Hi,
After much effort to learn the intricacies of RT, I have tried to
implement an external authentication by the use of cookies. I say tried
because it doen’t seem to work. Let me explain what I have done so far.
-have set a cookie in my web-site which stores the user name, so when user
clicks on rt link, the user should be created in rt db
-have added a line in RT_Siteconfig.pm Set($WebExternalAuth, 1);
-have modified a few lines and commented out a few in
share/html/autohandler to make use of cookies.
But after this , I fail to understand why the user is not being created in
the database. Can anyone help me please?
Thanks,
Parimala.

<%INIT>
local *session;
Encode::utf8_on($ARGS{$}) foreach (keys %ARGS);

use CGI qw(standard);
use CGI::Cookie;

if ($ARGS{‘Debug’}) {
require Time::HiRes;
$m->{‘rt_base_time’} = [Time::HiRes::gettimeofday()];

}
else {
$m->{‘rt_base_time’} = time;
}
$m->comp(’/Elements/SetupSessionCookie’);

unless ($session{‘CurrentUser’} && $session{‘CurrentUser’}->Id) {
$session{‘CurrentUser’} = RT::CurrentUser->new();
}

Set the proper encoding for the current language handle

$r->content_type(“text/html; charset=utf-8”);

If it’s a noauth file, don’t ask for auth.

if ($m->base_comp->path =~ ‘^/+NoAuth/’ ||
$m->base_comp->path =~ ‘^/+REST/\d+.\d+/NoAuth/’)
{
$m->call_next();
$m->abort();
}

If RT is configured for external auth, let’s get REMOTE_USER

#elsif ($RT::WebExternalAuth and length($ENV{‘REMOTE_USER’})) {
elsif ($RT::WebExternalAuth) {
my $orig_user = $user;

$user = $ENV{‘REMOTE_USER’};

my %cookies = fetch CGI::Cookie;
my $name = $cookies{'user'}->value;
$user = $name;

$session{'CurrentUser'} = RT::CurrentUser->new();
my $load_method = $RT::WebExternalGecos ? 'LoadByGecos' : 'Load';

if ($^O eq 'MSWin32' and $RT::WebExternalGecos) {
    my $NodeName = Win32::NodeName();
    $user =~ s/^\Q$NodeName\E\\//i;
}

$session{'CurrentUser'}->$load_method($user);

if ($RT::WebExternalAuto and !$session{'CurrentUser'}->Id() ) {
    # Create users on-the-fly with default attributes

    my $UserObj = RT::User->new(RT::CurrentUser->new('root'));

    my ($val, $msg) = $UserObj->Create(
        %{ref($RT::AutoCreate) ? $RT::AutoCreate : {}},
        Name         => $user,
        Gecos        => $user,
    );


    if ($val) {
        $UserObj->SetPrivileged(1);

if ($^O !~ /^(?:riscos|MacOS|MSWin32|dos|os2)$/) {

            # Populate fields with information from Unix /etc/passwd

my ($comments, $realname) = (getpwnam($user))[5, 6];

$UserObj->SetComments($comments) if defined $comments;

$UserObj->SetRealName($realname) if defined $realname;

}

elsif ($^O eq ‘MSWin32’ and eval ‘use Net::AdminMisc; 1’) {

            # Populate fields with information from NT domain 

controller

}

        $session{'CurrentUser'}->Load($user);
    }
    else {
        delete $session{'CurrentUser'};
        $m->abort() unless $RT::WebFallbackToInternalAuth;
        $m->comp('/Elements/Login', %ARGS, Error=> loc('Cannot create 

user: [_1]’, $msg));
}
}

unless ( $session{'CurrentUser'}->Id() ) {
    delete $session{'CurrentUser'};
    $user = $orig_user;

    if ( $RT::WebExternalOnly ) { 
        $m->comp('/Elements/Login', %ARGS, Error=> loc('You are not an 

authorized user’));
$m->abort();
}
}
}

delete $session{‘CurrentUser’}
unless $session{‘CurrentUser’} and defined
$session{‘CurrentUser’}->Id;

If the user is logging in, let’s authenticate

if (!$session{‘CurrentUser’} && defined ($user) && defined ($pass) ){
$session{‘CurrentUser’} = RT::CurrentUser->new();
$session{‘CurrentUser’}->Load($user);

if (!$session{'CurrentUser'}->id() ||
    !$session{'CurrentUser'}->IsPassword($pass))
{
    delete $session{'CurrentUser'};
    $m->comp('/Elements/Login', %ARGS,
             Error => loc('Your username or password is incorrect'));
    $m->abort();
}

}

If we’ve got credentials, let’s serve the file up.

if ( (defined $session{‘CurrentUser’}) and
( $session{‘CurrentUser’}->Id) ) {

# Process per-page global callbacks
$m->comp('/Elements/Callback', %ARGS);

# If the user isn't privileged, they can only see SelfService
if ((! $session{'CurrentUser'}->Privileged) and
    ($m->base_comp->path !~ '^(/+)SelfService/') ) {
    $m->comp('/SelfService/index.html');
    $m->abort();
}
else {
    $m->call_next();
}

}

If we have no credentials

else {
$m->comp(’/Elements/Login’, %ARGS);
$m->abort();
}
</%INIT>
<& /Elements/Footer, %ARGS &>
<%ARGS>
$user => undef
$pass => undef
$menu => undef
</%ARGS>

Have you restarted apache? Sometimes I forget after making changes.

– Jeff

At 02:03 PM 6/17/2003 -0400, ParimalaRamdas@oaktech.com wrote:

Hi all,
After collecting data from many resources, I have managed to
authenticate RT ver 2.1.88 by use of cookies. I am posting the changes
done to the scripts in the hope that someone might find it useful.

-Have set cookies in my website for the current user logged in
setcookie(“user”, value); //in php

-In file RT_SiteConfig.pm
Set($WebExternalAuth, 1);
Set($WebExternalAuto, 1);

-In file InstallDir/share/html/autohandler
//add the 2 lines at the beginning of the file
use CGI qw(standard);
use CGI::Cookie;

//modify the line for external authentication by removing
($ENV{‘REMOTE_USER’}) so it reads
elseif ($RT::WebExternalAuth) {

//comment the foll line
$user = $ENV{‘REMOTE_USER’};
// and add these immediately below
my $hashref = fetch CGI::Cookie;
my %hashval = %$hashref;
my $name = $hashval{‘user’}->value;
$user = $name;

//comment the foll
if ($^O !~ /^(?:riscos|MacOS|MSWin32|dos|os2)$/) {
#Populate fields with information from Unix /etc/passwd
my ($comments, $realname) = (getpwnam($user))[5, 6];
$UserObj->SetComments($comments) if defined $comments;
$UserObj->SetRealName($realname) if defined $realname;
}
elsif ($^O eq ‘MSWin32’ and eval ‘use Net::AdminMisc; 1’) {
# Populate fields with information from NT domain controller
}

And RT is ready to accept the username passed by the cookie and creats a
user in the db if it doesn’t already exist or display the home page if
user exists. Works like a charm.
Thanks,
Parimala.