On 07.10.2019 17:36, Magosányi Árpád wrote:
Magosányi,
How are you getting the attributes from the request?
This is the filter code:
String user = httpRequest.getRemoteUser(); Object cert =
httpRequest.getAttribute("javax.servlet.request.X509Certificate");
this.context.log("user:"+user);
This won't show any username unless the user has logged-in using HTTP
Basic/Digest authentication. Are you using those?
I am using openid right now in the apache side, but also tested with
basic auth to make sure that it is not an interaction with mod_openidc.
The user information does not get passed along either in the remoteUser
attribute or anywhere, in either of those cases, in spite that the
documentation states that the authenticated user name should be
retrievable using httpRequest.getRemoteUser(), and the CGI clearly shows
that we indeed have a REMOTE_USER in the apache side.
To get the certificate chain, I think you also need this in your httpd
configuration:
JkOptions +ForwardSSLCertChain
I have added this now, though as I understand this is only needed if I
want to get the full chain.
Unfortunately this did not improve the situation in any way.
Forgot the atribute 'tomcatAuthentication="false"' in the Connector ?
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
