passing attributes from mod_shib via proxy to an application

Marcus Schopen lists at
Thu May 16 12:19:22 EDT 2019


I'm using Apache's mod_shib to register my SP at an IDP. For the
application on SP side I want to use Flask. To pass RequestedAttributes
like displayName, mail etc. from Apache's Proxy to Flask, I configured
my Apache as follows:


<Location /test>
   AuthType shibboleth
   ShibRequireSession On
   ShibUseHeaders Off
   ShibExportAssertion On
   Require valid-user
   RequestHeader set REMOTE-USER %{REMOTE_USER}s
   RequestHeader set X-Proxy-DISPLAYNAME "{displayName}e"
   RequestHeader set X-Proxy-MAIL "%{mail}e"

# Flask
ProxyPreserveHost On
ProxyPass /test/
ProxyPassReverse /test/


Access headers on Flask side:


displayname = request.environ.get('HTTP_X_PROXY_DISPLAYNAME')
mail = request.environ.get('HTTP_X_PROXY_MAIL')


Is this the right/secure way or is it done differently?


More information about the users mailing list