diff options
author | olavmrk <olavmrk@a716ebb1-153a-0410-b759-cfb97c6a1b53> | 2014-04-25 09:11:40 +0000 |
---|---|---|
committer | olavmrk <olavmrk@a716ebb1-153a-0410-b759-cfb97c6a1b53> | 2014-04-25 09:11:40 +0000 |
commit | d1a2b63b74d87c6b16b955f5799ded6fe2b73877 (patch) | |
tree | 45988e38ff5afaa8c61cdeb1334a3af0d34aeb1a /auth_mellon_config.c | |
parent | b5ea9e240ef4851eb73c86926bbc9b31fc789e3d (diff) | |
download | mod_auth_mellon-d1a2b63b74d87c6b16b955f5799ded6fe2b73877.tar.gz mod_auth_mellon-d1a2b63b74d87c6b16b955f5799ded6fe2b73877.tar.xz mod_auth_mellon-d1a2b63b74d87c6b16b955f5799ded6fe2b73877.zip |
Handle non successful status posted by the Idp
Idps may decide to deny authentication for a variety of reasons.
In such a case they will post to the application with an unsuccessful
status error code.
Handle the case by returning a more appropriate 401 Unauthorized
HTTP error code.
iDo this using an extensible mechanism to map arbitrary lasso errors
to HTTP errors.
Signed-off-by: Simo Sorce <simo@redhat.com>
git-svn-id: https://modmellon.googlecode.com/svn/trunk@226 a716ebb1-153a-0410-b759-cfb97c6a1b53
Diffstat (limited to 'auth_mellon_config.c')
-rw-r--r-- | auth_mellon_config.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/auth_mellon_config.c b/auth_mellon_config.c index 855330a..9b406e8 100644 --- a/auth_mellon_config.c +++ b/auth_mellon_config.c @@ -1205,6 +1205,13 @@ const command_rec auth_mellon_commands[] = { {NULL} }; +const am_error_map_t auth_mellon_errormap[] = { + { LASSO_PROFILE_ERROR_STATUS_NOT_SUCCESS, HTTP_UNAUTHORIZED }, +#ifdef LASSO_PROFILE_ERROR_REQUEST_DENIED + { LASSO_PROFILE_ERROR_REQUEST_DENIED, HTTP_UNAUTHORIZED }, +#endif + { 0, 0 } +}; /* Release a lasso_server object associated with this configuration. * |