Refining SSO

global/overlay/etc/puppet/cosmos-rules.yaml

@@ -98,4 +98,5 @@ zammad-test.cert.sunet.se:
     groups:
       - 'sunet-cert'
     entityID: 'https://test-sso-proxy.cert.sunet.se/idp'
-    remote_user: true
+    user_header: 'Remote-User'
+    single_user: true

global/overlay/etc/puppet/modules/soc/manifests/sso.pp

@@ -39,6 +39,7 @@ class soc::sso(
   Array             $passthrough        = [],
   Boolean           $x_remote_user      = false,
   Boolean           $remote_user        = false,
+  String            $user_header        = undef,
   Boolean           $unset_auth_header  = false,
   Boolean           $single_user        = false,
   Boolean           $satosa             = true,

global/overlay/etc/puppet/modules/soc/templates/sso/apache-site.conf.erb

@@ -38,7 +38,11 @@
         AuthType shibboleth
         ShibRequestSetting requireSession On
 
-        <%- if @x_remote_user -%>
+        <%- if @user_header && !@single_user -%>
+        RequestHeader set @user_header %{REMOTE_USER}s
+        <%- elsif @user_header && $single_user -%>
+        RequestHeader set @user_header soc-user
+        <%- elsif @x_remote_user -%>
         RequestHeader set X-Remote-User %{REMOTE_USER}s
         <%- elsif @remote_user -%>
         RequestHeader set Remote-User %{REMOTE_USER}s