This issue has been created
There is 1 update.
 
 
Trusted authentication framework / cid:jira-generated-image-avatar-3aad7120-1c5c-49d8-97e0-505d291d7a0a TRUSTAUTH-28 Open

Support for AJP Attributes

 
View issue   ยท   Add comment
 

Issue created

 
cid:jira-generated-image-avatar-2cc1b2da-f8c4-4a2e-a355-6761b294432a Hitesh P created this issue on 03/Jul/24 12:49
 
Summary: Support for AJP Attributes
Issue Type: cid:jira-generated-image-avatar-3aad7120-1c5c-49d8-97e0-505d291d7a0a New Feature
Assignee: Unassigned
Created: 03/Jul/24 12:49
Priority: cid:jira-generated-image-static-major-5774db78-8ba9-455a-934a-c3a7610a6373 Major
Reporter: Hitesh P
Description:

Add `attribute` adapter for AJP Attributes

AJP attributes (or process env vars for other CGI backends) seem to be a preferred method for passing auth information due to less likelihood of MITM/header manipulation.

Shibboleth does recommend using AJP Attributes: https://shibboleth.atlassian.net/wiki/spaces/SP3/pages/2065335257/AttributeAccess

(Technically when tomcat is on 127.0.0.1 only and apache httpd in front, auth via HTTP headers shouldn't pose much of an issue)

Here is my PR for this feature: https://github.com/xwiki-contrib/xwiki-authenticator-trusted/pull/6

 
 

1 update

 
cid:jira-generated-image-avatar-2cc1b2da-f8c4-4a2e-a355-6761b294432a Changes by Hitesh P on 03/Jul/24 12:50
 
Description: Add `attribute` adapter for AJP Attributes

AJP attributes (or process env vars for other CGI backends) seem to be a preferred method for passing auth information due to less likelihood of MITM/header manipulation.

Shibboleth does recommend using AJP Attributes: [https://shibboleth.atlassian.net/wiki/spaces/SP3/pages/2065335257/AttributeAccess]

(Technically when tomcat is on 127.0.0.1 only and apache httpd in front, auth via HTTP headers shouldn't pose much of
an issue a risk )

Here is my PR for this feature: [https://github.com/xwiki-contrib/xwiki-authenticator-trusted/pull/6]