If/when this is revisited we can try:
https://github.com/phokz/mod-auth-external to run an arbitrary script like a
python script. Or https://httpd.apache.org/docs/2.4/mod/mod_authnz_fcgi.html to
auth against a fastcgi service. Example fastcgi at
My suggestions were based just on reading the documentation, I haven't actually
tried anything. So I'm not too surprised that they didn't work out.
I guess 2 URLs is the simplest way to make it work with mod_wsgi. I think
simple is better than trying to deal with a proxy.
Another idea though
Hey Dave,
either I didn't understand your proposed approach, or it doesn't work.
WSGIAuthGroupScript has the same problem as WSGIAuthUserScript, it forces the
user initially to login, because it relies on credentials. So when I configure
one of those two methods, I am always initially prompted
Have you tried `WSGIAuthGroupScript` yet? That seems to provide a way to list
"groups" and then a "group" can be checked with a `Require` directive which is
a normal httpd directive. And it seems both 401 and 403 statuses are options
then.
@brondsem Do you have any directions?
The only solution, which I came up with, is the "two URL solution".
For example:
* "/svn/..." and "/git/..." are using allow_access() to check if the repo has
anonymous access allowed
* If it has no access allowed, it will forbid the access
*
Hmm, I forgot this integrated so closely with apache, that it won't be a
regular WSGI app. The auth functions you reference are these, right?
https://modwsgi.readthedocs.io/en/develop/user-guides/access-control-mechanisms.html#apache-authentication-provider
I haven't dealt with those before.
I played around with it more.
The good thing:
Looking at it in detail, I found, that the structure of the existing handler is
not the worst, when we want to stay with the interface between the apache
instance, and the allura instance itself. So I would not change this
fundamentally at the
Hi Ingo,
The ApacheAccessHandler.py file has always been a bit rough in my opinion, so
improving it and adding features would be great. I have not done anything yet
to convert it to mod_wsgi (or python 3), so definitely your contributions would
be welcome.
SAML support sounds nice. I don't
@brondsem I didn't work too hard on it, yet. But I did some first tests, and
I'd love to merge it with my modifications, which were necessary to run it on
my Allura installation.
Specialties, which I needed to implement in the current access handler:
* **Support for SAML.** That means, that I
---
** [tickets:#8352] Convert ApacheAccessHandler.py from mod_python to mod_wsgi**
**Status:** open
**Milestone:** unreleased
**Labels:** py3
**Created:** Wed Feb 26, 2020 07:54 PM UTC by Dave Brondsema
**Last Updated:** Wed Feb 26, 2020 07:54 PM UTC
**Owner:** nobody
mod_wsgi is how we
10 matches
Mail list logo