Skip to Content.
Sympa Menu

grouper-users - [grouper-users] RE: Authenticating Proxy In Front of Grouper UI

Subject: Grouper Users - Open Discussion List

List archive

[grouper-users] RE: Authenticating Proxy In Front of Grouper UI


Chronological Thread 
  • From: Chris Hyzer <>
  • To: "Waldbieser, Carl" <>, "" <>
  • Subject: [grouper-users] RE: Authenticating Proxy In Front of Grouper UI
  • Date: Mon, 6 Oct 2014 19:45:42 +0000
  • Accept-language: en-US

You say web proxy but also AJP... is it an HTTP reverse proxy or is it just
apache does authn and does AJP to the tomcat? We do the latter, works fine,
somehow the username is put in a request attribute (named REMOTE_USER). If
you only have the ability to put the username in an HTTP header you could
write a simple servlet filter (loaded first) that takes that puts it in
REMOTE_USER

Thanks,
Chris


-----Original Message-----
From:


[mailto:]
On Behalf Of Waldbieser, Carl
Sent: Monday, October 06, 2014 3:14 PM
To:

Subject: [grouper-users] Authenticating Proxy In Front of Grouper UI


Question #1:
If an authenticating web proxy is placed in front of the Tomcat service that
hosts the Grouper UI, does the remote username have to be transmitted to
Tomcat using an AJP connector? Can it be communicated over HTTP (e.g. in a
header)? Would that be something I could test (e.g. using curl) on the back
end?


Question #2:
What config file(s) for Grouper and/or Tomcat need to be edited to tell the
Grouper UI that the user has already been authenticated?

Thanks,
Carl Waldbieser
ITS Systems Programmer
Lafayette College



Archive powered by MHonArc 2.6.16.

Top of Page