Can't find attribute REMOTE_USER value in https request

Peter Schober peter.schober at
Wed Jul 18 04:39:10 EDT 2018

* Tony Ennis <tennis at> [2018-07-17 21:46]:
> I seem to successfully log in using my SP and IdP.  I get redirected
> back to my application. A shib cookie is defined. I dump the environ
> variables (and all other data structures) from the http request and
> REMOTE_USER is not defined. I then use the same browser window and
> check the session with the SSO and my variables are displayed.

You're probably just accessing a resource that has no protection by
the Shib SP configured, neither active nor passive/lazy.

Assuming use of Apache httpd, the following would make attributes
appear on all requests, but would not enforce creation of a session if
there wasn't one:

<Location />
  AuthType shibboleth
  ShibRequestSetting requireSession 0
  require shibboleth


More information about the users mailing list