Page History
...
The following tells Apache to proxy all calls to a URL starting with "shrine-api" to http://127.0.0.1:8080/shrine-api/. Therefore we need to set up Tomcat to listen for HTTP traffic on port 8080 (see Tomcat Configuration below)
#### serve content from Tomcat
ProxyPassReverse "/shrine-api/" "http://127.0.0.1:8080/shrine-api/"
ProxyPass "/shrine-api/" "http://127.0.0.1:8080/shrine-api/"
...
The following tells Shibboleth to make the attributes it collects from the idP available as request headers in Apache. This is the opposite of what is recommended, i.e. the Shibboleth documentation says that ideally ShibUseEnvironment should be On and ShibUseHeaders should be Off. However the recommended setup requires proxying to Tomcat using the AJP protocol, which we are not using because it is being phased out of Tomcat (so we are proxying using the HTTP protocol).
...
Also, see https://shibboleth.atlassian.net/wiki/spaces/SHIB2/pages/2577072327/NativeSPApacheConfig
...
.
ShibUseEnvironment Off
ShibUseHeaders On
</LocationMatch>
...
Overview
Content Tools