[Cubicweb] [PROVENANCE INTERNET] Re: trustedauth: cannot get it to work

Sylvain Thénault sylvain.thenault at logilab.fr
Thu Jul 18 08:11:37 CEST 2013


On 18 juillet 01:53, Dimitri Papadopoulos Orfanos wrote:
> Hi,

Hi Dimitri,
 
> After looking at the code in trustedauth/views.py, it indeed looks
> like Apache does not send x-remote-user.
> 
> I have to explain this to the sysadmins though. How to print the
> contents of the HTTP header? More simply, how to print the contents
> of 'req'?

  print self._cw._headers_in

will print the incoming request's HTTP headers.

> My guess is that the Apache configuration is probably missing this:
> 	https://www.ruby-forum.com/topic/83067#151189
> Still, I need to explain whatever error is occurring in CubicWeb to
> the sysadmins.

we use trustedauth on our intranet to delegate Kerberos authentication to 
apache. In our Apache configuration for the intranet, I found Kerberos related 
stuff + the following line:

  RequestHeader set X-REMOTE-USER %{remoteUser}e

The remoteUser variable is much probably made available by the Kerberos
authentication module (the link you provided confirm this). So you should find 
the relevant variable for your authentication module and have a similar line 
so the request header is properly set in the proxied request. 


-- 
Sylvain Thénault, LOGILAB, Paris (01.45.32.03.12) - Toulouse (05.62.17.16.42)
Formations Python, Debian, Méth. Agiles: http://www.logilab.fr/formations
Développement logiciel sur mesure:       http://www.logilab.fr/services
CubicWeb, the semantic web framework:    http://www.cubicweb.org



More information about the Cubicweb mailing list