Shib Request Env Vars vs Headers using mod_jk vs mod_proxy_http2

Dan McLaughlin dmclaughlin at
Thu Jun 22 18:29:02 UTC 2023

...and is it even that big of an issue, seeing as the headers are only
inserted on the backend, which will be encrypted using HTTP2 over TLS.
  I'm guessing it was a bigger concern with AJP seeing as how AJP
isn't encrypted.




On Thu, Jun 22, 2023 at 1:23 PM Dan McLaughlin
<dmclaughlin at> wrote:
> We've used mod_jk for years and always used request envvars instead of
> headers, but due to new security requirements, we need to move to
> mod_proxy_http2 over TLS.  In my initial testing, I've only had
> success getting attributes over if I use HTTP headers. From my
> reading, it seems like that might be the only option. Has anyone else
> been able to figure out how to use mod_proxy_http2 without having to
> enable ShibUseHeaders?
> --
> Thanks,
> Dan

More information about the users mailing list