From 36098629405622ca2eb6644997a3c1b057793d4b Mon Sep 17 00:00:00 2001
From: Simon Rettberg
Date: Fri, 9 Sep 2016 14:57:51 +0200
Subject: [pam-bwidm] Generate random ID so consecutive logins don't fail

---
 remote/modules/pam-bwidm/data/opt/openslx/bwidm_soap.xml    | 8 +++++++-
 remote/modules/pam-bwidm/data/opt/openslx/scripts/pam_bwidm | 4 +++-
 2 files changed, 10 insertions(+), 2 deletions(-)

(limited to 'remote/modules')

diff --git a/remote/modules/pam-bwidm/data/opt/openslx/bwidm_soap.xml b/remote/modules/pam-bwidm/data/opt/openslx/bwidm_soap.xml
index ed456f9c..ec7f3ff8 100644
--- a/remote/modules/pam-bwidm/data/opt/openslx/bwidm_soap.xml
+++ b/remote/modules/pam-bwidm/data/opt/openslx/bwidm_soap.xml
@@ -1,6 +1,12 @@
 <S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/">
   <S:Body>
-    <samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" AssertionConsumerServiceURL="https://bwlp-masterserver.ruf.uni-freiburg.de/Shibboleth.sso/SAML2/ECP" ID="_ff000aafc030c5f0000dbf634b2f0000" IssueInstant="%TIMESTAMP%" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS" Version="2.0">
+    <samlp:AuthnRequest 
+        xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
+        AssertionConsumerServiceURL="https://bwlp-masterserver.ruf.uni-freiburg.de/Shibboleth.sso/SAML2/ECP"
+        ID="%REQUESTID%"
+        IssueInstant="%TIMESTAMP%"
+        ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS"
+        Version="2.0">
       <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://bwlp-masterserver.ruf.uni-freiburg.de/shibboleth</saml:Issuer>
       <samlp:NameIDPolicy AllowCreate="1"/>
     </samlp:AuthnRequest>
diff --git a/remote/modules/pam-bwidm/data/opt/openslx/scripts/pam_bwidm b/remote/modules/pam-bwidm/data/opt/openslx/scripts/pam_bwidm
index ae62c7ee..92379719 100755
--- a/remote/modules/pam-bwidm/data/opt/openslx/scripts/pam_bwidm
+++ b/remote/modules/pam-bwidm/data/opt/openslx/scripts/pam_bwidm
@@ -138,7 +138,9 @@ if [ "x$PAM_TYPE" == "xauth" ]; then
 	CT='Content-Type: application/vnd.paos+xml; charset=utf-8'
 	NOW=$(date -u '+%Y-%m-%dT%H:%M:%SZ')
 	HOST=$(echo "${USER_ECP_URL}" | awk -F '/' '{print $3}')
-	REQUEST=$(sed "s/%TIMESTAMP%/${NOW}/g" "${SOAP_ENVELOPE}")
+	RID="_c${RANDOM}a${RANDOM}f${RANDOM}f${RANDOM}e${RANDOM}e${RANDOM}"
+	RID="${RID:0:32}"
+	REQUEST=$(sed "s/%TIMESTAMP%/${NOW}/g;s/%REQUESTID%/${RID}/g" "${SOAP_ENVELOPE}")
 	NETRC=$(mktemp -p /run/)
 	[ -z "$NETRC" ] && NETRC="/run/netrc_$$_${USER}_${RANDOM}.tmp"
 	touch "$NETRC"
-- 
cgit v1.2.3-55-g7522