Mike Peachey wrote:
Edward Bryan wrote:
I’ve been tasked with finding a way to login to our RT system by
validating our cookies against a local database and then submitting a
valid user name as a login token to RT. The object is to write a
single sign on plugin that validates against a secure database for a
large number of diverse applications.
RT has facilities to query LDAP and DBI databases with ExternalAuth
and it also has the ability to read a cookie and validate it against
a database of users and user IDs with CookieAuth but it doesn’t seem
to have a method for allowing me do to my own user validation and
then simply submitting a user name as a valid login token. RT retains
the power of the query for user validation. (Correct?)
I think in order to do this I will need to do some major Mason-ary
work and before I propose a project of that size to my customer, I
wanted to get confirmation that this is the only way to get RT to
follow our local login model.
TBH CookieAuth is a fantastic example of how to “build your own” and
although it’s not totally clear what you’re looking for I don’t
think you’d have to veer far from it.
The whole validation path is quite simple… you put in an Auth
callback that runs whatever code you want it to when a user first
vists and you can call any other methods you want at the same time,
and all you need to have a logged in user is to put a user in the
If you want to do your own changes to validation of an actual
password, you just gotta override isPassword in the USer object using
a User_Vendor.pm or User_Local.pm.
I can advise better if you can clarify a little what your intended
Mike Peachey, IT
Tel: +44 114 281 2655
Fax: +44 114 281 2951
Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK
Comp Reg No: 3191371 - Registered In England
Thanks for the quick reply. I’m sorry I wasn’t more clear in my original
We have an single-sign-on application that validates all our users with
their first login to any application we run. Then, as they move from one
app to another, they are transparently validated by the SSO module at
every login. We just added RT and I’ve been asked to write the SSO
module that will allow already-validated-on-our-system users to step
around the RT login page and go straight to the RT “at a glance” page.
What I thought I understood from ExternalAuth and CookieAuth and the
many posts around implementing them, is that users go to the RT login
page and enter their names and passwords but that RT uses ~Auth
callbacks to query a remote database, either LDAP or another DBI type,
that then validates RT users. I’ve been asked to spare our users the
trouble of typing in a name and password if possible.
The closest answer I found was an “autologin” post from 2003 in which
the response was that it couldn’t be done without sending the password
in clear text as part of the url.
So I think the answer to my question is that I need to modify the source
code around logging. Then again, I’m not the expert here.
Thanks for your help.