Skip to content

Commit

Permalink
Fixes an issue where variants of an externally authenticated user
Browse files Browse the repository at this point in the history 
X_REMOTE_USER can be specified for access to the API. This assures
that X-Remote-User, X-Remote_User as well as X_Remote-User are
also cleared from an inbound request thus restricting all
X[-_]REMOTE[-_]USER signatures for External Authentication.
  • Loading branch information
@abellotti
abellotti authored and root committed Jul 1, 2020
1 parent 181f07b commit 3ff329a
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 0 deletions.
3 changes: 3 additions & 0 deletions TEMPLATE/etc/httpd/conf.d/manageiq-remote-user-openidc.conf
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,6 @@
RequestHeader unset X-REMOTE-USER
RequestHeader unset X-REMOTE_USER
RequestHeader unset X_REMOTE-USER
RequestHeader unset X_REMOTE_USER

RequestHeader set X_REMOTE_USER %{OIDC_CLAIM_PREFERRED_USERNAME}e env=OIDC_CLAIM_PREFERRED_USERNAME
Expand Down
3 changes: 3 additions & 0 deletions TEMPLATE/etc/httpd/conf.d/manageiq-remote-user.conf
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,6 @@
RequestHeader unset X-REMOTE-USER
RequestHeader unset X-REMOTE_USER
RequestHeader unset X_REMOTE-USER
RequestHeader unset X_REMOTE_USER

RequestHeader set X_REMOTE_USER %{REMOTE_USER}e env=REMOTE_USER
Expand Down

0 comments on commit 3ff329a

Please sign in to comment.