2015-11-19 16:02 GMT+03:00 Teresa Fasano <t.fas...@cineca.it>: > Hi, > > I'm using Apache 2.4.6 with mod_jk and mod_shib 2.5.5, so Shibboleth as SSO > authentication. > > Routing Apache request to tomcat (JBoss) we are not able to retreive > REMOTE_USER. > > It seems that the REMOTE_USER is lost. > > In the configuration file shibboleth2.xml we have REMOTE_USER="uid". > > The authentication of shibboleth is successful as you can see from the logs > of the identity provider and the log of the service provider: > <...> > > In the access log of the Apache I see the value of the attribute uid (the > remote_user): > 130.186.19.126 - test [19/Nov/2015:10:38:54 +0100] "GET /u-gov/ HTTP/1.1" > > The authentication of the location is: > <Location ~ "/u-gov(.*)" > > AuthType shibboleth > ShibRequireSession On > ShibExportAssertion On > require valid-user > </Location> > > > It seems that the Apache is unable to pass this attribute.
How do you test whether it is able or unable to pass it? How your AJP connector in Tomcat is configured? You need to set tomcatAuthentication="false" on <Connector> [1] [1] http://tomcat.apache.org/connectors-doc/common_howto/proxy.html --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
