The issue surrounds authentication via Shibboleth. The basic auth
workflow is as follows:
- Unauthenticated request comes in from the client
- "Require valid-user" directive in HTTPD configuration forwards
request
to the Shibboleth module (via Authtype Shibboleth, implemented by
mod_shib)
- Shibboleth module handles authentication and sets the REMOTE_USER
variable in the HTTPD request if auth is successful
Jeremy,
I think you're best bet is to modify mod_shib if it is responsible for
the second step of setting the remote_user variable. the reason I say
that because while JSPs/Servlet have the concept of request chaining &
allowing to modify the request before handing the request to the next
logical step, you'll effectively be writing a proxy. Your flow would
be:
httpd --> mod_shib --> mod_jk --> a web application of 1 servlet that
takes requests sent to it, lower cases auth_user then forwards to -->
your web application
This is a very simple servlet to write. I would suggest passing the URL
of the target web application as a runtime configuration parameter to
make this tool more flexible for other shibboleth applications.
- SL
--
TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
TriLUG Organizational FAQ : http://trilug.org/faq/
TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
