RDWeb - SSO

Similar Messages

• RDP SSO?

  I need a little information regarding SSO in use with Remote Desktop services.
  In searching for RD Services SSO I get these articles about getting the RDWeb SSO and using SSO with RemoteApp. But there is never any mention of RDP itself.
  My people want to be able to load up MSTSC or an .rdp file, put in the server address and connect via RDP with no prompt for credentials.  I am not seeing anything on the web on how to do this.
  We are running Windows 2012 R2 RDS.

  Hi Thomas,
  Thank you for posting in Windows Server Forum.
  To take advantage of the new Web SSO feature, the client must be running Remote Desktop Connection (RDC) 8.1 for better feature and functionality.
  In order for Web SSO to work:
  a. The connection in RemoteApp and Desktop Connections must have an ID. By default, it is set to the Fully Qualified Domain Name (FQDN) of the RD Connection Broker server in case of RD Connection Broker mode. In RD Session mode, it is set to the FQDN of
  the RD Web Access server.
  b. RemoteApp programs must be digitally signed using a Server Authentication certificate [Secure Sockets Layer (SSL) certificate]. The certificate Enhanced Key Usage section must contain ‘Server Authentication (1.3.6.1.5.5.7.3.1)’. More details about the
  types of certificates used to digitally sign RemoteApp programs can be found here.
  c. Client operating systems must trust the certificate with which the RemoteApp programs are signed.
  In addition, need to add the server name under GPO setting “Allow delegating default credentials”. Please check
  this article
  for information. For mstsc to run without credential prompt, we can also edit the rdp file “PromptCredentialOnce:i:0” and see the result. 
  For more information you can refer below article.
  Step by Step Customizing RD Web Access 2012 R2 – Part 1
  Hope it helps!
  Thanks.
  Dharmesh Solanki

• ASA5510 Clientless VPN SSO RDWEB OWA CIFS

  Hi!
  I´m trying to use single sign on in clientless vpn portal. I have my bookmarks in place (rdweb/web servers and cifs share). I would like to just enter user/pass just one time (at the portal loginpage of asa5510). I use radius for my auth (radius auth running on a win2008r2 with nap policy). 
  I have seen on other posts that i should put &csco_sso=1parameter after the url string in bookmark settings but that doesnt work. I also tried the post settings CSCO_WEBVPN_USERNAME & CSCO_WEBVPN_PASSWORD
  Do i need to specify single signon server in Group policy i use for clientless vpn? In that case what should i specify?
  Servername: Just any name or the fqdn?
  Authentication type: I dont have any siteminder solution in place so my options are SAML POST
  Settings
  Assertion URL: ?
  Issuer: ?
  Cert:
  Do i need to set up a ADFS 2.0 role on my network to use SSO server feature at the asa5510?
  Regards,
  Fredrik

  A couple of updates:
  3. I added our nbns server to the Cisco config, and now clicking the Browse entire network button shows me the domain.  However, when I click on the domain, it says "Failed to retrieve servers".  A had a support tech look at this, and he said the config all looks fine, and he found a few other instances of this for other users.  He's investigating and will get back to me.
  4. This looks like it's possible through content-rewrite rules (http://www.cisco.com/c/en/us/td/docs/security/asa/asa84/asdm64/configuration_guide/asdm_64_config/vpn_clientless_ssl.html#wp2389515)  
  "By default, the security appliance rewrites, or transforms, all clientless traffic. You might not want some applications and web resources (for example, public websites) to go through the ASA. The ASA therefore lets you create rewrite rules that let users browse certain sites and applications without going through the ASA. This is similar to split-tunneling in an IPSec VPN connection."
  Whether this will work in combination with SSO is the question, but I'll play around and see what I find.  :-)

• How to make WinTPC a direct VDI w/2012 Server from login(SSO) Pooled VM Collection SOLVED !

