What Apache will do when the user is authenticated is set the
'request->remote_user'. I would think that any application willing to
learn who the user is can obtain the data from the request object.
On Wed, 2006-04-26 at 08:18 -0400, Andy Levy wrote:
> On 4/25/06, Keith Lawless <keithlawless@gmail.com> wrote:
> > I have set Subversion with Apache integration and have it working both with
> > and without basic authentication via AuthType basic. Now, I want to wrap the
> > whole thing up so that it is protected by Siteminder. So I have configured
> > Siteminder, let it know what all the WebDAV verbs are, and set up the
> > policies. From a security point of view, everything is working. My question
> > is: now that an external provider is handling security, how do I pass the
> > author's username to Subversion to make sure the history is updated
> > correctly? Currently, it looks like everything is done by Anonymous. Is
> > there an HTTP header I can set, or a variable I can append to the URL?
>
> >From what I recall about Siteminder (it's been a couple years since I
> had the pleasure of working with it), the web server itself does see
> all users as anonymous - but the ID and other credentials are stashed
> in a cookie and/or some custom HTTP headers (I think you can configure
> how it does this). The security happens before the web server proper
> even sees the request (in IIS/Windows parlance, SM is an ISAPI filter
> that catches the HTTP request before anything else sees it).
>
> Not having used SM with Apache, nor am I an Apache guru - but it seems
> like the missing link is that somehow the credentials need to get
> passed out of SM along with the rest of the request.
>
> Have you asked the SM folks about it?
>
> Don't know if I helped or just regurgitated things you already knew;
> hopefully the former, if it's the latter I apologize.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
> For additional commands, e-mail: users-help@subversion.tigris.org
>
>
> Analizado por ThMailServer para Linux.
>
>
> !DSPAM:444f656a115181718616930!
>
Analizado por ThMailServer para Linux.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Wed Apr 26 19:23:52 2006