I am using Shibbolethv2.3 with Apache web server and Tomcat application server. I am using Apache as a reverse proxy using mod_proxy.so. I am not able to forward the Shibboleth environment variables from Apache to Tomcat. I am able to forward the attributes in the headers but as already mentioned in the wiki this approach is not safe.
I have tried forwarding the environment variables by the following directive :
SetEnv AJP_username ${username}
then at the Java side I can access the attribute by : request.getAttribute("username");
The strange thing here is that, I get a different value instead of the one set by Shibboleth. I get the Windows account name as a result. If I use any other attribute name, I get a null value.
I have searched a lot and have run out of options. Please guide me towards the right solution.
My setup details :
- Shibboleth version : 2.3
- OS : Windows XP SP3
- Webserver : Apache 2.2
- Application Server : Tomcat 6
- Proxy module : mod_proxy.so
Best Answer
Make sure you are proxying through using ajp in the httpd.conf
And in the shibboleth2.xml in the ApplicationDefaults section we need to add
So it looks something like
Check out this question on the shib mailing list: http://groups.google.com/group/shibboleth-users/browse_thread/thread/2bdd3e272baf49a2?pli=1