On Dec 7, 2007 1:52 PM, anhD <[EMAIL PROTECTED]> wrote: > > OK! I am going to try this at a different angle. Before a user could > even access TRAC, s/he has already login through the company's SSO. > If the user is not valid, s/he would not get through. Once the user > has been successfully authenticated, the REMOTE_USER will be populated > with his/her login. I want to modify TRAC so that it will use the id > in the REMOTE_USER and automatically log the user in. What would be > the easiest way to achieve this? I have to get rid of the Basic > Authentication so no pup-up will come up. Hopefully, some TRAC > developer can help me out here. > > Thanks, > Doug > >
This all depends on what you are using as your SSO infrastructure. There has to be more to the credentials than a simple username, this would be easily circumvented. The sso infrastructures I'm familiar with typically have a policy server where you can cross-reference the locally stored credentials to ensure they are valid. The communication between the policy server and the app server happens on the app server using the credentials passed by the client to the app server. If you are using AD and your web server is IIS, this can be pretty easily accomplished. Other things like Netegrity SiteMinder, Oracle application server sso, ... are different. These solutions typically have a web agent and/or an api that can be used to do what needs to be done. Most web apps can be easily modified to pick things up from where ever (http header, session variables, session cookies, etc.) to use as the login name. Just don't blindly trust some arbitrary value sent by the client. Axton Grams --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Trac Users" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/trac-users?hl=en -~----------~----~----~----~------~----~------~--~---
