----Original Message---- From: [email protected] [mailto:[email protected]] On Behalf Of Kevin Falcone Sent: Monday, May 02, 2011 9:40 AM To: [email protected] Subject: Re: [rt-users] Is a time zone user preference available?
> On Fri, Apr 29, 2011 at 01:58:16PM -0600, Eli Guzman wrote: >>> On Thu, Apr 28, 2011 at 02:10:20PM -0600, Eli Guzman wrote: >>>> I have one more issue, I am working on and this is enabling the >>>> full SSO (auto-login) function of RT::Authen::LDAP, but I keep >>>> running into some issues. AD users are able to authenticated >>>> against AD, but the RT interface won't automatically log them in. I >>>> think my RT_SiteConfig.pm (the one located at >>>> /opt/rt3/local/plugins/RT-Authen-ExternalAuth/etc) is correct: >>> >>> This should really be a separate email to the list, but you don't >>> appear to be running the current release of RT::Authen::ExternalAuth >>> >>> Please provide your RT and extension versions >>> >>> -kevin >> >> Hey Kevin, >> >> I am currently running RT-Authen-ExternalAuth 0.8_01, and RT 3.89: > >> cpan -l output >> >> lib::RT::Authen::ExternalAuth 0.08_01 >> lib::RT::Authen::ExternalAuth::DBI undef >> lib::RT::Authen::ExternalAuth::LDAP undef >> lib::RT::Authen::ExternalAuth::DBI::Cookie undef >> blib::lib::RT::Authen::ExternalAuth 0.08_01 >> >> I thought I was at the latest version for RT-Authen-ExternalAuth, has >> another release been made available? If this is the case I can >> download and install if needed. >> >> Just to recap: LDAP authentication works, the SSO piece (the >> automatic logon into the interface) fails. > > RT-Authen-ExternalAuth doesn't provide spnego/sso for IE you have to > configure something like mod_auth_kerb for that > > -kevin > >> This is essentially the last piece we have before finishing up this >> setup so any advice you may have could be very useful to us. >> >> Regards, >> --Eli Thanks once again for all of the input, IE is indeed the primary browser here, but we do have users using Mozilla Firefox 4 as well. I have tried logging in within FF4, and I get the same errors as I do in IE. I think that there is some basic link not taking place between IE(FF4) and RT (RT::Auth*), which is interesting (or rather odd) since as I mentioned before, I am able to login using LDAP directly (though unable I may be of passing the SSO check itself). I read on a previous message that RT::Auth* was now at 0.08_02 (not sure if this is correct)? Perhaps I should use this version with RT 3.89 and see if this fixes the issue. You mentioned mod_auth_kerb, and I actually do have mod_auth_kerb installed for Apache2, so I'm thinking this could be another likely way to go (would this work for FF4 as well?). I've also used Likewise Open to physically join the server to our primary domain controller, but this has not made much of a difference (yet) - although I am sure that a separate connector has to probably be setup within Likewise for RT (but I am at the moment not familiar with this option). As another feasible option for SSO, would it be better to just use an AD synchronized OpenLDAP server, using something like a DBI Authentication module? Regards, Eli
