On Fri, Jan 9, 2009 at 7:36 PM, Martin Gainty <mgai...@hotmail.com> wrote: > > if you're fronting with Apache 2.2 WebServer you need to rewrite the > environment variable REMOTE_USER and place on request to TC to allow TC to > use getRemoteUser() > > http://osdir.com/ml/apache.mod-auth-kerb.general/2005-10/msg00009.html > > HTH > Martin
Martin, thanks for the reply. I am running Apache httpd 2.0.52 (not 2.2). For the sake of posterity, I will post what the fix was. Maybe it will save someone from banging his head against the wall when he runs into the same problem. As it turns out, my problem was with my httpd.conf configuration. I had my authentication directives within a <Directory> object (i.e. the directory for the web application). When I went directly to said directory from a web browser, I was prompted for credentials. But if I went directly to a web page a couple subdirs deep in that directory, it let me in without authentication. Hmm... So, I put my authentication directives in a <Location> object instead, like so: ---------------------------------------------------------- <Location /my_webapp> AuthType shibboleth ShibRequireSession On require valid-user </Location> ---------------------------------------------------------- Note that the JkMount directive is simply: ---------------------------------------------------------- JkMount /my_webapp/*.jsp ajp13 ---------------------------------------------------------- Voila. We are in business. This (along with the tomcatAuthentication="no" change needed in server.xml) is working properly. My guess is the way I had it set up earlier did not show a value for REMOTE_USER because I was running a .jsp in a non-Shib / non-Basic / non-whatever-protected directory. -- Best regards - Ryu Fan // rfano...@gmail.com --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org