<!--\r
Controls session lifetimes, address checks, cookie handling, and the protocol handlers.\r
You MUST supply an effectively unique handlerURL value for each of your applications.\r
- The value can be a relative path, a URL with no hostname (https:///path) or a full URL.\r
- The system can compute a relative value based on the virtual host. Using handlerSSL="true"\r
- will force the protocol to be https. You should also add a cookieProps setting of "; path=/; secure"\r
+ The value defaults to /Shibboleth.sso, and should be a relative path, with the SP computing\r
+ a relative value based on the virtual host. Using handlerSSL="true", the default, will force\r
+ the protocol to be https. You should also add a cookieProps setting of "; path=/; secure"\r
in that case. Note that while we default checkAddress to "false", this has a negative\r
impact on the security of the SP. Stealing cookies/sessions is much easier with this disabled.\r
-->\r
<!--
Controls session lifetimes, address checks, cookie handling, and the protocol handlers.
You MUST supply an effectively unique handlerURL value for each of your applications.
- The value can be a relative path, a URL with no hostname (https:///path) or a full URL.
- The system can compute a relative value based on the virtual host. Using handlerSSL="true"
- will force the protocol to be https. You should also add a cookieProps setting of "; path=/; secure"
+ The value defaults to /Shibboleth.sso, and should be a relative path, with the SP computing
+ a relative value based on the virtual host. Using handlerSSL="true", the default, will force
+ the protocol to be https. You should also add a cookieProps setting of "; path=/; secure"
in that case. Note that while we default checkAddress to "false", this has a negative
impact on the security of the SP. Stealing cookies/sessions is much easier with this disabled.
-->
- <Sessions lifetime="28800" timeout="3600" checkAddress="false" relayState="ss:mem"
- handlerURL="/Shibboleth.sso" handlerSSL="false">
+ <Sessions lifetime="28800" timeout="3600" checkAddress="false" relayState="ss:mem" handlerSSL="false">
<!--
Configures SSO for a default IdP. To allow for >1 IdP, remove
<!--\r
Controls session lifetimes, address checks, cookie handling, and the protocol handlers.\r
You MUST supply an effectively unique handlerURL value for each of your applications.\r
- The value can be a relative path, a URL with no hostname (https:///path) or a full URL.\r
- The system can compute a relative value based on the virtual host. Using handlerSSL="true"\r
- will force the protocol to be https. You should also add a cookieProps setting of "; path=/; secure"\r
+ The value defaults to /Shibboleth.sso, and should be a relative path, with the SP computing\r
+ a relative value based on the virtual host. Using handlerSSL="true", the default, will force\r
+ the protocol to be https. You should also add a cookieProps setting of "; path=/; secure"\r
in that case. Note that while we default checkAddress to "false", this has a negative\r
impact on the security of the SP. Stealing cookies/sessions is much easier with this disabled.\r
-->\r
- <Sessions lifetime="28800" timeout="3600" checkAddress="false"\r
- handlerURL="/Shibboleth.sso" handlerSSL="false">\r
+ <Sessions lifetime="28800" timeout="3600" checkAddress="false" relayState="ss:mem" handlerSSL="false">\r
\r
<!--\r
Configures SSO for a default IdP. To allow for >1 IdP, remove\r
<element ref="conf:Handler"/>
</choice>
</sequence>
- <attribute name="handlerURL" type="anyURI" use="required"/>
+ <attribute name="handlerURL" type="anyURI"/>
<attribute name="handlerSSL" type="boolean"/>
<attribute name="exportLocation" type="conf:string"/>
<attribute name="exportACL" type="conf:listOfStrings"/>
handler=p2.second;
}
- // Should never happen...
- if (!handler || (*handler!='/' && strncmp(handler,"http:",5) && strncmp(handler,"https:",6)))
+ if (!handler) {
+ handler = "/Shibboleth.sso";
+ }
+ else if (*handler!='/' && strncmp(handler,"http:",5) && strncmp(handler,"https:",6)) {
throw ConfigurationException(
"Invalid handlerURL property ($1) in <Sessions> element for Application ($2)",
params(2, handler ? handler : "null", m_app->getId())
);
+ }
// The "handlerURL" property can be in one of three formats:
//
m_handlers.push_back(handler);
// Insert into location map. If it contains the handlerURL, we skip past that part.
- const char* pch = strstr(location.second, sessions->getString("handlerURL").second);
+ const char* hurl = sessions->getString("handlerURL").second;
+ if (!hurl)
+ hurl = "/Shibboleth.sso";
+ const char* pch = strstr(location.second, hurl);
if (pch)
- location.second = pch + strlen(sessions->getString("handlerURL").second);
+ location.second = pch + strlen(hurl);
if (*location.second == '/')
m_handlerMap[location.second]=handler;
else