head	1.2;
access;
symbols
	pkgsrc-2013Q2:1.2.0.6
	pkgsrc-2013Q2-base:1.2
	pkgsrc-2012Q4:1.2.0.4
	pkgsrc-2012Q4-base:1.2
	pkgsrc-2011Q4:1.2.0.2
	pkgsrc-2011Q4-base:1.2
	pkgsrc-2011Q3:1.1.0.4
	pkgsrc-2011Q3-base:1.1
	pkgsrc-2011Q2:1.1.0.2
	pkgsrc-2011Q2-base:1.1;
locks; strict;
comment	@# @;


1.2
date	2011.12.06.09.58.01;	author manu;	state dead;
branches;
next	1.1;

1.1
date	2011.05.07.05.15.21;	author manu;	state Exp;
branches;
next	;


desc
@@


1.2
log
@Update to mod_auth_mellon 0.4.0 plus upstream patch:

* Honour MellonProbeDiscoveryIdP order when sending probes
* Allow MellonUser variable to be translated through MellonSetEnv
* A /mellon/probeDisco endpoint replaces the builtin:get-metadata
  IdP dicovery URL scheme
* New MellonCond directive to enable attribute filtering beyond
  MellonRequire functionalities.
* New MellonIdPMetadataGlob directive to load mulitple IdP metadata
  using a glob(3) pattern.
* Support for running behind reverse proxy.
* MellonCookieDomain and MellonCookiePath options to configure cookie
  settings.
* Support for loading federation metadata files.
* Several bugfixes.
@
text
@$NetBSD: patch-ah,v 1.1 2011/05/07 05:15:21 manu Exp $

Unbreak SP initiated SLO with lasso >= 2.3.5

--- auth_mellon_handler.c.orig	2011-05-07 06:31:46.000000000 +0200
+++ auth_mellon_handler.c	2011-05-07 06:57:03.000000000 +0200
@@@@ -774,8 +774,9 @@@@
     gint res;
     char *redirect_to;
     LassoProfile *profile;
     LassoSession *session;
+    GList *assertion_list;
     LassoNode *assertion_n;
     LassoSaml2Assertion *assertion;
     LassoSaml2AuthnStatement *authnStatement;
     LassoSamlp2LogoutRequest *request;
@@@@ -822,42 +823,46 @@@@
         return HTTP_INTERNAL_SERVER_ERROR;
     }
 
 
-    /* We need to set the SessionIndex in the LogoutRequest to the
-     * SessionIndex we received during the login operation.
-     */
-
     profile = LASSO_PROFILE(logout);
-    session = lasso_profile_get_session(profile);
 
-    /* We currently only look at the first assertion in the list
-     * lasso_session_get_assertions returns.
+    /* We need to set the SessionIndex in the LogoutRequest to the SessionIndex
+     * we received during the login operation. This is not needed since release
+     * 2.3.0.
      */
-    assertion_n = lasso_session_get_assertions(
-        session, profile->remote_providerID)->data;
-    if(LASSO_IS_SAML2_ASSERTION(assertion_n) == FALSE) {
-        ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
-                      "No assertions found for the current session.");
-        lasso_logout_destroy(logout);
-        return HTTP_INTERNAL_SERVER_ERROR;
-    }
-
-    assertion = LASSO_SAML2_ASSERTION(assertion_n);
+    if (lasso_check_version(2, 3, 0, LASSO_CHECK_VERSION_NUMERIC) == 0) {
+        session = lasso_profile_get_session(profile);
+        assertion_list = lasso_session_get_assertions(
+            session, profile->remote_providerID);
+        if(! assertion_list ||
+                        LASSO_IS_SAML2_ASSERTION(assertion_list->data) == FALSE) {
+            ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+                          "No assertions found for the current session.");
+            lasso_logout_destroy(logout);
+            return HTTP_INTERNAL_SERVER_ERROR;
+        }
+        /* We currently only look at the first assertion in the list
+         * lasso_session_get_assertions returns.
+         */
+        assertion_n = assertion_list->data;
 
-    /* We assume that the first authnStatement contains the data we want. */
-    authnStatement = LASSO_SAML2_AUTHN_STATEMENT(assertion->AuthnStatement->data);
+        assertion = LASSO_SAML2_ASSERTION(assertion_n);
 
-    if(!authnStatement) {
-        ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
-                      "No AuthnStatement found in the current assertion.");
-        lasso_logout_destroy(logout);
-        return HTTP_INTERNAL_SERVER_ERROR;
-    }
+        /* We assume that the first authnStatement contains the data we want. */
+        authnStatement = LASSO_SAML2_AUTHN_STATEMENT(assertion->AuthnStatement->data);
 
-    if(authnStatement->SessionIndex) {
-        request = LASSO_SAMLP2_LOGOUT_REQUEST(profile->request);
-        request->SessionIndex = g_strdup(authnStatement->SessionIndex);
+        if(!authnStatement) {
+            ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+                          "No AuthnStatement found in the current assertion.");
+            lasso_logout_destroy(logout);
+            return HTTP_INTERNAL_SERVER_ERROR;
+        }
+    
+        if(authnStatement->SessionIndex) {
+            request = LASSO_SAMLP2_LOGOUT_REQUEST(profile->request);
+            request->SessionIndex = g_strdup(authnStatement->SessionIndex);
+        }
     }
 
 
     /* Set the RelayState parameter to the return url (if we have one). */
@


1.1
log
@Unbreak SP initiated SLO with lasso >= 2.3.5 (patch backported from upstream)
@
text
@d1 1
a1 1
$NetBSD$
@