passing attributes with reverse proxy

Tonu Mikk tmikk at
Fri Apr 8 15:10:39 EDT 2016

The only attribute that we needed to pass to the application server is
eppn.  Our solution ended up being quite simple taking advantage of
Remote_User.  The Remote_User value is set to eppn by default in
shibboleth2.xml file. Now we added a line in the vhost to take the
Remote_User value and pass it on to the application server in the header
with this command:

*RequestHeader set REMOTE-USER %{REMOTE_USER}s*

It was slightly tricky to understand how to view that the header was
passed.  This required writing some code on the application server that
displayed the header values on the web page.

Thanks all!

On Tue, Apr 5, 2016 at 12:36 PM, Peter Schober <peter.schober at>

> * Cantor, Scott <cantor.2 at> [2016-04-05 19:25]:
> > with mod_proxy, you would have to manually create SetHeader commands
> > for every header you wanted to transfer across, and source the
> > headers from the local request environment.
> Ah, yeah, that's what I had to do a many years ago.
> > Unless I'm not understanding the goal here, you would not need to
> > set the ShibUseHeaders option, the issue isn't accessing the headers
> > in Apache, but across a proxy hop.
> Sorry for mixing this up,
> -peter
> --
> To unsubscribe from this list send an email to
> users-unsubscribe at

Tonu Mikk
Adaptive Technologist | Disability Resource Center |
University of Minnesota |
tmikk at | 612-625-3307
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the users mailing list