[users@httpd] Change authentication information

["Tamas, Gabor" <al...@mailbox.hu>]

Hi,

i' ve two machines, (A) is on the Internet site, which is a reverse proxy
for (B). There is a user based authentication, and i' d like (A) to change
the authentication details (only the username). So, for example if john
comes, and tries to authenticate itself as john on server (A), i' d like (A)
to change the username to ext-john. It should be transparent for (B), so (B)
should get only ext-john as a username. If there' s any other solution,
please let me know.

Anyway, i tried to find a solution with mod_header and mod_sed, but the
latest one cannot change the header, and the former one, well, with that i
couldn' t catch the username.

I hope there' s a simplier way to do it, than learn how to write an apache
modul, and write my own.

Thank You for any comment,
 Tamas.

Re: [users@httpd] Change authentication information

[Tom Evans <te...@googlemail.com>]

On Tue, Apr 27, 2010 at 4:29 PM, Tom Evans <te...@googlemail.com> wrote:
> On Tue, Apr 27, 2010 at 4:06 PM, Tamas, Gabor <al...@mailbox.hu> wrote:
>>
>> Hi,
>>
>> i' ve two machines, (A) is on the Internet site, which is a reverse proxy
>> for (B). There is a user based authentication, and i' d like (A) to change
>> the authentication details (only the username). So, for example if john
>> comes, and tries to authenticate itself as john on server (A), i' d like (A)
>> to change the username to ext-john. It should be transparent for (B), so (B)
>> should get only ext-john as a username. If there' s any other solution,
>> please let me know.
>>
>> Anyway, i tried to find a solution with mod_header and mod_sed, but the
>> latest one cannot change the header, and the former one, well, with that i
>> couldn' t catch the username.
>>
>> I hope there' s a simplier way to do it, than learn how to write an apache
>> modul, and write my own.
>>
>> Thank You for any comment,
>>  Tamas.
>
> I don't have a sample config that does this, but the principle is as follows:
>
> # Use RewriteCond to capture the user name - LookAhead, as auth
> happens after rewrite
> # Dont use LA-U in .htaccess, as rewrite in .htaccess happens after
> auth (so not needed)
> RewriteCond %{LA-U:REMOTE_USER} ^(.*)$
> # Use RewriteRule to put that into an env variable
> RewriteRule ^(.*) - [env=remote_user:%1]
> # Use RequestHeader to update the request's headers to include our env variable
> RequestHeader set X-Remote-User ext-%{remote_user}e
>
> Like I said, not tested!
>
> Cheers
>
> Tom

Also, obviously, the backend then must parse the REMOTE_USER from the
header X-Remote-User.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] Change authentication information

[Tom Evans <te...@googlemail.com>]

On Tue, Apr 27, 2010 at 4:06 PM, Tamas, Gabor <al...@mailbox.hu> wrote:
>
> Hi,
>
> i' ve two machines, (A) is on the Internet site, which is a reverse proxy
> for (B). There is a user based authentication, and i' d like (A) to change
> the authentication details (only the username). So, for example if john
> comes, and tries to authenticate itself as john on server (A), i' d like (A)
> to change the username to ext-john. It should be transparent for (B), so (B)
> should get only ext-john as a username. If there' s any other solution,
> please let me know.
>
> Anyway, i tried to find a solution with mod_header and mod_sed, but the
> latest one cannot change the header, and the former one, well, with that i
> couldn' t catch the username.
>
> I hope there' s a simplier way to do it, than learn how to write an apache
> modul, and write my own.
>
> Thank You for any comment,
>  Tamas.

I don't have a sample config that does this, but the principle is as follows:

# Use RewriteCond to capture the user name - LookAhead, as auth
happens after rewrite
# Dont use LA-U in .htaccess, as rewrite in .htaccess happens after
auth (so not needed)
RewriteCond %{LA-U:REMOTE_USER} ^(.*)$
# Use RewriteRule to put that into an env variable
RewriteRule ^(.*) - [env=remote_user:%1]
# Use RequestHeader to update the request's headers to include our env variable
RequestHeader set X-Remote-User ext-%{remote_user}e

Like I said, not tested!

Cheers

Tom
RequestHeader

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

[users@httpd] Adding Authorization header at before proxying request

["Gautam R Singh (gautsing)" <ga...@cisco.com>]

Hello List

 

I have a tricky situation where I need to proxy request to an old apache
1.3 which uses basic auth from a OAM SSO enabled apache v2.2. 

 

The remote_user variable & the header get set correctly on Apache 2.2,
but before it proxies the request it should add an Authorization header
with base 64 encoded remote_user in it (so it gets authenticated on
apache 1.3). I tried to see if any existing module allows this kind of
thing but couldn't find one. 

 

Please help with your ideas!