diff --git a/docs/simplesamlphp-authproc.txt b/docs/simplesamlphp-authproc.txt
index df3700c56dd8303dfde4345788bbdf304f8946d9..e5b6a42141c1aa27b65eb4906d10b4194237be10 100644
--- a/docs/simplesamlphp-authproc.txt
+++ b/docs/simplesamlphp-authproc.txt
@@ -124,299 +124,24 @@ The example above is in `saml20-idp-hosted`.
Auth Proc Filters included in the simpleSAMLphp distribution
------------------------------------------------------------
-Here is documentation on the *Auth Proc Filters* that is included in the simpleSAMLphp distribution.
-
-
-
-### Adding attributes (`core:AttributeAdd`)
-
-This filter allows you to add attributes to the attribute set being processed.
-
-If the attribute already exists, the values added will be merged into a multi valued attribute. If you want to replace instead of merge attributes, you may add the `'%merge'` parameter.
-
-Add a single valued attributes:
-
- 'authproc' => array(
- 50 => array(
- 'class' => 'core:AttributeAdd',
- 'source' => array('myidp')
- ),
- ),
-
-Add a multi valued attribute:
-
- 'authproc' => array(
- 50 => array(
- 'class' => 'core:AttributeAdd',
- 'groups' => array('users', 'members')
- ),
- ),
-
-Replace an existing attributes
-
- 'authproc' => array(
- 50 => array(
- 'class' => 'core:AttributeAdd',
- '%replace',
- 'uid' => array('guest')
- ),
- ),
-
-
-
-
-### Filtering attributes (`core:AttributeFilter`)
-
-This *Auth Proc Filter* is backward compatible with the old way of filtering attributes. It operates in two modes:
-
- 1. List of attributes added as configuration to the filter
- 2. List of attributes specified in metadata (both SP and IdP) in the `attribute` parameter (as always)
-
-#### Attribute list added as a parameter
-
-Example configuration
-
- 'authproc' => array(
- 50 => array(
- 'class' => 'core:AttributeLimit',
- 'cn', 'mail'
- ),
- ),
-
-#### Attribute list in metadata
-
-If you do not add attributes as parameters to the filter, the filter will look up attributes in metadata.
-
- 'authproc' => array(
- 50 => 'core:AttributeLimit',
- ),
-
-Here is an example of how attribute liste is defined in metadata:
-
- '__DYNAMIC:1__' => array(
- 'host' => 'dev11.andreas.feide.no',
- 'privatekey' => 'server.pem',
- 'certificate' => 'server.crt',
- 'auth' => 'example-static',
- 'logouttype' => 'iframe',
-
- 'attributes' => array('cn', 'mail', 'sn', 'eduPersonTargetedID'),
- ),
-
-Attribute filtering can be done both on the IdP and the SP side. On the SP side, attribute lists is read from *sp-hosted* and *idp-remote*. On IdP side, attribute lists is read from *idp-hosted* and *sp-remote*.
-
-
-
-
-### Modifying attribute names (`core:AttributeMap`)
-
-This *Auth Proc Filter* is backward compatible with the old way of modifying attribute names. It operates in two modes:
-
- 1. Attribute mapping table included as parameters to the filter.
- 2. The filter gets a name of an attributemap file as a parameter
-
-#### Attribute maps embedded as parameters
-
-Here is an example:
-
- 'authproc' => array(
- 50 => array(
- 'class' => 'core:AttributeMap',
- 'mail' => 'email',
- 'uid' => 'user'),
- ),
-
-#### Attribute maps in separate files
-
-Here is an example:
-
- 'authproc' => array(
- 50 => array(
- 'class' => 'core:AttributeMap',
- 'addurnprefix'
- ),
- ),
-
-The example above will look for this file: `simpesamlphp/attributemap/addurnprefix.php`. As you see this file is already included as an example. Copy `addurnprefix.php` and add the new file in the same directory to add new attributemaps.
-
-
-
-### Adding realm as an attribute (`core:AttributeRealm`)
-
-No parameters required:
-
- 40 => 'core:AttributeRealm',
-
-Alternatively, you can specify the attribute name that should be used instead of the default `realm`:
-
- 40 => array(
- 'class' => 'core:AttributeRealm',
- 'attributename' => 'homedomain',
- )
-
-This filter will look for the user ID on a format like `andreas@uninett.no`, and extract the part after the '`@`'-sign.
