Shibboleth Developers

[Velpi <>]

Hi,

I was checking out the redirectToSSL feature some more and I found a simple 
change that might be a big improvement -in my opinion-.

case: IIS, redirectToSSL is set in a host element of the RequestMapProvider
Now every request for that host gets redirected to SSL, Shibboleth auth or not. 
That doesn't feel right.


considering the code at
http://anoncvs.internet2.edu/cgi-bin/viewcvs.cgi/shibboleth/c/shib-target/shib-target.cpp?rev=1.61.2.3&content-type=text/vnd.viewcvs-markup
it seems to me that it might be interesting to move the code for redirection 
("If not SSL, check to see if we should block or redirect it.") later in the 
process so it runs right before "clearHeaders".
I think this would make the redirect option only respond when 
authType="Shibboleth". That feels very clean to me.


Is this assumption correct and is there a reason not to do so?


(It would mean that a request to the .sso handler would not be redirected to SSL 
by force, but this should never have to be done anyway so it should not be of 
any concern.)


--Velpi