On Sun, 2015-02-15 at 01:49 +0000, John Horne wrote:
We have a CentOS 7 server running Mediawiki 1.24.1, Apache 2.4.6, PHP
5.4.16, Shibboleth (SP) 2.5.3 and fast CGI 2.3.9. We are also using the
mediawiki shibboleth extension fork taken from github.
Unfortunately putting it all together is proving a problem. The
Shibboleth SP code seems to be working fine with our IdP in that we can
see that a user is authenticated, and the relevant attributes returned
by the IdP. The SP code sets the users userid in the Apache REMOTE_USER
variable. (The SP session shows this.)
...
Looking at the Apache logs seems to indicate that the REMOTE_USER
variable is set (we see the users userid being logged), but when the
user is redirected then the userid/REMOTE_USER value is lost.
Hello,
I came across this article about the problem:
http://serverfault.com/questions/633096/php-htaccess-environment-variables-…
As it says, in big letters, Apache proxypass with fcgi does not work. I
have implemented the suggested rewrite rules, and SSO now works fine.
I did come across a second article (can't remember the URL) which said
that putting the proxypass in a Location/LocationMatch block works. I
tried this, but could not get it to work, so went back to the rewrite
rules.
John.
--
John Horne Tel: +44 (0)1752 587287
Plymouth University, UK