Geek Answers Handbook

Forward REMOTE_USER to tomcat via AJP (e.g. for shibboleth)

Today I just got stuck in the following problem: 1. I configured apache for basic authentication (requires a valid user); who worked. 2. I also configured apache to forward requests to some path (/ idp in my case) to the tomcat servlet (shibboleth IDP).

The result was that shibboleth IdP (ECP profile) told me that there is no set "REMOTE_USER" (it uses the httpRequest.getRemoteUser () method to check that it returned null).

I have tried many things like SetEnv and RewriteRule, but without success.

The solution is pretty simple, but pretty hard to find ... so I decided to post it here to help others solve this problem.

Relationship stefan

+4
source share
1 answer

Ok, here is my solution. I found that tomcat needs to be configured to trust / accept the authentication that apache2 performed ...

To do this, you need to edit the server.xml tomcat file (should be in / etc / tomcat 6 / server.xml or similar) and add tomcatAuthentication="false" in your <Connector> -Tag to connect AJP. My Connector tag is as follows:

 <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" tomcatAuthentication="false" />

Now you just need to restart tomcat ... is done.

Hope this helps !; -)

Stephen

Explanation:

"tomcatAuthentication" - "If set to True, authentication will be performed in Tomcat, otherwise the authenticated director will be distributed from its own web server and used for authorization in Tomcat. The default value is" true ".

Quote from: http://tomcat.apache.org/tomcat-5.5-doc/config/ajp.html

+11
source

More articles:


All Articles