Hello,
I am upgrading from 3.8.7 (apache2 + mod_perl) to 4.0.4 (apache2 + mod_fastcgi)
and I notice a strange behaviour of RT-Authen-ExternalAuth -0.09.
The authentication works fine, however, the login page gets redirected straight
away here:
http://rt.address.com/NoAuth/Login.html?next=xxxxxx&results=xxxxxxx
With the error message: "You are not an authorized user".
That is, this is what I see instead of the normal login page.
This is what the log says:
[Thu Dec 15 13:20:08 2011] [debug]: Attempting to use external auth service: AD
(/opt/rt/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:64)
[Thu Dec 15 13:20:08 2011] [debug]: SSO Failed and no user to test with.
Nexting
(/opt/rt/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:92)
[Thu Dec 15 13:20:08 2011] [debug]: Autohandler called ExternalAuth. Response:
(0, No User)
(/opt/rt/local/plugins/RT-Authen-ExternalAuth/html/Elements/DoAuth:10)
[Thu Dec 15 13:20:08 2011] [debug]: Attempting to use external auth service: AD
(/opt/rt/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:64)
[Thu Dec 15 13:20:08 2011] [debug]: SSO Failed and no user to test with.
Nexting
(/opt/rt/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:92)
[Thu Dec 15 13:20:08 2011] [debug]: Autohandler called ExternalAuth. Response:
(0, No User)
(/opt/rt/local/plugins/RT-Authen-ExternalAuth/html/Elements/DoAuth:10)
Is this to be expected? Or am I missing something? Because in the old version
there was no redirection and no error messages.
I dug a little bit and found a "fix", but it seems a bit heavy handed (if not
plain wrong).
It involves modifiying .../html/Callbacks/ExternalAuth/autohandler/Session
from this:
<%init>
$m->comp('/Elements/DoAuth',%ARGS);
......
to this:
<%init>
if($ARGS{'user'} || $m->request_comp->path ne '/index.html'){
$m->comp('/Elements/DoAuth',%ARGS);
}
....
That is, try to authenticate me only if I provided an username or if I am
trying to access something else than the login page(well..).
Here's the relevant part of RT_SiteConfig:
Set($WebExternalAuth , '1');
Set($WebFallbackToInternalAuth , '1');
Set($WebExternalAuto , '1');
Set($ExternalAuthPriority, [ 'AD' ]);
Set($ExternalInfoPriority, [ 'AD' ]);
Set($AutoCreateNonExternalUsers, 1);
Set($ExternalSettings, { 'AD' => {
'type' => 'ldap',
...
}
});
And httpd.conf:
<VirtualHost *:80>
ServerName xxx
KeepAlive On
AddDefaultCharsetUTF-8
LogLevel debug
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"
%{X-Forwarded-For}i " combined
ErrorLog /opt/rt/var/log/error_log
CustomLog /opt/rt/var/log/access_log common env=!dontlog
Alias /NoAuth/images/ /opt/rt/share/html/NoAuth/images/
ScriptAlias / /opt/rt/sbin/rt-server.fcgi/
DocumentRoot /opt/rt/share/html
<Location />
Order allow,deny
Allow from all
Options +ExecCGI
AddHandlerfastcgi-script fcgi
</Location>
<Location /NoAuth/images>
SetHandler default-handler
</Location>
</VirtualHost>
Thanks,
Iulian--------
RT Training Sessions (http://bestpractical.com/services/training.html)
* Boston March 5 & 6, 2012
