summaryrefslogtreecommitdiffstats
path: root/auth_mellon.h
Commit message (Collapse)AuthorAgeFilesLines
* Convert session user name to dynamic size storageolavmrk2014-06-201-1/+3
| | | | | | | | | | Using the previously introduced storage facility convert storage of the user name from being constrained to fixed sized strings to being constrained only by the overall entry cache size. Signed-off-by: Simo Sorce <simo@redhat.com> git-svn-id: https://modmellon.googlecode.com/svn/trunk@236 a716ebb1-153a-0410-b759-cfb97c6a1b53
* Convert session env array to dynamic size storageolavmrk2014-06-201-4/+2
| | | | | | | | | | Using the previously introduced storage facility convert storage of env key/value pairs from being constrained to fixed sized strings to being constrained only by the overall entry cache size. Signed-off-by: Simo Sorce <simo@redhat.com> git-svn-id: https://modmellon.googlecode.com/svn/trunk@235 a716ebb1-153a-0410-b759-cfb97c6a1b53
* Convert lasso_saml_response to dynamic size storageolavmrk2014-06-201-2/+1
| | | | | | | | | | Using the previously introduced storage facility converts storage of lasso_saml_reponse from being constrained to a fixed sized string to being constrained only by the overall entry cache size. Signed-off-by: Simo Sorce <simo@redhat.com> git-svn-id: https://modmellon.googlecode.com/svn/trunk@234 a716ebb1-153a-0410-b759-cfb97c6a1b53
* Convert lasso_session to dynamic size storageolavmrk2014-06-201-2/+1
| | | | | | | | | | Using the previously introduced storage facility converts storage of lasso_session from being constrained to a fixed sized string to being constrained only by the overall entry cache size. Signed-off-by: Simo Sorce <simo@redhat.com> git-svn-id: https://modmellon.googlecode.com/svn/trunk@233 a716ebb1-153a-0410-b759-cfb97c6a1b53
* Convert lasso_identity to dynamic size storageolavmrk2014-06-201-2/+1
| | | | | | | | | | Using the previously introduced storage facility converts storage of lasso_identity from being constrained to a fixed sized string to being constrained only by the overall entry cache size. Signed-off-by: Simo Sorce <simo@redhat.com> git-svn-id: https://modmellon.googlecode.com/svn/trunk@232 a716ebb1-153a-0410-b759-cfb97c6a1b53
* Introduce dynamic memory pool for sessionsolavmrk2014-06-201-0/+14
| | | | | | | | | | | This pool has a fixed size and the aim is to avoid arbitrary limits on entry's components, while maintaining an overall fixed entry size. Accessors function for a storage unit are provided for future use. Signed-off-by: Simo Sorce <simo@redhat.com> git-svn-id: https://modmellon.googlecode.com/svn/trunk@231 a716ebb1-153a-0410-b759-cfb97c6a1b53
* Add a helper to redirect on unauthorized errorolavmrk2014-04-251-0/+3
| | | | | | | | | | In case we are going to return a HTTP_UNAUTHORIZED error we can also redirect the client to an admin chosen page to let the application handle the error on its own. Signed-off-by: Simo Sorce <simo@redhat.com> git-svn-id: https://modmellon.googlecode.com/svn/trunk@227 a716ebb1-153a-0410-b759-cfb97c6a1b53
* Handle non successful status posted by the Idpolavmrk2014-04-251-0/+7
| | | | | | | | | | | | | | | | Idps may decide to deny authentication for a variety of reasons. In such a case they will post to the application with an unsuccessful status error code. Handle the case by returning a more appropriate 401 Unauthorized HTTP error code. iDo this using an extensible mechanism to map arbitrary lasso errors to HTTP errors. Signed-off-by: Simo Sorce <simo@redhat.com> git-svn-id: https://modmellon.googlecode.com/svn/trunk@226 a716ebb1-153a-0410-b759-cfb97c6a1b53
* Simplify cache disabling headers.olavmrk2014-02-131-1/+1