  Pre-Reqs:
  WinTPC machines must be domain joined
  All VDI infrastructure is 2012(RD Web, CB, VH, GW) you might be able to use 2008R2 I did not use any so dunno..
  All certificates must be in place for SSO
  1. Setup 2012 VDI infrastructure to use SSO
  2.Set group policy applied to WinTPC machines OU to allow Credential Delegation see:
  http://blogs.msdn.com/b/rds/archive/2007/04/19/how-to-enable-single-sign-on-for-my-terminal-server-connections.aspx
  3. Steal the RDP file from RDWeb (do a view source to get the path to the RDP file then download it) place in a network location, we use a folder in netlogon. Alternatively you could create your own RDP file and include the loadbalanceinfo:s:tsv://VMResource.1.MYPOOLEDCOLLECTION_Name
  4. Use a GPO to set a Custom Interface on the WinTPC machines it should execute a powershell or vbscript that runs the .rdp file,  in our case we  use a logon script to copy a powershell script to the local machine, then use that
  as the custom interface, it loops watching for the mstsc process to end..when it does it logs the user off. (sample)
  #VDI-RDP.ps1
  & 'c:\windows\system32\mstsc.exe' c:\start\myrdpfile.rdp
  sleep -s 10
  while(get-process mstsc){sleep -s 10}
  logoff.exe
  Custom Interface GPO is here:
  User\Administrative Templates\System\Custom User Interface\
  "powershell.exe" -windowstyle hidden c:\start\vdirdp.ps1
  Voila !
  When domain users login to the WinTPC they get a VDI session only... once they close the session either by logging off or closing the RDP session.. they are logged off of the WinTPC machine
  MS really should document this somewhere.. not everyone wants to access VDI from  RDweb.... :(   nor do they wish to have to authenticate multiple times...
  Good luck with it !

  Thank you dear Steve for the detailed steps,
  I have an issue to set the RD Web Access for SSO.
  I followed below article without success and I saw your comment.
  http://www.anilerduran.com/index.php/2012/sso-single-sign-on-thoughts-on-rds-remote-desktop-services-2012/
  I am using RDS 2012 R2 environment.
  Could you please provide more steps on how to run SSO for the RD Web?:
  Point Number 2 is not clear.
   To turn on Windows Authentication:
                - uncomment <authentication mode="Windows"/> section
                - and comment out:
                1) <authentication mode="Forms"> section.
                2) <modules> and <security> sections in <system.webServer> section at the end of the file.
                3) Optional: Windows Authentication will work in https.  However, to turn off https, disable 'Require SSL' for both RDWeb and RDWeb/Pages VDIR.
                   Launch IIS Manager UI, click on RDWeb VDIR, double click on SSL Settings in the middle pane, uncheck 'Require SSL' and
                   click Apply in the top right in the right pane.  Repeat the steps for RDWeb/Pages VDIR.
  Kind regards,

• 2012 R2 RDS SSO with IE 8

  Hi,
  I am having some trouble getting SSO working on a thin client using IE 8, connecting to a 2012 R2 deployment via the RDWeb web access page.
  My scenario is thus:
  Connection broker with 2 session collections
  Gateway server for both internal and external access/policies
  Web access server to get a list of available collections/remote apps
  Deployment options are set to "Use credentials for remote computers"
  Thin clients running Windows embedded standard 09 with IE 8 and RDP version 6.1, supporting protocol 7.0
  What I have found, is that when I use a thin client running windows embedded standard 7 with IE 10, I am able to login to the RDWeb page, and the credentials I use to login, are passed to the remote desktop connection when I click on a connection. In this
  instance, the SSO works correctly, and I only need to enter the credentials once.
  With the WES 09 thin client however, I log in to the RDWeb page, and when clicking on the session collection I am prompted twice more for my credentials, meaning the SSO is not working.
  I have checked that the URL is in the intranet zone, and that "Automatic logon with current username and password" is checked, but this has not helped.
  Is anyone able to suggest things I can check, or do, to get this working?
  Thanks, Eds

  Hi Eds,
  Based on my research, to take advantage of the new Web SSO feature, the client must be running Remote Desktop Connection (RDC) 7.0.
  More information for you:
  Introducing Web Single Sign-On for RemoteApp and Desktop Connections
  http://blogs.msdn.com/b/rds/archive/2009/08/11/introducing-web-single-sign-on-for-remoteapp-and-desktop-connections.aspx
  Best Regards,
  Amy
  Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]
  Many thanks Amy,
  As I feared, these thin clients are not able to run that version of the client. I guess our users will have to live with this niggle until we can replace all our thin clients.
  Thanks, again,
  Eds

