mellon passes on every attribute received in a SAML assertion as an
Apache variable. By default, the variable is prefixed with "MELLON_".
In some cases, for example when migrating from a different SP to mellon
it might be beneficial to change the prefix. And while using
MellonSetEnvNoPrefix is an option as well, the MellonSetEnvNoPrefix has
to be specified for each variable independently.
Add documentation in the User Guide on how to determine if a SAML
transaction succeeded or failed and how to determine the cause of the
failure.
Add documentation in the User Guide on known quirks with ADFS
integration.
Signed-off-by: John Dennis <jdennis@redhat.com>
How NameIDs are used in SAML often confuse people trying to configure
a service provider especially when they try to emulate a userid. This
patch adds several sections describing the concept of a SAML NameID,
how the use of NameIDs are configured in SAML and some suggested
approaches to utilizing NameIDs.
Signed-off-by: John Dennis <jdennis@redhat.com>
The User Guide is documentation intended to help people get started
with mod_auth_mellon, understand SAML concepts as they directly relate
to mod_auth_mellon, install mellon, understand mellon configuration,
learn how to diagnose deployment problems, address complex deployment
considerations such as behind proxies and load balancers and enumerate
the most common deployment problems and their solutions.
The document is written in AsciiDoc. It aspires to be vendor and
operating system neutral. When there are vendor or operating system
specific considerations those are called out separately.
Instructions on how to edit and render the AsciiDoc are provided in
the README.
Signed-off-by: John Dennis <jdennis@redhat.com>