Add setting to disable copying variables as headers

nginx-shib / nginx-http-shibboleth

Shibboleth auth request module for nginx

https://github.com/nginx-shib/nginx-http-shibboleth/wiki

Other

209 stars 27 forks source link

Add setting to disable copying variables as headers #11

Closed davidjb closed 8 years ago

davidjb commented 8 years ago

mod_shib for Apache has ShibUserHeaders to control whether attributes get passed as headers to the backend, and we should aim for a similar toggle. Without automatically copying headers, it's possible and more secure (see README) to copy attributes from the auth request into the backend's environment -- but it currently requires manual handling in the user's config.

FYI: https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPApacheConfig

davidjb commented 8 years ago

Implemented in develop; added in ade5cfd.