RT38 not maintaining authentication (with RT::Authen::ExternalAuth)

All,

I am just testing the new RT 3.8.1 prior to rolling it out to the users here. I have configured ExternalAuth to use our LDAP server (only) and now while I can successfully log in, everytime I click on anything it takes me back to the login screen.

I note on the Wiki that Mike talks about RT::Authen::CookieAuth with regards keeping the session logged in, but I didn’t think I should need this? I thought the base RT maintained logged in status?

Any pointers as to where I could look to work out what is happening?

Cheers,
David

This has been happening to me as well, but with the built-in
authentication. I was able to work around it by setting
Set($WebSessionClass, ‘Apache::Session::File’); in RT_SiteConfig.pm,
but I’d really like to know what’s happening as well.

We’ve seen a similar issue with our current 3.6.3 install; we use CAS
(Central Authentication Service; http://www.ja-sig.org/products/cas/)
to handle campus-wide single sign-on and we’ll often have RT kick us
back out to the CAS login screen and CAS won’t be able to re-
authenticate us until several login attempts have passed. It’s gotten
so bad that we’ve cron’d a RT restart every couple of hours. I’m
hoping that 3.8.1 would help, but after hearing your report…On 18-Aug-08, at 18:32 , David Hobley wrote:

All,

I am just testing the new RT 3.8.1 prior to rolling it out to the
users here. I have configured ExternalAuth to use our LDAP server
(only) and now while I can successfully log in, everytime I click on
anything it takes me back to the login screen.

I note on the Wiki that Mike talks about RT::Authen::CookieAuth with
regards keeping the session logged in, but I didn’t think I should
need this? I thought the base RT maintained logged in status?

Any pointers as to where I could look to work out what is happening?


Cheers,
David


http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users

Community help: http://wiki.bestpractical.com
Commercial support: sales@bestpractical.com

Discover RT’s hidden secrets with RT Essentials from O’Reilly Media.
Buy a copy at http://rtbook.bestpractical.com

Graham Ballantyne
grahamb@sfu.ca

Institutional, Collaborative & Academic Technologies
IT Services

Simon Fraser University
Burnaby, BC V5A 1S6
p: 778-782-2014
www.sfu.ca/icat

Graham,

Thanks for that - this workaround (which was not required for us in 3.6.6) has stopped the issue now, although I’ll monitor it over the next couple of hours and let you know whether it is working in the longer term or not.

Cheers,
DavidFrom: “Graham Ballantyne” grahamb@sfu.ca
To: “David Hobley” david.hobley@mionegroup.com
Cc: rt-users@lists.bestpractical.com
Sent: Tuesday, 19 August, 2008 2:23:34 PM GMT +10:00 Brisbane
Subject: Re: [rt-users] RT38 not maintaining authentication (with RT::Authen::ExternalAuth)

This has been happening to me as well, but with the built-in
authentication. I was able to work around it by setting
Set($WebSessionClass, ‘Apache::Session::File’); in RT_SiteConfig.pm,
but I’d really like to know what’s happening as well.

We’ve seen a similar issue with our current 3.6.3 install; we use CAS
(Central Authentication Service; http://www.ja-sig.org/products/cas/)
to handle campus-wide single sign-on and we’ll often have RT kick us
back out to the CAS login screen and CAS won’t be able to re-
authenticate us until several login attempts have passed. It’s gotten
so bad that we’ve cron’d a RT restart every couple of hours. I’m
hoping that 3.8.1 would help, but after hearing your report…

Graham,

We, the session has been stable for the afternoon for us anyway. So thank you for that!

Cheers,
DavidFrom: “David Hobley” david.hobley@mionegroup.com
To: “Graham Ballantyne” grahamb@sfu.ca
Cc: rt-users@lists.bestpractical.com
Sent: Tuesday, 19 August, 2008 2:26:18 PM GMT +10:00 Brisbane
Subject: Re: [rt-users] RT38 not maintaining authentication (with RT::Authen::ExternalAuth)

Graham,

Thanks for that - this workaround (which was not required for us in 3.6.6) has stopped the issue now, although I’ll monitor it over the next couple of hours and let you know whether it is working in the longer term or not.

Cheers,
David

From: “Graham Ballantyne” grahamb@sfu.ca
To: “David Hobley” david.hobley@mionegroup.com
Cc: rt-users@lists.bestpractical.com
Sent: Tuesday, 19 August, 2008 2:23:34 PM GMT +10:00 Brisbane
Subject: Re: [rt-users] RT38 not maintaining authentication (with RT::Authen::ExternalAuth)

This has been happening to me as well, but with the built-in
authentication. I was able to work around it by setting
Set($WebSessionClass, ‘Apache::Session::File’); in RT_SiteConfig.pm,
but I’d really like to know what’s happening as well.

We’ve seen a similar issue with our current 3.6.3 install; we use CAS
(Central Authentication Service; http://www.ja-sig.org/products/cas/)
to handle campus-wide single sign-on and we’ll often have RT kick us
back out to the CAS login screen and CAS won’t be able to re-
authenticate us until several login attempts have passed. It’s gotten
so bad that we’ve cron’d a RT restart every couple of hours. I’m
hoping that 3.8.1 would help, but after hearing your report…