Description of problem:
Current version of mod_auth_mellon in 6.6 (0.8.0) suffers from few problems
not allowing us to deploy it at large organization scale:
1.) The generated apache session environment size is limited to 128 elements
(env. variables): in our MS ADFS environment that number of elements can be
as high as 1024 (user groups) - current implementation of mod_auth_mellon
exits with 'internal server error' in such case.
[ https://github.com/UNINETT/mod_auth_mellon/issues/10 ]
2.) related to 1.) - by default generated environment contains series of
variables named alike MYVAR_0=val0 , MYVAR_1=val1 .. etc (single values).
This is not very practical for programmatic comparisons .. (and makes
porting of in-house applications from other auth. providers complicated)
Multivalue variables alike MYVAR=val0;val1;... etc as for example
shibboleth/mod_shib generates seem to be more suitable for that purpose.
[ https://github.com/UNINETT/mod_auth_mellon/pull/9 ]
3.) a bug: MellonCond does not work with MellonSetEnv(NoPrefix)
[ https://github.com/UNINETT/mod_auth_mellon/issues/12 ]
Patches fixing above problems (merged upstream, apply cleanly on 0.8.0-3 in 6.6):
Note: same patches would be needed for upcoming RHEL 7.1 mod_auth_mellon
Please consider adding above patches to next mod_auth_mellon releases.
PS: for full MS ADFS interoperabilty also this fix is needed: https://bugzilla.redhat.com/show_bug.cgi?id=1160636
*** Bug 1195884 has been marked as a duplicate of this bug. ***
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.