Rt 4.4.1 cas ldap

Alexandre_PIASER · March 24, 2017, 9:33am

Hello,
I try to install RT 4.4.1 on CENTOS 7.
I add succesfully my LDAP and the users are created in RT.
Now I try to add my authentication CAS but whitout success
I change my conf apache like this :

RT4 configuration for Apache

Optional apache logs for RT

Ensure that your log rotation scripts know about these files

ErrorLog /opt/rt4/var/log/apache2.error

TransferLog /opt/rt4/var/log/apache2.access

LogLevel debug

AddDefaultCharset UTF-8

Alias /rttest/NoAuth/images /opt/rttest/share/html/NoAuth/images/

ScriptAlias /rttest /opt/rttest/sbin/rt-server.fcgi/

DocumentRoot “/opt/rttest/share/html”

<Location /rttest>
Authtype CAS
Require valid-user
</Location>
LogLevel debug

And this my RT conf :

Set( $CorrespondAddress, ‘’ );
Set( $DatabaseHost, ‘localhost’ );
Set( $DatabaseName, ‘rttest’ );
Set( $DatabasePassword, ‘*********’ );
Set( $DatabasePort, ‘’ );
Set( $DatabaseType, ‘mysql’ );
Set( $DatabaseUser, ‘rttest_user’ );
Set( $Organization, ‘OIEAU’ );
Set( $OwnerEmail, ‘ap@oieau.fr’ );
Set( $SendmailPath, ‘/usr/sbin/sendmail’ );
Set( $WebDomain, ‘rochefort.oieau.fr’ );
Set( $WebPort, ‘80’ );
Set( $WebPath, ‘/rttest’ );
Set( $rtname, ‘RT_TEST’ );
Set($RTAddressRegexp , ‘oieau.fr$’);
Set($WebExternalAuth , 1); # CAS auth
Set($WebFallbackToInternalAuth , 1);
Set($ExternalAuthPriority , [‘LDAP_OIEAU’]);
Set($ExternalInfoPriority , [‘LDAP_OIEAU’]);
Set($WebExternalAuto , 1);

Set($ExternalSettings,{
# LDAP mapping
‘LDAP_OIEAU’ => {
‘type’ => ‘ldap’ ,
‘server’ => ‘********’ ,
‘port’ => ‘389’,
‘ssl_version’ => 0,
‘base’ => ‘ou=users,dc=oieau.fr,dc=local’ ,
‘filter’ => ‘(objectClass=*)’ ,
‘attr_match_list’ => [ ‘Name’ ,
#‘EmailAddress’ ,
#‘RealName’ ,
#‘NickName’ ,
#‘WorkPhone’
],
‘attr_map’ => {
‘Name’ => ‘uid’ ,
‘EmailAddress’ => ‘mail’ ,
‘RealName’ => ‘cn’ ,
‘NickName’ => ‘givenName’ ,
‘WorkPhone’ => ‘telephoneNumber’
}
}
});
Set($WebRemoteUserAutocreate , 1);
Set($AutoCreateNonExternalUsers, 0);
Set($LogToFile, “debug”);
Set($LogDir, ‘/opt/rttest/var/log’);
Set($LogToFileNamed , “rt.log”);
Set($LogToSyslog , undef);
Set($LogToScreen , ‘error’);
1;

I have this error in the file rt.log :