| | | | | | | | | | | | | | | | | | This patch changes the headers sent to prevent errornous caching of the responses sent to only use a single header: Cache-Control: private, must-revalidate This single header should ensure that the data isn't shared between multiple users, and that the browser checks that the content is still valid for each request (enabling logout to work as expected). This drops the Exires-header, which should be unnecessary since all modern browsers support the Cache-Control-header. Thanks to Arthur Müller for providing this patch. git-svn-id: https://modmellon.googlecode.com/svn/trunk@223 a716ebb1-153a-0410-b759-cfb97c6a1b53
* Add MellonSetEvnNoPrefix option.olavmrk2013-05-301-0/+8
| | | | | | | | | This option allows you to set environment variables without the "MELLON_" prefix. Thanks to Laas Toom for implementing this! git-svn-id: https://modmellon.googlecode.com/svn/trunk@211 a716ebb1-153a-0410-b759-cfb97c6a1b53
* Move GLib compatibility helpers to a separate file.olavmrk2013-05-081-22/+4
| | | | git-svn-id: https://modmellon.googlecode.com/svn/trunk@207 a716ebb1-153a-0410-b759-cfb97c6a1b53
* Add MellonSPentityId to control entityId in autogenerated metadatamanu@netbsd.org2013-04-151-0/+1
| | | | git-svn-id: https://modmellon.googlecode.com/svn/trunk@205 a716ebb1-153a-0410-b759-cfb97c6a1b53
* Rename am_generate_session_id() to am_generate_id().olavmrk2013-03-061-3/+4
| | | | | | | | Since this function is used for both generating session IDs and for generating POST data identifiers for POST replay, it should have a generic name. git-svn-id: https://modmellon.googlecode.com/svn/trunk@181 a716ebb1-153a-0410-b759-cfb97c6a1b53
* Disable replay of POST request by default.olavmrk2013-03-061-0/+7
| | | | | | | | | Since we are going to disable autocreation of the POST data directory, we will need to disable POST replay by default. This patch adds the MellonPostReplay option, which can be used to enable and disable the POST replay functionality on a per-location basis. git-svn-id: https://modmellon.googlecode.com/svn/trunk@177 a716ebb1-153a-0410-b759-cfb97c6a1b53
* add implementation of g_hash_table_get_keys to compile under Centos 5benjamin.dauvergne2012-10-101-0/+22
| | | | git-svn-id: https://modmellon.googlecode.com/svn/trunk@171 a716ebb1-153a-0410-b759-cfb97c6a1b53
* Add configuration directive MellonDoNotVerifyLogoutSignaturebenjamin.dauvergne2012-10-091-0/+2
| | | | | | | This directive allows to list IdP entityID for which the signature of their logout request must not be verified. git-svn-id: https://modmellon.googlecode.com/svn/trunk@168 a716ebb1-153a-0410-b759-cfb97c6a1b53
* Add directive MellonSubjectConfirmationDataAddressCheckbenjamin.dauvergne2012-02-171-0/+22
| | | | | | | | | MellonSubjectConfirmationDataAddressCheck allows to block client address checking as given in IdP assertion in the SubjectConfirmationData node, it can be necessary when client and IdP or SP are in a NAT-ed network or when the SP is behind a reverse proxy. git-svn-id: https://modmellon.googlecode.com/svn/trunk@152 a716ebb1-153a-0410-b759-cfb97c6a1b53
* Add MellonAutnContextClassRef to configuration directivesolavmrk2011-12-071-0/+4
| | | | | | | | | | | You can list many class refs they will be concatenated inside an array. Beware that in each directory, if there is any MellonAuthnContextClassRef directive, any settings from the previous level is overwritten. Thanks to Benjamin Dauvergne for implementing this. git-svn-id: https://modmellon.googlecode.com/svn/trunk@140 a716ebb1-153a-0410-b759-cfb97c6a1b53
* Honour MellonProbeDiscoveryIdP order when sending probesmanu@netbsd.org2011-12-051-1/+1
| | | | git-svn-id: https://modmellon.googlecode.com/svn/trunk@139 a716ebb1-153a-0410-b759-cfb97c6a1b53
* Add support for inheriting lasso_server objects.olavmrk2011-05-181-0/+2
