From 6d2d83d8f8792acad49ff36155df72eee373b6a7 Mon Sep 17 00:00:00 2001 From: "manu@netbsd.org" Date: Mon, 31 May 2010 11:19:26 +0000 Subject: Shibboleth 2 interoperability. This is acchieved by increasing the storage for attributes, as OID-named attributes sent by the Shibboleth IdP consomes quite some space. There is also a required Destination attribute in AuthnRequest elements. It is done by trunk version of lasso, but not by any currently released version, hence we do if it is not done. git-svn-id: https://modmellon.googlecode.com/svn/trunk@85 a716ebb1-153a-0410-b759-cfb97c6a1b53 --- auth_mellon_handler.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) (limited to 'auth_mellon_handler.c') diff --git a/auth_mellon_handler.c b/auth_mellon_handler.c index 57cecd9..1fcdb5f 100644 --- a/auth_mellon_handler.c +++ b/auth_mellon_handler.c @@ -2186,6 +2186,19 @@ static int am_auth_new_ticket(request_rec *r) LASSO_SAMLP2_REQUEST_ABSTRACT(request)->Consent = g_strdup(LASSO_SAML2_CONSENT_IMPLICIT); + + /* + * Make sure the Destination attribute is set to the IdP + * SingleSignOnService endpoint. This is required for + * Shibboleth 2 interoperability, and older versions of + * lasso (at least up to 2.2.91) did not do it. + * XXX Here we assume HTTP-Redirect method + */ + if (LASSO_SAMLP2_REQUEST_ABSTRACT(request)->Destination == NULL) + LASSO_SAMLP2_REQUEST_ABSTRACT(request)->Destination = + am_get_service_url(r, LASSO_PROFILE(login), + "SingleSignOnService HTTP-Redirect"); + LASSO_PROFILE(login)->msg_relayState = g_strdup(relay_state); ret = lasso_login_build_authn_request_msg(login); -- cgit