Auto-enable SAML based on email address in addition to username

I had the same need; I have a bunch of migrated users who I would like to log in by email address. I had a slightly more verbose solution, which makes this configurable, and also works when you enable SAML for individual accounts in Drupal.

_simplesamlphp_auth_get_authname()

+++ b/simplesamlphp_auth.module
@@ -427,33 +430,108 @@ function _simplesamlphp_auth_isEnabled($show_inactive_msg = FALSE) {
 function _simplesamlphp_auth_get_authname() {
+  $authname = '';
+
+  switch (variable_get('simplesamlphp_authname_source', 'uid')) {
+    case 'mail':
+      $authname = _simplesamlphp_auth_get_mail();
+      break;
+    case 'username':
+      $authname = _simplesamlphp_auth_get_default_name();
+      break;
+    case 'uid':
+    default:
+      $authname = _simplesamlphp_auth_get_authname();
+  }
+
+  return $authname;
+}
+

Infinite loop when simplesamlphp_authname_source is uid. It seems a missing _simplesamlphp_auth_get_unique_id() function should be called instead.

Otherwise, the patch seems to be working fine when matching with the email.

Tested the patch above for mapping via email. Works for me! Did not test UID infinite loop correlation. Perhaps keeping this to just email or username for now would be best?

Enabling email is good but not the only field by which we should use SAML. In my site there's a need to retrieve some very specific substring from the SAML auth and look for it on one of the existing user's fields. My patch allows other modules to do that, and it also lets you use email, of course.

I like roi's approach with the drupal_alter call instead of a switch statement. Roi's approach will make it much more flexible for other modules to hook in and provide their use case specific options.

Maybe we can provide the best of both worlds? Perhaps have username and email lookups by default and then hook out with drupal_alter?

Thanks

I've been doing some of this work here: https://www.drupal.org/node/2745089