diff --git a/README.md b/README.md
index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..def2025270e701f38d7f91262972806b583a18d0 100644
--- a/README.md
+++ b/README.md
@@ -0,0 +1,164 @@
+Shibboleth Authentication Plugin for Liferay
+============================================
+
+* This plugin is derived from an initial version of rsheshi@gmail.com. See: http://code.google.com/p/liferay-shibboleth-plugin/
+* The first major extension was done by Ivan Novakov. https://github.com/ivan-novakov
+* Further upgrades were made by Mihály Héder. https://github.com/mheder
+* The latest extensions were made by Szabolcs Tenczer https://github.com/burgosz
+
+Additional features has been added:
+
+* auto create users using Shibboleth attributes (email, first name, last name)
+* auto update user information upon login
+* added options to specify the headers (Shibboleth attributes) to be used for extracting email, first name and last name
+* basic attribute to role mapping
+
+Requirements
+------------
+
+* Apache 2.x with mod_ssl and mod_proxy_ajp
+* Shibboleth SP 2.x
+
+Introduction
+------------
+
+Currently, there is no native Java Shibboleth service provider. If you need to protect your Java web
+with Shibboleth, you have to run Apache with mod_shib in front of your servlet container (Tomcat, JBoss, ...).
+The protected application must not be accessible directly, it must be run on a private address. Apache will intercept
+requests, and after performing all authentication related tasks, it will pass the request to the backend servlet
+container using AJP (Apache JServ Protocol).
+
+Shibboleth Service Provider
+---------------------------
+
+A standard Shibboleth Service Provider instance may be used with one difference - the attribute preffix must bes
+set to "AJP_", otherwise user attributes from Shibboleh will not be accessible in the application.
+
+    <ApplicationDefaults entityID="https://liferay-test/shibboleth"
+        REMOTE_USER="uid eppn persistent-id targeted-id" 
+        attributePrefix="AJP_">
+
+
+Apache configuration
+--------------------
+
+First, we need to set the AJP communication with the backend in our virtual host configuration:
+
+    ProxyPass / ajp://localhost:8009/
+    ProxyPassReverse / ajp://localhost:8009/
+    
+Then we'll configure Shibboleth to be "activated" for the whole site:
+
+    <Location />
+        AuthType shibboleth
+        require shibboleth
+    </Location>
+    
+And require a Shibboleth session at the "login" location:
+
+    <Location /c/portal/login>
+        AuthType shibboleth
+        ShibRequireSession On
+        require valid-user
+    </Location>
+
+
+Container's AJP connector
+---------------------
+
+Make sure, the backend servlet container has properly configured AJP connector. For example, in JBoss it is not enabled by default and you have to explicitly enable it:
+
+    # cd $JBOSS_HOME/bin
+    # ./jboss-cli.sh 
+    You are disconnected at the moment. Type 'connect' to connect to the server or 'help' for the list of supported commands.
+    [disconnected /] connect
+    [standalone@localhost:9999 /] /subsystem=web:read-children-names(child-type=connector)
+    {
+        "outcome" => "success",
+        "result" => ["http"]
+    }
+    [standalone@localhost:9999 /] /subsystem=web/connector=ajp:add(socket-binding=ajp, protocol="AJP/1.3", enabled=true, scheme=ajp)
+    {"outcome" => "success"}
+    [standalone@localhost:9999 /] /subsystem=web:read-children-names(child-type=connector)
+    {
+        "outcome" => "success",
+        "result" => [
+            "ajp",
+            "http" 
+        ]
+    }
+
+
+Plugin installation and configuration
+-------------------------------------
+
+Clone the repository and run the Maven install script:
+
+    # git clone https://github.com/mheder/liferay-shibboleth-plugin
+    # cd liferay-shibboleth-plugin
+    # mvn install
+
+Then deploy the WAR file to your servlet container.
+After a successful installation a new "Shibboleth" section appears in the Liferay's Control panel at "Portal Settings / Authentication". You can adjust Shibboleth authentication there. The most important setting is the name of the attribute from with the user identity is taken.
+At the same time, in "Portal Settings --> Authentication --> General", disable all "Allow..." options.
+
+Further steps
+-------------
+
+If you plan to use Shibboleth autehtnication only, it will be a good idea to prevent your users from changing their personal info (especially the screen name which holds the identity). 
+
+If you choose to auto-create users, you need to disable the "terms of use" page and the "security question", which appear to the new users. Add these directives to your portal-ext.properties:
+
+    #
+    # Set this to true to enable reminder queries that are used to help reset a
+    # user's password.
+    #
+    users.reminder.queries.enabled=false
+    users.reminder.queries.custom.question.enabled=false
+    
+    #
+    # Set this to true if all users are required to agree to the terms of use.
+    #
+    terms.of.use.required=false
+
+Logging can be enabled at "Control panel --> Server Administration --> Log Levels" by adding these categories:
+
+    com.liferay.portal.security.auth.ShibbolethAutoLogin
+    com.liferay.portal.servlet.filters.sso.shibboleth.ShibbolethFilter
+    
+These settings will work untill server reboot only. To make them permanent you need to create a special configuration file placed at `$JBOSS_HOME/standalone/deployments/ROOT.war/WEB-INF/classes/META-INF/portal-log4j-ext.xml`:
+
+    <?xml version="1.0"?>
+    <!DOCTYPE log4j:configuration SYSTEM "log4j.dtd">
+    
+    <log4j:configuration xmlns:log4j="http://jakarta.apache.org/log4j/">
+    
+        <appender name="CONSOLE" class="org.apache.log4j.ConsoleAppender">
+            <layout class="org.apache.log4j.PatternLayout">
+                <param name="ConversionPattern" value="%d{ABSOLUTE} %-5p [%c{1}:%L] %m%n" />
+            </layout>
+        </appender>
+    
+        <category name="com.liferay.portal.security.auth.ShibbolethAutoLogin">
+            <priority value="INFO" />
+        </category>
+    
+        <category name="com.liferay.portal.servlet.filters.sso.shibboleth.ShibbolethFilter">
+            <priority value="INFO" />
+        </category>
+    
+    </log4j:configuration>
+
+
+
+Licence
+-------
+
+[MIT Licence](http://opensource.org/licenses/mit-license.php)
+
+
+Contact
+-------
+
+* homepage: https://github.com/ivan-novakov/liferay-shibboleth-plugin
+
diff --git a/pom.xml b/pom.xml
new file mode 100644
index 0000000000000000000000000000000000000000..0fdd6ea216538bed633da2931647fb64b3ca1a4e
--- /dev/null
+++ b/pom.xml
@@ -0,0 +1,95 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+    <groupId>com.github.ivan-novakov.liferay-shibboleth-plugin</groupId>
+    <artifactId>liferay-shibboleth-plugin</artifactId>
+    <packaging>war</packaging>
+    <name>liferay-shibboleth-plugin</name>
+    <url>https://github.com/ivan-novakov/liferay-shibboleth-plugin</url>
+    <version>1.2</version>
+    <properties>
+        <liferay.auto.deploy.dir>/opt/lr/deploy</liferay.auto.deploy.dir>
+        <liferay.version>6.2.0-RC5</liferay.version>
+    </properties>
+    <build>
+        <finalName>shibboleth-plugin-hook</finalName>
+        <plugins>
+            <plugin>
+                <groupId>com.liferay.maven.plugins</groupId>
+                <artifactId>liferay-maven-plugin</artifactId>
+                <version>${liferay.version}</version>
+                <configuration>
+                    <autoDeployDir>${liferay.auto.deploy.dir}</autoDeployDir>
+                    <liferayVersion>${liferay.version}</liferayVersion>
+                    <pluginType>hook</pluginType>
+                </configuration>
+            </plugin>
+            <plugin>
+                <artifactId>maven-compiler-plugin</artifactId>
+                <configuration>
+                    <encoding>UTF-8</encoding>
+                    <source>1.6</source>
+                    <target>1.6</target>
+                </configuration>
+            </plugin>
+            <plugin>
+                <artifactId>maven-resources-plugin</artifactId>
+                <configuration>
+                    <encoding>UTF-8</encoding>
+                </configuration>
+            </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-war-plugin</artifactId>
+                <version>2.4</version>
+                <configuration>
+                    <webResources>
+                        <resource>
+                            <filtering>true</filtering>
+                            <directory>src/main/webapp</directory>
+                            <includes>
+                                <include>**/liferay-plugin-package.xml</include>
+                                <include>**/web.xml</include>
+                            </includes>
+                        </resource>
+                    </webResources>
+                    <warSourceDirectory>src/main/webapp</warSourceDirectory>
+                    <webXml>src/main/webapp/WEB-INF/web.xml</webXml>
+                </configuration>
+            </plugin>
+        </plugins>
+    </build>
+    <dependencies>
+        <dependency>
+            <groupId>com.liferay.portal</groupId>
+            <artifactId>portal-service</artifactId>
+            <version>${liferay.version}</version>
+            <scope>provided</scope>
+        </dependency>
+        <dependency>
+            <groupId>com.liferay.portal</groupId>
+            <artifactId>util-java</artifactId>
+            <version>${liferay.version}</version>
+            <scope>provided</scope>
+        </dependency>
+        <dependency>
+            <groupId>javax.portlet</groupId>
+            <artifactId>portlet-api</artifactId>
+            <version>2.0</version>
+            <scope>provided</scope>
+        </dependency>
+        <dependency>
+            <groupId>javax.servlet</groupId>
+            <artifactId>servlet-api</artifactId>
+            <version>2.4</version>
+            <scope>provided</scope>
+        </dependency>
+        <dependency>
+            <groupId>javax.servlet.jsp</groupId>
+            <artifactId>jsp-api</artifactId>
+            <version>2.0</version>
+            <scope>provided</scope>
+        </dependency>
+    </dependencies>
+</project>
diff --git a/src/main/java/com/liferay/portal/security/auth/ShibbolethAutoLogin.java b/src/main/java/com/liferay/portal/security/auth/ShibbolethAutoLogin.java
new file mode 100644
index 0000000000000000000000000000000000000000..7fea4902378521a3715bec20311fbc0a8e7abb64
--- /dev/null
+++ b/src/main/java/com/liferay/portal/security/auth/ShibbolethAutoLogin.java
@@ -0,0 +1,340 @@
+package com.liferay.portal.security.auth;
+
+import com.liferay.portal.NoSuchUserException;
+import com.liferay.portal.kernel.exception.PortalException;
+import com.liferay.portal.kernel.exception.SystemException;
+import com.liferay.portal.kernel.log.Log;
+import com.liferay.portal.kernel.log.LogFactoryUtil;
+import com.liferay.portal.kernel.util.StringPool;
+import com.liferay.portal.kernel.util.Validator;
+import com.liferay.portal.model.CompanyConstants;
+import com.liferay.portal.model.Role;
+import com.liferay.portal.model.User;
+import com.liferay.portal.security.ldap.PortalLDAPImporterUtil;
+import com.liferay.portal.service.RoleLocalServiceUtil;
+import com.liferay.portal.service.ServiceContext;
+import com.liferay.portal.service.UserLocalServiceUtil;
+import com.liferay.portal.shibboleth.util.ShibbolethPropsKeys;
+import com.liferay.portal.shibboleth.util.Util;
+import com.liferay.portal.util.PortalUtil;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+import java.util.*;
+
+/**
+ * Performs autologin based on the header values passed by Shibboleth.
+ * 
+ * The Shibboleth user ID header set in the configuration must contain the user
+ * ID, if users are authenticated by screen name or the user email, if the users
+ * are authenticated by email (Portal settings --> Authentication --> General).
