I've been requested to get an old JBoss application working with Shibboleth.
The server already has Shibboleth set up. When you attempt to access the JBoss application, you're taken to a Shibboleth login screen (if you haven't already logged in with it). Then you're taken to the old JBoss application's login screen.
I want the JBoss application to, instead of presenting a login screen, to just get some variables (possibly from request headers) to determine which user has logged in.
I found this article over here about getting Shibboleth to work with Tomcat: https://www.commandprompt.com/blog/real-world_example_of_adding_saml_authentication_to_a_jboss_application/
About 2/3 of the way through that page they have this section:
ACCESSING AUTHENTICATION INFORMATION IN THE APPLICATION
Shibboleth passes the authentication information to the web application in form of CGI environment variables (
$_SERVERarray variable in PHP.) The sign of an established SAML session is presence ofShib-Session-IDenvironment variable.However, if you use JBoss application server your code lives in a different process and has no direct access to the Apache server environment. To pass the required variables from Apache to JBoss you'll need to add the following mod_jk configuration directive:
JkEnvVar Shib-Session-IDAfter that, you may get the value of this variable using
request.getAttribute("Shib-Session-ID")in your Java or JSP code.
mod_jk isn't part of my Apache installation, though. Do I need to install it, or is there another directive which is part of a standard Apache installation that I can use instead?
