[FEATURE] SSO: Keep the domain name after a successfull login

[xperseguers]

This is useful e.g., on a CAS-Server, to continue the chain of authentication through LDAP.

Resolves: #81

[cstrizzolo]

My case is a little different. In order to authenticate I need to strip off the domain name and get rid of it. For instance:

• $remoteUser is something like 'john@mydomain';
• I need to get $remoteUser = 'john' and $domain = null.

It looks like the patch above either allows not to alter anything or to strip the domain and assign it to $domain, instead.

Maybe one more configuration option (SSOStripOffDomainName ?) might be added so as to get what I need:

            if (!Configuration::getValue('SSOKeepDomainName')) {
                if ($pos = strpos($remoteUser, '@')) {
                    $domain = substr($remoteUser, $pos + 1);
                    $remoteUser = substr($remoteUser, 0, $pos);
                } elseif ($pos = strrpos($remoteUser, '\\')) {
                    $domain = substr($remoteUser, 0, $pos);
                    $remoteUser = substr($remoteUser, $pos + 1);
                }
            }

            // BEGIN NEW PATCH      
            if (Configuration::getValue('SSOStripOffDomainName')) {
                domain = null;
            }
            // END NEW PATCH

Any better idea would be appreciated.

[pniederlag]

My case is a little different. In order to authenticate I need to strip off the domain name and get rid of it.

Actually it seems that before this PR the behaviour of ig_ldap_sso_auth was probably just like that?

We are seeing our (formerly working) SSO-Setup is broken after an update of TYPO3 (and ig_ldap_sso_auth). After doing some debugging I found that there is a mismatch between the '@foo.INT' and '@foo.local' top level domain as used by kerberos (available in $_SERVER['REMOTE_USER']) and LDAP.

[xperseguers]

@pniederlag This feature is closed for quite some time now, please open a new ticket and reference this one if wished so that we can find a solution.