diff options
author | benjamin.dauvergne <benjamin.dauvergne@a716ebb1-153a-0410-b759-cfb97c6a1b53> | 2012-10-09 08:41:45 +0000 |
---|---|---|
committer | benjamin.dauvergne <benjamin.dauvergne@a716ebb1-153a-0410-b759-cfb97c6a1b53> | 2012-10-09 08:41:45 +0000 |
commit | 0e35cd2063aa3e9857e59e62a9ffddcdbd21aaa0 (patch) | |
tree | 0e4cb945b99e7407cd91dac354a909b7f5278e2c /auth_mellon_handler.c | |
parent | 9081ebffabfbb281ad77fb365e7273f5fcab4604 (diff) | |
download | mod_auth_mellon-0e35cd2063aa3e9857e59e62a9ffddcdbd21aaa0.tar.gz mod_auth_mellon-0e35cd2063aa3e9857e59e62a9ffddcdbd21aaa0.tar.xz mod_auth_mellon-0e35cd2063aa3e9857e59e62a9ffddcdbd21aaa0.zip |
Add configuration directive MellonDoNotVerifyLogoutSignature
This directive allows to list IdP entityID for which the signature of
their logout request must not be verified.
git-svn-id: https://modmellon.googlecode.com/svn/trunk@168 a716ebb1-153a-0410-b759-cfb97c6a1b53
Diffstat (limited to 'auth_mellon_handler.c')
-rw-r--r-- | auth_mellon_handler.c | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/auth_mellon_handler.c b/auth_mellon_handler.c index 4877aa8..2d4003a 100644 --- a/auth_mellon_handler.c +++ b/auth_mellon_handler.c @@ -660,9 +660,21 @@ static int am_handle_logout_request(request_rec *r, { gint res = 0, rc = HTTP_OK; am_cache_entry_t *session; + am_dir_cfg_rec *cfg = am_get_dir_cfg(r); /* Process the logout message. Ignore missing signature. */ res = lasso_logout_process_request_msg(logout, msg); +#ifdef HAVE_lasso_profile_set_signature_verify_hint + if(res != 0 && res != LASSO_DS_ERROR_SIGNATURE_NOT_FOUND) { + if (apr_hash_get(cfg->do_not_verify_logout_signature, + logout->parent.remote_providerID, + APR_HASH_KEY_STRING)) { + lasso_profile_set_signature_verify_hint(&logout->parent, + LASSO_PROFILE_SIGNATURE_VERIFY_HINT_IGNORE); + res = lasso_logout_process_request_msg(logout, msg); + } + } +#endif if(res != 0 && res != LASSO_DS_ERROR_SIGNATURE_NOT_FOUND) { ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "Error processing logout request message." @@ -753,8 +765,20 @@ static int am_handle_logout_response(request_rec *r, LassoLogout *logout) int rc; am_cache_entry_t *session; char *return_to; + am_dir_cfg_rec *cfg = am_get_dir_cfg(r); res = lasso_logout_process_response_msg(logout, r->args); +#ifdef HAVE_lasso_profile_set_signature_verify_hint + if(res != 0 && res != LASSO_DS_ERROR_SIGNATURE_NOT_FOUND) { + if (apr_hash_get(cfg->do_not_verify_logout_signature, + logout->parent.remote_providerID, + APR_HASH_KEY_STRING)) { + lasso_profile_set_signature_verify_hint(&logout->parent, + LASSO_PROFILE_SIGNATURE_VERIFY_HINT_IGNORE); + res = lasso_logout_process_response_msg(logout, r->args); + } + } +#endif if(res != 0) { ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "Unable to process logout response." |