Windows Domain Authentication with Apache+Mongrel

eabhvee · March 3, 2008, 11:46am

Hi All,

I am running a rails application in my laptop which is connected to the
corporate intranet. I am using Apache 2.2.4 with Mongrel proxying. I
want to authenticate the corporate intranet users using Windows
Authentication. This is working fine with mod_sspi but I cant retrieve
the username in rails. Its not available in REMOTE_USER or
X_FORWARDED_USER. I have used the rewrite rule to add this information
in the request header but with no success. When I set the request header
like this for testing purpose,
RequestHeader add X-FORWARDED-User “testuser”

its working fine and I can see the username but when I use this rewrite
rule
RewriteEngine On
RewriteCond %{LA-U:REMOTE_USER} (.+)
RewriteRule . -[E=RU:%1]
RequestHeader add X-FORWARDED-User %{RU}e
all I get in HTTP_X_FORWARDED_USER is (null).
I know this issue has been discussed a lot and I can see people saying
its working for them but I cant get this working. My Apache
configuration for proxying is:-
#########################################################
ProxyRequests Off
<Proxy *>
Order deny,allow
Allow from all
RewriteEngine On
RewriteCond %{LA-U:REMOTE_USER} (.+)
RewriteRule . -[E=RU:%1]
RequestHeader add X-FORWARDED-User %{RU}e

Alias /rca “c:/IIS/rca/public”

<Directory “C:/IIS/rca/public”>
Options Indexes FollowSymLinks
AllowOverride none
Order allow,deny
Allow from all

ProxyPass /rca/images !
ProxyPass /rca/stylesheets !
ProxyPass /rca/javascripts !
ProxyPass /rca/ http://127.0.0.1:4000/
ProxyPass /rca http://127.0.0.1:4000/
ProxyPassReverse /rca/ http://127.0.0.1:4000/
############################################################

Here is the list of enviornment variables printed in rails.
##############################################################
SERVER_NAME 127.0.0.1
HTTP_MAX_FORWARDS 10
PATH_INFO
HTTP_X_FORWARDED_HOST localhost
HTTP_ACCEPT_ENCODING gzip,deflate
HTTP_USER_AGENT Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US;
rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6
SCRIPT_NAME /
SERVER_PROTOCOL HTTP/1.1
HTTP_ACCEPT_LANGUAGE en-us,en;q=0.5
HTTP_HOST 127.0.0.1:4000
REMOTE_ADDR 127.0.0.1
SERVER_SOFTWARE Mongrel 1.1.3
REQUEST_PATH
HTTP_X_FORWARDED_USER (null)
HTTP_ACCEPT_CHARSET ISO-8859-1,utf-8;q=0.7,;q=0.7
HTTP_VERSION HTTP/1.1
HTTP_X_FORWARDED_SERVER E001B784E228A
REQUEST_URI /
SERVER_PORT 4000
GATEWAY_INTERFACE CGI/1.2
HTTP_X_FORWARDED_FOR 0.0.0.0
HTTP_ACCEPT text/xml,application/xml,
application/xhtml+xml,
text/html;q=0.9,
text/plain;q=0.8,image/png,/*;q=0.5
HTTP_CONNECTION Keep-Alive
REQUEST_METHOD GET
###########################################################

Any help is appreciated.

Regards,
Abhi