Axton,
I tried not to put too much detail in my posting. But we have an
Apache module that authenticate and validate the information for us.
As far as we know, the $SERVER['REMOTE_USER'] (PHP style) is valid and
accurate once it gets through to us (TRAC). If it were not, the
Apache SSO module would not have let the user through. So now we have
the user name, what is the easiest way to log s/he in w/o any form or
pop-up.
Regards,
Doug
On Dec 7, 1:17 pm, Axton <[EMAIL PROTECTED]> wrote:
> On Dec 7, 2007 1:52 PM, anhD <[EMAIL PROTECTED]> wrote:
>
>
>
> > OK! I am going to try this at a different angle. Before a user could
> > even access TRAC, s/he has already login through the company's SSO.
> > If the user is not valid, s/he would not get through. Once the user
> > has been successfully authenticated, the REMOTE_USER will be populated
> > with his/her login. I want to modify TRAC so that it will use the id
> > in the REMOTE_USER and automatically log the user in. What would be
> > the easiest way to achieve this? I have to get rid of the Basic
> > Authentication so no pup-up will come up. Hopefully, some TRAC
> > developer can help me out here.
>
> > Thanks,
> > Doug
>
> This all depends on what you are using as your SSO infrastructure.
> There has to be more to the credentials than a simple username, this
> would be easily circumvented. The sso infrastructures I'm familiar
> with typically have a policy server where you can cross-reference the
> locally stored credentials to ensure they are valid. The
> communication between the policy server and the app server happens on
> the app server using the credentials passed by the client to the app
> server.
>
> If you are using AD and your web server is IIS, this can be pretty
> easily accomplished. Other things like Netegrity SiteMinder, Oracle
> application server sso, ... are different. These solutions typically
> have a web agent and/or an api that can be used to do what needs to be
> done.
>
> Most web apps can be easily modified to pick things up from where ever
> (http header, session variables, session cookies, etc.) to use as the
> login name. Just don't blindly trust some arbitrary value sent by the
> client.
>
> Axton Grams
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Trac
Users" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/trac-users?hl=en
-~----------~----~----~----~------~----~------~--~---