| | | | | | | | | | | Change configuration to inherit the lasso_server objects when nothing affecting the lasso_server object changes from the parent configuration object. This should speed up processing of requests where you have request-specific configuration changes, such as access control rules. git-svn-id: https://modmellon.googlecode.com/svn/trunk@130 a716ebb1-153a-0410-b759-cfb97c6a1b53
* Add support for loading federation metadata files.olavmrk2011-05-181-1/+7
| | | | | | Patch originally created by Emmanuel Dreyfus, some changes by me. git-svn-id: https://modmellon.googlecode.com/svn/trunk@129 a716ebb1-153a-0410-b759-cfb97c6a1b53
* Change cfg->idp_metadata_files to an array instead of an hash.olavmrk2011-05-181-1/+1
| | | | git-svn-id: https://modmellon.googlecode.com/svn/trunk@126 a716ebb1-153a-0410-b759-cfb97c6a1b53
* Add MellonCookieDomain and MellonCookiePath directivesbenjamin.dauvergne2011-04-071-0/+2
| | | | | | | | | | These allows respectively to set the domain and the path of the domain of the mellon cookie. Without these the domain defaults to the domain return by ap_get_server_name() (see http://httpd.apache.org/dev/apidoc/apidoc_ap_get_server_name.html) and the path to "/". git-svn-id: https://modmellon.googlecode.com/svn/trunk@120 a716ebb1-153a-0410-b759-cfb97c6a1b53
* New MellonIdPMetadataGlob directive to load mulitple IdP metadatamanu@netbsd.org2011-03-231-0/+2
| | | | | | | using a glob(3) pattern. git-svn-id: https://modmellon.googlecode.com/svn/trunk@117 a716ebb1-153a-0410-b759-cfb97c6a1b53
* Regexp backreference substitution in MellonCond manu@netbsd.org2011-03-221-11/+13
| | | | git-svn-id: https://modmellon.googlecode.com/svn/trunk@116 a716ebb1-153a-0410-b759-cfb97c6a1b53
* New MellonCond directive to enable attribute filtering beyond MellonRequire manu@netbsd.org2011-03-171-1/+25
| | | | | | | | | functionalities. Supports regexp, negations, and attribute name remapping though MellonSetEnv git-svn-id: https://modmellon.googlecode.com/svn/trunk@114 a716ebb1-153a-0410-b759-cfb97c6a1b53
* A /mellon/probeDisco endpoint replaces the builtin:get-metadata IdP manu@netbsd.org2011-03-091-0/+2
| | | | | | | | dicovery URL scheme. It is configured using the MellonProbeDiscoveryTimeout and MellonProbeDiscoveryIdP directives. git-svn-id: https://modmellon.googlecode.com/svn/trunk@113 a716ebb1-153a-0410-b759-cfb97c6a1b53
* Validate received response.olavmrk2010-06-301-0/+1
| | | | git-svn-id: https://modmellon.googlecode.com/svn/trunk@99 a716ebb1-153a-0410-b759-cfb97c6a1b53
* Change return type of am_reconstruct_url to not be const.olavmrk2010-06-301-1/+1
| | | | git-svn-id: https://modmellon.googlecode.com/svn/trunk@97 a716ebb1-153a-0410-b759-cfb97c6a1b53
* Shibboleth 2 interoperability. This is acchieved by increasing themanu@netbsd.org2010-05-311-2/+4
| | | | | | | | | | | | | storage for attributes, as OID-named attributes sent by the Shibboleth IdP consomes quite some space. There is also a required Destination attribute in AuthnRequest elements. It is done by trunk version of lasso, but not by any currently released version, hence we do if it is not done. git-svn-id: https://modmellon.googlecode.com/svn/trunk@85 a716ebb1-153a-0410-b759-cfb97c6a1b53
* Optionaly ave the remote IdP entityId in the environmentmanu@netbsd.org2010-05-311-0/+1
| | | | git-svn-id: https://modmellon.googlecode.com/svn/trunk@84 a716ebb1-153a-0410-b759-cfb97c6a1b53
* Make sure that redirect URLs doesn't contain control characters.olavmrk2009-11-111-0/+1
| | | | git-svn-id: https://modmellon.googlecode.com/svn/trunk@69 a716ebb1-153a-0410-b759-cfb97c6a1b53
* Support replay of multipart/form-data POST requestsmanu@netbsd.org2009-11-111-0/+10
| | | | git-svn-id: https://modmellon.googlecode.com/svn/trunk@68 a716ebb1-153a-0410-b759-cfb97c6a1b53
