WebExternalAuth not working at all

I’m currently running RT 3.8.7 under Ubuntu 10.04 with Apache 2 &
SpeedyCGI. I am trying to use WebExternalAuth for authentication since I
have my Apache install talking to OpenDS (LDAP).

I have the following config in my RT_SiteConfig.pm
Set($WebExternalAuth , 1);
Set($WebFallbackToInternalAuth , 0);
#Set($WebExternalGecos , 0);
Set($WebExternalAuto , 1);
#Set($AutoCreate, {Privileged => 1});
#Set($WebExternalAuthContinuous, 1);

Apache prompts me for a password, and authenticates me. In the Apache logs
[1], it shows my username… but RT keeps dumping me back to the login
screen. I’d presum seeting WebFallBackToInteralAuth to zero or indef to
make that NOT happen. I’m at my wits end trying to figure out what is going
on, why it wont authenticate from apache and why it gives me a login screen
even though it isn’t supposed to. I’ve tried every variation of fiddling
with the configs and I just dont know where to find the debug information
nessiary to fix this.

Please, any help would be GREATLY appreciated
-Jon

[1] 192.168.38.170 - jdavis [13/Sep/2010:12:56:59 -0700] "GET /rt/ HTTP/1.1"
200 2212 “-” “Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US;
rv:1.9.1.6) Gecko/20091201 Firefox/3.5.6”

Have you setup Auth Priority?

Set($ExternalAuthPriority, [ ‘My_LDAP’, ‘My_LDAP2’
]);

And info priority?

Set($ExternalInfoPriority, [ ‘My_LDAP’, ‘My_LDAP2’
]);

Peter Barton

IESI Corporation

Network Manager

work.817-632-4000

mobile.817-683-9635From: rt-users-bounces@lists.bestpractical.com
[mailto:rt-users-bounces@lists.bestpractical.com] On Behalf Of Jon Davis
Sent: Monday, September 13, 2010 3:23 PM
To: rt-users
Subject: [rt-users] WebExternalAuth not working at all

I’m currently running RT 3.8.7 under Ubuntu 10.04 with Apache 2 &
SpeedyCGI. I am trying to use WebExternalAuth for authentication since
I have my Apache install talking to OpenDS (LDAP).

I have the following config in my RT_SiteConfig.pm
Set($WebExternalAuth , 1);
Set($WebFallbackToInternalAuth , 0);
#Set($WebExternalGecos , 0);
Set($WebExternalAuto , 1);
#Set($AutoCreate, {Privileged => 1});
#Set($WebExternalAuthContinuous, 1);

Apache prompts me for a password, and authenticates me. In the Apache
logs [1], it shows my username… but RT keeps dumping me back to the
login screen. I’d presum seeting WebFallBackToInteralAuth to zero or
indef to make that NOT happen. I’m at my wits end trying to figure out
what is going on, why it wont authenticate from apache and why it gives
me a login screen even though it isn’t supposed to. I’ve tried every
variation of fiddling with the configs and I just dont know where to
find the debug information nessiary to fix this.

Please, any help would be GREATLY appreciated
-Jon

[1] 192.168.38.170 - jdavis [13/Sep/2010:12:56:59 -0700] “GET /rt/
HTTP/1.1” 200 2212 “-” “Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6;
en-US; rv:1.9.1.6) Gecko/20091201 Firefox/3.5.6”

Have you setup Auth Priority?

Peter -

RT’s WebExternalAuth is not the same as RT::Authen::ExternalAuth

Jon -

If you’re still seeing an RT login screen with
WebFallbackToInternalAuth set to 0, then something wrong is happening,
since that setting disables chunks of the Login element

My guess would be that using the speedycgi interface (which really
isn’t widely used) is causing REMOTE_USER not to be propagated
properly.

-kevin

Sorry, I have RT::Authen::ExternalAuth on the brain. I have been
working with it for the past two weeks straight.

Peter BartonFrom: rt-users-bounces@lists.bestpractical.com
[mailto:rt-users-bounces@lists.bestpractical.com] On Behalf Of Kevin
Falcone
Sent: Monday, September 13, 2010 4:17 PM
To: rt-users@lists.bestpractical.com
Subject: Re: [rt-users] WebExternalAuth not working at all

Have you setup Auth Priority?

