Topic: REMOTE_USER reverse proxy, and authentication

[jgauthier]

Everyone,

I've been reading, testing, reading, testing for some time. I feel like I just cannot get a definitive answer and I'm hoping this thread will be it!

I have several applications that use authentication and expect REMOTE_USER to be set by Apache for authentication/authorization.

I am putting a reverse proxy, with shibboleth in front of these applications, on a separate server.

Currently, REMOTE_USER is not sent. I have tried a few things, and I am currently sending it inside another header, but I have some applications that are closed sources and this will not work.

Is this possible to do? I am running this with Apache 2.4.7, I believe, on the Windows platform.

Thank you!

[James Blond]

is it right that the shibboleth server is in front of the apache server with the app that shall use REMOTE_USER? if yes then you have to make sure that the shibboleth server forwards the REMOTE_USER

[jgauthier]

Yes, the authentication server (shibboleth in this case) is in front of the Apache server that uses REMOTE_USER.

So, how can I forward it? I have tried a dozen scenarios and I cannot get it to work. I've had people tell me that you absolutely cannot pass REMOTE_USER and that is internal only, but I see tons of references of people doing it.

Thanks!