Uploaded image for project: 'Trusted authentication framework'
  1. Trusted authentication framework
  2. TRUSTAUTH-28

Support for AJP Attributes

    XMLWordPrintable

Details

    • New Feature
    • Resolution: Fixed
    • Major
    • 1.9.0
    • 1.8.3
    • Attributes
    • None
    • Unknown

    Description

      Add `attribute` adapter for AJP Attributes

      AJP attributes (or process env vars for other CGI backends) seem to be a preferred method for passing auth information due to less likelihood of MITM/header manipulation.

      Shibboleth does recommend using AJP Attributes: https://shibboleth.atlassian.net/wiki/spaces/SP3/pages/2065335257/AttributeAccess

      (Technically when tomcat is on 127.0.0.1 only and apache httpd in front, auth via HTTP headers shouldn't pose much of a risk)

      Here is my PR for this feature: https://github.com/xwiki-contrib/xwiki-authenticator-trusted/pull/6

      Attachments

        Activity

          People

            hiteshprab@gmail.com Hitesh P
            hiteshprab@gmail.com Hitesh P
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: