1. 首页
  2. 问答
  3. PingFederate不修改HTTP标头

PingFederate不修改HTTP标头

2017-08-31 95 views
0

我使用PingFederate Apache(Linux)集成套件3.2来验证我的应用程序。应用程序正在运行,PingFederate可以设置标题以及环境变量,但PingFederate对HTTP标头所做的更改将被Apache忽略。下面是我的Apache的错误的摘录登录PingFederate不修改HTTP标头

[Thu Aug 31 07:16:35.836754 2017] [:info] [pid 28376] Exposing of session information is enabled for all requests within a session 
[Thu Aug 31 07:16:35.836757 2017] [:info] [pid 28376] Exposing session information into the environment variables and HTTP headers... 
[Thu Aug 31 07:16:35.836763 2017] [:info] [pid 28376] Setting environment variable: PF_AUTH_UID = ..... 
[Thu Aug 31 07:16:35.836766 2017] [:info] [pid 28376] Setting the request HTTP header: PF_AUTH_UID = .... 
[Thu Aug 31 07:16:35.836769 2017] [:info] [pid 28376] Setting environment variable: PF_AUTH_SN = ... 
[Thu Aug 31 07:16:35.836772 2017] [:info] [pid 28376] Setting the request HTTP header: PF_AUTH_SN = ... 
.... 
.... 
[Thu Aug 31 07:16:35.836837 2017] [:info] [pid 28376] Total environment variables added: 12 
[Thu Aug 31 07:16:35.836839 2017] [:info] [pid 28376] Total HTTP request headers added: 12 
[Thu Aug 31 07:16:35.836842 2017] [:info] [pid 28376] Releasing the dynamically allocated payload... 
[Thu Aug 31 07:16:35.836844 2017] [:info] [pid 28376] Granting access to the requested resource 
[Thu Aug 31 07:16:35.836846 2017] [:info] [pid 28376] Returning DECLINED to let Apache take its default actions for the modified request 
[Thu Aug 31 07:16:35.836849 2017] [:info] [pid 28376] Exiting the Content handler 
[Thu Aug 31 07:16:35.836851 2017] [:info] [pid 28376] Returning HTTP code -1 (DECLINED)

下面是一些我mod_pf.conf的配置:

PingFederateFilter     /.* 
PingFederateFilter     /cgi-bin/.* 

PingFederateExposeSessionAttributesToEnvironmentVariables yes 
PingFederateExposeSessionAttributesToHttpHeaders   yes 

PingFederateAuthnPrefix    PF_AUTH_

下面是我的Apache配置的片段(httpd.conf文件)

LoadModule access_compat_module modules/mod_access_compat.so 
LoadFile modules/libopentoken.so 
LoadModule pf_module modules/mod_pf.so 
PingFederateConfigurationFile conf/mod_pf.conf 

<Directory "/var/www/cgi-bin"> 
    Order deny,allow 
    Deny from all 

    AuthType PFApacheAgent 
    Allow from all 
    Require valid-user 
</Directory>

Apache的版本就是Apache/2.4.6(CentOS的)

来源

2017-08-31 fat_apupu

+0

只是要清楚...您没有看到PF_AUTH_UID标题和其他标题吗?您是否有可以添加到上述问题中的标题变量转储?您使用的AuthType对我来说看起来并不合适 - 你可能想看一下[示例KB](https://ping.force.com/Support/PingIdentityArticle?id=kA340000000Gt0OCAS)。 –

+0

@Andrew我不是看到任何PF_AUTH_ * HTTP标头。我实际上在尝试过'Require valid-user'而不是'Allow all all'结果是一样的。我再次尝试,但PF_AUTH_ * HTTP头仍然没有显示。我认为身份验证工作正常,因为PF_AUTH_ *环境变量正在填充正确的值。我不清楚__ader变量dump_是什么意思。我期望的一些标题是:PF_AUTH_ID,PF_AUTH_SN,PF_AUTH_CN,PF_AUTH_GIVENNAME ... –

+0

要求去哪里? –

回答

0

mod_pf“PingFederateStartPageUrl /”中有一行。 cmd = PingStartPage。“启用这条线,并在浏览器中输入下面的网址,它会显示在页眉通过的PingFederate发送到Apache。如果你不能看到任何HTTP头,那么的PingFederate不发送的属性。

网址是“https://yourapachehost:apacheport/protectedresource/?cmd=PingStartPage”。

来源

2017-12-18 03:21:46

相关问题

 相关问题