We proxy connections trough Apache to GlassFish Web Applications, and
would like to give those applications access to the http REMOTE_USER
variable. To make sure this is not related to GlassFish, I have
created a very basic test script. The kerberos authentication and
Apache proxy work properly, and the script is able to see the
REMOTE_USER variable when called directly. However, the script can
not see the REMOTE_USER variable when it's accessed through a proxy.
It seems as though this has been discussed several times, but I have
not been able to make any of the proposed solutions work.
Here is the relevant portion of our configuration file file.
------
######
# GlassFish proxy
ProxyPreserveHost on
RewriteEngine on
RewriteLog /var/log/httpd/rewrite.log
RewriteLogLevel 9
RequestHeader Set Proxy-keysize 512
RequestHeader Set Proxy-ip %{REMOTE_ADDR}e
RequestHeader Set Host ourserver.com:443
RequestHeader set REMOTE_USER %{LA-U:REMOTE_USER}e
RewriteRule ^/test$ /test/ [R,L]
RewriteRule ^/test/(.*) http://localhost/cgi-bin/test/$1
[P,L,E=REMOTE_USER:%{LA-U:REMOTE_USER}]
<Location "/test">
order deny,allow
deny from all
AuthType KerberosV5
AuthName "kerberos authentication"
Satisfy any
require valid-user
</Location>
------
And here is what I see in rewrite.log. REMOTE_USER is eventually set
properly, just not soon enough for the script.
------
... [rid#8aa28f8/initial] (2) init rewrite engine with requested uri /
test/remote.cgi
... [rid#8aa28f8/initial] (3) applying pattern '^/test$' to uri '/test/
remote.cgi'
... [rid#8aa28f8/initial] (3) applying pattern '^/test/(.*)' to uri '/
test/remote.cgi'
... [rid#8aa28f8/initial] (2) rewrite /test/remote.cgi ->
http://localhost/cgi-bin/test/remote.cgi
... [rid#8aa4900/subreq] (2) init rewrite engine with requested uri /
test/remote.cgi
... [rid#8aa4900/subreq] (1) pass through /test/remote.cgi
... [rid#8aa28f8/initial] (5) lookahead: path=/test/remote.cgi
var=REMOTE_USER -> val=
... [rid#8aa28f8/initial] (5) setting env variable 'REMOTE_USER' to ''
... [rid#8aa28f8/initial] (2) forcing proxy-throughput with
http://localhost/cgi-bin/test/remote.cgi
... [rid#8aa28f8/initial] (1) go-ahead with proxy request proxy:http://
localhost/cgi-bin/test/remote.cgi [OK]
... [rid#8aa8908/initial] (2) init rewrite engine with requested uri /
test/remote.cgi
... [rid#8aa8908/initial] (3) applying pattern '^/test$' to uri '/test/
remote.cgi'
... [rid#8aa8908/initial] (3) applying pattern '^/test/(.*)' to uri '/
test/remote.cgi'
... [rid#8aa8908/initial] (2) rewrite /test/remote.cgi ->
http://localhost/cgi-bin/test/remote.cgi
... [rid#8abcf90/subreq] (2) init rewrite engine with requested uri /
test/remote.cgi
... [rid#8abcf90/subreq] (1) pass through /test/remote.cgi
... [rid#8aa8908/initial] (5) lookahead: path=/test/remote.cgi
var=REMOTE_USER -> val=dab66
... [rid#8aa8908/initial] (5) setting env variable 'REMOTE_USER' to
'dab66'
... [rid#8aa8908/initial] (2) forcing proxy-throughput with
http://localhost/cgi-bin/test/remote.cgi
... [rid#8aa8908/initial] (1) go-ahead with proxy request proxy:http://
localhost/cgi-bin/test/remote.cgi [OK]
------
Any suggestions would be greatly appreciated. Please let me know if
there is any more information I can provide.
Many thanks,
Devin
