diff --git a/src/roles/httpd/templates/external_auth.conf.j2 b/src/roles/httpd/templates/external_auth.conf.j2 index 05e1d7d25..f181de2f4 100644 --- a/src/roles/httpd/templates/external_auth.conf.j2 +++ b/src/roles/httpd/templates/external_auth.conf.j2 @@ -15,11 +15,11 @@ LookupUserGroupsIter REMOTE_USER_GROUP # Set headers for proxy requests - RequestHeader set REMOTE_USER %{REMOTE_USER}e - RequestHeader set REMOTE_USER_EMAIL %{REMOTE_USER_EMAIL}e - RequestHeader set REMOTE_USER_FIRSTNAME %{REMOTE_USER_FIRSTNAME}e - RequestHeader set REMOTE_USER_LASTNAME %{REMOTE_USER_LASTNAME}e - RequestHeader set REMOTE_USER_GROUPS %{REMOTE_USER_GROUPS}e + RequestHeader set REMOTE-USER %{REMOTE_USER}e + RequestHeader set REMOTE-USER-EMAIL %{REMOTE_USER_EMAIL}e + RequestHeader set REMOTE-USER-FIRSTNAME %{REMOTE_USER_FIRSTNAME}e + RequestHeader set REMOTE-USER-LASTNAME %{REMOTE_USER_LASTNAME}e + RequestHeader set REMOTE-USER-GROUPS %{REMOTE_USER_GROUPS}e # GSSAPI/Kerberos authentication for web UI diff --git a/src/roles/httpd/templates/foreman-ssl-vhost.conf.j2 b/src/roles/httpd/templates/foreman-ssl-vhost.conf.j2 index 3807529f0..af895755b 100644 --- a/src/roles/httpd/templates/foreman-ssl-vhost.conf.j2 +++ b/src/roles/httpd/templates/foreman-ssl-vhost.conf.j2 @@ -11,10 +11,10 @@ ## Request header rules ## as per http://httpd.apache.org/docs/2.4/mod/mod_headers.html#requestheader - RequestHeader set X_FORWARDED_PROTO "https" - RequestHeader set SSL_CLIENT_S_DN "%{SSL_CLIENT_S_DN}s" - RequestHeader set SSL_CLIENT_CERT "%{SSL_CLIENT_CERT}s" - RequestHeader set SSL_CLIENT_VERIFY "%{SSL_CLIENT_VERIFY}s" + RequestHeader set X-FORWARDED-PROTO "https" + RequestHeader set SSL-CLIENT-S-DN "%{SSL_CLIENT_S_DN}s" + RequestHeader set SSL-CLIENT-CERT "%{SSL_CLIENT_CERT}s" + RequestHeader set SSL-CLIENT-VERIFY "%{SSL_CLIENT_VERIFY}s" RequestHeader unset REMOTE-USER RequestHeader unset REMOTE_USER RequestHeader unset REMOTE-USER-EMAIL diff --git a/tests/httpd_test.py b/tests/httpd_test.py index e01ea7d6e..77c6efda7 100644 --- a/tests/httpd_test.py +++ b/tests/httpd_test.py @@ -87,3 +87,7 @@ def test_https_foreman_login(server, certificates, server_fqdn): cmd = server.run(f"{CURL_CMD} --cacert {certificates['server_ca_certificate']} --write-out '%{{http_code}}' https://{server_fqdn}/users/login") assert cmd.succeeded assert cmd.stdout == '200' + +def test_httpd_headers_use_dashes(server): + cmd = server.run("grep -rPn 'RequestHeader\\s+set\\s+\\S*_\\S*\\s' /etc/httpd/conf.d/foreman.conf /etc/httpd/conf.d/foreman-ssl.conf /etc/httpd/conf.d/05-foreman.d/ /etc/httpd/conf.d/05-foreman-ssl.d/ 2>/dev/null") + assert cmd.stdout.strip() == '', f"HTTP header names should use dashes, not underscores:\n{cmd.stdout}"