Peter -

RT’s WebExternalAuth is not the same as RT::Authen::ExternalAuth

Jon -

If you’re still seeing an RT login screen with WebFallbackToInternalAuth
set to 0, then something wrong is happening, since that setting disables
chunks of the Login element

My guess would be that using the speedycgi interface (which really isn’t
widely used) is causing REMOTE_USER not to be propagated properly.

-kevin

Set($ExternalAuthPriority, [ ‘My_LDAP’, ‘My_LDAP2’
]);
And info priority?
Set($ExternalInfoPriority, [ ‘My_LDAP’, ‘My_LDAP2’
]);

From: rt-users-bounces@lists.bestpractical.com
[mailto:rt-users-bounces@lists.bestpractical.com] On Behalf Of Jon
Davis
Sent: Monday, September 13, 2010 3:23 PM
To: rt-users
Subject: [rt-users] WebExternalAuth not working at all

I’m currently running RT 3.8.7 under Ubuntu 10.04 with Apache 2 &
SpeedyCGI. I am trying to
use WebExternalAuth for authentication since I have my Apache
install talking to OpenDS
(LDAP).

I have the following config in my RT_SiteConfig.pm
Set($WebExternalAuth , 1);
Set($WebFallbackToInternalAuth , 0);
#Set($WebExternalGecos , 0);
Set($WebExternalAuto , 1);
#Set($AutoCreate, {Privileged => 1});
#Set($WebExternalAuthContinuous, 1);

Apache prompts me for a password, and authenticates me. In the
Apache logs [1], it shows my
username… but RT keeps dumping me back to the login screen. I’d
presum seeting
WebFallBackToInteralAuth to zero or indef to make that NOT happen.
I’m at my wits end trying
to figure out what is going on, why it wont authenticate from
apache and why it gives me a
login screen even though it isn’t supposed to. I’ve tried every
variation of fiddling with
the configs and I just dont know where to find the debug
information nessiary to fix this.

Please, any help would be GREATLY appreciated
-Jon

[1] 192.168.38.170 - jdavis [13/Sep/2010:12:56:59 -0700] “GET /rt/
HTTP/1.1” 200 2212 “-”
“Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.1.6)
Gecko/20091201
Firefox/3.5.6”

Ok, so my guess was right, loginscreen = bad. So whats the recommended
interface?

-JonOn Mon, Sep 13, 2010 at 14:17, Kevin Falcone falcone@bestpractical.comwrote:

On Mon, Sep 13, 2010 at 03:55:36PM -0500, Peter Barton wrote:

Have you setup Auth Priority?

Peter -

RT’s WebExternalAuth is not the same as RT::Authen::ExternalAuth

Jon -

If you’re still seeing an RT login screen with
WebFallbackToInternalAuth set to 0, then something wrong is happening,
since that setting disables chunks of the Login element

My guess would be that using the speedycgi interface (which really
isn’t widely used) is causing REMOTE_USER not to be propagated
properly.

-kevin

Set($ExternalAuthPriority, [ ‘My_LDAP’, ‘My_LDAP2’
]);
And info priority?
Set($ExternalInfoPriority, [ ‘My_LDAP’, ‘My_LDAP2’
]);

From: rt-users-bounces@lists.bestpractical.com
[mailto:rt-users-bounces@lists.bestpractical.com] On Behalf Of Jon
Davis
Sent: Monday, September 13, 2010 3:23 PM
To: rt-users
Subject: [rt-users] WebExternalAuth not working at all

I’m currently running RT 3.8.7 under Ubuntu 10.04 with Apache 2 &
SpeedyCGI. I am trying to
use WebExternalAuth for authentication since I have my Apache install
talking to OpenDS
(LDAP).

