Lars Pfeil created AMQ-6980:
-------------------------------
Summary: Reverse Proxy: Additional configurable HTTP header
attributes
Key: AMQ-6980
URL: https://issues.apache.org/jira/browse/AMQ-6980
Project: ActiveMQ
Issue Type: New Feature
Components: Broker
Affects Versions: 5.15.4
Reporter: Lars Pfeil
Fix For: 5.15.5
Attachments: HttpTunnelServlet_AdditionalHeaders_Patch.txt,
WebSEAL_ActiveMQ.png
*Some reverse proxies e.g. IBM Tivoli Access Manager WebSEAL supply their own
specific HTTP header attributes for authentication purpose. WebSEAL e.g. adds
client identity (iv-user), group membership (iv-groups), and credential
information into the HTTP headers of requests destined for linked third-party
application servers.*
*These HTTP header attributes must be extracted from the linked server
components for authentication. In such environments, only the reverse proxy is
allowed to manage and access the authentication and authorization
infrastructure, but not the backend infrastructure (message queue and beyond).*
*Here you can find a graphic with explanations:*
*[https://www.ibm.com/developerworks/community/wikis/home?lang=en#!/wiki/Anything%20about%20Tivoli/page/Integrate%20SSO%20on%20Apache%20Tomcat]*
*The graphic WebSEAL_ActiveMQ.png in the appendix describes our usecase.*
**
*That’s why we need to patch activeMQ or is there another way already existing?*
**
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
