4 files changed, 50 insertions, 9 deletions
diff --git a/appinfo/app.php b/appinfo/app.php
index ecaca6b0..f7d44a69 100644
--- a/appinfo/app.php
+++ b/appinfo/app.php
@@ -33,10 +33,12 @@ $l = \OC::$server->getL10N('user_saml');
 $config = \OC::$server->getConfig();
 $request = \OC::$server->getRequest();
 $userSession = \OC::$server->getUserSession();
+$session = \OC::$server->getSession();
 $samlSettings = new \OCA\User_SAML\SAMLSettings(
 	$urlGenerator,
 	$config,
-	$request
+	$request,
+	$session
 );
 
 $userBackend = new \OCA\User_SAML\UserBackend(
@@ -45,7 +47,8 @@ $userBackend = new \OCA\User_SAML\UserBackend(
 	\OC::$server->getSession(),
 	\OC::$server->getDatabaseConnection(),
 	\OC::$server->getUserManager(),
-	\OC::$server->getGroupManager()
+	\OC::$server->getGroupManager(),
+	$samlSettings
 );
 $userBackend->registerBackends(\OC::$server->getUserManager()->getBackends());
 OC_User::useBackend($userBackend);
diff --git a/lib/Controller/SAMLController.php b/lib/Controller/SAMLController.php
index a9914372..cfc08ee2 100644
--- a/lib/Controller/SAMLController.php
+++ b/lib/Controller/SAMLController.php
@@ -102,7 +102,8 @@ class SAMLController extends Controller {
 	 * @throws NoUserFoundException
 	 */
 	private function autoprovisionIfPossible(array $auth) {
-		$uidMapping = $this->config->getAppValue('user_saml', 'general-uid_mapping');
+		$prefix = $this->settings->getPrefix();
+		$uidMapping = $this->config->getAppValue('user_saml', $prefix . 'general-uid_mapping');
 		if(isset($auth[$uidMapping])) {
 			if(is_array($auth[$uidMapping])) {
 				$uid = $auth[$uidMapping][0];
diff --git a/lib/SAMLSettings.php b/lib/SAMLSettings.php
index 0f97b634..3e287eab 100644
--- a/lib/SAMLSettings.php
+++ b/lib/SAMLSettings.php
@@ -24,6 +24,7 @@ namespace OCA\User_SAML;
 use OCP\AppFramework\Http;
 use OCP\IConfig;
 use OCP\IRequest;
+use OCP\ISession;
 use OCP\IURLGenerator;
 
 class SAMLSettings {
@@ -33,18 +34,25 @@ class SAMLSettings {
 	private $config;
 	/** @var IRequest */
 	private $request;
+	/** @var ISession */
+	private $session;
+	/** @var array list of global settings which are valid for every idp */
+	private $globalSettings = ['general-require_provisioned_account', 'general-allow_multiple_user_back_ends', 'general-use_saml_auth_for_desktop'];
 
 	/**
 	 * @param IURLGenerator $urlGenerator
 	 * @param IConfig $config
 	 * @param IRequest $request
+	 * @param ISession $session
 	 */
 	public function __construct(IURLGenerator $urlGenerator,
 								IConfig $config,
-								IRequest $request) {
+								IRequest $request,
+								ISession $session) {
 		$this->urlGenerator = $urlGenerator;
 		$this->config = $config;
 		$this->request = $request;
+		$this->session = $session;
 	}
 
 	/**
@@ -148,5 +156,26 @@ class SAMLSettings {
 
 		return $settings;
 	}
-}
 
+	/**
+	 * calculate prefix for config values
+	 *
+	 * @param string name of the setting
+	 * @return string
+	 */
+	public function getPrefix($setting = '') {
+
+		$prefix = '';
+		if (!empty($setting) && in_array($setting, $this->globalSettings)) {
+			return $prefix;
+		}
+
+		$idp = $this->session->get('user_saml.Idp');
+		if ((int)$idp > 1) {
+			$prefix = $idp . '-';
+		}
+
+		return $prefix;
+	}
+
+}
diff --git a/lib/UserBackend.php b/lib/UserBackend.php
index fd5df33f..7b8b1f3d 100644
--- a/lib/UserBackend.php
+++ b/lib/UserBackend.php
@@ -48,6 +48,8 @@ class UserBackend implements IApacheBackend, UserInterface, IUserBackend {
 	private $groupManager;
 	/** @var \OCP\UserInterface[] */
 	private static $backends = [];
+	/** @var SAMLSettings */
+	private $settings;
 
 	/**
 	 * @param IConfig $config
@@ -56,19 +58,22 @@ class UserBackend implements IApacheBackend, UserInterface, IUserBackend {
 	 * @param IDBConnection $db
 	 * @param IUserManager $userManager
 	 * @param IGroupManager $groupManager
+	 * @param SAMLSettings $settings
 	 */
 	public function __construct(IConfig $config,
 								IURLGenerator $urlGenerator,
 								ISession $session,
 								IDBConnection $db,
 								IUserManager $userManager,
-								IGroupManager $groupManager) {
+								IGroupManager $groupManager,
+								SAMLSettings $settings) {
 		$this->config = $config;
 		$this->urlGenerator = $urlGenerator;
 		$this->session = $session;
 		$this->db = $db;
 		$this->userManager = $userManager;
 		$this->groupManager = $groupManager;
+		$this->settings = $settings;
 	}
 
 	/**
@@ -344,7 +349,8 @@ class UserBackend implements IApacheBackend, UserInterface, IUserBackend {
 	 * {@inheritdoc}
 	 */
 	public function getLogoutUrl() {
-		$slo = $this->config->getAppValue('user_saml', 'idp-singleLogoutService.url', '');
+		$prefix = $this->settings->getPrefix();
+		$slo = $this->config->getAppValue('user_saml', $prefix . 'idp-singleLogoutService.url', '');
 		if($slo === '') {
 			return '';
 		}
@@ -373,7 +379,8 @@ class UserBackend implements IApacheBackend, UserInterface, IUserBackend {
 	 */
 	public function getCurrentUserId() {
 		$samlData = $this->session->get('user_saml.samlUserData');
-		$uidMapping = $this->config->getAppValue('user_saml', 'general-uid_mapping', '');
+		$prefix = $this->settings->getPrefix();
+		$uidMapping = $this->config->getAppValue('user_saml', $prefix . 'general-uid_mapping', '');
 
 		if($uidMapping !== '' && isset($samlData[$uidMapping])) {
 			if(is_array($samlData[$uidMapping])) {
@@ -437,7 +444,8 @@ class UserBackend implements IApacheBackend, UserInterface, IUserBackend {
 
 	private function getAttributeKeys($name)
 	{
-		$keys = explode(' ', $this->config->getAppValue('user_saml', $name, ''));
+		$prefix = $this->settings->getPrefix($name);
+		$keys = explode(' ', $this->config->getAppValue('user_saml', $prefix . $name, ''));
 
 		if (count($keys) === 1 && $keys[0] === '') {
 			throw new \InvalidArgumentException('Attribute is not configured');