Mike Peachey wrote: > Edward Bryan wrote: >> I've been tasked with finding a way to login to our RT system by >> validating our cookies against a local database and then submitting a >> valid user name as a login token to RT. The object is to write a >> single sign on plugin that validates against a secure database for a >> large number of diverse applications. >> >> RT has facilities to query LDAP and DBI databases with ExternalAuth >> and it also has the ability to read a cookie and validate it against >> a database of users and user IDs with CookieAuth but it doesn't seem >> to have a method for allowing me do to my own user validation and >> then simply submitting a user name as a valid login token. RT retains >> the power of the query for user validation. (Correct?) >> >> I think in order to do this I will need to do some major Mason-ary >> work and before I propose a project of that size to my customer, I >> wanted to get confirmation that this is the only way to get RT to >> follow our local login model. > > > TBH CookieAuth is a fantastic example of how to "build your own" and > although it's not *totally* clear what you're looking for I don't > think you'd have to veer far from it. > > The whole validation path is quite simple.. you put in an Auth > callback that runs whatever code you want it to when a user first > vists and you can call any other methods you want at the same time, > and all you need to have a logged in user is to put a user in the > $session variable. > > If you want to do your own changes to validation of an actual > password, you just gotta override isPassword in the USer object using > a User_Vendor.pm or User_Local.pm. > > I can advise better if you can clarify a little what your intended > result is. > -- > Kind Regards, > > __________________________________________________ > > Mike Peachey, IT > Tel: +44 114 281 2655 > Fax: +44 114 281 2951 > Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK > Comp Reg No: 3191371 - Registered In England > http://www.jennic.com > __________________________________________________ > Thanks for the quick reply. I'm sorry I wasn't more clear in my original post.
We have an single-sign-on application that validates all our users with their first login to any application we run. Then, as they move from one app to another, they are transparently validated by the SSO module at every login. We just added RT and I've been asked to write the SSO module that will allow already-validated-on-our-system users to step around the RT login page and go straight to the RT "at a glance" page. What I thought I understood from ExternalAuth and CookieAuth and the many posts around implementing them, is that users go to the RT login page and enter their names and passwords but that RT uses ~Auth callbacks to query a remote database, either LDAP or another DBI type, that then validates RT users. I've been asked to spare our users the trouble of typing in a name and password if possible. The closest answer I found was an "autologin" post from 2003 in which the response was that it couldn't be done without sending the password in clear text as part of the url. So I think the answer to my question is that I need to modify the source code around logging. Then again, I'm not the expert here. Thanks for your help. _______________________________________________ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: [email protected] Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
