Can't find attribute REMOTE_USER value in https request

Boyd, Todd M. tmboyd1 at
Wed Jul 18 17:00:34 EDT 2018

Just did a bit more digging. You should be able to override nginx’s own internal variables using the “set” configuration directive, so if you’re not using FastCGI, you should still be able to do this:

                set $remote_user $http_remote_user;

(All variables that begin with “$http_” are from the HTTP headers collection.)


From: users <users-bounces at> On Behalf Of Boyd, Todd M.
Sent: Wednesday, July 18, 2018 3:58 PM
To: Shib Users <users at>
Subject: [Suspected Spam]RE: Can't find attribute REMOTE_USER value in https request

It kind of depends how the application is being spawned. If it’s by FastCGI, you should be able to use the “fastcgi_param” configuration directive to set a server variable, like this:

                fastcgi_param REMOTE_USER $http_remote_user;


From: users <users-bounces at<mailto:users-bounces at>> On Behalf Of Christopher Bongaarts
Sent: Wednesday, July 18, 2018 2:29 PM
To: Shib Users <users at<mailto:users at>>; Tony Ennis <tennis at<mailto:tennis at>>
Subject: Re: Can't find attribute REMOTE_USER value in https request

On 7/18/2018 9:33 AM, Tony Ennis wrote:
>> My nginx-powered endpoint checks for a Shib cookie and if not
>> present in the http request, redirects to the Shib login.

If you're reverse proxying from httpd to nginx, then no, you won't get REMOTE_USER set.  You'd need to use headers instead of environment variables (not the default) and pull the particular value you want.

It might be possible to have nginx map an incoming header value to REMOTE_USER, but I don't know much on the nginx side.


%%  Christopher A. Bongaarts   %%  cab at<mailto:cab at>          %%

%%  OIT - Identity Management  %%  %%

%%  University of Minnesota    %%  +1 (612) 625-1809    %%
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the users mailing list