CODEWITHSUNDEEP
apacheauthentication
Sky
Sky

Reputation: 1

mod_auth_mellon environment variables are null

I am using mod_auth_mellon on Apache for external authentication using SAML with an ADFS as IDP. I'm getting a Session Cookie an the Authentification is working but I do not get the attributes sent by the IDP.

I read in the answer in another topic (mod_auth_mellon not populating environment variables) that the attributes have to be written in the RequestHeader and thats what I'm doing.

My mellon configuration is as follows:

<Location / >
    MellonEnable info
    MellonSessionDump On
    MellonSamlResponseDump On

    MellonEndpointPath /mellon             
    MellonSPMetadataFile /etc/apache2/saml2/metadata.xml
    MellonSPPrivateKeyFile /etc/apache2/saml2/metadata.key
    MellonSPCertFile /etc/apache2/saml2/metadata.cert
    MellonIdPMetadataFile /etc/apache2/saml2/FederationMetadata.xml


    MellonSetEnv "MELLON_SESSION" "MELLON_SESSION"
    MellonSetEnv "MELLON_SAML_RESPONSE" "MELLON_SAML_RESPONSE"

    RequestHeader set Mellon-Session "%{MELLON_SESSION}e"
    RequestHeader set Mellon-SAML-Response %{MELLON_SAML_RESPONSE}e

   MellonSetEnvNoPrefix "MELLON_uid" "uid"
   MellonSetEnvNoPrefix "MELLON_NameID" "NameID"

    RequestHeader set Mellon-UID %{MELLON_uid}e
    RequestHeader set Mellon-NameID "%{MELLON_NAME_ID}e"
</Location>

# This is a location that will trigger authentication when requested.
<Location /adfshandler >
    AuthType Mellon
    MellonEnable auth
    Require valid-user
</Location>

I can see the set Atributes in the Header and I have values for all of them except uid, uid is null. Do I have to specify the requestet attributes somewhere? Or is it the wrong name?

Upvotes: 0

Views: 3121

Answers (2)

El AMINE HAMIS
El AMINE HAMIS

Reputation: 1

you should try with:

MellonSetEnvNoPrefix REMOTE_USER NAME_ID

RequestHeader Myheader %{REMOTE_USER}e

be aware it doesn't work with "NameID"

Upvotes: -1

Sky
Sky

Reputation: 1

the variable name of uid is as in the Metadata file of the IdP defined which was different (I took the FriedlyName). Besides the idP did not sent the attribute. After they corrected their ClaimRules I saw the Attribute in the SAMLResponse (in my Broswer addon)

Upvotes: 0

Related Questions