From ce1a5d08aa3aa1e78b3bcf3a76915c875f37f8cb Mon Sep 17 00:00:00 2001 From: "benjamin.dauvergne" Date: Fri, 17 Feb 2012 14:01:24 +0000 Subject: Add directive MellonSubjectConfirmationDataAddressCheck MellonSubjectConfirmationDataAddressCheck allows to block client address checking as given in IdP assertion in the SubjectConfirmationData node, it can be necessary when client and IdP or SP are in a NAT-ed network or when the SP is behind a reverse proxy. git-svn-id: https://modmellon.googlecode.com/svn/trunk@152 a716ebb1-153a-0410-b759-cfb97c6a1b53 --- auth_mellon_config.c | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'auth_mellon_config.c') diff --git a/auth_mellon_config.c b/auth_mellon_config.c index 66a4032..7607668 100644 --- a/auth_mellon_config.c +++ b/auth_mellon_config.c @@ -1102,6 +1102,13 @@ const command_rec auth_mellon_commands[] = { "A list of AuthnContextClassRef to request in the AuthnRequest and " "to validate upon reception of an Assertion" ), + AP_INIT_FLAG( + "MellonSubjectConfirmationDataAddressCheck", + ap_set_flag_slot, + (void *)APR_OFFSETOF(am_dir_cfg_rec, subject_confirmation_data_address_check), + OR_AUTHCFG, + "Check address given in SubjectConfirmationData Address attribute. Default is on." + ), {NULL} }; @@ -1185,6 +1192,7 @@ void *auth_mellon_dir_config(apr_pool_t *p, char *d) dir->inherit_server_from = dir; dir->server = NULL; dir->authn_context_class_ref = apr_array_make(p, 0, sizeof(char *));; + dir->subject_confirmation_data_address_check = inherit_subject_confirmation_data_address_check; return dir; } @@ -1391,6 +1399,8 @@ void *auth_mellon_dir_merge(apr_pool_t *p, void *base, void *add) add_cfg->authn_context_class_ref : base_cfg->authn_context_class_ref); + new_cfg->subject_confirmation_data_address_check = + CFG_MERGE(add_cfg, base_cfg, subject_confirmation_data_address_check); return new_cfg; } -- cgit