diff options
author | olavmrk <olavmrk@a716ebb1-153a-0410-b759-cfb97c6a1b53> | 2013-03-06 12:53:47 +0000 |
---|---|---|
committer | olavmrk <olavmrk@a716ebb1-153a-0410-b759-cfb97c6a1b53> | 2013-03-06 12:53:47 +0000 |
commit | fc3c4a556ec71c0e840622a956c58da8c7096511 (patch) | |
tree | d10853bb992b4c36167cefdae2bee0c4749bf6f2 | |
parent | ddee5646445cdf292aa88c57d6693257c48e2d64 (diff) | |
download | mod_auth_mellon-fc3c4a556ec71c0e840622a956c58da8c7096511.tar.gz mod_auth_mellon-fc3c4a556ec71c0e840622a956c58da8c7096511.tar.xz mod_auth_mellon-fc3c4a556ec71c0e840622a956c58da8c7096511.zip |
Document the POST replay functionality.
git-svn-id: https://modmellon.googlecode.com/svn/trunk@179 a716ebb1-153a-0410-b759-cfb97c6a1b53
-rw-r--r-- | README | 38 |
1 files changed, 38 insertions, 0 deletions
@@ -642,6 +642,44 @@ directive can be used to limit the usable IdP for probe discovery: MellonProbeDiscoveryIdP "https://idp1.example.net/saml/metadata" MellonProbeDiscoveryIdP "https://idp2.example.net/saml/metadata" + +=========================================================================== + Replaying POST requests +=========================================================================== + +By default, POST requests received when the user isn't logged in are turned +into GET requests after authentication. mod_auth_mellon can instead save +the received POST request and replay / repost it after authentication. To +enable this: + +1. Create a data directory where mod_auth_mellon can store the saved data: + + mkdir /var/cache/mod_auth_mellon_postdata + +2. Set the appropriate permissions on this directory. It needs to be + accessible for the web server, but nobody else. + + chown www-data /var/cache/mod_auth_mellon_postdata + chgrp www-data /var/cache/mod_auth_mellon_postdata + chmod 0700 /var/cache/mod_auth_mellon_postdata + +3. Set the MellonPostDirectory option in your server configuration: + + MellonPostDirectory "/var/cache/mod_auth_mellon_postdata" + +4. Enable POST replay functionality for the locations you want: + + <Location /secret> + MellonEnable auth + [...] + MellonPostReplay On + </Location> + +After you restart Apache to activate the new configuration, any POST +requests that trigger authentication should now be stored while the +user logs in. + + =========================================================================== Contributors =========================================================================== |