+ * 
+ * @author Romeo Sheshi
+ * @author Ivan Novakov <ivan.novakov@debug.cz>
+ */
+public class ShibbolethAutoLogin implements AutoLogin {
+
+	private static Log _log = LogFactoryUtil.getLog(ShibbolethAutoLogin.class);
+
+    @Override
+    public String[] handleException(HttpServletRequest request, HttpServletResponse response, Exception e) throws AutoLoginException {
+        // taken from BaseAutoLogin
+        if (Validator.isNull(request.getAttribute(AutoLogin.AUTO_LOGIN_REDIRECT))) {
+            throw new AutoLoginException(e);
+        }
+        _log.error(e, e);
+        return null;
+    }
+
+    @Override
+    public String[] login(HttpServletRequest req, HttpServletResponse res) throws AutoLoginException {
+
+        User user;
+        String[] credentials = null;
+        HttpSession session = req.getSession(false);
+        long companyId = PortalUtil.getCompanyId(req);
+
+
+        try {
+            _log.info("Shibboleth Autologin [modified 2]");
+
+            if (!Util.isEnabled(companyId)) {
+                return credentials;
+            }
+
+            user = loginFromSession(companyId, session);
+            if (Validator.isNull(user)) {
+                return credentials;
+            }
+
+            credentials = new String[3];
+            credentials[0] = String.valueOf(user.getUserId());
+            credentials[1] = user.getPassword();
+            credentials[2] = Boolean.TRUE.toString();
+            return credentials;
+
+        } catch (NoSuchUserException e) {
+            logError(e);
+        } catch (Exception e) {
+            logError(e);
+            throw new AutoLoginException(e);
+        }
+
+        return credentials;
+    }
+
+    private User loginFromSession(long companyId, HttpSession session) throws Exception {
+        String login;
+        User user = null;
+
+        login = (String) session.getAttribute(ShibbolethPropsKeys.SHIBBOLETH_LOGIN);
+        if (Validator.isNull(login)) {
+            return null;
+        }
+
+        String authType = Util.getAuthType(companyId);
+
+        try {
+            if (authType.equals(CompanyConstants.AUTH_TYPE_SN)) {
+                _log.info("Trying to find user with screen name: " + login);
+                user = UserLocalServiceUtil.getUserByScreenName(companyId, login);
+            } else if (authType.equals(CompanyConstants.AUTH_TYPE_EA)) {
+
+                String emailAddress = (String) session.getAttribute(ShibbolethPropsKeys.SHIBBOLETH_HEADER_EMAIL);
+                if (Validator.isNull(emailAddress)) {
+                    return null;
+                }
+
+                _log.info("Trying to find user with email: " + emailAddress);
+                user = UserLocalServiceUtil.getUserByEmailAddress(companyId, emailAddress);
+            } else {
+                throw new NoSuchUserException();
+            }
+
+            _log.info("User found: " + user.getScreenName() + " (" + user.getEmailAddress() + ")");
+
+            if (Util.autoUpdateUser(companyId)) {
+                _log.info("Auto-updating user...");
+                updateUserFromSession(user, session);
+            }
+
+        } catch (NoSuchUserException e) {
+            _log.error("User "  + login + " not found");
+
+            if (Util.autoCreateUser(companyId)) {
+                _log.info("Importing user from session...");
+                user = createUserFromSession(companyId, session);
+                _log.info("Created user with ID: " + user.getUserId());
+            } else if (Util.importUser(companyId)) {
+                _log.info("Importing user from LDAP...");
+                user = PortalLDAPImporterUtil.importLDAPUser(companyId, StringPool.BLANK, login);
+            }
+        }
+
+        try {
+            updateUserRolesFromSession(companyId, user, session);
+        } catch (Exception e) {
+            _log.error("Exception while updating user roles from session: " + e.getMessage());
+        }
+
+        return user;
+    }
+
+    /**
+     * Create user from session
+     */
+    protected User createUserFromSession(long companyId, HttpSession session) throws Exception {
+        User user = null;
+
+        String screenName = (String) session.getAttribute(ShibbolethPropsKeys.SHIBBOLETH_LOGIN);
+        if (Validator.isNull(screenName)) {
+            _log.error("Cannot create user - missing screen name");
+            return user;
+        }
+
+        String emailAddress = (String) session.getAttribute(ShibbolethPropsKeys.SHIBBOLETH_HEADER_EMAIL);
+        if (Validator.isNull(emailAddress)) {
+            _log.error("Cannot create user - missing email");
+            return user;
+        }
+
+        String firstname = (String) session.getAttribute(ShibbolethPropsKeys.SHIBBOLETH_HEADER_FIRSTNAME);
+        if (Validator.isNull(firstname)) {
+            _log.error("Cannot create user - missing firstname");
+            return user;
+        }
+
+        String surname = (String) session.getAttribute(ShibbolethPropsKeys.SHIBBOLETH_HEADER_SURNAME);
+        if (Validator.isNull(surname)) {
+            _log.error("Cannot create user - missing surname");
+            return user;
+        }
+
+        _log.info("Creating user: screen name = [" + screenName + "], emailAddress = [" + emailAddress
+                + "], first name = [" + firstname + "], surname = [" + surname + "]");
+
+        return addUser(companyId, screenName, emailAddress, firstname, surname);
+    }
+
+    /**
+     * Store user
+     */
+    private User addUser(long companyId, String screenName, String emailAddress, String firstName, String lastName)
+            throws Exception {
+
+        long creatorUserId = 0;
+        boolean autoPassword = true;
+        String password1 = null;
+        String password2 = null;
+        boolean autoScreenName = false;
+        long facebookId = 0;
+        String openId = StringPool.BLANK;
+        Locale locale = Locale.US;
+        String middleName = StringPool.BLANK;
+        int prefixId = 0;
+        int suffixId = 0;
+        boolean male = true;
+        int birthdayMonth = Calendar.JANUARY;
+        int birthdayDay = 1;
+        int birthdayYear = 1970;
+        String jobTitle = StringPool.BLANK;
+
+        long[] groupIds = null;
+        long[] organizationIds = null;
+        long[] roleIds = null;
+        long[] userGroupIds = null;
+
+        boolean sendEmail = false;
+        ServiceContext serviceContext = null;
+
+        return UserLocalServiceUtil.addUser(creatorUserId, companyId, autoPassword, password1, password2,
+                autoScreenName, screenName, emailAddress, facebookId, openId, locale, firstName, middleName, lastName,
+                prefixId, suffixId, male, birthdayMonth, birthdayDay, birthdayYear, jobTitle, groupIds,
+                organizationIds, roleIds, userGroupIds, sendEmail, serviceContext);
+    }
+
+    protected void updateUserFromSession(User user, HttpSession session) throws Exception {
+        boolean modified = false;
+
+        String emailAddress = (String) session.getAttribute(ShibbolethPropsKeys.SHIBBOLETH_HEADER_EMAIL);
+        if (Validator.isNotNull(emailAddress) && !user.getEmailAddress().equals(emailAddress)) {
+            _log.info("User [" + user.getScreenName() + "]: update email address [" + user.getEmailAddress()
+                    + "] --> [" + emailAddress + "]");
+            user.setEmailAddress(emailAddress);
+            modified = true;
+        }
+
+        String firstname = (String) session.getAttribute(ShibbolethPropsKeys.SHIBBOLETH_HEADER_FIRSTNAME);
+        if (Validator.isNotNull(firstname) && !user.getFirstName().equals(firstname)) {
+            _log.info("User [" + user.getScreenName() + "]: update first name [" + user.getFirstName() + "] --> ["
+                    + firstname + "]");
+            user.setFirstName(firstname);
+            modified = true;
+        }
+
+        String surname = (String) session.getAttribute(ShibbolethPropsKeys.SHIBBOLETH_HEADER_SURNAME);
+        if (Validator.isNotNull(surname) && !user.getLastName().equals(surname)) {
+            _log.info("User [" + user.getScreenName() + "]: update last name [" + user.getLastName() + "] --> ["
+                    + surname + "]");
+            user.setLastName(surname);
+            modified = true;
+        }
+
+        if (modified) {
+            UserLocalServiceUtil.updateUser(user);
+        }
+    }
+
+    private void updateUserRolesFromSession(long companyId, User user, HttpSession session) throws Exception {
+        if (!Util.autoAssignUserRole(companyId)) {
+            return;
+        }
+
+        List<Role> currentFelRoles = getRolesFromSession(companyId, session);
+        long[] currentFelRoleIds = roleListToLongArray(currentFelRoles);
+
+        List<Role> felRoles = getAllRolesWithConfiguredSubtype(companyId);
+        long[] felRoleIds = roleListToLongArray(felRoles);
+
+        RoleLocalServiceUtil.unsetUserRoles(user.getUserId(), felRoleIds);
+        RoleLocalServiceUtil.addUserRoles(user.getUserId(), currentFelRoleIds);
+
+        _log.info("User '" + user.getScreenName() + "' has been assigned " + currentFelRoleIds.length + " role(s): "
+                + Arrays.toString(currentFelRoleIds));
+    }
+
+    private long[] roleListToLongArray(List<Role> roles) {
+        long[] roleIds = new long[roles.size()];
+
+        for (int i = 0; i < roles.size(); i++) {
+            roleIds[i] = roles.get(i).getRoleId();
+        }
+
+        return roleIds;
+    }
+
+    private List<Role> getAllRolesWithConfiguredSubtype(long companyId) throws Exception {
+        String roleSubtype = Util.autoAssignUserRoleSubtype(companyId);
+        return RoleLocalServiceUtil.getSubtypeRoles(roleSubtype);
+    }
+
+    private List<Role> getRolesFromSession(long companyId, HttpSession session) throws SystemException {
+        List<Role> currentFelRoles = new ArrayList<Role>();
+        String affiliation = (String) session.getAttribute(ShibbolethPropsKeys.SHIBBOLETH_HEADER_AFFILIATION);
+
+        if (Validator.isNull(affiliation)) {
+            return currentFelRoles;
+        }
+
+        String[] affiliationList = affiliation.split(";");
+        for (String roleName : affiliationList) {
+            Role role;
+            try {
+                role = RoleLocalServiceUtil.getRole(companyId, roleName);
+            } catch (PortalException e) {
+                _log.info("Exception while getting role with name '" + roleName + "': " + e.getMessage());
+                try{
