I have been reading a fair amount of details surrounding BOE 4 and authentication. What I would like to acheive is the following scenario:
Apache frontend / reverse proxy
BOE 4 (running on Tomcat 6) as the backend.
I would like the frontend apache to handle the authentication, and the backend to trust it.
Is this possible?
The reading I have done leads me to looking at trusted.auth.user.retrieval=REMOTE_USER
I'm not sure if this is the right direction or not.
So, I expanded on it a little by creating a secret key.
I set global.properties to:
But, standalone that did not seem to pass authentication through to the application (at least not the launchpad)
Thanks for any input!