It's open source, isn't it? @monitorjbl could extend my code proposal, if it is not sufficient for him.

If you - as the code maintainer - say you need extensions to this feature to be able to merge it into the master branch, I will see what I can do. But I am not paid by my company to handle random feature requests of third parties, which do not make any sense to us.

For us, our custom-built Mamute works great with this SSO extension (in production for nearly three months now).

@falbrech-hsdg thank you for this patchset!
I have successfully tested this by using jetty with AJP connector (with an apache and kerberos authentication in front).

Could you please share the details how you are running mamute on a tomcat?

@xdarklight Sorry, it is quite a long time that I supported our Ops team in setting up mamute, and now I do not have access to the server anymore...
What exactly do you want to know? AFAIK, most work is done within the Apache httpd (which you already did successfully). To run mamute on Tomcat, we just extracted the WAR file to webapps/mamute.

According to stackoverflow, you could have to set a flag on Tomcat's AJP connector to enable authentication from the outside:
http://stackoverflow.com/questions/13749065/forward-remote-user-to-tomcat-via-ajp-e-g-for-shibboleth

But I cannot remember if we have set this flag...

Since @falbrech-hsdg and @xdarklight are successfully using this feature, I'm merging :-)

It would be awesome if you guys could provide an integrated test with a running ldap service in the future. (we could setup the ldap service with a docker container, for example)