Grouper Users - Open Discussion List

[Chris Hyzer <>]

You say web proxy but also AJP...  is it an HTTP reverse proxy or is it just 
apache does authn and does AJP to the tomcat?  We do the latter, works fine, 
somehow the username is put in a request attribute (named REMOTE_USER).  If 
you only have the ability to put the username in an HTTP header you could 
write a simple servlet filter (loaded first) that takes that puts it in 
REMOTE_USER

Thanks,
Chris


-----Original Message-----
From: 

 
[mailto:]
 On Behalf Of Waldbieser, Carl
Sent: Monday, October 06, 2014 3:14 PM
To: 

Subject: [grouper-users] Authenticating Proxy In Front of Grouper UI


Question #1:
If an authenticating web proxy is placed in front of the Tomcat service that 
hosts the Grouper UI, does the remote username have to be transmitted to 
Tomcat using an AJP connector?  Can it be communicated over HTTP (e.g. in a 
header)?  Would that be something I could test (e.g. using curl) on the back 
end?


Question #2:
What config file(s) for Grouper and/or Tomcat need to be edited to tell the 
Grouper UI that the user has already been authenticated?

Thanks,
Carl Waldbieser
ITS Systems Programmer
Lafayette College