ap_table_set(r->headers_in,"Shib-Attributes", assertion.c_str());
}
- // Export the SAML AuthnMethod and the origin site name.
+ // Export the SAML AuthnMethod and the origin site name, and possibly the NameIdentifier.
ap_table_unset(r->headers_in,"Shib-Origin-Site");
ap_table_unset(r->headers_in,"Shib-Authentication-Method");
+ ap_table_unset(r->headers_in,"Shib-NameIdentifier-Format");
if (sso_statement) {
auto_ptr_char os(sso_statement->getSubject()->getNameIdentifier()->getNameQualifier());
auto_ptr_char am(sso_statement->getAuthMethod());
ap_table_set(r->headers_in,"Shib-Origin-Site", os.get());
ap_table_set(r->headers_in,"Shib-Authentication-Method", am.get());
+
+ // Export NameID?
+ AAP wrapper(provs,sso_statement->getSubject()->getNameIdentifier()->getFormat(),Constants::SHIB_ATTRIBUTE_NAMESPACE_URI);
+ if (!wrapper.fail() && wrapper->getHeader()) {
+ auto_ptr_char form(sso_statement->getSubject()->getNameIdentifier()->getFormat());
+ auto_ptr_char nameid(sso_statement->getSubject()->getNameIdentifier()->getName());
+ ap_table_set(r->headers_in,"Shib-NameIdentifier-Format",form.get());
+ if (!strcmp(wrapper->getHeader(),"REMOTE_USER"))
+ SH_AP_USER(r)=ap_pstrdup(r->pool,nameid.get());
+ else
+ ap_table_set(r->headers_in,wrapper->getHeader(),nameid.get());
+ }
}
ap_table_unset(r->headers_in,"Shib-Application-ID");
// Are we supposed to export it?
AAP wrapper(provs,attr->getName(),attr->getNamespace());
- if (wrapper.fail())
+ if (wrapper.fail() || !wrapper->getHeader())
continue;
Iterator<string> vals=attr->getSingleByteValues();
if (!strcmp(wrapper->getHeader(),"REMOTE_USER") && vals.hasNext())
- SH_AP_USER(r)=ap_pstrdup(r->pool,vals.next().c_str());
+ SH_AP_USER(r)=ap_pstrdup(r->pool,vals.next().c_str());
else {
int it=0;
char* header = (char*)ap_table_get(r->headers_in, wrapper->getHeader());
Iterator<const IAttributeRule*> rules=aap->getAttributeRules();
while (rules.hasNext()) {
const char* header=rules.next()->getHeader();
- if (header)
- pn->SetHeader(pfc,const_cast<char*>(header),"");
+ if (header) {
+ string hname=string(header) + ':';
+ pn->SetHeader(pfc,const_cast<char*>(hname.c_str()),"");
+ }
}
}
catch(...) {
pn->SetHeader(pfc,"Shib-Origin-Site:","");
pn->SetHeader(pfc,"Shib-Authentication-Method:","");
+ pn->SetHeader(pfc,"Shib-NameIdentifier-Format:","");
// Export the SAML AuthnMethod and the origin site name.
if (sso_statement) {
auto_ptr_char am(sso_statement->getAuthMethod());
pn->SetHeader(pfc,"Shib-Origin-Site:", const_cast<char*>(os.get()));
pn->SetHeader(pfc,"Shib-Authentication-Method:", const_cast<char*>(am.get()));
+
+ // Export NameID?
+ AAP wrapper(provs,sso_statement->getSubject()->getNameIdentifier()->getFormat(),Constants::SHIB_ATTRIBUTE_NAMESPACE_URI);
+ if (!wrapper.fail() && wrapper->getHeader()) {
+ auto_ptr_char form(sso_statement->getSubject()->getNameIdentifier()->getFormat());
+ auto_ptr_char nameid(sso_statement->getSubject()->getNameIdentifier()->getName());
+ pn->SetHeader(pfc,"Shib-NameIdentifier-Format:",const_cast<char*>(form.get()));
+ if (!strcmp(wrapper->getHeader(),"REMOTE_USER")) {
+ char* principal=const_cast<char*>(nameid.get());
+ pn->SetHeader(pfc,"remote-user:",principal);
+ pfc->pFilterContext=pfc->AllocMem(pfc,strlen(principal)+1,0);
+ if (pfc->pFilterContext)
+ strcpy(static_cast<char*>(pfc->pFilterContext),principal);
+ }
+ else {
+ string hname=string(wrapper->getHeader()) + ':';
+ pn->SetHeader(pfc,const_cast<char*>(wrapper->getHeader()),const_cast<char*>(nameid.get()));
+ }
+ }
}
pn->SetHeader(pfc,"Shib-Application-ID:","");
SAMLAttribute* attr=attrs.next();
// Are we supposed to export it?
- AAP wrapper(application->getAAPProviders(),attr->getName(),attr->getNamespace());
- if (wrapper.fail())
+ AAP wrapper(provs,attr->getName(),attr->getNamespace());
+ if (wrapper.fail() || !wrapper->getHeader())
continue;
Iterator<string> vals=attr->getSingleByteValues();
projects / shibboleth / sp.git / commitdiff