Skip to content

Commit 43c819c

Browse files
author
Hans Zandbelt
committed
allow setting OIDCDiscoverURL inside of Directory/Location directives
1 parent ff4ee8a commit 43c819c

File tree

5 files changed

+51
-35
lines changed

5 files changed

+51
-35
lines changed

ChangeLog

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,6 @@
1+
4/21/2015
2+
- allow setting OIDCDiscoverURL inside of Directory and Location directives as well
3+
14
4/20/2015
25
- allow setting OIDCCookie outside of Directory and Location directives as well
36

configure.ac

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
AC_INIT([mod_auth_openidc],[1.8.1rc4],[[email protected]])
1+
AC_INIT([mod_auth_openidc],[1.8.1rc5],[[email protected]])
22

33
AC_SUBST(NAMEVER, AC_PACKAGE_TARNAME()-AC_PACKAGE_VERSION())
44

src/config.c

Lines changed: 39 additions & 29 deletions
Original file line numberDiff line numberDiff line change
@@ -163,12 +163,10 @@ static const char *oidc_set_int_slot(cmd_parms *cmd, void *struct_ptr,
163163
}
164164

165165
/*
166-
* set a URL value in the server config
166+
* set a URL value in a config record
167167
*/
168168
static const char *oidc_set_url_slot_type(cmd_parms *cmd, void *ptr,
169169
const char *arg, const char *type) {
170-
oidc_cfg *cfg = (oidc_cfg *) ap_get_module_config(
171-
cmd->server->module_config, &auth_openidc_module);
172170
apr_uri_t url;
173171
if (apr_uri_parse(cmd->pool, arg, &url) != APR_SUCCESS) {
174172
return apr_psprintf(cmd->pool,
@@ -200,21 +198,32 @@ static const char *oidc_set_url_slot_type(cmd_parms *cmd, void *ptr,
200198
"oidc_set_url_slot_type: configuration value '%s' could not be parsed as a HTTP/HTTPs URL (no hostname set, check your slashes)!",
201199
arg);
202200
}
203-
return ap_set_string_slot(cmd, cfg, arg);
201+
return ap_set_string_slot(cmd, ptr, arg);
204202
}
205203

206204
/*
207205
* set a HTTPS value in the server config
208206
*/
209207
static const char *oidc_set_https_slot(cmd_parms *cmd, void *ptr,
210208
const char *arg) {
211-
return oidc_set_url_slot_type(cmd, ptr, arg, "https");
209+
oidc_cfg *cfg = (oidc_cfg *) ap_get_module_config(
210+
cmd->server->module_config, &auth_openidc_module);
211+
return oidc_set_url_slot_type(cmd, cfg, arg, "https");
212212
}
213213

214214
/*
215215
* set a HTTPS/HTTP value in the server config
216216
*/
217217
static const char *oidc_set_url_slot(cmd_parms *cmd, void *ptr, const char *arg) {
218+
oidc_cfg *cfg = (oidc_cfg *) ap_get_module_config(
219+
cmd->server->module_config, &auth_openidc_module);
220+
return oidc_set_url_slot_type(cmd, cfg, arg, NULL);
221+
}
222+
223+
/*
224+
* set a HTTPS/HTTP value in the directory config
225+
*/
226+
static const char *oidc_set_url_slot_dir_cfg(cmd_parms *cmd, void *ptr, const char *arg) {
218227
return oidc_set_url_slot_type(cmd, ptr, arg, NULL);
219228
}
220229

@@ -710,7 +719,6 @@ void *oidc_create_server_config(apr_pool_t *pool, server_rec *svr) {
710719
c->merged = FALSE;
711720

712721
c->redirect_uri = NULL;
713-
c->discover_url = NULL;
714722
c->default_sso_url = NULL;
715723
c->default_slo_url = NULL;
716724
c->public_keys = NULL;
@@ -819,8 +827,6 @@ void *oidc_merge_server_config(apr_pool_t *pool, void *BASE, void *ADD) {
819827

