Institutions typically use different ways (Shibboleth, LDAP, etc.) to authenticate users. It is difficult to achieve a one-size-fits-all deployment to address all the different authentication in OLE. This bottleneck can be cleared by using a reverse proxy.
...
Configurations on the Apache HTTP side
The configurations are done in the httpd.conf file.
Pass the REMOTE_USER in Header
...
| Code Block | ||
|---|---|---|
| ||
<LocationRequestHeader /olefs>set Order Allow,Deny Allow from all AuthType Basic AuthName #<To be filled> AuthzLDAPAuthoritative off AuthLDAPURL #<To be filled> AuthBasicProvider ldap file AuthUserFile /var/www/olehome/.htpasswd require valid-user ProxyPass #<OLE Tomcat URL> ProxyPassReverse #<OLE Tomcat URL> RequestHeader set Remote-User %{REMOTE_USER}s </Location> |
...
Remote-User %{REMOTE_USER}s |
Force HTTPS
The Apache 'rewrite' module needs to be enabled for this to work.
Under the Virtual Host Config, the rewrite conditions are to be mentioned.
| Code Block | ||
|---|---|---|
| ||
RewriteCond %{HTTPS} on
RewriteCond %{REQUEST_URI} (.*)olefs(/portal\.do)?$
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} |
Version related issues
| Note |
|---|
Apache versions prior to Apache 2.4.4 (especially Apache 2.2.x shipped with Red Hat Enterprise Linux 6.x) cannot forward PATCH requests via the AJP protocol, which can interfere with some of OLE's APIs. |
...
If you are experiencing HTTP 501 ("Method Not Implemented") errors, this may be the cause. Check your Apache version and error logs for messages such as "ajp_marshal_into_msgb - No such method PATCH".
Possible Fixes
- Use mod_proxy_http instead of mod_proxy_ajp in your proxy setup.
- Use at least Apache 2.4.4 with mod_proxy_ajp.
- (Unverified) Use mod_jk instead of mod_proxy_ajp.