Shibboleth 2 interoperability. This is acchieved by increasing the

storage for attributes, as OID-named attributes sent by the Shibboleth
IdP consomes quite some space.

There is also a required Destination attribute in AuthnRequest elements.
It is done by trunk version of lasso, but not by any currently released
version, hence we do if it is not done.



git-svn-id: https://modmellon.googlecode.com/svn/trunk@85 a716ebb1-153a-0410-b759-cfb97c6a1b53

1 files changed, 13 insertions, 0 deletions

diff --git a/auth_mellon_handler.c b/auth_mellon_handler.c
index 57cecd9..1fcdb5f 100644
--- a/auth_mellon_handler.c
+++ b/auth_mellon_handler.c
@@ -2186,6 +2186,19 @@ static int am_auth_new_ticket(request_rec *r)
     LASSO_SAMLP2_REQUEST_ABSTRACT(request)->Consent
       = g_strdup(LASSO_SAML2_CONSENT_IMPLICIT);
 
+
+    /* 
+     * Make sure the Destination attribute is set to the IdP 
+     * SingleSignOnService endpoint. This is required for 
+     * Shibboleth 2 interoperability, and older versions of
+     * lasso (at least up to 2.2.91) did not do it.
+     * XXX Here we assume HTTP-Redirect method
+     */
+    if (LASSO_SAMLP2_REQUEST_ABSTRACT(request)->Destination == NULL)
+        LASSO_SAMLP2_REQUEST_ABSTRACT(request)->Destination = 
+            am_get_service_url(r, LASSO_PROFILE(login), 
+                               "SingleSignOnService HTTP-Redirect");
+
     LASSO_PROFILE(login)->msg_relayState = g_strdup(relay_state);
 
     ret = lasso_login_build_authn_request_msg(login);