Add `attribute` adapter for AJP Attributes AJP attributes (or process env vars for other CGI backends) seem to be a preferred method for passing auth information due to less likelihood of MITM/header manipulation. Shibboleth does recommend using AJP Attributes: https://shibboleth.atlassian.net/wiki/spaces/SP3/pages/2065335257/AttributeAccess (Technically when tomcat is on 127.0.0.1 only and apache httpd in front, auth via HTTP headers shouldn't pose much of an issue) Here is my PR for this feature: https://github.com/xwiki-contrib/xwiki-authenticator-trusted/pull/6 |