-
-*What is the User ID?*
-
-The User ID can be any attribute. The name of the User ID can be specified in the metadata as a `userid.attribute` parameter. Default value is `eduPersonPrincipalName`.
-
-**Important**: You have to make sure that the User ID attribute is available at the time this filter is executed. You can do that by setting a lower priority number on this filter, than the filter that filters attributes.
-
-
-### Automatically generated eduPersonTargetedID (`core:TargetedID`)
-
-*eduPersonTargetedID* is an anonymous user attribute that is unique for each combination IdP and SP.
-
-Example configuration:
-
- 'authproc' => array(
- 50 => 'core:TargetedID',
- )
-
-If you want to inject this new attribute with another name than the default `eduPersonTargetedID`:
-
- 'authproc' => array(
- 50 => array(
- 'class' => 'core:TargetedID',
- 'attributename' => 'anonymousID',
- ),
- )
-
-The automatic generation of `eduPersonTargetedID` requires that the User ID attribute is available.
-
-*What is the User ID?*
-
-The User ID can be any attribute. The name of the User ID can be specified in the metadata as a `userid.attribute` parameter. Default value is `eduPersonPrincipalName`.
-
-**Important**: You have to make sure that the User ID attribute is available at the time this filter is executed. You can do that by setting a lower priority number on this filter, than the filter that filters attributes.
-
-The formula used for automatically calculating this value is (pseudo code):
-
- sha1(
- 'uidhashbase' + $secretSalt +
- strlen($idpEntityid) + ':' + $idpEntityid +
- strlen($spEntityid) + ':' + $spEntityid +
- strlen($userID) + ':' + $userID +
- $secretSalt
- )
-
-In example that could mean:
-
- sha1( 'uidhashbaseq8d76f8ds75f68d7s24:https://idp.example.org
- 23:https://sp.example.org19:andreas@uninett.noq8d76f8ds75f68d7s' )
-
-
-#### Internet2 compatible `eduPersontargetedID` ####
-
-Internet2 uses an `<AttributeValue>` element with a `<NameID>` element to represent the `edupersonTargetedID`:
-
- <saml2:AttributeValue>
- <saml2:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"
- NameQualifier="https://idp.example.org/shibboleth"
- SPNameQualifier="https://sp.example.org/shibboleth"
- >1234567890</saml2:NameID>
- </saml2:AttributeValue>
-
-This format is documented in the [MACE-Dir SAML Attribute Profiles](http://middleware.internet2.edu/dir/docs/internet2-mace-dir-saml-attributes-200604.pdf) document.
-
-To make simpleSAMLphp generate this kind of `eduPersonTargetedID`, you need to set the `nameId`-option to TRUE.
-You also need to change the encoding of the `eduPersonTargetedID` attribute to `raw`.
-
-Example:
-
- $metadata['__DYNAMIC:1__'] = array(
- 'host' => '__DEFAULT__',
- 'auth' => 'example-static',
-
- 'authproc' => array(
- 60 => array(
- 'class' => 'core:TargetedID',
- 'nameId' => TRUE,
- ),
- ),
- 'attributeencodings' => array(
- 'eduPersonTargetedID' => 'raw',
- ),
- );
-
-
-### Adding a group attribute (`core:GenerateGroups`)
-
-By default this filter will generate groups from the following set of attributes:
- - `eduPersonAffiliation`
- - `eduPersonOrgUnitDN`
- - `eduPersonEntitlement`
-
-This can be overridden by specifying the names of the attributes in the configuration.
-
-It will attempt to determine a realm the user belongs to based on the User ID attribute, if it is present.
-
-The groups this filter generates are on the form: `<attribute name>-<attributevalue>` and `<attributename>-<realm>-<attributevalue>`.
-
-Note that this filter isn't a drop-in replacement for the groups attributealter function. The difference is that it uses the full attribute name, instead of shortening them to for example affiliation, and it escapes illegal characters in a style similar to urlencoding. It also generates groups both with and without a realm part. If no realm is determined, it will only generate attributes without a realm-part.
