Bug 1303313

Summary: Rebase mod_lookup_identity to 0.9.5 to get the LookupOutput headers and headers-base64 functionality
Product: Red Hat Enterprise Linux 7 Reporter: Jan Pazdziora <jpazdziora>
Component: mod_lookup_identityAssignee: Jan Pazdziora <jpazdziora>
Status: CLOSED ERRATA QA Contact: Namita Soman <nsoman>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 7.3CC: enewland, jpazdziora, ksiddiqu
Target Milestone: rcKeywords: Rebase
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: mod_lookup_identity-0.9.5-1.el7 Doc Type: Rebase: Bug Fixes and Enhancements
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-11-04 01:38:19 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On:    
Bug Blocks: 1296125, 1313485    

Description Jan Pazdziora 2016-01-30 17:24:21 UTC 
Description of problem:

The mod_lookup_identity 0.9.4 added support for LookupOutput headers and LookupOutput headers-base64 that make it possible to populate multiple HTTP headers of the requests with attributes of the authenticated user, including their group membership. That simplifies the deployments with layered products where HTTP proxies are used in front of applications -- separate HTTP headers, and/or the ability to Base64-encode the values, makes it easier to pass the information in safe manner.

The version 0.9.5 is then compatibility release for Apache 2.2 which is not needed for RHEL 7 but would be nice to have to match upstream.

Version-Release number of selected component (if applicable):

0.9.3

How reproducible:

Deterministic.

Steps to Reproduce:
1. Use HTTP authenticating proxy and try to populate REMOTE_USER_GROUP_N, REMOTE_USER_GROUP_1, ... values.

Actual results:

Not possible with 0.9.3 unless you want to limit the number of groups handled.

Expected results:

LookupOutput headers (or headers-base64) makes it possible and easy.

Additional info:
Comment 3 Kaleem 2016-09-19 08:52:25 UTC 
[root@dhcp207-129 ~]# rpm -qi mod_lookup_identity
Name        : mod_lookup_identity
Version     : 0.9.5
Release     : 1.el7
Architecture: x86_64
Install Date: Mon 19 Sep 2016 02:21:12 PM IST
Group       : System Environment/Daemons
Size        : 49646
License     : ASL 2.0
Signature   : RSA/SHA256, Wed 27 Jul 2016 08:49:37 PM IST, Key ID 938a80caf21541eb
Source RPM  : mod_lookup_identity-0.9.5-1.el7.src.rpm
Build Date  : Wed 24 Feb 2016 12:22:25 PM IST
Build Host  : x86-036.build.eng.bos.redhat.com
Relocations : (not relocatable)
Packager    : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla>
Vendor      : Red Hat, Inc.
URL         : http://www.adelton.com/apache/mod_lookup_identity/
Summary     : Apache module to retrieve additional information about the authenticated user
Description :
mod_lookup_identity can retrieve additional pieces of information
about user authenticated in Apache httpd server and store these values
in notes/environment variables to be consumed by web applications.
Use of REMOTE_USER_* environment variables is recommended.
[root@dhcp207-129 ~]#
Comment 5 errata-xmlrpc 2016-11-04 01:38:19 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHEA-2016-2252.html