tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Teresa Fasano <t.fas...@cineca.it>
Subject REMOTE_USER mod_jk
Date Thu, 19 Nov 2015 13:02:14 GMT
Hi,

I'm using Apache 2.4.6 with mod_jk and mod_shib 2.5.5, so Shibboleth as 
SSO authentication.

Routing Apache request to tomcat (JBoss) we are not able to retreive 
REMOTE_USER.

It seems that the REMOTE_USER is lost.

In the configuration file shibboleth2.xml we have REMOTE_USER="uid".

The authentication of shibboleth is successful as you can see from the 
logs of the identity provider and the log of the service provider:

1) IdP:
20151119T092332Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect|_5c0790590c7a1d003f63b4e5ce58b8da|http://iuav-dev2.sviluppo.u-gov.it/shibboleth|urn:mace:shibboleth:2.0:profiles:saml2:sso|https://idp-univ-dev.cineca.it/idp/shibboleth|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_a8079a3a32dd6bd411be38ed5a8f509a|test|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|uid,eduPersonPrincipalName,surname,commonName,transientId,eduPersonTargetedID,email,employeeNumber,|||

2) SP:
2015-11-19 10:23:34 INFO Shibboleth-TRANSACTION [1613]: New session (ID: 
_771b50dad4ec72d57ae5a383a8b8f71e) with (applicationId: iuav-dev2) for 
principal from (IdP: https://idp-univ-dev.cineca.it/idp/shibboleth) at 
(ClientAddress: 130.186.19.126) with (NameIdentifier: 
_5ae86372161ba20460d91773f12241a5) using (Protocol: 
urn:oasis:names:tc:SAML:2.0:protocol) from (AssertionID: 
_b7a9d7435d4b2633af811cac17b80683)
2015-11-19 10:23:34 INFO Shibboleth-TRANSACTION [1613]: Cached the 
following attributes with session (ID: 
_771b50dad4ec72d57ae5a383a8b8f71e) for (applicationId: iuav-dev2) {
2015-11-19 10:23:34 INFO Shibboleth-TRANSACTION [1613]:         uid (1 
values)
2015-11-19 10:23:34 INFO Shibboleth-TRANSACTION [1613]:         sn (1 
values)
2015-11-19 10:23:34 INFO Shibboleth-TRANSACTION [1613]:         cn (1 
values)
2015-11-19 10:23:34 INFO Shibboleth-TRANSACTION [1613]: 
eduPersonTargetedID (1 values)
2015-11-19 10:23:34 INFO Shibboleth-TRANSACTION [1613]:         mail (1 
values)
2015-11-19 10:23:34 INFO Shibboleth-TRANSACTION [1613]: employeeNumber 
(1 values)
2015-11-19 10:23:34 INFO Shibboleth-TRANSACTION [1613]: }

In the access log of the Apache I see the value of the attribute uid 
(the remote_user):
130.186.19.126 - test [19/Nov/2015:10:38:54 +0100] "GET /u-gov/ HTTP/1.1"

The authentication of the location is:
<Location ~ "/u-gov(.*)" >
    AuthType shibboleth
    ShibRequireSession On
    ShibExportAssertion On
    require valid-user
</Location>


It seems that the Apache is unable to pass this attribute.

Is there anyone that know how to forward REMOTE_USER with mod_jk to the 
application?

Regards.
Teresa

-- 
----------------------------------
L'educazione รจ il pane dell'anima
----------------------------------

Teresa Fasano

CINECA
System and Technologies Department
Middleware and Infrastructure Group
Via Magnanelli, 6/3
Casalecchio di Reno (Bologna) ITALY

web:     http://www.cineca.it
e-mail:  t.fasano@cineca.it
phone:   +39 051 61 71 364


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message