-
-Example - generate from default set of attributes:
-
- 'authproc' => array(
- 50 => 'core:GenerateGroups',
- ),
-
-Example - generate from only the `eduPersonAffilitation` attribute:
-
- 'authproc' => array(
- 50 => array(
- 'class' => 'core:GenerateGroups',
- 'eduPersonAffiliation'
- ),
- ),
-
-
-### Adopting preferred language from and to attributes (`core:LanguageAdaptor`)
-
-SimpleSAMLphp has built in language support, and stores the preferred language in a cookie.
-
-Identity systems also often has a specific attribute that indicates what language is understood by the user. MACE defines an attribute with preferred language: `preferredLanguage`. [Read more about the preferredLanguage attribute defined by MACE](http://rnd.feide.no/node/1054).
-
-The LanguageAdaptor brings these two concepts together. If executed early at the IdP it will check if the `preferredLanguage` attribute is among the users attributes, and if it is, simpleSAMLphp will use that language in the user interface. **Notice that** the login page itself is to early to be influenced by the user attributes, because the IdP does not know any user attributes before the user logs in. In contrast, the consent module will be presented in the correct language based on user attribute.
-
-The LanguageAdaptor also works the other way around. If the user does not have the `preferredLanguage` attribute, the user interface for the user will be set to the default for the installation. If this language is not correct for the user, the user may click to switch language on the login page (or any other UI page in simpleSAMLphp). SimpleSAMLphp then stores the preferred language in a cookie. Now, the LanguageAdaptor will read the preferred language from the cookie and add a user attribute with the preferred language, that is sent to the service provider.
-
-
-Example 1:
-
- 'authproc' => array(
- 30 => 'core:LanguageAdaptor',
- ),
-
-Example 2: By default the filter will use the attribute name `preferredLanguage`. You can specify the name of the language attribute with an optional parameter:
-
- 'authproc' => array(
- 30 => array(
- 'class' => 'core:LanguageAdaptor',
- 'attributename' => 'lang',
- ),
- ),
-
-You can use the LanguageAdaptor both at the SP and the IdP. It may even make sense to run the LanguageAdaptor twice at the IdP if there is any other processing filters executed that includes a UI.
-
-Example 3:
-
- 'authproc.idp' => array(
- 20 => 'core:TargetedID',
- 30 => 'core:LanguageAdaptor',
- 40 => 'core:AttributeRealm',
- 50 => 'core:AttributeLimit',
- 90 => array(
- 'class' => 'consent:Consent',
- 'store' => 'consent:Cookie',
- 'focus' => 'yes',
- 'checked' => TRUE
- ),
- 99 => 'core:LanguageAdaptor',
- ),
-
-Here you can see that the LanguageAdaptor runs with priority 30. At this point the filter will check attributes and set the simpleSAMLphp language cookie if the preferredLanguage attribute was provided. Later, with priority 99, the filter is ran again. This time the LanguageAdaptor will discover if the user have selected preferred language in the consent module, and if the user has selected language, and if the user does not already have a preferredLanguage attribute, the LanguageAdaptor will set the `preferredLanguage` attribute reflecting the user's language choice in the consent UI.
-
+The following filters are included in the simpleSAMLphp distribution:
+
+- [`authorize:Authorize`](./authorize:authorize): Access control based on regular expressions.
+- [`consent:Consent`](./consent:consent): Ask the user for consent before transmitting attributes.
+- [`core:AttributeAdd`](./core:authproc_attributeadd): Add attributes to the response.
+- [`core:AttributeAlter`](./core:authproc_attributealter): Do search-and-replace on attributevalues.
+- [`core:AttributeLimit`](./core:authproc_attributelimit): Limit the attributes in the response.
+- [`core:AttributeMap`](./core:authproc_attributemap): Change the name of the attributes.
+- [`core:AttributeRealm`](./core:authproc_attributerealm): Create a attribute with the realm of the user.
+- [`core:GenerateGroups`](./core:authproc_generategroups): Generate a `group` attribute for the user.
+- [`core:LanguageAdaptor`](./core:authproc_languageadaptor): Transfering language setting from IdP to SP.
+- [`core:PHP`](./core:authproc_php): Modify attributes with custom PHP code.
+- [`core:ScopeAttribute`](./core:authproc_scopeattribute): Add scope to attribute.
+- [`core:ScopeFromAttribute`](./core:authproc_scopefromattribute): Create a new attribute based on the scope on a different attribute.
+- [`core:StatisticsWithAttribute`](./core:authproc_statisticswithattribute): Create a statistics logentry.
