Re: AJP and attributes versus headers

2014-02-11 Thread André Warnier
Elliot Kendall wrote: You could try setting tomcatAuthentification="false" on your AJP connector in server.xml. If Shibboleth put the value in REMOTE_USER as it should then tomcat should pick it up as the principal. Be aware that you should protect your ajp connector so that no other machine than

Re: AJP and attributes versus headers

2014-02-11 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Elliot, On 2/11/14, 12:41 PM, Elliot Kendall wrote: >> You could try setting tomcatAuthentification="false" on your AJP >> connector in server.xml. If Shibboleth put the value in >> REMOTE_USER as it should then tomcat should pick it up as the >> pr

Re: AJP and attributes versus headers

2014-02-11 Thread Elliot Kendall
> You could try setting tomcatAuthentification="false" on your AJP connector > in server.xml. If Shibboleth put the value in REMOTE_USER as it should then > tomcat should pick it up as the principal. > Be aware that you should protect your ajp connector so that no other > machine than your Apache c

Re: AJP and attributes versus headers

2014-02-11 Thread André Warnier
Cédric Couralet wrote: 2014-02-11 10:41 GMT+01:00 André Warnier : Cédric Couralet wrote: 2014-02-11 1:20 GMT+01:00 Elliot Kendall : We have a Java application running on Tomcat with an Apache HTTP proxy in front. Our SSO system (Shibboleth) runs as an Apache module and sets an HTTP header

Re: AJP and attributes versus headers

2014-02-11 Thread Cédric Couralet
2014-02-11 10:41 GMT+01:00 André Warnier : > Cédric Couralet wrote: > >> 2014-02-11 1:20 GMT+01:00 Elliot Kendall : >> >> We have a Java application running on Tomcat with an Apache HTTP proxy >>> in front. Our SSO system (Shibboleth) runs as an Apache module and sets >>> an HTTP header with the

Re: AJP and attributes versus headers

2014-02-11 Thread André Warnier
Cédric Couralet wrote: 2014-02-11 1:20 GMT+01:00 Elliot Kendall : We have a Java application running on Tomcat with an Apache HTTP proxy in front. Our SSO system (Shibboleth) runs as an Apache module and sets an HTTP header with the logged-in username, which gets passed through to Tomcat and wh

Re: AJP and attributes versus headers

2014-02-10 Thread Cédric Couralet
2014-02-11 1:20 GMT+01:00 Elliot Kendall : > We have a Java application running on Tomcat with an Apache HTTP proxy > in front. Our SSO system (Shibboleth) runs as an Apache module and sets > an HTTP header with the logged-in username, which gets passed through > to Tomcat and which the app uses S

AJP and attributes versus headers

2014-02-10 Thread Elliot Kendall
We have a Java application running on Tomcat with an Apache HTTP proxy in front. Our SSO system (Shibboleth) runs as an Apache module and sets an HTTP header with the logged-in username, which gets passed through to Tomcat and which the app uses Spring's RequestHeaderAuthenticationFilter to read.