0

I have an application IBM WebSEAL which acts as a WAM for all our web servers. When I'm authenticated in Active Directory and access a WebSEAL enable resource WebSEAL gets my user-ID from the kerberos ticket and sets my Windows NT ID in a iv-user header in the http request. I'd like to configure now SSO for my application and its reading the REMOTE_USER Apache variable. My question is. How could I take iv-userand re-write it to REMOTE_USER? Any hints are highly appreciated! PS. I can confirm that Apache can see the iv-user variable.

EDIT:

Virtual Host configuration:

[root@otrs conf]# httpd -t -D DUMP_VHOSTS

VirtualHost configuration:
*:443                  otrs-1-lab.local.dom. com (/etc/httpd/conf.d/ssl.conf:56)




[root@otrs conf]# less /etc/httpd/conf.d/zzz_otrs.conf

<IfModule mod_perl.c>

    # Setup environment and preload modules
    Perlrequire /opt/otrs/scripts/apache2-perl-startup.pl

    # Reload Perl modules when changed on disk
    PerlModule Apache2::Reload
    PerlInitHandler Apache2::Reload

    # general mod_perl2 options
    <Location /otrs>
#        ErrorDocument 403 /otrs/customer.pl
        ErrorDocument 403 /otrs/index.pl
        SetHandler  perl-script
        PerlResponseHandler ModPerl::Registry
        Options +ExecCGI
        PerlOptions +ParseHeaders
        PerlOptions +SetupEnv

        <IfModule mod_version.c>
            <IfVersion < 2.4>
                Order allow,deny
                Allow from all
            </IfVersion>
            <IfVersion >= 2.4>
                Require all granted
            </IfVersion>
        </IfModule>
        <IfModule !mod_version.c>
            Order allow,deny
            Allow from all
        </IfModule>
    </Location>

    # mod_perl2 options for GenericInterface
    <Location /otrs/nph-genericinterface.pl>
        PerlOptions -ParseHeaders
    </Location>

</IfModule>

<Directory "/opt/otrs/bin/cgi-bin/">
    AllowOverride None
    Options +ExecCGI -Includes

    <IfModule mod_version.c>
        <IfVersion < 2.4>
            Order allow,deny
            Allow from all
        </IfVersion>
        <IfVersion >= 2.4>
            Require all granted
        </IfVersion>
    </IfModule>
    <IfModule !mod_version.c>
Improve this question

1 Answer 1

Reset to default
1

Apache mod_setenvif will definetly will do work for you. I'd try something like:

SetEnvIf iv-user "(.*)$" REMOTE_USER=$1

If this will not work, there is also SetEnvIfExpr directive you can play with.

Improve this answer
11
  • 1
    in your definition of vhost in apache. between your <VirtualHost>and</VirtualHost>, or <NameVirtualHost> and </NameVirtualHost> tags Commented Sep 14, 2018 at 15:14
  • 1
    To rewrite headers - no. mod_auth_kerb is differrent story, then only headers. Commented Nov 5, 2018 at 14:18
  • 1
    documentation (httpd.apache.org/docs/2.4/mod/mod_setenvif.html#setenvif) says, that you can use this option inside: server config, virtual host, directory, .htaccess, so feel free to put it into the directory if you need to. Commented Nov 5, 2018 at 16:53
  • 1
    have you tried to put it depend on location <Location x.x.x.x/otrs/index.pl> SetEnvIf iv-user "(.*)$" REMOTE_USER=$1</Location> Commented Nov 5, 2018 at 21:22
  • 1
    should work. check your location twice. Remember that it starts from the slash and doesn't contain host. So for e.g. https://example.com/location/test.cgi Location would be <Location /location/test.cgi> Commented Nov 5, 2018 at 21:36

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.