locked
How to send logged on username in ADFS-trunk or any claims value as header to backend application? RRS feed

  • Question

  • Hi,

    I have a trusting backend application published via a ADFS-trunk that uses a http header value to indentify the user and i'm trying to create in appwrap so that UAG automatically takes the username of the logged on user an send it as header app-user="username".

    When i log on to the ADFS-trunk and look at the parameters of the logged in user in UAG Web Monitor i find a "claims_user_name" with my users name as value. Does anyone know how to get that variable into the "add header"-syntax in appwrap?

    This is the code used to create the header in appwrap.

    <APPLICATION>
    		<APPLICATION_TYPE>headerapp</APPLICATION_TYPE>
    		<URL>
    			<URL_NAME>.*</URL_NAME>
    			<ADD>
    				<HEADER>
    					<NAME>app-user</NAME>
    					<VALUE encoding="" using_variables="true">claims_user_name</VALUE>
    				</HEADER>
    			</ADD>
    		</URL>
    
    </APPLICATION>
    

    Of course I'm open to other ideas to how to solve this :)

    I have created the same scenario within an AD authenticated trunk and it works fine. But in that scenario i used postpostvalidate.asp to set the value of variable "Hybrid_WhlStatusFlagX" with Session("User_Name1") and then used "Hybrid_WhlStatusFlagX" as variable for the header.

    Hope anyone has any hints on this.

    Edit: To make this thread a bit more interesting and hopefuly provide a more generic solution I'd like to add/rephrase the question. Can the above problem be solved by using the values from the claim provided by the user and populate the header value?

    Thanks in advance!

    /Joakim


    Friday, November 25, 2011 3:51 PM

All replies

  • I'm having the exact same problem.  I've tried this with both "Hybrid_WhlStatusFlagY" method and adding claims_user_name directly as above.   I can see the correctly populated session variable in Web Monitor, but the application always reads it as "TRUE."  If I send a standard variable like "Hybrid_WhlStatusFlagP" it works fine.  I know it's been a year without a response to this but, anyone?


    Peter

    Monday, November 19, 2012 8:08 PM
  • I've also run into the exact problem  and I'm pretty much stuck with this issue.

    Based on what I can see in the web-monitor, UAG sessions are initialized before the actual ADFS authentication. I think that AppWrap gets the necessary session parameters right at the beginning of the session, and any parameter modifications that happen afterwards (such as those from  the PostPostValidation.inc) are not taken into account.

     

    If only it were possible to force the AppWrap to reset itself from the PostPostValidate script…

     

    As a worst case scenario using a HTTPModule on the Trunk sites in IIS could be a solution…but I'm not sure if that's supported.

    Wednesday, December 19, 2012 10:52 AM