diff --git a/apache-mod-mellon/templates/apache-config-httpd.yaml b/apache-mod-mellon/templates/apache-config-httpd.yaml index 7c46e63..287888e 100644 --- a/apache-mod-mellon/templates/apache-config-httpd.yaml +++ b/apache-mod-mellon/templates/apache-config-httpd.yaml @@ -238,6 +238,8 @@ data: {{ .Values.apache_auth_headers_type }} set preauth-org "expr={base64}%{base64:%{env:MELLON_O}}" "expr=-n env('MELLON_O')" {{ .Values.apache_auth_headers_type }} set preauth-firstname "expr={base64}%{base64:%{env:MELLON_GIVEN_NAME}}" "expr=-n env('MELLON_GIVEN_NAME')" {{ .Values.apache_auth_headers_type }} set preauth-lastname "expr={base64}%{base64:%{env:MELLON_SN}}" "expr=-n env('MELLON_SN')" + {{ .Values.apache_auth_headers_type }} set preauth-provider "{{ .Values.mellon_config.provider_id }}" + {{ .Values.apache_auth_headers_type }} set preauth-provider-id "expr={base64}%{base64:%{env:MELLON_SN}}" "expr=-n env('MELLON_SN')" {{- if .Values.georchestra_proxypass_endpoint -}} ProxyPass "{{ .Values.georchestra_proxypass_endpoint }}" @@ -261,6 +263,8 @@ data: RewriteCond %{HTTP:preauth-org} !^$ [NC,OR] RewriteCond %{HTTP:preauth-firstname} !^$ [NC,OR] RewriteCond %{HTTP:preauth-lastname} !^$ [NC,OR] + RewriteCond %{HTTP:preauth-provider} !^$ [NC,OR] + RewriteCond %{HTTP:preauth-provider-id} !^$ [NC,OR] RewriteCond %{HTTP:sec-mellon-name-id} !^$ [NC,OR] RewriteCond %{HTTP:sec-georchestra-preauthenticated} !^$ [NC] RewriteRule . - [R=403,L] diff --git a/apache-mod-mellon/values.yaml b/apache-mod-mellon/values.yaml index ad45cb4..426e04d 100644 --- a/apache-mod-mellon/values.yaml +++ b/apache-mod-mellon/values.yaml @@ -28,6 +28,7 @@ mellon_config: discovery_url: https://discovery.renater.fr/test/WAYF?cru=yes organization_url: https://www.inrae.fr organization_name: INRAE + provider_id: renater set_env: mail: urn:oid:0.9.2342.19200300.100.1.3 eppn: urn:oid:1.3.6.1.4.1.5923.1.1.1.6