Auto creating user email addresses from CAS authenticated RT SelfService

Hello,

I am currently migrating from RT 3.4.5-2 (2006) on Fedora Core 4 to RT 4.0.8 on Centos 6.2. The reasons are many, including aging platform, move to virtualization etc.

The new RT, like the old one, does external authentication through CAS (Central Authentication Service). Basically users always initiate a support request through the RT SelfServe website by authenticating with single sign-on credentails (username, password).

The system generates a new user the first time the user logs in populates the “Identity” Username and “Unix login” Username from their login credentials. On the old system, loggin in for the first time also autogenerates an email by concatenating the “Identity” with the email domain suffix ("@mydomain.com").

So for example, person with ID newuser, logs in for the first time, and their Email field is populated with "newuser@mydomain.com", and nothing needs to be done from my end.

For some reason, it does not do this on the new system. I seem to recall some 7 years ago adding a hack to set this autocreation of the email field using the username. I have searched but can’t find anything and searched through the code to see where/how it was implemented, but I am at a loss.

Does anyone know how this is done in RT 4.x? Other than putting it in manually, I haven’t been able to figure out how to do this. Thanks in advance.

OK … I solved the problem. After some looking around and re-examining my old code, I found for RT 4.0.8, go to /lib in your “rt” directory (eg /var/rt or /usr/local/rt) so for me I edited in

/usr/local/rt/lib/RT/Interface/Web.pm

find

############### Start Code Fragment

sub WebExternalAutoInfo {

my $user = shift;

my %user_info;

default to making Privileged users, even if they specify

some other default Attributes

if ( !$RT::AutoCreate

|| ( ref($RT::AutoCreate) && not exists $RT::AutoCreate->{Privileged} ) )

{

$user_info{‘Privileged’} = 1;

}

############## End Code Fragment

and add the line

$user_info{‘EmailAddress’} = “$user@mycompany.com”;

############### Start Code Fragment

sub WebExternalAutoInfo {

my $user = shift;

my %user_info;

$user_info{‘EmailAddress’} = “$user@mycompany.com”;

default to making Privileged users, even if they specify

some other default Attributes

if ( !$RT::AutoCreate

|| ( ref($RT::AutoCreate) && not exists $RT::AutoCreate->{Privileged} ) )

{

$user_info{‘Privileged’} = 1;

}

############## End Code Fragment

You may (?) also have to add

$user_info{‘Privileged’} = 0;

along with

$user_info{‘EmailAddress’} = “$user@mycompany.com”;

if you want your newly-created user to be Unpriviliged, which is standard for RT SelfServe. I’m not sure what happens when you ask to autocreate priviliged (internal) users … I believe in the case of RT_SiteConfig.pm to enable external authentication (like CAS or LDAP):

Set($WebExternalAuth , ‘1’);
Set($WebFallbackToInternalAuth , ‘1’);
Set($WebExternalGecos , undef);
Set($WebExternalAuto , ‘1’);

And now for each new user, the field 'EmailAddress’is populated with “$user@mycompany.com

Have fun with it, people!

                                         Duncan.----- Original Message -----

Hello,

I am currently migrating from RT 3.4.5-2 (2006) on Fedora Core 4 to
RT 4.0.8 on Centos 6.2. The reasons are many, including aging
platform, move to virtualization etc.

The new RT, like the old one, does external authentication through
CAS (Central Authentication Service). Basically users always
initiate a support request through the RT SelfServe website by
authenticating with single sign-on credentails (username, password).

The system generates a new user the first time the user logs in
populates the “Identity” Username and “Unix login” Username from
their login credentials. On the old system, loggin in for the first
time also autogenerates an email by concatenating the “Identity”
with the email domain suffix (“@mydomain.com”).

So for example, person with ID newuser, logs in for the first time,
and their Email field is populated with “newuser@mydomain.com”, and
nothing needs to be done from my end.

For some reason, it does not do this on the new system. I seem to
recall some 7 years ago adding a hack to set this autocreation of
the email field using the username. I have searched but can’t find
anything and searched through the code to see where/how it was
implemented, but I am at a loss.

Does anyone know how this is done in RT 4.x? Other than putting it in
manually, I haven’t been able to figure out how to do this. Thanks
in advance.

                             Regards,

                             Duncan.

Duncan Napier
duncan_napier@sfu.ca
http://www.sfu.ca/~dgnapier/
IT & Instrumentation Consultant
Dept of Molecular Biology and Biochemistry
Simon Fraser University

“It takes ten years to become good at being a kid. Then another ten years
to become good at not being a kid” - Larry Wall.

OK … I solved the problem. After some looking around and re-examining my old code, I found for RT 4.0.8, go to /lib in your “rt” directory (eg /var/rt or /usr/local/rt) so for me I edited in
/usr/local/rt/lib/RT/Interface/Web.pm

Rather than overriding code in RT and making upgrades harder (you’re
already behind 5 versions, including some security releases) you can
make a local/lib/RT/Interface/Web_Local.pm and only override the one
method you’re changing.

I’d probably make the change in a User_Local.pm file changing the
RT::User::CanonicalizeUserInfo method, but there are many ways to fix
this.

-kevin