diff --git a/modules/core/lib/Auth/UserPassBase.php b/modules/core/lib/Auth/UserPassBase.php
index 9feb3b4704da13f3c0046259d7f486d7858e359c..3c0d05266f8b4249eb0cf4d8bc52baa0aa28b6ff 100644
--- a/modules/core/lib/Auth/UserPassBase.php
+++ b/modules/core/lib/Auth/UserPassBase.php
@@ -25,6 +25,15 @@ abstract class sspmod_core_Auth_UserPassBase extends SimpleSAML_Auth_Source {
const AUTHID = 'sspmod_core_Auth_UserPassBase.AuthId';
+ /**
+ * Username we should force.
+ *
+ * A forced username cannot be changed by the user.
+ * If this is NULL, we won't force any username.
+ */
+ private $forcedUsername;
+
+
/**
* Constructor for this authentication source.
*
@@ -43,6 +52,17 @@ abstract class sspmod_core_Auth_UserPassBase extends SimpleSAML_Auth_Source {
}
+ /**
+ * Set forced username.
+ *
+ * @param string|NULL $forcedUsername The forced username.
+ */
+ public function setForcedUsername($forcedUsername) {
+ assert('is_string($forcedUsername) || is_null($forcedUsername)');
+ $this->forcedUsername = $forcedUsername;
+ }
+
+
/**
* Initialize login.
*
@@ -57,6 +77,11 @@ abstract class sspmod_core_Auth_UserPassBase extends SimpleSAML_Auth_Source {
/* We are going to need the authId in order to retrieve this authentication source later. */
$state[self::AUTHID] = $this->authId;
+ /* What username we should force, if any. */
+ if ($this->forcedUsername !== NULL) {
+ $state['forcedUsername'] = $this->forcedUsername;
+ }
+
$id = SimpleSAML_Auth_State::saveState($state, self::STAGEID);
$url = SimpleSAML_Module::getModuleURL('core/loginuserpass.php');
diff --git a/modules/core/templates/loginuserpass.php b/modules/core/templates/loginuserpass.php
index 108c9b5681ec0113d067683a01c2fc79220458b9..6beedd4a0501174757f142c595674902a64be6f2 100644
--- a/modules/core/templates/loginuserpass.php
+++ b/modules/core/templates/loginuserpass.php
@@ -33,7 +33,15 @@ if ($this->data['errorcode'] !== NULL) {
<tr>
<td rowspan="3"><img src="/<?php echo $this->data['baseurlpath']; ?>resources/icons/pencil.png" alt="" /></td>
<td style="padding: .3em;"><?php echo $this->t('{login:username}'); ?></td>
- <td><input type="text" id="username" tabindex="1" name="username" value="<?php echo htmlspecialchars($this->data['username']); ?>" /></td>
+ <td>
+<?php
+if ($this->data['forceUsername']) {
+ echo '<strong style="font-size: medium">' . htmlspecialchars($this->data['username']) . '</strong>';
+} else {
+ echo '<input type="text" id="username" tabindex="1" name="username" value="' . htmlspecialchars($this->data['username']) . '" />';
+}
+?>
+ </td>
<td style="padding: .4em;" rowspan="3">
<input type="submit" tabindex="4" value="<?php echo $this->t('{login:login_button}'); ?>" />
</td>
diff --git a/modules/core/www/loginuserpass.php b/modules/core/www/loginuserpass.php
index 663f64422fc35b7455cbd0ce23c48102b7f951e9..88699d7b28ab31a7576e150808107055ca60cddb 100644
--- a/modules/core/www/loginuserpass.php
+++ b/modules/core/www/loginuserpass.php
@@ -32,6 +32,11 @@ if (array_key_exists('password', $_REQUEST)) {
if (!empty($username) || !empty($password)) {
/* Either username or password set - attempt to log in. */
+
+ if (array_key_exists('forcedUsername', $state)) {
+ $username = $state['forcedUsername'];
+ }
+
$errorCode = sspmod_core_Auth_UserPassBase::handleLogin($authStateId, $username, $password);
} else {
$errorCode = NULL;
@@ -40,7 +45,13 @@ if (!empty($username) || !empty($password)) {
$globalConfig = SimpleSAML_Configuration::getInstance();
$t = new SimpleSAML_XHTML_Template($globalConfig, 'core:loginuserpass.php');
$t->data['stateparams'] = array('AuthState' => $authStateId);
-$t->data['username'] = $username;
+if (array_key_exists('forcedUsername', $state)) {
+ $t->data['username'] = $state['forcedUsername'];
+ $t->data['forceUsername'] = TRUE;
+} else {
+ $t->data['username'] = $username;
+ $t->data['forceUsername'] = FALSE;
+}
$t->data['errorcode'] = $errorCode;
$t->show();
exit();