On Thu, Nov 12, 2015 at 12:40 PM, Joe Kirby <ki...@umbc.edu> wrote: > We recently turned of Set($UseSQLForACLChecks, 1) for performance reasons.
Sorry. Haven't used that setting yet. > Are you saying we could have a special config in place that would allow me > to access our system in non-SSO mode or would I have to cloned the db to > such an area? We bypass it via the browser user agent. Here is a snippet from our apache configs: SetEnvIf User-Agent ^KnockKnock let_me_in # Allow either Shib-ed users or KnockKnock agents to be able to access the # system. KnockKnock agents will still have to authenticate to the local # RT login page. <Location /> <RequireAny> AuthType shibboleth ShibRequireSession on Require valid-user Require env let_me_in </RequireAny> Options +ExecCGI AddHandler fastcgi-script fcgi </Location> Then to access RT's login page, change your browser's user agent to "KnockKnock" or whatever string you choose. -m