diff --git a/library/Icinga/Authentication/Auth.php b/library/Icinga/Authentication/Auth.php
index 392a59d71..814f1366e 100644
--- a/library/Icinga/Authentication/Auth.php
+++ b/library/Icinga/Authentication/Auth.php
@@ -240,10 +240,10 @@ class Auth
     public function authenticateFromSession()
     {
         $this->user = Session::getSession()->get('user');
-        if ($this->user !== null && $this->user->isExternalUser() === true) {
+        if ($this->user !== null && $this->user->isExternalUser()) {
             list($originUsername, $field) = $this->user->getExternalUserInformation();
-            $username = getenv($field); // usually REMOTE_USER here
-            if ( !$username || $username !== $originUsername) {
+            $username = ExternalBackend::getRemoteUser($field);
+            if ($username === null || $username !== $originUsername) {
                 $this->removeAuthorization();
             }
         }
diff --git a/library/Icinga/Authentication/User/ExternalBackend.php b/library/Icinga/Authentication/User/ExternalBackend.php
index 616f2371e..3baf1c8e0 100644
--- a/library/Icinga/Authentication/User/ExternalBackend.php
+++ b/library/Icinga/Authentication/User/ExternalBackend.php
@@ -77,8 +77,8 @@ class ExternalBackend implements UserBackendInterface
      */
     public function authenticate(User $user, $password = null)
     {
-        $username = getenv('REMOTE_USER');
-        if ($username !== false) {
+        $username = static::getRemoteUser();
+        if ($username !== null) {
             $user->setExternalUserInformation($username, 'REMOTE_USER');
 
             if ($this->stripUsernameRegexp) {