Good Morning all
I’ve installed the External Auth Plugin for our RT System.
But now i have no clue how to tackle it.
My Knowledge about SSO is really really limited
So can sb give me a hint to start the Challenge to get a good funcitonal
connection to my LDAP Server ( Windows 2008) ?
it would be really nice
best regards john
View this message in context: http://old.nabble.com/RT%3A%3AAuthen%3A%3AExternalAuth-Installed-need-Help-tp30993192p30993192.html
Hi John,
you talk about SSO but it’s not clear from what you say if you either
want authentication based on
Can you please clarify?On 23/02/11 08:55, john s. wrote:
Good Morning all
I’ve installed the External Auth Plugin for our RT System.
But now i have no clue how to tackle it.
My Knowledge about SSO is really really limited
So can sb give me a hint to start the Challenge to get a good funcitonal
connection to my LDAP Server ( Windows 2008) ?it would be really nice
best regards john
Giuseppe Sollazzo
Senior Systems Analyst
Computing Services
Information Services
St. George’s, University Of London
Cranmer Terrace
London SW17 0RE
Email: gsollazz@sgul.ac.uk
Direct Dial: +44 20 8725 5160
Fax: +44 20 8725 3583
Hello Guiseppe
I don’t exactly what I’m talking about … so I’LL describe in which way
should it work
The Authentification Server is an ActiveDirectory on an Windows2008 Server
so if you Logged in in the Main network system with username and Password
you have automallically
access to the rt interface without double authentification
in fact … the AD server should handle the Authentification to the RT
-Server
maybe if it’s fail an fallback to RT Authentifiaction would be nice but at
the moment it isn’t necessary.
An other option is to make the authentification from AD to Apache … so
this would be fit too.
like i said my background knowledge at this sector is very small
best regards john
Giuseppe Sollazzo-2 wrote:
Hi John,
you talk about SSO but it’s not clear from what you say if you either
want authentication based on
- SSO
- LDAP
- SSO using LDAP
Can you please clarify?
Good Morning all
I’ve installed the External Auth Plugin for our RT System.
But now i have no clue how to tackle it.
My Knowledge about SSO is really really limited
So can sb give me a hint to start the Challenge to get a good funcitonal
connection to my LDAP Server ( Windows 2008) ?it would be really nice
best regards john
–
Giuseppe Sollazzo
Senior Systems Analyst
Computing Services
Information Services
St. George’s, University Of London
Cranmer Terrace
London SW17 0REEmail: gsollazz@sgul.ac.uk
Direct Dial: +44 20 8725 5160
Fax: +44 20 8725 3583
View this message in context: http://old.nabble.com/RT%3A%3AAuthen%3A%3AExternalAuth-Installed-need-Help-tp30993192p30993406.html
i think this is sso per ldap to rt
or ldap to apache
View this message in context: http://old.nabble.com/RT%3A%3AAuthen%3A%3AExternalAuth-Installed-need-Help-tp30993192p30993957.html
Hi John,
what you can do is either to plug AD authentication into RT, or to use a
SSO solution (such as CAS).
Give this a look: The holy grail: Single Signon RT
Regards,
GiuseppeOn 23/02/11 10:59, john s. wrote:
i think this is sso per ldap to rt
or ldap to apache
Giuseppe Sollazzo
Senior Systems Analyst
Computing Services
Information Services
St. George’s, University Of London
Cranmer Terrace
London SW17 0RE
Email: gsollazz@sgul.ac.uk
Direct Dial: +44 20 8725 5160
Fax: +44 20 8725 3583
Hm… this article sounds like a little bit outdated … is this the proper
to get an solid sso via ad solution?
