diff options
author | olavmrk <olavmrk@a716ebb1-153a-0410-b759-cfb97c6a1b53> | 2014-04-25 09:11:40 +0000 |
---|---|---|
committer | olavmrk <olavmrk@a716ebb1-153a-0410-b759-cfb97c6a1b53> | 2014-04-25 09:11:40 +0000 |
commit | d1a2b63b74d87c6b16b955f5799ded6fe2b73877 (patch) | |
tree | 45988e38ff5afaa8c61cdeb1334a3af0d34aeb1a /auth_mellon_handler.c | |
parent | b5ea9e240ef4851eb73c86926bbc9b31fc789e3d (diff) | |
download | mod_auth_mellon-d1a2b63b74d87c6b16b955f5799ded6fe2b73877.tar.gz mod_auth_mellon-d1a2b63b74d87c6b16b955f5799ded6fe2b73877.tar.xz mod_auth_mellon-d1a2b63b74d87c6b16b955f5799ded6fe2b73877.zip |
Handle non successful status posted by the Idp
Idps may decide to deny authentication for a variety of reasons.
In such a case they will post to the application with an unsuccessful
status error code.
Handle the case by returning a more appropriate 401 Unauthorized
HTTP error code.
iDo this using an extensible mechanism to map arbitrary lasso errors
to HTTP errors.
Signed-off-by: Simo Sorce <simo@redhat.com>
git-svn-id: https://modmellon.googlecode.com/svn/trunk@226 a716ebb1-153a-0410-b759-cfb97c6a1b53
Diffstat (limited to 'auth_mellon_handler.c')
-rw-r--r-- | auth_mellon_handler.c | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/auth_mellon_handler.c b/auth_mellon_handler.c index 1d42fd7..e5c82a6 100644 --- a/auth_mellon_handler.c +++ b/auth_mellon_handler.c @@ -1974,6 +1974,7 @@ static int am_handle_post_reply(request_rec *r) LassoServer *server; LassoLogin *login; char *relay_state; + int i, err; /* Make sure that this is a POST request. */ if(r->method_number != M_POST) { @@ -2040,7 +2041,14 @@ static int am_handle_post_reply(request_rec *r) " Lasso error: [%i] %s", rc, lasso_strerror(rc)); lasso_login_destroy(login); - return HTTP_BAD_REQUEST; + err = HTTP_BAD_REQUEST; + for (i = 0; auth_mellon_errormap[i].lasso_error != 0; i++) { + if (auth_mellon_errormap[i].lasso_error == rc) { + err = auth_mellon_errormap[i].http_error; + break; + } + } + return err; } /* Extract RelayState parameter. */ |