diff options
-rw-r--r-- | auth_mellon_handler.c | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/auth_mellon_handler.c b/auth_mellon_handler.c index 2a0bd74..242530f 100644 --- a/auth_mellon_handler.c +++ b/auth_mellon_handler.c @@ -2642,6 +2642,7 @@ static int am_send_authn_request(request_rec *r, const char *idp, char *sso_url; gint ret; am_dir_cfg_rec *dir_cfg; + char *acs_url; dir_cfg = am_get_dir_cfg(r); @@ -2757,6 +2758,19 @@ static int am_send_authn_request(request_rec *r, const char *idp, /* sso_url no longer needed. */ g_free(sso_url); + /* Some IdPs insist they want to see an AttributeConsumerServiceURL + * attribute in the authentication request, so try to add one if the + * metadata contains one */ + acs_url = lasso_provider_get_assertion_consumer_service_url( + LASSO_PROVIDER(server), NULL); + if (acs_url) { + request->AssertionConsumerServiceURL = g_strdup(acs_url); + /* Can't set request->ProtocolBinding (which is usually set along side + * AssertionConsumerServiceURL) as there is no immediate function + * like lasso_provider_get_assertion_consumer_service_url to get them. + * So leave that empty for now, it is not strictly required */ + } + LASSO_PROFILE(login)->msg_relayState = g_strdup(return_to); ret = lasso_login_build_authn_request_msg(login); |