On Wed, 7 Dec 2005, Scott Lundgren wrote: > > The issue surrounds authentication via Shibboleth. The basic auth > > workflow is as follows: > > - Unauthenticated request comes in from the client > > - "Require valid-user" directive in HTTPD configuration forwards > > request > > to the Shibboleth module (via Authtype Shibboleth, implemented by > > mod_shib) > > - Shibboleth module handles authentication and sets the REMOTE_USER > > variable in the HTTPD request if auth is successful > > > > Jeremy, > > I think you're best bet is to modify mod_shib if it is responsible for > the second step of setting the remote_user variable.
Thanks, I didn't even think of that, not sure why. This is OSS and I should be able to hack in a patch somewhere that lowercases the variable. I think we are having to compile mod_shib anyway to change some other compile-time option, so this wouldn't be that added a burden. the reason I say > that because while JSPs/Servlet have the concept of request chaining & > allowing to modify the request before handing the request to the next > logical step, you'll effectively be writing a proxy. Your flow would > be: > httpd --> mod_shib --> mod_jk --> a web application of 1 servlet that > takes requests sent to it, lower cases auth_user then forwards to --> > your web application > > This is a very simple servlet to write. I would suggest passing the URL > of the target web application as a runtime configuration parameter to > make this tool more flexible for other shibboleth applications. Thanks. I just don't have the Java and servlet experience to figure this out from the ground up, but maybe it would be a good simple project to learn on. --Jeremy -- /---------------------------------------------------------------------\ | Jeremy Portzer [EMAIL PROTECTED] trilug.org/~jeremy | | GPG Fingerprint: 712D 77C7 AB2D 2130 989F E135 6F9F F7BC CC1A 7B92 | \---------------------------------------------------------------------/ -- TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ : http://trilug.org/faq/ TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
