WebNoAuthRegex - what is this?

Hello,

I am having a problem with deploying RT on a Web-based authentication
system that appends a ticket string

“?ticket=xxxxxxx”

to every URL that lies below the rt-doc root (ie the one that has the
.htaccess restriction). I see

“WebNoAuthRegex - What portion of RT’s URLspace should not require
authentication.” and wonder if that can fix it. I only need RT users to
authenticate to my RT home page (index.html). How do you specify the
non-authenticated URL space?

Here are the details:

I successfully have deployed RT 3.4.5-1 on Fedora Core
kernel-smp-2.6.14-1.1656_FC4 running with Apache 2.0.54/55, MySQL
4.1.16-1, PHP 5.1.2, mod_perl-2.0.2 and it works great.

I set up and tested Apache Basic authentication (ie .htpasswd/password
file, AuthMySQLEnable off) and setting

Set($WebExternalAuth , ‘1’);
Set($WebFallbackToInternalAuth , ‘true’);
Set($WebExternalAuto , ‘1’);

in RT_SiteConfig.pm. Again, RT works as expected.

The university campus on which I work deploys Central Authentication
Service (CAS) a web-based, single-sign on authentication/authorization
system originally developed at Yale University:

http://www.ja-sig.org/wiki/display/CAS/Home

Users can authenticate and log on correctly (letting users use their
University computing services account login/password). I can browse RT
correctly, but whenever I try to make any changes, I get errors like

RTWeb: Unable to load queue ''
RTWeb: Unable to load user ‘’

etc (’’ is a null string). I believe the URL ticket appending on the URL
is messing up transactions on the system. I’ve compared full logs of
MySQL with CAS turned on and Basic authentication turned on, and can see
differences in the way queries are run. For example, the transactions
run under CAS never do an autocommit. I’m pretty sure it is the
"?ticket=xxxx" string at the end that is causing the problem. Can anyone
suggest a fix otherwise?

		Regards,

		Duncan.

Hello,

I have RT working with the Central Authentication System (CAS) for
Web-based single sign-on/automation using an implementation of the
Apache2 mod_cas add-on:

http://www.ja-sig.org/wiki/display/CAS/Home

Turns out the Central Authentication “?ticket” parameter, appended onto
every URL can be eliminated by setting up ticket caching on the Apache2
server (mod_cas directive CASLocalCacheFile enabled). After that only the
first access appends the ticket string. Once the ticket parameter is
gone, the MySQL autocommits (which the ticket parameter was breaking)
works fine. CAS users may experience a problem attempting to alter the
database on the first re-login after their ticket expires, but I have not
personally encountered this.

		Duncan.On Thu, 2 Feb 2006, Duncan Napier wrote:

Hello,

I am having a problem with deploying RT on a Web-based authentication
system that appends a ticket string

“?ticket=xxxxxxx”

to every URL that lies below the rt-doc root (ie the one that has the
.htaccess restriction). I see

“WebNoAuthRegex - What portion of RT’s URLspace should not require
authentication.” and wonder if that can fix it. I only need RT users to
authenticate to my RT home page (index.html). How do you specify the
non-authenticated URL space?

Here are the details:

I successfully have deployed RT 3.4.5-1 on Fedora Core
kernel-smp-2.6.14-1.1656_FC4 running with Apache 2.0.54/55, MySQL
4.1.16-1, PHP 5.1.2, mod_perl-2.0.2 and it works great.

I set up and tested Apache Basic authentication (ie .htpasswd/password
file, AuthMySQLEnable off) and setting

Set($WebExternalAuth , ‘1’);
Set($WebFallbackToInternalAuth , ‘true’);
Set($WebExternalAuto , ‘1’);

in RT_SiteConfig.pm. Again, RT works as expected.

The university campus on which I work deploys Central Authentication
Service (CAS) a web-based, single-sign on authentication/authorization
system originally developed at Yale University:

http://www.ja-sig.org/wiki/display/CAS/Home

Users can authenticate and log on correctly (letting users use their
University computing services account login/password). I can browse RT
correctly, but whenever I try to make any changes, I get errors like

RTWeb: Unable to load queue ''
RTWeb: Unable to load user ‘’

etc (’’ is a null string). I believe the URL ticket appending on the URL
is messing up transactions on the system. I’ve compared full logs of
MySQL with CAS turned on and Basic authentication turned on, and can see
differences in the way queries are run. For example, the transactions
run under CAS never do an autocommit. I’m pretty sure it is the
"?ticket=xxxx" string at the end that is causing the problem. Can anyone
suggest a fix otherwise?

  	Regards,

  	Duncan.  

Duncan Napier email:napier@napiersys.com
Napier Systems Research Ph:(604) 812-8321
http://www.napiersys.bc.ca