httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jeff McGrath <jm_mcgr...@hotmail.com>
Subject RE: [users@httpd] Module Execution
Date Mon, 16 May 2011 18:18:53 GMT

Thanks Nick .. yes, a bit a of a hack. 

There is a web filter (TruePass) that decrypts a secure cookie and set some headers. I can
customize ones of these headers with an UID that looks like it's coming from an Oracle Access
Manager 10g implementation (OAM_REMOTE_USER). I need the Oracle filter to them consume this
header to SSO that user into the Access Management system.

The Oracle filter is coded to execute earlier in the authentication sequence so I can never
get that header set. The other problem (reverse proxy etc) is that only the TP filter can
decode the cookie and set the appropriate headers. If you attempt to set them 'downstream',
they can't be set to read them ...

How would I implement mod_rewrite in this type of scenario?

Note, the longer term solution is to swap out the TP authentication with something native
(X509 auth) ... however, this is an attempt at an 'interim' solution until another can be
fully implemented and users migrated over.

Sincere thanks.

Jeff

> From: nick@webthing.com
> Date: Mon, 16 May 2011 15:46:41 +0100
> To: users@httpd.apache.org
> Subject: Re: [users@httpd] Module Execution
> 
> 
> On 16 May 2011, at 14:52, Jeff McGrath wrote:
> 
> > Good morning ... I'm trying to levarage two different authentication modules in
our Apache 2.2 (Solaris 10/64 bit) as part of a POC. I need to ensure one fires first as I
need to set a header for the second filter to consume. Unfortunately, the second (Access Manager)
keeps executing first ...
> > 
> > Anyone have some straight forward solution/steps to have implement the module execution
order as desired?
> 
> The modules themselves determine where they hook in to request processing.
> 
> What header are you expecting an access or authentication module to set?
> Sounds like an attempt at a hack to solve some underlying problem.
> mod_rewrite is the 'usual' (but ugly) solution to such hacks.  Alternatively,
> tell us the underlying problem, and maybe someone will have a better idea.
> 
> -- 
> Nick Kew
> 
> Available for work, contract or permanent
> http://www.webthing.com/~nick/cv.html
> 
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
> 
 		 	   		  
Mime
View raw message