I am using PingFederate Apache (Linux) Integration Kit 3.2 to authenticate my application . The application is running, and PingFederate is able set the headers as well as environment variables but changes made to the HTTP headers by PingFederate are ignored by Apache. Below is an excerpt of my apache error log
[Thu Aug 31 07:16:35.836754 2017] [:info] [pid 28376] Exposing of session information is enabled for all requests within a session
[Thu Aug 31 07:16:35.836757 2017] [:info] [pid 28376] Exposing session information into the environment variables and HTTP headers...
[Thu Aug 31 07:16:35.836763 2017] [:info] [pid 28376] Setting environment variable: PF_AUTH_UID = .....
[Thu Aug 31 07:16:35.836766 2017] [:info] [pid 28376] Setting the request HTTP header: PF_AUTH_UID = ....
[Thu Aug 31 07:16:35.836769 2017] [:info] [pid 28376] Setting environment variable: PF_AUTH_SN = ...
[Thu Aug 31 07:16:35.836772 2017] [:info] [pid 28376] Setting the request HTTP header: PF_AUTH_SN = ...
....
....
[Thu Aug 31 07:16:35.836837 2017] [:info] [pid 28376] Total environment variables added: 12
[Thu Aug 31 07:16:35.836839 2017] [:info] [pid 28376] Total HTTP request headers added: 12
[Thu Aug 31 07:16:35.836842 2017] [:info] [pid 28376] Releasing the dynamically allocated payload...
[Thu Aug 31 07:16:35.836844 2017] [:info] [pid 28376] Granting access to the requested resource
[Thu Aug 31 07:16:35.836846 2017] [:info] [pid 28376] Returning DECLINED to let Apache take its default actions for the modified request
[Thu Aug 31 07:16:35.836849 2017] [:info] [pid 28376] Exiting the Content handler
[Thu Aug 31 07:16:35.836851 2017] [:info] [pid 28376] Returning HTTP code -1 (DECLINED)
The following are some of the configuration for my mod_pf.conf:
PingFederateFilter /.*
PingFederateFilter /cgi-bin/.*
PingFederateExposeSessionAttributesToEnvironmentVariables yes
PingFederateExposeSessionAttributesToHttpHeaders yes
PingFederateAuthnPrefix PF_AUTH_
Below are snippet of my Apache configuration (httpd.conf)
LoadModule access_compat_module modules/mod_access_compat.so
LoadFile modules/libopentoken.so
LoadModule pf_module modules/mod_pf.so
PingFederateConfigurationFile conf/mod_pf.conf
<Directory "/var/www/cgi-bin">
Order deny,allow
Deny from all
AuthType PFApacheAgent
Allow from all
Require valid-user
</Directory>
Apache version is Apache/2.4.6 (CentOS)
There is a line in mod_pf "PingFederateStartPageUrl /.cmd=PingStartPage." Enable this line and enter the following URL in the browser. It will show the Headers being sent to Apache by PingFederate. If you are not able to see any HTTP Headers, then PingFederate is not sending the attributes.
URL is "https://yourapachehost:apacheport/protectedresource/?cmd=PingStartPage."