From d67664fbffe9c380a354abe115ee5afa1ff968be Mon Sep 17 00:00:00 2001
From: Nathan Kinder <nkinder@redhat.com>
Date: Tue, 10 Mar 2015 11:22:47 -0700
Subject: Add Cache-Control header to prevent browser caching of SAML auth
 location

We should prevent browser caching of the SAML auth location that we
configure for an SP. This can be easily done by adding the following
directive to that location in the httpd config:

    Header append Cache-Control "no-cache"

https://fedorahosted.org/ipsilon/ticket/81

Signed-off-by: Nathan Kinder <nkinder@redhat.com>
Reviewed-by: Rob Crittenden <rcritten@redhat.com>
---
 ipsilon/install/ipsilon-client-install | 1 +
 1 file changed, 1 insertion(+)

(limited to 'ipsilon')

diff --git a/ipsilon/install/ipsilon-client-install b/ipsilon/install/ipsilon-client-install
index 9ed2a6f..237b439 100755
--- a/ipsilon/install/ipsilon-client-install
+++ b/ipsilon/install/ipsilon-client-install
@@ -115,6 +115,7 @@ def saml2():
             saml_protect = 'info'
             saml_auth = '<Location %s>\n' \
                         '    MellonEnable "auth"\n' \
+                        '    Header append Cache-Control "no-cache"\n' \
                         '</Location>\n' % args['saml_auth']
 
         psp = '# '
-- 
cgit