
+     * @param array &$request  The current request
+     */
+    public function process(&$request) {
+        assert('is_array($request)');
+        assert('array_key_exists("Attributes", $request)');
+
+        $attributes =& $request['Attributes'];
+
+        if (!array_key_exists('UserID', $request)) {
+            throw new Exception('core:AttributeRealm: Missing UserID for this user. Please' .
+                ' check the \'userid.attribute\' option in the metadata against the' .
+                ' attributes provided by the authentication source.');
+        }
+        $userID = $request['UserID'];
+        $decomposed = explode('@', $userID);
+        if (count($decomposed) !== 2) return;
+        $request['Attributes'][$this->attributename] = array($decomposed[1]);
+    }
 }