Setting values for authenticated users
Centrify for Apache uses the following environment variables or HTTP header names to set values for authenticated user information.
Note: Use the SetAuthUserInfo directive to specify whether to set authenticated user information in HTTP headers or in environment variables.
This environment variable or HTTP header name | Is set to |
REQUEST_AUTH_METHOD |
The types of authentication to enable. The valid types are: The types are not mutually exclusive so more than one type may be enabled. For example: REQUEST_AUTH_METHOD=basic, |
IDENTITY |
The Universal Principal Name (UPN) of the authenticated user. For example: IDENTITY=john.doe@acme.com |
IDENTITY_TYPE |
The type of the identity claim provided by the IDENTITY variable. For authenticated user information, the only valid identity type is UPN. For example: IDENTITY_TYPE=UPN |
REMOTE_USERNAME |
The authenticated user’s samAccountName from Active Directory. The samAccountName supports pre‑Windows 2000 logon names. For example: REMOTE_USERNAME=ACME\john.doe |
REMOTE_UPN |
The Universal Principal Name (UPN) of the authenticated user. For example: IDENTITY=john.doe@acme.com |
CUSTOM_ATTR_attr-name |
The value of the user's LDAP attr-name attribute if non-empty. You can configure the LDAP attributes to fetch for the user by using the CustomAttributes directive. |