Windows- and KerberosRemoteUserFilter ------------------------------------- The WindowsRemoteUserFilter and KerberosRemoteUserFilter are Servlet 2.3 Filters. They will install a servlet request wrapper to check if the authenticated username (REMOTE_USER) contains a special character which indicates that a domain-part has to be stripped out and to keep the username only: - WindowsRemoteUserFilter looks for a backslash (Windows domain\samaccountname) and if so remove the domain and keep uniquely the username. - KerberosRemoteUserFilter looks for an @ sign (username@REALM.XY) and keeps the username Request -> Filter -> Wrapper(Request) -> Servlet -> Response Install: Copy the JAR file remoteuserfilter.jar in your WebApplication container WEB-INF/lib directory. i.e. $TOMCAT_HOME/webapps/shibboleth/WEB-INF/lib Configure: Edit your WebApplication descriptor WEB-INF/web.xml and add and a elements for the filter you want. It's possible to chain the filters but in most cases this may make no sense at all. Be careful, the order of the in the web.xml file is important. The RemoteUserFilter definitions have to be stated after ShibCASFilter in the configuration file. i.e. $TOMCAT_HOME/webapps/shibboleth/WEB-INF/web.xml The WindowsRemoteUserFilter filters all request to /shibboleth/HS ... WindowsRemoteUserFilter ch.SWITCH.aai.filters.WindowsRemoteUserFilter ... WindowsRemoteUserFilter /HS/* ... ... ... ... ... KerberosRemoteUserFilter ch.SWITCH.aai.filters.KerberosRemoteUserFilter ... KerberosRemoteUserFilter /HS/* ... ... ... ... ___ $Id: INSTALL.txt,v 1.3 2005/02/04 16:46:24 schnell Exp $