| We proxy connections trough Apache to GlassFish Web Applications, and would like to give those applications access to the http REMOTE_USER variable. To make sure this is not related to GlassFish, I have created a very basic test script. The kerberos authentication and Apache proxy work properly, and the script is able to see the REMOTE_USER variable when called directly. However, the script can not see the REMOTE_USER variable when it's accessed through a proxy. It seems as though this has been discussed several times, but I have not been able to make any of the proposed solutions work. Here is the relevant portion of our configuration file file. ------ ###### # GlassFish proxy ProxyPreserveHost on RewriteEngine on RewriteLog /var/log/httpd/rewrite.log RewriteLogLevel 9 RequestHeader Set Proxy-keysize 512 RequestHeader Set Proxy-ip %{REMOTE_ADDR}e RequestHeader Set Host ourserver.com:443 RequestHeader set REMOTE_USER %{LA-U:REMOTE_USER}e RewriteRule ^/test$ /test/ [R,L] RewriteRule ^/test/(.*) http://localhost/cgi-bin/test/$1 [P,L,E=REMOTE_USER:%{LA-U:REMOTE_USER}] <Location "/test"> order deny,allow deny from all AuthType KerberosV5 AuthName "kerberos authentication" Satisfy any require valid-user </Location> ------ And here is what I see in rewrite.log. REMOTE_USER is eventually set properly, just not soon enough for the script. ------ ... [rid#8aa28f8/initial] (2) init rewrite engine with requested uri /test/remote.cgi ... [rid#8aa28f8/initial] (3) applying pattern '^/test$' to uri '/test/remote.cgi' ... [rid#8aa28f8/initial] (3) applying pattern '^/test/(.*)' to uri '/test/remote.cgi' ... [rid#8aa28f8/initial] (2) rewrite /test/remote.cgi -> http://localhost/cgi-bin/test/remote.cgi ... [rid#8aa4900/subreq] (2) init rewrite engine with requested uri /test/remote.cgi ... [rid#8aa4900/subreq] (1) pass through /test/remote.cgi ... [rid#8aa28f8/initial] (5) lookahead: path=/test/remote.cgi var=REMOTE_USER -> val= ... [rid#8aa28f8/initial] (5) setting env variable 'REMOTE_USER' to '' ... [rid#8aa28f8/initial] (2) forcing proxy-throughput with http://localhost/cgi-bin/test/remote.cgi ... [rid#8aa28f8/initial] (1) go-ahead with proxy request proxy:http://localhost/cgi-bin/test/remote.cgi [OK] ... [rid#8aa8908/initial] (2) init rewrite engine with requested uri /test/remote.cgi ... [rid#8aa8908/initial] (3) applying pattern '^/test$' to uri '/test/remote.cgi' ... [rid#8aa8908/initial] (3) applying pattern '^/test/(.*)' to uri '/test/remote.cgi' ... [rid#8aa8908/initial] (2) rewrite /test/remote.cgi -> http://localhost/cgi-bin/test/remote.cgi ... [rid#8abcf90/subreq] (2) init rewrite engine with requested uri /test/remote.cgi ... [rid#8abcf90/subreq] (1) pass through /test/remote.cgi ... [rid#8aa8908/initial] (5) lookahead: path=/test/remote.cgi var=REMOTE_USER -> val=dab66 ... [rid#8aa8908/initial] (5) setting env variable 'REMOTE_USER' to 'dab66' ... [rid#8aa8908/initial] (2) forcing proxy-throughput with http://localhost/cgi-bin/test/remote.cgi ... [rid#8aa8908/initial] (1) go-ahead with proxy request proxy:http://localhost/cgi-bin/test/remote.cgi [OK] ------ Any suggestions would be greatly appreciated. Please let me know if there is any more information I can provide. Many thanks, Devin |
|