No way to get client address set for ExternalAuth sessions

Basics

Technical

Logistics

Basics

Technical

Logistics

Description

The external-auth handler in loopback mode has no way to get the address set for the client session other than the usual request.getClientAddress call inside the session cache, so it's set to 127.0.0.1.

If you side-step the address lookup using the REMOTE_ADDR property and use an HTTP header, then the address check inside the handler itself to limit access breaks, obviously.

May need to use deprecated session cache method for now to set the address manually or provide an additional API somewhere.

Environment

None

Activity

Scott Cantor August 2, 2012 at 11:56 PM

http://svn.shibboleth.net/view/cpp-sp?rev=3747&view=rev

Also added event logging.

Documentation updated.

Resize issue view side panel

Fixed

Assignee

Scott Cantor

Reporter

Scott Cantor

Original estimate

Created August 2, 2012 at 8:54 PM

Updated August 2, 2012 at 11:56 PM

Resolved August 2, 2012 at 11:56 PM

No way to get client address set for ExternalAuth sessions

Description

Environment

Activity

Scott Cantor August 2, 2012 at 11:56 PM

Details

Assignee

Reporter

Original estimate

Components

Fix versions

Affects versions