Can't find attribute REMOTE_USER value in https request

Peter Schober peter.schober at
Wed Jul 18 09:59:18 EDT 2018

* Tony Ennis <tennis at> [2018-07-18 15:46]:
> I don't know if my application endpoint is explicitly secured by
> Shib SP or not.

Well, who else should know? You don't know and you also don't provide
any technical details.

* Tony Ennis <tennis at> [2018-07-17 21:46]:
> I am using Apache and Shib SP for SSO, and Flask/uwsgi to serve my application.
> My nginx-powered endpoint checks for a Shib cookie and if not
> present in the http request, redirects to the Shib login.

So you're running both Apache httpd *and* Nginx for the same resource?
Why? The Shib SP can be used with Nginx, too, if you positively
require Nginx but not httpd.

Other than that I don't understand what the above means, so it's
likely a hint that something weird going on in your deployment.

> I don't have any confidence that Shib SP is creating REMOTE_USER at
> all.

If it's protecting content (or configured as I suggested before, which
you didn't not comment on at all) it httpd will log REMOTE_USER in
httpd's access log.


More information about the users mailing list