Shibboleth 3 attributes not exposed from Apache 2.4 as environment variables
Peter Schober
peter.schober at univie.ac.at
Sat Dec 14 08:40:31 EST 2019
* vasileios.koukoutsas at uzh.ch <vasileios.koukoutsas at uzh.ch> [2019-12-14 14:27]:
> In the proxy_html.conf I have added the configuration:
>
> ProxyRequests Off
> ProxyPass /Shibboleth.sso/* !
> ProxyPass /app/ https://localhost:10050/app/
> ProxyPassReverse /app/ https://localhost:10050/app/
You're telling httpd to proxy via HTTP here (but you can't transfer
environment variables over HTTP).
> ProxyHTMLURLMap https://localhost:10050/app/ /app/
>
> <Location /app/>
> ProxyPassReverse /
> SetOutputFilter proxy-html
> ProxyHTMLURLMap /app/ /app/
> RequestHeader unset Accept-Encoding
> </Location>
I don't understand the addtion of any of that but I suppse you have
reasons for including it?
> and in the sites-enabled my app-le-ssl.conf configuration is:
>
> RequestHeader set X-Forwarded-Proto "https"
> <Proxy ajp://localhost:8009>
> Require all granted
> </Proxy>
> SSLProxyEngine On
> ProxyPass /app/ ajp://localhost:8009/app/
> ProxyPassReverse /app/ ajp://localhost:8009/app/
> ProxyPass /Shibboleth.sso/* !
While that's also more verbose that what I had used in the past (I
never had to use more than ProxyPass + ProxyPass) but here you're
proxying via AJP as you should (using httpd's mod_proxy_ajp).
So I'd stop proxying via https *and* via ajp. Why have Tomcat even use
an HTTP Connector when you intend to proxy via AJP from httpd? Port
8009 should suffice.
-peter
More information about the users
mailing list