• Connection to Workgroup computer via RDWEB

  Hello,
  I have connection broker on WS2012 R2 and use this for connection via Internet Explorer (RDWEB) to some domain computers from Internet.
  Is possible connect via RDWEB to standalone/nondomain (Workgroup) computers when this computers is in the same IP subnet as domain computers ?
  If yes, how configuration change on connection broker is necessary ?
  Thanks,
  Snake AG

  Hi,
  For accessing RD web (RemoteApp), you can try to enable RD Web access SSO and check the result. Here you can add the name of the server under “Allow delegating default credential” under credential delegation policy and also provide setting under RD gateway
  properties. Please refer below article for more information.
  Remote Desktop Web Access single sign-on now easier to enable in Windows Server 2012
  Hope it helps!
  Thanks,
  Dharmesh

• SSO to partner application running under IIS

  Hi,
  We have a complete set-up for 9iAS Release2 where some applications are running. In parallell we have an application running under IIS, and would now like to enable the IIS application as a partner application to 9iAS letting the 9iAS SSO server handle the authentication.
  In the documentation of Oracle Proxy Plug-in I read that this proxy plug-in can be used to proxy requests from IIS to Oracle http server (OHS) and also in this way enable SSO.
  My question is if this can be done only for applications running under 9iAS but having IIS as web server, or if it is also possible like in our case to enable SSO via the proxy plug-in to applications runnind under IIS?
  If this is not supported is the only available solution to use the SSO SDK in my IIS application?
  Thanks and regards,
  Rikard

  Here's a DIY answer.
  See Metalink Note 269820.1 which shows you how to use Perl to overwrite the host name in the HTTP header and remove the port number.

• SSO java sample application problem

  Hi all,
  I am trying to run the SSO java sample application, but am experiencing a problem:
  When I request the papp.jsp page I end up in an infinte loop, caught between papp.jsp and ssosignon.jsp.
  An earlier thread in this forum discussed the same problem, guessing that the cookie handling was the problem. This thread recommended a particlar servlet , ShowCookie, for inspecting the cookies for the current session.
  I have installed this cookie on the server, but don't see anything but one cookie, JSESSIONID.
  At present I am running the jsp sample app on a Tomcat server, while Oracle 9iAS with sso and portal is running on another machine on the LAN.
  The configuration of the SSO sample application is as follows:
  Cut from SSOEnablerJspBean.java:
  // Listener token for this partner application name
  private static String m_listenerToken = "wmli007251:8080";
  // Partner application session cookie name
  private static String m_cookieName = "SSO_PAPP_JSP_ID";
  // Partner application session domain
  private static String m_cookieDomain = "wmli007251:8080/";
  // Partner application session path scope
  private static String m_cookiePath = "/";
  // Host name of the database
  private static String m_dbHostName = "wmsi001370";
  // Port for database
  private static String m_dbPort = "1521";
  // Sehema name
  private static String m_dbSchemaName = "testpartnerapp";
  // Schema password
  private static String m_dbSchemaPasswd = "testpartnerapp";
  // Database SID name
  private static String m_dbSID = "IASDB.WMDATA.DK";
  // Requested URL (User requested page)
  private static String m_requestUrl = "http://wmli007251:8080/testsso/papp.jsp";
  // Cancel URL(Home page for this application which don't require authentication)
  private static String m_cancelUrl = "http://wmli007251:8080/testsso/fejl.html";
  Values specified in the Oracle Portal partner app administration page:
       ID: 1326
       Token: O87JOE971326
       Encryption key: 67854625C8B9BE96
       Logon-URL: http://wmsi001370:7777/pls/orasso/orasso.wwsso_app_admin.ls_login
       single signoff-URL: http://wmsi001370:7777/pls/orasso/orasso.wwsso_app_admin.ls_logout
       Name: testsso
       Start-URL: http://wmli007251:8080/testsso/
       Succes-URL: http://wmli007251:8080/testsso/ssosignon.jsp
       Log off-URL: http://wmli007251:8080/testsso/papplogoff.jsp
  Finally I have specified the cookie version to be v1.0 when running the regapp.sql script. Other parameters for this script are copied from the values specified above.
  Unfortunately the discussion in the earlier thread did not go any further but to recognize the cookieproblem, so I am now looking for help to move further on from here.
  Any ideas will be greatly appreciated!
  /Mads

