[英]PingFederate not modifying HTTP headers
我正在使用PingFederate Apache(Linux)Integration Kit 3.2来验证我的应用程序。 该应用程序正在运行,并且PingFederate可以设置标头以及环境变量,但是Apache会忽略PingFederate对HTTP标头所做的更改。 以下是我的Apache错误日志的摘录
[Thu Aug 31 07:16:35.836754 2017] [:info] [pid 28376] Exposing of session information is enabled for all requests within a session
[Thu Aug 31 07:16:35.836757 2017] [:info] [pid 28376] Exposing session information into the environment variables and HTTP headers...
[Thu Aug 31 07:16:35.836763 2017] [:info] [pid 28376] Setting environment variable: PF_AUTH_UID = .....
[Thu Aug 31 07:16:35.836766 2017] [:info] [pid 28376] Setting the request HTTP header: PF_AUTH_UID = ....
[Thu Aug 31 07:16:35.836769 2017] [:info] [pid 28376] Setting environment variable: PF_AUTH_SN = ...
[Thu Aug 31 07:16:35.836772 2017] [:info] [pid 28376] Setting the request HTTP header: PF_AUTH_SN = ...
....
....
[Thu Aug 31 07:16:35.836837 2017] [:info] [pid 28376] Total environment variables added: 12
[Thu Aug 31 07:16:35.836839 2017] [:info] [pid 28376] Total HTTP request headers added: 12
[Thu Aug 31 07:16:35.836842 2017] [:info] [pid 28376] Releasing the dynamically allocated payload...
[Thu Aug 31 07:16:35.836844 2017] [:info] [pid 28376] Granting access to the requested resource
[Thu Aug 31 07:16:35.836846 2017] [:info] [pid 28376] Returning DECLINED to let Apache take its default actions for the modified request
[Thu Aug 31 07:16:35.836849 2017] [:info] [pid 28376] Exiting the Content handler
[Thu Aug 31 07:16:35.836851 2017] [:info] [pid 28376] Returning HTTP code -1 (DECLINED)
以下是我的mod_pf.conf的一些配置:
PingFederateFilter /.*
PingFederateFilter /cgi-bin/.*
PingFederateExposeSessionAttributesToEnvironmentVariables yes
PingFederateExposeSessionAttributesToHttpHeaders yes
PingFederateAuthnPrefix PF_AUTH_
以下是我的Apache配置(httpd.conf)的代码段
LoadModule access_compat_module modules/mod_access_compat.so
LoadFile modules/libopentoken.so
LoadModule pf_module modules/mod_pf.so
PingFederateConfigurationFile conf/mod_pf.conf
<Directory "/var/www/cgi-bin">
Order deny,allow
Deny from all
AuthType PFApacheAgent
Allow from all
Require valid-user
</Directory>
Apache版本是Apache / 2.4.6(CentOS)
在mod_pf中有一行“ PingFederateStartPageUrl /。cmd = PingStartPage。 ”启用此行并在浏览器中输入以下URL。 它将显示PingFederate将标头发送到Apache。 如果看不到任何HTTP标头,则PingFederate不发送属性。
URL是“ https:// yourapachehost:apacheport / protectedresource /?cmd = PingStartPage 。”
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.