Another thing :
Is it normal that the apache2 server doesnt 't start anymore after i 've
installed the perl module RT::Authen::ExternalAuth ? … Remember nothing
is configured yet
Here is the error :
[Wed Feb 23 12:05:05 2011] [error] Can’t locate Net/LDAP.pm in @INC (@INC
contains: /opt/rt3/bin/…/local/lib
/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib /opt/rt3/bin/…/lib
/etc/perl /usr/local/lib/perl/5.10.1 /usr/local/share/perl/5.10.1
/usr/lib/perl5 /usr/share/perl5 /usr/lib/perl/5.10 /usr/share/perl/5.10
/usr/local/lib/site_perl . /etc/apache2) at
/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm
line 3.\nBEGIN failed–compilation aborted at
/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm
line 3.\nCompilation failed in require at
/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm
line 26.\nBEGIN failed–compilation aborted at
/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm
line 26.\nCompilation failed in require at
/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/User_Vendor.pm line
3.\nBEGIN failed–compilation aborted at
/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/User_Vendor.pm line
3.\nCompilation failed in require at (eval 1115) line 3.\nCompilation failed
in require at (eval 113) line 3.\n\t…propagated at
/usr/share/perl/5.10/base.pm line 93.\nBEGIN failed–compilation aborted at
/opt/rt3/bin/…/lib/RT/CurrentUser.pm line 96.\nCompilation failed in
require at /opt/rt3/bin/…/lib/RT.pm line 505.\nCompilation failed in
require at (eval 2) line 1.\n
[Wed Feb 23 12:05:05 2011] [error] Can’t load Perl file:
/opt/rt3/bin/webmux.pl for server localhost:80, exiting…
Giuseppe Sollazzo-2 wrote:
Hi John,
what you can do is either to plug AD authentication into RT, or to use a
SSO solution (such as CAS).Give this a look: The holy grail: Single Signon RT
Regards,
Giuseppe
i think this is sso per ldap to rt
or ldap to apache–
Giuseppe Sollazzo
Senior Systems Analyst
Computing Services
Information Services
St. George’s, University Of London
Cranmer Terrace
London SW17 0REEmail: gsollazz@sgul.ac.uk
Direct Dial: +44 20 8725 5160
Fax: +44 20 8725 3583
best regards john
View this message in context: http://old.nabble.com/RT%3A%3AAuthen%3A%3AExternalAuth-Installed-need-Help-tp30993192p30994494.html
I have fixed my problem the perl module Net::LDAP was missing godsake now
RT is still running
but i think i’m tying to use these module
i must reading some background knowledge if i finished … i come back to
this thread
and ask some questions one more
john s. wrote:
Hm… this article sounds like a little bit outdated … is this the
proper way to get an solid solution based on sso via ad?Another thing :
Is it normal that the apache2 server doesnt 't start anymore after i 've
installed the perl module RT::Authen::ExternalAuth ? … Remember nothing
is configured yetHere is the error :
[Wed Feb 23 12:05:05 2011] [error] Can’t locate Net/LDAP.pm in @INC (@INC
contains: /opt/rt3/bin/…/local/lib
/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib /opt/rt3/bin/…/lib
/etc/perl /usr/local/lib/perl/5.10.1 /usr/local/share/perl/5.10.1
/usr/lib/perl5 /usr/share/perl5 /usr/lib/perl/5.10 /usr/share/perl/5.10
/usr/local/lib/site_perl . /etc/apache2) at
/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm
line 3.\nBEGIN failed–compilation aborted at
/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm
line 3.\nCompilation failed in require at
/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm
line 26.\nBEGIN failed–compilation aborted at
/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm
line 26.\nCompilation failed in require at
/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/User_Vendor.pm line
3.\nBEGIN failed–compilation aborted at
/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/User_Vendor.pm line
3.\nCompilation failed in require at (eval 1115) line 3.\nCompilation
failed in require at (eval 113) line 3.\n\t…propagated at
/usr/share/perl/5.10/base.pm line 93.\nBEGIN failed–compilation aborted
at /opt/rt3/bin/…/lib/RT/CurrentUser.pm line 96.\nCompilation failed in
require at /opt/rt3/bin/…/lib/RT.pm line 505.\nCompilation failed in
require at (eval 2) line 1.\n
[Wed Feb 23 12:05:05 2011] [error] Can’t load Perl file:
/opt/rt3/bin/webmux.pl for server localhost:80, exiting…Giuseppe Sollazzo-2 wrote:
Hi John,
what you can do is either to plug AD authentication into RT, or to use a
SSO solution (such as CAS).Give this a look: The holy grail: Single Signon RT
Regards,
Giuseppe
i think this is sso per ldap to rt
or ldap to apache–
Giuseppe Sollazzo
Senior Systems Analyst
Computing Services
Information Services
St. George’s, University Of London
Cranmer Terrace
London SW17 0REEmail: gsollazz@sgul.ac.uk
Direct Dial: +44 20 8725 5160
Fax: +44 20 8725 3583
best regards john
View this message in context: http://old.nabble.com/RT%3A%3AAuthen%3A%3AExternalAuth-Installed-need-Help-tp30993192p30994952.html
An other option is to make the authentification from AD to Apache … so
this would be fit too.
You could also authenticate directly to the AD server using Kerberos and/or
LDAP.
* mod_auth_kerb - http://modauthkerb.sourceforge.net/
* mod_auth_ldap -
http://httpd.apache.org/docs/2.0/mod/mod_auth_ldap.html
To make the Kerberos setup a snap, Likewise Open is nice–“Open” is their
free product. http://www.likewise.com/
This should also allow for pass-through authentication using any modern
browser, provided the clients’ computer logon name and password matches that
of their AD credentials.
I don’t exactly what I’m talking about … so I’LL describe in which way
should it workThe Authentification Server is an ActiveDirectory on an Windows2008 Server
so if you Logged in in the Main network system with username and Password
you have automallicallyaccess to the rt interface without double authentification
in fact … the AD server should handle the Authentification to the RT
-Servermaybe if it’s fail an fallback to RT Authentifiaction would be nice but at
the moment it isn’t necessary.An other option is to make the authentification from AD to Apache … so
this would be fit too.like i said my background knowledge at this sector is very small
You sound like you’re describing SPNEGO, which isn’t what
RT-Authen-ExternalAuth provides. Folks normally use mod_auth_kerb or
one of the commercial versions of that module to accomplish it.
-kevin