Accessing the "login"-endpoint with multiple IdPs configured would
bypass the discovery service. This patch changes the behaviour so
that we send a discovery service request instead.
This breaks backwardscompatibility slightly, but hopefully it should
not be a problem.
This fixes issue 13: https://code.google.com/p/modmellon/issues/detail?id=13
git-svn-id: https://modmellon.googlecode.com/svn/trunk@186 a716ebb1-153a-0410-b759-cfb97c6a1b53
If we mark the session as logged in before all processing is completed,
a failure during login processing (e.g. too big attribute values) can
cause a user to receive a "half-authenticated" session.
This patch changes the code so that the last task before releaseing the
session is to mark it as logged in.
git-svn-id: https://modmellon.googlecode.com/svn/trunk@184 a716ebb1-153a-0410-b759-cfb97c6a1b53
We currently release the session lock only to grab it again a few
instructions later. This patch changes this so that we initialize
the session in one operation.
git-svn-id: https://modmellon.googlecode.com/svn/trunk@183 a716ebb1-153a-0410-b759-cfb97c6a1b53
We had forgotten to release the session object in one of the error paths
during login. This could result in us hanging onto the session mutex after
the request has finished, this deadlocking the server. This patch fixes
that error.
git-svn-id: https://modmellon.googlecode.com/svn/trunk@182 a716ebb1-153a-0410-b759-cfb97c6a1b53
Since this function is used for both generating session IDs and for
generating POST data identifiers for POST replay, it should have a
generic name.
git-svn-id: https://modmellon.googlecode.com/svn/trunk@181 a716ebb1-153a-0410-b759-cfb97c6a1b53
This patch changes all configuration options that receive paths to files
to convert them to an absolute path. This ensures that relative paths
work correctly after the server changes the current working directory
during session initialization.
Thanks to Jeroen De Ridder for reporting this bug and suggesting a fix!
git-svn-id: https://modmellon.googlecode.com/svn/trunk@180 a716ebb1-153a-0410-b759-cfb97c6a1b53
Now that the POST replay functionality has been disabled by default,
we can force the administrator to create this directory manually. This
saves us from worrying about temp file/directory vulnerabilities.
git-svn-id: https://modmellon.googlecode.com/svn/trunk@178 a716ebb1-153a-0410-b759-cfb97c6a1b53
Since we are going to disable autocreation of the POST data directory,
we will need to disable POST replay by default. This patch adds the
MellonPostReplay option, which can be used to enable and disable the
POST replay functionality on a per-location basis.
git-svn-id: https://modmellon.googlecode.com/svn/trunk@177 a716ebb1-153a-0410-b759-cfb97c6a1b53
The current code defaults to storing the lock file in /tmp. This patch
changes the default to /var/run, which is where such files belong.
Note that this lock file is only required on some platforms.
git-svn-id: https://modmellon.googlecode.com/svn/trunk@176 a716ebb1-153a-0410-b759-cfb97c6a1b53
The "metadata" and "repost" handlers were tested twice in the
endpoint handler. This patch removes the last occurence, since they
are never reached.
git-svn-id: https://modmellon.googlecode.com/svn/trunk@174 a716ebb1-153a-0410-b759-cfb97c6a1b53
We need to restore the profile state when creating a logout request,
so that Lasso has the information it requires for logging out.
If we do not do this, every logout "fail" with the log message:
User attempted to initiate logout without being loggged in.
git-svn-id: https://modmellon.googlecode.com/svn/trunk@172 a716ebb1-153a-0410-b759-cfb97c6a1b53
This directive allows to list IdP entityID for which the signature of
their logout request must not be verified.
git-svn-id: https://modmellon.googlecode.com/svn/trunk@168 a716ebb1-153a-0410-b759-cfb97c6a1b53
Handle the case of an IdP not handling SLO as a normal situation, not an
internal error, so that the HTTP flow can get back to the ReturnURL
without interruption.
git-svn-id: https://modmellon.googlecode.com/svn/trunk@167 a716ebb1-153a-0410-b759-cfb97c6a1b53
- Change am_restore_lasso_profile_state to take an am_cache_entry_t*
as parameter instead of looking at the current session (there is no
session when you receive a SOAP request),
- Restore the profile state after parsing the Logout request not before,
- Always lookup the session through the NameID, as nothing in the spec
forbid out-of-browser HTTP-Redirect requests,
- Use the new helper function to return the LogoutResponse.
git-svn-id: https://modmellon.googlecode.com/svn/trunk@166 a716ebb1-153a-0410-b759-cfb97c6a1b53
This attribute encoding has not been required since Moria3, which was
shut down in July 2010. This value should therefore no longer be used.
