Thanks for your responses.
Finally i followed tom's indications and with new sentences the
header get null value, so i suppose that apache gets the env. value
before it's filled by credential application (PingF).
But, it seems that this app give apache information through http
headers, so finally here there is no problem.
I'd like to ask a question, if anyone knows. I've checked that
inserting header manually with firefox tool and sending request to
Websphere, logon to it works fine, but executing an user normal logon,
with single sign-on process it fails, and i don't know if there is
some particular aspect in apache configuration to works with
Websphere.
Anyone has any experience with this configuration?
Thanks for your help
Regards,
Andres
2012/2/23 Tom Evans <tevans.uk@xxxxxxxxxxxxxx>:
> On Thu, Feb 23, 2012 at 5:46 PM, Andres Aguado <andriu.one@xxxxxxxxx> wrote:
>> Hi all, let me see.
>>
>> This is the sentence that i'm using now in httpd.conf, following
>> document http://httpd.apache.org/docs/current/mod/mod_headers.html
>>
>> RequestHeader set PF_AUTH_CORP_ID_NEW env=%{PF_AUTH_SUBJECT}e
>>
>> And this is what is can see in Wireshark
>>
>> PF_AUTH_CORP_ID_NEW: env=(null)
>> PF_AUTH_SUBJECT: a156168
>>
>
> Doesn't look right to me. Are you trying to set the header
> PF_AUTH_CORP_ID_NEW to the value of the PF_AUTH_SUBJECT environment
> variable?
>
> First off, headers shouldn't have underscores, and extension headers
> should start with X- (but this probably wouldn't stop it working).
> More importantly, you don't seem to be setting a value, but telling it
> to only set the header when the PF_AUTH_SUBJECT environment variable
> is set.
>
> I think you want this:
>
> RequestHeader set X-PF-Auth-Corp %{PF_AUTH_SUBJECT}e
>
> If you only want the header set when PF_AUTH_SUBJECT has a value:
>
> RequestHeader set X-PF-Auth-Corp %{PF_AUTH_SUBJECT}e env=%{PF_AUTH_SUBJECT}e
>
> Cheers
>
> Tom
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
> " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
" from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|