Hello,
I am upgrading from 3.8.7 (apache2 + mod_perl) to 4.0.4 (apache2 + mod_fastcgi) and I notice a strange behaviour of RT-Authen-ExternalAuth -0.09.
The authentication works fine, however, the login page gets redirected straight away here:
http://rt.address.com/NoAuth/Login.html?next=xxxxxx&results=xxxxxxx
With the error message: “You are not an authorized user”.
That is, this is what I see instead of the normal login page.
This is what the log says:
[Thu Dec 15 13:20:08 2011] [debug]: Attempting to use external auth service: AD (/opt/rt/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:64)
[Thu Dec 15 13:20:08 2011] [debug]: SSO Failed and no user to test with. Nexting (/opt/rt/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:92)
[Thu Dec 15 13:20:08 2011] [debug]: Autohandler called ExternalAuth. Response: (0, No User) (/opt/rt/local/plugins/RT-Authen-ExternalAuth/html/Elements/DoAuth:10)
[Thu Dec 15 13:20:08 2011] [debug]: Attempting to use external auth service: AD (/opt/rt/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:64)
[Thu Dec 15 13:20:08 2011] [debug]: SSO Failed and no user to test with. Nexting (/opt/rt/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:92)
[Thu Dec 15 13:20:08 2011] [debug]: Autohandler called ExternalAuth. Response: (0, No User) (/opt/rt/local/plugins/RT-Authen-ExternalAuth/html/Elements/DoAuth:10)
Is this to be expected? Or am I missing something? Because in the old version there was no redirection and no error messages.
I dug a little bit and found a “fix”, but it seems a bit heavy handed (if not plain wrong).
It involves modifiying …/html/Callbacks/ExternalAuth/autohandler/Session from this:
<%init>
$m->comp(‘/Elements/DoAuth’,%ARGS);
…
to this:
<%init>
if($ARGS{‘user’} || $m->request_comp->path ne ‘/index.html’){
$m->comp(‘/Elements/DoAuth’,%ARGS);
}
…
That is, try to authenticate me only if I provided an username or if I am trying to access something else than the login page(well…).
Here’s the relevant part of RT_SiteConfig:
Set($WebExternalAuth , ‘1’);
Set($WebFallbackToInternalAuth , ‘1’);
Set($WebExternalAuto , ‘1’);
Set($ExternalAuthPriority, [ ‘AD’ ]);
Set($ExternalInfoPriority, [ ‘AD’ ]);
Set($AutoCreateNonExternalUsers, 1);
Set($ExternalSettings, { ‘AD’ => {
‘type’ => ‘ldap’,
…
}
});
And httpd.conf:
<VirtualHost *:80>
ServerName xxx
KeepAlive On
AddDefaultCharsetUTF-8
LogLevel debug
LogFormat "%h %l %u %t "%r" %>s %b "%{Referer}i" "%{User-agent}i" %{X-Forwarded-For}i " combined
ErrorLog /opt/rt/var/log/error_log
CustomLog /opt/rt/var/log/access_log common env=!dontlog
Alias /NoAuth/images/ /opt/rt/share/html/NoAuth/images/
ScriptAlias / /opt/rt/sbin/rt-server.fcgi/
DocumentRoot /opt/rt/share/html
Thanks,
Iulian