diff options
-rw-r--r-- | auth_mellon.h | 3 | ||||
-rw-r--r-- | auth_mellon_config.c | 14 | ||||
-rw-r--r-- | auth_mellon_handler.c | 8 |
3 files changed, 25 insertions, 0 deletions
diff --git a/auth_mellon.h b/auth_mellon.h index 192cff0..8347013 100644 --- a/auth_mellon.h +++ b/auth_mellon.h @@ -210,6 +210,9 @@ typedef struct am_dir_cfg_rec { /* No cookie error page. */ const char *no_cookie_error_page; + /* Authorization error page. */ + const char *no_success_error_page; + /* Login path for IdP initiated logins */ const char *login_path; diff --git a/auth_mellon_config.c b/auth_mellon_config.c index 9b406e8..36f6b96 100644 --- a/auth_mellon_config.c +++ b/auth_mellon_config.c @@ -1046,6 +1046,15 @@ const command_rec auth_mellon_commands[] = { " ha disabled cookies." ), AP_INIT_TAKE1( + "MellonNoSuccessErrorPage", + ap_set_string_slot, + (void *)APR_OFFSETOF(am_dir_cfg_rec, no_success_error_page), + OR_AUTHCFG, + "Web page to display if the idp posts with a failed" + " authentication error. We will return a 401 Unauthorized error" + " if this is unset and the idp posts such assertion." + ), + AP_INIT_TAKE1( "MellonSPMetadataFile", am_set_filestring_slot, (void *)APR_OFFSETOF(am_dir_cfg_rec, sp_metadata_file), @@ -1271,6 +1280,7 @@ void *auth_mellon_dir_config(apr_pool_t *p, char *d) dir->session_length = -1; /* -1 means use default. */ dir->no_cookie_error_page = NULL; + dir->no_success_error_page = NULL; dir->sp_metadata_file = NULL; dir->sp_private_key_file = NULL; @@ -1425,6 +1435,10 @@ void *auth_mellon_dir_merge(apr_pool_t *p, void *base, void *add) add_cfg->no_cookie_error_page : base_cfg->no_cookie_error_page); + new_cfg->no_success_error_page = (add_cfg->no_success_error_page != NULL ? + add_cfg->no_success_error_page : + base_cfg->no_success_error_page); + new_cfg->sp_metadata_file = (add_cfg->sp_metadata_file ? add_cfg->sp_metadata_file : diff --git a/auth_mellon_handler.c b/auth_mellon_handler.c index e5c82a6..1de217a 100644 --- a/auth_mellon_handler.c +++ b/auth_mellon_handler.c @@ -1974,6 +1974,7 @@ static int am_handle_post_reply(request_rec *r) LassoServer *server; LassoLogin *login; char *relay_state; + am_dir_cfg_rec *dir_cfg = am_get_dir_cfg(r); int i, err; /* Make sure that this is a POST request. */ @@ -2048,6 +2049,13 @@ static int am_handle_post_reply(request_rec *r) break; } } + if (err == HTTP_UNAUTHORIZED) { + if (dir_cfg->no_success_error_page != NULL) { + apr_table_setn(r->headers_out, "Location", + dir_cfg->no_success_error_page); + return HTTP_SEE_OTHER; + } + } return err; } |