* Replay POST requets after been sent to the IdPmanu@netbsd.org2009-11-091-1/+9
| | | | git-svn-id: https://modmellon.googlecode.com/svn/trunk@67 a716ebb1-153a-0410-b759-cfb97c6a1b53
* Add MellonOrganization(Name|DisplayName|URL) for filling themanu@netbsd.org2009-06-151-0/+5
| | | | | | | <Organization> element of autogenerated metadata git-svn-id: https://modmellon.googlecode.com/svn/trunk@57 a716ebb1-153a-0410-b759-cfb97c6a1b53
* Strip "-----BEGIN CERTIFICATE-----", "-----END CERTIFICATE-----", and anymanu@netbsd.org2009-06-141-0/+1
| | | | | | | | non graphic character (space, CR) from the certificate presented in autogenerated metadata. git-svn-id: https://modmellon.googlecode.com/svn/trunk@55 a716ebb1-153a-0410-b759-cfb97c6a1b53
* Add a MellonSamlResponseDump option to dump the SAML authentication response in manu@netbsd.org2009-06-011-2/+6
| | | | | | | the environement git-svn-id: https://modmellon.googlecode.com/svn/trunk@51 a716ebb1-153a-0410-b759-cfb97c6a1b53
* Add MellonSessionDump option, to make the session available in the environmentmanu@netbsd.org2009-05-251-1/+2
| | | | git-svn-id: https://modmellon.googlecode.com/svn/trunk@50 a716ebb1-153a-0410-b759-cfb97c6a1b53
* Add support for IdP initiated SOAP single logout.manu@netbsd.org2009-05-151-2/+10
| | | | git-svn-id: https://modmellon.googlecode.com/svn/trunk@49 a716ebb1-153a-0410-b759-cfb97c6a1b53
* - Support for multiple IdPmanu@netbsd.org2009-05-121-4/+8
| | | | | | | | | - IdP discovery service - add a dimple built-in IdP discovery mechanism: send HTTP GET on ProviderID URL. If we get HTTP 200, the IdP is selected git-svn-id: https://modmellon.googlecode.com/svn/trunk@44 a716ebb1-153a-0410-b759-cfb97c6a1b53
* Add support for auto-generating SP metadata.olavmrk2009-05-061-0/+2
| | | | | | Thanks to Emmanuel Dreyfus for this patch. git-svn-id: https://modmellon.googlecode.com/svn/trunk@43 a716ebb1-153a-0410-b759-cfb97c6a1b53
* Add a MellonSecureCookie setting to enforce Secure + HttpOnly flags formanu@netbsd.org2009-03-021-0/+1
| | | | | | | | session cookies. git-svn-id: https://modmellon.googlecode.com/svn/trunk@40 a716ebb1-153a-0410-b759-cfb97c6a1b53
* Add MellonDefaultLoginPath option.olavmrk2008-11-111-0/+3
| | | | | | | | | | This option is used to decide which page the user should be redirected to if IdP-initiated SSO is used. Thanks to Emmanuel Dreyfus for this patch. git-svn-id: https://modmellon.googlecode.com/svn/trunk@36 a716ebb1-153a-0410-b759-cfb97c6a1b53
* Use lasso_server_new_from_buffer if available.olavmrk2008-11-101-0/+3
| | | | | | | | | | | | Recent versions of Lasso supports loading the SP metadata, certificate and private key from memory. This patch changes mod_mellon to use this function if it is available. This makes it possible to store the SP private key readable only from root. Thanks to Emmanuel Dreyfus for this patch. git-svn-id: https://modmellon.googlecode.com/svn/trunk@35 a716ebb1-153a-0410-b759-cfb97c6a1b53
* Add support for IdP CA certificate and SP certificate.olavmrk2008-10-271-0/+2
| | | | | | | Thanks to Emmanuel Dreyfus for this patch. git-svn-id: https://modmellon.googlecode.com/svn/trunk@31 a716ebb1-153a-0410-b759-cfb97c6a1b53
* Increased maximum Lasso session size.olavmrk2007-10-261-1/+1
| | | | git-svn-id: https://modmellon.googlecode.com/svn/trunk@22 a716ebb1-153a-0410-b759-cfb97c6a1b53
* Copy SessionIndex to LogoutRequest.olavmrk2007-09-281-0/+2
| | | | git-svn-id: https://modmellon.googlecode.com/svn/trunk@12 a716ebb1-153a-0410-b759-cfb97c6a1b53
* Initial import of version 0.0.6olavmrk2007-09-241-0/+246
git-svn-id: https://modmellon.googlecode.com/svn/trunk@3 a716ebb1-153a-0410-b759-cfb97c6a1b53
generated by cgit (git 2.34.1) at 2024-05-09 02:49:33 +0000