On Tue, Jun 18, 2013 at 4:38 PM, L B <[email protected]> wrote: > Hi, > > The goal here is to have SSO on RT between a local user directory (AD) and > an RT instance installed in the amazon cloud. > > I've setup mod_mellon ( https://code.google.com/p/modmellon/ ) with RT as > a relying party on AWS and it works well, I'm able to log in with SSO (IdP > used on premise is ADFS). > > I just had to configure RT with: > Set($WebExternalAuth , 1); > Set($WebFallbackToInternalAuth , 1); > Set($WebExternalAuto , 1); > > so it uses the REMOTE_USER variable to login. > > I have three problems now: > - populating users info: > I think I can get some environment variables out of the SAML token with > mod_mellon configuration like this: > > MellonSetEnv "e-mail" "mail" > > But then I don't know how to populate this into RT. >
Solution: 1) With code. Grep for REMOTE_USER in RT source code and you'll find places where you can inject code to extract information mellon puts into ENV and put it into RT's tables. As far I recall remote user variable handled in one or two places. 2) No coding - use ExternalAuth module to extract info. It can work this way - info extraction only mode without auth. Info is updated on login into UI. 3) No coding - use LDAPImport to bring in users' data. Info is updated as often as you run the script. > - logout waits 1 second (default), and go back to login page, so I'm > authenticated again. I think I need to change the logout link in the code? > Yes. Very specific to setup, so there is no direct solution that works for everybody. > - SSO is always used and I'd like a way to do a local login (with root for > example which is not in our user directory). I'm not sure how to do this > yet. > Host second RT as a virtual host on different URL without SSO. Only people with passwords in RT's database would be able to use this interface. > > Has anyone played with this and went further than I did? > > Thanks, > -- > L.B. > > > > -- > RT Training in Seattle, June 19-20: http://bestpractical.com/training > -- Best regards, Ruslan.
-- RT Training in Seattle, June 19-20: http://bestpractical.com/training
