diff --git a/application/loginwebpage.class.inc.php b/application/loginwebpage.class.inc.php
index 514fafb4a..fa476b37b 100644
--- a/application/loginwebpage.class.inc.php
+++ b/application/loginwebpage.class.inc.php
@@ -271,23 +271,35 @@ EOF
 								$aFilteredGroupNames = array();
 								foreach($aMemberOf as $sGroupName)
 								{
+									phpCAS::log("Info: user if a member of the group: ".$sGroupName);
 									$sGroupName = trim(iconv('UTF-8', 'ASCII//TRANSLIT', $sGroupName)); // Remove accents and spaces as well
 									$aFilteredGroupNames[] = $sGroupName;
 									if (in_array($sGroupName, $aCASMemberships))
 									{
+										$bCASUserSynchro = MetaModel::GetConfig()->Get('cas_user_synchro');
+										if ($bCASUserSynchro)
+										{
+											// If needed create a new user for this email/profile
+											phpCAS::log('Info: cas_user_synchro is ON');
+											self::CreateCASUser(phpCAS::getUser(), $aMemberOf);
+										}
+										else
+										{
+											phpCAS::log('Info: cas_user_synchro is OFF');
+										}
 										$bFound = true;
 										break;
 									}	
 								}
 								if(!$bFound)
 								{
-									phpCAS :: log("User ".phpCAS::getUser().", none of his/her groups (".implode('; ', $aFilteredGroupNames).") match any of the required groups: ".implode('; ', $aCASMemberships));
+									phpCAS::log("User ".phpCAS::getUser().", none of his/her groups (".implode('; ', $aFilteredGroupNames).") match any of the required groups: ".implode('; ', $aCASMemberships));
 								}
 							}
 							else
 							{
 								// Too bad, the user is not part of any of the group => not allowed
-								phpCAS :: log("No 'memberOf' attribute found for user ".phpCAS::getUser().". Are you using the SAML protocol (S1) ?");
+								phpCAS::log("No 'memberOf' attribute found for user ".phpCAS::getUser().". Are you using the SAML protocol (S1) ?");
 							}
 						}
 						else
@@ -498,6 +510,110 @@ EOF
 		}
 		return $sMessage;
 	}
+	
+	protected static function CreateCASUser($sEmail, $aGroups)
+	{
+		if (!MetaModel::IsValidClass('URP_Profiles'))
+		{
+			phpCAS::log("URP_Profiles is not a valid class. Automatic creation of Users is not supported in this context, sorry.");
+			return;
+		}
+		
+		// read all the existing profiles
+		$oProfilesSearch = new DBObjectSearch('URP_Profiles');
+		$oProfilesSet = new DBObjectSet($oProfilesSearch);
+		$aAllProfiles = array();
+		while($oProfile = $oProfilesSet->Fetch())
+		{
+			$aAllProfiles[strtolower($oProfile->GetName())] = $oProfile->GetKey();
+		}
+		
+		// Translate the CAS/LDAP group names into iTop profile names
+		$aProfiles = array();
+		$sPattern = MetaModel::GetConfig()->Get('cas_profile_pattern');
+		foreach($aGroups as $sGroupName)
+		{
+			if (preg_match($sPattern, $sGroupName, $aMatches))
+			{
+				if (array_key_exists(strtolower($aMatches[1]), $aAllProfiles))
+				{
+					$aProfiles[] = $aAllProfiles[strtolower($aMatches[1])];
+				}
+				else
+				{
+					phpCAS::log("Warning: {$aMatches[1]} is not a valid iTop profile (extracted from group name: '$sGroupName'). Ignored.");
+				}
+			}
+		}
+		if (count($aProfiles) == 0)
+		{
+			phpCAS::log("Error: no group name matches the pattern: '$sPattern'. The user '$sEmail' has no profiles in iTop, and therefore cannot be created.");
+			return;
+		}
+		
+		$oUser = MetaModel::GetObjectByName('UserExternal', $sEmail, false);
+		if ($oUser == null)
+		{
+			// Create the user, link it to a contact
+			phpCAS::log("Info: the user '$sEmail' does not exist. A new UserExternal will be created.");
+			$oSearch = new DBObjectSearch('Person');
+			$oSearch->AddCondition('email', $sEmail);
+			$oSet = new DBObjectSet($oSearch);
+			$iContactId = 0;
+			switch($oSet->Count())
+			{
+				case 0:
+				phpCAS::log("Error: found no contact with the email: '$sEmail'. Cannot create the user in iTop.");
+				return;
+
+				case 1:
+				$oContact = $oSet->Fetch();
+				$iContactId = $oContact->GetKey();
+				phpCAS::log("Info: Found 1 contact '".$oContact->GetName()."' (id=$iContactId) corresponding to the email '$sEmail'.");
+				break;
+
+				default:
+				phpCAS::log("Error: ".$oSet->Count()." contacts have the same email: '$sEmail'. Cannot create a user for this email.");
+				return;
+			}
+			
+			$oUser = new UserExternal();
+			$oUser->Set('login', $sEmail);
+			$oUser->Set('contactid', $iContactId);
+		}
+		else
+		{
+			phpCAS::log("Info: the user '$sEmail' already exists (id=".$oUser->GetKey().").");
+		}
+
+		// Now synchronize the profiles
+		$oProfilesSet = DBObjectSet::FromScratch('URP_UserProfile');
+		foreach($aProfiles as $iProfileId)
+		{
+			$oLink = new URP_UserProfile();
+			$oLink->Set('profileid', $iProfileId);
+			$oLink->Set('reason', 'CAS/LDAP Synchro');
+			$oProfilesSet->AddObject($oLink);
+		}
+		$oUser->Set('profile_list', $oProfilesSet);
+		phpCAS::log("Info: the user $sEmail (id=".$oUser->GetKey().") now has the following profiles: '".implode("', '", $aProfiles)."'.");
+		
+		if ($oUser->IsNew() || $oUser->IsModified())
+		{
+			$oMyChange = MetaModel::NewObject("CMDBChange");
+			$oMyChange->Set("date", time());
+			$oMyChange->Set("userinfo", 'CAS/LDAP Synchro');
+			$oMyChange->DBInsert();
+			if ($oUser->IsNew())
+			{
+				$oUser->DBInsertTracked($oMyChange);
+			}
+			else
+			{
+				$oUser->DBUpdateTracked($oMyChange);
+			}
+		}
+	}
 
 } // End of class
 ?>