Index: /branches/rel_ag_9_4_5/uproxy/sessmgrd/sessmgrd.c
===================================================================
--- /branches/rel_ag_9_4_5/uproxy/sessmgrd/sessmgrd.c	(revision 20341)
+++ /branches/rel_ag_9_4_5/uproxy/sessmgrd/sessmgrd.c	(working copy)
@@ -45,6 +45,7 @@
 #include "../../firewall/lib/ip.h"
 #include <click/app/ha/ha.h>
 #include "../../ha/halib/halib.h"
+#include "../../../aaa/aaa_common.h"
 #include <license.h>
 #include <click/app/kernelapi/kernelapi.h>
 #include <click/app/fastlog/logex_def.h>
@@ -3353,6 +3354,7 @@
 	filter.groupinfo = sessmgr_req->group_name;
 	filter.auth_method_id = method;
 	filter.login_time = time(NULL);
+
 	if (sessmgr_req->role_list[0] == NULL) {
 		rc = sec_role_qualification_filter(sessmgr_req->site_id, 
 				                    &filter, (struct sec_role **)&sessmgr_req->role_list);
@@ -3436,7 +3438,7 @@
 		sess_error_log("get act failed act %d, %s", *action, p);
 		return -1;
 	}
-	p = q+1;
+	p = q + 1;
 
 	/* get values */
 	while (p - request < total_len && *p != '\0') {
@@ -3523,6 +3525,7 @@
 		}
 		p = q + 1;
 	}
+
 	return 0;
 }
 
@@ -3591,6 +3594,38 @@
 }
 
 static int
+add_saml_group_info(an_sessmgr_rqt_t *sessmgr_req)
+{
+	struct aaa_conf *aaa_conf = NULL;
+	sec_vsite_t *vsite_p = NULL;
+	struct saml_idp *idp;
+	int j;
+
+	if (sessmgr_req->site_id != NULL) {
+		vsite_p = find_vsite_by_name((char*)sessmgr_req->site_id);
+		if (vsite_p == NULL) {
+			ulog_error_no_conn(AMP_ULOG_SMANAGER, "parse_saml_request: cannot find vsite.");
+			return -1;
+		}
+		aaa_conf = vsite_p->aaa_configure;
+	
+		if (aaa_conf != NULL) {
+			for (j = 0; j < 5; j++) {
+				idp = &aaa_conf->saml.idps[j];
+				if (idp->name[0] == '\0') {
+					continue;
+				}
+				if ((idp->attr_uname[0] != '\0') && (strcmp(idp->name, aaa_conf->saml.idp_name) == 0)) {
+					strncpy(sessmgr_req->group_name, idp->attr_gname, GROUP_NAME_MAX_LEN);
+				}
+			}
+		}
+	}
+
+	return 0;
+}
+
+static int
 handle_saml_sess_req(int saml_sock)
 {
 	struct sockaddr addr;
@@ -3624,11 +3659,16 @@
 			sess_error_log("recv length not enough expect %d, actually %d", total_len, rc);
 			return 0;
 		}
-		
 		rc = parse_saml_request(sess_saml_req, total_len, &action, &sessmgr_req, &signature, &checkcode);
 		if (rc < 0) {
 			continue;
 		}
+
+		/* Bug 589 VPN role authentication by SAML group information */
+		rc = add_saml_group_info(&sessmgr_req);
+		if (rc < 0) {
+			continue;
+		}
 
 		switch (action) {
 			case 1: