Hi to all.
I'm running JBoss 5.1.2 with Apache 2.2 with mod_proxy_ajp and mod_shib 2.4 on RHEL 6.2 environment, so Shibboleth as SSO authentication.
Proxying Apache request to JBoss we are not able to retreive REMOTE_USER via request attribute. An example of application code is:
String username = (String) request.getAttribute("REMOTE_USER");
but, as I said before, REMOTE_USER is not in the attribute header! The problem is that using a proxy, requests attribute are lost!
By Google, some user suggests to configure this rewrite rule on Apache
###
RewriteCond %{LA-U:REMOTE_USER} (.*)
RewriteRule .* - [E=MY_REMOTE_USER:%1]
RequestHeader add REMOTE_USER %{MY_REMOTE_USER}e
###
but in this case "REMOTE_USER" is a Request Header and not a request attribute.
Is there anyone that know how to proxy REMOTE_USER as request attribute with mod_proxy_ajp?
Thanks a lot.
Francesco.
[ update 11/05/2012 ]
Thanks to jboss.com support I solved with this rewrite rule
###
RewriteCond %{LA-U:REMOTE_USER} (.*)
RewriteRule .* - [E=AJP_REMOTE_USER:%1]
###
According with Apache documentation
http://httpd.apache.org/docs/2.2/mod/mod_proxy_ajp.html#env
Regards.
Francesco.