diff options
-rw-r--r-- | NEWS | 5 | ||||
-rw-r--r-- | README | 8 | ||||
-rw-r--r-- | auth_mellon.h | 1 | ||||
-rw-r--r-- | auth_mellon_config.c | 12 | ||||
-rw-r--r-- | auth_mellon_handler.c | 10 |
5 files changed, 34 insertions, 2 deletions
@@ -1,3 +1,8 @@ +Version 0.2.7 +--------------------------------------------------------------------------- + +* Optionaly ave the remote IdP entityId in the environment + Version 0.2.6 --------------------------------------------------------------------------- @@ -185,8 +185,6 @@ MellonPostCount 100 # Default: Off MellonSecureCookie On - # MellonSecureCookie enforces the HttpOnly and secure flags - # for the mod_mellon cookie # MellonUser selects which attribute we should use for the username. # The username is passed on to other apache modules and to the web # page the user visits. NAME_ID is an attribute which we set to @@ -194,6 +192,12 @@ MellonPostCount 100 # Default: MellonUser "NAME_ID" MellonUser "NAME_ID" + # MellonIdP selects in which attribute we should dump the remote + # IdP providerId. This is passed to other apache modules and to + # the web pages the user visits. + # Default: none + # MellonIdP "IDP" + # MellonSetEnv configuration directives allows you to map # attribute names received from the IdP to names you choose # yourself. The syntax is 'MellonSetEnv <local name> <IdP name>'. diff --git a/auth_mellon.h b/auth_mellon.h index 19f00ff..0c66868 100644 --- a/auth_mellon.h +++ b/auth_mellon.h @@ -138,6 +138,7 @@ typedef struct am_dir_cfg_rec { apr_hash_t *require; apr_hash_t *envattr; const char *userattr; + const char *idpattr; int dump_session; int dump_saml_response; diff --git a/auth_mellon_config.c b/auth_mellon_config.c index ada0ee6..073768f 100644 --- a/auth_mellon_config.c +++ b/auth_mellon_config.c @@ -557,6 +557,13 @@ const command_rec auth_mellon_commands[] = { "Attribute to set as r->user. Defaults to NAME_ID, which is the" " attribute we set to the identifier we receive from the IdP." ), + AP_INIT_TAKE1( + "MellonIdP", + ap_set_string_slot, + (void *)APR_OFFSETOF(am_dir_cfg_rec, idpattr), + OR_AUTHCFG, + "Attribute we set to the IdP ProviderId." + ), AP_INIT_TAKE2( "MellonSetEnv", am_set_setenv_slot, @@ -724,6 +731,7 @@ void *auth_mellon_dir_config(apr_pool_t *p, char *d) dir->require = apr_hash_make(p); dir->envattr = apr_hash_make(p); dir->userattr = default_user_attribute; + dir->idpattr = NULL; dir->dump_session = default_dump_session; dir->dump_saml_response = default_dump_saml_response; @@ -808,6 +816,10 @@ void *auth_mellon_dir_merge(apr_pool_t *p, void *base, void *add) add_cfg->userattr : base_cfg->userattr); + new_cfg->idpattr = (add_cfg->idpattr != NULL ? + add_cfg->idpattr : + base_cfg->idpattr); + new_cfg->dump_session = (add_cfg->dump_session != default_dump_session ? add_cfg->dump_session : base_cfg->dump_session); diff --git a/auth_mellon_handler.c b/auth_mellon_handler.c index bad41c2..57cecd9 100644 --- a/auth_mellon_handler.c +++ b/auth_mellon_handler.c @@ -1304,6 +1304,16 @@ static int add_attributes(am_cache_entry_t *session, request_rec *r, return ret; } + /* If requested, save the IdP ProviderId */ + if (dir_cfg->idpattr != NULL) { + ret = am_cache_env_append(session, dir_cfg->idpattr, am_get_idp(r)); + if(ret != OK) { + return ret; + } + } + + + /* assertions is a list of LassoSaml2Assertion objects. */ for(asrt_itr = g_list_first(assertions); asrt_itr != NULL; asrt_itr = g_list_next(asrt_itr)) { |