passing attributes with reverse proxy
Tonu Mikk
tmikk at umn.edu
Fri Apr 8 15:10:39 EDT 2016
The only attribute that we needed to pass to the application server is
eppn. Our solution ended up being quite simple taking advantage of
Remote_User. The Remote_User value is set to eppn by default in
shibboleth2.xml file. Now we added a line in the vhost to take the
Remote_User value and pass it on to the application server in the header
with this command:
*RequestHeader set REMOTE-USER %{REMOTE_USER}s*
It was slightly tricky to understand how to view that the header was
passed. This required writing some code on the application server that
displayed the header values on the web page.
Thanks all!
On Tue, Apr 5, 2016 at 12:36 PM, Peter Schober <peter.schober at univie.ac.at>
wrote:
> * Cantor, Scott <cantor.2 at osu.edu> [2016-04-05 19:25]:
> > with mod_proxy, you would have to manually create SetHeader commands
> > for every header you wanted to transfer across, and source the
> > headers from the local request environment.
>
> Ah, yeah, that's what I had to do a many years ago.
>
> > Unless I'm not understanding the goal here, you would not need to
> > set the ShibUseHeaders option, the issue isn't accessing the headers
> > in Apache, but across a proxy hop.
>
> Sorry for mixing this up,
> -peter
> --
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
>
--
Tonu Mikk
Adaptive Technologist | Disability Resource Center |
diversity.umn.edu/disability
University of Minnesota | umn.edu
tmikk at umn.edu | 612-625-3307
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20160408/80a5aae7/attachment.html>
More information about the users
mailing list