Add shireSSLOnly config optopn and check it in mod_shire

git-svn-id: https://svn.middleware.georgetown.edu/cpp-sp/trunk@89 cb58f699-b61c-0410-a6fe-9272a202ed29

diff --git a/configs/shibboleth.ini b/configs/shibboleth.ini
index 437af5b..511f1c6 100644 (file)
--- a/configs/shibboleth.ini
+++ b/configs/shibboleth.ini
@@ -5,8 +5,9 @@ schemadir=/mit/shibboleth/src/shibboleth/c/schemas/
 [http]
 # These items must live in [http]
 shire=/shibboleth/SHIRE
-wayfLocation=https://shibprod0.internet2.edu/shibboleth/WAYF
+wayfLocation=https://wayf.internet2.edu/shibboleth/WAYF
 cookie=shib-cookie
+shireSSLOnly=true
 
 # these can live anywhere
 supportContact=warlord@MIT.EDU

diff --git a/mod_shire/mod_shire.cpp b/mod_shire/mod_shire.cpp
index cb8580d..9b2ee16 100644 (file)
--- a/mod_shire/mod_shire.cpp
+++ b/mod_shire/mod_shire.cpp
@@ -388,8 +388,12 @@ extern "C" int shire_check_user(request_rec* r)
 
       try {
 
+       const string& sslonly = ini.get (SHIBTARGET_HTTP, "shireSSLOnly");
+       const char* sslonlyc = sslonly.c_str();
+       
        // Make sure this is SSL, if it should be
-       if (sc->bSSLOnly==1 && strcmp(ap_http_method(r),"https"))
+       if ((*sslonlyc == 't' || *sslonlyc == 'T') &&
+           strcmp(ap_http_method(r),"https"))
          throw ShibTargetException (SHIBRPC_OK,
                                     "blocked non-SSL access to SHIRE POST processor");