1. 首頁
  2. 問答
  3. PingFederate不修改HTTP標頭

PingFederate不修改HTTP標頭

2017-08-31 80 views
0

我使用PingFederate Apache(Linux)集成套件3.2來驗證我的應用程序。應用程序正在運行,PingFederate可以設置標題以及環境變量,但PingFederate對HTTP標頭所做的更改將被Apache忽略。下面是我的Apache的錯誤的摘錄登錄PingFederate不修改HTTP標頭

[Thu Aug 31 07:16:35.836754 2017] [:info] [pid 28376] Exposing of session information is enabled for all requests within a session 
[Thu Aug 31 07:16:35.836757 2017] [:info] [pid 28376] Exposing session information into the environment variables and HTTP headers... 
[Thu Aug 31 07:16:35.836763 2017] [:info] [pid 28376] Setting environment variable: PF_AUTH_UID = ..... 
[Thu Aug 31 07:16:35.836766 2017] [:info] [pid 28376] Setting the request HTTP header: PF_AUTH_UID = .... 
[Thu Aug 31 07:16:35.836769 2017] [:info] [pid 28376] Setting environment variable: PF_AUTH_SN = ... 
[Thu Aug 31 07:16:35.836772 2017] [:info] [pid 28376] Setting the request HTTP header: PF_AUTH_SN = ... 
.... 
.... 
[Thu Aug 31 07:16:35.836837 2017] [:info] [pid 28376] Total environment variables added: 12 
[Thu Aug 31 07:16:35.836839 2017] [:info] [pid 28376] Total HTTP request headers added: 12 
[Thu Aug 31 07:16:35.836842 2017] [:info] [pid 28376] Releasing the dynamically allocated payload... 
[Thu Aug 31 07:16:35.836844 2017] [:info] [pid 28376] Granting access to the requested resource 
[Thu Aug 31 07:16:35.836846 2017] [:info] [pid 28376] Returning DECLINED to let Apache take its default actions for the modified request 
[Thu Aug 31 07:16:35.836849 2017] [:info] [pid 28376] Exiting the Content handler 
[Thu Aug 31 07:16:35.836851 2017] [:info] [pid 28376] Returning HTTP code -1 (DECLINED)

下面是一些我mod_pf.conf的配置:

PingFederateFilter     /.* 
PingFederateFilter     /cgi-bin/.* 

PingFederateExposeSessionAttributesToEnvironmentVariables yes 
PingFederateExposeSessionAttributesToHttpHeaders   yes 

PingFederateAuthnPrefix    PF_AUTH_

下面是我的Apache配置的片段(httpd.conf文件)

LoadModule access_compat_module modules/mod_access_compat.so 
LoadFile modules/libopentoken.so 
LoadModule pf_module modules/mod_pf.so 
PingFederateConfigurationFile conf/mod_pf.conf 

<Directory "/var/www/cgi-bin"> 
    Order deny,allow 
    Deny from all 

    AuthType PFApacheAgent 
    Allow from all 
    Require valid-user 
</Directory>

Apache的版本就是Apache/2.4.6(CentOS的)

來源

2017-08-31 fat_apupu

+0

只是要清楚...您沒有看到PF_AUTH_UID標題和其他標題嗎?您是否有可以添加到上述問題中的標題變量轉儲?您使用的AuthType對我來說看起來並不合適 - 你可能想看一下[示例KB](https://ping.force.com/Support/PingIdentityArticle?id=kA340000000Gt0OCAS)。 –

+0

@Andrew我不是看到任何PF_AUTH_ * HTTP標頭。我實際上在嘗試過'Require valid-user'而不是'Allow all all'結果是一樣的。我再次嘗試,但PF_AUTH_ * HTTP頭仍然沒有顯示。我認爲身份驗證工作正常,因爲PF_AUTH_ *環境變量正在填充正確的值。我不清楚__ader變量dump_是什麼意思。我期望的一些標題是:PF_AUTH_ID,PF_AUTH_SN,PF_AUTH_CN,PF_AUTH_GIVENNAME ... –

+0

要求去哪裏? –

回答

0

mod_pf「PingFederateStartPageUrl /」中有一行。 cmd = PingStartPage。「啓用這條線,並在瀏覽器中輸入下面的網址,它會顯示在頁眉通過的PingFederate發送到Apache。如果你不能看到任何HTTP頭,那麼的PingFederate不發送的屬性。

網址是「https://yourapachehost:apacheport/protectedresource/?cmd=PingStartPage」。

來源

2017-12-18 03:21:46

相關問題

 相關問題