$WebExternalAuth

patrick.narkinsky · January 23, 2008, 3:51pm

Greetings.

I am attempting to get RT to work with the CA SiteMinder Single Sign-On
package. I have siteminder up and running and it is setting the
REMOTE_USER variable, however when I attempt to use rt (http://myhost/rt)
it continues to require a login. My understanding is that, since I’ve
told it to use webserver login, it should skip the rt login. Can anybody
offer any suggestions as to why it continues to require a login?

Thanks!

Here’s a list of all the environmental variables being set by the web
server (appropriately expurgated):

Environment
DOCUMENT_ROOT
/export/html
GATEWAY_INTERFACE
CGI/1.1
HTTPS
on
HTTP_ACCEPT
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,/;q=0.5
HTTP_ACCEPT_CHARSET
ISO-8859-1,utf-8;q=0.7,*;q=0.7
HTTP_ACCEPT_ENCODING
gzip,deflate
HTTP_ACCEPT_LANGUAGE
en-us,en;q=0.5
HTTP_CONNECTION
keep-alive
HTTP_COOKIE
SMSESSION=foo;
RT_SID_foo.bar.com.443=e045e95272ae23da68e02d1132feed89
HTTP_HOST
foo.bar.com
HTTP_KEEP_ALIVE
300
HTTP_SM_AUTHDIRNAME
XXXX
HTTP_SM_AUTHDIRNAMESPACE
XXXX:
HTTP_SM_AUTHDIROID
XXXX
HTTP_SM_AUTHDIRSERVER
XXXX
HTTP_SM_AUTHENTIC
YES
HTTP_SM_AUTHORIZED
YES
HTTP_SM_AUTHREASON
0
HTTP_SM_AUTHTYPE
Form
HTTP_SM_REALM
foo root
HTTP_SM_REALMOID
XXXXX
HTTP_SM_SDOMAIN
.bar.com
HTTP_SM_SERVERIDENTITYSPEC

HTTP_SM_SERVERSESSIONID
foobar
HTTP_SM_SERVERSESSIONSPEC
foobar
HTTP_SM_SESSIONDRIFT
-1
HTTP_SM_TIMETOEXPIRE
7193
HTTP_SM_TRANSACTIONID
foobar
HTTP_SM_USER
jpnarkinsky
HTTP_SM_USERDN
corpid=002006779, ou=vzcore,o=corp
HTTP_USER_AGENT
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.11)
Gecko/20071127 Firefox/2.0.0.11
PATH
/bin:/usr/bin
QUERY_STRING

REMOTE_ADDR
111.222.333.444
REMOTE_PORT
4380
REMOTE_USER
jpnarkinsky
REQUEST_METHOD
GET
REQUEST_URI
/ar/test.pl
SCRIPT_FILENAME
/export/html/ar/test.pl
SCRIPT_NAME
/ar/test.pl
SERVER_ADDR
111.222.333.444
SERVER_ADMIN
webmaster@localhost
SERVER_NAME
foo.bar.com
SERVER_PORT
443
SERVER_PROTOCOL
HTTP/1.1
SERVER_SIGNATURE
Apache/1.3.34 Server at foo.bar.com Port 443
SERVER_SOFTWARE
Apache/1.3.34 (Ubuntu) mod_ssl/2.8.25 OpenSSL/0.9.8a mod_perl/1.29

My RT_SiteConfig.pm:

RT_SiteConfig.pm

These are the bits you absolutely must edit.

To find out how, please read

/usr/share/doc/request-tracker3.4/INSTALL.Debian

THE BASICS:

Set($rtname, ‘foo.bar.com’);
Set($Organization, ‘foo.bar.com’);

Set($CorrespondAddress , ‘foo-rt@bar.com’);
Set($CommentAddress , ‘foo-rt-comment@my.domain.com’);

Set($Timezone , ‘Europe/London’); # obviously choose what suits you

THE DATABASE:

Set($DatabaseType, ‘mysql’); # e.g. Pg or mysql

These are the settings we used above when creating the RT database,

you MUST set these to what you chose in the section above.

Set($DatabaseUser , ‘foo’);
Set($DatabasePassword , ‘foobar’);
Set($DatabaseName , ‘bar’);

THE WEBSERVER:

Set($WebPath , “/rt”);
Set($WebBaseURL , “http://foo.bar.com”);

Cause RT to use external authorization (i.e. siteminder)

Set($WebExternalAuth , 1);

Set($WebFallbackToInternalAuth , undef);

Set($WebExternalAuto , 1);
1;

Patrick Narkinsky
Sr. Solaris Systems Administrator
Verizon
540.597.8483
patrick.narkinsky@verizon.com