Showing with 48 additions and 1 deletion.

+8 −0 CHANGELOG.md

+13 −0 manifests/config/apache.pp

+1 −1 metadata.json

+26 −0 spec/classes/foreman_config_apache_spec.rb
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,13 @@
 # Changelog
 
+## [25.2.1](https://github.com/theforeman/puppet-foreman/tree/25.2.1) (2024-09-04)
+
+[Full Changelog](https://github.com/theforeman/puppet-foreman/compare/25.2.0...25.2.1)
+
+**Fixed bugs:**
+
+- Unset all possible dash/underscore combinations of REMOTE\_USER [\#1181](https://github.com/theforeman/puppet-foreman/pull/1181) ([evgeni](https://github.com/evgeni))
+
 ## [25.2.0](https://github.com/theforeman/puppet-foreman/tree/25.2.0) (2024-08-14)
 
 [Full Changelog](https://github.com/theforeman/puppet-foreman/compare/25.1.0...25.2.0)

diff --git a/manifests/config/apache.pp b/manifests/config/apache.pp
@@ -119,10 +119,23 @@
   String[1] $keycloak_app_name = 'foreman-openidc',
   String[1] $keycloak_realm = 'ssl-realm',
   Array[String[1]] $request_headers_to_unset = [
+    'REMOTE-USER',
     'REMOTE_USER',
+    'REMOTE-USER-EMAIL',
+    'REMOTE-USER_EMAIL',
+    'REMOTE_USER-EMAIL',
     'REMOTE_USER_EMAIL',
+    'REMOTE-USER-FIRSTNAME',
+    'REMOTE-USER_FIRSTNAME',
+    'REMOTE_USER-FIRSTNAME',
     'REMOTE_USER_FIRSTNAME',
+    'REMOTE-USER-LASTNAME',
+    'REMOTE-USER_LASTNAME',
+    'REMOTE_USER-LASTNAME',
     'REMOTE_USER_LASTNAME',
+    'REMOTE-USER-GROUPS',
+    'REMOTE-USER_GROUPS',
+    'REMOTE_USER-GROUPS',
     'REMOTE_USER_GROUPS',
   ],
 ) {

diff --git a/metadata.json b/metadata.json
@@ -1,6 +1,6 @@
 {
   "name": "theforeman-foreman",
-  "version": "25.2.0",
+  "version": "25.2.1",
   "author": "theforeman",
   "summary": "Foreman server configuration",
   "license": "GPL-3.0+",

diff --git a/spec/classes/foreman_config_apache_spec.rb b/spec/classes/foreman_config_apache_spec.rb
@@ -56,10 +56,23 @@
             'set SSL_CLIENT_S_DN ""',
             'set SSL_CLIENT_CERT ""',
             'set SSL_CLIENT_VERIFY ""',
+            'unset REMOTE-USER',
             'unset REMOTE_USER',
+            'unset REMOTE-USER-EMAIL',
+            'unset REMOTE-USER_EMAIL',
+            'unset REMOTE_USER-EMAIL',
             'unset REMOTE_USER_EMAIL',
+            'unset REMOTE-USER-FIRSTNAME',
+            'unset REMOTE-USER_FIRSTNAME',
+            'unset REMOTE_USER-FIRSTNAME',
             'unset REMOTE_USER_FIRSTNAME',
+            'unset REMOTE-USER-LASTNAME',
+            'unset REMOTE-USER_LASTNAME',
+            'unset REMOTE_USER-LASTNAME',
             'unset REMOTE_USER_LASTNAME',
+            'unset REMOTE-USER-GROUPS',
+            'unset REMOTE-USER_GROUPS',
+            'unset REMOTE_USER-GROUPS',
             'unset REMOTE_USER_GROUPS'
           ])
           .with_proxy_pass(
@@ -192,10 +205,23 @@ class { 'apache':
               'set SSL_CLIENT_S_DN "%{SSL_CLIENT_S_DN}s"',
               'set SSL_CLIENT_CERT "%{SSL_CLIENT_CERT}s"',
               'set SSL_CLIENT_VERIFY "%{SSL_CLIENT_VERIFY}s"',
+              'unset REMOTE-USER',
               'unset REMOTE_USER',
+              'unset REMOTE-USER-EMAIL',
+              'unset REMOTE-USER_EMAIL',
+              'unset REMOTE_USER-EMAIL',
               'unset REMOTE_USER_EMAIL',
+              'unset REMOTE-USER-FIRSTNAME',
+              'unset REMOTE-USER_FIRSTNAME',
+              'unset REMOTE_USER-FIRSTNAME',
               'unset REMOTE_USER_FIRSTNAME',
+              'unset REMOTE-USER-LASTNAME',
+              'unset REMOTE-USER_LASTNAME',
+              'unset REMOTE_USER-LASTNAME',
               'unset REMOTE_USER_LASTNAME',
+              'unset REMOTE-USER-GROUPS',
+              'unset REMOTE-USER_GROUPS',
+              'unset REMOTE_USER-GROUPS',
               'unset REMOTE_USER_GROUPS'
             ])
             .with_ssl_proxyengine(true)