  Pierre - When you work on the sample application, you should test the pages in a separate browser instance. Don't use the Run Page links from the Builder. The sample app has a different authentication scheme from that used in the development environment so it'll work better for you to use a separate development browser from the application testing browser. In the testing browser, to request the page you just modified, login to the application, then change the page ID in the URL. Then put some navigation controls into the application so you can run your page more easily by clicking links from other pages.
  Scott

• How to change SSO Partner Application Login_url and Logout_url

  As part of a deployment in a different data centre, we needed to change the domain name of an application using SSO for authentication. We have gone through the process of re-registering the SSO server but this does not update the domain name
  By using diagnostic tools from Oracle we have discovered that the file 'osso.conf' in $ORACLE_HOME/Apache/Apache/conf/osso contains incorrect entries for login_url and logout_url.
  These settings are of the form:
  login_url=http://www.ourolddomain.com/pls/orasso/orasso.wwsso_app_admin.ls_login
  logout_url=http://www.ourolddomain.com/pls/orasso/orasso.wwsso_app_admin.ls_logout
  Please can anyone tell me how these settings can be changed.

  Hi,
  [Solved] SSO fails to show success page you can find some information on re registering mod_osso.
  Hope it helps.

• HOW TO SET UP PARTNER APPLICATION TO USE SSO OUTSIDE OF PORTAL

  If anyone knows how Portal switches context to run as the db user mapped to the lightweight schema and how it knows the db schema password please let me know.
  Should you have any queries please do not hesitate to contact me on 07775 896738.
  From document Oracle Portal Security Overview on PortalStudio.oracle.com:
  In Single Sign On mode (EnableSSO=Yes in the DAD), mod_plsql determines the name of the light-weight user and mapped database schema by calling
  WPG_SESSION_PRIVATE.GET_LW_USER and WPG_SESSION_PRIVATE.GET_DB_USER respectively.
  ** These calls are done using the Portal Schema (PORTAL30) and Portal schema password **
  mod_plsql then executes the procedure in the requested URL by using the N-Tier Authentication feature to connect to the database as the user returned from
  WPG_SESSION_PRIVATE.GET_DB_USER. ..... Note that N-Tier Authentication requires all schemas to be used for Portal user mappings to be granted 'connect
  through' privleges to the Portal schema (PORTAL30).
  The WWCTX packages are also used.
  So this is how it works with standard Portal
  - the document states that the WPG_SESSION_PRIVATE package is only accessible to the Portal schema
  - but I checked and it is also available to PORTAL30_SSO
  SQL> desc WPG_SESSION_PRIVATE
  PROCEDURE CREATE_SESSION
  Argument Name Type In/Out Default?
  P_COOKIE_NAME VARCHAR2 IN
  FUNCTION GET_DB_USER RETURNS VARCHAR2
  FUNCTION GET_LW_USER RETURNS VARCHAR2
  PROCEDURE GET_SESSION_INFO
  Argument Name Type In/Out Default?
  NUM_PARAMS NUMBER OUT
  PARAM_NAMES TABLE OF VARCHAR2(32000) OUT
  PARAM_VALUES TABLE OF VARCHAR2(32000) OUT
  PROCEDURE RESET_SESSION
  Argument Name Type In/Out Default?
  P_COOKIE_NAME VARCHAR2 IN
  In my case only the Login Server (PORTAL30_SSO) is going to be used/installed
  - the SAMPLE_SSO_PAPP application will only work if the DAD used to access is it set to use Basic authentication, i.e. the actual integration with the Login Server
  is done in the sample application code calls, stored in the database
  - when a DAD has enableSSO=yes it automatically accesses Portal (PORTAL30) packages to implement N-Tier authentication
  I'm currently testing:
  1. Configuring the SAMPLE_SSO_PAPP sample as documented with a DAD with Basic authentication
  2. Amending the ssoapp procedure to set context to another (db) user on successful authentication:
  wwctx_api.set_context (
  p_user_name => 'SCOTT',
  p_password => 'TIGER' );
  3. If this works then set_context with get_lw_user instead
  I have now amended the ssoapp procedure as follows to print out
  1. The userid entered when the login box is presented
  2. The Database user which the Portal Lightweight user is mapped to
  3. The Lightweight user Portal has used for authentication
  Amendments to papp.pkb:
  (ssoapp procedure, declare db_user_info and lw_user_info as VARCHAR2 in declare section)
  htp.p('Congratulations! It is working!<br>');
  db_user_info := wwctx_api.get_db_user;
  lw_user_info := wwctx_api.get_user;
  htp.p('User Information:' || l_user_info || '<br>');
  htp.p('DB User Information:' || db_user_info || '<br>');
  htp.p('LW User Information:' || lw_user_info || '<br>');
  The following shows the interesting results from my testing:
  - if the user owning the sample_sso_papp package is PORTAL30_SSO then the call to wwctx_api.get_db_user succeeds
  - if the user owning the sample_sso_papp package is a non-portal schema e.g. SSOAPP below the call to wwctx_api.get_db_user generates a User Defined exception
  Steps to test:
  Created new schema SSOAPP on the database
  - edited it in Portal and checked the use this schema for Portal users checkbox
  - created new Lightweight user SSO_LW in Portal, mapped it to SSOAPP schema
  - created new Lightweight user SSO_SCOTT in Portal, mapped to SCOTT schema
  - loadjava -user ssoapp/ssoapp@portal30 SSOHash.class
  - sqlplus portal30/portal30@portal30
  @provsyns ssoapp
  - sqlplus ssoapp/ssoapp@portal30
  @loadsdk.sql
  @loadpapp.sql
  Created DAD with basic authentication SAMPLE_SSO_PAPP
  - username: ssoapp
  - default home page: sample_sso_papp.ssoapp
  Registered the Sample SSO Partner Application with the Login Server and ran regapp.sql
  Commented out the calls to get_db_user in papp.pkb to avoid exception
  - called http://<server>/pls/sample_sso_papp
  - logged on as SSO_LW/sso_lw
  - got output:
  Congratulations! It is working!
  User Information: SSO_LW
  LW User Information: PUBLIC
  So the Portal lightweight user is not returned as SSO_LW
  if anyone knows why the Lightweight User in my test is returned as PUBLIC not SSO_LW
  Best Regards
  MIchael

