summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorolavmrk <olavmrk@a716ebb1-153a-0410-b759-cfb97c6a1b53>2014-04-25 09:11:46 +0000
committerolavmrk <olavmrk@a716ebb1-153a-0410-b759-cfb97c6a1b53>2014-04-25 09:11:46 +0000
commitc7a0d4d8f5ea2c8365325070246c704b93a25469 (patch)
treeee869e16f266f45b9933ca4bea6b04373733b742
parentd1a2b63b74d87c6b16b955f5799ded6fe2b73877 (diff)
downloadmod_auth_mellon-c7a0d4d8f5ea2c8365325070246c704b93a25469.zip
mod_auth_mellon-c7a0d4d8f5ea2c8365325070246c704b93a25469.tar.gz
mod_auth_mellon-c7a0d4d8f5ea2c8365325070246c704b93a25469.tar.xz
Add a helper to redirect on unauthorized error
In case we are going to return a HTTP_UNAUTHORIZED error we can also redirect the client to an admin chosen page to let the application handle the error on its own. Signed-off-by: Simo Sorce <simo@redhat.com> git-svn-id: https://modmellon.googlecode.com/svn/trunk@227 a716ebb1-153a-0410-b759-cfb97c6a1b53
-rw-r--r--auth_mellon.h3
-rw-r--r--auth_mellon_config.c14
-rw-r--r--auth_mellon_handler.c8
3 files changed, 25 insertions, 0 deletions
diff --git a/auth_mellon.h b/auth_mellon.h
index 192cff0..8347013 100644
--- a/auth_mellon.h
+++ b/auth_mellon.h
@@ -210,6 +210,9 @@ typedef struct am_dir_cfg_rec {
/* No cookie error page. */
const char *no_cookie_error_page;
+ /* Authorization error page. */
+ const char *no_success_error_page;
+
/* Login path for IdP initiated logins */
const char *login_path;
diff --git a/auth_mellon_config.c b/auth_mellon_config.c
index 9b406e8..36f6b96 100644
--- a/auth_mellon_config.c
+++ b/auth_mellon_config.c
@@ -1046,6 +1046,15 @@ const command_rec auth_mellon_commands[] = {
" ha disabled cookies."
),
AP_INIT_TAKE1(
+ "MellonNoSuccessErrorPage",
+ ap_set_string_slot,
+ (void *)APR_OFFSETOF(am_dir_cfg_rec, no_success_error_page),
+ OR_AUTHCFG,
+ "Web page to display if the idp posts with a failed"
+ " authentication error. We will return a 401 Unauthorized error"
+ " if this is unset and the idp posts such assertion."
+ ),
+ AP_INIT_TAKE1(
"MellonSPMetadataFile",
am_set_filestring_slot,
(void *)APR_OFFSETOF(am_dir_cfg_rec, sp_metadata_file),
@@ -1271,6 +1280,7 @@ void *auth_mellon_dir_config(apr_pool_t *p, char *d)
dir->session_length = -1; /* -1 means use default. */
dir->no_cookie_error_page = NULL;
+ dir->no_success_error_page = NULL;
dir->sp_metadata_file = NULL;
dir->sp_private_key_file = NULL;
@@ -1425,6 +1435,10 @@ void *auth_mellon_dir_merge(apr_pool_t *p, void *base, void *add)
add_cfg->no_cookie_error_page :
base_cfg->no_cookie_error_page);
+ new_cfg->no_success_error_page = (add_cfg->no_success_error_page != NULL ?
+ add_cfg->no_success_error_page :
+ base_cfg->no_success_error_page);
+
new_cfg->sp_metadata_file = (add_cfg->sp_metadata_file ?
add_cfg->sp_metadata_file :
diff --git a/auth_mellon_handler.c b/auth_mellon_handler.c
index e5c82a6..1de217a 100644
--- a/auth_mellon_handler.c
+++ b/auth_mellon_handler.c
@@ -1974,6 +1974,7 @@ static int am_handle_post_reply(request_rec *r)
LassoServer *server;
LassoLogin *login;
char *relay_state;
+ am_dir_cfg_rec *dir_cfg = am_get_dir_cfg(r);
int i, err;
/* Make sure that this is a POST request. */
@@ -2048,6 +2049,13 @@ static int am_handle_post_reply(request_rec *r)
break;
}
}
+ if (err == HTTP_UNAUTHORIZED) {
+ if (dir_cfg->no_success_error_page != NULL) {
+ apr_table_setn(r->headers_out, "Location",
+ dir_cfg->no_success_error_page);
+ return HTTP_SEE_OTHER;
+ }
+ }
return err;
}