Bug 1303313 - Rebase mod_lookup_identity to 0.9.5 to get the LookupOutput headers and headers-base64 functionality
Summary: Rebase mod_lookup_identity to 0.9.5 to get the LookupOutput headers and heade...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: mod_lookup_identity
Version: 7.3
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: Jan Pazdziora
QA Contact: Namita Soman
URL:
Whiteboard:
Depends On:
Blocks: 1296125 1313485
TreeView+ depends on / blocked
 
Reported: 2016-01-30 17:24 UTC by Jan Pazdziora
Modified: 2016-11-04 01:38 UTC (History)
3 users (show)

Fixed In Version: mod_lookup_identity-0.9.5-1.el7
Doc Type: Rebase: Bug Fixes and Enhancements
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-11-04 01:38:19 UTC
Target Upstream Version:

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHEA-2016:2252 0 normal SHIPPED_LIVE mod_lookup_identity bug fix update 2016-11-03 13:31:09 UTC

Description Jan Pazdziora 2016-01-30 17:24:21 UTC 
Description of problem:

The mod_lookup_identity 0.9.4 added support for LookupOutput headers and LookupOutput headers-base64 that make it possible to populate multiple HTTP headers of the requests with attributes of the authenticated user, including their group membership. That simplifies the deployments with layered products where HTTP proxies are used in front of applications -- separate HTTP headers, and/or the ability to Base64-encode the values, makes it easier to pass the information in safe manner.

The version 0.9.5 is then compatibility release for Apache 2.2 which is not needed for RHEL 7 but would be nice to have to match upstream.

Version-Release number of selected component (if applicable):

0.9.3

How reproducible:

Deterministic.

Steps to Reproduce:
1. Use HTTP authenticating proxy and try to populate REMOTE_USER_GROUP_N, REMOTE_USER_GROUP_1, ... values.

Actual results:

Not possible with 0.9.3 unless you want to limit the number of groups handled.

Expected results:

LookupOutput headers (or headers-base64) makes it possible and easy.

Additional info:
Comment 3 Kaleem 2016-09-19 08:52:25 UTC 
[root@dhcp207-129 ~]# rpm -qi mod_lookup_identity
Name        : mod_lookup_identity
Version     : 0.9.5
Release     : 1.el7
Architecture: x86_64
Install Date: Mon 19 Sep 2016 02:21:12 PM IST
Group       : System Environment/Daemons
Size        : 49646
License     : ASL 2.0
Signature   : RSA/SHA256, Wed 27 Jul 2016 08:49:37 PM IST, Key ID 938a80caf21541eb
Source RPM  : mod_lookup_identity-0.9.5-1.el7.src.rpm
Build Date  : Wed 24 Feb 2016 12:22:25 PM IST
Build Host  : x86-036.build.eng.bos.redhat.com
Relocations : (not relocatable)
Packager    : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla>
Vendor      : Red Hat, Inc.
URL         : http://www.adelton.com/apache/mod_lookup_identity/
Summary     : Apache module to retrieve additional information about the authenticated user
Description :
mod_lookup_identity can retrieve additional pieces of information
about user authenticated in Apache httpd server and store these values
in notes/environment variables to be consumed by web applications.
Use of REMOTE_USER_* environment variables is recommended.
[root@dhcp207-129 ~]#
Comment 5 errata-xmlrpc 2016-11-04 01:38:19 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHEA-2016-2252.html
Note You need to log in before you can comment on or make changes to this bug.