Elliot Kendall wrote:
You could try setting tomcatAuthentification="false" on your AJP connector
in server.xml. If Shibboleth put the value in REMOTE_USER as it should then
tomcat should pick it up as the principal.
Be aware that you should protect your ajp connector so that no other
machine than your Apache can connect to it.
This was one of the first things I tried, and when it didn't work I
thought I must be missing something. Of course, now that you've
inspired me to try again it works flawlessly. Thanks!
I am still curious as to why the AJP connector populates incoming
request headers as attributes, though.
It doesn't. Read the previous responses.
Incoming HTTP request headers are passed to Tomcat as HTTP request headers.
Request attributes are something else.
It seems like it has the
potential to cause problems without offering any obvious benefits.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
