Setting values for authenticated users

Centrify for Apache uses the following environment variables or HTTP header names to set values for authenticated user information.

Note:   Use the SetAuthUserInfo directive to specify whether to set authenticated user information in HTTP headers or in environment variables.

This environment variable or HTTP header name Is set to
REQUEST_AUTH_METHOD

The types of authentication to enable. The valid types are:

  • Basic
  • Kerberos
  • NTLM
  • PAM
  • ADFS (Active Directory Federation Services - not described in this book.)

The types are not mutually exclusive so more than one type may be enabled. For example:

REQUEST_AUTH_METHOD=basic,
kerberos,Ntlm
IDENTITY

The Universal Principal Name (UPN) of the authenticated user. For example:

IDENTITY=john.doe@acme.com
IDENTITY_TYPE

The type of the identity claim provided by the IDENTITY variable. For authenticated user information, the only valid identity type is UPN. For example:

IDENTITY_TYPE=UPN 
REMOTE_USERNAME

The authenticated user’s samAccountName from Active Directory. The samAccountName supports pre‑Windows 2000 logon names. For example:

REMOTE_USERNAME=ACME\john.doe 
REMOTE_UPN

The Universal Principal Name (UPN) of the authenticated user. For example:

IDENTITY=john.doe@acme.com 
CUSTOM_ATTR_attr-name
 
 

The value of the user's LDAP attr-name attribute if non-empty.

You can configure the LDAP attributes to fetch for the user by using the CustomAttributes directive.