+                    if(Util.isCreateRoleEnabled(companyId)){
+                        List<Role> roleList = RoleLocalServiceUtil.getRoles(companyId);
+                        long [] roleIds = roleListToLongArray(roleList);
+                        Arrays.sort(roleIds);
+                        long newId = roleIds[roleIds.length-1];
+                        newId = newId+1;
+                        role = RoleLocalServiceUtil.createRole(newId);
+
+                        long classNameId = 0;
+                        try{
+                        	classNameId = RoleLocalServiceUtil.getRole(roleIds[roleIds.length-1]).getClassNameId();
+                        }catch (PortalException ex){
+                        	_log.info("classname error");
+                        }
+                        role.setClassNameId(classNameId);
+        				role.setCompanyId(companyId);
+        				role.setClassPK(newId);
+        				role.setDescription(null);
+        				role.setTitleMap(null);
+        				role.setName(roleName);
+        				role.setType(1);
+        				RoleLocalServiceUtil.addRole(role);
+                    }else continue;
+                }catch (Exception exc){
+                    continue;
+                }        
+            }
+
+            currentFelRoles.add(role);
+        }
+
+        return currentFelRoles;
+    }
+
+    private void logError(Exception e) {
+        _log.error("Exception message = " + e.getMessage() + " cause = " + e.getCause());
+        if (_log.isDebugEnabled()) {
+            _log.error(e);
+        }
+
+    }
+
+}
\ No newline at end of file
diff --git a/src/main/java/com/liferay/portal/servlet/filters/sso/shibboleth/ShibbolethFilter.java b/src/main/java/com/liferay/portal/servlet/filters/sso/shibboleth/ShibbolethFilter.java
new file mode 100644
index 0000000000000000000000000000000000000000..2b00b16df1101fef9743b003b529fbf40b211418
--- /dev/null
+++ b/src/main/java/com/liferay/portal/servlet/filters/sso/shibboleth/ShibbolethFilter.java
@@ -0,0 +1,218 @@
+package com.liferay.portal.servlet.filters.sso.shibboleth;
+
+import com.liferay.portal.kernel.log.Log;
+import com.liferay.portal.kernel.log.LogFactoryUtil;
+import com.liferay.portal.kernel.servlet.BaseFilter;
+import com.liferay.portal.kernel.util.Validator;
+import com.liferay.portal.shibboleth.util.ShibbolethPropsKeys;
+import com.liferay.portal.shibboleth.util.Util;
+import com.liferay.portal.util.PortalUtil;
+
+import javax.servlet.FilterChain;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+
+/**
+ * @author Romeo Sheshi
+ * @author Ivan Novakov <ivan.novakov@debug.cz>
+ */
+public class ShibbolethFilter extends BaseFilter {
+
+    @Override
+    public boolean isFilterEnabled(HttpServletRequest request, HttpServletResponse response) {
+        try {
+            long companyId = PortalUtil.getCompanyId(request);
+            if (Util.isEnabled(companyId)) {
+                return true;
+            }
+        } catch (Exception e) {
+            _log.error(e, e);
+        }
+        return false;
+    }
+
+    @Override
+    protected Log getLog() {
+        return _log;
+    }
+
+    @Override
+    protected void processFilter(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
+            throws Exception {
+
+        _log.info("Shibboleth filter");
+
+        String pathInfo = request.getPathInfo();
+        HttpSession session = request.getSession();
+        long companyId = PortalUtil.getCompanyId(request);
+
+        if (pathInfo.contains("/portal/logout")) {
+            if (Util.isLogoutEnabled(companyId)) {
+                session.invalidate();
+                String logoutUrl = Util.getLogoutUrl(companyId);
+                response.sendRedirect(logoutUrl);
+                return;
+            }
+        } else {
+            extractData(session, companyId, request);
+        }
+        processFilter(ShibbolethFilter.class, request, response, filterChain);
+    }
+
+    /**
+     * Extracts user data from AJP or HTTP header
+     *
+     * @return true if any data is present
+     */
+    protected boolean extractData(HttpSession session, long companyId, HttpServletRequest request) throws Exception {
+        String login = (String) session.getAttribute(ShibbolethPropsKeys.SHIBBOLETH_LOGIN);
+        if (Validator.isNull(login)) {
+
+            boolean headersEnabled = Util.isHeadersEnabled(companyId);
+
+            if (headersEnabled) {
+                _log.info("Using HTTP headers as source for attribute values");
+            } else {
+                _log.info("Using Environment variables as source for attribute values");
+            }
+
+            //String aaiProvidedLoginName = getHeader(Util.getHeaderName(companyId), request, headersEnabled);
+	   
+           //MODIFIED FV
+	    String aaiProvidedLoginName = getHeader(Util.getHeaderName(companyId), request, headersEnabled);
+
+            System.out.println ("ORIGINAL: "+aaiProvidedLoginName);
+            aaiProvidedLoginName=aaiProvidedLoginName.split("@")[0];
+            System.out.println ("SPLITTED: "+aaiProvidedLoginName);
+
+            String aaiProvidedEmail = getHeader(Util.getEmailHeaderName(companyId), request, headersEnabled);
+
+            String aaiProvidedFirstname = getHeader(Util.getFirstnameHeaderName(companyId), request, headersEnabled);
+
+            String aaiProvidedSurname = getHeader(Util.getSurnameHeaderName(companyId), request, headersEnabled);
+
+            String aaiProvidedAffiliation = getHeader(Util.getAffiliationHeaderName(companyId), request, headersEnabled);
+
+
+            if (Validator.isNull(aaiProvidedLoginName)) {
+                _log.error("Required header [" + Util.getHeaderName(companyId) + "] not found");
+                _log.error("AAI authentication failed as login name header is empty.");
+                return false;
+            }
+            if (Util.isScreenNameTransformEnabled(companyId)) {
+                _log.info("ScreenName transform is enabled.");
+                //check validity of screen name 
+              
+                    // most probably it is an eduPersonPrincipalName. Make transformations
+                if(aaiProvidedLoginName.contains("@")){
+                    _log.info("The login name provided by AAI looks like an "
+                            + "email (or eduPersonPrincipalName): "
+                            + aaiProvidedLoginName
+                            + " It needs to be converted to be a Liferay screen name.");
+                    aaiProvidedLoginName = aaiProvidedLoginName.replaceAll("@", ".at.");
+                    _log.info("Login name is converted to:" + aaiProvidedLoginName);
+                } else _log.info("error");
+                //Liferay does not like underscores
+                if (aaiProvidedLoginName.contains("_")) {
+                    _log.info("The login name provided by AAI contains underscores:"
+                            + aaiProvidedLoginName
+                            + "It needs to be converted to be a Liferay screen name.");
+                    aaiProvidedLoginName = aaiProvidedLoginName.replaceAll("_", "-");
+                    _log.info("Login name is converted to:" + aaiProvidedLoginName);
+                }
+            }
+            else {
+                _log.info("ScreenName transform is disabled.");
+            }
+            
+            _log.info("AAI-provided screen name is:" + aaiProvidedLoginName);
+            session.setAttribute(ShibbolethPropsKeys.SHIBBOLETH_LOGIN, aaiProvidedLoginName);
+
+            //get the first of multi-valued email address
+            if (aaiProvidedEmail.contains(";")) {
+                _log.info("The email address string provided by AAI is multi-valued:"
+                        + aaiProvidedEmail
+                        + " Using the first value.");
+                String[] emails = aaiProvidedEmail.split(";");
+                aaiProvidedEmail = emails[0];
+            }
+            _log.info("AAI-provided email is:" + aaiProvidedEmail);
+            session.setAttribute(ShibbolethPropsKeys.SHIBBOLETH_HEADER_EMAIL, aaiProvidedEmail);
+
+            if (Validator.isNull(aaiProvidedFirstname)) {
+                _log.error("No First name provided in: "
+                        + Util.getFirstnameHeaderName(companyId)
+                        + " using a default value instead.");
+                aaiProvidedFirstname = "MissingFirstName";
+            }
+            _log.info("AAI-provided first name is:" + aaiProvidedFirstname);
+            session.setAttribute(ShibbolethPropsKeys.SHIBBOLETH_HEADER_FIRSTNAME, aaiProvidedFirstname);
+
+            if (Validator.isNull(aaiProvidedSurname)) {
+                _log.error("No Surname provided in: "
+                        + Util.getSurnameHeaderName(companyId)
+                        + " using a default value instead.");
+                aaiProvidedSurname = "MissingSurname";
+            }
+            _log.info("AAI-provided Surname is:" + aaiProvidedSurname);
+            session.setAttribute(ShibbolethPropsKeys.SHIBBOLETH_HEADER_SURNAME, aaiProvidedSurname);
+
+            if (Validator.isNull(aaiProvidedAffiliation)) {
+                _log.debug("No affiliation provided");
+                aaiProvidedAffiliation = "";
+            }
+            if (Util.isAffiliationTruncateEnabled(companyId) && aaiProvidedAffiliation.contains(":")) {
+                _log.info("affiliation contains ':' characters: "
+                        + aaiProvidedAffiliation
+                        + " assuming eduPersonEntitlement format");
+                // AAI-provided affiliation is multi-valued
+                if (aaiProvidedAffiliation.contains(";")) {
+                    _log.info("AAI-provided affiliation is multi-valued:"
+                            + aaiProvidedAffiliation
+                            + " Processing each vale");
+                    String[] affiliations = aaiProvidedAffiliation.split(";");
+                    aaiProvidedAffiliation = "";
+
+                    for (int i = 0; i < affiliations.length; i++) {
+                        String[] parts = affiliations[i].split(":");
+                        aaiProvidedAffiliation += parts[parts.length - 1];
+                        if (i < affiliations.length - 1) {
+                            aaiProvidedAffiliation += ";";
+                        }
+                    }
+
+                } else {
+                    String[] parts = aaiProvidedAffiliation.split(":");