+- [`core:TargetedID`](./core:authproc_targetedid): Generate the `eduPersonTargetedID` attribute.
+- [`core:WarnShortSSOInterval`](./core:authproc_warnshortssointerval): Give a warning if the user logs into the same SP twice within a few seconds.
+- [`preprodwarning:Warning`](./preprodwarning:warning): Warn the user about accessing a test IdP.
diff --git a/modules/core/docs/authproc_attributeadd.txt b/modules/core/docs/authproc_attributeadd.txt
new file mode 100644
index 0000000000000000000000000000000000000000..ae9f4bd278d8b52d305dfe86cf5c9486f944bede
--- /dev/null
+++ b/modules/core/docs/authproc_attributeadd.txt
@@ -0,0 +1,49 @@
+`core:AttributeAdd`
+===================
+
+Filter that adds attributes to the user.
+
+If the attribute already exists, the values added will be merged into a multi-valued attribute.
+If you instead want to replace the existing attribute, you may add the `'%replace'` option.
+
+
+Examples
+--------
+
+Add a single-valued attributes:
+
+ 'authproc' => array(
+ 50 => array(
+ 'class' => 'core:AttributeAdd',
+ 'source' => array('myidp'),
+ ),
+ ),
+
+Add a multi-valued attribute:
+
+ 'authproc' => array(
+ 50 => array(
+ 'class' => 'core:AttributeAdd',
+ 'groups' => array('users', 'members'),
+ ),
+ ),
+
+Add multiple attributes:
+
+ 'authproc' => array(
+ 50 => array(
+ 'class' => 'core:AttributeAdd',
+ 'eduPersonPrimaryAffiliation' => 'student',
+ 'eduPersonAffiliation' => array('student', 'employee', 'members'),
+ ),
+ ),
+
+Replace an existing attributes:
+
+ 'authproc' => array(
+ 50 => array(
+ 'class' => 'core:AttributeAdd',
+ '%replace',
+ 'uid' => array('guest'),
+ ),
+ ),
diff --git a/modules/core/docs/authproc_attributelimit.txt b/modules/core/docs/authproc_attributelimit.txt
new file mode 100644
index 0000000000000000000000000000000000000000..1add813aa1accde04bfc68e44417de29656322a3
--- /dev/null
+++ b/modules/core/docs/authproc_attributelimit.txt
@@ -0,0 +1,34 @@
+`core:AttributeLimit`
+=====================
+
+Filter that limits the attributes that is sent to a user.
+
+If the configuration is empty, the filter will use the attributes configured in the 'attributes' option in the SP metadata.
+
+The configuration is a list of which attributes should be allowed.
+
+Examples
+--------
+
+Limit to the `cn` and `mail` attribute:
+
+ 'authproc' => array(
+ 50 => array(
+ 'class' => 'core:AttributeLimit',
+ 'cn', 'mail'
+ ),
+ ),
+
+An attribute list in metadata:
+
+ 'authproc' => array(
+ 50 => 'core:AttributeLimit',
+ ),
+
+And in saml20-sp-remote.php:
+
+ $metadata['https://saml2sp.example.org'] = array(
+ 'AssertionConsumerService' => 'https://saml2sp.example.org/simplesaml/module.php/saml/sp/saml2-acs.php/default-sp',
+ 'SingleLogoutService' => 'https://saml2sp.example.org/simplesaml/module.php/saml/sp/saml2-logout.php/default-sp',
+ 'attributes' => array('cn', 'mail'),
+ );
diff --git a/modules/core/docs/authproc_attributemap.txt b/modules/core/docs/authproc_attributemap.txt
new file mode 100644
index 0000000000000000000000000000000000000000..6eab382e54d598bc138a5b1856ccb6e931cf5f15
--- /dev/null
+++ b/modules/core/docs/authproc_attributemap.txt
@@ -0,0 +1,31 @@
+`core:AttributeMap`
+===================
+
+Filter to change attribute names.
+
+This filter can either contain the name of a map file or a set of name => value pairs describing the transformation.
+If configuration references a map file, the file must be located in the `attributemap/`-directory.
