Forward REMOTE_USER to tomcat via AJP (e.g. for shibboleth) Forward REMOTE_USER to tomcat via AJP (e.g. for shibboleth) apache apache

Forward REMOTE_USER to tomcat via AJP (e.g. for shibboleth)


Ok, here's my solution. I found that tomcat needs to be configured to trust/accept the authentication that was done by apache2...

To do this, you have to edit the server.xml of tomcat (should be at /etc/tomcat6/server.xml or similar) and add tomcatAuthentication="false" to your <Connector>-Tag for the AJP connection. My Connector tag looks now like this:

<Connector port="8009" protocol="AJP/1.3" redirectPort="8443"   tomcatAuthentication="false" /> 

Now you just need to restart tomcat... finished.

Hope this helps! ;-)

Stefan

Explanation:

"tomcatAuthentication" -- "If set to true, the authentication will be done in Tomcat. Otherwise, the authenticated principal will be propagated from the native webserver and used for authorization in Tomcat. The default value is true."

Quoted from: http://tomcat.apache.org/tomcat-5.5-doc/config/ajp.html