Shib Request Env Vars vs Headers using mod_jk vs mod_proxy_http2
Dan McLaughlin
dmclaughlin at tech-consortium.com
Thu Jun 22 18:29:02 UTC 2023
...and is it even that big of an issue, seeing as the headers are only
inserted on the backend, which will be encrypted using HTTP2 over TLS.
I'm guessing it was a bigger concern with AJP seeing as how AJP
isn't encrypted.
--
Thanks,
Dan
On Thu, Jun 22, 2023 at 1:23 PM Dan McLaughlin
<dmclaughlin at tech-consortium.com> wrote:
>
> We've used mod_jk for years and always used request envvars instead of
> headers, but due to new security requirements, we need to move to
> mod_proxy_http2 over TLS. In my initial testing, I've only had
> success getting attributes over if I use HTTP headers. From my
> reading, it seems like that might be the only option. Has anyone else
> been able to figure out how to use mod_proxy_http2 without having to
> enable ShibUseHeaders?
>
> --
>
> Thanks,
>
> Dan
More information about the users
mailing list