[53559] [Fri Mar 24 09:11:50 2017] [debug]: Attempting to use external auth service: LDAP_OIEAU (/opt/rttest/sbin/…/lib/RT/Authen/ExternalAuth.pm:288)
[53559] [Fri Mar 24 09:11:50 2017] [debug]: SSO Failed and no user to test with. Nexting (/opt/rttest/sbin/…/lib/RT/Authen/ExternalAuth.pm:316)
[53559] [Fri Mar 24 09:11:50 2017] [debug]: Autohandler called ExternalAuth. Response: (0, No User) (/opt/rttest/share/html/Elements/DoAuth:58)
[53559] [Fri Mar 24 09:11:50 2017] [debug]: Attempting to use external auth service: LDAP_OIEAU (/opt/rttest/sbin/…/lib/RT/Authen/ExternalAuth.pm:288)
[53559] [Fri Mar 24 09:11:50 2017] [debug]: SSO Failed and no user to test with. Nexting (/opt/rttest/sbin/…/lib/RT/Authen/ExternalAuth.pm:316)
[53559] [Fri Mar 24 09:11:50 2017] [debug]: Autohandler called ExternalAuth. Response: (0, No User) (/opt/rttest/share/html/Elements/DoAuth:58)
[53559] [Fri Mar 24 09:11:50 2017] [debug]: Attempting to use external auth service: LDAP_OIEAU (/opt/rttest/sbin/…/lib/RT/Authen/ExternalAuth.pm:288)
[53559] [Fri Mar 24 09:11:50 2017] [debug]: SSO Failed and no user to test with. Nexting (/opt/rttest/sbin/…/lib/RT/Authen/ExternalAuth.pm:316)
[53559] [Fri Mar 24 09:11:50 2017] [debug]: Autohandler called ExternalAuth. Response: (0, No User) (/opt/rttest/share/html/Elements/DoAuth:58)
[53559] [Fri Mar 24 09:11:51 2017] [debug]: Attempting to use external auth service: LDAP_OIEAU (/opt/rttest/sbin/…/lib/RT/Authen/ExternalAuth.pm:288)
[53559] [Fri Mar 24 09:11:51 2017] [debug]: SSO Failed and no user to test with. Nexting (/opt/rttest/sbin/…/lib/RT/Authen/ExternalAuth.pm:316)
[53559] [Fri Mar 24 09:11:51 2017] [debug]: Autohandler called ExternalAuth. Response: (0, No User) (/opt/rttest/share/html/Elements/DoAuth:58)
[53559] [Fri Mar 24 09:12:24 2017] [debug]: Attempting to use external auth service: LDAP_OIEAU (/opt/rttest/sbin/…/lib/RT/Authen/ExternalAuth.pm:288)
[53559] [Fri Mar 24 09:12:24 2017] [debug]: SSO Failed and no user to test with. Nexting (/opt/rttest/sbin/…/lib/RT/Authen/ExternalAuth.pm:316)
[53559] [Fri Mar 24 09:12:24 2017] [debug]: Autohandler called ExternalAuth. Response: (0, No User) (/opt/rttest/share/html/Elements/DoAuth:58)
[53559] [Fri Mar 24 09:12:24 2017] [debug]: Attempting to use external auth service: LDAP_OIEAU (/opt/rttest/sbin/…/lib/RT/Authen/ExternalAuth.pm:288)
[53559] [Fri Mar 24 09:12:24 2017] [debug]: SSO Failed and no user to test with. Nexting (/opt/rttest/sbin/…/lib/RT/Authen/ExternalAuth.pm:316)
[53559] [Fri Mar 24 09:12:24 2017] [debug]: Autohandler called ExternalAuth. Response: (0, No User) (/opt/rttest/share/html/Elements/DoAuth:58)
[53559] [Fri Mar 24 09:12:24 2017] [debug]: Attempting to use external auth service: LDAP_OIEAU (/opt/rttest/sbin/…/lib/RT/Authen/ExternalAuth.pm:288)
[53559] [Fri Mar 24 09:12:24 2017] [debug]: SSO Failed and no user to test with. Nexting (/opt/rttest/sbin/…/lib/RT/Authen/ExternalAuth.pm:316)
[53559] [Fri Mar 24 09:12:24 2017] [debug]: Autohandler called ExternalAuth. Response: (0, No User) (/opt/rttest/share/html/Elements/DoAuth:58)
[53559] [Fri Mar 24 09:12:25 2017] [debug]: Attempting to use external auth service: LDAP_OIEAU (/opt/rttest/sbin/…/lib/RT/Authen/ExternalAuth.pm:288)
[53559] [Fri Mar 24 09:12:25 2017] [debug]: SSO Failed and no user to test with. Nexting (/opt/rttest/sbin/…/lib/RT/Authen/ExternalAuth.pm:316)
[53559] [Fri Mar 24 09:12:25 2017] [debug]: Autohandler called ExternalAuth. Response: (0, No User) (/opt/rttest/share/html/Elements/DoAuth:58)

