Apache + SP HTTP reverse proxy to Weblogic
Sykes, Andy
a.sykes at ucl.ac.uk
Fri Nov 18 11:11:31 GMT 2011
Hi,
Just looking for a sanity check here, as it's not a situation I'm particularly familiar with.
I have Apache installed providing an HTTP reverse proxy (using mod_proxy_http) to a Weblogic appserver on the same machine. The SP is installed and configured.
I want to provide attributes to apps running in the Weblogic appserver.
Initially I thought to just set ShibUseHeaders On, but the documentation makes it pretty clear this is a bad move:
"Under no circumstances should you rely on the request header option other than as a temporary measure..."[1]
The only alternative I can think of is to use mod_headers' directive RequestHeader to set some headers (and by "set" I mean bulldoze any header with the same name) with the value of the header set to the value of the desired attribute; then these headers can be picked up inside Weblogic. This seems relatively secure to me. Is this sane?
What I can't understand is how this differs from using ShibUseHeaders. Surely mod_shib inserts the headers in pretty much the same way as mod_headers does? The only difference I can conceive of is that if the environment variable is unset, my RequestHeader directive will set that header to an empty string; so if a naughty user supplied their own headers, Apache will just bulldoze them to an empty string, whereas the SP may not. Am I interpreting this correctly?
Am I missing any more obvious ways of doing this?
Andy.
[1]
--
Andy Sykes
Systems Administrator
University College London
More information about the users
mailing list