820828
c->redirect_uri =
821829
add->redirect_uri != NULL ? add->redirect_uri : base->redirect_uri;
822-
c->discover_url =
823-
add->discover_url != NULL ? add->discover_url : base->discover_url;
824830
c->default_sso_url =
825831
add->default_sso_url != NULL ?
826832
add->default_sso_url : base->default_sso_url;
@@ -1128,6 +1134,7 @@ void *oidc_merge_server_config(apr_pool_t *pool, void *BASE, void *ADD) {
11281134
*/
11291135
void *oidc_create_dir_config(apr_pool_t *pool, char *path) {
11301136
oidc_dir_cfg *c = apr_pcalloc(pool, sizeof(oidc_dir_cfg));
1137+
c->discover_url = NULL;
11311138
c->cookie = OIDC_DEFAULT_COOKIE;
11321139
c->cookie_path = OIDC_DEFAULT_COOKIE_PATH;
11331140
c->authn_header = OIDC_DEFAULT_AUTHN_HEADER;
@@ -1143,6 +1150,8 @@ void *oidc_merge_dir_config(apr_pool_t *pool, void *BASE, void *ADD) {
11431150
oidc_dir_cfg *c = apr_pcalloc(pool, sizeof(oidc_dir_cfg));
11441151
oidc_dir_cfg *base = BASE;
11451152
oidc_dir_cfg *add = ADD;
1153+
c->discover_url =
1154+
add->discover_url != NULL ? add->discover_url : base->discover_url;
11461155
c->cookie = (
11471156
apr_strnatcasecmp(add->cookie, OIDC_DEFAULT_COOKIE) != 0 ?
11481157
add->cookie : base->cookie);
@@ -1681,10 +1690,6 @@ const command_rec oidc_config_cmds[] = {
16811690
(void *)APR_OFFSETOF(oidc_cfg, redirect_uri),
16821691
RSRC_CONF,
16831692
"Define the Redirect URI (e.g.: https://localhost:9031/protected/example/)"),
1684-
AP_INIT_TAKE1("OIDCDiscoverURL", oidc_set_url_slot,
1685-
(void *)APR_OFFSETOF(oidc_cfg, discover_url),
1686-
RSRC_CONF,
1687-
"Defines an external IDP Discovery page"),
16881693
AP_INIT_TAKE1("OIDCDefaultURL", oidc_set_url_slot,
16891694
(void *)APR_OFFSETOF(oidc_cfg, default_sso_url),
16901695
RSRC_CONF,
@@ -1828,23 +1833,6 @@ const command_rec oidc_config_cmds[] = {
18281833
RSRC_CONF,
18291834
"Scrub user name and claim headers from the user's request."),
18301835

