Hi all, I am trying to set up a Java Web Application using Servlets and JSPs in Tomcat 7. User authentication should be done on a central Shibboleth Identity Provider. I have already configured Apache including mod_ssl, mod_proxy_ajp and the shib2 module following these instructions: https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPJavaInstall The redirect to the central login page works and, after entering my credentials, the session is correctly created by the identity provider and I am forwarded to my webapp.
At this point I should have different attributes in my session, such as the user's email address, name and so on. But these are stored in the coyoteRequest attributes, which I can observe while debugging in Eclipse. As the coyoteRequest is a protected field of org.apache.catalina.connector.Request which again is a field of the RequestFacade I can not get any of these values. What I get is ONE of the attributes in the REMOTE_USER field (compare 2. in the instructions above). By setting "ShibUseHeaders On" in apache I get all of the attributes in the request headers, but this is not recommended for security reasons. Is there any way to access the coyoteRequest in a servlet or at least configure tomcat to transfer more attributes to the servletRequest? My current connector configuration in server.xml looks like this: <Connector URIEncoding="UTF-8" connectionTimeout="20000" port="8081" protocol="HTTP/1.1" redirectPort="8444"/> <Connector SSLEnabled="true" URIEncoding="UTF-8" clientAuth="false" maxThreads="150" port="8444" protocol="HTTP/1.1" scheme="https" secure="true" sslProtocol="TLS"/> <Connector URIEncoding="UTF-8" port="8010" protocol="AJP/1.3" redirectPort="8444" tomcatAuthentication="false" packetSize="65536"/> Many thanks and best regards, Philip --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
