1 The module provides the following option to deal with GSS API name attributes:
3 #### GssapiNameAttributes
5 Enables the module to source Name Attributes from the client name
6 (authorization data associated with the established context) and exposes them
7 as environment variables.
9 Value format: ENV_VAR_NAME ATTRIBUTE_NAME
11 This option can be specified multiple times, once for each attribute to expose.
12 The Special value "json" is used to expose all attributes in a json formatted
13 string via the special environment variable GSS_NAME_ATTRS_JSON
14 The environment variable GSS_NAME_ATTR_ERROR is set with the Gssapi returned
15 error string in case the inquire name function fails to retrieve attributes,
16 and with the string "0 attributes found", if no attributes are set.
19 GssapiNameAttributes json
20 GssapiNameAttributes RADIUS_USER_NAME urn:ietf:params:gss:radius-attribute 1
21 GssapiNameAttributes EPPN urn:ietf:params:gss:federated-saml-attribute urn:oasis:names:tc:SAML:2.0:attrname-format:uri urn:oid:1.3.6.1.4.1.5923.1.1.1.6
23 #### Feedback on authentication failure reason
25 In addition to this, in the event of an authentication failure,
26 the module exports an environment variable called MAG_ERROR wich contains one
27 of the following values:
28 * "NO_AUTH_DATA" when the client did not send any authentication data (usually because the
29 appropriate libraries are not installed on the browser).
30 * "UNSUP_AUTH_TYPE" when the client sent authentication data of an invalid type.
31 * "GSS_MECH_ERROR" when the GSS mechanism failed for some reason (e.g. invalid credentials).
33 In addition to this, whenever MAG_ERROR takes a value of "GSS_MECH_ERROR", an additional environment
34 variable named GSS_ERROR_STR is sourced. This variable contains the result of
35 the gss_display_status() call and may help web developers to show a more appropriate error page/string
projects / mod_auth_kerb.git / blob