Details
-
Type:
Bug
-
Status: Closed
-
Priority:
Major
-
Resolution: Fixed
-
Component/s: core
-
Labels:None
-
Environment:centos5 apache2
Description
When configuring apache as the handler for auth all of hudson is secured but it has no knowledge of the user itself. Users gathered from SVN checkouts are recognized but non-automatic builds are just ran by "anonymous"
I originally reported this here http://hudson.361315.n4.nabble.com/Using-apache-auth-and-removing-the-anonymous-user-td3025691.html#a3025691
I completely agree with Dominic's suggestion, so I'm pasting it without modifications here:
"""
I think it would be great if there were an option in hudson that let us specify a http header name that hudson would use as user name.
At the moment we have to use tomcat to solve this problem.
But if hudson had this option we could run hudson on its own and still use apache authentication.
For most people/configurations the http header name would be REMOTE_USER but I have seen apache configurations where X_REMOTE_USER or similar had been used so it should be configurable.
"""
For debugging purposed this is my apache config.
ProxyRequests Off
ProxyPreserveHost On
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/
ProxyPassReverse / http://my.domain.name.com:8080/
<Location />
AuthName "Just some Realm"
AuthType Basic
AuthUserFile /etc/httpd/conf.d/.htpasswd-hudson
Require valid-user
</Location>
The above config is based on mod_proxy with HTTPS and it is running of port 443
Activity
Implemented as a plugin: http://wiki.jenkins-ci.org/display/JENKINS/Reverse+Proxy+Auth+Plugin
I just tested this today and It worked without problems. I'm going to add a couple of tips to the wiki as I had some apache issues.
Note that "REMOTE_USER" is an environment variable for CGI, and not automatically gets pased in the reverse proxy scenario. You must be doing something extra to make that work. What is it?