Reputation: 690
mod_auth_mellon not populating environment variables
I have setup mod_auth_mellon for external authentication using SAML 2.0. I get authenticated using an external IdP, but mod_auth_mellon does not populate the environment variables and I am not able to get the username to proceed with the authorization of the resources I want to protect.
The workflow is as follows: 1) user tries to access /test/info.php 2) user gets redirected to external IdP 3) user authenticates against external IdP and gets redirected to /auth/info.php
My mellon configuration is as follows:
<Location />
MellonSPPrivateKeyFile /etc/apache2/mellon-config/http_ec2_54_86_69_246.compute_1.amazonaws.com.key
MellonSPCertFile /etc/apache2/mellon-config/http_ec2_54_86_69_246.compute_1.amazonaws.com.cert
MellonSPMetadataFile /etc/apache2/mellon-config/http_ec2_54_86_69_246.compute_1.amazonaws.com.xml
</Location>
<Location /auth/info.php>
MellonEnable "info"
MellonSetEnv "email" "email"
MellonSetEnv "username" "username"
MellonUser "email"
MellonSamlResponseDump On
MellonSessionDump On
MellonVariable "cookie"
</Location>
<Location /test/info.php>
# This location will trigger an authentication request to the IdP.
MellonEnable "auth"
AuthType "Mellon"
MellonVariable "cookie"
MellonSetEnv "email" "email"
MellonSetEnv "username" "username"
MellonUser "email"
MellonSamlResponseDump On
MellonSessionDump On
MellonEndpointPath /mellon
Require valid-user
</Location>
In auth/info.php, I try to print the $SERVER variable:
<?php
var_dump($_SERVER);
?>
I am getting a mellon-cookie but nowhere can I see the values of the environment variables I set.
What configuration am I missing?
Upvotes: 1
Views: 5450
Answers (2)
Reputation: 29
Thanks Crunge for your reply
for me it works with following line (Header instead of RequestHeader) and in a <Location> section of httpd conf file
Header set Mellon-NameID: %{MELLON_NAME_ID}e
(reload of apache service needed)
Upvotes: 1
Reputation: 121
I had this issue using apache as a reverse proxy for an app I wanted protected by mod_auth_mellon. It appears apache doesn't automatically pass headers generated by internal modules. I had to enable mod_headers and add this:
RequestHeader set Mellon-NameID %{MELLON_NAME_ID}e
This takes the MELLON_NAME_ID header and passes it to the application as Mellon-NameID. You'll have to add similar lines for each header you want passed along, such as MELLON_SESSION.
Upvotes: 2
Related Questions
- Apache can't read my environment variables
- Environment variables works on Django's server but not on Apache server
- Why are all system environment variables null in apache HTTPD?
- Authorization environment variable gets replaced when executing request in Paw
- How to concat variables in apache
- Apache doesn't recognize mod_auth_openidc commands
- Cannot retrieve Apache environment variables in PHP
- Set environmenti variable to apache user
- Having trouble setting an environment variable for apache on Mac
- apache setenvif doesn't set env variable if checked against HTTP Header