  http://support.mozilla.com/en-US/kb/Changing+the+e-mail+program+used+by+Firefox

• SSO for partner applications

  Hi All,
  I have installed 10g AS Release 2 on a system. I also have Application Express(formerly HTML DB) installed on the same system. I registered one of the HTML DB applications as partner applications and have put SSO authentication for it.
  When I try to login the AS looks at the OID installed on the system(which I gave during installation). I want it to look at the Oracle gmldap.oraclecorp.com server OID so that only Oracle employees login.
  Can anybody tell me how to change the OID and what are the entries to be give to configure it to gmldap.oraclecorp.com server??
  Thanks,
  Swaroop

  See Task 3 in the Section 9.4 of the Oracle Application Server Administrator's Guide:
  http://download-west.oracle.com/docs/cd/B14099_17/core.1012/b13995/chginfra.htm#i1014978
  See the following for information about what to specify on each page.
  http://download-west.oracle.com/docs/cd/B14099_17/core.1012/b13995/reconfig.htm#i1013341

• SSO With XI 3.0 on IIS

  I've searched these forums and finding bits and pieces of information so I'm hoping someone can help me out.
  I've successfully installed XI 3.0 on a new server.  We're trying to get SSO to work from our custom application so that users won't have to sign onto BO seperately.
  Most of the documentation I've found has been related to XI 2.
  I'm very new to administrating BO.  I'm assuming that the SSO on XI 2 (which we currently have our users using) cannot simply be copied over (I've tried.).  Also, I'm assuming that the SSO is part of a SDK or API.  If so, are these installed by default or are they seperate downloads?
  Can someone point me in the right direction?
  Thanks

  3.0 does not support IIS for infoview, only java app servers. We can enable SSO for those.
  As far as what migrates over from XIR2, the users, groups, plugin config, but the SSO settings do have to be applied on the web/app server(s)
  If you get 3.1 (same license code) that does support IIS/SSO. You should get 3.1 regardless 3.0 was the very 1st version of 3.x and therefor has the most bugs.
  Regards,
  Tim

