From d0c9ad92c9199a2c865588604647d77a0af97d25 Mon Sep 17 00:00:00 2001 From: Javier Eguiluz Date: Fri, 1 Apr 2016 15:44:11 +0200 Subject: [PATCH 1/2] Added a caution note about REMOTE_USER and user impersonation --- cookbook/security/pre_authenticated.rst | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/cookbook/security/pre_authenticated.rst b/cookbook/security/pre_authenticated.rst index e3501c54884..eaf6cef0ad6 100644 --- a/cookbook/security/pre_authenticated.rst +++ b/cookbook/security/pre_authenticated.rst @@ -151,3 +151,10 @@ key in the ``remote_user`` firewall configuration. Just like for X509 authentication, you will need to configure a "user provider". See :ref:`the previous note ` for more information. + +.. caution:: + + :doc:`User impersonation ` is not + compatible with ``REMOTE_USER`` based authentication. The reason is that + impersonation requires the authentication state to be maintained server-side + but ``REMOTE_USER`` information is sent by the browser in each request. From fbcfbb42c138ead0bc449c89b159d15732f96085 Mon Sep 17 00:00:00 2001 From: Javier Eguiluz Date: Fri, 1 Apr 2016 15:49:47 +0200 Subject: [PATCH 2/2] Fixed a path --- cookbook/security/pre_authenticated.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cookbook/security/pre_authenticated.rst b/cookbook/security/pre_authenticated.rst index eaf6cef0ad6..2d8e6202528 100644 --- a/cookbook/security/pre_authenticated.rst +++ b/cookbook/security/pre_authenticated.rst @@ -154,7 +154,7 @@ key in the ``remote_user`` firewall configuration. .. caution:: - :doc:`User impersonation ` is not + :doc:`User impersonation ` is not compatible with ``REMOTE_USER`` based authentication. The reason is that impersonation requires the authentication state to be maintained server-side but ``REMOTE_USER`` information is sent by the browser in each request.