You get the request, and you can put whatever you like in the reply. You might want to check whether the SAML assertion attribute is already present in the reply, so you can cooperate with other modules (or static configuration).
-- Luke
On 01/06/2011, at 9:05 AM, Roland Hedberg wrote:
> Hi Luke,
>
> So my question (not necessarily to you) would be if I actually get an instance of the request ?
> It does look like that in the code I've seen but then the examples are rather limited and the documentation even more so.
>
> -- Roland
>
> Sent from my iPhone
>
> On 1 jun 2011, at 14:40, "Luke Howard" <[log in to unmask]> wrote:
>
>>> if (request->parent != NULL)
>>> reply = request->parent->reply;
>>> else
>>> reply = request->reply;
>>
>> This is the key bit. If the request has a parent, then we update request->parent->reply, otherwise request->reply directly. Otherwise the attributes will be trapped inside the tunnelled EAP context (and it's not possible to surface them by tweaking the configuration, because there's no real support for fragmenting attributes across multiple AVPs).
>>
>> If this doesn't make sense now, it will very shortly :-)
>>
>> -- Luke
|