+
+Examples
+--------
+
+Attribute maps embedded as parameters:
+
+ 'authproc' => array(
+ 50 => array(
+ 'class' => 'core:AttributeMap',
+ 'mail' => 'email',
+ 'uid' => 'user'
+ ),
+ ),
+
+Attribute map in separate file:
+
+ 'authproc' => array(
+ 50 => array(
+ 'class' => 'core:AttributeMap',
+ 'name2oid',
+ ),
+ ),
+
+This filter will use the map file from `simpesamlphp/attributemap/name2oid.php`.
diff --git a/modules/core/docs/authproc_attributerealm.txt b/modules/core/docs/authproc_attributerealm.txt
new file mode 100644
index 0000000000000000000000000000000000000000..77b0bb31c2ac9aafb98e0ef0cc2a5940456b3219
--- /dev/null
+++ b/modules/core/docs/authproc_attributerealm.txt
@@ -0,0 +1,29 @@
+`core:AttributeRealm`
+=====================
+
+This filter creates a new attribute with the realm of the user.
+
+The new attribute is names `realm` by default, but can be controlled by the `attributename` option.
+The realm is extracted from the attribute set as the user ID (eduPersonPrincipalName by default).
+The user ID attribute can be changed with the `userid.attribute` option in the IdP metadata.
+
+Examples
+--------
+
+Create the `realm` attribute.
+
+ 'authproc' => array(
+ 50 => array(
+ 'class' => 'core:AttributeRealm',
+ ),
+ ),
+
+Set the `schacHomeOrganization` attribute.
+
+ 'authproc' => array(
+ 50 => array(
+ 'class' => 'core:AttributeRealm',
+ 'attributename' => 'schacHomeOrganization',
+ ),
+ ),
+
diff --git a/modules/core/docs/authproc_generategroups.txt b/modules/core/docs/authproc_generategroups.txt
new file mode 100644
index 0000000000000000000000000000000000000000..b09e07fff8f1fa7f4e0964a23e1e213d9881ac72
--- /dev/null
+++ b/modules/core/docs/authproc_generategroups.txt
@@ -0,0 +1,51 @@
+`core:GenerateGroups`
+=====================
+
+This filter creates a `group` attribute based on the contents of the other attributes of the user.
+
+By default this filter will generate groups from the following set of attributes:
+
+* `eduPersonAffiliation`
+* `eduPersonOrgUnitDN`
+* `eduPersonEntitlement`
+
+This can be overridden by specifying the names of the attributes in the configuration.
+
+It will attempt to determine a realm the user belongs to based on the `eduPersonPrincipalName`
+attribute, if it is present.
+
+The groups this filter generates are on the form `<attribute name>-<attributevalue>` and `<attributename>-<realm>-<attributevalue>`.
+For example, if the user has the following attributes:
+
+* `eduPersonPrincipalName`: `user@example.org`
+* `eduPersonAffiliation`: `student`, `member`
+
+The following groups will be created:
+
+* `eduPersonAffiliation-student`
+* `eduPersonAffiliation-member`
+* `eduPersonAffiliation-example.org-student`
+* `eduPersonAffiliation-example.org-member`
+
+
+Examples
+--------
+
+Default attributes:
+
+ 'authproc' => array(
+ 50 => array(
+ 'class' => 'core:GenerateGroups',
+ ),
+ ),
+
+Custom attributes:
+
+ 'authproc' => array(
+ 50 => array(
+ 'class' => 'core:GenerateGroups',
+ 'someAttribute',
+ 'someOtherAttribute',
+ ),
+ ),
+
diff --git a/modules/core/docs/authproc_languageadaptor.txt b/modules/core/docs/authproc_languageadaptor.txt
new file mode 100644
index 0000000000000000000000000000000000000000..9f8c6005cc34061046b1471f44e124ec5859dd17
--- /dev/null
+++ b/modules/core/docs/authproc_languageadaptor.txt
@@ -0,0 +1,42 @@
+`core:LanguageAdaptor`
+======================
+
+SimpleSAMLphp has built in language support, and stores the preferred language in a cookie.
+
+Identity systems also often has a specific attribute that indicates what language is understood by the user.
+MACE defines an attribute with preferred language: `preferredLanguage`.
+[Read more about the preferredLanguage attribute defined by MACE](http://rnd.feide.no/node/1054).
+
+The LanguageAdaptor brings these two concepts together.
+If executed early at the IdP it will check if the `preferredLanguage` attribute is among the users attributes, and if it is, simpleSAMLphp will use that language in the user interface.
