How To
ForgeRock Identity Platform
Does not apply to Identity Cloud

How do I capture HTTP headers set by Web Agents (All versions) in Apache HTTP server using a Perl script?

Last updated Sep 22, 2021

The purpose of this article is to guide you through creating and executing a Perl® script that will capture user profile attributes set in HTTP headers by Apache™ Web Agents.

2 readers recommend this article

Configuring the Web agent to publish User profile attributes

You can configure user profile attributes to be set as HTTP headers, such as 'name', 'mail' etc. See Attribute Processing for further information.

Creating a Perl script to capture HTTP headers in the Apache HTTP server

  1. Enable the CGI module in the Apache HTTP server. Instructions are available here.
  2. Update the main server configuration file as follows to allow the Apache HTTP server to execute Perl scripts:  <Directory /var/www/>         Options Indexes FollowSymLinks         Options +ExecCGI         AddHandler cgi-script .cgi .pl         AllowOverride None         Require all granted </Directory>
  3. Add the following Perl script ( to the required site: #!/usr/bin/perl print "Content-type: text/html\n\n"; print "HTTP Header: \n"; print "\n"; for (sort(keys(%ENV))) {   print "$_ = $ENV{$_}<br>\n"; }
  4. Restart the Apache HTTP server.
  5. Update your AM policies to allow user access to the Perl script you created: http://<HTTPServerIP:HTTPServerPort>/
  6. Navigate to your Perl script: http://<HTTPServerIP:HTTPServerPort>/ After successful authentication, the HTTP headers will be displayed, for example: HTTP Header: AUTH_TYPE = OpenAM CONTEXT_DOCUMENT_ROOT = /var/www/html CONTEXT_PREFIX = DOCUMENT_ROOT = /var/www/html GATEWAY_INTERFACE = CGI/1.1 HTTP_ACCEPT = text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 HTTP_ACCEPT_ENCODING = gzip, deflate HTTP_ACCEPT_LANGUAGE = en-US,en;q=0.5 HTTP_CONNECTION = keep-alive HTTP_COOKIE = amlbcookie=01; iPlanetDirectoryPro=AQIC5wM2LY4SfcyL0lPgoiFi2wGeyg4Kw_xuyekSlb1_YX0.*AAJTSQACMDIAAlNLABQtNzMxNDgyNjAxNjIyNTI5OTM1MQACUzEAAjAx* HTTP_EMAIL = HTTP_HOST = HTTP_NAME = user1 HTTP_REFERER = HTTP_USER_AGENT = Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:44.0) Gecko/20100101 Firefox/44.0 PATH = /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin QUERY_STRING = REMOTE_ADDR = REMOTE_PORT = 55212 REMOTE_USER = user1 REQUEST_METHOD = GET REQUEST_SCHEME = http REQUEST_URI = / SCRIPT_FILENAME = /var/www/html/ SCRIPT_NAME = / SERVER_ADDR = SERVER_ADMIN = webmaster@localhost SERVER_NAME = SERVER_PORT = 8000 SERVER_PROTOCOL = HTTP/1.1 SERVER_SIGNATURE = Apache/2.4.7 (Ubuntu) Server at Port 8000 SERVER_SOFTWARE = Apache/2.4.7 (Ubuntu)

These HTTP headers can't be captured by tools like LiveHTTP headers, SAML tracer etc as they are not visible in the user's browser. HTTP headers are injected by the agent just before redirecting the user to the requested resource. This is explained in more detail in FAQ: Configuring Agents in Identity Cloud and AM (Q. Why can't I see the http_header attributes in the browser?).

See Also

FAQ: Configuring Agents in Identity Cloud and AM

Agents and policies in AM

Apache Tutorial: Dynamic Content with CGI

Related Training


Related Issue Tracker IDs


Copyright and Trademarks Copyright © 2021 ForgeRock, all rights reserved.