shib_dir_config* dc=(shib_dir_config*)ap_get_module_config(r->per_dir_config,&mod_shib);
ostringstream threadid;
- threadid << "[" << getpid() << "] shib" << '\0';
+ threadid << "[" << getpid() << "] shib_check_user" << '\0';
saml::NDC ndc(threadid.str().c_str());
// This will always be normalized, because Apache uses ap_get_server_name in this API call.
if (!session_id || !*session_id) {
// If no session required, bail now.
if (!requireSession.second)
- return DECLINED;
+ return OK;
// No acceptable cookie, and we require a session. Generate an AuthnRequest.
ap_log_rerror(APLOG_MARK,APLOG_DEBUG|APLOG_NOERRNO,0,r,"shib_check_user: no cookie found -- redirecting to WAYF");
// If no session required, bail now.
if (!requireSession.second)
- return DECLINED;
+ return OK;
else if (status->isRetryable()) {
// Oops, session is invalid. Generate AuthnRequest.
apr_table_setn(r->headers_out,"Location",apr_pstrdup(r->pool,shire.getAuthnRequest(targeturl)));
if (!strstr(targeturl,shire.getShireURL(targeturl)))
return DECLINED;
-
ap_log_rerror(APLOG_MARK,APLOG_DEBUG|APLOG_NOERRNO,0,r,"shib_handler() running");
pair<bool,const char*> shib_cookie=sessionProps->getString("cookieName");
IConfig* conf=g_Config->getINI();
Locker locker(conf);
- const char* application_id=apr_table_get(r->headers_in,"Shib-Application-ID");
- if (!application_id) {
- ap_log_rerror(APLOG_MARK,APLOG_ERR|APLOG_NOERRNO,0,r,
- "shib_check_auth: Shib-Application-ID header not found in request");
- return HTTP_FORBIDDEN;
- }
-
- const IApplication* application=conf->getApplication(application_id);
- if (!application) {
- ap_log_rerror(APLOG_MARK,APLOG_ERR|APLOG_NOERRNO,0,r,
- "shib_check_auth: unable to map request to application settings, check configuration");
- return HTTP_INTERNAL_SERVER_ERROR;
- }
-
// mod_auth clone
int m=r->method_number;
}
}
else {
+ const char* application_id=apr_table_get(r->headers_in,"Shib-Application-ID");
+ if (!application_id) {
+ ap_log_rerror(APLOG_MARK,APLOG_ERR|APLOG_NOERRNO,0,r,
+ "shib_check_auth: Shib-Application-ID header not found in request");
+ return HTTP_FORBIDDEN;
+ }
+
+ const IApplication* application=conf->getApplication(application_id);
+ if (!application) {
+ ap_log_rerror(APLOG_MARK,APLOG_ERR|APLOG_NOERRNO,0,r,
+ "shib_check_auth: unable to map request to application settings, check configuration");
+ return HTTP_INTERNAL_SERVER_ERROR;
+ }
+
Iterator<IAAP*> provs=application->getAAPProviders();
AAP wrapper(provs,w);
if (wrapper.fail()) {