<VirtualHost x>

    # other configuraton as usual

    <Location /xtrf/>
        AuthName "CROWD Auth"
        AuthType Basic
        AuthBasicProvider crowd
        CrowdAppName x
        CrowdAppPassword x
        CrowdURL https://x/crowd/
        CrowdCreateSSO on
        CrowdAcceptSSO on
        Require crowd-group x-auth

        # the key part is here:
        # Atlassian Crowd does the autenthication and provide us with logged-in username in REMOTE_USER environment variable
        # we use header injection of this variable into HTTP request, to provide XTRF with an autenthicated user to create session for
        # xtrf can be configured to trust this header
        # the provided login must match existing home portal username
        RequestHeader set "REMOTE_USER-this-header-you-configure-in-xtrf" %{REMOTE_USER}s

        # for Active Directory you could use, among others:
        #
        # AuthName "AD authentication"
        # AuthBasicProvider ldap
        # AuthType Basic
        # AuthLDAPGroupAttribute member
        # AuthLDAPGroupAttributeIsDN On
        # AuthLDAPURL ldap://{AD-Hostname/IP}:389/cn=Users,dc={your Domain DN}?sAMAccountName?sub?(objectClass=*)
        # AuthLDAPBindDN cn=apache-connect,cn=Users,{your Domain DN}
        # AuthLDAPBindPassword {password}
        # require ldap-group cn=test,cn=Users,{your Domain DN}
        # RequestHeader set "REMOTE_USER-this-header-you-configure-in-xtrf" %{REMOTE_USER}s
    </Location>


    # all goes to XTRF as a backend, as usual
    ProxyPass / ajp://y:8009/ max=30 retry=10 nocanon

</VirtualHost>