• SSO between a Java EE application (Running on CE) and r/3 backend

  Hi All,
  Over the past few days I have been trying to implement a SSO mechanism between NW CE Java Apps and R/3 backend without any success. I have been trying to use SAP logon tickets for implementing SSO.
  Below is what I need:
  I have a Java EE application which draws data from R/3 backend and does some processing before showing data to the users. As of now the only way the Java App on CE authenticates to r/3 backend is by passing the userid and pwds explicitly. See sample authentication code below:
  BindingProvider bp = (BindingProvider) myService;
  Map<String,Object> context = bp.getRequestContext();
  context.put(BindingProvider.USERNAME_PROPERTY, userID);
  context.put(BindingProvider.PASSWORD_PROPERTY, userPwd);
  Now this is not the way we want to implement it. What we need is when the user authenticates to CE ( using CE's UME) CE issues a SAP logon ticket to the user. This ticket should be used to subsequently login to other system without having to pass the credentials. We have configured the CE and Backend to use SAP logon tickets as per SAP help.
  What I am not able to figure out is: How to authenticate to SAP r/3 service from the java APP using SAP logon tickets. I couldnt find any sample Java  code on SAP help to do this. (For example the above sample code authenticates the user by explicitly passing userid and pwd, I need something similar to pass a token to the backend)
  Any help/pointers on this would be great.
  Thanks,
  Dhananjay

  Hi,
  Have you imported the java certificate into R/3 backend system ? if so.
  Then just go to backend system and check on sm50 for each applicaion instance of any error eg.
  SM50-> Display files (ICON) as DB symbol with spect.(cntrlshiftF8)
  You will get logon ticket details.
  with thanks,
      Rajat

• SSO requires double login for partner application

  I'm having some trouble with SSO partner applications, when I login to a SSO protected application, the login works fine, but when I try to navigate to another application I'm presented with the login page again, the sso cookie seems to be working since clicking on the login button without entering the user credentials works. For example, I log in to portal and from there I navigate to a forms application that is on the same server and the same port (portal: https://apps.mydomain.com:4444/pls/portal --> forms: https://apps.mydomain.com/forms/frmservlet?config=app) I am presented with the login page and after clicking on the login button without entering any information everything works fine. This is happening for all the middle tiers that are connected to the same OID. Any ideas on what can be wrong on my configuration?

  Hi Andrey,
  The problem sounds really wierd.
  Can you check your SSO settings for your Portal ECC system? I mean, please check the User Management/Administration properties in your System Adminstration of Portal System that points to ECC.
  Regards
  <i><b>Raja Sekhar</b></i>

• SSO userid for a partner application

  Hi,
  We have one application deployed on WebLogic Application Server this is registred as Partner application over SSO server.
  On application side we have installed Oracle HTTP Server as webserver and configured mod_osso.
  Now when user attempt to access any secured page SSO askes for the authentication. And on successful login user landed back to application page configured while creating Partner application.
  After login we need userid of user who logged in on sso server. I have tried following and getting null.
  Remote User: <%=request.getRemoteUser() %>,
       Proxy-Remote-User: <%=request.getHeader("Proxy-Remote-User") %>
       Osso-User-Dn: <%=request.getHeader("Osso-User-Dn") %>
       Osso-User-Guid: <%=request.getHeader("Osso-User-Guid") %>
       Osso-Subscriber: <%=request.getHeader("Osso-Subscriber") %>
       Osso-Subscriber-Dn: <%=request.getHeader("Osso-Subscriber-Dn") %>
       Osso-Subscriber-Guid: <%=request.getHeader("Osso-Subscriber-Guid") %>
       Accept-Language: <%=request.getHeader("Accept-Language") %>
  output:
  Remote User: null,
  Proxy-Remote-User: null
  Osso-User-Dn: null
  Osso-User-Guid: null
  Osso-Subscriber: null
  Osso-Subscriber-Dn: null
  Osso-Subscriber-Guid: null
  Accept-Language: en-us,en;q=0.5
  Is any one there knows, what exactly i should do?
  Thanks & Regards,
  Kevin Chheda

  So the user has successfully authenticated and can access protected areas of the application?
  Have you tried using Http headers to see values/attribute names?
  Can you try this:
  <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
  <html>
  <body>
  <%@ page import = "java.util.*" %>
  <h1>Headers received:</h1>
  Remote user header is: <% out.println(request.getRemoteUser()); %>
  <p>
  <table>
  <%
  Enumeration headerNames = request.getHeaderNames();
  while(headerNames.hasMoreElements()) {
  String headerName = (String)headerNames.nextElement();
  out.println("<tr><td>" + headerName);
  out.println(" <td>" + request.getHeader(headerName));
  %>
  </table>
  </body></html>