Decode Claims from trusted identity provider
diff --git a/src/com/google/enterprise/adaptor/sharepoint/SharePointAdaptor.java b/src/com/google/enterprise/adaptor/sharepoint/SharePointAdaptor.java
index bc4cd0d..16e682a 100644
--- a/src/com/google/enterprise/adaptor/sharepoint/SharePointAdaptor.java
+++ b/src/com/google/enterprise/adaptor/sharepoint/SharePointAdaptor.java
@@ -2403,6 +2403,21 @@
// Forms authentication user
} else if (loginName.startsWith("i:0#.f|")) {
return loginName.substring(7).replace("|", ":");
+ // Identity claims for Email (05) or UPN (0e) for trusted user claim
+ } else if (loginName.startsWith("i:05.t|")
+ || loginName.startsWith("i:0e.t|")) {
+ String[] parts = loginName.split(Pattern.quote("|"), 3);
+ if (parts.length == 3) {
+ return parts[2];
+ }
+ // Non identity claims for email (05) or UPN (0e) or Role (0-)
+ } else if (loginName.startsWith("c:05.t|")
+ || loginName.startsWith("c:0e.t|")
+ || loginName.startsWith("c:0-.t|")) {
+ String[] parts = loginName.split(Pattern.quote("|"), 3);
+ if (parts.length == 3) {
+ return parts[2];
+ }
}
log.log(Level.WARNING, "Unsupported claims value {0}", loginName);
return null;
diff --git a/test/com/google/enterprise/adaptor/sharepoint/SharePointAdaptorTest.java b/test/com/google/enterprise/adaptor/sharepoint/SharePointAdaptorTest.java
index ecc512a..210a391 100644
--- a/test/com/google/enterprise/adaptor/sharepoint/SharePointAdaptorTest.java
+++ b/test/com/google/enterprise/adaptor/sharepoint/SharePointAdaptorTest.java
@@ -697,7 +697,17 @@
+ "BinaryIdentifier=\"c:0+.w|s-1-5-21-3993744865-3521423997"
+ "-1479072767-513\" Sid=\"\" BinaryIdentifierType=\"UserKey\" "
+ "GrantMask=\"4611686224789442657\" "
- + "DenyMask=\"0\" /></Policies>";
+ + "DenyMask=\"0\" />"
+ + "<PolicyUser "
+ + "LoginName=\"i:0e.t|adfsv2|spuat.adaptor@gsa-connectors.com\" "
+ + "BinaryIdentifier=\"i:0e.t|adfsv2|spuat.adaptor@gsa-connectors.com\" "
+ + "Sid=\"\" BinaryIdentifierType=\"UserKey\" "
+ + "GrantMask=\"4611686224789442657\" DenyMask=\"0\" />"
+ + "<PolicyUser "
+ + "LoginName=\"c:0-.t|adfsv2|grouplevel1@gsa-connectors.com\" "
+ + "BinaryIdentifier=\"c:0-.t|adfsv2|grouplevel1@gsa-connectors.com\" "
+ + "Sid=\"\" BinaryIdentifierType=\"UserKey\" "
+ + "GrantMask=\"4611686224789442657\" DenyMask=\"0\" /></Policies>";
MockPeopleSoap mockPeople = new MockPeopleSoap();
mockPeople.addToResult("i:0#.w|GSA-CONNECTORS\\Administrator",
"Administrator", SPPrincipalType.USER);
@@ -709,6 +719,10 @@
mockPeople.addToResult("GDC-PSL\\spuser1", "spuser1", SPPrincipalType.USER);
mockPeople.addToResult("GDC-PSL\\Administrator", "dministrator",
SPPrincipalType.USER);
+ mockPeople.addToResult("i:0e.t|adfsv2|spuat.adaptor@gsa-connectors.com",
+ "spuat.adaptor@gsa-connectors.com", SPPrincipalType.USER);
+ mockPeople.addToResult("c:0-.t|adfsv2|grouplevel1@gsa-connectors.com",
+ "grouplevel1@gsa-connectors.com", SPPrincipalType.SECURITY_GROUP);
SoapFactory siteDataFactory = MockSoapFactory.blank()
.endpoint(VS_ENDPOINT, MockSiteData.blank()
@@ -729,9 +743,13 @@
.setInheritanceType(Acl.InheritanceType.PARENT_OVERRIDES)
.setPermitUsers(Arrays.asList(GDC_PSL_ADMINISTRATOR, GDC_PSL_SPUSER1,
NT_AUTHORITY_LOCAL_SERVICE, new UserPrincipal(
- "GSA-CONNECTORS\\Administrator", DEFAULT_NAMESPACE)))
+ "GSA-CONNECTORS\\Administrator", DEFAULT_NAMESPACE),
+ new UserPrincipal("spuat.adaptor@gsa-connectors.com",
+ DEFAULT_NAMESPACE)))
.setPermitGroups(Arrays.asList(new GroupPrincipal(
- "GSA-CONNECTORS\\Domain Users", DEFAULT_NAMESPACE)))
+ "GSA-CONNECTORS\\Domain Users", DEFAULT_NAMESPACE),
+ new GroupPrincipal("grouplevel1@gsa-connectors.com",
+ DEFAULT_NAMESPACE)))
.build(),
response.getAcl());
assertNull(response.getDisplayUrl());