getRemoteUser() returns a null because of missing remote user information
 Technote (FAQ)
 
Problem
You can configure your Web server with a third-party authentication module and WebSphere plug-in to route requests to both WebSphere® Application Server V4.0, and V5.0 or V5.1. The third-party authentication module should set remote user information, if appropriate. This document outlines the considerations for passing the remote user information to V4.0, V5.0 or V5.1 plug-in so that the getRemoteUser() call from a WebSphere application can retrieve it from the request.
 
Cause
How to pass remote user information to WebSphere Application Server V4.0, V5.0 or V5.1 plug-in.
 
Solution
Background

If a WebSphere application calls the getRemoteUser() method, it relies on a private HTTP header value parsed by the plug-in. The WebSphere plug-in sets the private HTTP header value when a Web server authentication module has populated the remote user in the Web server data structure.

If the private HTTP header value that carries remote user information is not set, the WebSphere application call to getRemoteUser() returns a null value.

Solution

The guidelines below are applicable to any third-party or custom built authentication modules and to any Web server that is supported by the WebSphere plug-in

If you use a different Web server than Apache or IBM HTTP Server (IHS), the Web server APIs will be different than those provided in the examples. Contact the Web server vendor for details about the APIs that your Web server is using. For example, Domino APIs use an environment variable called REMOTE_USER to pass the remote user information from a security plug-in to other plug-ins, such as the WebSphere plug-in.

Construction of the WebSphere private header that carries the remote user information
  • In the case of IHS or Apache, the value is computed from the associated request record.

  • In the case of iPlanet, the value is computed from the property auth_user, which is associated with each request. It is typically set to the name of the local HTTP user of the Web browser, if HTTP access authorization is activated for the URL.

  • In the case of Domino, the value is computed from the environment variable REMOTE_USER, which is set by the Web server to anonymous for users who have not logged in and to the username for users who are logged in.

  • In the case of Internet Information Services (IIS), the value is computed from the environment variable REMOTE_USER, which is set by the Web server to the name of the user as it is derived from the authorization header sent by the client.

What to do when the WebSphere private header is not being set in the IHS or Apache WebSphere plug-in
  • Verify that the authentication module sets the remote user environmental variable.
  • Verify that the authentication module saves the remote user information in the Apache or IHS data structure.
    • For Apache or IHS 1.3, the authentication module sets conn_rec > user to save the remote user where the WebSphere plug-in can access it
    • For Apache or IHS 2.0, the authentication module sets request_rec > user to save the remote user where the WebSphere plug-in can access it

What to do when the WebSphere private header is not being set in the iPlanet, IIS, Domino WebSphere plugin
  • Verify the request data. It should have information about the user requesting the data.

Case study from a previously-solved problem

A customer was using the SiteMinder module within IBM HTTP Server 2.0.42.2.

The customer had upgraded the SiteMinder module to the version supported for IHS 2.0.42.2 (IHS 2.0.42.2 is based on Apache 2.0.46). This also upgraded the WebAgent.

The upgrade stopped the correct population of the remote user information into the IHS 2.0 data structure. To fix this, the customer had to set the remote user parameter within the WebAgent to YES.

Conclusion

Use this document as a guideline for problem determination when getRemoteUser() returns a null value.

Look for additional useful information in documents that describe Web server APIs. If you suspect a defect in the third-party authentication module, contact the vendor of the module for assistance.
 
 
 


Document Information


Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server > Plug-in
Operating system(s): HP-UX
Software version: 4.0
Software edition:
Reference #: 1162377
IBM Group: Software Group
Modified date: Mar 4, 2004