[Rt-devel] Patch to allow alternate REMOTE_USER variable for WebExternalAuth.

Jesse Vincent jesse at bestpractical.com
Fri Sep 25 09:45:44 EDT 2009 



On Thu, Sep 24, 2009 at 07:43:02PM -0400, Jason A. Smith wrote:
> On Thu, 2009-09-24 at 17:37 -0400, Jesse Vincent wrote:
> > It's our intent that sites override WebCanonicalizeInfo locally (to do
> > something like what you have done). Because of that, I'm not sure it
> > makes a lot of sense to clutter that sub with options.
> 
> Hi Jesse,
> 
> Ok, I understand, although it is much easier for a sysadmin to modify a
> config setting than create their own Mason file to override an internal
> RT function.

Right, but the range of what users want here turns out to end up at
"write a local-specific subroutine" far more often than, say, the code
you propose. There's just too wide a variation in how these systems
work.

That said, you _can_ do this entirely from the config file.

in RT_SiteConfig;

use RT::Interface::Web;
{ no warnings 'redefine';
  sub RT::Interface::Web::CanonicalizeUserInfo { 
  	my $self = shift;
	# do some stuff

  }
 }


> Also, consider the fact that single sign-on systems
> outside of apache (which therefore can't use REMOTE_USER) are becoming
> more popular, maybe it would be worth it to add an additional config
> option.  There may be more people in the future who encounter the same
> problem I did when trying to put RT behind their local SSO, and wonder
> how to get RT to read the username.  Either way, I now know how to fix
> it for us now.
> 
> Thanks,
> ~Jason
> 
> > On Thu, Sep 24, 2009 at 03:08:09PM -0400, Jason A. Smith wrote:
> > > We are are testing WebAuth with RT and for it to work with
> > > WebExternalAuth, I needed to have RT look for a variable name different
> > > than the default REMOTE_USER.  Since Apache reserves REMOTE_USER for its
> > > own purposes, WebAuth cannot use that variable.  So, we have our WebAuth
> > > server set a different variable which contains the user's login name.
> > > The attached patch adds an additional config variable and changes the
> > > WebCanonicalizeInfo function to return the value of that variable, if
> > > specified, or the default REMOTE_USER if not set.
> > > 
> > > I tested this with our WebAuth server and rt-3.8.5.
> > > 
> > > ~Jason
> 
> -- 
> /------------------------------------------------------------------\
> |  Jason A. Smith                          Email:  smithj4 at bnl.gov |
> |  Atlas Computing Facility, Bldg. 510M    Phone: +1-631-344-4226  |
> |  Brookhaven National Lab, P.O. Box 5000  Fax:   +1-631-344-7616  |
> |  Upton, NY 11973-5000,  U.S.A.                                   |
> \------------------------------------------------------------------/



--

More information about the Rt-devel mailing list