Can't find attribute REMOTE_USER value in https request

Boyd, Todd M. tmboyd1 at ccis.edu
Wed Jul 18 17:00:34 EDT 2018 

Just did a bit more digging. You should be able to override nginx’s own internal variables using the “set” configuration directive, so if you’re not using FastCGI, you should still be able to do this:

                set $remote_user $http_remote_user;

(All variables that begin with “$http_” are from the HTTP headers collection.)


-Todd

From: users <users-bounces at shibboleth.net> On Behalf Of Boyd, Todd M.
Sent: Wednesday, July 18, 2018 3:58 PM
To: Shib Users <users at shibboleth.net>
Subject: [Suspected Spam]RE: Can't find attribute REMOTE_USER value in https request

It kind of depends how the application is being spawned. If it’s by FastCGI, you should be able to use the “fastcgi_param” configuration directive to set a server variable, like this:

                fastcgi_param REMOTE_USER $http_remote_user;


-Todd

From: users <users-bounces at shibboleth.net<mailto:users-bounces at shibboleth.net>> On Behalf Of Christopher Bongaarts
Sent: Wednesday, July 18, 2018 2:29 PM
To: Shib Users <users at shibboleth.net<mailto:users at shibboleth.net>>; Tony Ennis <tennis at eagle6.com<mailto:tennis at eagle6.com>>
Subject: Re: Can't find attribute REMOTE_USER value in https request

On 7/18/2018 9:33 AM, Tony Ennis wrote:
>> My nginx-powered endpoint checks for a Shib cookie and if not
>> present in the http request, redirects to the Shib login.

If you're reverse proxying from httpd to nginx, then no, you won't get REMOTE_USER set.  You'd need to use headers instead of environment variables (not the default) and pull the particular value you want.

It might be possible to have nginx map an incoming header value to REMOTE_USER, but I don't know much on the nginx side.


--

%%  Christopher A. Bongaarts   %%  cab at umn.edu<mailto:cab at umn.edu>          %%

%%  OIT - Identity Management  %%  http://umn.edu/~cab  %%

%%  University of Minnesota    %%  +1 (612) 625-1809    %%
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20180718/f25dcd20/attachment.html>

More information about the users mailing list