Re: SSO Kerberos REMOTE_USER RewriteRule Endless Loop for Certain users com250.022.465

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Re: SSO Kerberos REMOTE_USER RewriteRule Endless Loop for Certain users com250.022.465

michael.huys

Hi,

does anyone has some other suggestions for me?

Already thanks in advance for your feedback!

Kind regards,

Michael

----- Origineel bericht: com249.817.407 ---------------------------------

From: [hidden email]
To: [hidden email], [hidden email]
Subject: Re: [users@httpd] SSO Kerberos REMOTE_USER RewriteRule Endless Loop for Certain users com249.796.781 com249.817.407
Date: 03 december 2019 (15:25)

 

Hi Eric,

first of all thanks for you quick response!

The loop is continuously giving the message "One moment please, you are being redirected". And this is the message which is displayed when the request is proxied from Apache to the Perl webserver.

I'm using the LA because I don't make use of an .htaccess file. So the rewrite configuration I have posted is located in below file:

/etc/httpd/conf.d/zzzz_app_sso.conf

Or isn't that correct?

This is an assumption I made based on the information in https://httpd.apache.org/docs/current/mod/mod_rewrite.html

Maybe also worth mentioning, my proxy config is in a file which is picked up earlier:

cat /etc/httpd/conf.d/zzz_app.conf
<Location />
    # Pass the HTTP protocol request header to the backend server if SSL is inactive.
    RequestHeader set "X-Forwarded-Proto" "http" env=!HTTPS
    ProxyPass http://localhost:8080/ retry=1 acquire=3000 timeout=6000 Keepalive=On
</Location>
<Location /websocket>
    ProxyPass ws://localhost:8080/websocket
</Location>

Kind regards,

Michael

----- Origineel bericht: com249.798.077 ---------------------------------

From: Eric Covener ([hidden email])
To: [hidden email]
Copy: [hidden email]
Subject: Re: [users@httpd] SSO Kerberos REMOTE_USER RewriteRule Endless Loop for Certain users com249.796.781
Date: 03 december 2019 (13:49)

 
> RewriteEngine on
> RewriteCond %{LA-U:REMOTE_USER} (.+)
> RewriteRule . - [E=RU:%1,NS]
> RequestHeader set REMOTE_USER "%{RU}e" env=RU
> RequestHeader set REMOTE_USER_SECRET "*************"
> </Location>

Any more details on the looping behavior? The rewrites don't make a
substitution much less a redirect so it doesn't fit the usual pattern.

It is also a bit odd that look-ahead is used here. %{REMOTE_USER}
should be directly accessible to the rewritecond when it's used inside
<location> context (this has a side effect of delaying the evaluation,
and it's after authentication). I guess there is some slight chance
that removing some of this look-ahead complexity could even help your
symptom?

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]
 


 

Dit bericht is onderworpen aan de voorwaarden beschikbaar op onze website

Ce message est soumis aux conditions disponibles sur notre site web

This message is subject to the terms and conditions available on our website




Dit bericht is onderworpen aan de voorwaarden beschikbaar op onze website

Ce message est soumis aux conditions disponibles sur notre site web

This message is subject to the terms and conditions available on our website



---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]