+                    aaiProvidedAffiliation = parts[parts.length - 1];
+                }
+            }
+            _log.info("AAI-provided affiliation is:" + aaiProvidedAffiliation);
+            session.setAttribute(ShibbolethPropsKeys.SHIBBOLETH_HEADER_AFFILIATION, aaiProvidedAffiliation);
+
+            return true;
+        } else {
+            return false;
+        }
+    }
+
+    protected String getHeader(String headerName, HttpServletRequest request, boolean headersEnabled) {
+        if (Validator.isNull(headerName)) {
+            return null;
+        }
+        String headerValue;
+
+        if (headersEnabled) {
+            headerValue = request.getHeader(headerName);
+        } else {
+            headerValue = (String) request.getAttribute(headerName);
+        }
+
+        _log.info("Header [" + headerName + "]: " + headerValue);
+
+        return headerValue;
+    }
+
+    private static final Log _log = LogFactoryUtil.getLog(ShibbolethFilter.class);
+
+}
diff --git a/src/main/java/com/liferay/portal/shibboleth/util/ShibbolethPropsKeys.java b/src/main/java/com/liferay/portal/shibboleth/util/ShibbolethPropsKeys.java
new file mode 100644
index 0000000000000000000000000000000000000000..d77ef5f3a3057f095fbf964c07d72b13a953de9b
--- /dev/null
+++ b/src/main/java/com/liferay/portal/shibboleth/util/ShibbolethPropsKeys.java
@@ -0,0 +1,48 @@
+package com.liferay.portal.shibboleth.util;
+
+/**
+ * @author Romeo Sheshi
+ * @author Ivan Novakov <ivan.novakov@debug.cz>
+ */
+public class ShibbolethPropsKeys {
+
+	public static final String SHIBBOLETH_ENABLED = "shibboleth.enabled";
+
+	public static final String SHIBBOLETH_HEADER = "shibboleth.header";
+
+	public static final String SHIBBOLETH_HEADER_EMAIL = "shibboleth.header.email";
+
+	public static final String SHIBBOLETH_HEADER_FIRSTNAME = "shibboleth.header.firstname";
+
+	public static final String SHIBBOLETH_HEADER_SURNAME = "shibboleth.header.surname";
+
+	public static final String SHIBBOLETH_HEADER_AFFILIATION = "shibboleth.header.affiliation";
+
+	public static final String SHIBBOLETH_USER_AUTO_CREATE = "shibboleth.user.auto.create";
+
+	public static final String SHIBBOLETH_USER_AUTO_UPDATE = "shibboleth.user.auto.update";
+
+	public static final String SHIBBOLETH_USER_ROLE_AUTO_ASSIGN = "shibboleth.user.role.auto.assign";
+
+	public static final String SHIBBOLETH_USER_ROLE_AUTO_ASSIGN_SUBTYPE = "shibboleth.user.role.auto.assign.subtype";
+
+	public static final String SHIBBOLETH_LOGIN = "shibboleth.login";
+
+	public static final String SHIBBOLETH_USER_LDAP_IMPORT = "shibboleth.user.ldap.import";
+
+	public static final String SHIBBOLETH_LOGIN_URL = "shibboleth.login.url";
+
+	public static final String SHIBBOLETH_LOGOUT_ENABLE = "shibboleth.logout.enabled";
+
+	public static final String SHIBBOLETH_LOGOUT_URL = "shibboleth.logout.url";
+
+    public static final String SHIBBOLETH_HEADERS_ENABLE = "shibboleth.headers.enabled";
+
+    public static final String SHIBBOLETH_AFFILIATION_TRUNCATE_ENABLE = "shibboleth.affiliation.truncate.enabled";
+
+    public static final String SHIBBOLETH_SCREENNAME_TRANSFORM_ENABLE = "shibboleth.screenname.transform.enabled";
+
+   	public static final String SHIBBOLETH_HEADER_AFFILIATION_PREFIX = "shibboleth.header.affiliation.prefix";
+
+   	public static final String SHIBBOLETH_USER_ROLE_AUTO_CREATE = "shibboleth.user.role.auto.create";
+}
diff --git a/src/main/java/com/liferay/portal/shibboleth/util/ShibbolethPropsValues.java b/src/main/java/com/liferay/portal/shibboleth/util/ShibbolethPropsValues.java
new file mode 100644
index 0000000000000000000000000000000000000000..e7b06840776fa6533a50e185d589b89d309aa2c7
--- /dev/null
+++ b/src/main/java/com/liferay/portal/shibboleth/util/ShibbolethPropsValues.java
@@ -0,0 +1,48 @@
+package com.liferay.portal.shibboleth.util;
+
+import com.liferay.portal.kernel.util.GetterUtil;
+import com.liferay.portal.kernel.util.PropsUtil;
+
+/**
+ * @author Romeo Sheshi
+ * @author Ivan Novakov <ivan.novakov@debug.cz>
+ */
+public class ShibbolethPropsValues {
+    public static final boolean SHIBBOLETH_ENABLED = GetterUtil.getBoolean(PropsUtil.get(ShibbolethPropsKeys.SHIBBOLETH_ENABLED));
+
+    public static final String SHIBBOLETH_HEADER = PropsUtil.get(ShibbolethPropsKeys.SHIBBOLETH_HEADER);
+    
+    public static final String SHIBBOLETH_HEADER_EMAIL = PropsUtil.get(ShibbolethPropsKeys.SHIBBOLETH_HEADER_EMAIL);
+    
+    public static final String SHIBBOLETH_HEADER_FIRSTNAME = PropsUtil.get(ShibbolethPropsKeys.SHIBBOLETH_HEADER_FIRSTNAME);
+    
+    public static final String SHIBBOLETH_HEADER_SURNAME = PropsUtil.get(ShibbolethPropsKeys.SHIBBOLETH_HEADER_SURNAME);
+    
+    public static final String SHIBBOLETH_HEADER_AFFILIATION = PropsUtil.get(ShibbolethPropsKeys.SHIBBOLETH_HEADER_AFFILIATION);
+    
+    public static final boolean SHIBBOLETH_USER_AUTO_CREATE = GetterUtil.getBoolean(PropsUtil.get(ShibbolethPropsKeys.SHIBBOLETH_USER_AUTO_CREATE));
+    
+    public static final boolean SHIBBOLETH_USER_AUTO_UPDATE = GetterUtil.getBoolean(PropsUtil.get(ShibbolethPropsKeys.SHIBBOLETH_USER_AUTO_UPDATE));
+
+    public static final boolean SHIBBOLETH_USER_LDAP_IMPORT = GetterUtil.getBoolean(PropsUtil.get(ShibbolethPropsKeys.SHIBBOLETH_USER_LDAP_IMPORT));
+    
+    public static final boolean SHIBBOLETH_USER_ROLE_AUTO_ASSIGN = GetterUtil.getBoolean(PropsUtil.get(ShibbolethPropsKeys.SHIBBOLETH_USER_ROLE_AUTO_ASSIGN));
+    
+    public static final String SHIBBOLETH_USER_ROLE_AUTO_ASSIGN_SUBTYPE = PropsUtil.get(ShibbolethPropsKeys.SHIBBOLETH_USER_ROLE_AUTO_ASSIGN_SUBTYPE);
+
+    public static final boolean SHIBBOLETH_LOGOUT_ENABLE = GetterUtil.getBoolean(PropsUtil.get(ShibbolethPropsKeys.SHIBBOLETH_LOGOUT_ENABLE));
+
+    public static final boolean SHIBBOLETH_HEADERS_ENABLE = GetterUtil.getBoolean(PropsUtil.get(ShibbolethPropsKeys.SHIBBOLETH_HEADERS_ENABLE));
+
+    public static final boolean SHIBBOLETH_AFFILIATION_TRUNCATE_ENABLE = GetterUtil.getBoolean(PropsUtil.get(ShibbolethPropsKeys.SHIBBOLETH_AFFILIATION_TRUNCATE_ENABLE));
+
+    public static final boolean SHIBBOLETH_SCREENNAME_TRANSFORM_ENABLE = GetterUtil.getBoolean(PropsUtil.get(ShibbolethPropsKeys.SHIBBOLETH_SCREENNAME_TRANSFORM_ENABLE));
+
+    public static final String SHIBBOLETH_LOGIN_URL = PropsUtil.get(ShibbolethPropsKeys.SHIBBOLETH_LOGIN_URL);
+
+    public static final String SHIBBOLETH_LOGOUT_URL = PropsUtil.get(ShibbolethPropsKeys.SHIBBOLETH_LOGOUT_URL);
+
+    public static final String SHIBBOLETH_HEADER_AFFILIATION_PREFIX= PropsUtil.get(ShibbolethPropsKeys.SHIBBOLETH_HEADER_AFFILIATION_PREFIX);
+   
+    public static final boolean SHIBBOLETH_USER_ROLE_AUTO_CREATE = GetterUtil.getBoolean(PropsUtil.get(ShibbolethPropsKeys.SHIBBOLETH_USER_ROLE_AUTO_CREATE));
+}
diff --git a/src/main/java/com/liferay/portal/shibboleth/util/Util.java b/src/main/java/com/liferay/portal/shibboleth/util/Util.java
new file mode 100644
index 0000000000000000000000000000000000000000..bd99320ab7f5f08eca0f01748f0af553caa07603
--- /dev/null
+++ b/src/main/java/com/liferay/portal/shibboleth/util/Util.java
@@ -0,0 +1,120 @@
+package com.liferay.portal.shibboleth.util;
+
+import com.liferay.portal.kernel.util.GetterUtil;
+import com.liferay.portal.kernel.util.PrefsPropsUtil;
+import com.liferay.portal.kernel.util.PropsKeys;
+import com.liferay.portal.model.CompanyConstants;
+
+/**
+ * 
+ * @author Romeo Sheshi
+ * @author Ivan Novakov <ivan.novakov@debug.cz>
+ */
+public final class Util {
+	private Util() {
+	}
+
+	public static boolean isEnabled(long companyId) throws Exception {
+		return GetterUtil.get(getValue(companyId, ShibbolethPropsKeys.SHIBBOLETH_ENABLED),
+				ShibbolethPropsValues.SHIBBOLETH_ENABLED);
+	}
+
+	public static boolean isLogoutEnabled(long companyId) throws Exception {
+		return GetterUtil.get(getValue(companyId, ShibbolethPropsKeys.SHIBBOLETH_LOGOUT_ENABLE),
+				ShibbolethPropsValues.SHIBBOLETH_LOGOUT_ENABLE);
+	}
+
+	public static boolean isHeadersEnabled(long companyId) throws Exception {
+		return GetterUtil.get(getValue(companyId, ShibbolethPropsKeys.SHIBBOLETH_HEADERS_ENABLE),
+				ShibbolethPropsValues.SHIBBOLETH_HEADERS_ENABLE);
+	}
+
+	public static boolean isAffiliationTruncateEnabled(long companyId) throws Exception {
+		return GetterUtil.get(getValue(companyId, ShibbolethPropsKeys.SHIBBOLETH_AFFILIATION_TRUNCATE_ENABLE),
+				ShibbolethPropsValues.SHIBBOLETH_AFFILIATION_TRUNCATE_ENABLE);
+	}
+
+	public static boolean isScreenNameTransformEnabled(long companyId) throws Exception {
+		return GetterUtil.get(getValue(companyId, ShibbolethPropsKeys.SHIBBOLETH_SCREENNAME_TRANSFORM_ENABLE),
+				ShibbolethPropsValues.SHIBBOLETH_SCREENNAME_TRANSFORM_ENABLE);
+	}
+
+	public static boolean importUser(long companyId) throws Exception {
+		return GetterUtil.get(getValue(companyId, ShibbolethPropsKeys.SHIBBOLETH_USER_LDAP_IMPORT),
+				ShibbolethPropsValues.SHIBBOLETH_USER_LDAP_IMPORT);
+	}
+
+	public static String getLoginUrl(long companyId) throws Exception {
+		return GetterUtil.getString(getValue(companyId, ShibbolethPropsKeys.SHIBBOLETH_LOGIN_URL),
+				ShibbolethPropsValues.SHIBBOLETH_LOGIN_URL);
+	}
+
+	public static String getLogoutUrl(long companyId) throws Exception {
+		return GetterUtil.getString(getValue(companyId, ShibbolethPropsKeys.SHIBBOLETH_LOGOUT_URL),
+				ShibbolethPropsValues.SHIBBOLETH_LOGOUT_URL);
+	}
+
+	public static String getHeaderName(long companyId) throws Exception {
+		return GetterUtil.getString(getValue(companyId, ShibbolethPropsKeys.SHIBBOLETH_HEADER),
+				ShibbolethPropsValues.SHIBBOLETH_HEADER);
+	}
+
+	public static String getEmailHeaderName(long companyId) throws Exception {
+		return GetterUtil.getString(getValue(companyId, ShibbolethPropsKeys.SHIBBOLETH_HEADER_EMAIL),
+				ShibbolethPropsValues.SHIBBOLETH_HEADER_EMAIL);
+	}
+
+	public static String getFirstnameHeaderName(long companyId) throws Exception {
+		return GetterUtil.getString(getValue(companyId, ShibbolethPropsKeys.SHIBBOLETH_HEADER_FIRSTNAME),
+				ShibbolethPropsValues.SHIBBOLETH_HEADER_FIRSTNAME);
+	}
+
+	public static String getSurnameHeaderName(long companyId) throws Exception {
+		return GetterUtil.getString(getValue(companyId, ShibbolethPropsKeys.SHIBBOLETH_HEADER_SURNAME),
+				ShibbolethPropsValues.SHIBBOLETH_HEADER_SURNAME);
+	}
+
+	public static String getAffiliationHeaderName(long companyId) throws Exception {
+		return GetterUtil.getString(getValue(companyId, ShibbolethPropsKeys.SHIBBOLETH_HEADER_AFFILIATION),
+				ShibbolethPropsValues.SHIBBOLETH_HEADER_AFFILIATION);
