Shibboleth vs mod_rewrite

Aaron Roots aaron.roots at deakin.edu.au
Tue Oct 18 08:42:57 BST 2011


Hi all,

We are looking to bring over a application to start using Shibboleth ­
rather than previous auth options ­ and we are going fairly ok ­ but this
one I'm not too sure about.

When we flip the switch over to using AuthType shibboleth ­ we were
expecting to have to update references to "PHP_AUTH_USER" to "username" to
match our shiny new Shibboleth setup - which has worked in most parts of
the application

We have a particular directory that has the following rewrite rule in a
.htaccess file: "RewriteRule ^.*$ index.php"
- this code produces different results depending on the URL visited

However this piece of code under mod_rewrite can not see variables set by
Shibboleth ­ we have tracked this down to all the variables being changed
into something like "REDIRECT_username" instead of just being "username".
When we access the index.php directly it is working perfectly as expected
in the default code path.

I haven't found much on what is going on that clears things up for me -
does anyone know of a way to avoid the REDIRECT_ prefix occurring. I have
seen some people that have both the REDIRECT_ and the normal coming
through - it would be absolutely fine to have this occurring - but I can't
quite see a way to do this either. Or is it more drastic and we need to
invest the time to avoid using mod_rewrite all together? (in this
application would be minimal work as it is only a small part - however I
know other applications we have use this rewrite feature fairly
extensively) 

Cheers
Aaron



More information about the users mailing list