git-svn-id: https://modmellon.googlecode.com/svn/trunk@154 a716ebb1-153a-0410-b759-cfb97c6a1b53
MellonSubjectConfirmationDataAddressCheck allows to block client address
checking as given in IdP assertion in the SubjectConfirmationData node,
it can be necessary when client and IdP or SP are in a NAT-ed network or
when the SP is behind a reverse proxy.
git-svn-id: https://modmellon.googlecode.com/svn/trunk@152 a716ebb1-153a-0410-b759-cfb97c6a1b53
This patch extends mod_mellon with support for sending authentication
requests with the HTTP-POST binding.
git-svn-id: https://modmellon.googlecode.com/svn/trunk@151 a716ebb1-153a-0410-b759-cfb97c6a1b53
We cannot display any pages from the am_start_auth()-function since
it runs from the access checker. We therefore need to redirect to the
login handler, which can then display web pages.
git-svn-id: https://modmellon.googlecode.com/svn/trunk@150 a716ebb1-153a-0410-b759-cfb97c6a1b53
The code in am_auth_new_ticket() was shared between the "auth"
endpoint and the code to start authentication from other requests. This
results in the possibility of unpredictable interactions between those
functions.
For example, it was possible to select the IdP from a random page by
adding the "IdP" parameter. The "ReturnTo" parameter could also affect
where the user was sent after authentication.
The result of this change is two new functions, one for starting
authentication from other requests, and one for handling the "auth"
endpoint. The "auth"-endpoint is no longer used by code, but may
be used elsewhere. It is therefore included for backwards
compatibility.
git-svn-id: https://modmellon.googlecode.com/svn/trunk@149 a716ebb1-153a-0410-b759-cfb97c6a1b53
In preparation of splitting am_auth_new_ticket() into two functions,
extract the code to redirect to the discovery service into its own
function.
git-svn-id: https://modmellon.googlecode.com/svn/trunk@148 a716ebb1-153a-0410-b759-cfb97c6a1b53
We now have a "login" endpoint that can be used for triggering
authentication. Make the discovery service send its response to that
page.
git-svn-id: https://modmellon.googlecode.com/svn/trunk@147 a716ebb1-153a-0410-b759-cfb97c6a1b53
We assumed that the SP entityID was always the endpoint path
followed by "metadata". This does not need to be the case. This patch
changes it to fetch the SP entityID from the SP metadata.
git-svn-id: https://modmellon.googlecode.com/svn/trunk@146 a716ebb1-153a-0410-b759-cfb97c6a1b53
For historic reasons, we added several headers to both "headers_out"
and "err_headers_out". This has the unfortunate side effect of sending
the headers twice. This change modifies the code to only add those
headers to "err_headers_out", which is sent both for successful
requests and for errors.
git-svn-id: https://modmellon.googlecode.com/svn/trunk@145 a716ebb1-153a-0410-b759-cfb97c6a1b53
We currently handle requests to many endpoints from the access control
hooks. This change bypasses access control in those cases, and handles
the requests from the "handler" hook instead.
This change is necessary to be able to do anything else than redirects
from the handlers. As a side effect, it also simplifies the code.
git-svn-id: https://modmellon.googlecode.com/svn/trunk@144 a716ebb1-153a-0410-b759-cfb97c6a1b53
The APR_ARRAY_PUSH() macro was recently added to apr. Instead of using
it, just use apr_array_push().
Thanks to Benjamin Dauver for providing this patch!
git-svn-id: https://modmellon.googlecode.com/svn/trunk@143 a716ebb1-153a-0410-b759-cfb97c6a1b53
- If request miss needed elements AuthnStatement or AuthnContext, HTTP
status BadRequest is returned.
- If request does not match one of the required AuthnContextClassRef,
HTTP status Forbidden is returned.
Thanks to Benjamin Dauvergne for implementing this.
git-svn-id: https://modmellon.googlecode.com/svn/trunk@141 a716ebb1-153a-0410-b759-cfb97c6a1b53
You can list many class refs they will be concatenated inside an array.
Beware that in each directory, if there is any
MellonAuthnContextClassRef directive, any settings from the previous
level is overwritten.
Thanks to Benjamin Dauvergne for implementing this.
git-svn-id: https://modmellon.googlecode.com/svn/trunk@140 a716ebb1-153a-0410-b759-cfb97c6a1b53
We used GHashTableIter, which wasn't introduced before version 2.16 of
GLib. This patch changes the code to simply use g_hash_table_get_keys
instead.
(This means that we depend on GLib 2.14.)
git-svn-id: https://modmellon.googlecode.com/svn/trunk@137 a716ebb1-153a-0410-b759-cfb97c6a1b53
APR_ARRAY_IDX is a relatively new macro in the APR package, so we
should avoid using it.
git-svn-id: https://modmellon.googlecode.com/svn/trunk@134 a716ebb1-153a-0410-b759-cfb97c6a1b53
olavmrk
benjamin.dauvergne
manu@netbsd.org