+	}
+
+	public static boolean autoCreateUser(long companyId) throws Exception {
+		return GetterUtil.get(getValue(companyId, ShibbolethPropsKeys.SHIBBOLETH_USER_AUTO_CREATE),
+				ShibbolethPropsValues.SHIBBOLETH_USER_AUTO_CREATE);
+	}
+
+	public static boolean autoUpdateUser(long companyId) throws Exception {
+		return GetterUtil.get(getValue(companyId, ShibbolethPropsKeys.SHIBBOLETH_USER_AUTO_UPDATE),
+				ShibbolethPropsValues.SHIBBOLETH_USER_AUTO_UPDATE);
+	}
+
+	public static boolean autoAssignUserRole(long companyId) throws Exception {
+		return GetterUtil.get(getValue(companyId, ShibbolethPropsKeys.SHIBBOLETH_USER_ROLE_AUTO_ASSIGN),
+				ShibbolethPropsValues.SHIBBOLETH_USER_ROLE_AUTO_ASSIGN);
+	}
+
+	public static String autoAssignUserRoleSubtype(long companyId) throws Exception {
+		return GetterUtil.get(getValue(companyId, ShibbolethPropsKeys.SHIBBOLETH_USER_ROLE_AUTO_ASSIGN_SUBTYPE),
+				ShibbolethPropsValues.SHIBBOLETH_USER_ROLE_AUTO_ASSIGN_SUBTYPE);
+	}
+
+	public static String getAuthType(long companyId) throws Exception {
+		return GetterUtil.getString(getValue(companyId, PropsKeys.COMPANY_SECURITY_AUTH_TYPE),
+				CompanyConstants.AUTH_TYPE_EA);
+	}
+
+	private static String getValue(long companyId, String key) throws Exception {
+		return PrefsPropsUtil.getString(companyId, key);
+	}
+
+	public static String getAffiliationHeaderPrefix(long companyId) throws Exception {
+		return GetterUtil.get(getValue(companyId, ShibbolethPropsKeys.SHIBBOLETH_HEADER_AFFILIATION_PREFIX),
+				ShibbolethPropsValues.SHIBBOLETH_HEADER_AFFILIATION_PREFIX);
+	}
+
+	public static boolean isCreateRoleEnabled(long companyId) throws Exception {
+		return GetterUtil.get(getValue(companyId, ShibbolethPropsKeys.SHIBBOLETH_USER_ROLE_AUTO_CREATE),
+				ShibbolethPropsValues.SHIBBOLETH_USER_ROLE_AUTO_CREATE);
+	}
+}
diff --git a/src/main/resources/language.properties b/src/main/resources/language.properties
new file mode 100644
index 0000000000000000000000000000000000000000..f4af834454d78886f270c87c065f428be26a9b73
--- /dev/null
+++ b/src/main/resources/language.properties
@@ -0,0 +1,17 @@
+shibboleth-logout-enable=Logout enable
+shibboleth-headers-enable=Extract attributes from HTTP Headers instead of environment variables (see: https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPJavaInstall , the "AJP_" prefix part)
+shibboleth-affiliation-truncate-enable=Truncate affiliation values and keep only the last segment after ':'. Useful for standard eduPersonEntilement values. ('foo:bar:baz:qux:RoleName' becomes 'RoleName')
+shibboleth-screenname-transform-enable=Transform login ID to make it valid screen name. Replace '@' to '.at.' and '_' to '-'. ('foo_bar@baz.org' becomes 'foo-bar.at.baz.org')
+import-shibboleth-users-from-ldap=Import from LDAP
+shibboleth-user-header=Shibboleth header name
+shibboleth-user-id-header=Shibboleth user ID header
+shibboleth-user-header-email=Shibboleth user email header
+shibboleth-user-header-firstname=Shibboleth user first name header
+shibboleth-user-header-surname=Shibboleth user surname header
+shibboleth-user-header-affiliation=Shibboleth user affiliation header
+auto-create-users=Auto-create users
+auto-update-users=Auto-update users
+auto-assign-user-role=Auto-assign roles to users (based on the affiliation)
+auto-assign-user-role-subtype=Role subtype for auto-assign roles
+shibboleth=Shibboleth
+shibboleth-user-header-affiliation-prefix=Shibboleth user affiliation header prefix
diff --git a/src/main/resources/portal.properties b/src/main/resources/portal.properties
new file mode 100644
index 0000000000000000000000000000000000000000..8059041ab2e81cc92f9b0f9fb4126d4a745018f7
--- /dev/null
+++ b/src/main/resources/portal.properties
@@ -0,0 +1,19 @@
+auto.login.hooks=com.liferay.portal.security.auth.ShibbolethAutoLogin
+
+shibboleth.enabled=true
+shibboleth.header=eppn
+shibboleth.header.email=eppn
+shibboleth.header.firstname=givenName
+shibboleth.header.surname=sn
+shibboleth.user.auto.create=true
+shibboleth.user.auto.update=true
+shibboleth.user.ldap.import=false
+shibboleth.logout.enabled=true
+shibboleth.headers.enabled=false
+shibboleth.affiliation.truncate.enabled=false
+shibboleth.screenname.transform.enabled=true
+shibboleth.login.url=/c/portal/login/shibboleth
+shibboleth.logout.url=/Shibboleth.sso/Logout?return=/
+company.settings.form.authentication=shibboleth
+
+login.form.navigation.pre=shibboleth
\ No newline at end of file
diff --git a/src/main/webapp/WEB-INF/jsps/html/portlet/login/navigation/shibboleth.jsp b/src/main/webapp/WEB-INF/jsps/html/portlet/login/navigation/shibboleth.jsp
new file mode 100644
index 0000000000000000000000000000000000000000..48fa3ba38bbd2005a8fd9db5abfc164f8079f170
--- /dev/null
+++ b/src/main/webapp/WEB-INF/jsps/html/portlet/login/navigation/shibboleth.jsp
@@ -0,0 +1,18 @@
+<%@ include file="/html/portlet/login/init.jsp"%>
+
+<%
+
+	final String SHIBBOLETH_ENABLED = "shibboleth.enabled";
+	final String SHIBBOLETH_LOGIN_URL = "shibboleth.login.url";
+
+	boolean shibbolethEnabled = GetterUtil.getBoolean(PrefsPropsUtil.getString(PortalUtil.getCompanyId(renderRequest), SHIBBOLETH_ENABLED));
+    String shibbolethLoginUrl = PrefsPropsUtil.getString(company.getCompanyId(), "shibboleth.login.url", "");
+%>
+
+<c:if test="<%=shibbolethEnabled%>">
+
+	<liferay-ui:icon
+		src="/liferay-shibboleth-plugin-hook/images/shibboleth.png"
+		url="<%= shibbolethLoginUrl %>" message="shibboleth" />
+
+</c:if>
diff --git a/src/main/webapp/WEB-INF/jsps/html/portlet/portal_settings/authentication/shibboleth.jsp b/src/main/webapp/WEB-INF/jsps/html/portlet/portal_settings/authentication/shibboleth.jsp
new file mode 100644
index 0000000000000000000000000000000000000000..10cea50f8207f5e494e122b6de6a040e34d2799b
--- /dev/null
+++ b/src/main/webapp/WEB-INF/jsps/html/portlet/portal_settings/authentication/shibboleth.jsp
@@ -0,0 +1,96 @@
+<%@ include file="/html/portlet/portal_settings/init.jsp" %>
+<%
+    final String SHIBBOLETH_ENABLED = "shibboleth.enabled";
+    final String SHIBBOLETH_HEADER = "shibboleth.header";
+    final String SHIBBOLETH_USER_LDAP_IMPORT = "shibboleth.user.ldap.import";
+    final String SHIBBOLETH_LOGOUT_ENABLE = "shibboleth.logout.enabled";
+    final String SHIBBOLETH_LOGOUT_URL = "shibboleth.logout.url";
+    final String SHIBBOLETH_LOGIN_URL = "shibboleth.login.url";
+    final String SHIBBOLETH_HEADERS_ENABLE = "shibboleth.headers.enabled";
+    final String SHIBBOLETH_AFFILIATION_TRUNCATE_ENABLE = "shibboleth.affiliation.truncate.enabled";
+    final String SHIBBOLETH_SCREENNAME_TRANSFORM_ENABLE = "shibboleth.screenname.transform.enabled";
+
+    final String SHIBBOLETH_HEADER_EMAIL = "shibboleth.header.email";
+    final String SHIBBOLETH_HEADER_FIRSTNAME = "shibboleth.header.firstname";
+    final String SHIBBOLETH_HEADER_SURNAME = "shibboleth.header.surname";
+    final String SHIBBOLETH_HEADER_AFFILIATION = "shibboleth.header.affiliation";
+    final String SHIBBOLETH_USER_AUTO_CREATE  = "shibboleth.user.auto.create";
+    final String SHIBBOLETH_USER_AUTO_UPDATE = "shibboleth.user.auto.update";
+    final String SHIBBOLETH_USER_ROLE_AUTO_ASSIGN = "shibboleth.user.role.auto.assign";
+    final String SHIBBOLETH_USER_ROLE_AUTO_ASSIGN_SUBTYPE = "shibboleth.user.role.auto.assign.subtype";
+    final String SHIBBOLETH_HEADER_AFFILIATION_PREFIX = "shibboleth.header.affiliation.prefix";
+    final String SHIBBOLETH_USER_ROLE_AUTO_CREATE = "shibboleth.user.role.auto.create";
+
+    String shibbolethEnabled = PrefsPropsUtil.getString(company.getCompanyId(), SHIBBOLETH_ENABLED, "false");
+    String shibbolethHeader = PrefsPropsUtil.getString(company.getCompanyId(), SHIBBOLETH_HEADER, "");
+    String shibbolethUserLdapImport = PrefsPropsUtil.getString(company.getCompanyId(), SHIBBOLETH_USER_LDAP_IMPORT, "false");
+    String shibbolethLogoutEnabled = PrefsPropsUtil.getString(company.getCompanyId(), SHIBBOLETH_LOGOUT_ENABLE, "false");
+    String shibbolethLogoutUrl = PrefsPropsUtil.getString(company.getCompanyId(), SHIBBOLETH_LOGOUT_URL, "");
+    String shibbolethLoginUrl = PrefsPropsUtil.getString(company.getCompanyId(), SHIBBOLETH_LOGIN_URL, "");
+    String shibbolethHeadersEnabled = PrefsPropsUtil.getString(company.getCompanyId(), SHIBBOLETH_HEADERS_ENABLE, "false");
+    String shibbolethAffiliationTruncateEnabled = PrefsPropsUtil.getString(company.getCompanyId(), SHIBBOLETH_AFFILIATION_TRUNCATE_ENABLE, "false");
+    String shibbolethScreenNameTransformEnabled = PrefsPropsUtil.getString(company.getCompanyId(), SHIBBOLETH_SCREENNAME_TRANSFORM_ENABLE, "false");
+    
+    String shibbolethHeaderEmail = PrefsPropsUtil.getString(company.getCompanyId(), SHIBBOLETH_HEADER_EMAIL, "mail");
+    String shibbolethHeaderFirtsname = PrefsPropsUtil.getString(company.getCompanyId(), SHIBBOLETH_HEADER_FIRSTNAME, "givenname");
+    String shibbolethHeaderSurname = PrefsPropsUtil.getString(company.getCompanyId(), SHIBBOLETH_HEADER_SURNAME, "sn");
+    String shibbolethHeaderAffiliation = PrefsPropsUtil.getString(company.getCompanyId(), SHIBBOLETH_HEADER_AFFILIATION, "affiliation");
+    String shibbolethUserAutoCreate = PrefsPropsUtil.getString(company.getCompanyId(), SHIBBOLETH_USER_AUTO_CREATE, "false");
+    String shibbolethUserAutoUpdate = PrefsPropsUtil.getString(company.getCompanyId(), SHIBBOLETH_USER_AUTO_UPDATE, "false");
+    String shibbolethUserRoleAutoAssign = PrefsPropsUtil.getString(company.getCompanyId(), SHIBBOLETH_USER_ROLE_AUTO_ASSIGN, "false");
+    String shibbolethUserRoleAutoAssignSubtype = PrefsPropsUtil.getString(company.getCompanyId(), SHIBBOLETH_USER_ROLE_AUTO_ASSIGN_SUBTYPE, "");
+    String shibbolethHeaderAffiliationPrefix = PrefsPropsUtil.getString(company.getCompanyId(), SHIBBOLETH_HEADER_AFFILIATION_PREFIX, "");
+    String shibbolethUserRoleAutoCreate = PrefsPropsUtil.getString(company.getCompanyId(), SHIBBOLETH_USER_ROLE_AUTO_CREATE, "false");
+%>
+<aui:fieldset>
+        <aui:input label="enabled" name='<%="settings--" + SHIBBOLETH_ENABLED + "--" %>' type="checkbox"
+                   value="<%= shibbolethEnabled %>"/>
+        <aui:input cssCLass="lfr-input-text-container" label="login-url"
+                   name='<%= "settings--" + SHIBBOLETH_LOGIN_URL + "--" %>' type="text"
+                   value="<%= shibbolethLoginUrl %>"/>
+        <aui:input cssClass="lfr-input-text-container" label="shibboleth-user-id-header"
+                   name='<%= "settings--" + SHIBBOLETH_HEADER + "--" %>' type="text" value="<%= shibbolethHeader %>"/>
