-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Jim,
On 12/2/11 11:26 AM, oh...@cox.net wrote: > Sure. Here's the section from httpd.conf. This is testing where I > purposely insert a "REMOTE_USER" HTTP header into the request > being proxied. As I said, I have a sniffer on the line, and I can > see the REMOTE_USER header, but still, when I get to my test JSP > hosted on the Tomcat, getUserPrincipal() is returning null (don't > mind the hostname in the ProxyPass, etc. I just happen to be > hosting Tomcat on that machine, and WebLogic is shutdown there). The problem is that AJP sends the authentication information as part of the AJP protocol, not as a request header. You are setting a request header which is not the mechanism AJP uses to transfer the userid. You might want to check to see if your SSO module works the way that other httpd modules expect -- like the other mod_auth_[xyz], for instance. See http://tomcat.apache.org/connectors-doc/reference/apache.html. Specifically, the JkRemoteUserIndicator directive which allows you to override the environment variable whose value will be used to send-over the username to Tomcat. I wouldn't think you'd have to do that (REMOTE_USER should already be set by your auth module and mod_proxy_jk should already be using that), but you might be able to force it for some testing. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk7ZCWgACgkQ9CaO5/Lv0PDPWACgt07Uz0jf04GNXI9ws3aUOmnV 33gAoIh992DyrYkydFVdviUy2zlrQtue =acs6 -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
