Check conditions in AuthSlave and UserDBSlave
It could be interesting to secure AuthSlave and UserDBSlave by checking source IP address or some shared secret, or any environment var. This can be done in apache config, but not very easily, and it doesn't work if (Auth|UserDB)(Multi|Choice) is used.
I have this need because some users are authenticated with SSL certificates by a SSL concentrator, which forward request to portal and pushes user id into a request header. And I know other admins who are in the same situation, and who made their own package.
About config parameters, I propose to add 'Conditions to check' in 'Slave Parameters', to declare environment vars and accepted values in it. Accepted value can be either a string or a regexp, , if surrounded by slashes.
But actually this security check can also be done through grantSessionConditions, so I am not absolutely convinced it is necessary. What is your opinion ?