0
我使用PingFederate Apache(Linux)集成套件3.2來驗證我的應用程序。應用程序正在運行,PingFederate可以設置標題以及環境變量,但PingFederate對HTTP標頭所做的更改將被Apache忽略。下面是我的Apache的錯誤的摘錄登錄PingFederate不修改HTTP標頭
[Thu Aug 31 07:16:35.836754 2017] [:info] [pid 28376] Exposing of session information is enabled for all requests within a session
[Thu Aug 31 07:16:35.836757 2017] [:info] [pid 28376] Exposing session information into the environment variables and HTTP headers...
[Thu Aug 31 07:16:35.836763 2017] [:info] [pid 28376] Setting environment variable: PF_AUTH_UID = .....
[Thu Aug 31 07:16:35.836766 2017] [:info] [pid 28376] Setting the request HTTP header: PF_AUTH_UID = ....
[Thu Aug 31 07:16:35.836769 2017] [:info] [pid 28376] Setting environment variable: PF_AUTH_SN = ...
[Thu Aug 31 07:16:35.836772 2017] [:info] [pid 28376] Setting the request HTTP header: PF_AUTH_SN = ...
....
....
[Thu Aug 31 07:16:35.836837 2017] [:info] [pid 28376] Total environment variables added: 12
[Thu Aug 31 07:16:35.836839 2017] [:info] [pid 28376] Total HTTP request headers added: 12
[Thu Aug 31 07:16:35.836842 2017] [:info] [pid 28376] Releasing the dynamically allocated payload...
[Thu Aug 31 07:16:35.836844 2017] [:info] [pid 28376] Granting access to the requested resource
[Thu Aug 31 07:16:35.836846 2017] [:info] [pid 28376] Returning DECLINED to let Apache take its default actions for the modified request
[Thu Aug 31 07:16:35.836849 2017] [:info] [pid 28376] Exiting the Content handler
[Thu Aug 31 07:16:35.836851 2017] [:info] [pid 28376] Returning HTTP code -1 (DECLINED)
下面是一些我mod_pf.conf的配置:
PingFederateFilter /.*
PingFederateFilter /cgi-bin/.*
PingFederateExposeSessionAttributesToEnvironmentVariables yes
PingFederateExposeSessionAttributesToHttpHeaders yes
PingFederateAuthnPrefix PF_AUTH_
下面是我的Apache配置的片段(httpd.conf文件)
LoadModule access_compat_module modules/mod_access_compat.so
LoadFile modules/libopentoken.so
LoadModule pf_module modules/mod_pf.so
PingFederateConfigurationFile conf/mod_pf.conf
<Directory "/var/www/cgi-bin">
Order deny,allow
Deny from all
AuthType PFApacheAgent
Allow from all
Require valid-user
</Directory>
Apache的版本就是Apache/2.4.6(CentOS的)
只是要清楚...您沒有看到PF_AUTH_UID標題和其他標題嗎?您是否有可以添加到上述問題中的標題變量轉儲?您使用的AuthType對我來說看起來並不合適 - 你可能想看一下[示例KB](https://ping.force.com/Support/PingIdentityArticle?id=kA340000000Gt0OCAS)。 –
@Andrew我不是看到任何PF_AUTH_ * HTTP標頭。我實際上在嘗試過'Require valid-user'而不是'Allow all all'結果是一樣的。我再次嘗試,但PF_AUTH_ * HTTP頭仍然沒有顯示。我認爲身份驗證工作正常,因爲PF_AUTH_ *環境變量正在填充正確的值。我不清楚__ader變量dump_是什麼意思。我期望的一些標題是:PF_AUTH_ID,PF_AUTH_SN,PF_AUTH_CN,PF_AUTH_GIVENNAME ... –
要求去哪裏? –