From 5ea3b39c3646c442cc8b4a3ff48620dd27be1109 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andreas=20=C3=85kre=20Solberg?= <andreas.solberg@uninett.no>
Date: Thu, 8 Jan 2009 17:06:35 +0000
Subject: [PATCH] Added new Auth proccessing filter that sets the realm (last
 part of edupersonprincipalname) as a separate attribute

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@1108 44740490-163a-0410-bde0-09ae8108e29a
---
 config-templates/config.php                   |  4 ++
 .../core/lib/Auth/Process/AttributeRealm.php  | 57 +++++++++++++++++++
 2 files changed, 61 insertions(+)
 create mode 100644 modules/core/lib/Auth/Process/AttributeRealm.php

diff --git a/config-templates/config.php b/config-templates/config.php
index 8e18cbf20..c1cecffc5 100644
--- a/config-templates/config.php
+++ b/config-templates/config.php
@@ -235,6 +235,10 @@ $config = array (
  		20 => 'core:TargetedID',
  		*/
 
+		/* Add a realm attribute from edupersonprincipalname
+		40 => 'core:AttributeRealm',
+		 */
+
 		/* When called without parameters, it will fallback to filter attributes ‹the old way›
 		 * by checking the 'attributes' parameter in metadata on IdP hosted and SP remote.
 		 */
diff --git a/modules/core/lib/Auth/Process/AttributeRealm.php b/modules/core/lib/Auth/Process/AttributeRealm.php
new file mode 100644
index 000000000..53e671855
--- /dev/null
+++ b/modules/core/lib/Auth/Process/AttributeRealm.php
@@ -0,0 +1,57 @@
+<?php
+
+/**
+ * Filter that will take the user ID on the format 'andreas@uninett.no'
+ * and create a new attribute 'realm' that includes the value after the '@' sign.
+ *
+ * @author Andreas Ă…kre Solberg, UNINETT AS.
+ * @package simpleSAMLphp
+ * @version $Id$
+ */
+class sspmod_core_Auth_Process_AttributeRealm extends SimpleSAML_Auth_ProcessingFilter {
+
+	private $attributename = 'realm';
+
+	/**
+	 * Initialize this filter.
+	 *
+	 * @param array $config  Configuration information about this filter.
+	 * @param mixed $reserved  For future use.
+	 */
+	public function __construct($config, $reserved) {
+		parent::__construct($config, $reserved);
+		assert('is_array($config)');
+		
+		if (array_key_exists('attributename', $config))
+			$this->attributename = $config['attributename'];
+
+	}
+
+
+	/**
+	 * Apply filter to add or replace attributes.
+	 *
+	 * Add or replace existing attributes with the configured values.
+	 *
+	 * @param array &$request  The current request
+	 */
+	public function process(&$request) {
+		assert('is_array($request)');
+		assert('array_key_exists("Attributes", $request)');
+
+		$attributes =& $request['Attributes'];
+
+		if (!array_key_exists('UserID', $request)) {
+			throw new Exception('core:AttributeRealm: Missing UserID for this user. Please' .
+				' check the \'userid.attribute\' option in the metadata against the' .
+				' attributes provided by the authentication source.');
+		}
+		$userID = $request['UserID'];
+		$decomposed = explode('@', $userID);
+		if (count($decomposed) !== 2) return;
+		$request['Attributes'][$this->attributename] = array($decomposed[1]);
+	}
+
+}
+
+?>
\ No newline at end of file
-- 
GitLab