passing attributes with reverse proxy

Negib A. Sherif aa8288 at
Tue Apr 5 13:27:59 EDT 2016


Here is what I have on IdP 3.2.1 vhost file. I am only interest to uid and IdP passes uid to SP's apache2 log file. You can also use Rewrite part on SP's vhost file instead of IdP. The resone that I have in IdP vhost is we have ezproxy SP that does't use shibboleth2.xml to configure SP. Having in IdP vhost works for ezproxy and other SPs with shibboleth2.xml.

 ProxyPass /idp ajp://localhost:8009/idp
    <Proxy ajp://localhost:8009>
       Allow from all

    RewriteEngine On
    RewriteCond %{LA-U:REMOTE_USER} (.+)
    RewriteRule . - [E=RU:%1]
    RequestHeader set Remote-User "%{RU}e" env=RU

From: users <users-bounces at> on behalf of Tonu Mikk <tmikk at>
Sent: Tuesday, April 5, 2016 12:14 PM
To: Shib Users
Subject: passing attributes with reverse proxy


We have a Apache web server in front of a custom web server (Active4D).  We are proxying the requests from the Apache web server to the Active4D.  On the web server we implemented Shibboleth login and are able to retrieve the Shibboleth attributes.  How can we pass these attributes to the Active4D server?  I understand there is a way to do this by sending the attributes in the http request header, but I haven't found a recipe on how this is accomplished.  We would like to pass the eppn value to Active4D to have it check for existing users in the database.

Our current Apache vhost configuration looks like this:


        <Location />
        AuthType shibboleth
        ShibRequestSetting requireSession 1
        Require valid-user
        ProxyPass /Shibboleth.sso !

        ProxyPass /
SSLEngine on
....SSL cert paths...- removed for brevity


Tonu Mikk
Adaptive Technologist | Disability Resource Center |<>
University of Minnesota |<>
tmikk at<mailto:tmikk at> | 612-625-3307
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the users mailing list