diff --git a/uw-spring-security-core/src/main/java/edu/wisc/uwss/preauth/PreauthenticatedUserDetailsAttributeMapper.java b/uw-spring-security-core/src/main/java/edu/wisc/uwss/preauth/PreauthenticatedUserDetailsAttributeMapper.java
index cae33e0f4505b919827a9dab7286bcced5e6029e..5f49a42c5fb9785904ef1177a7af7b706f5034f9 100644
--- a/uw-spring-security-core/src/main/java/edu/wisc/uwss/preauth/PreauthenticatedUserDetailsAttributeMapper.java
+++ b/uw-spring-security-core/src/main/java/edu/wisc/uwss/preauth/PreauthenticatedUserDetailsAttributeMapper.java
@@ -85,7 +85,18 @@ public interface PreauthenticatedUserDetailsAttributeMapper {
String emplid = request.getHeader(isisEmplidHeader);
Collection<String> uddsMembership = safeGetHeaders(request, uddsHeader);
String email = request.getHeader(emailAddressHeader);
- Collection<String> manifestGroups = safeGetHeaders(request, manifestHeader);
+
+ Collection<String> manifestGroups = new ArrayList<>();
+ String manifestValue = request.getHeader(manifestHeader);
+ if (manifestValue != null) {
+ String[] manifestGroupStrings = manifestValue.split(";");
+ for (String manifestGroupString : manifestGroupStrings) {
+ if (!manifestGroupString.trim().isEmpty()) {
+ manifestGroups.add(manifestGroupString.trim());
+ }
+ }
+ }
+
UWUserDetailsImpl result = UWUserDetailsImpl.newInstance(pvi, uid, "", cn, email, uddsMembership, manifestGroups);
result.setSource("edu.wisc.uwss.preauth");
result.setEppn(eppn);
diff --git a/uw-spring-security-core/src/test/java/edu/wisc/uwss/preauth/PreauthenticatedUserDetailsAttributeMapperTest.java b/uw-spring-security-core/src/test/java/edu/wisc/uwss/preauth/PreauthenticatedUserDetailsAttributeMapperTest.java
index 76f0501045ba7ed9186fd93fecff64aa5bdec7db..08aa10d075b1e826bd36c1e31391f0509cb9fe29 100644
--- a/uw-spring-security-core/src/test/java/edu/wisc/uwss/preauth/PreauthenticatedUserDetailsAttributeMapperTest.java
+++ b/uw-spring-security-core/src/test/java/edu/wisc/uwss/preauth/PreauthenticatedUserDetailsAttributeMapperTest.java
@@ -73,8 +73,7 @@ public class PreauthenticatedUserDetailsAttributeMapperTest {
@Test
public void mapUser_isMemberOf_contains_blank_values() {
MockHttpServletRequest request = mockRequest();
- request.addHeader("isMemberOf", "");
- request.addHeader("isMemberOf", " ");
+ request.addHeader("isMemberOf", "; ");
UWUserDetails result = filter.mapUser(request);
assertNotNull(result);
@@ -88,8 +87,7 @@ public class PreauthenticatedUserDetailsAttributeMapperTest {
@Test
public void mapUser_multipleManifestGroups() {
MockHttpServletRequest request = mockRequest();
- request.addHeader("isMemberOf", "uw:domain:onegroup");
- request.addHeader("isMemberOf", "uw:domain:anothergroup");
+ request.addHeader("isMemberOf", "uw:domain:onegroup;uw:domain:anothergroup");
UWUserDetails result = filter.mapUser(request);
assertNotNull(result);
diff --git a/uw-spring-security-core/src/test/java/edu/wisc/uwss/preauth/UWUserDetailsAuthenticationFilterTest.java b/uw-spring-security-core/src/test/java/edu/wisc/uwss/preauth/UWUserDetailsAuthenticationFilterTest.java
index 539d7fb2c82084e24888bef589e5ec761e5dabd2..324dbd62b36d611007b61fd30bebcab4565e3aac 100644
--- a/uw-spring-security-core/src/test/java/edu/wisc/uwss/preauth/UWUserDetailsAuthenticationFilterTest.java
+++ b/uw-spring-security-core/src/test/java/edu/wisc/uwss/preauth/UWUserDetailsAuthenticationFilterTest.java
@@ -38,7 +38,7 @@ public class UWUserDetailsAuthenticationFilterTest {
when(request.getHeader("cn")).thenReturn("Bucky Badger");
when(request.getHeaders("wisceduudds")).thenReturn(Collections.enumeration(Arrays.asList("A061234")));
when(request.getHeader("mail")).thenReturn("foo@foo.wisc.edu");
- when(request.getHeaders("isMemberOf")).thenReturn(Collections.enumeration(Arrays.asList("somegroup")));
+ when(request.getHeader("isMemberOf")).thenReturn("somegroup");
UWUserDetails userDetails = filter.getPreAuthenticatedPrincipal(request);
assertEquals("bbadger", userDetails.getUsername());
assertEquals("bbadger@wisc.edu", userDetails.getEppn());