Grouper Users - Open Discussion List

["Michael R. Gettes" <>]

with apache, one can use mod_proxy_ajp to put almost anything into any 
environment variable, even for AJP thingies which has similar characteristics 
to mod_proxy.  Of course, there is the old standby of mod_jk.  depends on 
your needs.  and i don’t think you will need to write the little servlet 
chris mentions.  in short, mentioning what you are using as the proxy 
front-end gives lots of clue as to what you could do.

/mrg

On Oct 6, 2014, at 3:45 PM, Chris Hyzer 
<>
 wrote:

> You say web proxy but also AJP...  is it an HTTP reverse proxy or is it 
> just apache does authn and does AJP to the tomcat?  We do the latter, works 
> fine, somehow the username is put in a request attribute (named 
> REMOTE_USER).  If you only have the ability to put the username in an HTTP 
> header you could write a simple servlet filter (loaded first) that takes 
> that puts it in REMOTE_USER
> 
> Thanks,
> Chris
> 
> 
> -----Original Message-----
> From: 
> 
>  
> [mailto:]
>  On Behalf Of Waldbieser, Carl
> Sent: Monday, October 06, 2014 3:14 PM
> To: 
> 
> Subject: [grouper-users] Authenticating Proxy In Front of Grouper UI
> 
> 
> Question #1:
> If an authenticating web proxy is placed in front of the Tomcat service 
> that hosts the Grouper UI, does the remote username have to be transmitted 
> to Tomcat using an AJP connector?  Can it be communicated over HTTP (e.g. 
> in a header)?  Would that be something I could test (e.g. using curl) on 
> the back end?
> 
> 
> Question #2:
> What config file(s) for Grouper and/or Tomcat need to be edited to tell the 
> Grouper UI that the user has already been authenticated?
> 
> Thanks,
> Carl Waldbieser
> ITS Systems Programmer
> Lafayette College