[rt-users] WebNoAuthRegex - what is this?
Duncan Napier
napier at napiersys.bc.ca
Thu Feb 2 18:28:36 EST 2006
Hello,
I am having a problem with deploying RT on a Web-based authentication
system that appends a ticket string
"?ticket=xxxxxxx"
to every URL that lies below the rt-doc root (ie the one that has the
.htaccess restriction). I see
"WebNoAuthRegex - What portion of RT's URLspace should not require
authentication." and wonder if that can fix it. I only need RT users to
authenticate to my RT home page (index.html). How do you specify the
non-authenticated URL space?
Here are the details:
I successfully have deployed RT 3.4.5-1 on Fedora Core
kernel-smp-2.6.14-1.1656_FC4 running with Apache 2.0.54/55, MySQL
4.1.16-1, PHP 5.1.2, mod_perl-2.0.2 and it works great.
I set up and tested Apache Basic authentication (ie .htpasswd/password
file, AuthMySQLEnable off) and setting
Set($WebExternalAuth , '1');
Set($WebFallbackToInternalAuth , 'true');
Set($WebExternalAuto , '1');
in RT_SiteConfig.pm. Again, RT works as expected.
The university campus on which I work deploys Central Authentication
Service (CAS) a web-based, single-sign on authentication/authorization
system originally developed at Yale University:
http://www.ja-sig.org/wiki/display/CAS/Home
Users can authenticate and log on correctly (letting users use their
University computing services account login/password). I can browse RT
correctly, but whenever I try to make any changes, I get errors like
RTWeb: Unable to load queue ''
RTWeb: Unable to load user ''
etc ('' is a null string). I believe the URL ticket appending on the URL
is messing up transactions on the system. I've compared full logs of
MySQL with CAS turned on and Basic authentication turned on, and can see
differences in the way queries are run. For example, the transactions
run under CAS never do an autocommit. I'm pretty sure it is the
"?ticket=xxxx" string at the end that is causing the problem. Can anyone
suggest a fix otherwise?
Regards,
Duncan.
More information about the rt-users
mailing list