passing attributes with reverse proxy

Negib A. Sherif aa8288 at wayne.edu
Tue Apr 5 13:27:59 EDT 2016 

Tonu,


Here is what I have on IdP 3.2.1 vhost file. I am only interest to uid and IdP passes uid to SP's apache2 log file. You can also use Rewrite part on SP's vhost file instead of IdP. The resone that I have in IdP vhost is we have ezproxy SP that does't use shibboleth2.xml to configure SP. Having in IdP vhost works for ezproxy and other SPs with shibboleth2.xml.


 ProxyPass /idp ajp://localhost:8009/idp
    <Proxy ajp://localhost:8009>
       Allow from all
    </Proxy>

    RewriteEngine On
    RewriteCond %{LA-U:REMOTE_USER} (.+)
    RewriteRule . - [E=RU:%1]
    RequestHeader set Remote-User "%{RU}e" env=RU






________________________________
From: users <users-bounces at shibboleth.net> on behalf of Tonu Mikk <tmikk at umn.edu>
Sent: Tuesday, April 5, 2016 12:14 PM
To: Shib Users
Subject: passing attributes with reverse proxy

Hello,

We have a Apache web server in front of a custom web server (Active4D).  We are proxying the requests from the Apache web server to the Active4D.  On the web server we implemented Shibboleth login and are able to retrieve the Shibboleth attributes.  How can we pass these attributes to the Active4D server?  I understand there is a way to do this by sending the attributes in the http request header, but I haven't found a recipe on how this is accomplished.  We would like to pass the eppn value to Active4D to have it check for existing users in the database.

Our current Apache vhost configuration looks like this:

<VirtualHost 134.84.192.6:443<http://134.84.192.6:443/>>
ServerName 4d.diversity.umn.edu<http://4d.diversity.umn.edu/>

        <Location />
        AuthType shibboleth
        ShibRequestSetting requireSession 1
        Require valid-user
        </Location>
        ProxyPass /Shibboleth.sso !

        ProxyPass / http://oed-db.oit.umn.edu/
SSLEngine on
....SSL cert paths...- removed for brevity
</VirtualHost>

Thanks!

--
Tonu Mikk
Adaptive Technologist | Disability Resource Center | diversity.umn.edu/disability<http://diversity.umn.edu/disability>
University of Minnesota | umn.edu<http://umn.edu>
tmikk at umn.edu<mailto:tmikk at umn.edu> | 612-625-3307
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20160405/81317e69/attachment.html>

More information about the users mailing list