+        <aui:input label="shibboleth-screenname-transform-enable" name='<%= "settings--" + SHIBBOLETH_SCREENNAME_TRANSFORM_ENABLE + "--" %>'
+                   type="checkbox" value="<%= shibbolethScreenNameTransformEnabled %>"/>
+        <aui:input cssClass="lfr-input-text-container" label="shibboleth-user-header-email"
+                   name='<%= "settings--" + SHIBBOLETH_HEADER_EMAIL + "--" %>' type="text" value="<%= shibbolethHeaderEmail %>"/>    
+        <aui:input cssClass="lfr-input-text-container" label="shibboleth-user-header-firstname"
+                   name='<%= "settings--" + SHIBBOLETH_HEADER_FIRSTNAME + "--" %>' type="text" value="<%= shibbolethHeaderFirtsname %>"/>  
+        <aui:input cssClass="lfr-input-text-container" label="shibboleth-user-header-surname"
+                   name='<%= "settings--" + SHIBBOLETH_HEADER_SURNAME + "--" %>' type="text" value="<%= shibbolethHeaderSurname %>"/>    
+        <aui:input cssClass="lfr-input-text-container" label="shibboleth-user-header-affiliation"
+                   name='<%= "settings--" + SHIBBOLETH_HEADER_AFFILIATION + "--" %>' type="text" value="<%= shibbolethHeaderAffiliation %>"/>        
+        <aui:input label="shibboleth-affiliation-truncate-enable" name='<%= "settings--" + SHIBBOLETH_AFFILIATION_TRUNCATE_ENABLE + "--" %>'
+                   type="checkbox" value="<%= shibbolethAffiliationTruncateEnabled %>"/>
+        <aui:input label="auto-create-users"
+                   name='<%= "settings--" + SHIBBOLETH_USER_AUTO_CREATE + "--" %>' type="checkbox"
+                   value="<%= shibbolethUserAutoCreate %>"/>
+        <aui:input label="auto-update-users"
+                   name='<%= "settings--" + SHIBBOLETH_USER_AUTO_UPDATE + "--" %>' type="checkbox"
+                   value="<%= shibbolethUserAutoUpdate %>"/>
+        <aui:input label="import-shibboleth-users-from-ldap"
+                   name='<%= "settings--" + SHIBBOLETH_USER_LDAP_IMPORT + "--" %>' type="checkbox"
+                   value="<%= shibbolethUserLdapImport %>"/>
+        <aui:input label="auto-create-user-role"
+                   name='<%= "settings--" + SHIBBOLETH_USER_ROLE_AUTO_CREATE + "--" %>' type="checkbox"
+                   value="<%= shibbolethUserRoleAutoCreate %>"/>
+        <aui:input label="auto-assign-user-role"
+                   name='<%= "settings--" + SHIBBOLETH_USER_ROLE_AUTO_ASSIGN + "--" %>' type="checkbox"
+                   value="<%= shibbolethUserRoleAutoAssign %>"/>
+        <aui:input cssClass="lfr-input-text-container" label="auto-assign-user-role-subtype"
+                   name='<%= "settings--" + SHIBBOLETH_USER_ROLE_AUTO_ASSIGN_SUBTYPE + "--" %>' type="text"
+                   value="<%= shibbolethUserRoleAutoAssignSubtype %>"/>             
+        <aui:input label="shibboleth-logout-enable" name='<%= "settings--" + SHIBBOLETH_LOGOUT_ENABLE + "--" %>'
+                   type="checkbox" value="<%= shibbolethLogoutEnabled %>"/>
+        <aui:input cssClass="lfr-input-text-container" label="logout-url"
+                   name='<%= "settings--" + SHIBBOLETH_LOGOUT_URL + "--" %>' type="text"
+                   value="<%= shibbolethLogoutUrl %>"/>
+        <aui:input cssClass="lfr-input-text-container" label="shibboleth-user-header-affiliation-prefix"
+                   name='<%= "settings--" + SHIBBOLETH_HEADER_AFFILIATION_PREFIX + "--" %>' type="text"
+                   value="<%= shibbolethHeaderAffiliationPrefix %>"/>   
+        <aui:input label="shibboleth-headers-enable" name='<%= "settings--" + SHIBBOLETH_HEADERS_ENABLE + "--" %>'
+                   type="checkbox" value="<%= shibbolethHeadersEnabled %>"/>
+</aui:fieldset>
+
+
+
diff --git a/src/main/webapp/WEB-INF/liferay-hook.xml b/src/main/webapp/WEB-INF/liferay-hook.xml
new file mode 100644
index 0000000000000000000000000000000000000000..d230f19f6590c8eb3b5f9415bcd64579a3422ec9
--- /dev/null
+++ b/src/main/webapp/WEB-INF/liferay-hook.xml
@@ -0,0 +1,20 @@
+<?xml version="1.0"?>
+<!DOCTYPE hook PUBLIC "-//Liferay//DTD Hook 6.2.0//EN" "http://www.liferay.com/dtd/liferay-hook_6_2_0.dtd">
+
+<hook>
+    <portal-properties>portal.properties</portal-properties>
+    <language-properties>language.properties</language-properties>
+    <custom-jsp-dir>/WEB-INF/jsps</custom-jsp-dir>
+    <servlet-filter>
+        <servlet-filter-name>shibboleth</servlet-filter-name>
+        <servlet-filter-impl>com.liferay.portal.servlet.filters.sso.shibboleth.ShibbolethFilter</servlet-filter-impl>
+    </servlet-filter>
+    <servlet-filter-mapping>
+        <servlet-filter-name>shibboleth</servlet-filter-name>
+        <after-filter>Auto Login Filter</after-filter>
+        <url-pattern>/c/portal/login</url-pattern>
+        <url-pattern>/c/portal/logout</url-pattern>
+        <dispatcher>FORWARD</dispatcher>
+        <dispatcher>REQUEST</dispatcher>
+    </servlet-filter-mapping>
+</hook>
\ No newline at end of file
diff --git a/src/main/webapp/WEB-INF/liferay-plugin-package.properties b/src/main/webapp/WEB-INF/liferay-plugin-package.properties
new file mode 100644
index 0000000000000000000000000000000000000000..86d6fe22320409a1e654329163293c99d3a6bf6e
--- /dev/null
+++ b/src/main/webapp/WEB-INF/liferay-plugin-package.properties
@@ -0,0 +1,10 @@
+name=Shibboleth Plugin
+module-group-id=liferay 7.1.1
+module-incremental-version=1
+tags=
+short-description=
+change-log=
+page-url=https://github.com/ivan-novakov/liferay-shibboleth-plugin
+author=Ivan Novakov ivan.novakov@debug.cz
+page-url=http://code.google.com/p/liferay-shibboleth-plugin/
+author=Romeo Sheshi rsheshi@gmail.com
diff --git a/src/main/webapp/WEB-INF/liferay-plugin-package.xml b/src/main/webapp/WEB-INF/liferay-plugin-package.xml
new file mode 100644
index 0000000000000000000000000000000000000000..80a18d1fd55e530478ec7d4a3eb912c84d62723e
--- /dev/null
+++ b/src/main/webapp/WEB-INF/liferay-plugin-package.xml
@@ -0,0 +1,23 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plugin-package PUBLIC "-//Liferay//DTD Plugin Package 6.2.0//EN"
+        "http://www.liferay.com/dtd/liferay-plugin-package_6_2_0.dtd">
+<plugin-package>
+    <name>Shibboleth Plugin</name>
+    <module-id>${project.groupId}/${project.artifactId}/${project.version}/${project.packaging}</module-id>
+    <types>
+        <type>portlets</type>
+    </types>
+    <tags>
+        <tag>shibboleth</tag>
+    </tags>
+    <short-description/>
+    <change-log/>
+    <page-url>https://github.com/ivan-novakov/liferay-shibboleth-plugin</page-url>
+    <author>Ivan Novakov ivan.novakov@debug.cz</author>
+    <licenses>
+        <license osi-approved="true">LGPL</license>
+    </licenses>
+    <liferay-versions>
+        <liferay-version>6.2.0+</liferay-version>
+    </liferay-versions>
+</plugin-package>
\ No newline at end of file
diff --git a/src/main/webapp/WEB-INF/web.xml b/src/main/webapp/WEB-INF/web.xml
new file mode 100644
index 0000000000000000000000000000000000000000..e067cae3a8db64f6119dd5338aea97484fc75950
--- /dev/null
+++ b/src/main/webapp/WEB-INF/web.xml
@@ -0,0 +1,5 @@
+<?xml version="1.0"?>
+
+<web-app version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
+</web-app>
\ No newline at end of file
diff --git a/src/main/webapp/images/shibboleth.png b/src/main/webapp/images/shibboleth.png
new file mode 100644
index 0000000000000000000000000000000000000000..b706062e24071a25c7f70ec9770fe7191b7d4768
Binary files /dev/null and b/src/main/webapp/images/shibboleth.png differ
diff --git a/target/classes/com/liferay/portal/security/auth/ShibbolethAutoLogin.class b/target/classes/com/liferay/portal/security/auth/ShibbolethAutoLogin.class
new file mode 100644
index 0000000000000000000000000000000000000000..64c7e80bd14ece4dd68368dddcbfc5947d0f8ebf
Binary files /dev/null and b/target/classes/com/liferay/portal/security/auth/ShibbolethAutoLogin.class differ
diff --git a/target/classes/com/liferay/portal/servlet/filters/sso/shibboleth/ShibbolethFilter.class b/target/classes/com/liferay/portal/servlet/filters/sso/shibboleth/ShibbolethFilter.class
new file mode 100644
index 0000000000000000000000000000000000000000..fcf3394bd41b00be8bb984e100a6e6a9441779b6
Binary files /dev/null and b/target/classes/com/liferay/portal/servlet/filters/sso/shibboleth/ShibbolethFilter.class differ
diff --git a/target/classes/com/liferay/portal/shibboleth/util/ShibbolethPropsKeys.class b/target/classes/com/liferay/portal/shibboleth/util/ShibbolethPropsKeys.class
new file mode 100644
index 0000000000000000000000000000000000000000..1c81cd108a748ee4c78dca59f68f355c9afedc29
Binary files /dev/null and b/target/classes/com/liferay/portal/shibboleth/util/ShibbolethPropsKeys.class differ
diff --git a/target/classes/com/liferay/portal/shibboleth/util/ShibbolethPropsValues.class b/target/classes/com/liferay/portal/shibboleth/util/ShibbolethPropsValues.class
new file mode 100644
index 0000000000000000000000000000000000000000..0c55c04ba3d01f9eb49f94125ea3925b030560f1
Binary files /dev/null and b/target/classes/com/liferay/portal/shibboleth/util/ShibbolethPropsValues.class differ
diff --git a/target/classes/com/liferay/portal/shibboleth/util/Util.class b/target/classes/com/liferay/portal/shibboleth/util/Util.class
new file mode 100644
index 0000000000000000000000000000000000000000..d6baffff35d7f4c16c6575b228cf40a43e1a7629
Binary files /dev/null and b/target/classes/com/liferay/portal/shibboleth/util/Util.class differ
diff --git a/target/classes/language.properties b/target/classes/language.properties
new file mode 100644
index 0000000000000000000000000000000000000000..f4af834454d78886f270c87c065f428be26a9b73
--- /dev/null
+++ b/target/classes/language.properties
@@ -0,0 +1,17 @@
+shibboleth-logout-enable=Logout enable
+shibboleth-headers-enable=Extract attributes from HTTP Headers instead of environment variables (see: https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPJavaInstall , the "AJP_" prefix part)
+shibboleth-affiliation-truncate-enable=Truncate affiliation values and keep only the last segment after ':'. Useful for standard eduPersonEntilement values. ('foo:bar:baz:qux:RoleName' becomes 'RoleName')
+shibboleth-screenname-transform-enable=Transform login ID to make it valid screen name. Replace '@' to '.at.' and '_' to '-'. ('foo_bar@baz.org' becomes 'foo-bar.at.baz.org')
+import-shibboleth-users-from-ldap=Import from LDAP
+shibboleth-user-header=Shibboleth header name
+shibboleth-user-id-header=Shibboleth user ID header
+shibboleth-user-header-email=Shibboleth user email header
+shibboleth-user-header-firstname=Shibboleth user first name header
