You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Jeff McGrath <jm...@hotmail.com> on 2011/05/16 15:52:47 UTC
[users@httpd] Module Execution
Good morning ... I'm trying to levarage two different authentication modules
in our Apache 2.2 (Solaris 10/64 bit) as part of a POC. I need to
ensure one fires first as I need to set a header for the second filter
to consume. Unfortunately, the second (Access Manager) keeps
executing first ...
Anyone have some straight forward solution/steps to have implement the module execution order as desired?
Sincere thanks ...
RE: [users@httpd] Module Execution
Posted by Jeff McGrath <jm...@hotmail.com>.
Thanks Nick .. yes, a bit a of a hack.
There is a web filter (TruePass) that decrypts a secure cookie and set some headers. I can customize ones of these headers with an UID that looks like it's coming from an Oracle Access Manager 10g implementation (OAM_REMOTE_USER). I need the Oracle filter to them consume this header to SSO that user into the Access Management system.
The Oracle filter is coded to execute earlier in the authentication sequence so I can never get that header set. The other problem (reverse proxy etc) is that only the TP filter can decode the cookie and set the appropriate headers. If you attempt to set them 'downstream', they can't be set to read them ...
How would I implement mod_rewrite in this type of scenario?
Note, the longer term solution is to swap out the TP authentication with something native (X509 auth) ... however, this is an attempt at an 'interim' solution until another can be fully implemented and users migrated over.
Sincere thanks.
Jeff
> From: nick@webthing.com
> Date: Mon, 16 May 2011 15:46:41 +0100
> To: users@httpd.apache.org
> Subject: Re: [users@httpd] Module Execution
>
>
> On 16 May 2011, at 14:52, Jeff McGrath wrote:
>
> > Good morning ... I'm trying to levarage two different authentication modules in our Apache 2.2 (Solaris 10/64 bit) as part of a POC. I need to ensure one fires first as I need to set a header for the second filter to consume. Unfortunately, the second (Access Manager) keeps executing first ...
> >
> > Anyone have some straight forward solution/steps to have implement the module execution order as desired?
>
> The modules themselves determine where they hook in to request processing.
>
> What header are you expecting an access or authentication module to set?
> Sounds like an attempt at a hack to solve some underlying problem.
> mod_rewrite is the 'usual' (but ugly) solution to such hacks. Alternatively,
> tell us the underlying problem, and maybe someone will have a better idea.
>
> --
> Nick Kew
>
> Available for work, contract or permanent
> http://www.webthing.com/~nick/cv.html
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
Re: [users@httpd] Module Execution
Posted by Nick Kew <ni...@webthing.com>.
On 16 May 2011, at 14:52, Jeff McGrath wrote:
> Good morning ... I'm trying to levarage two different authentication modules in our Apache 2.2 (Solaris 10/64 bit) as part of a POC. I need to ensure one fires first as I need to set a header for the second filter to consume. Unfortunately, the second (Access Manager) keeps executing first ...
>
> Anyone have some straight forward solution/steps to have implement the module execution order as desired?
The modules themselves determine where they hook in to request processing.
What header are you expecting an access or authentication module to set?
Sounds like an attempt at a hack to solve some underlying problem.
mod_rewrite is the 'usual' (but ugly) solution to such hacks. Alternatively,
tell us the underlying problem, and maybe someone will have a better idea.
--
Nick Kew
Available for work, contract or permanent
http://www.webthing.com/~nick/cv.html
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org