tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Konstantin Kolinko <knst.koli...@gmail.com>
Subject Re: REMOTE_USER mod_jk
Date Thu, 19 Nov 2015 13:17:54 GMT
2015-11-19 16:02 GMT+03:00 Teresa Fasano <t.fasano@cineca.it>:
> Hi,
>
> I'm using Apache 2.4.6 with mod_jk and mod_shib 2.5.5, so Shibboleth as SSO
> authentication.
>
> Routing Apache request to tomcat (JBoss) we are not able to retreive
> REMOTE_USER.
>
> It seems that the REMOTE_USER is lost.
>
> In the configuration file shibboleth2.xml we have REMOTE_USER="uid".
>
> The authentication of shibboleth is successful as you can see from the logs
> of the identity provider and the log of the service provider:
> <...>
>
> In the access log of the Apache I see the value of the attribute uid (the
> remote_user):
> 130.186.19.126 - test [19/Nov/2015:10:38:54 +0100] "GET /u-gov/ HTTP/1.1"
>
> The authentication of the location is:
> <Location ~ "/u-gov(.*)" >
>    AuthType shibboleth
>    ShibRequireSession On
>    ShibExportAssertion On
>    require valid-user
> </Location>
>
>
> It seems that the Apache is unable to pass this attribute.

How do you test whether it is able or unable to pass it?

How your AJP connector in Tomcat is configured?  You need to set
tomcatAuthentication="false" on <Connector> [1]

[1] http://tomcat.apache.org/connectors-doc/common_howto/proxy.html

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message