summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSimo Sorce <simo@redhat.com>2014-08-15 14:39:58 -0400
committerSimo Sorce <simo@redhat.com>2014-08-15 15:38:36 -0400
commitffaa2098518c7dec427b51acf06e23c5053c119a (patch)
treebef7c676181a82000e1a1c8e78eb0b18778f7f41
parenta887d8cb3c2f844d1aacc75eea1efe3a99b05cd4 (diff)
downloadmod_auth_mellon-ffaa2098518c7dec427b51acf06e23c5053c119a.zip
mod_auth_mellon-ffaa2098518c7dec427b51acf06e23c5053c119a.tar.gz
mod_auth_mellon-ffaa2098518c7dec427b51acf06e23c5053c119a.tar.xz
Add support for AssertionConsumerServiceURLwip
Apperently some IdPs like PicketLink insist they reaaaally want to see AssertionConsumerServiceURL as part of the Authentication Request. Provide it if allowed by the SP metadata. Signed-off-by: Simo Sorce <simo@redhat.com>
-rw-r--r--auth_mellon_handler.c14
1 files changed, 14 insertions, 0 deletions
diff --git a/auth_mellon_handler.c b/auth_mellon_handler.c
index 2a0bd74..242530f 100644
--- a/auth_mellon_handler.c
+++ b/auth_mellon_handler.c
@@ -2642,6 +2642,7 @@ static int am_send_authn_request(request_rec *r, const char *idp,
char *sso_url;
gint ret;
am_dir_cfg_rec *dir_cfg;
+ char *acs_url;
dir_cfg = am_get_dir_cfg(r);
@@ -2757,6 +2758,19 @@ static int am_send_authn_request(request_rec *r, const char *idp,
/* sso_url no longer needed. */
g_free(sso_url);
+ /* Some IdPs insist they want to see an AttributeConsumerServiceURL
+ * attribute in the authentication request, so try to add one if the
+ * metadata contains one */
+ acs_url = lasso_provider_get_assertion_consumer_service_url(
+ LASSO_PROVIDER(server), NULL);
+ if (acs_url) {
+ request->AssertionConsumerServiceURL = g_strdup(acs_url);
+ /* Can't set request->ProtocolBinding (which is usually set along side
+ * AssertionConsumerServiceURL) as there is no immediate function
+ * like lasso_provider_get_assertion_consumer_service_url to get them.
+ * So leave that empty for now, it is not strictly required */
+ }
+
LASSO_PROFILE(login)->msg_relayState = g_strdup(return_to);
ret = lasso_login_build_authn_request_msg(login);