1831-
AP_INIT_TAKE1("OIDCAuthNHeader", ap_set_string_slot,
1832-
(void *) APR_OFFSETOF(oidc_dir_cfg, authn_header),
1833-
RSRC_CONF|ACCESS_CONF|OR_AUTHCFG,
1834-
"Specify the HTTP header variable to set with the name of the authenticated user. By default no explicit header is added but Apache's default REMOTE_USER will be set."),
1835-
AP_INIT_TAKE1("OIDCCookiePath", ap_set_string_slot,
1836-
(void *) APR_OFFSETOF(oidc_dir_cfg, cookie_path),
1837-
RSRC_CONF|ACCESS_CONF|OR_AUTHCFG,
1838-
"Define the cookie path for the session cookie."),
1839-
AP_INIT_TAKE1("OIDCCookie", ap_set_string_slot,
1840-
(void *) APR_OFFSETOF(oidc_dir_cfg, cookie),
1841-
RSRC_CONF|ACCESS_CONF|OR_AUTHCFG,
1842-
"Define the cookie name for the session cookie."),
1843-
AP_INIT_FLAG("OIDCReturn401", ap_set_flag_slot,
1844-
(void *) APR_OFFSETOF(oidc_dir_cfg, return401),
1845-
RSRC_CONF|ACCESS_CONF|OR_AUTHCFG,
1846-
"Indicates whether a user will be redirected to the Provider when not authenticated (Off) or a 401 will be returned (On)."),
1847-
18481836
AP_INIT_TAKE1("OIDCCacheType", oidc_set_cache_type,
18491837
(void*)APR_OFFSETOF(oidc_cfg, cache), RSRC_CONF,
18501838
"Cache type; must be one of \"file\", \"memcache\" or \"shm\"."),
@@ -1878,10 +1866,32 @@ const command_rec oidc_config_cmds[] = {
18781866
RSRC_CONF,
18791867
"Redis server used for caching (<hostname>[:<port>])"),
18801868
#endif
1869+
1870+
AP_INIT_TAKE1("OIDCDiscoverURL", oidc_set_url_slot_dir_cfg,
1871+
(void *)APR_OFFSETOF(oidc_dir_cfg, discover_url),
1872+
RSRC_CONF|ACCESS_CONF|OR_AUTHCFG,
1873+
"Defines an external IDP Discovery page"),
18811874
AP_INIT_ITERATE("OIDCPassCookies",
18821875
oidc_set_pass_cookies,
18831876
(void *) APR_OFFSETOF(oidc_dir_cfg, pass_cookies),
18841877
RSRC_CONF|ACCESS_CONF|OR_AUTHCFG,
18851878
"Specify cookies that need to be passed from the browser on to the backend to the OP/AS."),
1879+
AP_INIT_TAKE1("OIDCAuthNHeader", ap_set_string_slot,
1880+
(void *) APR_OFFSETOF(oidc_dir_cfg, authn_header),
1881+
RSRC_CONF|ACCESS_CONF|OR_AUTHCFG,
1882+
"Specify the HTTP header variable to set with the name of the authenticated user. By default no explicit header is added but Apache's default REMOTE_USER will be set."),
1883+
AP_INIT_TAKE1("OIDCCookiePath", ap_set_string_slot,
1884+
(void *) APR_OFFSETOF(oidc_dir_cfg, cookie_path),
1885+
RSRC_CONF|ACCESS_CONF|OR_AUTHCFG,
1886+
"Define the cookie path for the session cookie."),
1887+
AP_INIT_TAKE1("OIDCCookie", ap_set_string_slot,
1888+
(void *) APR_OFFSETOF(oidc_dir_cfg, cookie),
1889+
RSRC_CONF|ACCESS_CONF|OR_AUTHCFG,
1890+
"Define the cookie name for the session cookie."),
1891+
AP_INIT_FLAG("OIDCReturn401", ap_set_flag_slot,
1892+
(void *) APR_OFFSETOF(oidc_dir_cfg, return401),
1893+
RSRC_CONF|ACCESS_CONF|OR_AUTHCFG,
1894+
"Indicates whether a user will be redirected to the Provider when not authenticated (Off) or a 401 will be returned (On)."),
1895+
18861896
{ NULL }
18871897
};

src/mod_auth_openidc.c

Lines changed: 6 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1283,15 +1283,18 @@ static int oidc_discovery(request_rec *r, oidc_cfg *cfg) {
12831283

12841284
oidc_debug(r, "enter");
12851285

1286+
oidc_dir_cfg *dir_cfg = ap_get_module_config(r->per_dir_config,
1287+
&auth_openidc_module);
1288+
12861289
/* obtain the URL we're currently accessing, to be stored in the state/session */
12871290
char *current_url = oidc_get_current_url(r, cfg);
12881291

12891292
/* see if there's an external discovery page configured */
1290-
if (cfg->discover_url != NULL) {
1293+
if (dir_cfg->discover_url != NULL) {
12911294

12921295
/* yes, assemble the parameters for external discovery */
1293-
char *url = apr_psprintf(r->pool, "%s%s%s=%s&%s=%s", cfg->discover_url,
1294-
strchr(cfg->discover_url, '?') != NULL ? "&" : "?",
1296+
char *url = apr_psprintf(r->pool, "%s%s%s=%s&%s=%s", dir_cfg->discover_url,
1297+
strchr(dir_cfg->discover_url, '?') != NULL ? "&" : "?",
12951298
OIDC_DISC_RT_PARAM, oidc_util_escape_string(r, current_url),
12961299
OIDC_DISC_CB_PARAM,
12971300
oidc_util_escape_string(r, cfg->redirect_uri));

src/mod_auth_openidc.h

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -245,8 +245,6 @@ typedef struct oidc_cfg {
245245

246246
/* the redirect URI as configured with the OpenID Connect OP's that we talk to */
247247
char *redirect_uri;
248-
/* (optional) external OP discovery page */
249-
char *discover_url;
250248
/* (optional) default URL for 3rd-party initiated SSO */
251249
char *default_sso_url;
252250
/* (optional) default URL to go to after logout */
@@ -310,6 +308,8 @@ typedef struct oidc_cfg {
310308
} oidc_cfg;
311309

312310
typedef struct oidc_dir_cfg {
311+
/* (optional) external OP discovery page */
312+
char *discover_url;
313313
char *cookie_path;
314314
char *cookie;
315315
char *authn_header;

0 commit comments

Comments
 (0)