diff --git a/bin/account-manager-client.pl b/bin/account-manager-client.pl
index 9e2ecc48e18789fb674f67e89b2a45b643dae237..0d3cbf418eec4e7a729f0c117e8ddda2162848a6 100755
--- a/bin/account-manager-client.pl
+++ b/bin/account-manager-client.pl
@@ -17,7 +17,9 @@ use IdPAccountManager::ServiceProvider;
use IdPAccountManager::AuthenticationToken;
my %options;
-unless (&GetOptions(\%options, 'help', 'add_test_account', 'account_profile=s', 'sp_entityid=s', 'list_test_accounts', 'parse_federation_metadata', 'list_service_providers','list_authentication_tokens', 'get_authentication_token', 'add_authentication_token','email_address=s','token=s')) {
+unless (&GetOptions(\%options, 'help', 'add_test_account', 'account_profile=s', 'sp_entityid=s', 'list_test_accounts', 'parse_federation_metadata',
+ 'list_service_providers','list_authentication_tokens', 'get_authentication_token', 'add_authentication_token','email_address=s',
+ 'token=s','send_notice')) {
die "Unknown options.";
}
@@ -175,6 +177,19 @@ if ($options{'add_test_account'}) {
$authentication_token->print();
+}elsif ($options{'send_notice'}) {
+ unless ($options{'email_address'}) {
+ die "Missing email_address option";
+ }
+
+ unless (&IdPAccountManager::Tools::mail_notice('template' => 'templates/mail/notification_generic_error.tt2.eml',
+ 'data' => {},
+ 'to' => $options{'email_address'})) {
+ die "Failed to send mail notice to $options{'email_address'}\n";
+ }
+
+ printf "Mail notice sent to $options{'email_address'}\n";
+
}else {
die "Missing arguments";
diff --git a/lib/IdPAccountManager/Tools.pm b/lib/IdPAccountManager/Tools.pm
index 0229d4aa3546eedb4d4accf8954471bd01befb16..190e44da39907d3fad1aa72a2826b8b51dffda20 100644
--- a/lib/IdPAccountManager/Tools.pm
+++ b/lib/IdPAccountManager/Tools.pm
@@ -174,10 +174,23 @@ sub mail_notice {
$mail_data->{'to'} = $notice_email;
## Protection to prevent notifications during test dev phases
- ## Notify only admin_email
- if ($Conf::global{'no_mail_outside'}) {
- &do_log('info',"no_mail_outside option set; notification for %s rerouted to admins ; ", $notice_email);
- $notice_email = $Conf::global{'admin_email'};
+ ## Notify only admin_email or dev_sp_contact addresses
+ if ($Conf::global{'dev_no_mail_outside'}) {
+ my %rcpt = map {$_ => 1} split(/,/, $notice_email);
+ my %authorized_rcpt = map {$_ => 1} split(/,/, join(',', $Conf::global{'admin_email'}, $Conf::global{'dev_sp_contact'}));
+
+ my $change_rcpt = 0;
+ foreach my $email (keys %rcpt) {
+ unless ($authorized_rcpt{$email}) {
+ $change_rcpt = 1;
+ last
+ }
+ }
+
+ if ($change_rcpt) {
+ &do_log('info',"no_mail_outside option set; notification for %s rerouted to admins ; ", $notice_email);
+ $notice_email = $Conf::global{'admin_email'};
+ }
}
&do_log('trace', '(template=%s, to=%s)', $in{'template'}, $mail_data->{'to'});
diff --git a/templates/web/select_sp.tt2.html b/templates/web/select_sp.tt2.html
index b28867fa125ecf921d134fd4de23398dd4e258cf..1c54533ed2797f6c8d5ea32b2ff5647ed7b54961 100644
--- a/templates/web/select_sp.tt2.html
+++ b/templates/web/select_sp.tt2.html
@@ -14,10 +14,17 @@ Before you can create test accounts at this Identity Provider, we need to ensure
<label for="sp_entityid">The email addresses below have been extracted from your SP SAML metadata.<br/>Please select the email address where an email challenge
can be sent to validate your identity</label>
+
[% FOREACH contact IN sp_metadata_as_hashref.contacts -%]
-[% matches = contact.EmailAddress.match('^(mailto:)?(.*)$') %]
-[% SET email = matches.1%]
+ [% matches = contact.EmailAddress.match('^(mailto:)?(.*)$') %]
+ [% contacts.${matches.1} = 1 %]
+[% END %]
+
+[% FOREACH email IN conf.dev_sp_contact.split(',') %]
+[% contacts.${email} = 1 %]
+[% END %]
+[% FOREACH email IN contacts.keys.sort %]
<input name="email_address" value="[% email %]" id="email_address" type="radio" class="required"/>
<label for="email_address">[% email %]</label>