dataverse AJP connector

[Michel Bamouni]

Hi,

When setup shibboleth on dataverse 4.5.1, is it a mandatory to use "AJP" as proxy pass?
I request because I don't use AJP and the function printAttributes of dataverse Shib.java diplay an empty tab

    public static void printAttributes(HttpServletRequest request) {
        List<String> shibValues = new ArrayList<>();
        if (request == null) {
            logger.fine("HttpServletRequest was null. No shib values to print.");
            return;
        }
        for (String attr : shibAttrs) {

            /**
             * @todo explain in Installers Guide that in order for these
             * attributes to be found attributePrefix="AJP_" must be added to
             * /etc/shibboleth/shibboleth2.xml like this:
             *
             * <ApplicationDefaults entityID="https://dataverse.org/shibboleth"
             * REMOTE_USER="eppn" attributePrefix="AJP_">
             *
             */
            Object attrObject = request.getAttribute(attr);
            if (attrObject != null) {
                shibValues.add(attr + ": " + attrObject.toString());
            }
        }
        logger.fine("shib values: " + shibValues);
    }

Important : I see the attribuites in /Shibboleth-Session.

[Michel Bamouni]

I solved my problem using AJP make reverse proxy.

[Philip Durbin]

Perfect! I explored alternatives to AJP in https://github.com/IQSS/dataverse/issues/2294 ("permit use of request headers rather than environment variables") but I couldn't find a secure way to avoid using AJP. So you have to use AJP. It's the only secure way, from what I understand. Thanks for hanging in there. :)

Phil

​

[Michel Bamouni]

Hi Phil,

I use AJP and this solving my problem.
Thanks very much for your answer.

Michel