And in my error_log :

[Fri Mar 24 10:12:24.780084 2017] [authz_core:debug] [pid 53558] mod_authz_core.c(809): [client 194.57.178.129:44793] AH01626: authorization result of Require valid-user : denied (no authenticated user yet)
[Fri Mar 24 10:12:24.780222 2017] [authz_core:debug] [pid 53558] mod_authz_core.c(809): [client 194.57.178.129:44793] AH01626: authorization result of : denied (no authenticated user yet)
[Fri Mar 24 10:12:24.780301 2017] [:debug] [pid 53558] mod_auth_cas.c(2058): [client 194.57.178.129:44793] Entering cas_authenticate()
[Fri Mar 24 10:12:24.780337 2017] [:debug] [pid 53558] mod_auth_cas.c(1655): [client 194.57.178.129:44793] entering isValidCASCookie()
[Fri Mar 24 10:12:24.780361 2017] [:debug] [pid 53558] mod_auth_cas.c(892): [client 194.57.178.129:44793] entering readCASCacheFile()
[Fri Mar 24 10:12:24.780916 2017] [:debug] [pid 53558] mod_auth_cas.c(1180): [client 194.57.178.129:44793] entering writeCASCacheEntry()
[Fri Mar 24 10:12:24.781464 2017] [authz_core:debug] [pid 53558] mod_authz_core.c(809): [client 194.57.178.129:44793] AH01626: authorization result of Require valid-user : granted
[Fri Mar 24 10:12:24.781512 2017] [authz_core:debug] [pid 53558] mod_authz_core.c(809): [client 194.57.178.129:44793] AH01626: authorization result of : granted
[Fri Mar 24 10:12:24.782191 2017] [authz_core:debug] [pid 53558] mod_authz_core.c(809): [client 194.57.178.129:44793] AH01626: authorization result of Require all granted: granted
[Fri Mar 24 10:12:24.782237 2017] [authz_core:debug] [pid 53558] mod_authz_core.c(809): [client 194.57.178.129:44793] AH01626: authorization result of : granted
[Fri Mar 24 10:12:24.782373 2017] [authz_core:debug] [pid 53558] mod_authz_core.c(809): [client 194.57.178.129:44793] AH01626: authorization result of Require all granted: granted
[Fri Mar 24 10:12:24.782416 2017] [authz_core:debug] [pid 53558] mod_authz_core.c(809): [client 194.57.178.129:44793] AH01626: authorization result of : granted
[Fri Mar 24 10:12:24.834423 2017] [authz_core:debug] [pid 53558] mod_authz_core.c(809): [client 194.57.178.129:44793] AH01626: authorization result of Require valid-user : denied (no authenticated user yet), referer: http://rochefort.oieau.fr/rttest
[Fri Mar 24 10:12:24.834475 2017] [authz_core:debug] [pid 53558] mod_authz_core.c(809): [client 194.57.178.129:44793] AH01626: authorization result of : denied (no authenticated user yet), referer: http://rochefort.oieau.fr/rttest
[Fri Mar 24 10:12:24.834496 2017] [:debug] [pid 53558] mod_auth_cas.c(2058): [client 194.57.178.129:44793] Entering cas_authenticate(), referer: http://rochefort.oieau.fr/rttest
[Fri Mar 24 10:12:24.834510 2017] [:debug] [pid 53558] mod_auth_cas.c(1655): [client 194.57.178.129:44793] entering isValidCASCookie(), referer: http://rochefort.oieau.fr/rttest
[Fri Mar 24 10:12:24.834517 2017] [:debug] [pid 53558] mod_auth_cas.c(892): [client 194.57.178.129:44793] entering readCASCacheFile(), referer: http://rochefort.oieau.fr/rttest
[Fri Mar 24 10:12:24.834701 2017] [:debug] [pid 53558] mod_auth_cas.c(1180): [client 194.57.178.129:44793] entering writeCASCacheEntry(), referer: http://rochefort.oieau.fr/rttest
[Fri Mar 24 10:12:24.834979 2017] [authz_core:debug] [pid 53558] mod_authz_core.c(809): [client 194.57.178.129:44793] AH01626: authorization result of Require valid-user : granted, referer: http://rochefort.oieau.fr/rttest
