I'm using Kerberos Mod with apache to authenticate windows user on our intranet sites which are hosted on Ubuntu servers. The backend that gets the data is tomcat. the site in question make a GET request to https://siteName/user/logMeIn . When I try to get the username from the header it's not there.
I've tried adding RequestHeader set X-Remote-User expr=%{REMOTE_USER} RequestHeader set X-REMOTE-USER %{REMOTE_USER}s to the apache virtual host file on separate occasions
apache Virtual host file
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
ServerAdmin [serverAdmin]
ServerName [SiteName]
ServerAlias [SiteName]
DocumentRoot [Directory]
JkMount /ConferenceSchedulerService/* ConferenceSchedulerServicetomcat
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLCertificateFile [CertFilePath]
SSLCertificateKeyFile [CertKeyFilePath]
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
<Directory "/var/www/schedulemeetingtestcom/html">
AuthzSendForbiddenOnFailure On
Options None
AllowOverride None
Order allow,deny
Allow from all
AuthName "SSO Failed please enter you windows login"
AuthType Kerberos
KrbAuthRealms CORP.COMPANYNAME.COM
KrbServiceName HTTP/schedulemeetingtest.com
#KrbServiceName Any
Krb5KeyTab /etc/krb5.keytab
KrbMethodK5Passwd off
KrbLocalUserMapping on
KrbSaveCredentials on
SSLRequireSSL
Require valid-user
RequestHeader set X-Remote-User expr=%{REMOTE_USER}
#RequestHeader set X-REMOTE-USER %{REMOTE_USER}s
</Directory>
BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
</VirtualHost>
Java Spring Code
@Controller
@RequestMapping("/user")
public class UserController extends BaseController {
@Autowired
ApplicationUserAccessLdapService ldapSrv;
@Autowired
private HttpServletRequest request;
@PostMapping(value="/logMeIn")
public ResponseEntity<?> auth(
){
request.getHeaderNames().toString();
Enumeration<String> header = request.getHeaderNames();
Map<String, String> map = new HashMap<String, String>();
while (header.hasMoreElements()) {
String key = (String) header.nextElement();
String value = request.getHeader(key);
map.put(key, value);
}
try{
map.put("RemoteUserName", request.getRemoteUser());
}catch(Exception e){
map.put("RemoteUserName", "Unknown");
}
try{
map.put("RemoteAddress", request.getRemoteAddr());
}catch(Exception e){
map.put("RemoteAddress", "Unknown");
}
try{
map.put("AuthType", request.getAuthType());
}catch(Exception e){
map.put("AuthType", "Unknown");
}
try{
map.put("SeverletPath", request.getServletPath());
}catch(Exception e){
map.put("SeverletPath", "Unknown");
}
try{
map.put("PrincipalName", request.getUserPrincipal().getName());
}catch(Exception e){
map.put("PrincipalName", "Unknown");
}
return new ResponseEntity(map,HttpStatus.OK);
}
}
I'm not getting the username at all and maybe it's because the kerberos mod doesn't pass the username after the initial authentication. But I still need it after Below is the response from the get request
Accept-Encoding: "gzip, deflate, br"
Accept-Language: "en-US,en;q=0.9"
AuthType: null
Origin: "https://schedulemeetingtest.riverstonegroup.com"
PrincipalName: "Unknown"
RemoteAddress: "192.168.93.140"
RemoteUserName: null
Sec-Fetch-Mode: "cors"
Sec-Fetch-Site: "same-origin"
SeverletPath: "/user/logMeIn"
accept: "application/json, text/plain, /"
connection: "keep-alive"
content-length: "0"
content-type: "application/x-www-form-urlencoded"
host: "schedulemeetingtest.riverstonegroup.com"
referer: "https://schedulemeetingtest.riverstonegroup.com/"
user-agent: "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.132 Safari/537.36"
What i would like to see is the RemoteUserName show the user not null
I figured out my problem
in the directory
Directory "/var/www/schedulemeetingtestcom/html"
i changed it to
Location /