I have the following config in my RT_SiteConfig.pm
Set($WebExternalAuth , 1);
Set($WebFallbackToInternalAuth , 0);
#Set($WebExternalGecos , 0);
Set($WebExternalAuto , 1);
#Set($AutoCreate, {Privileged => 1});
#Set($WebExternalAuthContinuous, 1);

Apache prompts me for a password, and authenticates me. In the Apache
logs [1], it shows my
username… but RT keeps dumping me back to the login screen. I’d
presum seeting
WebFallBackToInteralAuth to zero or indef to make that NOT happen.
I’m at my wits end trying
to figure out what is going on, why it wont authenticate from apache
and why it gives me a
login screen even though it isn’t supposed to. I’ve tried every
variation of fiddling with
the configs and I just dont know where to find the debug information
nessiary to fix this.

Please, any help would be GREATLY appreciated
-Jon

[1] 192.168.38.170 - jdavis [13/Sep/2010:12:56:59 -0700] “GET /rt/
HTTP/1.1” 200 2212 “-”
“Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.1.6)
Gecko/20091201
Firefox/3.5.6”

RT Training in Washington DC, USA on Oct 25 & 26 2010
Last one this year – Learn how to get the most out of RT!

Just as a follow up. I tried another interface at random (modperl2)… and
it works. The system no longer prompts me for a username/password. I go
directly into the application. If I turn off the authentication, I end up
at an RT login screen w/o a username or password field (so… more or less
what I expect).

So if you want to use $WebExternalAuth - don’t use SpeedyCGI

-JonOn Mon, Sep 13, 2010 at 14:26, Jon Davis maillist@konsoletek.com wrote:

Ok, so my guess was right, loginscreen = bad. So whats the recommended
interface?

-Jon

On Mon, Sep 13, 2010 at 14:17, Kevin Falcone falcone@bestpractical.comwrote:

On Mon, Sep 13, 2010 at 03:55:36PM -0500, Peter Barton wrote:

Have you setup Auth Priority?

Peter -

RT’s WebExternalAuth is not the same as RT::Authen::ExternalAuth

Jon -

If you’re still seeing an RT login screen with
WebFallbackToInternalAuth set to 0, then something wrong is happening,
since that setting disables chunks of the Login element

My guess would be that using the speedycgi interface (which really
isn’t widely used) is causing REMOTE_USER not to be propagated
properly.

-kevin

Set($ExternalAuthPriority, [ ‘My_LDAP’, ‘My_LDAP2’
]);
And info priority?
Set($ExternalInfoPriority, [ ‘My_LDAP’, ‘My_LDAP2’
]);

From: rt-users-bounces@lists.bestpractical.com
[mailto:rt-users-bounces@lists.bestpractical.com] On Behalf Of Jon
Davis
Sent: Monday, September 13, 2010 3:23 PM
To: rt-users
Subject: [rt-users] WebExternalAuth not working at all

I’m currently running RT 3.8.7 under Ubuntu 10.04 with Apache 2 &
SpeedyCGI. I am trying to
use WebExternalAuth for authentication since I have my Apache install
talking to OpenDS
(LDAP).

I have the following config in my RT_SiteConfig.pm
Set($WebExternalAuth , 1);
Set($WebFallbackToInternalAuth , 0);
#Set($WebExternalGecos , 0);
Set($WebExternalAuto , 1);
#Set($AutoCreate, {Privileged => 1});
#Set($WebExternalAuthContinuous, 1);

Apache prompts me for a password, and authenticates me. In the
Apache logs [1], it shows my
username… but RT keeps dumping me back to the login screen. I’d
presum seeting
WebFallBackToInteralAuth to zero or indef to make that NOT happen.
I’m at my wits end trying
to figure out what is going on, why it wont authenticate from apache
and why it gives me a
login screen even though it isn’t supposed to. I’ve tried every
variation of fiddling with
the configs and I just dont know where to find the debug information
nessiary to fix this.

Please, any help would be GREATLY appreciated
-Jon

[1] 192.168.38.170 - jdavis [13/Sep/2010:12:56:59 -0700] “GET /rt/
HTTP/1.1” 200 2212 “-”
“Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.1.6)
Gecko/20091201
Firefox/3.5.6”

RT Training in Washington DC, USA on Oct 25 & 26 2010
Last one this year – Learn how to get the most out of RT!