You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@activemq.apache.org by "Lars Pfeil (JIRA)" <ji...@apache.org> on 2018/07/31 12:42:00 UTC

[jira] [Commented] (AMQ-6980) Reverse Proxy: Additional configurable HTTP header attributes

    [ https://issues.apache.org/jira/browse/AMQ-6980?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16563598#comment-16563598 ] 

Lars Pfeil commented on AMQ-6980:
---------------------------------




Danke für Ihre E-Mail. Ich bin bis einschließlich 30.07.2018 außer Haus.
In dringenden Fällen wenden Sie sich bitte an Martin Eyl (Tel: +49 711 80670-2987),
<ma...@vector.com>
mailto:martin.eyl@vector.com.
Bitte beachten Sie: Ihre E-Mail wird nicht weitergeleitet.

Thank you for your e-mail. I am out of the office through 2018-07-30.
In urgent matters please contact  Martin Eyl (Tel: +49 711 80670-2987),
mailto:martin.eyl@vector.com.
Please note: Your e-mail will not be forwarded.


> Reverse Proxy: Additional configurable HTTP header attributes
> -------------------------------------------------------------
>
>                 Key: AMQ-6980
>                 URL: https://issues.apache.org/jira/browse/AMQ-6980
>             Project: ActiveMQ
>          Issue Type: New Feature
>          Components: Broker
>    Affects Versions: 5.15.4
>            Reporter: Lars Pfeil
>            Priority: Major
>         Attachments: HttpTunnelServlet_AdditionalHeaders_Patch.txt, WebSEAL_ActiveMQ.png
>
>   Original Estimate: 0.5h
>  Remaining Estimate: 0.5h
>
>  
> *Some reverse proxies e.g. IBM Tivoli Access Manager WebSEAL supply their own specific HTTP header attributes for authentication purpose. WebSEAL e.g. adds client identity (iv-user), group membership (iv-groups), and credential information into the HTTP headers of requests destined for linked third-party application servers.*
> *These HTTP header attributes must be extracted from the linked server components for authentication. In such environments, only the reverse proxy is allowed to manage and access the authentication and authorization infrastructure, but not the backend infrastructure (message queue and beyond).*
> *Here you can find a graphic with explanations:*
> *[https://www.ibm.com/developerworks/community/wikis/home?lang=en#!/wiki/Anything%20about%20Tivoli/page/Integrate%20SSO%20on%20Apache%20Tomcat]* 
> *The graphic WebSEAL_ActiveMQ.png in the appendix describes our usecase.*
>  ** 
> *That’s why we need to patch activeMQ or is there another way already existing?*
>  ** 



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)