mod_auth_mellon不填充环境变量 [英] mod_auth_mellon not populating environment variables
问题描述
我为使用SAML 2.0的外部身份验证设置了mod_auth_mellon.我使用外部IdP进行了身份验证,但是mod_auth_mellon不会填充环境变量,并且我无法获取用户名以继续授权保护的资源.
I have setup mod_auth_mellon for external authentication using SAML 2.0. I get authenticated using an external IdP, but mod_auth_mellon does not populate the environment variables and I am not able to get the username to proceed with the authorization of the resources I want to protect.
工作流程如下: 1)用户尝试访问/test/info.php 2)用户被重定向到外部IDP 3)用户针对外部IdP进行身份验证,然后重定向到/auth/info.php
The workflow is as follows: 1) user tries to access /test/info.php 2) user gets redirected to external IdP 3) user authenticates against external IdP and gets redirected to /auth/info.php
我的mellon配置如下:
My mellon configuration is as follows:
<Location />
MellonSPPrivateKeyFile /etc/apache2/mellon-config/http_ec2_54_86_69_246.compute_1.amazonaws.com.key
MellonSPCertFile /etc/apache2/mellon-config/http_ec2_54_86_69_246.compute_1.amazonaws.com.cert
MellonSPMetadataFile /etc/apache2/mellon-config/http_ec2_54_86_69_246.compute_1.amazonaws.com.xml
</Location>
<Location /auth/info.php>
MellonEnable "info"
MellonSetEnv "email" "email"
MellonSetEnv "username" "username"
MellonUser "email"
MellonSamlResponseDump On
MellonSessionDump On
MellonVariable "cookie"
</Location>
<Location /test/info.php>
# This location will trigger an authentication request to the IdP.
MellonEnable "auth"
AuthType "Mellon"
MellonVariable "cookie"
MellonSetEnv "email" "email"
MellonSetEnv "username" "username"
MellonUser "email"
MellonSamlResponseDump On
MellonSessionDump On
MellonEndpointPath /mellon
Require valid-user
</Location>
在auth/info.php中,我尝试打印$ SERVER变量:
In auth/info.php, I try to print the $SERVER variable:
<?php
var_dump($_SERVER);
?>
我正在获取mellon cookie,但是在任何地方都看不到我设置的环境变量的值.
I am getting a mellon-cookie but nowhere can I see the values of the environment variables I set.
我缺少什么配置?
推荐答案
我遇到了这个问题,使用apache作为我希望受mod_auth_mellon保护的应用程序的反向代理.看来apache不会自动传递内部模块生成的标头.我必须启用mod_headers并添加以下内容:
I had this issue using apache as a reverse proxy for an app I wanted protected by mod_auth_mellon. It appears apache doesn't automatically pass headers generated by internal modules. I had to enable mod_headers and add this:
RequestHeader set Mellon-NameID %{MELLON_NAME_ID}e
这将使用MELLON_NAME_ID标头,并将其作为Mellon-NameID传递给应用程序.您必须为要传递的每个标头添加类似的行,例如MELLON_SESSION.
This takes the MELLON_NAME_ID header and passes it to the application as Mellon-NameID. You'll have to add similar lines for each header you want passed along, such as MELLON_SESSION.
这篇关于mod_auth_mellon不填充环境变量的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!