Hi all,
I attended the InstallFest workshop yesterday – very fun and informative. Thank you for offering this, and very nice to meet everyone.
I have hopefully a quick, specific question for the community. Is it still the case that ShibUseHeaders On must appear in the shib.conf Apache configuration when using ProxyPass and AJP to front-end a Tomcat app with Shibboleth? The reason being that AJP won’t forward environment variables not prefixed with AJP_, and the ones passed via Shib are not?
Any known way around this limitation? I’d like to use environment variables if possible instead of headers as I know the debate continues over the security implications of the use of the latter.
Thank you for any insight,
-George
It's not and the documentation also states that (though I already
thought about changing the docs to reflect that more clearly and
promptly forgot ;)
> The reason being that AJP won't forward environment variables not
> prefixed with AJP_, and the ones passed via Shib are not?
Add attributePrefix="AJP_" to <ApplicationDefaults> and they will be.
-peter
Is this better now?
https://spaces.internet2.edu/display/SHIB2/NativeSPJavaInstall
-peter
Thank you!
-George
This email and any attachments may contain confidential and proprietary information of Blackboard that is for the sole use of the intended recipient. If you are not the intended recipient, disclosure, copying, re-distribution or other use of any of this information is strictly prohibited. Please immediately notify the sender and delete this transmission if you received this email in error.
On 11/11/10 1:56 PM, George Kroner wrote:
> Beautiful. I'd also add a handy tip for Java developers that when
> using request.getAttributeNames() to iterate over all the environment
> variables, the Shib ones are not included in the enumeration. One
> must explicitly call them - eg: request.getAttribute("eppn"). With
> your help, and overcoming this bit of strangeness, we're good to go.
--
Chad La Joie
http://itumi.biz
trusted identities, delivered
Exactly what I wrote back in June:
http://groups.google.com/group/shibboleth-users/msg/a4d5b03614a7fd76
http://groups.google.com/group/shibboleth-users/msg/e68bdc0bc1018bb2
cheers,
-peter
This is a bug affecting Tomcat 6 up to 6.0.20:
https://issues.apache.org/bugzilla/show_bug.cgi?id=47364 which has been
fixed by... patching the javadoc!
From
http://tomcat.apache.org/tomcat-6.0-doc/api/org/apache/catalina/connector/Request.html#getAttributeNames%28%29
"Note that the attribute names return will only be those for the
attributes set via setAttribute(String, Object). Tomcat internal
attributes will not be included although they are accessible via
getAttribute(String)."
Regards,
Etienne