Multiple Authentication Schemes

John_Arends · November 29, 2006, 2:43pm

Has anyone tried pointing multiple locations at the same RT instance so
multiple external authentication schemes can be used?

My RT installation currently is at www.server.com/rt/ and I could use a
second ScriptAlias line to set up www.server.com/rt2/ as well. The only
problem I see is that the URL changes so it would probably break some
things.

I have also thought about setting up multiple instances of RT but
pointing both at the same database, but it is likely that this would
break something as well.

Any suggestions?

Stephen_Turner · November 29, 2006, 2:59pm

-----Original Message-----
From: rt-users-bounces@lists.bestpractical.com
[mailto:rt-users-bounces@lists.bestpractical.com] On Behalf
Of John Arends
Sent: Wednesday, November 29, 2006 9:44 AM
To: rt-users@lists.bestpractical.com
Subject: [rt-users] Multiple Authentication Schemes

Has anyone tried pointing multiple locations at the same RT
instance so
multiple external authentication schemes can be used?

My RT installation currently is at www.server.com/rt/ and I
could use a
second ScriptAlias line to set up www.server.com/rt2/ as
well. The only
problem I see is that the URL changes so it would probably break some
things.

I have also thought about setting up multiple instances of RT but
pointing both at the same database, but it is likely that this would
break something as well.

Any suggestions?

Hi John

We do this using two virtual hosts in the Apache setup. Both use SSL - on
port 443 we use certificate authentication and on port 444 we use
traditional RT username/passwords.

Steve

Stephen Turner
Senior Programmer/Analyst - Client Support Services
MIT Information Services and Technology (IS&T)

John_Arends · November 29, 2006, 3:03pm

How well does RT handle having slightly different URLs? You have to
specify the port number in the site config file, so do you have a
separate config file for each instance?

Stephen Turner wrote:

Stephen_Turner · November 29, 2006, 3:15pm

-----Original Message-----
From: John Arends [mailto:jarends@uiuc.edu]
Sent: Wednesday, November 29, 2006 10:04 AM
To: sturner@MIT.EDU; rt-users@lists.bestpractical.com
Subject: Re: [rt-users] Multiple Authentication Schemes

How well does RT handle having slightly different URLs? You have to
specify the port number in the site config file, so do you have a
separate config file for each instance?

It works fine - we are running 3.4.2 and there’s no port number spec in the
site config. I don’t know if that is different in 3.6. We have these
variables set:

$WebBaseURL - “https://ourrtserver.mit.edu”
$WebAuthURL - “https://ourrtserver.mit.edu”
$WebPath - “”

Steve

Tomasz_Wlodek · November 29, 2006, 3:23pm

And how do you deal with multiple user identities?

I mean: one and the same user can logon once using web certyficate and
once using RT password. How do you tell that this is the same user and
uses the same RT account? How do you map user certyficates to RT accounts?

TomOn Wed, 29 Nov 2006, Stephen Turner wrote:

-----Original Message-----
From: John Arends [mailto:jarends@uiuc.edu]
Sent: Wednesday, November 29, 2006 10:04 AM
To: sturner@MIT.EDU; rt-users@lists.bestpractical.com
Subject: Re: [rt-users] Multiple Authentication Schemes

How well does RT handle having slightly different URLs? You have to
specify the port number in the site config file, so do you have a
separate config file for each instance?

It works fine - we are running 3.4.2 and there’s no port number spec in the
site config. I don’t know if that is different in 3.6. We have these
variables set:

$WebBaseURL - “https://ourrtserver.mit.edu”
$WebAuthURL - “https://ourrtserver.mit.edu”
$WebPath - “”

Steve

The rt-users Archives

Community help: http://wiki.bestpractical.com
Commercial support: sales@bestpractical.com

Discover RT’s hidden secrets with RT Essentials from O’Reilly Media.
Buy a copy at http://rtbook.bestpractical.com

Stephen_Turner · November 29, 2006, 3:55pm

-----Original Message-----
From: Tomasz Wlodek [mailto:tomw@bnl.gov]
Sent: Wednesday, November 29, 2006 10:24 AM
To: Stephen Turner
Cc: ‘John Arends’; rt-users@lists.bestpractical.com
Subject: RE: [rt-users] Multiple Authentication Schemes

And how do you deal with multiple user identities?

I mean: one and the same user can logon once using web
certyficate and
once using RT password. How do you tell that this is the same
user and
uses the same RT account? How do you map user certyficates to
RT accounts?

Tom

Hello Tom,

Each of our users has only a single identity (i.e. a single RT account).
Whether they log in using certificates or username/password, they are
logging in as the same RT user.

The certificates have an ‘email address’ embedded, which in our case maps to
the RT user name. We override RT::Interface::Web::CanonicalizeInfo to
extract the user name from the certificate’s email address info.

Steve