Added management of groups attribute and modification of SSOlogin

README.md

@@ -34,6 +34,10 @@ $shib_RN = isset($_SERVER['HTTP_COMMON_NAME']) ? $_SERVER['HTTP_COMMON_NAME'] :
 // Map e-mail to what Shibboleth variable?
 $shib_email = isset($_SERVER['HTTP_EMAIL']) ? $_SERVER['HTTP_EMAIL'] : null;
 
+// Field containing groups for the user and field containing the prefix to be searched (and stripped) from wiki groups
+$shib_groups = isset($_SERVER['isMemberOf']) ? $_SERVER['isMemberOf'] : null;
+$shib_group_prefix = "wiki";
+
 // The ShibUpdateUser hook is executed on login.
 // It has two arguments:
 // - $existing: True if this is an existing user, false if it is a new user being added

ShibAuthPlugin.php

@@ -300,12 +300,30 @@ function ShibLinkAdd(&$personal_urls, $title)
         if (! isset($shib_LoginHint))
                 $shib_LoginHint = "Login via Single Sign-on";
 
-        $personal_urls['SSOlogin'] = array(
-                        'text' => $shib_LoginHint,
-                        'href' => ($shib_Https ? 'https' :  'http') .'://' . $_SERVER['HTTP_HOST'] .
-                        getShibAssertionConsumerServiceURL() . "/" . $shib_ConsumerPrefix . $shib_WAYF .
-                        '?target=' . (isset($_SERVER['HTTPS']) ? 'https' : 'http') .
-                        '://' . $_SERVER['HTTP_HOST'] . $pageurl, );
+	if ($shib_WAYFStyle == "Login") {
+		$personal_urls['SSOlogin'] = array(
+			'text' => $shib_LoginHint,
+			'href' => ($shib_Https ? 'https' :  'http') .'://' . $_SERVER['HTTP_HOST'] .
+			$shib_AssertionConsumerServiceURL . "/" . $shib_ConsumerPrefix . $shib_WAYFStyle .
+			'?target=' . (isset($_SERVER['HTTPS']) ? 'https' : 'http') .
+			'://' . $_SERVER['HTTP_HOST'] . $pageurl, );
+	}
+	elseif ($shib_WAYFStyle == "CustomLogin") {
+		$personal_urls['SSOlogin'] = array(
+			'text' => $shib_LoginHint,
+			'href' => ($shib_Https ? 'https' :  'http') .'://' . $_SERVER['HTTP_HOST'] .
+			$shib_AssertionConsumerServiceURL .
+			'?target=' . (isset($_SERVER['HTTPS']) ? 'https' : 'http') .
+			'://' . $_SERVER['HTTP_HOST'] . $pageurl, );
+	}
+	else {
+		$personal_urls['SSOlogin'] = array(
+			'text' => $shib_LoginHint,
+			'href' => ($shib_Https ? 'https' :  'http') .'://' . $_SERVER['HTTP_HOST'] .
+			$shib_AssertionConsumerServiceURL . "/" . $shib_ConsumerPrefix . $shib_WAYF .
+			'?target=' . (isset($_SERVER['HTTPS']) ? 'https' : 'http') .
+			'://' . $_SERVER['HTTP_HOST'] . $pageurl, );
+	}
         return true;
 }
 
@@ -354,6 +372,7 @@ function ShibUserLoadFromSession($user, &$result)
         global $shib_map_info;
         global $shib_map_info_existing;
         global $shib_pretend;
+	global $shib_groups;
 
         //MW needs usernames in capital!
         $shib_UN = Title::makeTitleSafe( NS_USER, $shib_UN);
@@ -382,6 +401,7 @@ function ShibUserLoadFromSession($user, &$result)
                 $wgAuth->updateUser($user); //Make sure password is nologin
                 wfSetupSession();
                 $user->setCookies();
+		ShibAddGroups($user);
                 return true;
         }
 
@@ -443,8 +463,27 @@ function ShibUserLoadFromSession($user, &$result)
         $user->saveSettings();
         wfSetupSession();
         $user->setCookies();
+	ShibAddGroups($user);
         return true;
 }
+function ShibAddGroups($user) {
+	global $shib_groups;
+	global $shib_group_prefix;
+
+	if (isset($shib_groups)) {
+		foreach (explode(';', $shib_groups) as $group) {
+			if (isset($shib_group_prefix) && !empty($shib_group_prefix)) {
+				$vals = explode(":", $group);
+				if ($vals[0] == "wiki") {
+					$user->addGroup($vals[1]);
+				}
+			}
+			else {
+				$user->addGroup($group);
+			}
+		}
+	}
+}
 function ShibKillAA()
 {
         global $wgHooks;