Shibboleth 3 attributes not exposed from Apache 2.4 as environment variables

vasileios.koukoutsas at vasileios.koukoutsas at
Sat Dec 14 11:42:51 EST 2019

Dear Peter,

Thank you for the fast reply and the suggestion(s).
Excuse my ignorance but I have a few follow-up questions.

You mentioned I do not use https for the following snippet:

> ProxyRequests Off
> ProxyPass /Shibboleth.sso/* !
> ProxyPass /app/ https://localhost:10050/app/
> ProxyPassReverse /app/ https://localhost:10050/app/

Is something missing? as far as I know using https in ProxyPass and ProxyPassReverse will only redirect using https
Currently if I try to access my webapp or any resource under Apache I can only do it using https. http requests are automatically redirected to https.

> ProxyHTMLURLMap https://localhost:10050/app/ /app/
> <Location /app/>
>    ProxyPassReverse /
>    SetOutputFilter  proxy-html
>    ProxyHTMLURLMap  /app/ /app/
>    RequestHeader    unset  Accept-Encoding
> </Location>
> I don't understand the addtion of any of that but I suppse you have reasons for including it?

This addition is to redirect requests and responses from the backend which is in localhost to the frontent (e.g. <-> https://localhost:10050/app/

If I have understood correctly I need both an https and an ajp connectors (in Java backend) & their respective proxies in Apache.
The https connector running on port 10050 is used to server the web content and the sole purpose of the ajp (port 8009) connector is to have access to the attributes exposed by apache as environment variables.

I though that if you only use an https connector then you can only fetch the attributes through the headers, which is strongly recommended against.
I am not familiar on how Apache works and what are the different configuration options, the more time I spend viewing suggested solutions/configurations the more I get confused.
Is there maybe a suggested configuration example from Shibboleth?


-----"users" <users-bounces at> wrote: -----
To: users at
From: "Peter Schober" 
Sent by: "users" 
Date: 14/12/2019 14:43
Subject: Re: Shibboleth 3 attributes not exposed from Apache 2.4 as environment variables

In other words, I'd start from the most minimal configuration to get
this to work, not from the accumulation of directives you seem to be
working with.

For Consortium Member technical support, see
To unsubscribe from this list send an email to users-unsubscribe at

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the users mailing list