[Fri Mar 24 10:12:24.834996 2017] [authz_core:debug] [pid 53558] mod_authz_core.c(809): [client 194.57.178.129:44793] AH01626: authorization result of : granted, referer: http://rochefort.oieau.fr/rttest
[Fri Mar 24 10:12:24.834989 2017] [authz_core:debug] [pid 53557] mod_authz_core.c(809): [client 194.57.178.129:44794] AH01626: authorization result of Require valid-user : denied (no authenticated user yet), referer: http://rochefort.oieau.fr/rttest
[Fri Mar 24 10:12:24.835074 2017] [authz_core:debug] [pid 53557] mod_authz_core.c(809): [client 194.57.178.129:44794] AH01626: authorization result of : denied (no authenticated user yet), referer: http://rochefort.oieau.fr/rttest
[Fri Mar 24 10:12:24.835126 2017] [:debug] [pid 53557] mod_auth_cas.c(2058): [client 194.57.178.129:44794] Entering cas_authenticate(), referer: http://rochefort.oieau.fr/rttest
[Fri Mar 24 10:12:24.835149 2017] [:debug] [pid 53557] mod_auth_cas.c(1655): [client 194.57.178.129:44794] entering isValidCASCookie(), referer: http://rochefort.oieau.fr/rttest
[Fri Mar 24 10:12:24.835158 2017] [:debug] [pid 53557] mod_auth_cas.c(892): [client 194.57.178.129:44794] entering readCASCacheFile(), referer: http://rochefort.oieau.fr/rttest
[Fri Mar 24 10:12:24.835265 2017] [authz_core:debug] [pid 53558] mod_authz_core.c(809): [client 194.57.178.129:44793] AH01626: authorization result of Require all granted: granted, referer: http://rochefort.oieau.fr/rttest
[Fri Mar 24 10:12:24.835282 2017] [authz_core:debug] [pid 53558] mod_authz_core.c(809): [client 194.57.178.129:44793] AH01626: authorization result of : granted, referer: http://rochefort.oieau.fr/rttest
[Fri Mar 24 10:12:24.835530 2017] [:debug] [pid 53557] mod_auth_cas.c(1180): [client 194.57.178.129:44794] entering writeCASCacheEntry(), referer: http://rochefort.oieau.fr/rttest
[Fri Mar 24 10:12:24.835881 2017] [authz_core:debug] [pid 53557] mod_authz_core.c(809): [client 194.57.178.129:44794] AH01626: authorization result of Require valid-user : granted, referer: http://rochefort.oieau.fr/rttest
[Fri Mar 24 10:12:24.835906 2017] [authz_core:debug] [pid 53557] mod_authz_core.c(809): [client 194.57.178.129:44794] AH01626: authorization result of : granted, referer: http://rochefort.oieau.fr/rttest
[Fri Mar 24 10:12:24.836333 2017] [authz_core:debug] [pid 53557] mod_authz_core.c(809): [client 194.57.178.129:44794] AH01626: authorization result of Require all granted: granted, referer: http://rochefort.oieau.fr/rttest
[Fri Mar 24 10:12:24.836361 2017] [authz_core:debug] [pid 53557] mod_authz_core.c(809): [client 194.57.178.129:44794] AH01626: authorization result of : granted, referer: http://rochefort.oieau.fr/rttest
[Fri Mar 24 10:12:24.857089 2017] [authz_core:debug] [pid 53558] mod_authz_core.c(809): [client 194.57.178.129:44793] AH01626: authorization result of Require valid-user : denied (no authenticated user yet), referer: http://rochefort.oieau.fr/rttest
[Fri Mar 24 10:12:24.857140 2017] [authz_core:debug] [pid 53558] mod_authz_core.c(809): [client 194.57.178.129:44793] AH01626: authorization result of : denied (no authenticated user yet), referer: http://rochefort.oieau.fr/rttest
[Fri Mar 24 10:12:24.857157 2017] [:debug] [pid 53558] mod_auth_cas.c(2058): [client 194.57.178.129:44793] Entering cas_authenticate(), referer: http://rochefort.oieau.fr/rttest