+**Notice that** the login page itself is to early to be influenced by the user attributes, because the IdP does not know any user attributes before the user logs in.
+In contrast, the consent module will be presented in the correct language based on user attribute.
+
+The LanguageAdaptor also works the other way around.
+If the user does not have the `preferredLanguage` attribute, the user interface for the user will be set to the default for the installation.
+If this language is not correct for the user, the user may click to switch language on the login page (or any other UI page in simpleSAMLphp).
+SimpleSAMLphp then stores the preferred language in a cookie.
+Now, the LanguageAdaptor will read the preferred language from the cookie and add a user attribute with the preferred language, that is sent to the service provider.
+
+The name of the attribute can be changed from the default by adding the `attributename` option.
+
+
+Examples
+--------
+
+Default attribute (`preferredLanguage`):
+
+ 'authproc' => array(
+ 50 => array(
+ 'class' => 'core:LanguageAdaptor',
+ ),
+ ),
+
+Custon attribute:
+
+ 'authproc' => array(
+ 50 => array(
+ 'class' => 'core:LanguageAdaptor',
+ 'attributename' => 'lang',
+ ),
+ ),
diff --git a/modules/core/docs/authproc_php.txt b/modules/core/docs/authproc_php.txt
index 4f0133ea6f17df650d274f7868e7a9c614a7e2f2..7fc4a0d49efd28cd9fd3a657bcfcc9ebf2fc69d2 100644
--- a/modules/core/docs/authproc_php.txt
+++ b/modules/core/docs/authproc_php.txt
@@ -1,7 +1,7 @@
`core:PHP`
==========
-This is a filter which makes it possible to run arbitrary PHP code to motidy the attributes of an user.
+This is a filter which makes it possible to run arbitrary PHP code to modify the attributes of an user.
Parameters
----------
diff --git a/modules/core/docs/authproc_scopefromattribute.txt b/modules/core/docs/authproc_scopefromattribute.txt
new file mode 100644
index 0000000000000000000000000000000000000000..0b7f92b9882897918cc1fd66fd4566140aa3659c
--- /dev/null
+++ b/modules/core/docs/authproc_scopefromattribute.txt
@@ -0,0 +1,31 @@
+`core:ScopeFromAttribute`
+=========================
+
+This filter creates a new attribute based on the scope from a different attribute.
+
+
+Parameters
+----------
+
+This filter has two parameters, where both parameters are mandatory.
+
+`sourceAttribute`
+: The attribute we should extract the scope from.
+
+`targetAttribute`
+: The name of the new attribute.
+
+
+
+Example
+-------
+
+Set the `scope` attribute to the scope from the `eduPersonPrincipalName` attribute:
+
+ 'authproc' => array(
+ 50 => array(
+ 'class' => 'core:ScopeFromAttribute',
+ 'sourceAttribute' => 'eduPersonPrincipal'
+ 'targetAttribute' => 'scope'
+ ),
+ ),
diff --git a/modules/core/docs/authproc_statisticswithattribute.txt b/modules/core/docs/authproc_statisticswithattribute.txt
new file mode 100644
index 0000000000000000000000000000000000000000..53753f9dbce44e23a60ae7336ca75909aa55b254
--- /dev/null
+++ b/modules/core/docs/authproc_statisticswithattribute.txt
@@ -0,0 +1,26 @@
+`core:StatisticsWithAttribute`
+==============================
+
+This filter logs a statistics entry that can be parsed by the statistics module.
+
+Parameters
+----------
+
+`attributename`
+: The name of an attribute that should be included in the statistics entry.
+
+`type`
+: The type of the statistics entry.
+
+
+Example
+-------
+
+Log the realm of the user:
+
+ 45 => array(
+ 'class' => 'core:StatisticsWithAttribute',
+ 'attributename' => 'realm',
+ 'type' => 'saml20-idp-SSO',
+ ),
+
diff --git a/modules/core/docs/authproc_targetedid.txt b/modules/core/docs/authproc_targetedid.txt
new file mode 100644
index 0000000000000000000000000000000000000000..c4e939507d002483e878ebfd873a01b42849e17f
--- /dev/null
+++ b/modules/core/docs/authproc_targetedid.txt
@@ -0,0 +1,58 @@
+`core:TargetedID`
+=================
+
+This filter generates the `eduPersonTargetedID` attribute for the user.
