Refining SSO

2025-01-14 13:43:22 +01:00 · 2025-01-14 13:43:22 +01:00 · 012331604f
commit 012331604f
parent 5f0e27f95c
3 changed files with 8 additions and 2 deletions
--- a/global/overlay/etc/puppet/cosmos-rules.yaml
+++ b/global/overlay/etc/puppet/cosmos-rules.yaml
@ -98,4 +98,5 @@ zammad-test.cert.sunet.se:
    groups:
      - 'sunet-cert'
    entityID: 'https://test-sso-proxy.cert.sunet.se/idp'
-    remote_user: true
+    user_header: 'Remote-User'
+    single_user: true
--- a/global/overlay/etc/puppet/modules/soc/manifests/sso.pp
+++ b/global/overlay/etc/puppet/modules/soc/manifests/sso.pp
@ -39,6 +39,7 @@ class soc::sso(
  Array             $passthrough        = [],
  Boolean           $x_remote_user      = false,
  Boolean           $remote_user        = false,
+  String            $user_header        = undef,
  Boolean           $unset_auth_header  = false,
  Boolean           $single_user        = false,
  Boolean           $satosa             = true,
--- a/global/overlay/etc/puppet/modules/soc/templates/sso/apache-site.conf.erb
+++ b/global/overlay/etc/puppet/modules/soc/templates/sso/apache-site.conf.erb
@ -38,7 +38,11 @@
        AuthType shibboleth
        ShibRequestSetting requireSession On

-        <%- if @x_remote_user -%>
+        <%- if @user_header && !@single_user -%>
+        RequestHeader set @user_header %{REMOTE_USER}s
+        <%- elsif @user_header && $single_user -%>
+        RequestHeader set @user_header soc-user
+        <%- elsif @x_remote_user -%>
        RequestHeader set X-Remote-User %{REMOTE_USER}s
        <%- elsif @remote_user -%>
        RequestHeader set Remote-User %{REMOTE_USER}s