diff options
author | manu@netbsd.org <manu@netbsd.org@a716ebb1-153a-0410-b759-cfb97c6a1b53> | 2010-05-31 11:19:26 +0000 |
---|---|---|
committer | manu@netbsd.org <manu@netbsd.org@a716ebb1-153a-0410-b759-cfb97c6a1b53> | 2010-05-31 11:19:26 +0000 |
commit | 6d2d83d8f8792acad49ff36155df72eee373b6a7 (patch) | |
tree | badbc94a7e0f22fd2c61318e420579a934c76481 /auth_mellon_handler.c | |
parent | 40950a7b66ed2999494fdaeab3bddb5b58ad8268 (diff) | |
download | mod_auth_mellon-6d2d83d8f8792acad49ff36155df72eee373b6a7.tar.gz mod_auth_mellon-6d2d83d8f8792acad49ff36155df72eee373b6a7.tar.xz mod_auth_mellon-6d2d83d8f8792acad49ff36155df72eee373b6a7.zip |
Shibboleth 2 interoperability. This is acchieved by increasing the
storage for attributes, as OID-named attributes sent by the Shibboleth
IdP consomes quite some space.
There is also a required Destination attribute in AuthnRequest elements.
It is done by trunk version of lasso, but not by any currently released
version, hence we do if it is not done.
git-svn-id: https://modmellon.googlecode.com/svn/trunk@85 a716ebb1-153a-0410-b759-cfb97c6a1b53
Diffstat (limited to 'auth_mellon_handler.c')
-rw-r--r-- | auth_mellon_handler.c | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/auth_mellon_handler.c b/auth_mellon_handler.c index 57cecd9..1fcdb5f 100644 --- a/auth_mellon_handler.c +++ b/auth_mellon_handler.c @@ -2186,6 +2186,19 @@ static int am_auth_new_ticket(request_rec *r) LASSO_SAMLP2_REQUEST_ABSTRACT(request)->Consent = g_strdup(LASSO_SAML2_CONSENT_IMPLICIT); + + /* + * Make sure the Destination attribute is set to the IdP + * SingleSignOnService endpoint. This is required for + * Shibboleth 2 interoperability, and older versions of + * lasso (at least up to 2.2.91) did not do it. + * XXX Here we assume HTTP-Redirect method + */ + if (LASSO_SAMLP2_REQUEST_ABSTRACT(request)->Destination == NULL) + LASSO_SAMLP2_REQUEST_ABSTRACT(request)->Destination = + am_get_service_url(r, LASSO_PROFILE(login), + "SingleSignOnService HTTP-Redirect"); + LASSO_PROFILE(login)->msg_relayState = g_strdup(relay_state); ret = lasso_login_build_authn_request_msg(login); |