Rails.application.config.middleware.use OmniAuth::Builder do
  provider :shibboleth, {
    # We're using a UK Access Management Federation IdPs here
    # Shibboleth server config needs to return eppn and persistent-id attributes
    # Priority given to eppn in controller if present, assuming persistent-id always populated
    # Doing this the omniauth way rather than using REMOTE_USER
    # See controllers/users/omniauth_callbacks_controller.rb
    # Shibboleth authentication is enabled in config/application.rb
    :uid_field => :"persistent-id",
    :fields => [],
    :extra_fields => [
      :eppn,
      :affiliation,
      :entitlement,
      :"unscoped-affiliation",
      :"targeted-id",
      :mail
    ],
  }
end