[Fri Mar 24 10:12:24.857170 2017] [:debug] [pid 53558] mod_auth_cas.c(1655): [client 194.57.178.129:44793] entering isValidCASCookie(), referer: http://rochefort.oieau.fr/rttest
[Fri Mar 24 10:12:24.857177 2017] [:debug] [pid 53558] mod_auth_cas.c(892): [client 194.57.178.129:44793] entering readCASCacheFile(), referer: http://rochefort.oieau.fr/rttest
[Fri Mar 24 10:12:24.857480 2017] [:debug] [pid 53558] mod_auth_cas.c(1180): [client 194.57.178.129:44793] entering writeCASCacheEntry(), referer: http://rochefort.oieau.fr/rttest
[Fri Mar 24 10:12:24.857923 2017] [authz_core:debug] [pid 53558] mod_authz_core.c(809): [client 194.57.178.129:44793] AH01626: authorization result of Require valid-user : granted, referer: http://rochefort.oieau.fr/rttest
[Fri Mar 24 10:12:24.858080 2017] [authz_core:debug] [pid 53558] mod_authz_core.c(809): [client 194.57.178.129:44793] AH01626: authorization result of : granted, referer: http://rochefort.oieau.fr/rttest
[Fri Mar 24 10:12:24.858350 2017] [authz_core:debug] [pid 53558] mod_authz_core.c(809): [client 194.57.178.129:44793] AH01626: authorization result of Require all granted: granted, referer: http://rochefort.oieau.fr/rttest
[Fri Mar 24 10:12:24.858386 2017] [authz_core:debug] [pid 53558] mod_authz_core.c(809): [client 194.57.178.129:44793] AH01626: authorization result of : granted, referer: http://rochefort.oieau.fr/rttest
[Fri Mar 24 10:12:26.026991 2017] [authz_core:debug] [pid 53557] mod_authz_core.c(809): [client 194.57.178.129:44794] AH01626: authorization result of Require valid-user : denied (no authenticated user yet), referer: http://rochefort.oieau.fr/rttest
[Fri Mar 24 10:12:26.027077 2017] [authz_core:debug] [pid 53557] mod_authz_core.c(809): [client 194.57.178.129:44794] AH01626: authorization result of : denied (no authenticated user yet), referer: http://rochefort.oieau.fr/rttest
[Fri Mar 24 10:12:26.027100 2017] [:debug] [pid 53557] mod_auth_cas.c(2058): [client 194.57.178.129:44794] Entering cas_authenticate(), referer: http://rochefort.oieau.fr/rttest
[Fri Mar 24 10:12:26.027115 2017] [:debug] [pid 53557] mod_auth_cas.c(1655): [client 194.57.178.129:44794] entering isValidCASCookie(), referer: http://rochefort.oieau.fr/rttest
[Fri Mar 24 10:12:26.027123 2017] [:debug] [pid 53557] mod_auth_cas.c(892): [client 194.57.178.129:44794] entering readCASCacheFile(), referer: http://rochefort.oieau.fr/rttest
[Fri Mar 24 10:12:26.027319 2017] [:debug] [pid 53557] mod_auth_cas.c(1180): [client 194.57.178.129:44794] entering writeCASCacheEntry(), referer: http://rochefort.oieau.fr/rttest
[Fri Mar 24 10:12:26.027988 2017] [authz_core:debug] [pid 53557] mod_authz_core.c(809): [client 194.57.178.129:44794] AH01626: authorization result of Require valid-user : granted, referer: http://rochefort.oieau.fr/rttest
[Fri Mar 24 10:12:26.028027 2017] [authz_core:debug] [pid 53557] mod_authz_core.c(809): [client 194.57.178.129:44794] AH01626: authorization result of : granted, referer: http://rochefort.oieau.fr/rttest
[Fri Mar 24 10:12:26.028314 2017] [authz_core:debug] [pid 53557] mod_authz_core.c(809): [client 194.57.178.129:44794] AH01626: authorization result of Require all granted: granted, referer: http://rochefort.oieau.fr/rttest
[Fri Mar 24 10:12:26.028349 2017] [authz_core:debug] [pid 53557] mod_authz_core.c(809): [client 194.57.178.129:44794] AH01626: authorization result of : granted, referer: http://rochefort.oieau.fr/rttest

