Can't find attribute REMOTE_USER value in https request
tennis at eagle6.com
Wed Jul 18 09:46:03 EDT 2018
Thank you for the response. I don't know if my application endpoint is explicitly secured by Shib SP or not. My nginx-powered endpoint checks for a Shib cookie and if not present in the http request, redirects to the Shib login.
I don't have any confidence that Shib SP is creating REMOTE_USER at all. My log files don't give me any detailed information even though everything is set to the DEBUG level. I can see which SP endpoints are being accessed, the http verb, status, and bytecount. But no XML or anything that tells me what's really happening.
tennis at riverainc.com<mailto:tennis at riverainc.com> | Rivera Group<http://www.riverainc.com>
From: users <users-bounces at shibboleth.net> on behalf of Peter Schober <peter.schober at univie.ac.at>
Sent: Wednesday, July 18, 2018 4:39:10 AM
To: users at shibboleth.net
Subject: Re: Can't find attribute REMOTE_USER value in https request
External Email! Do not click any links or open any attachments unless you trust the sender and know the content is safe.
* Tony Ennis <tennis at eagle6.com> [2018-07-17 21:46]:
> I seem to successfully log in using my SP and IdP. I get redirected
> back to my application. A shib cookie is defined. I dump the environ
> variables (and all other data structures) from the http request and
> REMOTE_USER is not defined. I then use the same browser window and
> check the session with the SSO and my variables are displayed.
You're probably just accessing a resource that has no protection by
the Shib SP configured, neither active nor passive/lazy.
Assuming use of Apache httpd, the following would make attributes
appear on all requests, but would not enforce creation of a session if
there wasn't one:
ShibRequestSetting requireSession 0
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
Confidentiality Notice: This message and any attachments are for the sole use of the intended recipient(s), and may contain information considered confidential or privileged by the sending organization or trade secrets of the sending organization. This message does not authorize the intended recipient to disclose this information to any other party. Use, disclosure, or retention of any information in this message by anyone other than the intended user is strictly prohibited, unless otherwise authorized in writing. If you are not the intended recipient, please destroy all copies of this message.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the users