Using Apache 2.2 on Windows with mod_auth_sspi and mod_headers. I'm trying to pass the current authenticated user through to the proxy target in the X-Remote-User header.
I expect that this is simple, but I've been wrangling Apache for an hour now and can't find the secret sauce in documentation or google.
My configuration is as follows. It correctly authenticates the user with Active Directory, and then proxies the request through to the server sitting behind. However, the X-Remote-User header doesn't get added. It appears that the REMOTE_USER environment variable doesn't exist. Neither does AUTH_USER.
I know that the authenticated username is available somewhere, but how do I get it?
ProxyRequests off
ProxyPass /clsoap/ http://127.0.0.1:12001/clsoap/
<Location /clsoap/>
ProxyPassReverse /clsoap/
AuthName "ADTest"
AuthType SSPI
SSPIAuth On
SSPIAuthoritative On
SSPIDomain primary.example.com
SSPIUsernameCase lower
SSPIOfferBasic Off
Require valid-user
RequestHeader set X-Remote-User "%{REMOTE_USER}e" env=REMOTE_USER
RequestHeader set X-Auth-User "%{AUTH_USER}e" env=AUTH_USER
</Location>
Best Answer
Yay. Another google session later trying different random keywords and I found this:
http://www.ruby-forum.com/topic/83067
http://old.nabble.com/Forcing-a-proxied-host-to-generate-REMOTE_USER-to2911573.html#a2914465
This now works: