REMOTE_USER Apache 2.4.6 mod_jk JBoss

Latest response

I'm running JBoss 5.1.2 with Apache 2.4.6 with mod_jk and mod_shib 2.5.5, so Shibboleth as SSO authentication.

Routing Apache request to JBoss we are not able to retreive REMOTE_USER.

It seems that the REMOTE_USER is lost.

In the configuration file shibboleth2.xml we have REMOTE_USER="uid".

The authentication of shibboleth is successful as you can see from the logs of the identity provider and the log of the service provider:

1) IdP:
20151119T092332Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect|_5c0790590c7a1d003f63b4e5ce58b8da|http://iuav-dev2.sviluppo.u-gov.it/shibboleth|urn:mace:shibboleth:2.0:profiles:saml2:sso|https://idp-univ-dev.cineca.it/idp/shibboleth|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_a8079a3a32dd6bd411be38ed5a8f509a|test|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|uid,eduPersonPrincipalName,surname,commonName,transientId,eduPersonTargetedID,email,employeeNumber,|||

2) SP:
2015-11-19 10:23:34 INFO Shibboleth-TRANSACTION [1613]: New session (ID: _771b50dad4ec72d57ae5a383a8b8f71e) with (applicationId: iuav-dev2) for principal from (IdP: https://idp-univ-dev.cineca.it/idp/shibboleth) at (ClientAddress: 130.186.19.126) with (NameIdentifier: _5ae86372161ba20460d91773f12241a5) using (Protocol: urn:oasis:names:tc:SAML:2.0:protocol) from (AssertionID: _b7a9d7435d4b2633af811cac17b80683)
2015-11-19 10:23:34 INFO Shibboleth-TRANSACTION [1613]: Cached the following attributes with session (ID: _771b50dad4ec72d57ae5a383a8b8f71e) for (applicationId: iuav-dev2) {
2015-11-19 10:23:34 INFO Shibboleth-TRANSACTION [1613]: uid (1 values)
2015-11-19 10:23:34 INFO Shibboleth-TRANSACTION [1613]: sn (1 values)
2015-11-19 10:23:34 INFO Shibboleth-TRANSACTION [1613]: cn (1 values)
2015-11-19 10:23:34 INFO Shibboleth-TRANSACTION [1613]: eduPersonTargetedID (1 values)
2015-11-19 10:23:34 INFO Shibboleth-TRANSACTION [1613]: mail (1 values)
2015-11-19 10:23:34 INFO Shibboleth-TRANSACTION [1613]: employeeNumber (1 values)
2015-11-19 10:23:34 INFO Shibboleth-TRANSACTION [1613]: }

In the access log of the Apache I see the value of the attribute uid (the remote_user):
130.186.19.126 - test [19/Nov/2015:10:38:54 +0100] "GET /u-gov/ HTTP/1.1"

The authentication of the location is:

AuthType shibboleth
ShibRequireSession On
ShibExportAssertion On
require valid-user

It seems that the Apache is unable to pass this attribute.
Is there anyone that know how to forward REMOTE_USER with mod_jk to the jboss?

Regards.

Responses