kpriv/pkgsrc
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
179479 commits 166 branches 0 tags 1.5 GiB
Commit graph

11 commits

Author SHA1 Message Date
manu
b8c0859d81 Update to mod_auth_mellon 0.4.0 plus upstream patch: 
* Honour MellonProbeDiscoveryIdP order when sending probes
* Allow MellonUser variable to be translated through MellonSetEnv
* A /mellon/probeDisco endpoint replaces the builtin:get-metadata
  IdP dicovery URL scheme
* New MellonCond directive to enable attribute filtering beyond
  MellonRequire functionalities.
* New MellonIdPMetadataGlob directive to load mulitple IdP metadata
  using a glob(3) pattern.
* Support for running behind reverse proxy.
* MellonCookieDomain and MellonCookiePath options to configure cookie
  settings.
* Support for loading federation metadata files.
* Several bugfixes.
 2011-12-06 09:58:00 +00:00
manu
054717a610 Unbreak SP initiated SLO with lasso >= 2.3.5 (patch backported from upstream) 2011-05-07 05:15:21 +00:00
manu
cf8b7a7ded Update ap2-auth-mellon to 2.3.5, plus patches pulled from upstream: 
Pulled from upcoming 0.3.1
---------------------------------------------------------------------------

* Allow MellonUser variable to be translated through MellonSetEnv

* A /mellon/probeDisco endpoint replaces the builtin:get-metadata
  IdP dicovery URL scheme

* New MellonCond directive to enable attribute filtering beyond
  MellonRequire functionalities.

* New MellonIdPMetadataGlob directive to load mulitple IdP metadata
  using a glob(3) pattern.

Version 0.3.0
---------------------------------------------------------------------------

* New login-endpoint, which allows easier manual initiation of login
  requests, and specifying parameters such as IsPassive.

* Validation of Conditions and SubjectConfirmation data in the assertion
  we receive from the IdP.

* Various bugfixes.
 2011-04-04 08:45:43 +00:00
manu
d7416cbee2 Update to 0.2.7. From the NEWS file: 
Version 0.2.7
---------------------------------------------------------------------------

* Optionaly ave the remote IdP entityId in the environment

* Shibboleth 2 interoperability

Version 0.2.6
---------------------------------------------------------------------------

* Fix XSS/DOS vulnerability in repost handler.
 2010-05-31 16:46:30 +00:00
manu
94bcadc35d Fix a XSS vulnerability 2009-12-20 11:31:30 +00:00
manu
d2016bb83f Update to mod_auth_mellon 0.2.5. From the NEWS file: 
* Replay POST requests after been sent to the IdP
* Fix HTTP response splitting vulnerability.
 2009-11-16 09:48:28 +00:00
wiz
0d0c0ca4b2 Remove empty line. 2009-08-27 19:39:54 +00:00
manu
de2cd73c1d Change since 0.2.4: 
* Fix for downloads of files with Internet Explorer with SSL enabled.

* Mark session as disabled as soon as logout starts, in case the IdP
  doesn't respond.

* Bugfix for session lifetime. Take the session lifetime from the
  SessionNotOnOrAfter attribute if it is present.
 2009-08-11 15:53:41 +00:00
manu
7c15352ca4 Update to 0.2.2. From NEWS: 
* Improve metadata autogeneration: cleanup certificate, allow Organizarion
  element data to be supplied from Apache configuration
 2009-06-15 19:45:14 +00:00
manu
74c6e36d88 Update to 0.2.1: 
* Make SAML authentication assertion and Lasso session available in the
  environement.
* Autogeneration of SP metadata. (Requires Lasso 2.2.2 or newer.)
* Multiple IdP support, with discovery service.
* Built in discovery service which tests the availability of each IdP,
  and uses the first available IdP.
* Fix a mutex leak.
* MellonSecureCookie option, which enables Secure + HttpOnly flags on
  session cookies.
* Better handling of logout request when the user is already logged out.
 2009-06-06 10:27:30 +00:00
manu
b3f713f0fe mod_auth_mellon is a authentication module for apache. It authenticates 
the user against a SAML 2.0 IdP, and and grants access to directories
depending on attributes received from the IdP.
 2009-03-02 16:47:42 +00:00