Apache not logging remote user for PHP files protected byShibboleth

Apache not logging remote user for PHP files protected byShibboleth

am 03.03.2010 19:44:36 von Svend Sorensen

(I posted this to the shibboleth-users list, but I haven't found a
solution yet.)

I have a directory protected with Shibboleth on an Apache 2 server.
Everything works as expected except the Apache logging. When I request
a PHP file, I am forced to log in, but the remote user (%u) shows up as
"-" in the Apache logs. PHP sees the correct value for REMOTE_USER.

When I request an HTML file, my Shibboleth ID shows up in the Apache
logs.

The .htaccess file protecting the directory is:

AuthType shibboleth
ShibRequireSession On
Require valid-user

The test PHP file which prints the correct remote user name is



Here is an edited version of what is logged:

XXX.XXX.XXX.XXX - - [02/Mar/2010:11:11:56] "GET /shib/test.php HTTP/1.1" 200 31 "-" ...
XXX.XXX.XXX.XXX - - [02/Mar/2010:11:11:56] "GET /favicon.ico HTTP/1.1" 200 - "https://example.com/shib/test.php" ...
XXX.XXX.XXX.XXX - myid@myidp [02/Mar/2010:11:11:59] "GET /shib/test.html HTTP/1.1" 200 32 "-" ...

Why isn't the remote user logged for PHP files?

------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: Apache not logging remote user for PHP files protected byShibboleth

am 03.03.2010 20:13:10 von Svend Sorensen

I think that this is caused by a bug in the version of PHP we are
running.

http://bugs.php.net/46005

On Wed, Mar 03, 2010 at 10:44:36AM -0800, Svend Sorensen wrote:
> (I posted this to the shibboleth-users list, but I haven't found a
> solution yet.)
>
> I have a directory protected with Shibboleth on an Apache 2 server.
> Everything works as expected except the Apache logging. When I request
> a PHP file, I am forced to log in, but the remote user (%u) shows up as
> "-" in the Apache logs. PHP sees the correct value for REMOTE_USER.
>
> When I request an HTML file, my Shibboleth ID shows up in the Apache
> logs.
>
> The .htaccess file protecting the directory is:
>
> AuthType shibboleth
> ShibRequireSession On
> Require valid-user
>
> The test PHP file which prints the correct remote user name is
>
>
>
> Here is an edited version of what is logged:
>
> XXX.XXX.XXX.XXX - - [02/Mar/2010:11:11:56] "GET /shib/test.php HTTP/1.1" 200 31 "-" ...
> XXX.XXX.XXX.XXX - - [02/Mar/2010:11:11:56] "GET /favicon.ico HTTP/1.1" 200 - "https://example.com/shib/test.php" ...
> XXX.XXX.XXX.XXX - myid@myidp [02/Mar/2010:11:11:59] "GET /shib/test.html HTTP/1.1" 200 32 "-" ...
>
> Why isn't the remote user logged for PHP files?

------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org