Replacing the login screen to authenticate with cookies

I’ve been reading about mason and the use of Apache::Cookie but I really
don’t know where to tie any of this into RT. It’s difficult to know what to
change and where the ‘right’ place is. I’ve seen numerous people ask this
same question - where is the best place to change the front-end login page
with something else? What is required by RT to know a user is
’authenticated’ and allowed to be assigned an “RT-SID_…” cookie?

What I’d like to do is, upon visiting the RT URL where the login screen
normal appears, you are redirected to another URL to check and see if you
have ‘that’ site’s cookie set. If you do that site decides if you are
authenticated or not. If you are it sends you back to RT. If RT sees that
cookie set it knows you are logged in. We have this working on other
internal use systems that are commonly used but are predominantly written in
php, not perl, and certain not using mason.

So I guess I need to know how to replace the login screen in RT and what
needs to be available to RT for it to ‘trust’ that a user is logged in. I
know it needs the ‘username’ that matches a username in RT’s database, but
other then that… I just don’t know. Can I fool RT into not checking a
password if it gets cookie data from a specific referrer and then using that
cookie data to know who it is that we just fooled it into logging in?

(We plan on importing all the user information into the RT user database but
single-sign-on is important to us for transparent movement within our
systems by staff).

Landon Stewart LStewart@SUPERB.NET
SuperbHosting.Net by Superb Internet Corp.
Toll Free (US/Canada): 888-354-6128 x 4199
Local and International: 206-438-5879 x 4199
Web hosting and more “Ahead of the Rest”: http://www.superbhosting.net

1 Like