User Tools

Site Tools


nocode:overview

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
Last revision Both sides next revision
nocode:overview [2019/08/01 09:49]
tjotov [Other topics]
nocode:overview [2020/02/29 11:06]
mpospisek [REMOTE_USER or any other attribute]
Line 15: Line 15:
  
 Example how to send X-forwarded-user instead of REMOTE_USER: Example how to send X-forwarded-user instead of REMOTE_USER:
- RewriteEngine On  +<sxh bash> 
- RewriteCond %{LA-U:REMOTE_USER} (.+) +RewriteEngine On  
- RewriteRule .* - [E=RU:%1] +RewriteCond %{LA-U:REMOTE_USER} (.+) 
- RequestHeader set X-Forwarded-User %{RU}e+RewriteRule .* - [E=RU:%1] 
 +RequestHeader set X-Forwarded-User %{RU}e 
 +</sxh>
 ===== Security remarks ===== ===== Security remarks =====
-Apache has to be accessible only via TLS (https) +  * Apache has to be accessible only via TLS (https). 
-Back-end application has to be separated and accessible only from Apache (http, ajp, ...) +  Back-end application has to be separated and accessible only from Apache (http, ajp, ...) 
-Apache installed for ADUCID shouldn't be used for applications. User another instance of Apache instead. +  Apache installed for ADUCID shouldn't be used for applications. User another instance of Apache instead. 
-Headers from client are not transported to the back-end as ProxyPass is used (unless you configure Apache to do it) +  Headers from client are not transported to the back-end as ProxyPass is used (unless you configure Apache to do it) 
-So if users sents REMOTE_USER to Apache, it is wiped out and target application won't see it+  So if users sents REMOTE_USER to Apache, it is wiped out and target application won't see it
  
 ===== Technical overview ===== ===== Technical overview =====
nocode/overview.txt · Last modified: 2020/02/29 11:07 by mpospisek