ShibTargetApache sta(r);
// Check user authentication, the set the post handler bypass
- pair<bool,void*> res = sta.doCheckAuthN((sta.m_dc->bRequireSession == 1));
+ pair<bool,void*> res = sta.doCheckAuthN((sta.m_dc->bRequireSession == 1), true);
apr_pool_userdata_setn((const void*)42,g_UserDataKey,NULL,r->pool);
if (res.first) return (int)res.second;
ShibTargetIsapiF stf(pfc, pn, map_i->second);
// "false" because we don't override the Shib settings
- pair<bool,void*> res = ste.doCheckAuthN(false);
+ pair<bool,void*> res = ste.doCheckAuthN();
if (res.first) return (DWORD)res.second;
// "false" because we don't override the Shib settings
- res = ste.doExportAssertions(false);
+ res = ste.doExportAssertions();
if (res.first) return (DWORD)res.second;
res = ste.doCheckAuthZ();
// The web server modules implement a subclass and then call into
// these methods once they instantiate their request object.
pair<bool,void*>
-ShibTarget::doCheckAuthN(bool requireSessionFlag)
+ShibTarget::doCheckAuthN(bool requireSessionFlag, bool handlePost)
{
saml::NDC ndc("ShibTarget::doCheckAuthN");
if (! shireURL)
throw ShibTargetException(SHIBRPC_OK, "Cannot map target URL to Shire URL. Check configuration");
- if (strstr(targetURL,shireURL))
- return doHandlePOST();
+ if (strstr(targetURL,shireURL)) {
+ if (handlePost)
+ return doHandlePOST();
+ else
+ return pair<bool,void*>(true, returnOK());
+ }
string auth_type = getAuthType();
if (strcasecmp(auth_type.c_str(),"shibboleth"))
// is not valid, and the caller should continue processing (the API Call
// finished successfully).
//
- std::pair<bool,void*> doCheckAuthN(bool requireSession);
+ // The arguments are all overrides.. The requireSession and
+ // exportAssertion values passed in here are only used if the
+ // settings resource is negative.
+ //
+ // The handlePost argument declares whether doCheckAuthN() should
+ // automatically call doHandlePOST() when it encounters a request for
+ // the ShireURL; if false it will call returnOK() instead.
+ //
+ std::pair<bool,void*> doCheckAuthN(bool requireSession = false,
+ bool handlePost = false);
std::pair<bool,void*> doHandlePOST(void);
std::pair<bool,void*> doCheckAuthZ(void);
- std::pair<bool,void*> doExportAssertions(bool exportAssertion);
+ std::pair<bool,void*> doExportAssertions(bool exportAssertion = false);
//**************************************************************************
// These APIs are for backwards-compatibility. Hopefully they can