Praise Google!

After literally hours of scouring the web trying to find a solution to a SIMPLE problem, I finally came across it.

What's the problem you ask? Well, I have a Mongrel application server running a Rails application. We're authenticating to this application using mod_auth_sspi in Apache. This is fine, but it doesn't permit the application to know who is on the other end (and we can't rely on the Authorization header). So finally, I googled the right thing, and came up with this post on CRAZ8 that they implemented as a plugin. Here's the bit I care about:

1
2
3
4
RewriteEngine On
RewriteCond %{LA-U:REMOTE_USER} (.+)
RewriteRule .* - [E=RU:%1]
RequestHeader add REMOTE_USER %{RU}e

To quote CRAZ8:

Here's what this Rewrite-fu does:

Line 2: Use lookahead access to get REMOTE_USER set by authentication module
Line 3: Transfer the results of line 2 into an environment variable called RU
Line 4: Set a Request header to the environment variable from line 3.