I think that this is caused by a bug in the version of PHP we are running. http://bugs.php.net/46005
On Wed, Mar 03, 2010 at 10:44:36AM -0800, Svend Sorensen wrote: > (I posted this to the shibboleth-users list, but I haven't found a > solution yet.) > > I have a directory protected with Shibboleth on an Apache 2 server. > Everything works as expected except the Apache logging. When I request > a PHP file, I am forced to log in, but the remote user (%u) shows up as > "-" in the Apache logs. PHP sees the correct value for REMOTE_USER. > > When I request an HTML file, my Shibboleth ID shows up in the Apache > logs. > > The .htaccess file protecting the directory is: > > AuthType shibboleth > ShibRequireSession On > Require valid-user > > The test PHP file which prints the correct remote user name is > > <?php echo $_SERVER['REMOTE_USER']; ?> > > Here is an edited version of what is logged: > > XXX.XXX.XXX.XXX - - [02/Mar/2010:11:11:56] "GET /shib/test.php HTTP/1.1" 200 > 31 "-" ... > XXX.XXX.XXX.XXX - - [02/Mar/2010:11:11:56] "GET /favicon.ico HTTP/1.1" 200 - > "https://example.com/shib/test.php"; ... > XXX.XXX.XXX.XXX - m...@myidp [02/Mar/2010:11:11:59] "GET /shib/test.html > HTTP/1.1" 200 32 "-" ... > > Why isn't the remote user logged for PHP files? --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [email protected] " from the digest: [email protected] For additional commands, e-mail: [email protected]
