Where are the cas-attribute headers?
279 views
Skip to first unread message
mostolog
Jun 30, 2016, 12:21:05 PM6/30/16
to CAS Community
Hi
We're just starting with Apache 2.4 + mod_auth_cas.
So far, we have been able to build it and use Require valid-user and cas-attribute directives.
We'll like to forward cas-attributes to applications using HTTP
headers.
Is there any way to achieve this at Apache configuration level/httpd.conf?
How PHP does retrieve that information as a header? We have tried echoing headers starting with HTTP, CAS...without succeeding.
Are we missing something?
mostolog
Jun 30, 2016, 12:40:33 PM6/30/16
to CAS Community
Hi
Finally, I managed to solve it.
Seems that cas-attribute headers are only sent if CASAuthNHeader directive is enabled.
According to documentation:
IMHO that's not exactly what's happening, and either of two should be done:
Should I fill the issue? Which one?
Regards
Finally, I managed to solve it.
Seems that cas-attribute headers are only sent if CASAuthNHeader directive is enabled.
According to documentation:
Directive: CASAuthNHeader
Default: None
Description: If enabled, this will store the user returned by CAS in an HTTP header accessible to your web applications.
IMHO that's not exactly what's happening, and either of two should be done:
- Fix an error(if any) to return headers always (but when CASScrubRequestHeaders enabled?)
- Update documentation to reflect this directive also has an effect on cas-attribute headers
Should I fill the issue? Which one?
Regards
David Hawes
Jun 30, 2016, 1:07:18 PM6/30/16
to mostolog, CAS Community
On 30 June 2016 at 12:40, mostolog <most...@gmail.com> wrote:
> Hi
>
>
> Finally, I managed to solve it.
>
> Seems that cas-attribute headers are only sent if CASAuthNHeader directive
> is enabled.
That's correct.
> Hi
>
>
> Finally, I managed to solve it.
>
> Seems that cas-attribute headers are only sent if CASAuthNHeader directive
> is enabled.
Also note that you may want to set your CASAttributePrefix to
something that does not contain underscores, as Apache 2.4 will
silently drop those headers.
> According to documentation:
>
> Directive: CASAuthNHeader
> Default: None
> Description: If enabled, this will store the user returned by CAS in an HTTP
> header accessible to your web applications.
>
>
> IMHO that's not exactly what's happening, and either of two should be done:
>
> Fix an error(if any) to return headers always (but when
> CASScrubRequestHeaders enabled?)
> Update documentation to reflect this directive also has an effect on
> cas-attribute headers
>
>
> Should I fill the issue? Which one?
how authorization has evolved over the years, but I could be convinced
that they should have their own directive or even be on all the time.
In the short term documenting this better would help. Feel free to
open an issue discussing all of this, and we can decide what to do
there.
Reply all
Reply to author
Forward
0 new messages