entrouvert
/
modmellon
17
0
Fork 0
Code Issues Pull Requests Releases Activity

Add MellonAutnContextClassRef to configuration directives 

You can list many class refs they will be concatenated inside an array.
Beware that in each directory, if there is any
MellonAuthnContextClassRef directive, any settings from the previous
level is overwritten.

Thanks to Benjamin Dauvergne for implementing this.

git-svn-id: https://modmellon.googlecode.com/svn/trunk/mod_mellon2@140 a716ebb1-153a-0410-b759-cfb97c6a1b53
This commit is contained in:
olavmrk 2011-12-07 10:19:35 +00:00
parent 08c4663f33
commit 2c8f97649f
3 changed files with 55 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
README
View File

@ -445,6 +445,16 @@ MellonPostCount 100
# This option will make the Lasso session available in
# the MELLON_SESSION environement variable. Default is Off.
MellonSessionDump Off
# This option will request specific authentication security-level
# through the AuthnContextClassRef element of the AuthnRequest It will
# also request enforcement of this level when receiving an
# authenticating Assertion.
# If the assertion does not have the required security level, an HTTP
# Forbidden status code is returned to the browser.
# MellonAuthnContextClassRef "urn:oasis:names:tc:SAML:2.0:ac:classes:Kerberos"
# MellonAuthnContextClassRef "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport"
# MellonAuthnContextClassRef "urn:oasis:names:tc:SAML:2.0:ac:classes:SoftwarePKI"
</Location>

4
auth_mellon.h
View File

@ -216,6 +216,10 @@ typedef struct am_dir_cfg_rec {
struct am_dir_cfg_rec *inherit_server_from;
/* Mutex to prevent us from creating several lasso server objects. */
apr_thread_mutex_t *server_mutex;
/* AuthnContextClassRef list */
apr_array_header_t *authn_context_class_ref;
/* Cached lasso server object. */
LassoServer *server;
} am_dir_cfg_rec;

41
auth_mellon_config.c
View File

@ -755,6 +755,32 @@ static const char *am_set_langstring_slot(cmd_parms *cmd,
return NULL;
}
/* This function handles the MellonAuthnContextClassRef directive.
*
* Parameters:
* cmd_parms *cmd The command structure for the MellonAuthnContextClassRef
* configuration directive.
* void *struct_ptr Pointer to the current directory configuration.
* NULL if we are not in a directory configuration.
* const char *arg An URI for an SAMLv2 AuthnContextClassRef
*
* Returns:
* This function will always return NULL.
*/
static const char *am_set_authn_context_class_ref(cmd_parms *cmd,
void *struct_ptr,
const char *arg)
{
am_dir_cfg_rec *d = (am_dir_cfg_rec *)struct_ptr;
apr_pool_t *p= cmd->pool;
if(strlen(arg) == 0) {
return NULL;
}
APR_ARRAY_PUSH(d->authn_context_class_ref, char*) = apr_pstrdup(p, arg);
return NULL;
}
/* This array contains all the configuration directive which are handled
* by auth_mellon.
*/
@ -1066,6 +1092,14 @@ const command_rec auth_mellon_commands[] = {
" \"http://<servername>/mellon/*\". The path you specify must"
" be contained within the current Location directive."
),
AP_INIT_TAKE1(
"MellonAuthnContextClassRef",
am_set_authn_context_class_ref,
NULL,
OR_AUTHCFG,
"A list of AuthnContextClassRef to request in the AuthnRequest and "
"to validate upon reception of an Assertion"
),
{NULL}
};
@ -1148,6 +1182,7 @@ void *auth_mellon_dir_config(apr_pool_t *p, char *d)
apr_thread_mutex_create(&dir->server_mutex, APR_THREAD_MUTEX_DEFAULT, p);
dir->inherit_server_from = dir;
dir->server = NULL;
dir->authn_context_class_ref = apr_array_make(p, 0, sizeof(char *));;
return dir;
}
@ -1347,8 +1382,14 @@ void *auth_mellon_dir_merge(apr_pool_t *p, void *base, void *add)
APR_THREAD_MUTEX_DEFAULT, p);
new_cfg->inherit_server_from = new_cfg;
}
new_cfg->server = NULL;
new_cfg->authn_context_class_ref = (add_cfg->idp_metadata->nelts ?
add_cfg->authn_context_class_ref :
base_cfg->authn_context_class_ref);
return new_cfg;
}