0
我使用PingFederate Apache(Linux)集成套件3.2来验证我的应用程序。应用程序正在运行,PingFederate可以设置标题以及环境变量,但PingFederate对HTTP标头所做的更改将被Apache忽略。下面是我的Apache的错误的摘录登录PingFederate不修改HTTP标头
[Thu Aug 31 07:16:35.836754 2017] [:info] [pid 28376] Exposing of session information is enabled for all requests within a session
[Thu Aug 31 07:16:35.836757 2017] [:info] [pid 28376] Exposing session information into the environment variables and HTTP headers...
[Thu Aug 31 07:16:35.836763 2017] [:info] [pid 28376] Setting environment variable: PF_AUTH_UID = .....
[Thu Aug 31 07:16:35.836766 2017] [:info] [pid 28376] Setting the request HTTP header: PF_AUTH_UID = ....
[Thu Aug 31 07:16:35.836769 2017] [:info] [pid 28376] Setting environment variable: PF_AUTH_SN = ...
[Thu Aug 31 07:16:35.836772 2017] [:info] [pid 28376] Setting the request HTTP header: PF_AUTH_SN = ...
....
....
[Thu Aug 31 07:16:35.836837 2017] [:info] [pid 28376] Total environment variables added: 12
[Thu Aug 31 07:16:35.836839 2017] [:info] [pid 28376] Total HTTP request headers added: 12
[Thu Aug 31 07:16:35.836842 2017] [:info] [pid 28376] Releasing the dynamically allocated payload...
[Thu Aug 31 07:16:35.836844 2017] [:info] [pid 28376] Granting access to the requested resource
[Thu Aug 31 07:16:35.836846 2017] [:info] [pid 28376] Returning DECLINED to let Apache take its default actions for the modified request
[Thu Aug 31 07:16:35.836849 2017] [:info] [pid 28376] Exiting the Content handler
[Thu Aug 31 07:16:35.836851 2017] [:info] [pid 28376] Returning HTTP code -1 (DECLINED)
下面是一些我mod_pf.conf的配置:
PingFederateFilter /.*
PingFederateFilter /cgi-bin/.*
PingFederateExposeSessionAttributesToEnvironmentVariables yes
PingFederateExposeSessionAttributesToHttpHeaders yes
PingFederateAuthnPrefix PF_AUTH_
下面是我的Apache配置的片段(httpd.conf文件)
LoadModule access_compat_module modules/mod_access_compat.so
LoadFile modules/libopentoken.so
LoadModule pf_module modules/mod_pf.so
PingFederateConfigurationFile conf/mod_pf.conf
<Directory "/var/www/cgi-bin">
Order deny,allow
Deny from all
AuthType PFApacheAgent
Allow from all
Require valid-user
</Directory>
Apache的版本就是Apache/2.4.6(CentOS的)
只是要清楚...您没有看到PF_AUTH_UID标题和其他标题吗?您是否有可以添加到上述问题中的标题变量转储?您使用的AuthType对我来说看起来并不合适 - 你可能想看一下[示例KB](https://ping.force.com/Support/PingIdentityArticle?id=kA340000000Gt0OCAS)。 –
@Andrew我不是看到任何PF_AUTH_ * HTTP标头。我实际上在尝试过'Require valid-user'而不是'Allow all all'结果是一样的。我再次尝试,但PF_AUTH_ * HTTP头仍然没有显示。我认为身份验证工作正常,因为PF_AUTH_ *环境变量正在填充正确的值。我不清楚__ader变量dump_是什么意思。我期望的一些标题是:PF_AUTH_ID,PF_AUTH_SN,PF_AUTH_CN,PF_AUTH_GIVENNAME ... –
要求去哪里? –