在IdP身份验证之后/SP重定向之前将文本追加到用户的帐户 [英] Appending text to user's account after IdP authentication / before SP redirect

问题描述

在他们经过IdP验证之后，并且系统将他们重定向到SP之前，我需要将电子邮件域(@ domain.com)附加到用户的帐户中.

I need to append the email domain (@domain.com) to a user's account after they are IdP validated, and before the system redirects them to the SP.

我正在使用此页面提供帮助，但是无法断言我是直接输入其他文本还是引用从LDAP检索到的另一个属性:

I am using this page for assistance but am unable to assert whether I will type in the additional text literally, or by referencing another attribute retrieved from LDAP: http://simplesamlphp.org/docs/stable/simplesamlphp-authproc

推荐答案

您必须在metadata/saml20-idp-hosted.php

You must apply the filter at the metadata/saml20-idp-hosted.php

使用 PHP过滤器:

'authproc.idp' => array(
    60 => array(
        'class' => 'core:PHP',
        'code' => '
             if (!empty($attributes["uid"])) {
                  $mail = $attributes["uid"][0] . "@domain.com";
                  $attributes["mail"] = array($mail);
             } //Closing bracket was missing
        ',
    ),
 ),

例如，此过滤器基于"uid"属性创建"mail"属性. 请注意，$ attributes处的属性值始终是一个数组.

This filter for example create a 'mail' attribute based on an 'uid' attribute. Note that attribute values at the $attributes are always an array.

这篇关于在IdP身份验证之后/SP重定向之前将文本追加到用户的帐户的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！