Skip Menu |
 

This queue is for tickets about the RT-Authen-ExternalAuth CPAN distribution.

Report information
The Basics
Id: 88148
Status: open
Priority: 0/
Queue: RT-Authen-ExternalAuth

People
Owner: Nobody in particular
Requestors: msullivan [...] proofpoint.com
Cc:
AdminCc:

Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)



Subject: RT::Authen::ExternalAuth SSO config.. tips please..
Date: Mon, 26 Aug 2013 17:41:02 +0000
To: "bug-RT-Authen-ExternalAuth [...] rt.cpan.org" <bug-RT-Authen-ExternalAuth [...] rt.cpan.org>
From: Michelle Sullivan <msullivan [...] proofpoint.com>
Download (untitled) / with headers
text/plain 1.6k
Hi, I'm moving from RT3.6 -> RT4.0.17 and have decided to try going with RT::Authen::ExternalAuth instead of an OverRide I wrote previously. My system sets a cookie for all visitors, which is just a session ID (no other information in the cookie - for security .. this is then linked to the actual user information using Apache::Session to do the dirty work) Inside the cookie retrieved information there is the Username, Email addresses (multiple possible), Real Name, RT ID (single at the moment, but will be multiple in the near future) and a load of other information (address etc.) Currently when someone logs in to the main site and updates their preferences it updates the preferences in the RT user database. Inside the retrieved information there is an 'auth' parameter which contains the current state of the login and it's timeout. My thoughts is for any un-authenticated user to be re-directed to my main login page, get the new authenticated cookie, and be re-directed back to the RT system. The RT system will then load the user information from the DB retrieved by the cookie ID.. and allow access in that method. Is this possible with RT::Authen::ExternalAuth ? If so is it possible for it to update the timeout as necessary (so the login doesn't idle out)? If all of the above... any Docs/Examples on it? (I have modules that can do this as well - but need to know what calls what and what is expected in the return) Glancing at the code, it suggests that it is not possible without extensive work... can anyone confirm or deny? Thanks, -- Michelle Sullivan http://www.mhix.org/
Subject: Re: [rt.cpan.org #88148] AutoReply: RT::Authen::ExternalAuth SSO config.. tips please..
Date: Mon, 26 Aug 2013 17:45:25 +0000
To: "bug-RT-Authen-ExternalAuth [...] rt.cpan.org" <bug-RT-Authen-ExternalAuth [...] rt.cpan.org>
From: Michelle Sullivan <msullivan [...] proofpoint.com>
Whoops, sorry I didn't mean to create a bug reportŠ wrong email address. Regards, Michelle
Download (untitled) / with headers
text/plain 1.2k
This bug should be renamed to "Compatibility with WebExternalAuth/WebFallbackToInternalAuth". I faced the same problem here with an auth using REMOTE_USER that should allow to fallback to this plugin if no REMOTE_USER is given. This plugin doesn't handle REMOTE_USER at all, here is the slightly different patch I use: diff --git a/rt/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm b/rt/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm index b8950b4..32a5200 100644 --- a/rt/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm +++ b/rt/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm @@ -431,7 +431,9 @@ sub DoAuth { ############################################################# ####################### SSO Check ########################### ############################################################# - if ($config->{'type'} eq 'cookie') { + if ( RT->Config->Get('WebExternalAuth') && $ENV{REMOTE_USER} ) { + $username = $ENV{REMOTE_USER}; + } elsif ($config->{'type'} eq 'cookie') { # Currently, Cookie authentication is our only SSO method $username = RT::Authen::ExternalAuth::DBI::GetCookieAuth($config);


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.