Add configuration directive MellonDoNotVerifyLogoutSignature

This directive allows to list IdP entityID for which the signature of their logout request must not be verified. git-svn-id: https://modmellon.googlecode.com/svn/trunk@168 a716ebb1-153a-0410-b759-cfb97c6a1b53
author: benjamin.dauvergne <benjamin.dauvergne@a716ebb1-153a-0410-b759-cfb97c6a1b53> 2012-10-09 08:41:45 +0000
committer: benjamin.dauvergne <benjamin.dauvergne@a716ebb1-153a-0410-b759-cfb97c6a1b53> 2012-10-09 08:41:45 +0000
commit: 0e35cd2063aa3e9857e59e62a9ffddcdbd21aaa0 (patch)
tree: 0e4cb945b99e7407cd91dac354a909b7f5278e2c /auth_mellon_handler.c
parent: 9081ebffabfbb281ad77fb365e7273f5fcab4604 (diff)
download: mod_auth_mellon-0e35cd2063aa3e9857e59e62a9ffddcdbd21aaa0.tar.gz
mod_auth_mellon-0e35cd2063aa3e9857e59e62a9ffddcdbd21aaa0.tar.xz
mod_auth_mellon-0e35cd2063aa3e9857e59e62a9ffddcdbd21aaa0.zip
1 files changed, 24 insertions, 0 deletions
diff --git a/auth_mellon_handler.c b/auth_mellon_handler.c
index 4877aa8..2d4003a 100644
--- a/auth_mellon_handler.c
+++ b/auth_mellon_handler.c
@@ -660,9 +660,21 @@ static int am_handle_logout_request(request_rec *r,
 {
     gint res = 0, rc = HTTP_OK;
     am_cache_entry_t *session;
+    am_dir_cfg_rec *cfg = am_get_dir_cfg(r);
 
     /* Process the logout message. Ignore missing signature. */
     res = lasso_logout_process_request_msg(logout, msg);
+#ifdef HAVE_lasso_profile_set_signature_verify_hint
+    if(res != 0 && res != LASSO_DS_ERROR_SIGNATURE_NOT_FOUND) {
+        if (apr_hash_get(cfg->do_not_verify_logout_signature,
+                         logout->parent.remote_providerID,
+                         APR_HASH_KEY_STRING)) {
+            lasso_profile_set_signature_verify_hint(&logout->parent,
+                LASSO_PROFILE_SIGNATURE_VERIFY_HINT_IGNORE);
+            res = lasso_logout_process_request_msg(logout, msg);
+        }
+    }
+#endif
     if(res != 0 && res != LASSO_DS_ERROR_SIGNATURE_NOT_FOUND) {
         ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
                       "Error processing logout request message."
@@ -753,8 +765,20 @@ static int am_handle_logout_response(request_rec *r, LassoLogout *logout)
     int rc;
     am_cache_entry_t *session;
     char *return_to;
+    am_dir_cfg_rec *cfg = am_get_dir_cfg(r);
 
     res = lasso_logout_process_response_msg(logout, r->args);
+#ifdef HAVE_lasso_profile_set_signature_verify_hint
+    if(res != 0 && res != LASSO_DS_ERROR_SIGNATURE_NOT_FOUND) {
+        if (apr_hash_get(cfg->do_not_verify_logout_signature,
+                         logout->parent.remote_providerID,
+                         APR_HASH_KEY_STRING)) {
+            lasso_profile_set_signature_verify_hint(&logout->parent,
+                LASSO_PROFILE_SIGNATURE_VERIFY_HINT_IGNORE);
+            res = lasso_logout_process_response_msg(logout, r->args);
+        }
+    }
+#endif
     if(res != 0) {
         ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
                       "Unable to process logout response."
author	benjamin.dauvergne <benjamin.dauvergne@a716ebb1-153a-0410-b759-cfb97c6a1b53>	2012-10-09 08:41:45 +0000
committer	benjamin.dauvergne <benjamin.dauvergne@a716ebb1-153a-0410-b759-cfb97c6a1b53>	2012-10-09 08:41:45 +0000
commit	0e35cd2063aa3e9857e59e62a9ffddcdbd21aaa0 (patch)
tree	0e4cb945b99e7407cd91dac354a909b7f5278e2c /auth_mellon_handler.c
parent	9081ebffabfbb281ad77fb365e7273f5fcab4604 (diff)
download	mod_auth_mellon-0e35cd2063aa3e9857e59e62a9ffddcdbd21aaa0.tar.gz mod_auth_mellon-0e35cd2063aa3e9857e59e62a9ffddcdbd21aaa0.tar.xz mod_auth_mellon-0e35cd2063aa3e9857e59e62a9ffddcdbd21aaa0.zip