RemoteAuthFieldName and HTTP Headers

Print Friendly and PDF Follow

ILLiad previously used the name ILLiadFieldName as it was entered in HTTP HEADERS; however, as of v9.1 ILLiad now uses the name in the HTTP HEADERS (RAW). The ILLiad 9.1 update script will copy the value from the RemoteAuthUserVariable customization key, strip the initial "HTTP_prefix, and place it in the new RemoteAuthValidations table.

When setting up RemoteAuth new, the value for the username should be identified by the corresponding header value in the HTTP Headers (RAW) section of getbuildinfo shown in GetBuildInfo. This is typically the HTTP header value without the "HTTP_"prefix.

The GetBuildInfoShowDetailed Customization Key controls whether HTTP Headers and Server Variables are displayed when using the GetBuildInfo in the Web DLL. If set to Yes, the HTTP headers will display once and then toggle to change the key's value to no. Note: This is a system-level setting and should not be changed by sites unless actively troubleshooting or working with support on the header values.

Go to https://site.illiad.atlas-sys.com/illiad/illiad.dll?getbuildinfo to locate the HTTP Headers (RAW), then locate the ILLiadFieldName. Replace site with your site name. See example below:

Example

Tip: Use illiad.dll?getbuildinfo to confirm which HTTP Headers are being sent to ILLiad for determining the RemoteAuthFieldNames. 

Below, the username being imported is jsmith12345. This is shown in the HTTP_HTTP_EZILL_VALUE under HTTP Headers and HTTP_EZILL_VALUE from GetBuildInfo. The mapping should be added to the RemoteAuthValidation table using the HTTP_EZILL_VALUE as shown under HTTP Headers (RAW).

ILLiad DLL
Version 9.1.0.0 

Log Settings
Info:  On
Warn:  On
Debug: Off

HTTP Headers

HTTP_CONNECTION:keep-alive
HTTP_ACCEPT:text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
HTTP_ACCEPT_ENCODING:gzip, deflate
HTTP_ACCEPT_LANGUAGE:en-US,en;q=0.9
HTTP_HOST:illiad.library.edu
HTTP_USER_AGENT:Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36
HTTP_HTTP_EZILL_VALUE:jsmith12345


HTTP Headers (RAW)

 Connection: keep-alive
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Host: illiad.library.edu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36
HTTP_EZILL_VALUE: jsmith12345
 

Using Server Variables Instead of HTTP Headers

Shibboleth attribute IDs must be written using all uppercase letters in attribute-map.xml for the associated variable to pass through to the ILLiad DLL.

Since it's more secure to retrieve the web request's special fields from the IIS server variables than from the HTTP headers, as of ILLiad v9.1.2, by default ILLiad will now only consider server variables when retrieving the values of RemoteFieldName from the RemoteAuthValidation table. Legacy behavior is still supported, where ILLiad will consider both server variables and HTTP headers when mapping RemoteAuth fields. The UseLegacyRemoteAuthHandling Customization key was added to retrieve RemoteAuth fields from HTTP headers and server variables in support of the legacy behavior. This key is set to No for new installations but will be set to Yes by default for all sites upgrading to v9.1.2, in order to not break existing RemoteAuth configurations.   

Questions?

If this article didn’t resolve your issue, please contact Atlas Support for assistance:

Contact Support