Sorry for the delay,
if the headers are not there on NaviServer when the request is received, it means they were not sent at all. First you should ensure that authentication was successful and headers were injected in the request. One idiom to check is this:
# Output HTTP request headers as string
set headers [ns_conn headers]
set output ""
foreach {key value} [ns_set array $headers] {
append output "$key = $value \n"
}
set output
See https://naviserver.sourceforge.io/n/naviserver/files/ns_set.html#1
I guess there are good reasons to perform this convoluted Nginx -> Apache -> NaviServer trick, but if the whole authentication could be done at the Nginx level, or the NaviServer level, things would be less complicated.
On LEARN, we had an experimental shibboleth implementation that we never released to the public. The problem is:
I currently do not have access to the code
it was never used in production, so it would not be "battle tested"
I can try harder to obtain the code that we had, if you are still interested, just keep in mind that you may have to work on it some more to get it working.
Ciao
Antonio