+
+By default, this filter will use the contents of the attribute set by the `userid.attribute` metadata option as the unique user ID.
+You can also use a different attribute by setting the `attributename` option,
+
+Parameters
+----------
+
+`attributename`
+: The name of the attribute we should use for the unique user identifier.
+ Optional, will use the attribute set by the `userid.attribute` metadata option by default.
+
+`nameId`
+: Set this option to `TRUE` to generate the attribute as in SAML 2 NameID format.
+ This can be used to generate an Internet2 compatible `eduPersonTargetedID` attribute.
+ Optional, defaults to `FALSE`.
+
+
+Examples
+--------
+
+Using the attribute from `userid.attribute`:
+
+ 'authproc' => array(
+ 50 => array(
+ 'class' => 'core:TargetedID',
+ ),
+ ),
+
+A custom attribute:
+
+ 'authproc' => array(
+ 50 => array(
+ 'class' => 'core:TargetedID',
+ 'attributename' => 'eduPersonPrincipalName'
+ ),
+ ),
+
+Internet2 compatible `eduPersontargetedID`:
+
+ /* In saml20-idp-hosted.php. */
+ $metadata['__DYNAMIC:1__'] = array(
+ 'host' => '__DEFAULT__',
+ 'auth' => 'example-static',
+
+ 'authproc' => array(
+ 60 => array(
+ 'class' => 'core:TargetedID',
+ 'nameId' => TRUE,
+ ),
+ ),
+ 'attributeencodings' => array(
+ 'eduPersonTargetedID' => 'raw',
+ ),
+ );
diff --git a/modules/core/docs/authproc_warnshortssointerval.txt b/modules/core/docs/authproc_warnshortssointerval.txt
new file mode 100644
index 0000000000000000000000000000000000000000..73f24a2bb6fe8eb7889d33eedf0bcc5e89297a21
--- /dev/null
+++ b/modules/core/docs/authproc_warnshortssointerval.txt
@@ -0,0 +1,16 @@
+`core:WarnShortSSOInterval`
+===========================
+
+Give a warning to the user when authenticating twice in a short time.
+This is mainly intended to prevent redirect loops between the IdP and the SP.
+
+
+Example
+-------
+
+ 'authproc' => array(
+ 50 => array(
+ 'class' => 'core:WarnShortSSOInterval',
+ ),
+ ),
+
diff --git a/modules/core/lib/Auth/Process/GenerateGroups.php b/modules/core/lib/Auth/Process/GenerateGroups.php
index b773be3f75a5df1f57360e13132a71d17952df49..23a785b8004a977654de7c00a58a8052dfd08fe0 100644
--- a/modules/core/lib/Auth/Process/GenerateGroups.php
+++ b/modules/core/lib/Auth/Process/GenerateGroups.php
@@ -3,41 +3,6 @@
/**
* Filter to generate a groups attribute based on many of the attributes of the user.
*
- * By default this filter will generate groups from the following set of attributes:
- * - 'eduPersonAffiliation'
- * - 'eduPersonOrgUnitDN'
- * - 'eduPersonEntitlement'
- *
- * This can be overridden by specifying the names of the attributes in the configuration.
- *
- * It will attempt to determine a realm the user belongs to based on the eduPersonPrincipalName
- * attribute, if it is present.
- *
- * The groups this filter generates are on the form:
- * <attribute name>-<attributevalue> and <attributename>-<realm>-<attributevalue>.
- *
- *
- * Note that this filter isn't a drop-in replacement for the groups attributealter function. The
- * difference is that it uses the full attribute name, instead of shortening them to for example
- * affiliation, and it escapes illegal characters in a style similar to urlencoding. It also generates
- * groups both with and without a realm part. If no realm is determined, it will only generate attributes
- * without a realm-part.
- *
- *
- * Example - generate from default set of attributes:
- * <code>
- * 'authproc' => array(
- * 50 => 'core:GenerateGroups',
- * ),
- * </code>
- *
- * Example - generate from only the eduPersonAffilitation attribute:
- * <code>
- * 'authproc' => array(
- * 50 => array('class' => 'core:GenerateGroups', 'eduPersonAffiliation'),
- * ),
- * </code>
- *
* @author Olav Morken, UNINETT AS.
* @package simpleSAMLphp
* @version $Id$