From b7f49f1589984fa7118c5c5141e99f12e6b1158e Mon Sep 17 00:00:00 2001
From: Olav Morken <olav.morken@uninett.no>
Date: Fri, 10 Dec 2010 14:07:58 +0000
Subject: [PATCH] openid: support for custom OpenID realm

Thanks to Andjelko Horvat for creating this patch!

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2682 44740490-163a-0410-bde0-09ae8108e29a
---
 config-templates/authsources.php                  |  2 ++
 modules/openid/lib/Auth/Source/OpenIDConsumer.php | 13 ++++++++++++-
 2 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/config-templates/authsources.php b/config-templates/authsources.php
index a1ffb94c2..0d76a862d 100644
--- a/config-templates/authsources.php
+++ b/config-templates/authsources.php
@@ -99,6 +99,8 @@ $config = array(
 		'openid:OpenIDConsumer',
 		// Googles OpenID endpoint.
 		'target' => 'https://www.google.com/accounts/o8/id',
+		// Custom realm
+		// 'realm' => 'http://*.example.org',
 		// Attributes that google can supply.
 		'attributes.ax_required' => array(
 			//'http://axschema.org/namePerson/first',
diff --git a/modules/openid/lib/Auth/Source/OpenIDConsumer.php b/modules/openid/lib/Auth/Source/OpenIDConsumer.php
index 929bbcf82..903f7d90a 100644
--- a/modules/openid/lib/Auth/Source/OpenIDConsumer.php
+++ b/modules/openid/lib/Auth/Source/OpenIDConsumer.php
@@ -31,6 +31,12 @@ class sspmod_openid_Auth_Source_OpenIDConsumer extends SimpleSAML_Auth_Source {
 	 */
 	private $target;
 
+	/**
+	 * Custom realm to use.
+	 *
+	 * @var string|NULL
+	 */
+	private $realm;
 
 	/**
 	 * List of optional attributes.
@@ -65,6 +71,7 @@ class sspmod_openid_Auth_Source_OpenIDConsumer extends SimpleSAML_Auth_Source {
 			'Authentication source ' . var_export($this->authId, TRUE));
 
 		$this->target = $cfgParse->getString('target', NULL);
+		$this->realm = $cfgParse->getString('realm', NULL);
 
 		$this->optionalAttributes = $cfgParse->getArray('attributes.optional', array());
 		$this->requiredAttributes = $cfgParse->getArray('attributes.required', array());
@@ -132,7 +139,11 @@ class sspmod_openid_Auth_Source_OpenIDConsumer extends SimpleSAML_Auth_Source {
 	 * @return string  The trust root.
 	 */
 	private function getTrustRoot() {
-		return SimpleSAML_Utilities::selfURLhost();
+		if (!empty($this->realm)) {
+			return $this->realm;
+		} else {
+			return SimpleSAML_Utilities::selfURLhost();
+		}
 	}
 
 
-- 
GitLab