+shibboleth-user-header-surname=Shibboleth user surname header
+shibboleth-user-header-affiliation=Shibboleth user affiliation header
+auto-create-users=Auto-create users
+auto-update-users=Auto-update users
+auto-assign-user-role=Auto-assign roles to users (based on the affiliation)
+auto-assign-user-role-subtype=Role subtype for auto-assign roles
+shibboleth=Shibboleth
+shibboleth-user-header-affiliation-prefix=Shibboleth user affiliation header prefix
diff --git a/target/classes/portal.properties b/target/classes/portal.properties
new file mode 100644
index 0000000000000000000000000000000000000000..8059041ab2e81cc92f9b0f9fb4126d4a745018f7
--- /dev/null
+++ b/target/classes/portal.properties
@@ -0,0 +1,19 @@
+auto.login.hooks=com.liferay.portal.security.auth.ShibbolethAutoLogin
+
+shibboleth.enabled=true
+shibboleth.header=eppn
+shibboleth.header.email=eppn
+shibboleth.header.firstname=givenName
+shibboleth.header.surname=sn
+shibboleth.user.auto.create=true
+shibboleth.user.auto.update=true
+shibboleth.user.ldap.import=false
+shibboleth.logout.enabled=true
+shibboleth.headers.enabled=false
+shibboleth.affiliation.truncate.enabled=false
+shibboleth.screenname.transform.enabled=true
+shibboleth.login.url=/c/portal/login/shibboleth
+shibboleth.logout.url=/Shibboleth.sso/Logout?return=/
+company.settings.form.authentication=shibboleth
+
+login.form.navigation.pre=shibboleth
\ No newline at end of file
diff --git a/target/maven-archiver/pom.properties b/target/maven-archiver/pom.properties
new file mode 100644
index 0000000000000000000000000000000000000000..908d59d39380b78742de95dfe5ebeccf05ff0011
--- /dev/null
+++ b/target/maven-archiver/pom.properties
@@ -0,0 +1,5 @@
+#Generated by Maven
+#Tue Jul 05 11:42:51 CEST 2016
+version=1.2
+groupId=com.github.ivan-novakov.liferay-shibboleth-plugin
+artifactId=liferay-shibboleth-plugin
diff --git a/target/shibboleth-plugin-hook.war b/target/shibboleth-plugin-hook.war
new file mode 100644
index 0000000000000000000000000000000000000000..332fa5e5f67614f68ce8e9a71567d35edf1ddcab
Binary files /dev/null and b/target/shibboleth-plugin-hook.war differ
diff --git a/target/shibboleth-plugin-hook/WEB-INF/classes/com/liferay/portal/security/auth/ShibbolethAutoLogin.class b/target/shibboleth-plugin-hook/WEB-INF/classes/com/liferay/portal/security/auth/ShibbolethAutoLogin.class
new file mode 100644
index 0000000000000000000000000000000000000000..64c7e80bd14ece4dd68368dddcbfc5947d0f8ebf
Binary files /dev/null and b/target/shibboleth-plugin-hook/WEB-INF/classes/com/liferay/portal/security/auth/ShibbolethAutoLogin.class differ
diff --git a/target/shibboleth-plugin-hook/WEB-INF/classes/com/liferay/portal/servlet/filters/sso/shibboleth/ShibbolethFilter.class b/target/shibboleth-plugin-hook/WEB-INF/classes/com/liferay/portal/servlet/filters/sso/shibboleth/ShibbolethFilter.class
new file mode 100644
index 0000000000000000000000000000000000000000..fcf3394bd41b00be8bb984e100a6e6a9441779b6
Binary files /dev/null and b/target/shibboleth-plugin-hook/WEB-INF/classes/com/liferay/portal/servlet/filters/sso/shibboleth/ShibbolethFilter.class differ
diff --git a/target/shibboleth-plugin-hook/WEB-INF/classes/com/liferay/portal/shibboleth/util/ShibbolethPropsKeys.class b/target/shibboleth-plugin-hook/WEB-INF/classes/com/liferay/portal/shibboleth/util/ShibbolethPropsKeys.class
new file mode 100644
index 0000000000000000000000000000000000000000..1c81cd108a748ee4c78dca59f68f355c9afedc29
Binary files /dev/null and b/target/shibboleth-plugin-hook/WEB-INF/classes/com/liferay/portal/shibboleth/util/ShibbolethPropsKeys.class differ
diff --git a/target/shibboleth-plugin-hook/WEB-INF/classes/com/liferay/portal/shibboleth/util/ShibbolethPropsValues.class b/target/shibboleth-plugin-hook/WEB-INF/classes/com/liferay/portal/shibboleth/util/ShibbolethPropsValues.class
new file mode 100644
index 0000000000000000000000000000000000000000..0c55c04ba3d01f9eb49f94125ea3925b030560f1
Binary files /dev/null and b/target/shibboleth-plugin-hook/WEB-INF/classes/com/liferay/portal/shibboleth/util/ShibbolethPropsValues.class differ
diff --git a/target/shibboleth-plugin-hook/WEB-INF/classes/com/liferay/portal/shibboleth/util/Util.class b/target/shibboleth-plugin-hook/WEB-INF/classes/com/liferay/portal/shibboleth/util/Util.class
new file mode 100644
index 0000000000000000000000000000000000000000..d6baffff35d7f4c16c6575b228cf40a43e1a7629
Binary files /dev/null and b/target/shibboleth-plugin-hook/WEB-INF/classes/com/liferay/portal/shibboleth/util/Util.class differ
diff --git a/target/shibboleth-plugin-hook/WEB-INF/classes/language.properties b/target/shibboleth-plugin-hook/WEB-INF/classes/language.properties
new file mode 100644
index 0000000000000000000000000000000000000000..f4af834454d78886f270c87c065f428be26a9b73
--- /dev/null
+++ b/target/shibboleth-plugin-hook/WEB-INF/classes/language.properties
@@ -0,0 +1,17 @@
+shibboleth-logout-enable=Logout enable
+shibboleth-headers-enable=Extract attributes from HTTP Headers instead of environment variables (see: https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPJavaInstall , the "AJP_" prefix part)
+shibboleth-affiliation-truncate-enable=Truncate affiliation values and keep only the last segment after ':'. Useful for standard eduPersonEntilement values. ('foo:bar:baz:qux:RoleName' becomes 'RoleName')
+shibboleth-screenname-transform-enable=Transform login ID to make it valid screen name. Replace '@' to '.at.' and '_' to '-'. ('foo_bar@baz.org' becomes 'foo-bar.at.baz.org')
+import-shibboleth-users-from-ldap=Import from LDAP
+shibboleth-user-header=Shibboleth header name
+shibboleth-user-id-header=Shibboleth user ID header
+shibboleth-user-header-email=Shibboleth user email header
+shibboleth-user-header-firstname=Shibboleth user first name header
+shibboleth-user-header-surname=Shibboleth user surname header
+shibboleth-user-header-affiliation=Shibboleth user affiliation header
+auto-create-users=Auto-create users
+auto-update-users=Auto-update users
+auto-assign-user-role=Auto-assign roles to users (based on the affiliation)
+auto-assign-user-role-subtype=Role subtype for auto-assign roles
+shibboleth=Shibboleth
+shibboleth-user-header-affiliation-prefix=Shibboleth user affiliation header prefix
diff --git a/target/shibboleth-plugin-hook/WEB-INF/classes/portal.properties b/target/shibboleth-plugin-hook/WEB-INF/classes/portal.properties
new file mode 100644
index 0000000000000000000000000000000000000000..8059041ab2e81cc92f9b0f9fb4126d4a745018f7
--- /dev/null
+++ b/target/shibboleth-plugin-hook/WEB-INF/classes/portal.properties
@@ -0,0 +1,19 @@
+auto.login.hooks=com.liferay.portal.security.auth.ShibbolethAutoLogin
+
+shibboleth.enabled=true
+shibboleth.header=eppn
+shibboleth.header.email=eppn
+shibboleth.header.firstname=givenName
+shibboleth.header.surname=sn
+shibboleth.user.auto.create=true
+shibboleth.user.auto.update=true
+shibboleth.user.ldap.import=false
+shibboleth.logout.enabled=true
+shibboleth.headers.enabled=false
+shibboleth.affiliation.truncate.enabled=false
+shibboleth.screenname.transform.enabled=true
+shibboleth.login.url=/c/portal/login/shibboleth
+shibboleth.logout.url=/Shibboleth.sso/Logout?return=/
+company.settings.form.authentication=shibboleth
+
+login.form.navigation.pre=shibboleth
\ No newline at end of file
diff --git a/target/shibboleth-plugin-hook/WEB-INF/jsps/html/portlet/login/navigation/shibboleth.jsp b/target/shibboleth-plugin-hook/WEB-INF/jsps/html/portlet/login/navigation/shibboleth.jsp
new file mode 100644
index 0000000000000000000000000000000000000000..48fa3ba38bbd2005a8fd9db5abfc164f8079f170
--- /dev/null
+++ b/target/shibboleth-plugin-hook/WEB-INF/jsps/html/portlet/login/navigation/shibboleth.jsp
@@ -0,0 +1,18 @@
+<%@ include file="/html/portlet/login/init.jsp"%>
+
+<%
+
+	final String SHIBBOLETH_ENABLED = "shibboleth.enabled";
+	final String SHIBBOLETH_LOGIN_URL = "shibboleth.login.url";
+
+	boolean shibbolethEnabled = GetterUtil.getBoolean(PrefsPropsUtil.getString(PortalUtil.getCompanyId(renderRequest), SHIBBOLETH_ENABLED));
+    String shibbolethLoginUrl = PrefsPropsUtil.getString(company.getCompanyId(), "shibboleth.login.url", "");
+%>
+
+<c:if test="<%=shibbolethEnabled%>">
+
+	<liferay-ui:icon
+		src="/liferay-shibboleth-plugin-hook/images/shibboleth.png"
+		url="<%= shibbolethLoginUrl %>" message="shibboleth" />
+
+</c:if>
diff --git a/target/shibboleth-plugin-hook/WEB-INF/jsps/html/portlet/portal_settings/authentication/shibboleth.jsp b/target/shibboleth-plugin-hook/WEB-INF/jsps/html/portlet/portal_settings/authentication/shibboleth.jsp
new file mode 100644
index 0000000000000000000000000000000000000000..10cea50f8207f5e494e122b6de6a040e34d2799b
--- /dev/null
+++ b/target/shibboleth-plugin-hook/WEB-INF/jsps/html/portlet/portal_settings/authentication/shibboleth.jsp
@@ -0,0 +1,96 @@
+<%@ include file="/html/portlet/portal_settings/init.jsp" %>
+<%
+    final String SHIBBOLETH_ENABLED = "shibboleth.enabled";
+    final String SHIBBOLETH_HEADER = "shibboleth.header";
+    final String SHIBBOLETH_USER_LDAP_IMPORT = "shibboleth.user.ldap.import";
+    final String SHIBBOLETH_LOGOUT_ENABLE = "shibboleth.logout.enabled";
+    final String SHIBBOLETH_LOGOUT_URL = "shibboleth.logout.url";
+    final String SHIBBOLETH_LOGIN_URL = "shibboleth.login.url";
+    final String SHIBBOLETH_HEADERS_ENABLE = "shibboleth.headers.enabled";
+    final String SHIBBOLETH_AFFILIATION_TRUNCATE_ENABLE = "shibboleth.affiliation.truncate.enabled";
+    final String SHIBBOLETH_SCREENNAME_TRANSFORM_ENABLE = "shibboleth.screenname.transform.enabled";
+
+    final String SHIBBOLETH_HEADER_EMAIL = "shibboleth.header.email";
+    final String SHIBBOLETH_HEADER_FIRSTNAME = "shibboleth.header.firstname";
+    final String SHIBBOLETH_HEADER_SURNAME = "shibboleth.header.surname";
+    final String SHIBBOLETH_HEADER_AFFILIATION = "shibboleth.header.affiliation";
+    final String SHIBBOLETH_USER_AUTO_CREATE  = "shibboleth.user.auto.create";
+    final String SHIBBOLETH_USER_AUTO_UPDATE = "shibboleth.user.auto.update";
+    final String SHIBBOLETH_USER_ROLE_AUTO_ASSIGN = "shibboleth.user.role.auto.assign";
+    final String SHIBBOLETH_USER_ROLE_AUTO_ASSIGN_SUBTYPE = "shibboleth.user.role.auto.assign.subtype";
+    final String SHIBBOLETH_HEADER_AFFILIATION_PREFIX = "shibboleth.header.affiliation.prefix";
+    final String SHIBBOLETH_USER_ROLE_AUTO_CREATE = "shibboleth.user.role.auto.create";
+
+    String shibbolethEnabled = PrefsPropsUtil.getString(company.getCompanyId(), SHIBBOLETH_ENABLED, "false");
+    String shibbolethHeader = PrefsPropsUtil.getString(company.getCompanyId(), SHIBBOLETH_HEADER, "");
