Getting REMOTE_USER from the SP

[Tim Larson]

That's starting to make more sense.

What I am trying to do is shibbolize a PeopleSoft application that runs a web server with weblogic.  The most common solution I have seen involves running an Apache reverse proxy server with mod_shib, mod_proxy and mod_rewrite.  So, it sounds like the piece I am missing is another custom program, possibly CGI, to get the REMOTE_USER value from the environment and add it to the http headers of the request before it goes to weblogic.

Is that how you have seen it done or is there a way to do it with just Apache?

Tim

-----Original Message-----
From: users-bounces at shibboleth.net [mailto:users-bounces at shibboleth.net] On Behalf Of Cantor, Scott
Sent: Wednesday, February 13, 2013 4:06 PM
To: Shib Users
Subject: Re: Getting REMOTE_USER from the SP

On 2/13/13 3:03 PM, "Tim Larson" <Tim.Larson at ucf.edu> wrote:

>Is there a trick to getting the Shibboleth SP to send the REMOTE_USER 
>value as an HTTP Header value?

It's not a header, that's a CGI variable that can only be set internally within a web server.

>I am running Apache 2.4 on Windows 2008 with the Shibboleth SP version
>2.5.1 for win64.  I have Apache set up as a reverse proxy server for a 
>weblogic instance on the same machine.
>  Everything seems to be working properly, but the resulting headers 
>being passed to weblogic do not include the REMOTE_USER http header value.

No, that's not settable with a proxy. With Tomcat or Jetty and AJP, you can get it set because the proxy is not an HTTP reverse proxy.

> 
>My understanding was the SP would include this by default when it 
>redirected to the application.  Is there a configuration value that 
>needs to be set to enable this?

No, it's not physically possible.

-- Scott


--
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net