authorize Module
================

<!--
	This file is written in Markdown syntax.
	For more information about how to use the Markdown syntax, read here:
	http://daringfireball.net/projects/markdown/syntax
-->

  * Version: `$Id$`
  * Author: Ernesto Revilla <erny@yaco.es>, Yaco Sistemas
  * Package: simpleSAMLphp

This module provides an user authorization filter based on regular expressions for those applications that do not cleanly separate authentication from authorization and set some default permissions for authenticated users.


`authorize:Authorize`
: Authorize certain users based on regular expressions.


`authorize:Authorize`
---------------------

For each attribute you can specify a regular expression string or array of strings. If one of those attributes matches (OR operator) one of the regular expression, the user is authorized successfully.

You must use the preg_match format, i.e. you have to enclose it with a delimiter that does not appear inside the regex (e.g. slash (/), at sign (@), number sign (#) or underscore (`_`)).

The users not authorized will be shown a 403 Forbidden page.

Problems:

 * Once you get the forbidden page, you can't logout at the IdP directly,
   (as far as I know), you have to close the browser.


To use this filter configure it in `config/config.php`:

	'authproc.sp' => array(
		60 => array(
			'class' => 'authorize:Authorize',
			'uid'   =>  array(
				'/.*@example.com/',
				'/(user1|user2|user3)@example.edu/',
			),
			'schacUserStatus' => '@urn:mace:terena.org:userStatus:' .
				'example.org:service:active.*@',
	)