passing attributes from mod_shib via proxy to an application
Marcus Schopen
lists at localguru.de
Thu May 16 12:19:22 EDT 2019
Hi,
I'm using Apache's mod_shib to register my SP at an IDP. For the
application on SP side I want to use Flask. To pass RequestedAttributes
like displayName, mail etc. from Apache's Proxy to Flask, I configured
my Apache as follows:
----------
<Location /test>
AuthType shibboleth
ShibRequireSession On
ShibUseHeaders Off
ShibExportAssertion On
Require valid-user
RequestHeader set REMOTE-USER %{REMOTE_USER}s
RequestHeader set X-Proxy-DISPLAYNAME "{displayName}e"
RequestHeader set X-Proxy-MAIL "%{mail}e"
<Location>
# Flask
ProxyPreserveHost On
ProxyPass /test/ http://127.0.0.1:5000/
ProxyPassReverse /test/ http://127.0.0.1:5000/
----------
Access headers on Flask side:
----------
displayname = request.environ.get('HTTP_X_PROXY_DISPLAYNAME')
mail = request.environ.get('HTTP_X_PROXY_MAIL')
----------
Is this the right/secure way or is it done differently?
Ciao
Marcus
More information about the users
mailing list