httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From nicolas.villoutr...@accenture.com
Subject [users@httpd] Forwarding client Certficates from mod_ssl to a distant mod_jk through HTTPHeaders.
Date Tue, 03 Feb 2004 12:56:08 GMT
I would like to implement the following scenario : 
 
Component:      Web Browser --- Apache(mod_ssl, mod_proxy, mod_headers) --- Apache(mod_jk,
mod_headers)  --- Tomcat 
                              1                  2                                       
                      3                                           4
 
Besides, i want to forward the user certificate all the way down to Tomcat.
 
 
For now, I have been able to do this scenario : 
Component:      Web Browser --- Web Server (mod_ssl, mod_jk) --- Tomcat
 
In this configuration, Mod_ssl exports the user certificate into an environment variable,

and then mod_jk reads it and makes it available to tomcat as a request attribute.
 
 
Next step consists in converting the environment variable containing the client certificate
into an HTTP header.
Then, forwarding the request to the other apache server, and reconverting the HTTP header
into an environment variable so that mod_jk can find it and forward it finally to Tomcat.
 
Here is in details the sequence of the scenario : 
 
(1) : The SSL Client (1) establishes a SSL connection with the apache server 2.
The apache server 2 : 
(2) : stores the client certificate in an apache environment variable,
(3) : reads the variable and inserts it into an HTTP header (mod_headers), 
(4) : and forwards the request to the apache server 3 (mod_proxy).
The apache server 3 : 
(5) : reads the HTTP header (mod_headers) and stores it as an environment variable,
(6) : reads the environment variable and forwards the request with the client certificate
(mod_jk) to the tomcat server.
 
 
What i managed to do are steps (1), (2), (3), (4), and (6).
I did not figured out yet how to store the content of a header as an environment variable.
 
But the main issue is about storing a client certificate in a HTTP header : When mod_ssl writes
the certificate as an environment variable, it produces a multi-line output and the RequestHeader
directive isn't able to transfer it into a correct multi-line HTTP header.
 
I saw in the httpd-dev mailing-list archive that there was a patch in apache 2.0 submitted,
but it does not seem to have been integrated (http://www.mail-archive.com/modssl-users@modssl.org/msg15917.html).

 
I hope you can give some hints on how to achieve this, there is maybe also better ways to
implement this scenario, any suggestion would be more than welcome...
 
Thank you in advance.
Nicolas.
 


This message is for the designated recipient only and may contain privileged, proprietary,
or otherwise private information.  If you have received it in error, please notify the sender
immediately and delete the original.  Any other use of the email by you is prohibited.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message