I’m a noob in apache so I need help.

The sso works but when I’m logged in, I’m redirected to the login page of RT.

Thanks for your help,

Regards.

Alex

Alexandre_PIASER · March 30, 2017, 11:47am

Has anyone ever succeeded?

vinz · March 30, 2017, 1:15pm

I can’t find Set($WebExternalAuth , 1); in the current RT documentation . Are you using an old config file? For webserver auth you need to use $WebRemoteUserAuth

Alexandre_PIASER · March 30, 2017, 1:38pm

You 're right, I did a mistake.
I change it but I have the same messages

vinz · March 30, 2017, 1:44pm

Hrmm is your apache setting the REMOTE_USER variable? Did you take a look at Authentication - RT 4.4.1 Documentation - Best Practical ?

Alexandre_PIASER · March 30, 2017, 2:55pm

Thanks !!!
I’ve a second instance of rt 4.4.1 with mod_perl and with your modifications, it’s good : the cas works.

vinz · March 31, 2017, 5:52am

Nice Now you can flag this topic as solved → Marking topics as solved

Alexandre_PIASER · March 31, 2017, 6:48am

Hello,
I’ve a last question, I think ?
When I logout, rt logs me in automatically. I think the solution is to redirect to the logout page of my sso.
Do you know how I can customize it ?
I tried it without success …
Thanks

vinz · March 31, 2017, 7:02am

There should be a callback for the logout button: Writing extensions - RT 4.4.1 Documentation - Best Practical or you add some custom JavaScript to replace the link → RT Config - RT 4.4.1 Documentation - Best Practical

@JSFiles
        A list of additional JavaScript files to be included in head.

Alexandre_PIASER · March 31, 2017, 8:27am

Thanks a lot.
I had issues with the callback so I chose to change the link with jquery.
And it works !!!

jackc · April 20, 2017, 3:04pm

Have some callback or js code? Thx.

Alexandre_PIASER · April 24, 2017, 7:18am

Hello
I created a javascript file /opt/rtms/share/static/js/myFunctions.js with this code

jQuery(document).ready(function() {
jQuery(“#preferences-logout”).attr(“href”,“Authentication portal”);
});

And don’t forget to add it in RT_SiteConfig.pm like that:
Set(@JSFiles,‘myFunctions.js’);