Commit 7e1081d7 authored by Thomas Downes's avatar Thomas Downes Committed by GraceDB

Modify how REMOTE_USER is forwarded to backend to work without SSL enabled in Apache

parent 3e1c54b4
......@@ -95,10 +95,15 @@ ServerName ${DJANGO_PRIMARY_FQDN}
Require shibboleth
ShibRequestSetting requireSession true
ShibUseHeaders On
# Set shibboleth headers used for authentication. Differences are
# due to the fact that REMOTE_USER is apparently a special case and
# not a standard environment variable.
RequestHeader set REMOTE_USER "%{REMOTE_USER}s" "expr=-n %{REMOTE_USER}"
# use funky method to get REMOTE_USER variable
RewriteEngine On
RewriteCond %{LA-U:REMOTE_USER} (.+)
RewriteRule . - [E=RU:%1]
RequestHeader set REMOTE_USER %{RU}e
# this way only works with SSLEngine On because REMOTE_USER is secure variable
#RequestHeader set REMOTE_USER %{REMOTE_USER}s
RequestHeader set ISMEMBEROF "%{ISMEMBEROF}e" env=ISMEMBEROF
</Location>
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment