diff --git a/INSTALL b/INSTALL
index 59c350a..d8dbd5f 100644
--- a/INSTALL
+++ b/INSTALL
@@ -52,51 +52,6 @@ places for CGI. You can copy them (they are the executables in src/) in your
favourite place. Note that if you want to use HTTP authentication;
``singleSignOn`` should be installed in a different directory.
-Apache Configuration
-====================
-
-Imagine ``soapEndPoint`` has been installed in ``/usr/lib/cgi-bin/idpc/`` and
-``singleSignOn`` in ``/usr/lib/cgi-bin/idpc/auth/``. Apache configuration will
-look as follow::
-
- ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
-
-
- AllowOverride None
- Options ExecCGI -MultiViews +SymLinksIfOwnerMatch
- Order allow,deny
- Allow from all
-
-
-
- AuthType Basic
- AuthName "IdPc"
- AuthUserFile /etc/apache/passwd
- Require valid-user
-
-
-
-Database configuration
-======================
-
-PostgreSQL
-----------
-
-.. include:: create-db.sql
-
-Be sure it is possible to connect using TCP/IP to the database; somethink like
-the next line will do (you may have to disable ``ident`` authentication first)::
-
- # TYPE DATABASE USER IP-ADDRESS IP-MASK METHOD
- host idpc idpc 127.0.0.1 255.255.255.255 password
-
-
-MySQL
------
-
-.. note:: Support not yet implemented.
-
-
.. _libxml2: http://www.xmlsoft.org/
.. _neon: http://www.webdav.org/neon/
diff --git a/doc/default.css b/doc/default.css
index 7ce1b96..30cb5c3 100644
--- a/doc/default.css
+++ b/doc/default.css
@@ -57,9 +57,18 @@ dd {
}
table.table {
- margin-top: 1em;
+ margin: 1ex 0;
+ border-spacing: 0px;
}
+
+table.table th {
+ padding: 0px 1ex;
+ background: #eef;
+ font-weight: normal;
+}
+
+
table.table td {
padding: 0 0.5ex;
}
@@ -68,6 +77,7 @@ div.note, div.warning {
padding: 0.3ex;
padding-left: 60px;
min-height: 50px;
+ margin: 1ex 1em;
}
div.note {
diff --git a/doc/manual.txt b/doc/manual.txt
index 1bcfba7..4efa649 100644
--- a/doc/manual.txt
+++ b/doc/manual.txt
@@ -19,12 +19,13 @@ of several CGI C programs.
It supports the following IDFF-1.2 profiles:
-- Single Sign-On and Federation
+- Single Sign-On and Federation (Liberty Artifact and Liberty-Enabled Client
+ and Proxy)
- Single Logout (SOAP, initiated by SP)
-- Federation Termination
-- Liberty-Enabled Client and Proxy
+- Federation Termination (SOAP, initiated by SP)
-It will implement other core profiles in the future.
+It will complete existing profiles and implement other core profiles in the
+future.
IdPC can authenticate users through several means including HTTP authentication
and client certificates.
@@ -141,6 +142,52 @@ Additionally if you have set OCSP options in the configuration file, a OCSP
connection will be made to check certificate validity.
+Apache Configuration
+====================
+
+Imagine ``soapEndPoint`` has been installed in ``/usr/lib/cgi-bin/idpc/`` and
+``singleSignOn`` in ``/usr/lib/cgi-bin/idpc/auth/``. Apache configuration will
+look as follow::
+
+ ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
+
+
+ AllowOverride None
+ Options ExecCGI -MultiViews +SymLinksIfOwnerMatch
+ Order allow,deny
+ Allow from all
+
+
+
+ AuthType Basic
+ AuthName "IdPc"
+ AuthUserFile /etc/apache/passwd
+ Require valid-user
+
+
+
+Database configuration
+======================
+
+PostgreSQL
+----------
+
+.. include:: ../create-db.sql
+
+Be sure it is possible to connect using TCP/IP to the database; somethink like
+the next line will do (you may have to disable ``ident`` authentication first)::
+
+ # TYPE DATABASE USER IP-ADDRESS IP-MASK METHOD
+ host idpc idpc 127.0.0.1 255.255.255.255 password
+
+
+MySQL
+-----
+
+.. note:: Support not yet implemented.
+
+
+
Copyright and License
=====================
diff --git a/src/federation_termination.c b/src/federation_termination.c
index dc16277..4709e00 100644
--- a/src/federation_termination.c
+++ b/src/federation_termination.c
@@ -63,6 +63,15 @@ int federation_termination_http(LassoFederationTermination *termination)
return error_page("save_profile_dumps failed");
}
+ rc = lasso_federation_termination_build_notification_msg(termination);
+ if (rc) {
+ return error_page("build notification msg");
+ }
+
+ /* XXX: redirect to SP return URL */
+ /* missing lasso support; impossible to get return URL */
+ printf("Location: %s\n\nRedirected", "XXX");
+
return 0;
}
diff --git a/src/single_sign_on.c b/src/single_sign_on.c
index 2e5326f..bbd50e1 100644
--- a/src/single_sign_on.c
+++ b/src/single_sign_on.c
@@ -293,6 +293,7 @@ int single_sign_on()
} else {
/* POST profile (lassoLoginProtocolProfileBrwsPost) */
/* XXX not supported by Lasso yet */
+ rc = 1;
}
lasso_login_destroy(login);