0 Replies Latest reply on May 11, 2012 9:28 AM by Francesco Sordillo

    [SOLVED] REMOTE_USER mod_proxy_ajp JBoss

    Francesco Sordillo Newbie

      Hi to all.

       

      I'm running JBoss 5.1.2 with Apache 2.2 with mod_proxy_ajp and mod_shib 2.4 on RHEL 6.2 environment, so Shibboleth as SSO authentication.

      Proxying Apache request to JBoss we are not able to retreive REMOTE_USER via request attribute. An example of application code is:

       

      String username = (String) request.getAttribute("REMOTE_USER");

       

      but, as I said before, REMOTE_USER is not in the attribute header! The problem is that using a proxy, requests attribute are lost!

      By Google, some user suggests to configure this rewrite rule on Apache

       

      ###

          RewriteCond %{LA-U:REMOTE_USER} (.*)

          RewriteRule .* - [E=MY_REMOTE_USER:%1]

          RequestHeader add REMOTE_USER %{MY_REMOTE_USER}e

      ###

       

      but in this case "REMOTE_USER" is a Request Header and not a request attribute.

      Is there anyone that know how to proxy REMOTE_USER as request attribute with mod_proxy_ajp?

       

      Thanks a lot.

      Francesco.

       

      [ update 11/05/2012 ]

      Thanks to jboss.com support I solved with this rewrite rule

       

      ###

          RewriteCond %{LA-U:REMOTE_USER} (.*)

          RewriteRule .* - [E=AJP_REMOTE_USER:%1]

      ###

       

      According with Apache documentation

      http://httpd.apache.org/docs/2.2/mod/mod_proxy_ajp.html#env

       

      Regards.

      Francesco.