问题
I need to append the email domain (@domain.com) to a user's account after they are IdP validated, and before the system redirects them to the SP.
I am using this page for assistance but am unable to assert whether I will type in the additional text literally, or by referencing another attribute retrieved from LDAP: http://simplesamlphp.org/docs/stable/simplesamlphp-authproc
回答1:
You must apply the filter at the metadata/saml20-idp-hosted.php
Use a PHP filter:
'authproc.idp' => array(
60 => array(
'class' => 'core:PHP',
'code' => '
if (!empty($attributes["uid"])) {
$mail = $attributes["uid"][0] . "@domain.com";
$attributes["mail"] = array($mail);
} //Closing bracket was missing
',
),
),
This filter for example create a 'mail' attribute based on an 'uid' attribute. Note that attribute values at the $attributes are always an array.
来源:https://stackoverflow.com/questions/14043820/appending-text-to-users-account-after-idp-authentication-before-sp-redirect