+    String shibbolethUserLdapImport = PrefsPropsUtil.getString(company.getCompanyId(), SHIBBOLETH_USER_LDAP_IMPORT, "false");
+    String shibbolethLogoutEnabled = PrefsPropsUtil.getString(company.getCompanyId(), SHIBBOLETH_LOGOUT_ENABLE, "false");
+    String shibbolethLogoutUrl = PrefsPropsUtil.getString(company.getCompanyId(), SHIBBOLETH_LOGOUT_URL, "");
+    String shibbolethLoginUrl = PrefsPropsUtil.getString(company.getCompanyId(), SHIBBOLETH_LOGIN_URL, "");
+    String shibbolethHeadersEnabled = PrefsPropsUtil.getString(company.getCompanyId(), SHIBBOLETH_HEADERS_ENABLE, "false");
+    String shibbolethAffiliationTruncateEnabled = PrefsPropsUtil.getString(company.getCompanyId(), SHIBBOLETH_AFFILIATION_TRUNCATE_ENABLE, "false");
+    String shibbolethScreenNameTransformEnabled = PrefsPropsUtil.getString(company.getCompanyId(), SHIBBOLETH_SCREENNAME_TRANSFORM_ENABLE, "false");
+    
+    String shibbolethHeaderEmail = PrefsPropsUtil.getString(company.getCompanyId(), SHIBBOLETH_HEADER_EMAIL, "mail");
+    String shibbolethHeaderFirtsname = PrefsPropsUtil.getString(company.getCompanyId(), SHIBBOLETH_HEADER_FIRSTNAME, "givenname");
+    String shibbolethHeaderSurname = PrefsPropsUtil.getString(company.getCompanyId(), SHIBBOLETH_HEADER_SURNAME, "sn");
+    String shibbolethHeaderAffiliation = PrefsPropsUtil.getString(company.getCompanyId(), SHIBBOLETH_HEADER_AFFILIATION, "affiliation");
+    String shibbolethUserAutoCreate = PrefsPropsUtil.getString(company.getCompanyId(), SHIBBOLETH_USER_AUTO_CREATE, "false");
+    String shibbolethUserAutoUpdate = PrefsPropsUtil.getString(company.getCompanyId(), SHIBBOLETH_USER_AUTO_UPDATE, "false");
+    String shibbolethUserRoleAutoAssign = PrefsPropsUtil.getString(company.getCompanyId(), SHIBBOLETH_USER_ROLE_AUTO_ASSIGN, "false");
+    String shibbolethUserRoleAutoAssignSubtype = PrefsPropsUtil.getString(company.getCompanyId(), SHIBBOLETH_USER_ROLE_AUTO_ASSIGN_SUBTYPE, "");
+    String shibbolethHeaderAffiliationPrefix = PrefsPropsUtil.getString(company.getCompanyId(), SHIBBOLETH_HEADER_AFFILIATION_PREFIX, "");
+    String shibbolethUserRoleAutoCreate = PrefsPropsUtil.getString(company.getCompanyId(), SHIBBOLETH_USER_ROLE_AUTO_CREATE, "false");
+%>
+<aui:fieldset>
+        <aui:input label="enabled" name='<%="settings--" + SHIBBOLETH_ENABLED + "--" %>' type="checkbox"
+                   value="<%= shibbolethEnabled %>"/>
+        <aui:input cssCLass="lfr-input-text-container" label="login-url"
+                   name='<%= "settings--" + SHIBBOLETH_LOGIN_URL + "--" %>' type="text"
+                   value="<%= shibbolethLoginUrl %>"/>
+        <aui:input cssClass="lfr-input-text-container" label="shibboleth-user-id-header"
+                   name='<%= "settings--" + SHIBBOLETH_HEADER + "--" %>' type="text" value="<%= shibbolethHeader %>"/>
+        <aui:input label="shibboleth-screenname-transform-enable" name='<%= "settings--" + SHIBBOLETH_SCREENNAME_TRANSFORM_ENABLE + "--" %>'
+                   type="checkbox" value="<%= shibbolethScreenNameTransformEnabled %>"/>
+        <aui:input cssClass="lfr-input-text-container" label="shibboleth-user-header-email"
+                   name='<%= "settings--" + SHIBBOLETH_HEADER_EMAIL + "--" %>' type="text" value="<%= shibbolethHeaderEmail %>"/>    
+        <aui:input cssClass="lfr-input-text-container" label="shibboleth-user-header-firstname"
+                   name='<%= "settings--" + SHIBBOLETH_HEADER_FIRSTNAME + "--" %>' type="text" value="<%= shibbolethHeaderFirtsname %>"/>  
+        <aui:input cssClass="lfr-input-text-container" label="shibboleth-user-header-surname"
+                   name='<%= "settings--" + SHIBBOLETH_HEADER_SURNAME + "--" %>' type="text" value="<%= shibbolethHeaderSurname %>"/>    
+        <aui:input cssClass="lfr-input-text-container" label="shibboleth-user-header-affiliation"
+                   name='<%= "settings--" + SHIBBOLETH_HEADER_AFFILIATION + "--" %>' type="text" value="<%= shibbolethHeaderAffiliation %>"/>        
+        <aui:input label="shibboleth-affiliation-truncate-enable" name='<%= "settings--" + SHIBBOLETH_AFFILIATION_TRUNCATE_ENABLE + "--" %>'
+                   type="checkbox" value="<%= shibbolethAffiliationTruncateEnabled %>"/>
+        <aui:input label="auto-create-users"
+                   name='<%= "settings--" + SHIBBOLETH_USER_AUTO_CREATE + "--" %>' type="checkbox"
+                   value="<%= shibbolethUserAutoCreate %>"/>
+        <aui:input label="auto-update-users"
+                   name='<%= "settings--" + SHIBBOLETH_USER_AUTO_UPDATE + "--" %>' type="checkbox"
+                   value="<%= shibbolethUserAutoUpdate %>"/>
+        <aui:input label="import-shibboleth-users-from-ldap"
+                   name='<%= "settings--" + SHIBBOLETH_USER_LDAP_IMPORT + "--" %>' type="checkbox"
+                   value="<%= shibbolethUserLdapImport %>"/>
+        <aui:input label="auto-create-user-role"
+                   name='<%= "settings--" + SHIBBOLETH_USER_ROLE_AUTO_CREATE + "--" %>' type="checkbox"
+                   value="<%= shibbolethUserRoleAutoCreate %>"/>
+        <aui:input label="auto-assign-user-role"
+                   name='<%= "settings--" + SHIBBOLETH_USER_ROLE_AUTO_ASSIGN + "--" %>' type="checkbox"
+                   value="<%= shibbolethUserRoleAutoAssign %>"/>
+        <aui:input cssClass="lfr-input-text-container" label="auto-assign-user-role-subtype"
+                   name='<%= "settings--" + SHIBBOLETH_USER_ROLE_AUTO_ASSIGN_SUBTYPE + "--" %>' type="text"
+                   value="<%= shibbolethUserRoleAutoAssignSubtype %>"/>             
+        <aui:input label="shibboleth-logout-enable" name='<%= "settings--" + SHIBBOLETH_LOGOUT_ENABLE + "--" %>'
+                   type="checkbox" value="<%= shibbolethLogoutEnabled %>"/>
+        <aui:input cssClass="lfr-input-text-container" label="logout-url"
+                   name='<%= "settings--" + SHIBBOLETH_LOGOUT_URL + "--" %>' type="text"
+                   value="<%= shibbolethLogoutUrl %>"/>
+        <aui:input cssClass="lfr-input-text-container" label="shibboleth-user-header-affiliation-prefix"
+                   name='<%= "settings--" + SHIBBOLETH_HEADER_AFFILIATION_PREFIX + "--" %>' type="text"
+                   value="<%= shibbolethHeaderAffiliationPrefix %>"/>   
+        <aui:input label="shibboleth-headers-enable" name='<%= "settings--" + SHIBBOLETH_HEADERS_ENABLE + "--" %>'
+                   type="checkbox" value="<%= shibbolethHeadersEnabled %>"/>
+</aui:fieldset>
+
+
+
diff --git a/target/shibboleth-plugin-hook/WEB-INF/liferay-hook.xml b/target/shibboleth-plugin-hook/WEB-INF/liferay-hook.xml
new file mode 100644
index 0000000000000000000000000000000000000000..d230f19f6590c8eb3b5f9415bcd64579a3422ec9
--- /dev/null
+++ b/target/shibboleth-plugin-hook/WEB-INF/liferay-hook.xml
@@ -0,0 +1,20 @@
+<?xml version="1.0"?>
+<!DOCTYPE hook PUBLIC "-//Liferay//DTD Hook 6.2.0//EN" "http://www.liferay.com/dtd/liferay-hook_6_2_0.dtd">
+
+<hook>
+    <portal-properties>portal.properties</portal-properties>
+    <language-properties>language.properties</language-properties>
+    <custom-jsp-dir>/WEB-INF/jsps</custom-jsp-dir>
+    <servlet-filter>
+        <servlet-filter-name>shibboleth</servlet-filter-name>
+        <servlet-filter-impl>com.liferay.portal.servlet.filters.sso.shibboleth.ShibbolethFilter</servlet-filter-impl>
+    </servlet-filter>
+    <servlet-filter-mapping>
+        <servlet-filter-name>shibboleth</servlet-filter-name>
+        <after-filter>Auto Login Filter</after-filter>
+        <url-pattern>/c/portal/login</url-pattern>
+        <url-pattern>/c/portal/logout</url-pattern>
+        <dispatcher>FORWARD</dispatcher>
+        <dispatcher>REQUEST</dispatcher>
+    </servlet-filter-mapping>
+</hook>
\ No newline at end of file
diff --git a/target/shibboleth-plugin-hook/WEB-INF/liferay-plugin-package.properties b/target/shibboleth-plugin-hook/WEB-INF/liferay-plugin-package.properties
new file mode 100644
index 0000000000000000000000000000000000000000..86d6fe22320409a1e654329163293c99d3a6bf6e
--- /dev/null
+++ b/target/shibboleth-plugin-hook/WEB-INF/liferay-plugin-package.properties
@@ -0,0 +1,10 @@
+name=Shibboleth Plugin
+module-group-id=liferay 7.1.1
+module-incremental-version=1
+tags=
+short-description=
+change-log=
+page-url=https://github.com/ivan-novakov/liferay-shibboleth-plugin
+author=Ivan Novakov ivan.novakov@debug.cz
+page-url=http://code.google.com/p/liferay-shibboleth-plugin/
+author=Romeo Sheshi rsheshi@gmail.com
diff --git a/target/shibboleth-plugin-hook/WEB-INF/liferay-plugin-package.xml b/target/shibboleth-plugin-hook/WEB-INF/liferay-plugin-package.xml
new file mode 100644
index 0000000000000000000000000000000000000000..dbf08c86f7474d44709241cc763ff631d21f4e40
--- /dev/null
+++ b/target/shibboleth-plugin-hook/WEB-INF/liferay-plugin-package.xml
@@ -0,0 +1,23 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plugin-package PUBLIC "-//Liferay//DTD Plugin Package 6.2.0//EN"
+        "http://www.liferay.com/dtd/liferay-plugin-package_6_2_0.dtd">
+<plugin-package>
+    <name>Shibboleth Plugin</name>
+    <module-id>com.github.ivan-novakov.liferay-shibboleth-plugin/liferay-shibboleth-plugin/1.2/war</module-id>
+    <types>
+        <type>portlets</type>
+    </types>
+    <tags>
+        <tag>shibboleth</tag>
+    </tags>
+    <short-description/>
+    <change-log/>
+    <page-url>https://github.com/ivan-novakov/liferay-shibboleth-plugin</page-url>
+    <author>Ivan Novakov ivan.novakov@debug.cz</author>
+    <licenses>
+        <license osi-approved="true">LGPL</license>
+    </licenses>
+    <liferay-versions>
+        <liferay-version>6.2.0+</liferay-version>
+    </liferay-versions>
+</plugin-package>
\ No newline at end of file
diff --git a/target/shibboleth-plugin-hook/WEB-INF/web.xml b/target/shibboleth-plugin-hook/WEB-INF/web.xml
new file mode 100644
index 0000000000000000000000000000000000000000..e067cae3a8db64f6119dd5338aea97484fc75950
--- /dev/null
+++ b/target/shibboleth-plugin-hook/WEB-INF/web.xml
@@ -0,0 +1,5 @@
+<?xml version="1.0"?>
+
+<web-app version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
+</web-app>
\ No newline at end of file
diff --git a/target/shibboleth-plugin-hook/images/shibboleth.png b/target/shibboleth-plugin-hook/images/shibboleth.png
new file mode 100644
index 0000000000000000000000000000000000000000..b706062e24071a25c7f70ec9770fe7191b7d4768
Binary files /dev/null and b/target/shibboleth-plugin-hook/images/shibboleth.png differ