Index: /branches/rel_ag_9_4_5/uproxy/sessmgrd/sessmgrd.c
===================================================================
--- /branches/rel_ag_9_4_5/uproxy/sessmgrd/sessmgrd.c	(revision 20354)
+++ /branches/rel_ag_9_4_5/uproxy/sessmgrd/sessmgrd.c	(working copy)
@@ -45,7 +45,6 @@
 #include "../../firewall/lib/ip.h"
 #include <click/app/ha/ha.h>
 #include "../../ha/halib/halib.h"
-#include "../../../aaa/aaa_common.h"
 #include <license.h>
 #include <click/app/kernelapi/kernelapi.h>
 #include <click/app/fastlog/logex_def.h>
@@ -3412,6 +3411,8 @@
 	int outlen;
 	int32_t rc, i;
 	char *role_str, *role_cur;
+	char *group_cur;
+        char group_str[GROUP_NAME_MAX_LEN + 1];
 	char role_list[SESSION_MAX_ROLE_PER_SESSION][ROLE_MAX_FIELD_NAME + 1] = {0};
 
 	memset(sessmgr_req, 0, sizeof(*sessmgr_req));
@@ -3475,14 +3476,23 @@
 			return -1;
 		}
 		switch (type) {
-			case 'v': /*vsite_name*/
+			case 'v': /*vsite_name */
 				strncpy(sessmgr_req->site_id, res_str, VSITE_NAME_LEN);
 				break;
-			case 'u': /* user_name*/
+			case 'u': /* user_name */
 				strncpy(sessmgr_req->username, res_str, SESSMGR_UNAME_BUF_SIZE);
 				break;
 			case 'g': /* group name */
-				strncpy(sessmgr_req->group_name, res_str, GROUP_NAME_MAX_LEN);
+				/* Bug 589 VPN role authentication by SAML group information */ 
+                                /* group list -- group1:group2:...groupN */ 
+                                /* replace "+" to " " in request, Example: "ATCP+Stack+Team" -> "ATCP Stack Team" */
+                                strncpy(group_str, res_str, res_str_len);
+                                for (i = 0; i < res_str_len; i++) {
+                                    if (group_str[i] == "+") {
+                                        group_str[i] = " ";
+                                    }
+                                }
+				strncpy(sessmgr_req->group_name, group_str, GROUP_NAME_MAX_LEN);
 				break;
 			case 'c': /* external acl */
 				strncpy(sessmgr_req->acls, res_str, AAA_EXTERNAL_ACL_LEN - 1);
@@ -3593,37 +3603,6 @@
 	return 0;
 }
 
-static int
-add_saml_group_info(an_sessmgr_rqt_t *sessmgr_req)
-{
-	struct aaa_conf *aaa_conf = NULL;
-	sec_vsite_t *vsite_p = NULL;
-	struct saml_idp *idp;
-	int j;
-
-	if (sessmgr_req->site_id != NULL) {
-		vsite_p = find_vsite_by_name((char*)sessmgr_req->site_id);
-		if (vsite_p == NULL) {
-			ulog_error_no_conn(AMP_ULOG_SMANAGER, "parse_saml_request: cannot find vsite.");
-			return -1;
-		}
-		aaa_conf = vsite_p->aaa_configure;
-	
-		if (aaa_conf != NULL) {
-			for (j = 0; j < 5; j++) {
-				idp = &aaa_conf->saml.idps[j];
-				if (idp->name[0] == '\0') {
-					continue;
-				}
-				if ((idp->attr_uname[0] != '\0') && (strcmp(idp->name, aaa_conf->saml.idp_name) == 0)) {
-					strncpy(sessmgr_req->group_name, idp->attr_gname, GROUP_NAME_MAX_LEN);
-				}
-			}
-		}
-	}
-
-	return 0;
-}
 
 static int
 handle_saml_sess_req(int saml_sock)
@@ -3663,12 +3642,6 @@
 		if (rc < 0) {
 			continue;
 		}
-
-		/* Bug 589 VPN role authentication by SAML group information */
-		rc = add_saml_group_info(&sessmgr_req);
-		if (rc < 0) {
-			continue;
-		}
 
 		switch (action) {
 			case 1: