rpms/mod_auth_mellon
5
0
Fork 0
Code Issues Pull Requests Releases Activity

Fix Lasso warning

Browse Source 
Role maybe unknown when assertion consumer url is looked up.
Apply upstream commit 5ba9bb72.

Fix the following warning that appears in the Apache log
lasso-CRITICAL **: lasso_provider_get_metadata_list_for_role: assertion '_lasso_provider_get_role_index(role)' failed
This commit is contained in:
John Dennis 2015-12-23 13:33:59 -05:00
parent d6a8eabfac
commit 9efdbdc52e
2 changed files with 41 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
acs-warning.patch Normal file
View File

@ -0,0 +1,33 @@
commit 5ba9bb72707a90503cd4d042083ea074a0cb6b8a
Author: John Dennis <jdennis@redhat.com>
Date: Fri Oct 30 15:46:33 2015 -0400
Role maybe unknown when assertion consumer url is looked up
Replace the call to lasso_provider_get_metadata_one() with
lasso_provider_get_metadata_one_for_role() so that we can exlicitly
pass the LASSO_PROVIDER_ROLE_SP role. The former call obtains the
role from the provider object and then calls
lasso_provider_get_metadata_one_for_role() using that role. However
the role will not have been set in the provider until the first request is
processed. This means the first time we call this routine it won't
work correctly because the role will not have been set yet, by
explicitly passing the role we avoid this problem.
Signed-off-by: John Dennis <jdennis@redhat.com>
diff --git a/auth_mellon_util.c b/auth_mellon_util.c
index 155bb1a..6c694b7 100644
--- a/auth_mellon_util.c
+++ b/auth_mellon_util.c
@@ -1827,7 +1827,9 @@ char *am_get_assertion_consumer_service_by_binding(LassoProvider *provider, cons
}
if (selected_descriptor) {
- url = lasso_provider_get_metadata_one(provider, selected_descriptor);
+ url = lasso_provider_get_metadata_one_for_role(provider,
+ LASSO_PROVIDER_ROLE_SP,
+ selected_descriptor);
}
lasso_release_list_of_strings(descriptors);

9
mod_auth_mellon.spec
View File

@ -1,7 +1,7 @@
Summary: A SAML 2.0 authentication module for the Apache Httpd Server Summary: A SAML 2.0 authentication module for the Apache Httpd Server
Name: mod_auth_mellon Name: mod_auth_mellon
Version: 0.11.0 Version: 0.11.0
Release: 2%{?dist} Release: 3%{?dist}
Group: System Environment/Daemons Group: System Environment/Daemons
Source0: https://github.com/UNINETT/mod_auth_mellon/releases/download/v%{version}/%{name}-%{version}.tar.gz Source0: https://github.com/UNINETT/mod_auth_mellon/releases/download/v%{version}/%{name}-%{version}.tar.gz
Source1: auth_mellon.conf Source1: auth_mellon.conf
@ -19,6 +19,8 @@ Requires: httpd-mmn = %{_httpd_mmn}
Requires: lasso >= 2.5.0 Requires: lasso >= 2.5.0
Url: https://github.com/UNINETT/mod_auth_mellon Url: https://github.com/UNINETT/mod_auth_mellon
Patch1: acs-warning.patch
%description %description
The mod_auth_mellon module is an authentication service that implements the The mod_auth_mellon module is an authentication service that implements the
SAML 2.0 federation protocol. It grants access based on the attributes SAML 2.0 federation protocol. It grants access based on the attributes
@ -26,6 +28,7 @@ received in assertions generated by a IdP server.
%prep %prep
%setup -q -n %{name}-%{version} %setup -q -n %{name}-%{version}
%patch1 -p1 -b .acs-warning
%build %build
export APXS=%{_httpd_apxs} export APXS=%{_httpd_apxs}
@ -62,6 +65,10 @@ install -m 755 %{SOURCE4} %{buildroot}/%{_libexecdir}/%{name}
%dir /run/%{name}/ %dir /run/%{name}/
%changelog %changelog
* Wed Dec 23 2015 John Dennis <jdennis@redhat.com> - 0.11.0-3
- Fix the following warning that appears in the Apache log
lasso-CRITICAL **: lasso_provider_get_metadata_list_for_role: assertion '_lasso_provider_get_role_index(role)' failed
* Fri Sep 18 2015 John Dennis <jdennis@redhat.com> - 0.11.0-2 * Fri Sep 18 2015 John Dennis <jdennis@redhat.com> - 0.11.0-2
- Add lasso 2.5.0 version dependency - Add lasso 2.5.0 version dependency