mod_auth_cas - Getting Remote User

Wed Jan 9 16:12:47 EST 2008

Srikar,
Mod_auth_cas sets the Apache server's REMOTE_USER variable.  I believe some connectors require a special flag be passed so that they accept the value that is given to it by Apache.  I found this example for mod_jk:

<Connector port="8009" enableLookups="false" redirectPort="8443" protocol="AJP/1.3"
    tomcatAuthentication="false"/>

The key piece is the 'tomcatAuthentication=false' - some documentation on that is available here:

>From http://tomcat.apache.org/tomcat-3.3-doc/tomcat-ug.html#conf_svr_cust :
...
3. Configure whether Tomcat or a web server does authentication
When Tomcat is used with a web server, such as Apache, the default is to have Tomcat continue to handle authentication. Any authenticated user specified in the request forwarded from the web server to Tomcat will be ignored.

If you want Tomcat to make use of the authenticated user provided by the web server, add:
    tomcatAuthentication="false"
to the Ajp12Connector or Ajp13Connector as appropriate. For example:
    <Ajp13Connector port="8009" tomcatAuthentication="false" />
...

Hope this helps,

-Phil

From: cas-bounces at tp.its.yale.edu [mailto:cas-bounces at tp.its.yale.edu] On Behalf Of Srikar Kummamuri
Sent: Wednesday, January 09, 2008 3:20 PM
To: cas at tp.its.yale.edu
Subject: mod_auth_cas - Getting Remote User

I implemented the MOD_CAUTH_CAS and it works as expected. One question is, once the authentication is done and apache forwarding the request to another app server on URL matching, how do I get the remote user there? Is the request.getRemoteUser()   gets me the CAS user??  

I have multiple App Servers on which I only do Authorization taking the user form the request since each request coming from apache (Mod_Auth_Cas now and earlier Oracle SSO) is already authenticated. So no CAS clients on App Servers.  So I need to fetch the user form the request. Can somebody help in this regard?

Thanks
Srikar. 